[Payment due @ShridharGoel] Block sign-in for agent email accounts

[MelvinBot]

Explanation of Change

AI agent accounts (agent_*@expensify.ai) can't receive emails, so the magic code sign-in flow dead-ends when a user enters an agent email. This PR adds a client-side guard in the login form that checks the entered email against the existing isAgentEmail() utility and shows an error message instead of proceeding to the magic code step.

The error message directs users to sign in with their own account and access agents via Copilot instead.

Fixed Issues

$ https://github.com/Expensify/Expensify/issues/641772

Tests

1. Go to the sign-in page (log out if needed)
2. Enter an agent-related email like agent_123@expensify.ai in the email field and press Continue
3. Verify an error message appears: "Agent accounts can't be signed into directly. To use an agent, sign in with your own account and access it via Copilot."
4. Verify you are NOT taken to the magic code step
5. Clear the field, enter a normal email (e.g. your own) and press Continue
6. Verify the sign-in proceeds normally to the magic code step

• Verify that no errors appear in the JS console

Offline tests

N/A

QA Steps

Same as tests

• Verify that no errors appear in the JS console

PR Author Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for the expected offline behavior in the Offline steps section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
• I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• I verified that if a function's arguments changed that all usages have also been updated correctly
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
• If new assets were added or existing ones were modified, I verified that:
  • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
  • The assets load correctly across all supported platforms.
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
• I verified that similar component doesn't exist in the codebase
• I verified that all props are defined accurately and each prop has a /** comment above it */
• I verified that each file is named correctly
• I verified that each component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
• I verified that the only data being stored in component state is data necessary for rendering and nothing else
• In component if we are not using the full Onyx data that we loaded, I've added the proper selector in order to ensure the component only re-renders when the data it is using changes
• For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
• I verified that component internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
• I verified that all JSX used for rendering exists in the render method
• I verified that each component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions

Screenshots/Videos

MacOS: Chrome / Safari

Screen.Recording.2026-05-27.at.5.10.56.PM.mov

[OSBotify]

🦜 Polyglot Parrot! 🦜

Squawk! Looks like you added some shiny new English strings. Allow me to parrot them back to you in other tongues:

View the translation diff

diff --git a/src/languages/de.ts b/src/languages/de.ts
index 8a8a74285e1..33e0a05271a 100644
--- a/src/languages/de.ts
+++ b/src/languages/de.ts
@@ -2955,7 +2955,8 @@ ${amount} für ${merchant} – ${date}`,
         phoneOrEmail: 'Telefon oder E-Mail',
         error: {
             invalidFormatEmailLogin: 'Die eingegebene E-Mail-Adresse ist ungültig. Bitte korrigiere das Format und versuche es erneut.',
-            agentSignInBlocked: 'Bei Agentenkonten ist eine direkte Anmeldung nicht möglich. Um einen Agenten zu verwenden, melde dich mit deinem eigenen Konto an und greife über Copilot darauf zu.',
+            agentSignInBlocked:
+                'Agent-Konten können nicht direkt verwendet werden. Um ein Agent-Konto zu nutzen, melden Sie sich mit Ihrem eigenen Konto an und greifen Sie über Copilot darauf zu.',
         },
         cannotGetAccountDetails: 'Kontodetails konnten nicht abgerufen werden. Bitte melde dich erneut an.',
         loginForm: 'Anmeldeformular',
diff --git a/src/languages/es.ts b/src/languages/es.ts
index 5e646096d5d..a7ec746835e 100644
--- a/src/languages/es.ts
+++ b/src/languages/es.ts
@@ -2831,7 +2831,8 @@ ${amount} para ${merchant} - ${date}`,
         phoneOrEmail: 'Número de teléfono o correo electrónico',
         error: {
             invalidFormatEmailLogin: 'El correo electrónico introducido no es válido. Corrígelo e inténtalo de nuevo.',
-            agentSignInBlocked: 'No se puede iniciar sesión directamente con cuentas de agente. Para usar un agente, inicia sesión con tu propia cuenta y accede a través de Copilot.',
+            agentSignInBlocked:
+                'No se puede iniciar sesión directamente en las cuentas de agente. Para usar un agente, inicia sesión con tu propia cuenta y accede a él a través de Copilot.',
         },
         cannotGetAccountDetails: 'No se pudieron cargar los detalles de tu cuenta. Por favor, intenta iniciar sesión de nuevo.',
         loginForm: 'Formulario de inicio de sesión',
diff --git a/src/languages/fr.ts b/src/languages/fr.ts
index 9fe6e1840fa..df4c85125a2 100644
--- a/src/languages/fr.ts
+++ b/src/languages/fr.ts
@@ -2962,7 +2962,8 @@ ${amount} pour ${merchant} - ${date}`,
     loginForm: {
         phoneOrEmail: 'Téléphone ou e-mail',
         error: {
-            agentSignInBlocked: 'Les comptes agents ne peuvent pas être connectés directement. Pour utiliser un agent, connectez-vous avec votre propre compte et accédez-y via Copilot.',
+            agentSignInBlocked:
+                'Les comptes d’agent ne permettent pas de se connecter directement. Pour utiliser un agent, connectez-vous avec votre propre compte et accédez-y via Copilot.',
             invalidFormatEmailLogin: 'L’adresse e-mail saisie est invalide. Veuillez corriger le format et réessayer.',
         },
         cannotGetAccountDetails: 'Impossible de récupérer les détails du compte. Veuillez essayer de vous reconnecter.',
diff --git a/src/languages/it.ts b/src/languages/it.ts
index d2be1310c7c..3dc80464e65 100644
--- a/src/languages/it.ts
+++ b/src/languages/it.ts
@@ -2950,7 +2950,7 @@ ${amount} per ${merchant} - ${date}`,
     loginForm: {
         phoneOrEmail: 'Telefono o email',
         error: {
-            agentSignInBlocked: 'Non è possibile accedere direttamente agli account agente. Per utilizzare un agente, accedi con il tuo account e accedi tramite Copilot.',
+            agentSignInBlocked: 'Non puoi accedere direttamente agli account agente. Per usare un agente, accedi con il tuo account e raggiungilo tramite Copilot.',
             invalidFormatEmailLogin: 'L’email inserita non è valida. Correggi il formato e riprova.',
         },
         cannotGetAccountDetails: 'Impossibile recuperare i dettagli dell’account. Prova ad accedere di nuovo.',
diff --git a/src/languages/ja.ts b/src/languages/ja.ts
index a1c8bd5a217..21f4138e59c 100644
--- a/src/languages/ja.ts
+++ b/src/languages/ja.ts
@@ -2923,7 +2923,8 @@ ${date} の ${merchant} への ${amount}`,
         phoneOrEmail: '電話番号またはメールアドレス',
         error: {
             invalidFormatEmailLogin: '入力されたメールアドレスが無効です。形式を修正して、もう一度お試しください。',
-            agentSignInBlocked: 'エージェントアカウントには直接サインインできません。エージェントを使用するには、ご自身のアカウントでサインインし、コパイロット経由でアクセスしてください。',
+            agentSignInBlocked:
+                'エージェントアカウントには直接サインインすることはできません。エージェントを利用するには、ご自身のアカウントでサインインし、Copilot 経由でアクセスしてください。',
         },
         cannotGetAccountDetails: 'アカウントの詳細を取得できませんでした。もう一度サインインしてください。',
         loginForm: 'ログインフォーム',
diff --git a/src/languages/nl.ts b/src/languages/nl.ts
index 1c733e425c4..60c19f6baa0 100644
--- a/src/languages/nl.ts
+++ b/src/languages/nl.ts
@@ -2947,7 +2947,7 @@ ${amount} voor ${merchant} - ${date}`,
         phoneOrEmail: 'Telefoon of e-mail',
         error: {
             invalidFormatEmailLogin: 'Het ingevoerde e-mailadres is ongeldig. Corrigeer de notatie en probeer het opnieuw.',
-            agentSignInBlocked: 'Er kan niet rechtstreeks worden ingelogd op agentaccounts. Om een agent te gebruiken, log je in met je eigen account en open je deze via Copilot.',
+            agentSignInBlocked: 'Je kunt niet rechtstreeks inloggen op agent-accounts. Log in met je eigen account en gebruik de agent via Copilot.',
         },
         cannotGetAccountDetails: 'Accountgegevens konden niet worden opgehaald. Probeer opnieuw in te loggen.',
         loginForm: 'Aanmeldformulier',
diff --git a/src/languages/pl.ts b/src/languages/pl.ts
index 73784acc791..29bfc5e9248 100644
--- a/src/languages/pl.ts
+++ b/src/languages/pl.ts
@@ -2941,7 +2941,7 @@ ${amount} dla ${merchant} - ${date}`,
         phoneOrEmail: 'Telefon lub e-mail',
         error: {
             invalidFormatEmailLogin: 'Wprowadzony adres e-mail jest nieprawidłowy. Popraw jego format i spróbuj ponownie.',
-            agentSignInBlocked: 'Nie można logować się bezpośrednio na konta agentów. Aby użyć agenta, zaloguj się na swoje konto i uzyskaj dostęp przez Copilot.',
+            agentSignInBlocked: 'Na konta agenta nie można logować się bezpośrednio. Żeby korzystać z agenta, zaloguj się na własne konto i uzyskaj do niego dostęp przez Copilota.',
         },
         cannotGetAccountDetails: 'Nie można pobrać szczegółów konta. Spróbuj zalogować się ponownie.',
         loginForm: 'Formularz logowania',
diff --git a/src/languages/pt-BR.ts b/src/languages/pt-BR.ts
index 3af9f5de06d..df41fba7aa7 100644
--- a/src/languages/pt-BR.ts
+++ b/src/languages/pt-BR.ts
@@ -2941,7 +2941,7 @@ ${amount} para ${merchant} - ${date}`,
         phoneOrEmail: 'Telefone ou e-mail',
         error: {
             invalidFormatEmailLogin: 'O e-mail inserido é inválido. Corrija o formato e tente novamente.',
-            agentSignInBlocked: 'Não é possível entrar diretamente em contas de agente. Para usar um agente, entre com sua própria conta e acesse-o via Copilot.',
+            agentSignInBlocked: 'Contas de agente não podem ser acessadas diretamente. Para usar um agente, entre com a sua própria conta e acesse-o via Copilot.',
         },
         cannotGetAccountDetails: 'Não foi possível recuperar os detalhes da conta. Tente entrar novamente.',
         loginForm: 'Formulário de login',
diff --git a/src/languages/zh-hans.ts b/src/languages/zh-hans.ts
index 4b0df8dbcb9..5907c5b7675 100644
--- a/src/languages/zh-hans.ts
+++ b/src/languages/zh-hans.ts
@@ -2864,10 +2864,7 @@ ${amount}，商户：${merchant} - 日期：${date}`,
     },
     loginForm: {
         phoneOrEmail: '电话或邮箱',
-        error: {
-            invalidFormatEmailLogin: '输入的邮箱无效。请修正格式后重试。',
-            agentSignInBlocked: '无法直接登录代理账户。要使用代理，请使用您自己的账户登录，然后通过 Copilot 访问。',
-        },
+        error: {invalidFormatEmailLogin: '输入的邮箱无效。请修正格式后重试。', agentSignInBlocked: '代理帐户无法直接登录。要使用代理，请先登录您自己的帐户，然后通过 Copilot 访问该代理。'},
         cannotGetAccountDetails: '无法获取账户详情。请尝试重新登录。',
         loginForm: '登录表单',
         notYou: (user: string) => `不是 ${user} 吗？`,

Note

You can apply these changes to your branch by copying the patch to your clipboard, then running pbpaste | git apply 😉

View workflow run

[MelvinBot]

Fixed the failing Prettier check: the agentSignInBlocked translation string in src/languages/de.ts exceeded the line length limit. Ran prettier to wrap it correctly.

[NicolasBonet]

@MelvinBot Let's add steps to test this

[MelvinBot]

Here are suggested test steps for this PR:

Tests

1. Go to the sign-in page (log out if needed)
2. Enter agent_test@expensify.ai in the email field and press Continue
3. Verify an error message appears: "Agent accounts can't be signed into directly. To use an agent, sign in with your own account and access it via Copilot."
4. Verify you are NOT taken to the magic code step
5. Clear the field, enter a normal email (e.g. your own) and press Continue
6. Verify the sign-in proceeds normally to the magic code step
7. Verify that no errors appear in the JS console

Offline tests

N/A — this is a client-side validation that does not involve network requests.

QA Steps

1. Go to the sign-in page on staging
2. Enter agent_test@expensify.ai and press Continue
3. Verify the error message is shown and sign-in is blocked
4. Enter a valid email and verify sign-in proceeds normally
5. Verify that no errors appear in the JS console

[github-actions]

🚧 @NicolasBonet has triggered a test Expensify/App build. You can view the workflow run here.

[NicolasBonet]

@MelvinBot apply this changes: #91896 (comment)

[MelvinBot]

Applied the improved translations from the Polyglot Parrot comment. Updated all 9 language files (de, es, fr, it, ja, nl, pl, pt-BR, zh-hans) with the refined agentSignInBlocked strings.

[codecov]

Codecov Report

✅ Changes either increased or maintained existing code coverage, great job!

Files with missing lines	Coverage Δ
src/libs/SessionUtils.ts	96.00% <100.00%> (ø)
src/pages/signin/LoginForm/BaseLoginForm.tsx	76.92% <100.00%> (+17.11%)	⬆️
... and 30 files with indirect coverage changes

[NicolasBonet]

@MelvinBot let's address this lack of coverage: #91896 (comment)

[melvin-bot]

@daledah Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[MelvinBot]

Added tests/ui/BaseLoginFormTest.tsx with two tests to cover the agent email guard in BaseLoginForm.tsx:

1. Agent email blocked — enters agent_123@expensify.ai, verifies the error message is shown and beginSignIn is never called
2. Normal email proceeds — enters user@expensify.com, verifies beginSignIn is called

Both tests pass and lint is clean.

[melvin-bot]

@Eskalifer1 Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[ShridharGoel]

Reviewer Checklist

• I have verified the author checklist is complete (all boxes are checked off).
• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I included screenshots or videos for tests on all platforms
• I verified that the composer does not automatically focus or open the keyboard on mobile unless explicitly intended. This includes checking that returning the app from the background does not unexpectedly open the keyboard.
• I verified tests pass on all platforms & I tested again on:
  • Android: HybridApp
  • Android: mWeb Chrome
  • iOS: HybridApp
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
• If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• I verified there are no new alerts related to the canBeMissing param for useOnyx
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
• I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Android: HybridApp

Android: mWeb Chrome

iOS: HybridApp

iOS: mWeb Safari

MacOS: Chrome / Safari

[ShridharGoel]

@MelvinBot We should make isAgentEmail() case-insensitive, else it bypasses inputs like AGENT_123@expensify.ai or agent_123@EXPENSIFY.AI

CC: @NicolasBonet

[MelvinBot]

Good catch — the current regex (/^agent_\d+@expensify\.ai$/) is indeed case-sensitive. Adding the i flag would handle mixed-case inputs like AGENT_123@expensify.ai.

NicolasBonet — should I implement this? The fix would be changing the regex to /^agent_\d+@expensify\.ai$/i in src/libs/SessionUtils.ts.

[NicolasBonet]

@MelvinBot implement that

[MelvinBot]

Made isAgentEmail() case-insensitive by adding the i flag to the regex. Inputs like AGENT_123@EXPENSIFY.AI or Agent_123@Expensify.AI are now correctly blocked. Also added a test case for mixed-case agent emails — all 3 tests pass.

[melvin-bot]

🎯 @ShridharGoel, thanks for reviewing and testing this PR! 🎉

A payment issue will be created for your review once this PR is deployed to production.
E/E issue linked to the PR - https://www.github.com/Expensify/Expensify/issues/641772.

If payment is not needed (e.g., regression PR review fix etc), react with 👎 to this comment to prevent the payment issue from being created.

[github-actions]

🚧 @yuwenmemon has triggered a test Expensify/App build. You can view the workflow run here.

[OSBotify]

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

[github-actions]

🧪🧪 Use the links below to test this adhoc build on Android, iOS, and Web. Happy testing! 🧪🧪
Built from App PR #91896.

Android 🤖	iOS 🍎
https://ad-hoc-expensify-cash.s3.us-east-1.amazonaws.com/rock-artifacts/ad-hoc/rock-android-Adhoc-fd0ee33d19e-a82d62a-2370edf82225ab6911e96902043a1808897d9b69/index.html	https://ad-hoc-expensify-cash.s3.us-east-1.amazonaws.com/rock-artifacts/ad-hoc/rock-ios-device-AdHoc-fd0ee33-a82d62a-6628fe7a7d6d8e69eae4c01430b3e024c567bc4a/index.html

Web 🕸️
https://91896.pr-testing.expensify.com

---

👀 View the workflow run that generated this build 👀

[OSBotify]

🚀 Deployed to staging by https://github.com/yuwenmemon in version: 9.3.90-0 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅

Bundle Size Analysis (Sentry):

• Android
• iOS

[MelvinBot]

🤖 Help site review: no changes required

I reviewed this PR against the help site articles under docs/articles and no documentation updates are needed. I did not create a draft PR.

What this PR changes (user-facing): a client-side guard in the sign-in form that stops AI agent emails (agent_*@expensify.ai) from advancing to the magic code step, showing an error that directs the user to sign in with their own account and access the agent via Copilot. The remaining changes are translations of that error string and a case-insensitivity flag on the existing email regex.

Why no help site change is warranted:

• This is a validation guard for an edge case, not a new feature or workflow. The only people who could hit it are those who already know an agent's @expensify.ai address and type it into the login field — not a real search intent the authoring guidelines tell us to write articles for.
• AI agent accounts are not a documented help site concept. I searched docs/articles for agent, expensify.ai, Copilot, and magic code. The only "agent" matches are about Concierge (the AI support chatbot), and Copilot-Access.md documents delegated human access, a different concept. There is no existing article describing agent accounts or how they're used via Copilot.
• No existing article becomes inaccurate because of this change. Login-Troubleshooting.md covers magic-code/2FA/SSO problems for normal accounts; the agent block doesn't affect any flow it documents.
• Writing a new article would require inventing a public description of the agent-account feature that isn't grounded in documented UI — which the guidelines warn against (use exact UI terminology, avoid internal language).

What I checked

• The PR diff (login guard in BaseLoginForm.tsx, the agentSignInBlocked translation in all 10 src/languages/* files, the regex i flag in SessionUtils.ts, and the new UI test).
• docs/HELPSITE_NAMING_CONVENTIONS.md, docs/HELP_AUTHORING_GUIDELINES.md, and docs/TEMPLATE.md.
• Searches across docs/articles for agent, expensify.ai, agent account, copilot, magic code, and any sign-in/login article.

@NicolasBonet, if you'd like a help site article created anyway (e.g., a short "Why can't I sign in with an agent account?" entry in Login Troubleshooting), let me know and I'll draft it. Otherwise no further action is needed here.

[OSBotify]

🚀 Deployed to production by https://github.com/lakchote in version: 9.3.90-3 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅

[melvin-bot]

🤖 Payment issue created: #92310