From e8b99d99b8c0659da0bc0a2d69674abcdcb14151 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Thu, 30 Oct 2025 04:42:15 +0000
Subject: [PATCH] Fix validation error: make newApplications field optional in
 OrganizationReportSummary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The validation functions required the newApplications field to be present,
but this field is not in the type definition and old encrypted data doesn't
have it. This was causing decryption failures with the error:
"Invalid OrganizationReportSummary: missing or invalid fields: newApplications (string[])"

Changes:
- Updated isOrganizationReportSummary() to allow newApplications to be undefined
- Updated validateOrganizationReportSummary() to only validate newApplications if present
- Added comments explaining backward compatibility requirement

This provides backward compatibility with existing encrypted data while still
validating the field when it is present.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../domain/risk-insights-type-guards.ts       | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/domain/risk-insights-type-guards.ts b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/domain/risk-insights-type-guards.ts
index e3bcb3e18a2..9e000374d6c 100644
--- a/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/domain/risk-insights-type-guards.ts
+++ b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/domain/risk-insights-type-guards.ts
@@ -230,11 +230,14 @@ export function isOrganizationReportSummary(obj: any): obj is OrganizationReport
     Number.isSafeInteger(obj.totalCriticalAtRiskApplicationCount) &&
     obj.totalCriticalAtRiskApplicationCount >= 0 &&
     obj.totalCriticalAtRiskApplicationCount <= MAX_COUNT &&
-    Array.isArray(obj.newApplications) &&
-    obj.newApplications.length <= MAX_ARRAY_LENGTH &&
-    obj.newApplications.every(
-      (app: any) => typeof app === "string" && app.length > 0 && app.length <= MAX_STRING_LENGTH,
-    )
+    // newApplications is optional (backward compatibility - not in type definition)
+    (obj.newApplications === undefined ||
+      (Array.isArray(obj.newApplications) &&
+        obj.newApplications.length <= MAX_ARRAY_LENGTH &&
+        obj.newApplications.every(
+          (app: any) =>
+            typeof app === "string" && app.length > 0 && app.length <= MAX_STRING_LENGTH,
+        )))
   );
 }
 
@@ -346,8 +349,14 @@ export function validateOrganizationReportSummary(data: any): OrganizationReport
     if (typeof data?.totalCriticalAtRiskApplicationCount !== "number") {
       missingFields.push("totalCriticalAtRiskApplicationCount (number)");
     }
-    if (!Array.isArray(data?.newApplications)) {
-      missingFields.push("newApplications (string[])");
+    // newApplications is optional (backward compatibility - not in type definition)
+    // Only validate if present
+    if (
+      data?.newApplications !== undefined &&
+      (!Array.isArray(data?.newApplications) ||
+        !data.newApplications.every((app: any) => typeof app === "string"))
+    ) {
+      missingFields.push("newApplications (optional string[])");
     }
 
     throw new Error(