npm - @bitwarden/sdk-internal - Versions diffs - 0.2.0-main.425 → 0.2.0-main.427 - Mend

@bitwarden/sdk-internal 0.2.0-main.425 → 0.2.0-main.427

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/VERSION +1 -1
package/bitwarden_wasm_internal.d.ts +468 -468
package/bitwarden_wasm_internal_bg.js +75 -75
package/bitwarden_wasm_internal_bg.wasm +0 -0
package/bitwarden_wasm_internal_bg.wasm.d.ts +7 -7
package/bitwarden_wasm_internal_bg.wasm.js +1 -1
package/node/bitwarden_wasm_internal.d.ts +468 -468
package/node/bitwarden_wasm_internal.js +79 -79
package/node/bitwarden_wasm_internal_bg.wasm +0 -0
package/node/bitwarden_wasm_internal_bg.wasm.d.ts +7 -7
package/package.json +1 -1

package/node/bitwarden_wasm_internal.d.ts CHANGED Viewed

@@ -194,14 +194,6 @@ export interface IndexedDbConfiguration {
   db_name: string;
 }
-/**
- * The credentials used for send access requests.
- */
-export type SendAccessCredentials =
-  | SendPasswordCredentials
-  | SendEmailOtpCredentials
-  | SendEmailCredentials;
 /**
  * Credentials for sending an OTP to the user\'s email address.
  * This is used when the send requires email verification with an OTP.
@@ -253,6 +245,28 @@ export interface SendAccessTokenRequest {
   sendAccessCredentials?: SendAccessCredentials;
 }
+/**
+ * The credentials used for send access requests.
+ */
+export type SendAccessCredentials =
+  | SendPasswordCredentials
+  | SendEmailOtpCredentials
+  | SendEmailCredentials;
+/**
+ * A send access token which can be used to access a send.
+ */
+export interface SendAccessTokenResponse {
+  /**
+   * The actual token string.
+   */
+  token: string;
+  /**
+   * The timestamp in milliseconds when the token expires.
+   */
+  expiresAt: number;
+}
 /**
  * Represents errors that can occur when requesting a send access token.
  * It includes expected and unexpected API errors.
@@ -272,18 +286,14 @@ export type SendAccessTokenError =
 export type UnexpectedIdentityError = string;
 /**
- * A send access token which can be used to access a send.
+ * Invalid request errors - typically due to missing parameters.
  */
-export interface SendAccessTokenResponse {
-  /**
-   * The actual token string.
-   */
-  token: string;
-  /**
-   * The timestamp in milliseconds when the token expires.
-   */
-  expiresAt: number;
-}
+export type SendAccessTokenInvalidRequestError =
+  | "send_id_required"
+  | "password_hash_b64_required"
+  | "email_required"
+  | "email_and_otp_required_otp_sent"
+  | "unknown";
 /**
  * Represents the possible, expected errors that can occur when requesting a send access token.
@@ -305,16 +315,6 @@ export type SendAccessTokenApiErrorResponse =
   | { error: "invalid_scope"; error_description?: string }
   | { error: "invalid_target"; error_description?: string };
-/**
- * Invalid request errors - typically due to missing parameters.
- */
-export type SendAccessTokenInvalidRequestError =
-  | "send_id_required"
-  | "password_hash_b64_required"
-  | "email_required"
-  | "email_and_otp_required_otp_sent"
-  | "unknown";
 /**
  * Invalid grant errors - typically due to invalid credentials.
  */
@@ -350,14 +350,14 @@ export interface Collection {
 }
 /**
- * NewType wrapper for `CollectionId`
+ * Type of collection
  */
-export type CollectionId = Tagged<Uuid, "CollectionId">;
+export type CollectionType = "SharedCollection" | "DefaultUserCollection";
 /**
- * Type of collection
+ * NewType wrapper for `CollectionId`
  */
-export type CollectionType = "SharedCollection" | "DefaultUserCollection";
+export type CollectionId = Tagged<Uuid, "CollectionId">;
 export interface CollectionDecryptError extends Error {
   name: "CollectionDecryptError";
@@ -368,18 +368,6 @@ export function isCollectionDecryptError(error: any): error is CollectionDecrypt
 export type SignedSecurityState = string;
-export interface MasterPasswordError extends Error {
-  name: "MasterPasswordError";
-  variant:
-    | "EncryptionKeyMalformed"
-    | "KdfMalformed"
-    | "InvalidKdfConfiguration"
-    | "MissingField"
-    | "Crypto";
-}
-export function isMasterPasswordError(error: any): error is MasterPasswordError;
 /**
  * Represents the data required to unlock with the master password.
  */
@@ -398,6 +386,18 @@ export interface MasterPasswordUnlockData {
   salt: string;
 }
+export interface MasterPasswordError extends Error {
+  name: "MasterPasswordError";
+  variant:
+    | "EncryptionKeyMalformed"
+    | "KdfMalformed"
+    | "InvalidKdfConfiguration"
+    | "MissingField"
+    | "Crypto";
+}
+export function isMasterPasswordError(error: any): error is MasterPasswordError;
 /**
  * Represents the data required to authenticate with the master password.
  */
@@ -437,77 +437,86 @@ export function isAccountCryptographyInitializationError(
   error: any,
 ): error is AccountCryptographyInitializationError;
+export interface CryptoClientError extends Error {
+  name: "CryptoClientError";
+  variant: "NotAuthenticated" | "Crypto" | "InvalidKdfSettings" | "PasswordProtectedKeyEnvelope";
+}
+export function isCryptoClientError(error: any): error is CryptoClientError;
+export interface EnrollAdminPasswordResetError extends Error {
+  name: "EnrollAdminPasswordResetError";
+  variant: "Crypto";
+}
+export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
 /**
- * Response for `verify_asymmetric_keys`.
+ * Auth requests supports multiple initialization methods.
  */
-export interface VerifyAsymmetricKeysResponse {
-  /**
-   * Whether the user\'s private key was decryptable by the user key.
-   */
-  privateKeyDecryptable: boolean;
+export type AuthRequestMethod =
+  | { userKey: { protected_user_key: UnsignedSharedKey } }
+  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
+/**
+ * Represents the request to initialize the user\'s organizational cryptographic state.
+ */
+export interface InitOrgCryptoRequest {
   /**
-   * Whether the user\'s private key was a valid RSA key and matched the public key provided.
+   * The encryption keys for all the organizations the user is a part of
    */
-  validPrivateKey: boolean;
+  organizationKeys: Map<OrganizationId, UnsignedSharedKey>;
 }
 /**
- * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
+ * The crypto method used to initialize the user cryptographic state.
  */
-export interface UserCryptoV2KeysResponse {
-  /**
-   * User key
-   */
-  userKey: B64;
-  /**
-   * Wrapped private key
-   */
-  privateKey: EncString;
-  /**
-   * Public key
-   */
-  publicKey: B64;
-  /**
-   * The user\'s public key, signed by the signing key
-   */
-  signedPublicKey: SignedPublicKey;
-  /**
-   * Signing key, encrypted with the user\'s symmetric key
-   */
-  signingKey: EncString;
-  /**
-   * Base64 encoded verifying key
-   */
-  verifyingKey: B64;
+export type InitUserCryptoMethod =
+  | { password: { password: string; user_key: EncString } }
+  | { masterPasswordUnlock: { password: string; master_password_unlock: MasterPasswordUnlockData } }
+  | { decryptedKey: { decrypted_user_key: string } }
+  | { pin: { pin: string; pin_protected_user_key: EncString } }
+  | { pinEnvelope: { pin: string; pin_protected_user_key_envelope: PasswordProtectedKeyEnvelope } }
+  | { authRequest: { request_private_key: B64; method: AuthRequestMethod } }
+  | {
+      deviceKey: {
+        device_key: string;
+        protected_device_private_key: EncString;
+        device_protected_user_key: UnsignedSharedKey;
+      };
+    }
+  | { keyConnector: { master_key: B64; user_key: EncString } };
+/**
+ * Response from the `make_update_password` function
+ */
+export interface UpdatePasswordResponse {
   /**
-   * The user\'s signed security state
+   * Hash of the new password
    */
-  securityState: SignedSecurityState;
+  passwordHash: B64;
   /**
-   * The security state\'s version
+   * User key, encrypted with the new password
    */
-  securityVersion: number;
+  newKey: EncString;
 }
 /**
- * Auth requests supports multiple initialization methods.
- */
-export type AuthRequestMethod =
-  | { userKey: { protected_user_key: UnsignedSharedKey } }
-  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
-/**
- * Response from the `make_key_pair` function
+ * Response from the `update_kdf` function
  */
-export interface MakeKeyPairResponse {
+export interface UpdateKdfResponse {
   /**
-   * The user\'s public key
+   * The authentication data for the new KDF setting
    */
-  userPublicKey: B64;
+  masterPasswordAuthenticationData: MasterPasswordAuthenticationData;
   /**
-   * User\'s private key, encrypted with the user key
+   * The unlock data for the new KDF setting
    */
-  userKeyEncryptedPrivateKey: EncString;
+  masterPasswordUnlockData: MasterPasswordUnlockData;
+  /**
+   * The authentication data for the KDF setting prior to the change
+   */
+  oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
 }
 export interface DeriveKeyConnectorError extends Error {
@@ -518,184 +527,175 @@ export interface DeriveKeyConnectorError extends Error {
 export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
 /**
- * Represents the request to initialize the user\'s organizational cryptographic state.
+ * Request for deriving a pin protected user key
  */
-export interface InitOrgCryptoRequest {
+export interface EnrollPinResponse {
   /**
-   * The encryption keys for all the organizations the user is a part of
+   * [UserKey] protected by PIN
    */
-  organizationKeys: Map<OrganizationId, UnsignedSharedKey>;
+  pinProtectedUserKeyEnvelope: PasswordProtectedKeyEnvelope;
+  /**
+   * PIN protected by [UserKey]
+   */
+  userKeyEncryptedPin: EncString;
 }
 /**
- * State used for initializing the user cryptographic state.
+ * Request for migrating an account from password to key connector.
  */
-export interface InitUserCryptoRequest {
+export interface DeriveKeyConnectorRequest {
   /**
-   * The user\'s ID.
+   * Encrypted user key, used to validate the master key
    */
-  userId: UserId | undefined;
+  userKeyEncrypted: EncString;
   /**
-   * The user\'s KDF parameters, as received from the prelogin request
+   * The user\'s master password
    */
-  kdfParams: Kdf;
+  password: string;
+  /**
+   * The KDF parameters used to derive the master key
+   */
+  kdf: Kdf;
   /**
    * The user\'s email address
    */
   email: string;
+}
+/**
+ * Request for `verify_asymmetric_keys`.
+ */
+export interface VerifyAsymmetricKeysRequest {
   /**
-   * The user\'s account cryptographic state, containing their signature and
-   * public-key-encryption keys, along with the signed security state, protected by the user key
+   * The user\'s user key
    */
-  accountCryptographicState: WrappedAccountCryptographicState;
+  userKey: B64;
   /**
-   * The method to decrypt the user\'s account symmetric key (user key)
+   * The user\'s public key
    */
-  method: InitUserCryptoMethod;
+  userPublicKey: B64;
+  /**
+   * User\'s private key, encrypted with the user key
+   */
+  userKeyEncryptedPrivateKey: EncString;
 }
 /**
- * Request for deriving a pin protected user key
+ * Response for `verify_asymmetric_keys`.
  */
-export interface DerivePinKeyResponse {
+export interface VerifyAsymmetricKeysResponse {
   /**
-   * [UserKey] protected by PIN
+   * Whether the user\'s private key was decryptable by the user key.
    */
-  pinProtectedUserKey: EncString;
+  privateKeyDecryptable: boolean;
   /**
-   * PIN protected by [UserKey]
+   * Whether the user\'s private key was a valid RSA key and matched the public key provided.
    */
-  encryptedPin: EncString;
-}
-export interface CryptoClientError extends Error {
-  name: "CryptoClientError";
-  variant: "NotAuthenticated" | "Crypto" | "InvalidKdfSettings" | "PasswordProtectedKeyEnvelope";
+  validPrivateKey: boolean;
 }
-export function isCryptoClientError(error: any): error is CryptoClientError;
 /**
- * Response from the `make_update_password` function
+ * Request for deriving a pin protected user key
  */
-export interface UpdatePasswordResponse {
+export interface DerivePinKeyResponse {
   /**
-   * Hash of the new password
+   * [UserKey] protected by PIN
    */
-  passwordHash: B64;
+  pinProtectedUserKey: EncString;
   /**
-   * User key, encrypted with the new password
+   * PIN protected by [UserKey]
    */
-  newKey: EncString;
+  encryptedPin: EncString;
 }
 /**
- * Request for `verify_asymmetric_keys`.
+ * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
  */
-export interface VerifyAsymmetricKeysRequest {
+export interface UserCryptoV2KeysResponse {
   /**
-   * The user\'s user key
+   * User key
    */
   userKey: B64;
   /**
-   * The user\'s public key
+   * Wrapped private key
    */
-  userPublicKey: B64;
+  privateKey: EncString;
   /**
-   * User\'s private key, encrypted with the user key
+   * Public key
    */
-  userKeyEncryptedPrivateKey: EncString;
-}
-/**
- * The crypto method used to initialize the user cryptographic state.
- */
-export type InitUserCryptoMethod =
-  | { password: { password: string; user_key: EncString } }
-  | { masterPasswordUnlock: { password: string; master_password_unlock: MasterPasswordUnlockData } }
-  | { decryptedKey: { decrypted_user_key: string } }
-  | { pin: { pin: string; pin_protected_user_key: EncString } }
-  | { pinEnvelope: { pin: string; pin_protected_user_key_envelope: PasswordProtectedKeyEnvelope } }
-  | { authRequest: { request_private_key: B64; method: AuthRequestMethod } }
-  | {
-      deviceKey: {
-        device_key: string;
-        protected_device_private_key: EncString;
-        device_protected_user_key: UnsignedSharedKey;
-      };
-    }
-  | { keyConnector: { master_key: B64; user_key: EncString } };
-export interface EnrollAdminPasswordResetError extends Error {
-  name: "EnrollAdminPasswordResetError";
-  variant: "Crypto";
-}
-export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
-/**
- * Response from the `update_kdf` function
- */
-export interface UpdateKdfResponse {
+  publicKey: B64;
   /**
-   * The authentication data for the new KDF setting
+   * The user\'s public key, signed by the signing key
    */
-  masterPasswordAuthenticationData: MasterPasswordAuthenticationData;
+  signedPublicKey: SignedPublicKey;
   /**
-   * The unlock data for the new KDF setting
+   * Signing key, encrypted with the user\'s symmetric key
    */
-  masterPasswordUnlockData: MasterPasswordUnlockData;
+  signingKey: EncString;
   /**
-   * The authentication data for the KDF setting prior to the change
+   * Base64 encoded verifying key
    */
-  oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
+  verifyingKey: B64;
+  /**
+   * The user\'s signed security state
+   */
+  securityState: SignedSecurityState;
+  /**
+   * The security state\'s version
+   */
+  securityVersion: number;
 }
 /**
- * Request for migrating an account from password to key connector.
+ * State used for initializing the user cryptographic state.
  */
-export interface DeriveKeyConnectorRequest {
-  /**
-   * Encrypted user key, used to validate the master key
-   */
-  userKeyEncrypted: EncString;
+export interface InitUserCryptoRequest {
   /**
-   * The user\'s master password
+   * The user\'s ID.
    */
-  password: string;
+  userId: UserId | undefined;
   /**
-   * The KDF parameters used to derive the master key
+   * The user\'s KDF parameters, as received from the prelogin request
    */
-  kdf: Kdf;
+  kdfParams: Kdf;
   /**
    * The user\'s email address
    */
   email: string;
+  /**
+   * The user\'s account cryptographic state, containing their signature and
+   * public-key-encryption keys, along with the signed security state, protected by the user key
+   */
+  accountCryptographicState: WrappedAccountCryptographicState;
+  /**
+   * The method to decrypt the user\'s account symmetric key (user key)
+   */
+  method: InitUserCryptoMethod;
 }
 /**
- * Request for deriving a pin protected user key
+ * Response from the `make_key_pair` function
  */
-export interface EnrollPinResponse {
+export interface MakeKeyPairResponse {
   /**
-   * [UserKey] protected by PIN
+   * The user\'s public key
    */
-  pinProtectedUserKeyEnvelope: PasswordProtectedKeyEnvelope;
+  userPublicKey: B64;
   /**
-   * PIN protected by [UserKey]
+   * User\'s private key, encrypted with the user key
    */
-  userKeyEncryptedPin: EncString;
+  userKeyEncryptedPrivateKey: EncString;
 }
 /**
- * NewType wrapper for `OrganizationId`
+ * NewType wrapper for `UserId`
  */
-export type OrganizationId = Tagged<Uuid, "OrganizationId">;
+export type UserId = Tagged<Uuid, "UserId">;
 /**
- * NewType wrapper for `UserId`
+ * NewType wrapper for `OrganizationId`
  */
-export type UserId = Tagged<Uuid, "UserId">;
+export type OrganizationId = Tagged<Uuid, "OrganizationId">;
 export interface StatefulCryptoError extends Error {
   name: "StatefulCryptoError";
@@ -704,6 +704,35 @@ export interface StatefulCryptoError extends Error {
 export function isStatefulCryptoError(error: any): error is StatefulCryptoError;
+export type DeviceType =
+  | "Android"
+  | "iOS"
+  | "ChromeExtension"
+  | "FirefoxExtension"
+  | "OperaExtension"
+  | "EdgeExtension"
+  | "WindowsDesktop"
+  | "MacOsDesktop"
+  | "LinuxDesktop"
+  | "ChromeBrowser"
+  | "FirefoxBrowser"
+  | "OperaBrowser"
+  | "EdgeBrowser"
+  | "IEBrowser"
+  | "UnknownBrowser"
+  | "AndroidAmazon"
+  | "UWP"
+  | "SafariBrowser"
+  | "VivaldiBrowser"
+  | "VivaldiExtension"
+  | "SafariExtension"
+  | "SDK"
+  | "Server"
+  | "WindowsCLI"
+  | "MacOsCLI"
+  | "LinuxCLI"
+  | "DuckDuckGoBrowser";
 /**
  * Basic client behavior settings. These settings specify the various targets and behavior of the
  * Bitwarden Client. They are optional and uneditable once the client is initialized.
@@ -745,35 +774,6 @@ export interface ClientSettings {
   bitwardenClientVersion?: string | undefined;
 }
-export type DeviceType =
-  | "Android"
-  | "iOS"
-  | "ChromeExtension"
-  | "FirefoxExtension"
-  | "OperaExtension"
-  | "EdgeExtension"
-  | "WindowsDesktop"
-  | "MacOsDesktop"
-  | "LinuxDesktop"
-  | "ChromeBrowser"
-  | "FirefoxBrowser"
-  | "OperaBrowser"
-  | "EdgeBrowser"
-  | "IEBrowser"
-  | "UnknownBrowser"
-  | "AndroidAmazon"
-  | "UWP"
-  | "SafariBrowser"
-  | "VivaldiBrowser"
-  | "VivaldiExtension"
-  | "SafariExtension"
-  | "SDK"
-  | "Server"
-  | "WindowsCLI"
-  | "MacOsCLI"
-  | "LinuxCLI"
-  | "DuckDuckGoBrowser";
 export interface EncryptionSettingsError extends Error {
   name: "EncryptionSettingsError";
   variant:
@@ -905,8 +905,6 @@ export interface ExportError extends Error {
 export function isExportError(error: any): error is ExportError;
-export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
 /**
  * Passphrase generator request options.
  */
@@ -931,6 +929,8 @@ export interface PassphraseGeneratorRequest {
   includeNumber: boolean;
 }
+export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
 export interface PasswordError extends Error {
   name: "PasswordError";
   variant: "NoCharacterSetEnabled" | "InvalidLength";
@@ -992,19 +992,6 @@ export interface PasswordGeneratorRequest {
 export type AppendType = "random" | { websiteName: { website: string } };
-/**
- * Configures the email forwarding service to use.
- * For instructions on how to configure each service, see the documentation:
- * <https://bitwarden.com/help/generator/#username-types>
- */
-export type ForwarderServiceType =
-  | { addyIo: { api_token: string; domain: string; base_url: string } }
-  | { duckDuckGo: { token: string } }
-  | { firefox: { api_token: string } }
-  | { fastmail: { api_token: string } }
-  | { forwardEmail: { api_token: string; domain: string } }
-  | { simpleLogin: { api_key: string; base_url: string } };
 export interface UsernameError extends Error {
   name: "UsernameError";
   variant: "InvalidApiKey" | "Unknown" | "ResponseContent" | "Reqwest";
@@ -1018,6 +1005,19 @@ export type UsernameGeneratorRequest =
   | { catchall: { type: AppendType; domain: string } }
   | { forwarded: { service: ForwarderServiceType; website: string | undefined } };
+/**
+ * Configures the email forwarding service to use.
+ * For instructions on how to configure each service, see the documentation:
+ * <https://bitwarden.com/help/generator/#username-types>
+ */
+export type ForwarderServiceType =
+  | { addyIo: { api_token: string; domain: string; base_url: string } }
+  | { duckDuckGo: { token: string } }
+  | { firefox: { api_token: string } }
+  | { fastmail: { api_token: string } }
+  | { forwardEmail: { api_token: string; domain: string } }
+  | { simpleLogin: { api_key: string; base_url: string } };
 export interface RequestError extends Error {
   name: "RequestError";
   variant: "Subscribe" | "Receive" | "Timeout" | "Send" | "Rpc";
@@ -1079,13 +1079,6 @@ export type Endpoint =
   | "DesktopRenderer"
   | "DesktopMain";
-export interface SshKeyExportError extends Error {
-  name: "SshKeyExportError";
-  variant: "KeyConversion";
-}
-export function isSshKeyExportError(error: any): error is SshKeyExportError;
 export interface KeyGenerationError extends Error {
   name: "KeyGenerationError";
   variant: "KeyGeneration" | "KeyConversion";
@@ -1093,6 +1086,13 @@ export interface KeyGenerationError extends Error {
 export function isKeyGenerationError(error: any): error is KeyGenerationError;
+export interface SshKeyExportError extends Error {
+  name: "SshKeyExportError";
+  variant: "KeyConversion";
+}
+export function isSshKeyExportError(error: any): error is SshKeyExportError;
 export interface SshKeyImportError extends Error {
   name: "SshKeyImportError";
   variant: "Parsing" | "PasswordRequired" | "WrongPassword" | "UnsupportedKeyType";
@@ -1130,63 +1130,63 @@ export interface CipherRiskError extends Error {
 export function isCipherRiskError(error: any): error is CipherRiskError;
 /**
- * Login cipher data needed for risk evaluation.
+ * Risk evaluation result for a single cipher.
  */
-export interface CipherLoginDetails {
+export interface CipherRiskResult {
   /**
-   * Cipher ID to identify which cipher in results.
+   * Cipher ID matching the input CipherLoginDetails.
    */
   id: CipherId;
   /**
-   * The decrypted password to evaluate.
+   * Password strength score from 0 (weakest) to 4 (strongest).
+   * Calculated using zxcvbn with cipher-specific context.
    */
-  password: string;
+  password_strength: number;
   /**
-   * Username or email (login ciphers only have one field).
+   * Result of checking password exposure via HIBP API.
+   * - `NotChecked`: check_exposed was false, or password was empty
+   * - `Found(n)`: Successfully checked, found in n breaches
+   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
    */
-  username: string | undefined;
-}
-/**
- * Result of checking password exposure via HIBP API.
- */
-export type ExposedPasswordResult =
-  | { type: "NotChecked" }
-  | { type: "Found"; value: number }
-  | { type: "Error"; value: string };
-/**
- * Password reuse map wrapper for WASM compatibility.
- */
-export type PasswordReuseMap = Record<string, number>;
+  exposed_result: ExposedPasswordResult;
+  /**
+   * Number of times this password appears in the provided password_map.
+   * None if not found or if no password_map was provided.
+   */
+  reuse_count: number | undefined;
+}
 /**
- * Risk evaluation result for a single cipher.
+ * Login cipher data needed for risk evaluation.
  */
-export interface CipherRiskResult {
+export interface CipherLoginDetails {
   /**
-   * Cipher ID matching the input CipherLoginDetails.
+   * Cipher ID to identify which cipher in results.
    */
   id: CipherId;
   /**
-   * Password strength score from 0 (weakest) to 4 (strongest).
-   * Calculated using zxcvbn with cipher-specific context.
-   */
-  password_strength: number;
-  /**
-   * Result of checking password exposure via HIBP API.
-   * - `NotChecked`: check_exposed was false, or password was empty
-   * - `Found(n)`: Successfully checked, found in n breaches
-   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
+   * The decrypted password to evaluate.
    */
-  exposed_result: ExposedPasswordResult;
+  password: string;
   /**
-   * Number of times this password appears in the provided password_map.
-   * None if not found or if no password_map was provided.
+   * Username or email (login ciphers only have one field).
    */
-  reuse_count: number | undefined;
+  username: string | undefined;
 }
+/**
+ * Password reuse map wrapper for WASM compatibility.
+ */
+export type PasswordReuseMap = Record<string, number>;
+/**
+ * Result of checking password exposure via HIBP API.
+ */
+export type ExposedPasswordResult =
+  | { type: "NotChecked" }
+  | { type: "Found"; value: number }
+  | { type: "Error"; value: string };
 /**
  * Options for configuring risk computation.
  */
@@ -1208,13 +1208,13 @@ export interface CipherRiskOptions {
   hibpBaseUrl?: string | undefined;
 }
-export interface PasswordHistoryView {
-  password: string;
+export interface PasswordHistory {
+  password: EncString;
   lastUsedDate: DateTime<Utc>;
 }
-export interface PasswordHistory {
-  password: EncString;
+export interface PasswordHistoryView {
+  password: string;
   lastUsedDate: DateTime<Utc>;
 }
@@ -1222,6 +1222,13 @@ export interface AncestorMap {
   ancestors: Map<CollectionId, string>;
 }
+export interface TotpError extends Error {
+  name: "TotpError";
+  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
+}
+export function isTotpError(error: any): error is TotpError;
 export interface TotpResponse {
   /**
    * Generated TOTP code
@@ -1233,13 +1240,6 @@ export interface TotpResponse {
   period: number;
 }
-export interface TotpError extends Error {
-  name: "TotpError";
-  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
-}
-export function isTotpError(error: any): error is TotpError;
 export interface DecryptError extends Error {
   name: "DecryptError";
   variant: "Crypto";
@@ -1254,18 +1254,6 @@ export interface EncryptError extends Error {
 export function isEncryptError(error: any): error is EncryptError;
-export interface Attachment {
-  id: string | undefined;
-  url: string | undefined;
-  size: string | undefined;
-  /**
-   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
-   */
-  sizeName: string | undefined;
-  fileName: EncString | undefined;
-  key: EncString | undefined;
-}
 export interface AttachmentView {
   id: string | undefined;
   url: string | undefined;
@@ -1288,12 +1276,24 @@ export interface AttachmentView {
   decryptedKey: string | undefined;
 }
-export interface LocalDataView {
+export interface Attachment {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  /**
+   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
+   */
+  sizeName: string | undefined;
+  fileName: EncString | undefined;
+  key: EncString | undefined;
+}
+export interface LocalData {
   lastUsedDate: DateTime<Utc> | undefined;
   lastLaunched: DateTime<Utc> | undefined;
 }
-export interface LocalData {
+export interface LocalDataView {
   lastUsedDate: DateTime<Utc> | undefined;
   lastLaunched: DateTime<Utc> | undefined;
 }
@@ -1378,13 +1378,6 @@ export type CipherViewType =
   | { secureNote: SecureNoteView }
   | { sshKey: SshKeyView };
-export interface DecryptFileError extends Error {
-  name: "DecryptFileError";
-  variant: "Decrypt" | "Io";
-}
-export function isDecryptFileError(error: any): error is DecryptFileError;
 export interface EncryptFileError extends Error {
   name: "EncryptFileError";
   variant: "Encrypt" | "Io";
@@ -1392,6 +1385,13 @@ export interface EncryptFileError extends Error {
 export function isEncryptFileError(error: any): error is EncryptFileError;
+export interface DecryptFileError extends Error {
+  name: "DecryptFileError";
+  variant: "Decrypt" | "Io";
+}
+export function isDecryptFileError(error: any): error is DecryptFileError;
 export interface CipherPermissions {
   delete: boolean;
   restore: boolean;
@@ -1406,15 +1406,6 @@ export interface CardView {
   number: string | undefined;
 }
-export interface Card {
-  cardholderName: EncString | undefined;
-  expMonth: EncString | undefined;
-  expYear: EncString | undefined;
-  code: EncString | undefined;
-  brand: EncString | undefined;
-  number: EncString | undefined;
-}
 /**
  * Minimal CardView only including the needed details for list views
  */
@@ -1425,6 +1416,15 @@ export interface CardListView {
   brand: string | undefined;
 }
+export interface Card {
+  cardholderName: EncString | undefined;
+  expMonth: EncString | undefined;
+  expYear: EncString | undefined;
+  code: EncString | undefined;
+  brand: EncString | undefined;
+  number: EncString | undefined;
+}
 export interface Field {
   name: EncString | undefined;
   value: EncString | undefined;
@@ -1439,6 +1439,21 @@ export interface FieldView {
   linkedId: LinkedIdType | undefined;
 }
+export interface LoginUri {
+  uri: EncString | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: EncString | undefined;
+}
+export interface Fido2CredentialListView {
+  credentialId: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  userDisplayName: string | undefined;
+  counter: string;
+}
 export interface Fido2CredentialFullView {
   credentialId: string;
   keyType: string;
@@ -1455,13 +1470,37 @@ export interface Fido2CredentialFullView {
   creationDate: DateTime<Utc>;
 }
-export interface Fido2CredentialListView {
+export interface LoginUriView {
+  uri: string | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: string | undefined;
+}
+export interface LoginListView {
+  fido2Credentials: Fido2CredentialListView[] | undefined;
+  hasFido2: boolean;
+  username: string | undefined;
+  /**
+   * The TOTP key is not decrypted. Useable as is with [`crate::generate_totp_cipher_view`].
+   */
+  totp: EncString | undefined;
+  uris: LoginUriView[] | undefined;
+}
+export interface Fido2CredentialView {
   credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
+  keyValue: EncString;
   rpId: string;
   userHandle: string | undefined;
   userName: string | undefined;
-  userDisplayName: string | undefined;
   counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  discoverable: string;
+  creationDate: DateTime<Utc>;
 }
 export interface LoginView {
@@ -1474,15 +1513,18 @@ export interface LoginView {
   fido2Credentials: Fido2Credential[] | undefined;
 }
-export interface LoginListView {
-  fido2Credentials: Fido2CredentialListView[] | undefined;
-  hasFido2: boolean;
-  username: string | undefined;
-  /**
-   * The TOTP key is not decrypted. Useable as is with [`crate::generate_totp_cipher_view`].
-   */
-  totp: EncString | undefined;
-  uris: LoginUriView[] | undefined;
+export interface Fido2CredentialNewView {
+  credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  creationDate: DateTime<Utc>;
 }
 export interface Login {
@@ -1511,122 +1553,46 @@ export interface Fido2Credential {
   creationDate: DateTime<Utc>;
 }
-export interface LoginUri {
-  uri: EncString | undefined;
-  match: UriMatchType | undefined;
-  uriChecksum: EncString | undefined;
-}
-export interface Fido2CredentialNewView {
-  credentialId: string;
-  keyType: string;
-  keyAlgorithm: string;
-  keyCurve: string;
-  rpId: string;
-  userHandle: string | undefined;
-  userName: string | undefined;
-  counter: string;
-  rpName: string | undefined;
-  userDisplayName: string | undefined;
-  creationDate: DateTime<Utc>;
-}
-export interface LoginUriView {
-  uri: string | undefined;
-  match: UriMatchType | undefined;
-  uriChecksum: string | undefined;
-}
-export interface Fido2CredentialView {
-  credentialId: string;
-  keyType: string;
-  keyAlgorithm: string;
-  keyCurve: string;
-  keyValue: EncString;
-  rpId: string;
-  userHandle: string | undefined;
-  userName: string | undefined;
-  counter: string;
-  rpName: string | undefined;
-  userDisplayName: string | undefined;
-  discoverable: string;
-  creationDate: DateTime<Utc>;
-}
-export interface CipherError extends Error {
-  name: "CipherError";
-  variant:
-    | "MissingField"
-    | "Crypto"
-    | "Decrypt"
-    | "Encrypt"
-    | "AttachmentsWithoutKeys"
-    | "OrganizationAlreadySet"
-    | "PutShare"
-    | "PutShareMany"
-    | "Repository"
-    | "Chrono"
-    | "SerdeJson";
-}
-export function isCipherError(error: any): error is CipherError;
 /**
- * Available fields on a cipher and can be copied from a the list view in the UI.
+ * NewType wrapper for `CipherId`
  */
-export type CopyableCipherFields =
-  | "LoginUsername"
-  | "LoginPassword"
-  | "LoginTotp"
-  | "CardNumber"
-  | "CardSecurityCode"
-  | "IdentityUsername"
-  | "IdentityEmail"
-  | "IdentityPhone"
-  | "IdentityAddress"
-  | "SshKey"
-  | "SecureNotes";
+export type CipherId = Tagged<Uuid, "CipherId">;
-export interface CipherView {
+export interface Cipher {
   id: CipherId | undefined;
   organizationId: OrganizationId | undefined;
   folderId: FolderId | undefined;
   collectionIds: CollectionId[];
   /**
-   * Temporary, required to support re-encrypting existing items.
+   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
+   * Cipher.
    */
   key: EncString | undefined;
-  name: string;
-  notes: string | undefined;
+  name: EncString;
+  notes: EncString | undefined;
   type: CipherType;
-  login: LoginView | undefined;
-  identity: IdentityView | undefined;
-  card: CardView | undefined;
-  secureNote: SecureNoteView | undefined;
-  sshKey: SshKeyView | undefined;
+  login: Login | undefined;
+  identity: Identity | undefined;
+  card: Card | undefined;
+  secureNote: SecureNote | undefined;
+  sshKey: SshKey | undefined;
   favorite: boolean;
   reprompt: CipherRepromptType;
   organizationUseTotp: boolean;
   edit: boolean;
   permissions: CipherPermissions | undefined;
   viewPassword: boolean;
-  localData: LocalDataView | undefined;
-  attachments: AttachmentView[] | undefined;
-  fields: FieldView[] | undefined;
-  passwordHistory: PasswordHistoryView[] | undefined;
+  localData: LocalData | undefined;
+  attachments: Attachment[] | undefined;
+  fields: Field[] | undefined;
+  passwordHistory: PasswordHistory[] | undefined;
   creationDate: DateTime<Utc>;
   deletedDate: DateTime<Utc> | undefined;
   revisionDate: DateTime<Utc>;
   archivedDate: DateTime<Utc> | undefined;
+  data: string | undefined;
 }
-export type CipherListViewType =
-  | { login: LoginListView }
-  | "secureNote"
-  | { card: CardListView }
-  | "identity"
-  | "sshKey";
 /**
  * Represents the result of decrypting a list of ciphers.
  *
@@ -1645,45 +1611,39 @@ export interface DecryptCipherListResult {
   failures: Cipher[];
 }
-export interface Cipher {
-  id: CipherId | undefined;
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  collectionIds: CollectionId[];
+export interface CipherError extends Error {
+  name: "CipherError";
+  variant:
+    | "MissingField"
+    | "Crypto"
+    | "Decrypt"
+    | "Encrypt"
+    | "AttachmentsWithoutKeys"
+    | "OrganizationAlreadySet"
+    | "PutShare"
+    | "PutShareMany"
+    | "Repository"
+    | "Chrono"
+    | "SerdeJson";
+}
+export function isCipherError(error: any): error is CipherError;
+export interface EncryptionContext {
   /**
-   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
-   * Cipher.
+   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
+   * Organization-owned ciphers
    */
-  key: EncString | undefined;
-  name: EncString;
-  notes: EncString | undefined;
-  type: CipherType;
-  login: Login | undefined;
-  identity: Identity | undefined;
-  card: Card | undefined;
-  secureNote: SecureNote | undefined;
-  sshKey: SshKey | undefined;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  organizationUseTotp: boolean;
-  edit: boolean;
-  permissions: CipherPermissions | undefined;
-  viewPassword: boolean;
-  localData: LocalData | undefined;
-  attachments: Attachment[] | undefined;
-  fields: Field[] | undefined;
-  passwordHistory: PasswordHistory[] | undefined;
-  creationDate: DateTime<Utc>;
-  deletedDate: DateTime<Utc> | undefined;
-  revisionDate: DateTime<Utc>;
-  archivedDate: DateTime<Utc> | undefined;
-  data: string | undefined;
+  encryptedFor: UserId;
+  cipher: Cipher;
 }
-/**
- * NewType wrapper for `CipherId`
- */
-export type CipherId = Tagged<Uuid, "CipherId">;
+export type CipherListViewType =
+  | { login: LoginListView }
+  | "secureNote"
+  | { card: CardListView }
+  | "identity"
+  | "sshKey";
 export interface CipherListView {
   id: CipherId | undefined;
@@ -1722,15 +1682,55 @@ export interface CipherListView {
   localData: LocalDataView | undefined;
 }
-export interface EncryptionContext {
+export interface CipherView {
+  id: CipherId | undefined;
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  collectionIds: CollectionId[];
   /**
-   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
-   * Organization-owned ciphers
+   * Temporary, required to support re-encrypting existing items.
    */
-  encryptedFor: UserId;
-  cipher: Cipher;
+  key: EncString | undefined;
+  name: string;
+  notes: string | undefined;
+  type: CipherType;
+  login: LoginView | undefined;
+  identity: IdentityView | undefined;
+  card: CardView | undefined;
+  secureNote: SecureNoteView | undefined;
+  sshKey: SshKeyView | undefined;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  localData: LocalDataView | undefined;
+  attachments: AttachmentView[] | undefined;
+  fields: FieldView[] | undefined;
+  passwordHistory: PasswordHistoryView[] | undefined;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+  archivedDate: DateTime<Utc> | undefined;
 }
+/**
+ * Available fields on a cipher and can be copied from a the list view in the UI.
+ */
+export type CopyableCipherFields =
+  | "LoginUsername"
+  | "LoginPassword"
+  | "LoginTotp"
+  | "CardNumber"
+  | "CardSecurityCode"
+  | "IdentityUsername"
+  | "IdentityEmail"
+  | "IdentityPhone"
+  | "IdentityAddress"
+  | "SshKey"
+  | "SecureNotes";
 export interface SshKeyView {
   /**
    * SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key)