@bitwarden/sdk-internal 0.2.0-main.23 → 0.2.0-main.230

package/node/bitwarden_wasm_internal.d.ts

@@ -1,10 +1,95 @@
 /* tslint:disable */
 /* eslint-disable */
 /**
- * @param {KeyAlgorithm} key_algorithm
- * @returns {GenerateSshKeyResult}
+ * Registers a DiscoverHandler so that the client can respond to DiscoverRequests.
  */
-export function generate_ssh_key(key_algorithm: KeyAlgorithm): GenerateSshKeyResult;
+export function ipcRegisterDiscoverHandler(
+  ipc_client: IpcClient,
+  response: DiscoverResponse,
+): Promise<void>;
+/**
+ * Sends a DiscoverRequest to the specified destination and returns the response.
+ */
+export function ipcRequestDiscover(
+  ipc_client: IpcClient,
+  destination: Endpoint,
+  abort_signal?: AbortSignal | null,
+): Promise<DiscoverResponse>;
+export function set_log_level(level: LogLevel): void;
+export function init_sdk(log_level?: LogLevel | null): void;
+/**
+ * Generate a new SSH key pair
+ *
+ * # Arguments
+ * - `key_algorithm` - The algorithm to use for the key pair
+ *
+ * # Returns
+ * - `Ok(SshKey)` if the key was successfully generated
+ * - `Err(KeyGenerationError)` if the key could not be generated
+ */
+export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
+/**
+ * Convert a PCKS8 or OpenSSH encrypted or unencrypted private key
+ * to an OpenSSH private key with public key and fingerprint
+ *
+ * # Arguments
+ * - `imported_key` - The private key to convert
+ * - `password` - The password to use for decrypting the key
+ *
+ * # Returns
+ * - `Ok(SshKey)` if the key was successfully coneverted
+ * - `Err(PasswordRequired)` if the key is encrypted and no password was provided
+ * - `Err(WrongPassword)` if the password provided is incorrect
+ * - `Err(ParsingError)` if the key could not be parsed
+ * - `Err(UnsupportedKeyType)` if the key type is not supported
+ */
+export function import_ssh_key(imported_key: string, password?: string | null): SshKeyView;
+export enum CardLinkedIdType {
+  CardholderName = 300,
+  ExpMonth = 301,
+  ExpYear = 302,
+  Code = 303,
+  Brand = 304,
+  Number = 305,
+}
+export enum CipherRepromptType {
+  None = 0,
+  Password = 1,
+}
+export enum CipherType {
+  Login = 1,
+  SecureNote = 2,
+  Card = 3,
+  Identity = 4,
+  SshKey = 5,
+}
+export enum FieldType {
+  Text = 0,
+  Hidden = 1,
+  Boolean = 2,
+  Linked = 3,
+}
+export enum IdentityLinkedIdType {
+  Title = 400,
+  MiddleName = 401,
+  Address1 = 402,
+  Address2 = 403,
+  Address3 = 404,
+  City = 405,
+  State = 406,
+  PostalCode = 407,
+  Country = 408,
+  Company = 409,
+  Email = 410,
+  Phone = 411,
+  Ssn = 412,
+  Username = 413,
+  PassportNumber = 414,
+  LicenseNumber = 415,
+  FirstName = 416,
+  LastName = 417,
+  FullName = 418,
+}
 export enum LogLevel {
   Trace = 0,
   Debug = 1,
@@ -12,7 +97,29 @@ export enum LogLevel {
   Warn = 3,
   Error = 4,
 }
+export enum LoginLinkedIdType {
+  Username = 100,
+  Password = 101,
+}
+export enum SecureNoteType {
+  Generic = 0,
+}
+export enum UriMatchType {
+  Domain = 0,
+  Host = 1,
+  StartsWith = 2,
+  Exact = 3,
+  RegularExpression = 4,
+  Never = 5,
+}
+/**
+ * State used for initializing the user cryptographic state.
+ */
 export interface InitUserCryptoRequest {
+  /**
+   * The user\'s ID.
+   */
+  userId: Uuid | undefined;
   /**
    * The user\'s KDF parameters, as received from the prelogin request
    */
@@ -24,15 +131,22 @@ export interface InitUserCryptoRequest {
   /**
    * The user\'s encrypted private key
    */
-  privateKey: string;
+  privateKey: EncString;
+  /**
+   * The user\'s signing key
+   */
+  signingKey: EncString | undefined;
   /**
    * The initialization method to use
    */
   method: InitUserCryptoMethod;
 }
 
+/**
+ * The crypto method used to initialize the user cryptographic state.
+ */
 export type InitUserCryptoMethod =
-  | { password: { password: string; user_key: string } }
+  | { password: { password: string; user_key: EncString } }
   | { decryptedKey: { decrypted_user_key: string } }
   | { pin: { pin: string; pin_protected_user_key: EncString } }
   | { authRequest: { request_private_key: string; method: AuthRequestMethod } }
@@ -40,50 +154,204 @@ export type InitUserCryptoMethod =
       deviceKey: {
         device_key: string;
         protected_device_private_key: EncString;
-        device_protected_user_key: AsymmetricEncString;
+        device_protected_user_key: UnsignedSharedKey;
       };
     }
-  | { keyConnector: { master_key: string; user_key: string } };
+  | { keyConnector: { master_key: string; user_key: EncString } };
 
+/**
+ * Auth requests supports multiple initialization methods.
+ */
 export type AuthRequestMethod =
-  | { userKey: { protected_user_key: AsymmetricEncString } }
-  | { masterKey: { protected_master_key: AsymmetricEncString; auth_request_key: EncString } };
+  | { userKey: { protected_user_key: UnsignedSharedKey } }
+  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
 
+/**
+ * Represents the request to initialize the user\'s organizational cryptographic state.
+ */
 export interface InitOrgCryptoRequest {
   /**
    * The encryption keys for all the organizations the user is a part of
    */
-  organizationKeys: Map<Uuid, AsymmetricEncString>;
+  organizationKeys: Map<Uuid, UnsignedSharedKey>;
 }
 
-export interface CoreError extends Error {
-  name: "CoreError";
-  variant:
-    | "MissingFieldError"
-    | "VaultLocked"
-    | "NotAuthenticated"
-    | "AccessTokenInvalid"
-    | "InvalidResponse"
-    | "Crypto"
-    | "IdentityFail"
-    | "Reqwest"
-    | "Serde"
-    | "Io"
-    | "InvalidBase64"
-    | "Chrono"
-    | "ResponseContent"
-    | "ValidationError"
-    | "InvalidStateFileVersion"
-    | "InvalidStateFile"
-    | "Internal"
-    | "EncryptionSettings";
+/**
+ * Response from the `update_password` function
+ */
+export interface UpdatePasswordResponse {
+  /**
+   * Hash of the new password
+   */
+  passwordHash: string;
+  /**
+   * User key, encrypted with the new password
+   */
+  newKey: EncString;
+}
+
+/**
+ * Request for deriving a pin protected user key
+ */
+export interface DerivePinKeyResponse {
+  /**
+   * [UserKey] protected by PIN
+   */
+  pinProtectedUserKey: EncString;
+  /**
+   * PIN protected by [UserKey]
+   */
+  encryptedPin: EncString;
+}
+
+/**
+ * Request for migrating an account from password to key connector.
+ */
+export interface DeriveKeyConnectorRequest {
+  /**
+   * Encrypted user key, used to validate the master key
+   */
+  userKeyEncrypted: EncString;
+  /**
+   * The user\'s master password
+   */
+  password: string;
+  /**
+   * The KDF parameters used to derive the master key
+   */
+  kdf: Kdf;
+  /**
+   * The user\'s email address
+   */
+  email: string;
+}
+
+/**
+ * Response from the `make_key_pair` function
+ */
+export interface MakeKeyPairResponse {
+  /**
+   * The user\'s public key
+   */
+  userPublicKey: string;
+  /**
+   * User\'s private key, encrypted with the user key
+   */
+  userKeyEncryptedPrivateKey: EncString;
+}
+
+/**
+ * Request for `verify_asymmetric_keys`.
+ */
+export interface VerifyAsymmetricKeysRequest {
+  /**
+   * The user\'s user key
+   */
+  userKey: string;
+  /**
+   * The user\'s public key
+   */
+  userPublicKey: string;
+  /**
+   * User\'s private key, encrypted with the user key
+   */
+  userKeyEncryptedPrivateKey: EncString;
 }
 
-export function isCoreError(error: any): error is CoreError;
+/**
+ * Response for `verify_asymmetric_keys`.
+ */
+export interface VerifyAsymmetricKeysResponse {
+  /**
+   * Whether the user\'s private key was decryptable by the user key.
+   */
+  privateKeyDecryptable: boolean;
+  /**
+   * Whether the user\'s private key was a valid RSA key and matched the public key provided.
+   */
+  validPrivateKey: boolean;
+}
+
+/**
+ * A new signing key pair along with the signed public key
+ */
+export interface MakeUserSigningKeysResponse {
+  /**
+   * Base64 encoded verifying key
+   */
+  verifyingKey: string;
+  /**
+   * Signing key, encrypted with the user\'s symmetric key
+   */
+  signingKey: EncString;
+  /**
+   * The user\'s public key, signed by the signing key
+   */
+  signedPublicKey: SignedPublicKey;
+}
+
+/**
+ * A rotated set of account keys for a user
+ */
+export interface RotateUserKeysResponse {
+  /**
+   * The verifying key
+   */
+  verifyingKey: string;
+  /**
+   * Signing key, encrypted with a symmetric key (user key, org key)
+   */
+  signingKey: EncString;
+  /**
+   * The user\'s public key, signed by the signing key
+   */
+  signedPublicKey: string;
+  /**
+   * The user\'s public key, without signature
+   */
+  publicKey: string;
+  /**
+   * The user\'s private key, encrypted with the user key
+   */
+  privateKey: EncString;
+}
+
+/**
+ * NewType wrapper for `OrganizationId`
+ */
+export type OrganizationId = Tagged<Uuid, "OrganizationId">;
+
+export interface DeriveKeyConnectorError extends Error {
+  name: "DeriveKeyConnectorError";
+  variant: "WrongPassword" | "Crypto";
+}
+
+export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
+
+export interface EnrollAdminPasswordResetError extends Error {
+  name: "EnrollAdminPasswordResetError";
+  variant: "VaultLocked" | "Crypto" | "InvalidBase64";
+}
+
+export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
+
+export interface CryptoClientError extends Error {
+  name: "CryptoClientError";
+  variant: "NotAuthenticated" | "VaultLocked" | "Crypto";
+}
+
+export function isCryptoClientError(error: any): error is CryptoClientError;
 
 export interface EncryptionSettingsError extends Error {
   name: "EncryptionSettingsError";
-  variant: "Crypto" | "InvalidBase64" | "VaultLocked" | "InvalidPrivateKey" | "MissingPrivateKey";
+  variant:
+    | "Crypto"
+    | "InvalidBase64"
+    | "VaultLocked"
+    | "InvalidPrivateKey"
+    | "InvalidSigningKey"
+    | "MissingPrivateKey"
+    | "UserIdAlreadySetError";
 }
 
 export function isEncryptionSettingsError(error: any): error is EncryptionSettingsError;
@@ -152,10 +420,17 @@ export interface ClientSettings {
   deviceType?: DeviceType;
 }
 
-export type AsymmetricEncString = string;
+export type UnsignedSharedKey = string;
 
 export type EncString = string;
 
+export type SignedPublicKey = string;
+
+/**
+ * The type of key / signature scheme used for signing and verifying.
+ */
+export type SignatureAlgorithm = "ed25519";
+
 /**
  * Key Derivation Function for Bitwarden Account
  *
@@ -166,14 +441,254 @@ export type Kdf =
   | { pBKDF2: { iterations: NonZeroU32 } }
   | { argon2id: { iterations: NonZeroU32; memory: NonZeroU32; parallelism: NonZeroU32 } };
 
-export interface GenerateSshKeyResult {
-  private_key: string;
-  public_key: string;
-  key_fingerprint: string;
+export interface CryptoError extends Error {
+  name: "CryptoError";
+  variant:
+    | "InvalidKey"
+    | "InvalidMac"
+    | "MacNotProvided"
+    | "KeyDecrypt"
+    | "InvalidKeyLen"
+    | "InvalidUtf8String"
+    | "MissingKey"
+    | "MissingField"
+    | "MissingKeyId"
+    | "ReadOnlyKeyStore"
+    | "InsufficientKdfParameters"
+    | "EncString"
+    | "RsaError"
+    | "FingerprintError"
+    | "ArgonError"
+    | "ZeroNumber"
+    | "OperationNotSupported"
+    | "WrongKeyType"
+    | "WrongCoseKeyId"
+    | "InvalidNonceLength"
+    | "InvalidPadding"
+    | "SignatureError"
+    | "EncodingError";
+}
+
+export function isCryptoError(error: any): error is CryptoError;
+
+/**
+ * Temporary struct to hold metadata related to current account
+ *
+ * Eventually the SDK itself should have this state and we get rid of this struct.
+ */
+export interface Account {
+  id: Uuid;
+  email: string;
+  name: string | undefined;
+}
+
+export type ExportFormat = "Csv" | "Json" | { EncryptedJson: { password: string } };
+
+export interface ExportError extends Error {
+  name: "ExportError";
+  variant:
+    | "MissingField"
+    | "NotAuthenticated"
+    | "VaultLocked"
+    | "Csv"
+    | "CxfError"
+    | "Json"
+    | "EncryptedJsonError"
+    | "BitwardenCryptoError"
+    | "CipherError";
+}
+
+export function isExportError(error: any): error is ExportError;
+
+export type UsernameGeneratorRequest =
+  | { word: { capitalize: boolean; include_number: boolean } }
+  | { subaddress: { type: AppendType; email: string } }
+  | { catchall: { type: AppendType; domain: string } }
+  | { forwarded: { service: ForwarderServiceType; website: string | undefined } };
+
+/**
+ * Configures the email forwarding service to use.
+ * For instructions on how to configure each service, see the documentation:
+ * <https://bitwarden.com/help/generator/#username-types>
+ */
+export type ForwarderServiceType =
+  | { addyIo: { api_token: string; domain: string; base_url: string } }
+  | { duckDuckGo: { token: string } }
+  | { firefox: { api_token: string } }
+  | { fastmail: { api_token: string } }
+  | { forwardEmail: { api_token: string; domain: string } }
+  | { simpleLogin: { api_key: string; base_url: string } };
+
+export type AppendType = "random" | { websiteName: { website: string } };
+
+export interface UsernameError extends Error {
+  name: "UsernameError";
+  variant: "InvalidApiKey" | "Unknown" | "ResponseContent" | "Reqwest";
 }
 
+export function isUsernameError(error: any): error is UsernameError;
+
+/**
+ * Password generator request options.
+ */
+export interface PasswordGeneratorRequest {
+  /**
+   * Include lowercase characters (a-z).
+   */
+  lowercase: boolean;
+  /**
+   * Include uppercase characters (A-Z).
+   */
+  uppercase: boolean;
+  /**
+   * Include numbers (0-9).
+   */
+  numbers: boolean;
+  /**
+   * Include special characters: ! @ # $ % ^ & *
+   */
+  special: boolean;
+  /**
+   * The length of the generated password.
+   * Note that the password length must be greater than the sum of all the minimums.
+   */
+  length: number;
+  /**
+   * When set to true, the generated password will not contain ambiguous characters.
+   * The ambiguous characters are: I, O, l, 0, 1
+   */
+  avoidAmbiguous: boolean;
+  /**
+   * The minimum number of lowercase characters in the generated password.
+   * When set, the value must be between 1 and 9. This value is ignored if lowercase is false.
+   */
+  minLowercase: number | undefined;
+  /**
+   * The minimum number of uppercase characters in the generated password.
+   * When set, the value must be between 1 and 9. This value is ignored if uppercase is false.
+   */
+  minUppercase: number | undefined;
+  /**
+   * The minimum number of numbers in the generated password.
+   * When set, the value must be between 1 and 9. This value is ignored if numbers is false.
+   */
+  minNumber: number | undefined;
+  /**
+   * The minimum number of special characters in the generated password.
+   * When set, the value must be between 1 and 9. This value is ignored if special is false.
+   */
+  minSpecial: number | undefined;
+}
+
+export interface PasswordError extends Error {
+  name: "PasswordError";
+  variant: "NoCharacterSetEnabled" | "InvalidLength";
+}
+
+export function isPasswordError(error: any): error is PasswordError;
+
+/**
+ * Passphrase generator request options.
+ */
+export interface PassphraseGeneratorRequest {
+  /**
+   * Number of words in the generated passphrase.
+   * This value must be between 3 and 20.
+   */
+  numWords: number;
+  /**
+   * Character separator between words in the generated passphrase. The value cannot be empty.
+   */
+  wordSeparator: string;
+  /**
+   * When set to true, capitalize the first letter of each word in the generated passphrase.
+   */
+  capitalize: boolean;
+  /**
+   * When set to true, include a number at the end of one of the words in the generated
+   * passphrase.
+   */
+  includeNumber: boolean;
+}
+
+export interface PassphraseError extends Error {
+  name: "PassphraseError";
+  variant: "InvalidNumWords";
+}
+
+export function isPassphraseError(error: any): error is PassphraseError;
+
+export interface DiscoverResponse {
+  version: string;
+}
+
+export type Endpoint =
+  | { Web: { id: number } }
+  | "BrowserForeground"
+  | "BrowserBackground"
+  | "DesktopRenderer"
+  | "DesktopMain";
+
+export interface IpcCommunicationBackendSender {
+  send(message: OutgoingMessage): Promise<void>;
+}
+
+export interface ChannelError extends Error {
+  name: "ChannelError";
+}
+
+export function isChannelError(error: any): error is ChannelError;
+
+export interface DeserializeError extends Error {
+  name: "DeserializeError";
+}
+
+export function isDeserializeError(error: any): error is DeserializeError;
+
+export interface RequestError extends Error {
+  name: "RequestError";
+  variant: "Subscribe" | "Receive" | "Timeout" | "Send" | "RpcError";
+}
+
+export function isRequestError(error: any): error is RequestError;
+
+export interface TypedReceiveError extends Error {
+  name: "TypedReceiveError";
+  variant: "Channel" | "Timeout" | "Cancelled" | "Typing";
+}
+
+export function isTypedReceiveError(error: any): error is TypedReceiveError;
+
+export interface ReceiveError extends Error {
+  name: "ReceiveError";
+  variant: "Channel" | "Timeout" | "Cancelled";
+}
+
+export function isReceiveError(error: any): error is ReceiveError;
+
+export interface SubscribeError extends Error {
+  name: "SubscribeError";
+  variant: "NotStarted";
+}
+
+export function isSubscribeError(error: any): error is SubscribeError;
+
 export type KeyAlgorithm = "Ed25519" | "Rsa3072" | "Rsa4096";
 
+export interface SshKeyExportError extends Error {
+  name: "SshKeyExportError";
+  variant: "KeyConversionError";
+}
+
+export function isSshKeyExportError(error: any): error is SshKeyExportError;
+
+export interface SshKeyImportError extends Error {
+  name: "SshKeyImportError";
+  variant: "ParsingError" | "PasswordRequired" | "WrongPassword" | "UnsupportedKeyType";
+}
+
+export function isSshKeyImportError(error: any): error is SshKeyImportError;
+
 export interface KeyGenerationError extends Error {
   name: "KeyGenerationError";
   variant: "KeyGenerationError" | "KeyConversionError";
@@ -181,6 +696,300 @@ export interface KeyGenerationError extends Error {
 
 export function isKeyGenerationError(error: any): error is KeyGenerationError;
 
+export interface CallError extends Error {
+  name: "CallError";
+}
+
+export function isCallError(error: any): error is CallError;
+
+export interface EncryptionContext {
+  /**
+   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
+   * Organization-owned ciphers
+   */
+  encryptedFor: Uuid;
+  cipher: Cipher;
+}
+
+export interface Cipher {
+  id: Uuid | undefined;
+  organizationId: Uuid | undefined;
+  folderId: Uuid | undefined;
+  collectionIds: Uuid[];
+  /**
+   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
+   * Cipher.
+   */
+  key: EncString | undefined;
+  name: EncString;
+  notes: EncString | undefined;
+  type: CipherType;
+  login: Login | undefined;
+  identity: Identity | undefined;
+  card: Card | undefined;
+  secureNote: SecureNote | undefined;
+  sshKey: SshKey | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  localData: LocalData | undefined;
+  attachments: Attachment[] | undefined;
+  fields: Field[] | undefined;
+  passwordHistory: PasswordHistory[] | undefined;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+}
+
+export interface CipherView {
+  id: Uuid | undefined;
+  organizationId: Uuid | undefined;
+  folderId: Uuid | undefined;
+  collectionIds: Uuid[];
+  /**
+   * Temporary, required to support re-encrypting existing items.
+   */
+  key: EncString | undefined;
+  name: string;
+  notes: string | undefined;
+  type: CipherType;
+  login: LoginView | undefined;
+  identity: IdentityView | undefined;
+  card: CardView | undefined;
+  secureNote: SecureNoteView | undefined;
+  sshKey: SshKeyView | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  localData: LocalDataView | undefined;
+  attachments: AttachmentView[] | undefined;
+  fields: FieldView[] | undefined;
+  passwordHistory: PasswordHistoryView[] | undefined;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+}
+
+export type CipherListViewType =
+  | { login: LoginListView }
+  | "secureNote"
+  | { card: CardListView }
+  | "identity"
+  | "sshKey";
+
+/**
+ * Available fields on a cipher and can be copied from a the list view in the UI.
+ */
+export type CopyableCipherFields =
+  | "LoginUsername"
+  | "LoginPassword"
+  | "LoginTotp"
+  | "CardNumber"
+  | "CardSecurityCode"
+  | "IdentityUsername"
+  | "IdentityEmail"
+  | "IdentityPhone"
+  | "IdentityAddress"
+  | "SshKey"
+  | "SecureNotes";
+
+export interface CipherListView {
+  id: Uuid | undefined;
+  organizationId: Uuid | undefined;
+  folderId: Uuid | undefined;
+  collectionIds: Uuid[];
+  /**
+   * Temporary, required to support calculating TOTP from CipherListView.
+   */
+  key: EncString | undefined;
+  name: string;
+  subtitle: string;
+  type: CipherListViewType;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  /**
+   * The number of attachments
+   */
+  attachments: number;
+  /**
+   * Indicates if the cipher has old attachments that need to be re-uploaded
+   */
+  hasOldAttachments: boolean;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+  /**
+   * Hints for the presentation layer for which fields can be copied.
+   */
+  copyableFields: CopyableCipherFields[];
+  localData: LocalDataView | undefined;
+}
+
+/**
+ * Represents the result of decrypting a list of ciphers.
+ *
+ * This struct contains two vectors: `successes` and `failures`.
+ * `successes` contains the decrypted `CipherListView` objects,
+ * while `failures` contains the original `Cipher` objects that failed to decrypt.
+ */
+export interface DecryptCipherListResult {
+  /**
+   * The decrypted `CipherListView` objects.
+   */
+  successes: CipherListView[];
+  /**
+   * The original `Cipher` objects that failed to decrypt.
+   */
+  failures: Cipher[];
+}
+
+export interface Field {
+  name: EncString | undefined;
+  value: EncString | undefined;
+  type: FieldType;
+  linkedId: LinkedIdType | undefined;
+}
+
+export interface FieldView {
+  name: string | undefined;
+  value: string | undefined;
+  type: FieldType;
+  linkedId: LinkedIdType | undefined;
+}
+
+export type LinkedIdType = LoginLinkedIdType | CardLinkedIdType | IdentityLinkedIdType;
+
+export interface LoginUri {
+  uri: EncString | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: EncString | undefined;
+}
+
+export interface LoginUriView {
+  uri: string | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: string | undefined;
+}
+
+export interface Fido2Credential {
+  credentialId: EncString;
+  keyType: EncString;
+  keyAlgorithm: EncString;
+  keyCurve: EncString;
+  keyValue: EncString;
+  rpId: EncString;
+  userHandle: EncString | undefined;
+  userName: EncString | undefined;
+  counter: EncString;
+  rpName: EncString | undefined;
+  userDisplayName: EncString | undefined;
+  discoverable: EncString;
+  creationDate: DateTime<Utc>;
+}
+
+export interface Fido2CredentialListView {
+  credentialId: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  userDisplayName: string | undefined;
+}
+
+export interface Fido2CredentialView {
+  credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
+  keyValue: EncString;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  discoverable: string;
+  creationDate: DateTime<Utc>;
+}
+
+export interface Fido2CredentialFullView {
+  credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
+  keyValue: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  discoverable: string;
+  creationDate: DateTime<Utc>;
+}
+
+export interface Fido2CredentialNewView {
+  credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  creationDate: DateTime<Utc>;
+}
+
+export interface Login {
+  username: EncString | undefined;
+  password: EncString | undefined;
+  passwordRevisionDate: DateTime<Utc> | undefined;
+  uris: LoginUri[] | undefined;
+  totp: EncString | undefined;
+  autofillOnPageLoad: boolean | undefined;
+  fido2Credentials: Fido2Credential[] | undefined;
+}
+
+export interface LoginView {
+  username: string | undefined;
+  password: string | undefined;
+  passwordRevisionDate: DateTime<Utc> | undefined;
+  uris: LoginUriView[] | undefined;
+  totp: string | undefined;
+  autofillOnPageLoad: boolean | undefined;
+  fido2Credentials: Fido2Credential[] | undefined;
+}
+
+export interface LoginListView {
+  fido2Credentials: Fido2CredentialListView[] | undefined;
+  hasFido2: boolean;
+  username: string | undefined;
+  /**
+   * The TOTP key is not decrypted. Useable as is with [`crate::generate_totp_cipher_view`].
+   */
+  totp: EncString | undefined;
+  uris: LoginUriView[] | undefined;
+}
+
+export interface SecureNote {
+  type: SecureNoteType;
+}
+
+export interface SecureNoteView {
+  type: SecureNoteType;
+}
+
 export interface Folder {
   id: Uuid | undefined;
   name: EncString;
@@ -193,11 +1002,237 @@ export interface FolderView {
   revisionDate: DateTime<Utc>;
 }
 
-export interface TestError extends Error {
-  name: "TestError";
+export interface DecryptError extends Error {
+  name: "DecryptError";
+  variant: "Crypto" | "VaultLocked";
 }
 
-export function isTestError(error: any): error is TestError;
+export function isDecryptError(error: any): error is DecryptError;
+
+export interface EncryptError extends Error {
+  name: "EncryptError";
+  variant: "Crypto" | "VaultLocked" | "MissingUserId";
+}
+
+export function isEncryptError(error: any): error is EncryptError;
+
+export interface TotpResponse {
+  /**
+   * Generated TOTP code
+   */
+  code: string;
+  /**
+   * Time period
+   */
+  period: number;
+}
+
+export interface TotpError extends Error {
+  name: "TotpError";
+  variant: "InvalidOtpauth" | "MissingSecret" | "CryptoError" | "VaultLocked";
+}
+
+export function isTotpError(error: any): error is TotpError;
+
+export interface PasswordHistoryView {
+  password: string;
+  lastUsedDate: DateTime<Utc>;
+}
+
+export interface PasswordHistory {
+  password: EncString;
+  lastUsedDate: DateTime<Utc>;
+}
+
+export interface Collection {
+  id: Uuid | undefined;
+  organizationId: Uuid;
+  name: EncString;
+  externalId: string | undefined;
+  hidePasswords: boolean;
+  readOnly: boolean;
+  manage: boolean;
+}
+
+export interface SshKeyView {
+  /**
+   * SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key)
+   */
+  privateKey: string;
+  /**
+   * SSH public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6)
+   */
+  publicKey: string;
+  /**
+   * SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT`
+   */
+  fingerprint: string;
+}
+
+export interface SshKey {
+  /**
+   * SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key)
+   */
+  privateKey: EncString;
+  /**
+   * SSH public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6)
+   */
+  publicKey: EncString;
+  /**
+   * SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT`
+   */
+  fingerprint: EncString;
+}
+
+export interface LocalDataView {
+  lastUsedDate: DateTime<Utc> | undefined;
+  lastLaunched: DateTime<Utc> | undefined;
+}
+
+export interface LocalData {
+  lastUsedDate: DateTime<Utc> | undefined;
+  lastLaunched: DateTime<Utc> | undefined;
+}
+
+export interface IdentityView {
+  title: string | undefined;
+  firstName: string | undefined;
+  middleName: string | undefined;
+  lastName: string | undefined;
+  address1: string | undefined;
+  address2: string | undefined;
+  address3: string | undefined;
+  city: string | undefined;
+  state: string | undefined;
+  postalCode: string | undefined;
+  country: string | undefined;
+  company: string | undefined;
+  email: string | undefined;
+  phone: string | undefined;
+  ssn: string | undefined;
+  username: string | undefined;
+  passportNumber: string | undefined;
+  licenseNumber: string | undefined;
+}
+
+export interface Identity {
+  title: EncString | undefined;
+  firstName: EncString | undefined;
+  middleName: EncString | undefined;
+  lastName: EncString | undefined;
+  address1: EncString | undefined;
+  address2: EncString | undefined;
+  address3: EncString | undefined;
+  city: EncString | undefined;
+  state: EncString | undefined;
+  postalCode: EncString | undefined;
+  country: EncString | undefined;
+  company: EncString | undefined;
+  email: EncString | undefined;
+  phone: EncString | undefined;
+  ssn: EncString | undefined;
+  username: EncString | undefined;
+  passportNumber: EncString | undefined;
+  licenseNumber: EncString | undefined;
+}
+
+export interface CipherPermissions {
+  delete: boolean;
+  restore: boolean;
+}
+
+export interface CipherError extends Error {
+  name: "CipherError";
+  variant: "MissingFieldError" | "VaultLocked" | "CryptoError" | "AttachmentsWithoutKeys";
+}
+
+export function isCipherError(error: any): error is CipherError;
+
+/**
+ * Minimal CardView only including the needed details for list views
+ */
+export interface CardListView {
+  /**
+   * The brand of the card, e.g. Visa, Mastercard, etc.
+   */
+  brand: string | undefined;
+}
+
+export interface CardView {
+  cardholderName: string | undefined;
+  expMonth: string | undefined;
+  expYear: string | undefined;
+  code: string | undefined;
+  brand: string | undefined;
+  number: string | undefined;
+}
+
+export interface Card {
+  cardholderName: EncString | undefined;
+  expMonth: EncString | undefined;
+  expYear: EncString | undefined;
+  code: EncString | undefined;
+  brand: EncString | undefined;
+  number: EncString | undefined;
+}
+
+export interface DecryptFileError extends Error {
+  name: "DecryptFileError";
+  variant: "Decrypt" | "Io";
+}
+
+export function isDecryptFileError(error: any): error is DecryptFileError;
+
+export interface EncryptFileError extends Error {
+  name: "EncryptFileError";
+  variant: "Encrypt" | "Io";
+}
+
+export function isEncryptFileError(error: any): error is EncryptFileError;
+
+export interface AttachmentView {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  sizeName: string | undefined;
+  fileName: string | undefined;
+  key: EncString | undefined;
+  /**
+   * The decrypted attachmentkey in base64 format.
+   *
+   * **TEMPORARY FIELD**: This field is a temporary workaround to provide
+   * decrypted attachment keys to the TypeScript client during the migration
+   * process. It will be removed once the encryption/decryption logic is
+   * fully migrated to the SDK.
+   *
+   * **Ticket**: <https://bitwarden.atlassian.net/browse/PM-23005>
+   *
+   * Do not rely on this field for long-term use.
+   */
+  decryptedKey: string | undefined;
+}
+
+export interface Attachment {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  /**
+   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
+   */
+  sizeName: string | undefined;
+  fileName: EncString | undefined;
+  key: EncString | undefined;
+}
+
+import { Tagged } from "type-fest";
+
+/**
+ * A string that **MUST** be a valid UUID.
+ *
+ * Never create or cast to this type directly, use the `uuid<T>()` function instead.
+ */
+// TODO: Uncomment this when the `uuid` crate is used.
+// export type Uuid = unknown;
 
 export type Uuid = string;
 
@@ -217,73 +1252,431 @@ export type Utc = unknown;
  */
 export type NonZeroU32 = number;
 
+export interface Repository<T> {
+  get(id: string): Promise<T | null>;
+  list(): Promise<T[]>;
+  set(id: string, value: T): Promise<void>;
+  remove(id: string): Promise<void>;
+}
+
+export interface TokenProvider {
+  get_access_token(): Promise<string | undefined>;
+}
+
+export interface TestError extends Error {
+  name: "TestError";
+}
+
+export function isTestError(error: any): error is TestError;
+
+export class AttachmentsClient {
+  private constructor();
+  free(): void;
+  decrypt_buffer(
+    cipher: Cipher,
+    attachment: AttachmentView,
+    encrypted_buffer: Uint8Array,
+  ): Uint8Array;
+}
 export class BitwardenClient {
   free(): void;
-  /**
-   * @param {ClientSettings | undefined} [settings]
-   * @param {LogLevel | undefined} [log_level]
-   */
-  constructor(settings?: ClientSettings, log_level?: LogLevel);
+  constructor(token_provider: any, settings?: ClientSettings | null);
   /**
    * Test method, echoes back the input
-   * @param {string} msg
-   * @returns {string}
    */
   echo(msg: string): string;
+  version(): string;
+  throw(msg: string): void;
   /**
-   * @returns {string}
+   * Test method, calls http endpoint
    */
-  version(): string;
+  http_get(url: string): Promise<string>;
+  crypto(): CryptoClient;
+  vault(): VaultClient;
   /**
-   * @param {string} msg
-   * @returns {Promise<void>}
+   * Constructs a specific client for platform-specific functionality
    */
-  throw(msg: string): Promise<void>;
+  platform(): PlatformClient;
   /**
-   * Test method, calls http endpoint
-   * @param {string} url
-   * @returns {Promise<string>}
+   * Constructs a specific client for generating passwords and passphrases
    */
-  http_get(url: string): Promise<string>;
+  generator(): GeneratorClient;
+  exporters(): ExporterClient;
+}
+export class CiphersClient {
+  private constructor();
+  free(): void;
+  encrypt(cipher_view: CipherView): EncryptionContext;
+  decrypt(cipher: Cipher): CipherView;
+  decrypt_list(ciphers: Cipher[]): CipherListView[];
   /**
-   * @returns {ClientCrypto}
+   * Decrypt cipher list with failures
+   * Returns both successfully decrypted ciphers and any that failed to decrypt
    */
-  crypto(): ClientCrypto;
+  decrypt_list_with_failures(ciphers: Cipher[]): DecryptCipherListResult;
+  decrypt_fido2_credentials(cipher_view: CipherView): Fido2CredentialView[];
   /**
-   * @returns {ClientVault}
+   * Temporary method used to re-encrypt FIDO2 credentials for a cipher view.
+   * Necessary until the TS clients utilize the SDK entirely for FIDO2 credentials management.
+   * TS clients create decrypted FIDO2 credentials that need to be encrypted manually when
+   * encrypting the rest of the CipherView.
+   * TODO: Remove once TS passkey provider implementation uses SDK - PM-8313
    */
-  vault(): ClientVault;
+  set_fido2_credentials(
+    cipher_view: CipherView,
+    fido2_credentials: Fido2CredentialFullView[],
+  ): CipherView;
+  move_to_organization(cipher_view: CipherView, organization_id: OrganizationId): CipherView;
+  decrypt_fido2_private_key(cipher_view: CipherView): string;
 }
-export class ClientCrypto {
+/**
+ * A client for the crypto operations.
+ */
+export class CryptoClient {
+  private constructor();
   free(): void;
   /**
    * Initialization method for the user crypto. Needs to be called before any other crypto
    * operations.
-   * @param {InitUserCryptoRequest} req
-   * @returns {Promise<void>}
    */
   initialize_user_crypto(req: InitUserCryptoRequest): Promise<void>;
   /**
    * Initialization method for the organization crypto. Needs to be called after
    * `initialize_user_crypto` but before any other crypto operations.
-   * @param {InitOrgCryptoRequest} req
-   * @returns {Promise<void>}
    */
   initialize_org_crypto(req: InitOrgCryptoRequest): Promise<void>;
+  /**
+   * Generates a new key pair and encrypts the private key with the provided user key.
+   * Crypto initialization not required.
+   */
+  make_key_pair(user_key: string): MakeKeyPairResponse;
+  /**
+   * Verifies a user's asymmetric keys by decrypting the private key with the provided user
+   * key. Returns if the private key is decryptable and if it is a valid matching key.
+   * Crypto initialization not required.
+   */
+  verify_asymmetric_keys(request: VerifyAsymmetricKeysRequest): VerifyAsymmetricKeysResponse;
+  /**
+   * Makes a new signing key pair and signs the public key for the user
+   */
+  make_user_signing_keys_for_enrollment(): MakeUserSigningKeysResponse;
+  /**
+   * Creates a rotated set of account keys for the current state
+   */
+  get_v2_rotated_account_keys(user_key: string): RotateUserKeysResponse;
 }
-export class ClientFolders {
+export class ExporterClient {
+  private constructor();
   free(): void;
+  export_vault(folders: Folder[], ciphers: Cipher[], format: ExportFormat): string;
+  export_organization_vault(
+    collections: Collection[],
+    ciphers: Cipher[],
+    format: ExportFormat,
+  ): string;
+  /**
+   * Credential Exchange Format (CXF)
+   *
+   * *Warning:* Expect this API to be unstable, and it will change in the future.
+   *
+   * For use with Apple using [ASCredentialExportManager](https://developer.apple.com/documentation/authenticationservices/ascredentialexportmanager).
+   * Ideally the input should be immediately serialized from [ASImportableAccount](https://developer.apple.com/documentation/authenticationservices/asimportableaccount).
+   */
+  export_cxf(account: Account, ciphers: Cipher[]): string;
   /**
-   * Decrypt folder
-   * @param {Folder} folder
-   * @returns {FolderView}
+   * Credential Exchange Format (CXF)
+   *
+   * *Warning:* Expect this API to be unstable, and it will change in the future.
+   *
+   * For use with Apple using [ASCredentialExportManager](https://developer.apple.com/documentation/authenticationservices/ascredentialexportmanager).
+   * Ideally the input should be immediately serialized from [ASImportableAccount](https://developer.apple.com/documentation/authenticationservices/asimportableaccount).
    */
+  import_cxf(payload: string): Cipher[];
+}
+export class FoldersClient {
+  private constructor();
+  free(): void;
+  encrypt(folder_view: FolderView): Folder;
   decrypt(folder: Folder): FolderView;
+  decrypt_list(folders: Folder[]): FolderView[];
 }
-export class ClientVault {
+export class GeneratorClient {
+  private constructor();
+  free(): void;
+  /**
+   * Generates a random password.
+   *
+   * The character sets and password length can be customized using the `input` parameter.
+   *
+   * # Examples
+   *
+   * ```
+   * use bitwarden_core::Client;
+   * use bitwarden_generators::{GeneratorClientsExt, PassphraseError, PasswordGeneratorRequest};
+   *
+   * async fn test() -> Result<(), PassphraseError> {
+   *     let input = PasswordGeneratorRequest {
+   *         lowercase: true,
+   *         uppercase: true,
+   *         numbers: true,
+   *         length: 20,
+   *         ..Default::default()
+   *     };
+   *     let password = Client::new(None).generator().password(input).unwrap();
+   *     println!("{}", password);
+   *     Ok(())
+   * }
+   * ```
+   */
+  password(input: PasswordGeneratorRequest): string;
+  /**
+   * Generates a random passphrase.
+   * A passphrase is a combination of random words separated by a character.
+   * An example of passphrase is `correct horse battery staple`.
+   *
+   * The number of words and their case, the word separator, and the inclusion of
+   * a number in the passphrase can be customized using the `input` parameter.
+   *
+   * # Examples
+   *
+   * ```
+   * use bitwarden_core::Client;
+   * use bitwarden_generators::{GeneratorClientsExt, PassphraseError, PassphraseGeneratorRequest};
+   *
+   * async fn test() -> Result<(), PassphraseError> {
+   *     let input = PassphraseGeneratorRequest {
+   *         num_words: 4,
+   *         ..Default::default()
+   *     };
+   *     let passphrase = Client::new(None).generator().passphrase(input).unwrap();
+   *     println!("{}", passphrase);
+   *     Ok(())
+   * }
+   * ```
+   */
+  passphrase(input: PassphraseGeneratorRequest): string;
+}
+export class IncomingMessage {
+  free(): void;
+  constructor(payload: Uint8Array, destination: Endpoint, source: Endpoint, topic?: string | null);
+  /**
+   * Try to parse the payload as JSON.
+   * @returns The parsed JSON value, or undefined if the payload is not valid JSON.
+   */
+  parse_payload_as_json(): any;
+  payload: Uint8Array;
+  destination: Endpoint;
+  source: Endpoint;
+  get topic(): string | undefined;
+  set topic(value: string | null | undefined);
+}
+/**
+ * JavaScript wrapper around the IPC client. For more information, see the
+ * [IpcClient] documentation.
+ */
+export class IpcClient {
+  free(): void;
+  constructor(communication_provider: IpcCommunicationBackend);
+  start(): Promise<void>;
+  isRunning(): Promise<boolean>;
+  send(message: OutgoingMessage): Promise<void>;
+  subscribe(): Promise<IpcClientSubscription>;
+}
+/**
+ * JavaScript wrapper around the IPC client subscription. For more information, see the
+ * [IpcClientSubscription](crate::IpcClientSubscription) documentation.
+ */
+export class IpcClientSubscription {
+  private constructor();
   free(): void;
+  receive(abort_signal?: AbortSignal | null): Promise<IncomingMessage>;
+}
+/**
+ * JavaScript implementation of the `CommunicationBackend` trait for IPC communication.
+ */
+export class IpcCommunicationBackend {
+  free(): void;
+  /**
+   * Creates a new instance of the JavaScript communication backend.
+   */
+  constructor(sender: IpcCommunicationBackendSender);
+  /**
+   * Used by JavaScript to provide an incoming message to the IPC framework.
+   */
+  receive(message: IncomingMessage): void;
+}
+export class OutgoingMessage {
+  free(): void;
+  constructor(payload: Uint8Array, destination: Endpoint, topic?: string | null);
+  /**
+   * Create a new message and encode the payload as JSON.
+   */
+  static new_json_payload(
+    payload: any,
+    destination: Endpoint,
+    topic?: string | null,
+  ): OutgoingMessage;
+  payload: Uint8Array;
+  destination: Endpoint;
+  get topic(): string | undefined;
+  set topic(value: string | null | undefined);
+}
+export class PlatformClient {
+  private constructor();
+  free(): void;
+  state(): StateClient;
+}
+/**
+ * This module represents a stopgap solution to provide access to primitive crypto functions for JS
+ * clients. It is not intended to be used outside of the JS clients and this pattern should not be
+ * proliferated. It is necessary because we want to use SDK crypto prior to the SDK being fully
+ * responsible for state and keys.
+ */
+export class PureCrypto {
+  private constructor();
+  free(): void;
+  /**
+   * DEPRECATED: Use `symmetric_decrypt_string` instead.
+   * Cleanup ticket: <https://bitwarden.atlassian.net/browse/PM-21247>
+   */
+  static symmetric_decrypt(enc_string: string, key: Uint8Array): string;
+  static symmetric_decrypt_string(enc_string: string, key: Uint8Array): string;
+  static symmetric_decrypt_bytes(enc_string: string, key: Uint8Array): Uint8Array;
+  /**
+   * DEPRECATED: Use `symmetric_decrypt_filedata` instead.
+   * Cleanup ticket: <https://bitwarden.atlassian.net/browse/PM-21247>
+   */
+  static symmetric_decrypt_array_buffer(enc_bytes: Uint8Array, key: Uint8Array): Uint8Array;
+  static symmetric_decrypt_filedata(enc_bytes: Uint8Array, key: Uint8Array): Uint8Array;
+  static symmetric_encrypt_string(plain: string, key: Uint8Array): string;
+  /**
+   * DEPRECATED: Only used by send keys
+   */
+  static symmetric_encrypt_bytes(plain: Uint8Array, key: Uint8Array): string;
+  static symmetric_encrypt_filedata(plain: Uint8Array, key: Uint8Array): Uint8Array;
+  static decrypt_user_key_with_master_password(
+    encrypted_user_key: string,
+    master_password: string,
+    email: string,
+    kdf: Kdf,
+  ): Uint8Array;
+  static encrypt_user_key_with_master_password(
+    user_key: Uint8Array,
+    master_password: string,
+    email: string,
+    kdf: Kdf,
+  ): string;
+  static make_user_key_aes256_cbc_hmac(): Uint8Array;
+  static make_user_key_xchacha20_poly1305(): Uint8Array;
+  /**
+   * Wraps (encrypts) a symmetric key using a symmetric wrapping key, returning the wrapped key
+   * as an EncString.
+   */
+  static wrap_symmetric_key(key_to_be_wrapped: Uint8Array, wrapping_key: Uint8Array): string;
+  /**
+   * Unwraps (decrypts) a wrapped symmetric key using a symmetric wrapping key, returning the
+   * unwrapped key as a serialized byte array.
+   */
+  static unwrap_symmetric_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * Wraps (encrypts) an SPKI DER encoded encapsulation (public) key using a symmetric wrapping
+   * key. Note: Usually, a public key is - by definition - public, so this should not be
+   * used. The specific use-case for this function is to enable rotateable key sets, where
+   * the "public key" is not public, with the intent of preventing the server from being able
+   * to overwrite the user key unlocked by the rotateable keyset.
+   */
+  static wrap_encapsulation_key(encapsulation_key: Uint8Array, wrapping_key: Uint8Array): string;
+  /**
+   * Unwraps (decrypts) a wrapped SPKI DER encoded encapsulation (public) key using a symmetric
+   * wrapping key.
+   */
+  static unwrap_encapsulation_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * Wraps (encrypts) a PKCS8 DER encoded decapsulation (private) key using a symmetric wrapping
+   * key,
+   */
+  static wrap_decapsulation_key(decapsulation_key: Uint8Array, wrapping_key: Uint8Array): string;
+  /**
+   * Unwraps (decrypts) a wrapped PKCS8 DER encoded decapsulation (private) key using a symmetric
+   * wrapping key.
+   */
+  static unwrap_decapsulation_key(wrapped_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * Encapsulates (encrypts) a symmetric key using an asymmetric encapsulation key (public key)
+   * in SPKI format, returning the encapsulated key as a string. Note: This is unsigned, so
+   * the sender's authenticity cannot be verified by the recipient.
+   */
+  static encapsulate_key_unsigned(shared_key: Uint8Array, encapsulation_key: Uint8Array): string;
+  /**
+   * Decapsulates (decrypts) a symmetric key using an decapsulation key (private key) in PKCS8
+   * DER format. Note: This is unsigned, so the sender's authenticity cannot be verified by the
+   * recipient.
+   */
+  static decapsulate_key_unsigned(
+    encapsulated_key: string,
+    decapsulation_key: Uint8Array,
+  ): Uint8Array;
+  /**
+   * Given a wrapped signing key and the symmetric key it is wrapped with, this returns
+   * the corresponding verifying key.
+   */
+  static verifying_key_for_signing_key(signing_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * Returns the algorithm used for the given verifying key.
+   */
+  static key_algorithm_for_verifying_key(verifying_key: Uint8Array): SignatureAlgorithm;
+  /**
+   * For a given signing identity (verifying key), this function verifies that the signing
+   * identity claimed ownership of the public key. This is a one-sided claim and merely shows
+   * that the signing identity has the intent to receive messages encrypted to the public
+   * key.
+   */
+  static verify_and_unwrap_signed_public_key(
+    signed_public_key: Uint8Array,
+    verifying_key: Uint8Array,
+  ): Uint8Array;
+  /**
+   * Derive output of the KDF for a [bitwarden_crypto::Kdf] configuration.
+   */
+  static derive_kdf_material(password: Uint8Array, salt: Uint8Array, kdf: Kdf): Uint8Array;
+}
+export class StateClient {
+  private constructor();
+  free(): void;
+  register_cipher_repository(store: Repository<Cipher>): void;
+}
+export class TotpClient {
+  private constructor();
+  free(): void;
+  /**
+   * Generates a TOTP code from a provided key
+   *
+   * # Arguments
+   * - `key` - Can be:
+   *     - A base32 encoded string
+   *     - OTP Auth URI
+   *     - Steam URI
+   * - `time_ms` - Optional timestamp in milliseconds
+   */
+  generate_totp(key: string, time_ms?: number | null): TotpResponse;
+}
+export class VaultClient {
+  private constructor();
+  free(): void;
+  /**
+   * Attachment related operations.
+   */
+  attachments(): AttachmentsClient;
+  /**
+   * Cipher related operations.
+   */
+  ciphers(): CiphersClient;
+  /**
+   * Folder related operations.
+   */
+  folders(): FoldersClient;
   /**
-   * @returns {ClientFolders}
+   * TOTP related operations.
    */
-  folders(): ClientFolders;
+  totp(): TotpClient;
 }