@bitwarden/commercial-sdk-internal 0.2.0-main.410 → 0.2.0-main.412

package/bitwarden_wasm_internal.d.ts

@@ -1,17 +1,5 @@
 /* tslint:disable */
 /* eslint-disable */
-export function init_sdk(log_level?: LogLevel | null): void;
-/**
- * Generate a new SSH key pair
- *
- * # Arguments
- * - `key_algorithm` - The algorithm to use for the key pair
- *
- * # Returns
- * - `Ok(SshKey)` if the key was successfully generated
- * - `Err(KeyGenerationError)` if the key could not be generated
- */
-export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
 /**
  * Convert a PCKS8 or OpenSSH encrypted or unencrypted private key
  * to an OpenSSH private key with public key and fingerprint
@@ -29,12 +17,17 @@ export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
  */
 export function import_ssh_key(imported_key: string, password?: string | null): SshKeyView;
 /**
- * Registers a DiscoverHandler so that the client can respond to DiscoverRequests.
+ * Generate a new SSH key pair
+ *
+ * # Arguments
+ * - `key_algorithm` - The algorithm to use for the key pair
+ *
+ * # Returns
+ * - `Ok(SshKey)` if the key was successfully generated
+ * - `Err(KeyGenerationError)` if the key could not be generated
  */
-export function ipcRegisterDiscoverHandler(
-  ipc_client: IpcClient,
-  response: DiscoverResponse,
-): Promise<void>;
+export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
+export function init_sdk(log_level?: LogLevel | null): void;
 /**
  * Sends a DiscoverRequest to the specified destination and returns the response.
  */
@@ -43,6 +36,13 @@ export function ipcRequestDiscover(
   destination: Endpoint,
   abort_signal?: AbortSignal | null,
 ): Promise<DiscoverResponse>;
+/**
+ * Registers a DiscoverHandler so that the client can respond to DiscoverRequests.
+ */
+export function ipcRegisterDiscoverHandler(
+  ipc_client: IpcClient,
+  response: DiscoverResponse,
+): Promise<void>;
 export enum CardLinkedIdType {
   CardholderName = 300,
   ExpMonth = 301,
@@ -133,11 +133,6 @@ export enum UriMatchType {
   Never = 5,
 }
 
-/**
- * @deprecated Use PasswordManagerClient instead
- */
-export type BitwardenClient = PasswordManagerClient;
-
 import { Tagged } from "type-fest";
 
 /**
@@ -163,6 +158,17 @@ export type Utc = unknown;
  */
 export type NonZeroU32 = number;
 
+/**
+ * @deprecated Use PasswordManagerClient instead
+ */
+export type BitwardenClient = PasswordManagerClient;
+
+export interface TestError extends Error {
+  name: "TestError";
+}
+
+export function isTestError(error: any): error is TestError;
+
 export interface Repository<T> {
   get(id: string): Promise<T | null>;
   list(): Promise<T[]>;
@@ -174,11 +180,6 @@ export interface TokenProvider {
   get_access_token(): Promise<string | undefined>;
 }
 
-/**
- * Active feature flags for the SDK.
- */
-export interface FeatureFlags extends Map<string, boolean> {}
-
 export interface Repositories {
   cipher: Repository<Cipher> | null;
   folder: Repository<Folder> | null;
@@ -188,62 +189,69 @@ export interface IndexedDbConfiguration {
   db_name: string;
 }
 
-export interface TestError extends Error {
-  name: "TestError";
-}
+/**
+ * Active feature flags for the SDK.
+ */
+export interface FeatureFlags extends Map<string, boolean> {}
 
-export function isTestError(error: any): error is TestError;
+/**
+ * Credentials for getting a send access token using an email and OTP.
+ */
+export interface SendEmailOtpCredentials {
+  /**
+   * The email address to which the OTP will be sent.
+   */
+  email: string;
+  /**
+   * The one-time password (OTP) that the user has received via email.
+   */
+  otp: string;
+}
 
 /**
- * Represents the possible, expected errors that can occur when requesting a send access token.
+ * Credentials for sending password secured access requests.
+ * Clone auto implements the standard lib\'s Clone trait, allowing us to create copies of this
+ * struct.
  */
-export type SendAccessTokenApiErrorResponse =
-  | {
-      error: "invalid_request";
-      error_description?: string;
-      send_access_error_type?: SendAccessTokenInvalidRequestError;
-    }
-  | {
-      error: "invalid_grant";
-      error_description?: string;
-      send_access_error_type?: SendAccessTokenInvalidGrantError;
-    }
-  | { error: "invalid_client"; error_description?: string }
-  | { error: "unauthorized_client"; error_description?: string }
-  | { error: "unsupported_grant_type"; error_description?: string }
-  | { error: "invalid_scope"; error_description?: string }
-  | { error: "invalid_target"; error_description?: string };
+export interface SendPasswordCredentials {
+  /**
+   * A Base64-encoded hash of the password protecting the send.
+   */
+  passwordHashB64: string;
+}
 
 /**
- * Invalid grant errors - typically due to invalid credentials.
+ * Credentials for sending an OTP to the user\'s email address.
+ * This is used when the send requires email verification with an OTP.
  */
-export type SendAccessTokenInvalidGrantError =
-  | "send_id_invalid"
-  | "password_hash_b64_invalid"
-  | "email_invalid"
-  | "otp_invalid"
-  | "otp_generation_failed"
-  | "unknown";
+export interface SendEmailCredentials {
+  /**
+   * The email address to which the OTP will be sent.
+   */
+  email: string;
+}
 
 /**
- * Invalid request errors - typically due to missing parameters.
+ * The credentials used for send access requests.
  */
-export type SendAccessTokenInvalidRequestError =
-  | "send_id_required"
-  | "password_hash_b64_required"
-  | "email_required"
-  | "email_and_otp_required_otp_sent"
-  | "unknown";
+export type SendAccessCredentials =
+  | SendPasswordCredentials
+  | SendEmailOtpCredentials
+  | SendEmailCredentials;
 
 /**
- * Any unexpected error that occurs when making requests to identity. This could be
- * local/transport/decoding failure from the HTTP client (DNS/TLS/connect/read timeout,
- * connection reset, or JSON decode failure on a success response) or non-2xx response with an
- * unexpected body or status. Used when decoding the server\'s error payload into
- * `SendAccessTokenApiErrorResponse` fails, or for 5xx responses where no structured error is
- * available.
+ * A request structure for requesting a send access token from the API.
  */
-export type UnexpectedIdentityError = string;
+export interface SendAccessTokenRequest {
+  /**
+   * The id of the send for which the access token is requested.
+   */
+  sendId: string;
+  /**
+   * The optional send access credentials.
+   */
+  sendAccessCredentials?: SendAccessCredentials;
+}
 
 /**
  * Represents errors that can occur when requesting a send access token.
@@ -268,96 +276,88 @@ export interface SendAccessTokenResponse {
 }
 
 /**
- * A request structure for requesting a send access token from the API.
- */
-export interface SendAccessTokenRequest {
-  /**
-   * The id of the send for which the access token is requested.
-   */
-  sendId: string;
-  /**
-   * The optional send access credentials.
-   */
-  sendAccessCredentials?: SendAccessCredentials;
-}
-
-/**
- * The credentials used for send access requests.
+ * Any unexpected error that occurs when making requests to identity. This could be
+ * local/transport/decoding failure from the HTTP client (DNS/TLS/connect/read timeout,
+ * connection reset, or JSON decode failure on a success response) or non-2xx response with an
+ * unexpected body or status. Used when decoding the server\'s error payload into
+ * `SendAccessTokenApiErrorResponse` fails, or for 5xx responses where no structured error is
+ * available.
  */
-export type SendAccessCredentials =
-  | SendPasswordCredentials
-  | SendEmailOtpCredentials
-  | SendEmailCredentials;
+export type UnexpectedIdentityError = string;
 
 /**
- * Credentials for getting a send access token using an email and OTP.
+ * Invalid request errors - typically due to missing parameters.
  */
-export interface SendEmailOtpCredentials {
-  /**
-   * The email address to which the OTP will be sent.
-   */
-  email: string;
-  /**
-   * The one-time password (OTP) that the user has received via email.
-   */
-  otp: string;
-}
+export type SendAccessTokenInvalidRequestError =
+  | "send_id_required"
+  | "password_hash_b64_required"
+  | "email_required"
+  | "email_and_otp_required_otp_sent"
+  | "unknown";
 
 /**
- * Credentials for sending an OTP to the user\'s email address.
- * This is used when the send requires email verification with an OTP.
+ * Invalid grant errors - typically due to invalid credentials.
  */
-export interface SendEmailCredentials {
-  /**
-   * The email address to which the OTP will be sent.
-   */
-  email: string;
-}
+export type SendAccessTokenInvalidGrantError =
+  | "send_id_invalid"
+  | "password_hash_b64_invalid"
+  | "email_invalid"
+  | "otp_invalid"
+  | "otp_generation_failed"
+  | "unknown";
 
 /**
- * Credentials for sending password secured access requests.
- * Clone auto implements the standard lib\'s Clone trait, allowing us to create copies of this
- * struct.
+ * Represents the possible, expected errors that can occur when requesting a send access token.
  */
-export interface SendPasswordCredentials {
-  /**
-   * A Base64-encoded hash of the password protecting the send.
-   */
-  passwordHashB64: string;
-}
+export type SendAccessTokenApiErrorResponse =
+  | {
+      error: "invalid_request";
+      error_description?: string;
+      send_access_error_type?: SendAccessTokenInvalidRequestError;
+    }
+  | {
+      error: "invalid_grant";
+      error_description?: string;
+      send_access_error_type?: SendAccessTokenInvalidGrantError;
+    }
+  | { error: "invalid_client"; error_description?: string }
+  | { error: "unauthorized_client"; error_description?: string }
+  | { error: "unsupported_grant_type"; error_description?: string }
+  | { error: "invalid_scope"; error_description?: string }
+  | { error: "invalid_target"; error_description?: string };
 
 /**
- * NewType wrapper for `CollectionId`
+ * Type of collection
  */
-export type CollectionId = Tagged<Uuid, "CollectionId">;
+export type CollectionType = "SharedCollection" | "DefaultUserCollection";
 
-export interface Collection {
+export interface CollectionView {
   id: CollectionId | undefined;
   organizationId: OrganizationId;
-  name: EncString;
+  name: string;
   externalId: string | undefined;
   hidePasswords: boolean;
   readOnly: boolean;
   manage: boolean;
-  defaultUserCollectionEmail: string | undefined;
   type: CollectionType;
 }
 
-export interface CollectionView {
+export interface Collection {
   id: CollectionId | undefined;
   organizationId: OrganizationId;
-  name: string;
+  name: EncString;
   externalId: string | undefined;
   hidePasswords: boolean;
   readOnly: boolean;
   manage: boolean;
+  defaultUserCollectionEmail: string | undefined;
   type: CollectionType;
 }
 
 /**
- * Type of collection
+ * NewType wrapper for `CollectionId`
  */
-export type CollectionType = "SharedCollection" | "DefaultUserCollection";
+export type CollectionId = Tagged<Uuid, "CollectionId">;
 
 export interface CollectionDecryptError extends Error {
   name: "CollectionDecryptError";
@@ -366,128 +366,76 @@ export interface CollectionDecryptError extends Error {
 
 export function isCollectionDecryptError(error: any): error is CollectionDecryptError;
 
+export type SignedSecurityState = string;
+
 /**
- * State used for initializing the user cryptographic state.
+ * Represents the data required to unlock with the master password.
  */
-export interface InitUserCryptoRequest {
-  /**
-   * The user\'s ID.
-   */
-  userId: UserId | undefined;
-  /**
-   * The user\'s KDF parameters, as received from the prelogin request
-   */
-  kdfParams: Kdf;
+export interface MasterPasswordUnlockData {
   /**
-   * The user\'s email address
+   * The key derivation function used to derive the master key
    */
-  email: string;
+  kdf: Kdf;
   /**
-   * The user\'s account cryptographic state, containing their signature and
-   * public-key-encryption keys, along with the signed security state, protected by the user key
+   * The master key wrapped user key
    */
-  accountCryptographicState: WrappedAccountCryptographicState;
+  masterKeyWrappedUserKey: EncString;
   /**
-   * The method to decrypt the user\'s account symmetric key (user key)
+   * The salt used in the KDF, typically the user\'s email
    */
-  method: InitUserCryptoMethod;
+  salt: string;
 }
 
-/**
- * The crypto method used to initialize the user cryptographic state.
- */
-export type InitUserCryptoMethod =
-  | { password: { password: string; user_key: EncString } }
-  | { masterPasswordUnlock: { password: string; master_password_unlock: MasterPasswordUnlockData } }
-  | { decryptedKey: { decrypted_user_key: string } }
-  | { pin: { pin: string; pin_protected_user_key: EncString } }
-  | { pinEnvelope: { pin: string; pin_protected_user_key_envelope: PasswordProtectedKeyEnvelope } }
-  | { authRequest: { request_private_key: B64; method: AuthRequestMethod } }
-  | {
-      deviceKey: {
-        device_key: string;
-        protected_device_private_key: EncString;
-        device_protected_user_key: UnsignedSharedKey;
-      };
-    }
-  | { keyConnector: { master_key: B64; user_key: EncString } };
-
-/**
- * Auth requests supports multiple initialization methods.
- */
-export type AuthRequestMethod =
-  | { userKey: { protected_user_key: UnsignedSharedKey } }
-  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
-
-/**
- * Represents the request to initialize the user\'s organizational cryptographic state.
- */
-export interface InitOrgCryptoRequest {
-  /**
-   * The encryption keys for all the organizations the user is a part of
-   */
-  organizationKeys: Map<OrganizationId, UnsignedSharedKey>;
+export interface MasterPasswordError extends Error {
+  name: "MasterPasswordError";
+  variant:
+    | "EncryptionKeyMalformed"
+    | "KdfMalformed"
+    | "InvalidKdfConfiguration"
+    | "MissingField"
+    | "Crypto";
 }
 
-/**
- * Response from the `update_kdf` function
- */
-export interface UpdateKdfResponse {
-  /**
-   * The authentication data for the new KDF setting
-   */
-  masterPasswordAuthenticationData: MasterPasswordAuthenticationData;
-  /**
-   * The unlock data for the new KDF setting
-   */
-  masterPasswordUnlockData: MasterPasswordUnlockData;
-  /**
-   * The authentication data for the KDF setting prior to the change
-   */
-  oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
-}
+export function isMasterPasswordError(error: any): error is MasterPasswordError;
 
 /**
- * Response from the `make_update_password` function
+ * Represents the data required to authenticate with the master password.
  */
-export interface UpdatePasswordResponse {
-  /**
-   * Hash of the new password
-   */
-  passwordHash: B64;
-  /**
-   * User key, encrypted with the new password
-   */
-  newKey: EncString;
+export interface MasterPasswordAuthenticationData {
+  kdf: Kdf;
+  salt: string;
+  masterPasswordAuthenticationHash: B64;
 }
 
-/**
- * Request for deriving a pin protected user key
- */
-export interface EnrollPinResponse {
-  /**
-   * [UserKey] protected by PIN
-   */
-  pinProtectedUserKeyEnvelope: PasswordProtectedKeyEnvelope;
-  /**
-   * PIN protected by [UserKey]
-   */
-  userKeyEncryptedPin: EncString;
+export interface AccountCryptographyInitializationError extends Error {
+  name: "AccountCryptographyInitializationError";
+  variant:
+    | "WrongUserKeyType"
+    | "WrongUserKey"
+    | "CorruptData"
+    | "TamperedData"
+    | "KeyStoreAlreadyInitialized"
+    | "GenericCrypto";
 }
 
+export function isAccountCryptographyInitializationError(
+  error: any,
+): error is AccountCryptographyInitializationError;
+
 /**
- * Request for deriving a pin protected user key
+ * Any keys / cryptographic protection \"downstream\" from the account symmetric key (user key).
+ * Private keys are protected by the user key.
  */
-export interface DerivePinKeyResponse {
-  /**
-   * [UserKey] protected by PIN
-   */
-  pinProtectedUserKey: EncString;
-  /**
-   * PIN protected by [UserKey]
-   */
-  encryptedPin: EncString;
-}
+export type WrappedAccountCryptographicState =
+  | { V1: { private_key: EncString } }
+  | {
+      V2: {
+        private_key: EncString;
+        signed_public_key: SignedPublicKey | undefined;
+        signing_key: EncString;
+        security_state: SignedSecurityState;
+      };
+    };
 
 /**
  * Request for migrating an account from password to key connector.
@@ -512,27 +460,23 @@ export interface DeriveKeyConnectorRequest {
 }
 
 /**
- * Response from the `make_key_pair` function
+ * Request for deriving a pin protected user key
  */
-export interface MakeKeyPairResponse {
+export interface DerivePinKeyResponse {
   /**
-   * The user\'s public key
+   * [UserKey] protected by PIN
    */
-  userPublicKey: B64;
+  pinProtectedUserKey: EncString;
   /**
-   * User\'s private key, encrypted with the user key
+   * PIN protected by [UserKey]
    */
-  userKeyEncryptedPrivateKey: EncString;
+  encryptedPin: EncString;
 }
 
 /**
- * Request for `verify_asymmetric_keys`.
+ * Response from the `make_key_pair` function
  */
-export interface VerifyAsymmetricKeysRequest {
-  /**
-   * The user\'s user key
-   */
-  userKey: B64;
+export interface MakeKeyPairResponse {
   /**
    * The user\'s public key
    */
@@ -557,95 +501,128 @@ export interface VerifyAsymmetricKeysResponse {
   validPrivateKey: boolean;
 }
 
+export interface EnrollAdminPasswordResetError extends Error {
+  name: "EnrollAdminPasswordResetError";
+  variant: "Crypto";
+}
+
+export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
+
+export interface CryptoClientError extends Error {
+  name: "CryptoClientError";
+  variant: "NotAuthenticated" | "Crypto" | "InvalidKdfSettings" | "PasswordProtectedKeyEnvelope";
+}
+
+export function isCryptoClientError(error: any): error is CryptoClientError;
+
 /**
- * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
+ * Request for deriving a pin protected user key
  */
-export interface UserCryptoV2KeysResponse {
-  /**
-   * User key
-   */
-  userKey: B64;
+export interface EnrollPinResponse {
   /**
-   * Wrapped private key
+   * [UserKey] protected by PIN
    */
-  privateKey: EncString;
+  pinProtectedUserKeyEnvelope: PasswordProtectedKeyEnvelope;
   /**
-   * Public key
+   * PIN protected by [UserKey]
    */
-  publicKey: B64;
+  userKeyEncryptedPin: EncString;
+}
+
+/**
+ * State used for initializing the user cryptographic state.
+ */
+export interface InitUserCryptoRequest {
   /**
-   * The user\'s public key, signed by the signing key
+   * The user\'s ID.
    */
-  signedPublicKey: SignedPublicKey;
+  userId: UserId | undefined;
   /**
-   * Signing key, encrypted with the user\'s symmetric key
+   * The user\'s KDF parameters, as received from the prelogin request
    */
-  signingKey: EncString;
+  kdfParams: Kdf;
   /**
-   * Base64 encoded verifying key
+   * The user\'s email address
    */
-  verifyingKey: B64;
+  email: string;
   /**
-   * The user\'s signed security state
+   * The user\'s account cryptographic state, containing their signature and
+   * public-key-encryption keys, along with the signed security state, protected by the user key
    */
-  securityState: SignedSecurityState;
+  accountCryptographicState: WrappedAccountCryptographicState;
   /**
-   * The security state\'s version
+   * The method to decrypt the user\'s account symmetric key (user key)
    */
-  securityVersion: number;
+  method: InitUserCryptoMethod;
 }
 
 /**
- * Represents the data required to unlock with the master password.
+ * Request for `verify_asymmetric_keys`.
  */
-export interface MasterPasswordUnlockData {
+export interface VerifyAsymmetricKeysRequest {
   /**
-   * The key derivation function used to derive the master key
+   * The user\'s user key
    */
-  kdf: Kdf;
+  userKey: B64;
   /**
-   * The master key wrapped user key
+   * The user\'s public key
    */
-  masterKeyWrappedUserKey: EncString;
+  userPublicKey: B64;
   /**
-   * The salt used in the KDF, typically the user\'s email
+   * User\'s private key, encrypted with the user key
    */
-  salt: string;
+  userKeyEncryptedPrivateKey: EncString;
 }
 
 /**
- * Represents the data required to authenticate with the master password.
+ * Response from the `make_update_password` function
  */
-export interface MasterPasswordAuthenticationData {
-  kdf: Kdf;
-  salt: string;
-  masterPasswordAuthenticationHash: B64;
+export interface UpdatePasswordResponse {
+  /**
+   * Hash of the new password
+   */
+  passwordHash: B64;
+  /**
+   * User key, encrypted with the new password
+   */
+  newKey: EncString;
 }
 
-export type SignedSecurityState = string;
-
 /**
- * NewType wrapper for `UserId`
+ * Represents the request to initialize the user\'s organizational cryptographic state.
  */
-export type UserId = Tagged<Uuid, "UserId">;
+export interface InitOrgCryptoRequest {
+  /**
+   * The encryption keys for all the organizations the user is a part of
+   */
+  organizationKeys: Map<OrganizationId, UnsignedSharedKey>;
+}
 
 /**
- * NewType wrapper for `OrganizationId`
+ * Auth requests supports multiple initialization methods.
  */
-export type OrganizationId = Tagged<Uuid, "OrganizationId">;
+export type AuthRequestMethod =
+  | { userKey: { protected_user_key: UnsignedSharedKey } }
+  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
 
-export interface MasterPasswordError extends Error {
-  name: "MasterPasswordError";
-  variant:
-    | "EncryptionKeyMalformed"
-    | "KdfMalformed"
-    | "InvalidKdfConfiguration"
-    | "MissingField"
-    | "Crypto";
+/**
+ * Response from the `update_kdf` function
+ */
+export interface UpdateKdfResponse {
+  /**
+   * The authentication data for the new KDF setting
+   */
+  masterPasswordAuthenticationData: MasterPasswordAuthenticationData;
+  /**
+   * The unlock data for the new KDF setting
+   */
+  masterPasswordUnlockData: MasterPasswordUnlockData;
+  /**
+   * The authentication data for the KDF setting prior to the change
+   */
+  oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
 }
 
-export function isMasterPasswordError(error: any): error is MasterPasswordError;
-
 export interface DeriveKeyConnectorError extends Error {
   name: "DeriveKeyConnectorError";
   variant: "WrongPassword" | "Crypto";
@@ -653,49 +630,72 @@ export interface DeriveKeyConnectorError extends Error {
 
 export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
 
-export interface EnrollAdminPasswordResetError extends Error {
-  name: "EnrollAdminPasswordResetError";
-  variant: "Crypto";
-}
-
-export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
-
-export interface CryptoClientError extends Error {
-  name: "CryptoClientError";
-  variant: "NotAuthenticated" | "Crypto" | "InvalidKdfSettings" | "PasswordProtectedKeyEnvelope";
-}
-
-export function isCryptoClientError(error: any): error is CryptoClientError;
-
 /**
- * Any keys / cryptographic protection \"downstream\" from the account symmetric key (user key).
- * Private keys are protected by the user key.
+ * The crypto method used to initialize the user cryptographic state.
  */
-export type WrappedAccountCryptographicState =
-  | { V1: { private_key: EncString } }
+export type InitUserCryptoMethod =
+  | { password: { password: string; user_key: EncString } }
+  | { masterPasswordUnlock: { password: string; master_password_unlock: MasterPasswordUnlockData } }
+  | { decryptedKey: { decrypted_user_key: string } }
+  | { pin: { pin: string; pin_protected_user_key: EncString } }
+  | { pinEnvelope: { pin: string; pin_protected_user_key_envelope: PasswordProtectedKeyEnvelope } }
+  | { authRequest: { request_private_key: B64; method: AuthRequestMethod } }
   | {
-      V2: {
-        private_key: EncString;
-        signed_public_key: SignedPublicKey | undefined;
-        signing_key: EncString;
-        security_state: SignedSecurityState;
+      deviceKey: {
+        device_key: string;
+        protected_device_private_key: EncString;
+        device_protected_user_key: UnsignedSharedKey;
       };
-    };
+    }
+  | { keyConnector: { master_key: B64; user_key: EncString } };
 
-export interface AccountCryptographyInitializationError extends Error {
-  name: "AccountCryptographyInitializationError";
-  variant:
-    | "WrongUserKeyType"
-    | "WrongUserKey"
-    | "CorruptData"
-    | "TamperedData"
-    | "KeyStoreAlreadyInitialized"
-    | "GenericCrypto";
+/**
+ * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
+ */
+export interface UserCryptoV2KeysResponse {
+  /**
+   * User key
+   */
+  userKey: B64;
+  /**
+   * Wrapped private key
+   */
+  privateKey: EncString;
+  /**
+   * Public key
+   */
+  publicKey: B64;
+  /**
+   * The user\'s public key, signed by the signing key
+   */
+  signedPublicKey: SignedPublicKey;
+  /**
+   * Signing key, encrypted with the user\'s symmetric key
+   */
+  signingKey: EncString;
+  /**
+   * Base64 encoded verifying key
+   */
+  verifyingKey: B64;
+  /**
+   * The user\'s signed security state
+   */
+  securityState: SignedSecurityState;
+  /**
+   * The security state\'s version
+   */
+  securityVersion: number;
 }
 
-export function isAccountCryptographyInitializationError(
-  error: any,
-): error is AccountCryptographyInitializationError;
+/**
+ * NewType wrapper for `OrganizationId`
+ */
+export type OrganizationId = Tagged<Uuid, "OrganizationId">;
+
+/**
+ * NewType wrapper for `UserId`
+ */
+export type UserId = Tagged<Uuid, "UserId">;
 
 export interface StatefulCryptoError extends Error {
   name: "StatefulCryptoError";
@@ -704,18 +704,6 @@ export interface StatefulCryptoError extends Error {
 
 export function isStatefulCryptoError(error: any): error is StatefulCryptoError;
 
-export interface EncryptionSettingsError extends Error {
-  name: "EncryptionSettingsError";
-  variant:
-    | "Crypto"
-    | "CryptoInitialization"
-    | "MissingPrivateKey"
-    | "UserIdAlreadySet"
-    | "WrongPin";
-}
-
-export function isEncryptionSettingsError(error: any): error is EncryptionSettingsError;
-
 export type DeviceType =
   | "Android"
   | "iOS"
@@ -786,21 +774,24 @@ export interface ClientSettings {
   bitwardenClientVersion?: string | undefined;
 }
 
+export interface EncryptionSettingsError extends Error {
+  name: "EncryptionSettingsError";
+  variant:
+    | "Crypto"
+    | "CryptoInitialization"
+    | "MissingPrivateKey"
+    | "UserIdAlreadySet"
+    | "WrongPin";
+}
+
+export function isEncryptionSettingsError(error: any): error is EncryptionSettingsError;
+
 export type UnsignedSharedKey = Tagged<string, "UnsignedSharedKey">;
 
 export type EncString = Tagged<string, "EncString">;
 
 export type SignedPublicKey = Tagged<string, "SignedPublicKey">;
 
-export type PasswordProtectedKeyEnvelope = Tagged<string, "PasswordProtectedKeyEnvelope">;
-
-export type DataEnvelope = Tagged<string, "DataEnvelope">;
-
-/**
- * The type of key / signature scheme used for signing and verifying.
- */
-export type SignatureAlgorithm = "ed25519";
-
 /**
  * Key Derivation Function for Bitwarden Account
  *
@@ -811,6 +802,10 @@ export type Kdf =
   | { pBKDF2: { iterations: NonZeroU32 } }
   | { argon2id: { iterations: NonZeroU32; memory: NonZeroU32; parallelism: NonZeroU32 } };
 
+export type DataEnvelope = Tagged<string, "DataEnvelope">;
+
+export type PasswordProtectedKeyEnvelope = Tagged<string, "PasswordProtectedKeyEnvelope">;
+
 export interface CryptoError extends Error {
   name: "CryptoError";
   variant:
@@ -843,6 +838,11 @@ export interface CryptoError extends Error {
 
 export function isCryptoError(error: any): error is CryptoError;
 
+/**
+ * The type of key / signature scheme used for signing and verifying.
+ */
+export type SignatureAlgorithm = "ed25519";
+
 /**
  * Base64 encoded data
  *
@@ -850,6 +850,8 @@ export function isCryptoError(error: any): error is CryptoError;
  */
 export type B64 = string;
 
+export type ExportFormat = "Csv" | "Json" | { EncryptedJson: { password: string } };
+
 /**
  * Temporary struct to hold metadata related to current account
  *
@@ -861,8 +863,6 @@ export interface Account {
   name: string | undefined;
 }
 
-export type ExportFormat = "Csv" | "Json" | { EncryptedJson: { password: string } };
-
 export interface ExportError extends Error {
   name: "ExportError";
   variant:
@@ -878,33 +878,38 @@ export interface ExportError extends Error {
 
 export function isExportError(error: any): error is ExportError;
 
-export type UsernameGeneratorRequest =
-  | { word: { capitalize: boolean; include_number: boolean } }
-  | { subaddress: { type: AppendType; email: string } }
-  | { catchall: { type: AppendType; domain: string } }
-  | { forwarded: { service: ForwarderServiceType; website: string | undefined } };
+export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
 
 /**
- * Configures the email forwarding service to use.
- * For instructions on how to configure each service, see the documentation:
- * <https://bitwarden.com/help/generator/#username-types>
+ * Passphrase generator request options.
  */
-export type ForwarderServiceType =
-  | { addyIo: { api_token: string; domain: string; base_url: string } }
-  | { duckDuckGo: { token: string } }
-  | { firefox: { api_token: string } }
-  | { fastmail: { api_token: string } }
-  | { forwardEmail: { api_token: string; domain: string } }
-  | { simpleLogin: { api_key: string; base_url: string } };
-
-export type AppendType = "random" | { websiteName: { website: string } };
+export interface PassphraseGeneratorRequest {
+  /**
+   * Number of words in the generated passphrase.
+   * This value must be between 3 and 20.
+   */
+  numWords: number;
+  /**
+   * Character separator between words in the generated passphrase. The value cannot be empty.
+   */
+  wordSeparator: string;
+  /**
+   * When set to true, capitalize the first letter of each word in the generated passphrase.
+   */
+  capitalize: boolean;
+  /**
+   * When set to true, include a number at the end of one of the words in the generated
+   * passphrase.
+   */
+  includeNumber: boolean;
+}
 
-export interface UsernameError extends Error {
-  name: "UsernameError";
-  variant: "InvalidApiKey" | "Unknown" | "ResponseContent" | "Reqwest";
+export interface PasswordError extends Error {
+  name: "PasswordError";
+  variant: "NoCharacterSetEnabled" | "InvalidLength";
 }
 
-export function isUsernameError(error: any): error is UsernameError;
+export function isPasswordError(error: any): error is PasswordError;
 
 /**
  * Password generator request options.
@@ -958,65 +963,65 @@ export interface PasswordGeneratorRequest {
   minSpecial: number | undefined;
 }
 
-export interface PasswordError extends Error {
-  name: "PasswordError";
-  variant: "NoCharacterSetEnabled" | "InvalidLength";
+export interface UsernameError extends Error {
+  name: "UsernameError";
+  variant: "InvalidApiKey" | "Unknown" | "ResponseContent" | "Reqwest";
 }
 
-export function isPasswordError(error: any): error is PasswordError;
+export function isUsernameError(error: any): error is UsernameError;
+
+export type UsernameGeneratorRequest =
+  | { word: { capitalize: boolean; include_number: boolean } }
+  | { subaddress: { type: AppendType; email: string } }
+  | { catchall: { type: AppendType; domain: string } }
+  | { forwarded: { service: ForwarderServiceType; website: string | undefined } };
+
+export type AppendType = "random" | { websiteName: { website: string } };
 
 /**
- * Passphrase generator request options.
+ * Configures the email forwarding service to use.
+ * For instructions on how to configure each service, see the documentation:
+ * <https://bitwarden.com/help/generator/#username-types>
  */
-export interface PassphraseGeneratorRequest {
-  /**
-   * Number of words in the generated passphrase.
-   * This value must be between 3 and 20.
-   */
-  numWords: number;
-  /**
-   * Character separator between words in the generated passphrase. The value cannot be empty.
-   */
-  wordSeparator: string;
-  /**
-   * When set to true, capitalize the first letter of each word in the generated passphrase.
-   */
-  capitalize: boolean;
-  /**
-   * When set to true, include a number at the end of one of the words in the generated
-   * passphrase.
-   */
-  includeNumber: boolean;
+export type ForwarderServiceType =
+  | { addyIo: { api_token: string; domain: string; base_url: string } }
+  | { duckDuckGo: { token: string } }
+  | { firefox: { api_token: string } }
+  | { fastmail: { api_token: string } }
+  | { forwardEmail: { api_token: string; domain: string } }
+  | { simpleLogin: { api_key: string; base_url: string } };
+
+export interface RequestError extends Error {
+  name: "RequestError";
+  variant: "Subscribe" | "Receive" | "Timeout" | "Send" | "Rpc";
 }
 
-export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
+export function isRequestError(error: any): error is RequestError;
 
-export interface DiscoverResponse {
-  version: string;
+export interface SubscribeError extends Error {
+  name: "SubscribeError";
+  variant: "NotStarted";
 }
 
-export type Endpoint =
-  | { Web: { id: number } }
-  | "BrowserForeground"
-  | "BrowserBackground"
-  | "DesktopRenderer"
-  | "DesktopMain";
+export function isSubscribeError(error: any): error is SubscribeError;
 
-export interface IpcCommunicationBackendSender {
-  send(message: OutgoingMessage): Promise<void>;
+export interface ReceiveError extends Error {
+  name: "ReceiveError";
+  variant: "Channel" | "Timeout" | "Cancelled";
 }
 
-export interface IpcSessionRepository {
-  get(endpoint: Endpoint): Promise<any | undefined>;
-  save(endpoint: Endpoint, session: any): Promise<void>;
-  remove(endpoint: Endpoint): Promise<void>;
-}
+export function isReceiveError(error: any): error is ReceiveError;
 
-export interface ChannelError extends Error {
-  name: "ChannelError";
+export interface TypedReceiveError extends Error {
+  name: "TypedReceiveError";
+  variant: "Channel" | "Timeout" | "Cancelled" | "Typing";
 }
 
-export function isChannelError(error: any): error is ChannelError;
+export function isTypedReceiveError(error: any): error is TypedReceiveError;
+
+export interface IpcCommunicationBackendSender {
+  send(message: OutgoingMessage): Promise<void>;
+}
 
 export interface DeserializeError extends Error {
   name: "DeserializeError";
@@ -1024,42 +1029,35 @@ export interface DeserializeError extends Error {
 
 export function isDeserializeError(error: any): error is DeserializeError;
 
-export interface RequestError extends Error {
-  name: "RequestError";
-  variant: "Subscribe" | "Receive" | "Timeout" | "Send" | "Rpc";
-}
-
-export function isRequestError(error: any): error is RequestError;
-
-export interface TypedReceiveError extends Error {
-  name: "TypedReceiveError";
-  variant: "Channel" | "Timeout" | "Cancelled" | "Typing";
+export interface ChannelError extends Error {
+  name: "ChannelError";
 }
 
-export function isTypedReceiveError(error: any): error is TypedReceiveError;
+export function isChannelError(error: any): error is ChannelError;
 
-export interface ReceiveError extends Error {
-  name: "ReceiveError";
-  variant: "Channel" | "Timeout" | "Cancelled";
+export interface IpcSessionRepository {
+  get(endpoint: Endpoint): Promise<any | undefined>;
+  save(endpoint: Endpoint, session: any): Promise<void>;
+  remove(endpoint: Endpoint): Promise<void>;
 }
 
-export function isReceiveError(error: any): error is ReceiveError;
-
-export interface SubscribeError extends Error {
-  name: "SubscribeError";
-  variant: "NotStarted";
+export interface DiscoverResponse {
+  version: string;
 }
 
-export function isSubscribeError(error: any): error is SubscribeError;
-
-export type KeyAlgorithm = "Ed25519" | "Rsa3072" | "Rsa4096";
+export type Endpoint =
+  | { Web: { id: number } }
+  | "BrowserForeground"
+  | "BrowserBackground"
+  | "DesktopRenderer"
+  | "DesktopMain";
 
-export interface SshKeyExportError extends Error {
-  name: "SshKeyExportError";
-  variant: "KeyConversion";
+export interface KeyGenerationError extends Error {
+  name: "KeyGenerationError";
+  variant: "KeyGeneration" | "KeyConversion";
 }
 
-export function isSshKeyExportError(error: any): error is SshKeyExportError;
+export function isKeyGenerationError(error: any): error is KeyGenerationError;
 
 export interface SshKeyImportError extends Error {
   name: "SshKeyImportError";
@@ -1068,12 +1066,14 @@ export interface SshKeyImportError extends Error {
 
 export function isSshKeyImportError(error: any): error is SshKeyImportError;
 
-export interface KeyGenerationError extends Error {
-  name: "KeyGenerationError";
-  variant: "KeyGeneration" | "KeyConversion";
+export interface SshKeyExportError extends Error {
+  name: "SshKeyExportError";
+  variant: "KeyConversion";
 }
 
-export function isKeyGenerationError(error: any): error is KeyGenerationError;
+export function isSshKeyExportError(error: any): error is SshKeyExportError;
+
+export type KeyAlgorithm = "Ed25519" | "Rsa3072" | "Rsa4096";
 
 export interface DatabaseError extends Error {
   name: "DatabaseError";
@@ -1095,180 +1095,212 @@ export interface CallError extends Error {
 
 export function isCallError(error: any): error is CallError;
 
+export interface CipherRiskError extends Error {
+  name: "CipherRiskError";
+  variant: "Reqwest";
+}
+
+export function isCipherRiskError(error: any): error is CipherRiskError;
+
 /**
- * NewType wrapper for `CipherId`
+ * Risk evaluation result for a single cipher.
  */
-export type CipherId = Tagged<Uuid, "CipherId">;
-
-export interface EncryptionContext {
+export interface CipherRiskResult {
   /**
-   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
-   * Organization-owned ciphers
+   * Cipher ID matching the input CipherLoginDetails.
    */
-  encryptedFor: UserId;
-  cipher: Cipher;
-}
-
-export interface Cipher {
-  id: CipherId | undefined;
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  collectionIds: CollectionId[];
+  id: CipherId;
   /**
-   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
-   * Cipher.
+   * Password strength score from 0 (weakest) to 4 (strongest).
+   * Calculated using zxcvbn with cipher-specific context.
    */
-  key: EncString | undefined;
-  name: EncString;
-  notes: EncString | undefined;
-  type: CipherType;
-  login: Login | undefined;
-  identity: Identity | undefined;
-  card: Card | undefined;
-  secureNote: SecureNote | undefined;
-  sshKey: SshKey | undefined;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  organizationUseTotp: boolean;
-  edit: boolean;
-  permissions: CipherPermissions | undefined;
-  viewPassword: boolean;
-  localData: LocalData | undefined;
-  attachments: Attachment[] | undefined;
-  fields: Field[] | undefined;
-  passwordHistory: PasswordHistory[] | undefined;
-  creationDate: DateTime<Utc>;
-  deletedDate: DateTime<Utc> | undefined;
-  revisionDate: DateTime<Utc>;
-  archivedDate: DateTime<Utc> | undefined;
-  data: string | undefined;
-}
-
-export interface CipherView {
-  id: CipherId | undefined;
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  collectionIds: CollectionId[];
+  password_strength: number;
   /**
-   * Temporary, required to support re-encrypting existing items.
+   * Result of checking password exposure via HIBP API.
+   * - `NotChecked`: check_exposed was false, or password was empty
+   * - `Found(n)`: Successfully checked, found in n breaches
+   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
    */
-  key: EncString | undefined;
-  name: string;
-  notes: string | undefined;
-  type: CipherType;
-  login: LoginView | undefined;
-  identity: IdentityView | undefined;
-  card: CardView | undefined;
-  secureNote: SecureNoteView | undefined;
-  sshKey: SshKeyView | undefined;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  organizationUseTotp: boolean;
-  edit: boolean;
-  permissions: CipherPermissions | undefined;
-  viewPassword: boolean;
-  localData: LocalDataView | undefined;
-  attachments: AttachmentView[] | undefined;
-  fields: FieldView[] | undefined;
-  passwordHistory: PasswordHistoryView[] | undefined;
-  creationDate: DateTime<Utc>;
-  deletedDate: DateTime<Utc> | undefined;
-  revisionDate: DateTime<Utc>;
-  archivedDate: DateTime<Utc> | undefined;
+  exposed_result: ExposedPasswordResult;
+  /**
+   * Number of times this password appears in the provided password_map.
+   * None if not found or if no password_map was provided.
+   */
+  reuse_count: number | undefined;
 }
 
-export type CipherListViewType =
-  | { login: LoginListView }
-  | "secureNote"
-  | { card: CardListView }
-  | "identity"
-  | "sshKey";
-
 /**
- * Available fields on a cipher and can be copied from a the list view in the UI.
+ * Options for configuring risk computation.
  */
-export type CopyableCipherFields =
-  | "LoginUsername"
-  | "LoginPassword"
-  | "LoginTotp"
-  | "CardNumber"
-  | "CardSecurityCode"
-  | "IdentityUsername"
-  | "IdentityEmail"
-  | "IdentityPhone"
-  | "IdentityAddress"
-  | "SshKey"
-  | "SecureNotes";
-
-export interface CipherListView {
-  id: CipherId | undefined;
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  collectionIds: CollectionId[];
-  /**
-   * Temporary, required to support calculating TOTP from CipherListView.
-   */
-  key: EncString | undefined;
-  name: string;
-  subtitle: string;
-  type: CipherListViewType;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  organizationUseTotp: boolean;
-  edit: boolean;
-  permissions: CipherPermissions | undefined;
-  viewPassword: boolean;
+export interface CipherRiskOptions {
   /**
-   * The number of attachments
+   * Pre-computed password reuse map (password → count).
+   * If provided, enables reuse detection across ciphers.
    */
-  attachments: number;
+  passwordMap?: PasswordReuseMap | undefined;
   /**
-   * Indicates if the cipher has old attachments that need to be re-uploaded
+   * Whether to check passwords against Have I Been Pwned API.
+   * When true, makes network requests to check for exposed passwords.
    */
-  hasOldAttachments: boolean;
-  creationDate: DateTime<Utc>;
-  deletedDate: DateTime<Utc> | undefined;
-  revisionDate: DateTime<Utc>;
-  archivedDate: DateTime<Utc> | undefined;
+  checkExposed?: boolean;
   /**
-   * Hints for the presentation layer for which fields can be copied.
+   * Optional HIBP API base URL override. When None, uses the production HIBP URL.
+   * Can be used for testing or alternative password breach checking services.
    */
-  copyableFields: CopyableCipherFields[];
-  localData: LocalDataView | undefined;
+  hibpBaseUrl?: string | undefined;
 }
 
 /**
- * Represents the result of decrypting a list of ciphers.
- *
- * This struct contains two vectors: `successes` and `failures`.
- * `successes` contains the decrypted `CipherListView` objects,
- * while `failures` contains the original `Cipher` objects that failed to decrypt.
+ * Login cipher data needed for risk evaluation.
  */
-export interface DecryptCipherListResult {
+export interface CipherLoginDetails {
   /**
-   * The decrypted `CipherListView` objects.
+   * Cipher ID to identify which cipher in results.
    */
-  successes: CipherListView[];
+  id: CipherId;
   /**
-   * The original `Cipher` objects that failed to decrypt.
+   * The decrypted password to evaluate.
    */
-  failures: Cipher[];
+  password: string;
+  /**
+   * Username or email (login ciphers only have one field).
+   */
+  username: string | undefined;
 }
 
 /**
- * Request to add a cipher.
+ * Password reuse map wrapper for WASM compatibility.
  */
-export interface CipherCreateRequest {
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  name: string;
-  notes: string | undefined;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  type: CipherViewType;
-  fields: FieldView[];
+export type PasswordReuseMap = Record<string, number>;
+
+/**
+ * Result of checking password exposure via HIBP API.
+ */
+export type ExposedPasswordResult =
+  | { type: "NotChecked" }
+  | { type: "Found"; value: number }
+  | { type: "Error"; value: string };
+
+export interface PasswordHistory {
+  password: EncString;
+  lastUsedDate: DateTime<Utc>;
+}
+
+export interface PasswordHistoryView {
+  password: string;
+  lastUsedDate: DateTime<Utc>;
+}
+
+export interface AncestorMap {
+  ancestors: Map<CollectionId, string>;
+}
+
+export interface TotpError extends Error {
+  name: "TotpError";
+  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
+}
+
+export function isTotpError(error: any): error is TotpError;
+
+export interface TotpResponse {
+  /**
+   * Generated TOTP code
+   */
+  code: string;
+  /**
+   * Time period
+   */
+  period: number;
+}
+
+export interface DecryptError extends Error {
+  name: "DecryptError";
+  variant: "Crypto";
+}
+
+export function isDecryptError(error: any): error is DecryptError;
+
+export interface EncryptError extends Error {
+  name: "EncryptError";
+  variant: "Crypto" | "MissingUserId";
+}
+
+export function isEncryptError(error: any): error is EncryptError;
+
+export interface Attachment {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  /**
+   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
+   */
+  sizeName: string | undefined;
+  fileName: EncString | undefined;
+  key: EncString | undefined;
+}
+
+export interface AttachmentView {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  sizeName: string | undefined;
+  fileName: string | undefined;
+  key: EncString | undefined;
+  /**
+   * The decrypted attachmentkey in base64 format.
+   *
+   * **TEMPORARY FIELD**: This field is a temporary workaround to provide
+   * decrypted attachment keys to the TypeScript client during the migration
+   * process. It will be removed once the encryption/decryption logic is
+   * fully migrated to the SDK.
+   *
+   * **Ticket**: <https://bitwarden.atlassian.net/browse/PM-23005>
+   *
+   * Do not rely on this field for long-term use.
+   */
+  decryptedKey: string | undefined;
+}
+
+export interface LocalData {
+  lastUsedDate: DateTime<Utc> | undefined;
+  lastLaunched: DateTime<Utc> | undefined;
+}
+
+export interface LocalDataView {
+  lastUsedDate: DateTime<Utc> | undefined;
+  lastLaunched: DateTime<Utc> | undefined;
 }
 
+export interface SecureNoteView {
+  type: SecureNoteType;
+}
+
+export interface SecureNote {
+  type: SecureNoteType;
+}
+
+export interface GetCipherError extends Error {
+  name: "GetCipherError";
+  variant: "ItemNotFound" | "Crypto" | "RepositoryError";
+}
+
+export function isGetCipherError(error: any): error is GetCipherError;
+
+export interface EditCipherError extends Error {
+  name: "EditCipherError";
+  variant:
+    | "ItemNotFound"
+    | "Crypto"
+    | "Api"
+    | "VaultParse"
+    | "MissingField"
+    | "NotAuthenticated"
+    | "Repository"
+    | "Uuid";
+}
+
+export function isEditCipherError(error: any): error is EditCipherError;
+
 /**
  * Request to edit a cipher.
  */
@@ -1288,11 +1320,82 @@ export interface CipherEditRequest {
   key: EncString | undefined;
 }
 
-export interface Field {
-  name: EncString | undefined;
-  value: EncString | undefined;
-  type: FieldType;
-  linkedId: LinkedIdType | undefined;
+export interface CreateCipherError extends Error {
+  name: "CreateCipherError";
+  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "NotAuthenticated" | "Repository";
+}
+
+export function isCreateCipherError(error: any): error is CreateCipherError;
+
+/**
+ * Request to add a cipher.
+ */
+export interface CipherCreateRequest {
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  name: string;
+  notes: string | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  type: CipherViewType;
+  fields: FieldView[];
+}
+
+/**
+ * Represents the inner data of a cipher view.
+ */
+export type CipherViewType =
+  | { login: LoginView }
+  | { card: CardView }
+  | { identity: IdentityView }
+  | { secureNote: SecureNoteView }
+  | { sshKey: SshKeyView };
+
+export interface DecryptFileError extends Error {
+  name: "DecryptFileError";
+  variant: "Decrypt" | "Io";
+}
+
+export function isDecryptFileError(error: any): error is DecryptFileError;
+
+export interface EncryptFileError extends Error {
+  name: "EncryptFileError";
+  variant: "Encrypt" | "Io";
+}
+
+export function isEncryptFileError(error: any): error is EncryptFileError;
+
+export interface CipherPermissions {
+  delete: boolean;
+  restore: boolean;
+}
+
+export interface CardView {
+  cardholderName: string | undefined;
+  expMonth: string | undefined;
+  expYear: string | undefined;
+  code: string | undefined;
+  brand: string | undefined;
+  number: string | undefined;
+}
+
+export interface Card {
+  cardholderName: EncString | undefined;
+  expMonth: EncString | undefined;
+  expYear: EncString | undefined;
+  code: EncString | undefined;
+  brand: EncString | undefined;
+  number: EncString | undefined;
+}
+
+/**
+ * Minimal CardView only including the needed details for list views
+ */
+export interface CardListView {
+  /**
+   * The brand of the card, e.g. Visa, Mastercard, etc.
+   */
+  brand: string | undefined;
 }
 
 export interface FieldView {
@@ -1302,12 +1405,11 @@ export interface FieldView {
   linkedId: LinkedIdType | undefined;
 }
 
-export type LinkedIdType = LoginLinkedIdType | CardLinkedIdType | IdentityLinkedIdType;
-
-export interface LoginUri {
-  uri: EncString | undefined;
-  match: UriMatchType | undefined;
-  uriChecksum: EncString | undefined;
+export interface Field {
+  name: EncString | undefined;
+  value: EncString | undefined;
+  type: FieldType;
+  linkedId: LinkedIdType | undefined;
 }
 
 export interface LoginUriView {
@@ -1316,47 +1418,30 @@ export interface LoginUriView {
   uriChecksum: string | undefined;
 }
 
-export interface Fido2Credential {
-  credentialId: EncString;
-  keyType: EncString;
-  keyAlgorithm: EncString;
-  keyCurve: EncString;
-  keyValue: EncString;
-  rpId: EncString;
-  userHandle: EncString | undefined;
-  userName: EncString | undefined;
-  counter: EncString;
-  rpName: EncString | undefined;
-  userDisplayName: EncString | undefined;
-  discoverable: EncString;
-  creationDate: DateTime<Utc>;
-}
-
-export interface Fido2CredentialListView {
-  credentialId: string;
-  rpId: string;
-  userHandle: string | undefined;
-  userName: string | undefined;
-  userDisplayName: string | undefined;
-  counter: string;
-}
-
-export interface Fido2CredentialView {
+export interface Fido2CredentialNewView {
   credentialId: string;
   keyType: string;
   keyAlgorithm: string;
   keyCurve: string;
-  keyValue: EncString;
   rpId: string;
   userHandle: string | undefined;
   userName: string | undefined;
   counter: string;
   rpName: string | undefined;
   userDisplayName: string | undefined;
-  discoverable: string;
   creationDate: DateTime<Utc>;
 }
 
+export interface Login {
+  username: EncString | undefined;
+  password: EncString | undefined;
+  passwordRevisionDate: DateTime<Utc> | undefined;
+  uris: LoginUri[] | undefined;
+  totp: EncString | undefined;
+  autofillOnPageLoad: boolean | undefined;
+  fido2Credentials: Fido2Credential[] | undefined;
+}
+
 export interface Fido2CredentialFullView {
   credentialId: string;
   keyType: string;
@@ -1373,30 +1458,6 @@ export interface Fido2CredentialFullView {
   creationDate: DateTime<Utc>;
 }
 
-export interface Fido2CredentialNewView {
-  credentialId: string;
-  keyType: string;
-  keyAlgorithm: string;
-  keyCurve: string;
-  rpId: string;
-  userHandle: string | undefined;
-  userName: string | undefined;
-  counter: string;
-  rpName: string | undefined;
-  userDisplayName: string | undefined;
-  creationDate: DateTime<Utc>;
-}
-
-export interface Login {
-  username: EncString | undefined;
-  password: EncString | undefined;
-  passwordRevisionDate: DateTime<Utc> | undefined;
-  uris: LoginUri[] | undefined;
-  totp: EncString | undefined;
-  autofillOnPageLoad: boolean | undefined;
-  fido2Credentials: Fido2Credential[] | undefined;
-}
-
 export interface LoginView {
   username: string | undefined;
   password: string | undefined;
@@ -1407,6 +1468,28 @@ export interface LoginView {
   fido2Credentials: Fido2Credential[] | undefined;
 }
 
+export interface LoginUri {
+  uri: EncString | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: EncString | undefined;
+}
+
+export interface Fido2Credential {
+  credentialId: EncString;
+  keyType: EncString;
+  keyAlgorithm: EncString;
+  keyCurve: EncString;
+  keyValue: EncString;
+  rpId: EncString;
+  userHandle: EncString | undefined;
+  userName: EncString | undefined;
+  counter: EncString;
+  rpName: EncString | undefined;
+  userDisplayName: EncString | undefined;
+  discoverable: EncString;
+  creationDate: DateTime<Utc>;
+}
+
 export interface LoginListView {
   fido2Credentials: Fido2CredentialListView[] | undefined;
   hasFido2: boolean;
@@ -1418,200 +1501,208 @@ export interface LoginListView {
   uris: LoginUriView[] | undefined;
 }
 
-export interface SecureNote {
-  type: SecureNoteType;
-}
-
-export interface SecureNoteView {
-  type: SecureNoteType;
-}
-
-/**
- * Result of checking password exposure via HIBP API.
- */
-export type ExposedPasswordResult =
-  | { type: "NotChecked" }
-  | { type: "Found"; value: number }
-  | { type: "Error"; value: string };
-
-/**
- * Login cipher data needed for risk evaluation.
- */
-export interface CipherLoginDetails {
-  /**
-   * Cipher ID to identify which cipher in results.
-   */
-  id: CipherId;
-  /**
-   * The decrypted password to evaluate.
-   */
-  password: string;
-  /**
-   * Username or email (login ciphers only have one field).
-   */
-  username: string | undefined;
+export interface Fido2CredentialView {
+  credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
+  keyValue: EncString;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  discoverable: string;
+  creationDate: DateTime<Utc>;
 }
 
-/**
- * Password reuse map wrapper for WASM compatibility.
- */
-export type PasswordReuseMap = Record<string, number>;
-
-/**
- * Options for configuring risk computation.
- */
-export interface CipherRiskOptions {
-  /**
-   * Pre-computed password reuse map (password → count).
-   * If provided, enables reuse detection across ciphers.
-   */
-  passwordMap?: PasswordReuseMap | undefined;
-  /**
-   * Whether to check passwords against Have I Been Pwned API.
-   * When true, makes network requests to check for exposed passwords.
-   */
-  checkExposed?: boolean;
-  /**
-   * Optional HIBP API base URL override. When None, uses the production HIBP URL.
-   * Can be used for testing or alternative password breach checking services.
-   */
-  hibpBaseUrl?: string | undefined;
+export interface Fido2CredentialListView {
+  credentialId: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  userDisplayName: string | undefined;
+  counter: string;
 }
 
-/**
- * Risk evaluation result for a single cipher.
- */
-export interface CipherRiskResult {
-  /**
-   * Cipher ID matching the input CipherLoginDetails.
-   */
-  id: CipherId;
-  /**
-   * Password strength score from 0 (weakest) to 4 (strongest).
-   * Calculated using zxcvbn with cipher-specific context.
-   */
-  password_strength: number;
+export interface CipherListView {
+  id: CipherId | undefined;
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  collectionIds: CollectionId[];
   /**
-   * Result of checking password exposure via HIBP API.
-   * - `NotChecked`: check_exposed was false, or password was empty
-   * - `Found(n)`: Successfully checked, found in n breaches
-   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
+   * Temporary, required to support calculating TOTP from CipherListView.
    */
-  exposed_result: ExposedPasswordResult;
+  key: EncString | undefined;
+  name: string;
+  subtitle: string;
+  type: CipherListViewType;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
   /**
-   * Number of times this password appears in the provided password_map.
-   * None if not found or if no password_map was provided.
+   * The number of attachments
    */
-  reuse_count: number | undefined;
-}
-
-/**
- * Request to add or edit a folder.
- */
-export interface FolderAddEditRequest {
+  attachments: number;
   /**
-   * The new name of the folder.
+   * Indicates if the cipher has old attachments that need to be re-uploaded
    */
-  name: string;
-}
-
-/**
- * NewType wrapper for `FolderId`
- */
-export type FolderId = Tagged<Uuid, "FolderId">;
-
-export interface Folder {
-  id: FolderId | undefined;
-  name: EncString;
+  hasOldAttachments: boolean;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
   revisionDate: DateTime<Utc>;
+  archivedDate: DateTime<Utc> | undefined;
+  /**
+   * Hints for the presentation layer for which fields can be copied.
+   */
+  copyableFields: CopyableCipherFields[];
+  localData: LocalDataView | undefined;
 }
 
-export interface FolderView {
-  id: FolderId | undefined;
+export interface CipherView {
+  id: CipherId | undefined;
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  collectionIds: CollectionId[];
+  /**
+   * Temporary, required to support re-encrypting existing items.
+   */
+  key: EncString | undefined;
   name: string;
+  notes: string | undefined;
+  type: CipherType;
+  login: LoginView | undefined;
+  identity: IdentityView | undefined;
+  card: CardView | undefined;
+  secureNote: SecureNoteView | undefined;
+  sshKey: SshKeyView | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  localData: LocalDataView | undefined;
+  attachments: AttachmentView[] | undefined;
+  fields: FieldView[] | undefined;
+  passwordHistory: PasswordHistoryView[] | undefined;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
   revisionDate: DateTime<Utc>;
+  archivedDate: DateTime<Utc> | undefined;
 }
 
-export interface AncestorMap {
-  ancestors: Map<CollectionId, string>;
-}
-
-export interface DecryptError extends Error {
-  name: "DecryptError";
-  variant: "Crypto";
-}
-
-export function isDecryptError(error: any): error is DecryptError;
-
-export interface EncryptError extends Error {
-  name: "EncryptError";
-  variant: "Crypto" | "MissingUserId";
-}
-
-export function isEncryptError(error: any): error is EncryptError;
+/**
+ * NewType wrapper for `CipherId`
+ */
+export type CipherId = Tagged<Uuid, "CipherId">;
 
-export interface TotpResponse {
+/**
+ * Represents the result of decrypting a list of ciphers.
+ *
+ * This struct contains two vectors: `successes` and `failures`.
+ * `successes` contains the decrypted `CipherListView` objects,
+ * while `failures` contains the original `Cipher` objects that failed to decrypt.
+ */
+export interface DecryptCipherListResult {
   /**
-   * Generated TOTP code
+   * The decrypted `CipherListView` objects.
    */
-  code: string;
+  successes: CipherListView[];
   /**
-   * Time period
+   * The original `Cipher` objects that failed to decrypt.
    */
-  period: number;
-}
-
-export interface TotpError extends Error {
-  name: "TotpError";
-  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
+  failures: Cipher[];
 }
 
-export function isTotpError(error: any): error is TotpError;
-
-export interface PasswordHistoryView {
-  password: string;
-  lastUsedDate: DateTime<Utc>;
-}
+/**
+ * Available fields on a cipher and can be copied from a the list view in the UI.
+ */
+export type CopyableCipherFields =
+  | "LoginUsername"
+  | "LoginPassword"
+  | "LoginTotp"
+  | "CardNumber"
+  | "CardSecurityCode"
+  | "IdentityUsername"
+  | "IdentityEmail"
+  | "IdentityPhone"
+  | "IdentityAddress"
+  | "SshKey"
+  | "SecureNotes";
 
-export interface PasswordHistory {
-  password: EncString;
-  lastUsedDate: DateTime<Utc>;
+export interface EncryptionContext {
+  /**
+   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
+   * Organization-owned ciphers
+   */
+  encryptedFor: UserId;
+  cipher: Cipher;
 }
 
-export interface GetFolderError extends Error {
-  name: "GetFolderError";
-  variant: "ItemNotFound" | "Crypto" | "Repository";
+export interface Cipher {
+  id: CipherId | undefined;
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  collectionIds: CollectionId[];
+  /**
+   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
+   * Cipher.
+   */
+  key: EncString | undefined;
+  name: EncString;
+  notes: EncString | undefined;
+  type: CipherType;
+  login: Login | undefined;
+  identity: Identity | undefined;
+  card: Card | undefined;
+  secureNote: SecureNote | undefined;
+  sshKey: SshKey | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  localData: LocalData | undefined;
+  attachments: Attachment[] | undefined;
+  fields: Field[] | undefined;
+  passwordHistory: PasswordHistory[] | undefined;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+  archivedDate: DateTime<Utc> | undefined;
+  data: string | undefined;
 }
 
-export function isGetFolderError(error: any): error is GetFolderError;
+export type CipherListViewType =
+  | { login: LoginListView }
+  | "secureNote"
+  | { card: CardListView }
+  | "identity"
+  | "sshKey";
 
-export interface EditFolderError extends Error {
-  name: "EditFolderError";
+export interface CipherError extends Error {
+  name: "CipherError";
   variant:
-    | "ItemNotFound"
-    | "Crypto"
-    | "Api"
-    | "VaultParse"
     | "MissingField"
+    | "Crypto"
+    | "Decrypt"
+    | "Encrypt"
+    | "AttachmentsWithoutKeys"
+    | "OrganizationAlreadySet"
+    | "PutShare"
+    | "PutShareMany"
     | "Repository"
-    | "Uuid";
-}
-
-export function isEditFolderError(error: any): error is EditFolderError;
-
-export interface CreateFolderError extends Error {
-  name: "CreateFolderError";
-  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "Repository";
-}
-
-export function isCreateFolderError(error: any): error is CreateFolderError;
-
-export interface CipherRiskError extends Error {
-  name: "CipherRiskError";
-  variant: "Reqwest";
+    | "Chrono"
+    | "SerdeJson";
 }
 
-export function isCipherRiskError(error: any): error is CipherRiskError;
+export function isCipherError(error: any): error is CipherError;
 
 export interface SshKeyView {
   /**
@@ -1643,16 +1734,6 @@ export interface SshKey {
   fingerprint: EncString;
 }
 
-export interface LocalDataView {
-  lastUsedDate: DateTime<Utc> | undefined;
-  lastLaunched: DateTime<Utc> | undefined;
-}
-
-export interface LocalData {
-  lastUsedDate: DateTime<Utc> | undefined;
-  lastLaunched: DateTime<Utc> | undefined;
-}
-
 export interface IdentityView {
   title: string | undefined;
   firstName: string | undefined;
@@ -1695,144 +1776,63 @@ export interface Identity {
   licenseNumber: EncString | undefined;
 }
 
-/**
- * Represents the inner data of a cipher view.
- */
-export type CipherViewType =
-  | { login: LoginView }
-  | { card: CardView }
-  | { identity: IdentityView }
-  | { secureNote: SecureNoteView }
-  | { sshKey: SshKeyView };
-
-export interface CipherPermissions {
-  delete: boolean;
-  restore: boolean;
-}
-
-export interface GetCipherError extends Error {
-  name: "GetCipherError";
-  variant: "ItemNotFound" | "Crypto" | "RepositoryError";
-}
-
-export function isGetCipherError(error: any): error is GetCipherError;
-
-export interface EditCipherError extends Error {
-  name: "EditCipherError";
-  variant:
-    | "ItemNotFound"
-    | "Crypto"
-    | "Api"
-    | "VaultParse"
-    | "MissingField"
-    | "NotAuthenticated"
-    | "Repository"
-    | "Uuid";
-}
-
-export function isEditCipherError(error: any): error is EditCipherError;
-
-export interface CreateCipherError extends Error {
-  name: "CreateCipherError";
-  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "NotAuthenticated" | "Repository";
-}
-
-export function isCreateCipherError(error: any): error is CreateCipherError;
-
-export interface CipherError extends Error {
-  name: "CipherError";
-  variant:
-    | "MissingField"
-    | "Crypto"
-    | "Decrypt"
-    | "Encrypt"
-    | "AttachmentsWithoutKeys"
-    | "OrganizationAlreadySet"
-    | "PutShare"
-    | "PutShareMany"
-    | "Repository"
-    | "Chrono"
-    | "SerdeJson";
-}
-
-export function isCipherError(error: any): error is CipherError;
+export type LinkedIdType = LoginLinkedIdType | CardLinkedIdType | IdentityLinkedIdType;
 
 /**
- * Minimal CardView only including the needed details for list views
+ * NewType wrapper for `FolderId`
  */
-export interface CardListView {
-  /**
-   * The brand of the card, e.g. Visa, Mastercard, etc.
-   */
-  brand: string | undefined;
-}
+export type FolderId = Tagged<Uuid, "FolderId">;
 
-export interface CardView {
-  cardholderName: string | undefined;
-  expMonth: string | undefined;
-  expYear: string | undefined;
-  code: string | undefined;
-  brand: string | undefined;
-  number: string | undefined;
+export interface Folder {
+  id: FolderId | undefined;
+  name: EncString;
+  revisionDate: DateTime<Utc>;
 }
 
-export interface Card {
-  cardholderName: EncString | undefined;
-  expMonth: EncString | undefined;
-  expYear: EncString | undefined;
-  code: EncString | undefined;
-  brand: EncString | undefined;
-  number: EncString | undefined;
+export interface FolderView {
+  id: FolderId | undefined;
+  name: string;
+  revisionDate: DateTime<Utc>;
 }
 
-export interface DecryptFileError extends Error {
-  name: "DecryptFileError";
-  variant: "Decrypt" | "Io";
+export interface EditFolderError extends Error {
+  name: "EditFolderError";
+  variant:
+    | "ItemNotFound"
+    | "Crypto"
+    | "Api"
+    | "VaultParse"
+    | "MissingField"
+    | "Repository"
+    | "Uuid";
 }
 
-export function isDecryptFileError(error: any): error is DecryptFileError;
+export function isEditFolderError(error: any): error is EditFolderError;
 
-export interface EncryptFileError extends Error {
-  name: "EncryptFileError";
-  variant: "Encrypt" | "Io";
+export interface CreateFolderError extends Error {
+  name: "CreateFolderError";
+  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "Repository";
 }
 
-export function isEncryptFileError(error: any): error is EncryptFileError;
+export function isCreateFolderError(error: any): error is CreateFolderError;
 
-export interface AttachmentView {
-  id: string | undefined;
-  url: string | undefined;
-  size: string | undefined;
-  sizeName: string | undefined;
-  fileName: string | undefined;
-  key: EncString | undefined;
+/**
+ * Request to add or edit a folder.
+ */
+export interface FolderAddEditRequest {
   /**
-   * The decrypted attachmentkey in base64 format.
-   *
-   * **TEMPORARY FIELD**: This field is a temporary workaround to provide
-   * decrypted attachment keys to the TypeScript client during the migration
-   * process. It will be removed once the encryption/decryption logic is
-   * fully migrated to the SDK.
-   *
-   * **Ticket**: <https://bitwarden.atlassian.net/browse/PM-23005>
-   *
-   * Do not rely on this field for long-term use.
+   * The new name of the folder.
    */
-  decryptedKey: string | undefined;
+  name: string;
 }
 
-export interface Attachment {
-  id: string | undefined;
-  url: string | undefined;
-  size: string | undefined;
-  /**
-   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
-   */
-  sizeName: string | undefined;
-  fileName: EncString | undefined;
-  key: EncString | undefined;
+export interface GetFolderError extends Error {
+  name: "GetFolderError";
+  variant: "ItemNotFound" | "Crypto" | "Repository";
 }
 
+export function isGetFolderError(error: any): error is GetFolderError;
+
 export class AttachmentsClient {
   private constructor();
   free(): void;
@@ -1850,10 +1850,6 @@ export class AuthClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  /**
-   * Client for identity functionality
-   */
-  identity(): IdentityClient;
   /**
    * Client for send access functionality
    */
@@ -1862,6 +1858,10 @@ export class AuthClient {
    * Client for initializing user account cryptography and unlock methods after JIT provisioning
    */
   registration(): RegistrationClient;
+  /**
+   * Client for identity functionality
+   */
+  identity(): IdentityClient;
 }
 /**
  * Client for evaluating credential risk for login ciphers.
@@ -1870,14 +1870,6 @@ export class CipherRiskClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  /**
-   * Build password reuse map for a list of login ciphers.
-   *
-   * Returns a map where keys are passwords and values are the number of times
-   * each password appears in the provided list. This map can be passed to `compute_risk()`
-   * to enable password reuse detection.
-   */
-  password_reuse_map(login_details: CipherLoginDetails[]): PasswordReuseMap;
   /**
    * Evaluate security risks for multiple login ciphers concurrently.
    *
@@ -1906,19 +1898,19 @@ export class CipherRiskClient {
     login_details: CipherLoginDetails[],
     options: CipherRiskOptions,
   ): Promise<CipherRiskResult[]>;
+  /**
+   * Build password reuse map for a list of login ciphers.
+   *
+   * Returns a map where keys are passwords and values are the number of times
+   * each password appears in the provided list. This map can be passed to `compute_risk()`
+   * to enable password reuse detection.
+   */
+  password_reuse_map(login_details: CipherLoginDetails[]): PasswordReuseMap;
 }
 export class CiphersClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  /**
-   * Create a new [Cipher] and save it to the server.
-   */
-  create(request: CipherCreateRequest): Promise<CipherView>;
-  /**
-   * Edit an existing [Cipher] and save it to the server.
-   */
-  edit(request: CipherEditRequest): Promise<CipherView>;
   /**
    * Moves a cipher into an organization, adds it to collections, and calls the share_cipher API.
    */
@@ -1937,7 +1929,26 @@ export class CiphersClient {
     organization_id: OrganizationId,
     collection_ids: CollectionId[],
   ): Promise<Cipher[]>;
-  encrypt(cipher_view: CipherView): EncryptionContext;
+  decrypt_list(ciphers: Cipher[]): CipherListView[];
+  move_to_organization(cipher_view: CipherView, organization_id: OrganizationId): CipherView;
+  /**
+   * Temporary method used to re-encrypt FIDO2 credentials for a cipher view.
+   * Necessary until the TS clients utilize the SDK entirely for FIDO2 credentials management.
+   * TS clients create decrypted FIDO2 credentials that need to be encrypted manually when
+   * encrypting the rest of the CipherView.
+   * TODO: Remove once TS passkey provider implementation uses SDK - PM-8313
+   */
+  set_fido2_credentials(
+    cipher_view: CipherView,
+    fido2_credentials: Fido2CredentialFullView[],
+  ): CipherView;
+  decrypt_fido2_credentials(cipher_view: CipherView): Fido2CredentialView[];
+  decrypt_fido2_private_key(cipher_view: CipherView): string;
+  /**
+   * Decrypt cipher list with failures
+   * Returns both successfully decrypted ciphers and any that failed to decrypt
+   */
+  decrypt_list_with_failures(ciphers: Cipher[]): DecryptCipherListResult;
   /**
    * Encrypt a cipher with the provided key. This should only be used when rotating encryption
    * keys in the Web client.
@@ -1952,49 +1963,37 @@ export class CiphersClient {
    */
   encrypt_cipher_for_rotation(cipher_view: CipherView, new_key: B64): EncryptionContext;
   decrypt(cipher: Cipher): CipherView;
-  decrypt_list(ciphers: Cipher[]): CipherListView[];
+  encrypt(cipher_view: CipherView): EncryptionContext;
   /**
-   * Decrypt cipher list with failures
-   * Returns both successfully decrypted ciphers and any that failed to decrypt
+   * Edit an existing [Cipher] and save it to the server.
    */
-  decrypt_list_with_failures(ciphers: Cipher[]): DecryptCipherListResult;
-  decrypt_fido2_credentials(cipher_view: CipherView): Fido2CredentialView[];
+  edit(request: CipherEditRequest): Promise<CipherView>;
   /**
-   * Temporary method used to re-encrypt FIDO2 credentials for a cipher view.
-   * Necessary until the TS clients utilize the SDK entirely for FIDO2 credentials management.
-   * TS clients create decrypted FIDO2 credentials that need to be encrypted manually when
-   * encrypting the rest of the CipherView.
-   * TODO: Remove once TS passkey provider implementation uses SDK - PM-8313
+   * Create a new [Cipher] and save it to the server.
    */
-  set_fido2_credentials(
-    cipher_view: CipherView,
-    fido2_credentials: Fido2CredentialFullView[],
-  ): CipherView;
-  move_to_organization(cipher_view: CipherView, organization_id: OrganizationId): CipherView;
-  decrypt_fido2_private_key(cipher_view: CipherView): string;
+  create(request: CipherCreateRequest): Promise<CipherView>;
 }
 export class CollectionViewNodeItem {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  get_item(): CollectionView;
   get_parent(): CollectionView | undefined;
   get_children(): CollectionView[];
   get_ancestors(): AncestorMap;
+  get_item(): CollectionView;
 }
 export class CollectionViewTree {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  get_item_for_view(collection_view: CollectionView): CollectionViewNodeItem | undefined;
-  get_root_items(): CollectionViewNodeItem[];
   get_flat_items(): CollectionViewNodeItem[];
+  get_root_items(): CollectionViewNodeItem[];
+  get_item_for_view(collection_view: CollectionView): CollectionViewNodeItem | undefined;
 }
 export class CollectionsClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  decrypt(collection: Collection): CollectionView;
   decrypt_list(collections: Collection[]): CollectionView[];
   /**
    *
@@ -2002,6 +2001,7 @@ export class CollectionsClient {
    * path().
    */
   get_collection_tree(collections: CollectionView[]): CollectionViewTree;
+  decrypt(collection: Collection): CollectionView;
 }
 /**
  * Client for bitwarden licensed operations
@@ -2028,46 +2028,46 @@ export class CryptoClient {
   free(): void;
   [Symbol.dispose](): void;
   /**
-   * Initialization method for the user crypto. Needs to be called before any other crypto
-   * operations.
+   * Protects the current user key with the provided PIN. The result can be stored and later
+   * used to initialize another client instance by using the PIN and the PIN key with
+   * `initialize_user_crypto`.
    */
-  initialize_user_crypto(req: InitUserCryptoRequest): Promise<void>;
+  enroll_pin(pin: string): EnrollPinResponse;
+  /**
+   * Generates a new key pair and encrypts the private key with the provided user key.
+   * Crypto initialization not required.
+   */
+  make_key_pair(user_key: B64): MakeKeyPairResponse;
+  /**
+   * Create the data necessary to update the user's kdf settings. The user's encryption key is
+   * re-encrypted for the password under the new kdf settings. This returns the re-encrypted
+   * user key and the new password hash but does not update sdk state.
+   */
+  make_update_kdf(password: string, kdf: Kdf): UpdateKdfResponse;
   /**
    * Initialization method for the organization crypto. Needs to be called after
    * `initialize_user_crypto` but before any other crypto operations.
    */
   initialize_org_crypto(req: InitOrgCryptoRequest): Promise<void>;
   /**
-   * Generates a new key pair and encrypts the private key with the provided user key.
-   * Crypto initialization not required.
+   * Initialization method for the user crypto. Needs to be called before any other crypto
+   * operations.
    */
-  make_key_pair(user_key: B64): MakeKeyPairResponse;
+  initialize_user_crypto(req: InitUserCryptoRequest): Promise<void>;
   /**
    * Verifies a user's asymmetric keys by decrypting the private key with the provided user
    * key. Returns if the private key is decryptable and if it is a valid matching key.
    * Crypto initialization not required.
    */
   verify_asymmetric_keys(request: VerifyAsymmetricKeysRequest): VerifyAsymmetricKeysResponse;
-  /**
-   * Makes a new signing key pair and signs the public key for the user
-   */
-  make_keys_for_user_crypto_v2(): UserCryptoV2KeysResponse;
   /**
    * Creates a rotated set of account keys for the current state
    */
   get_v2_rotated_account_keys(): UserCryptoV2KeysResponse;
   /**
-   * Create the data necessary to update the user's kdf settings. The user's encryption key is
-   * re-encrypted for the password under the new kdf settings. This returns the re-encrypted
-   * user key and the new password hash but does not update sdk state.
-   */
-  make_update_kdf(password: string, kdf: Kdf): UpdateKdfResponse;
-  /**
-   * Protects the current user key with the provided PIN. The result can be stored and later
-   * used to initialize another client instance by using the PIN and the PIN key with
-   * `initialize_user_crypto`.
+   * Makes a new signing key pair and signs the public key for the user
    */
-  enroll_pin(pin: string): EnrollPinResponse;
+  make_keys_for_user_crypto_v2(): UserCryptoV2KeysResponse;
   /**
    * Protects the current user key with the provided PIN. The result can be stored and later
    * used to initialize another client instance by using the PIN and the PIN key with
@@ -2084,12 +2084,6 @@ export class ExporterClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  export_vault(folders: Folder[], ciphers: Cipher[], format: ExportFormat): string;
-  export_organization_vault(
-    collections: Collection[],
-    ciphers: Cipher[],
-    format: ExportFormat,
-  ): string;
   /**
    * Credential Exchange Format (CXF)
    *
@@ -2108,6 +2102,12 @@ export class ExporterClient {
    * Ideally, the input should be immediately serialized from [ASImportableAccount](https://developer.apple.com/documentation/authenticationservices/asimportableaccount).
    */
   import_cxf(payload: string): Cipher[];
+  export_vault(folders: Folder[], ciphers: Cipher[], format: ExportFormat): string;
+  export_organization_vault(
+    collections: Collection[],
+    ciphers: Cipher[],
+    format: ExportFormat,
+  ): string;
 }
 /**
  * Wrapper for folder specific functionality.
@@ -2117,90 +2117,90 @@ export class FoldersClient {
   free(): void;
   [Symbol.dispose](): void;
   /**
-   * Encrypt a [FolderView] to a [Folder].
+   * Decrypt a list of [Folder]s to a list of [FolderView]s.
    */
-  encrypt(folder_view: FolderView): Folder;
+  decrypt_list(folders: Folder[]): FolderView[];
   /**
-   * Encrypt a [Folder] to [FolderView].
+   * Get a specific [Folder] by its ID from state and decrypt it to a [FolderView].
    */
-  decrypt(folder: Folder): FolderView;
+  get(folder_id: FolderId): Promise<FolderView>;
   /**
-   * Decrypt a list of [Folder]s to a list of [FolderView]s.
+   * Edit the [Folder] and save it to the server.
    */
-  decrypt_list(folders: Folder[]): FolderView[];
+  edit(folder_id: FolderId, request: FolderAddEditRequest): Promise<FolderView>;
   /**
    * Get all folders from state and decrypt them to a list of [FolderView].
    */
   list(): Promise<FolderView[]>;
-  /**
-   * Get a specific [Folder] by its ID from state and decrypt it to a [FolderView].
-   */
-  get(folder_id: FolderId): Promise<FolderView>;
   /**
    * Create a new [Folder] and save it to the server.
    */
   create(request: FolderAddEditRequest): Promise<FolderView>;
   /**
-   * Edit the [Folder] and save it to the server.
+   * Encrypt a [Folder] to [FolderView].
    */
-  edit(folder_id: FolderId, request: FolderAddEditRequest): Promise<FolderView>;
+  decrypt(folder: Folder): FolderView;
+  /**
+   * Encrypt a [FolderView] to a [Folder].
+   */
+  encrypt(folder_view: FolderView): Folder;
 }
 export class GeneratorClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
   /**
-   * Generates a random password.
+   * Generates a random passphrase.
+   * A passphrase is a combination of random words separated by a character.
+   * An example of passphrase is `correct horse battery staple`.
    *
-   * The character sets and password length can be customized using the `input` parameter.
+   * The number of words and their case, the word separator, and the inclusion of
+   * a number in the passphrase can be customized using the `input` parameter.
    *
    * # Examples
    *
    * ```
    * use bitwarden_core::Client;
-   * use bitwarden_generators::{GeneratorClientsExt, PassphraseError, PasswordGeneratorRequest};
+   * use bitwarden_generators::{GeneratorClientsExt, PassphraseError, PassphraseGeneratorRequest};
    *
    * async fn test() -> Result<(), PassphraseError> {
-   *     let input = PasswordGeneratorRequest {
-   *         lowercase: true,
-   *         uppercase: true,
-   *         numbers: true,
-   *         length: 20,
+   *     let input = PassphraseGeneratorRequest {
+   *         num_words: 4,
    *         ..Default::default()
    *     };
-   *     let password = Client::new(None).generator().password(input).unwrap();
-   *     println!("{}", password);
+   *     let passphrase = Client::new(None).generator().passphrase(input).unwrap();
+   *     println!("{}", passphrase);
    *     Ok(())
    * }
    * ```
    */
-  password(input: PasswordGeneratorRequest): string;
+  passphrase(input: PassphraseGeneratorRequest): string;
   /**
-   * Generates a random passphrase.
-   * A passphrase is a combination of random words separated by a character.
-   * An example of passphrase is `correct horse battery staple`.
+   * Generates a random password.
    *
-   * The number of words and their case, the word separator, and the inclusion of
-   * a number in the passphrase can be customized using the `input` parameter.
+   * The character sets and password length can be customized using the `input` parameter.
    *
    * # Examples
    *
    * ```
    * use bitwarden_core::Client;
-   * use bitwarden_generators::{GeneratorClientsExt, PassphraseError, PassphraseGeneratorRequest};
+   * use bitwarden_generators::{GeneratorClientsExt, PassphraseError, PasswordGeneratorRequest};
    *
    * async fn test() -> Result<(), PassphraseError> {
-   *     let input = PassphraseGeneratorRequest {
-   *         num_words: 4,
+   *     let input = PasswordGeneratorRequest {
+   *         lowercase: true,
+   *         uppercase: true,
+   *         numbers: true,
+   *         length: 20,
    *         ..Default::default()
    *     };
-   *     let passphrase = Client::new(None).generator().passphrase(input).unwrap();
-   *     println!("{}", passphrase);
+   *     let password = Client::new(None).generator().password(input).unwrap();
+   *     println!("{}", password);
    *     Ok(())
    * }
    * ```
    */
-  passphrase(input: PassphraseGeneratorRequest): string;
+  password(input: PasswordGeneratorRequest): string;
 }
 /**
  * The IdentityClient is used to obtain identity / access tokens from the Bitwarden Identity API.
@@ -2213,12 +2213,12 @@ export class IdentityClient {
 export class IncomingMessage {
   free(): void;
   [Symbol.dispose](): void;
-  constructor(payload: Uint8Array, destination: Endpoint, source: Endpoint, topic?: string | null);
   /**
    * Try to parse the payload as JSON.
    * @returns The parsed JSON value, or undefined if the payload is not valid JSON.
    */
   parse_payload_as_json(): any;
+  constructor(payload: Uint8Array, destination: Endpoint, source: Endpoint, topic?: string | null);
   payload: Uint8Array;
   destination: Endpoint;
   source: Endpoint;
@@ -2233,6 +2233,7 @@ export class IpcClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
+  isRunning(): Promise<boolean>;
   /**
    * Create a new `IpcClient` instance with an in-memory session repository for saving
    * sessions within the SDK.
@@ -2246,9 +2247,8 @@ export class IpcClient {
     communication_provider: IpcCommunicationBackend,
     session_repository: IpcSessionRepository,
   ): IpcClient;
-  start(): Promise<void>;
-  isRunning(): Promise<boolean>;
   send(message: OutgoingMessage): Promise<void>;
+  start(): Promise<void>;
   subscribe(): Promise<IpcClientSubscription>;
 }
 /**
@@ -2279,7 +2279,6 @@ export class IpcCommunicationBackend {
 export class OutgoingMessage {
   free(): void;
   [Symbol.dispose](): void;
-  constructor(payload: Uint8Array, destination: Endpoint, topic?: string | null);
   /**
    * Create a new message and encode the payload as JSON.
    */
@@ -2288,6 +2287,7 @@ export class OutgoingMessage {
     destination: Endpoint,
     topic?: string | null,
   ): OutgoingMessage;
+  constructor(payload: Uint8Array, destination: Endpoint, topic?: string | null);
   payload: Uint8Array;
   destination: Endpoint;
   get topic(): string | undefined;
@@ -2299,64 +2299,64 @@ export class OutgoingMessage {
 export class PasswordManagerClient {
   free(): void;
   [Symbol.dispose](): void;
+  /**
+   * Bitwarden licensed operations.
+   */
+  commercial(): CommercialPasswordManagerClient;
   /**
    * Initialize a new instance of the SDK client
    */
   constructor(token_provider: any, settings?: ClientSettings | null);
   /**
-   * Test method, echoes back the input
+   * Auth related operations.
    */
-  echo(msg: string): string;
+  auth(): AuthClient;
   /**
-   * Returns the current SDK version
+   * Test method, echoes back the input
    */
-  version(): string;
+  echo(msg: string): string;
   /**
    * Test method, always throws an error
    */
   throw(msg: string): void;
   /**
-   * Test method, calls http endpoint
-   */
-  http_get(url: string): Promise<string>;
-  /**
-   * Auth related operations.
-   */
-  auth(): AuthClient;
-  /**
-   * Bitwarden licensed operations.
+   * Vault item related operations.
    */
-  commercial(): CommercialPasswordManagerClient;
+  vault(): VaultClient;
   /**
    * Crypto related operations.
    */
   crypto(): CryptoClient;
   /**
-   * Vault item related operations.
+   * Returns the current SDK version
    */
-  vault(): VaultClient;
+  version(): string;
   /**
-   * Constructs a specific client for platform-specific functionality
+   * Test method, calls http endpoint
    */
-  platform(): PlatformClient;
+  http_get(url: string): Promise<string>;
   /**
-   * Constructs a specific client for generating passwords and passphrases
+   * Constructs a specific client for platform-specific functionality
    */
-  generator(): GeneratorClient;
+  platform(): PlatformClient;
   /**
    * Exporter related operations.
    */
   exporters(): ExporterClient;
+  /**
+   * Constructs a specific client for generating passwords and passphrases
+   */
+  generator(): GeneratorClient;
 }
 export class PlatformClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  state(): StateClient;
   /**
    * Load feature flags into the client
    */
   load_flags(flags: FeatureFlags): void;
+  state(): StateClient;
 }
 /**
  * This module represents a stopgap solution to provide access to primitive crypto functions for JS
@@ -2369,77 +2369,63 @@ export class PureCrypto {
   free(): void;
   [Symbol.dispose](): void;
   /**
-   * DEPRECATED: Use `symmetric_decrypt_string` instead.
-   * Cleanup ticket: <https://bitwarden.atlassian.net/browse/PM-21247>
+   * Decrypts data using RSAES-OAEP with SHA-1
+   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
    */
-  static symmetric_decrypt(enc_string: string, key: Uint8Array): string;
-  static symmetric_decrypt_string(enc_string: string, key: Uint8Array): string;
-  static symmetric_decrypt_bytes(enc_string: string, key: Uint8Array): Uint8Array;
+  static rsa_decrypt_data(encrypted_data: Uint8Array, private_key: Uint8Array): Uint8Array;
   /**
-   * DEPRECATED: Use `symmetric_decrypt_filedata` instead.
-   * Cleanup ticket: <https://bitwarden.atlassian.net/browse/PM-21247>
+   * Encrypts data using RSAES-OAEP with SHA-1
+   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
    */
-  static symmetric_decrypt_array_buffer(enc_bytes: Uint8Array, key: Uint8Array): Uint8Array;
-  static symmetric_decrypt_filedata(enc_bytes: Uint8Array, key: Uint8Array): Uint8Array;
-  static symmetric_encrypt_string(plain: string, key: Uint8Array): string;
+  static rsa_encrypt_data(plain_data: Uint8Array, public_key: Uint8Array): Uint8Array;
   /**
-   * DEPRECATED: Only used by send keys
+   * DEPRECATED: Use `symmetric_decrypt_string` instead.
+   * Cleanup ticket: <https://bitwarden.atlassian.net/browse/PM-21247>
    */
-  static symmetric_encrypt_bytes(plain: Uint8Array, key: Uint8Array): string;
-  static symmetric_encrypt_filedata(plain: Uint8Array, key: Uint8Array): Uint8Array;
-  static decrypt_user_key_with_master_password(
-    encrypted_user_key: string,
-    master_password: string,
-    email: string,
-    kdf: Kdf,
-  ): Uint8Array;
-  static encrypt_user_key_with_master_password(
-    user_key: Uint8Array,
-    master_password: string,
-    email: string,
-    kdf: Kdf,
-  ): string;
-  static make_user_key_aes256_cbc_hmac(): Uint8Array;
-  static make_user_key_xchacha20_poly1305(): Uint8Array;
+  static symmetric_decrypt(enc_string: string, key: Uint8Array): string;
   /**
    * Wraps (encrypts) a symmetric key using a symmetric wrapping key, returning the wrapped key
    * as an EncString.
    */
   static wrap_symmetric_key(key_to_be_wrapped: Uint8Array, wrapping_key: Uint8Array): string;
+  /**
+   * Derive output of the KDF for a [bitwarden_crypto::Kdf] configuration.
+   */
+  static derive_kdf_material(password: Uint8Array, salt: Uint8Array, kdf: Kdf): Uint8Array;
+  /**
+   * Generates a new RSA key pair and returns the private key
+   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
+   */
+  static rsa_generate_keypair(): Uint8Array;
   /**
    * Unwraps (decrypts) a wrapped symmetric key using a symmetric wrapping key, returning the
    * unwrapped key as a serialized byte array.
    */
   static unwrap_symmetric_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
   /**
-   * Wraps (encrypts) an SPKI DER encoded encapsulation (public) key using a symmetric wrapping
-   * key. Note: Usually, a public key is - by definition - public, so this should not be
-   * used. The specific use-case for this function is to enable rotateable key sets, where
-   * the "public key" is not public, with the intent of preventing the server from being able
-   * to overwrite the user key unlocked by the rotateable keyset.
-   */
-  static wrap_encapsulation_key(encapsulation_key: Uint8Array, wrapping_key: Uint8Array): string;
-  /**
-   * Unwraps (decrypts) a wrapped SPKI DER encoded encapsulation (public) key using a symmetric
-   * wrapping key.
+   * Given a decrypted private RSA key PKCS8 DER this
+   * returns the corresponding public RSA key in DER format.
+   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
    */
-  static unwrap_encapsulation_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  static rsa_extract_public_key(private_key: Uint8Array): Uint8Array;
   /**
    * Wraps (encrypts) a PKCS8 DER encoded decapsulation (private) key using a symmetric wrapping
    * key,
    */
   static wrap_decapsulation_key(decapsulation_key: Uint8Array, wrapping_key: Uint8Array): string;
   /**
-   * Unwraps (decrypts) a wrapped PKCS8 DER encoded decapsulation (private) key using a symmetric
-   * wrapping key.
+   * Wraps (encrypts) an SPKI DER encoded encapsulation (public) key using a symmetric wrapping
+   * key. Note: Usually, a public key is - by definition - public, so this should not be
+   * used. The specific use-case for this function is to enable rotateable key sets, where
+   * the "public key" is not public, with the intent of preventing the server from being able
+   * to overwrite the user key unlocked by the rotateable keyset.
    */
-  static unwrap_decapsulation_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  static wrap_encapsulation_key(encapsulation_key: Uint8Array, wrapping_key: Uint8Array): string;
+  static symmetric_decrypt_bytes(enc_string: string, key: Uint8Array): Uint8Array;
   /**
-   * Encapsulates (encrypts) a symmetric key using an asymmetric encapsulation key (public key)
-   * in SPKI format, returning the encapsulated key as a string. Note: This is unsigned, so
-   * the sender's authenticity cannot be verified by the recipient.
+   * DEPRECATED: Only used by send keys
    */
-  static encapsulate_key_unsigned(shared_key: Uint8Array, encapsulation_key: Uint8Array): string;
+  static symmetric_encrypt_bytes(plain: Uint8Array, key: Uint8Array): string;
   /**
    * Decapsulates (decrypts) a symmetric key using an decapsulation key (private key) in PKCS8
    * DER format. Note: This is unsigned, so the sender's authenticity cannot be verified by the
@@ -2449,15 +2435,46 @@ export class PureCrypto {
     encapsulated_key: string,
     decapsulation_key: Uint8Array,
   ): Uint8Array;
+  /**
+   * Encapsulates (encrypts) a symmetric key using an asymmetric encapsulation key (public key)
+   * in SPKI format, returning the encapsulated key as a string. Note: This is unsigned, so
+   * the sender's authenticity cannot be verified by the recipient.
+   */
+  static encapsulate_key_unsigned(shared_key: Uint8Array, encapsulation_key: Uint8Array): string;
+  static symmetric_decrypt_string(enc_string: string, key: Uint8Array): string;
+  static symmetric_encrypt_string(plain: string, key: Uint8Array): string;
+  /**
+   * Unwraps (decrypts) a wrapped PKCS8 DER encoded decapsulation (private) key using a symmetric
+   * wrapping key.
+   */
+  static unwrap_decapsulation_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * Unwraps (decrypts) a wrapped SPKI DER encoded encapsulation (public) key using a symmetric
+   * wrapping key.
+   */
+  static unwrap_encapsulation_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  static symmetric_decrypt_filedata(enc_bytes: Uint8Array, key: Uint8Array): Uint8Array;
+  static symmetric_encrypt_filedata(plain: Uint8Array, key: Uint8Array): Uint8Array;
+  static make_user_key_aes256_cbc_hmac(): Uint8Array;
   /**
    * Given a wrapped signing key and the symmetric key it is wrapped with, this returns
    * the corresponding verifying key.
    */
   static verifying_key_for_signing_key(signing_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * DEPRECATED: Use `symmetric_decrypt_filedata` instead.
+   * Cleanup ticket: <https://bitwarden.atlassian.net/browse/PM-21247>
+   */
+  static symmetric_decrypt_array_buffer(enc_bytes: Uint8Array, key: Uint8Array): Uint8Array;
   /**
    * Returns the algorithm used for the given verifying key.
    */
   static key_algorithm_for_verifying_key(verifying_key: Uint8Array): SignatureAlgorithm;
+  static decrypt_user_key_with_master_key(
+    encrypted_user_key: string,
+    master_key: Uint8Array,
+  ): Uint8Array;
+  static make_user_key_xchacha20_poly1305(): Uint8Array;
   /**
    * For a given signing identity (verifying key), this function verifies that the signing
    * identity claimed ownership of the public key. This is a one-sided claim and merely shows
@@ -2468,35 +2485,18 @@ export class PureCrypto {
     signed_public_key: Uint8Array,
     verifying_key: Uint8Array,
   ): Uint8Array;
-  /**
-   * Derive output of the KDF for a [bitwarden_crypto::Kdf] configuration.
-   */
-  static derive_kdf_material(password: Uint8Array, salt: Uint8Array, kdf: Kdf): Uint8Array;
-  static decrypt_user_key_with_master_key(
+  static decrypt_user_key_with_master_password(
     encrypted_user_key: string,
-    master_key: Uint8Array,
+    master_password: string,
+    email: string,
+    kdf: Kdf,
   ): Uint8Array;
-  /**
-   * Given a decrypted private RSA key PKCS8 DER this
-   * returns the corresponding public RSA key in DER format.
-   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
-   */
-  static rsa_extract_public_key(private_key: Uint8Array): Uint8Array;
-  /**
-   * Generates a new RSA key pair and returns the private key
-   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
-   */
-  static rsa_generate_keypair(): Uint8Array;
-  /**
-   * Decrypts data using RSAES-OAEP with SHA-1
-   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
-   */
-  static rsa_decrypt_data(encrypted_data: Uint8Array, private_key: Uint8Array): Uint8Array;
-  /**
-   * Encrypts data using RSAES-OAEP with SHA-1
-   * HAZMAT WARNING: Do not use outside of implementing cryptofunctionservice
-   */
-  static rsa_encrypt_data(plain_data: Uint8Array, public_key: Uint8Array): Uint8Array;
+  static encrypt_user_key_with_master_password(
+    user_key: Uint8Array,
+    master_password: string,
+    email: string,
+    kdf: Kdf,
+  ): string;
 }
 /**
  * Client for initializing a user account.
@@ -2522,13 +2522,13 @@ export class StateClient {
   private constructor();
   free(): void;
   [Symbol.dispose](): void;
-  register_cipher_repository(cipher_repository: any): void;
-  register_folder_repository(store: any): void;
-  register_client_managed_repositories(repositories: Repositories): void;
   /**
    * Initialize the database for SDK managed repositories.
    */
   initialize_state(configuration: IndexedDbConfiguration): Promise<void>;
+  register_cipher_repository(cipher_repository: any): void;
+  register_folder_repository(store: any): void;
+  register_client_managed_repositories(repositories: Repositories): void;
 }
 export class TotpClient {
   private constructor();
@@ -2555,23 +2555,23 @@ export class VaultClient {
    */
   attachments(): AttachmentsClient;
   /**
-   * Cipher related operations.
+   * Cipher risk evaluation operations.
    */
-  ciphers(): CiphersClient;
+  cipher_risk(): CipherRiskClient;
   /**
-   * Folder related operations.
+   * Collection related operations.
    */
-  folders(): FoldersClient;
+  collections(): CollectionsClient;
   /**
    * TOTP related operations.
    */
   totp(): TotpClient;
   /**
-   * Collection related operations.
+   * Cipher related operations.
    */
-  collections(): CollectionsClient;
+  ciphers(): CiphersClient;
   /**
-   * Cipher risk evaluation operations.
+   * Folder related operations.
    */
-  cipher_risk(): CipherRiskClient;
+  folders(): FoldersClient;
 }