feat: merge branch 'develop' into feature-query-integration

[seungyeoneeee]

Skip Review (optional)

• Minor changes that don't affect the functionality (e.g. style, chore, ci, test, docs)
• Previously reviewed in feature branch, further review is not mandatory
• Self-merge allowed for solo developers or urgent changes

Description (optional)

Things to Talk About (optional)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
console	Ignored	Preview		Aug 18, 2025 1:11am
feature-query-integration	Ignored			Aug 18, 2025 1:11am
mfa-saas-qa	Ignored			Aug 18, 2025 1:11am
web-storybook	Ignored			Aug 18, 2025 1:11am

[github-actions]

⚠️ @seungyeoneeee the signed-off-by was not found in the following 2 commits:

• dba9a0f: chore: merge master into develop after 2.0.dev378 version tagging
• 3322d8f: feat(mfa): implementation new mfa feature

✅ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

[github-actions]

🎉 @skdud4659 has been randomly selected as the reviewer! Please review. 🙏

[Copilot]

Pull Request Overview

This PR merges the 'develop' branch into the 'feature-query-integration' branch, bringing together multiple feature additions and improvements including Multi-Factor Authentication (MFA) functionality, user interface updates, and infrastructure changes.

• Adds comprehensive MFA setup and management functionality with support for OTP and Email authentication
• Updates UI components including a new readonly mode for select cards and improved modal management
• Removes service configuration functionality from core library and updates authentication flows

Reviewed Changes

Copilot reviewed 72 out of 73 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
packages/mirinae/src/controls/select-card/PSelectCard.vue	Adds readonly prop and styling for disabled/readonly states
packages/language-pack/*.json	Adds new translation keys for MFA functionality across multiple languages
packages/core-lib/src/space-connector/*.ts	Removes service config logic and adds refresh token removal method
apps/web/src/services/my-page/components/*	Refactors MFA components to use new modal system
apps/web/src/services/iam/components/mfa/*	Adds new MFA management components for bulk operations
apps/web/src/services/auth/pages/MultiFactorAuthSetUpPage.vue	Adds new MFA setup page for authentication flow

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Empty translation strings should be filled with appropriate Korean translations or marked as TODO for future completion.

Suggested change

	"ENFORCE_INFO_TEXT": "",
	"ENFORCE_INFO_TEXT": "TODO",

[Copilot]

Empty translation strings should be filled with appropriate Japanese translations or marked as TODO for future completion.

Suggested change

	"ENFORCE_INFO_TEXT": "",
	"ENFORCE_INFO_TEXT": "TODO",

[Copilot]

Passing an empty string as the second parameter to showSuccessMessage is unclear. Consider using a more explicit parameter name or documenting the purpose of this parameter.

Suggested change

	showSuccessMessage(i18n.t('COMMON.PROFILE.SUCCESS_PASSWORD_CHECK'), '');
	showSuccessMessage(i18n.t('COMMON.PROFILE.SUCCESS_PASSWORD_CHECK'), SUCCESS_MESSAGE_NO_TITLE);

[Copilot]

Passing an empty object to disableMfa() may be incorrect. Verify that this API call doesn't require any parameters or consider making the parameter requirement explicit.

Suggested change

	await userProfileAPI.disableMfa({});
	await userProfileAPI.disableMfa();

[Copilot]

Remove commented out code that is no longer needed. If this logic may be needed in the future, consider documenting why it's commented out.

Suggested change

// isLocalLogin: computed<boolean>(() => userStore.state.authType === 'LOCAL'),

[Copilot]

The password validation regex is duplicated in multiple files. Consider extracting this to a shared constant or utility function to ensure consistency and easier maintenance.

Suggested change

	if (!passwordRegex.test(value)) {
	if (!PASSWORD_REGEX.test(value)) {

[Copilot]

Magic number for cooldown time should be extracted to a configuration file or constant. Consider making this configurable based on security requirements.

[github-actions]

⚠️ @seungyeoneeee the signed-off-by was not found in the following 2 commits:

• dba9a0f: chore: merge master into develop after 2.0.dev378 version tagging
• 3322d8f: feat(mfa): implementation new mfa feature

✅ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

[github-actions]

⚠️ @seungyeoneeee the signed-off-by was not found in the following 2 commits:

• dba9a0f: chore: merge master into develop after 2.0.dev378 version tagging
• 3322d8f: feat(mfa): implementation new mfa feature

✅ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

[github-actions]

⚠️ @seungyeoneeee the signed-off-by was not found in the following 2 commits:

• dba9a0f: chore: merge master into develop after 2.0.dev378 version tagging
• 3322d8f: feat(mfa): implementation new mfa feature

✅ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

[github-actions]

⚠️ @seungyeoneeee the signed-off-by was not found in the following 2 commits:

• dba9a0f: chore: merge master into develop after 2.0.dev378 version tagging
• 3322d8f: feat(mfa): implementation new mfa feature

✅ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'