feat: add MDM authentication notification when navigation is blocked (#7291)

- Show VSCode warning when users under MDM policy try to leave AccountView without auth
- Add showMdmAuthRequiredNotification message type to WebviewMessage interface
- Implement handler in webviewMessageHandler to display localized warning
- Add 'Your organization requires authentication' translation in all 17 languages
- Fix translation key path to use common:mdm.info.organization_requires_auth

src/core/webview/ClineProvider.ts

@@ -1553,7 +1553,8 @@ export class ClineProvider
 		this.postMessageToWebview({ type: "state", state })
 
 		// Check MDM compliance and send user to account tab if not compliant
-		if (!this.checkMdmCompliance()) {
+		// Only redirect if there's an actual MDM policy requiring authentication
+		if (this.mdmService?.requiresCloudAuth() && !this.checkMdmCompliance()) {
 			await this.postMessageToWebview({ type: "action", action: "accountButtonClicked" })
 		}
 	}
@@ -1872,7 +1873,9 @@ export class ClineProvider
 				codebaseIndexSearchMaxResults: codebaseIndexConfig?.codebaseIndexSearchMaxResults,
 				codebaseIndexSearchMinScore: codebaseIndexConfig?.codebaseIndexSearchMinScore,
 			},
-			mdmCompliant: this.checkMdmCompliance(),
+			// Only set mdmCompliant if there's an actual MDM policy
+			// undefined means no MDM policy, true means compliant, false means non-compliant
+			mdmCompliant: this.mdmService?.requiresCloudAuth() ? this.checkMdmCompliance() : undefined,
 			profileThresholds: profileThresholds ?? {},
 			cloudApiUrl: getRooCodeApiUrl(),
 			hasOpenedModeSelector: this.getGlobalState("hasOpenedModeSelector") ?? false,
@@ -2172,7 +2175,7 @@ export class ClineProvider
 
 	/**
 	 * Check if the current state is compliant with MDM policy
-	 * @returns true if compliant, false if blocked
+	 * @returns true if compliant or no MDM policy exists, false if MDM policy exists and user is non-compliant
 	 */
 	public checkMdmCompliance(): boolean {
 		if (!this.mdmService) {

src/core/webview/webviewMessageHandler.ts

@@ -2618,5 +2618,10 @@ export const webviewMessageHandler = async (
 			}
 			break
 		}
+		case "showMdmAuthRequiredNotification": {
+			// Show notification that organization requires authentication
+			vscode.window.showWarningMessage(t("common:mdm.info.organization_requires_auth"))
+			break
+		}
 	}
 }

src/i18n/locales/ca/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "La teva organització requereix autenticació de Roo Code Cloud. Si us plau, inicia sessió per continuar.",
 			"organization_mismatch": "Has d'estar autenticat amb el compte de Roo Code Cloud de la teva organització.",
 			"verification_failed": "No s'ha pogut verificar l'autenticació de l'organització."
+		},
+		"info": {
+			"organization_requires_auth": "La teva organització requereix autenticació."
 		}
 	},
 	"prompts": {

src/i18n/locales/de/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Deine Organisation erfordert eine Roo Code Cloud-Authentifizierung. Bitte melde dich an, um fortzufahren.",
 			"organization_mismatch": "Du musst mit dem Roo Code Cloud-Konto deiner Organisation authentifiziert sein.",
 			"verification_failed": "Die Organisationsauthentifizierung konnte nicht verifiziert werden."
+		},
+		"info": {
+			"organization_requires_auth": "Deine Organisation erfordert eine Authentifizierung."
 		}
 	},
 	"prompts": {

src/i18n/locales/en/common.json

@@ -180,6 +180,9 @@
 			"cloud_auth_required": "Your organization requires Roo Code Cloud authentication. Please sign in to continue.",
 			"organization_mismatch": "You must be authenticated with your organization's Roo Code Cloud account.",
 			"verification_failed": "Unable to verify organization authentication."
+		},
+		"info": {
+			"organization_requires_auth": "Your organization requires authentication."
 		}
 	},
 	"prompts": {

src/i18n/locales/es/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Tu organización requiere autenticación de Roo Code Cloud. Por favor, inicia sesión para continuar.",
 			"organization_mismatch": "Debes estar autenticado con la cuenta de Roo Code Cloud de tu organización.",
 			"verification_failed": "No se pudo verificar la autenticación de la organización."
+		},
+		"info": {
+			"organization_requires_auth": "Tu organización requiere autenticación."
 		}
 	},
 	"prompts": {

src/i18n/locales/fr/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Votre organisation nécessite une authentification Roo Code Cloud. Veuillez vous connecter pour continuer.",
 			"organization_mismatch": "Vous devez être authentifié avec le compte Roo Code Cloud de votre organisation.",
 			"verification_failed": "Impossible de vérifier l'authentification de l'organisation."
+		},
+		"info": {
+			"organization_requires_auth": "Votre organisation nécessite une authentification."
 		}
 	},
 	"prompts": {

src/i18n/locales/hi/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "आपके संगठन को Roo Code Cloud प्रमाणीकरण की आवश्यकता है। कृपया जारी रखने के लिए साइन इन करें।",
 			"organization_mismatch": "आपको अपने संगठन के Roo Code Cloud खाते से प्रमाणित होना होगा।",
 			"verification_failed": "संगठन प्रमाणीकरण सत्यापित करने में असमर्थ।"
+		},
+		"info": {
+			"organization_requires_auth": "आपके संगठन को प्रमाणीकरण की आवश्यकता है।"
 		}
 	},
 	"prompts": {

src/i18n/locales/id/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Organisasi kamu memerlukan autentikasi Roo Code Cloud. Silakan masuk untuk melanjutkan.",
 			"organization_mismatch": "Kamu harus diautentikasi dengan akun Roo Code Cloud organisasi kamu.",
 			"verification_failed": "Tidak dapat memverifikasi autentikasi organisasi."
+		},
+		"info": {
+			"organization_requires_auth": "Organisasi kamu memerlukan autentikasi."
 		}
 	},
 	"prompts": {

src/i18n/locales/it/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "La tua organizzazione richiede l'autenticazione Roo Code Cloud. Accedi per continuare.",
 			"organization_mismatch": "Devi essere autenticato con l'account Roo Code Cloud della tua organizzazione.",
 			"verification_failed": "Impossibile verificare l'autenticazione dell'organizzazione."
+		},
+		"info": {
+			"organization_requires_auth": "La tua organizzazione richiede l'autenticazione."
 		}
 	},
 	"prompts": {

src/i18n/locales/ja/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "あなたの組織では Roo Code Cloud 認証が必要です。続行するにはサインインしてください。",
 			"organization_mismatch": "組織の Roo Code Cloud アカウントで認証する必要があります。",
 			"verification_failed": "組織認証の確認ができませんでした。"
+		},
+		"info": {
+			"organization_requires_auth": "あなたの組織では認証が必要です。"
 		}
 	},
 	"prompts": {

src/i18n/locales/ko/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "조직에서 Roo Code Cloud 인증이 필요합니다. 계속하려면 로그인하세요.",
 			"organization_mismatch": "조직의 Roo Code Cloud 계정으로 인증해야 합니다.",
 			"verification_failed": "조직 인증을 확인할 수 없습니다."
+		},
+		"info": {
+			"organization_requires_auth": "조직에서 인증이 필요합니다."
 		}
 	},
 	"prompts": {

src/i18n/locales/nl/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Je organisatie vereist Roo Code Cloud-authenticatie. Log in om door te gaan.",
 			"organization_mismatch": "Je moet geauthenticeerd zijn met het Roo Code Cloud-account van je organisatie.",
 			"verification_failed": "Kan organisatie-authenticatie niet verifiëren."
+		},
+		"info": {
+			"organization_requires_auth": "Je organisatie vereist authenticatie."
 		}
 	},
 	"prompts": {

src/i18n/locales/pl/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Twoja organizacja wymaga uwierzytelnienia Roo Code Cloud. Zaloguj się, aby kontynuować.",
 			"organization_mismatch": "Musisz być uwierzytelniony kontem Roo Code Cloud swojej organizacji.",
 			"verification_failed": "Nie można zweryfikować uwierzytelnienia organizacji."
+		},
+		"info": {
+			"organization_requires_auth": "Twoja organizacja wymaga uwierzytelnienia."
 		}
 	},
 	"prompts": {

src/i18n/locales/pt-BR/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Sua organização requer autenticação do Roo Code Cloud. Faça login para continuar.",
 			"organization_mismatch": "Você deve estar autenticado com a conta Roo Code Cloud da sua organização.",
 			"verification_failed": "Não foi possível verificar a autenticação da organização."
+		},
+		"info": {
+			"organization_requires_auth": "Sua organização requer autenticação."
 		}
 	},
 	"prompts": {

src/i18n/locales/ru/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Ваша организация требует аутентификации Roo Code Cloud. Войдите в систему, чтобы продолжить.",
 			"organization_mismatch": "Вы должны быть аутентифицированы с учетной записью Roo Code Cloud вашей организации.",
 			"verification_failed": "Не удается проверить аутентификацию организации."
+		},
+		"info": {
+			"organization_requires_auth": "Ваша организация требует аутентификации."
 		}
 	},
 	"prompts": {

src/i18n/locales/tr/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Kuruluşunuz Roo Code Cloud kimlik doğrulaması gerektiriyor. Devam etmek için giriş yapın.",
 			"organization_mismatch": "Kuruluşunuzun Roo Code Cloud hesabıyla kimlik doğrulaması yapmalısınız.",
 			"verification_failed": "Kuruluş kimlik doğrulaması doğrulanamıyor."
+		},
+		"info": {
+			"organization_requires_auth": "Kuruluşunuz kimlik doğrulaması gerektiriyor."
 		}
 	},
 	"prompts": {

src/i18n/locales/vi/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "Tổ chức của bạn yêu cầu xác thực Roo Code Cloud. Vui lòng đăng nhập để tiếp tục.",
 			"organization_mismatch": "Bạn phải được xác thực bằng tài khoản Roo Code Cloud của tổ chức.",
 			"verification_failed": "Không thể xác minh xác thực tổ chức."
+		},
+		"info": {
+			"organization_requires_auth": "Tổ chức của bạn yêu cầu xác thực."
 		}
 	},
 	"prompts": {

src/i18n/locales/zh-CN/common.json

@@ -196,6 +196,9 @@
 			"cloud_auth_required": "您的组织需要 Roo Code Cloud 身份验证。请登录以继续。",
 			"organization_mismatch": "您必须使用组织的 Roo Code Cloud 账户进行身份验证。",
 			"verification_failed": "无法验证组织身份验证。"
+		},
+		"info": {
+			"organization_requires_auth": "您的组织需要身份验证。"
 		}
 	},
 	"prompts": {

src/i18n/locales/zh-TW/common.json

@@ -191,6 +191,9 @@
 			"cloud_auth_required": "您的組織需要 Roo Code Cloud 身份驗證。請登入以繼續。",
 			"organization_mismatch": "您必須使用組織的 Roo Code Cloud 帳戶進行身份驗證。",
 			"verification_failed": "無法驗證組織身份驗證。"
+		},
+		"info": {
+			"organization_requires_auth": "您的組織需要身份驗證。"
 		}
 	},
 	"prompts": {

src/shared/WebviewMessage.ts

@@ -211,6 +211,7 @@ export interface WebviewMessage {
 		| "deleteCommand"
 		| "createCommand"
 		| "insertTextIntoTextarea"
+		| "showMdmAuthRequiredNotification"
 	text?: string
 	editedMessageContent?: string
 	tab?: "settings" | "history" | "mcp" | "modes" | "chat" | "marketplace" | "account"

webview-ui/src/App.tsx

@@ -105,8 +105,11 @@ const App = () => {
 
 	const switchTab = useCallback(
 		(newTab: Tab) => {
-			// Check MDM compliance before allowing tab switching
+			// Only check MDM compliance if mdmCompliant is explicitly false (meaning there's an MDM policy and user is non-compliant)
+			// If mdmCompliant is undefined or true, allow tab switching
 			if (mdmCompliant === false && newTab !== "account") {
+				// Notify the user that authentication is required by their organization
+				vscode.postMessage({ type: "showMdmAuthRequiredNotification" })
 				return
 			}