@bitwarden/sdk-internal 0.2.0-main.364 → 0.2.0-main.365

package/VERSION

@@ -1 +1 @@
-11df05baf3b41d5c92366ae8b96a6c016268f650
+8ef7951ee6bbce308df2a728885d72aaa20263e0

package/bitwarden_wasm_internal.d.ts

@@ -1387,6 +1387,85 @@ export interface SecureNoteView {
   type: SecureNoteType;
 }
 
+/**
+ * Result of checking password exposure via HIBP API.
+ */
+export type ExposedPasswordResult =
+  | { type: "NotChecked" }
+  | { type: "Found"; value: number }
+  | { type: "Error"; value: string };
+
+/**
+ * Login cipher data needed for risk evaluation.
+ */
+export interface CipherLoginDetails {
+  /**
+   * Cipher ID to identify which cipher in results.
+   */
+  id: CipherId;
+  /**
+   * The decrypted password to evaluate.
+   */
+  password: string;
+  /**
+   * Username or email (login ciphers only have one field).
+   */
+  username: string | undefined;
+}
+
+/**
+ * Password reuse map wrapper for WASM compatibility.
+ */
+export type PasswordReuseMap = Record<string, number>;
+
+/**
+ * Options for configuring risk computation.
+ */
+export interface CipherRiskOptions {
+  /**
+   * Pre-computed password reuse map (password → count).
+   * If provided, enables reuse detection across ciphers.
+   */
+  passwordMap?: PasswordReuseMap | undefined;
+  /**
+   * Whether to check passwords against Have I Been Pwned API.
+   * When true, makes network requests to check for exposed passwords.
+   */
+  checkExposed?: boolean;
+  /**
+   * Optional HIBP API base URL override. When None, uses the production HIBP URL.
+   * Can be used for testing or alternative password breach checking services.
+   */
+  hibpBaseUrl?: string | undefined;
+}
+
+/**
+ * Risk evaluation result for a single cipher.
+ */
+export interface CipherRiskResult {
+  /**
+   * Cipher ID matching the input CipherLoginDetails.
+   */
+  id: CipherId;
+  /**
+   * Password strength score from 0 (weakest) to 4 (strongest).
+   * Calculated using zxcvbn with cipher-specific context.
+   */
+  password_strength: number;
+  /**
+   * Result of checking password exposure via HIBP API.
+   * - `NotChecked`: check_exposed was false, or password was empty
+   * - `Found(n)`: Successfully checked, found in n breaches
+   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
+   */
+  exposed_result: ExposedPasswordResult;
+  /**
+   * Number of times this password appears in the provided password_map.
+   * None if not found or if no password_map was provided.
+   */
+  reuse_count: number | undefined;
+}
+
 /**
  * Request to add or edit a folder.
  */
@@ -1488,6 +1567,13 @@ export interface CreateFolderError extends Error {
 
 export function isCreateFolderError(error: any): error is CreateFolderError;
 
+export interface CipherRiskError extends Error {
+  name: "CipherRiskError";
+  variant: "Reqwest";
+}
+
+export function isCipherRiskError(error: any): error is CipherRiskError;
+
 export interface SshKeyView {
   /**
    * SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key)
@@ -1767,6 +1853,49 @@ export class BitwardenClient {
    */
   exporters(): ExporterClient;
 }
+/**
+ * Client for evaluating credential risk for login ciphers.
+ */
+export class CipherRiskClient {
+  private constructor();
+  free(): void;
+  /**
+   * Build password reuse map for a list of login ciphers.
+   *
+   * Returns a map where keys are passwords and values are the number of times
+   * each password appears in the provided list. This map can be passed to `compute_risk()`
+   * to enable password reuse detection.
+   */
+  password_reuse_map(login_details: CipherLoginDetails[]): PasswordReuseMap;
+  /**
+   * Evaluate security risks for multiple login ciphers concurrently.
+   *
+   * For each cipher:
+   * 1. Calculates password strength (0-4) using zxcvbn with cipher-specific context
+   * 2. Optionally checks if the password has been exposed via Have I Been Pwned API
+   * 3. Counts how many times the password is reused in the provided `password_map`
+   *
+   * Returns a vector of `CipherRisk` results, one for each input cipher.
+   *
+   * ## HIBP Check Results (`exposed_result` field)
+   *
+   * The `exposed_result` field uses the `ExposedPasswordResult` enum with three possible states:
+   * - `NotChecked`: Password exposure check was not performed because:
+   *   - `check_exposed` option was `false`, or
+   *   - Password was empty
+   * - `Found(n)`: Successfully checked via HIBP API, password appears in `n` data breaches
+   * - `Error(msg)`: HIBP API request failed with error message `msg`
+   *
+   * # Errors
+   *
+   * This method only returns `Err` for internal logic failures. HIBP API errors are
+   * captured per-cipher in the `exposed_result` field as `ExposedPasswordResult::Error(msg)`.
+   */
+  compute_risk(
+    login_details: CipherLoginDetails[],
+    options: CipherRiskOptions,
+  ): Promise<CipherRiskResult[]>;
+}
 export class CiphersClient {
   private constructor();
   free(): void;
@@ -2271,4 +2400,8 @@ export class VaultClient {
    * Collection related operations.
    */
   collections(): CollectionsClient;
+  /**
+   * Cipher risk evaluation operations.
+   */
+  cipher_risk(): CipherRiskClient;
 }

package/bitwarden_wasm_internal_bg.js

@@ -781,6 +781,19 @@ export function isCreateFolderError(error) {
   }
 }
 
+/**
+ * @param {any} error
+ * @returns {boolean}
+ */
+export function isCipherRiskError(error) {
+  try {
+    const ret = wasm.isCipherRiskError(addBorrowedObject(error));
+    return ret !== 0;
+  } finally {
+    heap[stack_pointer++] = undefined;
+  }
+}
+
 /**
  * @param {any} error
  * @returns {boolean}
@@ -860,17 +873,9 @@ export function isEncryptFileError(error) {
 }
 
 function __wbg_adapter_54(arg0, arg1, arg2) {
-  wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h73da98aaeb1dd73e(
-    arg0,
-    arg1,
-    addHeapObject(arg2),
-  );
-}
-
-function __wbg_adapter_57(arg0, arg1, arg2) {
   try {
     const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8ea2596275819f2b(
+    wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h0bf1e388b6a2a546(
       retptr,
       arg0,
       arg1,
@@ -886,15 +891,23 @@ function __wbg_adapter_57(arg0, arg1, arg2) {
   }
 }
 
+function __wbg_adapter_57(arg0, arg1, arg2) {
+  wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h10e0c24f5f2fd803(
+    arg0,
+    arg1,
+    addHeapObject(arg2),
+  );
+}
+
 function __wbg_adapter_60(arg0, arg1) {
-  wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h091423ccfc08366e(
+  wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h1d088d25aee734e6(
     arg0,
     arg1,
   );
 }
 
-function __wbg_adapter_346(arg0, arg1, arg2, arg3) {
-  wasm.wasm_bindgen__convert__closures__invoke2_mut__h54a8613170fef18e(
+function __wbg_adapter_352(arg0, arg1, arg2, arg3) {
+  wasm.wasm_bindgen__convert__closures__invoke2_mut__h849ee2a9e4ae2f91(
     arg0,
     arg1,
     addHeapObject(arg2),
@@ -1318,6 +1331,88 @@ export class BitwardenClient {
   }
 }
 
+const CipherRiskClientFinalization =
+  typeof FinalizationRegistry === "undefined"
+    ? { register: () => {}, unregister: () => {} }
+    : new FinalizationRegistry((ptr) => wasm.__wbg_cipherriskclient_free(ptr >>> 0, 1));
+/**
+ * Client for evaluating credential risk for login ciphers.
+ */
+export class CipherRiskClient {
+  static __wrap(ptr) {
+    ptr = ptr >>> 0;
+    const obj = Object.create(CipherRiskClient.prototype);
+    obj.__wbg_ptr = ptr;
+    CipherRiskClientFinalization.register(obj, obj.__wbg_ptr, obj);
+    return obj;
+  }
+
+  __destroy_into_raw() {
+    const ptr = this.__wbg_ptr;
+    this.__wbg_ptr = 0;
+    CipherRiskClientFinalization.unregister(this);
+    return ptr;
+  }
+
+  free() {
+    const ptr = this.__destroy_into_raw();
+    wasm.__wbg_cipherriskclient_free(ptr, 0);
+  }
+  /**
+   * Build password reuse map for a list of login ciphers.
+   *
+   * Returns a map where keys are passwords and values are the number of times
+   * each password appears in the provided list. This map can be passed to `compute_risk()`
+   * to enable password reuse detection.
+   * @param {CipherLoginDetails[]} login_details
+   * @returns {PasswordReuseMap}
+   */
+  password_reuse_map(login_details) {
+    const ptr0 = passArrayJsValueToWasm0(login_details, wasm.__wbindgen_malloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.cipherriskclient_password_reuse_map(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
+  }
+  /**
+   * Evaluate security risks for multiple login ciphers concurrently.
+   *
+   * For each cipher:
+   * 1. Calculates password strength (0-4) using zxcvbn with cipher-specific context
+   * 2. Optionally checks if the password has been exposed via Have I Been Pwned API
+   * 3. Counts how many times the password is reused in the provided `password_map`
+   *
+   * Returns a vector of `CipherRisk` results, one for each input cipher.
+   *
+   * ## HIBP Check Results (`exposed_result` field)
+   *
+   * The `exposed_result` field uses the `ExposedPasswordResult` enum with three possible states:
+   * - `NotChecked`: Password exposure check was not performed because:
+   *   - `check_exposed` option was `false`, or
+   *   - Password was empty
+   * - `Found(n)`: Successfully checked via HIBP API, password appears in `n` data breaches
+   * - `Error(msg)`: HIBP API request failed with error message `msg`
+   *
+   * # Errors
+   *
+   * This method only returns `Err` for internal logic failures. HIBP API errors are
+   * captured per-cipher in the `exposed_result` field as `ExposedPasswordResult::Error(msg)`.
+   * @param {CipherLoginDetails[]} login_details
+   * @param {CipherRiskOptions} options
+   * @returns {Promise<CipherRiskResult[]>}
+   */
+  compute_risk(login_details, options) {
+    const ptr0 = passArrayJsValueToWasm0(login_details, wasm.__wbindgen_malloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.cipherriskclient_compute_risk(
+      this.__wbg_ptr,
+      ptr0,
+      len0,
+      addHeapObject(options),
+    );
+    return takeObject(ret);
+  }
+}
+
 const CiphersClientFinalization =
   typeof FinalizationRegistry === "undefined"
     ? { register: () => {}, unregister: () => {} }
@@ -4023,6 +4118,14 @@ export class VaultClient {
     const ret = wasm.vaultclient_attachments(this.__wbg_ptr);
     return CollectionsClient.__wrap(ret);
   }
+  /**
+   * Cipher risk evaluation operations.
+   * @returns {CipherRiskClient}
+   */
+  cipher_risk() {
+    const ret = wasm.vaultclient_attachments(this.__wbg_ptr);
+    return CipherRiskClient.__wrap(ret);
+  }
 }
 
 export function __wbg_String_8f0eb39a4a4c2f66(arg0, arg1) {
@@ -4105,7 +4208,7 @@ export function __wbg_call_7cccdd69e0791ae2() {
   }, arguments);
 }
 
-export function __wbg_cipher_53f05a3d4382452d(arg0) {
+export function __wbg_cipher_0354ea4980a45865(arg0) {
   const ret = getObject(arg0).cipher;
   return isLikeNone(ret) ? 0 : addHeapObject(ret);
 }
@@ -4185,11 +4288,16 @@ export function __wbg_fetch_509096533071c657(arg0, arg1) {
   return addHeapObject(ret);
 }
 
-export function __wbg_folder_fde5400eab30ad85(arg0) {
+export function __wbg_folder_065654789aaca86c(arg0) {
   const ret = getObject(arg0).folder;
   return isLikeNone(ret) ? 0 : addHeapObject(ret);
 }
 
+export function __wbg_getFullYear_17d3c9e4db748eb7(arg0) {
+  const ret = getObject(arg0).getFullYear();
+  return ret;
+}
+
 export function __wbg_getRandomValues_38097e921c2494c3() {
   return handleError(function (arg0, arg1) {
     globalThis.crypto.getRandomValues(getArrayU8FromWasm0(arg0, arg1));
@@ -4207,7 +4315,7 @@ export function __wbg_getTime_46267b1c24877e30(arg0) {
   return ret;
 }
 
-export function __wbg_get_1cef86ba4b924f78() {
+export function __wbg_get_0c000b31aafb62a6() {
   return handleError(function (arg0, arg1, arg2) {
     let deferred0_0;
     let deferred0_1;
@@ -4234,7 +4342,7 @@ export function __wbg_get_b9b93047fe3cf45b(arg0, arg1) {
   return addHeapObject(ret);
 }
 
-export function __wbg_get_c015e7c4206c8288() {
+export function __wbg_get_c3b0fae9ed2d916c() {
   return handleError(function (arg0, arg1, arg2) {
     let deferred0_0;
     let deferred0_1;
@@ -4249,7 +4357,7 @@ export function __wbg_get_c015e7c4206c8288() {
   }, arguments);
 }
 
-export function __wbg_getaccesstoken_a82c383817948d88(arg0) {
+export function __wbg_getaccesstoken_d29c96563f3c4f7f(arg0) {
   const ret = getObject(arg0).get_access_token();
   return addHeapObject(ret);
 }
@@ -4434,14 +4542,14 @@ export function __wbg_length_e2d2a49132c1b256(arg0) {
   return ret;
 }
 
-export function __wbg_list_59934153e70ad537() {
+export function __wbg_list_5218cdfdd9081474() {
   return handleError(function (arg0) {
     const ret = getObject(arg0).list();
     return addHeapObject(ret);
   }, arguments);
 }
 
-export function __wbg_list_affd0ef6131ef801() {
+export function __wbg_list_83c655ffacf926b7() {
   return handleError(function (arg0) {
     const ret = getObject(arg0).list();
     return addHeapObject(ret);
@@ -4484,7 +4592,7 @@ export function __wbg_new_23a2665fac83c611(arg0, arg1) {
       const a = state0.a;
       state0.a = 0;
       try {
-        return __wbg_adapter_346(a, state0.b, arg0, arg1);
+        return __wbg_adapter_352(a, state0.b, arg0, arg1);
       } finally {
         state0.a = a;
       }
@@ -4599,6 +4707,11 @@ export function __wbg_node_905d3e251edff8a2(arg0) {
   return addHeapObject(ret);
 }
 
+export function __wbg_now_d18023d54d4e5500(arg0) {
+  const ret = getObject(arg0).now();
+  return ret;
+}
+
 export function __wbg_open_e0c0b2993eb596e1() {
   return handleError(function (arg0, arg1, arg2, arg3) {
     const ret = getObject(arg0).open(getStringFromWasm0(arg1, arg2), arg3 >>> 0);
@@ -4642,7 +4755,7 @@ export function __wbg_randomFillSync_ac0988aba3254290() {
   }, arguments);
 }
 
-export function __wbg_remove_277c5173081d0d22() {
+export function __wbg_remove_0e9beb59d125be57() {
   return handleError(function (arg0, arg1, arg2) {
     let deferred0_0;
     let deferred0_1;
@@ -4657,7 +4770,7 @@ export function __wbg_remove_277c5173081d0d22() {
   }, arguments);
 }
 
-export function __wbg_remove_c7d0dbca35774cea() {
+export function __wbg_remove_6387a99bd1c07f3b() {
   return handleError(function (arg0, arg1, arg2) {
     let deferred0_0;
     let deferred0_1;
@@ -4711,11 +4824,7 @@ export function __wbg_set_3f1d0b984ed272ed(arg0, arg1, arg2) {
   getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
 }
 
-export function __wbg_set_65595bdd868b3009(arg0, arg1, arg2) {
-  getObject(arg0).set(getObject(arg1), arg2 >>> 0);
-}
-
-export function __wbg_set_69e1ef203c553c6e() {
+export function __wbg_set_4909636594ca7c7a() {
   return handleError(function (arg0, arg1, arg2, arg3) {
     let deferred0_0;
     let deferred0_1;
@@ -4730,12 +4839,16 @@ export function __wbg_set_69e1ef203c553c6e() {
   }, arguments);
 }
 
+export function __wbg_set_65595bdd868b3009(arg0, arg1, arg2) {
+  getObject(arg0).set(getObject(arg1), arg2 >>> 0);
+}
+
 export function __wbg_set_8fc6bf8a5b1071d1(arg0, arg1, arg2) {
   const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
   return addHeapObject(ret);
 }
 
-export function __wbg_set_ed9a891c195e1ca6() {
+export function __wbg_set_b63bcc0eff25f894() {
   return handleError(function (arg0, arg1, arg2, arg3) {
     let deferred0_0;
     let deferred0_1;
@@ -4847,6 +4960,11 @@ export function __wbg_static_accessor_WINDOW_5de37043a91a9c40() {
   return isLikeNone(ret) ? 0 : addHeapObject(ret);
 }
 
+export function __wbg_static_accessor_performance_da77b3a901a72934() {
+  const ret = performance;
+  return addHeapObject(ret);
+}
+
 export function __wbg_status_f6360336ca686bf0(arg0) {
   const ret = getObject(arg0).status;
   return ret;
@@ -4960,28 +5078,28 @@ export function __wbindgen_cb_drop(arg0) {
   return ret;
 }
 
-export function __wbindgen_closure_wrapper193(arg0, arg1, arg2) {
+export function __wbindgen_closure_wrapper198(arg0, arg1, arg2) {
   const ret = makeMutClosure(arg0, arg1, 7, __wbg_adapter_54);
   return addHeapObject(ret);
 }
 
-export function __wbindgen_closure_wrapper195(arg0, arg1, arg2) {
+export function __wbindgen_closure_wrapper200(arg0, arg1, arg2) {
   const ret = makeMutClosure(arg0, arg1, 7, __wbg_adapter_57);
   return addHeapObject(ret);
 }
 
-export function __wbindgen_closure_wrapper3923(arg0, arg1, arg2) {
-  const ret = makeMutClosure(arg0, arg1, 301, __wbg_adapter_60);
+export function __wbindgen_closure_wrapper4243(arg0, arg1, arg2) {
+  const ret = makeMutClosure(arg0, arg1, 349, __wbg_adapter_60);
   return addHeapObject(ret);
 }
 
-export function __wbindgen_closure_wrapper6409(arg0, arg1, arg2) {
-  const ret = makeMutClosure(arg0, arg1, 327, __wbg_adapter_60);
+export function __wbindgen_closure_wrapper8217(arg0, arg1, arg2) {
+  const ret = makeMutClosure(arg0, arg1, 516, __wbg_adapter_60);
   return addHeapObject(ret);
 }
 
-export function __wbindgen_closure_wrapper6789(arg0, arg1, arg2) {
-  const ret = makeMutClosure(arg0, arg1, 350, __wbg_adapter_54);
+export function __wbindgen_closure_wrapper8600(arg0, arg1, arg2) {
+  const ret = makeMutClosure(arg0, arg1, 538, __wbg_adapter_57);
   return addHeapObject(ret);
 }
 

package/bitwarden_wasm_internal_bg.wasm.d.ts

@@ -345,6 +345,8 @@ export const ciphersclient_move_to_organization: (
   d: number,
 ) => void;
 export const ciphersclient_decrypt_fido2_private_key: (a: number, b: number, c: number) => void;
+export const cipherriskclient_password_reuse_map: (a: number, b: number, c: number) => number;
+export const cipherriskclient_compute_risk: (a: number, b: number, c: number, d: number) => number;
 export const foldersclient_encrypt: (a: number, b: number, c: number) => void;
 export const foldersclient_decrypt: (a: number, b: number, c: number) => void;
 export const foldersclient_decrypt_list: (a: number, b: number, c: number, d: number) => void;
@@ -379,6 +381,7 @@ export const isTotpError: (a: number) => number;
 export const isGetFolderError: (a: number) => number;
 export const isEditFolderError: (a: number) => number;
 export const isCreateFolderError: (a: number) => number;
+export const isCipherRiskError: (a: number) => number;
 export const isGetCipherError: (a: number) => number;
 export const isEditCipherError: (a: number) => number;
 export const isCreateCipherError: (a: number) => number;
@@ -399,7 +402,9 @@ export const vaultclient_ciphers: (a: number) => number;
 export const vaultclient_folders: (a: number) => number;
 export const vaultclient_totp: (a: number) => number;
 export const vaultclient_collections: (a: number) => number;
+export const vaultclient_cipher_risk: (a: number) => number;
 export const __wbg_foldersclient_free: (a: number, b: number) => void;
+export const __wbg_cipherriskclient_free: (a: number, b: number) => void;
 export const __wbg_ciphersclient_free: (a: number, b: number) => void;
 export const __wbg_collectionsclient_free: (a: number, b: number) => void;
 export const __wbg_vaultclient_free: (a: number, b: number) => void;
@@ -414,22 +419,22 @@ export const __wbindgen_exn_store: (a: number) => void;
 export const __wbindgen_free: (a: number, b: number, c: number) => void;
 export const __wbindgen_export_4: WebAssembly.Table;
 export const __wbindgen_add_to_stack_pointer: (a: number) => number;
-export const _dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h73da98aaeb1dd73e: (
+export const _dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h0bf1e388b6a2a546: (
   a: number,
   b: number,
   c: number,
+  d: number,
 ) => void;
-export const _dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8ea2596275819f2b: (
+export const _dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h10e0c24f5f2fd803: (
   a: number,
   b: number,
   c: number,
-  d: number,
 ) => void;
-export const _dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h091423ccfc08366e: (
+export const _dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h1d088d25aee734e6: (
   a: number,
   b: number,
 ) => void;
-export const wasm_bindgen__convert__closures__invoke2_mut__h54a8613170fef18e: (
+export const wasm_bindgen__convert__closures__invoke2_mut__h849ee2a9e4ae2f91: (
   a: number,
   b: number,
   c: number,