@bitwarden/cli 2025.1.0 → 2025.1.2

package/build/bw.js

@@ -2193,6 +2193,7 @@ class EditCommand {
         this.apiService = apiService;
         this.folderApiService = folderApiService;
         this.accountService = accountService;
+        this.activeUserId$ = this.accountService.activeAccount$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((a) => a === null || a === void 0 ? void 0 : a.id));
     }
     run(object, id, requestJson, cmdOptions) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -2268,9 +2269,8 @@ class EditCommand {
             }
             cipher.collectionIds = req;
             try {
-                const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.accountService.activeAccount$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
                 const updatedCipher = yield this.cipherService.saveCollectionsWithServer(cipher);
-                const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher, activeUserId));
+                const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher, yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.activeUserId$)));
                 const res = new _vault_models_cipher_response__WEBPACK_IMPORTED_MODULE_9__/* .CipherResponse */ .N(decCipher);
                 return _models_response__WEBPACK_IMPORTED_MODULE_7__/* .Response */ .Y.success(res);
             }
@@ -2281,18 +2281,18 @@ class EditCommand {
     }
     editFolder(id, req) {
         return __awaiter(this, void 0, void 0, function* () {
-            const folder = yield this.folderService.getFromState(id);
+            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.activeUserId$);
+            const folder = yield this.folderService.getFromState(id, activeUserId);
             if (folder == null) {
                 return _models_response__WEBPACK_IMPORTED_MODULE_7__/* .Response */ .Y.notFound();
             }
             let folderView = yield folder.decrypt();
             folderView = _bitwarden_common_models_export_folder_export__WEBPACK_IMPORTED_MODULE_4__/* .FolderExport */ .V.toView(req, folderView);
-            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.accountService.activeAccount$);
-            const userKey = yield this.keyService.getUserKeyWithLegacySupport(activeUserId.id);
+            const userKey = yield this.keyService.getUserKeyWithLegacySupport(activeUserId);
             const encFolder = yield this.folderService.encrypt(folderView, userKey);
             try {
-                yield this.folderApiService.save(encFolder);
-                const updatedFolder = yield this.folderService.get(folder.id);
+                yield this.folderApiService.save(encFolder, activeUserId);
+                const updatedFolder = yield this.folderService.get(folder.id, activeUserId);
                 const decFolder = yield updatedFolder.decrypt();
                 const res = new _vault_models_folder_response__WEBPACK_IMPORTED_MODULE_10__/* .FolderResponse */ .s(decFolder);
                 return _models_response__WEBPACK_IMPORTED_MODULE_7__/* .Response */ .Y.success(res);
@@ -2505,6 +2505,7 @@ class GetCommand extends download_command/* DownloadCommand */._ {
         this.eventCollectionService = eventCollectionService;
         this.accountProfileService = accountProfileService;
         this.accountService = accountService;
+        this.activeUserId$ = this.accountService.activeAccount$.pipe((0,external_rxjs_.map)((a) => a === null || a === void 0 ? void 0 : a.id));
     }
     run(object, id, cmdOptions) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -2551,8 +2552,8 @@ class GetCommand extends download_command/* DownloadCommand */._ {
             let decCipher = null;
             if (utils/* Utils */.A.isGuid(id)) {
                 const cipher = yield this.cipherService.get(id);
-                const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$.pipe((0,external_rxjs_.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
                 if (cipher != null) {
+                    const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.activeUserId$);
                     decCipher = yield cipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(cipher, activeUserId));
                 }
             }
@@ -2586,9 +2587,7 @@ class GetCommand extends download_command/* DownloadCommand */._ {
                     return models_response/* Response */.Y.multipleResults(decCipher.map((c) => c.id));
                 }
             }
-            // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-            // eslint-disable-next-line @typescript-eslint/no-floating-promises
-            this.eventCollectionService.collect(enums/* EventType */.Bx.Cipher_ClientViewed, id, true, decCipher.organizationId);
+            yield this.eventCollectionService.collect(enums/* EventType */.Bx.Cipher_ClientViewed, decCipher.id, true, decCipher.organizationId);
             const res = new cipher_response/* CipherResponse */.N(decCipher);
             return models_response/* Response */.Y.success(res);
         });
@@ -2666,7 +2665,8 @@ class GetCommand extends download_command/* DownloadCommand */._ {
             if (totp == null) {
                 return models_response/* Response */.Y.error("Couldn't generate TOTP code.");
             }
-            const canAccessPremium = yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$);
+            const account = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$);
+            const canAccessPremium = yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$(account.id));
             if (!canAccessPremium) {
                 const originalCipher = yield this.cipherService.get(cipher.id);
                 if (originalCipher == null ||
@@ -2733,7 +2733,8 @@ class GetCommand extends download_command/* DownloadCommand */._ {
             if (attachments.length > 1) {
                 return models_response/* Response */.Y.multipleResults(attachments.map((a) => a.id));
             }
-            const canAccessPremium = yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$);
+            const account = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$);
+            const canAccessPremium = yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$(account.id));
             if (!canAccessPremium) {
                 const originalCipher = yield this.cipherService.get(cipher.id);
                 if (originalCipher == null || originalCipher.organizationId == null) {
@@ -2765,14 +2766,15 @@ class GetCommand extends download_command/* DownloadCommand */._ {
     getFolder(id) {
         return __awaiter(this, void 0, void 0, function* () {
             let decFolder = null;
+            const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.activeUserId$);
             if (utils/* Utils */.A.isGuid(id)) {
-                const folder = yield this.folderService.getFromState(id);
+                const folder = yield this.folderService.getFromState(id, activeUserId);
                 if (folder != null) {
                     decFolder = yield folder.decrypt();
                 }
             }
             else if (id.trim() !== "") {
-                let folders = yield this.folderService.getAllDecryptedFromState();
+                let folders = yield this.folderService.getAllDecryptedFromState(activeUserId);
                 folders = src_utils/* CliUtils */.U.searchFolders(folders, id);
                 if (folders.length > 1) {
                     return models_response/* Response */.Y.multipleResults(folders.map((f) => f.id));
@@ -2925,7 +2927,7 @@ class GetCommand extends download_command/* DownloadCommand */._ {
         return __awaiter(this, void 0, void 0, function* () {
             let fingerprint = null;
             if (id === "me") {
-                const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$.pipe((0,external_rxjs_.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
+                const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.activeUserId$);
                 const publicKey = yield (0,external_rxjs_.firstValueFrom)(this.keyService.userPublicKey$(activeUserId));
                 fingerprint = yield this.keyService.getFingerprint(activeUserId, publicKey);
             }
@@ -3019,7 +3021,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 class ListCommand {
-    constructor(cipherService, folderService, collectionService, organizationService, searchService, organizationUserApiService, apiService, eventCollectionService) {
+    constructor(cipherService, folderService, collectionService, organizationService, searchService, organizationUserApiService, apiService, eventCollectionService, accountService) {
         this.cipherService = cipherService;
         this.folderService = folderService;
         this.collectionService = collectionService;
@@ -3028,6 +3030,7 @@ class ListCommand {
         this.organizationUserApiService = organizationUserApiService;
         this.apiService = apiService;
         this.eventCollectionService = eventCollectionService;
+        this.accountService = accountService;
     }
     run(object, cmdOptions) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -3117,7 +3120,8 @@ class ListCommand {
     }
     listFolders(options) {
         return __awaiter(this, void 0, void 0, function* () {
-            let folders = yield this.folderService.getAllDecryptedFromState();
+            const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$.pipe((0,external_rxjs_.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
+            let folders = yield this.folderService.getAllDecryptedFromState(activeUserId);
             if (options.search != null && options.search.trim() !== "") {
                 folders = src_utils/* CliUtils */.U.searchFolders(folders, options.search);
             }
@@ -3367,6 +3371,57 @@ class StatusCommand {
 }
 
 
+/***/ }),
+
+/***/ 9653:
+/***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
+
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   F: () => (/* binding */ CliBiometricsService)
+/* harmony export */ });
+/* harmony import */ var _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(5907);
+var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+
+class CliBiometricsService extends _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_0__/* .BiometricsService */ .Zm {
+    authenticateWithBiometrics() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return false;
+        });
+    }
+    getBiometricsStatus() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_0__/* .BiometricsStatus */ .cR.PlatformUnsupported;
+        });
+    }
+    unlockWithBiometricsForUser(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return null;
+        });
+    }
+    getBiometricsStatusForUser(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_0__/* .BiometricsStatus */ .cR.PlatformUnsupported;
+        });
+    }
+    getShouldAutopromptNow() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return false;
+        });
+    }
+    setShouldAutopromptNow(value) {
+        return __awaiter(this, void 0, void 0, function* () { });
+    }
+}
+
+
 /***/ }),
 
 /***/ 7035:
@@ -8020,7 +8075,7 @@ class SendProgram extends base_program/* BaseProgram */.C {
             .action((encodedJson, options) => send_program_awaiter(this, void 0, void 0, function* () {
             yield this.exitIfLocked();
             const getCmd = new commands/* SendGetCommand */.MA(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.searchService, this.serviceContainer.encryptService, this.serviceContainer.apiService);
-            const cmd = new commands/* SendEditCommand */._s(this.serviceContainer.sendService, getCmd, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService);
+            const cmd = new commands/* SendEditCommand */._s(this.serviceContainer.sendService, getCmd, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.accountService);
             const response = yield cmd.run(encodedJson, options);
             this.processResponse(response);
         }));
@@ -8077,7 +8132,7 @@ class SendProgram extends base_program/* BaseProgram */.C {
     runCreate(encodedJson, options) {
         return send_program_awaiter(this, void 0, void 0, function* () {
             yield this.exitIfLocked();
-            const cmd = new commands/* SendCreateCommand */.QR(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService);
+            const cmd = new commands/* SendCreateCommand */.QR(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.accountService);
             return yield cmd.run(encodedJson, options);
         });
     }
@@ -8426,7 +8481,7 @@ class VaultProgram extends base_program/* BaseProgram */.C {
                 return;
             }
             yield this.exitIfLocked();
-            const command = new list_command/* ListCommand */.S(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.collectionService, this.serviceContainer.organizationService, this.serviceContainer.searchService, this.serviceContainer.organizationUserApiService, this.serviceContainer.apiService, this.serviceContainer.eventCollectionService);
+            const command = new list_command/* ListCommand */.S(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.collectionService, this.serviceContainer.organizationService, this.serviceContainer.searchService, this.serviceContainer.organizationUserApiService, this.serviceContainer.apiService, this.serviceContainer.eventCollectionService, this.serviceContainer.accountService);
             const response = yield command.run(object, cmd);
             this.processResponse(response);
         }));
@@ -8563,7 +8618,7 @@ class VaultProgram extends base_program/* BaseProgram */.C {
                 return;
             }
             yield this.exitIfLocked();
-            const command = new delete_command/* DeleteCommand */.R(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.apiService, this.serviceContainer.folderApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.cipherAuthorizationService);
+            const command = new delete_command/* DeleteCommand */.R(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.apiService, this.serviceContainer.folderApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.cipherAuthorizationService, this.serviceContainer.accountService);
             const response = yield command.run(object, id, cmd);
             this.processResponse(response);
         }));
@@ -8904,16 +8959,16 @@ __webpack_require__.a(module, async (__webpack_handle_async_dependencies__, __we
 /* harmony import */ var _bitwarden_common_autofill_services_domain_settings_service__WEBPACK_IMPORTED_MODULE_24__ = __webpack_require__(3400);
 /* harmony import */ var _bitwarden_common_billing_services_account_billing_account_profile_state_service__WEBPACK_IMPORTED_MODULE_25__ = __webpack_require__(9344);
 /* harmony import */ var _bitwarden_common_enums__WEBPACK_IMPORTED_MODULE_26__ = __webpack_require__(832);
-/* harmony import */ var _bitwarden_common_platform_enums__WEBPACK_IMPORTED_MODULE_27__ = __webpack_require__(6425);
-/* harmony import */ var _bitwarden_common_platform_factories_state_factory__WEBPACK_IMPORTED_MODULE_84__ = __webpack_require__(1737);
+/* harmony import */ var _bitwarden_common_platform_enums__WEBPACK_IMPORTED_MODULE_27__ = __webpack_require__(5874);
+/* harmony import */ var _bitwarden_common_platform_factories_state_factory__WEBPACK_IMPORTED_MODULE_85__ = __webpack_require__(1737);
 /* harmony import */ var _bitwarden_common_platform_messaging__WEBPACK_IMPORTED_MODULE_28__ = __webpack_require__(3083);
 /* harmony import */ var _bitwarden_common_platform_models_domain_account__WEBPACK_IMPORTED_MODULE_29__ = __webpack_require__(1656);
-/* harmony import */ var _bitwarden_common_platform_models_domain_global_state__WEBPACK_IMPORTED_MODULE_85__ = __webpack_require__(9464);
+/* harmony import */ var _bitwarden_common_platform_models_domain_global_state__WEBPACK_IMPORTED_MODULE_86__ = __webpack_require__(9464);
 /* harmony import */ var _bitwarden_common_platform_scheduling__WEBPACK_IMPORTED_MODULE_30__ = __webpack_require__(7143);
 /* harmony import */ var _bitwarden_common_platform_services_app_id_service__WEBPACK_IMPORTED_MODULE_31__ = __webpack_require__(5444);
 /* harmony import */ var _bitwarden_common_platform_services_config_config_api_service__WEBPACK_IMPORTED_MODULE_32__ = __webpack_require__(178);
 /* harmony import */ var _bitwarden_common_platform_services_config_default_config_service__WEBPACK_IMPORTED_MODULE_33__ = __webpack_require__(6497);
-/* harmony import */ var _bitwarden_common_platform_services_container_service__WEBPACK_IMPORTED_MODULE_86__ = __webpack_require__(7634);
+/* harmony import */ var _bitwarden_common_platform_services_container_service__WEBPACK_IMPORTED_MODULE_87__ = __webpack_require__(7634);
 /* harmony import */ var _bitwarden_common_platform_services_cryptography_encrypt_service_implementation__WEBPACK_IMPORTED_MODULE_34__ = __webpack_require__(2334);
 /* harmony import */ var _bitwarden_common_platform_services_cryptography_fallback_bulk_encrypt_service__WEBPACK_IMPORTED_MODULE_35__ = __webpack_require__(8943);
 /* harmony import */ var _bitwarden_common_platform_services_default_environment_service__WEBPACK_IMPORTED_MODULE_36__ = __webpack_require__(772);
@@ -8924,9 +8979,9 @@ __webpack_require__.a(module, async (__webpack_handle_async_dependencies__, __we
 /* harmony import */ var _bitwarden_common_platform_services_migration_runner__WEBPACK_IMPORTED_MODULE_41__ = __webpack_require__(2539);
 /* harmony import */ var _bitwarden_common_platform_services_sdk_default_sdk_client_factory__WEBPACK_IMPORTED_MODULE_42__ = __webpack_require__(4536);
 /* harmony import */ var _bitwarden_common_platform_services_sdk_default_sdk_service__WEBPACK_IMPORTED_MODULE_43__ = __webpack_require__(3315);
-/* harmony import */ var _bitwarden_common_platform_services_sdk_noop_sdk_client_factory__WEBPACK_IMPORTED_MODULE_88__ = __webpack_require__(2203);
+/* harmony import */ var _bitwarden_common_platform_services_sdk_noop_sdk_client_factory__WEBPACK_IMPORTED_MODULE_89__ = __webpack_require__(2203);
 /* harmony import */ var _bitwarden_common_platform_services_state_service__WEBPACK_IMPORTED_MODULE_44__ = __webpack_require__(4640);
-/* harmony import */ var _bitwarden_common_platform_services_storage_service_provider__WEBPACK_IMPORTED_MODULE_83__ = __webpack_require__(8216);
+/* harmony import */ var _bitwarden_common_platform_services_storage_service_provider__WEBPACK_IMPORTED_MODULE_84__ = __webpack_require__(8216);
 /* harmony import */ var _bitwarden_common_platform_services_user_auto_unlock_key_service__WEBPACK_IMPORTED_MODULE_45__ = __webpack_require__(9429);
 /* harmony import */ var _bitwarden_common_platform_state__WEBPACK_IMPORTED_MODULE_46__ = __webpack_require__(1068);
 /* harmony import */ var _bitwarden_common_platform_state_implementations_default_active_user_state_provider__WEBPACK_IMPORTED_MODULE_47__ = __webpack_require__(5517);
@@ -8956,16 +9011,17 @@ __webpack_require__.a(module, async (__webpack_handle_async_dependencies__, __we
 /* harmony import */ var _bitwarden_common_vault_services_totp_service__WEBPACK_IMPORTED_MODULE_71__ = __webpack_require__(4809);
 /* harmony import */ var _bitwarden_generator_legacy__WEBPACK_IMPORTED_MODULE_72__ = __webpack_require__(2912);
 /* harmony import */ var _bitwarden_importer_core__WEBPACK_IMPORTED_MODULE_73__ = __webpack_require__(9711);
-/* harmony import */ var _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_74__ = __webpack_require__(8614);
-/* harmony import */ var _bitwarden_node_services_node_crypto_function_service__WEBPACK_IMPORTED_MODULE_75__ = __webpack_require__(5696);
+/* harmony import */ var _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_74__ = __webpack_require__(5907);
+/* harmony import */ var _bitwarden_node_services_node_crypto_function_service__WEBPACK_IMPORTED_MODULE_75__ = __webpack_require__(8248);
 /* harmony import */ var _bitwarden_vault_export_core__WEBPACK_IMPORTED_MODULE_76__ = __webpack_require__(1166);
-/* harmony import */ var _platform_flags__WEBPACK_IMPORTED_MODULE_87__ = __webpack_require__(9308);
-/* harmony import */ var _platform_services_cli_platform_utils_service__WEBPACK_IMPORTED_MODULE_77__ = __webpack_require__(6698);
-/* harmony import */ var _platform_services_console_log_service__WEBPACK_IMPORTED_MODULE_78__ = __webpack_require__(5735);
-/* harmony import */ var _platform_services_i18n_service__WEBPACK_IMPORTED_MODULE_79__ = __webpack_require__(5350);
-/* harmony import */ var _platform_services_lowdb_storage_service__WEBPACK_IMPORTED_MODULE_80__ = __webpack_require__(1173);
-/* harmony import */ var _platform_services_node_api_service__WEBPACK_IMPORTED_MODULE_81__ = __webpack_require__(1363);
-/* harmony import */ var _platform_services_node_env_secure_storage_service__WEBPACK_IMPORTED_MODULE_82__ = __webpack_require__(9177);
+/* harmony import */ var _key_management_cli_biometrics_service__WEBPACK_IMPORTED_MODULE_77__ = __webpack_require__(9653);
+/* harmony import */ var _platform_flags__WEBPACK_IMPORTED_MODULE_88__ = __webpack_require__(9308);
+/* harmony import */ var _platform_services_cli_platform_utils_service__WEBPACK_IMPORTED_MODULE_78__ = __webpack_require__(6698);
+/* harmony import */ var _platform_services_console_log_service__WEBPACK_IMPORTED_MODULE_79__ = __webpack_require__(5735);
+/* harmony import */ var _platform_services_i18n_service__WEBPACK_IMPORTED_MODULE_80__ = __webpack_require__(5350);
+/* harmony import */ var _platform_services_lowdb_storage_service__WEBPACK_IMPORTED_MODULE_81__ = __webpack_require__(1173);
+/* harmony import */ var _platform_services_node_api_service__WEBPACK_IMPORTED_MODULE_82__ = __webpack_require__(1363);
+/* harmony import */ var _platform_services_node_env_secure_storage_service__WEBPACK_IMPORTED_MODULE_83__ = __webpack_require__(9177);
 var __webpack_async_dependencies__ = __webpack_handle_async_dependencies__([_bitwarden_common_platform_services_sdk_default_sdk_client_factory__WEBPACK_IMPORTED_MODULE_42__]);
 _bitwarden_common_platform_services_sdk_default_sdk_client_factory__WEBPACK_IMPORTED_MODULE_42__ = (__webpack_async_dependencies__.then ? (await __webpack_async_dependencies__)() : __webpack_async_dependencies__)[0];
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@@ -9068,6 +9124,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 
+
 
 
 // Polyfills
@@ -9103,12 +9160,12 @@ class ServiceContainer {
             p = path__WEBPACK_IMPORTED_MODULE_1__.join((_c = process.env.HOME) !== null && _c !== void 0 ? _c : "", ".config/Bitwarden CLI");
         }
         const logoutCallback = () => __awaiter(this, void 0, void 0, function* () { return yield this.logout(); });
-        this.platformUtilsService = new _platform_services_cli_platform_utils_service__WEBPACK_IMPORTED_MODULE_77__/* .CliPlatformUtilsService */ .w(_bitwarden_common_enums__WEBPACK_IMPORTED_MODULE_26__/* .ClientType */ .sK.Cli, packageJson);
-        this.logService = new _platform_services_console_log_service__WEBPACK_IMPORTED_MODULE_78__/* .ConsoleLogService */ .V(this.platformUtilsService.isDev(), (level) => process.env.BITWARDENCLI_DEBUG !== "true" && level <= _bitwarden_common_platform_enums__WEBPACK_IMPORTED_MODULE_27__/* .LogLevelType */ .xk.Info);
+        this.platformUtilsService = new _platform_services_cli_platform_utils_service__WEBPACK_IMPORTED_MODULE_78__/* .CliPlatformUtilsService */ .w(_bitwarden_common_enums__WEBPACK_IMPORTED_MODULE_26__/* .ClientType */ .sK.Cli, packageJson);
+        this.logService = new _platform_services_console_log_service__WEBPACK_IMPORTED_MODULE_79__/* .ConsoleLogService */ .V(this.platformUtilsService.isDev(), (level) => process.env.BITWARDENCLI_DEBUG !== "true" && level <= _bitwarden_common_platform_enums__WEBPACK_IMPORTED_MODULE_27__/* .LogLevelType */ .xk.Info);
         this.cryptoFunctionService = new _bitwarden_node_services_node_crypto_function_service__WEBPACK_IMPORTED_MODULE_75__/* .NodeCryptoFunctionService */ .h();
         this.encryptService = new _bitwarden_common_platform_services_cryptography_encrypt_service_implementation__WEBPACK_IMPORTED_MODULE_34__/* .EncryptServiceImplementation */ .H(this.cryptoFunctionService, this.logService, true);
-        this.storageService = new _platform_services_lowdb_storage_service__WEBPACK_IMPORTED_MODULE_80__/* .LowdbStorageService */ .N(this.logService, null, p, false, true);
-        this.secureStorageService = new _platform_services_node_env_secure_storage_service__WEBPACK_IMPORTED_MODULE_82__/* .NodeEnvSecureStorageService */ .H(this.storageService, this.logService, 
+        this.storageService = new _platform_services_lowdb_storage_service__WEBPACK_IMPORTED_MODULE_81__/* .LowdbStorageService */ .N(this.logService, null, p, false, true);
+        this.secureStorageService = new _platform_services_node_env_secure_storage_service__WEBPACK_IMPORTED_MODULE_83__/* .NodeEnvSecureStorageService */ .H(this.storageService, this.logService, 
         // MAC failures for secure storage are being logged for customers today and
         // they occur when users unlock / login and refresh a session key but don't
         // export it into their environment (e.g. BW_SESSION_KEY). This leaves a stale
@@ -9118,11 +9175,11 @@ class ServiceContainer {
         new _bitwarden_common_platform_services_cryptography_encrypt_service_implementation__WEBPACK_IMPORTED_MODULE_34__/* .EncryptServiceImplementation */ .H(this.cryptoFunctionService, this.logService, false));
         this.memoryStorageService = new _bitwarden_common_platform_services_memory_storage_service__WEBPACK_IMPORTED_MODULE_39__/* .MemoryStorageService */ .g();
         this.memoryStorageForStateProviders = new _bitwarden_common_platform_state_storage_memory_storage_service__WEBPACK_IMPORTED_MODULE_53__/* .MemoryStorageService */ .g();
-        const storageServiceProvider = new _bitwarden_common_platform_services_storage_service_provider__WEBPACK_IMPORTED_MODULE_83__/* .StorageServiceProvider */ .w(this.storageService, this.memoryStorageForStateProviders);
+        const storageServiceProvider = new _bitwarden_common_platform_services_storage_service_provider__WEBPACK_IMPORTED_MODULE_84__/* .StorageServiceProvider */ .w(this.storageService, this.memoryStorageForStateProviders);
         this.globalStateProvider = new _bitwarden_common_platform_state_implementations_default_global_state_provider__WEBPACK_IMPORTED_MODULE_49__/* .DefaultGlobalStateProvider */ .d(storageServiceProvider, this.logService);
         const stateEventRegistrarService = new _bitwarden_common_platform_state_state_event_registrar_service__WEBPACK_IMPORTED_MODULE_52__/* .StateEventRegistrarService */ .iO(this.globalStateProvider, storageServiceProvider);
         this.stateEventRunnerService = new _bitwarden_common_platform_state__WEBPACK_IMPORTED_MODULE_46__/* .StateEventRunnerService */ .lR(this.globalStateProvider, storageServiceProvider);
-        this.i18nService = new _platform_services_i18n_service__WEBPACK_IMPORTED_MODULE_79__/* .I18nService */ .W("en", "./locales", this.globalStateProvider);
+        this.i18nService = new _platform_services_i18n_service__WEBPACK_IMPORTED_MODULE_80__/* .I18nService */ .W("en", "./locales", this.globalStateProvider);
         this.singleUserStateProvider = new _bitwarden_common_platform_state_implementations_default_single_user_state_provider__WEBPACK_IMPORTED_MODULE_50__/* .DefaultSingleUserStateProvider */ .B(storageServiceProvider, stateEventRegistrarService, this.logService);
         this.messagingService = _bitwarden_common_platform_messaging__WEBPACK_IMPORTED_MODULE_28__/* .MessageSender */ .D$.EMPTY;
         this.accountService = new _bitwarden_common_auth_services_account_service__WEBPACK_IMPORTED_MODULE_12__/* .AccountServiceImplementation */ .xy(this.messagingService, this.logService, this.globalStateProvider);
@@ -9133,7 +9190,7 @@ class ServiceContainer {
         this.keyGenerationService = new _bitwarden_common_platform_services_key_generation_service__WEBPACK_IMPORTED_MODULE_38__/* .KeyGenerationService */ .$(this.cryptoFunctionService);
         this.tokenService = new _bitwarden_common_auth_services_token_service__WEBPACK_IMPORTED_MODULE_19__/* .TokenService */ .B(this.singleUserStateProvider, this.globalStateProvider, this.platformUtilsService.supportsSecureStorage(), this.secureStorageService, this.keyGenerationService, this.encryptService, this.logService, logoutCallback);
         const migrationRunner = new _bitwarden_common_platform_services_migration_runner__WEBPACK_IMPORTED_MODULE_41__/* .MigrationRunner */ .N(this.storageService, this.logService, new _bitwarden_common_platform_services_migration_builder_service__WEBPACK_IMPORTED_MODULE_40__/* .MigrationBuilderService */ .l(), _bitwarden_common_enums__WEBPACK_IMPORTED_MODULE_26__/* .ClientType */ .sK.Cli);
-        this.stateService = new _bitwarden_common_platform_services_state_service__WEBPACK_IMPORTED_MODULE_44__/* .StateService */ .d(this.storageService, this.secureStorageService, this.memoryStorageService, this.logService, new _bitwarden_common_platform_factories_state_factory__WEBPACK_IMPORTED_MODULE_84__/* .StateFactory */ .Y(_bitwarden_common_platform_models_domain_global_state__WEBPACK_IMPORTED_MODULE_85__/* .GlobalState */ .R, _bitwarden_common_platform_models_domain_account__WEBPACK_IMPORTED_MODULE_29__/* .Account */ .gD), this.accountService, this.environmentService, this.tokenService, migrationRunner);
+        this.stateService = new _bitwarden_common_platform_services_state_service__WEBPACK_IMPORTED_MODULE_44__/* .StateService */ .d(this.storageService, this.secureStorageService, this.memoryStorageService, this.logService, new _bitwarden_common_platform_factories_state_factory__WEBPACK_IMPORTED_MODULE_85__/* .StateFactory */ .Y(_bitwarden_common_platform_models_domain_global_state__WEBPACK_IMPORTED_MODULE_86__/* .GlobalState */ .R, _bitwarden_common_platform_models_domain_account__WEBPACK_IMPORTED_MODULE_29__/* .Account */ .gD), this.accountService, this.environmentService, this.tokenService, migrationRunner);
         this.masterPasswordService = new _bitwarden_common_auth_services_master_password_master_password_service__WEBPACK_IMPORTED_MODULE_18__/* .MasterPasswordService */ .x(this.stateProvider, this.stateService, this.keyGenerationService, this.encryptService, this.logService);
         this.kdfConfigService = new _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_74__/* .DefaultKdfConfigService */ .aT(this.stateProvider);
         this.pinService = new _bitwarden_auth_common__WEBPACK_IMPORTED_MODULE_5__/* .PinService */ .d7(this.accountService, this.cryptoFunctionService, this.encryptService, this.kdfConfigService, this.keyGenerationService, this.logService, this.masterPasswordService, this.stateProvider, this.stateService);
@@ -9152,9 +9209,12 @@ class ServiceContainer {
         const refreshAccessTokenErrorCallback = () => {
             throw new Error("Refresh Access token error");
         };
-        this.apiService = new _platform_services_node_api_service__WEBPACK_IMPORTED_MODULE_81__/* .NodeApiService */ .c(this.tokenService, this.platformUtilsService, this.environmentService, this.appIdService, refreshAccessTokenErrorCallback, this.logService, logoutCallback, this.vaultTimeoutSettingsService, customUserAgent);
-        this.containerService = new _bitwarden_common_platform_services_container_service__WEBPACK_IMPORTED_MODULE_86__/* .ContainerService */ .J(this.keyService, this.encryptService);
-        this.domainSettingsService = new _bitwarden_common_autofill_services_domain_settings_service__WEBPACK_IMPORTED_MODULE_24__/* .DefaultDomainSettingsService */ .G(this.stateProvider);
+        this.apiService = new _platform_services_node_api_service__WEBPACK_IMPORTED_MODULE_82__/* .NodeApiService */ .c(this.tokenService, this.platformUtilsService, this.environmentService, this.appIdService, refreshAccessTokenErrorCallback, this.logService, logoutCallback, this.vaultTimeoutSettingsService, customUserAgent);
+        this.containerService = new _bitwarden_common_platform_services_container_service__WEBPACK_IMPORTED_MODULE_87__/* .ContainerService */ .J(this.keyService, this.encryptService);
+        this.configApiService = new _bitwarden_common_platform_services_config_config_api_service__WEBPACK_IMPORTED_MODULE_32__/* .ConfigApiService */ .s(this.apiService, this.tokenService);
+        this.authService = new _bitwarden_common_auth_services_auth_service__WEBPACK_IMPORTED_MODULE_13__/* .AuthService */ .u(this.accountService, this.messagingService, this.keyService, this.apiService, this.stateService, this.tokenService);
+        this.configService = new _bitwarden_common_platform_services_config_default_config_service__WEBPACK_IMPORTED_MODULE_33__/* .DefaultConfigService */ .vQ(this.configApiService, this.environmentService, this.logService, this.stateProvider, this.authService);
+        this.domainSettingsService = new _bitwarden_common_autofill_services_domain_settings_service__WEBPACK_IMPORTED_MODULE_24__/* .DefaultDomainSettingsService */ .G(this.stateProvider, this.configService);
         this.fileUploadService = new _bitwarden_common_platform_services_file_upload_file_upload_service__WEBPACK_IMPORTED_MODULE_37__/* .FileUploadService */ .P(this.logService, this.apiService);
         this.sendStateProvider = new _bitwarden_common_tools_send_services_send_state_provider__WEBPACK_IMPORTED_MODULE_63__/* .SendStateProvider */ .T(this.stateProvider);
         this.sendService = new _bitwarden_common_tools_send_services_send_service__WEBPACK_IMPORTED_MODULE_64__/* .SendService */ .u(this.keyService, this.i18nService, this.keyGenerationService, this.sendStateProvider, this.encryptService);
@@ -9166,18 +9226,15 @@ class ServiceContainer {
         this.policyApiService = new _bitwarden_common_admin_console_services_policy_policy_api_service__WEBPACK_IMPORTED_MODULE_8__/* .PolicyApiService */ .S(this.policyService, this.apiService);
         this.keyConnectorService = new _bitwarden_common_auth_services_key_connector_service__WEBPACK_IMPORTED_MODULE_17__/* .KeyConnectorService */ .Kl(this.accountService, this.masterPasswordService, this.keyService, this.apiService, this.tokenService, this.logService, this.organizationService, this.keyGenerationService, logoutCallback, this.stateProvider);
         this.twoFactorService = new _bitwarden_common_auth_services_two_factor_service__WEBPACK_IMPORTED_MODULE_20__/* .TwoFactorService */ .fz(this.i18nService, this.platformUtilsService, this.globalStateProvider);
-        const sdkClientFactory = (0,_platform_flags__WEBPACK_IMPORTED_MODULE_87__/* .flagEnabled */ .U5)("sdk")
+        const sdkClientFactory = (0,_platform_flags__WEBPACK_IMPORTED_MODULE_88__/* .flagEnabled */ .U5)("sdk")
             ? new _bitwarden_common_platform_services_sdk_default_sdk_client_factory__WEBPACK_IMPORTED_MODULE_42__/* .DefaultSdkClientFactory */ .N()
-            : new _bitwarden_common_platform_services_sdk_noop_sdk_client_factory__WEBPACK_IMPORTED_MODULE_88__/* .NoopSdkClientFactory */ .e();
+            : new _bitwarden_common_platform_services_sdk_noop_sdk_client_factory__WEBPACK_IMPORTED_MODULE_89__/* .NoopSdkClientFactory */ .e();
         this.sdkService = new _bitwarden_common_platform_services_sdk_default_sdk_service__WEBPACK_IMPORTED_MODULE_43__/* .DefaultSdkService */ .$(sdkClientFactory, this.environmentService, this.platformUtilsService, this.accountService, this.kdfConfigService, this.keyService, customUserAgent);
         this.passwordStrengthService = new _bitwarden_common_tools_password_strength__WEBPACK_IMPORTED_MODULE_61__/* .PasswordStrengthService */ .y();
         this.passwordGenerationService = (0,_bitwarden_generator_legacy__WEBPACK_IMPORTED_MODULE_72__/* .legacyPasswordGenerationServiceFactory */ .Im)(this.encryptService, this.keyService, this.policyService, this.accountService, this.stateProvider);
         this.authRequestService = new _bitwarden_auth_common__WEBPACK_IMPORTED_MODULE_5__/* .AuthRequestService */ .H8(this.appIdService, this.accountService, this.masterPasswordService, this.keyService, this.encryptService, this.apiService, this.stateProvider);
-        this.billingAccountProfileStateService = new _bitwarden_common_billing_services_account_billing_account_profile_state_service__WEBPACK_IMPORTED_MODULE_25__/* .DefaultBillingAccountProfileStateService */ .x(this.stateProvider);
+        this.billingAccountProfileStateService = new _bitwarden_common_billing_services_account_billing_account_profile_state_service__WEBPACK_IMPORTED_MODULE_25__/* .DefaultBillingAccountProfileStateService */ .x(this.stateProvider, this.platformUtilsService, this.apiService);
         this.taskSchedulerService = new _bitwarden_common_platform_scheduling__WEBPACK_IMPORTED_MODULE_30__/* .DefaultTaskSchedulerService */ .P8(this.logService);
-        this.authService = new _bitwarden_common_auth_services_auth_service__WEBPACK_IMPORTED_MODULE_13__/* .AuthService */ .u(this.accountService, this.messagingService, this.keyService, this.apiService, this.stateService, this.tokenService);
-        this.configApiService = new _bitwarden_common_platform_services_config_config_api_service__WEBPACK_IMPORTED_MODULE_32__/* .ConfigApiService */ .s(this.apiService, this.tokenService);
-        this.configService = new _bitwarden_common_platform_services_config_default_config_service__WEBPACK_IMPORTED_MODULE_33__/* .DefaultConfigService */ .vQ(this.configApiService, this.environmentService, this.logService, this.stateProvider, this.authService);
         this.devicesApiService = new _bitwarden_common_auth_services_devices_api_service_implementation__WEBPACK_IMPORTED_MODULE_16__/* .DevicesApiServiceImplementation */ .D(this.apiService);
         this.deviceTrustService = new _bitwarden_common_auth_services_device_trust_service_implementation__WEBPACK_IMPORTED_MODULE_15__/* .DeviceTrustService */ .Wn(this.keyGenerationService, this.cryptoFunctionService, this.keyService, this.encryptService, this.appIdService, this.devicesApiService, this.i18nService, this.platformUtilsService, this.stateProvider, this.secureStorageService, this.userDecryptionOptionsService, this.logService, this.configService);
         this.loginStrategyService = new _bitwarden_auth_common__WEBPACK_IMPORTED_MODULE_5__/* .LoginStrategyService */ .CL(this.accountService, this.masterPasswordService, this.keyService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.keyConnectorService, this.environmentService, this.stateService, this.twoFactorService, this.i18nService, this.encryptService, this.passwordStrengthService, this.policyService, this.deviceTrustService, this.authRequestService, this.userDecryptionOptionsService, this.globalStateProvider, this.billingAccountProfileStateService, this.vaultTimeoutSettingsService, this.kdfConfigService, this.taskSchedulerService);
@@ -9188,8 +9245,9 @@ class ServiceContainer {
         this.folderApiService = new _bitwarden_common_vault_services_folder_folder_api_service__WEBPACK_IMPORTED_MODULE_69__/* .FolderApiService */ .U(this.folderService, this.apiService);
         const lockedCallback = (userId) => __awaiter(this, void 0, void 0, function* () { return yield this.keyService.clearStoredUserKey(_bitwarden_common_platform_enums__WEBPACK_IMPORTED_MODULE_27__/* .KeySuffixOptions */ .hq.Auto); });
         this.userVerificationApiService = new _bitwarden_common_auth_services_user_verification_user_verification_api_service__WEBPACK_IMPORTED_MODULE_21__/* .UserVerificationApiService */ .S(this.apiService);
-        this.userVerificationService = new _bitwarden_common_auth_services_user_verification_user_verification_service__WEBPACK_IMPORTED_MODULE_22__/* .UserVerificationService */ .i(this.keyService, this.accountService, this.masterPasswordService, this.i18nService, this.userVerificationApiService, this.userDecryptionOptionsService, this.pinService, this.logService, this.vaultTimeoutSettingsService, this.platformUtilsService, this.kdfConfigService);
-        this.vaultTimeoutService = new _bitwarden_common_services_vault_timeout_vault_timeout_service__WEBPACK_IMPORTED_MODULE_60__/* .VaultTimeoutService */ .n(this.accountService, this.masterPasswordService, this.cipherService, this.folderService, this.collectionService, this.platformUtilsService, this.messagingService, this.searchService, this.stateService, this.authService, this.vaultTimeoutSettingsService, this.stateEventRunnerService, this.taskSchedulerService, this.logService, lockedCallback, undefined);
+        this.userVerificationService = new _bitwarden_common_auth_services_user_verification_user_verification_service__WEBPACK_IMPORTED_MODULE_22__/* .UserVerificationService */ .i(this.keyService, this.accountService, this.masterPasswordService, this.i18nService, this.userVerificationApiService, this.userDecryptionOptionsService, this.pinService, this.kdfConfigService, new _key_management_cli_biometrics_service__WEBPACK_IMPORTED_MODULE_77__/* .CliBiometricsService */ .F());
+        const biometricService = new _key_management_cli_biometrics_service__WEBPACK_IMPORTED_MODULE_77__/* .CliBiometricsService */ .F();
+        this.vaultTimeoutService = new _bitwarden_common_services_vault_timeout_vault_timeout_service__WEBPACK_IMPORTED_MODULE_60__/* .VaultTimeoutService */ .n(this.accountService, this.masterPasswordService, this.cipherService, this.folderService, this.collectionService, this.platformUtilsService, this.messagingService, this.searchService, this.stateService, this.authService, this.vaultTimeoutSettingsService, this.stateEventRunnerService, this.taskSchedulerService, this.logService, biometricService, lockedCallback, undefined);
         this.avatarService = new _bitwarden_common_auth_services_avatar_service__WEBPACK_IMPORTED_MODULE_14__/* .AvatarService */ .v(this.apiService, this.stateProvider);
         this.syncService = new _bitwarden_common_platform_sync_internal__WEBPACK_IMPORTED_MODULE_54__/* .DefaultSyncService */ .A(this.masterPasswordService, this.accountService, this.apiService, this.domainSettingsService, this.folderService, this.cipherService, this.keyService, this.collectionService, this.messagingService, this.policyService, this.sendService, this.logService, this.keyConnectorService, this.stateService, this.providerService, this.folderApiService, this.organizationService, this.sendApiService, this.userDecryptionOptionsService, this.avatarService, logoutCallback, this.billingAccountProfileStateService, this.tokenService, this.authService, this.stateProvider);
         this.totpService = new _bitwarden_common_vault_services_totp_service__WEBPACK_IMPORTED_MODULE_71__/* .TotpService */ .R(this.cryptoFunctionService, this.logService);
@@ -9407,11 +9465,12 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 class SendCreateCommand {
-    constructor(sendService, environmentService, sendApiService, accountProfileService) {
+    constructor(sendService, environmentService, sendApiService, accountProfileService, accountService) {
         this.sendService = sendService;
         this.environmentService = environmentService;
         this.sendApiService = sendApiService;
         this.accountProfileService = accountProfileService;
+        this.accountService = accountService;
     }
     run(requestJson, cmdOptions) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -9461,12 +9520,13 @@ class SendCreateCommand {
             const maxAccessCount = (_h = req.maxAccessCount) !== null && _h !== void 0 ? _h : options.maxAccessCount;
             req.key = null;
             req.maxAccessCount = maxAccessCount;
+            const hasPremium$ = this.accountService.activeAccount$.pipe((0,external_rxjs_.switchMap)(({ id }) => this.accountProfileService.hasPremiumFromAnySource$(id)));
             switch (req.type) {
                 case send_type/* SendType */.N.File:
                     if (process.env.BW_SERVE === "true") {
                         return models_response/* Response */.Y.error("Creating a file-based Send is unsupported through the `serve` command at this time.");
                     }
-                    if (!(yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$))) {
+                    if (!(yield (0,external_rxjs_.firstValueFrom)(hasPremium$))) {
                         return models_response/* Response */.Y.error("Premium status is required to use this feature.");
                     }
                     if (filePath == null) {
@@ -9570,11 +9630,12 @@ var edit_command_awaiter = (undefined && undefined.__awaiter) || function (thisA
 
 
 class SendEditCommand {
-    constructor(sendService, getCommand, sendApiService, accountProfileService) {
+    constructor(sendService, getCommand, sendApiService, accountProfileService, accountService) {
         this.sendService = sendService;
         this.getCommand = getCommand;
         this.sendApiService = sendApiService;
         this.accountProfileService = accountProfileService;
+        this.accountService = accountService;
     }
     run(requestJson, cmdOptions) {
         return edit_command_awaiter(this, void 0, void 0, function* () {
@@ -9611,7 +9672,8 @@ class SendEditCommand {
             if (send.type !== req.type) {
                 return models_response/* Response */.Y.badRequest("Cannot change a Send's type");
             }
-            const canAccessPremium = yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$);
+            const account = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$);
+            const canAccessPremium = yield (0,external_rxjs_.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$(account.id));
             if (send.type === send_type/* SendType */.N.File && !canAccessPremium) {
                 return models_response/* Response */.Y.error("Premium status is required to use this feature.");
             }
@@ -10648,6 +10710,7 @@ class CreateCommand {
         this.accountProfileService = accountProfileService;
         this.organizationService = organizationService;
         this.accountService = accountService;
+        this.activeUserId$ = this.accountService.activeAccount$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_2__.map)((a) => a === null || a === void 0 ? void 0 : a.id));
     }
     run(object_1, requestJson_1, cmdOptions_1) {
         return __awaiter(this, arguments, void 0, function* (object, requestJson, cmdOptions, additionalData = null) {
@@ -10689,7 +10752,7 @@ class CreateCommand {
     }
     createCipher(req) {
         return __awaiter(this, void 0, void 0, function* () {
-            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.accountService.activeAccount$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_2__.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
+            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.activeUserId$);
             const cipher = yield this.cipherService.encrypt(_bitwarden_common_models_export_cipher_export__WEBPACK_IMPORTED_MODULE_4__/* .CipherExport */ .q.toView(req), activeUserId);
             try {
                 const newCipher = yield this.cipherService.createWithServer(cipher);
@@ -10735,8 +10798,9 @@ class CreateCommand {
             if (cipher == null) {
                 return _models_response__WEBPACK_IMPORTED_MODULE_9__/* .Response */ .Y.notFound();
             }
-            if (cipher.organizationId == null &&
-                !(yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$))) {
+            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.activeUserId$);
+            const canAccessPremium = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$(activeUserId));
+            if (cipher.organizationId == null && !canAccessPremium) {
                 return _models_response__WEBPACK_IMPORTED_MODULE_9__/* .Response */ .Y.error("Premium status is required to use this feature.");
             }
             const userKey = yield this.keyService.getUserKey();
@@ -10745,7 +10809,6 @@ class CreateCommand {
                     "See https://help.bitwarden.com/article/update-encryption-key/");
             }
             try {
-                const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.accountService.activeAccount$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_2__.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
                 const updatedCipher = yield this.cipherService.saveAttachmentRawWithServer(cipher, fileName, new Uint8Array(fileBuf).buffer, activeUserId);
                 const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher, activeUserId));
                 return _models_response__WEBPACK_IMPORTED_MODULE_9__/* .Response */ .Y.success(new _models_cipher_response__WEBPACK_IMPORTED_MODULE_11__/* .CipherResponse */ .N(decCipher));
@@ -10757,12 +10820,12 @@ class CreateCommand {
     }
     createFolder(req) {
         return __awaiter(this, void 0, void 0, function* () {
-            const activeAccountId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.accountService.activeAccount$);
-            const userKey = yield this.keyService.getUserKeyWithLegacySupport(activeAccountId.id);
+            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_2__.firstValueFrom)(this.activeUserId$);
+            const userKey = yield this.keyService.getUserKeyWithLegacySupport(activeUserId);
             const folder = yield this.folderService.encrypt(_bitwarden_common_models_export_folder_export__WEBPACK_IMPORTED_MODULE_6__/* .FolderExport */ .V.toView(req), userKey);
             try {
-                yield this.folderApiService.save(folder);
-                const newFolder = yield this.folderService.get(folder.id);
+                yield this.folderApiService.save(folder, activeUserId);
+                const newFolder = yield this.folderService.get(folder.id, activeUserId);
                 const decFolder = yield newFolder.decrypt();
                 const res = new _models_folder_response__WEBPACK_IMPORTED_MODULE_12__/* .FolderResponse */ .s(decFolder);
                 return _models_response__WEBPACK_IMPORTED_MODULE_9__/* .Response */ .Y.success(res);
@@ -10849,13 +10912,14 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 class DeleteCommand {
-    constructor(cipherService, folderService, apiService, folderApiService, accountProfileService, cipherAuthorizationService) {
+    constructor(cipherService, folderService, apiService, folderApiService, accountProfileService, cipherAuthorizationService, accountService) {
         this.cipherService = cipherService;
         this.folderService = folderService;
         this.apiService = apiService;
         this.folderApiService = folderApiService;
         this.accountProfileService = accountProfileService;
         this.cipherAuthorizationService = cipherAuthorizationService;
+        this.accountService = accountService;
     }
     run(object, id, cmdOptions) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -10918,7 +10982,8 @@ class DeleteCommand {
             if (attachments.length === 0) {
                 return _models_response__WEBPACK_IMPORTED_MODULE_2__/* .Response */ .Y.error("Attachment `" + id + "` was not found.");
             }
-            const canAccessPremium = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$);
+            const account = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.accountService.activeAccount$);
+            const canAccessPremium = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.accountProfileService.hasPremiumFromAnySource$(account.id));
             if (cipher.organizationId == null && !canAccessPremium) {
                 return _models_response__WEBPACK_IMPORTED_MODULE_2__/* .Response */ .Y.error("Premium status is required to use this feature.");
             }
@@ -10933,12 +10998,13 @@ class DeleteCommand {
     }
     deleteFolder(id) {
         return __awaiter(this, void 0, void 0, function* () {
-            const folder = yield this.folderService.getFromState(id);
+            const activeUserId = yield (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.firstValueFrom)(this.accountService.activeAccount$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
+            const folder = yield this.folderService.getFromState(id, activeUserId);
             if (folder == null) {
                 return _models_response__WEBPACK_IMPORTED_MODULE_2__/* .Response */ .Y.notFound();
             }
             try {
-                yield this.folderApiService.delete(id);
+                yield this.folderApiService.delete(id, activeUserId);
                 return _models_response__WEBPACK_IMPORTED_MODULE_2__/* .Response */ .Y.success();
             }
             catch (e) {
@@ -11644,22 +11710,22 @@ class OssServeConfigurator {
     constructor(serviceContainer) {
         this.serviceContainer = serviceContainer;
         this.getCommand = new get_command/* GetCommand */.s(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.collectionService, this.serviceContainer.totpService, this.serviceContainer.auditService, this.serviceContainer.keyService, this.serviceContainer.encryptService, this.serviceContainer.searchService, this.serviceContainer.apiService, this.serviceContainer.organizationService, this.serviceContainer.eventCollectionService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.accountService);
-        this.listCommand = new list_command/* ListCommand */.S(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.collectionService, this.serviceContainer.organizationService, this.serviceContainer.searchService, this.serviceContainer.organizationUserApiService, this.serviceContainer.apiService, this.serviceContainer.eventCollectionService);
+        this.listCommand = new list_command/* ListCommand */.S(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.collectionService, this.serviceContainer.organizationService, this.serviceContainer.searchService, this.serviceContainer.organizationUserApiService, this.serviceContainer.apiService, this.serviceContainer.eventCollectionService, this.serviceContainer.accountService);
         this.createCommand = new create_command/* CreateCommand */.K(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.keyService, this.serviceContainer.encryptService, this.serviceContainer.apiService, this.serviceContainer.folderApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.organizationService, this.serviceContainer.accountService);
         this.editCommand = new edit_command/* EditCommand */.s(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.keyService, this.serviceContainer.encryptService, this.serviceContainer.apiService, this.serviceContainer.folderApiService, this.serviceContainer.accountService);
         this.generateCommand = new generate_command/* GenerateCommand */.p(this.serviceContainer.passwordGenerationService, this.serviceContainer.stateService);
         this.syncCommand = new sync_command/* SyncCommand */.b(this.serviceContainer.syncService);
         this.statusCommand = new status_command/* StatusCommand */.y(this.serviceContainer.environmentService, this.serviceContainer.syncService, this.serviceContainer.accountService, this.serviceContainer.authService);
-        this.deleteCommand = new delete_command/* DeleteCommand */.R(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.apiService, this.serviceContainer.folderApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.cipherAuthorizationService);
+        this.deleteCommand = new delete_command/* DeleteCommand */.R(this.serviceContainer.cipherService, this.serviceContainer.folderService, this.serviceContainer.apiService, this.serviceContainer.folderApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.cipherAuthorizationService, this.serviceContainer.accountService);
         this.confirmCommand = new confirm_command/* ConfirmCommand */.u(this.serviceContainer.apiService, this.serviceContainer.keyService, this.serviceContainer.encryptService, this.serviceContainer.organizationUserApiService);
         this.restoreCommand = new restore_command/* RestoreCommand */.G(this.serviceContainer.cipherService);
         this.shareCommand = new share_command/* ShareCommand */.j(this.serviceContainer.cipherService, this.serviceContainer.accountService);
         this.lockCommand = new lock_command/* LockCommand */.z(this.serviceContainer.vaultTimeoutService);
         this.unlockCommand = new unlock_command/* UnlockCommand */.o(this.serviceContainer.accountService, this.serviceContainer.masterPasswordService, this.serviceContainer.keyService, this.serviceContainer.userVerificationService, this.serviceContainer.cryptoFunctionService, this.serviceContainer.logService, this.serviceContainer.keyConnectorService, this.serviceContainer.environmentService, this.serviceContainer.syncService, this.serviceContainer.organizationApiService, () => __awaiter(this, void 0, void 0, function* () { return yield this.serviceContainer.logout(); }));
-        this.sendCreateCommand = new commands/* SendCreateCommand */.QR(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService);
+        this.sendCreateCommand = new commands/* SendCreateCommand */.QR(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.accountService);
         this.sendDeleteCommand = new commands/* SendDeleteCommand */.Rg(this.serviceContainer.sendService, this.serviceContainer.sendApiService);
         this.sendGetCommand = new commands/* SendGetCommand */.MA(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.searchService, this.serviceContainer.encryptService, this.serviceContainer.apiService);
-        this.sendEditCommand = new commands/* SendEditCommand */._s(this.serviceContainer.sendService, this.sendGetCommand, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService);
+        this.sendEditCommand = new commands/* SendEditCommand */._s(this.serviceContainer.sendService, this.sendGetCommand, this.serviceContainer.sendApiService, this.serviceContainer.billingAccountProfileStateService, this.serviceContainer.accountService);
         this.sendListCommand = new commands/* SendListCommand */.eK(this.serviceContainer.sendService, this.serviceContainer.environmentService, this.serviceContainer.searchService);
         this.sendRemovePasswordCommand = new commands/* SendRemovePasswordCommand */.Vx(this.serviceContainer.sendService, this.serviceContainer.sendApiService, this.serviceContainer.environmentService);
     }
@@ -14007,6 +14073,8 @@ var login_email_service_awaiter = (undefined && undefined.__awaiter) || function
 // @ts-strict-ignore
 
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
 const LOGIN_EMAIL = new state/* KeyDefinition */.Zs(state/* LOGIN_EMAIL_MEMORY */.jB, "loginEmail", {
     deserializer: (value) => value,
@@ -14093,8 +14161,8 @@ class PreloginRequest {
 var error_response = __webpack_require__(6057);
 // EXTERNAL MODULE: ../../libs/common/src/platform/scheduling/index.ts + 2 modules
 var scheduling = __webpack_require__(7143);
-// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 17 modules
-var src = __webpack_require__(8614);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
 // EXTERNAL MODULE: ../../libs/common/src/auth/models/request/identity-token/device.request.ts
 var device_request = __webpack_require__(5961);
 // EXTERNAL MODULE: ../../libs/common/src/auth/models/request/identity-token/token.request.ts
@@ -14532,8 +14600,8 @@ class AuthRequestLoginStrategy extends LoginStrategy {
 
 // EXTERNAL MODULE: ../../libs/common/src/admin-console/models/domain/master-password-policy-options.ts
 var master_password_policy_options = __webpack_require__(9021);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var platform_enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var platform_enums = __webpack_require__(5874);
 ;// ../../libs/auth/src/common/login-strategies/password-login.strategy.ts
 var password_login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -16815,12 +16883,14 @@ class OrganizationApiService {
     }
     updatePasswordManagerSeats(id, request) {
         return __awaiter(this, void 0, void 0, function* () {
-            return this.apiService.send("POST", "/organizations/" + id + "/subscription", request, true, false);
+            const r = yield this.apiService.send("POST", "/organizations/" + id + "/subscription", request, true, true);
+            return new profile_organization_response/* ProfileOrganizationResponse */.C(r);
         });
     }
     updateSecretsManagerSubscription(id, request) {
         return __awaiter(this, void 0, void 0, function* () {
-            return this.apiService.send("POST", "/organizations/" + id + "/sm-subscription", request, true, false);
+            const r = yield this.apiService.send("POST", "/organizations/" + id + "/sm-subscription", request, true, true);
+            return new profile_organization_response/* ProfileOrganizationResponse */.C(r);
         });
     }
     updateSeats(id, request) {
@@ -18785,8 +18855,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 // EXTERNAL MODULE: ../../libs/common/src/platform/models/domain/enc-string.ts
 var enc_string = __webpack_require__(6505);
 // EXTERNAL MODULE: ../../libs/common/src/platform/models/domain/symmetric-crypto-key.ts
@@ -19086,6 +19156,8 @@ class DeviceResponse extends base_response/* BaseResponse */.r {
         this.type = this.getResponseProperty("Type");
         this.creationDate = this.getResponseProperty("CreationDate");
         this.revisionDate = this.getResponseProperty("RevisionDate");
+        this.isTrusted = this.getResponseProperty("IsTrusted");
+        this.devicePendingAuthRequest = this.getResponseProperty("DevicePendingAuthRequest");
     }
 }
 
@@ -19191,6 +19263,11 @@ class DevicesApiServiceImplementation {
             });
         });
     }
+    deactivateDevice(deviceId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.apiService.send("POST", `/devices/${deviceId}/deactivate`, null, true, false);
+        });
+    }
 }
 
 
@@ -19209,8 +19286,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
-// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 17 modules
-var src = __webpack_require__(8614);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
 // EXTERNAL MODULE: ../../libs/common/src/admin-console/enums/index.ts + 10 modules
 var enums = __webpack_require__(2887);
 // EXTERNAL MODULE: ../../libs/common/src/models/request/keys.request.ts
@@ -19406,7 +19483,7 @@ class KeyConnectorService {
 /* harmony export */ });
 /* harmony import */ var rxjs__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(573);
 /* harmony import */ var rxjs__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(rxjs__WEBPACK_IMPORTED_MODULE_0__);
-/* harmony import */ var _platform_enums__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6425);
+/* harmony import */ var _platform_enums__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(5874);
 /* harmony import */ var _platform_models_domain_enc_string__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(6505);
 /* harmony import */ var _platform_models_domain_symmetric_crypto_key__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(7310);
 /* harmony import */ var _platform_state__WEBPACK_IMPORTED_MODULE_4__ = __webpack_require__(1068);
@@ -19567,11 +19644,11 @@ class MasterPasswordService {
             }
             let decUserKey;
             if (userKey.encryptionType === _platform_enums__WEBPACK_IMPORTED_MODULE_1__/* .EncryptionType */ .Qd.AesCbc256_B64) {
-                decUserKey = yield this.encryptService.decryptToBytes(userKey, masterKey);
+                decUserKey = yield this.encryptService.decryptToBytes(userKey, masterKey, "Content: User Key; Encrypting Key: Master Key");
             }
             else if (userKey.encryptionType === _platform_enums__WEBPACK_IMPORTED_MODULE_1__/* .EncryptionType */ .Qd.AesCbc256_HmacSha256_B64) {
                 const newKey = yield this.keyGenerationService.stretchKey(masterKey);
-                decUserKey = yield this.encryptService.decryptToBytes(userKey, newKey);
+                decUserKey = yield this.encryptService.decryptToBytes(userKey, newKey, "Content: User Key; Encrypting Key: Stretched Master Key");
             }
             else {
                 throw new Error("Unsupported encryption type.");
@@ -19605,8 +19682,8 @@ var external_rxjs_ = __webpack_require__(573);
 var common = __webpack_require__(4025);
 // EXTERNAL MODULE: ../../libs/common/src/enums/vault-timeout-action.enum.ts
 var vault_timeout_action_enum = __webpack_require__(2572);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 // EXTERNAL MODULE: ../../libs/common/src/platform/misc/utils.ts + 2 modules
 var utils = __webpack_require__(6948);
 // EXTERNAL MODULE: ../../libs/common/src/platform/models/domain/enc-string.ts
@@ -20714,10 +20791,10 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/key-suffix-options.enum.ts
-var key_suffix_options_enum = __webpack_require__(9377);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 // EXTERNAL MODULE: ../../libs/common/src/auth/enums/verification-type.ts
 var verification_type = __webpack_require__(6745);
 // EXTERNAL MODULE: ../../libs/common/src/auth/models/request/secret-verification.request.ts
@@ -20758,7 +20835,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
  * Use it to verify the input collected by UserVerificationComponent.
  */
 class UserVerificationService {
-    constructor(keyService, accountService, masterPasswordService, i18nService, userVerificationApiService, userDecryptionOptionsService, pinService, logService, vaultTimeoutSettingsService, platformUtilsService, kdfConfigService) {
+    constructor(keyService, accountService, masterPasswordService, i18nService, userVerificationApiService, userDecryptionOptionsService, pinService, kdfConfigService, biometricsService) {
         this.keyService = keyService;
         this.accountService = accountService;
         this.masterPasswordService = masterPasswordService;
@@ -20766,21 +20843,18 @@ class UserVerificationService {
         this.userVerificationApiService = userVerificationApiService;
         this.userDecryptionOptionsService = userDecryptionOptionsService;
         this.pinService = pinService;
-        this.logService = logService;
-        this.vaultTimeoutSettingsService = vaultTimeoutSettingsService;
-        this.platformUtilsService = platformUtilsService;
         this.kdfConfigService = kdfConfigService;
+        this.biometricsService = biometricsService;
     }
     getAvailableVerificationOptions(verificationType) {
         return __awaiter(this, void 0, void 0, function* () {
             var _a;
             const userId = (_a = (yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$))) === null || _a === void 0 ? void 0 : _a.id;
             if (verificationType === "client") {
-                const [userHasMasterPassword, isPinDecryptionAvailable, biometricsLockSet, biometricsUserKeyStored,] = yield Promise.all([
+                const [userHasMasterPassword, isPinDecryptionAvailable, biometricsStatus] = yield Promise.all([
                     this.hasMasterPasswordAndMasterKeyHash(userId),
                     this.pinService.isPinDecryptionAvailable(userId),
-                    this.vaultTimeoutSettingsService.isBiometricLockSet(userId),
-                    this.keyService.hasUserKeyStored(key_suffix_options_enum/* KeySuffixOptions */.h.Biometric, userId),
+                    this.biometricsService.getBiometricsStatus(),
                 ]);
                 // note: we do not need to check this.platformUtilsService.supportsBiometric() because
                 // we can just use the logic below which works for both desktop & the browser extension.
@@ -20788,8 +20862,7 @@ class UserVerificationService {
                     client: {
                         masterPassword: userHasMasterPassword,
                         pin: isPinDecryptionAvailable,
-                        biometrics: biometricsLockSet &&
-                            (biometricsUserKeyStored || !this.platformUtilsService.supportsSecureStorage()),
+                        biometrics: biometricsStatus === src/* BiometricsStatus */.cR.Available,
                     },
                     server: {
                         masterPassword: false,
@@ -20931,17 +21004,7 @@ class UserVerificationService {
     }
     verifyUserByBiometrics() {
         return __awaiter(this, void 0, void 0, function* () {
-            let userKey;
-            // Biometrics crashes and doesn't return a value if the user cancels the prompt
-            try {
-                userKey = yield this.keyService.getUserKeyFromStorage(key_suffix_options_enum/* KeySuffixOptions */.h.Biometric);
-            }
-            catch (e) {
-                this.logService.error(`Biometrics User Verification failed: ${e.message}`);
-                // So, any failures should be treated as a failed verification
-                return false;
-            }
-            return userKey != null;
+            return this.biometricsService.authenticateWithBiometrics();
         });
     }
     requestOTP() {
@@ -21277,9 +21340,10 @@ class AutofillSettingsService {
 /* unused harmony export DomainSettingsService */
 /* harmony import */ var rxjs__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(573);
 /* harmony import */ var rxjs__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(rxjs__WEBPACK_IMPORTED_MODULE_0__);
-/* harmony import */ var _models_domain_domain_service__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(3037);
-/* harmony import */ var _platform_misc_utils__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(6948);
-/* harmony import */ var _platform_state__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(1068);
+/* harmony import */ var _bitwarden_common_enums_feature_flag_enum__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(3176);
+/* harmony import */ var _models_domain_domain_service__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(3037);
+/* harmony import */ var _platform_misc_utils__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(6948);
+/* harmony import */ var _platform_state__WEBPACK_IMPORTED_MODULE_4__ = __webpack_require__(1068);
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -21295,33 +21359,48 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 
-const SHOW_FAVICONS = new _platform_state__WEBPACK_IMPORTED_MODULE_3__/* .KeyDefinition */ .Zs(_platform_state__WEBPACK_IMPORTED_MODULE_3__/* .DOMAIN_SETTINGS_DISK */ .XH, "showFavicons", {
+
+const SHOW_FAVICONS = new _platform_state__WEBPACK_IMPORTED_MODULE_4__/* .KeyDefinition */ .Zs(_platform_state__WEBPACK_IMPORTED_MODULE_4__/* .DOMAIN_SETTINGS_DISK */ .XH, "showFavicons", {
     deserializer: (value) => value !== null && value !== void 0 ? value : true,
 });
-const NEVER_DOMAINS = new _platform_state__WEBPACK_IMPORTED_MODULE_3__/* .KeyDefinition */ .Zs(_platform_state__WEBPACK_IMPORTED_MODULE_3__/* .DOMAIN_SETTINGS_DISK */ .XH, "neverDomains", {
+// Domain exclusion list for notifications
+const NEVER_DOMAINS = new _platform_state__WEBPACK_IMPORTED_MODULE_4__/* .KeyDefinition */ .Zs(_platform_state__WEBPACK_IMPORTED_MODULE_4__/* .DOMAIN_SETTINGS_DISK */ .XH, "neverDomains", {
     deserializer: (value) => value !== null && value !== void 0 ? value : null,
 });
-const EQUIVALENT_DOMAINS = new _platform_state__WEBPACK_IMPORTED_MODULE_3__/* .UserKeyDefinition */ .Ok(_platform_state__WEBPACK_IMPORTED_MODULE_3__/* .DOMAIN_SETTINGS_DISK */ .XH, "equivalentDomains", {
+// Domain exclusion list for content script injections
+const BLOCKED_INTERACTIONS_URIS = new _platform_state__WEBPACK_IMPORTED_MODULE_4__/* .KeyDefinition */ .Zs(_platform_state__WEBPACK_IMPORTED_MODULE_4__/* .DOMAIN_SETTINGS_DISK */ .XH, "blockedInteractionsUris", {
+    deserializer: (value) => value !== null && value !== void 0 ? value : {},
+});
+const EQUIVALENT_DOMAINS = new _platform_state__WEBPACK_IMPORTED_MODULE_4__/* .UserKeyDefinition */ .Ok(_platform_state__WEBPACK_IMPORTED_MODULE_4__/* .DOMAIN_SETTINGS_DISK */ .XH, "equivalentDomains", {
     deserializer: (value) => value !== null && value !== void 0 ? value : null,
     clearOn: ["logout"],
 });
-const DEFAULT_URI_MATCH_STRATEGY = new _platform_state__WEBPACK_IMPORTED_MODULE_3__/* .UserKeyDefinition */ .Ok(_platform_state__WEBPACK_IMPORTED_MODULE_3__/* .DOMAIN_SETTINGS_DISK */ .XH, "defaultUriMatchStrategy", {
-    deserializer: (value) => value !== null && value !== void 0 ? value : _models_domain_domain_service__WEBPACK_IMPORTED_MODULE_1__/* .UriMatchStrategy */ .L.Domain,
+const DEFAULT_URI_MATCH_STRATEGY = new _platform_state__WEBPACK_IMPORTED_MODULE_4__/* .UserKeyDefinition */ .Ok(_platform_state__WEBPACK_IMPORTED_MODULE_4__/* .DOMAIN_SETTINGS_DISK */ .XH, "defaultUriMatchStrategy", {
+    deserializer: (value) => value !== null && value !== void 0 ? value : _models_domain_domain_service__WEBPACK_IMPORTED_MODULE_2__/* .UriMatchStrategy */ .L.Domain,
     clearOn: [],
 });
+/**
+ * The Domain Settings service; provides client settings state for "active client view" URI concerns
+ */
 class DomainSettingsService {
 }
 class DefaultDomainSettingsService {
-    constructor(stateProvider) {
+    constructor(stateProvider, configService) {
         this.stateProvider = stateProvider;
+        this.configService = configService;
         this.showFaviconsState = this.stateProvider.getGlobal(SHOW_FAVICONS);
         this.showFavicons$ = this.showFaviconsState.state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((x) => x !== null && x !== void 0 ? x : true));
         this.neverDomainsState = this.stateProvider.getGlobal(NEVER_DOMAINS);
         this.neverDomains$ = this.neverDomainsState.state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((x) => x !== null && x !== void 0 ? x : null));
+        // Needs to be global to prevent pre-login injections
+        this.blockedInteractionsUrisState = this.stateProvider.getGlobal(BLOCKED_INTERACTIONS_URIS);
+        this.blockedInteractionsUris$ = this.configService
+            .getFeatureFlag$(_bitwarden_common_enums_feature_flag_enum__WEBPACK_IMPORTED_MODULE_1__/* .FeatureFlag */ .T.BlockBrowserInjectionsByDomain)
+            .pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.switchMap)((featureIsEnabled) => featureIsEnabled ? this.blockedInteractionsUrisState.state$ : (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.of)({})), (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((disabledUris) => (Object.keys(disabledUris).length ? disabledUris : {})));
         this.equivalentDomainsState = this.stateProvider.getActive(EQUIVALENT_DOMAINS);
         this.equivalentDomains$ = this.equivalentDomainsState.state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((x) => x !== null && x !== void 0 ? x : null));
         this.defaultUriMatchStrategyState = this.stateProvider.getActive(DEFAULT_URI_MATCH_STRATEGY);
-        this.defaultUriMatchStrategy$ = this.defaultUriMatchStrategyState.state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((x) => x !== null && x !== void 0 ? x : _models_domain_domain_service__WEBPACK_IMPORTED_MODULE_1__/* .UriMatchStrategy */ .L.Domain));
+        this.defaultUriMatchStrategy$ = this.defaultUriMatchStrategyState.state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((x) => x !== null && x !== void 0 ? x : _models_domain_domain_service__WEBPACK_IMPORTED_MODULE_2__/* .UriMatchStrategy */ .L.Domain));
     }
     setShowFavicons(newValue) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -21333,6 +21412,11 @@ class DefaultDomainSettingsService {
             yield this.neverDomainsState.update(() => newValue);
         });
     }
+    setBlockedInteractionsUris(newValue) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.blockedInteractionsUrisState.update(() => newValue);
+        });
+    }
     setEquivalentDomains(newValue, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.stateProvider.getUser(userId, EQUIVALENT_DOMAINS).update(() => newValue);
@@ -21345,7 +21429,7 @@ class DefaultDomainSettingsService {
     }
     getUrlEquivalentDomains(url) {
         const domains$ = this.equivalentDomains$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((equivalentDomains) => {
-            const domain = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_2__/* .Utils */ .A.getDomain(url);
+            const domain = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_3__/* .Utils */ .A.getDomain(url);
             if (domain == null || equivalentDomains == null) {
                 return new Set();
             }
@@ -21367,8 +21451,6 @@ class DefaultDomainSettingsService {
 /* harmony export */ });
 /* unused harmony exports isCardExpired, parseYearMonthExpiry */
 /* harmony import */ var _bitwarden_common_autofill_constants__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(5396);
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 
 /**
  * Takes a string or number value and returns a string value formatted as a valid 4-digit year
@@ -21382,10 +21464,10 @@ function normalizeExpiryYearFormat(yearInput) {
     const yearInputIsEmpty = yearInput == null || yearInput === "";
     let expirationYear = yearInputIsEmpty ? null : `${yearInput}`;
     // Exit early if year is already formatted correctly or empty
-    if (yearInputIsEmpty || /^[1-9]{1}\d{3}$/.test(expirationYear)) {
+    if (yearInputIsEmpty || (expirationYear && /^[1-9]{1}\d{3}$/.test(expirationYear))) {
         return expirationYear;
     }
-    expirationYear = expirationYear
+    expirationYear = (expirationYear || "")
         // For safety, because even input[type="number"] will allow decimals
         .replace(/[^\d]/g, "")
         // remove any leading zero padding (leave the last leading zero if it ends the string)
@@ -21404,7 +21486,7 @@ function normalizeExpiryYearFormat(yearInput) {
 }
 /**
  * Takes a cipher card view and returns "true" if the month and year affirmativey indicate
- * the card is expired.
+ * the card is expired. Uncertain cases return "false".
  *
  * @param {CardView} cipherCard
  * @return {*}  {boolean}
@@ -21412,21 +21494,31 @@ function normalizeExpiryYearFormat(yearInput) {
 function isCardExpired(cipherCard) {
     if (cipherCard) {
         const { expMonth = null, expYear = null } = cipherCard;
+        if (!expYear) {
+            return false;
+        }
         const now = new Date();
         const normalizedYear = normalizeExpiryYearFormat(expYear);
-        // If the card year is before the current year, don't bother checking the month
-        if (normalizedYear && parseInt(normalizedYear, 10) < now.getFullYear()) {
+        const parsedYear = normalizedYear ? parseInt(normalizedYear, 10) : NaN;
+        const expiryYearIsBeforeCurrentYear = parsedYear < now.getFullYear();
+        const expiryYearIsAfterCurrentYear = parsedYear > now.getFullYear();
+        // If the expiry year is before the current year, skip checking the month, since it must be expired
+        if (normalizedYear && expiryYearIsBeforeCurrentYear) {
             return true;
         }
+        // If the expiry year is after the current year, skip checking the month, since it cannot be expired
+        if (normalizedYear && expiryYearIsAfterCurrentYear) {
+            return false;
+        }
         if (normalizedYear && expMonth) {
             const parsedMonthInteger = parseInt(expMonth, 10);
-            const parsedMonth = isNaN(parsedMonthInteger)
-                ? 0
-                : // Add a month floor of 0 to protect against an invalid low month value of "0" or negative integers
-                    Math.max(
-                    // `Date` months are zero-indexed
-                    parsedMonthInteger - 1, 0);
-            const parsedYear = parseInt(normalizedYear, 10);
+            const parsedMonthIsValid = parsedMonthInteger && !isNaN(parsedMonthInteger);
+            // If the parsed month value is 0, we don't know when the expiry passes this year, so do not treat it as expired
+            if (!parsedMonthIsValid) {
+                return false;
+            }
+            // `Date` months are zero-indexed
+            const parsedMonth = parsedMonthInteger - 1;
             // First day of the next month
             const cardExpiry = new Date(parsedYear, parsedMonth + 1, 1);
             return cardExpiry <= now;
@@ -21561,9 +21653,14 @@ function parseNonDelimitedYearMonthExpiry(dateInput) {
         parsedYear = dateInput.slice(0, 2);
         parsedMonth = dateInput.slice(-1);
         const currentYear = new Date().getFullYear();
-        const normalizedParsedYear = parseInt(normalizeExpiryYearFormat(parsedYear), 10);
-        const normalizedParsedYearAlternative = parseInt(normalizeExpiryYearFormat(dateInput.slice(-2)), 10);
-        if (normalizedParsedYear < currentYear && normalizedParsedYearAlternative >= currentYear) {
+        const normalizedYearFormat = normalizeExpiryYearFormat(parsedYear);
+        const normalizedParsedYear = normalizedYearFormat && parseInt(normalizedYearFormat, 10);
+        const normalizedExpiryYearFormat = normalizeExpiryYearFormat(dateInput.slice(-2));
+        const normalizedParsedYearAlternative = normalizedExpiryYearFormat && parseInt(normalizedExpiryYearFormat, 10);
+        if (normalizedParsedYear &&
+            normalizedParsedYear < currentYear &&
+            normalizedParsedYearAlternative &&
+            normalizedParsedYearAlternative >= currentYear) {
             parsedYear = dateInput.slice(-2);
             parsedMonth = dateInput.slice(0, 1);
         }
@@ -21588,16 +21685,20 @@ function parseYearMonthExpiry(combinedExpiryValue) {
     const sanitizedSecondPart = ((_b = dateParts[1]) === null || _b === void 0 ? void 0 : _b.replace(IrrelevantExpiryCharactersPatternExpression, "")) || "";
     // If there is only one date part, no delimiter was found in the passed value
     if (dateParts.length === 1) {
-        [parsedYear, parsedMonth] = parseNonDelimitedYearMonthExpiry(sanitizedFirstPart);
+        const [parsedNonDelimitedYear, parsedNonDelimitedMonth] = parseNonDelimitedYearMonthExpiry(sanitizedFirstPart);
+        parsedYear = parsedNonDelimitedYear;
+        parsedMonth = parsedNonDelimitedMonth;
     }
     // There are multiple date parts
     else {
-        [parsedYear, parsedMonth] = parseDelimitedYearMonthExpiry([
+        const [parsedDelimitedYear, parsedDelimitedMonth] = parseDelimitedYearMonthExpiry([
             sanitizedFirstPart,
             sanitizedSecondPart,
         ]);
+        parsedYear = parsedDelimitedYear;
+        parsedMonth = parsedDelimitedMonth;
     }
-    const normalizedParsedYear = normalizeExpiryYearFormat(parsedYear);
+    const normalizedParsedYear = parsedYear ? normalizeExpiryYearFormat(parsedYear) : null;
     const normalizedParsedMonth = parsedMonth === null || parsedMonth === void 0 ? void 0 : parsedMonth.replace(/^0+/, "").slice(0, 2);
     // Set "empty" values to null
     parsedYear = (normalizedParsedYear === null || normalizedParsedYear === void 0 ? void 0 : normalizedParsedYear.length) ? normalizedParsedYear : null;
@@ -21945,18 +22046,26 @@ const BILLING_ACCOUNT_PROFILE_KEY_DEFINITION = new _platform_state__WEBPACK_IMPO
     clearOn: ["logout"],
 });
 class DefaultBillingAccountProfileStateService {
-    constructor(stateProvider) {
+    constructor(stateProvider, platformUtilsService, apiService) {
         this.stateProvider = stateProvider;
-        this.billingAccountProfileState = stateProvider.getActive(BILLING_ACCOUNT_PROFILE_KEY_DEFINITION);
-        // Setup an observable that will always track the currently active user
-        // but will fallback to emitting null when there is no active user.
-        const billingAccountProfileOrNull = stateProvider.activeUserId$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.switchMap)((userId) => userId != null
-            ? stateProvider.getUser(userId, BILLING_ACCOUNT_PROFILE_KEY_DEFINITION).state$
-            : (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.of)(null)));
-        this.hasPremiumFromAnyOrganization$ = billingAccountProfileOrNull.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((billingAccountProfile) => !!(billingAccountProfile === null || billingAccountProfile === void 0 ? void 0 : billingAccountProfile.hasPremiumFromAnyOrganization)));
-        this.hasPremiumPersonally$ = billingAccountProfileOrNull.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((billingAccountProfile) => !!(billingAccountProfile === null || billingAccountProfile === void 0 ? void 0 : billingAccountProfile.hasPremiumPersonally)));
-        this.hasPremiumFromAnySource$ = billingAccountProfileOrNull.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((billingAccountProfile) => (billingAccountProfile === null || billingAccountProfile === void 0 ? void 0 : billingAccountProfile.hasPremiumFromAnyOrganization) === true ||
-            (billingAccountProfile === null || billingAccountProfile === void 0 ? void 0 : billingAccountProfile.hasPremiumPersonally) === true));
+        this.platformUtilsService = platformUtilsService;
+        this.apiService = apiService;
+    }
+    hasPremiumFromAnyOrganization$(userId) {
+        return this.stateProvider
+            .getUser(userId, BILLING_ACCOUNT_PROFILE_KEY_DEFINITION)
+            .state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((profile) => !!(profile === null || profile === void 0 ? void 0 : profile.hasPremiumFromAnyOrganization)));
+    }
+    hasPremiumPersonally$(userId) {
+        return this.stateProvider
+            .getUser(userId, BILLING_ACCOUNT_PROFILE_KEY_DEFINITION)
+            .state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((profile) => !!(profile === null || profile === void 0 ? void 0 : profile.hasPremiumPersonally)));
+    }
+    hasPremiumFromAnySource$(userId) {
+        return this.stateProvider
+            .getUser(userId, BILLING_ACCOUNT_PROFILE_KEY_DEFINITION)
+            .state$.pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.map)((profile) => (profile === null || profile === void 0 ? void 0 : profile.hasPremiumFromAnyOrganization) === true ||
+            (profile === null || profile === void 0 ? void 0 : profile.hasPremiumPersonally) === true));
     }
     setHasPremium(hasPremiumPersonally, hasPremiumFromAnyOrganization, userId) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -21968,6 +22077,20 @@ class DefaultBillingAccountProfileStateService {
             });
         });
     }
+    canViewSubscription$(userId) {
+        return (0,rxjs__WEBPACK_IMPORTED_MODULE_0__.combineLatest)([
+            this.hasPremiumPersonally$(userId),
+            this.hasPremiumFromAnyOrganization$(userId),
+        ]).pipe((0,rxjs__WEBPACK_IMPORTED_MODULE_0__.concatMap)((_a) => __awaiter(this, [_a], void 0, function* ([hasPremiumPersonally, hasPremiumFromOrg]) {
+            const isCloud = !this.platformUtilsService.isSelfHost();
+            let billing = null;
+            if (isCloud) {
+                billing = yield this.apiService.getUserBillingHistory();
+            }
+            const cloudAndBillingHistory = isCloud && !(billing === null || billing === void 0 ? void 0 : billing.hasNoHistory);
+            return hasPremiumPersonally || !hasPremiumFromOrg || cloudAndBillingHistory;
+        })));
+    }
 }
 
 
@@ -21977,9 +22100,9 @@ class DefaultBillingAccountProfileStateService {
 /***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
 
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
-/* harmony export */   bq: () => (/* binding */ DeviceType)
+/* harmony export */   b: () => (/* binding */ DeviceType)
 /* harmony export */ });
-/* unused harmony exports MobileDeviceTypes, DesktopDeviceTypes */
+/* unused harmony export DeviceTypeMetadata */
 var DeviceType;
 (function (DeviceType) {
     DeviceType[DeviceType["Android"] = 0] = "Android";
@@ -22009,20 +22132,34 @@ var DeviceType;
     DeviceType[DeviceType["MacOsCLI"] = 24] = "MacOsCLI";
     DeviceType[DeviceType["LinuxCLI"] = 25] = "LinuxCLI";
 })(DeviceType || (DeviceType = {}));
-const MobileDeviceTypes = new Set([
-    DeviceType.Android,
-    DeviceType.iOS,
-    DeviceType.AndroidAmazon,
-]);
-const DesktopDeviceTypes = new Set([
-    DeviceType.WindowsDesktop,
-    DeviceType.MacOsDesktop,
-    DeviceType.LinuxDesktop,
-    DeviceType.UWP,
-    DeviceType.WindowsCLI,
-    DeviceType.MacOsCLI,
-    DeviceType.LinuxCLI,
-]);
+const DeviceTypeMetadata = {
+    [DeviceType.Android]: { category: "mobile", platform: "Android" },
+    [DeviceType.iOS]: { category: "mobile", platform: "iOS" },
+    [DeviceType.AndroidAmazon]: { category: "mobile", platform: "Amazon" },
+    [DeviceType.ChromeExtension]: { category: "extension", platform: "Chrome" },
+    [DeviceType.FirefoxExtension]: { category: "extension", platform: "Firefox" },
+    [DeviceType.OperaExtension]: { category: "extension", platform: "Opera" },
+    [DeviceType.EdgeExtension]: { category: "extension", platform: "Edge" },
+    [DeviceType.VivaldiExtension]: { category: "extension", platform: "Vivaldi" },
+    [DeviceType.SafariExtension]: { category: "extension", platform: "Safari" },
+    [DeviceType.ChromeBrowser]: { category: "webVault", platform: "Chrome" },
+    [DeviceType.FirefoxBrowser]: { category: "webVault", platform: "Firefox" },
+    [DeviceType.OperaBrowser]: { category: "webVault", platform: "Opera" },
+    [DeviceType.EdgeBrowser]: { category: "webVault", platform: "Edge" },
+    [DeviceType.IEBrowser]: { category: "webVault", platform: "IE" },
+    [DeviceType.SafariBrowser]: { category: "webVault", platform: "Safari" },
+    [DeviceType.VivaldiBrowser]: { category: "webVault", platform: "Vivaldi" },
+    [DeviceType.UnknownBrowser]: { category: "webVault", platform: "Unknown" },
+    [DeviceType.WindowsDesktop]: { category: "desktop", platform: "Windows" },
+    [DeviceType.MacOsDesktop]: { category: "desktop", platform: "macOS" },
+    [DeviceType.LinuxDesktop]: { category: "desktop", platform: "Linux" },
+    [DeviceType.UWP]: { category: "desktop", platform: "Windows UWP" },
+    [DeviceType.WindowsCLI]: { category: "cli", platform: "Windows" },
+    [DeviceType.MacOsCLI]: { category: "cli", platform: "macOS" },
+    [DeviceType.LinuxCLI]: { category: "cli", platform: "Linux" },
+    [DeviceType.SDK]: { category: "sdk", platform: "" },
+    [DeviceType.Server]: { category: "server", platform: "" },
+};
 
 
 /***/ }),
@@ -22064,6 +22201,7 @@ var FeatureFlag;
     FeatureFlag["SSHKeyVaultItem"] = "ssh-key-vault-item";
     FeatureFlag["SSHAgent"] = "ssh-agent";
     FeatureFlag["NotificationBarAddLoginImprovements"] = "notification-bar-add-login-improvements";
+    FeatureFlag["BlockBrowserInjectionsByDomain"] = "block-browser-injections-by-domain";
     FeatureFlag["AC2476_DeprecateStripeSourcesAPI"] = "AC-2476-deprecate-stripe-sources-api";
     FeatureFlag["CipherKeyEncryption"] = "cipher-key-encryption";
     FeatureFlag["VerifiedSsoDomainEndpoint"] = "pm-12337-refactor-sso-details-endpoint";
@@ -22080,6 +22218,7 @@ var FeatureFlag;
     FeatureFlag["PM11360RemoveProviderExportPermission"] = "pm-11360-remove-provider-export-permission";
     FeatureFlag["PM12443RemovePagingLogic"] = "pm-12443-remove-paging-logic";
     FeatureFlag["PrivateKeyRegeneration"] = "pm-12241-private-key-regeneration";
+    FeatureFlag["ResellerManagedOrgAlert"] = "PM-15814-alert-owners-of-reseller-managed-orgs";
 })(FeatureFlag || (FeatureFlag = {}));
 // Helper to ensure the value is treated as a boolean.
 const FALSE = false;
@@ -22113,6 +22252,7 @@ const DefaultFeatureFlagValue = {
     [FeatureFlag.SSHKeyVaultItem]: FALSE,
     [FeatureFlag.SSHAgent]: FALSE,
     [FeatureFlag.NotificationBarAddLoginImprovements]: FALSE,
+    [FeatureFlag.BlockBrowserInjectionsByDomain]: FALSE,
     [FeatureFlag.AC2476_DeprecateStripeSourcesAPI]: FALSE,
     [FeatureFlag.CipherKeyEncryption]: FALSE,
     [FeatureFlag.VerifiedSsoDomainEndpoint]: FALSE,
@@ -22129,6 +22269,7 @@ const DefaultFeatureFlagValue = {
     [FeatureFlag.PM11360RemoveProviderExportPermission]: FALSE,
     [FeatureFlag.PM12443RemovePagingLogic]: FALSE,
     [FeatureFlag.PrivateKeyRegeneration]: FALSE,
+    [FeatureFlag.ResellerManagedOrgAlert]: FALSE,
 };
 
 
@@ -22141,12 +22282,12 @@ const DefaultFeatureFlagValue = {
 // EXPORTS
 __webpack_require__.d(__webpack_exports__, {
   sK: () => (/* reexport */ ClientType),
-  bq: () => (/* reexport */ device_type_enum/* DeviceType */.bq),
+  bq: () => (/* reexport */ device_type_enum/* DeviceType */.b),
   Bx: () => (/* reexport */ EventType),
   kG: () => (/* reexport */ HttpStatusCode)
 });
 
-// UNUSED EXPORTS: DesktopDeviceTypes, EventSystemUser, IntegrationType, MobileDeviceTypes, NativeMessagingVersion, NotificationType
+// UNUSED EXPORTS: DeviceTypeMetadata, EventSystemUser, IntegrationType, NativeMessagingVersion, NotificationType
 
 ;// ../../libs/common/src/enums/client-type.enum.ts
 var ClientType;
@@ -22630,6 +22771,7 @@ var NotificationType;
     NotificationType[NotificationType["AuthRequestResponse"] = 16] = "AuthRequestResponse";
     NotificationType[NotificationType["SyncOrganizations"] = 17] = "SyncOrganizations";
     NotificationType[NotificationType["SyncOrganizationStatusChanged"] = 18] = "SyncOrganizationStatusChanged";
+    NotificationType[NotificationType["SyncOrganizationCollectionSettingChanged"] = 19] = "SyncOrganizationCollectionSettingChanged";
 })(NotificationType || (NotificationType = {}));
 
 ;// ../../libs/common/src/enums/index.ts
@@ -24007,7 +24149,7 @@ class AbstractStorageService {
 
 /***/ }),
 
-/***/ 6425:
+/***/ 5874:
 /***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
 
 
@@ -24018,7 +24160,7 @@ __webpack_require__.d(__webpack_exports__, {
   K9: () => (/* reexport */ FileUploadType),
   VK: () => (/* reexport */ HashPurpose),
   EO: () => (/* reexport */ HtmlStorageLocation),
-  hq: () => (/* reexport */ key_suffix_options_enum/* KeySuffixOptions */.h),
+  hq: () => (/* reexport */ KeySuffixOptions),
   xk: () => (/* reexport */ log_level_type_enum/* LogLevelType */.x),
   $B: () => (/* reexport */ StorageLocation),
   QX: () => (/* reexport */ encryptionTypeToString)
@@ -24092,8 +24234,13 @@ var HtmlStorageLocation;
     HtmlStorageLocation["Session"] = "session";
 })(HtmlStorageLocation || (HtmlStorageLocation = {}));
 
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/key-suffix-options.enum.ts
-var key_suffix_options_enum = __webpack_require__(9377);
+;// ../../libs/common/src/platform/enums/key-suffix-options.enum.ts
+var KeySuffixOptions;
+(function (KeySuffixOptions) {
+    KeySuffixOptions["Auto"] = "auto";
+    KeySuffixOptions["Pin"] = "pin";
+})(KeySuffixOptions || (KeySuffixOptions = {}));
+
 // EXTERNAL MODULE: ../../libs/common/src/platform/enums/log-level-type.enum.ts
 var log_level_type_enum = __webpack_require__(8357);
 ;// ../../libs/common/src/platform/enums/storage-location.enum.ts
@@ -24135,22 +24282,6 @@ const ThemeTypes = {
 
 
 
-/***/ }),
-
-/***/ 9377:
-/***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
-
-/* harmony export */ __webpack_require__.d(__webpack_exports__, {
-/* harmony export */   h: () => (/* binding */ KeySuffixOptions)
-/* harmony export */ });
-var KeySuffixOptions;
-(function (KeySuffixOptions) {
-    KeySuffixOptions["Auto"] = "auto";
-    KeySuffixOptions["Biometric"] = "biometric";
-    KeySuffixOptions["Pin"] = "pin";
-})(KeySuffixOptions || (KeySuffixOptions = {}));
-
-
 /***/ }),
 
 /***/ 8357:
@@ -32932,7 +33063,7 @@ class Domain {
         }
     }
     decryptObj(viewModel_1, map_1, orgId_1) {
-        return __awaiter(this, arguments, void 0, function* (viewModel, map, orgId, key = null) {
+        return __awaiter(this, arguments, void 0, function* (viewModel, map, orgId, key = null, objectContext = "No Domain Context") {
             const promises = [];
             const self = this;
             for (const prop in map) {
@@ -32945,7 +33076,7 @@ class Domain {
                         .then(() => {
                         const mapProp = map[theProp] || theProp;
                         if (self[mapProp]) {
-                            return self[mapProp].decrypt(orgId, key);
+                            return self[mapProp].decrypt(orgId, key, `Property: ${prop}; ObjectContext: ${objectContext}`);
                         }
                         return null;
                     })
@@ -32972,11 +33103,11 @@ class Domain {
      * @returns An object with the requested properties decrypted and the rest of the domain object untouched.
      */
     decryptObjWithKey(encryptedProperties_1, key_1, encryptService_1) {
-        return __awaiter(this, arguments, void 0, function* (encryptedProperties, key, encryptService, _ = this.constructor) {
+        return __awaiter(this, arguments, void 0, function* (encryptedProperties, key, encryptService, _ = this.constructor, objectContext = "No Domain Context") {
             const promises = [];
             for (const prop of encryptedProperties) {
                 const value = this[prop];
-                promises.push(this.decryptProperty(prop, value, key, encryptService));
+                promises.push(this.decryptProperty(prop, value, key, encryptService, `Property: ${prop.toString()}; ObjectContext: ${objectContext}`));
             }
             const decryptedObjects = yield Promise.all(promises);
             const decryptedObject = decryptedObjects.reduce((acc, obj) => {
@@ -32985,11 +33116,11 @@ class Domain {
             return decryptedObject;
         });
     }
-    decryptProperty(propertyKey, value, key, encryptService) {
+    decryptProperty(propertyKey, value, key, encryptService, decryptTrace) {
         return __awaiter(this, void 0, void 0, function* () {
             let decrypted = null;
             if (value) {
-                decrypted = yield value.decryptWithKey(key, encryptService);
+                decrypted = yield value.decryptWithKey(key, encryptService, decryptTrace);
             }
             else {
                 decrypted = null;
@@ -33011,7 +33142,7 @@ class Domain {
 /* harmony export */   q: () => (/* binding */ EncArrayBuffer)
 /* harmony export */ });
 /* harmony import */ var _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(6948);
-/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6425);
+/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(5874);
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -33092,7 +33223,7 @@ class EncArrayBuffer {
 /* harmony export */   k: () => (/* binding */ EncString)
 /* harmony export */ });
 /* unused harmony export DECRYPT_ERROR */
-/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(6425);
+/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(5874);
 /* harmony import */ var _misc_utils__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6948);
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -33219,21 +33350,21 @@ class EncString {
         return _enums__WEBPACK_IMPORTED_MODULE_0__/* .EXPECTED_NUM_PARTS_BY_ENCRYPTION_TYPE */ .iS[encType] === encPieces.length;
     }
     decrypt(orgId_1) {
-        return __awaiter(this, arguments, void 0, function* (orgId, key = null) {
+        return __awaiter(this, arguments, void 0, function* (orgId, key = null, context) {
             if (this.decryptedValue != null) {
                 return this.decryptedValue;
             }
-            let keyContext = "provided-key";
+            let decryptTrace = "provided-key";
             try {
                 if (key == null) {
                     key = yield this.getKeyForDecryption(orgId);
-                    keyContext = orgId == null ? `domain-orgkey-${orgId}` : "domain-userkey|masterkey";
+                    decryptTrace = orgId == null ? `domain-orgkey-${orgId}` : "domain-userkey|masterkey";
                     if (orgId != null) {
-                        keyContext = `domain-orgkey-${orgId}`;
+                        decryptTrace = `domain-orgkey-${orgId}`;
                     }
                     else {
                         const cryptoService = _misc_utils__WEBPACK_IMPORTED_MODULE_1__/* .Utils */ .A.getContainerService().getKeyService();
-                        keyContext =
+                        decryptTrace =
                             (yield cryptoService.getUserKey()) == null
                                 ? "domain-withlegacysupport-masterkey"
                                 : "domain-withlegacysupport-userkey";
@@ -33243,7 +33374,7 @@ class EncString {
                     throw new Error("No key to decrypt EncString with orgId " + orgId);
                 }
                 const encryptService = _misc_utils__WEBPACK_IMPORTED_MODULE_1__/* .Utils */ .A.getContainerService().getEncryptService();
-                this.decryptedValue = yield encryptService.decryptToUtf8(this, key, keyContext);
+                this.decryptedValue = yield encryptService.decryptToUtf8(this, key, decryptTrace == null ? context : `${decryptTrace}${context || ""}`);
             }
             catch (e) {
                 this.decryptedValue = DECRYPT_ERROR;
@@ -33251,13 +33382,13 @@ class EncString {
             return this.decryptedValue;
         });
     }
-    decryptWithKey(key, encryptService) {
-        return __awaiter(this, void 0, void 0, function* () {
+    decryptWithKey(key_1, encryptService_1) {
+        return __awaiter(this, arguments, void 0, function* (key, encryptService, decryptTrace = "domain-withkey") {
             try {
                 if (key == null) {
                     throw new Error("No key to decrypt EncString");
                 }
-                this.decryptedValue = yield encryptService.decryptToUtf8(this, key, "domain-withkey");
+                this.decryptedValue = yield encryptService.decryptToUtf8(this, key, decryptTrace);
             }
             catch (e) {
                 this.decryptedValue = DECRYPT_ERROR;
@@ -33313,7 +33444,7 @@ class ServerSettings {
 /* harmony export */   e: () => (/* binding */ SymmetricCryptoKey)
 /* harmony export */ });
 /* harmony import */ var _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(6948);
-/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6425);
+/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(5874);
 
 
 class SymmetricCryptoKey {
@@ -33349,12 +33480,8 @@ class SymmetricCryptoKey {
         else {
             throw new Error("Unsupported encType/key length.");
         }
-        if (this.key != null) {
-            this.keyB64 = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__/* .Utils */ .A.fromBufferToB64(this.key);
-        }
-        if (this.encKey != null) {
-            this.encKeyB64 = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__/* .Utils */ .A.fromBufferToB64(this.encKey);
-        }
+        this.keyB64 = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__/* .Utils */ .A.fromBufferToB64(this.key);
+        this.encKeyB64 = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__/* .Utils */ .A.fromBufferToB64(this.encKey);
         if (this.macKey != null) {
             this.macKeyB64 = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__/* .Utils */ .A.fromBufferToB64(this.macKey);
         }
@@ -33835,10 +33962,6 @@ class DefaultConfigService {
         return this.serverConfig$.pipe((0,external_rxjs_.map)((serverConfig) => this.getFeatureFlagValue(serverConfig, key)));
     }
     getFeatureFlagValue(serverConfig, flag) {
-        // bodge the extension refresh flag since it's only partially removed
-        if (flag === "extension-refresh") {
-            return true;
-        }
         if ((serverConfig === null || serverConfig === void 0 ? void 0 : serverConfig.featureStates) == null || serverConfig.featureStates[flag] == null) {
             return feature_flag_enum/* DefaultFeatureFlagValue */.z[flag];
         }
@@ -34034,8 +34157,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: ../../libs/common/src/platform/misc/utils.ts + 2 modules
 var utils = __webpack_require__(6948);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 // EXTERNAL MODULE: ../../libs/common/src/platform/models/domain/enc-array-buffer.ts
 var enc_array_buffer = __webpack_require__(9230);
 // EXTERNAL MODULE: ../../libs/common/src/platform/models/domain/enc-string.ts
@@ -34138,7 +34261,7 @@ class EncryptServiceImplementation {
                 const computedMac = yield this.cryptoFunctionService.hmacFast(fastParams.macData, fastParams.macKey, "sha256");
                 const macsEqual = yield this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
                 if (!macsEqual) {
-                    this.logMacFailed("[Encrypt service] MAC comparison failed. Key or payload has changed. Key type " +
+                    this.logMacFailed("[Encrypt service] decryptToUtf8 MAC comparison failed. Key or payload has changed. Key type " +
                         (0,enums/* encryptionTypeToString */.QX)(key.encType) +
                         "Payload type " +
                         (0,enums/* encryptionTypeToString */.QX)(encString.encryptionType) +
@@ -34147,11 +34270,11 @@ class EncryptServiceImplementation {
                     return null;
                 }
             }
-            return yield this.cryptoFunctionService.aesDecryptFast(fastParams, "cbc");
+            return yield this.cryptoFunctionService.aesDecryptFast({ mode: "cbc", parameters: fastParams });
         });
     }
-    decryptToBytes(encThing, key) {
-        return __awaiter(this, void 0, void 0, function* () {
+    decryptToBytes(encThing_1, key_1) {
+        return __awaiter(this, arguments, void 0, function* (encThing, key, decryptContext = "no context") {
             if (key == null) {
                 throw new Error("No encryption key provided.");
             }
@@ -34164,14 +34287,18 @@ class EncryptServiceImplementation {
                 this.logService.error("[Encrypt service] Key has mac key but payload is missing mac bytes. Key type " +
                     (0,enums/* encryptionTypeToString */.QX)(key.encType) +
                     " Payload type " +
-                    (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType));
+                    (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType) +
+                    " Decrypt context: " +
+                    decryptContext);
                 return null;
             }
             if (key.encType !== encThing.encryptionType) {
                 this.logService.error("[Encrypt service] Key encryption type does not match payload encryption type. Key type " +
                     (0,enums/* encryptionTypeToString */.QX)(key.encType) +
                     " Payload type " +
-                    (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType));
+                    (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType) +
+                    " Decrypt context: " +
+                    decryptContext);
                 return null;
             }
             if (key.macKey != null && encThing.macBytes != null) {
@@ -34180,20 +34307,24 @@ class EncryptServiceImplementation {
                 macData.set(new Uint8Array(encThing.dataBytes), encThing.ivBytes.byteLength);
                 const computedMac = yield this.cryptoFunctionService.hmac(macData, key.macKey, "sha256");
                 if (computedMac === null) {
-                    this.logMacFailed("[Encrypt service] Failed to compute MAC." +
+                    this.logMacFailed("[Encrypt service#decryptToBytes] Failed to compute MAC." +
                         " Key type " +
                         (0,enums/* encryptionTypeToString */.QX)(key.encType) +
                         " Payload type " +
-                        (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType));
+                        (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType) +
+                        " Decrypt context: " +
+                        decryptContext);
                     return null;
                 }
                 const macsMatch = yield this.cryptoFunctionService.compare(encThing.macBytes, computedMac);
                 if (!macsMatch) {
-                    this.logMacFailed("[Encrypt service] MAC comparison failed. Key or payload has changed." +
+                    this.logMacFailed("[Encrypt service#decryptToBytes]: MAC comparison failed. Key or payload has changed." +
                         " Key type " +
                         (0,enums/* encryptionTypeToString */.QX)(key.encType) +
                         " Payload type " +
-                        (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType));
+                        (0,enums/* encryptionTypeToString */.QX)(encThing.encryptionType) +
+                        " Decrypt context: " +
+                        decryptContext);
                     return null;
                 }
             }
@@ -34749,8 +34880,8 @@ __webpack_require__.d(__webpack_exports__, {
   P: () => (/* binding */ FileUploadService)
 });
 
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 // EXTERNAL MODULE: ../../libs/common/src/platform/misc/utils.ts + 2 modules
 var utils = __webpack_require__(6948);
 ;// ../../libs/common/src/platform/services/file-upload/azure-file-upload.service.ts
@@ -35040,7 +35171,7 @@ class FileUploadService {
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   $: () => (/* binding */ KeyGenerationService)
 /* harmony export */ });
-/* harmony import */ var _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(8614);
+/* harmony import */ var _bitwarden_key_management__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(5907);
 /* harmony import */ var _misc_utils__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6948);
 /* harmony import */ var _models_domain_symmetric_crypto_key__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(7310);
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@@ -35226,8 +35357,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: ../../libs/common/src/state-migrations/index.ts
 var state_migrations = __webpack_require__(1181);
-// EXTERNAL MODULE: ../../libs/common/src/state-migrations/migrate.ts + 68 modules
-var migrate = __webpack_require__(1617);
+// EXTERNAL MODULE: ../../libs/common/src/state-migrations/migrate.ts + 69 modules
+var migrate = __webpack_require__(9176);
 ;// ../../libs/common/src/state-migrations/migration-helper.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -35550,8 +35681,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
-// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 17 modules
-var src = __webpack_require__(8614);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
 // EXTERNAL MODULE: ../../node_modules/@bitwarden/sdk-internal/bitwarden_wasm_internal_bg.js
 var bitwarden_wasm_internal_bg = __webpack_require__(6414);
 // EXTERNAL MODULE: ../../libs/common/src/enums/device-type.enum.ts
@@ -35702,55 +35833,55 @@ class DefaultSdkService {
     }
     toDevice(device) {
         switch (device) {
-            case device_type_enum/* DeviceType */.bq.Android:
+            case device_type_enum/* DeviceType */.b.Android:
                 return "Android";
-            case device_type_enum/* DeviceType */.bq.iOS:
+            case device_type_enum/* DeviceType */.b.iOS:
                 return "iOS";
-            case device_type_enum/* DeviceType */.bq.ChromeExtension:
+            case device_type_enum/* DeviceType */.b.ChromeExtension:
                 return "ChromeExtension";
-            case device_type_enum/* DeviceType */.bq.FirefoxExtension:
+            case device_type_enum/* DeviceType */.b.FirefoxExtension:
                 return "FirefoxExtension";
-            case device_type_enum/* DeviceType */.bq.OperaExtension:
+            case device_type_enum/* DeviceType */.b.OperaExtension:
                 return "OperaExtension";
-            case device_type_enum/* DeviceType */.bq.EdgeExtension:
+            case device_type_enum/* DeviceType */.b.EdgeExtension:
                 return "EdgeExtension";
-            case device_type_enum/* DeviceType */.bq.WindowsDesktop:
+            case device_type_enum/* DeviceType */.b.WindowsDesktop:
                 return "WindowsDesktop";
-            case device_type_enum/* DeviceType */.bq.MacOsDesktop:
+            case device_type_enum/* DeviceType */.b.MacOsDesktop:
                 return "MacOsDesktop";
-            case device_type_enum/* DeviceType */.bq.LinuxDesktop:
+            case device_type_enum/* DeviceType */.b.LinuxDesktop:
                 return "LinuxDesktop";
-            case device_type_enum/* DeviceType */.bq.ChromeBrowser:
+            case device_type_enum/* DeviceType */.b.ChromeBrowser:
                 return "ChromeBrowser";
-            case device_type_enum/* DeviceType */.bq.FirefoxBrowser:
+            case device_type_enum/* DeviceType */.b.FirefoxBrowser:
                 return "FirefoxBrowser";
-            case device_type_enum/* DeviceType */.bq.OperaBrowser:
+            case device_type_enum/* DeviceType */.b.OperaBrowser:
                 return "OperaBrowser";
-            case device_type_enum/* DeviceType */.bq.EdgeBrowser:
+            case device_type_enum/* DeviceType */.b.EdgeBrowser:
                 return "EdgeBrowser";
-            case device_type_enum/* DeviceType */.bq.IEBrowser:
+            case device_type_enum/* DeviceType */.b.IEBrowser:
                 return "IEBrowser";
-            case device_type_enum/* DeviceType */.bq.UnknownBrowser:
+            case device_type_enum/* DeviceType */.b.UnknownBrowser:
                 return "UnknownBrowser";
-            case device_type_enum/* DeviceType */.bq.AndroidAmazon:
+            case device_type_enum/* DeviceType */.b.AndroidAmazon:
                 return "AndroidAmazon";
-            case device_type_enum/* DeviceType */.bq.UWP:
+            case device_type_enum/* DeviceType */.b.UWP:
                 return "UWP";
-            case device_type_enum/* DeviceType */.bq.SafariBrowser:
+            case device_type_enum/* DeviceType */.b.SafariBrowser:
                 return "SafariBrowser";
-            case device_type_enum/* DeviceType */.bq.VivaldiBrowser:
+            case device_type_enum/* DeviceType */.b.VivaldiBrowser:
                 return "VivaldiBrowser";
-            case device_type_enum/* DeviceType */.bq.VivaldiExtension:
+            case device_type_enum/* DeviceType */.b.VivaldiExtension:
                 return "VivaldiExtension";
-            case device_type_enum/* DeviceType */.bq.SafariExtension:
+            case device_type_enum/* DeviceType */.b.SafariExtension:
                 return "SafariExtension";
-            case device_type_enum/* DeviceType */.bq.Server:
+            case device_type_enum/* DeviceType */.b.Server:
                 return "Server";
-            case device_type_enum/* DeviceType */.bq.WindowsCLI:
+            case device_type_enum/* DeviceType */.b.WindowsCLI:
                 return "WindowsCLI";
-            case device_type_enum/* DeviceType */.bq.MacOsCLI:
+            case device_type_enum/* DeviceType */.b.MacOsCLI:
                 return "MacOsCLI";
-            case device_type_enum/* DeviceType */.bq.LinuxCLI:
+            case device_type_enum/* DeviceType */.b.LinuxCLI:
                 return "LinuxCLI";
             default:
                 return "SDK";
@@ -35792,8 +35923,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 // EXTERNAL MODULE: ../../libs/common/src/platform/models/domain/account.ts
 var account = __webpack_require__(1656);
 ;// ../../libs/common/src/platform/models/domain/state.ts
@@ -36456,7 +36587,7 @@ class StorageServiceProvider {
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   T: () => (/* binding */ UserAutoUnlockKeyService)
 /* harmony export */ });
-/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(6425);
+/* harmony import */ var _enums__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(5874);
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -37062,6 +37193,7 @@ __webpack_require__.d(__webpack_exports__, {
   Wm: () => (/* reexport */ state_definitions/* ENVIRONMENT_MEMORY */.Wm),
   Qb: () => (/* reexport */ state_definitions/* EVENT_COLLECTION_DISK */.Qb),
   Rv: () => (/* reexport */ state_definitions/* FOLDER_DISK */.Rv),
+  jx: () => (/* reexport */ state_definitions/* FOLDER_MEMORY */.jx),
   qd: () => (/* reexport */ state_definitions/* GENERATOR_DISK */.qd),
   kj: () => (/* reexport */ state_definitions/* GENERATOR_MEMORY */.kj),
   P7: () => (/* reexport */ state_definitions/* KDF_CONFIG_DISK */.P7),
@@ -37573,6 +37705,7 @@ class StateDefinition {
 /* harmony export */   ie: () => (/* binding */ ACCOUNT_DISK),
 /* harmony export */   jB: () => (/* binding */ LOGIN_EMAIL_MEMORY),
 /* harmony export */   jb: () => (/* binding */ POLICIES_DISK),
+/* harmony export */   jx: () => (/* binding */ FOLDER_MEMORY),
 /* harmony export */   kj: () => (/* binding */ GENERATOR_MEMORY),
 /* harmony export */   nr: () => (/* binding */ ORGANIZATIONS_DISK),
 /* harmony export */   oR: () => (/* binding */ TOKEN_MEMORY),
@@ -37707,6 +37840,9 @@ const COLLECTION_DATA = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .St
     web: "memory",
 });
 const FOLDER_DISK = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("folder", "disk", { web: "memory" });
+const FOLDER_MEMORY = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("decryptedFolders", "memory", {
+    browser: "memory-large-object",
+});
 const VAULT_FILTER_DISK = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("vaultFilter", "disk", {
     web: "disk-local",
 });
@@ -37734,7 +37870,9 @@ const PREMIUM_BANNER_DISK_LOCAL = new _state_definition__WEBPACK_IMPORTED_MODULE
 });
 const BANNERS_DISMISSED_DISK = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("bannersDismissed", "disk");
 const VAULT_BROWSER_UI_ONBOARDING = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("vaultBrowserUiOnboarding", "disk");
-const NEW_DEVICE_VERIFICATION_NOTICE = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("newDeviceVerificationNotice", "disk");
+const NEW_DEVICE_VERIFICATION_NOTICE = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("newDeviceVerificationNotice", "disk", {
+    web: "disk-local",
+});
 const VAULT_APPEARANCE = new _state_definition__WEBPACK_IMPORTED_MODULE_0__/* .StateDefinition */ .z("vaultAppearance", "disk");
 
 
@@ -37993,17 +38131,18 @@ class CoreSyncService {
             yield this.stateProvider.getUser(userId, LAST_SYNC_DATE).update(() => date);
         });
     }
-    syncUpsertFolder(notification, isEdit) {
+    syncUpsertFolder(notification, isEdit, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             this.syncStarted();
-            if (yield this.stateService.getIsAuthenticated()) {
+            const authStatus = yield (0,external_rxjs_.firstValueFrom)(this.authService.authStatusFor$(userId));
+            if (authStatus >= authentication_status/* AuthenticationStatus */.J.Locked) {
                 try {
-                    const localFolder = yield this.folderService.get(notification.id);
+                    const localFolder = yield this.folderService.get(notification.id, userId);
                     if ((!isEdit && localFolder == null) ||
                         (isEdit && localFolder != null && localFolder.revisionDate < notification.revisionDate)) {
                         const remoteFolder = yield this.folderApiService.get(notification.id);
                         if (remoteFolder != null) {
-                            yield this.folderService.upsert(new folder_data/* FolderData */.p(remoteFolder));
+                            yield this.folderService.upsert(new folder_data/* FolderData */.p(remoteFolder), userId);
                             this.messageSender.send("syncedUpsertedFolder", { folderId: notification.id });
                             return this.syncCompleted(true);
                         }
@@ -38016,11 +38155,12 @@ class CoreSyncService {
             return this.syncCompleted(false);
         });
     }
-    syncDeleteFolder(notification) {
+    syncDeleteFolder(notification, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             this.syncStarted();
-            if (yield this.stateService.getIsAuthenticated()) {
-                yield this.folderService.delete(notification.id);
+            const authStatus = yield (0,external_rxjs_.firstValueFrom)(this.authService.authStatusFor$(userId));
+            if (authStatus >= authentication_status/* AuthenticationStatus */.J.Locked) {
+                yield this.folderService.delete(notification.id, userId);
                 this.messageSender.send("syncedDeletedFolder", { folderId: notification.id });
                 this.syncCompleted(true);
                 return true;
@@ -39543,7 +39683,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 class VaultTimeoutService {
-    constructor(accountService, masterPasswordService, cipherService, folderService, collectionService, platformUtilsService, messagingService, searchService, stateService, authService, vaultTimeoutSettingsService, stateEventRunnerService, taskSchedulerService, logService, lockedCallback = null, loggedOutCallback = null) {
+    constructor(accountService, masterPasswordService, cipherService, folderService, collectionService, platformUtilsService, messagingService, searchService, stateService, authService, vaultTimeoutSettingsService, stateEventRunnerService, taskSchedulerService, logService, biometricService, lockedCallback = null, loggedOutCallback = null) {
         this.accountService = accountService;
         this.masterPasswordService = masterPasswordService;
         this.cipherService = cipherService;
@@ -39558,6 +39698,7 @@ class VaultTimeoutService {
         this.stateEventRunnerService = stateEventRunnerService;
         this.taskSchedulerService = taskSchedulerService;
         this.logService = logService;
+        this.biometricService = biometricService;
         this.lockedCallback = lockedCallback;
         this.loggedOutCallback = loggedOutCallback;
         this.inited = false;
@@ -39599,6 +39740,7 @@ class VaultTimeoutService {
     }
     lock(userId) {
         return __awaiter(this, void 0, void 0, function* () {
+            yield this.biometricService.setShouldAutopromptNow(false);
             const authed = yield this.stateService.getIsAuthenticated({ userId: userId });
             if (!authed) {
                 return;
@@ -39622,9 +39764,9 @@ class VaultTimeoutService {
             })));
             if (userId == null || userId === currentUserId) {
                 yield this.searchService.clearIndex();
-                yield this.folderService.clearCache();
                 yield this.collectionService.clearActiveUserCache();
             }
+            yield this.folderService.clearDecryptedFolderState(lockingUserId);
             yield this.masterPasswordService.clearMasterKey(lockingUserId);
             yield this.stateService.setUserKeyAutoUnlock(null, { userId: lockingUserId });
             yield this.stateService.setCryptoMasterKeyAuto(null, { userId: lockingUserId });
@@ -39692,13 +39834,13 @@ class VaultTimeoutService {
 /* harmony export */   GR: () => (/* reexport safe */ _migrate__WEBPACK_IMPORTED_MODULE_0__.GR),
 /* harmony export */   yT: () => (/* reexport safe */ _migrate__WEBPACK_IMPORTED_MODULE_0__.yT)
 /* harmony export */ });
-/* harmony import */ var _migrate__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1617);
+/* harmony import */ var _migrate__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(9176);
 
 
 
 /***/ }),
 
-/***/ 1617:
+/***/ 9176:
 /***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
 
 
@@ -44183,6 +44325,62 @@ class MoveLastSyncDate extends Migrator {
     }
 }
 
+;// ../../libs/common/src/state-migrations/migrations/69-migrate-incorrect-folder-key.ts
+var _69_migrate_incorrect_folder_key_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+
+const BAD_FOLDER_KEY = {
+    key: "folder", // We inadvertently changed the key from "folders" to "folder"
+    stateDefinition: {
+        name: "folder",
+    },
+};
+const GOOD_FOLDER_KEY = {
+    key: "folders", // We should keep the key as "folders"
+    stateDefinition: {
+        name: "folder",
+    },
+};
+class MigrateIncorrectFolderKey extends Migrator {
+    migrate(helper) {
+        return _69_migrate_incorrect_folder_key_awaiter(this, void 0, void 0, function* () {
+            function migrateUser(userId) {
+                return _69_migrate_incorrect_folder_key_awaiter(this, void 0, void 0, function* () {
+                    const value = yield helper.getFromUser(userId, BAD_FOLDER_KEY);
+                    if (value != null) {
+                        yield helper.setToUser(userId, GOOD_FOLDER_KEY, value);
+                    }
+                    yield helper.removeFromUser(userId, BAD_FOLDER_KEY);
+                });
+            }
+            const users = yield helper.getKnownUserIds();
+            yield Promise.all(users.map((userId) => migrateUser(userId)));
+        });
+    }
+    rollback(helper) {
+        return _69_migrate_incorrect_folder_key_awaiter(this, void 0, void 0, function* () {
+            function rollbackUser(userId) {
+                return _69_migrate_incorrect_folder_key_awaiter(this, void 0, void 0, function* () {
+                    const value = yield helper.getFromUser(userId, GOOD_FOLDER_KEY);
+                    if (value != null) {
+                        yield helper.setToUser(userId, BAD_FOLDER_KEY, value);
+                    }
+                    yield helper.removeFromUser(userId, GOOD_FOLDER_KEY);
+                });
+            }
+            const users = yield helper.getKnownUserIds();
+            yield Promise.all(users.map((userId) => rollbackUser(userId)));
+        });
+    }
+}
+
 ;// ../../libs/common/src/state-migrations/migrations/7-move-biometric-auto-prompt-to-account.ts
 var _7_move_biometric_auto_prompt_to_account_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -44465,10 +44663,11 @@ var migrate_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _
 
 
 
+
 
 
 const MIN_VERSION = 3;
-const CURRENT_VERSION = 68;
+const CURRENT_VERSION = 69;
 function createMigrationBuilder() {
     return MigrationBuilder.create()
         .with(MinVersionMigrator)
@@ -44536,7 +44735,8 @@ function createMigrationBuilder() {
         .with(ForwarderOptionsMigrator, 64, 65)
         .with(MoveFinalDesktopSettingsMigrator, 65, 66)
         .with(RemoveUnassignedItemsBannerDismissed, 66, 67)
-        .with(MoveLastSyncDate, 67, CURRENT_VERSION);
+        .with(MoveLastSyncDate, 67, 68)
+        .with(MigrateIncorrectFolderKey, 68, CURRENT_VERSION);
 }
 function currentVersion(storageService, logService) {
     return migrate_awaiter(this, void 0, void 0, function* () {
@@ -46032,8 +46232,8 @@ __webpack_require__.d(__webpack_exports__, {
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
-// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 17 modules
-var src = __webpack_require__(8614);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
 // EXTERNAL MODULE: ../../libs/common/src/platform/misc/utils.ts + 2 modules
 var utils = __webpack_require__(6948);
 // EXTERNAL MODULE: ../../libs/common/src/tools/send/enums/send-type.ts
@@ -47663,11 +47863,11 @@ class Attachment extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_M
             key: null,
         }, ["id", "url", "sizeName"]);
     }
-    decrypt(orgId, encKey) {
-        return __awaiter(this, void 0, void 0, function* () {
+    decrypt(orgId_1) {
+        return __awaiter(this, arguments, void 0, function* (orgId, context = "No Cipher Context", encKey) {
             const view = yield this.decryptObj(new _view_attachment_view__WEBPACK_IMPORTED_MODULE_4__/* .AttachmentView */ .$(this), {
                 fileName: null,
-            }, orgId, encKey);
+            }, orgId, encKey, "DomainType: Attachment; " + context);
             if (this.key != null) {
                 view.key = yield this.decryptAttachmentKey(orgId, encKey);
             }
@@ -47735,6 +47935,15 @@ class Attachment extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_M
 /* harmony import */ var _platform_models_domain_enc_string__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6505);
 /* harmony import */ var _data_card_data__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(3644);
 /* harmony import */ var _view_card_view__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(2780);
+var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 
 
 
@@ -47754,15 +47963,17 @@ class Card extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODULE_
             code: null,
         }, []);
     }
-    decrypt(orgId, encKey) {
-        return this.decryptObj(new _view_card_view__WEBPACK_IMPORTED_MODULE_2__/* .CardView */ .G(), {
-            cardholderName: null,
-            brand: null,
-            number: null,
-            expMonth: null,
-            expYear: null,
-            code: null,
-        }, orgId, encKey);
+    decrypt(orgId_1) {
+        return __awaiter(this, arguments, void 0, function* (orgId, context = "No Cipher Context", encKey) {
+            return this.decryptObj(new _view_card_view__WEBPACK_IMPORTED_MODULE_2__/* .CardView */ .G(), {
+                cardholderName: null,
+                brand: null,
+                number: null,
+                expMonth: null,
+                expYear: null,
+                code: null,
+            }, orgId, encKey, "DomainType: Card; " + context);
+        });
     }
     toCardData() {
         const c = new _data_card_data__WEBPACK_IMPORTED_MODULE_3__/* .CardData */ .b();
@@ -47925,7 +48136,13 @@ class Cipher extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODUL
             let bypassValidation = true;
             if (this.key != null) {
                 const encryptService = _platform_misc_utils__WEBPACK_IMPORTED_MODULE_0__/* .Utils */ .A.getContainerService().getEncryptService();
-                encKey = new _platform_models_domain_symmetric_crypto_key__WEBPACK_IMPORTED_MODULE_3__/* .SymmetricCryptoKey */ .e(yield encryptService.decryptToBytes(this.key, encKey));
+                const keyBytes = yield encryptService.decryptToBytes(this.key, encKey, `Cipher Id: ${this.id}; Content: CipherKey; IsEncryptedByOrgKey: ${this.organizationId != null}`);
+                if (keyBytes == null) {
+                    model.name = "[error: cannot decrypt]";
+                    model.decryptionFailure = true;
+                    return model;
+                }
+                encKey = new _platform_models_domain_symmetric_crypto_key__WEBPACK_IMPORTED_MODULE_3__/* .SymmetricCryptoKey */ .e(keyBytes);
                 bypassValidation = false;
             }
             yield this.decryptObj(model, {
@@ -47934,19 +48151,19 @@ class Cipher extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODUL
             }, this.organizationId, encKey);
             switch (this.type) {
                 case _enums_cipher_type__WEBPACK_IMPORTED_MODULE_5__/* .CipherType */ .g.Login:
-                    model.login = yield this.login.decrypt(this.organizationId, bypassValidation, encKey);
+                    model.login = yield this.login.decrypt(this.organizationId, bypassValidation, `Cipher Id: ${this.id}`, encKey);
                     break;
                 case _enums_cipher_type__WEBPACK_IMPORTED_MODULE_5__/* .CipherType */ .g.SecureNote:
-                    model.secureNote = yield this.secureNote.decrypt(this.organizationId, encKey);
+                    model.secureNote = yield this.secureNote.decrypt(this.organizationId, `Cipher Id: ${this.id}`, encKey);
                     break;
                 case _enums_cipher_type__WEBPACK_IMPORTED_MODULE_5__/* .CipherType */ .g.Card:
-                    model.card = yield this.card.decrypt(this.organizationId, encKey);
+                    model.card = yield this.card.decrypt(this.organizationId, `Cipher Id: ${this.id}`, encKey);
                     break;
                 case _enums_cipher_type__WEBPACK_IMPORTED_MODULE_5__/* .CipherType */ .g.Identity:
-                    model.identity = yield this.identity.decrypt(this.organizationId, encKey);
+                    model.identity = yield this.identity.decrypt(this.organizationId, `Cipher Id: ${this.id}`, encKey);
                     break;
                 case _enums_cipher_type__WEBPACK_IMPORTED_MODULE_5__/* .CipherType */ .g.SshKey:
-                    model.sshKey = yield this.sshKey.decrypt(this.organizationId, encKey);
+                    model.sshKey = yield this.sshKey.decrypt(this.organizationId, `Cipher Id: ${this.id}`, encKey);
                     break;
                 default:
                     break;
@@ -47956,7 +48173,7 @@ class Cipher extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODUL
                 yield this.attachments.reduce((promise, attachment) => {
                     return promise
                         .then(() => {
-                        return attachment.decrypt(this.organizationId, encKey);
+                        return attachment.decrypt(this.organizationId, `Cipher Id: ${this.id}`, encKey);
                     })
                         .then((decAttachment) => {
                         attachments.push(decAttachment);
@@ -48383,7 +48600,7 @@ class Identity extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MOD
             licenseNumber: null,
         }, []);
     }
-    decrypt(orgId, encKey) {
+    decrypt(orgId, context = "No Cipher Context", encKey) {
         return this.decryptObj(new _view_identity_view__WEBPACK_IMPORTED_MODULE_2__/* .IdentityView */ .O(), {
             title: null,
             firstName: null,
@@ -48403,7 +48620,7 @@ class Identity extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MOD
             username: null,
             passportNumber: null,
             licenseNumber: null,
-        }, orgId, encKey);
+        }, orgId, encKey, "DomainType: Identity; " + context);
     }
     toIdentityData() {
         const i = new _data_identity_data__WEBPACK_IMPORTED_MODULE_3__/* .IdentityData */ .j();
@@ -48514,10 +48731,10 @@ class LoginUri extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MOD
             uriChecksum: null,
         }, []);
     }
-    decrypt(orgId, encKey) {
+    decrypt(orgId, context = "No Cipher Context", encKey) {
         return this.decryptObj(new _view_login_uri_view__WEBPACK_IMPORTED_MODULE_3__/* .LoginUriView */ .z(this), {
             uri: null,
-        }, orgId, encKey);
+        }, orgId, encKey, context);
     }
     validateChecksum(clearTextUri, orgId, encKey) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -48606,13 +48823,13 @@ class Login extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODULE
             this.fido2Credentials = obj.fido2Credentials.map((key) => new _fido2_credential__WEBPACK_IMPORTED_MODULE_3__/* .Fido2Credential */ .U(key));
         }
     }
-    decrypt(orgId, bypassValidation, encKey) {
-        return __awaiter(this, void 0, void 0, function* () {
+    decrypt(orgId_1, bypassValidation_1) {
+        return __awaiter(this, arguments, void 0, function* (orgId, bypassValidation, context = "No Cipher Context", encKey) {
             const view = yield this.decryptObj(new _view_login_view__WEBPACK_IMPORTED_MODULE_2__/* .LoginView */ .r(this), {
                 username: null,
                 password: null,
                 totp: null,
-            }, orgId, encKey);
+            }, orgId, encKey, `DomainType: Login; ${context}`);
             if (this.uris != null) {
                 view.uris = [];
                 for (let i = 0; i < this.uris.length; i++) {
@@ -48620,7 +48837,7 @@ class Login extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODULE
                     if (this.uris[i].uri == null) {
                         continue;
                     }
-                    const uri = yield this.uris[i].decrypt(orgId, encKey);
+                    const uri = yield this.uris[i].decrypt(orgId, context, encKey);
                     // URIs are shared remotely after decryption
                     // we need to validate that the string hasn't been changed by a compromised server
                     // This validation is tied to the existence of cypher.key for backwards compatibility
@@ -48711,7 +48928,7 @@ class Password extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MOD
     decrypt(orgId, encKey) {
         return this.decryptObj(new _view_password_history_view__WEBPACK_IMPORTED_MODULE_2__/* .PasswordHistoryView */ .j(this), {
             password: null,
-        }, orgId, encKey);
+        }, orgId, encKey, "DomainType: PasswordHistory");
     }
     toPasswordHistoryData() {
         const ph = new _data_password_history_data__WEBPACK_IMPORTED_MODULE_3__/* .PasswordHistoryData */ .k();
@@ -48746,6 +48963,15 @@ class Password extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MOD
 /* harmony import */ var _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(673);
 /* harmony import */ var _data_secure_note_data__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(8188);
 /* harmony import */ var _view_secure_note_view__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(2742);
+var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 
 
 
@@ -48757,8 +48983,10 @@ class SecureNote extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_M
         }
         this.type = obj.type;
     }
-    decrypt(orgId, encKey) {
-        return Promise.resolve(new _view_secure_note_view__WEBPACK_IMPORTED_MODULE_1__/* .SecureNoteView */ .Z(this));
+    decrypt(orgId_1) {
+        return __awaiter(this, arguments, void 0, function* (orgId, context = "No Cipher Context", encKey) {
+            return new _view_secure_note_view__WEBPACK_IMPORTED_MODULE_1__/* .SecureNoteView */ .Z(this);
+        });
     }
     toSecureNoteData() {
         const n = new _data_secure_note_data__WEBPACK_IMPORTED_MODULE_2__/* .SecureNoteData */ .e();
@@ -48802,12 +49030,12 @@ class SshKey extends _platform_models_domain_domain_base__WEBPACK_IMPORTED_MODUL
             keyFingerprint: null,
         }, []);
     }
-    decrypt(orgId, encKey) {
+    decrypt(orgId, context = "No Cipher Context", encKey) {
         return this.decryptObj(new _view_ssh_key_view__WEBPACK_IMPORTED_MODULE_2__/* .SshKeyView */ .H(), {
             privateKey: null,
             publicKey: null,
             keyFingerprint: null,
-        }, orgId, encKey);
+        }, orgId, encKey, "DomainType: SshKey; " + context);
     }
     toSshKeyData() {
         const c = new _data_ssh_key_data__WEBPACK_IMPORTED_MODULE_3__/* .SshKeyData */ .E();
@@ -49362,6 +49590,10 @@ class CipherView {
         this.creationDate = null;
         this.deletedDate = null;
         this.reprompt = _enums_cipher_reprompt_type__WEBPACK_IMPORTED_MODULE_2__/* .CipherRepromptType */ .b.None;
+        /**
+         * Flag to indicate if the cipher decryption failed.
+         */
+        this.decryptionFailure = false;
         if (!c) {
             return;
         }
@@ -50532,6 +50764,10 @@ const DECRYPTED_CIPHERS = state/* UserKeyDefinition */.Ok.record(state/* CIPHERS
     deserializer: (cipher) => cipher_view/* CipherView */.f.fromJSON(cipher),
     clearOn: ["logout", "lock"],
 });
+const FAILED_DECRYPTED_CIPHERS = state/* UserKeyDefinition */.Ok.array(state/* CIPHERS_MEMORY */.Xk, "failedDecryptedCiphers", {
+    deserializer: (cipher) => cipher_view/* CipherView */.f.fromJSON(cipher),
+    clearOn: ["logout", "lock"],
+});
 const LOCAL_DATA_KEY = new state/* UserKeyDefinition */.Ok(state/* CIPHERS_DISK_LOCAL */.HR, "localData", {
     deserializer: (localData) => localData,
     clearOn: ["logout"],
@@ -50631,12 +50867,14 @@ class CipherService {
         this.localDataState = this.stateProvider.getActive(LOCAL_DATA_KEY);
         this.encryptedCiphersState = this.stateProvider.getActive(ENCRYPTED_CIPHERS);
         this.decryptedCiphersState = this.stateProvider.getActive(DECRYPTED_CIPHERS);
+        this.failedToDecryptCiphersState = this.stateProvider.getActive(FAILED_DECRYPTED_CIPHERS);
         this.addEditCipherInfoState = this.stateProvider.getActive(ADD_EDIT_CIPHER_INFO_KEY);
         this.localData$ = this.localDataState.state$.pipe((0,external_rxjs_.map)((data) => data !== null && data !== void 0 ? data : {}));
         this.ciphers$ = this.encryptedCiphersState.state$.pipe((0,external_rxjs_.map)((ciphers) => ciphers !== null && ciphers !== void 0 ? ciphers : {}));
         // Decrypted ciphers depend on both ciphers and local data and need to be updated when either changes
         this.cipherViews$ = (0,external_rxjs_.combineLatest)([this.encryptedCiphersState.state$, this.localData$]).pipe((0,external_rxjs_.filter)(([ciphers]) => ciphers != null), // Skip if ciphers haven't been loaded yor synced yet
         (0,external_rxjs_.switchMap)(() => (0,external_rxjs_.merge)(this.forceCipherViews$, this.getAllDecrypted())), (0,external_rxjs_.shareReplay)({ bufferSize: 1, refCount: true }));
+        this.failedToDecryptCiphers$ = this.failedToDecryptCiphersState.state$.pipe((0,external_rxjs_.filter)((ciphers) => ciphers != null), (0,external_rxjs_.switchMap)((ciphers) => (0,external_rxjs_.merge)(this.forceCipherViews$, (0,external_rxjs_.of)(ciphers))), (0,external_rxjs_.shareReplay)({ bufferSize: 1, refCount: true }));
         this.addEditCipherInfo$ = this.addEditCipherInfoState.state$;
     }
     setDecryptedCipherCache(value, userId) {
@@ -50657,6 +50895,11 @@ class CipherService {
             }
         });
     }
+    setFailedDecryptedCiphers(cipherViews, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.stateProvider.setUserState(FAILED_DECRYPTED_CIPHERS, cipherViews, userId);
+        });
+    }
     setDecryptedCiphers(value, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             const cipherViews = {};
@@ -50835,7 +51078,7 @@ class CipherService {
      */
     getAllDecrypted() {
         return __awaiter(this, void 0, void 0, function* () {
-            let decCiphers = yield this.getDecryptedCiphers();
+            const decCiphers = yield this.getDecryptedCiphers();
             if (decCiphers != null && decCiphers.length !== 0) {
                 yield this.reindexCiphers();
                 return yield this.getDecryptedCiphers();
@@ -50844,9 +51087,10 @@ class CipherService {
             if (activeUserId == null) {
                 return [];
             }
-            decCiphers = yield this.decryptCiphers(yield this.getAll(), activeUserId);
-            yield this.setDecryptedCipherCache(decCiphers, activeUserId);
-            return decCiphers;
+            const [newDecCiphers, failedCiphers] = yield this.decryptCiphers(yield this.getAll(), activeUserId);
+            yield this.setDecryptedCipherCache(newDecCiphers, activeUserId);
+            yield this.setFailedDecryptedCiphers(failedCiphers, activeUserId);
+            return newDecCiphers;
         });
     }
     getDecryptedCiphers() {
@@ -50854,6 +51098,13 @@ class CipherService {
             return Object.values(yield (0,external_rxjs_.firstValueFrom)(this.decryptedCiphersState.state$.pipe((0,external_rxjs_.map)((c) => c !== null && c !== void 0 ? c : {}))));
         });
     }
+    /**
+     * Decrypts the provided ciphers using the provided user's keys.
+     * @param ciphers
+     * @param userId
+     * @returns Two cipher arrays, the first containing successfully decrypted ciphers and the second containing ciphers that failed to decrypt.
+     * @private
+     */
     decryptCiphers(ciphers, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             const keys = yield (0,external_rxjs_.firstValueFrom)(this.keyService.cipherDecryptionKeys$(userId, true));
@@ -50869,7 +51120,7 @@ class CipherService {
                 agg[c.organizationId].push(c);
                 return agg;
             }, {});
-            const decCiphers = (yield Promise.all(Object.entries(grouped).map((_a) => __awaiter(this, [_a], void 0, function* ([orgId, groupedCiphers]) {
+            const allCipherViews = (yield Promise.all(Object.entries(grouped).map((_a) => __awaiter(this, [_a], void 0, function* ([orgId, groupedCiphers]) {
                 var _b, _c;
                 if (yield this.configService.getFeatureFlag(feature_flag_enum/* FeatureFlag */.T.PM4154_BulkEncryptionService)) {
                     return yield this.bulkEncryptService.decryptItems(groupedCiphers, (_b = keys.orgKeys[orgId]) !== null && _b !== void 0 ? _b : keys.userKey);
@@ -50880,7 +51131,16 @@ class CipherService {
             }))))
                 .flat()
                 .sort(this.getLocaleSortingFunction());
-            return decCiphers;
+            // Split ciphers into two arrays, one for successfully decrypted ciphers and one for ciphers that failed to decrypt
+            return allCipherViews.reduce((acc, c) => {
+                if (c.decryptionFailure) {
+                    acc[1].push(c);
+                }
+                else {
+                    acc[0].push(c);
+                }
+                return acc;
+            }, [[], []]);
         });
     }
     reindexCiphers() {
@@ -51611,9 +51871,13 @@ class CipherService {
             }
             let encryptedCiphers = [];
             const ciphers = yield (0,external_rxjs_.firstValueFrom)(this.cipherViews$);
+            const failedCiphers = yield (0,external_rxjs_.firstValueFrom)(this.failedToDecryptCiphers$);
             if (!ciphers) {
                 return encryptedCiphers;
             }
+            if (failedCiphers.length > 0) {
+                throw new Error("Cannot rotate ciphers when decryption failures are present");
+            }
             const userCiphers = ciphers.filter((c) => c.organizationId == null);
             if (userCiphers.length === 0) {
                 return encryptedCiphers;
@@ -51892,6 +52156,7 @@ class CipherService {
     clearDecryptedCiphersState(userId) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.setDecryptedCiphers(null, userId);
+            yield this.setFailedDecryptedCiphers(null, userId);
             this.clearSortedCiphers();
         });
     }
@@ -52114,7 +52379,7 @@ class FolderApiService {
         this.folderService = folderService;
         this.apiService = apiService;
     }
-    save(folder) {
+    save(folder, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             const request = new _vault_models_request_folder_request__WEBPACK_IMPORTED_MODULE_1__/* .FolderRequest */ .O(folder);
             let response;
@@ -52126,19 +52391,19 @@ class FolderApiService {
                 response = yield this.putFolder(folder.id, request);
             }
             const data = new _vault_models_data_folder_data__WEBPACK_IMPORTED_MODULE_2__/* .FolderData */ .p(response);
-            yield this.folderService.upsert(data);
+            yield this.folderService.upsert(data, userId);
         });
     }
-    delete(id) {
+    delete(id, userId) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.deleteFolder(id);
-            yield this.folderService.delete(id);
+            yield this.folderService.delete(id, userId);
         });
     }
-    deleteAll() {
+    deleteAll(userId) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.apiService.send("DELETE", "/folders/all", null, true, false);
-            yield this.folderService.clear();
+            yield this.folderService.clear(userId);
         });
     }
     get(id) {
@@ -52191,16 +52456,6 @@ var folder_with_id_request = __webpack_require__(973);
 // EXTERNAL MODULE: ../../libs/common/src/platform/state/index.ts + 3 modules
 var state = __webpack_require__(1068);
 ;// ../../libs/common/src/vault/services/key-state/folder.state.ts
-var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-
 
 
 
@@ -52208,21 +52463,13 @@ const FOLDER_ENCRYPTED_FOLDERS = state/* UserKeyDefinition */.Ok.record(state/*
     deserializer: (obj) => folder_data/* FolderData */.p.fromJSON(obj),
     clearOn: ["logout"],
 });
-const FOLDER_DECRYPTED_FOLDERS = state/* DeriveDefinition */.JV.from(FOLDER_ENCRYPTED_FOLDERS, {
-    deserializer: (obj) => obj.map((f) => folder_view/* FolderView */.u.fromJSON(f)),
-    derive: (from_1, _a) => __awaiter(void 0, [from_1, _a], void 0, function* (from, { folderService, keyService }) {
-        const folders = Object.values(from || {}).map((f) => new domain_folder/* Folder */.v(f));
-        if (yield keyService.hasUserKey()) {
-            return yield folderService.decryptFolders(folders);
-        }
-        else {
-            return [];
-        }
-    }),
+const FOLDER_DECRYPTED_FOLDERS = new state/* UserKeyDefinition */.Ok(state/* FOLDER_MEMORY */.jx, "decryptedFolders", {
+    deserializer: (obj) => { var _a; return (_a = obj === null || obj === void 0 ? void 0 : obj.map((f) => folder_view/* FolderView */.u.fromJSON(f))) !== null && _a !== void 0 ? _a : []; },
+    clearOn: ["logout", "lock"],
 });
 
 ;// ../../libs/common/src/vault/services/folder/folder.service.ts
-var folder_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
         function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
@@ -52247,46 +52494,73 @@ class FolderService {
         this.i18nService = i18nService;
         this.cipherService = cipherService;
         this.stateProvider = stateProvider;
-        this.encryptedFoldersState = this.stateProvider.getActive(FOLDER_ENCRYPTED_FOLDERS);
-        this.decryptedFoldersState = this.stateProvider.getDerived(this.encryptedFoldersState.state$, FOLDER_DECRYPTED_FOLDERS, { folderService: this, keyService: this.keyService });
-        this.folders$ = this.encryptedFoldersState.state$.pipe((0,external_rxjs_.map)((folderData) => Object.values(folderData).map((f) => new domain_folder/* Folder */.v(f))));
-        this.folderViews$ = this.decryptedFoldersState.state$;
+        /**
+         * Ensures we reuse the same observable stream for each userId rather than
+         * creating a new one on each folderViews$ call.
+         */
+        this.folderViewCache = new Map();
+        /**
+         * Used to force the folderviews$ Observable to re-emit with a provided value.
+         * Required because shareReplay with refCount: false maintains last emission.
+         * Used during cleanup to force emit empty arrays, ensuring stale data isn't retained.
+         */
+        this.forceFolderViews = {};
     }
-    clearCache() {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            yield this.decryptedFoldersState.forceValue([]);
-        });
+    folders$(userId) {
+        return this.encryptedFoldersState(userId).state$.pipe((0,external_rxjs_.map)((folders) => {
+            if (folders == null) {
+                return [];
+            }
+            return Object.values(folders).map((f) => new domain_folder/* Folder */.v(f));
+        }));
+    }
+    /**
+     * Returns an Observable of decrypted folder views for the given userId.
+     * Uses folderViewCache to maintain a single Observable instance per user,
+     * combining normal folder state updates with forced updates.
+     */
+    folderViews$(userId) {
+        if (!this.folderViewCache.has(userId)) {
+            if (!this.forceFolderViews[userId]) {
+                this.forceFolderViews[userId] = new external_rxjs_.Subject();
+            }
+            const observable = (0,external_rxjs_.merge)(this.forceFolderViews[userId], this.encryptedFoldersState(userId).state$.pipe((0,external_rxjs_.switchMap)((folderData) => {
+                return this.decryptFolders(userId, folderData);
+            }))).pipe((0,external_rxjs_.shareReplay)({ refCount: false, bufferSize: 1 }));
+            this.folderViewCache.set(userId, observable);
+        }
+        return this.folderViewCache.get(userId);
     }
     // TODO: This should be moved to EncryptService or something
     encrypt(model, key) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
+        return __awaiter(this, void 0, void 0, function* () {
             const folder = new domain_folder/* Folder */.v();
             folder.id = model.id;
             folder.name = yield this.encryptService.encrypt(model.name, key);
             return folder;
         });
     }
-    get(id) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            const folders = yield (0,external_rxjs_.firstValueFrom)(this.folders$);
+    get(id, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const folders = yield (0,external_rxjs_.firstValueFrom)(this.folders$(userId));
             return folders.find((folder) => folder.id === id);
         });
     }
-    getDecrypted$(id) {
-        return this.folderViews$.pipe((0,external_rxjs_.map)((folders) => folders.find((folder) => folder.id === id)), (0,external_rxjs_.shareReplay)({ refCount: true, bufferSize: 1 }));
+    getDecrypted$(id, userId) {
+        return this.folderViews$(userId).pipe((0,external_rxjs_.map)((folders) => folders.find((folder) => folder.id === id)), (0,external_rxjs_.shareReplay)({ refCount: true, bufferSize: 1 }));
     }
-    getAllFromState() {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            return yield (0,external_rxjs_.firstValueFrom)(this.folders$);
+    getAllFromState(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield (0,external_rxjs_.firstValueFrom)(this.folders$(userId));
         });
     }
     /**
      * @deprecated For the CLI only
      * @param id id of the folder
      */
-    getFromState(id) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            const folder = yield this.get(id);
+    getFromState(id, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const folder = yield this.get(id, userId);
             if (!folder) {
                 return null;
             }
@@ -52296,14 +52570,15 @@ class FolderService {
     /**
      * @deprecated Only use in CLI!
      */
-    getAllDecryptedFromState() {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            return yield (0,external_rxjs_.firstValueFrom)(this.folderViews$);
+    getAllDecryptedFromState(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield (0,external_rxjs_.firstValueFrom)(this.folderViews$(userId));
         });
     }
-    upsert(folderData) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            yield this.encryptedFoldersState.update((folders) => {
+    upsert(folderData, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.clearDecryptedFolderState(userId);
+            yield this.encryptedFoldersState(userId).update((folders) => {
                 if (folders == null) {
                     folders = {};
                 }
@@ -52321,30 +52596,37 @@ class FolderService {
         });
     }
     replace(folders, userId) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
+        return __awaiter(this, void 0, void 0, function* () {
             if (!folders) {
                 return;
             }
+            yield this.clearDecryptedFolderState(userId);
             yield this.stateProvider.getUser(userId, FOLDER_ENCRYPTED_FOLDERS).update(() => {
                 const newFolders = Object.assign({}, folders);
                 return newFolders;
             });
         });
     }
-    clear(userId) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
+    clearDecryptedFolderState(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
             if (userId == null) {
-                yield this.encryptedFoldersState.update(() => ({}));
-                yield this.decryptedFoldersState.forceValue([]);
-            }
-            else {
-                yield this.stateProvider.getUser(userId, FOLDER_ENCRYPTED_FOLDERS).update(() => ({}));
+                throw new Error("User ID is required.");
             }
+            yield this.setDecryptedFolders([], userId);
         });
     }
-    delete(id) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            yield this.encryptedFoldersState.update((folders) => {
+    clear(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            (_a = this.forceFolderViews[userId]) === null || _a === void 0 ? void 0 : _a.next([]);
+            yield this.encryptedFoldersState(userId).update(() => ({}));
+            yield this.clearDecryptedFolderState(userId);
+        });
+    }
+    delete(id, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.clearDecryptedFolderState(userId);
+            yield this.encryptedFoldersState(userId).update((folders) => {
                 if (folders == null) {
                     return;
                 }
@@ -52367,41 +52649,76 @@ class FolderService {
                     }
                 }
                 if (updates.length > 0) {
-                    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-                    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-                    this.cipherService.upsert(updates.map((c) => c.toCipherData()));
+                    yield this.cipherService.upsert(updates.map((c) => c.toCipherData()));
                 }
             }
         });
     }
-    decryptFolders(folders) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
-            const decryptFolderPromises = folders.map((f) => f.decrypt());
-            const decryptedFolders = yield Promise.all(decryptFolderPromises);
-            decryptedFolders.sort(utils/* Utils */.A.getSortFunction(this.i18nService, "name"));
-            const noneFolder = new folder_view/* FolderView */.u();
-            noneFolder.name = this.i18nService.t("noneFolder");
-            decryptedFolders.push(noneFolder);
-            return decryptedFolders;
-        });
-    }
     getRotatedData(originalUserKey, newUserKey, userId) {
-        return folder_service_awaiter(this, void 0, void 0, function* () {
+        return __awaiter(this, void 0, void 0, function* () {
             if (newUserKey == null) {
                 throw new Error("New user key is required for rotation.");
             }
             let encryptedFolders = [];
-            const folders = yield (0,external_rxjs_.firstValueFrom)(this.folderViews$);
+            const folders = yield (0,external_rxjs_.firstValueFrom)(this.folderViews$(userId));
             if (!folders) {
                 return encryptedFolders;
             }
-            encryptedFolders = yield Promise.all(folders.map((folder) => folder_service_awaiter(this, void 0, void 0, function* () {
+            encryptedFolders = yield Promise.all(folders.map((folder) => __awaiter(this, void 0, void 0, function* () {
                 const encryptedFolder = yield this.encrypt(folder, newUserKey);
                 return new folder_with_id_request/* FolderWithIdRequest */.T(encryptedFolder);
             })));
             return encryptedFolders;
         });
     }
+    /**
+     * Decrypts the folders for a user.
+     * @param userId the user id
+     * @param folderData encrypted folders
+     * @returns a list of decrypted folders
+     */
+    decryptFolders(userId, folderData) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Check if the decrypted folders are already cached
+            const decrypted = yield (0,external_rxjs_.firstValueFrom)(this.stateProvider.getUser(userId, FOLDER_DECRYPTED_FOLDERS).state$);
+            if (decrypted === null || decrypted === void 0 ? void 0 : decrypted.length) {
+                return decrypted;
+            }
+            if (folderData == null) {
+                return [];
+            }
+            const folders = Object.values(folderData).map((f) => new domain_folder/* Folder */.v(f));
+            const userKey = yield (0,external_rxjs_.firstValueFrom)(this.keyService.userKey$(userId));
+            if (!userKey) {
+                return [];
+            }
+            const decryptFolderPromises = folders.map((f) => f.decryptWithKey(userKey, this.encryptService));
+            const decryptedFolders = yield Promise.all(decryptFolderPromises);
+            decryptedFolders.sort(utils/* Utils */.A.getSortFunction(this.i18nService, "name"));
+            const noneFolder = new folder_view/* FolderView */.u();
+            noneFolder.name = this.i18nService.t("noneFolder");
+            decryptedFolders.push(noneFolder);
+            // Cache the decrypted folders
+            yield this.setDecryptedFolders(decryptedFolders, userId);
+            return decryptedFolders;
+        });
+    }
+    /**
+     * @returns a SingleUserState for the encrypted folders.
+     */
+    encryptedFoldersState(userId) {
+        return this.stateProvider.getUser(userId, FOLDER_ENCRYPTED_FOLDERS);
+    }
+    /**
+     * Sets the decrypted folders state for a user.
+     * @param folders the decrypted folders
+     * @param userId the user id
+     */
+    setDecryptedFolders(folders, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.stateProvider.setUserState(FOLDER_DECRYPTED_FOLDERS, folders, userId);
+        });
+    }
 }
 
 
@@ -53595,8 +53912,8 @@ class BitwardenJsonImporter extends base_importer_BaseImporter {
     }
 }
 
-// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 17 modules
-var src = __webpack_require__(8614);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
 ;// ../../libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts
 var bitwarden_password_protected_importer_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -59442,13 +59759,15 @@ class ImportService {
 
 /***/ }),
 
-/***/ 8614:
+/***/ 5907:
 /***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
 
 
 // EXPORTS
 __webpack_require__.d(__webpack_exports__, {
   hU: () => (/* reexport */ Argon2KdfConfig),
+  Zm: () => (/* reexport */ BiometricsService),
+  cR: () => (/* reexport */ BiometricsStatus),
   QH: () => (/* reexport */ DefaultBiometricStateService),
   aT: () => (/* reexport */ DefaultKdfConfigService),
   gX: () => (/* reexport */ DefaultKeyService),
@@ -59456,7 +59775,7 @@ __webpack_require__.d(__webpack_exports__, {
   n1: () => (/* reexport */ PBKDF2KdfConfig)
 });
 
-// UNUSED EXPORTS: BIOMETRIC_UNLOCK_ENABLED, BiometricStateService, BiometricsService, DEFAULT_KDF_CONFIG, DISMISSED_REQUIRE_PASSWORD_ON_START_CALLOUT, DefaultUserAsymmetricKeysRegenerationApiService, DefaultUserAsymmetricKeysRegenerationService, ENCRYPTED_CLIENT_KEY_HALF, FINGERPRINT_VALIDATED, KdfConfigService, KeyService, PROMPT_AUTOMATICALLY, PROMPT_CANCELLED, REQUIRE_PASSWORD_ON_START, UserAsymmetricKeysRegenerationApiService, UserAsymmetricKeysRegenerationService
+// UNUSED EXPORTS: BIOMETRIC_UNLOCK_ENABLED, BiometricStateService, BiometricsCommands, DEFAULT_KDF_CONFIG, DISMISSED_REQUIRE_PASSWORD_ON_START_CALLOUT, DefaultUserAsymmetricKeysRegenerationApiService, DefaultUserAsymmetricKeysRegenerationService, ENCRYPTED_CLIENT_KEY_HALF, FINGERPRINT_VALIDATED, KdfConfigService, KeyService, LAST_PROCESS_RELOAD, PROMPT_AUTOMATICALLY, PROMPT_CANCELLED, REQUIRE_PASSWORD_ON_START, UserAsymmetricKeysRegenerationApiService, UserAsymmetricKeysRegenerationService
 
 // EXTERNAL MODULE: external "rxjs"
 var external_rxjs_ = __webpack_require__(573);
@@ -59465,6 +59784,8 @@ var enc_string = __webpack_require__(6505);
 // EXTERNAL MODULE: ../../libs/common/src/platform/state/index.ts + 3 modules
 var state = __webpack_require__(1068);
 ;// ../../libs/key-management/src/biometrics/biometric.state.ts
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
 /**
  * Indicates whether the user elected to store a biometric key to unlock their vault.
@@ -59521,6 +59842,12 @@ const PROMPT_AUTOMATICALLY = new state/* UserKeyDefinition */.Ok(state/* BIOMETR
 const FINGERPRINT_VALIDATED = new state/* KeyDefinition */.Zs(state/* BIOMETRIC_SETTINGS_DISK */.rB, "fingerprintValidated", {
     deserializer: (obj) => obj,
 });
+/**
+ * Last process reload time
+ */
+const LAST_PROCESS_RELOAD = new state/* KeyDefinition */.Zs(state/* BIOMETRIC_SETTINGS_DISK */.rB, "lastProcessReload", {
+    deserializer: (obj) => new Date(obj),
+});
 
 ;// ../../libs/key-management/src/biometrics/biometric-state.service.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@@ -59535,6 +59862,8 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
 
 class BiometricStateService {
@@ -59563,6 +59892,8 @@ class DefaultBiometricStateService {
         this.promptAutomatically$ = this.promptAutomaticallyState.state$.pipe((0,external_rxjs_.map)(Boolean));
         this.fingerprintValidatedState = this.stateProvider.getGlobal(FINGERPRINT_VALIDATED);
         this.fingerprintValidated$ = this.fingerprintValidatedState.state$.pipe((0,external_rxjs_.map)(Boolean));
+        this.lastProcessReloadState = this.stateProvider.getGlobal(LAST_PROCESS_RELOAD);
+        this.lastProcessReload$ = this.lastProcessReloadState.state$;
     }
     setBiometricUnlockEnabled(enabled) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -59673,11 +60004,72 @@ class DefaultBiometricStateService {
             yield this.fingerprintValidatedState.update(() => validated);
         });
     }
+    updateLastProcessReload() {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.lastProcessReloadState.update(() => new Date());
+        });
+    }
+    getLastProcessReload() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield (0,external_rxjs_.firstValueFrom)(this.lastProcessReload$);
+        });
+    }
 }
 function encryptedClientKeyHalfToEncString(encryptedKeyHalf) {
     return encryptedKeyHalf == null ? null : new enc_string/* EncString */.k(encryptedKeyHalf);
 }
 
+;// ../../libs/key-management/src/biometrics/biometrics-status.ts
+var BiometricsStatus;
+(function (BiometricsStatus) {
+    /** For the biometrics interface, this means that biometric unlock is available and can be used. Querying for the user specifically, this means that biometric can be used for to unlock this user */
+    BiometricsStatus[BiometricsStatus["Available"] = 0] = "Available";
+    /** Biometrics cannot be used, because the userkey needs to first be unlocked by the user's password, because unlock needs some volatile data that is not available on app-start */
+    BiometricsStatus[BiometricsStatus["UnlockNeeded"] = 1] = "UnlockNeeded";
+    /** Biometric hardware is not available (i.e laptop folded shut, sensor unplugged) */
+    BiometricsStatus[BiometricsStatus["HardwareUnavailable"] = 2] = "HardwareUnavailable";
+    /** Only relevant for linux, this means that polkit policies need to be set up and that can happen automatically */
+    BiometricsStatus[BiometricsStatus["AutoSetupNeeded"] = 3] = "AutoSetupNeeded";
+    /** Only relevant for linux, this means that polkit policies need to be set up but that needs to be done manually */
+    BiometricsStatus[BiometricsStatus["ManualSetupNeeded"] = 4] = "ManualSetupNeeded";
+    /** Biometrics is not implemented for this platform (i.e web) */
+    BiometricsStatus[BiometricsStatus["PlatformUnsupported"] = 5] = "PlatformUnsupported";
+    /** Browser extension cannot connect to the desktop app to use biometrics */
+    BiometricsStatus[BiometricsStatus["DesktopDisconnected"] = 6] = "DesktopDisconnected";
+    /** Biometrics is not enabled in the desktop app/extension (current app) */
+    BiometricsStatus[BiometricsStatus["NotEnabledLocally"] = 7] = "NotEnabledLocally";
+    /** Only on browser extension; Biometrics is not enabled in the desktop app */
+    BiometricsStatus[BiometricsStatus["NotEnabledInConnectedDesktopApp"] = 8] = "NotEnabledInConnectedDesktopApp";
+    /** Browser extension does not have the permission to talk to the desktop app */
+    BiometricsStatus[BiometricsStatus["NativeMessagingPermissionMissing"] = 9] = "NativeMessagingPermissionMissing";
+})(BiometricsStatus || (BiometricsStatus = {}));
+
+;// ../../libs/key-management/src/biometrics/biometrics-commands.ts
+var BiometricsCommands;
+(function (BiometricsCommands) {
+    /** Perform biometric authentication for the system's user. Does not require setup, and does not return cryptographic material, only yes or no. */
+    BiometricsCommands["AuthenticateWithBiometrics"] = "authenticateWithBiometrics";
+    /** Get biometric status of the system, and can be used before biometrics is set up. Only returns data about the biometrics system, not about availability of cryptographic material */
+    BiometricsCommands["GetBiometricsStatus"] = "getBiometricsStatus";
+    /** Perform biometric authentication for the system's user for the given bitwarden account's credentials. This returns cryptographic material that can be used to unlock the vault. */
+    BiometricsCommands["UnlockWithBiometricsForUser"] = "unlockWithBiometricsForUser";
+    /** Get biometric status for a specific user account. This includes both information about availability of cryptographic material (is the user configured for biometric unlock? is a masterpassword unlock needed? But also information about the biometric system's availability in a single status) */
+    BiometricsCommands["GetBiometricsStatusForUser"] = "getBiometricsStatusForUser";
+    // legacy
+    BiometricsCommands["Unlock"] = "biometricUnlock";
+    BiometricsCommands["IsAvailable"] = "biometricUnlockAvailable";
+})(BiometricsCommands || (BiometricsCommands = {}));
+
+;// ../../libs/key-management/src/biometrics/biometric.service.ts
+/**
+ * The biometrics service is used to provide access to the status of and access to biometric functionality on the platforms.
+ */
+class BiometricsService {
+    supportsBiometric() {
+        throw new Error("Method not implemented.");
+    }
+}
+
 ;// ../../libs/key-management/src/abstractions/key.service.ts
 class UserPrivateKeyDecryptionFailedError extends Error {
     constructor() {
@@ -59761,8 +60153,8 @@ class ProviderEncryptedOrganizationKey {
     }
 }
 
-// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 6 modules
-var enums = __webpack_require__(6425);
+// EXTERNAL MODULE: ../../libs/common/src/platform/enums/index.ts + 7 modules
+var enums = __webpack_require__(5874);
 ;// ../../libs/common/src/platform/misc/convert-values.ts
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
@@ -59837,17 +60229,41 @@ var key_service_awaiter = (undefined && undefined.__awaiter) || function (thisAr
 // @ts-strict-ignore
 
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
 
 class DefaultKeyService {
@@ -60556,7 +60972,7 @@ class DefaultKeyService {
             if (encryptedPrivateKey == null) {
                 return null;
             }
-            return (yield this.encryptService.decryptToBytes(new enc_string/* EncString */.k(encryptedPrivateKey), key));
+            return (yield this.encryptService.decryptToBytes(new enc_string/* EncString */.k(encryptedPrivateKey), key, "Content: Encrypted Private Key"));
         });
     }
     providerKeys$(userId) {
@@ -60665,6 +61081,8 @@ var KdfType;
 })(KdfType || (KdfType = {}));
 
 ;// ../../libs/key-management/src/models/kdf-config.ts
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
 
 /**
@@ -60763,6 +61181,8 @@ var kdf_config_service_awaiter = (undefined && undefined.__awaiter) || function
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 
+// FIXME: remove `src` and fix import
+// eslint-disable-next-line no-restricted-imports
 
 
 
@@ -60852,11 +61272,21 @@ class DefaultUserAsymmetricKeysRegenerationService {
     }
     shouldRegenerate(userId) {
         return default_user_asymmetric_key_regeneration_service_awaiter(this, void 0, void 0, function* () {
-            const [userKey, userKeyEncryptedPrivateKey, publicKeyResponse] = yield firstValueFrom(combineLatest([
-                this.keyService.userKey$(userId),
+            const userKey = yield firstValueFrom(this.keyService.userKey$(userId));
+            // For SSO logins from untrusted devices, the userKey will not be available, and the private key regeneration process should be skipped.
+            // In such cases, regeneration will occur on the following device login flow.
+            if (!userKey) {
+                this.logService.info("[UserAsymmetricKeyRegeneration] User symmetric key unavailable, skipping regeneration for the user.");
+                return false;
+            }
+            const [userKeyEncryptedPrivateKey, publicKeyResponse] = yield firstValueFrom(combineLatest([
                 this.keyService.userEncryptedPrivateKey$(userId),
                 this.apiService.getUserPublicKey(userId),
             ]));
+            if (!userKeyEncryptedPrivateKey || !publicKeyResponse) {
+                this.logService.warning("[UserAsymmetricKeyRegeneration] User's asymmetric key initialization data is unavailable, skipping regeneration.");
+                return false;
+            }
             const verificationResponse = yield firstValueFrom(this.sdkService.client$.pipe(map((sdk) => {
                 if (sdk === undefined) {
                     throw new Error("SDK is undefined");
@@ -60977,6 +61407,8 @@ class DefaultUserAsymmetricKeysRegenerationApiService {
 
 
 
+
+
 /***/ }),
 
 /***/ 3582:
@@ -61033,7 +61465,7 @@ class NodeUtils {
 
 /***/ }),
 
-/***/ 5696:
+/***/ 8248:
 /***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
 
 
@@ -61048,12 +61480,6 @@ const external_crypto_namespaceObject = require("crypto");
 const external_node_forge_namespaceObject = require("node-forge");
 // EXTERNAL MODULE: ../../libs/common/src/platform/misc/utils.ts + 2 modules
 var utils = __webpack_require__(6948);
-;// ../../libs/common/src/platform/models/domain/decrypt-parameters.ts
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-class DecryptParameters {
-}
-
 ;// ../../libs/node/src/services/node-crypto-function.service.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -61064,9 +61490,6 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-
 
 
 
@@ -61189,7 +61612,7 @@ class NodeCryptoFunctionService {
         return Promise.resolve(this.toUint8Buffer(encBuf));
     }
     aesDecryptFastParameters(data, iv, mac, key) {
-        const p = new DecryptParameters();
+        const p = {};
         p.encKey = key.encKey;
         p.data = utils/* Utils */.A.fromB64ToArray(data);
         p.iv = utils/* Utils */.A.fromB64ToArray(iv);
@@ -61205,15 +61628,16 @@ class NodeCryptoFunctionService {
         }
         return p;
     }
-    aesDecryptFast(parameters, mode) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const decBuf = yield this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey, mode);
+    aesDecryptFast(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ mode, parameters, }) {
+            const iv = mode === "cbc" ? parameters.iv : null;
+            const decBuf = yield this.aesDecrypt(parameters.data, iv, parameters.encKey, mode);
             return utils/* Utils */.A.fromBufferToUtf8(decBuf);
         });
     }
     aesDecrypt(data, iv, key, mode) {
         const nodeData = this.toNodeBuffer(data);
-        const nodeIv = mode === "ecb" ? null : this.toNodeBuffer(iv);
+        const nodeIv = this.toNodeBufferOrNull(iv);
         const nodeKey = this.toNodeBuffer(key);
         const decipher = external_crypto_namespaceObject.createDecipheriv(this.toNodeCryptoAesMode(mode), nodeKey, nodeIv);
         const decBuf = Buffer.concat([decipher.update(nodeData), decipher.final()]);
@@ -61297,6 +61721,12 @@ class NodeCryptoFunctionService {
     toNodeBuffer(value) {
         return Buffer.from(value);
     }
+    toNodeBufferOrNull(value) {
+        if (value == null) {
+            return null;
+        }
+        return this.toNodeBuffer(value);
+    }
     toUint8Buffer(value) {
         let buf;
         if (typeof value === "string") {
@@ -61437,8 +61867,8 @@ var enums = __webpack_require__(8713);
 var cipher_data = __webpack_require__(847);
 // EXTERNAL MODULE: ../../libs/common/src/vault/models/domain/cipher.ts
 var domain_cipher = __webpack_require__(3481);
-// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 17 modules
-var src = __webpack_require__(8614);
+// EXTERNAL MODULE: ../../libs/key-management/src/index.ts + 20 modules
+var src = __webpack_require__(5907);
 ;// ../../libs/tools/export/vault-export/vault-export-core/src/services/base-vault-export.service.ts
 var base_vault_export_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -61779,6 +62209,7 @@ class IndividualVaultExportService extends BaseVaultExportService {
         this.cipherService = cipherService;
         this.keyService = keyService;
         this.accountService = accountService;
+        this.activeUserId$ = this.accountService.activeAccount$.pipe((0,external_rxjs_.map)((a) => a === null || a === void 0 ? void 0 : a.id));
     }
     getExport() {
         return individual_vault_export_service_awaiter(this, arguments, void 0, function* (format = "csv") {
@@ -61799,7 +62230,8 @@ class IndividualVaultExportService extends BaseVaultExportService {
             let decFolders = [];
             let decCiphers = [];
             const promises = [];
-            promises.push(this.folderService.getAllDecryptedFromState().then((folders) => {
+            const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.activeUserId$);
+            promises.push((0,external_rxjs_.firstValueFrom)(this.folderService.folderViews$(activeUserId)).then((folders) => {
                 decFolders = folders;
             }));
             promises.push(this.cipherService.getAllDecrypted().then((ciphers) => {
@@ -61817,15 +62249,15 @@ class IndividualVaultExportService extends BaseVaultExportService {
             let folders = [];
             let ciphers = [];
             const promises = [];
-            promises.push(this.folderService.getAllFromState().then((f) => {
+            const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.activeUserId$);
+            promises.push((0,external_rxjs_.firstValueFrom)(this.folderService.folders$(activeUserId)).then((f) => {
                 folders = f;
             }));
             promises.push(this.cipherService.getAll().then((c) => {
                 ciphers = c.filter((f) => f.deletedDate == null);
             }));
             yield Promise.all(promises);
-            const activeUserId = yield (0,external_rxjs_.firstValueFrom)(this.accountService.activeAccount$.pipe((0,external_rxjs_.map)((a) => a === null || a === void 0 ? void 0 : a.id)));
-            const userKey = yield this.keyService.getUserKeyWithLegacySupport(activeUserId);
+            const userKey = yield this.keyService.getUserKeyWithLegacySupport(yield (0,external_rxjs_.firstValueFrom)(this.activeUserId$));
             const encKeyValidation = yield this.encryptService.encrypt(utils/* Utils */.A.newGuid(), userKey);
             const jsonDoc = {
                 encrypted: true,
@@ -63592,6 +64024,7 @@ const PASSPHRASE = Object.freeze({
     generateKey: "generatePassphrase",
     generatedValueKey: "passphrase",
     copyKey: "copyPassphrase",
+    useGeneratedValueKey: "useThisPassphrase",
     onlyOnRequest: false,
     request: [],
     engine: {
@@ -63646,6 +64079,7 @@ const PASSWORD = Object.freeze({
     generateKey: "generatePassword",
     generatedValueKey: "password",
     copyKey: "copyPassword",
+    useGeneratedValueKey: "useThisPassword",
     onlyOnRequest: false,
     request: [],
     engine: {
@@ -63717,6 +64151,7 @@ const USERNAME = Object.freeze({
     generateKey: "generateUsername",
     generatedValueKey: "username",
     copyKey: "copyUsername",
+    useGeneratedValueKey: "useThisUsername",
     onlyOnRequest: false,
     request: [],
     engine: {
@@ -63765,6 +64200,7 @@ const CATCHALL = Object.freeze({
     generateKey: "generateEmail",
     generatedValueKey: "email",
     copyKey: "copyEmail",
+    useGeneratedValueKey: "useThisEmail",
     onlyOnRequest: false,
     request: [],
     engine: {
@@ -63816,6 +64252,7 @@ const SUBADDRESS = Object.freeze({
     generateKey: "generateEmail",
     generatedValueKey: "email",
     copyKey: "copyEmail",
+    useGeneratedValueKey: "useThisEmail",
     onlyOnRequest: false,
     request: [],
     engine: {
@@ -63868,6 +64305,7 @@ function generators_toCredentialGeneratorConfiguration(configuration) {
         generateKey: "generateEmail",
         generatedValueKey: "email",
         copyKey: "copyEmail",
+        useGeneratedValueKey: "useThisEmail",
         onlyOnRequest: true,
         request: configuration.forwarder.request,
         engine: {
@@ -65398,6 +65836,7 @@ class CredentialGeneratorService {
             generate: this.i18nService.t(generator.generateKey),
             generatedValue: this.i18nService.t(generator.generatedValueKey),
             copy: this.i18nService.t(generator.copyKey),
+            useGeneratedValue: this.i18nService.t(generator.useGeneratedValueKey),
             onlyOnRequest: generator.onlyOnRequest,
             request: generator.request,
         };
@@ -67276,7 +67715,7 @@ module.exports = require("path");
 /***/ 8330:
 /***/ ((module) => {
 
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2025.1.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"SEE LICENSE IN LICENSE.txt","scripts":{"clean":"rimraf dist","build:oss":"cross-env NODE_OPTIONS=\\"--max-old-space-size=8192\\" webpack","build:oss:debug":"npm run build:oss && node --inspect ./build/bw.js","build:oss:watch":"webpack --watch","build:oss:prod":"cross-env NODE_ENV=production webpack","build:oss:prod:watch":"cross-env NODE_ENV=production webpack --watch","debug":"node --inspect ./build/bw.js","publish:npm":"npm run build:oss:prod && npm publish --access public","build:bit":"cross-env NODE_OPTIONS=\\"--max-old-space-size=8192\\" webpack -c ../../bitwarden_license/bit-cli/webpack.config.js","build:bit:debug":"npm run build:bit && node --inspect ./build/bw.js","build:bit:watch":"webpack --watch -c ../../bitwarden_license/bit-cli/webpack.config.js","build:bit:prod":"cross-env NODE_ENV=production npm run build:bit","build:bit:prod:watch":"cross-env NODE_ENV=production npm run build:bit:watch","dist:oss:win":"npm run build:oss:prod && npm run clean && npm run package:oss:win","dist:oss:mac":"npm run build:oss:prod && npm run clean && npm run package:oss:mac","dist:oss:lin":"npm run build:oss:prod && npm run clean && npm run package:oss:lin","dist:bit:win":"npm run build:bit:prod && npm run clean && npm run package:bit:win","dist:bit:mac":"npm run build:bit:prod && npm run clean && npm run package:bit:mac","dist:bit:lin":"npm run build:bit:prod && npm run clean && npm run package:bit:lin","package:oss:win":"pkg . --targets win-x64 --output ./dist/oss/windows/bw.exe","package:oss:mac":"pkg . --targets macos-x64 --output ./dist/oss/macos/bw","package:oss:lin":"pkg . --targets linux-x64 --output ./dist/oss/linux/bw","package:bit:win":"pkg . --targets win-x64 --output ./dist/bit/windows/bw.exe","package:bit:mac":"pkg . --targets macos-x64 --output ./dist/bit/macos/bw","package:bit:lin":"pkg . --targets linux-x64 --output ./dist/bit/linux/bw","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"13.1.0","argon2":"0.41.1","big-integer":"1.6.52","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"11.1.0","form-data":"4.0.0","https-proxy-agent":"7.0.5","inquirer":"8.2.6","jsdom":"25.0.1","jszip":"3.10.1","koa":"2.15.3","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.1.69","zxcvbn":"4.4.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2025.1.2","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"SEE LICENSE IN LICENSE.txt","scripts":{"clean":"rimraf dist","build:oss":"cross-env NODE_OPTIONS=\\"--max-old-space-size=8192\\" webpack","build:oss:debug":"npm run build:oss && node --inspect ./build/bw.js","build:oss:watch":"webpack --watch","build:oss:prod":"cross-env NODE_ENV=production webpack","build:oss:prod:watch":"cross-env NODE_ENV=production webpack --watch","debug":"node --inspect ./build/bw.js","publish:npm":"npm run build:oss:prod && npm publish --access public","build:bit":"cross-env NODE_OPTIONS=\\"--max-old-space-size=8192\\" webpack -c ../../bitwarden_license/bit-cli/webpack.config.js","build:bit:debug":"npm run build:bit && node --inspect ./build/bw.js","build:bit:watch":"webpack --watch -c ../../bitwarden_license/bit-cli/webpack.config.js","build:bit:prod":"cross-env NODE_ENV=production npm run build:bit","build:bit:prod:watch":"cross-env NODE_ENV=production npm run build:bit:watch","dist:oss:win":"npm run build:oss:prod && npm run clean && npm run package:oss:win","dist:oss:mac":"npm run build:oss:prod && npm run clean && npm run package:oss:mac","dist:oss:lin":"npm run build:oss:prod && npm run clean && npm run package:oss:lin","dist:bit:win":"npm run build:bit:prod && npm run clean && npm run package:bit:win","dist:bit:mac":"npm run build:bit:prod && npm run clean && npm run package:bit:mac","dist:bit:lin":"npm run build:bit:prod && npm run clean && npm run package:bit:lin","package:oss:win":"pkg . --targets win-x64 --output ./dist/oss/windows/bw.exe","package:oss:mac":"pkg . --targets macos-x64 --output ./dist/oss/macos/bw","package:oss:lin":"pkg . --targets linux-x64 --output ./dist/oss/linux/bw","package:bit:win":"pkg . --targets win-x64 --output ./dist/bit/windows/bw.exe","package:bit:mac":"pkg . --targets macos-x64 --output ./dist/bit/macos/bw","package:bit:lin":"pkg . --targets linux-x64 --output ./dist/bit/linux/bw","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"13.1.0","argon2":"0.41.1","big-integer":"1.6.52","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"11.1.0","form-data":"4.0.0","https-proxy-agent":"7.0.5","inquirer":"8.2.6","jsdom":"25.0.1","jszip":"3.10.1","koa":"2.15.3","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.1.71","zxcvbn":"4.4.2"}}');
 
 /***/ }),