From 3c3a0e65d86f6ac41e572b22c31656f70c22a379 Mon Sep 17 00:00:00 2001
From: Jonathan Prusik <jprusik@users.noreply.github.com>
Date: Wed, 16 Apr 2025 15:06:36 -0400
Subject: [PATCH 01/30] [PM-20310] Icon updates followup (#14312)

* remove brand icon story from lit storybook

* replace users icon with family icon

* update collection icon shape and name
---
 .../cipher/cipher-indicator-icons.ts          |  4 ++--
 .../{collection.ts => collection-shared.ts}   |  4 ++--
 .../content/components/icons/family.ts        | 19 +++++++++++++++++++
 .../content/components/icons/index.ts         |  4 ++--
 .../content/components/icons/users.ts         | 18 ------------------
 .../lit-stories/icons/icons.lit-stories.ts    | 13 +++++--------
 .../components/notification/button-row.ts     |  4 ++--
 7 files changed, 32 insertions(+), 34 deletions(-)
 rename apps/browser/src/autofill/content/components/icons/{collection.ts => collection-shared.ts} (65%)
 create mode 100644 apps/browser/src/autofill/content/components/icons/family.ts
 delete mode 100644 apps/browser/src/autofill/content/components/icons/users.ts

diff --git a/apps/browser/src/autofill/content/components/cipher/cipher-indicator-icons.ts b/apps/browser/src/autofill/content/components/cipher/cipher-indicator-icons.ts
index e4fe012a678..5e78fd5658a 100644
--- a/apps/browser/src/autofill/content/components/cipher/cipher-indicator-icons.ts
+++ b/apps/browser/src/autofill/content/components/cipher/cipher-indicator-icons.ts
@@ -4,7 +4,7 @@ import { html, TemplateResult } from "lit";
 import { Theme } from "@bitwarden/common/platform/enums";
 
 import { themes } from "../../../content/components/constants/styles";
-import { Business, Users } from "../../../content/components/icons";
+import { Business, Family } from "../../../content/components/icons";
 
 import { OrganizationCategories, OrganizationCategory } from "./types";
 
@@ -13,7 +13,7 @@ const cipherIndicatorIconsMap: Record<
   (args: { color: string; theme: Theme }) => TemplateResult
 > = {
   [OrganizationCategories.business]: Business,
-  [OrganizationCategories.family]: Users,
+  [OrganizationCategories.family]: Family,
 };
 
 export function CipherInfoIndicatorIcons({
diff --git a/apps/browser/src/autofill/content/components/icons/collection.ts b/apps/browser/src/autofill/content/components/icons/collection-shared.ts
similarity index 65%
rename from apps/browser/src/autofill/content/components/icons/collection.ts
rename to apps/browser/src/autofill/content/components/icons/collection-shared.ts
index fb2c58647c5..de366b88e92 100644
--- a/apps/browser/src/autofill/content/components/icons/collection.ts
+++ b/apps/browser/src/autofill/content/components/icons/collection-shared.ts
@@ -4,14 +4,14 @@ import { html } from "lit";
 import { IconProps } from "../common-types";
 import { buildIconColorRule, ruleNames, themes } from "../constants/styles";
 
-export function Collection({ color, disabled, theme }: IconProps) {
+export function CollectionShared({ color, disabled, theme }: IconProps) {
   const shapeColor = disabled ? themes[theme].secondary["300"] : color || themes[theme].text.main;
 
   return html`
     <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 14 14" fill="none">
       <path
         class=${css(buildIconColorRule(shapeColor, ruleNames.fill))}
-        d="M3.5.75A.75.75 0 0 1 4.25 0h5.5a.75.75 0 0 1 0 1.5h-5.5A.75.75 0 0 1 3.5.75ZM2.25 2a.75.75 0 0 0 0 1.5h9.5a.75.75 0 0 0 0-1.5h-9.5Z"
+        d="M3.5.75A.75.75 0 0 1 4.25 0h5.5a.75.75 0 0 1 0 1.5h-5.5A.75.75 0 0 1 3.5.75ZM2.25 2a.75.75 0 0 0 0 1.5h9.5a.75.75 0 0 0 0-1.5h-9.5ZM6 8a1 1 0 1 1-2 0 1 1 0 0 1 2 0ZM10 8a1 1 0 1 1-2 0 1 1 0 0 1 2 0ZM7 11.46a1.928 1.928 0 0 0-.586-1.386 2.035 2.035 0 0 0-2.828 0A1.928 1.928 0 0 0 3 11.461c0 .298.241.539.54.539h2.92a.54.54 0 0 0 .54-.54ZM8 11.46a2.928 2.928 0 0 0-.371-1.426A2.005 2.005 0 0 1 9 9.5a2.035 2.035 0 0 1 1.414.574A1.928 1.928 0 0 1 11 11.461a.54.54 0 0 1-.54.539H7.904c.063-.168.097-.35.097-.54Z"
       />
       <path
         class=${css(buildIconColorRule(shapeColor, ruleNames.fill))}
diff --git a/apps/browser/src/autofill/content/components/icons/family.ts b/apps/browser/src/autofill/content/components/icons/family.ts
new file mode 100644
index 00000000000..4a9db91f43a
--- /dev/null
+++ b/apps/browser/src/autofill/content/components/icons/family.ts
@@ -0,0 +1,19 @@
+import { css } from "@emotion/css";
+import { html } from "lit";
+
+import { IconProps } from "../common-types";
+import { buildIconColorRule, ruleNames, themes } from "../constants/styles";
+
+export function Family({ color, disabled, theme }: IconProps) {
+  const shapeColor = disabled ? themes[theme].secondary["300"] : color || themes[theme].text.main;
+
+  return html`
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="none">
+      <path
+        class=${css(buildIconColorRule(shapeColor, ruleNames.fill))}
+        fill-rule="evenodd"
+        d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0Zm-1.5 0a6.47 6.47 0 0 1-.932 3.356 3.732 3.732 0 0 0-1.106-.784 3.547 3.547 0 0 0-.516-.19 2 2 0 1 0-3.444-1.297c-.323-.216-.681-.4-1.069-.536a2.5 2.5 0 1 0-3.065-.155 5.405 5.405 0 0 0-1.59.674 3.912 3.912 0 0 0-.977.893A6.5 6.5 0 1 1 14.5 8ZM2.531 11.514a.75.75 0 0 0 .103-.13c.276-.436.552-.801.942-1.047a3.837 3.837 0 0 1 1.177-.492 5.243 5.243 0 0 1 .845-.095h.007l.022.001h.023c.436 0 .865.07 1.262.205.381.13.733.335 1.037.584.175.143.324.3.448.465l.164.226a4.13 4.13 0 0 0-1.035 1.565 4.407 4.407 0 0 0-.276 1.537c0 .043.004.085.01.125a6.5 6.5 0 0 1-4.729-2.944Zm10.033.964.07.08a6.481 6.481 0 0 1-3.894 1.9.757.757 0 0 0 .01-.125c0-.35.062-.694.181-1.013a2.63 2.63 0 0 1 .505-.842c.213-.237.462-.42.73-.543.267-.123.55-.185.834-.185.284 0 .567.062.835.185.267.123.516.306.729.543ZM7 6.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0ZM11 9a.5.5 0 1 1-1 0 .5.5 0 0 1 1 0Z"
+      />
+    </svg>
+  `;
+}
diff --git a/apps/browser/src/autofill/content/components/icons/index.ts b/apps/browser/src/autofill/content/components/icons/index.ts
index de39b70ab24..65ec6301ac4 100644
--- a/apps/browser/src/autofill/content/components/icons/index.ts
+++ b/apps/browser/src/autofill/content/components/icons/index.ts
@@ -3,12 +3,12 @@ export { AngleUp } from "./angle-up";
 export { BrandIconContainer } from "./brand-icon-container";
 export { Business } from "./business";
 export { Close } from "./close";
-export { Collection } from "./collection";
+export { CollectionShared } from "./collection-shared";
 export { ExclamationTriangle } from "./exclamation-triangle";
 export { ExternalLink } from "./external-link";
+export { Family } from "./family";
 export { Folder } from "./folder";
 export { Globe } from "./globe";
 export { PencilSquare } from "./pencil-square";
 export { Shield } from "./shield";
 export { User } from "./user";
-export { Users } from "./users";
diff --git a/apps/browser/src/autofill/content/components/icons/users.ts b/apps/browser/src/autofill/content/components/icons/users.ts
deleted file mode 100644
index eb7840104f0..00000000000
--- a/apps/browser/src/autofill/content/components/icons/users.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-import { css } from "@emotion/css";
-import { html } from "lit";
-
-import { IconProps } from "../common-types";
-import { buildIconColorRule, ruleNames, themes } from "../constants/styles";
-
-export function Users({ color, disabled, theme }: IconProps) {
-  const shapeColor = disabled ? themes[theme].secondary["300"] : color || themes[theme].text.main;
-
-  return html`
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 14" fill="none">
-      <path
-        class=${css(buildIconColorRule(shapeColor, ruleNames.fill))}
-        d="M6.5 2.5c0 .375-.082.73-.23 1.049A2.986 2.986 0 0 1 8 3c.644 0 1.241.203 1.73.549a2.5 2.5 0 1 1 3.925.825 4 4 0 0 1 1.173.846c.372.387.667.847.867 1.352.201.506.305 1.047.305 1.595 0 .46-.373.833-.833.833H11a4.987 4.987 0 0 1 1.62 2.087A5 5 0 0 1 13 13a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1 5 5 0 0 1 2-4H.833A.833.833 0 0 1 0 8.167c0-.548.103-1.09.304-1.595.202-.505.496-.965.868-1.352.339-.353.736-.64 1.173-.846A2.5 2.5 0 1 1 6.5 2.5ZM4 3.5a1 1 0 1 0 0-2 1 1 0 0 0 0 2Zm1.401 4a2.986 2.986 0 0 1-.389-1.771A2.404 2.404 0 0 0 4 5.5c-.32 0-.638.065-.936.194-.3.13-.575.32-.81.565A2.682 2.682 0 0 0 1.579 7.5h3.822Zm5.198 0h3.822a2.682 2.682 0 0 0-.674-1.24 2.493 2.493 0 0 0-.81-.566 2.362 2.362 0 0 0-1.95.035 2.987 2.987 0 0 1-.39 1.771ZM12 3.5a1 1 0 1 0 0-2 1 1 0 0 0 0 2Zm-4 4a1.5 1.5 0 1 0 0-3 1.5 1.5 0 0 0 0 3Zm3.464 5a3.5 3.5 0 0 0-6.928 0h6.928Z"
-      />
-    </svg>
-  `;
-}
diff --git a/apps/browser/src/autofill/content/components/lit-stories/icons/icons.lit-stories.ts b/apps/browser/src/autofill/content/components/lit-stories/icons/icons.lit-stories.ts
index fc5db1c7c2c..c74895e1dea 100644
--- a/apps/browser/src/autofill/content/components/lit-stories/icons/icons.lit-stories.ts
+++ b/apps/browser/src/autofill/content/components/lit-stories/icons/icons.lit-stories.ts
@@ -43,26 +43,23 @@ const createIconStory = (iconName: keyof typeof Icons): StoryObj<Args> => {
     render: (args) => Template(args, Icons[iconName]),
   } as StoryObj<Args>;
 
-  if (iconName !== "BrandIconContainer") {
-    story.argTypes = {
-      iconLink: { table: { disable: true } },
-    };
-  }
+  story.argTypes = {
+    iconLink: { table: { disable: true } },
+  };
 
   return story;
 };
 
 export const AngleDownIcon = createIconStory("AngleDown");
 export const AngleUpIcon = createIconStory("AngleUp");
-export const BrandIcon = createIconStory("BrandIconContainer");
 export const BusinessIcon = createIconStory("Business");
 export const CloseIcon = createIconStory("Close");
-export const CollectionIcon = createIconStory("Collection");
+export const CollectionSharedIcon = createIconStory("CollectionShared");
 export const ExclamationTriangleIcon = createIconStory("ExclamationTriangle");
 export const ExternalLinkIcon = createIconStory("ExternalLink");
+export const FamilyIcon = createIconStory("Family");
 export const FolderIcon = createIconStory("Folder");
 export const GlobeIcon = createIconStory("Globe");
 export const PencilSquareIcon = createIconStory("PencilSquare");
 export const ShieldIcon = createIconStory("Shield");
 export const UserIcon = createIconStory("User");
-export const UsersIcon = createIconStory("Users");
diff --git a/apps/browser/src/autofill/content/components/notification/button-row.ts b/apps/browser/src/autofill/content/components/notification/button-row.ts
index 6fa32f11aa2..8661f5957e1 100644
--- a/apps/browser/src/autofill/content/components/notification/button-row.ts
+++ b/apps/browser/src/autofill/content/components/notification/button-row.ts
@@ -4,14 +4,14 @@ import { ProductTierType } from "@bitwarden/common/billing/enums";
 import { Theme } from "@bitwarden/common/platform/enums";
 
 import { Option, OrgView, FolderView } from "../common-types";
-import { Business, Users, Folder, User } from "../icons";
+import { Business, Family, Folder, User } from "../icons";
 import { ButtonRow } from "../rows/button-row";
 
 function getVaultIconByProductTier(productTierType?: ProductTierType): Option["icon"] {
   switch (productTierType) {
     case ProductTierType.Free:
     case ProductTierType.Families:
-      return Users;
+      return Family;
     case ProductTierType.Teams:
     case ProductTierType.Enterprise:
     case ProductTierType.TeamsStarter:

From 4b45bfaeeb4be5cfacb3f8c2d3febaf99dda2ee0 Mon Sep 17 00:00:00 2001
From: Jason Ng <jng@bitwarden.com>
Date: Wed, 16 Apr 2025 17:03:51 -0400
Subject: [PATCH 02/30] [PM-20236] update routing for intro carousel so path is
 not saved during popout (#14300)

---
 apps/browser/src/popup/app-routing.module.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index 8ebf6eb6110..21ac4c19700 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -593,6 +593,7 @@ const routes: Routes = [
     path: "intro-carousel",
     component: ExtensionAnonLayoutWrapperComponent,
     canActivate: [],
+    data: { elevation: 0, doNotSaveUrl: true } satisfies RouteDataProperties,
     children: [
       {
         path: "",

From 9f61b6aaa7bbadadca59419741b30e59953823ba Mon Sep 17 00:00:00 2001
From: Jason Ng <jng@bitwarden.com>
Date: Wed, 16 Apr 2025 17:14:27 -0400
Subject: [PATCH 03/30] [PM-20182] update colors for intro carousel svg for
 dark theme (#14280)

---
 .../intro-carousel/intro-carousel.component.html       |  2 +-
 libs/vault/src/icons/login-cards.ts                    |  8 ++++----
 libs/vault/src/icons/secure-devices.ts                 | 10 +++++-----
 libs/vault/src/icons/secure-user.ts                    |  4 ++--
 libs/vault/src/icons/security-handshake.ts             |  8 ++++----
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/apps/browser/src/vault/popup/components/vault-v2/intro-carousel/intro-carousel.component.html b/apps/browser/src/vault/popup/components/vault-v2/intro-carousel/intro-carousel.component.html
index 3c061109945..ff7bf25b86b 100644
--- a/apps/browser/src/vault/popup/components/vault-v2/intro-carousel/intro-carousel.component.html
+++ b/apps/browser/src/vault/popup/components/vault-v2/intro-carousel/intro-carousel.component.html
@@ -43,7 +43,7 @@
   bitButton
   buttonType="secondary"
   (click)="navigateToLogin()"
-  class="tw-w-full tw-mt-4"
+  class="tw-w-full tw-mt-2"
 >
   {{ "logIn" | i18n }}
 </button>
diff --git a/libs/vault/src/icons/login-cards.ts b/libs/vault/src/icons/login-cards.ts
index 01baf308412..6e066a0d924 100644
--- a/libs/vault/src/icons/login-cards.ts
+++ b/libs/vault/src/icons/login-cards.ts
@@ -2,10 +2,10 @@ import { svgIcon } from "@bitwarden/components";
 
 export const LoginCards = svgIcon`
 <svg xmlns="http://www.w3.org/2000/svg" width="150" height="150" fill="none">
-<path class="tw-fill-background-alt4" fill-rule="evenodd" d="M134.152 32.493c0-.69.559-1.25 1.25-1.25h1.493a8.707 8.707 0 0 1 8.707 8.707v79.047a8.707 8.707 0 0 1-8.707 8.707H22.054c-4.81 0-8.707-3.906-8.707-8.713a1.25 1.25 0 1 1 2.5 0 6.212 6.212 0 0 0 6.207 6.213h114.841a6.207 6.207 0 0 0 6.207-6.207V39.95a6.207 6.207 0 0 0-6.207-6.207h-1.493a1.25 1.25 0 0 1-1.25-1.25Z" clip-rule="evenodd"/>
-<path class="tw-fill-background-alt4" fill-rule="evenodd" d="M13.105 24.795a6.207 6.207 0 0 0-6.207 6.207v80.538a6.207 6.207 0 0 0 6.207 6.207h114.841a6.207 6.207 0 0 0 6.208-6.207V31.002a6.207 6.207 0 0 0-6.208-6.207H13.106Zm-8.707 6.207a8.707 8.707 0 0 1 8.707-8.707h114.841a8.708 8.708 0 0 1 8.708 8.707v80.538a8.708 8.708 0 0 1-8.708 8.707H13.106a8.707 8.707 0 0 1-8.708-8.707V31.002Z" clip-rule="evenodd"/>
-<path class="tw-fill-background-alt4" fill-rule="evenodd" d="M120.964 75.915H20.766c-.819 0-1.483.664-1.483 1.483v8.949c0 .819.664 1.483 1.483 1.483h100.198c.819 0 1.483-.664 1.483-1.483v-8.95c0-.818-.664-1.482-1.483-1.482Zm-100.198-1.5a2.983 2.983 0 0 0-2.983 2.983v8.949a2.983 2.983 0 0 0 2.983 2.983h100.198a2.983 2.983 0 0 0 2.983-2.983v-8.95a2.983 2.983 0 0 0-2.983-2.982H20.766ZM120.964 96.794H20.766c-.819 0-1.483.664-1.483 1.483v8.948c0 .819.664 1.483 1.483 1.483h100.198c.819 0 1.483-.664 1.483-1.483v-8.948c0-.82-.664-1.483-1.483-1.483Zm-100.198-1.5a2.983 2.983 0 0 0-2.983 2.983v8.948a2.983 2.983 0 0 0 2.983 2.983h100.198a2.983 2.983 0 0 0 2.983-2.983v-8.948a2.983 2.983 0 0 0-2.983-2.983H20.766Z" clip-rule="evenodd"/>
+<path class="tw-fill-art-primary" fill-rule="evenodd" d="M134.152 32.493c0-.69.559-1.25 1.25-1.25h1.493a8.707 8.707 0 0 1 8.707 8.707v79.047a8.707 8.707 0 0 1-8.707 8.707H22.054c-4.81 0-8.707-3.906-8.707-8.713a1.25 1.25 0 1 1 2.5 0 6.212 6.212 0 0 0 6.207 6.213h114.841a6.207 6.207 0 0 0 6.207-6.207V39.95a6.207 6.207 0 0 0-6.207-6.207h-1.493a1.25 1.25 0 0 1-1.25-1.25Z" clip-rule="evenodd"/>
+<path class="tw-fill-art-primary" fill-rule="evenodd" d="M13.105 24.795a6.207 6.207 0 0 0-6.207 6.207v80.538a6.207 6.207 0 0 0 6.207 6.207h114.841a6.207 6.207 0 0 0 6.208-6.207V31.002a6.207 6.207 0 0 0-6.208-6.207H13.106Zm-8.707 6.207a8.707 8.707 0 0 1 8.707-8.707h114.841a8.708 8.708 0 0 1 8.708 8.707v80.538a8.708 8.708 0 0 1-8.708 8.707H13.106a8.707 8.707 0 0 1-8.708-8.707V31.002Z" clip-rule="evenodd"/>
+<path class="tw-fill-art-primary" fill-rule="evenodd" d="M120.964 75.915H20.766c-.819 0-1.483.664-1.483 1.483v8.949c0 .819.664 1.483 1.483 1.483h100.198c.819 0 1.483-.664 1.483-1.483v-8.95c0-.818-.664-1.482-1.483-1.482Zm-100.198-1.5a2.983 2.983 0 0 0-2.983 2.983v8.949a2.983 2.983 0 0 0 2.983 2.983h100.198a2.983 2.983 0 0 0 2.983-2.983v-8.95a2.983 2.983 0 0 0-2.983-2.982H20.766ZM120.964 96.794H20.766c-.819 0-1.483.664-1.483 1.483v8.948c0 .819.664 1.483 1.483 1.483h100.198c.819 0 1.483-.664 1.483-1.483v-8.948c0-.82-.664-1.483-1.483-1.483Zm-100.198-1.5a2.983 2.983 0 0 0-2.983 2.983v8.948a2.983 2.983 0 0 0 2.983 2.983h100.198a2.983 2.983 0 0 0 2.983-2.983v-8.948a2.983 2.983 0 0 0-2.983-2.983H20.766Z" clip-rule="evenodd"/>
 <path class="tw-fill-art-accent" fill-rule="evenodd" d="M22.795 81.712a.75.75 0 0 1 .75-.75H87.68a.75.75 0 0 1 0 1.5H23.545a.75.75 0 0 1-.75-.75ZM26.618 100.354a.75.75 0 0 0-1.5 0v1.426l-1.34-.439a.75.75 0 0 0-.466 1.426l1.353.443-.845 1.183a.75.75 0 0 0 1.221.872l.827-1.158.827 1.158a.75.75 0 0 0 1.22-.872l-.845-1.183 1.353-.443a.75.75 0 0 0-.466-1.426l-1.34.439v-1.426Zm9.584 0a.75.75 0 0 0-1.5 0v1.426l-1.339-.439a.75.75 0 0 0-.466 1.426l1.353.443-.845 1.183a.75.75 0 0 0 1.22.872l.827-1.158.827 1.158a.75.75 0 0 0 1.22-.872l-.844-1.183 1.353-.443a.75.75 0 0 0-.467-1.426l-1.339.439v-1.426Zm8.834-.75a.75.75 0 0 1 .75.75v1.426l1.339-.439a.75.75 0 0 1 .467 1.426l-1.353.443.845 1.183a.75.75 0 0 1-1.22.872l-.828-1.159-.827 1.159a.75.75 0 1 1-1.22-.872l.844-1.183-1.353-.443a.75.75 0 0 1 .467-1.426l1.339.439v-1.426a.75.75 0 0 1 .75-.75Zm10.334.75a.75.75 0 0 0-1.5 0v1.426l-1.339-.439a.75.75 0 0 0-.466 1.426l1.353.443-.845 1.183a.75.75 0 1 0 1.22.872l.828-1.159.827 1.159a.75.75 0 0 0 1.22-.872l-.845-1.183 1.353-.443a.75.75 0 0 0-.467-1.426l-1.339.439v-1.426Zm8.835-.75a.75.75 0 0 1 .75.75v1.426l1.338-.439a.75.75 0 0 1 .467 1.426l-1.352.443.845 1.183a.75.75 0 0 1-1.221.872l-.827-1.159-.828 1.159a.75.75 0 0 1-1.22-.872L63 103.21l-1.353-.443a.75.75 0 0 1 .467-1.426l1.34.439v-1.426a.75.75 0 0 1 .75-.75Zm10.334.75a.75.75 0 0 0-1.5 0v1.426l-1.34-.439a.75.75 0 0 0-.466 1.426l1.353.443-.845 1.183a.75.75 0 1 0 1.221.872l.827-1.158.827 1.158a.75.75 0 0 0 1.22-.872l-.844-1.183 1.352-.443a.75.75 0 0 0-.466-1.426l-1.34.439v-1.426ZM53.215 50.395c0-9.566 7.755-17.314 17.313-17.314 9.56 0 17.308 7.749 17.314 17.313 0 5.31-2.399 10.061-6.16 13.236l-.742.626-.418-.876c-1.785-3.736-5.584-6.324-9.994-6.324s-8.214 2.583-9.992 6.323l-.418.878-.743-.627c-3.761-3.175-6.16-7.92-6.16-13.236Zm13.8 5.66a12.594 12.594 0 0 0-7.373 5.801 15.759 15.759 0 0 1-4.927-11.462c0-8.736 7.083-15.813 15.813-15.813s15.808 7.077 15.814 15.814c0 4.51-1.895 8.58-4.928 11.462a12.623 12.623 0 0 0-7.373-5.802 6.659 6.659 0 0 0 3.149-5.66 6.663 6.663 0 0 0-6.662-6.662 6.663 6.663 0 0 0-6.66 6.662 6.659 6.659 0 0 0 3.147 5.66Zm3.513-10.822a5.163 5.163 0 0 0-5.16 5.162 5.163 5.163 0 0 0 5.16 5.16 5.163 5.163 0 0 0 5.162-5.16 5.163 5.163 0 0 0-5.162-5.162Z" clip-rule="evenodd"/>
-<path class="tw-fill-background-alt4" fill-rule="evenodd" d="M70.528 34.57c-8.743 0-15.83 7.081-15.83 15.816s7.087 15.817 15.83 15.817c8.744 0 15.83-7.082 15.83-15.817S79.272 34.57 70.528 34.57Zm-17.33 15.816c0-9.564 7.76-17.317 17.33-17.317 9.571 0 17.33 7.753 17.33 17.317 0 9.565-7.759 17.317-17.33 17.317-9.57 0-17.33-7.752-17.33-17.317Z" clip-rule="evenodd"/>
+<path class="tw-fill-art-primary" fill-rule="evenodd" d="M70.528 34.57c-8.743 0-15.83 7.081-15.83 15.816s7.087 15.817 15.83 15.817c8.744 0 15.83-7.082 15.83-15.817S79.272 34.57 70.528 34.57Zm-17.33 15.816c0-9.564 7.76-17.317 17.33-17.317 9.571 0 17.33 7.753 17.33 17.317 0 9.565-7.759 17.317-17.33 17.317-9.57 0-17.33-7.752-17.33-17.317Z" clip-rule="evenodd"/>
 </svg>
 `;
diff --git a/libs/vault/src/icons/secure-devices.ts b/libs/vault/src/icons/secure-devices.ts
index ee3a6ea6b90..4e123afad40 100644
--- a/libs/vault/src/icons/secure-devices.ts
+++ b/libs/vault/src/icons/secure-devices.ts
@@ -3,14 +3,14 @@ import { svgIcon } from "@bitwarden/components";
 export const SecureDevices = svgIcon`
 <svg xmlns="http://www.w3.org/2000/svg" width="150" height="150" fill="none">
 <path class="tw-stroke-art-accent" stroke-width="1.5" d="M122.568 45.774v-3a5.176 5.176 0 0 0-5.176-5.175H34.094a5.176 5.176 0 0 0-5.176 5.176v10.432m67.636 39.392H33.378"/>
-<path class="tw-stroke-background-alt4" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M53.446 111.924h43.108"/>
-<path class="tw-stroke-background-alt4" stroke-linejoin="round" stroke-width="1.5" d="M68.118 98.72v13.204M82.96 98.72v13.204"/>
-<path class="tw-stroke-background-alt4" stroke-width="2.5" d="M127.771 45.775v-3.026c0-5.718-4.635-10.352-10.352-10.352H34.068c-5.718 0-10.352 4.634-10.352 10.352v10.459m72.838 44.595H33.378"/>
+<path class="tw-stroke-art-primary" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M53.446 111.924h43.108"/>
+<path class="tw-stroke-art-primary" stroke-linejoin="round" stroke-width="1.5" d="M68.118 98.72v13.204M82.96 98.72v13.204"/>
+<path class="tw-stroke-art-primary" stroke-width="2.5" d="M127.771 45.775v-3.026c0-5.718-4.635-10.352-10.352-10.352H34.068c-5.718 0-10.352 4.634-10.352 10.352v10.459m72.838 44.595H33.378"/>
 <path class="tw-fill-art-accent" fill-rule="evenodd" d="M71.835 59.965C72.068 57.392 73.906 55.5 76 55.5s3.932 1.892 4.165 4.465h-8.33Zm-1.005.034c.224-3.015 2.388-5.499 5.17-5.499 2.781 0 4.946 2.484 5.17 5.5 1.6.232 2.83 1.61 2.83 3.275v6.62a3.31 3.31 0 0 1-3.31 3.311h-9.38a3.31 3.31 0 0 1-3.31-3.31v-6.62a3.311 3.311 0 0 1 2.83-3.277Zm.48.966h9.38a2.31 2.31 0 0 1 2.31 2.31v6.62a2.31 2.31 0 0 1-2.31 2.311h-9.38a2.31 2.31 0 0 1-2.31-2.31v-6.62a2.31 2.31 0 0 1 2.31-2.311Z" clip-rule="evenodd"/>
 <path class="tw-fill-art-accent" fill-rule="evenodd" d="M75.448 67.482a1.103 1.103 0 0 1-.551-.956v-.215a1.103 1.103 0 1 1 2.206 0v.215c0 .408-.221.765-.551.956v1.594a.552.552 0 1 1-1.104 0v-1.594Z" clip-rule="evenodd"/>
-<rect width="30.203" height="56.96" x="3.411" y="52.971" class="tw-stroke-background-alt4" stroke-width="2.5" rx="7.377"/>
+<rect width="30.203" height="56.96" x="3.411" y="52.971" class="tw-stroke-art-primary" stroke-width="2.5" rx="7.377"/>
 <path class="tw-stroke-art-accent" stroke-linecap="round" stroke-width="1.725" d="M18.164 58.148h.685"/>
-<rect width="51.284" height="71.352" x="96.554" y="45.775" class="tw-stroke-background-alt4" stroke-width="2.5" rx="6.901"/>
+<rect width="51.284" height="71.352" x="96.554" y="45.775" class="tw-stroke-art-primary" stroke-width="2.5" rx="6.901"/>
 <circle cx="122.568" cy="111.924" r="1.486" class="tw-fill-art-accent"/>
 </svg>
 `;
diff --git a/libs/vault/src/icons/secure-user.ts b/libs/vault/src/icons/secure-user.ts
index f8f126adbac..39d9957030c 100644
--- a/libs/vault/src/icons/secure-user.ts
+++ b/libs/vault/src/icons/secure-user.ts
@@ -2,8 +2,8 @@ import { svgIcon } from "@bitwarden/components";
 
 export const SecureUser = svgIcon`
 <svg xmlns="http://www.w3.org/2000/svg" width="150" height="150" fill="none">
-<path class="tw-fill-background-alt4" fill-rule="evenodd" d="M96.538 35.676c-.85 0-1.538-.688-1.538-1.538v-.6a1.538 1.538 0 1 1 3.076 0v.6c0 .85-.688 1.538-1.538 1.538ZM103.737 35.676a1.538 1.538 0 0 1-1.538-1.538v-.6a1.538 1.538 0 0 1 3.076 0v.6c0 .85-.688 1.538-1.538 1.538ZM110.935 35.676a1.538 1.538 0 0 1-1.538-1.538v-.6a1.538 1.538 0 0 1 3.076 0v.6c0 .85-.689 1.538-1.538 1.538Z" clip-rule="evenodd"/>
-<path class="tw-fill-background-alt4" fill-rule="evenodd" d="M12.708 26.798C7.346 26.798 3 31.145 3 36.508v58.446c0 5.362 4.347 9.71 9.71 9.71h9.567v-2.5h-9.568a7.21 7.21 0 0 1-7.209-7.21V39.451h112.272v5.666a21.936 21.936 0 0 0-8.466-1.688c-12.15 0-22 9.85-22 22 0 9.269 5.732 17.199 13.845 20.439-9.966 2.189-18.447 8.17-23.747 16.296H64.038v2.5H75.91a35.893 35.893 0 0 0-3.913 11.415c-.408 2.511.898 5.791 4.056 5.791h65.572c4.042 0 6.167-2.082 5.564-5.791-2.447-15.065-14.291-27.103-29.529-30.292 8.007-3.29 13.645-11.166 13.645-20.358 0-8.158-4.44-15.278-11.034-19.077v-9.845c0-5.362-4.347-9.71-9.71-9.71H12.708ZM117.771 37.95v-1.444a7.21 7.21 0 0 0-7.21-7.21H12.708a7.21 7.21 0 0 0-7.209 7.21v1.444h112.272Zm-38.837 66.713h-.144a33.454 33.454 0 0 0-4.326 11.816c-.118.732.03 1.578.376 2.164.292.494.65.726 1.213.726h65.572c1.649 0 2.42-.429 2.735-.751.252-.258.576-.819.361-2.139-2.662-16.39-17.328-29.024-35.128-29.024-13.09 0-24.486 6.833-30.659 16.968v.24Zm49.871-39.235c0 10.77-8.73 19.5-19.5 19.5s-19.5-8.73-19.5-19.5 8.73-19.5 19.5-19.5 19.5 8.73 19.5 19.5Z" clip-rule="evenodd"/>
+<path class="tw-fill-art-primary" fill-rule="evenodd" d="M96.538 35.676c-.85 0-1.538-.688-1.538-1.538v-.6a1.538 1.538 0 1 1 3.076 0v.6c0 .85-.688 1.538-1.538 1.538ZM103.737 35.676a1.538 1.538 0 0 1-1.538-1.538v-.6a1.538 1.538 0 0 1 3.076 0v.6c0 .85-.688 1.538-1.538 1.538ZM110.935 35.676a1.538 1.538 0 0 1-1.538-1.538v-.6a1.538 1.538 0 0 1 3.076 0v.6c0 .85-.689 1.538-1.538 1.538Z" clip-rule="evenodd"/>
+<path class="tw-fill-art-primary" fill-rule="evenodd" d="M12.708 26.798C7.346 26.798 3 31.145 3 36.508v58.446c0 5.362 4.347 9.71 9.71 9.71h9.567v-2.5h-9.568a7.21 7.21 0 0 1-7.209-7.21V39.451h112.272v5.666a21.936 21.936 0 0 0-8.466-1.688c-12.15 0-22 9.85-22 22 0 9.269 5.732 17.199 13.845 20.439-9.966 2.189-18.447 8.17-23.747 16.296H64.038v2.5H75.91a35.893 35.893 0 0 0-3.913 11.415c-.408 2.511.898 5.791 4.056 5.791h65.572c4.042 0 6.167-2.082 5.564-5.791-2.447-15.065-14.291-27.103-29.529-30.292 8.007-3.29 13.645-11.166 13.645-20.358 0-8.158-4.44-15.278-11.034-19.077v-9.845c0-5.362-4.347-9.71-9.71-9.71H12.708ZM117.771 37.95v-1.444a7.21 7.21 0 0 0-7.21-7.21H12.708a7.21 7.21 0 0 0-7.209 7.21v1.444h112.272Zm-38.837 66.713h-.144a33.454 33.454 0 0 0-4.326 11.816c-.118.732.03 1.578.376 2.164.292.494.65.726 1.213.726h65.572c1.649 0 2.42-.429 2.735-.751.252-.258.576-.819.361-2.139-2.662-16.39-17.328-29.024-35.128-29.024-13.09 0-24.486 6.833-30.659 16.968v.24Zm49.871-39.235c0 10.77-8.73 19.5-19.5 19.5s-19.5-8.73-19.5-19.5 8.73-19.5 19.5-19.5 19.5 8.73 19.5 19.5Z" clip-rule="evenodd"/>
 <path class="tw-fill-art-accent" fill-rule="evenodd" d="M41.932 101.294a3.075 3.075 0 0 1-1.538-2.665v-.6a3.076 3.076 0 1 1 6.152 0v.6a3.075 3.075 0 0 1-1.538 2.665v4.444a1.538 1.538 0 0 1-3.076 0v-4.444Z" clip-rule="evenodd"/>
 <path class="tw-fill-art-accent" fill-rule="evenodd" d="M31.715 80.342c.649-7.236 5.821-12.592 11.755-12.592 5.934 0 11.106 5.356 11.755 12.592h-23.51Zm-2.514.076C29.834 72.08 35.82 65.25 43.47 65.25c7.65 0 13.636 6.83 14.268 15.168 4.533.586 8.034 4.46 8.034 9.152v18.457a9.229 9.229 0 0 1-9.228 9.229H30.396a9.229 9.229 0 0 1-9.228-9.229V89.57c0-4.692 3.501-8.566 8.034-9.152Zm1.195 2.424h26.148a6.728 6.728 0 0 1 6.728 6.728v18.457a6.729 6.729 0 0 1-6.728 6.729H30.396a6.729 6.729 0 0 1-6.728-6.729V89.57a6.728 6.728 0 0 1 6.728-6.728Z" clip-rule="evenodd"/>
 </svg>
diff --git a/libs/vault/src/icons/security-handshake.ts b/libs/vault/src/icons/security-handshake.ts
index 5a598fd180d..d68f8a948d3 100644
--- a/libs/vault/src/icons/security-handshake.ts
+++ b/libs/vault/src/icons/security-handshake.ts
@@ -2,11 +2,11 @@ import { svgIcon } from "@bitwarden/components";
 
 export const SecurityHandshake = svgIcon`
 <svg xmlns="http://www.w3.org/2000/svg" width="150" height="150" fill="none">
-  <path class="tw-fill-background-alt4" fill-rule="evenodd" d="M55.54 113.815c1.794.909 3.324 1.383 4.435 1.727l.015.005c.777.24 1.185.374 1.432.507.368.197.8.234 1.196.101.178-.059.34-.136.424-.176l.015-.007c.074-.035.111-.052.145-.066l.043-.016c.091-.023.18-.054.265-.093 1.521-.703 3.915-1.763 5.936-2.033a1.508 1.508 0 1 0-.4-2.989c-2.483.331-5.207 1.549-6.698 2.235a3.936 3.936 0 0 0-.205.071 19.521 19.521 0 0 0-1.259-.415m-5.344 1.149-7.071 12.092 10.526 5.46a1.508 1.508 0 1 1-1.392 2.677l-11.297-5.861a1.438 1.438 0 0 1-.086-.048c-1.192-.72-1.31-2.134-.741-3.096l7.824-13.379.006-.011a2.254 2.254 0 0 1 2.988-.846c1.819 1.003 3.36 1.483 4.587 1.863m30.235 16.5a1.511 1.511 0 0 1 2.097.401c.607.894.98 1.89.98 2.92 0 1.046-.387 2.014-1.104 2.799-.651.739-1.616 1.204-2.55 1.384-.396 1.524-1.314 2.468-2.166 2.927-.453.29-.949.482-1.457.579a4.34 4.34 0 0 1-.753 1.255c-.778 1.183-2.122 1.69-3.26 1.717-.528.684-1.278 1.183-2.103 1.523a1.378 1.378 0 0 1-.207.068c-.479.121-.86.121-1.15.12h-.031c-1.046 0-2.113-.377-2.97-.771a17.903 17.903 0 0 1-2.326-1.316 1.507 1.507 0 0 1-.425-2.09 1.512 1.512 0 0 1 2.092-.425c.54.357 1.225.771 1.921 1.091.729.335 1.319.495 1.708.495.158 0 .232 0 .297-.005a.5.5 0 0 0 .057-.006c.642-.289.817-.592.864-.75a1.509 1.509 0 0 1 2.019-.963.34.34 0 0 0 .035.013l.006.001h.118c.425 0 .74-.204.844-.378.052-.087.112-.169.18-.244.233-.255.341-.534.351-.854a1.508 1.508 0 0 1 1.765-1.439.995.995 0 0 0 .183.016c.228 0 .45-.066.634-.19.052-.035.106-.067.162-.095.135-.068.748-.467.788-1.786a1.506 1.506 0 0 1 1.77-1.439c.056.009.122.015.19.015.46 0 .97-.241 1.148-.447l.03-.033c.233-.253.32-.506.32-.772 0-.291-.106-.707-.459-1.226a1.507 1.507 0 0 1 .402-2.095Z" clip-rule="evenodd"/>
-  <path class="tw-fill-background-alt4" fill-rule="evenodd" d="M72 112.173c-1.273.841-2.725 2.355-4.115 5.058l-.01.017-.008.017c-.151.275-.17.673.06 1.112.223.352.93.775 2.136.148l.002-.001c1.492-.774 2.61-1.589 3.249-2.055l.27-.196.394-.28h.483c1.04 0 1.622-.069 1.973-.127l1.176-.195.463 1.096c.27.638.738 1.674 1.75 2.722 1.003 1.039 2.605 2.153 5.227 2.823l.379.097 6.936 6.552 9.308-5.228-6.9-11.821-8.164 3.699-9.407-4.142-.055-.019a5.217 5.217 0 0 1-.143-.052 4.902 4.902 0 0 0-1.654-.284c-.92 0-2.086.225-3.35 1.059Zm-1.665-2.515c1.808-1.195 3.566-1.56 5.014-1.56a7.942 7.942 0 0 1 2.62.442h.067l8.555 3.767 7.51-3.403c.622-.295 1.275-.21 1.71-.065a2.269 2.269 0 0 1 1.288 1.069l7.663 13.128.041.102c.447 1.114-.052 2.174-.793 2.728l-.079.059-10.628 5.969-.034.017a2.14 2.14 0 0 1-.611.203c-.186.031-.36.03-.42.03h-.013a2.308 2.308 0 0 1-1.566-.644l-6.743-6.369c-2.938-.818-4.923-2.157-6.267-3.548a11.163 11.163 0 0 1-1.879-2.613c-.241.016-.51.028-.81.034a27.07 27.07 0 0 1-3.503 2.196c-2.178 1.133-4.872.843-6.142-1.31l-.013-.021-.012-.021c-.64-1.17-.807-2.672-.084-4.011 1.569-3.044 3.333-4.993 5.129-6.179ZM57.94 130.702c.891-1.069 2.069-1.933 3.664-1.8l.008.001.01.001c.935.089 1.694.495 2.265.942.338-.144.68-.255 1.02-.329.627-.138 1.35-.175 2.03.051l.01.004.01.004c.977.341 1.645 1.027 2.088 1.686.1.002.202.008.305.017 1.872.175 2.963 1.224 3.556 2.131.99.251 1.717.81 2.216 1.488.572.777.794 1.647.905 2.123.353 1.346.505 3.585.005 5.75l-.012.052-.016.052c-.523 1.697-2.08 2.624-3.747 2.624-1.286 0-2.644-.473-3.66-1.359-1.753-.177-3.254-.773-4.257-1.985a5.169 5.169 0 0 1-3.062-1.144l-.03-.025-.03-.026a4.962 4.962 0 0 1-1.3-1.834 7.301 7.301 0 0 1-1.28-.677c-.767-.513-1.61-1.319-2.011-2.519-.59-1.766-.012-3.553 1.287-5.197l.013-.016.013-.015Zm2.332 1.915c-.918 1.168-.934 1.9-.78 2.359.118.355.396.679.827.968.43.287.91.469 1.226.561l.843.246.203.853c.13.545.38.869.605 1.076.441.341.906.462 1.33.462.1 0 .185-.012.26-.028l1.153-.253.524 1.056c.026.051.053.101.083.151.305.466.902.901 2.221 1.056l.848-.401.748.917c.401.493 1.156.843 1.894.843.531 0 .763-.234.848-.457.37-1.661.23-3.382-.003-4.254l-.007-.025-.005-.025c-.098-.423-.212-.781-.402-1.039-.135-.183-.335-.366-.838-.395l-.93-.054-.37-.855c-.189-.439-.584-1.013-1.482-1.097a.998.998 0 0 0-.402.042l-1.315.417-.533-1.272a2.837 2.837 0 0 0-.41-.7c-.156-.188-.302-.291-.43-.34-.02-.003-.153-.026-.421.033a3.292 3.292 0 0 0-.967.405l-.097.065-1.137.789-.885-1.063a2.803 2.803 0 0 0-.562-.523 1.255 1.255 0 0 0-.565-.228c-.189-.014-.494.023-1.072.71Z" clip-rule="evenodd"/>
-  <path class="tw-fill-background-alt4" fill-rule="evenodd" d="M65.358 131.532a.754.754 0 0 1-.246 1.038l-.103.062c-.269.163-.767.464-1.28.884-.602.495-1.119 1.074-1.317 1.666-.137.411-.148.939-.064 1.485.083.542.25 1.032.4 1.333a.754.754 0 0 1-1.35.674 6.278 6.278 0 0 1-.543-1.777c-.104-.679-.116-1.471.125-2.191.334-1.002 1.12-1.804 1.79-2.355.605-.496 1.201-.855 1.463-1.012l.087-.053a.756.756 0 0 1 1.038.246ZM68.873 132.736c.19.37.044.825-.326 1.015-.456.234-1.697 1.226-2.23 3.049-.556 1.904-.188 3.039-.072 3.236a.754.754 0 1 1-1.305.76c-.38-.653-.708-2.24-.072-4.418.66-2.26 2.202-3.564 2.988-3.968a.754.754 0 0 1 1.017.326ZM72.056 135.181c.191.37.045.825-.326 1.015-.141.073-.415.314-.724.782a6.358 6.358 0 0 0-.77 1.693c-.187.637-.246 1.364-.225 1.989.01.31.04.58.077.788.034.182.065.271.074.295.002.007.002.008 0 .005a.755.755 0 0 1-1.304.76c-.132-.226-.208-.527-.255-.792a7.079 7.079 0 0 1-.1-1.006c-.025-.737.04-1.631.283-2.461a7.84 7.84 0 0 1 .96-2.102c.365-.553.814-1.046 1.294-1.292a.756.756 0 0 1 1.016.326ZM77.04 136.44l.01.008.027.025.11.101a54.371 54.371 0 0 0 1.782 1.551c1.106.921 2.391 1.905 3.282 2.35a.754.754 0 1 1-.675 1.349c-1.068-.534-2.477-1.628-3.574-2.541a57.15 57.15 0 0 1-1.833-1.595l-.114-.105-.03-.028-.012-.01.514-.553-.514.553a.754.754 0 1 1 1.027-1.105ZM78.495 132.514l.012.011.038.034.15.13a74.33 74.33 0 0 0 2.44 2.015c1.507 1.19 3.281 2.483 4.53 3.075a.753.753 0 1 1-.648 1.362c-1.422-.674-3.32-2.071-4.819-3.254-.76-.6-1.433-1.159-1.918-1.569-.242-.204-.438-.372-.572-.488l-.156-.135-.04-.036-.015-.013.499-.566-.5.566a.756.756 0 0 1 .998-1.132ZM81.422 128.595l.014.012.044.037.17.142c.15.124.366.303.635.522.54.439 1.29 1.038 2.133 1.679 1.707 1.297 3.727 2.715 5.154 3.366a.753.753 0 1 1-.627 1.372c-1.6-.73-3.742-2.247-5.441-3.538a87.058 87.058 0 0 1-2.82-2.242l-.176-.147-.046-.039-.016-.014.488-.575-.488.575a.754.754 0 1 1 .976-1.15ZM134.303 48.211a61.447 61.447 0 0 1-.856 38.597 61.76 61.76 0 0 1-23.725 30.537 1.511 1.511 0 0 1-2.096-.409 1.507 1.507 0 0 1 .408-2.093 58.736 58.736 0 0 0 22.567-29.045 58.431 58.431 0 0 0 .814-36.704 58.696 58.696 0 0 0-21.256-30.008 59.167 59.167 0 0 0-35.015-11.57 59.17 59.17 0 0 0-35.071 11.4A58.707 58.707 0 0 0 18.669 48.82a58.433 58.433 0 0 0 .634 36.708 58.733 58.733 0 0 0 22.424 29.154c.69.469.868 1.407.399 2.095a1.51 1.51 0 0 1-2.098.398 61.752 61.752 0 0 1-23.575-30.652 61.446 61.446 0 0 1-.667-38.6 61.723 61.723 0 0 1 22.502-31.44A62.192 62.192 0 0 1 75.153 4.5a62.188 62.188 0 0 1 36.803 12.161 61.714 61.714 0 0 1 22.348 31.55Z" clip-rule="evenodd"/>
+  <path class="tw-fill-art-primary" fill-rule="evenodd" d="M55.54 113.815c1.794.909 3.324 1.383 4.435 1.727l.015.005c.777.24 1.185.374 1.432.507.368.197.8.234 1.196.101.178-.059.34-.136.424-.176l.015-.007c.074-.035.111-.052.145-.066l.043-.016c.091-.023.18-.054.265-.093 1.521-.703 3.915-1.763 5.936-2.033a1.508 1.508 0 1 0-.4-2.989c-2.483.331-5.207 1.549-6.698 2.235a3.936 3.936 0 0 0-.205.071 19.521 19.521 0 0 0-1.259-.415m-5.344 1.149-7.071 12.092 10.526 5.46a1.508 1.508 0 1 1-1.392 2.677l-11.297-5.861a1.438 1.438 0 0 1-.086-.048c-1.192-.72-1.31-2.134-.741-3.096l7.824-13.379.006-.011a2.254 2.254 0 0 1 2.988-.846c1.819 1.003 3.36 1.483 4.587 1.863m30.235 16.5a1.511 1.511 0 0 1 2.097.401c.607.894.98 1.89.98 2.92 0 1.046-.387 2.014-1.104 2.799-.651.739-1.616 1.204-2.55 1.384-.396 1.524-1.314 2.468-2.166 2.927-.453.29-.949.482-1.457.579a4.34 4.34 0 0 1-.753 1.255c-.778 1.183-2.122 1.69-3.26 1.717-.528.684-1.278 1.183-2.103 1.523a1.378 1.378 0 0 1-.207.068c-.479.121-.86.121-1.15.12h-.031c-1.046 0-2.113-.377-2.97-.771a17.903 17.903 0 0 1-2.326-1.316 1.507 1.507 0 0 1-.425-2.09 1.512 1.512 0 0 1 2.092-.425c.54.357 1.225.771 1.921 1.091.729.335 1.319.495 1.708.495.158 0 .232 0 .297-.005a.5.5 0 0 0 .057-.006c.642-.289.817-.592.864-.75a1.509 1.509 0 0 1 2.019-.963.34.34 0 0 0 .035.013l.006.001h.118c.425 0 .74-.204.844-.378.052-.087.112-.169.18-.244.233-.255.341-.534.351-.854a1.508 1.508 0 0 1 1.765-1.439.995.995 0 0 0 .183.016c.228 0 .45-.066.634-.19.052-.035.106-.067.162-.095.135-.068.748-.467.788-1.786a1.506 1.506 0 0 1 1.77-1.439c.056.009.122.015.19.015.46 0 .97-.241 1.148-.447l.03-.033c.233-.253.32-.506.32-.772 0-.291-.106-.707-.459-1.226a1.507 1.507 0 0 1 .402-2.095Z" clip-rule="evenodd"/>
+  <path class="tw-fill-art-primary" fill-rule="evenodd" d="M72 112.173c-1.273.841-2.725 2.355-4.115 5.058l-.01.017-.008.017c-.151.275-.17.673.06 1.112.223.352.93.775 2.136.148l.002-.001c1.492-.774 2.61-1.589 3.249-2.055l.27-.196.394-.28h.483c1.04 0 1.622-.069 1.973-.127l1.176-.195.463 1.096c.27.638.738 1.674 1.75 2.722 1.003 1.039 2.605 2.153 5.227 2.823l.379.097 6.936 6.552 9.308-5.228-6.9-11.821-8.164 3.699-9.407-4.142-.055-.019a5.217 5.217 0 0 1-.143-.052 4.902 4.902 0 0 0-1.654-.284c-.92 0-2.086.225-3.35 1.059Zm-1.665-2.515c1.808-1.195 3.566-1.56 5.014-1.56a7.942 7.942 0 0 1 2.62.442h.067l8.555 3.767 7.51-3.403c.622-.295 1.275-.21 1.71-.065a2.269 2.269 0 0 1 1.288 1.069l7.663 13.128.041.102c.447 1.114-.052 2.174-.793 2.728l-.079.059-10.628 5.969-.034.017a2.14 2.14 0 0 1-.611.203c-.186.031-.36.03-.42.03h-.013a2.308 2.308 0 0 1-1.566-.644l-6.743-6.369c-2.938-.818-4.923-2.157-6.267-3.548a11.163 11.163 0 0 1-1.879-2.613c-.241.016-.51.028-.81.034a27.07 27.07 0 0 1-3.503 2.196c-2.178 1.133-4.872.843-6.142-1.31l-.013-.021-.012-.021c-.64-1.17-.807-2.672-.084-4.011 1.569-3.044 3.333-4.993 5.129-6.179ZM57.94 130.702c.891-1.069 2.069-1.933 3.664-1.8l.008.001.01.001c.935.089 1.694.495 2.265.942.338-.144.68-.255 1.02-.329.627-.138 1.35-.175 2.03.051l.01.004.01.004c.977.341 1.645 1.027 2.088 1.686.1.002.202.008.305.017 1.872.175 2.963 1.224 3.556 2.131.99.251 1.717.81 2.216 1.488.572.777.794 1.647.905 2.123.353 1.346.505 3.585.005 5.75l-.012.052-.016.052c-.523 1.697-2.08 2.624-3.747 2.624-1.286 0-2.644-.473-3.66-1.359-1.753-.177-3.254-.773-4.257-1.985a5.169 5.169 0 0 1-3.062-1.144l-.03-.025-.03-.026a4.962 4.962 0 0 1-1.3-1.834 7.301 7.301 0 0 1-1.28-.677c-.767-.513-1.61-1.319-2.011-2.519-.59-1.766-.012-3.553 1.287-5.197l.013-.016.013-.015Zm2.332 1.915c-.918 1.168-.934 1.9-.78 2.359.118.355.396.679.827.968.43.287.91.469 1.226.561l.843.246.203.853c.13.545.38.869.605 1.076.441.341.906.462 1.33.462.1 0 .185-.012.26-.028l1.153-.253.524 1.056c.026.051.053.101.083.151.305.466.902.901 2.221 1.056l.848-.401.748.917c.401.493 1.156.843 1.894.843.531 0 .763-.234.848-.457.37-1.661.23-3.382-.003-4.254l-.007-.025-.005-.025c-.098-.423-.212-.781-.402-1.039-.135-.183-.335-.366-.838-.395l-.93-.054-.37-.855c-.189-.439-.584-1.013-1.482-1.097a.998.998 0 0 0-.402.042l-1.315.417-.533-1.272a2.837 2.837 0 0 0-.41-.7c-.156-.188-.302-.291-.43-.34-.02-.003-.153-.026-.421.033a3.292 3.292 0 0 0-.967.405l-.097.065-1.137.789-.885-1.063a2.803 2.803 0 0 0-.562-.523 1.255 1.255 0 0 0-.565-.228c-.189-.014-.494.023-1.072.71Z" clip-rule="evenodd"/>
+  <path class="tw-fill-art-primary" fill-rule="evenodd" d="M65.358 131.532a.754.754 0 0 1-.246 1.038l-.103.062c-.269.163-.767.464-1.28.884-.602.495-1.119 1.074-1.317 1.666-.137.411-.148.939-.064 1.485.083.542.25 1.032.4 1.333a.754.754 0 0 1-1.35.674 6.278 6.278 0 0 1-.543-1.777c-.104-.679-.116-1.471.125-2.191.334-1.002 1.12-1.804 1.79-2.355.605-.496 1.201-.855 1.463-1.012l.087-.053a.756.756 0 0 1 1.038.246ZM68.873 132.736c.19.37.044.825-.326 1.015-.456.234-1.697 1.226-2.23 3.049-.556 1.904-.188 3.039-.072 3.236a.754.754 0 1 1-1.305.76c-.38-.653-.708-2.24-.072-4.418.66-2.26 2.202-3.564 2.988-3.968a.754.754 0 0 1 1.017.326ZM72.056 135.181c.191.37.045.825-.326 1.015-.141.073-.415.314-.724.782a6.358 6.358 0 0 0-.77 1.693c-.187.637-.246 1.364-.225 1.989.01.31.04.58.077.788.034.182.065.271.074.295.002.007.002.008 0 .005a.755.755 0 0 1-1.304.76c-.132-.226-.208-.527-.255-.792a7.079 7.079 0 0 1-.1-1.006c-.025-.737.04-1.631.283-2.461a7.84 7.84 0 0 1 .96-2.102c.365-.553.814-1.046 1.294-1.292a.756.756 0 0 1 1.016.326ZM77.04 136.44l.01.008.027.025.11.101a54.371 54.371 0 0 0 1.782 1.551c1.106.921 2.391 1.905 3.282 2.35a.754.754 0 1 1-.675 1.349c-1.068-.534-2.477-1.628-3.574-2.541a57.15 57.15 0 0 1-1.833-1.595l-.114-.105-.03-.028-.012-.01.514-.553-.514.553a.754.754 0 1 1 1.027-1.105ZM78.495 132.514l.012.011.038.034.15.13a74.33 74.33 0 0 0 2.44 2.015c1.507 1.19 3.281 2.483 4.53 3.075a.753.753 0 1 1-.648 1.362c-1.422-.674-3.32-2.071-4.819-3.254-.76-.6-1.433-1.159-1.918-1.569-.242-.204-.438-.372-.572-.488l-.156-.135-.04-.036-.015-.013.499-.566-.5.566a.756.756 0 0 1 .998-1.132ZM81.422 128.595l.014.012.044.037.17.142c.15.124.366.303.635.522.54.439 1.29 1.038 2.133 1.679 1.707 1.297 3.727 2.715 5.154 3.366a.753.753 0 1 1-.627 1.372c-1.6-.73-3.742-2.247-5.441-3.538a87.058 87.058 0 0 1-2.82-2.242l-.176-.147-.046-.039-.016-.014.488-.575-.488.575a.754.754 0 1 1 .976-1.15ZM134.303 48.211a61.447 61.447 0 0 1-.856 38.597 61.76 61.76 0 0 1-23.725 30.537 1.511 1.511 0 0 1-2.096-.409 1.507 1.507 0 0 1 .408-2.093 58.736 58.736 0 0 0 22.567-29.045 58.431 58.431 0 0 0 .814-36.704 58.696 58.696 0 0 0-21.256-30.008 59.167 59.167 0 0 0-35.015-11.57 59.17 59.17 0 0 0-35.071 11.4A58.707 58.707 0 0 0 18.669 48.82a58.433 58.433 0 0 0 .634 36.708 58.733 58.733 0 0 0 22.424 29.154c.69.469.868 1.407.399 2.095a1.51 1.51 0 0 1-2.098.398 61.752 61.752 0 0 1-23.575-30.652 61.446 61.446 0 0 1-.667-38.6 61.723 61.723 0 0 1 22.502-31.44A62.192 62.192 0 0 1 75.153 4.5a62.188 62.188 0 0 1 36.803 12.161 61.714 61.714 0 0 1 22.348 31.55Z" clip-rule="evenodd"/>
   <path class="tw-fill-art-accent" fill-rule="evenodd" d="M128.53 49.913a55.343 55.343 0 0 1-.771 34.77 55.64 55.64 0 0 1-21.378 27.512.755.755 0 0 1-.844-1.25 54.131 54.131 0 0 0 20.799-26.766 53.85 53.85 0 0 0 .751-33.825 54.094 54.094 0 0 0-19.592-27.653 54.534 54.534 0 0 0-32.27-10.66 54.537 54.537 0 0 0-32.322 10.503 54.1 54.1 0 0 0-19.727 27.558 53.841 53.841 0 0 0 .585 33.828 54.125 54.125 0 0 0 20.667 26.866.754.754 0 1 1-.85 1.247 55.637 55.637 0 0 1-21.243-27.616 55.347 55.347 0 0 1-.6-34.774A55.608 55.608 0 0 1 42.01 21.328a56.05 56.05 0 0 1 33.218-10.796 56.044 56.044 0 0 1 33.164 10.957 55.597 55.597 0 0 1 20.137 28.424Z" clip-rule="evenodd"/>
-  <path class="tw-fill-background-alt4" fill-rule="evenodd" d="M61.17 48.3c.727-8.197 6.577-14.301 13.33-14.301 6.754 0 12.604 6.104 13.33 14.3a12.392 12.392 0 0 0-.35-.004H61.52c-.117 0-.234.002-.35.005Zm-2.53.343c.6-9.417 7.306-17.144 15.86-17.144 8.555 0 15.26 7.727 15.862 17.144 5.247 1.291 9.138 6.028 9.138 11.673v17.412c0 6.64-5.382 12.022-12.02 12.022H61.52c-6.639 0-12.02-5.383-12.02-12.022V60.316c0-5.646 3.891-10.382 9.138-11.673Zm2.881 2.152H87.48A9.521 9.521 0 0 1 97 60.316v17.412a9.521 9.521 0 0 1-9.52 9.522H61.52a9.521 9.521 0 0 1-9.52-9.522V60.316a9.521 9.521 0 0 1 9.52-9.521Z" clip-rule="evenodd"/>
+  <path class="tw-fill-art-primary" fill-rule="evenodd" d="M61.17 48.3c.727-8.197 6.577-14.301 13.33-14.301 6.754 0 12.604 6.104 13.33 14.3a12.392 12.392 0 0 0-.35-.004H61.52c-.117 0-.234.002-.35.005Zm-2.53.343c.6-9.417 7.306-17.144 15.86-17.144 8.555 0 15.26 7.727 15.862 17.144 5.247 1.291 9.138 6.028 9.138 11.673v17.412c0 6.64-5.382 12.022-12.02 12.022H61.52c-6.639 0-12.02-5.383-12.02-12.022V60.316c0-5.646 3.891-10.382 9.138-11.673Zm2.881 2.152H87.48A9.521 9.521 0 0 1 97 60.316v17.412a9.521 9.521 0 0 1-9.52 9.522H61.52a9.521 9.521 0 0 1-9.52-9.522V60.316a9.521 9.521 0 0 1 9.52-9.521Z" clip-rule="evenodd"/>
   <path class="tw-fill-art-accent" fill-rule="evenodd" d="M72.741 71.859a3.499 3.499 0 0 1-1.74-3.027v-.674a3.5 3.5 0 1 1 7 0v.674c0 1.292-.7 2.42-1.742 3.027v4.956a1.76 1.76 0 1 1-3.518 0V71.86Z" clip-rule="evenodd"/>
 </svg>
 `;

From 88638c09b39ce499f4ce60e290b05ab4b29c7690 Mon Sep 17 00:00:00 2001
From: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Date: Wed, 16 Apr 2025 19:58:31 -0400
Subject: [PATCH 04/30] Fix(login): [PM-20287] Initialize login email state
 when email is remembered

---
 libs/auth/src/angular/login/login.component.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libs/auth/src/angular/login/login.component.ts b/libs/auth/src/angular/login/login.component.ts
index 8a198663e06..4ca18b4985e 100644
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -536,6 +536,10 @@ export class LoginComponent implements OnInit, OnDestroy {
     if (storedEmail) {
       this.formGroup.controls.email.setValue(storedEmail);
       this.formGroup.controls.rememberEmail.setValue(true);
+      // If we load an email into the form, we need to initialize it for the login process as well
+      // so that other login components can use it.
+      // We do this here as it's possible that a user doesn't edit the email field before submitting.
+      this.loginEmailService.setLoginEmail(storedEmail);
     } else {
       this.formGroup.controls.rememberEmail.setValue(false);
     }

From c7259b4cb12dcc3a99a2700ce35785a4e17eaaa9 Mon Sep 17 00:00:00 2001
From: aj-bw <81774843+aj-bw@users.noreply.github.com>
Date: Thu, 17 Apr 2025 08:21:24 -0400
Subject: [PATCH 05/30] BRE-536/Add-ARM-targz-builds-for-desktop-and-cli
 (#14270)

* Test ARM64 build

* Remove sudo

* Change to public preview runner

* Change cache key for architectures

* Test

* Test

* Test

* remove x86 musl target - troubleshooting build error

* native module troubleshooting

* remove cross-platform for testing

* attempt to resolve cross-platform issue

* support more arm64 build types

* fix missed amd to arm update

* missing dependency during env setup

* lxd troubleshooting

* install lxd with snap instead

* electron-builder debug

* simplified script for testing

* testing

* 22.04 to 20.04

* try ubuntu 24.04 runner

* add dist script

* update build command

* troubleshoot 24.04 compatibility

* remove lxd before merging main

* add comment, bump arm runner down to 22.04

* revert to tar.gz support only for this PR

* testing cli arm builds

* fix build target designation

* adjust runner designation

* runner name typo

* not needed currently

* adjust build.js logic and call in workflow

* address styling feedback and unnecessary rust toolchain call

* simplify build cli os matrix

* revert x86 linux builds to cross-platform command for build.js

---------

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
---
 .github/workflows/build-cli.yml      |   5 +-
 .github/workflows/build-desktop.yml  | 109 +++++++++++++++++++++++++--
 apps/cli/package.json                |   4 +
 apps/desktop/desktop_native/build.js |  22 ++++--
 apps/desktop/package.json            |   2 +
 5 files changed, 129 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml
index a78d3bda5ad..e113d5c253b 100644
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@@ -87,6 +87,7 @@ jobs:
         os:
          [
           { base: "linux", distro: "ubuntu-22.04", target_suffix: "" },
+          { base: "linux", distro: "ubuntu-22.04-arm", target_suffix: "-arm64" },
           { base: "mac", distro: "macos-13", target_suffix: "" },
           { base: "mac", distro: "macos-14", target_suffix: "-arm64" }
          ]
@@ -130,7 +131,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
@@ -306,7 +307,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 4c35eb4c42f..99a7548aa14 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -201,7 +201,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
@@ -298,6 +298,103 @@ jobs:
           if-no-files-found: error
 
 
+  linux-arm64:
+    name: Linux ARM64 Build
+    # Note, before updating the ubuntu version of the workflow, ensure the snap base image
+    # is equal or greater than the new version. Otherwise there might be GLIBC version issues.
+    # The snap base for desktop is defined in `apps/desktop/electron-builder.json`
+    # We intentionally keep this runner on the oldest supported OS in GitHub Actions
+    # for maximum compatibility across GLIBC versions
+    runs-on: ubuntu-22.04-arm
+    needs: setup
+    env:
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
+      NODE_OPTIONS: --max_old_space_size=4096
+    defaults:
+      run:
+        working-directory: apps/desktop
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{  github.event.pull_request.head.sha }}
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ env._NODE_VERSION }}
+
+      - name: Set up environment
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install pkg-config libxss-dev rpm musl-dev musl-tools flatpak flatpak-builder
+
+      - name: Print environment
+        run: |
+          node --version
+          npm --version
+          snap --version
+          snapcraft --version || echo 'snapcraft unavailable'
+
+      - name: Install Node dependencies
+        run: npm ci
+        working-directory: ./
+
+      - name: Download SDK Artifacts
+        if: ${{ inputs.sdk_branch != '' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          workflow: build-wasm-internal.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.sdk_branch }}
+          artifacts: sdk-internal
+          repo: bitwarden/sdk-internal
+          path: ../sdk-internal
+          if_no_artifact_found: fail
+
+      - name: Override SDK
+        if: ${{ inputs.sdk_branch != '' }}
+        working-directory: ./
+        run: |
+          ls -l ../
+          npm link ../sdk-internal
+
+      - name: Cache Native Module
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        id: cache
+        with:
+          path: |
+            apps/desktop/desktop_native/napi/*.node
+            apps/desktop/desktop_native/dist/*
+            ${{ env.RUNNER_TEMP }}/.cargo/registry
+            ${{ env.RUNNER_TEMP }}/.cargo/git
+          key: rust-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
+
+      - name: Build Native Module
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: apps/desktop/desktop_native
+        env:
+          PKG_CONFIG_ALLOW_CROSS: true
+          PKG_CONFIG_ALL_STATIC: true
+          TARGET: musl
+        run: |
+          rustup target add aarch64-unknown-linux-musl
+          node build.js --target=aarch64-unknown-linux-musl --release
+
+      - name: Build application
+        run: npm run dist:lin:arm64
+
+      - name: Upload tar.gz artifact
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        with:
+          name: bitwarden_${{ env._PACKAGE_VERSION }}_arm64.tar.gz
+          path: apps/desktop/dist/bitwarden_desktop_arm64.tar.gz
+          if-no-files-found: error
+
   windows:
     name: Windows Build
     runs-on: windows-2022
@@ -369,7 +466,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
@@ -705,7 +802,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
@@ -895,7 +992,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
@@ -1144,7 +1241,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
@@ -1425,7 +1522,7 @@ jobs:
         if: ${{ inputs.sdk_branch != '' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          github_token: ${{secrets.GITHUB_TOKEN}}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-wasm-internal.yml
           workflow_conclusion: success
           branch: ${{ inputs.sdk_branch }}
diff --git a/apps/cli/package.json b/apps/cli/package.json
index 7d9f4af0ffe..15dc470a95e 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -34,18 +34,22 @@
     "dist:oss:mac": "npm run build:oss:prod && npm run clean && npm run package:oss:mac",
     "dist:oss:mac-arm64": "npm run build:oss:prod && npm run clean && npm run package:oss:mac-arm64",
     "dist:oss:lin": "npm run build:oss:prod && npm run clean && npm run package:oss:lin",
+    "dist:oss:lin-arm64": "npm run build:oss:prod && npm run clean && npm run package:oss:lin-arm64",
     "dist:bit:win": "npm run build:bit:prod && npm run clean && npm run package:bit:win",
     "dist:bit:mac": "npm run build:bit:prod && npm run clean && npm run package:bit:mac",
     "dist:bit:mac-arm64": "npm run build:bit:prod && npm run clean && npm run package:bit:mac-arm64",
     "dist:bit:lin": "npm run build:bit:prod && npm run clean && npm run package:bit:lin",
+    "dist:bit:lin-arm64": "npm run build:bit:prod && npm run clean && npm run package:bit:lin-arm64",
     "package:oss:win": "pkg . --targets win-x64 --output ./dist/oss/windows/bw.exe",
     "package:oss:mac": "pkg . --targets macos-x64 --output ./dist/oss/macos/bw",
     "package:oss:mac-arm64": "pkg . --targets macos-arm64 --output ./dist/oss/macos-arm64/bw",
     "package:oss:lin": "pkg . --targets linux-x64 --output ./dist/oss/linux/bw",
+    "package:oss:lin-arm64": "pkg . --targets linux-arm64 --output ./dist/oss/linux-arm64/bw",
     "package:bit:win": "pkg . --targets win-x64 --output ./dist/bit/windows/bw.exe",
     "package:bit:mac": "pkg . --targets macos-x64 --output ./dist/bit/macos/bw",
     "package:bit:mac-arm64": "pkg . --targets macos-arm64 --output ./dist/bit/macos-arm64/bw",
     "package:bit:lin": "pkg . --targets linux-x64 --output ./dist/bit/linux/bw",
+    "package:bit:lin-arm64": "pkg . --targets linux-arm64 --output ./dist/bit/linux-arm64/bw",
     "test": "jest",
     "test:watch": "jest --watch",
     "test:watch:all": "jest --watchAll"
diff --git a/apps/desktop/desktop_native/build.js b/apps/desktop/desktop_native/build.js
index f2f012bf088..ec20dce4116 100644
--- a/apps/desktop/desktop_native/build.js
+++ b/apps/desktop/desktop_native/build.js
@@ -3,6 +3,10 @@ const child_process = require("child_process");
 const fs = require("fs");
 const path = require("path");
 const process = require("process");
+const args = process.argv.slice(2); // Get arguments passed to the script
+const mode = args.includes("--release") ? "release" : "debug";
+const targetArg = args.find(arg => arg.startsWith("--target="));
+const target = targetArg ? targetArg.split("=")[1] : null;
 
 let crossPlatform = process.argv.length > 2 && process.argv[2] === "cross-platform";
 
@@ -18,10 +22,17 @@ function buildProxyBin(target, release = true) {
     return child_process.execSync(`cargo build --bin desktop_proxy ${releaseArg} ${targetArg}`, {stdio: 'inherit', cwd: path.join(__dirname, "proxy")});
 }
 
-if (!crossPlatform) {
-    console.log("Building native modules in debug mode for the native architecture");
-    buildNapiModule(false, false);
-    buildProxyBin(false, false);
+if (!crossPlatform && !target) {
+    console.log(`Building native modules in ${mode} mode for the native architecture`);
+    buildNapiModule(false, mode === "release");
+    buildProxyBin(false, mode === "release");
+    return;
+}
+
+if (target) {
+    console.log(`Building for target: ${target} in ${mode} mode`);
+    buildNapiModule(target, mode === "release");
+    buildProxyBin(target, mode === "release");
     return;
 }
 
@@ -47,7 +58,8 @@ switch (process.platform) {
 
     default:
         targets = [
-            ['x86_64-unknown-linux-musl', 'x64']
+            ['x86_64-unknown-linux-musl', 'x64'],
+            ['aarch64-unknown-linux-musl', 'arm64']
         ];
 
         process.env["PKG_CONFIG_ALLOW_CROSS"] = "1";
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index a4365b4c06a..ae34deee5b8 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -36,6 +36,7 @@
     "pack:dir": "npm run clean:dist && electron-builder --dir -p never",
     "pack:lin:flatpak": "npm run clean:dist && electron-builder --dir -p never && flatpak-builder  --repo=build/.repo build/.flatpak  ./resources/com.bitwarden.desktop.devel.yaml --install-deps-from=flathub --force-clean &&  flatpak build-bundle ./build/.repo/ ./dist/com.bitwarden.desktop.flatpak com.bitwarden.desktop",
     "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never && export SNAP_FILE=$(realpath ./dist/bitwarden_*.snap) && unsquashfs -d ./dist/tmp-snap/ $SNAP_FILE && mkdir -p ./dist/tmp-snap/meta/polkit/ && cp ./resources/com.bitwarden.desktop.policy  ./dist/tmp-snap/meta/polkit/polkit.com.bitwarden.desktop.policy && rm $SNAP_FILE && snapcraft pack ./dist/tmp-snap/ && mv ./*.snap ./dist/ && rm -rf ./dist/tmp-snap/",
+    "pack:lin:arm64": "npm run clean:dist && electron-builder --dir -p never && tar -czvf ./dist/bitwarden_desktop_arm64.tar.gz -C ./dist/linux-arm64-unpacked/ .",
     "pack:mac": "npm run clean:dist && electron-builder --mac --universal -p never",
     "pack:mac:arm64": "npm run clean:dist && electron-builder --mac --arm64 -p never",
     "pack:mac:mas": "npm run clean:dist && electron-builder --mac mas --universal -p never",
@@ -45,6 +46,7 @@
     "pack:win:ci": "npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p never",
     "dist:dir": "npm run build && npm run pack:dir",
     "dist:lin": "npm run build && npm run pack:lin",
+    "dist:lin:arm64": "npm run build && npm run pack:lin:arm64",
     "dist:mac": "npm run build && npm run pack:mac",
     "dist:mac:mas": "npm run build && npm run pack:mac:mas",
     "dist:mac:masdev": "npm run build && npm run pack:mac:masdev",

From c4c9db51213ff0c8744341f926e40a0b7adefb5a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 17 Apr 2025 08:49:07 -0400
Subject: [PATCH 06/30] [deps] Vault: Update koa to v2.16.1 [SECURITY] (#14197)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 apps/cli/package.json |  2 +-
 package-lock.json     | 10 +++++-----
 package.json          |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/cli/package.json b/apps/cli/package.json
index 15dc470a95e..04fe4290d31 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -76,7 +76,7 @@
     "inquirer": "8.2.6",
     "jsdom": "26.0.0",
     "jszip": "3.10.1",
-    "koa": "2.15.4",
+    "koa": "2.16.1",
     "koa-bodyparser": "4.4.1",
     "koa-json": "2.0.2",
     "lowdb": "1.0.0",
diff --git a/package-lock.json b/package-lock.json
index cb9baf4fafe..c101444cd8e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -48,7 +48,7 @@
         "jquery": "3.7.1",
         "jsdom": "26.0.0",
         "jszip": "3.10.1",
-        "koa": "2.15.4",
+        "koa": "2.16.1",
         "koa-bodyparser": "4.4.1",
         "koa-json": "2.0.2",
         "lit": "3.2.1",
@@ -210,7 +210,7 @@
         "inquirer": "8.2.6",
         "jsdom": "26.0.0",
         "jszip": "3.10.1",
-        "koa": "2.15.4",
+        "koa": "2.16.1",
         "koa-bodyparser": "4.4.1",
         "koa-json": "2.0.2",
         "lowdb": "1.0.0",
@@ -24789,9 +24789,9 @@
       }
     },
     "node_modules/koa": {
-      "version": "2.15.4",
-      "resolved": "https://registry.npmjs.org/koa/-/koa-2.15.4.tgz",
-      "integrity": "sha512-7fNBIdrU2PEgLljXoPWoyY4r1e+ToWCmzS/wwMPbUNs7X+5MMET1ObhJBlUkF5uZG9B6QhM2zS1TsH6adegkiQ==",
+      "version": "2.16.1",
+      "resolved": "https://registry.npmjs.org/koa/-/koa-2.16.1.tgz",
+      "integrity": "sha512-umfX9d3iuSxTQP4pnzLOz0HKnPg0FaUUIKcye2lOiz3KPu1Y3M3xlz76dISdFPQs37P9eJz1wUpcTS6KDPn9fA==",
       "license": "MIT",
       "dependencies": {
         "accepts": "^1.3.5",
diff --git a/package.json b/package.json
index 28d243e1c32..a39004dcc03 100644
--- a/package.json
+++ b/package.json
@@ -180,7 +180,7 @@
     "jquery": "3.7.1",
     "jsdom": "26.0.0",
     "jszip": "3.10.1",
-    "koa": "2.15.4",
+    "koa": "2.16.1",
     "koa-bodyparser": "4.4.1",
     "koa-json": "2.0.2",
     "lit": "3.2.1",

From 170f97da8e0f06ecbeb4c021d1e32ad8e4ae6dfe Mon Sep 17 00:00:00 2001
From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Date: Thu, 17 Apr 2025 14:58:16 +0200
Subject: [PATCH 07/30] [PM-20333] Remove "export-attachments" feature flag
 (#14310)

* Remove usage of export-attachments feature flag

* Remove export-attachments feature flag definition

* Update export.command documentation

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
---
 apps/cli/src/tools/export.command.ts             | 10 ----------
 apps/cli/src/vault.program.ts                    |  5 ++---
 libs/common/src/enums/feature-flag.enum.ts       |  2 --
 .../src/components/export.component.ts           | 16 +++-------------
 4 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/apps/cli/src/tools/export.command.ts b/apps/cli/src/tools/export.command.ts
index f5fea794eef..3fbc466efe0 100644
--- a/apps/cli/src/tools/export.command.ts
+++ b/apps/cli/src/tools/export.command.ts
@@ -10,8 +10,6 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EventType } from "@bitwarden/common/enums";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import {
   ExportFormat,
@@ -30,7 +28,6 @@ export class ExportCommand {
     private policyService: PolicyService,
     private eventCollectionService: EventCollectionService,
     private accountService: AccountService,
-    private configService: ConfigService,
   ) {}
 
   async run(options: OptionValues): Promise<Response> {
@@ -55,13 +52,6 @@ export class ExportCommand {
     const format =
       password && options.format == "json" ? "encrypted_json" : (options.format ?? "csv");
 
-    if (
-      format == "zip" &&
-      !(await this.configService.getFeatureFlag(FeatureFlag.ExportAttachments))
-    ) {
-      return Response.badRequest("Exporting attachments is not supported in this environment.");
-    }
-
     if (!this.isSupportedExportFormat(format)) {
       return Response.badRequest(
         `'${format}' is not a supported export format. Supported formats: ${EXPORT_FORMATS.join(
diff --git a/apps/cli/src/vault.program.ts b/apps/cli/src/vault.program.ts
index c004d3597c1..ce6ac2af94e 100644
--- a/apps/cli/src/vault.program.ts
+++ b/apps/cli/src/vault.program.ts
@@ -464,7 +464,7 @@ export class VaultProgram extends BaseProgram {
 
   private exportCommand(): Command {
     return new Command("export")
-      .description("Export vault data to a CSV or JSON file.")
+      .description("Export vault data to a CSV, JSON or ZIP file.")
       .option("--output <output>", "Output directory or filename.")
       .option("--format <format>", "Export file format.")
       .option(
@@ -476,7 +476,7 @@ export class VaultProgram extends BaseProgram {
         writeLn("\n  Notes:");
         writeLn("");
         writeLn(
-          "    Valid formats are `csv`, `json`, and `encrypted_json`. Default format is `csv`.",
+          "    Valid formats are `csv`, `json`, `encrypted_json` and zip. Default format is `csv`.",
         );
         writeLn("");
         writeLn(
@@ -504,7 +504,6 @@ export class VaultProgram extends BaseProgram {
           this.serviceContainer.policyService,
           this.serviceContainer.eventCollectionService,
           this.serviceContainer.accountService,
-          this.serviceContainer.configService,
         );
         const response = await command.run(options);
         this.processResponse(response);
diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts
index f9e2d9757bc..1d0b1521db6 100644
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -46,7 +46,6 @@ export enum FeatureFlag {
   CriticalApps = "pm-14466-risk-insights-critical-application",
   EnableRiskInsightsNotifications = "enable-risk-insights-notifications",
   DesktopSendUIRefresh = "desktop-send-ui-refresh",
-  ExportAttachments = "export-attachments",
 
   /* Vault */
   PM8851_BrowserOnboardingNudge = "pm-8851-browser-onboarding-nudge",
@@ -97,7 +96,6 @@ export const DefaultFeatureFlagValue = {
   [FeatureFlag.CriticalApps]: FALSE,
   [FeatureFlag.EnableRiskInsightsNotifications]: FALSE,
   [FeatureFlag.DesktopSendUIRefresh]: FALSE,
-  [FeatureFlag.ExportAttachments]: FALSE,
 
   /* Vault */
   [FeatureFlag.PM8851_BrowserOnboardingNudge]: FALSE,
diff --git a/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
index 69f77c6ca32..4e9b4175838 100644
--- a/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
+++ b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
@@ -39,8 +39,6 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EventType } from "@bitwarden/common/enums";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -184,10 +182,6 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit {
   private onlyManagedCollections = true;
   private onGenerate$ = new Subject<GenerateRequest>();
 
-  private isExportAttachmentsEnabled$ = this.configService.getFeatureFlag$(
-    FeatureFlag.ExportAttachments,
-  );
-
   constructor(
     protected i18nService: I18nService,
     protected toastService: ToastService,
@@ -202,7 +196,6 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit {
     protected organizationService: OrganizationService,
     private accountService: AccountService,
     private collectionService: CollectionService,
-    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
@@ -225,17 +218,14 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit {
       ),
     );
 
-    combineLatest([
-      this.exportForm.controls.vaultSelector.valueChanges,
-      this.isExportAttachmentsEnabled$,
-    ])
+    this.exportForm.controls.vaultSelector.valueChanges
       .pipe(takeUntil(this.destroy$))
-      .subscribe(([value, isExportAttachmentsEnabled]) => {
+      .subscribe(([value]) => {
         this.organizationId = value !== "myVault" ? value : undefined;
 
         this.formatOptions = this.formatOptions.filter((option) => option.value !== "zip");
         this.exportForm.get("format").setValue("json");
-        if (value === "myVault" && isExportAttachmentsEnabled) {
+        if (value === "myVault") {
           this.formatOptions.push({ name: ".zip (with attachments)", value: "zip" });
         }
       });

From 08b966409f4dbaffd74313b85e9485501e6ae3c7 Mon Sep 17 00:00:00 2001
From: aj-bw <81774843+aj-bw@users.noreply.github.com>
Date: Thu, 17 Apr 2025 09:18:39 -0400
Subject: [PATCH 08/30] linux-x86-builds-fix (#14321)

* readd rust toolchain commands

* revert native module build call
---
 .github/workflows/build-desktop.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 99a7548aa14..365d29f17f7 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -237,7 +237,7 @@ jobs:
           TARGET: musl
         run: |
           rustup target add x86_64-unknown-linux-musl
-          node build.js cross-platform
+          node build.js --target=x86_64-unknown-linux-musl --release
 
       - name: Build application
         run: npm run dist:lin

From fa268437efe5745af22e554cc325f090dc1dfc78 Mon Sep 17 00:00:00 2001
From: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Date: Thu, 17 Apr 2025 14:59:09 +0100
Subject: [PATCH 09/30] [PM-17774] Build page for admin sponsored families
 (#14243)

* Added nav item for f4e in org admin console

* shotgun surgery for adding "useAdminSponsoredFamilies" feature from the org table

* Resolved issue with members nav item also being selected when f4e is selected

* Separated out billing's logic from the org layout component

* Removed unused observable

* Moved logic to existing f4e policy service and added unit tests

* Resolved script typescript error

* Resolved goofy switchMap

* Add changes for the issue orgs

* Added changes for the dialog

* Rename the files properly

* Remove the commented code

* Change the implement to align with design

* Add todo comments

* Remove the comment todo

* Fix the uni test error

* Resolve the unit test

* Resolve the unit test issue

* Resolve the pr comments on any and route

* remove the any

* remove the generic validator

* Resolve the unit test

* Resolve the wrong message

* Resolve the duplicate route

---------

Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
---
 .../members/members-routing.module.ts         |   7 +-
 .../can-access-sponsored-families.guard.ts    |  26 ++++
 .../add-sponsorship-dialog.component.html     |  45 ++++++
 .../add-sponsorship-dialog.component.ts       | 135 ++++++++++++++++++
 .../free-bitwarden-families.component.html    |  23 +++
 .../free-bitwarden-families.component.ts      |  62 ++++++++
 ...rganization-member-families.component.html |  47 ++++++
 .../organization-member-families.component.ts |  34 +++++
 ...nization-sponsored-families.component.html |  87 +++++++++++
 ...ganization-sponsored-families.component.ts |  39 +++++
 .../billing/members/types/sponsored-family.ts |   5 +
 .../src/app/shared/loose-components.module.ts |   9 ++
 apps/web/src/images/search.svg                |  12 ++
 apps/web/src/locales/en/messages.json         |  30 ++++
 ...organization-sponsorship-create.request.ts |   1 +
 15 files changed, 559 insertions(+), 3 deletions(-)
 create mode 100644 apps/web/src/app/billing/guards/can-access-sponsored-families.guard.ts
 create mode 100644 apps/web/src/app/billing/members/add-sponsorship-dialog.component.html
 create mode 100644 apps/web/src/app/billing/members/add-sponsorship-dialog.component.ts
 create mode 100644 apps/web/src/app/billing/members/free-bitwarden-families.component.html
 create mode 100644 apps/web/src/app/billing/members/free-bitwarden-families.component.ts
 create mode 100644 apps/web/src/app/billing/members/organization-member-families.component.html
 create mode 100644 apps/web/src/app/billing/members/organization-member-families.component.ts
 create mode 100644 apps/web/src/app/billing/members/organization-sponsored-families.component.html
 create mode 100644 apps/web/src/app/billing/members/organization-sponsored-families.component.ts
 create mode 100644 apps/web/src/app/billing/members/types/sponsored-family.ts
 create mode 100644 apps/web/src/images/search.svg

diff --git a/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts b/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts
index 9666630fc08..153a2f3a956 100644
--- a/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts
@@ -3,9 +3,10 @@ import { RouterModule, Routes } from "@angular/router";
 
 import { canAccessMembersTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 
-import { SponsoredFamiliesComponent } from "../../../billing/settings/sponsored-families.component";
+import { FreeBitwardenFamiliesComponent } from "../../../billing/members/free-bitwarden-families.component";
 import { organizationPermissionsGuard } from "../guards/org-permissions.guard";
 
+import { canAccessSponsoredFamilies } from "./../../../billing/guards/can-access-sponsored-families.guard";
 import { MembersComponent } from "./members.component";
 
 const routes: Routes = [
@@ -19,8 +20,8 @@ const routes: Routes = [
   },
   {
     path: "sponsored-families",
-    component: SponsoredFamiliesComponent,
-    canActivate: [organizationPermissionsGuard(canAccessMembersTab)],
+    component: FreeBitwardenFamiliesComponent,
+    canActivate: [organizationPermissionsGuard(canAccessMembersTab), canAccessSponsoredFamilies],
     data: {
       titleId: "sponsoredFamilies",
     },
diff --git a/apps/web/src/app/billing/guards/can-access-sponsored-families.guard.ts b/apps/web/src/app/billing/guards/can-access-sponsored-families.guard.ts
new file mode 100644
index 00000000000..9bc6778f0b0
--- /dev/null
+++ b/apps/web/src/app/billing/guards/can-access-sponsored-families.guard.ts
@@ -0,0 +1,26 @@
+import { inject } from "@angular/core";
+import { ActivatedRouteSnapshot, CanActivateFn } from "@angular/router";
+import { firstValueFrom, switchMap, filter } from "rxjs";
+
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
+import { getById } from "@bitwarden/common/platform/misc";
+
+import { FreeFamiliesPolicyService } from "../services/free-families-policy.service";
+
+export const canAccessSponsoredFamilies: CanActivateFn = async (route: ActivatedRouteSnapshot) => {
+  const freeFamiliesPolicyService = inject(FreeFamiliesPolicyService);
+  const organizationService = inject(OrganizationService);
+  const accountService = inject(AccountService);
+
+  const org = accountService.activeAccount$.pipe(
+    getUserId,
+    switchMap((userId) => organizationService.organizations$(userId)),
+    getById(route.params.organizationId),
+    filter((org): org is Organization => org !== undefined),
+  );
+
+  return await firstValueFrom(freeFamiliesPolicyService.showSponsoredFamiliesDropdown$(org));
+};
diff --git a/apps/web/src/app/billing/members/add-sponsorship-dialog.component.html b/apps/web/src/app/billing/members/add-sponsorship-dialog.component.html
new file mode 100644
index 00000000000..2dbcc577e54
--- /dev/null
+++ b/apps/web/src/app/billing/members/add-sponsorship-dialog.component.html
@@ -0,0 +1,45 @@
+<form>
+  <bit-dialog>
+    <span bitDialogTitle>{{ "addSponsorship" | i18n }}</span>
+
+    <div bitDialogContent>
+      <form [formGroup]="sponsorshipForm">
+        <div class="tw-grid tw-grid-cols-12 tw-gap-4">
+          <div class="tw-col-span-12">
+            <bit-form-field>
+              <bit-label>{{ "email" | i18n }}:</bit-label>
+              <input
+                bitInput
+                inputmode="email"
+                formControlName="sponsorshipEmail"
+                [attr.aria-invalid]="sponsorshipEmailControl.invalid"
+                appInputStripSpaces
+              />
+            </bit-form-field>
+          </div>
+          <div class="tw-col-span-12">
+            <bit-form-field>
+              <bit-label>{{ "notes" | i18n }}:</bit-label>
+              <input
+                bitInput
+                inputmode="text"
+                formControlName="sponsorshipNote"
+                [attr.aria-invalid]="sponsorshipNoteControl.invalid"
+                appInputStripSpaces
+              />
+            </bit-form-field>
+          </div>
+        </div>
+      </form>
+    </div>
+
+    <ng-container bitDialogFooter>
+      <button bitButton bitFormButton type="button" buttonType="primary" (click)="save()">
+        {{ "save" | i18n }}
+      </button>
+      <button bitButton type="button" buttonType="secondary" [bitDialogClose]="false">
+        {{ "cancel" | i18n }}
+      </button>
+    </ng-container>
+  </bit-dialog>
+</form>
diff --git a/apps/web/src/app/billing/members/add-sponsorship-dialog.component.ts b/apps/web/src/app/billing/members/add-sponsorship-dialog.component.ts
new file mode 100644
index 00000000000..54d9ae90009
--- /dev/null
+++ b/apps/web/src/app/billing/members/add-sponsorship-dialog.component.ts
@@ -0,0 +1,135 @@
+import { DialogRef } from "@angular/cdk/dialog";
+import { Component } from "@angular/core";
+import {
+  AbstractControl,
+  FormBuilder,
+  FormControl,
+  FormGroup,
+  FormsModule,
+  ReactiveFormsModule,
+  ValidationErrors,
+  Validators,
+} from "@angular/forms";
+import { firstValueFrom, map } from "rxjs";
+
+import { JslibModule } from "@bitwarden/angular/jslib.module";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { ButtonModule, DialogModule, DialogService, FormFieldModule } from "@bitwarden/components";
+
+interface RequestSponsorshipForm {
+  sponsorshipEmail: FormControl<string | null>;
+  sponsorshipNote: FormControl<string | null>;
+}
+
+export interface AddSponsorshipDialogResult {
+  action: AddSponsorshipDialogAction;
+  value: Partial<AddSponsorshipFormValue> | null;
+}
+
+interface AddSponsorshipFormValue {
+  sponsorshipEmail: string;
+  sponsorshipNote: string;
+  status: string;
+}
+
+enum AddSponsorshipDialogAction {
+  Saved = "saved",
+  Canceled = "canceled",
+}
+
+@Component({
+  templateUrl: "add-sponsorship-dialog.component.html",
+  standalone: true,
+  imports: [
+    JslibModule,
+    ButtonModule,
+    DialogModule,
+    FormsModule,
+    ReactiveFormsModule,
+    FormFieldModule,
+  ],
+})
+export class AddSponsorshipDialogComponent {
+  sponsorshipForm: FormGroup<RequestSponsorshipForm>;
+  loading = false;
+
+  constructor(
+    private dialogRef: DialogRef<AddSponsorshipDialogResult>,
+    private formBuilder: FormBuilder,
+    private accountService: AccountService,
+    private i18nService: I18nService,
+  ) {
+    this.sponsorshipForm = this.formBuilder.group<RequestSponsorshipForm>({
+      sponsorshipEmail: new FormControl<string | null>("", {
+        validators: [Validators.email, Validators.required],
+        asyncValidators: [this.validateNotCurrentUserEmail.bind(this)],
+        updateOn: "change",
+      }),
+      sponsorshipNote: new FormControl<string | null>("", {}),
+    });
+  }
+
+  static open(dialogService: DialogService): DialogRef<AddSponsorshipDialogResult> {
+    return dialogService.open<AddSponsorshipDialogResult>(AddSponsorshipDialogComponent);
+  }
+
+  protected async save() {
+    if (this.sponsorshipForm.invalid) {
+      return;
+    }
+
+    this.loading = true;
+    // TODO: This is a mockup implementation - needs to be updated with actual API integration
+    await new Promise((resolve) => setTimeout(resolve, 1000)); // Simulate API call
+
+    const formValue = this.sponsorshipForm.getRawValue();
+    const dialogValue: Partial<AddSponsorshipFormValue> = {
+      status: "Sent",
+      sponsorshipEmail: formValue.sponsorshipEmail ?? "",
+      sponsorshipNote: formValue.sponsorshipNote ?? "",
+    };
+
+    this.dialogRef.close({
+      action: AddSponsorshipDialogAction.Saved,
+      value: dialogValue,
+    });
+
+    this.loading = false;
+  }
+
+  protected close = () => {
+    this.dialogRef.close({ action: AddSponsorshipDialogAction.Canceled, value: null });
+  };
+
+  get sponsorshipEmailControl() {
+    return this.sponsorshipForm.controls.sponsorshipEmail;
+  }
+
+  get sponsorshipNoteControl() {
+    return this.sponsorshipForm.controls.sponsorshipNote;
+  }
+
+  private async validateNotCurrentUserEmail(
+    control: AbstractControl,
+  ): Promise<ValidationErrors | null> {
+    const value = control.value;
+    if (!value) {
+      return null;
+    }
+
+    const currentUserEmail = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.email ?? "")),
+    );
+
+    if (!currentUserEmail) {
+      return null;
+    }
+
+    if (value.toLowerCase() === currentUserEmail.toLowerCase()) {
+      return { currentUserEmail: true };
+    }
+
+    return null;
+  }
+}
diff --git a/apps/web/src/app/billing/members/free-bitwarden-families.component.html b/apps/web/src/app/billing/members/free-bitwarden-families.component.html
new file mode 100644
index 00000000000..fe1dd15ab15
--- /dev/null
+++ b/apps/web/src/app/billing/members/free-bitwarden-families.component.html
@@ -0,0 +1,23 @@
+<app-header>
+  <button type="button" (click)="addSponsorship()" bitButton buttonType="primary">
+    <i class="bwi bwi-plus bwi-fw" aria-hidden="true"></i>
+    {{ "addSponsorship" | i18n }}
+  </button>
+</app-header>
+
+<bit-tab-group [(selectedIndex)]="tabIndex">
+  <bit-tab [label]="'sponsoredBitwardenFamilies' | i18n">
+    <app-organization-sponsored-families
+      [sponsoredFamilies]="sponsoredFamilies"
+      (removeSponsorshipEvent)="removeSponsorhip($event)"
+    ></app-organization-sponsored-families>
+  </bit-tab>
+
+  <bit-tab [label]="'memberFamilies' | i18n">
+    <app-organization-member-families
+      [memberFamilies]="sponsoredFamilies"
+    ></app-organization-member-families>
+  </bit-tab>
+</bit-tab-group>
+
+<p class="tw-px-4" bitTypography="body2">{{ "sponsoredFamiliesRemoveActiveSponsorship" | i18n }}</p>
diff --git a/apps/web/src/app/billing/members/free-bitwarden-families.component.ts b/apps/web/src/app/billing/members/free-bitwarden-families.component.ts
new file mode 100644
index 00000000000..af43e5a4bc1
--- /dev/null
+++ b/apps/web/src/app/billing/members/free-bitwarden-families.component.ts
@@ -0,0 +1,62 @@
+import { DialogRef } from "@angular/cdk/dialog";
+import { Component, OnInit } from "@angular/core";
+import { Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
+
+import { DialogService } from "@bitwarden/components";
+
+import { FreeFamiliesPolicyService } from "../services/free-families-policy.service";
+
+import {
+  AddSponsorshipDialogComponent,
+  AddSponsorshipDialogResult,
+} from "./add-sponsorship-dialog.component";
+import { SponsoredFamily } from "./types/sponsored-family";
+
+@Component({
+  selector: "app-free-bitwarden-families",
+  templateUrl: "free-bitwarden-families.component.html",
+})
+export class FreeBitwardenFamiliesComponent implements OnInit {
+  tabIndex = 0;
+  sponsoredFamilies: SponsoredFamily[] = [];
+
+  constructor(
+    private router: Router,
+    private dialogService: DialogService,
+    private freeFamiliesPolicyService: FreeFamiliesPolicyService,
+  ) {}
+
+  async ngOnInit() {
+    await this.preventAccessToFreeFamiliesPage();
+  }
+
+  async addSponsorship() {
+    const addSponsorshipDialogRef: DialogRef<AddSponsorshipDialogResult> =
+      AddSponsorshipDialogComponent.open(this.dialogService);
+
+    const dialogRef = await firstValueFrom(addSponsorshipDialogRef.closed);
+
+    if (dialogRef?.value) {
+      this.sponsoredFamilies = [dialogRef.value, ...this.sponsoredFamilies];
+    }
+  }
+
+  removeSponsorhip(sponsorship: any) {
+    const index = this.sponsoredFamilies.findIndex(
+      (e) => e.sponsorshipEmail == sponsorship.sponsorshipEmail,
+    );
+    this.sponsoredFamilies.splice(index, 1);
+  }
+
+  private async preventAccessToFreeFamiliesPage() {
+    const showFreeFamiliesPage = await firstValueFrom(
+      this.freeFamiliesPolicyService.showFreeFamilies$,
+    );
+
+    if (!showFreeFamiliesPage) {
+      await this.router.navigate(["/"]);
+      return;
+    }
+  }
+}
diff --git a/apps/web/src/app/billing/members/organization-member-families.component.html b/apps/web/src/app/billing/members/organization-member-families.component.html
new file mode 100644
index 00000000000..c5b7283d9d9
--- /dev/null
+++ b/apps/web/src/app/billing/members/organization-member-families.component.html
@@ -0,0 +1,47 @@
+<bit-container>
+  <ng-container>
+    <p bitTypography="body1">
+      {{ "membersWithSponsoredFamilies" | i18n }}
+    </p>
+
+    <h2 bitTypography="h2" class="">{{ "memberFamilies" | i18n }}</h2>
+
+    @if (loading) {
+      <ng-container>
+        <i class="bwi bwi-spinner bwi-spin tw-text-muted" title="{{ 'loading' | i18n }}"></i>
+        <span class="tw-sr-only">{{ "loading" | i18n }}</span>
+      </ng-container>
+    }
+
+    @if (!loading && memberFamilies?.length > 0) {
+      <ng-container>
+        <bit-table>
+          <ng-container header>
+            <tr>
+              <th bitCell>{{ "member" | i18n }}</th>
+              <th bitCell>{{ "status" | i18n }}</th>
+              <th bitCell></th>
+            </tr>
+          </ng-container>
+          <ng-template body alignContent="middle">
+            @for (o of memberFamilies; let i = $index; track i) {
+              <ng-container>
+                <tr bitRow>
+                  <td bitCell>{{ o.sponsorshipEmail }}</td>
+                  <td bitCell class="tw-text-success">{{ o.status }}</td>
+                </tr>
+              </ng-container>
+            }
+          </ng-template>
+        </bit-table>
+        <hr class="mt-0" />
+      </ng-container>
+    } @else {
+      <div class="tw-my-5 tw-py-5 tw-flex tw-flex-col tw-items-center">
+        <img class="tw-w-32" src="./../../../images/search.svg" alt="Search" />
+        <h4 class="mt-3" bitTypography="h4">{{ "noMemberFamilies" | i18n }}</h4>
+        <p bitTypography="body2">{{ "noMemberFamiliesDescription" | i18n }}</p>
+      </div>
+    }
+  </ng-container>
+</bit-container>
diff --git a/apps/web/src/app/billing/members/organization-member-families.component.ts b/apps/web/src/app/billing/members/organization-member-families.component.ts
new file mode 100644
index 00000000000..52c95646a11
--- /dev/null
+++ b/apps/web/src/app/billing/members/organization-member-families.component.ts
@@ -0,0 +1,34 @@
+import { Component, Input, OnDestroy, OnInit } from "@angular/core";
+import { Subject } from "rxjs";
+
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+
+import { SponsoredFamily } from "./types/sponsored-family";
+
+@Component({
+  selector: "app-organization-member-families",
+  templateUrl: "organization-member-families.component.html",
+})
+export class OrganizationMemberFamiliesComponent implements OnInit, OnDestroy {
+  tabIndex = 0;
+  loading = false;
+
+  @Input() memberFamilies: SponsoredFamily[] = [];
+
+  private _destroy = new Subject<void>();
+
+  constructor(private platformUtilsService: PlatformUtilsService) {}
+
+  async ngOnInit() {
+    this.loading = false;
+  }
+
+  ngOnDestroy(): void {
+    this._destroy.next();
+    this._destroy.complete();
+  }
+
+  get isSelfHosted(): boolean {
+    return this.platformUtilsService.isSelfHost();
+  }
+}
diff --git a/apps/web/src/app/billing/members/organization-sponsored-families.component.html b/apps/web/src/app/billing/members/organization-sponsored-families.component.html
new file mode 100644
index 00000000000..7db96deb4ab
--- /dev/null
+++ b/apps/web/src/app/billing/members/organization-sponsored-families.component.html
@@ -0,0 +1,87 @@
+<bit-container>
+  <ng-container>
+    <p bitTypography="body1">
+      {{ "sponsorFreeBitwardenFamilies" | i18n }}
+    </p>
+    <div bitTypography="body1">
+      {{ "sponsoredFamiliesInclude" | i18n }}:
+      <ul class="tw-list-outside">
+        <li>{{ "sponsoredFamiliesPremiumAccess" | i18n }}</li>
+        <li>{{ "sponsoredFamiliesSharedCollections" | i18n }}</li>
+      </ul>
+    </div>
+
+    <h2 bitTypography="h2" class="">{{ "sponsoredBitwardenFamilies" | i18n }}</h2>
+
+    @if (loading) {
+      <ng-container>
+        <i class="bwi bwi-spinner bwi-spin tw-text-muted" title="{{ 'loading' | i18n }}"></i>
+        <span class="tw-sr-only">{{ "loading" | i18n }}</span>
+      </ng-container>
+    }
+
+    @if (!loading && sponsoredFamilies?.length > 0) {
+      <ng-container>
+        <bit-table>
+          <ng-container header>
+            <tr>
+              <th bitCell>{{ "recipient" | i18n }}</th>
+              <th bitCell>{{ "status" | i18n }}</th>
+              <th bitCell>{{ "notes" | i18n }}</th>
+              <th bitCell></th>
+            </tr>
+          </ng-container>
+          <ng-template body alignContent="middle">
+            @for (o of sponsoredFamilies; let i = $index; track i) {
+              <ng-container>
+                <tr bitRow>
+                  <td bitCell>{{ o.sponsorshipEmail }}</td>
+                  <td bitCell class="tw-text-success">{{ o.status }}</td>
+                  <td bitCell>{{ o.sponsorshipNote }}</td>
+                  <td bitCell>
+                    <button
+                      type="button"
+                      bitIconButton="bwi-ellipsis-v"
+                      buttonType="main"
+                      [bitMenuTriggerFor]="appListDropdown"
+                      appA11yTitle="{{ 'options' | i18n }}"
+                    ></button>
+                    <bit-menu #appListDropdown>
+                      <button
+                        type="button"
+                        bitMenuItem
+                        [attr.aria-label]="'resendEmailLabel' | i18n"
+                      >
+                        <i aria-hidden="true" class="bwi bwi-envelope"></i>
+                        {{ "resendInvitation" | i18n }}
+                      </button>
+
+                      <hr class="m-0" />
+
+                      <button
+                        type="button"
+                        bitMenuItem
+                        [attr.aria-label]="'revokeAccount' | i18n"
+                        (click)="remove(o)"
+                      >
+                        <i aria-hidden="true" class="bwi bwi-close tw-text-danger"></i>
+                        <span class="tw-text-danger pl-1">{{ "remove" | i18n }}</span>
+                      </button>
+                    </bit-menu>
+                  </td>
+                </tr>
+              </ng-container>
+            }
+          </ng-template>
+        </bit-table>
+        <hr class="mt-0" />
+      </ng-container>
+    } @else {
+      <div class="tw-my-5 tw-py-5 tw-flex tw-flex-col tw-items-center">
+        <img class="tw-w-32" src="./../../../images/search.svg" alt="Search" />
+        <h4 class="mt-3" bitTypography="h4">{{ "noSponsoredFamilies" | i18n }}</h4>
+        <p bitTypography="body2">{{ "noSponsoredFamiliesDescription" | i18n }}</p>
+      </div>
+    }
+  </ng-container>
+</bit-container>
diff --git a/apps/web/src/app/billing/members/organization-sponsored-families.component.ts b/apps/web/src/app/billing/members/organization-sponsored-families.component.ts
new file mode 100644
index 00000000000..7cc46634a38
--- /dev/null
+++ b/apps/web/src/app/billing/members/organization-sponsored-families.component.ts
@@ -0,0 +1,39 @@
+import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from "@angular/core";
+import { Subject } from "rxjs";
+
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+
+import { SponsoredFamily } from "./types/sponsored-family";
+
+@Component({
+  selector: "app-organization-sponsored-families",
+  templateUrl: "organization-sponsored-families.component.html",
+})
+export class OrganizationSponsoredFamiliesComponent implements OnInit, OnDestroy {
+  loading = false;
+  tabIndex = 0;
+
+  @Input() sponsoredFamilies: SponsoredFamily[] = [];
+  @Output() removeSponsorshipEvent = new EventEmitter<SponsoredFamily>();
+
+  private _destroy = new Subject<void>();
+
+  constructor(private platformUtilsService: PlatformUtilsService) {}
+
+  async ngOnInit() {
+    this.loading = false;
+  }
+
+  get isSelfHosted(): boolean {
+    return this.platformUtilsService.isSelfHost();
+  }
+
+  remove(sponsorship: SponsoredFamily) {
+    this.removeSponsorshipEvent.emit(sponsorship);
+  }
+
+  ngOnDestroy(): void {
+    this._destroy.next();
+    this._destroy.complete();
+  }
+}
diff --git a/apps/web/src/app/billing/members/types/sponsored-family.ts b/apps/web/src/app/billing/members/types/sponsored-family.ts
new file mode 100644
index 00000000000..82d2e3948b2
--- /dev/null
+++ b/apps/web/src/app/billing/members/types/sponsored-family.ts
@@ -0,0 +1,5 @@
+export interface SponsoredFamily {
+  sponsorshipEmail?: string;
+  sponsorshipNote?: string;
+  status?: string;
+}
diff --git a/apps/web/src/app/shared/loose-components.module.ts b/apps/web/src/app/shared/loose-components.module.ts
index 5dc34b3b5b1..469ebe457d0 100644
--- a/apps/web/src/app/shared/loose-components.module.ts
+++ b/apps/web/src/app/shared/loose-components.module.ts
@@ -62,6 +62,9 @@ import { OrganizationBadgeModule } from "../vault/individual-vault/organization-
 import { PipesModule } from "../vault/individual-vault/pipes/pipes.module";
 import { PurgeVaultComponent } from "../vault/settings/purge-vault.component";
 
+import { FreeBitwardenFamiliesComponent } from "./../billing/members/free-bitwarden-families.component";
+import { OrganizationMemberFamiliesComponent } from "./../billing/members/organization-member-families.component";
+import { OrganizationSponsoredFamiliesComponent } from "./../billing/members/organization-sponsored-families.component";
 import { EnvironmentSelectorModule } from "./../components/environment-selector/environment-selector.module";
 import { AccountFingerprintComponent } from "./components/account-fingerprint/account-fingerprint.component";
 import { SharedModule } from "./shared.module";
@@ -128,6 +131,9 @@ import { SharedModule } from "./shared.module";
     SelectableAvatarComponent,
     SetPasswordComponent,
     SponsoredFamiliesComponent,
+    OrganizationSponsoredFamiliesComponent,
+    OrganizationMemberFamiliesComponent,
+    FreeBitwardenFamiliesComponent,
     SponsoringOrgRowComponent,
     UpdatePasswordComponent,
     UpdateTempPasswordComponent,
@@ -175,6 +181,9 @@ import { SharedModule } from "./shared.module";
     SelectableAvatarComponent,
     SetPasswordComponent,
     SponsoredFamiliesComponent,
+    OrganizationSponsoredFamiliesComponent,
+    OrganizationMemberFamiliesComponent,
+    FreeBitwardenFamiliesComponent,
     SponsoringOrgRowComponent,
     UpdateTempPasswordComponent,
     UpdatePasswordComponent,
diff --git a/apps/web/src/images/search.svg b/apps/web/src/images/search.svg
new file mode 100644
index 00000000000..36e0ea4bd23
--- /dev/null
+++ b/apps/web/src/images/search.svg
@@ -0,0 +1,12 @@
+<svg width="97" height="97" viewBox="0 0 97 97" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M62.5 12.4604C63.6046 12.4604 64.5 13.3559 64.5 14.4604L64.5 90.4604C64.5 91.565 63.6046 92.4604 62.5 92.4604L6.5 92.4604C5.39543 92.4604 4.5 91.565 4.5 90.4604L4.5 14.4604C4.5 13.3559 5.39544 12.4604 6.5 12.4604L62.5 12.4604Z" fill="#99BAF4"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M62.5 90.4604L62.5 14.4604L6.5 14.4604L6.5 90.4604L62.5 90.4604ZM64.5 14.4604C64.5 13.3559 63.6046 12.4604 62.5 12.4604L6.5 12.4604C5.39544 12.4604 4.5 13.3559 4.5 14.4604L4.5 90.4604C4.5 91.565 5.39543 92.4604 6.5 92.4604L62.5 92.4604C63.6046 92.4604 64.5 91.565 64.5 90.4604L64.5 14.4604Z" fill="#0E3781"/>
+<path d="M72.5 82.4604L72.5 6.46045C72.5 5.35588 71.6046 4.46045 70.5 4.46045L27.8284 4.46045C27.298 4.46045 26.7939 4.66655 26.4188 5.04162L13.0835 18.3769C12.7085 18.752 12.5 19.2584 12.5 19.7889L12.5 82.4604C12.5 83.565 13.3954 84.4604 14.5 84.4604L70.5 84.4604C71.6046 84.4604 72.5 83.565 72.5 82.4604Z" fill="white"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M70.5 82.4604L70.5 6.46045L27.8284 6.46045L14.5 19.7889L14.5 82.4604L70.5 82.4604ZM27.833 6.45583C27.833 6.45583 27.8329 6.45595 27.8327 6.45617L27.833 6.45583ZM72.5 6.46045L72.5 82.4604C72.5 83.565 71.6046 84.4604 70.5 84.4604L14.5 84.4604C13.3954 84.4604 12.5 83.565 12.5 82.4604L12.5 19.7889C12.5 19.2584 12.7085 18.752 13.0835 18.3769L26.4188 5.04162C26.7939 4.66655 27.298 4.46045 27.8284 4.46045L70.5 4.46045C71.6046 4.46045 72.5 5.35588 72.5 6.46045Z" fill="#0E3781"/>
+<path d="M84.5 48.4604C84.5 59.5061 75.5457 68.4604 64.5 68.4604C53.4543 68.4604 44.5 59.5061 44.5 48.4604C44.5 37.4148 53.4543 28.4604 64.5 28.4604C75.5457 28.4604 84.5 37.4148 84.5 48.4604Z" fill="white"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M64.5 66.4604C74.4411 66.4604 82.5 58.4016 82.5 48.4604C82.5 38.5193 74.4411 30.4604 64.5 30.4604C54.5589 30.4604 46.5 38.5193 46.5 48.4604C46.5 58.4016 54.5589 66.4604 64.5 66.4604ZM64.5 68.4604C75.5457 68.4604 84.5 59.5061 84.5 48.4604C84.5 37.4148 75.5457 28.4604 64.5 28.4604C53.4543 28.4604 44.5 37.4148 44.5 48.4604C44.5 59.5061 53.4543 68.4604 64.5 68.4604Z" fill="#0E3781"/>
+<path d="M79.5 48.4604C79.5 56.7447 72.7843 63.4604 64.5 63.4604C56.2157 63.4604 49.5 56.7447 49.5 48.4604C49.5 40.1762 56.2157 33.4604 64.5 33.4604C72.7843 33.4604 79.5 40.1762 79.5 48.4604Z" fill="#99BAF4"/>
+<path d="M95.5038 77.5474L79 61.9604L77 63.9604L92.587 80.4643C93.3607 81.2836 94.6583 81.3021 95.4552 80.5053L95.5448 80.4156C96.3417 79.6188 96.3231 78.3212 95.5038 77.5474Z" fill="#0E3781"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M28.5 5.46045C29.0523 5.46045 29.5 5.90816 29.5 6.46045V21.4604H14.5C13.9477 21.4604 13.5 21.0127 13.5 20.4604C13.5 19.9082 13.9477 19.4604 14.5 19.4604H27.5V6.46045C27.5 5.90816 27.9477 5.46045 28.5 5.46045Z" fill="#0E3781"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M20.5 28.4604C19.9477 28.4604 19.5 28.9082 19.5 29.4604C19.5 30.0127 19.9477 30.4604 20.5 30.4604H30.5C31.0523 30.4604 31.5 30.0127 31.5 29.4604C31.5 28.9082 31.0523 28.4604 30.5 28.4604H20.5ZM34.5 28.4604C33.9477 28.4604 33.5 28.9082 33.5 29.4604C33.5 30.0127 33.9477 30.4604 34.5 30.4604H44.5C45.0523 30.4604 45.5 30.0127 45.5 29.4604C45.5 28.9082 45.0523 28.4604 44.5 28.4604H34.5ZM51.483 33.2759C51.3964 32.8118 50.9892 32.4604 50.5 32.4604H40.5C39.9477 32.4604 39.5 32.9082 39.5 33.4604C39.5 34.0127 39.9477 34.4604 40.5 34.4604H50.2171C50.6218 34.0477 51.0441 33.6524 51.483 33.2759ZM44.5246 49.4604C44.5579 50.1365 44.6247 50.8037 44.7235 51.4604H40.5C39.9477 51.4604 39.5 51.0127 39.5 50.4604C39.5 49.9082 39.9477 49.4604 40.5 49.4604H44.5246ZM44.7235 45.4605C44.6247 46.1172 44.5579 46.7844 44.5246 47.4605L37.5 47.4604C36.9477 47.4604 36.5 47.0127 36.5 46.4604C36.5 45.9082 36.9477 45.4604 37.5 45.4604L44.7235 45.4605ZM48.4985 36.4604C48.0192 37.0986 47.5772 37.7663 47.1756 38.4604L38.5 38.4604C37.9477 38.4604 37.5 38.0127 37.5 37.4604C37.5 36.9082 37.9477 36.4604 38.5 36.4604L48.4985 36.4604ZM64.5 28.4604C61.3707 28.4604 58.4093 29.1791 55.7717 30.4604L54.5 30.4604C53.9477 30.4604 53.5 30.0127 53.5 29.4604C53.5 28.9082 53.9477 28.4604 54.5 28.4604H64.5ZM48.5 28.4604C47.9477 28.4604 47.5 28.9082 47.5 29.4604C47.5 30.0127 47.9477 30.4604 48.5 30.4604H50.5C51.0523 30.4604 51.5 30.0127 51.5 29.4604C51.5 28.9082 51.0523 28.4604 50.5 28.4604H48.5ZM37.5 33.4604C37.5 32.9082 37.0523 32.4604 36.5 32.4604H34.5C33.9477 32.4604 33.5 32.9082 33.5 33.4604C33.5 34.0127 33.9477 34.4604 34.5 34.4604H36.5C37.0523 34.4604 37.5 34.0127 37.5 33.4604ZM34.5 38.4604C35.0523 38.4604 35.5 38.0127 35.5 37.4604C35.5 36.9082 35.0523 36.4604 34.5 36.4604H30.5C29.9477 36.4604 29.5 36.9082 29.5 37.4604C29.5 38.0127 29.9477 38.4604 30.5 38.4604H34.5ZM34.5 46.4604C34.5 47.0127 34.0523 47.4604 33.5 47.4604H27.5C26.9477 47.4604 26.5 47.0127 26.5 46.4604C26.5 45.9082 26.9477 45.4604 27.5 45.4604H33.5C34.0523 45.4604 34.5 45.9082 34.5 46.4604ZM36.5 51.4604C37.0523 51.4604 37.5 51.0127 37.5 50.4604C37.5 49.9082 37.0523 49.4604 36.5 49.4604H20.5C19.9477 49.4604 19.5 49.9082 19.5 50.4604C19.5 51.0127 19.9477 51.4604 20.5 51.4604H36.5ZM31.5 33.4604C31.5 32.9082 31.0523 32.4604 30.5 32.4604L20.5 32.4605C19.9477 32.4605 19.5 32.9082 19.5 33.4605C19.5 34.0127 19.9477 34.4605 20.5 34.4605L30.5 34.4604C31.0523 34.4604 31.5 34.0127 31.5 33.4604ZM26.5 38.4604C27.0523 38.4604 27.5 38.0127 27.5 37.4604C27.5 36.9082 27.0523 36.4604 26.5 36.4604H20.5C19.9477 36.4604 19.5 36.9082 19.5 37.4604C19.5 38.0127 19.9477 38.4604 20.5 38.4604H26.5ZM24.5 46.4604C24.5 47.0127 24.0523 47.4604 23.5 47.4604H20.5C19.9477 47.4604 19.5 47.0127 19.5 46.4604C19.5 45.9082 19.9477 45.4604 20.5 45.4604H23.5C24.0523 45.4604 24.5 45.9082 24.5 46.4604Z" fill="#FFBF00"/>
+</svg>
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 85a7b8cb927..3d6cf0f23a5 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -6306,6 +6306,21 @@
   "sponsoredFamilies": {
     "message": "Free Bitwarden Families"
   },
+  "sponsoredBitwardenFamilies": {
+    "message": "Sponsored families"
+  },
+  "noSponsoredFamilies": {
+    "message": "No sponsored families"
+  },
+  "noSponsoredFamiliesDescription": {
+    "message": "Sponsored non-member families plans will display here"
+  },
+  "sponsorFreeBitwardenFamilies": {
+    "message": "Members of your organization are eligible for Free Bitwarden Families. You can sponsor Free Bitwarden Families for employees who are not a member of your Bitwarden organization. Sponsoring a non-member requires an available seat within your organization."
+  },
+  "sponsoredFamiliesRemoveActiveSponsorship": {
+    "message": "When you remove an active sponsorship, a seat within your organization will be available after the renewal date of the sponsored organization."
+  },
   "sponsoredFamiliesEligible": {
     "message": "You and your family are eligible for Free Bitwarden Families. Redeem with your personal email to keep your data secure even when you are not at work."
   },
@@ -6321,6 +6336,18 @@
   "sponsoredFamiliesSharedCollections": {
     "message": "Shared collections for Family secrets"
   },
+  "memberFamilies": {
+    "message": "Member families"
+  },
+  "noMemberFamilies": {
+    "message": "No member families"
+  },
+  "noMemberFamiliesDescription": {
+    "message": "Members who have redeemed family plans will display here"
+  },
+  "membersWithSponsoredFamilies": {
+    "message": "Members of your organization are eligible for Free Bitwarden Families. Here you can see members who have sponsored a Families organization."
+  },
   "badToken": {
     "message": "The link is no longer valid. Please have the sponsor resend the offer."
   },
@@ -7984,6 +8011,9 @@
   "inviteMember": {
     "message": "Invite member"
   },
+  "addSponsorship": {
+    "message": "Add sponsorship"
+  },
   "needsConfirmation": {
     "message": "Needs confirmation"
   },
diff --git a/libs/common/src/admin-console/models/request/organization/organization-sponsorship-create.request.ts b/libs/common/src/admin-console/models/request/organization/organization-sponsorship-create.request.ts
index 534afffd1bb..19e993487c2 100644
--- a/libs/common/src/admin-console/models/request/organization/organization-sponsorship-create.request.ts
+++ b/libs/common/src/admin-console/models/request/organization/organization-sponsorship-create.request.ts
@@ -6,4 +6,5 @@ export class OrganizationSponsorshipCreateRequest {
   sponsoredEmail: string;
   planSponsorshipType: PlanSponsorshipType;
   friendlyName: string;
+  notes?: string;
 }

From 6c930deefee42365b256e558f7d3cdaa43b88aee Mon Sep 17 00:00:00 2001
From: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Date: Thu, 17 Apr 2025 09:08:39 -0500
Subject: [PATCH 10/30] Migrate bootstrap styling to use tailwind while keeping
 the same styling (#14203)

---
 .../pages/breach-report.component.html        | 55 ++++++++++---------
 1 file changed, 28 insertions(+), 27 deletions(-)

diff --git a/apps/web/src/app/tools/reports/pages/breach-report.component.html b/apps/web/src/app/tools/reports/pages/breach-report.component.html
index fcfd37fef3f..d645fa39d69 100644
--- a/apps/web/src/app/tools/reports/pages/breach-report.component.html
+++ b/apps/web/src/app/tools/reports/pages/breach-report.component.html
@@ -7,7 +7,7 @@
       <bit-label>{{ "username" | i18n }}</bit-label>
       <input id="username" type="text" formControlName="username" bitInput />
     </bit-form-field>
-    <small class="form-text text-muted tw-mb-4">{{ "breachCheckUsernameEmail" | i18n }}</small>
+    <small class="tw-mb-4 tw-block tw-text-muted">{{ "breachCheckUsernameEmail" | i18n }}</small>
     <button type="submit" buttonType="primary" bitButton [loading]="loading">
       {{ "checkBreaches" | i18n }}
     </button>
@@ -21,32 +21,33 @@
       <bit-callout type="danger" title="{{ 'breachFound' | i18n }}" *ngIf="breachedAccounts.length">
         {{ "breachUsernameFound" | i18n: checkedUsername : breachedAccounts.length }}
       </bit-callout>
-      <ul class="list-group list-group-breach" *ngIf="breachedAccounts.length">
-        <li *ngFor="let a of breachedAccounts" class="list-group-item min-height-fix">
-          <div class="row">
-            <div class="col-2 tw-text-center">
-              <img [src]="a.logoPath" alt="" class="img-fluid" />
-            </div>
-            <div class="col-7">
-              <h3 class="tw-text-lg">{{ a.title }}</h3>
-              <p [innerHTML]="a.description"></p>
-              <p class="tw-mb-1">{{ "compromisedData" | i18n }}:</p>
-              <ul>
-                <li *ngFor="let d of a.dataClasses">{{ d }}</li>
-              </ul>
-            </div>
-            <div class="col-3">
-              <dl>
-                <dt>{{ "website" | i18n }}</dt>
-                <dd>{{ a.domain }}</dd>
-                <dt>{{ "affectedUsers" | i18n }}</dt>
-                <dd>{{ a.pwnCount | number }}</dd>
-                <dt>{{ "breachOccurred" | i18n }}</dt>
-                <dd>{{ a.breachDate | date: "mediumDate" }}</dd>
-                <dt>{{ "breachReported" | i18n }}</dt>
-                <dd>{{ a.addedDate | date: "mediumDate" }}</dd>
-              </dl>
-            </div>
+      <ul
+        class="tw-list-none tw-flex-col tw-divide-x-0 tw-divide-y tw-divide-solid tw-divide-secondary-300 tw-rounded tw-border tw-border-solid tw-border-secondary-300 tw-p-0"
+        *ngIf="breachedAccounts.length"
+      >
+        <li *ngFor="let a of breachedAccounts" class="tw-flex tw-gap-4 tw-p-4">
+          <div class="tw-w-32 tw-flex-none">
+            <img [src]="a.logoPath" alt="" class="tw-max-w-32 tw-items-stretch" />
+          </div>
+          <div class="tw-flex-auto">
+            <h3 class="tw-text-lg">{{ a.title }}</h3>
+            <p [innerHTML]="a.description"></p>
+            <p class="tw-mb-1">{{ "compromisedData" | i18n }}:</p>
+            <ul>
+              <li *ngFor="let d of a.dataClasses">{{ d }}</li>
+            </ul>
+          </div>
+          <div class="tw-w-48 tw-flex-none">
+            <dl>
+              <dt>{{ "website" | i18n }}</dt>
+              <dd>{{ a.domain }}</dd>
+              <dt>{{ "affectedUsers" | i18n }}</dt>
+              <dd>{{ a.pwnCount | number }}</dd>
+              <dt>{{ "breachOccurred" | i18n }}</dt>
+              <dd>{{ a.breachDate | date: "mediumDate" }}</dd>
+              <dt>{{ "breachReported" | i18n }}</dt>
+              <dd>{{ a.addedDate | date: "mediumDate" }}</dd>
+            </dl>
           </div>
         </li>
       </ul>

From ede4776433a41b1d4678d3402307c4c557fda887 Mon Sep 17 00:00:00 2001
From: Andreas Coroiu <acoroiu@bitwarden.com>
Date: Thu, 17 Apr 2025 16:25:35 +0200
Subject: [PATCH 11/30] [PM-18043] Add serialization/deserialization support
 (#13804)

* feat: add support for serialization-PR tweaks

* feat: update sdk version
---
 .../src/platform/ipc/background-communication-backend.ts  | 6 +++++-
 .../src/app/platform/ipc/web-communication-provider.ts    | 8 +++++++-
 package-lock.json                                         | 8 ++++----
 package.json                                              | 2 +-
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/apps/browser/src/platform/ipc/background-communication-backend.ts b/apps/browser/src/platform/ipc/background-communication-backend.ts
index 6c5b374dd56..1ebb835fa3b 100644
--- a/apps/browser/src/platform/ipc/background-communication-backend.ts
+++ b/apps/browser/src/platform/ipc/background-communication-backend.ts
@@ -18,7 +18,11 @@ export class BackgroundCommunicationBackend implements CommunicationBackend {
         return;
       }
 
-      void this.queue.enqueue({ ...message.message, source: { Web: { id: sender.tab.id } } });
+      void this.queue.enqueue(
+        new IncomingMessage(message.message.payload, message.message.destination, {
+          Web: { id: sender.tab.id },
+        }),
+      );
     });
   }
 
diff --git a/apps/web/src/app/platform/ipc/web-communication-provider.ts b/apps/web/src/app/platform/ipc/web-communication-provider.ts
index 85353ab77af..787a3c7f3a4 100644
--- a/apps/web/src/app/platform/ipc/web-communication-provider.ts
+++ b/apps/web/src/app/platform/ipc/web-communication-provider.ts
@@ -19,7 +19,13 @@ export class WebCommunicationProvider implements CommunicationBackend {
         return;
       }
 
-      await this.queue.enqueue({ ...message.message, source: "BrowserBackground" });
+      void this.queue.enqueue(
+        new IncomingMessage(
+          message.message.payload,
+          message.message.destination,
+          "BrowserBackground",
+        ),
+      );
     });
   }
 
diff --git a/package-lock.json b/package-lock.json
index c101444cd8e..65f0c87721a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,7 @@
         "@angular/platform-browser": "18.2.13",
         "@angular/platform-browser-dynamic": "18.2.13",
         "@angular/router": "18.2.13",
-        "@bitwarden/sdk-internal": "0.2.0-main.133",
+        "@bitwarden/sdk-internal": "0.2.0-main.137",
         "@electron/fuses": "1.8.0",
         "@emotion/css": "11.13.5",
         "@koa/multer": "3.0.2",
@@ -4700,9 +4700,9 @@
       "link": true
     },
     "node_modules/@bitwarden/sdk-internal": {
-      "version": "0.2.0-main.133",
-      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.133.tgz",
-      "integrity": "sha512-KzKJGf9cKlcQzfRmqkAwVGBN1kDpcRFkTMm7nrphZSrjfaWJWI1lBEJ0DhnkbMMHJXhQavGyoVk5TIn/Y8ylmw==",
+      "version": "0.2.0-main.137",
+      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.137.tgz",
+      "integrity": "sha512-Df0pB5tOEc4WiMjskunTrqHulPzenFv8C61sqsBhHfy80xcf5kU5JyPd4asbf3e4uNS6QGXptd8imp09AuiFEA==",
       "license": "GPL-3.0"
     },
     "node_modules/@bitwarden/send-ui": {
diff --git a/package.json b/package.json
index a39004dcc03..c78decb9827 100644
--- a/package.json
+++ b/package.json
@@ -156,7 +156,7 @@
     "@angular/platform-browser": "18.2.13",
     "@angular/platform-browser-dynamic": "18.2.13",
     "@angular/router": "18.2.13",
-    "@bitwarden/sdk-internal": "0.2.0-main.133",
+    "@bitwarden/sdk-internal": "0.2.0-main.137",
     "@electron/fuses": "1.8.0",
     "@emotion/css": "11.13.5",
     "@koa/multer": "3.0.2",

From e0df1ecf0c4b69ebebb34d0a07d54a1f87097918 Mon Sep 17 00:00:00 2001
From: Jonas Hendrickx <jhendrickx@bitwarden.com>
Date: Thu, 17 Apr 2025 17:33:13 +0200
Subject: [PATCH 12/30] [PM-19180] Calculate sales tax correctly for sponsored
 plans (#14129)

* [PM-19180] Sponsored family org no sales tax because they're free

* [PM-19180][DRAFT] Calculate sales tax correctly for sponsored plans with additional storage

---------

Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
---
 .../families-for-enterprise-setup.component.ts     |  2 ++
 .../organizations/organization-plans.component.ts  | 14 ++++++++------
 .../preview-organization-invoice.request.ts        |  3 ++-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts b/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts
index fdad689d982..57fe212fa65 100644
--- a/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts
+++ b/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts
@@ -43,6 +43,8 @@ export class FamiliesForEnterpriseSetupComponent implements OnInit, OnDestroy {
     value.plan = PlanType.FamiliesAnnually;
     value.productTier = ProductTierType.Families;
     value.acceptingSponsorship = true;
+    value.planSponsorshipType = PlanSponsorshipType.FamiliesForEnterprise;
+
     // eslint-disable-next-line rxjs-angular/prefer-takeuntil
     value.onSuccess.subscribe(this.onOrganizationCreateSuccess.bind(this));
   }
diff --git a/apps/web/src/app/billing/organizations/organization-plans.component.ts b/apps/web/src/app/billing/organizations/organization-plans.component.ts
index fc7d6793a85..59f8dd34c37 100644
--- a/apps/web/src/app/billing/organizations/organization-plans.component.ts
+++ b/apps/web/src/app/billing/organizations/organization-plans.component.ts
@@ -34,7 +34,12 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { BillingApiServiceAbstraction } from "@bitwarden/common/billing/abstractions";
 import { TaxServiceAbstraction } from "@bitwarden/common/billing/abstractions/tax.service.abstraction";
-import { PaymentMethodType, PlanType, ProductTierType } from "@bitwarden/common/billing/enums";
+import {
+  PaymentMethodType,
+  PlanSponsorshipType,
+  PlanType,
+  ProductTierType,
+} from "@bitwarden/common/billing/enums";
 import { TaxInformation } from "@bitwarden/common/billing/models/domain";
 import { ExpandedTaxInfoUpdateRequest } from "@bitwarden/common/billing/models/request/expanded-tax-info-update.request";
 import { PreviewOrganizationInvoiceRequest } from "@bitwarden/common/billing/models/request/preview-organization-invoice.request";
@@ -83,6 +88,7 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy {
   @Input() showFree = true;
   @Input() showCancel = false;
   @Input() acceptingSponsorship = false;
+  @Input() planSponsorshipType?: PlanSponsorshipType;
   @Input() currentPlan: PlanResponse;
 
   selectedFile: File;
@@ -682,11 +688,6 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy {
   }
 
   private refreshSalesTax(): void {
-    if (this.formGroup.controls.plan.value == PlanType.Free) {
-      this.estimatedTax = 0;
-      return;
-    }
-
     if (!this.taxComponent.validate()) {
       return;
     }
@@ -696,6 +697,7 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy {
       passwordManager: {
         additionalStorage: this.formGroup.controls.additionalStorage.value,
         plan: this.formGroup.controls.plan.value,
+        sponsoredPlan: this.planSponsorshipType,
         seats: this.formGroup.controls.additionalSeats.value,
       },
       taxInformation: {
diff --git a/libs/common/src/billing/models/request/preview-organization-invoice.request.ts b/libs/common/src/billing/models/request/preview-organization-invoice.request.ts
index 40d8db03d3b..bfeecb4eb23 100644
--- a/libs/common/src/billing/models/request/preview-organization-invoice.request.ts
+++ b/libs/common/src/billing/models/request/preview-organization-invoice.request.ts
@@ -1,4 +1,4 @@
-import { PlanType } from "../../enums";
+import { PlanSponsorshipType, PlanType } from "../../enums";
 
 export class PreviewOrganizationInvoiceRequest {
   organizationId?: string;
@@ -21,6 +21,7 @@ export class PreviewOrganizationInvoiceRequest {
 
 class PasswordManager {
   plan: PlanType;
+  sponsoredPlan?: PlanSponsorshipType;
   seats: number;
   additionalStorage: number;
 

From 5af12505f1f97d172d6a7c44a9557b062c406221 Mon Sep 17 00:00:00 2001
From: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Date: Thu, 17 Apr 2025 16:01:02 -0400
Subject: [PATCH 13/30] Switch userVisibleOnly to `false` (#14202)

---
 .../notifications/internal/worker-webpush-connection.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/common/src/platform/notifications/internal/worker-webpush-connection.service.ts b/libs/common/src/platform/notifications/internal/worker-webpush-connection.service.ts
index 74981b6782f..a1143d14d1d 100644
--- a/libs/common/src/platform/notifications/internal/worker-webpush-connection.service.ts
+++ b/libs/common/src/platform/notifications/internal/worker-webpush-connection.service.ts
@@ -134,7 +134,7 @@ class MyWebPushConnector implements WebPushConnector {
 
   private async pushManagerSubscribe(key: string) {
     return await this.serviceWorkerRegistration.pushManager.subscribe({
-      userVisibleOnly: true,
+      userVisibleOnly: false,
       applicationServerKey: key,
     });
   }

From 7bf4bae7c6d693c8d438aaa082e28a147be85e1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20=C3=85berg?= <anders@andersaberg.com>
Date: Fri, 18 Apr 2025 10:43:22 +0200
Subject: [PATCH 14/30] Revert event-driven .show, in order for
 bootstrap/hide-to-tray to work (#14181)

---
 apps/desktop/src/main/window.main.ts | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/apps/desktop/src/main/window.main.ts b/apps/desktop/src/main/window.main.ts
index 73231f1f730..1c396b09b21 100644
--- a/apps/desktop/src/main/window.main.ts
+++ b/apps/desktop/src/main/window.main.ts
@@ -292,11 +292,7 @@ export class WindowMain {
       this.win.maximize();
     }
 
-    // Show it later since it might need to be maximized.
-    // use once event to avoid flash on unstyled content.
-    this.win.once("ready-to-show", () => {
-      this.win.show();
-    });
+    this.win.show();
 
     if (template === "full-app") {
       // and load the index.html of the app.

From d6beca569c4e80bd1657f5e0aca3a9f18ad697c2 Mon Sep 17 00:00:00 2001
From: Vijay Oommen <voommen@livefront.com>
Date: Fri, 18 Apr 2025 08:45:05 -0500
Subject: [PATCH 15/30] [PM-19810] Member Access Report - CSV export fix
 (#14313)

---
 .../services/member-access-report.mock.ts     | 38 +++++++++++++++++++
 .../member-access-report.service.spec.ts      | 34 ++++++++++++++++-
 .../services/member-access-report.service.ts  | 20 ++++++++++
 3 files changed, 91 insertions(+), 1 deletion(-)

diff --git a/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.mock.ts b/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.mock.ts
index 9ace555dd2e..b07e4946ca7 100644
--- a/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.mock.ts
+++ b/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.mock.ts
@@ -229,3 +229,41 @@ export const memberAccessReportsMock: MemberAccessResponse[] = [
     ],
   } as MemberAccessResponse,
 ];
+
+export const memberAccessWithoutAccessDetailsReportsMock: MemberAccessResponse[] = [
+  {
+    userName: "Alice Smith",
+    email: "asmith@email.com",
+    twoFactorEnabled: true,
+    accountRecoveryEnabled: true,
+    groupsCount: 2,
+    collectionsCount: 4,
+    totalItemCount: 20,
+    userGuid: "1234",
+    usesKeyConnector: false,
+    accessDetails: [
+      {
+        groupId: "",
+        collectionId: "c1",
+        collectionName: new EncString("Collection 1"),
+        groupName: "Alice Group 1",
+        itemCount: 10,
+        readOnly: false,
+        hidePasswords: false,
+        manage: false,
+      } as MemberAccessDetails,
+    ],
+  } as MemberAccessResponse,
+  {
+    userName: "Robert Brown",
+    email: "rbrown@email.com",
+    twoFactorEnabled: false,
+    accountRecoveryEnabled: false,
+    groupsCount: 2,
+    collectionsCount: 4,
+    totalItemCount: 20,
+    userGuid: "5678",
+    usesKeyConnector: false,
+    accessDetails: [] as MemberAccessDetails[],
+  } as MemberAccessResponse,
+];
diff --git a/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.spec.ts b/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.spec.ts
index 7d6beca48ec..e6efac83616 100644
--- a/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.spec.ts
+++ b/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.spec.ts
@@ -4,7 +4,10 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { OrganizationId } from "@bitwarden/common/types/guid";
 
 import { MemberAccessReportApiService } from "./member-access-report-api.service";
-import { memberAccessReportsMock } from "./member-access-report.mock";
+import {
+  memberAccessReportsMock,
+  memberAccessWithoutAccessDetailsReportsMock,
+} from "./member-access-report.mock";
 import { MemberAccessReportService } from "./member-access-report.service";
 describe("ImportService", () => {
   const mockOrganizationId = "mockOrgId" as OrganizationId;
@@ -112,5 +115,34 @@ describe("ImportService", () => {
         ]),
       );
     });
+
+    it("should generate user report export items and include users with no access", async () => {
+      reportApiService.getMemberAccessData.mockImplementation(() =>
+        Promise.resolve(memberAccessWithoutAccessDetailsReportsMock),
+      );
+      const result =
+        await memberAccessReportService.generateUserReportExportItems(mockOrganizationId);
+
+      expect(result).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({
+            email: "asmith@email.com",
+            name: "Alice Smith",
+            twoStepLogin: "memberAccessReportTwoFactorEnabledTrue",
+            accountRecovery: "memberAccessReportAuthenticationEnabledTrue",
+            group: "Alice Group 1",
+            totalItems: "10",
+          }),
+          expect.objectContaining({
+            email: "rbrown@email.com",
+            name: "Robert Brown",
+            twoStepLogin: "memberAccessReportTwoFactorEnabledFalse",
+            accountRecovery: "memberAccessReportAuthenticationEnabledFalse",
+            group: "memberAccessReportNoGroup",
+            totalItems: "0",
+          }),
+        ]),
+      );
+    });
   });
 });
diff --git a/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.ts b/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.ts
index b7ff5551e2c..029dce8a404 100644
--- a/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.ts
+++ b/bitwarden_license/bit-web/src/app/tools/reports/member-access-report/services/member-access-report.service.ts
@@ -65,6 +65,26 @@ export class MemberAccessReportService {
     }
 
     const exportItems = memberAccessReports.flatMap((report) => {
+      // to include users without access details
+      // which means a user has no groups, collections or items
+      if (report.accessDetails.length === 0) {
+        return [
+          {
+            email: report.email,
+            name: report.userName,
+            twoStepLogin: report.twoFactorEnabled
+              ? this.i18nService.t("memberAccessReportTwoFactorEnabledTrue")
+              : this.i18nService.t("memberAccessReportTwoFactorEnabledFalse"),
+            accountRecovery: report.accountRecoveryEnabled
+              ? this.i18nService.t("memberAccessReportAuthenticationEnabledTrue")
+              : this.i18nService.t("memberAccessReportAuthenticationEnabledFalse"),
+            group: this.i18nService.t("memberAccessReportNoGroup"),
+            collection: this.i18nService.t("memberAccessReportNoCollection"),
+            collectionPermission: this.i18nService.t("memberAccessReportNoCollectionPermission"),
+            totalItems: "0",
+          },
+        ];
+      }
       const userDetails = report.accessDetails.map((detail) => {
         const collectionName = collectionNameMap.get(detail.collectionName.encryptedString);
         return {

From 9d16435d0858d40783ff8bc5494f27314cf00a0f Mon Sep 17 00:00:00 2001
From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Date: Fri, 18 Apr 2025 09:52:12 -0400
Subject: [PATCH 16/30] docs(ViewModel): Add JSDocs to view to explain proper
 use (#14214)

---
 libs/common/src/models/view/view.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libs/common/src/models/view/view.ts b/libs/common/src/models/view/view.ts
index 1f16b3d5958..2869617dca5 100644
--- a/libs/common/src/models/view/view.ts
+++ b/libs/common/src/models/view/view.ts
@@ -1 +1,5 @@
+// See https://contributing.bitwarden.com/architecture/clients/data-model/#view for proper use.
+// View models represent the decrypted state of a corresponding Domain model.
+// They typically match the Domain model but contains a decrypted string for any EncString fields.
+// Don't use this to represent arbitrary component view data as that isn't what it is for.
 export class View {}

From e026799071e39219f600c8e1fca9fa024b4be844 Mon Sep 17 00:00:00 2001
From: Jonas Hendrickx <jhendrickx@bitwarden.com>
Date: Fri, 18 Apr 2025 15:57:27 +0200
Subject: [PATCH 17/30] [PM-13128] Enable Breadcrumb Policies (#13584)

* [PM-13128] Enable Breadcrumb Policies

* [PM-13128] Enable Breadcrumb Policies

* [PM-13128] wip

* [PM-13128] wip

* [PM-13128] wip

* [PM-13128] wip

* remove dead code

* wip

* wip

* wip

* refactor

* Fix for providers

* revert to functional auth guard

* change prerequisite to info variant

* address comment

* r

* r

* r

* tests

* r

* r

* fix tests

* feedback

* fix tests

* fix tests

* Rename upselling to breadcrumbing

* Address feedback

* Fix build & tests

* Make the guard callback use Observable instead of a promise

* Pm 13128 suggestions (#14041)

* Rename new enum value

* Show the upgrade button when breadcrumbing is enabled

* Show mouse pointer when cursor is hovered above badge

* Do not make the dialogs overlap

* Align badge middle

* Gap

* Badge should be a `button` instead of `span`

* missing button@type

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Alex Morask <amorask@bitwarden.com>
---
 .../guards/org-permissions.guard.spec.ts      |  30 +++-
 .../guards/org-permissions.guard.ts           |  26 ++-
 .../organization-layout.component.html        |   2 +-
 .../layouts/organization-layout.component.ts  |  15 ++
 .../policies/policies.component.html          |  15 +-
 .../policies/policies.component.ts            |  61 +++++--
 .../policies/policy-edit.component.html       |  18 +++
 .../policies/policy-edit.component.ts         |  33 +++-
 .../organization-settings-routing.module.ts   |  13 +-
 .../layouts/header/web-header.component.html  |   2 +-
 .../src/services/jslib-services.module.ts     |   1 +
 .../organization-billing.service.ts           |   9 ++
 .../organization-billing.service.spec.ts      | 149 ++++++++++++++++++
 .../services/organization-billing.service.ts  |  33 +++-
 14 files changed, 380 insertions(+), 27 deletions(-)
 create mode 100644 libs/common/src/billing/services/organization-billing.service.spec.ts

diff --git a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts
index 9afd34ca149..d628e23063f 100644
--- a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts
+++ b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts
@@ -100,20 +100,44 @@ describe("Organization Permissions Guard", () => {
 
     it("permits navigation if the user has permissions", async () => {
       const permissionsCallback = jest.fn();
-      permissionsCallback.mockImplementation((_org) => true);
+      permissionsCallback.mockReturnValue(true);
 
       const actual = await TestBed.runInInjectionContext(
         async () => await organizationPermissionsGuard(permissionsCallback)(route, state),
       );
 
-      expect(permissionsCallback).toHaveBeenCalledWith(orgFactory({ id: targetOrgId }));
+      expect(permissionsCallback).toHaveBeenCalledTimes(1);
+      expect(actual).toBe(true);
+    });
+
+    it("handles a Promise returned from the callback", async () => {
+      const permissionsCallback = jest.fn();
+      permissionsCallback.mockReturnValue(Promise.resolve(true));
+
+      const actual = await TestBed.runInInjectionContext(() =>
+        organizationPermissionsGuard(permissionsCallback)(route, state),
+      );
+
+      expect(permissionsCallback).toHaveBeenCalledTimes(1);
+      expect(actual).toBe(true);
+    });
+
+    it("handles an Observable returned from the callback", async () => {
+      const permissionsCallback = jest.fn();
+      permissionsCallback.mockReturnValue(of(true));
+
+      const actual = await TestBed.runInInjectionContext(() =>
+        organizationPermissionsGuard(permissionsCallback)(route, state),
+      );
+
+      expect(permissionsCallback).toHaveBeenCalledTimes(1);
       expect(actual).toBe(true);
     });
 
     describe("if the user does not have permissions", () => {
       it("and there is no Item ID, block navigation", async () => {
         const permissionsCallback = jest.fn();
-        permissionsCallback.mockImplementation((_org) => false);
+        permissionsCallback.mockReturnValue(false);
 
         state = mock<RouterStateSnapshot>({
           root: mock<ActivatedRouteSnapshot>({
diff --git a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts
index d399f9c9c05..6c9090a27b4 100644
--- a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts
+++ b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts
@@ -1,13 +1,13 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { inject } from "@angular/core";
+import { EnvironmentInjector, inject, runInInjectionContext } from "@angular/core";
 import {
   ActivatedRouteSnapshot,
   CanActivateFn,
   Router,
   RouterStateSnapshot,
 } from "@angular/router";
-import { firstValueFrom, switchMap } from "rxjs";
+import { firstValueFrom, isObservable, Observable, switchMap } from "rxjs";
 
 import {
   canAccessOrgAdmin,
@@ -42,7 +42,9 @@ import { ToastService } from "@bitwarden/components";
  *    proceeds as expected.
  */
 export function organizationPermissionsGuard(
-  permissionsCallback?: (organization: Organization) => boolean,
+  permissionsCallback?: (
+    organization: Organization,
+  ) => boolean | Promise<boolean> | Observable<boolean>,
 ): CanActivateFn {
   return async (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
     const router = inject(Router);
@@ -51,6 +53,7 @@ export function organizationPermissionsGuard(
     const i18nService = inject(I18nService);
     const syncService = inject(SyncService);
     const accountService = inject(AccountService);
+    const environmentInjector = inject(EnvironmentInjector);
 
     // TODO: We need to fix issue once and for all.
     if ((await syncService.getLastSync()) == null) {
@@ -78,7 +81,22 @@ export function organizationPermissionsGuard(
       return router.createUrlTree(["/"]);
     }
 
-    const hasPermissions = permissionsCallback == null || permissionsCallback(org);
+    if (permissionsCallback == null) {
+      // No additional permission checks required, allow navigation
+      return true;
+    }
+
+    const callbackResult = runInInjectionContext(environmentInjector, () =>
+      permissionsCallback(org),
+    );
+
+    const hasPermissions = isObservable(callbackResult)
+      ? await firstValueFrom(callbackResult) // handles observables
+      : await Promise.resolve(callbackResult); // handles promises and boolean values
+
+    if (hasPermissions !== true && hasPermissions !== false) {
+      throw new Error("Permission callback did not resolve to a boolean.");
+    }
 
     if (!hasPermissions) {
       // Handle linkable ciphers for organizations the user only has view access to
diff --git a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
index e50c55e83d2..fec790dabcb 100644
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
@@ -97,7 +97,7 @@
       <bit-nav-item
         [text]="'policies' | i18n"
         route="settings/policies"
-        *ngIf="organization.canManagePolicies"
+        *ngIf="canShowPoliciesTab$ | async"
       ></bit-nav-item>
       <bit-nav-item
         [text]="'twoStepLogin' | i18n"
diff --git a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
index d0b82d27722..ec67a17bce9 100644
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
@@ -22,6 +22,7 @@ import { PolicyType, ProviderStatusType } from "@bitwarden/common/admin-console/
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
+import { OrganizationBillingServiceAbstraction } from "@bitwarden/common/billing/abstractions";
 import { ProductTierType } from "@bitwarden/common/billing/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -68,6 +69,7 @@ export class OrganizationLayoutComponent implements OnInit {
   showAccountDeprovisioningBanner$: Observable<boolean>;
   protected isBreadcrumbEventLogsEnabled$: Observable<boolean>;
   protected showSponsoredFamiliesDropdown$: Observable<boolean>;
+  protected canShowPoliciesTab$: Observable<boolean>;
 
   constructor(
     private route: ActivatedRoute,
@@ -79,6 +81,7 @@ export class OrganizationLayoutComponent implements OnInit {
     protected bannerService: AccountDeprovisioningBannerService,
     private accountService: AccountService,
     private freeFamiliesPolicyService: FreeFamiliesPolicyService,
+    private organizationBillingService: OrganizationBillingServiceAbstraction,
   ) {}
 
   async ngOnInit() {
@@ -148,6 +151,18 @@ export class OrganizationLayoutComponent implements OnInit {
     ))
       ? "claimedDomains"
       : "domainVerification";
+
+    this.canShowPoliciesTab$ = this.organization$.pipe(
+      switchMap((organization) =>
+        this.organizationBillingService
+          .isBreadcrumbingPoliciesEnabled$(organization)
+          .pipe(
+            map(
+              (isBreadcrumbingEnabled) => isBreadcrumbingEnabled || organization.canManagePolicies,
+            ),
+          ),
+      ),
+    );
   }
 
   canShowVaultTab(organization: Organization): boolean {
diff --git a/apps/web/src/app/admin-console/organizations/policies/policies.component.html b/apps/web/src/app/admin-console/organizations/policies/policies.component.html
index 24021bb765f..e40b9d80e9e 100644
--- a/apps/web/src/app/admin-console/organizations/policies/policies.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/policies.component.html
@@ -1,4 +1,17 @@
-<app-header></app-header>
+<app-header>
+  @let organization = organization$ | async;
+  <button
+    bitBadge
+    class="!tw-align-middle"
+    (click)="changePlan(organization)"
+    *ngIf="isBreadcrumbingEnabled$ | async"
+    slot="title-suffix"
+    type="button"
+    variant="primary"
+  >
+    {{ "upgrade" | i18n }}
+  </button>
+</app-header>
 
 <bit-container>
   <ng-container *ngIf="loading">
diff --git a/apps/web/src/app/admin-console/organizations/policies/policies.component.ts b/apps/web/src/app/admin-console/organizations/policies/policies.component.ts
index 52cb4da107a..2b86d76d9b1 100644
--- a/apps/web/src/app/admin-console/organizations/policies/policies.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/policies.component.ts
@@ -2,8 +2,8 @@
 // @ts-strict-ignore
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
-import { firstValueFrom, lastValueFrom } from "rxjs";
-import { first, map } from "rxjs/operators";
+import { firstValueFrom, lastValueFrom, map, Observable, switchMap } from "rxjs";
+import { first } from "rxjs/operators";
 
 import {
   getOrganizationById,
@@ -14,10 +14,17 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/policy.response";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { OrganizationBillingServiceAbstraction } from "@bitwarden/common/billing/abstractions";
 import { DialogService } from "@bitwarden/components";
+import {
+  ChangePlanDialogResultType,
+  openChangePlanDialog,
+} from "@bitwarden/web-vault/app/billing/organizations/change-plan-dialog.component";
+import { All } from "@bitwarden/web-vault/app/vault/individual-vault/vault-filter/shared/models/routed-vault-filter.model";
 
 import { PolicyListService } from "../../core/policy-list.service";
 import { BasePolicy } from "../policies";
+import { CollectionDialogTabType } from "../shared/components/collection-dialog";
 
 import { PolicyEditComponent, PolicyEditDialogResult } from "./policy-edit.component";
 
@@ -32,17 +39,19 @@ export class PoliciesComponent implements OnInit {
   loading = true;
   organizationId: string;
   policies: BasePolicy[];
-  organization: Organization;
+  protected organization$: Observable<Organization>;
 
   private orgPolicies: PolicyResponse[];
   protected policiesEnabledMap: Map<PolicyType, boolean> = new Map<PolicyType, boolean>();
+  protected isBreadcrumbingEnabled$: Observable<boolean>;
 
   constructor(
     private route: ActivatedRoute,
-    private organizationService: OrganizationService,
     private accountService: AccountService,
+    private organizationService: OrganizationService,
     private policyApiService: PolicyApiServiceAbstraction,
     private policyListService: PolicyListService,
+    private organizationBillingService: OrganizationBillingServiceAbstraction,
     private dialogService: DialogService,
   ) {}
 
@@ -53,11 +62,9 @@ export class PoliciesComponent implements OnInit {
       const userId = await firstValueFrom(
         this.accountService.activeAccount$.pipe(map((a) => a?.id)),
       );
-      this.organization = await firstValueFrom(
-        this.organizationService
-          .organizations$(userId)
-          .pipe(getOrganizationById(this.organizationId)),
-      );
+      this.organization$ = this.organizationService
+        .organizations$(userId)
+        .pipe(getOrganizationById(this.organizationId));
       this.policies = this.policyListService.getPolicies();
 
       await this.load();
@@ -91,7 +98,11 @@ export class PoliciesComponent implements OnInit {
     this.orgPolicies.forEach((op) => {
       this.policiesEnabledMap.set(op.type, op.enabled);
     });
-
+    this.isBreadcrumbingEnabled$ = this.organization$.pipe(
+      switchMap((organization) =>
+        this.organizationBillingService.isBreadcrumbingPoliciesEnabled$(organization),
+      ),
+    );
     this.loading = false;
   }
 
@@ -104,8 +115,34 @@ export class PoliciesComponent implements OnInit {
     });
 
     const result = await lastValueFrom(dialogRef.closed);
-    if (result === PolicyEditDialogResult.Saved) {
-      await this.load();
+    switch (result) {
+      case PolicyEditDialogResult.Saved:
+        await this.load();
+        break;
+      case PolicyEditDialogResult.UpgradePlan:
+        await this.changePlan(await firstValueFrom(this.organization$));
+        break;
     }
   }
+
+  protected readonly CollectionDialogTabType = CollectionDialogTabType;
+  protected readonly All = All;
+
+  protected async changePlan(organization: Organization) {
+    const reference = openChangePlanDialog(this.dialogService, {
+      data: {
+        organizationId: organization.id,
+        subscription: null,
+        productTierType: organization.productTierType,
+      },
+    });
+
+    const result = await lastValueFrom(reference.closed);
+
+    if (result === ChangePlanDialogResultType.Closed) {
+      return;
+    }
+
+    await this.load();
+  }
 }
diff --git a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
index 671083a2318..7f33f08f888 100644
--- a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
@@ -1,5 +1,17 @@
 <form [formGroup]="formGroup" [bitSubmit]="submit">
   <bit-dialog [loading]="loading" [title]="'editPolicy' | i18n" [subtitle]="policy.name | i18n">
+    <ng-container bitDialogTitle>
+      <button
+        bitBadge
+        class="!tw-align-middle"
+        (click)="upgradePlan()"
+        *ngIf="isBreadcrumbingEnabled$ | async"
+        type="button"
+        variant="primary"
+      >
+        {{ "planNameEnterprise" | i18n }}
+      </button>
+    </ng-container>
     <ng-container bitDialogContent>
       <div *ngIf="loading">
         <i
@@ -16,6 +28,7 @@
     </ng-container>
     <ng-container bitDialogFooter>
       <button
+        *ngIf="!(isBreadcrumbingEnabled$ | async); else breadcrumbing"
         bitButton
         buttonType="primary"
         [disabled]="saveDisabled$ | async"
@@ -24,6 +37,11 @@
       >
         {{ "save" | i18n }}
       </button>
+      <ng-template #breadcrumbing>
+        <button bitButton buttonType="primary" bitFormButton type="button" (click)="upgradePlan()">
+          {{ "upgrade" | i18n }}
+        </button>
+      </ng-template>
       <button bitButton buttonType="secondary" bitDialogClose type="button">
         {{ "cancel" | i18n }}
       </button>
diff --git a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
index f33460e8c16..49f4d15a100 100644
--- a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
@@ -9,12 +9,20 @@ import {
   ViewContainerRef,
 } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
-import { Observable, map } from "rxjs";
+import { map, Observable, switchMap } from "rxjs";
 
+import {
+  getOrganizationById,
+  OrganizationService,
+} from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { PolicyRequest } from "@bitwarden/common/admin-console/models/request/policy.request";
 import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/policy.response";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
+import { OrganizationBillingServiceAbstraction } from "@bitwarden/common/billing/abstractions";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import {
   DIALOG_DATA,
@@ -35,6 +43,7 @@ export type PolicyEditDialogData = {
 
 export enum PolicyEditDialogResult {
   Saved = "saved",
+  UpgradePlan = "upgrade-plan",
 }
 @Component({
   selector: "app-policy-edit",
@@ -48,22 +57,28 @@ export class PolicyEditComponent implements AfterViewInit {
   loading = true;
   enabled = false;
   saveDisabled$: Observable<boolean>;
-  defaultTypes: any[];
   policyComponent: BasePolicyComponent;
 
   private policyResponse: PolicyResponse;
   formGroup = this.formBuilder.group({
     enabled: [this.enabled],
   });
+  protected organization$: Observable<Organization>;
+  protected isBreadcrumbingEnabled$: Observable<boolean>;
+
   constructor(
     @Inject(DIALOG_DATA) protected data: PolicyEditDialogData,
+    private accountService: AccountService,
     private policyApiService: PolicyApiServiceAbstraction,
+    private organizationService: OrganizationService,
     private i18nService: I18nService,
     private cdr: ChangeDetectorRef,
     private formBuilder: FormBuilder,
     private dialogRef: DialogRef<PolicyEditDialogResult>,
     private toastService: ToastService,
+    private organizationBillingService: OrganizationBillingServiceAbstraction,
   ) {}
+
   get policy(): BasePolicy {
     return this.data.policy;
   }
@@ -97,6 +112,16 @@ export class PolicyEditComponent implements AfterViewInit {
         throw e;
       }
     }
+    this.organization$ = this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.organizationService.organizations$(userId)),
+      getOrganizationById(this.data.organizationId),
+    );
+    this.isBreadcrumbingEnabled$ = this.organization$.pipe(
+      switchMap((organization) =>
+        this.organizationBillingService.isBreadcrumbingPoliciesEnabled$(organization),
+      ),
+    );
   }
 
   submit = async () => {
@@ -119,4 +144,8 @@ export class PolicyEditComponent implements AfterViewInit {
   static open = (dialogService: DialogService, config: DialogConfig<PolicyEditDialogData>) => {
     return dialogService.open<PolicyEditDialogResult>(PolicyEditComponent, config);
   };
+
+  protected upgradePlan(): void {
+    this.dialogRef.close(PolicyEditDialogResult.UpgradePlan);
+  }
 }
diff --git a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts
index a644086628c..cfec0be531b 100644
--- a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts
@@ -1,8 +1,10 @@
-import { NgModule } from "@angular/core";
+import { NgModule, inject } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
+import { map } from "rxjs";
 
 import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { OrganizationBillingServiceAbstraction } from "@bitwarden/common/billing/abstractions";
 
 import { organizationPermissionsGuard } from "../../organizations/guards/org-permissions.guard";
 import { organizationRedirectGuard } from "../../organizations/guards/org-redirect.guard";
@@ -41,7 +43,14 @@ const routes: Routes = [
       {
         path: "policies",
         component: PoliciesComponent,
-        canActivate: [organizationPermissionsGuard((org) => org.canManagePolicies)],
+        canActivate: [
+          organizationPermissionsGuard((o: Organization) => {
+            const organizationBillingService = inject(OrganizationBillingServiceAbstraction);
+            return organizationBillingService
+              .isBreadcrumbingPoliciesEnabled$(o)
+              .pipe(map((isBreadcrumbingEnabled) => o.canManagePolicies || isBreadcrumbingEnabled));
+          }),
+        ],
         data: {
           titleId: "policies",
         },
diff --git a/apps/web/src/app/layouts/header/web-header.component.html b/apps/web/src/app/layouts/header/web-header.component.html
index 28d786f2d64..4b0da4ae569 100644
--- a/apps/web/src/app/layouts/header/web-header.component.html
+++ b/apps/web/src/app/layouts/header/web-header.component.html
@@ -12,7 +12,7 @@
       <h1
         bitTypography="h1"
         noMargin
-        class="tw-m-0 tw-mr-2 tw-leading-10 tw-flex"
+        class="tw-m-0 tw-mr-2 tw-leading-10 tw-flex tw-gap-1"
         [title]="title || (routeData.titleId | i18n)"
       >
         <div class="tw-truncate">
diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts
index 3cce9b5357e..8e2b3409593 100644
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -1255,6 +1255,7 @@ const safeProviders: SafeProvider[] = [
       I18nServiceAbstraction,
       OrganizationApiServiceAbstraction,
       SyncService,
+      ConfigService,
     ],
   }),
   safeProvider({
diff --git a/libs/common/src/billing/abstractions/organization-billing.service.ts b/libs/common/src/billing/abstractions/organization-billing.service.ts
index 69309014fac..8024a120b0a 100644
--- a/libs/common/src/billing/abstractions/organization-billing.service.ts
+++ b/libs/common/src/billing/abstractions/organization-billing.service.ts
@@ -1,5 +1,8 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
+import { Observable } from "rxjs";
+
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 
 import { OrganizationResponse } from "../../admin-console/models/response/organization.response";
 import { InitiationPath } from "../../models/request/reference-event.request";
@@ -59,4 +62,10 @@ export abstract class OrganizationBillingServiceAbstraction {
     organizationId: string,
     subscription: SubscriptionInformation,
   ) => Promise<void>;
+
+  /**
+   * Determines if breadcrumbing policies is enabled for the organizations meeting certain criteria.
+   * @param organization
+   */
+  abstract isBreadcrumbingPoliciesEnabled$(organization: Organization): Observable<boolean>;
 }
diff --git a/libs/common/src/billing/services/organization-billing.service.spec.ts b/libs/common/src/billing/services/organization-billing.service.spec.ts
new file mode 100644
index 00000000000..7b194dff637
--- /dev/null
+++ b/libs/common/src/billing/services/organization-billing.service.spec.ts
@@ -0,0 +1,149 @@
+import { mock } from "jest-mock-extended";
+import { firstValueFrom, of } from "rxjs";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { OrganizationApiServiceAbstraction as OrganizationApiService } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { BillingApiServiceAbstraction } from "@bitwarden/common/billing/abstractions";
+import { ProductTierType } from "@bitwarden/common/billing/enums";
+import { OrganizationBillingService } from "@bitwarden/common/billing/services/organization-billing.service";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { SyncService } from "@bitwarden/common/platform/sync";
+import { KeyService } from "@bitwarden/key-management";
+
+describe("BillingAccountProfileStateService", () => {
+  let apiService: jest.Mocked<ApiService>;
+  let billingApiService: jest.Mocked<BillingApiServiceAbstraction>;
+  let keyService: jest.Mocked<KeyService>;
+  let encryptService: jest.Mocked<EncryptService>;
+  let i18nService: jest.Mocked<I18nService>;
+  let organizationApiService: jest.Mocked<OrganizationApiService>;
+  let syncService: jest.Mocked<SyncService>;
+  let configService: jest.Mocked<ConfigService>;
+
+  let sut: OrganizationBillingService;
+
+  beforeEach(() => {
+    apiService = mock<ApiService>();
+    billingApiService = mock<BillingApiServiceAbstraction>();
+    keyService = mock<KeyService>();
+    encryptService = mock<EncryptService>();
+    i18nService = mock<I18nService>();
+    organizationApiService = mock<OrganizationApiService>();
+    syncService = mock<SyncService>();
+    configService = mock<ConfigService>();
+
+    sut = new OrganizationBillingService(
+      apiService,
+      billingApiService,
+      keyService,
+      encryptService,
+      i18nService,
+      organizationApiService,
+      syncService,
+      configService,
+    );
+  });
+
+  afterEach(() => {
+    return jest.resetAllMocks();
+  });
+
+  describe("isBreadcrumbingPoliciesEnabled", () => {
+    it("returns false when feature flag is disabled", async () => {
+      configService.getFeatureFlag$.mockReturnValue(of(false));
+      const org = {
+        isProviderUser: false,
+        canEditSubscription: true,
+        productTierType: ProductTierType.Teams,
+      } as Organization;
+
+      const actual = await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(actual).toBe(false);
+      expect(configService.getFeatureFlag$).toHaveBeenCalledWith(
+        FeatureFlag.PM12276_BreadcrumbEventLogs,
+      );
+    });
+
+    it("returns false when organization belongs to a provider", async () => {
+      configService.getFeatureFlag$.mockReturnValue(of(true));
+      const org = {
+        isProviderUser: true,
+        canEditSubscription: true,
+        productTierType: ProductTierType.Teams,
+      } as Organization;
+
+      const actual = await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(actual).toBe(false);
+    });
+
+    it("returns false when cannot edit subscription", async () => {
+      configService.getFeatureFlag$.mockReturnValue(of(true));
+      const org = {
+        isProviderUser: false,
+        canEditSubscription: false,
+        productTierType: ProductTierType.Teams,
+      } as Organization;
+
+      const actual = await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(actual).toBe(false);
+    });
+
+    it.each([
+      ["Teams", ProductTierType.Teams],
+      ["TeamsStarter", ProductTierType.TeamsStarter],
+    ])("returns true when all conditions are met with %s tier", async (_, productTierType) => {
+      configService.getFeatureFlag$.mockReturnValue(of(true));
+      const org = {
+        isProviderUser: false,
+        canEditSubscription: true,
+        productTierType: productTierType,
+      } as Organization;
+
+      const actual = await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(actual).toBe(true);
+      expect(configService.getFeatureFlag$).toHaveBeenCalledWith(
+        FeatureFlag.PM12276_BreadcrumbEventLogs,
+      );
+    });
+
+    it("returns false when product tier is not supported", async () => {
+      configService.getFeatureFlag$.mockReturnValue(of(true));
+      const org = {
+        isProviderUser: false,
+        canEditSubscription: true,
+        productTierType: ProductTierType.Enterprise,
+      } as Organization;
+
+      const actual = await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(actual).toBe(false);
+    });
+
+    it("handles all conditions false correctly", async () => {
+      configService.getFeatureFlag$.mockReturnValue(of(false));
+      const org = {
+        isProviderUser: true,
+        canEditSubscription: false,
+        productTierType: ProductTierType.Free,
+      } as Organization;
+
+      const actual = await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(actual).toBe(false);
+    });
+
+    it("verifies feature flag is only called once", async () => {
+      configService.getFeatureFlag$.mockReturnValue(of(false));
+      const org = {
+        isProviderUser: false,
+        canEditSubscription: true,
+        productTierType: ProductTierType.Teams,
+      } as Organization;
+
+      await firstValueFrom(sut.isBreadcrumbingPoliciesEnabled$(org));
+      expect(configService.getFeatureFlag$).toHaveBeenCalledTimes(1);
+    });
+  });
+});
diff --git a/libs/common/src/billing/services/organization-billing.service.ts b/libs/common/src/billing/services/organization-billing.service.ts
index 83efbf0a30c..6622cdcdce3 100644
--- a/libs/common/src/billing/services/organization-billing.service.ts
+++ b/libs/common/src/billing/services/organization-billing.service.ts
@@ -1,5 +1,10 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
+import { Observable, of, switchMap } from "rxjs";
+
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { KeyService } from "@bitwarden/key-management";
 
 import { ApiService } from "../../abstractions/api.service";
@@ -20,7 +25,7 @@ import {
   PlanInformation,
   SubscriptionInformation,
 } from "../abstractions";
-import { PlanType } from "../enums";
+import { PlanType, ProductTierType } from "../enums";
 import { OrganizationNoPaymentMethodCreateRequest } from "../models/request/organization-no-payment-method-create-request";
 import { PaymentSourceResponse } from "../models/response/payment-source.response";
 
@@ -40,6 +45,7 @@ export class OrganizationBillingService implements OrganizationBillingServiceAbs
     private i18nService: I18nService,
     private organizationApiService: OrganizationApiService,
     private syncService: SyncService,
+    private configService: ConfigService,
   ) {}
 
   async getPaymentSource(organizationId: string): Promise<PaymentSourceResponse> {
@@ -220,4 +226,29 @@ export class OrganizationBillingService implements OrganizationBillingServiceAbs
     this.setPaymentInformation(request, subscription.payment);
     await this.billingApiService.restartSubscription(organizationId, request);
   }
+
+  isBreadcrumbingPoliciesEnabled$(organization: Organization): Observable<boolean> {
+    if (organization === null || organization === undefined) {
+      return of(false);
+    }
+
+    return this.configService.getFeatureFlag$(FeatureFlag.PM12276_BreadcrumbEventLogs).pipe(
+      switchMap((featureFlagEnabled) => {
+        if (!featureFlagEnabled) {
+          return of(false);
+        }
+
+        if (organization.isProviderUser || !organization.canEditSubscription) {
+          return of(false);
+        }
+
+        const supportedProducts = [ProductTierType.Teams, ProductTierType.TeamsStarter];
+        const isSupportedProduct = supportedProducts.some(
+          (product) => product === organization.productTierType,
+        );
+
+        return of(isSupportedProduct);
+      }),
+    );
+  }
 }

From cbab354c0eaecc461c33f6d616fcc212b519bca2 Mon Sep 17 00:00:00 2001
From: Bryan Cunningham <bcunningham@bitwarden.com>
Date: Fri, 18 Apr 2025 10:38:19 -0400
Subject: [PATCH 18/30] Hide bit-icon component from screen readers by default
 (#14295)

* adds aria-hidden to bit-icon when no aria-label provided

* add ariaLabel to logo svg usages

* add ariaLabel documentation

* default ariaLable value to undefined

* add logo label to translations

* adds i18n pipe to component

* Add binding to example docs
---
 apps/browser/src/_locales/en/messages.json         |  3 +++
 .../extension-anon-layout-wrapper.component.html   |  7 ++++++-
 .../extension-anon-layout-wrapper.component.ts     |  2 ++
 .../accept-family-sponsorship.component.html       |  3 ++-
 apps/web/src/locales/en/messages.json              |  3 +++
 .../manage/accept-provider.component.html          |  6 +++++-
 .../providers/setup/setup-provider.component.html  |  6 +++++-
 .../setup/setup-business-unit.component.html       |  6 +++++-
 .../angular/anon-layout/anon-layout.component.html |  2 +-
 libs/components/src/icon/icon.component.ts         | 14 +++++++++-----
 libs/components/src/icon/icon.mdx                  | 10 ++++++++++
 libs/components/src/icon/icon.stories.ts           |  4 ++++
 12 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index 87b94650b51..b0f3fb5d19e 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -2,6 +2,9 @@
   "appName": {
     "message": "Bitwarden"
   },
+  "appLogoLabel": {
+    "message": "Bitwarden logo"
+  },
   "extName": {
     "message": "Bitwarden Password Manager",
     "description": "Extension name, MUST be less than 40 characters (Safari restriction)"
diff --git a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html
index 54cb5203a87..bd2886dacf0 100644
--- a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html
+++ b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html
@@ -5,7 +5,12 @@
     [showBackButton]="showBackButton"
     [pageTitle]="''"
   >
-    <bit-icon *ngIf="showLogo" class="tw-inline-flex" [icon]="logo"></bit-icon>
+    <bit-icon
+      *ngIf="showLogo"
+      class="tw-inline-flex"
+      [icon]="logo"
+      [ariaLabel]="'appLogoLabel' | i18n"
+    ></bit-icon>
 
     <ng-container slot="end">
       <app-pop-out></app-pop-out>
diff --git a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts
index 51dbb6503d7..d6cccf31bb4 100644
--- a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts
+++ b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts
@@ -12,6 +12,7 @@ import {
 } from "@bitwarden/auth/angular";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { Icon, IconModule, Translation } from "@bitwarden/components";
+import { I18nPipe } from "@bitwarden/ui-common";
 
 import { PopOutComponent } from "../../../platform/popup/components/pop-out.component";
 import { PopupHeaderComponent } from "../../../platform/popup/layout/popup-header.component";
@@ -36,6 +37,7 @@ export interface ExtensionAnonLayoutWrapperData extends AnonLayoutWrapperData {
     AnonLayoutComponent,
     CommonModule,
     CurrentAccountComponent,
+    I18nPipe,
     IconModule,
     PopOutComponent,
     PopupPageComponent,
diff --git a/apps/web/src/app/admin-console/organizations/sponsorships/accept-family-sponsorship.component.html b/apps/web/src/app/admin-console/organizations/sponsorships/accept-family-sponsorship.component.html
index fdbb6dbba91..ca1264829b9 100644
--- a/apps/web/src/app/admin-console/organizations/sponsorships/accept-family-sponsorship.component.html
+++ b/apps/web/src/app/admin-console/organizations/sponsorships/accept-family-sponsorship.component.html
@@ -1,6 +1,7 @@
 <div class="tw-mt-10 tw-flex tw-justify-center" *ngIf="loading">
   <div>
-    <bit-icon class="tw-w-72 tw-block tw-mb-4" [icon]="logo"></bit-icon>
+    <bit-icon class="tw-w-72 tw-block tw-mb-4" [icon]="logo" [ariaLabel]="'appLogoLabel' | i18n">
+    </bit-icon>
     <div class="tw-flex tw-justify-center">
       <i
         class="bwi bwi-spinner bwi-spin bwi-2x tw-text-muted"
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 3d6cf0f23a5..56a98a661ef 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -2,6 +2,9 @@
   "allApplications": {
     "message": "All applications"
   },
+  "appLogoLabel": {
+    "message": "Bitwarden logo"
+  },
   "criticalApplications": {
     "message": "Critical applications"
   },
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/accept-provider.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/accept-provider.component.html
index 30cd7fec8f2..3892892a9c6 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/accept-provider.component.html
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/accept-provider.component.html
@@ -1,6 +1,10 @@
 <div class="tw-mt-5 tw-flex tw-justify-center" *ngIf="loading">
   <div>
-    <bit-icon class="tw-w-72 tw-block tw-mb-4" [icon]="logo"></bit-icon>
+    <bit-icon
+      class="tw-w-72 tw-block tw-mb-4"
+      [icon]="logo"
+      [ariaLabel]="'appLogoLabel' | i18n"
+    ></bit-icon>
     <p class="tw-text-center">
       <i
         class="bwi bwi-spinner bwi-spin bwi-2x tw-text-muted"
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html
index 1fa2fd3415a..cb8eaea80c3 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html
@@ -1,6 +1,10 @@
 <div class="tw-mt-12 tw-flex tw-justify-center" *ngIf="loading">
   <div>
-    <bit-icon class="tw-w-72 tw-block tw-mb-4" [icon]="logo"></bit-icon>
+    <bit-icon
+      class="tw-w-72 tw-block tw-mb-4"
+      [icon]="logo"
+      [ariaLabel]="'appLogoLabel' | i18n"
+    ></bit-icon>
     <p class="tw-text-center">
       <i
         class="bwi bwi-spinner bwi-spin bwi-2x tw-text-muted"
diff --git a/bitwarden_license/bit-web/src/app/billing/providers/setup/setup-business-unit.component.html b/bitwarden_license/bit-web/src/app/billing/providers/setup/setup-business-unit.component.html
index e269aeb6d4e..3d074906f2a 100644
--- a/bitwarden_license/bit-web/src/app/billing/providers/setup/setup-business-unit.component.html
+++ b/bitwarden_license/bit-web/src/app/billing/providers/setup/setup-business-unit.component.html
@@ -1,6 +1,10 @@
 <div class="tw-mt-12 tw-flex tw-justify-center" *ngIf="loading">
   <div>
-    <bit-icon class="tw-w-72 tw-block tw-mb-4" [icon]="bitwardenLogo"></bit-icon>
+    <bit-icon
+      class="tw-w-72 tw-block tw-mb-4"
+      [icon]="bitwardenLogo"
+      [ariaLabel]="'appLogoLabel' | i18n"
+    ></bit-icon>
     <p class="tw-text-center">
       <i
         class="bwi bwi-spinner bwi-spin bwi-2x tw-text-muted"
diff --git a/libs/auth/src/angular/anon-layout/anon-layout.component.html b/libs/auth/src/angular/anon-layout/anon-layout.component.html
index f31a5500b43..1e16dba82cc 100644
--- a/libs/auth/src/angular/anon-layout/anon-layout.component.html
+++ b/libs/auth/src/angular/anon-layout/anon-layout.component.html
@@ -10,7 +10,7 @@
     [routerLink]="['/']"
     class="tw-w-[128px] tw-block tw-mb-12 [&>*]:tw-align-top"
   >
-    <bit-icon [icon]="logo"></bit-icon>
+    <bit-icon [icon]="logo" [ariaLabel]="'appLogoLabel' | i18n"></bit-icon>
   </a>
 
   <div
diff --git a/libs/components/src/icon/icon.component.ts b/libs/components/src/icon/icon.component.ts
index 2382d197bec..08fa25956d0 100644
--- a/libs/components/src/icon/icon.component.ts
+++ b/libs/components/src/icon/icon.component.ts
@@ -1,19 +1,23 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-import { Component, HostBinding, Input } from "@angular/core";
+import { Component, Input } from "@angular/core";
 import { DomSanitizer, SafeHtml } from "@angular/platform-browser";
 
 import { Icon, isIcon } from "./icon";
 
 @Component({
   selector: "bit-icon",
+  host: {
+    "[attr.aria-hidden]": "!ariaLabel",
+    "[attr.aria-label]": "ariaLabel",
+    "[innerHtml]": "innerHtml",
+  },
   template: ``,
   standalone: true,
 })
 export class BitIconComponent {
+  innerHtml: SafeHtml | null = null;
+
   @Input() set icon(icon: Icon) {
     if (!isIcon(icon)) {
-      this.innerHtml = "";
       return;
     }
 
@@ -21,7 +25,7 @@ export class BitIconComponent {
     this.innerHtml = this.domSanitizer.bypassSecurityTrustHtml(svg);
   }
 
-  @HostBinding() innerHtml: SafeHtml;
+  @Input() ariaLabel: string | undefined = undefined;
 
   constructor(private domSanitizer: DomSanitizer) {}
 }
diff --git a/libs/components/src/icon/icon.mdx b/libs/components/src/icon/icon.mdx
index fc1c4cd3d57..6435fc24948 100644
--- a/libs/components/src/icon/icon.mdx
+++ b/libs/components/src/icon/icon.mdx
@@ -98,9 +98,19 @@ import * as stories from "./icon.stories";
        ```
 
      - **HTML:**
+
+       > NOTE: SVG icons are treated as decorative by default and will be `aria-hidden` unless an
+       > `ariaLabel` is explicitly provided to the `<bit-icon>` component
+
        ```html
        <bit-icon [icon]="Icons.ExampleIcon"></bit-icon>
        ```
 
+       With `ariaLabel`
+
+       ```html
+       <bit-icon [icon]="Icons.ExampleIcon" [ariaLabel]="Your custom label text here"></bit-icon>
+       ```
+
 8. **Ensure your SVG renders properly** according to Figma in both light and dark modes on a client
    which supports multiple style modes.
diff --git a/libs/components/src/icon/icon.stories.ts b/libs/components/src/icon/icon.stories.ts
index 53454567b7f..7892bdd3ec1 100644
--- a/libs/components/src/icon/icon.stories.ts
+++ b/libs/components/src/icon/icon.stories.ts
@@ -26,5 +26,9 @@ export const Default: Story = {
       mapping: GenericIcons,
       control: { type: "select" },
     },
+    ariaLabel: {
+      control: "text",
+      description: "the text used by a screen reader to describe the icon",
+    },
   },
 };

From 4da03821cee44184c8567f93131818340a50a5fd Mon Sep 17 00:00:00 2001
From: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
Date: Fri, 18 Apr 2025 17:23:52 +0200
Subject: [PATCH 19/30] move key connector components to KM team ownership
 (#14008)

---
 .../key-connector}/remove-password.component.html               | 0
 .../key-connector}/remove-password.component.ts                 | 2 +-
 apps/browser/src/popup/app-routing.module.ts                    | 2 +-
 apps/browser/src/popup/app.module.ts                            | 2 +-
 apps/cli/src/auth/commands/unlock.command.ts                    | 2 +-
 .../convert-to-key-connector.command.ts                         | 0
 apps/desktop/src/app/app-routing.module.ts                      | 2 +-
 apps/desktop/src/app/app.module.ts                              | 2 +-
 .../key-connector}/remove-password.component.html               | 0
 .../key-connector}/remove-password.component.ts                 | 2 +-
 .../key-connector}/remove-password.component.html               | 0
 .../key-connector}/remove-password.component.ts                 | 2 +-
 apps/web/src/app/oss-routing.module.ts                          | 2 +-
 apps/web/src/app/shared/loose-components.module.ts              | 2 +-
 libs/key-management-ui/src/index.ts                             | 1 +
 .../src/key-connector}/remove-password.component.ts             | 0
 16 files changed, 11 insertions(+), 10 deletions(-)
 rename apps/browser/src/{auth/popup => key-management/key-connector}/remove-password.component.html (100%)
 rename apps/browser/src/{auth/popup => key-management/key-connector}/remove-password.component.ts (80%)
 rename apps/cli/src/{commands => key-management}/convert-to-key-connector.command.ts (100%)
 rename apps/desktop/src/{auth => key-management/key-connector}/remove-password.component.html (100%)
 rename apps/desktop/src/{auth => key-management/key-connector}/remove-password.component.ts (80%)
 rename apps/web/src/app/{auth => key-management/key-connector}/remove-password.component.html (100%)
 rename apps/web/src/app/{auth => key-management/key-connector}/remove-password.component.ts (80%)
 rename libs/{angular/src/auth/components => key-management-ui/src/key-connector}/remove-password.component.ts (100%)

diff --git a/apps/browser/src/auth/popup/remove-password.component.html b/apps/browser/src/key-management/key-connector/remove-password.component.html
similarity index 100%
rename from apps/browser/src/auth/popup/remove-password.component.html
rename to apps/browser/src/key-management/key-connector/remove-password.component.html
diff --git a/apps/browser/src/auth/popup/remove-password.component.ts b/apps/browser/src/key-management/key-connector/remove-password.component.ts
similarity index 80%
rename from apps/browser/src/auth/popup/remove-password.component.ts
rename to apps/browser/src/key-management/key-connector/remove-password.component.ts
index 5272a3082a2..3ca9d3a5669 100644
--- a/apps/browser/src/auth/popup/remove-password.component.ts
+++ b/apps/browser/src/key-management/key-connector/remove-password.component.ts
@@ -1,6 +1,6 @@
 import { Component } from "@angular/core";
 
-import { RemovePasswordComponent as BaseRemovePasswordComponent } from "@bitwarden/angular/auth/components/remove-password.component";
+import { RemovePasswordComponent as BaseRemovePasswordComponent } from "@bitwarden/key-management-ui";
 
 @Component({
   selector: "app-remove-password",
diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index 21ac4c19700..45955506b91 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -55,7 +55,6 @@ import {
   ExtensionAnonLayoutWrapperComponent,
   ExtensionAnonLayoutWrapperData,
 } from "../auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component";
-import { RemovePasswordComponent } from "../auth/popup/remove-password.component";
 import { SetPasswordComponent } from "../auth/popup/set-password.component";
 import { AccountSecurityComponent } from "../auth/popup/settings/account-security.component";
 import { UpdateTempPasswordComponent } from "../auth/popup/update-temp-password.component";
@@ -65,6 +64,7 @@ import { BlockedDomainsComponent } from "../autofill/popup/settings/blocked-doma
 import { ExcludedDomainsComponent } from "../autofill/popup/settings/excluded-domains.component";
 import { NotificationsSettingsComponent } from "../autofill/popup/settings/notifications.component";
 import { PremiumV2Component } from "../billing/popup/settings/premium-v2.component";
+import { RemovePasswordComponent } from "../key-management/key-connector/remove-password.component";
 import BrowserPopupUtils from "../platform/popup/browser-popup-utils";
 import { popupRouterCacheGuard } from "../platform/popup/view-cache/popup-router-cache.service";
 import { CredentialGeneratorHistoryComponent } from "../tools/popup/generator/credential-generator-history.component";
diff --git a/apps/browser/src/popup/app.module.ts b/apps/browser/src/popup/app.module.ts
index 0d392afa63b..8bea41da4d6 100644
--- a/apps/browser/src/popup/app.module.ts
+++ b/apps/browser/src/popup/app.module.ts
@@ -25,13 +25,13 @@ import {
 import { AccountComponent } from "../auth/popup/account-switching/account.component";
 import { CurrentAccountComponent } from "../auth/popup/account-switching/current-account.component";
 import { ExtensionAnonLayoutWrapperComponent } from "../auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component";
-import { RemovePasswordComponent } from "../auth/popup/remove-password.component";
 import { SetPasswordComponent } from "../auth/popup/set-password.component";
 import { AccountSecurityComponent } from "../auth/popup/settings/account-security.component";
 import { VaultTimeoutInputComponent } from "../auth/popup/settings/vault-timeout-input.component";
 import { UpdateTempPasswordComponent } from "../auth/popup/update-temp-password.component";
 import { AutofillComponent } from "../autofill/popup/settings/autofill.component";
 import { NotificationsSettingsComponent } from "../autofill/popup/settings/notifications.component";
+import { RemovePasswordComponent } from "../key-management/key-connector/remove-password.component";
 import { PopOutComponent } from "../platform/popup/components/pop-out.component";
 import { HeaderComponent } from "../platform/popup/header.component";
 import { PopupFooterComponent } from "../platform/popup/layout/popup-footer.component";
diff --git a/apps/cli/src/auth/commands/unlock.command.ts b/apps/cli/src/auth/commands/unlock.command.ts
index 6d524759dd6..d10c3f38ebd 100644
--- a/apps/cli/src/auth/commands/unlock.command.ts
+++ b/apps/cli/src/auth/commands/unlock.command.ts
@@ -17,7 +17,7 @@ import { MasterKey } from "@bitwarden/common/types/key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { KeyService } from "@bitwarden/key-management";
 
-import { ConvertToKeyConnectorCommand } from "../../commands/convert-to-key-connector.command";
+import { ConvertToKeyConnectorCommand } from "../../key-management/convert-to-key-connector.command";
 import { Response } from "../../models/response";
 import { MessageResponse } from "../../models/response/message.response";
 import { CliUtils } from "../../utils";
diff --git a/apps/cli/src/commands/convert-to-key-connector.command.ts b/apps/cli/src/key-management/convert-to-key-connector.command.ts
similarity index 100%
rename from apps/cli/src/commands/convert-to-key-connector.command.ts
rename to apps/cli/src/key-management/convert-to-key-connector.command.ts
diff --git a/apps/desktop/src/app/app-routing.module.ts b/apps/desktop/src/app/app-routing.module.ts
index cd5064a87e4..0c6bc730c2c 100644
--- a/apps/desktop/src/app/app-routing.module.ts
+++ b/apps/desktop/src/app/app-routing.module.ts
@@ -50,9 +50,9 @@ import {
 
 import { AccessibilityCookieComponent } from "../auth/accessibility-cookie.component";
 import { maxAccountsGuardFn } from "../auth/guards/max-accounts.guard";
-import { RemovePasswordComponent } from "../auth/remove-password.component";
 import { SetPasswordComponent } from "../auth/set-password.component";
 import { UpdateTempPasswordComponent } from "../auth/update-temp-password.component";
+import { RemovePasswordComponent } from "../key-management/key-connector/remove-password.component";
 import { VaultComponent } from "../vault/app/vault/vault.component";
 
 import { Fido2PlaceholderComponent } from "./components/fido2placeholder.component";
diff --git a/apps/desktop/src/app/app.module.ts b/apps/desktop/src/app/app.module.ts
index fdc25ed642e..b892324a979 100644
--- a/apps/desktop/src/app/app.module.ts
+++ b/apps/desktop/src/app/app.module.ts
@@ -13,11 +13,11 @@ import { DecryptionFailureDialogComponent } from "@bitwarden/vault";
 import { AccessibilityCookieComponent } from "../auth/accessibility-cookie.component";
 import { DeleteAccountComponent } from "../auth/delete-account.component";
 import { LoginModule } from "../auth/login/login.module";
-import { RemovePasswordComponent } from "../auth/remove-password.component";
 import { SetPasswordComponent } from "../auth/set-password.component";
 import { UpdateTempPasswordComponent } from "../auth/update-temp-password.component";
 import { SshAgentService } from "../autofill/services/ssh-agent.service";
 import { PremiumComponent } from "../billing/app/accounts/premium.component";
+import { RemovePasswordComponent } from "../key-management/key-connector/remove-password.component";
 import { AddEditCustomFieldsComponent } from "../vault/app/vault/add-edit-custom-fields.component";
 import { AddEditComponent } from "../vault/app/vault/add-edit.component";
 import { AttachmentsComponent } from "../vault/app/vault/attachments.component";
diff --git a/apps/desktop/src/auth/remove-password.component.html b/apps/desktop/src/key-management/key-connector/remove-password.component.html
similarity index 100%
rename from apps/desktop/src/auth/remove-password.component.html
rename to apps/desktop/src/key-management/key-connector/remove-password.component.html
diff --git a/apps/desktop/src/auth/remove-password.component.ts b/apps/desktop/src/key-management/key-connector/remove-password.component.ts
similarity index 80%
rename from apps/desktop/src/auth/remove-password.component.ts
rename to apps/desktop/src/key-management/key-connector/remove-password.component.ts
index 5272a3082a2..3ca9d3a5669 100644
--- a/apps/desktop/src/auth/remove-password.component.ts
+++ b/apps/desktop/src/key-management/key-connector/remove-password.component.ts
@@ -1,6 +1,6 @@
 import { Component } from "@angular/core";
 
-import { RemovePasswordComponent as BaseRemovePasswordComponent } from "@bitwarden/angular/auth/components/remove-password.component";
+import { RemovePasswordComponent as BaseRemovePasswordComponent } from "@bitwarden/key-management-ui";
 
 @Component({
   selector: "app-remove-password",
diff --git a/apps/web/src/app/auth/remove-password.component.html b/apps/web/src/app/key-management/key-connector/remove-password.component.html
similarity index 100%
rename from apps/web/src/app/auth/remove-password.component.html
rename to apps/web/src/app/key-management/key-connector/remove-password.component.html
diff --git a/apps/web/src/app/auth/remove-password.component.ts b/apps/web/src/app/key-management/key-connector/remove-password.component.ts
similarity index 80%
rename from apps/web/src/app/auth/remove-password.component.ts
rename to apps/web/src/app/key-management/key-connector/remove-password.component.ts
index 5272a3082a2..3ca9d3a5669 100644
--- a/apps/web/src/app/auth/remove-password.component.ts
+++ b/apps/web/src/app/key-management/key-connector/remove-password.component.ts
@@ -1,6 +1,6 @@
 import { Component } from "@angular/core";
 
-import { RemovePasswordComponent as BaseRemovePasswordComponent } from "@bitwarden/angular/auth/components/remove-password.component";
+import { RemovePasswordComponent as BaseRemovePasswordComponent } from "@bitwarden/key-management-ui";
 
 @Component({
   selector: "app-remove-password",
diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index 0334519516a..fc8356505f5 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -58,7 +58,6 @@ import { LoginViaWebAuthnComponent } from "./auth/login/login-via-webauthn/login
 import { AcceptOrganizationComponent } from "./auth/organization-invite/accept-organization.component";
 import { RecoverDeleteComponent } from "./auth/recover-delete.component";
 import { RecoverTwoFactorComponent } from "./auth/recover-two-factor.component";
-import { RemovePasswordComponent } from "./auth/remove-password.component";
 import { SetPasswordComponent } from "./auth/set-password.component";
 import { AccountComponent } from "./auth/settings/account/account.component";
 import { EmergencyAccessComponent } from "./auth/settings/emergency-access/emergency-access.component";
@@ -73,6 +72,7 @@ import { CompleteTrialInitiationComponent } from "./billing/trial-initiation/com
 import { freeTrialTextResolver } from "./billing/trial-initiation/complete-trial-initiation/resolver/free-trial-text.resolver";
 import { EnvironmentSelectorComponent } from "./components/environment-selector/environment-selector.component";
 import { RouteDataProperties } from "./core";
+import { RemovePasswordComponent } from "./key-management/key-connector/remove-password.component";
 import { FrontendLayoutComponent } from "./layouts/frontend-layout.component";
 import { UserLayoutComponent } from "./layouts/user-layout.component";
 import { RequestSMAccessComponent } from "./secrets-manager/secrets-manager-landing/request-sm-access.component";
diff --git a/apps/web/src/app/shared/loose-components.module.ts b/apps/web/src/app/shared/loose-components.module.ts
index 469ebe457d0..eb63b9f798c 100644
--- a/apps/web/src/app/shared/loose-components.module.ts
+++ b/apps/web/src/app/shared/loose-components.module.ts
@@ -15,7 +15,6 @@ import { VerifyRecoverDeleteOrgComponent } from "../admin-console/organizations/
 import { AcceptFamilySponsorshipComponent } from "../admin-console/organizations/sponsorships/accept-family-sponsorship.component";
 import { RecoverDeleteComponent } from "../auth/recover-delete.component";
 import { RecoverTwoFactorComponent } from "../auth/recover-two-factor.component";
-import { RemovePasswordComponent } from "../auth/remove-password.component";
 import { SetPasswordComponent } from "../auth/set-password.component";
 import { AccountComponent } from "../auth/settings/account/account.component";
 import { ChangeAvatarDialogComponent } from "../auth/settings/account/change-avatar-dialog.component";
@@ -42,6 +41,7 @@ import { SponsoredFamiliesComponent } from "../billing/settings/sponsored-famili
 import { SponsoringOrgRowComponent } from "../billing/settings/sponsoring-org-row.component";
 import { DynamicAvatarComponent } from "../components/dynamic-avatar.component";
 import { SelectableAvatarComponent } from "../components/selectable-avatar.component";
+import { RemovePasswordComponent } from "../key-management/key-connector/remove-password.component";
 import { FrontendLayoutComponent } from "../layouts/frontend-layout.component";
 import { HeaderModule } from "../layouts/header/header.module";
 import { ProductSwitcherModule } from "../layouts/product-switcher/product-switcher.module";
diff --git a/libs/key-management-ui/src/index.ts b/libs/key-management-ui/src/index.ts
index 2f98538caad..b330e390d36 100644
--- a/libs/key-management-ui/src/index.ts
+++ b/libs/key-management-ui/src/index.ts
@@ -7,3 +7,4 @@ export { LockComponentService, UnlockOptions } from "./lock/services/lock-compon
 export { KeyRotationTrustInfoComponent } from "./key-rotation/key-rotation-trust-info.component";
 export { AccountRecoveryTrustComponent } from "./trust/account-recovery-trust.component";
 export { EmergencyAccessTrustComponent } from "./trust/emergency-access-trust.component";
+export { RemovePasswordComponent } from "./key-connector/remove-password.component";
diff --git a/libs/angular/src/auth/components/remove-password.component.ts b/libs/key-management-ui/src/key-connector/remove-password.component.ts
similarity index 100%
rename from libs/angular/src/auth/components/remove-password.component.ts
rename to libs/key-management-ui/src/key-connector/remove-password.component.ts

From da57b944ae77e29c5032af5f27c35a5eae2f6644 Mon Sep 17 00:00:00 2001
From: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Date: Fri, 18 Apr 2025 13:47:04 -0400
Subject: [PATCH 20/30] chore(deps): Remove Platform from owning Cargo.lock

---
 .github/CODEOWNERS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 2f402b15dd5..de28b210887 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -8,7 +8,8 @@
 apps/desktop/desktop_native @bitwarden/team-platform-dev
 apps/desktop/desktop_native/objc/src/native/autofill @bitwarden/team-autofill-dev
 apps/desktop/desktop_native/core/src/autofill @bitwarden/team-autofill-dev
-## No ownership for Cargo.toml to allow dependency updates
+## No ownership fo Cargo.lock and Cargo.toml to allow dependency updates
+apps/desktop/desktop_native/Cargo.lock
 apps/desktop/desktop_native/Cargo.toml
 
 ## Auth team files ##

From a82996526279bc683a31c6c944810b37a7836fef Mon Sep 17 00:00:00 2001
From: Vijay Oommen <voommen@livefront.com>
Date: Fri, 18 Apr 2025 13:05:58 -0500
Subject: [PATCH 21/30] [PM-20386] valuesChanges returns a string (#14338)

---
 .../vault-export-ui/src/components/export.component.ts          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
index 4e9b4175838..71599c19ae0 100644
--- a/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
+++ b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
@@ -220,7 +220,7 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit {
 
     this.exportForm.controls.vaultSelector.valueChanges
       .pipe(takeUntil(this.destroy$))
-      .subscribe(([value]) => {
+      .subscribe((value) => {
         this.organizationId = value !== "myVault" ? value : undefined;
 
         this.formatOptions = this.formatOptions.filter((option) => option.value !== "zip");

From f86a5c2b6ea4bf18194f3c5875c8c1e63ea3f36f Mon Sep 17 00:00:00 2001
From: Chase Nelson <Chase.a.nelson@gmail.com>
Date: Fri, 18 Apr 2025 14:55:23 -0400
Subject: [PATCH 22/30] [PM-19798] [PM-18807] Fix base64 encoding/decoding with
 special characters (#14089)

* Refactor base64 encoding/decoding to use BufferLib

* Add tests for base64 encoding and decoding functions

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
---
 libs/common/src/platform/misc/utils.spec.ts | 69 +++++++++++++++++++++
 libs/common/src/platform/misc/utils.ts      |  4 +-
 2 files changed, 71 insertions(+), 2 deletions(-)

diff --git a/libs/common/src/platform/misc/utils.spec.ts b/libs/common/src/platform/misc/utils.spec.ts
index 964a2a19413..818138863fb 100644
--- a/libs/common/src/platform/misc/utils.spec.ts
+++ b/libs/common/src/platform/misc/utils.spec.ts
@@ -706,4 +706,73 @@ describe("Utils Service", () => {
       });
     });
   });
+
+  describe("fromUtf8ToB64(...)", () => {
+    const originalIsNode = Utils.isNode;
+
+    afterEach(() => {
+      Utils.isNode = originalIsNode;
+    });
+
+    runInBothEnvironments("should handle empty string", () => {
+      const str = Utils.fromUtf8ToB64("");
+      expect(str).toBe("");
+    });
+
+    runInBothEnvironments("should convert a normal b64 string", () => {
+      const str = Utils.fromUtf8ToB64(asciiHelloWorld);
+      expect(str).toBe(b64HelloWorldString);
+    });
+
+    runInBothEnvironments("should convert various special characters", () => {
+      const cases = [
+        { input: "»", output: "wrs=" },
+        { input: "¦", output: "wqY=" },
+        { input: "£", output: "wqM=" },
+        { input: "é", output: "w6k=" },
+        { input: "ö", output: "w7Y=" },
+        { input: "»»", output: "wrvCuw==" },
+      ];
+      cases.forEach((c) => {
+        const utfStr = c.input;
+        const str = Utils.fromUtf8ToB64(utfStr);
+        expect(str).toBe(c.output);
+      });
+    });
+  });
+
+  describe("fromB64ToUtf8(...)", () => {
+    const originalIsNode = Utils.isNode;
+
+    afterEach(() => {
+      Utils.isNode = originalIsNode;
+    });
+
+    runInBothEnvironments("should handle empty string", () => {
+      const str = Utils.fromB64ToUtf8("");
+      expect(str).toBe("");
+    });
+
+    runInBothEnvironments("should convert a normal b64 string", () => {
+      const str = Utils.fromB64ToUtf8(b64HelloWorldString);
+      expect(str).toBe(asciiHelloWorld);
+    });
+
+    runInBothEnvironments("should handle various special characters", () => {
+      const cases = [
+        { input: "wrs=", output: "»" },
+        { input: "wqY=", output: "¦" },
+        { input: "wqM=", output: "£" },
+        { input: "w6k=", output: "é" },
+        { input: "w7Y=", output: "ö" },
+        { input: "wrvCuw==", output: "»»" },
+      ];
+
+      cases.forEach((c) => {
+        const b64Str = c.input;
+        const str = Utils.fromB64ToUtf8(b64Str);
+        expect(str).toBe(c.output);
+      });
+    });
+  });
 });
diff --git a/libs/common/src/platform/misc/utils.ts b/libs/common/src/platform/misc/utils.ts
index ef65d2130a0..203a04851c5 100644
--- a/libs/common/src/platform/misc/utils.ts
+++ b/libs/common/src/platform/misc/utils.ts
@@ -233,7 +233,7 @@ export class Utils {
     if (Utils.isNode) {
       return Buffer.from(utfStr, "utf8").toString("base64");
     } else {
-      return decodeURIComponent(escape(Utils.global.btoa(utfStr)));
+      return BufferLib.from(utfStr, "utf8").toString("base64");
     }
   }
 
@@ -245,7 +245,7 @@ export class Utils {
     if (Utils.isNode) {
       return Buffer.from(b64Str, "base64").toString("utf8");
     } else {
-      return decodeURIComponent(escape(Utils.global.atob(b64Str)));
+      return BufferLib.from(b64Str, "base64").toString("utf8");
     }
   }
 

From c798e1f10d365d584eb75fda40fc93a8115e10ad Mon Sep 17 00:00:00 2001
From: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Date: Fri, 18 Apr 2025 21:21:01 +0100
Subject: [PATCH 23/30] [PM-18250]Do not default account credit amount (#13719)

* Set the default value to zero

* Remove the 20 dollar for org
---
 .../web/src/app/billing/shared/add-credit-dialog.component.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/web/src/app/billing/shared/add-credit-dialog.component.ts b/apps/web/src/app/billing/shared/add-credit-dialog.component.ts
index bfe811f1aa7..45dab542ce8 100644
--- a/apps/web/src/app/billing/shared/add-credit-dialog.component.ts
+++ b/apps/web/src/app/billing/shared/add-credit-dialog.component.ts
@@ -76,7 +76,7 @@ export class AddCreditDialogComponent implements OnInit {
   async ngOnInit() {
     if (this.organizationId != null) {
       if (this.creditAmount == null) {
-        this.creditAmount = "20.00";
+        this.creditAmount = "0.00";
       }
       this.ppButtonCustomField = "organization_id:" + this.organizationId;
       const userId = await firstValueFrom(
@@ -93,7 +93,7 @@ export class AddCreditDialogComponent implements OnInit {
       }
     } else {
       if (this.creditAmount == null) {
-        this.creditAmount = "10.00";
+        this.creditAmount = "0.00";
       }
       const [userId, email] = await firstValueFrom(
         this.accountService.activeAccount$.pipe(map((a) => [a?.id, a?.email])),

From d4dd8d096b607447a932163119d0fc3fe45f7906 Mon Sep 17 00:00:00 2001
From: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Date: Fri, 18 Apr 2025 17:35:42 -0400
Subject: [PATCH 24/30] chore(builds): [PM-20431] Add bit-web to build-web
 workflow paths

* Add bit-web to build-web workflow paths.

* Updated to also include bit-common
---
 .github/workflows/build-cli.yml | 6 ++++--
 .github/workflows/build-web.yml | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml
index e113d5c253b..e89ca59a297 100644
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@@ -12,12 +12,13 @@ on:
       - 'cf-pages'
     paths:
       - 'apps/cli/**'
+      - 'bitwarden_license/bit-cli/**'
+      - 'bitwarden_license/bit-common/**'
       - 'libs/**'
       - '*'
       - '!*.md'
       - '!*.txt'
       - '.github/workflows/build-cli.yml'
-      - 'bitwarden_license/bit-cli/**'
   push:
     branches:
       - 'main'
@@ -25,12 +26,13 @@ on:
       - 'hotfix-rc-cli'
     paths:
       - 'apps/cli/**'
+      - 'bitwarden_license/bit-cli/**'
+      - 'bitwarden_license/bit-common/**'
       - 'libs/**'
       - '*'
       - '!*.md'
       - '!*.txt'
       - '.github/workflows/build-cli.yml'
-      - 'bitwarden_license/bit-cli/**'
   workflow_call:
     inputs: {}
   workflow_dispatch:
diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index 3da524702fe..fb429468134 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -12,6 +12,8 @@ on:
       - 'cf-pages'
     paths:
       - 'apps/web/**'
+      - 'bitwarden_license/bit-common/**'
+      - 'bitwarden_license/bit-web/**'
       - 'libs/**'
       - '*'
       - '!*.md'
@@ -24,6 +26,8 @@ on:
       - 'hotfix-rc-web'
     paths:
       - 'apps/web/**'
+      - 'bitwarden_license/bit-common/**'
+      - 'bitwarden_license/bit-web/**'
       - 'libs/**'
       - '*'
       - '!*.md'

From 5dfa0eb91a014eb3418b0f1ef56a31d55ba06e75 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Sat, 19 Apr 2025 16:10:57 +0200
Subject: [PATCH 25/30] [PM-20277] Disable fingerprint on org invite (#14285)

---
 .../accept-organization.service.spec.ts               |  7 -------
 .../accept-organization.service.ts                    | 11 -----------
 2 files changed, 18 deletions(-)

diff --git a/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts b/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts
index cc2d0e371ff..67dbee223d1 100644
--- a/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts
+++ b/apps/web/src/app/auth/organization-invite/accept-organization.service.spec.ts
@@ -24,7 +24,6 @@ import { OrgKey } from "@bitwarden/common/types/key";
 import { DialogService } from "@bitwarden/components";
 import { KeyService } from "@bitwarden/key-management";
 
-import { OrganizationTrustComponent } from "../../admin-console/organizations/manage/organization-trust.component";
 import { I18nService } from "../../core/i18n.service";
 
 import {
@@ -200,11 +199,6 @@ describe("AcceptOrganizationInviteService", () => {
         encryptedString: "encryptedString",
       } as EncString);
 
-      jest.mock("../../admin-console/organizations/manage/organization-trust.component");
-      OrganizationTrustComponent.open = jest.fn().mockReturnValue({
-        closed: new BehaviorSubject(true),
-      });
-
       await globalState.update(() => invite);
 
       policyService.getResetPasswordPolicyOptions.mockReturnValue([
@@ -217,7 +211,6 @@ describe("AcceptOrganizationInviteService", () => {
       const result = await sut.validateAndAcceptInvite(invite);
 
       expect(result).toBe(true);
-      expect(OrganizationTrustComponent.open).toHaveBeenCalled();
       expect(encryptService.encapsulateKeyUnsigned).toHaveBeenCalledWith(
         { key: "userKey" },
         Utils.fromB64ToArray("publicKey"),
diff --git a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts
index 8b5db9f4872..b6a7719c548 100644
--- a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts
+++ b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts
@@ -31,8 +31,6 @@ import { OrgKey } from "@bitwarden/common/types/key";
 import { DialogService } from "@bitwarden/components";
 import { KeyService } from "@bitwarden/key-management";
 
-import { OrganizationTrustComponent } from "../../admin-console/organizations/manage/organization-trust.component";
-
 import { OrganizationInvite } from "./organization-invite";
 
 // We're storing the organization invite for 2 reasons:
@@ -189,15 +187,6 @@ export class AcceptOrganizationInviteService {
       }
 
       const publicKey = Utils.fromB64ToArray(response.publicKey);
-      const dialogRef = OrganizationTrustComponent.open(this.dialogService, {
-        name: invite.organizationName,
-        orgId: invite.organizationId,
-        publicKey,
-      });
-      const result = await firstValueFrom(dialogRef.closed);
-      if (result !== true) {
-        throw new Error("Organization not trusted, aborting user key rotation");
-      }
 
       const activeUserId = (await firstValueFrom(this.accountService.activeAccount$)).id;
       const userKey = await firstValueFrom(this.keyService.userKey$(activeUserId));

From 8de42caf0406aac7ebaa9a3e7654cf7a76604d34 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 19 Apr 2025 18:07:20 +0200
Subject: [PATCH 26/30] [deps] KM: Update Rust crate rsa to v0.9.8 (#12298)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
---
 apps/desktop/desktop_native/Cargo.lock | 4 ++--
 apps/desktop/desktop_native/Cargo.toml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 04bc4887ff7..0884f59e863 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -2455,9 +2455,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "rsa"
-version = "0.9.6"
+version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
+checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
 dependencies = [
  "const-oid",
  "digest",
diff --git a/apps/desktop/desktop_native/Cargo.toml b/apps/desktop/desktop_native/Cargo.toml
index 01838359147..dc08c2e5a1b 100644
--- a/apps/desktop/desktop_native/Cargo.toml
+++ b/apps/desktop/desktop_native/Cargo.toml
@@ -38,7 +38,7 @@ oslog = "=0.2.0"
 pin-project = "=1.1.8"
 pkcs8 =  "=0.10.2" 
 rand = "=0.8.5"
-rsa = "=0.9.6"
+rsa = "=0.9.8"
 russh-cryptovec = "=0.7.3"
 scopeguard = "=1.2.0"
 security-framework = "=3.1.0"

From 86b0a6aa35c3b4bfdca4a3441ad14fd3d929c68a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Garc=C3=ADa?=
 <dani-garcia@users.noreply.github.com>
Date: Mon, 21 Apr 2025 12:21:00 +0200
Subject: [PATCH 27/30] Support for logging from NAPI (#14335)

* Support for log to electron console from NAPI

* Fix test mock
---
 apps/desktop/desktop_native/Cargo.lock        |  1 +
 apps/desktop/desktop_native/napi/Cargo.toml   |  1 +
 apps/desktop/desktop_native/napi/index.d.ts   | 10 ++++
 apps/desktop/desktop_native/napi/src/lib.rs   | 58 +++++++++++++++++++
 .../services/electron-log.main.service.ts     | 24 ++++++++
 .../services/electron-log.service.spec.ts     |  8 +++
 6 files changed, 102 insertions(+)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 0884f59e863..6858011e0cc 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -987,6 +987,7 @@ dependencies = [
  "base64",
  "desktop_core",
  "hex",
+ "log",
  "napi",
  "napi-build",
  "napi-derive",
diff --git a/apps/desktop/desktop_native/napi/Cargo.toml b/apps/desktop/desktop_native/napi/Cargo.toml
index d59581a5e2e..669f166e748 100644
--- a/apps/desktop/desktop_native/napi/Cargo.toml
+++ b/apps/desktop/desktop_native/napi/Cargo.toml
@@ -18,6 +18,7 @@ base64 = { workspace = true }
 hex = { workspace = true }
 anyhow = { workspace = true }
 desktop_core = { path = "../core" }
+log = { workspace = true }
 napi = { workspace = true, features = ["async"] }
 napi-derive = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
diff --git a/apps/desktop/desktop_native/napi/index.d.ts b/apps/desktop/desktop_native/napi/index.d.ts
index 6ded4e3db93..952f2571c5d 100644
--- a/apps/desktop/desktop_native/napi/index.d.ts
+++ b/apps/desktop/desktop_native/napi/index.d.ts
@@ -185,3 +185,13 @@ export declare namespace crypto {
 export declare namespace passkey_authenticator {
   export function register(): void
 }
+export declare namespace logging {
+  export const enum LogLevel {
+    Trace = 0,
+    Debug = 1,
+    Info = 2,
+    Warn = 3,
+    Error = 4
+  }
+  export function initNapiLog(jsLogFn: (err: Error | null, arg0: LogLevel, arg1: string) => any): void
+}
diff --git a/apps/desktop/desktop_native/napi/src/lib.rs b/apps/desktop/desktop_native/napi/src/lib.rs
index 8cbc526487e..37796ef6f59 100644
--- a/apps/desktop/desktop_native/napi/src/lib.rs
+++ b/apps/desktop/desktop_native/napi/src/lib.rs
@@ -807,3 +807,61 @@ pub mod passkey_authenticator {
         })
     }
 }
+
+#[napi]
+pub mod logging {
+    use log::{Level, Metadata, Record};
+    use napi::threadsafe_function::{
+        ErrorStrategy::CalleeHandled, ThreadsafeFunction, ThreadsafeFunctionCallMode,
+    };
+    use std::sync::OnceLock;
+    struct JsLogger(OnceLock<ThreadsafeFunction<(LogLevel, String), CalleeHandled>>);
+    static JS_LOGGER: JsLogger = JsLogger(OnceLock::new());
+
+    #[napi]
+    pub enum LogLevel {
+        Trace,
+        Debug,
+        Info,
+        Warn,
+        Error,
+    }
+
+    impl From<Level> for LogLevel {
+        fn from(level: Level) -> Self {
+            match level {
+                Level::Trace => LogLevel::Trace,
+                Level::Debug => LogLevel::Debug,
+                Level::Info => LogLevel::Info,
+                Level::Warn => LogLevel::Warn,
+                Level::Error => LogLevel::Error,
+            }
+        }
+    }
+
+    #[napi]
+    pub fn init_napi_log(js_log_fn: ThreadsafeFunction<(LogLevel, String), CalleeHandled>) {
+        let _ = JS_LOGGER.0.set(js_log_fn);
+        let _ = log::set_logger(&JS_LOGGER);
+        log::set_max_level(log::LevelFilter::Debug);
+    }
+
+    impl log::Log for JsLogger {
+        fn enabled(&self, metadata: &Metadata) -> bool {
+            metadata.level() <= log::max_level()
+        }
+
+        fn log(&self, record: &Record) {
+            if !self.enabled(record.metadata()) {
+                return;
+            }
+            let Some(logger) = self.0.get() else {
+                return;
+            };
+            let msg = (record.level().into(), record.args().to_string());
+            let _ = logger.call(Ok(msg), ThreadsafeFunctionCallMode::NonBlocking);
+        }
+
+        fn flush(&self) {}
+    }
+}
diff --git a/apps/desktop/src/platform/services/electron-log.main.service.ts b/apps/desktop/src/platform/services/electron-log.main.service.ts
index d7100b54825..947f4449271 100644
--- a/apps/desktop/src/platform/services/electron-log.main.service.ts
+++ b/apps/desktop/src/platform/services/electron-log.main.service.ts
@@ -7,6 +7,7 @@ import log from "electron-log/main";
 
 import { LogLevelType } from "@bitwarden/common/platform/enums/log-level-type.enum";
 import { ConsoleLogService as BaseLogService } from "@bitwarden/common/platform/services/console-log.service";
+import { logging } from "@bitwarden/desktop-napi";
 
 import { isDev } from "../../utils";
 
@@ -30,6 +31,29 @@ export class ElectronLogMainService extends BaseLogService {
     ipcMain.handle("ipc.log", (_event, { level, message, optionalParams }) => {
       this.write(level, message, ...optionalParams);
     });
+
+    logging.initNapiLog((error, level, message) => this.writeNapiLog(level, message));
+  }
+
+  private writeNapiLog(level: logging.LogLevel, message: string) {
+    let levelType: LogLevelType;
+
+    switch (level) {
+      case logging.LogLevel.Debug:
+        levelType = LogLevelType.Debug;
+        break;
+      case logging.LogLevel.Warn:
+        levelType = LogLevelType.Warning;
+        break;
+      case logging.LogLevel.Error:
+        levelType = LogLevelType.Error;
+        break;
+      default:
+        levelType = LogLevelType.Info;
+        break;
+    }
+
+    this.write(levelType, "[NAPI] " + message);
   }
 
   write(level: LogLevelType, message?: any, ...optionalParams: any[]) {
diff --git a/apps/desktop/src/platform/services/electron-log.service.spec.ts b/apps/desktop/src/platform/services/electron-log.service.spec.ts
index 918508977fd..db3093e08e2 100644
--- a/apps/desktop/src/platform/services/electron-log.service.spec.ts
+++ b/apps/desktop/src/platform/services/electron-log.service.spec.ts
@@ -5,6 +5,14 @@ jest.mock("electron", () => ({
   ipcMain: { handle: jest.fn(), on: jest.fn() },
 }));
 
+jest.mock("@bitwarden/desktop-napi", () => {
+  return {
+    logging: {
+      initNapiLog: jest.fn(),
+    },
+  };
+});
+
 describe("ElectronLogMainService", () => {
   it("sets dev based on electron method", () => {
     process.env.ELECTRON_IS_DEV = "1";

From 201bdf752b3ff57dba3581d13c026d55db12cdb5 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 21 Apr 2025 14:14:13 +0200
Subject: [PATCH 28/30] [PM-19728] Device bulk get keys during key rotation
 (#14216)

* Add support for device list endpoint keys during key rotation

* Update libs/common/src/auth/abstractions/devices/responses/device.response.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
---
 .../auth/abstractions/devices/responses/device.response.ts   | 5 +++++
 .../services/device-trust.service.implementation.ts          | 3 +--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/libs/common/src/auth/abstractions/devices/responses/device.response.ts b/libs/common/src/auth/abstractions/devices/responses/device.response.ts
index 84a2fb03c28..6b7f17f65ce 100644
--- a/libs/common/src/auth/abstractions/devices/responses/device.response.ts
+++ b/libs/common/src/auth/abstractions/devices/responses/device.response.ts
@@ -15,6 +15,9 @@ export class DeviceResponse extends BaseResponse {
   creationDate: string;
   revisionDate: string;
   isTrusted: boolean;
+  encryptedUserKey: string | null;
+  encryptedPublicKey: string | null;
+
   devicePendingAuthRequest: DevicePendingAuthRequest | null;
 
   constructor(response: any) {
@@ -27,6 +30,8 @@ export class DeviceResponse extends BaseResponse {
     this.creationDate = this.getResponseProperty("CreationDate");
     this.revisionDate = this.getResponseProperty("RevisionDate");
     this.isTrusted = this.getResponseProperty("IsTrusted");
+    this.encryptedUserKey = this.getResponseProperty("EncryptedUserKey");
+    this.encryptedPublicKey = this.getResponseProperty("EncryptedPublicKey");
     this.devicePendingAuthRequest = this.getResponseProperty("DevicePendingAuthRequest");
   }
 }
diff --git a/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts b/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts
index a2211753f4e..c82efa0c571 100644
--- a/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts
+++ b/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts
@@ -209,9 +209,8 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction {
       devices.data
         .filter((device) => device.isTrusted)
         .map(async (device) => {
-          const deviceWithKeys = await this.devicesApiService.getDeviceKeys(device.identifier);
           const publicKey = await this.encryptService.decryptToBytes(
-            deviceWithKeys.encryptedPublicKey,
+            new EncString(device.encryptedPublicKey),
             oldUserKey,
           );
 

From 83d7ea6aa3e989faef02e3885d4c40693e72a9ac Mon Sep 17 00:00:00 2001
From: Colton Hurst <colton@coltonhurst.com>
Date: Mon, 21 Apr 2025 09:52:53 -0400
Subject: [PATCH 29/30] [PM-20334] Remove Bindgen from Windows Plugin
 Authenticator (#14328)

* PM-20334: Draft work removing bindgen

* PM-20334: Remove comments and address clippy concerns

* PM-20334: Edit wpa readme and remove .hpp header file
---
 apps/desktop/desktop_native/Cargo.lock        |  66 -----
 .../windows_plugin_authenticator/Cargo.toml   |   3 -
 .../windows_plugin_authenticator/README.md    |  20 +-
 .../windows_plugin_authenticator/build.rs     |  27 --
 .../pluginauthenticator.hpp                   | 231 ------------------
 .../windows_plugin_authenticator/src/lib.rs   |  61 +++--
 .../windows_plugin_authenticator/src/pa.rs    |  15 --
 7 files changed, 49 insertions(+), 374 deletions(-)
 delete mode 100644 apps/desktop/desktop_native/windows_plugin_authenticator/build.rs
 delete mode 100644 apps/desktop/desktop_native/windows_plugin_authenticator/pluginauthenticator.hpp
 delete mode 100644 apps/desktop/desktop_native/windows_plugin_authenticator/src/pa.rs

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 6858011e0cc..c786264a563 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -410,26 +410,6 @@ dependencies = [
  "serde",
 ]
 
-[[package]]
-name = "bindgen"
-version = "0.71.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3"
-dependencies = [
- "bitflags",
- "cexpr",
- "clang-sys",
- "itertools",
- "log",
- "prettyplease",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash",
- "shlex",
- "syn",
-]
-
 [[package]]
 name = "bitflags"
 version = "2.8.0"
@@ -573,15 +553,6 @@ dependencies = [
  "shlex",
 ]
 
-[[package]]
-name = "cexpr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
-dependencies = [
- "nom",
-]
-
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
@@ -622,17 +593,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "clang-sys"
-version = "1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
-dependencies = [
- "glob",
- "libc",
- "libloading",
-]
-
 [[package]]
 name = "clap"
 version = "4.5.31"
@@ -1493,15 +1453,6 @@ version = "1.70.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
 
-[[package]]
-name = "itertools"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
-dependencies = [
- "either",
-]
-
 [[package]]
 name = "itoa"
 version = "1.0.14"
@@ -2303,16 +2254,6 @@ dependencies = [
  "zerocopy",
 ]
 
-[[package]]
-name = "prettyplease"
-version = "0.2.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6924ced06e1f7dfe3fa48d57b9f74f55d8915f5036121bef647ef4b204895fac"
-dependencies = [
- "proc-macro2",
- "syn",
-]
-
 [[package]]
 name = "proc-macro-crate"
 version = "3.2.0"
@@ -2491,12 +2432,6 @@ version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
 
-[[package]]
-name = "rustc-hash"
-version = "2.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
-
 [[package]]
 name = "rustc_version"
 version = "0.4.1"
@@ -3736,7 +3671,6 @@ checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"
 name = "windows_plugin_authenticator"
 version = "0.0.0"
 dependencies = [
- "bindgen",
  "hex",
  "windows 0.61.1",
  "windows-core 0.61.0",
diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/Cargo.toml b/apps/desktop/desktop_native/windows_plugin_authenticator/Cargo.toml
index 72a8505389e..18abb86d057 100644
--- a/apps/desktop/desktop_native/windows_plugin_authenticator/Cargo.toml
+++ b/apps/desktop/desktop_native/windows_plugin_authenticator/Cargo.toml
@@ -5,9 +5,6 @@ edition = { workspace = true }
 license = { workspace = true }
 publish = { workspace = true }
 
-[target.'cfg(target_os = "windows")'.build-dependencies]
-bindgen = { workspace = true }
-
 [target.'cfg(windows)'.dependencies]
 windows = { workspace = true, features = ["Win32_Foundation", "Win32_Security", "Win32_System_Com", "Win32_System_LibraryLoader" ] }
 windows-core = { workspace = true }
diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/README.md b/apps/desktop/desktop_native/windows_plugin_authenticator/README.md
index 6dc72ceed46..4802c5d4243 100644
--- a/apps/desktop/desktop_native/windows_plugin_authenticator/README.md
+++ b/apps/desktop/desktop_native/windows_plugin_authenticator/README.md
@@ -2,22 +2,6 @@
 
 This is an internal crate that's meant to be a safe abstraction layer over the generated Rust bindings for the Windows WebAuthn Plugin Authenticator API's.
 
+This crate is very much a WIP and is not ready for internal use.
+
 You can find more information about the Windows WebAuthn API's [here](https://github.com/microsoft/webauthn).
-
-## Building
-
-To build this crate, set the following environment variables:
-
-- `LIBCLANG_PATH` -> the path to the `bin` directory of your LLVM install ([more info](https://rust-lang.github.io/rust-bindgen/requirements.html?highlight=libclang_path#installing-clang))
-
-### Bash Example
-
-```
-export LIBCLANG_PATH='C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\Llvm\x64\bin'
-```
-
-### PowerShell Example
-
-```
-$env:LIBCLANG_PATH = 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\Llvm\x64\bin'
-```
diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/build.rs b/apps/desktop/desktop_native/windows_plugin_authenticator/build.rs
deleted file mode 100644
index 4843145bac0..00000000000
--- a/apps/desktop/desktop_native/windows_plugin_authenticator/build.rs
+++ /dev/null
@@ -1,27 +0,0 @@
-fn main() {
-    #[cfg(target_os = "windows")]
-    windows();
-}
-
-#[cfg(target_os = "windows")]
-fn windows() {
-    let out_dir = std::env::var("OUT_DIR").expect("OUT_DIR not set");
-
-    let bindings = bindgen::Builder::default()
-        .header("pluginauthenticator.hpp")
-        .parse_callbacks(Box::new(bindgen::CargoCallbacks::new()))
-        .allowlist_type("DWORD")
-        .allowlist_type("PBYTE")
-        .allowlist_type("EXPERIMENTAL.*")
-        .allowlist_function(".*EXPERIMENTAL.*")
-        .allowlist_function("WebAuthNGetApiVersionNumber")
-        .generate()
-        .expect("Unable to generate bindings.");
-
-    bindings
-        .write_to_file(format!(
-            "{}\\windows_plugin_authenticator_bindings.rs",
-            out_dir
-        ))
-        .expect("Couldn't write bindings.");
-}
diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/pluginauthenticator.hpp b/apps/desktop/desktop_native/windows_plugin_authenticator/pluginauthenticator.hpp
deleted file mode 100644
index c800266a3e6..00000000000
--- a/apps/desktop/desktop_native/windows_plugin_authenticator/pluginauthenticator.hpp
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
-    Bitwarden's pluginauthenticator.hpp
-
-    Source: https://github.com/microsoft/webauthn/blob/master/experimental/pluginauthenticator.h
-
-    This is a C++ header file, so the extension has been manually
-    changed from `.h` to `.hpp`, so bindgen will automatically
-    generate the correct C++ bindings.
-
-    More Info: https://rust-lang.github.io/rust-bindgen/cpp.html
-*/
-
-/* this ALWAYS GENERATED file contains the definitions for the interfaces */
-
-/* File created by MIDL compiler version 8.01.0628 */
-/* @@MIDL_FILE_HEADING(  ) */
-
-/* verify that the <rpcndr.h> version is high enough to compile this file*/
-#ifndef __REQUIRED_RPCNDR_H_VERSION__
-#define __REQUIRED_RPCNDR_H_VERSION__ 501
-#endif
-
-/* verify that the <rpcsal.h> version is high enough to compile this file*/
-#ifndef __REQUIRED_RPCSAL_H_VERSION__
-#define __REQUIRED_RPCSAL_H_VERSION__ 100
-#endif
-
-#include "rpc.h"
-#include "rpcndr.h"
-
-#ifndef __RPCNDR_H_VERSION__
-#error this stub requires an updated version of <rpcndr.h>
-#endif /* __RPCNDR_H_VERSION__ */
-
-#ifndef COM_NO_WINDOWS_H
-#include "windows.h"
-#include "ole2.h"
-#endif /*COM_NO_WINDOWS_H*/
-
-#ifndef __pluginauthenticator_h__
-#define __pluginauthenticator_h__
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1020)
-#pragma once
-#endif
-
-#ifndef DECLSPEC_XFGVIRT
-#if defined(_CONTROL_FLOW_GUARD_XFG)
-#define DECLSPEC_XFGVIRT(base, func) __declspec(xfg_virtual(base, func))
-#else
-#define DECLSPEC_XFGVIRT(base, func)
-#endif
-#endif
-
-/* Forward Declarations */
-
-#ifndef __EXPERIMENTAL_IPluginAuthenticator_FWD_DEFINED__
-#define __EXPERIMENTAL_IPluginAuthenticator_FWD_DEFINED__
-typedef interface EXPERIMENTAL_IPluginAuthenticator EXPERIMENTAL_IPluginAuthenticator;
-
-#endif 	/* __EXPERIMENTAL_IPluginAuthenticator_FWD_DEFINED__ */
-
-/* header files for imported files */
-#include "oaidl.h"
-#include "webauthn.h"
-
-#ifdef __cplusplus
-extern "C"{
-#endif 
-
-/* interface __MIDL_itf_pluginauthenticator_0000_0000 */
-/* [local] */ 
-
-typedef struct _EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_REQUEST
-    {
-    HWND hWnd;
-    GUID transactionId;
-    DWORD cbRequestSignature;
-    /* [size_is] */ byte *pbRequestSignature;
-    DWORD cbEncodedRequest;
-    /* [size_is] */ byte *pbEncodedRequest;
-    } 	EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_REQUEST;
-
-typedef struct _EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_REQUEST *EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_REQUEST;
-
-typedef const EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_REQUEST *EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST;
-
-typedef struct _EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_RESPONSE
-    {
-    DWORD cbEncodedResponse;
-    /* [size_is] */ byte *pbEncodedResponse;
-    } 	EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_RESPONSE;
-
-typedef struct _EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_RESPONSE *EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE;
-
-typedef const EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_RESPONSE *EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_RESPONSE;
-
-typedef struct _EXPERIMENTAL_WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST
-    {
-    GUID transactionId;
-    DWORD cbRequestSignature;
-    /* [size_is] */ byte *pbRequestSignature;
-    } 	EXPERIMENTAL_WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST;
-
-typedef struct _EXPERIMENTAL_WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST *EXPERIMENTAL_PWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST;
-
-typedef const EXPERIMENTAL_WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST *EXPERIMENTAL_PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST;
-
-extern RPC_IF_HANDLE __MIDL_itf_pluginauthenticator_0000_0000_v0_0_c_ifspec;
-extern RPC_IF_HANDLE __MIDL_itf_pluginauthenticator_0000_0000_v0_0_s_ifspec;
-
-#ifndef __EXPERIMENTAL_IPluginAuthenticator_INTERFACE_DEFINED__
-#define __EXPERIMENTAL_IPluginAuthenticator_INTERFACE_DEFINED__
-
-/* interface EXPERIMENTAL_IPluginAuthenticator */
-/* [unique][version][uuid][object] */
-
-EXTERN_C const IID IID_EXPERIMENTAL_IPluginAuthenticator;
-
-#if defined(__cplusplus) && !defined(CINTERFACE)
-
-    MIDL_INTERFACE("e6466e9a-b2f3-47c5-b88d-89bc14a8d998")
-    EXPERIMENTAL_IPluginAuthenticator : public IUnknown
-    {
-    public:
-        virtual HRESULT STDMETHODCALLTYPE EXPERIMENTAL_PluginMakeCredential(
-            /* [in] */ __RPC__in EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request,
-            /* [out] */ __RPC__deref_out_opt EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE *response) = 0;
-        
-        virtual HRESULT STDMETHODCALLTYPE EXPERIMENTAL_PluginGetAssertion(
-            /* [in] */ __RPC__in EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request,
-            /* [out] */ __RPC__deref_out_opt EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE *response) = 0;
-        
-        virtual HRESULT STDMETHODCALLTYPE EXPERIMENTAL_PluginCancelOperation(
-            /* [in] */ __RPC__in EXPERIMENTAL_PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST request) = 0;
-
-    };
-
-#else 	/* C style interface */
-
-    typedef struct EXPERIMENTAL_IPluginAuthenticatorVtbl
-    {
-        BEGIN_INTERFACE
-
-        DECLSPEC_XFGVIRT(IUnknown, QueryInterface)
-        HRESULT ( STDMETHODCALLTYPE *QueryInterface )(
-            __RPC__in EXPERIMENTAL_IPluginAuthenticator * This,
-            /* [in] */ __RPC__in REFIID riid,
-            /* [annotation][iid_is][out] */
-            _COM_Outptr_  void **ppvObject);
-
-        DECLSPEC_XFGVIRT(IUnknown, AddRef)
-        ULONG ( STDMETHODCALLTYPE *AddRef )(
-            __RPC__in EXPERIMENTAL_IPluginAuthenticator * This);
-
-        DECLSPEC_XFGVIRT(IUnknown, Release)
-        ULONG ( STDMETHODCALLTYPE *Release )(
-            __RPC__in EXPERIMENTAL_IPluginAuthenticator * This);
-
-        DECLSPEC_XFGVIRT(EXPERIMENTAL_IPluginAuthenticator, EXPERIMENTAL_PluginMakeCredential)
-        HRESULT ( STDMETHODCALLTYPE *EXPERIMENTAL_PluginMakeCredential )(
-            __RPC__in EXPERIMENTAL_IPluginAuthenticator * This,
-            /* [in] */ __RPC__in EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request,
-            /* [out] */ __RPC__deref_out_opt EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE *response);
-
-        DECLSPEC_XFGVIRT(EXPERIMENTAL_IPluginAuthenticator, EXPERIMENTAL_PluginGetAssertion)
-        HRESULT ( STDMETHODCALLTYPE *EXPERIMENTAL_PluginGetAssertion )(
-            __RPC__in EXPERIMENTAL_IPluginAuthenticator * This,
-            /* [in] */ __RPC__in EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request,
-            /* [out] */ __RPC__deref_out_opt EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE *response);
-
-        DECLSPEC_XFGVIRT(EXPERIMENTAL_IPluginAuthenticator, EXPERIMENTAL_PluginCancelOperation)
-        HRESULT ( STDMETHODCALLTYPE *EXPERIMENTAL_PluginCancelOperation )(
-            __RPC__in EXPERIMENTAL_IPluginAuthenticator * This,
-            /* [in] */ __RPC__in EXPERIMENTAL_PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST request);
-
-        END_INTERFACE
-    } EXPERIMENTAL_IPluginAuthenticatorVtbl;
-
-    interface EXPERIMENTAL_IPluginAuthenticator
-    {
-        CONST_VTBL struct EXPERIMENTAL_IPluginAuthenticatorVtbl *lpVtbl;
-    };
-
-#ifdef COBJMACROS
-
-
-#define EXPERIMENTAL_IPluginAuthenticator_QueryInterface(This,riid,ppvObject)	\
-    ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) )
-
-#define EXPERIMENTAL_IPluginAuthenticator_AddRef(This)	\
-    ( (This)->lpVtbl -> AddRef(This) )
-
-#define EXPERIMENTAL_IPluginAuthenticator_Release(This)	\
-    ( (This)->lpVtbl -> Release(This) )
-
-
-#define EXPERIMENTAL_IPluginAuthenticator_EXPERIMENTAL_PluginMakeCredential(This,request,response)	\
-    ( (This)->lpVtbl -> EXPERIMENTAL_PluginMakeCredential(This,request,response) )
-
-#define EXPERIMENTAL_IPluginAuthenticator_EXPERIMENTAL_PluginGetAssertion(This,request,response)	\
-    ( (This)->lpVtbl -> EXPERIMENTAL_PluginGetAssertion(This,request,response) )
-
-#define EXPERIMENTAL_IPluginAuthenticator_EXPERIMENTAL_PluginCancelOperation(This,request)	\
-    ( (This)->lpVtbl -> EXPERIMENTAL_PluginCancelOperation(This,request) )
-
-#endif /* COBJMACROS */
-
-#endif 	/* C style interface */
-
-#endif 	/* __EXPERIMENTAL_IPluginAuthenticator_INTERFACE_DEFINED__ */
-
-/* Additional Prototypes for ALL interfaces */
-
-unsigned long             __RPC_USER  HWND_UserSize(     __RPC__in unsigned long *, unsigned long            , __RPC__in HWND * );
-unsigned char * __RPC_USER  HWND_UserMarshal(  __RPC__in unsigned long *, __RPC__inout_xcount(0) unsigned char *, __RPC__in HWND * );
-unsigned char * __RPC_USER  HWND_UserUnmarshal(__RPC__in unsigned long *, __RPC__in_xcount(0) unsigned char *, __RPC__out HWND * );
-void                      __RPC_USER  HWND_UserFree(     __RPC__in unsigned long *, __RPC__in HWND * );
-
-unsigned long             __RPC_USER  HWND_UserSize64(     __RPC__in unsigned long *, unsigned long            , __RPC__in HWND * );
-unsigned char * __RPC_USER  HWND_UserMarshal64(  __RPC__in unsigned long *, __RPC__inout_xcount(0) unsigned char *, __RPC__in HWND * );
-unsigned char * __RPC_USER  HWND_UserUnmarshal64(__RPC__in unsigned long *, __RPC__in_xcount(0) unsigned char *, __RPC__out HWND * );
-void                      __RPC_USER  HWND_UserFree64(     __RPC__in unsigned long *, __RPC__in HWND * );
-
-/* end of Additional Prototypes */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/src/lib.rs b/apps/desktop/desktop_native/windows_plugin_authenticator/src/lib.rs
index fe2e35df2f8..21257068bd0 100644
--- a/apps/desktop/desktop_native/windows_plugin_authenticator/src/lib.rs
+++ b/apps/desktop/desktop_native/windows_plugin_authenticator/src/lib.rs
@@ -2,15 +2,6 @@
 #![allow(non_snake_case)]
 #![allow(non_camel_case_types)]
 
-mod pa;
-
-use pa::{
-    DWORD, EXPERIMENTAL_PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST,
-    EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST,
-    EXPERIMENTAL_PWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE,
-    EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE,
-    EXPERIMENTAL_WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE, PBYTE,
-};
 use std::ffi::c_uchar;
 use std::ptr;
 use windows::Win32::Foundation::*;
@@ -23,11 +14,53 @@ const AUTHENTICATOR_NAME: &str = "Bitwarden Desktop Authenticator";
 const CLSID: &str = "0f7dc5d9-69ce-4652-8572-6877fd695062";
 const RPID: &str = "bitwarden.com";
 
-/// Returns the current Windows WebAuthN version.
-pub fn get_version_number() -> u32 {
-    unsafe { pa::WebAuthNGetApiVersionNumber() }
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct EXPERIMENTAL_WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST {
+    pub transactionId: GUID,
+    pub cbRequestSignature: Dword,
+    pub pbRequestSignature: *mut byte,
 }
 
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_REQUEST {
+    pub hWnd: HWND,
+    pub transactionId: GUID,
+    pub cbRequestSignature: Dword,
+    pub pbRequestSignature: *mut byte,
+    pub cbEncodedRequest: Dword,
+    pub pbEncodedRequest: *mut byte,
+}
+
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct EXPERIMENTAL_WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE {
+    pub cbOpSignPubKey: Dword,
+    pub pbOpSignPubKey: PByte,
+}
+
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_RESPONSE {
+    pub cbEncodedResponse: Dword,
+    pub pbEncodedResponse: *mut byte,
+}
+
+type Dword = u32;
+type Byte = u8;
+type byte = u8;
+pub type PByte = *mut Byte;
+
+type EXPERIMENTAL_PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST =
+    *const EXPERIMENTAL_WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST;
+pub type EXPERIMENTAL_PCWEBAUTHN_PLUGIN_OPERATION_REQUEST =
+    *const EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_REQUEST;
+pub type EXPERIMENTAL_PWEBAUTHN_PLUGIN_OPERATION_RESPONSE =
+    *mut EXPERIMENTAL_WEBAUTHN_PLUGIN_OPERATION_RESPONSE;
+pub type EXPERIMENTAL_PWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE =
+    *mut EXPERIMENTAL_WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE;
+
 /// Handles initialization and registration for the Bitwarden desktop app as a
 /// plugin authenticator with Windows.
 /// For now, also adds the authenticator
@@ -123,9 +156,9 @@ fn add_authenticator() -> std::result::Result<(), String> {
         pbAuthenticatorInfo: authenticator_info_bytes.as_mut_ptr(),
     };
 
-    let plugin_signing_public_key_byte_count: DWORD = 0;
+    let plugin_signing_public_key_byte_count: Dword = 0;
     let mut plugin_signing_public_key: c_uchar = 0;
-    let plugin_signing_public_key_ptr: PBYTE = &mut plugin_signing_public_key;
+    let plugin_signing_public_key_ptr: PByte = &mut plugin_signing_public_key;
 
     let mut add_response = EXPERIMENTAL_WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE {
         cbOpSignPubKey: plugin_signing_public_key_byte_count,
diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/src/pa.rs b/apps/desktop/desktop_native/windows_plugin_authenticator/src/pa.rs
deleted file mode 100644
index 7c93399594d..00000000000
--- a/apps/desktop/desktop_native/windows_plugin_authenticator/src/pa.rs
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
-    The 'pa' (plugin authenticator) module will contain the generated
-    bindgen code.
-
-    The attributes below will suppress warnings from the generated code.
-*/
-
-#![cfg(target_os = "windows")]
-#![allow(clippy::all)]
-#![allow(warnings)]
-
-include!(concat!(
-    env!("OUT_DIR"),
-    "/windows_plugin_authenticator_bindings.rs"
-));

From 1b6f75806d17c4f2733d15789afa6ec708d49e9a Mon Sep 17 00:00:00 2001
From: Github Actions <actions@github.com>
Date: Mon, 21 Apr 2025 14:22:41 +0000
Subject: [PATCH 30/30] Bumped client version(s)

---
 apps/browser/package.json          | 2 +-
 apps/browser/src/manifest.json     | 2 +-
 apps/browser/src/manifest.v3.json  | 2 +-
 apps/cli/package.json              | 2 +-
 apps/desktop/package.json          | 2 +-
 apps/desktop/src/package-lock.json | 4 ++--
 apps/desktop/src/package.json      | 2 +-
 apps/web/package.json              | 2 +-
 package-lock.json                  | 8 ++++----
 9 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/apps/browser/package.json b/apps/browser/package.json
index b311b837e78..9ed3c807c11 100644
--- a/apps/browser/package.json
+++ b/apps/browser/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/browser",
-  "version": "2025.3.2",
+  "version": "2025.4.0",
   "scripts": {
     "build": "npm run build:chrome",
     "build:chrome": "cross-env BROWSER=chrome MANIFEST_VERSION=3 NODE_OPTIONS=\"--max-old-space-size=8192\" webpack",
diff --git a/apps/browser/src/manifest.json b/apps/browser/src/manifest.json
index 35578fb8321..fca62568048 100644
--- a/apps/browser/src/manifest.json
+++ b/apps/browser/src/manifest.json
@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "__MSG_extName__",
   "short_name": "Bitwarden",
-  "version": "2025.3.2",
+  "version": "2025.4.0",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",
diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json
index 556a73ac15b..47e0cc465ef 100644
--- a/apps/browser/src/manifest.v3.json
+++ b/apps/browser/src/manifest.v3.json
@@ -3,7 +3,7 @@
   "minimum_chrome_version": "102.0",
   "name": "__MSG_extName__",
   "short_name": "Bitwarden",
-  "version": "2025.3.2",
+  "version": "2025.4.0",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",
diff --git a/apps/cli/package.json b/apps/cli/package.json
index 04fe4290d31..1bf6a1d41a1 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/cli",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2025.3.0",
+  "version": "2025.4.0",
   "keywords": [
     "bitwarden",
     "password",
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index ae34deee5b8..9f442da47a1 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/desktop",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2025.4.1",
+  "version": "2025.4.2",
   "keywords": [
     "bitwarden",
     "password",
diff --git a/apps/desktop/src/package-lock.json b/apps/desktop/src/package-lock.json
index a720dff7257..f6449bd9626 100644
--- a/apps/desktop/src/package-lock.json
+++ b/apps/desktop/src/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@bitwarden/desktop",
-  "version": "2025.4.1",
+  "version": "2025.4.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@bitwarden/desktop",
-      "version": "2025.4.1",
+      "version": "2025.4.2",
       "license": "GPL-3.0",
       "dependencies": {
         "@bitwarden/desktop-napi": "file:../desktop_native/napi"
diff --git a/apps/desktop/src/package.json b/apps/desktop/src/package.json
index e288f5f5a79..45a6f6b90af 100644
--- a/apps/desktop/src/package.json
+++ b/apps/desktop/src/package.json
@@ -2,7 +2,7 @@
   "name": "@bitwarden/desktop",
   "productName": "Bitwarden",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2025.4.1",
+  "version": "2025.4.2",
   "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
   "homepage": "https://bitwarden.com",
   "license": "GPL-3.0",
diff --git a/apps/web/package.json b/apps/web/package.json
index 1f4ae9c29cf..e65848602e9 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/web-vault",
-  "version": "2025.4.0",
+  "version": "2025.4.1",
   "scripts": {
     "build:oss": "cross-env NODE_OPTIONS=\"--max-old-space-size=8192\" webpack",
     "build:bit": "cross-env NODE_OPTIONS=\"--max-old-space-size=8192\" webpack -c ../../bitwarden_license/bit-web/webpack.config.js",
diff --git a/package-lock.json b/package-lock.json
index 65f0c87721a..3e16fd7ba68 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -191,11 +191,11 @@
     },
     "apps/browser": {
       "name": "@bitwarden/browser",
-      "version": "2025.3.2"
+      "version": "2025.4.0"
     },
     "apps/cli": {
       "name": "@bitwarden/cli",
-      "version": "2025.3.0",
+      "version": "2025.4.0",
       "license": "SEE LICENSE IN LICENSE.txt",
       "dependencies": {
         "@koa/multer": "3.0.2",
@@ -231,7 +231,7 @@
     },
     "apps/desktop": {
       "name": "@bitwarden/desktop",
-      "version": "2025.4.1",
+      "version": "2025.4.2",
       "hasInstallScript": true,
       "license": "GPL-3.0"
     },
@@ -245,7 +245,7 @@
     },
     "apps/web": {
       "name": "@bitwarden/web-vault",
-      "version": "2025.4.0"
+      "version": "2025.4.1"
     },
     "libs/admin-console": {
       "name": "@bitwarden/admin-console",