fix: include encrypted flag in rooms.createDiscussion request

[Gowwwthami]

Proposed changes

This PR fixes an issue where the encrypted flag was not included in the request payload when creating discussions.

• Forwarded the encrypted field from form values in handleCreate
• Ensured it is passed to the /v1/rooms.createDiscussion API request
• Maintained existing behavior by conditionally including the field

As a result, discussions created with the "Encrypted" toggle enabled are now correctly created as encrypted.

---

Issue(s)

Fixes #39443

---

Steps to test or reproduce

1. Open any channel
2. Click on "Create Discussion"
3. Enable the Encrypted toggle
4. Click Create
5. Inspect the network request to /v1/rooms.createDiscussion

Expected:

The request payload includes:

"encrypted": true

Further comments

This is a minimal frontend fix that ensures the encrypted flag is correctly propagated from the UI form to the API request, aligning with existing patterns used for encrypted room creation.

Summary by CodeRabbit

• Bug Fixes

  • Discussion creation now correctly includes the encryption option when selected, ensuring users' encryption choices are honored.

• Tests

  • Added test coverage for creating encrypted discussions, verifying the encryption flag, parent room, and discussion name are sent as expected.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 4cce8e1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/models	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/server-fetch	Patch
@rocket.chat/ui-video-conf	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1682ec4b-5562-4bed-b781-ed179f46fb7f

📥 Commits

Reviewing files that changed from the base of the PR and between efc04c8 and 4cce8e1.

📒 Files selected for processing (1)

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx

✅ Files skipped from review due to trivial changes (1)

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx

---

Walkthrough

Add the missing encrypted property to the payload sent by the createDiscussion mutation when set, add a test verifying /v1/rooms.createDiscussion receives encrypted: true for encrypted discussions, and add a changeset marking the patch.

Changes

Cohort / File(s)	Summary
Test Addition apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx	New test that renders CreateDiscussion with defaultParentRoom, types a name, enables "Encrypted", submits, and asserts the /v1/rooms.createDiscussion handler was called with prid: 'parent-room-id', t_name: 'encrypted-discussion', and encrypted: true.
Mutation Payload Fix apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx	Adjust createDiscussionMutation.mutate payload to include encrypted: true when the form's encrypted value is truthy; omit the field otherwise.
Release Notes .changeset/silent-houses-begin.md	Add changeset entry for a patch release noting the fix that ensures the encrypted flag is included in createDiscussion requests.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: including the encrypted flag in the createDiscussion request payload.
Linked Issues check	✅ Passed	The PR successfully addresses issue #39443 by adding the encrypted field to the handleCreate function and the API request payload, with test coverage.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the encrypted flag omission in discussion creation; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Fixes the frontend request payload for creating discussions so that the “Encrypted” toggle is propagated to the /v1/rooms.createDiscussion API call.

Changes:

• Adds encrypted to the rooms.createDiscussion mutation payload in CreateDiscussion.
• Adds a unit test asserting encrypted: true is included when creating an encrypted discussion.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx	Forwards the encrypted form value into the create discussion API payload.
apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx	Adds a test to validate encrypted is present in the endpoint payload when enabled.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

encrypted is typed as a required boolean in CreateDiscussionFormValues, so encrypted !== undefined will always be true and the payload will always include encrypted (including false). If the goal is to preserve the previous behavior of only sending the field when encryption is enabled (letting the server default when omitted), use a encrypted ? { encrypted: true } : {} pattern (or make the form value optional if you truly expect undefined).

Suggested change

	...(encrypted !== undefined && { encrypted }),
	...(encrypted ? { encrypted: true } : {}),

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx`:
- Line 99: The payload currently spreads ...(encrypted !== undefined && {
encrypted }) which still includes { encrypted: false } and prevents server-side
inheritance; update the condition in CreateDiscussion (where the encrypted
variable is used when building the discussion payload) to only include the field
when encryption is explicitly enabled (e.g., use a check like encrypted === true
or similar) so that encrypted is omitted when false/undefined and only present
when true.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1581ff7f-405c-4a50-b837-054804932893

📥 Commits

Reviewing files that changed from the base of the PR and between b129c50 and eccce49.

📒 Files selected for processing (2)

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx
• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Agent

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx
• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

🧠 Learnings (15)

📚 Learning: 2026-03-12T17:12:49.121Z

Learnt from: dougfabris
Repo: RocketChat/Rocket.Chat PR: 39425
File: apps/meteor/client/lib/chats/flows/uploadFiles.ts:28-33
Timestamp: 2026-03-12T17:12:49.121Z
Learning: Rocket.Chat — apps/meteor/client/lib/chats/flows/uploadFiles.ts: When E2E_Enable_Encrypt_Files is disabled, plaintext file uploads are allowed in E2E rooms; this fallback is expected and should not be flagged as a security regression.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx
• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2026-03-20T13:51:23.302Z

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 39553
File: apps/meteor/app/integrations/server/methods/incoming/updateIncomingIntegration.ts:179-181
Timestamp: 2026-03-20T13:51:23.302Z
Learning: In `apps/meteor/app/integrations/server/methods/incoming/updateIncomingIntegration.ts`, the truthiness guards `...(integration.avatar && { avatar })`, `...(integration.emoji && { emoji })`, `...(integration.alias && { alias })`, and `...(integration.script && { script })` in the `$set` payload of `updateIncomingIntegration` are intentional. Empty-string values for these fields should NOT overwrite the stored value — only truthy values are persisted. Do not flag these as bugs preventing explicit clears.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx

📚 Learning: 2026-03-15T14:31:28.969Z

Learnt from: amitb0ra
Repo: RocketChat/Rocket.Chat PR: 39647
File: apps/meteor/app/api/server/v1/users.ts:710-757
Timestamp: 2026-03-15T14:31:28.969Z
Learning: In RocketChat/Rocket.Chat, the `UserCreateParamsPOST` type in `apps/meteor/app/api/server/v1/users.ts` (migrated from `packages/rest-typings/src/v1/users/UserCreateParamsPOST.ts`) intentionally has `fields: string` (non-optional) and `settings?: IUserSettings` without a corresponding AJV schema entry. This is a pre-existing divergence carried over verbatim from the original rest-typings source (PR `#39647`). Do not flag this type/schema misalignment during the OpenAPI migration review — it is tracked as a separate follow-up fix.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx

📚 Learning: 2026-04-10T22:42:05.539Z

Learnt from: dougfabris
Repo: RocketChat/Rocket.Chat PR: 40075
File: apps/meteor/client/views/room/modals/FileUploadModal/FileUploadModal.tsx:69-71
Timestamp: 2026-04-10T22:42:05.539Z
Learning: In `apps/meteor/client/views/room/modals/FileUploadModal/FileUploadModal.tsx`, the submit handler converts an empty/whitespace-only description to `undefined` (`description?.trim() || undefined`) intentionally. All downstream image-rendering components (`AttachmentImage`, `ImagePreview`, `ImageItem`, `ImageGallery`) default `undefined` alt to `''`, so the `<img alt="">` attribute is always present. Do not flag this `undefined` conversion as a bug preventing alt text from being cleared.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx

📚 Learning: 2026-03-27T14:52:56.865Z

Learnt from: dougfabris
Repo: RocketChat/Rocket.Chat PR: 39892
File: apps/meteor/client/views/room/contextualBar/Threads/Thread.tsx:150-155
Timestamp: 2026-03-27T14:52:56.865Z
Learning: In Rocket.Chat, there are two different `ModalBackdrop` components with different prop APIs. During review, confirm the import source: (1) `rocket.chat/fuselage` `ModalBackdrop` uses `ModalBackdropProps` based on `BoxProps` (so it supports `onClick` and other Box/DOM props) and does not have an `onDismiss` prop; (2) `rocket.chat/ui-client` `ModalBackdrop` uses a narrower props interface like `{ children?: ReactNode; onDismiss?: () => void }` and handles Escape keypress and outside mouse-up, and it does not forward arbitrary DOM props such as `onClick`. Flag mismatched props (e.g., `onDismiss` passed to the fuselage component or `onClick` passed to the ui-client component) and ensure the usage matches the correct component being imported.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx
• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2026-04-17T18:33:24.670Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 39858
File: apps/meteor/tests/e2e/apps/uikit-interactions.spec.ts:123-151
Timestamp: 2026-04-17T18:33:24.670Z
Learning: In RocketChat/Rocket.Chat (`apps/meteor/tests/e2e/apps/uikit-interactions.spec.ts`), `executeBlockActionHandler` invocations originating from a **modal** surface intentionally do NOT include a `block_action_room` (room property) in the interaction payload. Modals are not scoped to a room, so no room id is available in that context. Do not flag the absence of a room assertion in the modal block-action test as a missing coverage bug; instead, document it explicitly with a `test.step` asserting the room entry is `undefined`.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2025-12-10T21:00:54.909Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37091
File: ee/packages/abac/jest.config.ts:4-7
Timestamp: 2025-12-10T21:00:54.909Z
Learning: Rocket.Chat monorepo: Jest testMatch pattern '<rootDir>/src/**/*.spec.(ts|js|mjs)' is valid in this repo and used across multiple packages (e.g., packages/tools, ee/packages/omnichannel-services). Do not flag it as invalid in future reviews.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Utilize Playwright fixtures (`test`, `page`, `expect`) for consistency in test files

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Maintain test isolation between test cases in Playwright tests

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure tests run reliably in parallel without shared state conflicts

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : All test files must be created in `apps/meteor/tests/e2e/` directory

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2026-03-06T18:09:17.867Z

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 39397
File: packages/gazzodown/src/elements/Timestamp/DateTimeFormats.spec.tsx:20-23
Timestamp: 2026-03-06T18:09:17.867Z
Learning: In the RocketChat/Rocket.Chat gazzodown package (`packages/gazzodown`), tests are intended to run under the UTC timezone, but as of PR `#39397` this is NOT yet explicitly enforced in `jest.config.ts` or the `package.json` test scripts (which just run `jest` without `TZ=UTC`). To make timezone-sensitive snapshot tests reliable across all environments, `TZ=UTC` should be added to the test scripts in `package.json` or to `jest.config.ts` via `testEnvironmentOptions.timezone`. Without explicit UTC enforcement, snapshot tests involving date-fns formatted output or `toLocaleString()` will fail for contributors in non-UTC timezones.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2026-02-24T19:36:55.089Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 38493
File: apps/meteor/tests/e2e/page-objects/fragments/home-content.ts:60-82
Timestamp: 2026-02-24T19:36:55.089Z
Learning: In RocketChat/Rocket.Chat e2e tests (apps/meteor/tests/e2e/page-objects/fragments/home-content.ts), thread message preview listitems do not have aria-roledescription="message", so lastThreadMessagePreview locator cannot be scoped to messageListItems (which filters for aria-roledescription="message"). It should remain scoped to page.getByRole('listitem') or mainMessageList.getByRole('listitem').

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Group related tests in the same file

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

📚 Learning: 2026-03-06T18:10:15.268Z

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 39397
File: packages/gazzodown/src/code/CodeBlock.spec.tsx:47-68
Timestamp: 2026-03-06T18:10:15.268Z
Learning: In tests (especially those using testing-library/dom/jsdom) for Rocket.Chat components, the HTML <code> element has an implicit ARIA role of 'code'. Therefore, screen.getByRole('code') or screen.findByRole('code') will locate <code> elements even without a role attribute. Do not flag findByRole('code') as invalid in reviews; prefer using the implicit role instead of adding role="code" unless necessary for accessibility.

Applied to files:

• apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx

🔇 Additional comments (1)

apps/meteor/client/components/CreateDiscussion/CreateDiscussion.spec.tsx (1)

101-142: Good regression coverage for the enabled encrypted path.

The test captures the endpoint payload directly and verifies encrypted: true is sent with the expected parent room and discussion name.

[Gowwwthami]

Hi, I’ve addressed the review feedback:

• Updated logic to only include encrypted when enabled
• Preserved server-side inheritance behavior
• Added changeset and synced with latest develop

Please review. Thank you!