@bitwarden/commercial-sdk-internal 0.2.0-main.448 → 0.2.0-main.450

package/node/bitwarden_wasm_internal.d.ts

@@ -1,5 +1,16 @@
 /* tslint:disable */
 /* eslint-disable */
+/**
+ * Generate a new SSH key pair
+ *
+ * # Arguments
+ * - `key_algorithm` - The algorithm to use for the key pair
+ *
+ * # Returns
+ * - `Ok(SshKey)` if the key was successfully generated
+ * - `Err(KeyGenerationError)` if the key could not be generated
+ */
+export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
 /**
  * Convert a PCKS8 or OpenSSH encrypted or unencrypted private key
  * to an OpenSSH private key with public key and fingerprint
@@ -16,17 +27,6 @@
  * - `Err(UnsupportedKeyType)` if the key type is not supported
  */
 export function import_ssh_key(imported_key: string, password?: string | null): SshKeyView;
-/**
- * Generate a new SSH key pair
- *
- * # Arguments
- * - `key_algorithm` - The algorithm to use for the key pair
- *
- * # Returns
- * - `Ok(SshKey)` if the key was successfully generated
- * - `Err(KeyGenerationError)` if the key could not be generated
- */
-export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
 export function init_sdk(log_level?: LogLevel | null): void;
 /**
  * Registers a DiscoverHandler so that the client can respond to DiscoverRequests.
@@ -180,10 +180,6 @@ export interface TokenProvider {
   get_access_token(): Promise<string | undefined>;
 }
 
-export interface IndexedDbConfiguration {
-  db_name: string;
-}
-
 export interface Repositories {
   cipher: Repository<Cipher> | null;
   folder: Repository<Folder> | null;
@@ -194,6 +190,10 @@ export interface Repositories {
  */
 export interface FeatureFlags extends Map<string, boolean> {}
 
+export interface IndexedDbConfiguration {
+  db_name: string;
+}
+
 /**
  * Credentials for sending an OTP to the user\'s email address.
  * This is used when the send requires email verification with an OTP.
@@ -205,28 +205,6 @@ export interface SendEmailCredentials {
   email: string;
 }
 
-/**
- * Credentials for getting a send access token using an email and OTP.
- */
-export interface SendEmailOtpCredentials {
-  /**
-   * The email address to which the OTP will be sent.
-   */
-  email: string;
-  /**
-   * The one-time password (OTP) that the user has received via email.
-   */
-  otp: string;
-}
-
-/**
- * The credentials used for send access requests.
- */
-export type SendAccessCredentials =
-  | SendPasswordCredentials
-  | SendEmailOtpCredentials
-  | SendEmailCredentials;
-
 /**
  * Credentials for sending password secured access requests.
  * Clone auto implements the standard lib\'s Clone trait, allowing us to create copies of this
@@ -253,6 +231,28 @@ export interface SendAccessTokenRequest {
   sendAccessCredentials?: SendAccessCredentials;
 }
 
+/**
+ * The credentials used for send access requests.
+ */
+export type SendAccessCredentials =
+  | SendPasswordCredentials
+  | SendEmailOtpCredentials
+  | SendEmailCredentials;
+
+/**
+ * Credentials for getting a send access token using an email and OTP.
+ */
+export interface SendEmailOtpCredentials {
+  /**
+   * The email address to which the OTP will be sent.
+   */
+  email: string;
+  /**
+   * The one-time password (OTP) that the user has received via email.
+   */
+  otp: string;
+}
+
 /**
  * A send access token which can be used to access a send.
  */
@@ -267,14 +267,6 @@ export interface SendAccessTokenResponse {
   expiresAt: number;
 }
 
-/**
- * Represents errors that can occur when requesting a send access token.
- * It includes expected and unexpected API errors.
- */
-export type SendAccessTokenError =
-  | { kind: "unexpected"; data: UnexpectedIdentityError }
-  | { kind: "expected"; data: SendAccessTokenApiErrorResponse };
-
 /**
  * Any unexpected error that occurs when making requests to identity. This could be
  * local/transport/decoding failure from the HTTP client (DNS/TLS/connect/read timeout,
@@ -286,25 +278,12 @@ export type SendAccessTokenError =
 export type UnexpectedIdentityError = string;
 
 /**
- * Invalid grant errors - typically due to invalid credentials.
- */
-export type SendAccessTokenInvalidGrantError =
-  | "send_id_invalid"
-  | "password_hash_b64_invalid"
-  | "email_invalid"
-  | "otp_invalid"
-  | "otp_generation_failed"
-  | "unknown";
-
-/**
- * Invalid request errors - typically due to missing parameters.
+ * Represents errors that can occur when requesting a send access token.
+ * It includes expected and unexpected API errors.
  */
-export type SendAccessTokenInvalidRequestError =
-  | "send_id_required"
-  | "password_hash_b64_required"
-  | "email_required"
-  | "email_and_otp_required_otp_sent"
-  | "unknown";
+export type SendAccessTokenError =
+  | { kind: "unexpected"; data: UnexpectedIdentityError }
+  | { kind: "expected"; data: SendAccessTokenApiErrorResponse };
 
 /**
  * Represents the possible, expected errors that can occur when requesting a send access token.
@@ -327,29 +306,25 @@ export type SendAccessTokenApiErrorResponse =
   | { error: "invalid_target"; error_description?: string };
 
 /**
- * Result of TDE registration process.
+ * Invalid grant errors - typically due to invalid credentials.
  */
-export interface TdeRegistrationResponse {
-  /**
-   * The account cryptographic state of the user
-   */
-  account_cryptographic_state: WrappedAccountCryptographicState;
-  /**
-   * The device key
-   */
-  device_key: B64;
-  /**
-   * The decrypted user key. This can be used to get the consuming client to an unlocked state.
-   */
-  user_key: B64;
-}
-
-export interface RegistrationError extends Error {
-  name: "RegistrationError";
-  variant: "Api" | "Crypto";
-}
+export type SendAccessTokenInvalidGrantError =
+  | "send_id_invalid"
+  | "password_hash_b64_invalid"
+  | "email_invalid"
+  | "otp_invalid"
+  | "otp_generation_failed"
+  | "unknown";
 
-export function isRegistrationError(error: any): error is RegistrationError;
+/**
+ * Invalid request errors - typically due to missing parameters.
+ */
+export type SendAccessTokenInvalidRequestError =
+  | "send_id_required"
+  | "password_hash_b64_required"
+  | "email_required"
+  | "email_and_otp_required_otp_sent"
+  | "unknown";
 
 /**
  * Request parameters for TDE (Trusted Device Encryption) registration.
@@ -378,36 +353,83 @@ export interface TdeRegistrationRequest {
   trust_device: boolean;
 }
 
+export interface RegistrationError extends Error {
+  name: "RegistrationError";
+  variant: "KeyConnectorApi" | "Api" | "Crypto";
+}
+
+export function isRegistrationError(error: any): error is RegistrationError;
+
 /**
- * NewType wrapper for `CollectionId`
+ * Result of TDE registration process.
  */
-export type CollectionId = Tagged<Uuid, "CollectionId">;
+export interface TdeRegistrationResponse {
+  /**
+   * The account cryptographic state of the user
+   */
+  account_cryptographic_state: WrappedAccountCryptographicState;
+  /**
+   * The device key
+   */
+  device_key: B64;
+  /**
+   * The decrypted user key. This can be used to get the consuming client to an unlocked state.
+   */
+  user_key: B64;
+}
 
 /**
- * Type of collection
+ * Result of Key Connector registration process.
  */
-export type CollectionType = "SharedCollection" | "DefaultUserCollection";
+export interface KeyConnectorRegistrationResult {
+  /**
+   * The account cryptographic state of the user.
+   */
+  account_cryptographic_state: WrappedAccountCryptographicState;
+  /**
+   * The key connector key used for unlocking.
+   */
+  key_connector_key: B64;
+  /**
+   * The encrypted user key, wrapped with the key connector key.
+   */
+  key_connector_key_wrapped_user_key: EncString;
+  /**
+   * The decrypted user key. This can be used to get the consuming client to an unlocked state.
+   */
+  user_key: B64;
+}
 
-export interface CollectionView {
+/**
+ * NewType wrapper for `CollectionId`
+ */
+export type CollectionId = Tagged<Uuid, "CollectionId">;
+
+export interface Collection {
   id: CollectionId | undefined;
   organizationId: OrganizationId;
-  name: string;
+  name: EncString;
   externalId: string | undefined;
   hidePasswords: boolean;
   readOnly: boolean;
   manage: boolean;
+  defaultUserCollectionEmail: string | undefined;
   type: CollectionType;
 }
 
-export interface Collection {
+/**
+ * Type of collection
+ */
+export type CollectionType = "SharedCollection" | "DefaultUserCollection";
+
+export interface CollectionView {
   id: CollectionId | undefined;
   organizationId: OrganizationId;
-  name: EncString;
+  name: string;
   externalId: string | undefined;
   hidePasswords: boolean;
   readOnly: boolean;
   manage: boolean;
-  defaultUserCollectionEmail: string | undefined;
   type: CollectionType;
 }
 
@@ -420,27 +442,6 @@ export function isCollectionDecryptError(error: any): error is CollectionDecrypt
 
 export type SignedSecurityState = string;
 
-export interface MasterPasswordError extends Error {
-  name: "MasterPasswordError";
-  variant:
-    | "EncryptionKeyMalformed"
-    | "KdfMalformed"
-    | "InvalidKdfConfiguration"
-    | "MissingField"
-    | "Crypto";
-}
-
-export function isMasterPasswordError(error: any): error is MasterPasswordError;
-
-/**
- * Represents the data required to authenticate with the master password.
- */
-export interface MasterPasswordAuthenticationData {
-  kdf: Kdf;
-  salt: string;
-  masterPasswordAuthenticationHash: B64;
-}
-
 /**
  * Represents the data required to unlock with the master password.
  */
@@ -460,19 +461,25 @@ export interface MasterPasswordUnlockData {
 }
 
 /**
- * Any keys / cryptographic protection \"downstream\" from the account symmetric key (user key).
- * Private keys are protected by the user key.
+ * Represents the data required to authenticate with the master password.
  */
-export type WrappedAccountCryptographicState =
-  | { V1: { private_key: EncString } }
-  | {
-      V2: {
-        private_key: EncString;
-        signed_public_key: SignedPublicKey | undefined;
-        signing_key: EncString;
-        security_state: SignedSecurityState;
-      };
-    };
+export interface MasterPasswordAuthenticationData {
+  kdf: Kdf;
+  salt: string;
+  masterPasswordAuthenticationHash: B64;
+}
+
+export interface MasterPasswordError extends Error {
+  name: "MasterPasswordError";
+  variant:
+    | "EncryptionKeyMalformed"
+    | "KdfMalformed"
+    | "InvalidKdfConfiguration"
+    | "MissingField"
+    | "Crypto";
+}
+
+export function isMasterPasswordError(error: any): error is MasterPasswordError;
 
 export interface AccountCryptographyInitializationError extends Error {
   name: "AccountCryptographyInitializationError";
@@ -490,43 +497,62 @@ export function isAccountCryptographyInitializationError(
 ): error is AccountCryptographyInitializationError;
 
 /**
- * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
+ * Any keys / cryptographic protection \"downstream\" from the account symmetric key (user key).
+ * Private keys are protected by the user key.
  */
-export interface UserCryptoV2KeysResponse {
-  /**
-   * User key
-   */
-  userKey: B64;
-  /**
-   * Wrapped private key
-   */
-  privateKey: EncString;
-  /**
-   * Public key
-   */
-  publicKey: B64;
-  /**
-   * The user\'s public key, signed by the signing key
-   */
-  signedPublicKey: SignedPublicKey;
+export type WrappedAccountCryptographicState =
+  | { V1: { private_key: EncString } }
+  | {
+      V2: {
+        private_key: EncString;
+        signed_public_key: SignedPublicKey | undefined;
+        signing_key: EncString;
+        security_state: SignedSecurityState;
+      };
+    };
+
+/**
+ * Response from the `make_update_password` function
+ */
+export interface UpdatePasswordResponse {
   /**
-   * Signing key, encrypted with the user\'s symmetric key
+   * Hash of the new password
    */
-  signingKey: EncString;
+  passwordHash: B64;
   /**
-   * Base64 encoded verifying key
+   * User key, encrypted with the new password
    */
-  verifyingKey: B64;
+  newKey: EncString;
+}
+
+/**
+ * Response from the `make_key_pair` function
+ */
+export interface MakeKeyPairResponse {
   /**
-   * The user\'s signed security state
+   * The user\'s public key
    */
-  securityState: SignedSecurityState;
+  userPublicKey: B64;
   /**
-   * The security state\'s version
+   * User\'s private key, encrypted with the user key
    */
-  securityVersion: number;
+  userKeyEncryptedPrivateKey: EncString;
 }
 
+export interface EnrollAdminPasswordResetError extends Error {
+  name: "EnrollAdminPasswordResetError";
+  variant: "Crypto";
+}
+
+export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
+
+/**
+ * Auth requests supports multiple initialization methods.
+ */
+export type AuthRequestMethod =
+  | { userKey: { protected_user_key: UnsignedSharedKey } }
+  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
+
 /**
  * Response from the `update_kdf` function
  */
@@ -545,49 +571,6 @@ export interface UpdateKdfResponse {
   oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
 }
 
-/**
- * Request for migrating an account from password to key connector.
- */
-export interface DeriveKeyConnectorRequest {
-  /**
-   * Encrypted user key, used to validate the master key
-   */
-  userKeyEncrypted: EncString;
-  /**
-   * The user\'s master password
-   */
-  password: string;
-  /**
-   * The KDF parameters used to derive the master key
-   */
-  kdf: Kdf;
-  /**
-   * The user\'s email address
-   */
-  email: string;
-}
-
-/**
- * Auth requests supports multiple initialization methods.
- */
-export type AuthRequestMethod =
-  | { userKey: { protected_user_key: UnsignedSharedKey } }
-  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
-
-export interface DeriveKeyConnectorError extends Error {
-  name: "DeriveKeyConnectorError";
-  variant: "WrongPassword" | "Crypto";
-}
-
-export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
-
-export interface MakeKeysError extends Error {
-  name: "MakeKeysError";
-  variant: "AccountCryptographyInitialization" | "RequestModelCreation" | "Crypto";
-}
-
-export function isMakeKeysError(error: any): error is MakeKeysError;
-
 /**
  * Request for deriving a pin protected user key
  */
@@ -603,37 +586,39 @@ export interface EnrollPinResponse {
 }
 
 /**
- * The crypto method used to initialize the user cryptographic state.
- */
-export type InitUserCryptoMethod =
-  | { masterPasswordUnlock: { password: string; master_password_unlock: MasterPasswordUnlockData } }
-  | { decryptedKey: { decrypted_user_key: string } }
-  | { pin: { pin: string; pin_protected_user_key: EncString } }
-  | { pinEnvelope: { pin: string; pin_protected_user_key_envelope: PasswordProtectedKeyEnvelope } }
-  | { authRequest: { request_private_key: B64; method: AuthRequestMethod } }
-  | {
-      deviceKey: {
-        device_key: string;
-        protected_device_private_key: EncString;
-        device_protected_user_key: UnsignedSharedKey;
-      };
-    }
-  | { keyConnector: { master_key: B64; user_key: EncString } };
-
-/**
- * Request for deriving a pin protected user key
+ * State used for initializing the user cryptographic state.
  */
-export interface DerivePinKeyResponse {
+export interface InitUserCryptoRequest {
   /**
-   * [UserKey] protected by PIN
+   * The user\'s ID.
    */
-  pinProtectedUserKey: EncString;
+  userId: UserId | undefined;
   /**
-   * PIN protected by [UserKey]
+   * The user\'s KDF parameters, as received from the prelogin request
    */
-  encryptedPin: EncString;
+  kdfParams: Kdf;
+  /**
+   * The user\'s email address
+   */
+  email: string;
+  /**
+   * The user\'s account cryptographic state, containing their signature and
+   * public-key-encryption keys, along with the signed security state, protected by the user key
+   */
+  accountCryptographicState: WrappedAccountCryptographicState;
+  /**
+   * The method to decrypt the user\'s account symmetric key (user key)
+   */
+  method: InitUserCryptoMethod;
+}
+
+export interface MakeKeysError extends Error {
+  name: "MakeKeysError";
+  variant: "AccountCryptographyInitialization" | "RequestModelCreation" | "Crypto";
 }
 
+export function isMakeKeysError(error: any): error is MakeKeysError;
+
 /**
  * Response for `verify_asymmetric_keys`.
  */
@@ -666,38 +651,44 @@ export interface VerifyAsymmetricKeysRequest {
   userKeyEncryptedPrivateKey: EncString;
 }
 
-export interface EnrollAdminPasswordResetError extends Error {
-  name: "EnrollAdminPasswordResetError";
-  variant: "Crypto";
-}
-
-export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
+/**
+ * The crypto method used to initialize the user cryptographic state.
+ */
+export type InitUserCryptoMethod =
+  | { masterPasswordUnlock: { password: string; master_password_unlock: MasterPasswordUnlockData } }
+  | { decryptedKey: { decrypted_user_key: string } }
+  | { pin: { pin: string; pin_protected_user_key: EncString } }
+  | { pinEnvelope: { pin: string; pin_protected_user_key_envelope: PasswordProtectedKeyEnvelope } }
+  | { authRequest: { request_private_key: B64; method: AuthRequestMethod } }
+  | {
+      deviceKey: {
+        device_key: string;
+        protected_device_private_key: EncString;
+        device_protected_user_key: UnsignedSharedKey;
+      };
+    }
+  | { keyConnector: { master_key: B64; user_key: EncString } };
 
 /**
- * State used for initializing the user cryptographic state.
+ * Request for migrating an account from password to key connector.
  */
-export interface InitUserCryptoRequest {
-  /**
-   * The user\'s ID.
-   */
-  userId: UserId | undefined;
+export interface DeriveKeyConnectorRequest {
   /**
-   * The user\'s KDF parameters, as received from the prelogin request
+   * Encrypted user key, used to validate the master key
    */
-  kdfParams: Kdf;
+  userKeyEncrypted: EncString;
   /**
-   * The user\'s email address
+   * The user\'s master password
    */
-  email: string;
+  password: string;
   /**
-   * The user\'s account cryptographic state, containing their signature and
-   * public-key-encryption keys, along with the signed security state, protected by the user key
+   * The KDF parameters used to derive the master key
    */
-  accountCryptographicState: WrappedAccountCryptographicState;
+  kdf: Kdf;
   /**
-   * The method to decrypt the user\'s account symmetric key (user key)
+   * The user\'s email address
    */
-  method: InitUserCryptoMethod;
+  email: string;
 }
 
 /**
@@ -711,33 +702,50 @@ export interface InitOrgCryptoRequest {
 }
 
 /**
- * Response from the `make_update_password` function
+ * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
  */
-export interface UpdatePasswordResponse {
+export interface UserCryptoV2KeysResponse {
   /**
-   * Hash of the new password
+   * User key
    */
-  passwordHash: B64;
+  userKey: B64;
   /**
-   * User key, encrypted with the new password
+   * Wrapped private key
    */
-  newKey: EncString;
-}
-
-/**
- * Response from the `make_key_pair` function
- */
-export interface MakeKeyPairResponse {
+  privateKey: EncString;
   /**
-   * The user\'s public key
+   * Public key
    */
-  userPublicKey: B64;
+  publicKey: B64;
   /**
-   * User\'s private key, encrypted with the user key
+   * The user\'s public key, signed by the signing key
    */
-  userKeyEncryptedPrivateKey: EncString;
+  signedPublicKey: SignedPublicKey;
+  /**
+   * Signing key, encrypted with the user\'s symmetric key
+   */
+  signingKey: EncString;
+  /**
+   * Base64 encoded verifying key
+   */
+  verifyingKey: B64;
+  /**
+   * The user\'s signed security state
+   */
+  securityState: SignedSecurityState;
+  /**
+   * The security state\'s version
+   */
+  securityVersion: number;
+}
+
+export interface DeriveKeyConnectorError extends Error {
+  name: "DeriveKeyConnectorError";
+  variant: "WrongPassword" | "Crypto";
 }
 
+export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
+
 export interface CryptoClientError extends Error {
   name: "CryptoClientError";
   variant: "NotAuthenticated" | "Crypto" | "InvalidKdfSettings" | "PasswordProtectedKeyEnvelope";
@@ -745,6 +753,20 @@ export interface CryptoClientError extends Error {
 
 export function isCryptoClientError(error: any): error is CryptoClientError;
 
+/**
+ * Request for deriving a pin protected user key
+ */
+export interface DerivePinKeyResponse {
+  /**
+   * [UserKey] protected by PIN
+   */
+  pinProtectedUserKey: EncString;
+  /**
+   * PIN protected by [UserKey]
+   */
+  encryptedPin: EncString;
+}
+
 /**
  * NewType wrapper for `OrganizationId`
  */
@@ -993,8 +1015,6 @@ export interface ExportError extends Error {
 
 export function isExportError(error: any): error is ExportError;
 
-export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
-
 /**
  * Passphrase generator request options.
  */
@@ -1019,6 +1039,8 @@ export interface PassphraseGeneratorRequest {
   includeNumber: boolean;
 }
 
+export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
+
 /**
  * Password generator request options.
  */
@@ -1167,12 +1189,12 @@ export type Endpoint =
   | "DesktopRenderer"
   | "DesktopMain";
 
-export interface KeyGenerationError extends Error {
-  name: "KeyGenerationError";
-  variant: "KeyGeneration" | "KeyConversion";
+export interface SshKeyExportError extends Error {
+  name: "SshKeyExportError";
+  variant: "KeyConversion";
 }
 
-export function isKeyGenerationError(error: any): error is KeyGenerationError;
+export function isSshKeyExportError(error: any): error is SshKeyExportError;
 
 export interface SshKeyImportError extends Error {
   name: "SshKeyImportError";
@@ -1181,12 +1203,12 @@ export interface SshKeyImportError extends Error {
 
 export function isSshKeyImportError(error: any): error is SshKeyImportError;
 
-export interface SshKeyExportError extends Error {
-  name: "SshKeyExportError";
-  variant: "KeyConversion";
+export interface KeyGenerationError extends Error {
+  name: "KeyGenerationError";
+  variant: "KeyGeneration" | "KeyConversion";
 }
 
-export function isSshKeyExportError(error: any): error is SshKeyExportError;
+export function isKeyGenerationError(error: any): error is KeyGenerationError;
 
 export type KeyAlgorithm = "Ed25519" | "Rsa3072" | "Rsa4096";
 
@@ -1217,6 +1239,11 @@ export interface CipherRiskError extends Error {
 
 export function isCipherRiskError(error: any): error is CipherRiskError;
 
+/**
+ * Password reuse map wrapper for WASM compatibility.
+ */
+export type PasswordReuseMap = Record<string, number>;
+
 /**
  * Risk evaluation result for a single cipher.
  */
@@ -1244,29 +1271,6 @@ export interface CipherRiskResult {
   reuse_count: number | undefined;
 }
 
-/**
- * Login cipher data needed for risk evaluation.
- */
-export interface CipherLoginDetails {
-  /**
-   * Cipher ID to identify which cipher in results.
-   */
-  id: CipherId;
-  /**
-   * The decrypted password to evaluate.
-   */
-  password: string;
-  /**
-   * Username or email (login ciphers only have one field).
-   */
-  username: string | undefined;
-}
-
-/**
- * Password reuse map wrapper for WASM compatibility.
- */
-export type PasswordReuseMap = Record<string, number>;
-
 /**
  * Options for configuring risk computation.
  */
@@ -1296,6 +1300,24 @@ export type ExposedPasswordResult =
   | { type: "Found"; value: number }
   | { type: "Error"; value: string };
 
+/**
+ * Login cipher data needed for risk evaluation.
+ */
+export interface CipherLoginDetails {
+  /**
+   * Cipher ID to identify which cipher in results.
+   */
+  id: CipherId;
+  /**
+   * The decrypted password to evaluate.
+   */
+  password: string;
+  /**
+   * Username or email (login ciphers only have one field).
+   */
+  username: string | undefined;
+}
+
 export interface PasswordHistory {
   password: EncString;
   lastUsedDate: DateTime<Utc>;
@@ -1310,13 +1332,6 @@ export interface AncestorMap {
   ancestors: Map<CollectionId, string>;
 }
 
-export interface TotpError extends Error {
-  name: "TotpError";
-  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
-}
-
-export function isTotpError(error: any): error is TotpError;
-
 export interface TotpResponse {
   /**
    * Generated TOTP code
@@ -1328,6 +1343,13 @@ export interface TotpResponse {
   period: number;
 }
 
+export interface TotpError extends Error {
+  name: "TotpError";
+  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
+}
+
+export function isTotpError(error: any): error is TotpError;
+
 export interface DecryptError extends Error {
   name: "DecryptError";
   variant: "Crypto";
@@ -1342,18 +1364,6 @@ export interface EncryptError extends Error {
 
 export function isEncryptError(error: any): error is EncryptError;
 
-export interface Attachment {
-  id: string | undefined;
-  url: string | undefined;
-  size: string | undefined;
-  /**
-   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
-   */
-  sizeName: string | undefined;
-  fileName: EncString | undefined;
-  key: EncString | undefined;
-}
-
 export interface AttachmentView {
   id: string | undefined;
   url: string | undefined;
@@ -1376,6 +1386,18 @@ export interface AttachmentView {
   decryptedKey: string | undefined;
 }
 
+export interface Attachment {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  /**
+   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
+   */
+  sizeName: string | undefined;
+  fileName: EncString | undefined;
+  key: EncString | undefined;
+}
+
 export interface LocalDataView {
   lastUsedDate: DateTime<Utc> | undefined;
   lastLaunched: DateTime<Utc> | undefined;
@@ -1386,11 +1408,11 @@ export interface LocalData {
   lastLaunched: DateTime<Utc> | undefined;
 }
 
-export interface SecureNoteView {
+export interface SecureNote {
   type: SecureNoteType;
 }
 
-export interface SecureNote {
+export interface SecureNoteView {
   type: SecureNoteType;
 }
 
@@ -1545,7 +1567,17 @@ export interface CardView {
   expYear: string | undefined;
   code: string | undefined;
   brand: string | undefined;
-  number: string | undefined;
+  number: string | undefined;
+}
+
+/**
+ * Minimal CardView only including the needed details for list views
+ */
+export interface CardListView {
+  /**
+   * The brand of the card, e.g. Visa, Mastercard, etc.
+   */
+  brand: string | undefined;
 }
 
 export interface Card {
@@ -1557,14 +1589,11 @@ export interface Card {
   number: EncString | undefined;
 }
 
-/**
- * Minimal CardView only including the needed details for list views
- */
-export interface CardListView {
-  /**
-   * The brand of the card, e.g. Visa, Mastercard, etc.
-   */
-  brand: string | undefined;
+export interface Field {
+  name: EncString | undefined;
+  value: EncString | undefined;
+  type: FieldType;
+  linkedId: LinkedIdType | undefined;
 }
 
 export interface FieldView {
@@ -1574,26 +1603,27 @@ export interface FieldView {
   linkedId: LinkedIdType | undefined;
 }
 
-export interface Field {
-  name: EncString | undefined;
-  value: EncString | undefined;
-  type: FieldType;
-  linkedId: LinkedIdType | undefined;
+export interface LoginView {
+  username: string | undefined;
+  password: string | undefined;
+  passwordRevisionDate: DateTime<Utc> | undefined;
+  uris: LoginUriView[] | undefined;
+  totp: string | undefined;
+  autofillOnPageLoad: boolean | undefined;
+  fido2Credentials: Fido2Credential[] | undefined;
 }
 
-export interface Fido2CredentialView {
+export interface Fido2CredentialNewView {
   credentialId: string;
   keyType: string;
   keyAlgorithm: string;
   keyCurve: string;
-  keyValue: EncString;
   rpId: string;
   userHandle: string | undefined;
   userName: string | undefined;
   counter: string;
   rpName: string | undefined;
   userDisplayName: string | undefined;
-  discoverable: string;
   creationDate: DateTime<Utc>;
 }
 
@@ -1624,19 +1654,10 @@ export interface LoginListView {
   uris: LoginUriView[] | undefined;
 }
 
-export interface Fido2CredentialListView {
-  credentialId: string;
-  rpId: string;
-  userHandle: string | undefined;
-  userName: string | undefined;
-  userDisplayName: string | undefined;
-  counter: string;
-}
-
-export interface LoginUriView {
-  uri: string | undefined;
+export interface LoginUri {
+  uri: EncString | undefined;
   match: UriMatchType | undefined;
-  uriChecksum: string | undefined;
+  uriChecksum: EncString | undefined;
 }
 
 export interface Fido2Credential {
@@ -1655,36 +1676,22 @@ export interface Fido2Credential {
   creationDate: DateTime<Utc>;
 }
 
-export interface LoginUri {
-  uri: EncString | undefined;
-  match: UriMatchType | undefined;
-  uriChecksum: EncString | undefined;
-}
-
-export interface Fido2CredentialNewView {
+export interface Fido2CredentialView {
   credentialId: string;
   keyType: string;
   keyAlgorithm: string;
   keyCurve: string;
+  keyValue: EncString;
   rpId: string;
   userHandle: string | undefined;
   userName: string | undefined;
   counter: string;
   rpName: string | undefined;
   userDisplayName: string | undefined;
+  discoverable: string;
   creationDate: DateTime<Utc>;
 }
 
-export interface LoginView {
-  username: string | undefined;
-  password: string | undefined;
-  passwordRevisionDate: DateTime<Utc> | undefined;
-  uris: LoginUriView[] | undefined;
-  totp: string | undefined;
-  autofillOnPageLoad: boolean | undefined;
-  fido2Credentials: Fido2Credential[] | undefined;
-}
-
 export interface Login {
   username: EncString | undefined;
   password: EncString | undefined;
@@ -1695,6 +1702,93 @@ export interface Login {
   fido2Credentials: Fido2Credential[] | undefined;
 }
 
+export interface Fido2CredentialListView {
+  credentialId: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  userDisplayName: string | undefined;
+  counter: string;
+}
+
+export interface LoginUriView {
+  uri: string | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: string | undefined;
+}
+
+export interface Cipher {
+  id: CipherId | undefined;
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  collectionIds: CollectionId[];
+  /**
+   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
+   * Cipher.
+   */
+  key: EncString | undefined;
+  name: EncString;
+  notes: EncString | undefined;
+  type: CipherType;
+  login: Login | undefined;
+  identity: Identity | undefined;
+  card: Card | undefined;
+  secureNote: SecureNote | undefined;
+  sshKey: SshKey | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  localData: LocalData | undefined;
+  attachments: Attachment[] | undefined;
+  fields: Field[] | undefined;
+  passwordHistory: PasswordHistory[] | undefined;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+  archivedDate: DateTime<Utc> | undefined;
+  data: string | undefined;
+}
+
+export interface EncryptionContext {
+  /**
+   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
+   * Organization-owned ciphers
+   */
+  encryptedFor: UserId;
+  cipher: Cipher;
+}
+
+/**
+ * Available fields on a cipher and can be copied from a the list view in the UI.
+ */
+export type CopyableCipherFields =
+  | "LoginUsername"
+  | "LoginPassword"
+  | "LoginTotp"
+  | "CardNumber"
+  | "CardSecurityCode"
+  | "IdentityUsername"
+  | "IdentityEmail"
+  | "IdentityPhone"
+  | "IdentityAddress"
+  | "SshKey"
+  | "SecureNotes";
+
+/**
+ * NewType wrapper for `CipherId`
+ */
+export type CipherId = Tagged<Uuid, "CipherId">;
+
+export type CipherListViewType =
+  | { login: LoginListView }
+  | "secureNote"
+  | { card: CardListView }
+  | "identity"
+  | "sshKey";
+
 export interface CipherView {
   id: CipherId | undefined;
   organizationId: OrganizationId | undefined;
@@ -1728,15 +1822,6 @@ export interface CipherView {
   archivedDate: DateTime<Utc> | undefined;
 }
 
-export interface EncryptionContext {
-  /**
-   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
-   * Organization-owned ciphers
-   */
-  encryptedFor: UserId;
-  cipher: Cipher;
-}
-
 export interface CipherError extends Error {
   name: "CipherError";
   variant:
@@ -1754,11 +1839,6 @@ export interface CipherError extends Error {
 
 export function isCipherError(error: any): error is CipherError;
 
-/**
- * NewType wrapper for `CipherId`
- */
-export type CipherId = Tagged<Uuid, "CipherId">;
-
 export interface CipherListView {
   id: CipherId | undefined;
   organizationId: OrganizationId | undefined;
@@ -1796,41 +1876,6 @@ export interface CipherListView {
   localData: LocalDataView | undefined;
 }
 
-export interface Cipher {
-  id: CipherId | undefined;
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  collectionIds: CollectionId[];
-  /**
-   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
-   * Cipher.
-   */
-  key: EncString | undefined;
-  name: EncString;
-  notes: EncString | undefined;
-  type: CipherType;
-  login: Login | undefined;
-  identity: Identity | undefined;
-  card: Card | undefined;
-  secureNote: SecureNote | undefined;
-  sshKey: SshKey | undefined;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  organizationUseTotp: boolean;
-  edit: boolean;
-  permissions: CipherPermissions | undefined;
-  viewPassword: boolean;
-  localData: LocalData | undefined;
-  attachments: Attachment[] | undefined;
-  fields: Field[] | undefined;
-  passwordHistory: PasswordHistory[] | undefined;
-  creationDate: DateTime<Utc>;
-  deletedDate: DateTime<Utc> | undefined;
-  revisionDate: DateTime<Utc>;
-  archivedDate: DateTime<Utc> | undefined;
-  data: string | undefined;
-}
-
 /**
  * Represents the result of decrypting a list of ciphers.
  *
@@ -1849,57 +1894,34 @@ export interface DecryptCipherListResult {
   failures: Cipher[];
 }
 
-/**
- * Available fields on a cipher and can be copied from a the list view in the UI.
- */
-export type CopyableCipherFields =
-  | "LoginUsername"
-  | "LoginPassword"
-  | "LoginTotp"
-  | "CardNumber"
-  | "CardSecurityCode"
-  | "IdentityUsername"
-  | "IdentityEmail"
-  | "IdentityPhone"
-  | "IdentityAddress"
-  | "SshKey"
-  | "SecureNotes";
-
-export type CipherListViewType =
-  | { login: LoginListView }
-  | "secureNote"
-  | { card: CardListView }
-  | "identity"
-  | "sshKey";
-
-export interface SshKeyView {
+export interface SshKey {
   /**
    * SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key)
    */
-  privateKey: string;
+  privateKey: EncString;
   /**
    * SSH public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6)
    */
-  publicKey: string;
+  publicKey: EncString;
   /**
    * SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT`
    */
-  fingerprint: string;
+  fingerprint: EncString;
 }
 
-export interface SshKey {
+export interface SshKeyView {
   /**
    * SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key)
    */
-  privateKey: EncString;
+  privateKey: string;
   /**
    * SSH public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6)
    */
-  publicKey: EncString;
+  publicKey: string;
   /**
    * SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT`
    */
-  fingerprint: EncString;
+  fingerprint: string;
 }
 
 export interface Identity {
@@ -1946,11 +1968,6 @@ export interface IdentityView {
 
 export type LinkedIdType = LoginLinkedIdType | CardLinkedIdType | IdentityLinkedIdType;
 
-/**
- * NewType wrapper for `FolderId`
- */
-export type FolderId = Tagged<Uuid, "FolderId">;
-
 export interface Folder {
   id: FolderId | undefined;
   name: EncString;
@@ -1963,6 +1980,11 @@ export interface FolderView {
   revisionDate: DateTime<Utc>;
 }
 
+/**
+ * NewType wrapper for `FolderId`
+ */
+export type FolderId = Tagged<Uuid, "FolderId">;
+
 export interface EditFolderError extends Error {
   name: "EditFolderError";
   variant:
@@ -2713,6 +2735,15 @@ export class RegistrationClient {
    * admin password reset and finally enrolls the user to TDE unlock.
    */
   post_keys_for_tde_registration(request: TdeRegistrationRequest): Promise<TdeRegistrationResponse>;
+  /**
+   * Initializes a new cryptographic state for a user and posts it to the server; enrolls the
+   * user to key connector unlock.
+   */
+  post_keys_for_key_connector_registration(
+    key_connector_url: string,
+    sso_org_identifier: string,
+    user_id: UserId,
+  ): Promise<KeyConnectorRegistrationResult>;
 }
 /**
  * The `SendAccessClient` is used to interact with the Bitwarden API to get send access tokens.