@bitwarden/sdk-internal 0.2.0-main.434 → 0.2.0-main.435

package/node/bitwarden_wasm_internal.d.ts

@@ -1,5 +1,16 @@
 /* tslint:disable */
 /* eslint-disable */
+/**
+ * Generate a new SSH key pair
+ *
+ * # Arguments
+ * - `key_algorithm` - The algorithm to use for the key pair
+ *
+ * # Returns
+ * - `Ok(SshKey)` if the key was successfully generated
+ * - `Err(KeyGenerationError)` if the key could not be generated
+ */
+export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
 /**
  * Convert a PCKS8 or OpenSSH encrypted or unencrypted private key
  * to an OpenSSH private key with public key and fingerprint
@@ -16,18 +27,14 @@
  * - `Err(UnsupportedKeyType)` if the key type is not supported
  */
 export function import_ssh_key(imported_key: string, password?: string | null): SshKeyView;
+export function init_sdk(log_level?: LogLevel | null): void;
 /**
- * Generate a new SSH key pair
- *
- * # Arguments
- * - `key_algorithm` - The algorithm to use for the key pair
- *
- * # Returns
- * - `Ok(SshKey)` if the key was successfully generated
- * - `Err(KeyGenerationError)` if the key could not be generated
+ * Registers a DiscoverHandler so that the client can respond to DiscoverRequests.
  */
-export function generate_ssh_key(key_algorithm: KeyAlgorithm): SshKeyView;
-export function init_sdk(log_level?: LogLevel | null): void;
+export function ipcRegisterDiscoverHandler(
+  ipc_client: IpcClient,
+  response: DiscoverResponse,
+): Promise<void>;
 /**
  * Sends a DiscoverRequest to the specified destination and returns the response.
  */
@@ -36,13 +43,6 @@ export function ipcRequestDiscover(
   destination: Endpoint,
   abort_signal?: AbortSignal | null,
 ): Promise<DiscoverResponse>;
-/**
- * Registers a DiscoverHandler so that the client can respond to DiscoverRequests.
- */
-export function ipcRegisterDiscoverHandler(
-  ipc_client: IpcClient,
-  response: DiscoverResponse,
-): Promise<void>;
 export enum CardLinkedIdType {
   CardholderName = 300,
   ExpMonth = 301,
@@ -180,6 +180,10 @@ export interface TokenProvider {
   get_access_token(): Promise<string | undefined>;
 }
 
+export interface IndexedDbConfiguration {
+  db_name: string;
+}
+
 export interface Repositories {
   cipher: Repository<Cipher> | null;
   folder: Repository<Folder> | null;
@@ -190,8 +194,26 @@ export interface Repositories {
  */
 export interface FeatureFlags extends Map<string, boolean> {}
 
-export interface IndexedDbConfiguration {
-  db_name: string;
+/**
+ * The credentials used for send access requests.
+ */
+export type SendAccessCredentials =
+  | SendPasswordCredentials
+  | SendEmailOtpCredentials
+  | SendEmailCredentials;
+
+/**
+ * A request structure for requesting a send access token from the API.
+ */
+export interface SendAccessTokenRequest {
+  /**
+   * The id of the send for which the access token is requested.
+   */
+  sendId: string;
+  /**
+   * The optional send access credentials.
+   */
+  sendAccessCredentials?: SendAccessCredentials;
 }
 
 /**
@@ -231,28 +253,6 @@ export interface SendEmailOtpCredentials {
   otp: string;
 }
 
-/**
- * A request structure for requesting a send access token from the API.
- */
-export interface SendAccessTokenRequest {
-  /**
-   * The id of the send for which the access token is requested.
-   */
-  sendId: string;
-  /**
-   * The optional send access credentials.
-   */
-  sendAccessCredentials?: SendAccessCredentials;
-}
-
-/**
- * The credentials used for send access requests.
- */
-export type SendAccessCredentials =
-  | SendPasswordCredentials
-  | SendEmailOtpCredentials
-  | SendEmailCredentials;
-
 /**
  * A send access token which can be used to access a send.
  */
@@ -286,13 +286,14 @@ export type SendAccessTokenError =
 export type UnexpectedIdentityError = string;
 
 /**
- * Invalid request errors - typically due to missing parameters.
+ * Invalid grant errors - typically due to invalid credentials.
  */
-export type SendAccessTokenInvalidRequestError =
-  | "send_id_required"
-  | "password_hash_b64_required"
-  | "email_required"
-  | "email_and_otp_required_otp_sent"
+export type SendAccessTokenInvalidGrantError =
+  | "send_id_invalid"
+  | "password_hash_b64_invalid"
+  | "email_invalid"
+  | "otp_invalid"
+  | "otp_generation_failed"
   | "unknown";
 
 /**
@@ -316,16 +317,20 @@ export type SendAccessTokenApiErrorResponse =
   | { error: "invalid_target"; error_description?: string };
 
 /**
- * Invalid grant errors - typically due to invalid credentials.
+ * Invalid request errors - typically due to missing parameters.
  */
-export type SendAccessTokenInvalidGrantError =
-  | "send_id_invalid"
-  | "password_hash_b64_invalid"
-  | "email_invalid"
-  | "otp_invalid"
-  | "otp_generation_failed"
+export type SendAccessTokenInvalidRequestError =
+  | "send_id_required"
+  | "password_hash_b64_required"
+  | "email_required"
+  | "email_and_otp_required_otp_sent"
   | "unknown";
 
+/**
+ * NewType wrapper for `CollectionId`
+ */
+export type CollectionId = Tagged<Uuid, "CollectionId">;
+
 export interface CollectionView {
   id: CollectionId | undefined;
   organizationId: OrganizationId;
@@ -337,6 +342,11 @@ export interface CollectionView {
   type: CollectionType;
 }
 
+/**
+ * Type of collection
+ */
+export type CollectionType = "SharedCollection" | "DefaultUserCollection";
+
 export interface Collection {
   id: CollectionId | undefined;
   organizationId: OrganizationId;
@@ -349,16 +359,6 @@ export interface Collection {
   type: CollectionType;
 }
 
-/**
- * Type of collection
- */
-export type CollectionType = "SharedCollection" | "DefaultUserCollection";
-
-/**
- * NewType wrapper for `CollectionId`
- */
-export type CollectionId = Tagged<Uuid, "CollectionId">;
-
 export interface CollectionDecryptError extends Error {
   name: "CollectionDecryptError";
   variant: "Crypto";
@@ -407,6 +407,21 @@ export interface MasterPasswordAuthenticationData {
   masterPasswordAuthenticationHash: B64;
 }
 
+export interface AccountCryptographyInitializationError extends Error {
+  name: "AccountCryptographyInitializationError";
+  variant:
+    | "WrongUserKeyType"
+    | "WrongUserKey"
+    | "CorruptData"
+    | "TamperedData"
+    | "KeyStoreAlreadyInitialized"
+    | "GenericCrypto";
+}
+
+export function isAccountCryptographyInitializationError(
+  error: any,
+): error is AccountCryptographyInitializationError;
+
 /**
  * Any keys / cryptographic protection \"downstream\" from the account symmetric key (user key).
  * Private keys are protected by the user key.
@@ -422,20 +437,40 @@ export type WrappedAccountCryptographicState =
       };
     };
 
-export interface AccountCryptographyInitializationError extends Error {
-  name: "AccountCryptographyInitializationError";
-  variant:
-    | "WrongUserKeyType"
-    | "WrongUserKey"
-    | "CorruptData"
-    | "TamperedData"
-    | "KeyStoreAlreadyInitialized"
-    | "GenericCrypto";
+/**
+ * Request for deriving a pin protected user key
+ */
+export interface EnrollPinResponse {
+  /**
+   * [UserKey] protected by PIN
+   */
+  pinProtectedUserKeyEnvelope: PasswordProtectedKeyEnvelope;
+  /**
+   * PIN protected by [UserKey]
+   */
+  userKeyEncryptedPin: EncString;
 }
 
-export function isAccountCryptographyInitializationError(
-  error: any,
-): error is AccountCryptographyInitializationError;
+/**
+ * Auth requests supports multiple initialization methods.
+ */
+export type AuthRequestMethod =
+  | { userKey: { protected_user_key: UnsignedSharedKey } }
+  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
+
+/**
+ * Response from the `make_key_pair` function
+ */
+export interface MakeKeyPairResponse {
+  /**
+   * The user\'s public key
+   */
+  userPublicKey: B64;
+  /**
+   * User\'s private key, encrypted with the user key
+   */
+  userKeyEncryptedPrivateKey: EncString;
+}
 
 export interface CryptoClientError extends Error {
   name: "CryptoClientError";
@@ -451,23 +486,6 @@ export interface EnrollAdminPasswordResetError extends Error {
 
 export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
 
-/**
- * Auth requests supports multiple initialization methods.
- */
-export type AuthRequestMethod =
-  | { userKey: { protected_user_key: UnsignedSharedKey } }
-  | { masterKey: { protected_master_key: UnsignedSharedKey; auth_request_key: EncString } };
-
-/**
- * Represents the request to initialize the user\'s organizational cryptographic state.
- */
-export interface InitOrgCryptoRequest {
-  /**
-   * The encryption keys for all the organizations the user is a part of
-   */
-  organizationKeys: Map<OrganizationId, UnsignedSharedKey>;
-}
-
 /**
  * The crypto method used to initialize the user cryptographic state.
  */
@@ -488,82 +506,44 @@ export type InitUserCryptoMethod =
   | { keyConnector: { master_key: B64; user_key: EncString } };
 
 /**
- * Response from the `make_update_password` function
+ * Represents the request to initialize the user\'s organizational cryptographic state.
  */
-export interface UpdatePasswordResponse {
-  /**
-   * Hash of the new password
-   */
-  passwordHash: B64;
+export interface InitOrgCryptoRequest {
   /**
-   * User key, encrypted with the new password
+   * The encryption keys for all the organizations the user is a part of
    */
-  newKey: EncString;
+  organizationKeys: Map<OrganizationId, UnsignedSharedKey>;
 }
 
 /**
- * Response from the `update_kdf` function
+ * State used for initializing the user cryptographic state.
  */
-export interface UpdateKdfResponse {
+export interface InitUserCryptoRequest {
   /**
-   * The authentication data for the new KDF setting
+   * The user\'s ID.
    */
-  masterPasswordAuthenticationData: MasterPasswordAuthenticationData;
+  userId: UserId | undefined;
   /**
-   * The unlock data for the new KDF setting
+   * The user\'s KDF parameters, as received from the prelogin request
    */
-  masterPasswordUnlockData: MasterPasswordUnlockData;
+  kdfParams: Kdf;
   /**
-   * The authentication data for the KDF setting prior to the change
+   * The user\'s email address
    */
-  oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
-}
-
-export interface DeriveKeyConnectorError extends Error {
-  name: "DeriveKeyConnectorError";
-  variant: "WrongPassword" | "Crypto";
-}
-
-export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
-
-/**
- * Request for deriving a pin protected user key
- */
-export interface EnrollPinResponse {
+  email: string;
   /**
-   * [UserKey] protected by PIN
+   * The user\'s account cryptographic state, containing their signature and
+   * public-key-encryption keys, along with the signed security state, protected by the user key
    */
-  pinProtectedUserKeyEnvelope: PasswordProtectedKeyEnvelope;
+  accountCryptographicState: WrappedAccountCryptographicState;
   /**
-   * PIN protected by [UserKey]
+   * The method to decrypt the user\'s account symmetric key (user key)
    */
-  userKeyEncryptedPin: EncString;
+  method: InitUserCryptoMethod;
 }
 
 /**
- * Request for migrating an account from password to key connector.
- */
-export interface DeriveKeyConnectorRequest {
-  /**
-   * Encrypted user key, used to validate the master key
-   */
-  userKeyEncrypted: EncString;
-  /**
-   * The user\'s master password
-   */
-  password: string;
-  /**
-   * The KDF parameters used to derive the master key
-   */
-  kdf: Kdf;
-  /**
-   * The user\'s email address
-   */
-  email: string;
-}
-
-/**
- * Request for `verify_asymmetric_keys`.
+ * Request for `verify_asymmetric_keys`.
  */
 export interface VerifyAsymmetricKeysRequest {
   /**
@@ -580,34 +560,6 @@ export interface VerifyAsymmetricKeysRequest {
   userKeyEncryptedPrivateKey: EncString;
 }
 
-/**
- * Response for `verify_asymmetric_keys`.
- */
-export interface VerifyAsymmetricKeysResponse {
-  /**
-   * Whether the user\'s private key was decryptable by the user key.
-   */
-  privateKeyDecryptable: boolean;
-  /**
-   * Whether the user\'s private key was a valid RSA key and matched the public key provided.
-   */
-  validPrivateKey: boolean;
-}
-
-/**
- * Request for deriving a pin protected user key
- */
-export interface DerivePinKeyResponse {
-  /**
-   * [UserKey] protected by PIN
-   */
-  pinProtectedUserKey: EncString;
-  /**
-   * PIN protected by [UserKey]
-   */
-  encryptedPin: EncString;
-}
-
 /**
  * Response for the `make_keys_for_user_crypto_v2`, containing a set of keys for a user
  */
@@ -647,56 +599,104 @@ export interface UserCryptoV2KeysResponse {
 }
 
 /**
- * State used for initializing the user cryptographic state.
+ * Request for migrating an account from password to key connector.
  */
-export interface InitUserCryptoRequest {
+export interface DeriveKeyConnectorRequest {
   /**
-   * The user\'s ID.
+   * Encrypted user key, used to validate the master key
    */
-  userId: UserId | undefined;
+  userKeyEncrypted: EncString;
   /**
-   * The user\'s KDF parameters, as received from the prelogin request
+   * The user\'s master password
    */
-  kdfParams: Kdf;
+  password: string;
+  /**
+   * The KDF parameters used to derive the master key
+   */
+  kdf: Kdf;
   /**
    * The user\'s email address
    */
   email: string;
+}
+
+/**
+ * Response from the `make_update_password` function
+ */
+export interface UpdatePasswordResponse {
   /**
-   * The user\'s account cryptographic state, containing their signature and
-   * public-key-encryption keys, along with the signed security state, protected by the user key
+   * Hash of the new password
    */
-  accountCryptographicState: WrappedAccountCryptographicState;
+  passwordHash: B64;
   /**
-   * The method to decrypt the user\'s account symmetric key (user key)
+   * User key, encrypted with the new password
    */
-  method: InitUserCryptoMethod;
+  newKey: EncString;
+}
+
+export interface DeriveKeyConnectorError extends Error {
+  name: "DeriveKeyConnectorError";
+  variant: "WrongPassword" | "Crypto";
 }
 
+export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
+
 /**
- * Response from the `make_key_pair` function
+ * Request for deriving a pin protected user key
  */
-export interface MakeKeyPairResponse {
+export interface DerivePinKeyResponse {
   /**
-   * The user\'s public key
+   * [UserKey] protected by PIN
    */
-  userPublicKey: B64;
+  pinProtectedUserKey: EncString;
   /**
-   * User\'s private key, encrypted with the user key
+   * PIN protected by [UserKey]
    */
-  userKeyEncryptedPrivateKey: EncString;
+  encryptedPin: EncString;
 }
 
 /**
- * NewType wrapper for `UserId`
+ * Response from the `update_kdf` function
  */
-export type UserId = Tagged<Uuid, "UserId">;
+export interface UpdateKdfResponse {
+  /**
+   * The authentication data for the new KDF setting
+   */
+  masterPasswordAuthenticationData: MasterPasswordAuthenticationData;
+  /**
+   * The unlock data for the new KDF setting
+   */
+  masterPasswordUnlockData: MasterPasswordUnlockData;
+  /**
+   * The authentication data for the KDF setting prior to the change
+   */
+  oldMasterPasswordAuthenticationData: MasterPasswordAuthenticationData;
+}
+
+/**
+ * Response for `verify_asymmetric_keys`.
+ */
+export interface VerifyAsymmetricKeysResponse {
+  /**
+   * Whether the user\'s private key was decryptable by the user key.
+   */
+  privateKeyDecryptable: boolean;
+  /**
+   * Whether the user\'s private key was a valid RSA key and matched the public key provided.
+   */
+  validPrivateKey: boolean;
+}
 
 /**
  * NewType wrapper for `OrganizationId`
  */
 export type OrganizationId = Tagged<Uuid, "OrganizationId">;
 
+/**
+ * NewType wrapper for `UserId`
+ */
+export type UserId = Tagged<Uuid, "UserId">;
+
 export interface StatefulCryptoError extends Error {
   name: "StatefulCryptoError";
   variant: "MissingSecurityState" | "WrongAccountCryptoVersion" | "Crypto";
@@ -704,35 +704,6 @@ export interface StatefulCryptoError extends Error {
 
 export function isStatefulCryptoError(error: any): error is StatefulCryptoError;
 
-export type DeviceType =
-  | "Android"
-  | "iOS"
-  | "ChromeExtension"
-  | "FirefoxExtension"
-  | "OperaExtension"
-  | "EdgeExtension"
-  | "WindowsDesktop"
-  | "MacOsDesktop"
-  | "LinuxDesktop"
-  | "ChromeBrowser"
-  | "FirefoxBrowser"
-  | "OperaBrowser"
-  | "EdgeBrowser"
-  | "IEBrowser"
-  | "UnknownBrowser"
-  | "AndroidAmazon"
-  | "UWP"
-  | "SafariBrowser"
-  | "VivaldiBrowser"
-  | "VivaldiExtension"
-  | "SafariExtension"
-  | "SDK"
-  | "Server"
-  | "WindowsCLI"
-  | "MacOsCLI"
-  | "LinuxCLI"
-  | "DuckDuckGoBrowser";
-
 /**
  * Basic client behavior settings. These settings specify the various targets and behavior of the
  * Bitwarden Client. They are optional and uneditable once the client is initialized.
@@ -774,6 +745,35 @@ export interface ClientSettings {
   bitwardenClientVersion?: string | undefined;
 }
 
+export type DeviceType =
+  | "Android"
+  | "iOS"
+  | "ChromeExtension"
+  | "FirefoxExtension"
+  | "OperaExtension"
+  | "EdgeExtension"
+  | "WindowsDesktop"
+  | "MacOsDesktop"
+  | "LinuxDesktop"
+  | "ChromeBrowser"
+  | "FirefoxBrowser"
+  | "OperaBrowser"
+  | "EdgeBrowser"
+  | "IEBrowser"
+  | "UnknownBrowser"
+  | "AndroidAmazon"
+  | "UWP"
+  | "SafariBrowser"
+  | "VivaldiBrowser"
+  | "VivaldiExtension"
+  | "SafariExtension"
+  | "SDK"
+  | "Server"
+  | "WindowsCLI"
+  | "MacOsCLI"
+  | "LinuxCLI"
+  | "DuckDuckGoBrowser";
+
 export interface EncryptionSettingsError extends Error {
   name: "EncryptionSettingsError";
   variant:
@@ -905,6 +905,8 @@ export interface ExportError extends Error {
 
 export function isExportError(error: any): error is ExportError;
 
+export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
+
 /**
  * Passphrase generator request options.
  */
@@ -929,8 +931,6 @@ export interface PassphraseGeneratorRequest {
   includeNumber: boolean;
 }
 
-export type PassphraseError = { InvalidNumWords: { minimum: number; maximum: number } };
-
 export interface PasswordError extends Error {
   name: "PasswordError";
   variant: "NoCharacterSetEnabled" | "InvalidLength";
@@ -990,7 +990,11 @@ export interface PasswordGeneratorRequest {
   minSpecial: number | undefined;
 }
 
-export type AppendType = "random" | { websiteName: { website: string } };
+export type UsernameGeneratorRequest =
+  | { word: { capitalize: boolean; include_number: boolean } }
+  | { subaddress: { type: AppendType; email: string } }
+  | { catchall: { type: AppendType; domain: string } }
+  | { forwarded: { service: ForwarderServiceType; website: string | undefined } };
 
 export interface UsernameError extends Error {
   name: "UsernameError";
@@ -999,11 +1003,7 @@ export interface UsernameError extends Error {
 
 export function isUsernameError(error: any): error is UsernameError;
 
-export type UsernameGeneratorRequest =
-  | { word: { capitalize: boolean; include_number: boolean } }
-  | { subaddress: { type: AppendType; email: string } }
-  | { catchall: { type: AppendType; domain: string } }
-  | { forwarded: { service: ForwarderServiceType; website: string | undefined } };
+export type AppendType = "random" | { websiteName: { website: string } };
 
 /**
  * Configures the email forwarding service to use.
@@ -1018,6 +1018,13 @@ export type ForwarderServiceType =
   | { forwardEmail: { api_token: string; domain: string } }
   | { simpleLogin: { api_key: string; base_url: string } };
 
+export interface ReceiveError extends Error {
+  name: "ReceiveError";
+  variant: "Channel" | "Timeout" | "Cancelled";
+}
+
+export function isReceiveError(error: any): error is ReceiveError;
+
 export interface RequestError extends Error {
   name: "RequestError";
   variant: "Subscribe" | "Receive" | "Timeout" | "Send" | "Rpc";
@@ -1025,13 +1032,6 @@ export interface RequestError extends Error {
 
 export function isRequestError(error: any): error is RequestError;
 
-export interface TypedReceiveError extends Error {
-  name: "TypedReceiveError";
-  variant: "Channel" | "Timeout" | "Cancelled" | "Typing";
-}
-
-export function isTypedReceiveError(error: any): error is TypedReceiveError;
-
 export interface SubscribeError extends Error {
   name: "SubscribeError";
   variant: "NotStarted";
@@ -1039,12 +1039,12 @@ export interface SubscribeError extends Error {
 
 export function isSubscribeError(error: any): error is SubscribeError;
 
-export interface ReceiveError extends Error {
-  name: "ReceiveError";
-  variant: "Channel" | "Timeout" | "Cancelled";
+export interface TypedReceiveError extends Error {
+  name: "TypedReceiveError";
+  variant: "Channel" | "Timeout" | "Cancelled" | "Typing";
 }
 
-export function isReceiveError(error: any): error is ReceiveError;
+export function isTypedReceiveError(error: any): error is TypedReceiveError;
 
 export interface IpcCommunicationBackendSender {
   send(message: OutgoingMessage): Promise<void>;
@@ -1079,13 +1079,6 @@ export type Endpoint =
   | "DesktopRenderer"
   | "DesktopMain";
 
-export interface KeyGenerationError extends Error {
-  name: "KeyGenerationError";
-  variant: "KeyGeneration" | "KeyConversion";
-}
-
-export function isKeyGenerationError(error: any): error is KeyGenerationError;
-
 export interface SshKeyExportError extends Error {
   name: "SshKeyExportError";
   variant: "KeyConversion";
@@ -1093,6 +1086,13 @@ export interface SshKeyExportError extends Error {
 
 export function isSshKeyExportError(error: any): error is SshKeyExportError;
 
+export interface KeyGenerationError extends Error {
+  name: "KeyGenerationError";
+  variant: "KeyGeneration" | "KeyConversion";
+}
+
+export function isKeyGenerationError(error: any): error is KeyGenerationError;
+
 export interface SshKeyImportError extends Error {
   name: "SshKeyImportError";
   variant: "Parsing" | "PasswordRequired" | "WrongPassword" | "UnsupportedKeyType";
@@ -1130,30 +1130,24 @@ export interface CipherRiskError extends Error {
 export function isCipherRiskError(error: any): error is CipherRiskError;
 
 /**
- * Risk evaluation result for a single cipher.
+ * Options for configuring risk computation.
  */
-export interface CipherRiskResult {
+export interface CipherRiskOptions {
   /**
-   * Cipher ID matching the input CipherLoginDetails.
+   * Pre-computed password reuse map (password → count).
+   * If provided, enables reuse detection across ciphers.
    */
-  id: CipherId;
+  passwordMap?: PasswordReuseMap | undefined;
   /**
-   * Password strength score from 0 (weakest) to 4 (strongest).
-   * Calculated using zxcvbn with cipher-specific context.
-   */
-  password_strength: number;
-  /**
-   * Result of checking password exposure via HIBP API.
-   * - `NotChecked`: check_exposed was false, or password was empty
-   * - `Found(n)`: Successfully checked, found in n breaches
-   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
+   * Whether to check passwords against Have I Been Pwned API.
+   * When true, makes network requests to check for exposed passwords.
    */
-  exposed_result: ExposedPasswordResult;
+  checkExposed?: boolean;
   /**
-   * Number of times this password appears in the provided password_map.
-   * None if not found or if no password_map was provided.
+   * Optional HIBP API base URL override. When None, uses the production HIBP URL.
+   * Can be used for testing or alternative password breach checking services.
    */
-  reuse_count: number | undefined;
+  hibpBaseUrl?: string | undefined;
 }
 
 /**
@@ -1174,11 +1168,6 @@ export interface CipherLoginDetails {
   username: string | undefined;
 }
 
-/**
- * Password reuse map wrapper for WASM compatibility.
- */
-export type PasswordReuseMap = Record<string, number>;
-
 /**
  * Result of checking password exposure via HIBP API.
  */
@@ -1188,33 +1177,44 @@ export type ExposedPasswordResult =
   | { type: "Error"; value: string };
 
 /**
- * Options for configuring risk computation.
+ * Password reuse map wrapper for WASM compatibility.
  */
-export interface CipherRiskOptions {
+export type PasswordReuseMap = Record<string, number>;
+
+/**
+ * Risk evaluation result for a single cipher.
+ */
+export interface CipherRiskResult {
   /**
-   * Pre-computed password reuse map (password → count).
-   * If provided, enables reuse detection across ciphers.
+   * Cipher ID matching the input CipherLoginDetails.
    */
-  passwordMap?: PasswordReuseMap | undefined;
+  id: CipherId;
   /**
-   * Whether to check passwords against Have I Been Pwned API.
-   * When true, makes network requests to check for exposed passwords.
+   * Password strength score from 0 (weakest) to 4 (strongest).
+   * Calculated using zxcvbn with cipher-specific context.
    */
-  checkExposed?: boolean;
+  password_strength: number;
   /**
-   * Optional HIBP API base URL override. When None, uses the production HIBP URL.
-   * Can be used for testing or alternative password breach checking services.
+   * Result of checking password exposure via HIBP API.
+   * - `NotChecked`: check_exposed was false, or password was empty
+   * - `Found(n)`: Successfully checked, found in n breaches
+   * - `Error(msg)`: HIBP API request failed for this cipher with the given error message
    */
-  hibpBaseUrl?: string | undefined;
+  exposed_result: ExposedPasswordResult;
+  /**
+   * Number of times this password appears in the provided password_map.
+   * None if not found or if no password_map was provided.
+   */
+  reuse_count: number | undefined;
 }
 
-export interface PasswordHistory {
-  password: EncString;
+export interface PasswordHistoryView {
+  password: string;
   lastUsedDate: DateTime<Utc>;
 }
 
-export interface PasswordHistoryView {
-  password: string;
+export interface PasswordHistory {
+  password: EncString;
   lastUsedDate: DateTime<Utc>;
 }
 
@@ -1222,13 +1222,6 @@ export interface AncestorMap {
   ancestors: Map<CollectionId, string>;
 }
 
-export interface TotpError extends Error {
-  name: "TotpError";
-  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
-}
-
-export function isTotpError(error: any): error is TotpError;
-
 export interface TotpResponse {
   /**
    * Generated TOTP code
@@ -1240,6 +1233,13 @@ export interface TotpResponse {
   period: number;
 }
 
+export interface TotpError extends Error {
+  name: "TotpError";
+  variant: "InvalidOtpauth" | "MissingSecret" | "Crypto";
+}
+
+export function isTotpError(error: any): error is TotpError;
+
 export interface DecryptError extends Error {
   name: "DecryptError";
   variant: "Crypto";
@@ -1254,6 +1254,18 @@ export interface EncryptError extends Error {
 
 export function isEncryptError(error: any): error is EncryptError;
 
+export interface Attachment {
+  id: string | undefined;
+  url: string | undefined;
+  size: string | undefined;
+  /**
+   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
+   */
+  sizeName: string | undefined;
+  fileName: EncString | undefined;
+  key: EncString | undefined;
+}
+
 export interface AttachmentView {
   id: string | undefined;
   url: string | undefined;
@@ -1276,18 +1288,6 @@ export interface AttachmentView {
   decryptedKey: string | undefined;
 }
 
-export interface Attachment {
-  id: string | undefined;
-  url: string | undefined;
-  size: string | undefined;
-  /**
-   * Readable size, ex: \"4.2 KB\" or \"1.43 GB\
-   */
-  sizeName: string | undefined;
-  fileName: EncString | undefined;
-  key: EncString | undefined;
-}
-
 export interface LocalData {
   lastUsedDate: DateTime<Utc> | undefined;
   lastLaunched: DateTime<Utc> | undefined;
@@ -1298,11 +1298,11 @@ export interface LocalDataView {
   lastLaunched: DateTime<Utc> | undefined;
 }
 
-export interface SecureNote {
+export interface SecureNoteView {
   type: SecureNoteType;
 }
 
-export interface SecureNoteView {
+export interface SecureNote {
   type: SecureNoteType;
 }
 
@@ -1313,21 +1313,6 @@ export interface GetCipherError extends Error {
 
 export function isGetCipherError(error: any): error is GetCipherError;
 
-export interface EditCipherError extends Error {
-  name: "EditCipherError";
-  variant:
-    | "ItemNotFound"
-    | "Crypto"
-    | "Api"
-    | "VaultParse"
-    | "MissingField"
-    | "NotAuthenticated"
-    | "Repository"
-    | "Uuid";
-}
-
-export function isEditCipherError(error: any): error is EditCipherError;
-
 /**
  * Request to edit a cipher.
  */
@@ -1347,6 +1332,28 @@ export interface CipherEditRequest {
   key: EncString | undefined;
 }
 
+export interface EditCipherError extends Error {
+  name: "EditCipherError";
+  variant:
+    | "ItemNotFound"
+    | "Crypto"
+    | "Api"
+    | "VaultParse"
+    | "MissingField"
+    | "NotAuthenticated"
+    | "Repository"
+    | "Uuid";
+}
+
+export function isEditCipherError(error: any): error is EditCipherError;
+
+export interface CreateCipherError extends Error {
+  name: "CreateCipherError";
+  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "NotAuthenticated" | "Repository";
+}
+
+export function isCreateCipherError(error: any): error is CreateCipherError;
+
 /**
  * Request to add a cipher.
  */
@@ -1361,13 +1368,6 @@ export interface CipherCreateRequest {
   fields: FieldView[];
 }
 
-export interface CreateCipherError extends Error {
-  name: "CreateCipherError";
-  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "NotAuthenticated" | "Repository";
-}
-
-export function isCreateCipherError(error: any): error is CreateCipherError;
-
 /**
  * Represents the inner data of a cipher view.
  */
@@ -1397,6 +1397,15 @@ export interface CipherPermissions {
   restore: boolean;
 }
 
+export interface Card {
+  cardholderName: EncString | undefined;
+  expMonth: EncString | undefined;
+  expYear: EncString | undefined;
+  code: EncString | undefined;
+  brand: EncString | undefined;
+  number: EncString | undefined;
+}
+
 export interface CardView {
   cardholderName: string | undefined;
   expMonth: string | undefined;
@@ -1416,13 +1425,11 @@ export interface CardListView {
   brand: string | undefined;
 }
 
-export interface Card {
-  cardholderName: EncString | undefined;
-  expMonth: EncString | undefined;
-  expYear: EncString | undefined;
-  code: EncString | undefined;
-  brand: EncString | undefined;
-  number: EncString | undefined;
+export interface FieldView {
+  name: string | undefined;
+  value: string | undefined;
+  type: FieldType;
+  linkedId: LinkedIdType | undefined;
 }
 
 export interface Field {
@@ -1432,11 +1439,24 @@ export interface Field {
   linkedId: LinkedIdType | undefined;
 }
 
-export interface FieldView {
-  name: string | undefined;
-  value: string | undefined;
-  type: FieldType;
-  linkedId: LinkedIdType | undefined;
+export interface LoginView {
+  username: string | undefined;
+  password: string | undefined;
+  passwordRevisionDate: DateTime<Utc> | undefined;
+  uris: LoginUriView[] | undefined;
+  totp: string | undefined;
+  autofillOnPageLoad: boolean | undefined;
+  fido2Credentials: Fido2Credential[] | undefined;
+}
+
+export interface Login {
+  username: EncString | undefined;
+  password: EncString | undefined;
+  passwordRevisionDate: DateTime<Utc> | undefined;
+  uris: LoginUri[] | undefined;
+  totp: EncString | undefined;
+  autofillOnPageLoad: boolean | undefined;
+  fido2Credentials: Fido2Credential[] | undefined;
 }
 
 export interface LoginUri {
@@ -1445,13 +1465,18 @@ export interface LoginUri {
   uriChecksum: EncString | undefined;
 }
 
-export interface Fido2CredentialListView {
+export interface Fido2CredentialNewView {
   credentialId: string;
+  keyType: string;
+  keyAlgorithm: string;
+  keyCurve: string;
   rpId: string;
   userHandle: string | undefined;
   userName: string | undefined;
-  userDisplayName: string | undefined;
   counter: string;
+  rpName: string | undefined;
+  userDisplayName: string | undefined;
+  creationDate: DateTime<Utc>;
 }
 
 export interface Fido2CredentialFullView {
@@ -1470,23 +1495,6 @@ export interface Fido2CredentialFullView {
   creationDate: DateTime<Utc>;
 }
 
-export interface LoginUriView {
-  uri: string | undefined;
-  match: UriMatchType | undefined;
-  uriChecksum: string | undefined;
-}
-
-export interface LoginListView {
-  fido2Credentials: Fido2CredentialListView[] | undefined;
-  hasFido2: boolean;
-  username: string | undefined;
-  /**
-   * The TOTP key is not decrypted. Useable as is with [`crate::generate_totp_cipher_view`].
-   */
-  totp: EncString | undefined;
-  uris: LoginUriView[] | undefined;
-}
-
 export interface Fido2CredentialView {
   credentialId: string;
   keyType: string;
@@ -1503,38 +1511,21 @@ export interface Fido2CredentialView {
   creationDate: DateTime<Utc>;
 }
 
-export interface LoginView {
-  username: string | undefined;
-  password: string | undefined;
-  passwordRevisionDate: DateTime<Utc> | undefined;
-  uris: LoginUriView[] | undefined;
-  totp: string | undefined;
-  autofillOnPageLoad: boolean | undefined;
-  fido2Credentials: Fido2Credential[] | undefined;
-}
-
-export interface Fido2CredentialNewView {
-  credentialId: string;
-  keyType: string;
-  keyAlgorithm: string;
-  keyCurve: string;
-  rpId: string;
-  userHandle: string | undefined;
-  userName: string | undefined;
-  counter: string;
-  rpName: string | undefined;
-  userDisplayName: string | undefined;
-  creationDate: DateTime<Utc>;
+export interface LoginUriView {
+  uri: string | undefined;
+  match: UriMatchType | undefined;
+  uriChecksum: string | undefined;
 }
 
-export interface Login {
-  username: EncString | undefined;
-  password: EncString | undefined;
-  passwordRevisionDate: DateTime<Utc> | undefined;
-  uris: LoginUri[] | undefined;
+export interface LoginListView {
+  fido2Credentials: Fido2CredentialListView[] | undefined;
+  hasFido2: boolean;
+  username: string | undefined;
+  /**
+   * The TOTP key is not decrypted. Useable as is with [`crate::generate_totp_cipher_view`].
+   */
   totp: EncString | undefined;
-  autofillOnPageLoad: boolean | undefined;
-  fido2Credentials: Fido2Credential[] | undefined;
+  uris: LoginUriView[] | undefined;
 }
 
 export interface Fido2Credential {
@@ -1553,44 +1544,83 @@ export interface Fido2Credential {
   creationDate: DateTime<Utc>;
 }
 
-/**
- * NewType wrapper for `CipherId`
- */
-export type CipherId = Tagged<Uuid, "CipherId">;
+export interface Fido2CredentialListView {
+  credentialId: string;
+  rpId: string;
+  userHandle: string | undefined;
+  userName: string | undefined;
+  userDisplayName: string | undefined;
+  counter: string;
+}
 
-export interface Cipher {
+export interface CipherListView {
   id: CipherId | undefined;
   organizationId: OrganizationId | undefined;
   folderId: FolderId | undefined;
   collectionIds: CollectionId[];
   /**
-   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
-   * Cipher.
+   * Temporary, required to support calculating TOTP from CipherListView.
    */
   key: EncString | undefined;
-  name: EncString;
-  notes: EncString | undefined;
+  name: string;
+  subtitle: string;
+  type: CipherListViewType;
+  favorite: boolean;
+  reprompt: CipherRepromptType;
+  organizationUseTotp: boolean;
+  edit: boolean;
+  permissions: CipherPermissions | undefined;
+  viewPassword: boolean;
+  /**
+   * The number of attachments
+   */
+  attachments: number;
+  /**
+   * Indicates if the cipher has old attachments that need to be re-uploaded
+   */
+  hasOldAttachments: boolean;
+  creationDate: DateTime<Utc>;
+  deletedDate: DateTime<Utc> | undefined;
+  revisionDate: DateTime<Utc>;
+  archivedDate: DateTime<Utc> | undefined;
+  /**
+   * Hints for the presentation layer for which fields can be copied.
+   */
+  copyableFields: CopyableCipherFields[];
+  localData: LocalDataView | undefined;
+}
+
+export interface CipherView {
+  id: CipherId | undefined;
+  organizationId: OrganizationId | undefined;
+  folderId: FolderId | undefined;
+  collectionIds: CollectionId[];
+  /**
+   * Temporary, required to support re-encrypting existing items.
+   */
+  key: EncString | undefined;
+  name: string;
+  notes: string | undefined;
   type: CipherType;
-  login: Login | undefined;
-  identity: Identity | undefined;
-  card: Card | undefined;
-  secureNote: SecureNote | undefined;
-  sshKey: SshKey | undefined;
+  login: LoginView | undefined;
+  identity: IdentityView | undefined;
+  card: CardView | undefined;
+  secureNote: SecureNoteView | undefined;
+  sshKey: SshKeyView | undefined;
   favorite: boolean;
   reprompt: CipherRepromptType;
   organizationUseTotp: boolean;
   edit: boolean;
   permissions: CipherPermissions | undefined;
   viewPassword: boolean;
-  localData: LocalData | undefined;
-  attachments: Attachment[] | undefined;
-  fields: Field[] | undefined;
-  passwordHistory: PasswordHistory[] | undefined;
+  localData: LocalDataView | undefined;
+  attachments: AttachmentView[] | undefined;
+  fields: FieldView[] | undefined;
+  passwordHistory: PasswordHistoryView[] | undefined;
   creationDate: DateTime<Utc>;
   deletedDate: DateTime<Utc> | undefined;
   revisionDate: DateTime<Utc>;
   archivedDate: DateTime<Utc> | undefined;
-  data: string | undefined;
 }
 
 /**
@@ -1611,6 +1641,11 @@ export interface DecryptCipherListResult {
   failures: Cipher[];
 }
 
+/**
+ * NewType wrapper for `CipherId`
+ */
+export type CipherId = Tagged<Uuid, "CipherId">;
+
 export interface CipherError extends Error {
   name: "CipherError";
   variant:
@@ -1629,90 +1664,55 @@ export interface CipherError extends Error {
 
 export function isCipherError(error: any): error is CipherError;
 
-export interface EncryptionContext {
-  /**
-   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
-   * Organization-owned ciphers
-   */
-  encryptedFor: UserId;
-  cipher: Cipher;
-}
-
-export type CipherListViewType =
-  | { login: LoginListView }
-  | "secureNote"
-  | { card: CardListView }
-  | "identity"
-  | "sshKey";
-
-export interface CipherListView {
+export interface Cipher {
   id: CipherId | undefined;
   organizationId: OrganizationId | undefined;
   folderId: FolderId | undefined;
   collectionIds: CollectionId[];
   /**
-   * Temporary, required to support calculating TOTP from CipherListView.
+   * More recent ciphers uses individual encryption keys to encrypt the other fields of the
+   * Cipher.
    */
   key: EncString | undefined;
-  name: string;
-  subtitle: string;
-  type: CipherListViewType;
+  name: EncString;
+  notes: EncString | undefined;
+  type: CipherType;
+  login: Login | undefined;
+  identity: Identity | undefined;
+  card: Card | undefined;
+  secureNote: SecureNote | undefined;
+  sshKey: SshKey | undefined;
   favorite: boolean;
   reprompt: CipherRepromptType;
   organizationUseTotp: boolean;
   edit: boolean;
   permissions: CipherPermissions | undefined;
   viewPassword: boolean;
-  /**
-   * The number of attachments
-   */
-  attachments: number;
-  /**
-   * Indicates if the cipher has old attachments that need to be re-uploaded
-   */
-  hasOldAttachments: boolean;
+  localData: LocalData | undefined;
+  attachments: Attachment[] | undefined;
+  fields: Field[] | undefined;
+  passwordHistory: PasswordHistory[] | undefined;
   creationDate: DateTime<Utc>;
   deletedDate: DateTime<Utc> | undefined;
   revisionDate: DateTime<Utc>;
   archivedDate: DateTime<Utc> | undefined;
-  /**
-   * Hints for the presentation layer for which fields can be copied.
-   */
-  copyableFields: CopyableCipherFields[];
-  localData: LocalDataView | undefined;
+  data: string | undefined;
 }
 
-export interface CipherView {
-  id: CipherId | undefined;
-  organizationId: OrganizationId | undefined;
-  folderId: FolderId | undefined;
-  collectionIds: CollectionId[];
+export type CipherListViewType =
+  | { login: LoginListView }
+  | "secureNote"
+  | { card: CardListView }
+  | "identity"
+  | "sshKey";
+
+export interface EncryptionContext {
   /**
-   * Temporary, required to support re-encrypting existing items.
+   * The Id of the user that encrypted the cipher. It should always represent a UserId, even for
+   * Organization-owned ciphers
    */
-  key: EncString | undefined;
-  name: string;
-  notes: string | undefined;
-  type: CipherType;
-  login: LoginView | undefined;
-  identity: IdentityView | undefined;
-  card: CardView | undefined;
-  secureNote: SecureNoteView | undefined;
-  sshKey: SshKeyView | undefined;
-  favorite: boolean;
-  reprompt: CipherRepromptType;
-  organizationUseTotp: boolean;
-  edit: boolean;
-  permissions: CipherPermissions | undefined;
-  viewPassword: boolean;
-  localData: LocalDataView | undefined;
-  attachments: AttachmentView[] | undefined;
-  fields: FieldView[] | undefined;
-  passwordHistory: PasswordHistoryView[] | undefined;
-  creationDate: DateTime<Utc>;
-  deletedDate: DateTime<Utc> | undefined;
-  revisionDate: DateTime<Utc>;
-  archivedDate: DateTime<Utc> | undefined;
+  encryptedFor: UserId;
+  cipher: Cipher;
 }
 
 /**
@@ -1761,27 +1761,6 @@ export interface SshKey {
   fingerprint: EncString;
 }
 
-export interface IdentityView {
-  title: string | undefined;
-  firstName: string | undefined;
-  middleName: string | undefined;
-  lastName: string | undefined;
-  address1: string | undefined;
-  address2: string | undefined;
-  address3: string | undefined;
-  city: string | undefined;
-  state: string | undefined;
-  postalCode: string | undefined;
-  country: string | undefined;
-  company: string | undefined;
-  email: string | undefined;
-  phone: string | undefined;
-  ssn: string | undefined;
-  username: string | undefined;
-  passportNumber: string | undefined;
-  licenseNumber: string | undefined;
-}
-
 export interface Identity {
   title: EncString | undefined;
   firstName: EncString | undefined;
@@ -1803,6 +1782,27 @@ export interface Identity {
   licenseNumber: EncString | undefined;
 }
 
+export interface IdentityView {
+  title: string | undefined;
+  firstName: string | undefined;
+  middleName: string | undefined;
+  lastName: string | undefined;
+  address1: string | undefined;
+  address2: string | undefined;
+  address3: string | undefined;
+  city: string | undefined;
+  state: string | undefined;
+  postalCode: string | undefined;
+  country: string | undefined;
+  company: string | undefined;
+  email: string | undefined;
+  phone: string | undefined;
+  ssn: string | undefined;
+  username: string | undefined;
+  passportNumber: string | undefined;
+  licenseNumber: string | undefined;
+}
+
 export type LinkedIdType = LoginLinkedIdType | CardLinkedIdType | IdentityLinkedIdType;
 
 export interface FolderView {
@@ -1836,6 +1836,13 @@ export interface EditFolderError extends Error {
 
 export function isEditFolderError(error: any): error is EditFolderError;
 
+export interface CreateFolderError extends Error {
+  name: "CreateFolderError";
+  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "Repository";
+}
+
+export function isCreateFolderError(error: any): error is CreateFolderError;
+
 /**
  * Request to add or edit a folder.
  */
@@ -1846,13 +1853,6 @@ export interface FolderAddEditRequest {
   name: string;
 }
 
-export interface CreateFolderError extends Error {
-  name: "CreateFolderError";
-  variant: "Crypto" | "Api" | "VaultParse" | "MissingField" | "Repository";
-}
-
-export function isCreateFolderError(error: any): error is CreateFolderError;
-
 export interface GetFolderError extends Error {
   name: "GetFolderError";
   variant: "ItemNotFound" | "Crypto" | "Repository";