wip fix test workflow

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.claude/CLAUDE.md

@@ -0,0 +1,619 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+# Bitwarden Directory Connector
+
+## Project Overview
+
+Directory Connector is a TypeScript application that synchronizes users and groups from directory services to Bitwarden organizations. It provides both a desktop GUI (built with Angular and Electron) and a CLI tool (bwdc).
+
+**Supported Directory Services:**
+
+- LDAP (Lightweight Directory Access Protocol) - includes Active Directory and general LDAP servers
+- Microsoft Entra ID (formerly Azure Active Directory)
+- Google Workspace
+- Okta
+- OneLogin
+
+**Technologies:**
+
+- TypeScript
+- Angular (GUI)
+- Electron (Desktop wrapper)
+- Node
+- Jest for testing
+
+### Current Project Status
+
+**Mission Critical but Deprioritized:** Directory Connector is used to sync customer directory services with their Bitwarden organization. While SCIM is the more modern cloud-hosted solution, not all directory services support SCIM, and SCIM is only available on Enterprise plans. Therefore, DC remains mission-critical infrastructure for many paying customers, but it's deprioritized in the codebase due to infrequent changes.
+
+**Isolated Repository:** Unlike other Bitwarden client applications that live in a monorepo with shared core libraries, Directory Connector was kept separate when other TypeScript clients moved to the monorepo. It got its own copy of the jslib repo to avoid unnecessary regressions from apparently unrelated code changes in other clients. This severed it from the rest of the codebase, causing:
+
+- Outdated dependencies that can't be updated (ES modules vs CommonJS conflicts)
+- File/folder structure that doesn't match modern Bitwarden client patterns
+- Accumulated technical debt requiring significant investment to pay down
+- jslib contains unused code from all clients, but cannot be deleted due to monolithic/tightly coupled architecture
+
+**Critical Issues (Current Status):**
+
+- ✅ ~~Electron, Node, and Angular are on unmaintained versions~~ **RESOLVED** - All updated (Electron 39, Node 20, Angular 21, TypeScript 5.9)
+- ❌ `keytar` is archived (Dec 2022) and incompatible with Node v22, **blocking Node upgrades beyond v20** - **PRIMARY BLOCKER**
+- ❌ No ESM support blocks dependency upgrades: googleapis, lowdb, chalk, inquirer, node-fetch, electron-store
+- ⚠️ 70 dev dependencies + 31 runtime dependencies = excessive maintenance burden (count increased with Angular 21 tooling)
+- ❌ StateService is a large pre-StateProvider monolith containing every getter/setter for all clients (PM-31159 In Progress)
+- ✅ ~~Angular CLI not used~~ **RESOLVED** - Angular CLI 21.1.2 now integrated with angular.json configuration
+
+**Development Approach:** When working on this codebase, prioritize sustainability and maintainability over adding new features. Consider how changes will affect long-term maintenance burden.
+
+## Tech Debt Roadmap
+
+### Progress Summary
+
+**Completed:**
+
+- ✅ Phase 0 (Immediate Priority): All major dependencies upgraded (Node 20, Angular 21, TypeScript 5.9, Electron 39)
+- ✅ Phase 6: Angular CLI integration complete
+
+**In Progress:**
+
+- 🔄 Phase 1: StateService rewrite (PM-31159)
+
+**Blocked/Todo:**
+
+- ❌ Phase 2: Remove remaining jslib code (blocked by Phase 1)
+- ❌ Phase 3: Repository restructure (should be done before Phase 5)
+- ⚠️ Phase 4: Replace Keytar **[CRITICAL BLOCKER]** - blocking Node v22+ upgrades
+- ❌ Phase 5: ESM Support (blocked by Phase 3, needed for googleapis, lowdb, chalk, inquirer, etc.)
+
+**Primary Blocker:** Keytar removal (Phase 4) is the most critical task as it blocks Node upgrades beyond v20.
+
+---
+
+### ✅ Immediate Priority: Unsupported Dependencies (COMPLETED)
+
+**Upgrade Path (July 2025 release) - STATUS: COMPLETE**
+
+All major version upgrades have been completed and exceeded targets:
+
+1. ✅ Node 18.20.8 → 20.18 → **COMPLETE** (engines: `~20`, .nvmrc: `v20`)
+2. ✅ Angular 17 → 18.2.x → **EXCEEDED** (now at **21.1.1**)
+3. ✅ TypeScript 5.4.5 → 5.6.0 → **EXCEEDED** (now at **5.9.3**)
+4. ✅ Electron 34 → 36 → **EXCEEDED** (now at **39.2.1**)
+5. ✅ Angular matches clients monorepo version (21.x)
+
+**Current Versions:**
+
+- Node: v20 (project target), blocked from v22+ by keytar
+- TypeScript: 5.9.3
+- Angular: 21.1.1 (all packages)
+- Electron: 39.2.1 (well beyond EOL target of 36)
+- @yao-pkg/pkg: 5.16.1 (community fork replacing archived pkg)
+
+**Note:** Further Node upgrades to v22+ are **blocked by keytar** (see Phase 4). Electron 36 was EOL October 2028, but we're already on 39.2.1.
+
+### Phase 1: StateService Rewrite (PM-31159, In Progress)
+
+**Problem:** StateService is a post-account-switching, pre-StateProvider monolith containing every getter/setter for all clients. This prevents deletion of unused data models and code. Never very stable, and more complex than DC needs (DC doesn't need account switching).
+
+**Current Status:** 🔄 **Active PR** - [#990](https://github.com/bitwarden/directory-connector/pull/990) (Open, Author: @BTreston)
+
+- PR created: Feb 2, 2026
+- Last updated: Feb 5, 2026
+- Files changed: 17 files (+1,512, -41 lines)
+- Commits: 4 (scaffold, add tests, fix type issues, fix integration test)
+
+**Implementation Details:**
+
+**New Architecture:**
+
+- Created `StateServiceVNext` interface (`src/abstractions/state-vNext.service.ts`)
+- New implementation: `StateServiceVNextImplementation` (`src/services/state-service/state-vNext.service.ts`)
+- New state model with flat key-value structure (`src/models/state.model.ts`)
+- Comprehensive test suite: `state-vNext.service.spec.ts` (488 lines of tests)
+
+**Storage Key Structure:**
+
+```typescript
+// vNext Storage Keys (Flat key-value structure)
+StorageKeysVNext = {
+  stateVersion: "stateVersion",
+  directoryType: "directoryType",
+  organizationId: "organizationId",
+  directory_ldap: "directory_ldap",
+  directory_gsuite: "directory_gsuite",
+  directory_entra: "directory_entra",
+  directory_okta: "directory_okta",
+  directory_onelogin: "directory_onelogin",
+  sync: "sync",
+  syncingDir: "syncingDir",
+};
+
+// Secure storage keys for sensitive data
+SecureStorageKeysVNext = {
+  ldap: "secret_ldap",
+  gsuite: "secret_gsuite",
+  azure: "secret_azure", // Backwards compatible with old name
+  entra: "secret_entra",
+  okta: "secret_okta",
+  oneLogin: "secret_oneLogin",
+  userDelta: "userDeltaToken",
+  groupDelta: "groupDeltaToken",
+  lastUserSync: "lastUserSync",
+  lastGroupSync: "lastGroupSync",
+  lastSyncHash: "lastSyncHash",
+};
+```
+
+**Migration Strategy:**
+
+- State version bumped to `StateVersion.Five` (`jslib/common/src/enums/stateVersion.ts`)
+- Enhanced `StateMigrationService` to handle migration from old account-based structure to new flat structure
+- Migration keys defined for backwards compatibility (`MigrationKeys`, `SecureStorageKeysMigration`)
+- Temporary keys used during migration (`TempKeys`) to preserve data during transition
+
+**File Organization:**
+
+- State-related files moved to `src/services/state-service/` subdirectory:
+  - `state-vNext.service.ts` (new implementation)
+  - `state-vNext.service.spec.ts` (488 lines of tests)
+  - `state.service.ts` (legacy, moved from `src/services/`)
+  - `stateMigration.service.ts` (enhanced for v5 migration)
+- New abstraction: `src/abstractions/state-vNext.service.ts`
+- New model: `src/models/state.model.ts` (defines all storage keys)
+
+**Integration:**
+
+- Both old `StateService` and new `StateServiceVNext` injected in parallel during migration phase
+- `DirectoryFactoryService` updated to accept both services
+- Services module provides both implementations
+- CLI (`bwdc.ts`) and GUI (`main.ts`) both instantiate new service alongside old one
+
+**Chosen Approach Benefits:**
+
+- Clean break with old StateService - high degree of certainty
+- Simple and focused on DC's needs (no account switching, no rxjs)
+- Flat key-value structure easier to maintain
+- Versioning and migration capabilities included
+- Keeps existing data.json around during transition
+- All getters/setters in one place (acceptable for small application)
+
+**Rejected Approaches:**
+
+- Copy StateProvider from clients: Too complex (supports account switching, rxjs, syncing background/foreground contexts)
+- Rewrite simplified StateService keeping current data structure: Commits us to previous decisions, keeps monolithic account objects
+
+**Next Steps:**
+
+- Complete PR review and merge
+- Monitor for regressions during initial rollout
+- After several releases, can remove old StateService and migration code
+- Begin Phase 2: Remove remaining jslib code that was only needed by old StateService
+
+### Phase 2: Remove Remaining jslib Code
+
+After StateService is removed, review and delete old models and remaining services that referenced each other. jslib contains unused code from all clients that DC doesn't need.
+
+### Phase 3: Restructure Repository (PM-31852, To Do)
+
+**Current Structure:**
+
+```
+src/          # Both Electron and CLI app code
+src-cli/      # package.json entry point for CLI only, no code
+jslib/
+  ├── common/    # Shared common code
+  ├── node/      # Node specific code used in CLI
+  └── electron/  # Electron specific code used in GUI
+```
+
+**Target Structure:**
+
+```
+src-gui/      # Electron specific code only (combining src (partial) + jslib/electron)
+src-cli/      # Node and CLI specific code only (combining src (partial) + jslib/node)
+libs/         # Shared app-independent DC code, e.g. sync services (combining src (partial) + jslib/common)
+```
+
+**Why:** Makes subsequent changes (code reorganizing, ESM support) much easier. This should be done early in the modernization process.
+
+### Phase 4: Replace Keytar (PM-12436, To Do) ⚠️ **CRITICAL BLOCKER**
+
+**Problem:** `keytar` (OS secure storage for secrets) was archived December 2022 and is incompatible with Node v22, **actively blocking Node upgrades beyond v20**.
+
+**Current Status:**
+
+- `keytar`: **7.9.0** (still present in dependencies)
+- **This is the #1 blocker preventing Node v22+ upgrades**
+- All "Immediate Priority" dependencies have been upgraded, but further progress requires removing keytar
+
+**Solution:** Migrate to Bitwarden's Rust implementation in `desktop_native` (same as clients monorepo did)
+
+1. Implement Rust <-> NAPI integration (like `desktop_native/napi`) from Electron app to Rust code
+2. Copy, rename, and expose necessary functions
+3. Point to `desktop_native` crate using git link from DC repo (no need for SDK yet):
+   ```rust
+   desktop_core = { git = "https://github.com/bitwarden/clients", rev = "00cf24972d944638bbd1adc00a0ae3eeabb6eb9a" }
+   ```
+
+**Important:** `keytar` uses wrong encoding on Windows (UTF-8 instead of UTF-16). Bitwarden uses UTF-16. Code should contain a migration - ensure old values are migrated correctly during testing.
+
+**Priority:** This should be prioritized as it's blocking the Node upgrade path and has been archived for over 2 years.
+
+### Phase 5: Add ESM Support (PM-31850, To Do)
+
+**Problem:** No ESM module support prevents upgrading key dependencies.
+
+**Blocked Dependencies (Current Status):**
+
+- ❌ `googleapis`: **149.0.0** → current (major dependency, disabled in renovate.json5)
+- ❌ `lowdb`: **1.0.0** → v7
+- ❌ `@types/lowdb`: **1.0.15** (can be deleted once inquirer is upgraded)
+- ❌ `@electron/notarize`: **2.5.0** → v3.0.1
+- ❌ `chalk`: **4.1.2** → v5.3.0
+- ❌ `inquirer`: **8.2.6** → v12.1.0
+- ❌ `@types/inquirer`: **8.2.10** (should be deleted when inquirer upgraded)
+- ❌ `node-fetch`: **2.7.0** → v3.3.2 (should use native Node fetch API when on Node >=21)
+- ❌ `electron-store`: **8.2.0** → v10.1.0
+
+**Status:** These dependencies remain blocked as expected. They will stay on old versions until:
+
+1. Phase 3 (Repository Restructure) is complete
+2. ESM support is implemented
+3. Note: These ESM dependencies are primarily used in CLI build, so restructuring first (Phase 3) will limit the impact of ESM migration.
+
+**Implementation:**
+
+1. Update tsconfig.json and package.json configurations
+2. Update import/export syntax to no longer use `require` statements
+3. Upgrade dependencies to move away from CommonJS (ESM can import CommonJS, but not vice versa)
+4. Trial and error
+
+**Reference:** [Pure ESM package guide](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c)
+
+### Phase 6: Add Angular CLI (PM-31849, In Progress / Possibly Complete?)
+
+**Problem:** Angular CLI provides great DX and makes it easier to manage Angular changes (e.g. auto-migrations). DC didn't use it.
+
+**Current Status:**
+
+- ✅ `@angular/cli`: **21.1.2** is now present in **runtime dependencies**
+- ✅ `@angular/build`: **21.1.2** is present in dev dependencies
+- ✅ All Angular tooling has been updated to v21.x
+
+**Status:** ✅ **COMPLETE** - Angular CLI has been successfully integrated:
+
+- `angular.json` configuration file exists
+- `.angular/` cache directory present
+- `@angular/cli` 21.1.2 in runtime dependencies
+- `@angular/build` 21.1.2 in dev dependencies
+- All Angular packages updated to v21.x
+
+This migration provides improved DX and access to Angular's auto-migration tools for future updates.
+
+### Additional Considerations
+
+**Reduce Dependency Count:** Current state is 70 dev dependencies + 31 runtime dependencies (101 total). The dev dependency count increased from the original 66 due to Angular 21 upgrade adding additional tooling. After removing old code, review dependency list:
+
+- Can we remove some after code cleanup?
+- Could we reintegrate with monorepo to leverage Component Library and shared platform dependencies?
+  - **Risk:** Becomes tightly coupled with monorepo code → regression risk, move slower due to coupling
+
+**GitHub Workflows:** Need review and modernization:
+
+- PM-20478: Add check-run workflow for CI on community PRs
+- PM-18290: Add linting workflow
+- PM-18289: Update build workflow
+- `pkg` and `pkg-fetch` for packaging Node runtime in CLI release are archived (fork exists but untrusted; clients vets all changes manually)
+  - Options: Make our own fork, or use Node's single executable binary support (investigate)
+
+## Common Development Commands
+
+### Desktop App (Electron + Angular)
+
+**Initial Setup:**
+
+```bash
+npm install              # Install dependencies (runs git submodule init automatically)
+npm run rebuild          # Rebuild native modules for Electron
+```
+
+**Development:**
+
+```bash
+npm run electron         # Build and run desktop app with hot reload and debugging
+npm run electron:ignore  # Same as above but ignores certificate errors
+```
+
+**Building:**
+
+```bash
+npm run build            # Build both main and renderer processes
+npm run build:main       # Build Electron main process only
+npm run build:renderer   # Build Angular renderer process only
+npm run build:renderer:watch  # Build renderer with file watching
+```
+
+**Distribution:**
+
+```bash
+npm run dist:mac         # Create macOS distributable
+npm run dist:win         # Create Windows distributable
+npm run dist:lin         # Create Linux distributable
+```
+
+### CLI (bwdc)
+
+**Development:**
+
+```bash
+npm run build:cli:watch  # Build CLI with file watching
+node ./build-cli/bwdc.js --help  # Run the CLI from build output
+```
+
+**Production Build:**
+
+```bash
+npm run build:cli:prod   # Build CLI for production
+npm run dist:cli         # Create platform-specific CLI executables (all platforms)
+npm run dist:cli:mac     # Create macOS CLI executable only
+npm run dist:cli:win     # Create Windows CLI executable only
+npm run dist:cli:lin     # Create Linux CLI executable only
+```
+
+### Testing
+
+**Unit Tests:**
+
+```bash
+npm test                 # Run unit tests (excludes integration tests)
+npm run test:watch       # Run unit tests in watch mode
+npm run test:watch:all   # Run unit tests in watch mode (all files)
+npm run test:types       # Run TypeScript type checking without emitting files
+```
+
+**Integration Tests:**
+
+```bash
+npm run test:integration:setup  # Set up Docker containers for LDAP testing
+npm run test:integration        # Run integration tests
+npm run test:integration:watch  # Run integration tests in watch mode
+```
+
+Integration tests require Docker and test against live directory services. The setup command creates OpenLDAP containers using docker-compose.yml.
+
+### Linting & Formatting
+
+```bash
+npm run lint             # Run ESLint and Prettier checks
+npm run lint:fix         # Auto-fix ESLint issues
+npm run prettier         # Format all files with Prettier
+```
+
+### Submodule Management
+
+The `jslib` folder is a git submodule containing shared Bitwarden libraries:
+
+```bash
+npm run sub:update       # Update submodule to latest remote version
+npm run sub:pull         # Pull latest changes in submodule
+npm run sub:commit       # Pull and commit submodule update
+```
+
+### Utility Commands
+
+```bash
+npm run reset            # Remove keytar modules and reinstall (use when switching between CLI/desktop)
+npm run clean:dist       # Clean desktop distribution files
+npm run clean:dist:cli   # Clean CLI distribution files
+```
+
+**Important:** When switching between developing the desktop app and CLI, run `npm run reset` to avoid native module conflicts.
+
+## Code Architecture & Structure
+
+### Directory Organization
+
+```
+src/
+├── abstractions/       # Interface definitions (e.g., IDirectoryService)
+├── services/          # Business logic implementations for directory services, sync, auth
+├── models/            # Data models (UserEntry, GroupEntry, etc.)
+├── commands/          # CLI command implementations
+├── app/               # Angular GUI components
+└── utils/             # Test utilities and fixtures
+
+src-cli/               # CLI-specific code (imports common code from src/)
+
+jslib/                 # Legacy folder structure (mix of deprecated/unused and current code - new code should not be added here)
+```
+
+### Key Architectural Patterns
+
+1. **Abstractions = Interfaces**: All interfaces are defined in `/abstractions`
+2. **Services = Business Logic**: Implementations live in `/services`
+3. **Directory Service Pattern**: Each directory provider implements `IDirectoryService` interface
+4. **Separation of Concerns**: GUI (Angular app) and CLI (commands) share the same service layer
+
+### Core Synchronization Flow
+
+The sync process follows this pattern:
+
+1. **DirectoryFactoryService** (`src/services/directory-factory.service.ts`) - Creates the appropriate directory service based on DirectoryType configuration
+2. **IDirectoryService** implementation (`src/services/directory-services/*.service.ts`) - Each provider (LDAP, Entra ID, Google, Okta, OneLogin) implements:
+   - `getEntries(force, test)` - Returns `[GroupEntry[], UserEntry[]]`
+   - Provider-specific authentication and API calls
+3. **SyncService** (`src/services/sync.service.ts`) - Orchestrates the sync:
+   - Calls directory service to get entries
+   - Filters and deduplicates users/groups
+   - Uses BatchRequestBuilder or SingleRequestBuilder to format API requests
+   - Generates hash to detect changes and avoid redundant syncs
+   - Sends data to Bitwarden API via ApiService
+4. **Request Builders** (`src/services/*-request-builder.ts`) - Transform directory entries into Bitwarden API format
+
+### Shared Library (jslib)
+
+The `jslib` folder is a git submodule containing shared Bitwarden code:
+
+- Common services (API, Crypto, Storage, Auth)
+- Platform utilities
+- Shared models and abstractions
+
+**Important:** This is legacy structure - do not add new code to jslib. New code should go in `src/`.
+
+## Development Conventions
+
+### Code Organization
+
+**File Naming:**
+
+- kebab-case for files: `ldap-directory.service.ts`
+- Descriptive names that reflect purpose
+
+**Class/Function Naming:**
+
+- PascalCase for classes and interfaces
+- camelCase for functions and variables
+- Descriptive names that indicate purpose
+
+**File Structure:**
+
+- Keep files focused on single responsibility
+- Create new service files for distinct directory integrations
+- Separate models into individual files when complex
+
+### TypeScript Conventions
+
+**Import Patterns:**
+
+- Use path aliases (`@/`) for project imports
+  - `@/` - project root
+  - `@/jslib/` - jslib folder
+- ESLint enforces alphabetized import ordering with newlines between groups
+
+**Type Safety:**
+
+- Avoid `any` types - use proper typing or `unknown` with type guards
+- Prefer interfaces for contracts, types for unions/intersections
+- Use strict null checks - handle `null` and `undefined` explicitly
+- Leverage TypeScript's type inference where appropriate
+
+**Configuration:**
+
+- Use configuration files or environment variables
+- Never hardcode URLs or configuration values
+
+## Security Best Practices
+
+**Credential Handling:**
+
+- Never log directory service credentials, API keys, or tokens
+- Use secure storage mechanisms for sensitive data
+- Credentials should never be hardcoded
+- Store credentials encrypted, never in plain text
+
+**Sensitive Data:**
+
+- User and group data from directories should be handled securely
+- Avoid exposing sensitive information in error messages
+- Sanitize data before logging
+- Be cautious with data persistence
+
+**Input Validation:**
+
+- Validate and sanitize data from external directory services
+- Check for injection vulnerabilities (LDAP injection, etc.)
+- Validate configuration inputs from users
+
+**API Security:**
+
+- Ensure authentication flows are implemented correctly
+- Verify SSL/TLS is used for all external connections
+- Check for secure token storage and refresh mechanisms
+
+## Error Handling
+
+**Best Practices:**
+
+1. **Try-catch for async operations** - Always wrap external API calls
+2. **Meaningful error messages** - Provide context for debugging
+3. **Error propagation** - Don't swallow errors silently
+4. **User-facing errors** - Separate user messages from developer logs
+
+## Performance Best Practices
+
+**Large Dataset Handling:**
+
+- Use pagination for large user/group lists
+- Avoid loading entire datasets into memory at once
+- Consider streaming or batch processing for large operations
+
+**API Rate Limiting:**
+
+- Respect rate limits for Microsoft Graph API, Google Admin SDK, etc.
+- Consider batching large API calls where necessary
+
+**Memory Management:**
+
+- Close connections and clean up resources
+- Remove event listeners when components are destroyed
+- Be cautious with caching large datasets
+
+## Testing
+
+**Framework:**
+
+- Jest with jest-preset-angular
+- jest-mock-extended for type-safe mocks with `mock<Type>()`
+
+**Test Organization:**
+
+- Tests colocated with source files
+- `*.spec.ts` - Unit tests for individual components/services
+- `*.integration.spec.ts` - Integration tests against live directory services
+- Test helpers located in `utils/` directory
+
+**Test Naming:**
+
+- Descriptive, human-readable test names
+- Example: `'should return empty array when no users exist in directory'`
+
+**Test Coverage:**
+
+- New features must include tests
+- Bug fixes should include regression tests
+- Changes to core sync logic or directory specific logic require integration tests
+
+**Testing Approach:**
+
+- **Unit tests**: Mock external API calls using jest-mock-extended
+- **Integration tests**: Use live directory services (Docker containers or configured cloud services)
+- Focus on critical paths (authentication, sync, data transformation)
+- Test error scenarios and edge cases (empty results, malformed data, connection failures), not just happy paths
+
+## Directory Service Patterns
+
+### IDirectoryService Interface
+
+All directory services implement this core interface with methods:
+
+- `getUsers()` - Retrieve users from directory and transform them into standard objects
+- `getGroups()` - Retrieve groups from directory and transform them into standard objects
+- Connection and authentication handling
+
+### Service-Specific Implementations
+
+Each directory service has unique authentication and query patterns:
+
+- **LDAP**: Direct LDAP queries, bind authentication
+- **Microsoft Entra ID**: Microsoft Graph API, OAuth tokens
+- **Google Workspace**: Google Admin SDK, service account credentials
+- **Okta/OneLogin**: REST APIs with API tokens
+
+## References
+
+- [Architectural Decision Records (ADRs)](https://contributing.bitwarden.com/architecture/adr/)
+- [Contributing Guidelines](https://contributing.bitwarden.com/contributing/)
+- [Code Style](https://contributing.bitwarden.com/contributing/code-style/)
+- [Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/)
+- [Security Definitions](https://contributing.bitwarden.com/architecture/security/definitions)

.claude/plan.md

@@ -0,0 +1,239 @@
+# Phase 2 PR #1: Flatten Account Model - IMPLEMENTATION COMPLETE
+
+## Status: ✅ COMPLETED
+
+**Implementation Date:** February 13, 2026
+**All tests passing:** 120/120 ✅
+**TypeScript compilation:** Success ✅
+
+---
+
+## Summary
+
+Successfully implemented Phase 2 PR #1: Flatten Account Model. The Account model has been simplified from 177 lines (51 + 126 inherited) to 51 lines, removing the BaseAccount inheritance and flattening nested structures into direct properties.
+
+## Changes Implemented
+
+### Files Modified (7 files)
+
+1. **`jslib/common/src/enums/stateVersion.ts`**
+   - Added `StateVersion.Five` for the flattened Account structure
+   - Updated `StateVersion.Latest = Five`
+
+2. **`src/models/account.ts`**
+   - Removed `extends BaseAccount` inheritance
+   - Removed `ClientKeys` class (redundant)
+   - Flattened 6 authentication fields to top level:
+     - `userId`, `entityId`, `apiKeyClientId`
+     - `accessToken`, `refreshToken`, `apiKeyClientSecret`
+   - Kept `DirectoryConfigurations` and `DirectorySettings` unchanged
+   - Added compatibility fields with FIXME comment for jslib infrastructure:
+     - `data?`, `keys?`, `profile?`, `settings?`, `tokens?` (optional, unused)
+   - Simplified constructor without Object.assign
+
+3. **`src/services/stateMigration.service.ts`**
+   - Added `migrateStateFrom3To4()` placeholder migration
+   - Added `migrateStateFrom4To5()` to flatten nested → flat Account structure
+   - Updated `migrate()` method with new case statements for v3→v4 and v4→v5
+   - Updated `migrateStateFrom1To2()` to use flattened structure (removed `account.profile`, `account.clientKeys`)
+
+4. **`src/services/auth.service.ts`**
+   - Removed imports: `AccountKeys`, `AccountProfile`, `AccountTokens`
+   - Simplified account creation from 26 lines to 10 lines (62% reduction)
+   - Direct property assignment instead of nested objects with spread operators
+
+5. **`src/services/state.service.ts`**
+   - Changed `account.profile.userId` → `account.userId`
+   - Removed `account.settings` from `scaffoldNewAccountDiskStorage`
+   - Added `settings` back to `resetAccount` for base class compatibility (unused but required)
+
+6. **`src/services/authService.spec.ts`**
+   - Removed imports: `AccountKeys`, `AccountProfile`, `AccountTokens`
+   - Updated test expectations to match new flat Account structure
+
+### Files Created (1 file)
+
+7. **`src/services/stateMigration.service.spec.ts`**
+   - Comprehensive migration test suite (5 tests, 210 lines)
+   - Tests flattening nested account structure
+   - Tests handling missing nested objects gracefully
+   - Tests empty account list
+   - Tests preservation of directory configurations and settings
+   - Tests state version update
+
+## Code Reduction Achieved
+
+- **Account model:** 177 lines (51 + 126 inherited) → 51 lines (71% reduction)
+- **AuthService account creation:** 26 lines → 10 lines (62% reduction)
+- **Import statements removed:** 5 jslib imports across multiple files
+
+## Migration Logic
+
+### State Version v4 → v5 Migration
+
+The `migrateStateFrom4To5()` method handles conversion from nested to flat structure:
+
+```typescript
+// OLD (nested structure):
+{
+  profile: {
+    userId: "CLIENT_ID",
+    entityId: "CLIENT_ID",
+    apiKeyClientId: "organization.CLIENT_ID"
+  },
+  tokens: {
+    accessToken: "token",
+    refreshToken: "refresh"
+  },
+  keys: {
+    apiKeyClientSecret: "secret"
+  }
+}
+
+// NEW (flat structure):
+{
+  userId: "CLIENT_ID",
+  entityId: "CLIENT_ID",
+  apiKeyClientId: "organization.CLIENT_ID",
+  accessToken: "token",
+  refreshToken: "refresh",
+  apiKeyClientSecret: "secret"
+}
+```
+
+**Migration Safety:**
+
+- Null-safe property access with `??` operator
+- Preserves all directory configurations and settings
+- Falls back to userId if profile.userId doesn't exist
+- Handles empty account lists gracefully
+
+## Test Results
+
+### Unit Tests: ✅ PASS
+
+```
+Test Suites: 14 passed, 14 total
+Tests:       120 passed, 120 total
+```
+
+New tests added:
+
+- `should flatten nested account structure` ✅
+- `should handle missing nested objects gracefully` ✅
+- `should handle empty account list` ✅
+- `should preserve directory configurations and settings` ✅
+- `should update state version after successful migration` ✅
+
+### TypeScript Compilation: ✅ PASS
+
+```
+npm run test:types
+```
+
+All type checks pass with zero errors.
+
+## Technical Notes
+
+### Compatibility Fields
+
+Added optional compatibility fields to Account model to satisfy jslib infrastructure type constraints:
+
+```typescript
+// FIXME: Remove these compatibility fields after StateServiceVNext migration (PR #990) is merged
+// These fields are unused but required for type compatibility with jslib's StateService infrastructure
+data?: any;
+keys?: any;
+profile?: any;
+settings?: any;
+tokens?: any;
+```
+
+These will be removed after PR #990 (StateServiceVNext) merges and old StateService is deleted.
+
+### Key Architectural Decision
+
+Chose to add compatibility fields rather than refactor entire jslib infrastructure because:
+
+1. PR #990 (StateServiceVNext) will eventually replace this infrastructure
+2. Minimizes changes needed in this PR
+3. Avoids conflicts with PR #990
+4. Can be cleaned up later
+
+## What This Enables
+
+### Immediate Benefits
+
+- ✅ Simplified Account model (71% code reduction)
+- ✅ Clearer authentication field structure
+- ✅ Easier debugging (no nested property access)
+- ✅ Self-documenting code (obvious what DC needs)
+
+### Enables Future Work
+
+- **Phase 2 PR #2:** Remove StateFactory infrastructure
+- **Phase 2 PR #3:** Delete ~90 unused jslib files including:
+  - EncString (only used by old nested Account)
+  - SymmetricCryptoKey (only used by old nested Account)
+  - OrganizationData (completely unused)
+  - ProviderData (completely unused)
+  - AccountKeys, AccountProfile, AccountTokens, AccountData, AccountSettings
+
+## Merge Strategy
+
+**Conflict Management:**
+
+- This PR targets current codebase (with old StateService)
+- Will conflict with PR #990 (StateServiceVNext) when it merges
+- Plan: Rebase this PR after #990 merges
+- Expected conflicts: StateService files, Account model structure
+- Resolution: Keep StateServiceVNext changes, apply Account flattening to new structure
+
+## Next Steps
+
+1. **Review & Test:** Thorough code review and manual testing
+2. **Create PR:** Open PR with comprehensive description and test results
+3. **Manual Testing Scenarios:**
+   - Fresh installation → authentication flow
+   - Existing installation → migration runs successfully
+   - All directory types → configuration persists correctly
+   - CLI authentication → flat structure works
+4. **After Merge:**
+   - Begin Phase 2 PR #2: Remove StateFactory Infrastructure
+   - Monitor for any migration issues in production
+
+## Related Work
+
+- **Depends On:** None (can merge independently)
+- **Blocks:** Phase 2 PR #2 (Remove StateFactory), Phase 2 PR #3 (Delete Unused jslib Files)
+- **Conflicts With:** PR #990 (StateServiceVNext) - plan to rebase after #990 merges
+- **Part Of:** Phase 2 tech debt cleanup (see CLAUDE.md)
+
+---
+
+## Original Implementation Plan
+
+[The original detailed step-by-step plan from the conversation has been preserved below for reference]
+
+### Context
+
+Directory Connector's Account model currently extends jslib's BaseAccount, inheriting 126 lines of complex nested structures designed for multi-account password manager features that DC doesn't use. This inheritance creates unnecessary coupling and blocks cleanup of unused jslib dependencies.
+
+**Current State:**
+
+- Account extends BaseAccount with nested objects: `profile.userId`, `tokens.accessToken`, `keys.apiKeyClientSecret`
+- Only 6 fields from BaseAccount are actually used by DC
+- 120+ lines of inherited code (AccountData, AccountKeys, AccountProfile, AccountSettings, AccountTokens) are unused
+- Creates dependencies on EncString, SymmetricCryptoKey, OrganizationData, ProviderData that DC never uses
+
+**Problem:**
+
+- Unnecessary complexity for a single-account application
+- Blocks deletion of unused jslib models (Phase 2 goal)
+- Verbose account creation code (26 lines to set 6 fields)
+- Difficult to understand what DC actually needs
+
+**Goal:**
+Flatten Account model to contain only the 8 fields DC uses, removing BaseAccount inheritance. This enables Phase 2 PR #2 and PR #3 to delete ~90 unused jslib files.
+
+[Rest of original plan preserved in conversation transcript]

.claude/skills/commonjs-to-esm/skill.md

@@ -0,0 +1,130 @@
+---
+userInvocable: true
+---
+
+# CommonJS to ESM Conversion
+
+Convert a file (or files) from CommonJS module syntax to ECMAScript Modules (ESM).
+
+## Usage
+
+```
+/commonjs-to-esm <file-path> [additional-file-paths...]
+```
+
+## Parameters
+
+- `file-path` - Path to the file(s) to convert from CommonJS to ESM
+
+## Examples
+
+```
+/commonjs-to-esm src/services/auth.service.ts
+/commonjs-to-esm src/utils/helper.ts src/utils/parser.ts
+```
+
+## Process
+
+This skill performs a comprehensive analysis and planning process:
+
+### 1. Analyze Target File(s)
+
+For each file to convert:
+
+- Read the file contents
+- Identify its purpose and functionality
+- Catalog all CommonJS patterns used:
+  - `require()` statements
+  - `module.exports` assignments
+  - `exports.x = ...` assignments
+  - Dynamic requires
+  - `__dirname` and `__filename` usage
+
+### 2. Find Dependents
+
+- Search for all files that import/require the target file(s)
+- Identify the import patterns used by dependents
+- Map the dependency tree to understand impact scope
+
+### 3. Analyze Dependencies
+
+- List all modules the target file(s) depend on
+- Determine if dependencies support ESM
+- Identify potential blocking dependencies (CommonJS-only packages)
+- Check for dynamic imports that may need special handling
+
+### 4. Identify Conversion Challenges
+
+Common issues to flag:
+
+- `__dirname` and `__filename` (need `import.meta.url` conversion)
+- Dynamic `require()` calls (need `import()` conversion)
+- Conditional requires (need refactoring)
+- JSON imports (need `assert { type: 'json' }`)
+- CommonJS-only dependencies (may block conversion)
+- Circular dependencies (may need restructuring)
+
+### 5. Generate Conversion Plan
+
+Create a step-by-step plan that includes:
+
+**Target File Changes:**
+
+- Convert `require()` to `import` statements
+- Convert `module.exports` to `export` statements
+- Update `__dirname`/`__filename` to use `import.meta.url`
+- Handle dynamic imports appropriately
+- Update file extensions if needed (e.g., `.js` to `.mjs`)
+
+**Dependent File Changes:**
+
+- Update all import statements in dependent files
+- Ensure consistent naming (default vs named exports)
+- Update path references if extensions change
+
+**Configuration Changes:**
+
+- `package.json`: Add `"type": "module"` or use `.mjs` extension
+- `tsconfig.json`: Update `module` and `moduleResolution` settings
+- Build tools: Update bundler/compiler configurations
+
+**Testing Strategy:**
+
+- Run unit tests after conversion
+- Verify no runtime errors from import changes
+- Check that all exports are accessible
+- Test dynamic import scenarios
+
+### 6. Risk Assessment
+
+Evaluate:
+
+- Number of files affected
+- Complexity of CommonJS patterns used
+- Presence of blocking dependencies
+- Potential for breaking changes
+
+### 7. Present Plan
+
+Output a structured plan with:
+
+- Summary of changes needed
+- Ordered steps for execution
+- List of files to modify
+- Configuration changes required
+- Testing checkpoints
+- Risk factors and mitigation strategies
+- Estimated scope (small/medium/large change)
+
+## Notes
+
+- ESM is **not** compatible with CommonJS in all cases - ESM can import CommonJS, but CommonJS **cannot** require ESM
+- This means conversions should generally proceed from leaf dependencies upward
+- Some packages remain CommonJS-only and may block full conversion
+- The skill generates a plan but does NOT automatically execute the conversion - review and approve first
+
+## References
+
+- [Pure ESM package guide](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c)
+- [Node.js ESM documentation](https://nodejs.org/api/esm.html)
+- [TypeScript ESM support](https://www.typescriptlang.org/docs/handbook/esm-node.html)

.eslintignore

@@ -1,10 +0,0 @@
-dist
-build
-build-cli
-webpack.cli.js
-webpack.main.js
-webpack.renderer.js
-
-**/node_modules
-
-**/jest.config.js

.eslintrc.json

@@ -1,95 +0,0 @@
-{
-  "root": true,
-  "env": {
-    "browser": true,
-    "node": true
-  },
-  "overrides": [
-    {
-      "files": ["*.ts", "*.js"],
-      "plugins": ["@typescript-eslint", "rxjs", "rxjs-angular", "import"],
-      "parser": "@typescript-eslint/parser",
-      "parserOptions": {
-        "project": ["./tsconfig.eslint.json"],
-        "sourceType": "module",
-        "ecmaVersion": 2020
-      },
-      "extends": [
-        "eslint:recommended",
-        "plugin:@typescript-eslint/recommended",
-        "plugin:import/recommended",
-        "plugin:import/typescript",
-        "prettier",
-        "plugin:rxjs/recommended"
-      ],
-      "settings": {
-        "import/parsers": {
-          "@typescript-eslint/parser": [".ts"]
-        },
-        "import/resolver": {
-          "typescript": {
-            "alwaysTryTypes": true
-          }
-        }
-      },
-      "rules": {
-        "@typescript-eslint/explicit-member-accessibility": [
-          "error",
-          { "accessibility": "no-public" }
-        ],
-        "@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
-        "@typescript-eslint/no-misused-promises": ["error", { "checksVoidReturn": false }],
-        "@typescript-eslint/no-this-alias": ["error", { "allowedNames": ["self"] }],
-        "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }],
-        "no-console": "error",
-        "import/no-unresolved": "off", // TODO: Look into turning off once each package is an actual package.
-        "import/order": [
-          "error",
-          {
-            "alphabetize": {
-              "order": "asc"
-            },
-            "newlines-between": "always",
-            "pathGroups": [
-              {
-                "pattern": "@/jslib/**/*",
-                "group": "external",
-                "position": "after"
-              },
-              {
-                "pattern": "@/src/**/*",
-                "group": "parent",
-                "position": "before"
-              }
-            ],
-            "pathGroupsExcludedImportTypes": ["builtin"]
-          }
-        ],
-        "rxjs-angular/prefer-takeuntil": "error",
-        "rxjs/no-exposed-subjects": ["error", { "allowProtected": true }],
-        "no-restricted-syntax": [
-          "error",
-          {
-            "message": "Calling `svgIcon` directly is not allowed",
-            "selector": "CallExpression[callee.name='svgIcon']"
-          },
-          {
-            "message": "Accessing FormGroup using `get` is not allowed, use `.value` instead",
-            "selector": "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']"
-          }
-        ],
-        "curly": ["error", "all"],
-        "import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
-        "no-restricted-imports": ["error", { "patterns": ["src/**/*"] }]
-      }
-    },
-    {
-      "files": ["*.html"],
-      "parser": "@angular-eslint/template-parser",
-      "plugins": ["@angular-eslint/template"],
-      "rules": {
-        "@angular-eslint/template/button-has-type": "error"
-      }
-    }
-  ]
-}

.github/CODEOWNERS

@@ -6,3 +6,14 @@
 
 # Default file owners.
 * @bitwarden/team-admin-console-dev
+
+# Docker-related files
+**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
+**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
+**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
+**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
+
+# Claude related files
+.claude/ @bitwarden/team-ai-sme
+.github/workflows/respond.yml @bitwarden/team-ai-sme
+.github/workflows/review-code.yml @bitwarden/team-ai-sme

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Feature Requests
+    url: https://community.bitwarden.com/c/feature-requests/
+    about: Request new features using the Community Forums. Please search existing feature requests before making a new one.
+  - name: Bitwarden Community Forums
+    url: https://community.bitwarden.com
+    about: Please visit the community forums for general community discussion, support and the development roadmap.
+  - name: Customer Support
+    url: https://bitwarden.com/contact/
+    about: Please contact our customer support for account issues and general customer support.
+  - name: Security Issues
+    url: https://hackerone.com/bitwarden
+    about: We use HackerOne to manage security disclosures.

.github/ISSUE_TEMPLATE/issue.yml

@@ -0,0 +1,111 @@
+name: Directory Connector Bug Report
+description: File a bug report
+title: "[DC] "
+labels: ["bug"]
+type: bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps To Reproduce
+      description: How can we reproduce the behavior.
+      value: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. Click on '...'
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Result
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Result
+      description: A clear and concise description of what is happening.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots or Videos
+      description: If applicable, add screenshots and/or a short video to help explain your problem.
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: What operating system(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - Windows
+        - macOS
+        - Linux
+        - Other operating system (please specify in "Additional Context" section)
+    validations:
+      required: true
+  - type: input
+    id: os-version
+    attributes:
+      label: Operating System Version
+      description: What version of the operating system(s) are you seeing the problem on?
+    validations:
+      required: true
+  - type: dropdown
+    id: directories
+    attributes:
+      label: Directory Service
+      description: What directory service(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - LDAP - Active Directory
+        - Another LDAP implementation (please specify in "Additional Context" section)
+        - Microsoft Entra ID
+        - Google Workspace
+        - Okta Universal Directory
+        - OneLogin
+        - Other directory service (please specify in "Additional Context" section)
+    validations:
+      required: true
+  - type: dropdown
+    id: application-type
+    attributes:
+      label: Application Type
+      description: Which Directory Connector application(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - GUI (the desktop application)
+        - CLI (the bwdc command line application)
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Build Version
+      description: What version of our software are you running?
+    validations:
+      required: true
+  - type: checkboxes
+    id: issue-tracking-info
+    attributes:
+      label: Issue Tracking Info
+      description: |
+        Make sure to acknowledge the following before submitting your report!
+      options:
+        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
+          required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,26 +9,3 @@
 ## 📸 Screenshots
 
 <!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
-
-## ⏰ Reminders before review
-
-- Contributor guidelines followed
-- All formatters and local linters executed and passed
-- Written new unit and / or integration tests where applicable
-- Used internationalization (i18n) for all UI strings
-- CI builds passed
-- Communicated to DevOps any deployment requirements
-- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
-
-## 🦮 Reviewer guidelines
-
-<!-- Suggested interactions but feel free to use (or not) as you desire! -->
-
-- 👍 (`:+1:`) or similar for great changes
-- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
-- ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
-- 🎨 (`:art:`) for suggestions / improvements
-- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
-- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
-- ⛏ (`:pick:`) for minor or nitpick changes

.github/renovate.json

@@ -1,16 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>bitwarden/renovate-config"],
-  "enabledManagers": ["github-actions", "npm"],
-  "packageRules": [
-    {
-      "groupName": "gh minor",
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["minor", "patch"]
-    },
-    {
-      "matchPackageNames": ["*"],
-      "reviewers": ["team:team-admin-console-dev"]
-    }
-  ]
-}

.github/renovate.json5

@@ -0,0 +1,24 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: ["github>bitwarden/renovate-config"],
+  enabledManagers: ["github-actions", "npm"],
+  packageRules: [
+    {
+      groupName: "gh minor",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["minor", "patch"],
+    },
+  ],
+  ignoreDeps: [
+    // yao-pkg is used to create a single executable application bundle for the CLI.
+    // It is a third party build of node which carries a high supply chain risk.
+    // This must be manually vetted by our appsec team before upgrading.
+    // It is excluded from renovate to avoid accidentally upgrading to a non-vetted version.
+    "@yao-pkg/pkg",
+    // googleapis uses ESM after 149.0.0 so we are not upgrading it until we have ESM support.
+    // They release new versions every couple of weeks so ignoring it at the dependency dashboard
+    // level is not sufficient.
+    // FIXME: remove and upgrade when we have ESM support.
+    "googleapis",
+  ],
+}

.github/workflows/build.yml

@@ -1,4 +1,3 @@
----
 name: Build
 
 on:
@@ -6,72 +5,67 @@ on:
   push:
     branches:
       - "main"
+      - "rc"
+      - "hotfix-rc"
   workflow_dispatch: {}
 
+permissions:
+  contents: read
+
 jobs:
-  cloc:
-    name: CLOC
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-      - name: Set up CLOC
-        run: |
-          sudo apt update
-          sudo apt -y install cloc
-
-      - name: Print lines of code
-        run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
-
-
   setup:
     name: Setup
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
       package_version: ${{ steps.retrieve-version.outputs.package_version }}
+      node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Get Package Version
         id: retrieve-version
         run: |
           PKG_VERSION=$(jq -r .version package.json)
-          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT
+          echo "package_version=$PKG_VERSION" >> "$GITHUB_OUTPUT"
 
+      - name: Get Node Version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
 
   linux-cli:
     name: Build Linux CLI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 18.5.0
-      _PKG_FETCH_VERSION: 3.4
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
+    permissions:
+      contents: read
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
-
-      - name: Get pkg-fetch
-        run: |
-          cd $HOME
-          fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-linux-x64"
-
-          mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION
-          wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-linux-x64"
+          node-gyp install "$(node -v)"
 
       - name: Keytar
         run: |
@@ -82,8 +76,8 @@ jobs:
           keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
 
           mkdir -p ./keytar/linux
-          wget $keytarUrl -O ./keytar/linux/$keytarTarGz
-          tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux
+          wget "$keytarUrl" -O "./keytar/linux/$keytarTarGz"
+          tar -xvf "./keytar/linux/$keytarTarGz" -C ./keytar/linux
 
       - name: Install
         run: npm install
@@ -92,24 +86,19 @@ jobs:
         run: npm run dist:cli:lin
 
       - name: Zip
-        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
-
-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt
+        run: zip -j "dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" "dist-cli/linux/bwdc" "keytar/linux/build/Release/keytar.node"
 
       - name: Version Test
         run: |
           sudo apt-get update
           sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
-          eval $(dbus-launch --sh-syntax)
+          eval "$(dbus-launch --sh-syntax)"
 
-          eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login)
-          eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start)
+          eval "$(echo -n "" | /usr/bin/gnome-keyring-daemon --login)"
+          eval "$(/usr/bin/gnome-keyring-daemon --components=secrets --start)"
 
           mkdir -p test/linux
-          unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux
+          unzip "./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" -d ./test/linux
 
           testVersion=$(./test/linux/bwdc -v)
 
@@ -122,51 +111,39 @@ jobs:
           fi
 
       - name: Upload Linux Zip to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   macos-cli:
     name: Build Mac CLI
-    runs-on: macos-13
+    runs-on: macos-15-intel
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 18.5.0
-      _PKG_FETCH_VERSION: 3.4
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
-
-      - name: Get pkg-fetch
-        run: |
-          cd $HOME
-          fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-macos-x64"
-
-          mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION
-          wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-macos-x64"
+          node-gyp install "$(node -v)"
 
       - name: Keytar
         run: |
@@ -177,8 +154,8 @@ jobs:
           keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
 
           mkdir -p ./keytar/macos
-          wget $keytarUrl -O ./keytar/macos/$keytarTarGz
-          tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos
+          wget "$keytarUrl" -O "./keytar/macos/$keytarTarGz"
+          tar -xvf "./keytar/macos/$keytarTarGz" -C ./keytar/macos
 
       - name: Install
         run: npm install
@@ -187,17 +164,12 @@ jobs:
         run: npm run dist:cli:mac
 
       - name: Zip
-        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
-
-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt
+        run: zip -j "dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" "dist-cli/macos/bwdc" "keytar/macos/build/Release/keytar.node"
 
       - name: Version Test
         run: |
           mkdir -p test/macos
-          unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos
+          unzip "./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" -d ./test/macos
 
           testVersion=$(./test/macos/bwdc -v)
 
@@ -210,59 +182,44 @@ jobs:
           fi
 
       - name: Upload Mac Zip to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
 
   windows-cli:
     name: Build Windows CLI
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _WIN_PKG_FETCH_VERSION: 18.5.0
-      _WIN_PKG_VERSION: 3.4
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Setup Windows builder
         run: |
           choco install checksum --no-progress
-          choco install reshack --no-progress
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
           node-gyp install $(node -v)
 
-      - name: Get pkg-fetch
-        shell: pwsh
-        run: |
-          cd $HOME
-          $fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v$env:_WIN_PKG_VERSION/node-v$env:_WIN_PKG_FETCH_VERSION-win-x64"
-
-          New-Item -ItemType directory -Path ./.pkg-cache
-          New-Item -ItemType directory -Path ./.pkg-cache/v$env:_WIN_PKG_VERSION
-          Invoke-RestMethod -Uri $fetchedUrl `
-            -OutFile "./.pkg-cache/v$env:_WIN_PKG_VERSION/fetched-v$env:_WIN_PKG_FETCH_VERSION-win-x64"
-
       - name: Keytar
         shell: pwsh
         run: |
@@ -279,54 +236,6 @@ jobs:
 
           7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows"
 
-      - name: Setup Version Info
-        shell: pwsh
-        run: |
-          $major, $minor, $patch = $env:_PACKAGE_VERSION.split('.')
-
-          $versionInfo = @"
-
-          1 VERSIONINFO
-          FILEVERSION $major,$minor,$patch,0
-          PRODUCTVERSION $major,$minor,$patch,0
-          FILEOS 0x40004
-          FILETYPE 0x1
-          {
-          BLOCK "StringFileInfo"
-          {
-            BLOCK "040904b0"
-            {
-              VALUE "CompanyName", "Bitwarden Inc."
-              VALUE "ProductName", "Bitwarden"
-              VALUE "FileDescription", "Bitwarden Directory Connector CLI"
-              VALUE "FileVersion", "$env:_PACKAGE_VERSION"
-              VALUE "ProductVersion", "$env:_PACKAGE_VERSION"
-              VALUE "OriginalFilename", "bwdc.exe"
-              VALUE "InternalName", "bwdc"
-              VALUE "LegalCopyright", "Copyright Bitwarden Inc."
-            }
-          }
-
-          BLOCK "VarFileInfo"
-          {
-            VALUE "Translation", 0x0409 0x04B0
-          }
-          }
-          "@
-
-          $versionInfo | Out-File ./version-info.rc
-
-      - name: Resource Hacker
-        shell: cmd
-        run: |
-          set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker
-          set WIN_PKG=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\fetched-v%_WIN_PKG_FETCH_VERSION%-win-x64
-          set WIN_PKG_BUILT=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\built-v%_WIN_PKG_FETCH_VERSION%-win-x64
-
-          ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1,
-          ResourceHacker -open version-info.rc -save version-info.res -action compile
-          ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res
-
       - name: Install
         run: npm install
 
@@ -340,7 +249,7 @@ jobs:
       - name: Version Test
         shell: pwsh
         run: |
-          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
+          Expand-Archive -Path "dist-cli\bwdc-windows-$env:_PACKAGE_VERSION.zip" -DestinationPath "test\windows"
           $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
           echo "version: ${env:_PACKAGE_VERSION}"
           echo "testVersion: $testVersion"
@@ -348,44 +257,38 @@ jobs:
             Throw "Version test failed."
           }
 
-      - name: Create checksums
-        run: |
-          checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
-
       - name: Upload Windows Zip to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   windows-gui:
     name: Build Windows GUI
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
@@ -403,39 +306,60 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "code-signing-vault-url,
+            code-signing-client-id,
+            code-signing-tenant-id,
+            code-signing-client-secret,
+            code-signing-cert-name"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Build & Sign
         run: npm run dist:win
         env:
           ELECTRON_BUILDER_SIGN: 1
-          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
-          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
-          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
-          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
-          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
+          SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
+          SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
+          SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
+          SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
+          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
 
       - name: Upload Portable Executable to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable Blockmap to GitHub
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: latest.yml
           path: ./dist/latest.yml
@@ -444,27 +368,32 @@ jobs:
 
   linux-gui:
     name: Build Linux GUI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: setup
+    permissions:
+      contents: read
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"
 
       - name: Set up environment
         run: |
@@ -482,14 +411,14 @@ jobs:
         run: npm run dist:lin
 
       - name: Upload AppImage
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: latest-linux.yml
           path: ./dist/latest-linux.yml
@@ -498,27 +427,33 @@ jobs:
 
   macos-gui:
     name: Build MacOS GUI
-    runs-on: macos-13
+    runs-on: macos-15-intel
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"
 
       - name: Print environment
         run: |
@@ -527,31 +462,43 @@ jobs:
           echo "GitHub ref: $GITHUB_REF"
           echo "GitHub event: $GITHUB_EVENT"
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
 
       - name: Get certificates
         run: |
-          mkdir -p $HOME/certificates
+          mkdir -p "$HOME/certificates"
 
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
-            jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
+            jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
 
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
-            jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
+            jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
 
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
-            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
+            jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
 
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
-          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
           security default-keychain -s build.keychain
-          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
           security set-keychain-settings -lut 1200 build.keychain
 
           security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
@@ -563,12 +510,12 @@ jobs:
           security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
 
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
 
       - name: Load package version
         run: |
           $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path "$rootPath\package.json" | ConvertFrom-Json).version;
 
           Write-Output "Setting package version to $packageVersion";
           Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -576,45 +523,47 @@ jobs:
 
       - name: Install Node dependencies
         run: npm install
-      
+
       - name: Set up private auth key
+        env:
+          _APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
         run: |
           mkdir ~/private_keys
           cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          ${_APP_STORE_CONNECT_AUTH_KEY}
           EOF
 
       - name: Build application
         run: npm run dist:mac
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: UFD296548T
           APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
           CSC_FOR_PULL_REQUEST: true
 
       - name: Upload .zip artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           if-no-files-found: error
 
       - name: Upload .dmg artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           if-no-files-found: error
 
       - name: Upload .dmg Blockmap artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: latest-mac.yml
           path: ./dist/latest-mac.yml
@@ -623,9 +572,8 @@ jobs:
 
   check-failures:
     name: Check for failures
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs:
-      - cloc
       - setup
       - linux-cli
       - macos-cli
@@ -633,16 +581,24 @@ jobs:
       - windows-gui
       - linux-gui
       - macos-gui
+    permissions:
+      id-token: write
     steps:
       - name: Check if any job failed
-        if: github.ref == 'refs/heads/main' && contains(needs.*.result, 'failure')
+        if: |
+          (github.ref == 'refs/heads/main'
+          || github.ref == 'refs/heads/rc'
+          || github.ref == 'refs/heads/hotfix-rc')
+          && contains(needs.*.result, 'failure')
         run: exit 1
 
-      - name: Login to Azure - CI subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
         if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -652,6 +608,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()

.github/workflows/enforce-labels.yml

@@ -1,13 +1,15 @@
----
 name: Enforce PR labels
 
 on:
   pull_request:
     types: [labeled, unlabeled, opened, edited, synchronize]
+permissions:
+  contents: read
+  pull-requests: read
 jobs:
   enforce-label:
     name: EnforceLabel
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Enforce Label
         uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2

.github/workflows/integration-test.yml

@@ -0,0 +1,155 @@
+name: Integration Testing
+
+on:
+  workflow_dispatch:
+  # Integration tests are slow, so only run them if relevant files have changed.
+  # This is done at the workflow level and at the job level.
+  # Make sure these triggers stay consistent with the 'changed-files' job.
+  push:
+    branches:
+      - 'main'
+      - 'rc'
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "docker-compose.yml" # any change to Docker configuration
+      - "package.json" # dependencies
+      - "utils/**" # any change to test fixtures
+      - "libs/services/sync.service.ts" # core sync service used by all directory services
+      - "libs/services/directory-services/ldap-directory.service*" # LDAP directory service
+      - "libs/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
+      # Add directory services here as we add test coverage
+  pull_request:
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "docker-compose.yml" # any change to Docker configuration
+      - "package.json" # dependencies
+      - "utils/**" # any change to test fixtures
+      - "libs/services/sync.service.ts" # core sync service used by all directory services
+      - "libs/services/directory-services/ldap-directory.service*" # LDAP directory service
+      - "libs/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
+      # Add directory services here as we add test coverage
+permissions:
+  contents: read
+  checks: write # required by dorny/test-reporter to upload its results
+  id-token: write # required to use OIDC to login to Azure Key Vault
+jobs:
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Set up Node
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      # Get secrets from Azure Key Vault
+      - name: Azure Login
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get KV Secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "GOOGLE-ADMIN-USER,GOOGLE-CLIENT-EMAIL,GOOGLE-DOMAIN,GOOGLE-PRIVATE-KEY"
+
+      - name: Azure Logout
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      # Only run relevant tests depending on what files have changed.
+      # This should be kept consistent with the workflow level triggers.
+      # Note: docker-compose.yml is only used for ldap for now
+      - name: Get changed files
+        id: changed-files
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        with:
+          list-files: shell
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # Add directory services here as we add test coverage
+          filters: |
+            common:
+              - '.github/workflows/integration-test.yml'
+              - 'utils/**'
+              - 'package.json'
+              - 'libs/services/sync.service.ts'
+            ldap:
+              - 'docker-compose.yml'
+              - 'libs/services/directory-services/ldap-directory.service*'
+            google:
+              - 'libs/services/directory-services/gsuite-directory.service*'
+
+      # LDAP
+      - name: Setup LDAP integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install mkcert
+          npm run test:integration:setup
+
+      - name: Wait for LDAP container to be healthy
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        run: |
+          echo "Waiting for LDAP container to be healthy..."
+          timeout 60 bash -c 'until docker compose ps | grep open-ldap | grep -q "(healthy)"; do sleep 2; done'
+          echo "LDAP container is ready!"
+
+      - name: Run LDAP integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        env:
+          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
+        run: npx jest ldap-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-ldap
+
+      # Google Workspace
+      - name: Run Google Workspace integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.google == 'true'
+        env:
+          GOOGLE_DOMAIN: ${{ steps.get-kv-secrets.outputs.GOOGLE-DOMAIN }}
+          GOOGLE_ADMIN_USER: ${{ steps.get-kv-secrets.outputs.GOOGLE-ADMIN-USER }}
+          GOOGLE_CLIENT_EMAIL: ${{ steps.get-kv-secrets.outputs.GOOGLE-CLIENT-EMAIL }}
+          GOOGLE_PRIVATE_KEY: ${{ steps.get-kv-secrets.outputs.GOOGLE-PRIVATE-KEY }}
+          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
+        run: |
+          npx jest gsuite-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-google
+
+      - name: Report test results
+        id: report
+        uses: dorny/test-reporter@b082adf0eced0765477756c2a610396589b8c637 # v2.5.0
+        # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
+        # PRs from the repository and all other events are OK.
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
+        with:
+          name: Test Results
+          path: "junit.xml*"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+
+      - name: Upload results to codecov.io
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        with:
+          report_type: test_results

.github/workflows/release.yml

@@ -1,4 +1,3 @@
----
 name: Release
 
 on:
@@ -14,22 +13,29 @@ on:
           - Redeploy
           - Dry Run
 
+permissions:
+  contents: read
+
 jobs:
   setup:
     name: Setup
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
-      release-version: ${{ steps.version.outputs.version }}
+      release_version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Branch check
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         run: |
-          if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
-            echo "[!] Can only release from the 'main' branch"
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
             echo "==================================="
             exit 1
           fi
@@ -38,17 +44,21 @@ jobs:
         id: version
         uses: bitwarden/gh-actions/release-version-check@main
         with:
-          release-type: ${{ github.event.inputs.release_type }}
+          release-type: ${{ inputs.release_type }}
           project-type: ts
           file: package.json
 
   release:
     name: Release
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: setup
+    permissions:
+      actions: read
+      packages: read
+      contents: write
     steps:
       - name: Download all artifacts
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
@@ -56,7 +66,7 @@ jobs:
           branch: ${{ github.ref_name }}
 
       - name: Dry Run - Download all artifacts
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+        if: ${{ inputs.release_type == 'Dry Run' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
@@ -64,17 +74,14 @@ jobs:
           branch: main
 
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0
         env:
-          PKG_VERSION: ${{ needs.setup.outputs.release-version }}
+          PKG_VERSION: ${{ needs.setup.outputs.release_version }}
         with:
           artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-linux-${{ env.PKG_VERSION }}.zip,
-                      ./bwdc-windows-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-macos-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-linux-sha256-${{ env.PKG_VERSION }}.txt,
                       ./Bitwarden-Connector-Portable-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe.blockmap,

.github/workflows/respond.yml

@@ -0,0 +1,28 @@
+name: Respond
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+permissions: {}
+
+jobs:
+  respond:
+    name: Respond
+    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write

.github/workflows/review-code.yml

@@ -0,0 +1,21 @@
+name: Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions: {}
+
+jobs:
+  review:
+    name: Review
+    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      pull-requests: write

.github/workflows/scan.yml

@@ -5,74 +5,48 @@ on:
   push:
     branches:
       - "main"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - "main"
   pull_request_target:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
+    branches:
+      - "main"
+
+permissions: {}
 
 jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   sast:
-    name: SAST scan
-    runs-on: ubuntu-22.04
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
     needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
     permissions:
       contents: read
       pull-requests: write
       security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@6c56658230f79c227a55120e9b24845d574d5225 # 2.0.31
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
-        with:
-          sarif_file: cx_result.sarif
+      id-token: write
 
   quality:
-    name: Quality scan
-    runs-on: ubuntu-22.04
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
     needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
     permissions:
       contents: read
       pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarcloud-github-action@eb211723266fe8e83102bac7361f0a05c3ac1d1b # v3.0.0
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.tests=.
-            -Dsonar.sources=.
-            -Dsonar.test.inclusions=**/*.spec.ts
-            -Dsonar.exclusions=**/*.spec.ts
+      id-token: write
+      

.github/workflows/test.yml

@@ -5,50 +5,36 @@ on:
   push:
     branches:
       - "main"
+      - "rc"
+      - "hotfix-rc"
   pull_request:
 
-jobs:
-  check-test-secrets:
-    name: Check for test secrets
-    runs-on: ubuntu-22.04
-    outputs:
-      available: ${{ steps.check-test-secrets.outputs.available }}
-    permissions:
-      contents: read
+permissions:
+  contents: read
+  checks: write # required by dorny/test-reporter to upload its results
 
-    steps:
-      - name: Check
-        id: check-test-secrets
-        run: |
-          if [ "${{ secrets.CODECOV_TOKEN }}" != '' ]; then
-            echo "available=true" >> $GITHUB_OUTPUT;
-          else
-            echo "available=false" >> $GITHUB_OUTPUT;
-          fi
+jobs:
 
   testing:
     name: Run tests
     if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
-    runs-on: ubuntu-22.04
-    needs: check-test-secrets
-    permissions:
-      checks: write
-      contents: read
-      pull-requests: write
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Get Node version
         id: retrieve-node-version
         run: |
           NODE_NVMRC=$(cat .nvmrc)
           NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
 
       - name: Set up Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -67,8 +53,10 @@ jobs:
         run: npm run test --coverage
 
       - name: Report test results
-        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
-        if: ${{ needs.check-test-secrets.outputs.available == 'true' && !cancelled() }}
+        uses: dorny/test-reporter@b082adf0eced0765477756c2a610396589b8c637 # v2.5.0
+        # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
+        # PRs from the repository and all other events are OK.
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
         with:
           name: Test Results
           path: "junit.xml"
@@ -76,13 +64,9 @@ jobs:
           fail-on-error: true
 
       - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
-        if: ${{ needs.check-test-secrets.outputs.available == 'true' }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
 
       - name: Upload results to codecov.io
-        uses: codecov/test-results-action@1b5b448b98e58ba90d1a1a1d9fcb72ca2263be46 # v1.0.0
-        if: ${{ needs.check-test-secrets.outputs.available == 'true' }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        with:
+          report_type: test_results

.github/workflows/version-bump.yml

@@ -1,4 +1,3 @@
----
 name: Version Bump
 
 on:
@@ -8,17 +7,16 @@ on:
         description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
         required: false
         type: string
-      enable_slack_notification:
-        description: "Enable Slack notifications for upcoming release?"
-        default: false
-        type: boolean
+
+permissions: {}
 
 jobs:
   bump_version:
     name: Bump Version
-    runs-on: ubuntu-22.04
-    outputs:
-      version: ${{ steps.set-final-version-output.outputs.version }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      id-token: write
     steps:
       - name: Validate version input
         if: ${{ inputs.version_number_override != '' }}
@@ -26,55 +24,47 @@ jobs:
         with:
           version: ${{ inputs.version_number_override }}
 
-      - name: Slack Notification Check
-        run: |
-          if [[ "${{ inputs.enable_slack_notification }}" == true ]]; then
-            echo "Slack notifications enabled."
-          else
-            echo "Slack notifications disabled."
-          fi
-
-      - name: Checkout Branch
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
-      - name: Retrieve secrets
-        id: retrieve-secrets
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key,
-            github-gpg-private-key-passphrase"
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
 
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        id: app-token
         with:
-          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          permission-contents: write
+
+      - name: Checkout Branch
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: true
 
       - name: Setup git
         run: |
-          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          git config --local user.name "bitwarden-devops-bot"
-
-      - name: Create Version Branch
-        id: create-branch
-        run: |
-          NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d")
-          git switch -c $NAME
-          echo "name=$NAME" >> $GITHUB_OUTPUT
+          git config user.name github-actions
+          git config user.email github-actions@github.com
 
       - name: Get current version
         id: current-version
         run: |
           CURRENT_VERSION=$(cat package.json | jq -r '.version')
-          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"
 
       - name: Verify input version
         if: ${{ inputs.version_number_override != '' }}
@@ -89,8 +79,7 @@ jobs:
           fi
 
           # Check if version is newer.
-          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
-          if [ $? -eq 0 ]; then
+          if printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V; then
             echo "Version check successful."
           else
             echo "Version check failed."
@@ -122,84 +111,35 @@ jobs:
 
       - name: Set final version output
         id: set-final-version-output
+        env:
+          _BUMP_VERSION_OVERRIDE_OUTCOME: ${{ steps.bump-version-override.outcome }}
+          _INPUT_VERSION_NUMBER_OVERRIDE: ${{ inputs.version_number_override }}
+          _BUMP_VERSION_AUTOMATIC_OUTCOME: ${{ steps.bump-version-automatic.outcome }}
+          _CALCULATE_NEXT_VERSION: ${{ steps.calculate-next-version.outputs.version }}
+          
         run: |
-          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
-            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
-          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
-            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
+          if [[ "$_BUMP_VERSION_OVERRIDE_OUTCOME" == "success" ]]; then
+            echo "version=$_INPUT_VERSION_NUMBER_OVERRIDE" >> "$GITHUB_OUTPUT"
+          elif [[ "$_BUMP_VERSION_AUTOMATIC_OUTCOME" == "success" ]]; then
+            echo "version=$_CALCULATE_NEXT_VERSION" >> "$GITHUB_OUTPUT"
           fi
 
       - name: Check if version changed
         id: version-changed
         run: |
           if [ -n "$(git status --porcelain)" ]; then
-            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
+            echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
           else
-            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
+            echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
             echo "No changes to commit!";
           fi
 
       - name: Commit files
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
+        env:
+          _VERSION: ${{ steps.set-final-version-output.outputs.version }}
+        run: git commit -m "Bumped version to $_VERSION" -a
 
       - name: Push changes
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
-        run: git push -u origin $PR_BRANCH
-
-      - name: Generate GH App token
-        uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4
-        id: app-token
-        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
-          owner: ${{ github.repository_owner }}
-
-      - name: Create Version PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        id: create-pr
-        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
-          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
-          TITLE: "Bump version to ${{ steps.set-final-version-output.outputs.version }}"
-        run: |
-          PR_URL=$(gh pr create --title "$TITLE" \
-            --base "main" \
-            --head "$PR_BRANCH" \
-            --label "version update" \
-            --label "automated pr" \
-            --body "
-              ## Type of change
-              - [ ] Bug fix
-              - [ ] New feature development
-              - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
-              - [ ] Build/deploy pipeline (DevOps)
-              - [X] Other
-
-              ## Objective
-              Automated version bump to ${{ steps.set-final-version-output.outputs.version }}")
-          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
-
-      - name: Approve PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
-        run: gh pr review $PR_NUMBER --approve
-
-      - name: Merge PR
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
-          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
-        run: gh pr merge $PR_NUMBER --squash --auto --delete-branch
-
-      - name: Report upcoming release version to Slack
-        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && inputs.enable_slack_notification == true }}
-        uses: bitwarden/gh-actions/report-upcoming-release-version@main
-        with:
-          version: ${{ steps.set-final-version-output.outputs.version }}
-          project: ${{ github.repository }}
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+        run: git push

.gitignore

@@ -2,6 +2,9 @@
 .DS_Store
 Thumbs.db
 
+# Environment variables used for tests
+.env
+
 # IDEs and editors
 .idea/
 .project
@@ -30,8 +33,8 @@ build-cli
 .angular/cache
 
 # Testing
-coverage
-junit.xml
+coverage*
+junit.xml*
 
 # Misc
 *.crx

.nvmrc

@@ -1 +1 @@
-v18
+v20

README.md

@@ -3,13 +3,13 @@
 
 # Bitwarden Directory Connector
 
-The Bitwarden Directory Connector is a a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
+The Bitwarden Directory Connector is a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
 
 Supported directories:
 
 - Active Directory
 - Any other LDAP-based directory
-- Azure Active Directory
+- Microsoft Entra ID
 - G Suite (Google)
 - Okta
 

angular.json

@@ -14,19 +14,24 @@
         }
       },
       "root": ".",
-      "sourceRoot": "src",
+      "sourceRoot": "src-gui",
       "prefix": "app",
       "architect": {
         "build": {
-          "builder": "@angular-devkit/build-angular:browser",
+          "builder": "@angular/build:application",
           "options": {
-            "outputPath": "dist",
-            "index": "src/index.html",
-            "main": "src/main.ts",
+            "outputPath": {
+              "base": "dist"
+            },
+            "index": "src-gui/index.html",
             "tsConfig": "tsconfig.json",
-            "assets": [],
-            "styles": [],
-            "scripts": []
+            "assets": [
+              { "glob": "**/*", "input": "src-gui/images", "output": "images" },
+              { "glob": "**/*", "input": "src-gui/locales", "output": "locales" }
+            ],
+            "styles": ["src-gui/scss/styles.scss"],
+            "scripts": [],
+            "browser": "src-gui/app/main.ts"
           }
         }
       }

docker-compose.yml

@@ -0,0 +1,37 @@
+services:
+  open-ldap:
+    image: bitnamilegacy/openldap:latest
+    hostname: openldap
+    environment:
+      - LDAP_ADMIN_USERNAME=admin
+      - LDAP_ADMIN_PASSWORD=admin
+      - LDAP_ROOT=dc=bitwarden,dc=com
+      - LDAP_ENABLE_TLS=yes
+      - LDAP_TLS_CERT_FILE=/certs/openldap.pem
+      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
+      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
+    volumes:
+      - "./utils/openldap/ldifs:/ldifs"
+      - "./utils/openldap/certs:/certs"
+    ports:
+      - "1389:1389"
+      - "1636:1636"
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "ldapsearch",
+          "-x",
+          "-H",
+          "ldap://localhost:1389",
+          "-b",
+          "dc=bitwarden,dc=com",
+          "-D",
+          "cn=admin,dc=bitwarden,dc=com",
+          "-w",
+          "admin",
+        ]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+      start_period: 10s

electron-builder.json

@@ -4,13 +4,13 @@
   },
   "productName": "Bitwarden Directory Connector",
   "appId": "com.bitwarden.directory-connector",
-  "copyright": "Copyright © 2015-2022 Bitwarden Inc.",
+  "copyright": "Copyright © 2015-2026 Bitwarden Inc.",
   "directories": {
     "buildResources": "resources",
     "output": "dist",
     "app": "build"
   },
-  "afterSign": "scripts/notarize.js",
+  "afterSign": "scripts/notarize.mjs",
   "mac": {
     "artifactName": "Bitwarden-Connector-${version}-mac.${ext}",
     "category": "public.app-category.productivity",
@@ -22,7 +22,7 @@
   },
   "win": {
     "target": ["portable", "nsis"],
-    "sign": "scripts/sign.js"
+    "sign": "scripts/sign.mjs"
   },
   "linux": {
     "category": "Utility",

eslint.config.mjs

@@ -0,0 +1,159 @@
+// @ts-check
+import eslint from "@eslint/js";
+import tsParser from "@typescript-eslint/parser";
+import tsPlugin from "@typescript-eslint/eslint-plugin";
+import prettierConfig from "eslint-config-prettier";
+import importPlugin from "eslint-plugin-import";
+import rxjsX from "eslint-plugin-rxjs-x";
+import rxjsAngularX from "eslint-plugin-rxjs-angular-x";
+import angularEslint from "@angular-eslint/eslint-plugin-template";
+import angularParser from "@angular-eslint/template-parser";
+import globals from "globals";
+
+export default [
+  // Global ignores (replaces .eslintignore)
+  {
+    ignores: [
+      "dist/**",
+      "dist-cli/**",
+      "build/**",
+      "build-cli/**",
+      "coverage/**",
+      "**/*.cjs",
+      "eslint.config.mjs",
+      "scripts/**/*.js",
+      "**/node_modules/**",
+    ],
+  },
+
+  // Base config for all JavaScript/TypeScript files
+  {
+    files: ["**/*.ts", "**/*.js"],
+    languageOptions: {
+      ecmaVersion: 2020,
+      sourceType: "module",
+      parser: tsParser,
+      parserOptions: {
+        project: ["./tsconfig.eslint.json"],
+      },
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+      },
+    },
+    plugins: {
+      "@typescript-eslint": tsPlugin,
+      import: importPlugin,
+      "rxjs-x": rxjsX,
+      "rxjs-angular-x": rxjsAngularX,
+    },
+    settings: {
+      "import/parsers": {
+        "@typescript-eslint/parser": [".ts"],
+      },
+      "import/resolver": {
+        typescript: {
+          alwaysTryTypes: true,
+        },
+      },
+    },
+    rules: {
+      // ESLint recommended rules
+      ...eslint.configs.recommended.rules,
+
+      // TypeScript ESLint recommended rules
+      ...tsPlugin.configs.recommended.rules,
+
+      // Import plugin recommended rules
+      ...importPlugin.flatConfigs.recommended.rules,
+
+      // RxJS recommended rules
+      ...rxjsX.configs.recommended.rules,
+
+      // Custom project rules
+      "@typescript-eslint/explicit-member-accessibility": ["error", { accessibility: "no-public" }],
+      "@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
+      "@typescript-eslint/no-misused-promises": ["error", { checksVoidReturn: false }],
+      "@typescript-eslint/no-this-alias": ["error", { allowedNames: ["self"] }],
+      "@typescript-eslint/no-unused-vars": ["error", { args: "none" }],
+      "no-console": "error",
+      "import/no-unresolved": "off", // TODO: Look into turning on once each package is an actual package.
+      "import/order": [
+        "error",
+        {
+          alphabetize: {
+            order: "asc",
+          },
+          "newlines-between": "always",
+          pathGroups: [
+            {
+              pattern: "@/libs/**",
+              group: "external",
+              position: "after",
+            },
+            {
+              pattern: "@/jslib/**",
+              group: "external",
+              position: "after",
+            },
+            {
+              pattern: "@/src-gui/**",
+              group: "external",
+              position: "after",
+            },
+            {
+              pattern: "@/src-cli/**",
+              group: "external",
+              position: "after",
+            },
+          ],
+          pathGroupsExcludedImportTypes: ["builtin"],
+        },
+      ],
+      "rxjs-angular-x/prefer-takeuntil": "error",
+      "rxjs-x/no-exposed-subjects": ["error", { allowProtected: true }],
+      "no-restricted-syntax": [
+        "error",
+        {
+          message: "Calling `svgIcon` directly is not allowed",
+          selector: "CallExpression[callee.name='svgIcon']",
+        },
+        {
+          message: "Accessing FormGroup using `get` is not allowed, use `.value` instead",
+          selector:
+            "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']",
+        },
+      ],
+      curly: ["error", "all"],
+      "import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
+      "no-restricted-imports": ["error", { patterns: ["src/**/*"] }],
+    },
+  },
+
+  // Jest test files (includes any test-related files)
+  {
+    files: ["**/*.spec.ts", "**/test.setup.ts", "**/spec/**/*.ts", "**/utils/**/*fixtures*.ts"],
+    languageOptions: {
+      globals: {
+        ...globals.jest,
+      },
+    },
+  },
+
+  // Angular HTML templates
+  {
+    files: ["**/*.html"],
+    languageOptions: {
+      parser: angularParser,
+    },
+    plugins: {
+      "@angular-eslint/template": angularEslint,
+    },
+    rules: {
+      "@angular-eslint/template/button-has-type": "error",
+    },
+  },
+
+  // Prettier config (must be last to override other configs)
+  prettierConfig,
+];

jest.config.mjs

@@ -1,14 +1,14 @@
-const { pathsToModuleNameMapper } = require("ts-jest");
-const { compilerOptions } = require("./tsconfig");
+import { pathsToModuleNameMapper } from "ts-jest";
+import tsconfig from "./tsconfig.json" with { type: "json" };
 
-const tsPreset = require("ts-jest/jest-preset");
-const angularPreset = require("jest-preset-angular/jest-preset");
-const { defaultTransformerOptions } = require("jest-preset-angular/presets");
+import angularPresetsModule from "jest-preset-angular/presets/index.js";
+
+const { defaultTransformerOptions } = angularPresetsModule;
+
+const { compilerOptions } = tsconfig;
 
 /** @type {import('ts-jest').JestConfigWithTsJest} */
-module.exports = {
-  // ...tsPreset,
-  // ...angularPreset,
+export default {
   preset: "jest-preset-angular",
 
   reporters: ["default", "jest-junit"],
@@ -26,7 +26,6 @@ module.exports = {
   modulePaths: [compilerOptions.baseUrl],
   moduleNameMapper: pathsToModuleNameMapper(compilerOptions.paths, { prefix: "<rootDir>/" }),
   setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
-
   // Workaround for a memory leak that crashes tests in CI:
   // https://github.com/facebook/jest/issues/9430#issuecomment-1149882002
   // Also anecdotally improves performance when run locally

jslib-removal-plan.md

@@ -0,0 +1,745 @@
+# Plan: Remove StateService and jslib Dependencies
+
+## Context
+
+Directory Connector currently depends on StateService from jslib, which is a massive pre-StateProvider monolith containing 200+ getter/setter methods for all Bitwarden clients. This creates significant maintenance burden and blocks deletion of unused jslib code.
+
+**Current State (Phase 1 Complete):**
+
+- ✅ StateServiceVNext has been implemented with a flat key-value structure
+- ✅ Migration service handles transition from old account-based structure to new flat structure
+- ⚠️ Both old and new StateService implementations coexist during migration
+- ❌ Three jslib services still depend on old StateService: TokenService, CryptoService, EnvironmentService
+- ❌ Two Electron components depend on old StateService: WindowMain, TrayMain
+
+**Problem:**
+The old StateService cannot be removed until all dependencies are eliminated. Analysis reveals:
+
+- **TokenService**: Used for API authentication (9/32 methods actually used)
+- **CryptoService**: Completely unused by DC (0/61 methods used) - carried over from monolith
+- **EnvironmentService**: Used for custom server URLs (4/11 methods used)
+- **WindowMain/TrayMain**: Used for Electron window/tray state persistence (6 methods total)
+
+**Goal:**
+Replace jslib services with simplified DC-specific implementations that use StateServiceVNext, enabling complete removal of old StateService and unlocking Phase 2 (jslib code cleanup).
+
+**User Decisions:**
+
+1. ✅ Create simplified DC-specific versions of Token/Environment services (clean break from jslib)
+2. ✅ Keep WindowMain/TrayMain as-is (minimize scope, focus on StateService removal)
+3. ✅ Automatic migration on first launch (transparent to users)
+
+## Critical Files
+
+### Files to Create (New Implementations)
+
+- `src/services/token/token.service.ts` - DC-specific token service
+- `src/abstractions/token.service.ts` - Token service interface
+- `src/services/environment/environment.service.ts` - DC-specific environment service
+- `src/abstractions/environment.service.ts` - Environment service interface
+- `src/utils/jwt.util.ts` - JWT decoding utility (no dependencies)
+
+### Files to Modify (Update Dependencies)
+
+- `src/services/api.service.ts` - Switch from jslib TokenService to DC TokenService
+- `src/services/auth.service.ts` - Update EnvironmentService import
+- `src/services/sync.service.ts` - Update EnvironmentService import
+- `src/commands/config.command.ts` - Update EnvironmentService import
+- `src/bwdc.ts` - Remove old StateService, instantiate new services
+- `src/main.ts` - Remove old StateService, instantiate new services
+- `src/app/services/services.module.ts` - Remove old StateService, provide new services
+- `src/app/app.component.ts` - Update TokenService import
+- `jslib/electron/src/window.main.ts` - Adapt to use StateServiceVNext
+- `jslib/electron/src/tray.main.ts` - Adapt to use StateServiceVNext
+
+### Files to Delete (After Migration)
+
+- `jslib/common/src/services/token.service.ts` - jslib TokenService
+- `jslib/common/src/abstractions/token.service.ts` - jslib TokenService interface
+- `jslib/common/src/services/crypto.service.ts` - Unused CryptoService
+- `jslib/common/src/abstractions/crypto.service.ts` - Unused CryptoService interface
+- `jslib/common/src/services/environment.service.ts` - jslib EnvironmentService
+- `jslib/common/src/abstractions/environment.service.ts` - jslib EnvironmentService interface
+- `src/services/state-service/state.service.ts` - Old DC StateService
+- `src/abstractions/state.service.ts` - Old DC StateService interface
+- `jslib/common/src/services/state.service.ts` - Old jslib StateService
+- `jslib/common/src/abstractions/state.service.ts` - Old jslib StateService interface
+
+## Implementation Plan
+
+### Step 1: Create JWT Utility (No Dependencies)
+
+Create `src/utils/jwt.util.ts` with standalone JWT decoding function:
+
+```typescript
+export interface DecodedToken {
+  exp: number;
+  iat: number;
+  nbf: number;
+  sub: string; // user ID
+  client_id?: string;
+  [key: string]: any;
+}
+
+export function decodeJwt(token: string): DecodedToken {
+  // Validate JWT structure (3 parts: header.payload.signature)
+  const parts = token.split(".");
+  if (parts.length !== 3) {
+    throw new Error("Invalid JWT format");
+  }
+
+  // Decode payload (base64url to JSON)
+  const payload = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+
+  return JSON.parse(atob(payload));
+}
+
+export function getTokenExpirationDate(token: string): Date | null {
+  const decoded = decodeJwt(token);
+  if (!decoded.exp) return null;
+  return new Date(decoded.exp * 1000);
+}
+
+export function tokenSecondsRemaining(token: string, offsetSeconds = 0): number {
+  const expDate = getTokenExpirationDate(token);
+  if (!expDate) return 0;
+
+  const msRemaining = expDate.getTime() - Date.now() - offsetSeconds * 1000;
+  return Math.floor(msRemaining / 1000);
+}
+
+export function tokenNeedsRefresh(token: string, minutesBeforeExpiration = 5): boolean {
+  const secondsRemaining = tokenSecondsRemaining(token);
+  return secondsRemaining < minutesBeforeExpiration * 60;
+}
+```
+
+**Why:** Standalone utility avoids service dependencies, can be tested independently, reusable.
+
+### Step 2: Create DC TokenService
+
+Create `src/abstractions/token.service.ts`:
+
+```typescript
+export interface TokenService {
+  // Token storage
+  setTokens(
+    accessToken: string,
+    refreshToken: string,
+    clientIdClientSecret?: [string, string],
+  ): Promise<void>;
+  getToken(): Promise<string | null>;
+  getRefreshToken(): Promise<string | null>;
+  clearToken(): Promise<void>;
+
+  // API key authentication
+  getClientId(): Promise<string | null>;
+  getClientSecret(): Promise<string | null>;
+
+  // Two-factor token (rarely used)
+  getTwoFactorToken(): Promise<string | null>;
+  clearTwoFactorToken(): Promise<void>;
+
+  // Token validation (delegates to jwt.util)
+  decodeToken(token?: string): Promise<DecodedToken | null>;
+  tokenNeedsRefresh(minutesBeforeExpiration?: number): Promise<boolean>;
+}
+```
+
+Create `src/services/token/token.service.ts`:
+
+```typescript
+import { StateServiceVNext } from "@/abstractions/state-vNext.service";
+import { SecureStorageService } from "@/jslib/common/src/abstractions/storage.service";
+import { TokenService as ITokenService } from "@/abstractions/token.service";
+import {
+  decodeJwt,
+  tokenNeedsRefresh as checkTokenNeedsRefresh,
+  DecodedToken,
+} from "@/utils/jwt.util";
+
+export class TokenService implements ITokenService {
+  // Storage keys
+  private TOKEN_KEY = "accessToken";
+  private REFRESH_TOKEN_KEY = "refreshToken";
+  private CLIENT_ID_KEY = "apiKeyClientId";
+  private CLIENT_SECRET_KEY = "apiKeyClientSecret";
+  private TWO_FACTOR_TOKEN_KEY = "twoFactorToken";
+
+  constructor(
+    private stateService: StateServiceVNext,
+    private secureStorageService: SecureStorageService,
+  ) {}
+
+  async setTokens(
+    accessToken: string,
+    refreshToken: string,
+    clientIdClientSecret?: [string, string],
+  ): Promise<void> {
+    await this.secureStorageService.save(this.TOKEN_KEY, accessToken);
+    await this.secureStorageService.save(this.REFRESH_TOKEN_KEY, refreshToken);
+
+    if (clientIdClientSecret) {
+      await this.secureStorageService.save(this.CLIENT_ID_KEY, clientIdClientSecret[0]);
+      await this.secureStorageService.save(this.CLIENT_SECRET_KEY, clientIdClientSecret[1]);
+    }
+  }
+
+  async getToken(): Promise<string | null> {
+    return await this.secureStorageService.get<string>(this.TOKEN_KEY);
+  }
+
+  async getRefreshToken(): Promise<string | null> {
+    return await this.secureStorageService.get<string>(this.REFRESH_TOKEN_KEY);
+  }
+
+  async clearToken(): Promise<void> {
+    await this.secureStorageService.remove(this.TOKEN_KEY);
+    await this.secureStorageService.remove(this.REFRESH_TOKEN_KEY);
+    await this.secureStorageService.remove(this.CLIENT_ID_KEY);
+    await this.secureStorageService.remove(this.CLIENT_SECRET_KEY);
+  }
+
+  async getClientId(): Promise<string | null> {
+    return await this.secureStorageService.get<string>(this.CLIENT_ID_KEY);
+  }
+
+  async getClientSecret(): Promise<string | null> {
+    return await this.secureStorageService.get<string>(this.CLIENT_SECRET_KEY);
+  }
+
+  async getTwoFactorToken(): Promise<string | null> {
+    return await this.secureStorageService.get<string>(this.TWO_FACTOR_TOKEN_KEY);
+  }
+
+  async clearTwoFactorToken(): Promise<void> {
+    await this.secureStorageService.remove(this.TWO_FACTOR_TOKEN_KEY);
+  }
+
+  async decodeToken(token?: string): Promise<DecodedToken | null> {
+    const tokenToUse = token ?? (await this.getToken());
+    if (!tokenToUse) return null;
+
+    try {
+      return decodeJwt(tokenToUse);
+    } catch {
+      return null;
+    }
+  }
+
+  async tokenNeedsRefresh(minutesBeforeExpiration = 5): Promise<boolean> {
+    const token = await this.getToken();
+    if (!token) return true;
+
+    try {
+      return checkTokenNeedsRefresh(token, minutesBeforeExpiration);
+    } catch {
+      return true;
+    }
+  }
+}
+```
+
+Create `src/services/token/token.service.spec.ts` with comprehensive tests covering:
+
+- Token storage/retrieval
+- Token clearing
+- JWT decoding
+- Token expiration logic
+- Error handling for malformed tokens
+
+### Step 3: Create DC EnvironmentService
+
+Create `src/abstractions/environment.service.ts`:
+
+```typescript
+export interface EnvironmentUrls {
+  base?: string;
+  api?: string;
+  identity?: string;
+  webVault?: string;
+  icons?: string;
+  notifications?: string;
+  events?: string;
+  keyConnector?: string;
+}
+
+export interface EnvironmentService {
+  setUrls(urls: EnvironmentUrls): Promise<void>;
+  setUrlsFromStorage(): Promise<void>;
+
+  hasBaseUrl(): boolean;
+  getApiUrl(): string;
+  getIdentityUrl(): string;
+  getWebVaultUrl(): string;
+  getIconsUrl(): string;
+  getNotificationsUrl(): string;
+  getEventsUrl(): string;
+  getKeyConnectorUrl(): string;
+}
+```
+
+Create `src/services/environment/environment.service.ts`:
+
+```typescript
+import { StateServiceVNext } from "@/abstractions/state-vNext.service";
+import {
+  EnvironmentService as IEnvironmentService,
+  EnvironmentUrls,
+} from "@/abstractions/environment.service";
+
+export class EnvironmentService implements IEnvironmentService {
+  private readonly DEFAULT_URLS = {
+    api: "https://api.bitwarden.com",
+    identity: "https://identity.bitwarden.com",
+    webVault: "https://vault.bitwarden.com",
+    icons: "https://icons.bitwarden.net",
+    notifications: "https://notifications.bitwarden.com",
+    events: "https://events.bitwarden.com",
+  };
+
+  private urls: EnvironmentUrls = {};
+
+  constructor(private stateService: StateServiceVNext) {}
+
+  async setUrls(urls: EnvironmentUrls): Promise<void> {
+    // Normalize URLs: trim whitespace, remove trailing slashes, add https:// if missing
+    const normalized: EnvironmentUrls = {};
+
+    for (const [key, value] of Object.entries(urls)) {
+      if (!value) continue;
+
+      let url = value.trim();
+      url = url.replace(/\/+$/, ""); // Remove trailing slashes
+
+      if (!/^https?:\/\//i.test(url)) {
+        url = `https://${url}`;
+      }
+
+      normalized[key] = url;
+    }
+
+    this.urls = normalized;
+    await this.stateService.setEnvironmentUrls(normalized);
+  }
+
+  async setUrlsFromStorage(): Promise<void> {
+    const stored = await this.stateService.getEnvironmentUrls();
+    this.urls = stored ?? {};
+  }
+
+  hasBaseUrl(): boolean {
+    return !!this.urls.base;
+  }
+
+  getApiUrl(): string {
+    return this.urls.api ?? this.urls.base + "/api" ?? this.DEFAULT_URLS.api;
+  }
+
+  getIdentityUrl(): string {
+    return this.urls.identity ?? this.urls.base + "/identity" ?? this.DEFAULT_URLS.identity;
+  }
+
+  getWebVaultUrl(): string {
+    return this.urls.webVault ?? this.urls.base ?? this.DEFAULT_URLS.webVault;
+  }
+
+  getIconsUrl(): string {
+    return this.urls.icons ?? this.urls.base + "/icons" ?? this.DEFAULT_URLS.icons;
+  }
+
+  getNotificationsUrl(): string {
+    return (
+      this.urls.notifications ??
+      this.urls.base + "/notifications" ??
+      this.DEFAULT_URLS.notifications
+    );
+  }
+
+  getEventsUrl(): string {
+    return this.urls.events ?? this.urls.base + "/events" ?? this.DEFAULT_URLS.events;
+  }
+
+  getKeyConnectorUrl(): string {
+    return this.urls.keyConnector ?? "";
+  }
+}
+```
+
+Create `src/services/environment/environment.service.spec.ts` with tests covering:
+
+- URL normalization (trailing slashes, https prefix)
+- Storage persistence
+- Default URL fallbacks
+- Custom URL override
+- Base URL derivation
+
+### Step 4: Add Environment URL Storage to StateServiceVNext
+
+Update `src/models/state.model.ts` to add environment URL storage key:
+
+```typescript
+export const StorageKeysVNext = {
+  // ... existing keys ...
+  environmentUrls: "environmentUrls",
+};
+```
+
+Update `src/abstractions/state-vNext.service.ts` to add methods:
+
+```typescript
+export interface StateServiceVNext {
+  // ... existing methods ...
+  getEnvironmentUrls(): Promise<EnvironmentUrls | null>;
+  setEnvironmentUrls(urls: EnvironmentUrls): Promise<void>;
+}
+```
+
+Update `src/services/state-service/state-vNext.service.ts` implementation to add storage methods.
+
+### Step 5: Update StateMigrationService for Token/Environment Data
+
+Update `src/services/state-service/stateMigration.service.ts` to migrate:
+
+**Token data (from secure storage):**
+
+- `accessToken` → `accessToken` (same key, no change needed)
+- `refreshToken` → `refreshToken` (same key, no change needed)
+- `apiKeyClientId` → `apiKeyClientId` (same key, no change needed)
+- `apiKeyClientSecret` → `apiKeyClientSecret` (same key, no change needed)
+
+**Environment URLs (from account state):**
+
+- `environmentUrls` from account → `environmentUrls` in flat structure
+
+Add migration test cases to `src/services/state-service/stateMigration.service.spec.ts`.
+
+### Step 6: Remove CryptoService Dependencies
+
+Since CryptoService is completely unused by DC:
+
+1. Search for all imports of `CryptoService` in `src/` code
+2. Remove all instantiations and injections
+3. Verify no methods are actually called
+4. Remove from DI containers (services.module.ts, bwdc.ts, main.ts)
+
+Expected: Zero usage, straightforward removal.
+
+### Step 7: Update WindowMain/TrayMain to Use StateServiceVNext
+
+Update `jslib/electron/src/window.main.ts`:
+
+```typescript
+// Change constructor to accept StateServiceVNext instead of StateService
+constructor(
+  private stateService: StateServiceVNext, // Changed from StateService
+  // ... other params
+) {}
+
+// Update method calls to use StateServiceVNext interface
+async getWindowSettings(): Promise<any> {
+  return await this.stateService.getWindowSettings();
+}
+
+async setWindowSettings(settings: any): Promise<void> {
+  await this.stateService.setWindowSettings(settings);
+}
+```
+
+Update `jslib/electron/src/tray.main.ts` similarly:
+
+```typescript
+constructor(
+  private stateService: StateServiceVNext, // Changed from StateService
+  // ... other params
+) {}
+
+// Update method calls
+async getEnableTray(): Promise<boolean> {
+  return await this.stateService.getEnableTray();
+}
+// ... etc for other tray settings
+```
+
+**Required:** Add window/tray setting storage to StateServiceVNext:
+
+- `getWindowSettings()` / `setWindowSettings()`
+- `getEnableTray()` / `getEnableMinimizeToTray()` / `getEnableCloseToTray()` / `getAlwaysShowDock()`
+
+### Step 8: Update Service Registrations
+
+**In `src/app/services/services.module.ts`:**
+
+```typescript
+// Remove old services
+- import { StateService } from '@/services/state-service/state.service';
+- import { TokenService } from '@/jslib/common/src/services/token.service';
+- import { CryptoService } from '@/jslib/common/src/services/crypto.service';
+- import { EnvironmentService } from '@/jslib/common/src/services/environment.service';
+
+// Add new services
++ import { TokenService } from '@/services/token/token.service';
++ import { EnvironmentService } from '@/services/environment/environment.service';
+
+providers: [
+  // Remove old StateService provider
+  - { provide: StateService, useClass: StateService },
+
+  // Add new service providers
+  + { provide: TokenService, useClass: TokenService },
+  + { provide: EnvironmentService, useClass: EnvironmentService },
+
+  // Keep StateServiceVNext
+  { provide: StateServiceVNext, useClass: StateServiceVNextImplementation },
+]
+```
+
+**In `src/bwdc.ts` (CLI):**
+
+```typescript
+// Remove old service instantiations
+- this.stateService = new StateService(/* ... */);
+- this.cryptoService = new CryptoService(/* ... */);
+- this.tokenService = new TokenService(/* ... */);
+- this.environmentService = new EnvironmentService(this.stateService);
+
+// Add new service instantiations
++ this.tokenService = new TokenService(this.stateServiceVNext, secureStorageService);
++ this.environmentService = new EnvironmentService(this.stateServiceVNext);
+```
+
+**In `src/main.ts` (Electron):**
+
+```typescript
+// Remove old service instantiations
+- this.stateService = new StateService(/* ... */);
+- this.cryptoService = new CryptoService(/* ... */);
+- this.tokenService = new TokenService(/* ... */);
+- this.environmentService = new EnvironmentService(this.stateService);
+
+// Add new service instantiations
++ this.tokenService = new TokenService(this.stateServiceVNext, secureStorageService);
++ this.environmentService = new EnvironmentService(this.stateServiceVNext);
+
+// Update WindowMain/TrayMain to use StateServiceVNext
+- this.windowMain = new WindowMain(this.stateService, /* ... */);
+- this.trayMain = new TrayMain(this.stateService, /* ... */);
++ this.windowMain = new WindowMain(this.stateServiceVNext, /* ... */);
++ this.trayMain = new TrayMain(this.stateServiceVNext, /* ... */);
+```
+
+### Step 9: Update Import Statements
+
+Update all files that import Token/Environment services:
+
+**Files to update:**
+
+- `src/services/api.service.ts` - Change TokenService import to DC version
+- `src/services/auth.service.ts` - Change EnvironmentService import to DC version
+- `src/services/sync.service.ts` - Change EnvironmentService import to DC version
+- `src/commands/config.command.ts` - Change EnvironmentService import to DC version
+- `src/app/app.component.ts` - Change TokenService import to DC version
+
+**Pattern:**
+
+```typescript
+// Before
+import { TokenService } from "@/jslib/common/src/services/token.service";
+import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
+
+// After
+import { TokenService } from "@/abstractions/token.service";
+import { EnvironmentService } from "@/abstractions/environment.service";
+```
+
+### Step 10: Delete Old StateService and jslib Services
+
+**Delete these files (after all references removed):**
+
+```bash
+# Old StateService implementations
+src/services/state-service/state.service.ts
+src/abstractions/state.service.ts
+jslib/common/src/services/state.service.ts
+jslib/common/src/abstractions/state.service.ts
+
+# jslib Token/Crypto/Environment services
+jslib/common/src/services/token.service.ts
+jslib/common/src/abstractions/token.service.ts
+jslib/common/src/services/crypto.service.ts
+jslib/common/src/abstractions/crypto.service.ts
+jslib/common/src/services/environment.service.ts
+jslib/common/src/abstractions/environment.service.ts
+```
+
+**Rename StateServiceVNext to StateService:**
+
+```bash
+# Rename files
+mv src/services/state-service/state-vNext.service.ts src/services/state-service/state.service.ts
+mv src/services/state-service/state-vNext.service.spec.ts src/services/state-service/state.service.spec.ts
+mv src/abstractions/state-vNext.service.ts src/abstractions/state.service.ts
+
+# Update all imports from StateServiceVNext to StateService
+# Find and replace: StateServiceVNext → StateService
+```
+
+### Step 11: Update Tests
+
+**Update existing tests that mock StateService:**
+
+- Update mocks to use new StateService interface (flat key-value structure)
+- Remove mocks for Token/Crypto/Environment services where they inject old versions
+- Add mocks for new DC Token/Environment services
+
+**Add new test files:**
+
+- `src/services/token/token.service.spec.ts` (created in Step 2)
+- `src/services/environment/environment.service.spec.ts` (created in Step 3)
+- `src/utils/jwt.util.spec.ts` (JWT utility tests)
+
+**Update integration tests:**
+
+- Verify token storage/retrieval works correctly
+- Verify environment URL configuration persists
+- Verify window/tray settings persist in Electron app
+
+## Verification Plan
+
+### Unit Tests
+
+```bash
+npm test  # Run all unit tests
+```
+
+**Expected:**
+
+- All new service tests pass (TokenService, EnvironmentService, JWT util)
+- All existing tests pass with updated mocks
+- No test failures due to StateService removal
+
+### Integration Tests
+
+```bash
+npm run test:integration
+```
+
+**Expected:**
+
+- LDAP sync tests pass
+- Authentication flow works correctly
+- Configuration persistence works
+
+### Manual Testing - CLI
+
+```bash
+# Build and run CLI
+npm run build:cli:watch
+node ./build-cli/bwdc.js --help
+
+# Test authentication
+node ./build-cli/bwdc.js config server https://vault.bitwarden.com
+node ./build-cli/bwdc.js login --apikey
+
+# Test sync
+node ./build-cli/bwdc.js config directory ldap
+node ./build-cli/bwdc.js config ldap.hostname ldap.example.com
+node ./build-cli/bwdc.js sync
+
+# Test logout
+node ./build-cli/bwdc.js logout
+```
+
+**Verify:**
+
+- ✅ Server URL configuration persists
+- ✅ Login stores tokens correctly
+- ✅ Token refresh works automatically
+- ✅ Sync completes successfully
+- ✅ Logout clears tokens
+
+### Manual Testing - Desktop App
+
+```bash
+# Build and run desktop app
+npm run electron
+```
+
+**Verify:**
+
+- ✅ Window position/size persists across restarts
+- ✅ "Always on top" setting persists
+- ✅ Tray icon shows/hides based on settings
+- ✅ Minimize/close to tray works
+- ✅ Login/logout flow works
+- ✅ Sync functionality works
+- ✅ Custom server URL configuration works
+
+### Migration Testing
+
+**Test migration from existing installation:**
+
+1. Install current production version
+2. Configure directory connection and run sync
+3. Install new version with StateService removal
+4. Launch app - verify automatic migration occurs
+5. Verify all settings preserved:
+   - Directory configuration
+   - Organization ID
+   - Server URLs
+   - Window/tray settings
+   - Authentication tokens
+
+**Expected:**
+
+- ✅ Migration runs automatically on first launch
+- ✅ All user data preserved
+- ✅ No user action required
+- ✅ App functions identically to before
+
+### Regression Testing
+
+Run through all major workflows:
+
+1. **Configuration**: Set up each directory type (LDAP, Entra, Google, Okta, OneLogin)
+2. **Authentication**: Login with API key, verify token refresh
+3. **Sync**: Full sync, incremental sync (delta tokens), detect changes via hash
+4. **Custom server**: Configure self-hosted Bitwarden server
+5. **Electron features**: Window management, tray behavior
+
+**Expected:** No regressions in functionality.
+
+## Rollback Plan
+
+If critical issues discovered post-deployment:
+
+1. **Revert commit** removing StateService
+2. **Keep StateServiceVNext in parallel** (already coexisting)
+3. **Debug issues** in development
+4. **Re-attempt removal** after fixes
+
+**Risk Assessment:** Low - StateServiceVNext has been in production since Phase 1 PR merge, proven stable.
+
+## Success Criteria
+
+- ✅ All old StateService implementations deleted
+- ✅ StateServiceVNext renamed to StateService (becomes primary)
+- ✅ jslib TokenService, CryptoService, EnvironmentService deleted
+- ✅ DC-specific Token/Environment services implemented and tested
+- ✅ All unit tests pass
+- ✅ All integration tests pass
+- ✅ Manual testing shows no regressions
+- ✅ Migration from old state structure works automatically
+- ✅ WindowMain/TrayMain adapted to new StateService
+- ✅ Zero references to old StateService in codebase
+
+## Next Steps (After Completion)
+
+This unblocks **Phase 2: Remove Remaining jslib Code**:
+
+- Delete unused jslib models (AccountData, AccountSettings, etc.)
+- Delete unused jslib services that referenced StateService
+- Clean up jslib/common folder of unused client code
+- Potentially merge remaining jslib code into src/ (flatten structure)
+
+Estimated effort: 2-3 days for experienced developer familiar with codebase.

jslib/angular/spec/test.ts

@@ -1,28 +0,0 @@
-import { webcrypto } from "crypto";
-import "jest-preset-angular/setup-jest";
-
-Object.defineProperty(window, "CSS", { value: null });
-Object.defineProperty(window, "getComputedStyle", {
-  value: () => {
-    return {
-      display: "none",
-      appearance: ["-webkit-appearance"],
-    };
-  },
-});
-
-Object.defineProperty(document, "doctype", {
-  value: "<!DOCTYPE html>",
-});
-Object.defineProperty(document.body.style, "transform", {
-  value: () => {
-    return {
-      enumerable: true,
-      configurable: true,
-    };
-  },
-});
-
-Object.defineProperty(window, "crypto", {
-  value: webcrypto,
-});

jslib/angular/src/components/callout.component.html

@@ -1,35 +0,0 @@
-<div
-  #callout
-  class="callout callout-{{ calloutStyle }}"
-  [ngClass]="{ clickable: clickable }"
-  [attr.role]="useAlertRole ? 'alert' : null"
->
-  <h3 class="callout-heading" *ngIf="title">
-    <i class="bwi {{ icon }}" *ngIf="icon" aria-hidden="true"></i>
-    {{ title }}
-  </h3>
-  <div class="enforced-policy-options" *ngIf="enforcedPolicyOptions">
-    {{ enforcedPolicyMessage }}
-    <ul>
-      <li *ngIf="enforcedPolicyOptions?.minComplexity > 0">
-        {{ "policyInEffectMinComplexity" | i18n: getPasswordScoreAlertDisplay() }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.minLength > 0">
-        {{ "policyInEffectMinLength" | i18n: enforcedPolicyOptions?.minLength.toString() }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireUpper">
-        {{ "policyInEffectUppercase" | i18n }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireLower">
-        {{ "policyInEffectLowercase" | i18n }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireNumbers">
-        {{ "policyInEffectNumbers" | i18n }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireSpecial">
-        {{ "policyInEffectSpecial" | i18n: "!@#$%^&*" }}
-      </li>
-    </ul>
-  </div>
-  <ng-content></ng-content>
-</div>

jslib/angular/src/components/callout.component.ts

@@ -1,78 +0,0 @@
-import { Component, Input, OnInit } from "@angular/core";
-
-import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
-import { MasterPasswordPolicyOptions } from "@/jslib/common/src/models/domain/masterPasswordPolicyOptions";
-
-@Component({
-  selector: "app-callout",
-  templateUrl: "callout.component.html",
-})
-export class CalloutComponent implements OnInit {
-  @Input() type = "info";
-  @Input() icon: string;
-  @Input() title: string;
-  @Input() clickable: boolean;
-  @Input() enforcedPolicyOptions: MasterPasswordPolicyOptions;
-  @Input() enforcedPolicyMessage: string;
-  @Input() useAlertRole = false;
-
-  calloutStyle: string;
-
-  constructor(private i18nService: I18nService) {}
-
-  ngOnInit() {
-    this.calloutStyle = this.type;
-
-    if (this.enforcedPolicyMessage === undefined) {
-      this.enforcedPolicyMessage = this.i18nService.t("masterPasswordPolicyInEffect");
-    }
-
-    if (this.type === "warning" || this.type === "danger") {
-      if (this.type === "danger") {
-        this.calloutStyle = "danger";
-      }
-      if (this.title === undefined) {
-        this.title = this.i18nService.t("warning");
-      }
-      if (this.icon === undefined) {
-        this.icon = "bwi-exclamation-triangle";
-      }
-    } else if (this.type === "error") {
-      this.calloutStyle = "danger";
-      if (this.title === undefined) {
-        this.title = this.i18nService.t("error");
-      }
-      if (this.icon === undefined) {
-        this.icon = "bwi-error";
-      }
-    } else if (this.type === "tip") {
-      this.calloutStyle = "success";
-      if (this.title === undefined) {
-        this.title = this.i18nService.t("tip");
-      }
-      if (this.icon === undefined) {
-        this.icon = "bwi-lightbulb";
-      }
-    }
-  }
-
-  getPasswordScoreAlertDisplay() {
-    if (this.enforcedPolicyOptions == null) {
-      return "";
-    }
-
-    let str: string;
-    switch (this.enforcedPolicyOptions.minComplexity) {
-      case 4:
-        str = this.i18nService.t("strong");
-        break;
-      case 3:
-        str = this.i18nService.t("good");
-        break;
-      default:
-        str = this.i18nService.t("weak");
-        break;
-    }
-    return str + " (" + this.enforcedPolicyOptions.minComplexity + ")";
-  }
-}

jslib/angular/src/components/environment.component.ts

@@ -1,63 +0,0 @@
-import { Directive, EventEmitter, Output } from "@angular/core";
-
-import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
-import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
-import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
-
-@Directive()
-export class EnvironmentComponent {
-  @Output() onSaved = new EventEmitter();
-
-  iconsUrl: string;
-  identityUrl: string;
-  apiUrl: string;
-  webVaultUrl: string;
-  notificationsUrl: string;
-  baseUrl: string;
-  showCustom = false;
-
-  constructor(
-    protected platformUtilsService: PlatformUtilsService,
-    protected environmentService: EnvironmentService,
-    protected i18nService: I18nService,
-  ) {
-    const urls = this.environmentService.getUrls();
-
-    this.baseUrl = urls.base || "";
-    this.webVaultUrl = urls.webVault || "";
-    this.apiUrl = urls.api || "";
-    this.identityUrl = urls.identity || "";
-    this.iconsUrl = urls.icons || "";
-    this.notificationsUrl = urls.notifications || "";
-  }
-
-  async submit() {
-    const resUrls = await this.environmentService.setUrls({
-      base: this.baseUrl,
-      api: this.apiUrl,
-      identity: this.identityUrl,
-      webVault: this.webVaultUrl,
-      icons: this.iconsUrl,
-      notifications: this.notificationsUrl,
-    });
-
-    // re-set urls since service can change them, ex: prefixing https://
-    this.baseUrl = resUrls.base;
-    this.apiUrl = resUrls.api;
-    this.identityUrl = resUrls.identity;
-    this.webVaultUrl = resUrls.webVault;
-    this.iconsUrl = resUrls.icons;
-    this.notificationsUrl = resUrls.notifications;
-
-    this.platformUtilsService.showToast("success", null, this.i18nService.t("environmentSaved"));
-    this.saved();
-  }
-
-  toggleCustom() {
-    this.showCustom = !this.showCustom;
-  }
-
-  protected saved() {
-    this.onSaved.emit();
-  }
-}

jslib/angular/src/components/icon.component.html

@@ -1,11 +0,0 @@
-<div class="icon" aria-hidden="true">
-  <img
-    [src]="image"
-    appFallbackSrc="{{ fallbackImage }}"
-    *ngIf="imageEnabled && image"
-    alt=""
-    decoding="async"
-    loading="lazy"
-  />
-  <i class="bwi bwi-fw bwi-lg {{ icon }}" *ngIf="!imageEnabled || !image"></i>
-</div>

jslib/angular/src/components/icon.component.ts

@@ -1,115 +0,0 @@
-import { Component, Input, OnChanges } from "@angular/core";
-
-import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
-import { StateService } from "@/jslib/common/src/abstractions/state.service";
-import { CipherType } from "@/jslib/common/src/enums/cipherType";
-import { Utils } from "@/jslib/common/src/misc/utils";
-import { CipherView } from "@/jslib/common/src/models/view/cipherView";
-
-/**
- * Provides a mapping from supported card brands to
- * the filenames of icon that should be present in images/cards folder of clients.
- */
-const cardIcons: Record<string, string> = {
-  Visa: "card-visa",
-  Mastercard: "card-mastercard",
-  Amex: "card-amex",
-  Discover: "card-discover",
-  "Diners Club": "card-diners-club",
-  JCB: "card-jcb",
-  Maestro: "card-maestro",
-  UnionPay: "card-union-pay",
-};
-
-@Component({
-  selector: "app-vault-icon",
-  templateUrl: "icon.component.html",
-})
-export class IconComponent implements OnChanges {
-  @Input() cipher: CipherView;
-  icon: string;
-  image: string;
-  fallbackImage: string;
-  imageEnabled: boolean;
-
-  private iconsUrl: string;
-
-  constructor(
-    environmentService: EnvironmentService,
-    private stateService: StateService,
-  ) {
-    this.iconsUrl = environmentService.getIconsUrl();
-  }
-
-  async ngOnChanges() {
-    // Components may be re-used when using cdk-virtual-scroll. Which puts the component in a weird state,
-    // to avoid this we reset all state variables.
-    this.image = null;
-    this.fallbackImage = null;
-    this.imageEnabled = !(await this.stateService.getDisableFavicon());
-    this.load();
-  }
-
-  protected load() {
-    switch (this.cipher.type) {
-      case CipherType.Login:
-        this.icon = "bwi-globe";
-        this.setLoginIcon();
-        break;
-      case CipherType.SecureNote:
-        this.icon = "bwi-sticky-note";
-        break;
-      case CipherType.Card:
-        this.icon = "bwi-credit-card";
-        this.setCardIcon();
-        break;
-      case CipherType.Identity:
-        this.icon = "bwi-id-card";
-        break;
-      default:
-        break;
-    }
-  }
-
-  private setLoginIcon() {
-    if (this.cipher.login.uri) {
-      let hostnameUri = this.cipher.login.uri;
-      let isWebsite = false;
-
-      if (hostnameUri.indexOf("androidapp://") === 0) {
-        this.icon = "bwi-android";
-        this.image = null;
-      } else if (hostnameUri.indexOf("iosapp://") === 0) {
-        this.icon = "bwi-apple";
-        this.image = null;
-      } else if (
-        this.imageEnabled &&
-        hostnameUri.indexOf("://") === -1 &&
-        hostnameUri.indexOf(".") > -1
-      ) {
-        hostnameUri = "http://" + hostnameUri;
-        isWebsite = true;
-      } else if (this.imageEnabled) {
-        isWebsite = hostnameUri.indexOf("http") === 0 && hostnameUri.indexOf(".") > -1;
-      }
-
-      if (this.imageEnabled && isWebsite) {
-        try {
-          this.image = this.iconsUrl + "/" + Utils.getHostname(hostnameUri) + "/icon.png";
-          this.fallbackImage = "images/bwi-globe.png";
-        } catch (e) {
-          // Ignore error since the fallback icon will be shown if image is null.
-        }
-      }
-    } else {
-      this.image = null;
-    }
-  }
-
-  private setCardIcon() {
-    const brand = this.cipher.card.brand;
-    if (this.imageEnabled && brand in cardIcons) {
-      this.icon = "credit-card-icon " + cardIcons[brand];
-    }
-  }
-}

jslib/angular/src/components/modal/modal-injector.ts

@@ -1,4 +1,4 @@
-import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";
+import { InjectOptions, Injector, ProviderToken } from "@angular/core";
 
 export class ModalInjector implements Injector {
   constructor(
@@ -12,8 +12,7 @@ export class ModalInjector implements Injector {
     options: InjectOptions & { optional?: false },
   ): T;
   get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions): T;
   get(token: any, notFoundValue?: any): any;
   get(token: any, notFoundValue?: any, flags?: any): any {
     return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);

jslib/angular/src/components/modal/modal.ref.ts

@@ -1,5 +1,4 @@
-import { Observable, Subject } from "rxjs";
-import { first } from "rxjs/operators";
+import { lastValueFrom, Observable, Subject } from "rxjs";
 
 export class ModalRef {
   onCreated: Observable<HTMLElement>; // Modal added to the DOM.
@@ -45,6 +44,6 @@ export class ModalRef {
   }
 
   onClosedPromise(): Promise<any> {
-    return this.onClosed.pipe(first()).toPromise();
+    return lastValueFrom(this.onClosed);
   }
 }

jslib/angular/src/components/password-reprompt.component.ts

@@ -1,41 +0,0 @@
-import { Directive } from "@angular/core";
-
-import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
-import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
-import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
-
-import { ModalRef } from "./modal/modal.ref";
-
-/**
- * Used to verify the user's Master Password for the "Master Password Re-prompt" feature only.
- * See UserVerificationComponent for any other situation where you need to verify the user's identity.
- */
-@Directive()
-export class PasswordRepromptComponent {
-  showPassword = false;
-  masterPassword = "";
-
-  constructor(
-    private modalRef: ModalRef,
-    private cryptoService: CryptoService,
-    private platformUtilsService: PlatformUtilsService,
-    private i18nService: I18nService,
-  ) {}
-
-  togglePassword() {
-    this.showPassword = !this.showPassword;
-  }
-
-  async submit() {
-    if (!(await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, null))) {
-      this.platformUtilsService.showToast(
-        "error",
-        this.i18nService.t("errorOccurred"),
-        this.i18nService.t("invalidMasterPassword"),
-      );
-      return;
-    }
-
-    this.modalRef.close(true);
-  }
-}

jslib/angular/src/components/toastr.component.ts

@@ -1,74 +1,77 @@
-import { animate, state, style, transition, trigger } from "@angular/animations";
 import { CommonModule } from "@angular/common";
 import { Component, ModuleWithProviders, NgModule } from "@angular/core";
-import {
-  DefaultNoComponentGlobalConfig,
-  GlobalConfig,
-  Toast as BaseToast,
-  ToastPackage,
-  ToastrService,
-  TOAST_CONFIG,
-} from "ngx-toastr";
+import { DefaultNoComponentGlobalConfig, GlobalConfig, Toast, TOAST_CONFIG } from "ngx-toastr";
 
 @Component({
   selector: "[toast-component2]",
   template: `
-    <button
-      *ngIf="options.closeButton"
-      (click)="remove()"
-      type="button"
-      class="toast-close-button"
-      aria-label="Close"
-    >
-      <span aria-hidden="true">&times;</span>
-    </button>
+    @if (options().closeButton) {
+      <button (click)="remove()" type="button" class="toast-close-button" aria-label="Close">
+        <span aria-hidden="true">&times;</span>
+      </button>
+    }
     <div class="icon">
       <i></i>
     </div>
     <div>
-      <div *ngIf="title" [class]="options.titleClass" [attr.aria-label]="title">
-        {{ title }} <ng-container *ngIf="duplicatesCount">[{{ duplicatesCount + 1 }}]</ng-container>
-      </div>
-      <div
-        *ngIf="message && options.enableHtml"
-        role="alertdialog"
-        aria-live="polite"
-        [class]="options.messageClass"
-        [innerHTML]="message"
-      ></div>
-      <div
-        *ngIf="message && !options.enableHtml"
-        role="alertdialog"
-        aria-live="polite"
-        [class]="options.messageClass"
-        [attr.aria-label]="message"
-      >
-        {{ message }}
-      </div>
-    </div>
-    <div *ngIf="options.progressBar">
-      <div class="toast-progress" [style.width]="width + '%'"></div>
+      @if (title()) {
+        <div [class]="options().titleClass" [attr.aria-label]="title()">
+          {{ title() }}
+          @if (duplicatesCount) {
+            [{{ duplicatesCount + 1 }}]
+          }
+        </div>
+      }
+      @if (message() && options().enableHtml) {
+        <div
+          role="alertdialog"
+          aria-live="polite"
+          [class]="options().messageClass"
+          [innerHTML]="message()"
+        ></div>
+      }
+      @if (message() && !options().enableHtml) {
+        <div
+          role="alertdialog"
+          aria-live="polite"
+          [class]="options().messageClass"
+          [attr.aria-label]="message()"
+        >
+          {{ message() }}
+        </div>
+      }
     </div>
+    @if (options().progressBar) {
+      <div>
+        <div class="toast-progress" [style.width]="width + '%'"></div>
+      </div>
+    }
+  `,
+  styles: `
+    :host {
+      &.toast-in {
+        animation: toast-animation var(--animation-duration) var(--animation-easing);
+      }
+
+      &.toast-out {
+        animation: toast-animation var(--animation-duration) var(--animation-easing) reverse
+          forwards;
+      }
+    }
+
+    @keyframes toast-animation {
+      from {
+        opacity: 0;
+      }
+      to {
+        opacity: 1;
+      }
+    }
   `,
-  animations: [
-    trigger("flyInOut", [
-      state("inactive", style({ opacity: 0 })),
-      state("active", style({ opacity: 1 })),
-      state("removed", style({ opacity: 0 })),
-      transition("inactive => active", animate("{{ easeTime }}ms {{ easing }}")),
-      transition("active => removed", animate("{{ easeTime }}ms {{ easing }}")),
-    ]),
-  ],
   preserveWhitespaces: false,
+  standalone: false,
 })
-export class BitwardenToast extends BaseToast {
-  constructor(
-    protected toastrService: ToastrService,
-    public toastPackage: ToastPackage,
-  ) {
-    super(toastrService, toastPackage);
-  }
-}
+export class BitwardenToast extends Toast {}
 
 export const BitwardenToastGlobalConfig: GlobalConfig = {
   ...DefaultNoComponentGlobalConfig,

jslib/angular/src/directives/a11y-title.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, Input, Renderer2 } from "@angular/core";
 
 @Directive({
   selector: "[appA11yTitle]",
+  standalone: false,
 })
 export class A11yTitleDirective {
   @Input() set appA11yTitle(title: string) {

jslib/angular/src/directives/api-action.directive.ts

@@ -13,6 +13,7 @@ import { ValidationService } from "../services/validation.service";
  */
 @Directive({
   selector: "[appApiAction]",
+  standalone: false,
 })
 export class ApiActionDirective implements OnChanges {
   @Input() appApiAction: Promise<any>;

jslib/angular/src/directives/autofocus.directive.ts

@@ -1,10 +1,11 @@
 import { Directive, ElementRef, Input, NgZone } from "@angular/core";
-import { take } from "rxjs/operators";
+import { take } from "rxjs";
 
 import { Utils } from "@/jslib/common/src/misc/utils";
 
 @Directive({
   selector: "[appAutofocus]",
+  standalone: false,
 })
 export class AutofocusDirective {
   @Input() set appAutofocus(condition: boolean | string) {

jslib/angular/src/directives/blur-click.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener } from "@angular/core";
 
 @Directive({
   selector: "[appBlurClick]",
+  standalone: false,
 })
 export class BlurClickDirective {
   constructor(private el: ElementRef) {}

jslib/angular/src/directives/box-row.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener, OnInit } from "@angular/core";
 
 @Directive({
   selector: "[appBoxRow]",
+  standalone: false,
 })
 export class BoxRowDirective implements OnInit {
   el: HTMLElement = null;

jslib/angular/src/directives/fallback-src.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener, Input } from "@angular/core";
 
 @Directive({
   selector: "[appFallbackSrc]",
+  standalone: false,
 })
 export class FallbackSrcDirective {
   @Input("appFallbackSrc") appFallbackSrc: string;

jslib/angular/src/directives/stop-click.directive.ts

@@ -2,6 +2,7 @@ import { Directive, HostListener } from "@angular/core";
 
 @Directive({
   selector: "[appStopClick]",
+  standalone: false,
 })
 export class StopClickDirective {
   @HostListener("click", ["$event"]) onClick($event: MouseEvent) {

jslib/angular/src/directives/stop-prop.directive.ts

@@ -2,6 +2,7 @@ import { Directive, HostListener } from "@angular/core";
 
 @Directive({
   selector: "[appStopProp]",
+  standalone: false,
 })
 export class StopPropDirective {
   @HostListener("click", ["$event"]) onClick($event: MouseEvent) {

jslib/angular/src/pipes/i18n.pipe.ts

@@ -4,6 +4,7 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 
 @Pipe({
   name: "i18n",
+  standalone: false,
 })
 export class I18nPipe implements PipeTransform {
   constructor(private i18nService: I18nService) {}

jslib/angular/src/pipes/search-ciphers.pipe.ts

@@ -1,41 +0,0 @@
-import { Pipe, PipeTransform } from "@angular/core";
-
-import { CipherView } from "@/jslib/common/src/models/view/cipherView";
-
-@Pipe({
-  name: "searchCiphers",
-})
-export class SearchCiphersPipe implements PipeTransform {
-  transform(ciphers: CipherView[], searchText: string, deleted = false): CipherView[] {
-    if (ciphers == null || ciphers.length === 0) {
-      return [];
-    }
-
-    if (searchText == null || searchText.length < 2) {
-      return ciphers.filter((c) => {
-        return deleted !== c.isDeleted;
-      });
-    }
-
-    searchText = searchText.trim().toLowerCase();
-    return ciphers.filter((c) => {
-      if (deleted !== c.isDeleted) {
-        return false;
-      }
-      if (c.name != null && c.name.toLowerCase().indexOf(searchText) > -1) {
-        return true;
-      }
-      if (searchText.length >= 8 && c.id.startsWith(searchText)) {
-        return true;
-      }
-      if (c.subTitle != null && c.subTitle.toLowerCase().indexOf(searchText) > -1) {
-        return true;
-      }
-      if (c.login && c.login.uri != null && c.login.uri.toLowerCase().indexOf(searchText) > -1) {
-        return true;
-      }
-
-      return false;
-    });
-  }
-}

jslib/angular/src/services/jslib-services.module.ts

@@ -1,143 +0,0 @@
-import { LOCALE_ID, NgModule } from "@angular/core";
-
-import { ApiService as ApiServiceAbstraction } from "@/jslib/common/src/abstractions/api.service";
-import { AppIdService as AppIdServiceAbstraction } from "@/jslib/common/src/abstractions/appId.service";
-import { BroadcasterService as BroadcasterServiceAbstraction } from "@/jslib/common/src/abstractions/broadcaster.service";
-import { CryptoService as CryptoServiceAbstraction } from "@/jslib/common/src/abstractions/crypto.service";
-import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@/jslib/common/src/abstractions/cryptoFunction.service";
-import { EnvironmentService as EnvironmentServiceAbstraction } from "@/jslib/common/src/abstractions/environment.service";
-import { I18nService as I18nServiceAbstraction } from "@/jslib/common/src/abstractions/i18n.service";
-import { LogService } from "@/jslib/common/src/abstractions/log.service";
-import { MessagingService as MessagingServiceAbstraction } from "@/jslib/common/src/abstractions/messaging.service";
-import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@/jslib/common/src/abstractions/platformUtils.service";
-import { StateService as StateServiceAbstraction } from "@/jslib/common/src/abstractions/state.service";
-import { StateMigrationService as StateMigrationServiceAbstraction } from "@/jslib/common/src/abstractions/stateMigration.service";
-import { StorageService as StorageServiceAbstraction } from "@/jslib/common/src/abstractions/storage.service";
-import { TokenService as TokenServiceAbstraction } from "@/jslib/common/src/abstractions/token.service";
-import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
-import { Account } from "@/jslib/common/src/models/domain/account";
-import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
-import { ApiService } from "@/jslib/common/src/services/api.service";
-import { AppIdService } from "@/jslib/common/src/services/appId.service";
-import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
-import { CryptoService } from "@/jslib/common/src/services/crypto.service";
-import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
-import { StateService } from "@/jslib/common/src/services/state.service";
-import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
-import { TokenService } from "@/jslib/common/src/services/token.service";
-
-import {
-  SafeInjectionToken,
-  SECURE_STORAGE,
-  WINDOW,
-} from "../../../../src/app/services/injection-tokens";
-import { SafeProvider, safeProvider } from "../../../../src/app/services/safe-provider";
-
-import { BroadcasterService } from "./broadcaster.service";
-import { ModalService } from "./modal.service";
-import { ValidationService } from "./validation.service";
-
-@NgModule({
-  declarations: [],
-  providers: [
-    safeProvider({ provide: WINDOW, useValue: window }),
-    safeProvider({
-      provide: LOCALE_ID as SafeInjectionToken<string>,
-      useFactory: (i18nService: I18nServiceAbstraction) => i18nService.translationLocale,
-      deps: [I18nServiceAbstraction],
-    }),
-    safeProvider(ValidationService),
-    safeProvider(ModalService),
-    safeProvider({
-      provide: AppIdServiceAbstraction,
-      useClass: AppIdService,
-      deps: [StorageServiceAbstraction],
-    }),
-    safeProvider({ provide: LogService, useFactory: () => new ConsoleLogService(false), deps: [] }),
-    safeProvider({
-      provide: EnvironmentServiceAbstraction,
-      useClass: EnvironmentService,
-      deps: [StateServiceAbstraction],
-    }),
-    safeProvider({
-      provide: TokenServiceAbstraction,
-      useClass: TokenService,
-      deps: [StateServiceAbstraction],
-    }),
-    safeProvider({
-      provide: CryptoServiceAbstraction,
-      useClass: CryptoService,
-      deps: [
-        CryptoFunctionServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        LogService,
-        StateServiceAbstraction,
-      ],
-    }),
-    safeProvider({
-      provide: ApiServiceAbstraction,
-      useFactory: (
-        tokenService: TokenServiceAbstraction,
-        platformUtilsService: PlatformUtilsServiceAbstraction,
-        environmentService: EnvironmentServiceAbstraction,
-        messagingService: MessagingServiceAbstraction,
-        appIdService: AppIdServiceAbstraction,
-      ) =>
-        new ApiService(
-          tokenService,
-          platformUtilsService,
-          environmentService,
-          appIdService,
-          async (expired: boolean) => messagingService.send("logout", { expired: expired }),
-        ),
-      deps: [
-        TokenServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        EnvironmentServiceAbstraction,
-        MessagingServiceAbstraction,
-        AppIdServiceAbstraction,
-      ],
-    }),
-    safeProvider({
-      provide: BroadcasterServiceAbstraction,
-      useClass: BroadcasterService,
-      useAngularDecorators: true,
-    }),
-    safeProvider({
-      provide: StateServiceAbstraction,
-      useFactory: (
-        storageService: StorageServiceAbstraction,
-        secureStorageService: StorageServiceAbstraction,
-        logService: LogService,
-        stateMigrationService: StateMigrationServiceAbstraction,
-      ) =>
-        new StateService(
-          storageService,
-          secureStorageService,
-          logService,
-          stateMigrationService,
-          new StateFactory(GlobalState, Account),
-        ),
-      deps: [
-        StorageServiceAbstraction,
-        SECURE_STORAGE,
-        LogService,
-        StateMigrationServiceAbstraction,
-      ],
-    }),
-    safeProvider({
-      provide: StateMigrationServiceAbstraction,
-      useFactory: (
-        storageService: StorageServiceAbstraction,
-        secureStorageService: StorageServiceAbstraction,
-      ) =>
-        new StateMigrationService(
-          storageService,
-          secureStorageService,
-          new StateFactory(GlobalState, Account),
-        ),
-      deps: [StorageServiceAbstraction, SECURE_STORAGE],
-    }),
-  ] satisfies SafeProvider[],
-})
-export class JslibServicesModule {}

jslib/angular/src/services/modal.service.ts

@@ -9,7 +9,7 @@ import {
   Type,
   ViewContainerRef,
 } from "@angular/core";
-import { first } from "rxjs/operators";
+import { first, firstValueFrom } from "rxjs";
 
 import { DynamicModalComponent } from "../components/modal/dynamic-modal.component";
 import { ModalInjector } from "../components/modal/modal-injector";
@@ -58,7 +58,7 @@ export class ModalService {
 
     viewContainerRef.insert(modalComponentRef.hostView);
 
-    await modalRef.onCreated.pipe(first()).toPromise();
+    await firstValueFrom(modalRef.onCreated);
 
     return [modalRef, modalComponentRef.instance.componentRef.instance];
   }

jslib/common/spec/domain/attachment.spec.ts

@@ -1,83 +0,0 @@
-import { Substitute, Arg } from "@fluffy-spoon/substitute";
-
-import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
-import { AttachmentData } from "@/jslib/common/src/models/data/attachmentData";
-import { Attachment } from "@/jslib/common/src/models/domain/attachment";
-import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
-import { ContainerService } from "@/jslib/common/src/services/container.service";
-
-import { makeStaticByteArray, mockEnc } from "../utils";
-
-describe("Attachment", () => {
-  let data: AttachmentData;
-
-  beforeEach(() => {
-    data = {
-      id: "id",
-      url: "url",
-      fileName: "fileName",
-      key: "key",
-      size: "1100",
-      sizeName: "1.1 KB",
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new AttachmentData();
-    const attachment = new Attachment(data);
-
-    expect(attachment).toEqual({
-      id: null,
-      url: null,
-      size: undefined,
-      sizeName: null,
-      key: null,
-      fileName: null,
-    });
-  });
-
-  it("Convert", () => {
-    const attachment = new Attachment(data);
-
-    expect(attachment).toEqual({
-      size: "1100",
-      id: "id",
-      url: "url",
-      sizeName: "1.1 KB",
-      fileName: { encryptedString: "fileName", encryptionType: 0 },
-      key: { encryptedString: "key", encryptionType: 0 },
-    });
-  });
-
-  it("toAttachmentData", () => {
-    const attachment = new Attachment(data);
-    expect(attachment.toAttachmentData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const attachment = new Attachment();
-    attachment.id = "id";
-    attachment.url = "url";
-    attachment.size = "1100";
-    attachment.sizeName = "1.1 KB";
-    attachment.key = mockEnc("key");
-    attachment.fileName = mockEnc("fileName");
-
-    const cryptoService = Substitute.for<CryptoService>();
-    cryptoService.getOrgKey(null).resolves(null);
-    cryptoService.decryptToBytes(Arg.any(), Arg.any()).resolves(makeStaticByteArray(32));
-
-    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
-
-    const view = await attachment.decrypt(null);
-
-    expect(view).toEqual({
-      id: "id",
-      url: "url",
-      size: "1100",
-      sizeName: "1.1 KB",
-      fileName: "fileName",
-      key: expect.any(SymmetricCryptoKey),
-    });
-  });
-});

jslib/common/spec/domain/card.spec.ts

@@ -1,73 +0,0 @@
-import { CardData } from "@/jslib/common/src/models/data/cardData";
-import { Card } from "@/jslib/common/src/models/domain/card";
-
-import { mockEnc } from "../utils";
-
-describe("Card", () => {
-  let data: CardData;
-
-  beforeEach(() => {
-    data = {
-      cardholderName: "encHolder",
-      brand: "encBrand",
-      number: "encNumber",
-      expMonth: "encMonth",
-      expYear: "encYear",
-      code: "encCode",
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new CardData();
-    const card = new Card(data);
-
-    expect(card).toEqual({
-      cardholderName: null,
-      brand: null,
-      number: null,
-      expMonth: null,
-      expYear: null,
-      code: null,
-    });
-  });
-
-  it("Convert", () => {
-    const card = new Card(data);
-
-    expect(card).toEqual({
-      cardholderName: { encryptedString: "encHolder", encryptionType: 0 },
-      brand: { encryptedString: "encBrand", encryptionType: 0 },
-      number: { encryptedString: "encNumber", encryptionType: 0 },
-      expMonth: { encryptedString: "encMonth", encryptionType: 0 },
-      expYear: { encryptedString: "encYear", encryptionType: 0 },
-      code: { encryptedString: "encCode", encryptionType: 0 },
-    });
-  });
-
-  it("toCardData", () => {
-    const card = new Card(data);
-    expect(card.toCardData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const card = new Card();
-    card.cardholderName = mockEnc("cardHolder");
-    card.brand = mockEnc("brand");
-    card.number = mockEnc("number");
-    card.expMonth = mockEnc("expMonth");
-    card.expYear = mockEnc("expYear");
-    card.code = mockEnc("code");
-
-    const view = await card.decrypt(null);
-
-    expect(view).toEqual({
-      _brand: "brand",
-      _number: "number",
-      _subTitle: null,
-      cardholderName: "cardHolder",
-      code: "code",
-      expMonth: "expMonth",
-      expYear: "expYear",
-    });
-  });
-});

jslib/common/spec/domain/cipher.spec.ts

@@ -1,599 +0,0 @@
-import { Substitute, Arg } from "@fluffy-spoon/substitute";
-
-import { CipherRepromptType } from "@/jslib/common/src/enums/cipherRepromptType";
-import { CipherType } from "@/jslib/common/src/enums/cipherType";
-import { FieldType } from "@/jslib/common/src/enums/fieldType";
-import { SecureNoteType } from "@/jslib/common/src/enums/secureNoteType";
-import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
-import { CipherData } from "@/jslib/common/src/models/data/cipherData";
-import { Card } from "@/jslib/common/src/models/domain/card";
-import { Cipher } from "@/jslib/common/src/models/domain/cipher";
-import { Identity } from "@/jslib/common/src/models/domain/identity";
-import { Login } from "@/jslib/common/src/models/domain/login";
-import { SecureNote } from "@/jslib/common/src/models/domain/secureNote";
-import { CardView } from "@/jslib/common/src/models/view/cardView";
-import { IdentityView } from "@/jslib/common/src/models/view/identityView";
-import { LoginView } from "@/jslib/common/src/models/view/loginView";
-
-import { mockEnc } from "../utils";
-
-describe("Cipher DTO", () => {
-  it("Convert from empty CipherData", () => {
-    const data = new CipherData();
-    const cipher = new Cipher(data);
-
-    expect(cipher).toEqual({
-      id: null,
-      userId: null,
-      organizationId: null,
-      folderId: null,
-      name: null,
-      notes: null,
-      type: undefined,
-      favorite: undefined,
-      organizationUseTotp: undefined,
-      edit: undefined,
-      viewPassword: true,
-      revisionDate: null,
-      collectionIds: undefined,
-      localData: null,
-      deletedDate: null,
-      reprompt: undefined,
-      attachments: null,
-      fields: null,
-      passwordHistory: null,
-    });
-  });
-
-  describe("LoginCipher", () => {
-    let cipherData: CipherData;
-
-    beforeEach(() => {
-      cipherData = {
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        userId: "userId",
-        edit: true,
-        viewPassword: true,
-        organizationUseTotp: true,
-        favorite: false,
-        revisionDate: "2022-01-31T12:00:00.000Z",
-        type: CipherType.Login,
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        deletedDate: null,
-        reprompt: CipherRepromptType.None,
-        login: {
-          uris: [{ uri: "EncryptedString", match: UriMatchType.Domain }],
-          username: "EncryptedString",
-          password: "EncryptedString",
-          passwordRevisionDate: "2022-01-31T12:00:00.000Z",
-          totp: "EncryptedString",
-          autofillOnPageLoad: false,
-        },
-        passwordHistory: [
-          { password: "EncryptedString", lastUsedDate: "2022-01-31T12:00:00.000Z" },
-        ],
-        attachments: [
-          {
-            id: "a1",
-            url: "url",
-            size: "1100",
-            sizeName: "1.1 KB",
-            fileName: "file",
-            key: "EncKey",
-          },
-          {
-            id: "a2",
-            url: "url",
-            size: "1100",
-            sizeName: "1.1 KB",
-            fileName: "file",
-            key: "EncKey",
-          },
-        ],
-        fields: [
-          {
-            name: "EncryptedString",
-            value: "EncryptedString",
-            type: FieldType.Text,
-            linkedId: null,
-          },
-          {
-            name: "EncryptedString",
-            value: "EncryptedString",
-            type: FieldType.Hidden,
-            linkedId: null,
-          },
-        ],
-      };
-    });
-
-    it("Convert", () => {
-      const cipher = new Cipher(cipherData);
-
-      expect(cipher).toEqual({
-        id: "id",
-        userId: "userId",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: { encryptedString: "EncryptedString", encryptionType: 0 },
-        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
-        type: 1,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        collectionIds: undefined,
-        localData: null,
-        deletedDate: null,
-        reprompt: 0,
-        login: {
-          passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
-          autofillOnPageLoad: false,
-          username: { encryptedString: "EncryptedString", encryptionType: 0 },
-          password: { encryptedString: "EncryptedString", encryptionType: 0 },
-          totp: { encryptedString: "EncryptedString", encryptionType: 0 },
-          uris: [{ match: 0, uri: { encryptedString: "EncryptedString", encryptionType: 0 } }],
-        },
-        attachments: [
-          {
-            fileName: { encryptedString: "file", encryptionType: 0 },
-            id: "a1",
-            key: { encryptedString: "EncKey", encryptionType: 0 },
-            size: "1100",
-            sizeName: "1.1 KB",
-            url: "url",
-          },
-          {
-            fileName: { encryptedString: "file", encryptionType: 0 },
-            id: "a2",
-            key: { encryptedString: "EncKey", encryptionType: 0 },
-            size: "1100",
-            sizeName: "1.1 KB",
-            url: "url",
-          },
-        ],
-        fields: [
-          {
-            linkedId: null,
-            name: { encryptedString: "EncryptedString", encryptionType: 0 },
-            type: 0,
-            value: { encryptedString: "EncryptedString", encryptionType: 0 },
-          },
-          {
-            linkedId: null,
-            name: { encryptedString: "EncryptedString", encryptionType: 0 },
-            type: 1,
-            value: { encryptedString: "EncryptedString", encryptionType: 0 },
-          },
-        ],
-        passwordHistory: [
-          {
-            lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
-            password: { encryptedString: "EncryptedString", encryptionType: 0 },
-          },
-        ],
-      });
-    });
-
-    it("toCipherData", () => {
-      const cipher = new Cipher(cipherData);
-      expect(cipher.toCipherData("userId")).toEqual(cipherData);
-    });
-
-    it("Decrypt", async () => {
-      const cipher = new Cipher();
-      cipher.id = "id";
-      cipher.organizationId = "orgId";
-      cipher.folderId = "folderId";
-      cipher.edit = true;
-      cipher.viewPassword = true;
-      cipher.organizationUseTotp = true;
-      cipher.favorite = false;
-      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
-      cipher.type = CipherType.Login;
-      cipher.name = mockEnc("EncryptedString");
-      cipher.notes = mockEnc("EncryptedString");
-      cipher.deletedDate = null;
-      cipher.reprompt = CipherRepromptType.None;
-
-      const loginView = new LoginView();
-      loginView.username = "username";
-      loginView.password = "password";
-
-      const login = Substitute.for<Login>();
-      login.decrypt(Arg.any(), Arg.any()).resolves(loginView);
-      cipher.login = login;
-
-      const cipherView = await cipher.decrypt();
-
-      expect(cipherView).toMatchObject({
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        type: 1,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        login: loginView,
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-        collectionIds: undefined,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        deletedDate: null,
-        reprompt: 0,
-        localData: undefined,
-      });
-    });
-  });
-
-  describe("SecureNoteCipher", () => {
-    let cipherData: CipherData;
-
-    beforeEach(() => {
-      cipherData = {
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        userId: "userId",
-        edit: true,
-        viewPassword: true,
-        organizationUseTotp: true,
-        favorite: false,
-        revisionDate: "2022-01-31T12:00:00.000Z",
-        type: CipherType.SecureNote,
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        deletedDate: null,
-        reprompt: CipherRepromptType.None,
-        secureNote: {
-          type: SecureNoteType.Generic,
-        },
-      };
-    });
-
-    it("Convert", () => {
-      const cipher = new Cipher(cipherData);
-
-      expect(cipher).toEqual({
-        id: "id",
-        userId: "userId",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: { encryptedString: "EncryptedString", encryptionType: 0 },
-        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
-        type: 2,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        collectionIds: undefined,
-        localData: null,
-        deletedDate: null,
-        reprompt: 0,
-        secureNote: { type: SecureNoteType.Generic },
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-      });
-    });
-
-    it("toCipherData", () => {
-      const cipher = new Cipher(cipherData);
-      expect(cipher.toCipherData("userId")).toEqual(cipherData);
-    });
-
-    it("Decrypt", async () => {
-      const cipher = new Cipher();
-      cipher.id = "id";
-      cipher.organizationId = "orgId";
-      cipher.folderId = "folderId";
-      cipher.edit = true;
-      cipher.viewPassword = true;
-      cipher.organizationUseTotp = true;
-      cipher.favorite = false;
-      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
-      cipher.type = CipherType.SecureNote;
-      cipher.name = mockEnc("EncryptedString");
-      cipher.notes = mockEnc("EncryptedString");
-      cipher.deletedDate = null;
-      cipher.reprompt = CipherRepromptType.None;
-      cipher.secureNote = new SecureNote();
-      cipher.secureNote.type = SecureNoteType.Generic;
-
-      const cipherView = await cipher.decrypt();
-
-      expect(cipherView).toMatchObject({
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        type: 2,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        secureNote: { type: 0 },
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-        collectionIds: undefined,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        deletedDate: null,
-        reprompt: 0,
-        localData: undefined,
-      });
-    });
-  });
-
-  describe("CardCipher", () => {
-    let cipherData: CipherData;
-
-    beforeEach(() => {
-      cipherData = {
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        userId: "userId",
-        edit: true,
-        viewPassword: true,
-        organizationUseTotp: true,
-        favorite: false,
-        revisionDate: "2022-01-31T12:00:00.000Z",
-        type: CipherType.Card,
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        deletedDate: null,
-        reprompt: CipherRepromptType.None,
-        card: {
-          cardholderName: "EncryptedString",
-          brand: "EncryptedString",
-          number: "EncryptedString",
-          expMonth: "EncryptedString",
-          expYear: "EncryptedString",
-          code: "EncryptedString",
-        },
-      };
-    });
-
-    it("Convert", () => {
-      const cipher = new Cipher(cipherData);
-
-      expect(cipher).toEqual({
-        id: "id",
-        userId: "userId",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: { encryptedString: "EncryptedString", encryptionType: 0 },
-        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
-        type: 3,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        collectionIds: undefined,
-        localData: null,
-        deletedDate: null,
-        reprompt: 0,
-        card: {
-          cardholderName: { encryptedString: "EncryptedString", encryptionType: 0 },
-          brand: { encryptedString: "EncryptedString", encryptionType: 0 },
-          number: { encryptedString: "EncryptedString", encryptionType: 0 },
-          expMonth: { encryptedString: "EncryptedString", encryptionType: 0 },
-          expYear: { encryptedString: "EncryptedString", encryptionType: 0 },
-          code: { encryptedString: "EncryptedString", encryptionType: 0 },
-        },
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-      });
-    });
-
-    it("toCipherData", () => {
-      const cipher = new Cipher(cipherData);
-      expect(cipher.toCipherData("userId")).toEqual(cipherData);
-    });
-
-    it("Decrypt", async () => {
-      const cipher = new Cipher();
-      cipher.id = "id";
-      cipher.organizationId = "orgId";
-      cipher.folderId = "folderId";
-      cipher.edit = true;
-      cipher.viewPassword = true;
-      cipher.organizationUseTotp = true;
-      cipher.favorite = false;
-      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
-      cipher.type = CipherType.Card;
-      cipher.name = mockEnc("EncryptedString");
-      cipher.notes = mockEnc("EncryptedString");
-      cipher.deletedDate = null;
-      cipher.reprompt = CipherRepromptType.None;
-
-      const cardView = new CardView();
-      cardView.cardholderName = "cardholderName";
-      cardView.number = "4111111111111111";
-
-      const card = Substitute.for<Card>();
-      card.decrypt(Arg.any(), Arg.any()).resolves(cardView);
-      cipher.card = card;
-
-      const cipherView = await cipher.decrypt();
-
-      expect(cipherView).toMatchObject({
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        type: 3,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        card: cardView,
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-        collectionIds: undefined,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        deletedDate: null,
-        reprompt: 0,
-        localData: undefined,
-      });
-    });
-  });
-
-  describe("IdentityCipher", () => {
-    let cipherData: CipherData;
-
-    beforeEach(() => {
-      cipherData = {
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        userId: "userId",
-        edit: true,
-        viewPassword: true,
-        organizationUseTotp: true,
-        favorite: false,
-        revisionDate: "2022-01-31T12:00:00.000Z",
-        type: CipherType.Identity,
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        deletedDate: null,
-        reprompt: CipherRepromptType.None,
-        identity: {
-          title: "EncryptedString",
-          firstName: "EncryptedString",
-          middleName: "EncryptedString",
-          lastName: "EncryptedString",
-          address1: "EncryptedString",
-          address2: "EncryptedString",
-          address3: "EncryptedString",
-          city: "EncryptedString",
-          state: "EncryptedString",
-          postalCode: "EncryptedString",
-          country: "EncryptedString",
-          company: "EncryptedString",
-          email: "EncryptedString",
-          phone: "EncryptedString",
-          ssn: "EncryptedString",
-          username: "EncryptedString",
-          passportNumber: "EncryptedString",
-          licenseNumber: "EncryptedString",
-        },
-      };
-    });
-
-    it("Convert", () => {
-      const cipher = new Cipher(cipherData);
-
-      expect(cipher).toEqual({
-        id: "id",
-        userId: "userId",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: { encryptedString: "EncryptedString", encryptionType: 0 },
-        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
-        type: 4,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        collectionIds: undefined,
-        localData: null,
-        deletedDate: null,
-        reprompt: 0,
-        identity: {
-          title: { encryptedString: "EncryptedString", encryptionType: 0 },
-          firstName: { encryptedString: "EncryptedString", encryptionType: 0 },
-          middleName: { encryptedString: "EncryptedString", encryptionType: 0 },
-          lastName: { encryptedString: "EncryptedString", encryptionType: 0 },
-          address1: { encryptedString: "EncryptedString", encryptionType: 0 },
-          address2: { encryptedString: "EncryptedString", encryptionType: 0 },
-          address3: { encryptedString: "EncryptedString", encryptionType: 0 },
-          city: { encryptedString: "EncryptedString", encryptionType: 0 },
-          state: { encryptedString: "EncryptedString", encryptionType: 0 },
-          postalCode: { encryptedString: "EncryptedString", encryptionType: 0 },
-          country: { encryptedString: "EncryptedString", encryptionType: 0 },
-          company: { encryptedString: "EncryptedString", encryptionType: 0 },
-          email: { encryptedString: "EncryptedString", encryptionType: 0 },
-          phone: { encryptedString: "EncryptedString", encryptionType: 0 },
-          ssn: { encryptedString: "EncryptedString", encryptionType: 0 },
-          username: { encryptedString: "EncryptedString", encryptionType: 0 },
-          passportNumber: { encryptedString: "EncryptedString", encryptionType: 0 },
-          licenseNumber: { encryptedString: "EncryptedString", encryptionType: 0 },
-        },
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-      });
-    });
-
-    it("toCipherData", () => {
-      const cipher = new Cipher(cipherData);
-      expect(cipher.toCipherData("userId")).toEqual(cipherData);
-    });
-
-    it("Decrypt", async () => {
-      const cipher = new Cipher();
-      cipher.id = "id";
-      cipher.organizationId = "orgId";
-      cipher.folderId = "folderId";
-      cipher.edit = true;
-      cipher.viewPassword = true;
-      cipher.organizationUseTotp = true;
-      cipher.favorite = false;
-      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
-      cipher.type = CipherType.Identity;
-      cipher.name = mockEnc("EncryptedString");
-      cipher.notes = mockEnc("EncryptedString");
-      cipher.deletedDate = null;
-      cipher.reprompt = CipherRepromptType.None;
-
-      const identityView = new IdentityView();
-      identityView.firstName = "firstName";
-      identityView.lastName = "lastName";
-
-      const identity = Substitute.for<Identity>();
-      identity.decrypt(Arg.any(), Arg.any()).resolves(identityView);
-      cipher.identity = identity;
-
-      const cipherView = await cipher.decrypt();
-
-      expect(cipherView).toMatchObject({
-        id: "id",
-        organizationId: "orgId",
-        folderId: "folderId",
-        name: "EncryptedString",
-        notes: "EncryptedString",
-        type: 4,
-        favorite: false,
-        organizationUseTotp: true,
-        edit: true,
-        viewPassword: true,
-        identity: identityView,
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
-        collectionIds: undefined,
-        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-        deletedDate: null,
-        reprompt: 0,
-        localData: undefined,
-      });
-    });
-  });
-});

jslib/common/spec/domain/collection.spec.ts

@@ -1,66 +0,0 @@
-import { CollectionData } from "@/jslib/common/src/models/data/collectionData";
-import { Collection } from "@/jslib/common/src/models/domain/collection";
-
-import { mockEnc } from "../utils";
-
-describe("Collection", () => {
-  let data: CollectionData;
-
-  beforeEach(() => {
-    data = {
-      id: "id",
-      organizationId: "orgId",
-      name: "encName",
-      externalId: "extId",
-      readOnly: true,
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new CollectionData({} as any);
-    const card = new Collection(data);
-
-    expect(card).toEqual({
-      externalId: null,
-      hidePasswords: null,
-      id: null,
-      name: null,
-      organizationId: null,
-      readOnly: null,
-    });
-  });
-
-  it("Convert", () => {
-    const collection = new Collection(data);
-
-    expect(collection).toEqual({
-      id: "id",
-      organizationId: "orgId",
-      name: { encryptedString: "encName", encryptionType: 0 },
-      externalId: "extId",
-      readOnly: true,
-      hidePasswords: null,
-    });
-  });
-
-  it("Decrypt", async () => {
-    const collection = new Collection();
-    collection.id = "id";
-    collection.organizationId = "orgId";
-    collection.name = mockEnc("encName");
-    collection.externalId = "extId";
-    collection.readOnly = false;
-    collection.hidePasswords = false;
-
-    const view = await collection.decrypt();
-
-    expect(view).toEqual({
-      externalId: "extId",
-      hidePasswords: false,
-      id: "id",
-      name: "encName",
-      organizationId: "orgId",
-      readOnly: false,
-    });
-  });
-});

jslib/common/spec/domain/encString.spec.ts

@@ -1,195 +0,0 @@
-import { Substitute, Arg } from "@fluffy-spoon/substitute";
-
-import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
-import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
-import { EncString } from "@/jslib/common/src/models/domain/encString";
-import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
-import { ContainerService } from "@/jslib/common/src/services/container.service";
-
-describe("EncString", () => {
-  afterEach(() => {
-    (window as any).bitwardenContainerService = undefined;
-  });
-
-  describe("Rsa2048_OaepSha256_B64", () => {
-    it("constructor", () => {
-      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
-
-      expect(encString).toEqual({
-        data: "data",
-        encryptedString: "3.data",
-        encryptionType: 3,
-      });
-    });
-
-    describe("parse existing", () => {
-      it("valid", () => {
-        const encString = new EncString("3.data");
-
-        expect(encString).toEqual({
-          data: "data",
-          encryptedString: "3.data",
-          encryptionType: 3,
-        });
-      });
-
-      it("invalid", () => {
-        const encString = new EncString("3.data|test");
-
-        expect(encString).toEqual({
-          encryptedString: "3.data|test",
-          encryptionType: 3,
-        });
-      });
-    });
-
-    describe("decrypt", () => {
-      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
-
-      const cryptoService = Substitute.for<CryptoService>();
-      cryptoService.getOrgKey(null).resolves(null);
-      cryptoService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
-
-      beforeEach(() => {
-        (window as any).bitwardenContainerService = new ContainerService(cryptoService);
-      });
-
-      it("decrypts correctly", async () => {
-        const decrypted = await encString.decrypt(null);
-
-        expect(decrypted).toBe("decrypted");
-      });
-
-      it("result should be cached", async () => {
-        const decrypted = await encString.decrypt(null);
-        cryptoService.received(1).decryptToUtf8(Arg.any(), Arg.any());
-
-        expect(decrypted).toBe("decrypted");
-      });
-    });
-  });
-
-  describe("AesCbc256_B64", () => {
-    it("constructor", () => {
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
-
-      expect(encString).toEqual({
-        data: "data",
-        encryptedString: "0.iv|data",
-        encryptionType: 0,
-        iv: "iv",
-      });
-    });
-
-    describe("parse existing", () => {
-      it("valid", () => {
-        const encString = new EncString("0.iv|data");
-
-        expect(encString).toEqual({
-          data: "data",
-          encryptedString: "0.iv|data",
-          encryptionType: 0,
-          iv: "iv",
-        });
-      });
-
-      it("invalid", () => {
-        const encString = new EncString("0.iv|data|mac");
-
-        expect(encString).toEqual({
-          encryptedString: "0.iv|data|mac",
-          encryptionType: 0,
-        });
-      });
-    });
-  });
-
-  describe("AesCbc256_HmacSha256_B64", () => {
-    it("constructor", () => {
-      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
-
-      expect(encString).toEqual({
-        data: "data",
-        encryptedString: "2.iv|data|mac",
-        encryptionType: 2,
-        iv: "iv",
-        mac: "mac",
-      });
-    });
-
-    it("valid", () => {
-      const encString = new EncString("2.iv|data|mac");
-
-      expect(encString).toEqual({
-        data: "data",
-        encryptedString: "2.iv|data|mac",
-        encryptionType: 2,
-        iv: "iv",
-        mac: "mac",
-      });
-    });
-
-    it("invalid", () => {
-      const encString = new EncString("2.iv|data");
-
-      expect(encString).toEqual({
-        encryptedString: "2.iv|data",
-        encryptionType: 2,
-      });
-    });
-  });
-
-  it("Exit early if null", () => {
-    const encString = new EncString(null);
-
-    expect(encString).toEqual({
-      encryptedString: null,
-    });
-  });
-
-  describe("decrypt", () => {
-    it("throws exception when bitwarden container not initialized", async () => {
-      const encString = new EncString(null);
-
-      expect.assertions(1);
-      try {
-        await encString.decrypt(null);
-      } catch (e) {
-        expect(e.message).toEqual("global bitwardenContainerService not initialized.");
-      }
-    });
-
-    it("handles value it can't decrypt", async () => {
-      const encString = new EncString(null);
-
-      const cryptoService = Substitute.for<CryptoService>();
-      cryptoService.getOrgKey(null).resolves(null);
-      cryptoService.decryptToUtf8(encString, Arg.any()).throws("error");
-
-      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
-
-      const decrypted = await encString.decrypt(null);
-
-      expect(decrypted).toBe("[error: cannot decrypt]");
-
-      expect(encString).toEqual({
-        decryptedValue: "[error: cannot decrypt]",
-        encryptedString: null,
-      });
-    });
-
-    it("passes along key", async () => {
-      const encString = new EncString(null);
-      const key = Substitute.for<SymmetricCryptoKey>();
-
-      const cryptoService = Substitute.for<CryptoService>();
-      cryptoService.getOrgKey(null).resolves(null);
-
-      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
-
-      await encString.decrypt(null, key);
-
-      cryptoService.received().decryptToUtf8(encString, key);
-    });
-  });
-});

jslib/common/spec/domain/field.spec.ts

@@ -1,64 +0,0 @@
-import { FieldType } from "@/jslib/common/src/enums/fieldType";
-import { FieldData } from "@/jslib/common/src/models/data/fieldData";
-import { Field } from "@/jslib/common/src/models/domain/field";
-
-import { mockEnc } from "../utils";
-
-describe("Field", () => {
-  let data: FieldData;
-
-  beforeEach(() => {
-    data = {
-      type: FieldType.Text,
-      name: "encName",
-      value: "encValue",
-      linkedId: null,
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new FieldData();
-    const field = new Field(data);
-
-    expect(field).toEqual({
-      type: undefined,
-      name: null,
-      value: null,
-      linkedId: undefined,
-    });
-  });
-
-  it("Convert", () => {
-    const field = new Field(data);
-
-    expect(field).toEqual({
-      type: FieldType.Text,
-      name: { encryptedString: "encName", encryptionType: 0 },
-      value: { encryptedString: "encValue", encryptionType: 0 },
-      linkedId: null,
-    });
-  });
-
-  it("toFieldData", () => {
-    const field = new Field(data);
-    expect(field.toFieldData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const field = new Field();
-    field.type = FieldType.Text;
-    field.name = mockEnc("encName");
-    field.value = mockEnc("encValue");
-
-    const view = await field.decrypt(null);
-
-    expect(view).toEqual({
-      type: 0,
-      name: "encName",
-      value: "encValue",
-      newField: false,
-      showCount: false,
-      showValue: false,
-    });
-  });
-});

jslib/common/spec/domain/folder.spec.ts

@@ -1,42 +0,0 @@
-import { FolderData } from "@/jslib/common/src/models/data/folderData";
-import { Folder } from "@/jslib/common/src/models/domain/folder";
-
-import { mockEnc } from "../utils";
-
-describe("Folder", () => {
-  let data: FolderData;
-
-  beforeEach(() => {
-    data = {
-      id: "id",
-      userId: "userId",
-      name: "encName",
-      revisionDate: "2022-01-31T12:00:00.000Z",
-    };
-  });
-
-  it("Convert", () => {
-    const field = new Folder(data);
-
-    expect(field).toEqual({
-      id: "id",
-      name: { encryptedString: "encName", encryptionType: 0 },
-      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-    });
-  });
-
-  it("Decrypt", async () => {
-    const folder = new Folder();
-    folder.id = "id";
-    folder.name = mockEnc("encName");
-    folder.revisionDate = new Date("2022-01-31T12:00:00.000Z");
-
-    const view = await folder.decrypt();
-
-    expect(view).toEqual({
-      id: "id",
-      name: "encName",
-      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-    });
-  });
-});

jslib/common/spec/domain/identity.spec.ts

@@ -1,134 +0,0 @@
-import { IdentityData } from "@/jslib/common/src/models/data/identityData";
-import { Identity } from "@/jslib/common/src/models/domain/identity";
-
-import { mockEnc } from "../utils";
-
-describe("Identity", () => {
-  let data: IdentityData;
-
-  beforeEach(() => {
-    data = {
-      title: "enctitle",
-      firstName: "encfirstName",
-      middleName: "encmiddleName",
-      lastName: "enclastName",
-      address1: "encaddress1",
-      address2: "encaddress2",
-      address3: "encaddress3",
-      city: "enccity",
-      state: "encstate",
-      postalCode: "encpostalCode",
-      country: "enccountry",
-      company: "enccompany",
-      email: "encemail",
-      phone: "encphone",
-      ssn: "encssn",
-      username: "encusername",
-      passportNumber: "encpassportNumber",
-      licenseNumber: "enclicenseNumber",
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new IdentityData();
-    const identity = new Identity(data);
-
-    expect(identity).toEqual({
-      address1: null,
-      address2: null,
-      address3: null,
-      city: null,
-      company: null,
-      country: null,
-      email: null,
-      firstName: null,
-      lastName: null,
-      licenseNumber: null,
-      middleName: null,
-      passportNumber: null,
-      phone: null,
-      postalCode: null,
-      ssn: null,
-      state: null,
-      title: null,
-      username: null,
-    });
-  });
-
-  it("Convert", () => {
-    const identity = new Identity(data);
-
-    expect(identity).toEqual({
-      title: { encryptedString: "enctitle", encryptionType: 0 },
-      firstName: { encryptedString: "encfirstName", encryptionType: 0 },
-      middleName: { encryptedString: "encmiddleName", encryptionType: 0 },
-      lastName: { encryptedString: "enclastName", encryptionType: 0 },
-      address1: { encryptedString: "encaddress1", encryptionType: 0 },
-      address2: { encryptedString: "encaddress2", encryptionType: 0 },
-      address3: { encryptedString: "encaddress3", encryptionType: 0 },
-      city: { encryptedString: "enccity", encryptionType: 0 },
-      state: { encryptedString: "encstate", encryptionType: 0 },
-      postalCode: { encryptedString: "encpostalCode", encryptionType: 0 },
-      country: { encryptedString: "enccountry", encryptionType: 0 },
-      company: { encryptedString: "enccompany", encryptionType: 0 },
-      email: { encryptedString: "encemail", encryptionType: 0 },
-      phone: { encryptedString: "encphone", encryptionType: 0 },
-      ssn: { encryptedString: "encssn", encryptionType: 0 },
-      username: { encryptedString: "encusername", encryptionType: 0 },
-      passportNumber: { encryptedString: "encpassportNumber", encryptionType: 0 },
-      licenseNumber: { encryptedString: "enclicenseNumber", encryptionType: 0 },
-    });
-  });
-
-  it("toIdentityData", () => {
-    const identity = new Identity(data);
-    expect(identity.toIdentityData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const identity = new Identity();
-
-    identity.title = mockEnc("mockTitle");
-    identity.firstName = mockEnc("mockFirstName");
-    identity.middleName = mockEnc("mockMiddleName");
-    identity.lastName = mockEnc("mockLastName");
-    identity.address1 = mockEnc("mockAddress1");
-    identity.address2 = mockEnc("mockAddress2");
-    identity.address3 = mockEnc("mockAddress3");
-    identity.city = mockEnc("mockCity");
-    identity.state = mockEnc("mockState");
-    identity.postalCode = mockEnc("mockPostalCode");
-    identity.country = mockEnc("mockCountry");
-    identity.company = mockEnc("mockCompany");
-    identity.email = mockEnc("mockEmail");
-    identity.phone = mockEnc("mockPhone");
-    identity.ssn = mockEnc("mockSsn");
-    identity.username = mockEnc("mockUsername");
-    identity.passportNumber = mockEnc("mockPassportNumber");
-    identity.licenseNumber = mockEnc("mockLicenseNumber");
-
-    const view = await identity.decrypt(null);
-
-    expect(view).toEqual({
-      _firstName: "mockFirstName",
-      _lastName: "mockLastName",
-      _subTitle: null,
-      address1: "mockAddress1",
-      address2: "mockAddress2",
-      address3: "mockAddress3",
-      city: "mockCity",
-      company: "mockCompany",
-      country: "mockCountry",
-      email: "mockEmail",
-      licenseNumber: "mockLicenseNumber",
-      middleName: "mockMiddleName",
-      passportNumber: "mockPassportNumber",
-      phone: "mockPhone",
-      postalCode: "mockPostalCode",
-      ssn: "mockSsn",
-      state: "mockState",
-      title: "mockTitle",
-      username: "mockUsername",
-    });
-  });
-});

jslib/common/spec/domain/login.spec.ts

@@ -1,101 +0,0 @@
-import { Substitute, Arg } from "@fluffy-spoon/substitute";
-
-import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
-import { LoginData } from "@/jslib/common/src/models/data/loginData";
-import { Login } from "@/jslib/common/src/models/domain/login";
-import { LoginUri } from "@/jslib/common/src/models/domain/loginUri";
-import { LoginUriView } from "@/jslib/common/src/models/view/loginUriView";
-
-import { mockEnc } from "../utils";
-
-describe("Login DTO", () => {
-  it("Convert from empty LoginData", () => {
-    const data = new LoginData();
-    const login = new Login(data);
-
-    expect(login).toEqual({
-      passwordRevisionDate: null,
-      autofillOnPageLoad: undefined,
-      username: null,
-      password: null,
-      totp: null,
-    });
-  });
-
-  it("Convert from full LoginData", () => {
-    const data: LoginData = {
-      uris: [{ uri: "uri", match: UriMatchType.Domain }],
-      username: "username",
-      password: "password",
-      passwordRevisionDate: "2022-01-31T12:00:00.000Z",
-      totp: "123",
-      autofillOnPageLoad: false,
-    };
-    const login = new Login(data);
-
-    expect(login).toEqual({
-      passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
-      autofillOnPageLoad: false,
-      username: { encryptedString: "username", encryptionType: 0 },
-      password: { encryptedString: "password", encryptionType: 0 },
-      totp: { encryptedString: "123", encryptionType: 0 },
-      uris: [{ match: 0, uri: { encryptedString: "uri", encryptionType: 0 } }],
-    });
-  });
-
-  it("Initialize without LoginData", () => {
-    const login = new Login();
-
-    expect(login).toEqual({});
-  });
-
-  it("Decrypts correctly", async () => {
-    const loginUri = Substitute.for<LoginUri>();
-    const loginUriView = new LoginUriView();
-    loginUriView.uri = "decrypted uri";
-    loginUri.decrypt(Arg.any()).resolves(loginUriView);
-
-    const login = new Login();
-    login.uris = [loginUri];
-    login.username = mockEnc("encrypted username");
-    login.password = mockEnc("encrypted password");
-    login.passwordRevisionDate = new Date("2022-01-31T12:00:00.000Z");
-    login.totp = mockEnc("encrypted totp");
-    login.autofillOnPageLoad = true;
-
-    const loginView = await login.decrypt(null);
-    expect(loginView).toEqual({
-      username: "encrypted username",
-      password: "encrypted password",
-      passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
-      totp: "encrypted totp",
-      uris: [
-        {
-          match: null,
-          _uri: "decrypted uri",
-          _domain: null,
-          _hostname: null,
-          _host: null,
-          _canLaunch: null,
-        },
-      ],
-      autofillOnPageLoad: true,
-    });
-  });
-
-  it("Converts from LoginData and back", () => {
-    const data: LoginData = {
-      uris: [{ uri: "uri", match: UriMatchType.Domain }],
-      username: "username",
-      password: "password",
-      passwordRevisionDate: "2022-01-31T12:00:00.000Z",
-      totp: "123",
-      autofillOnPageLoad: false,
-    };
-    const login = new Login(data);
-
-    const loginData = login.toLoginData();
-
-    expect(loginData).toEqual(data);
-  });
-});

jslib/common/spec/domain/loginUri.spec.ts

@@ -1,57 +0,0 @@
-import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
-import { LoginUriData } from "@/jslib/common/src/models/data/loginUriData";
-import { LoginUri } from "@/jslib/common/src/models/domain/loginUri";
-
-import { mockEnc } from "../utils";
-
-describe("LoginUri", () => {
-  let data: LoginUriData;
-
-  beforeEach(() => {
-    data = {
-      uri: "encUri",
-      match: UriMatchType.Domain,
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new LoginUriData();
-    const loginUri = new LoginUri(data);
-
-    expect(loginUri).toEqual({
-      match: null,
-      uri: null,
-    });
-  });
-
-  it("Convert", () => {
-    const loginUri = new LoginUri(data);
-
-    expect(loginUri).toEqual({
-      match: 0,
-      uri: { encryptedString: "encUri", encryptionType: 0 },
-    });
-  });
-
-  it("toLoginUriData", () => {
-    const loginUri = new LoginUri(data);
-    expect(loginUri.toLoginUriData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const loginUri = new LoginUri();
-    loginUri.match = UriMatchType.Exact;
-    loginUri.uri = mockEnc("uri");
-
-    const view = await loginUri.decrypt(null);
-
-    expect(view).toEqual({
-      _canLaunch: null,
-      _domain: null,
-      _host: null,
-      _hostname: null,
-      _uri: "uri",
-      match: 3,
-    });
-  });
-});

jslib/common/spec/domain/password.spec.ts

@@ -1,51 +0,0 @@
-import { PasswordHistoryData } from "@/jslib/common/src/models/data/passwordHistoryData";
-import { Password } from "@/jslib/common/src/models/domain/password";
-
-import { mockEnc } from "../utils";
-
-describe("Password", () => {
-  let data: PasswordHistoryData;
-
-  beforeEach(() => {
-    data = {
-      password: "encPassword",
-      lastUsedDate: "2022-01-31T12:00:00.000Z",
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new PasswordHistoryData();
-    const password = new Password(data);
-
-    expect(password).toMatchObject({
-      password: null,
-    });
-  });
-
-  it("Convert", () => {
-    const password = new Password(data);
-
-    expect(password).toEqual({
-      password: { encryptedString: "encPassword", encryptionType: 0 },
-      lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
-    });
-  });
-
-  it("toPasswordHistoryData", () => {
-    const password = new Password(data);
-    expect(password.toPasswordHistoryData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const password = new Password();
-    password.password = mockEnc("password");
-    password.lastUsedDate = new Date("2022-01-31T12:00:00.000Z");
-
-    const view = await password.decrypt(null);
-
-    expect(view).toEqual({
-      password: "password",
-      lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
-    });
-  });
-});

jslib/common/spec/domain/secureNote.spec.ts

@@ -1,46 +0,0 @@
-import { SecureNoteType } from "@/jslib/common/src/enums/secureNoteType";
-import { SecureNoteData } from "@/jslib/common/src/models/data/secureNoteData";
-import { SecureNote } from "@/jslib/common/src/models/domain/secureNote";
-
-describe("SecureNote", () => {
-  let data: SecureNoteData;
-
-  beforeEach(() => {
-    data = {
-      type: SecureNoteType.Generic,
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new SecureNoteData();
-    const secureNote = new SecureNote(data);
-
-    expect(secureNote).toEqual({
-      type: undefined,
-    });
-  });
-
-  it("Convert", () => {
-    const secureNote = new SecureNote(data);
-
-    expect(secureNote).toEqual({
-      type: 0,
-    });
-  });
-
-  it("toSecureNoteData", () => {
-    const secureNote = new SecureNote(data);
-    expect(secureNote.toSecureNoteData()).toEqual(data);
-  });
-
-  it("Decrypt", async () => {
-    const secureNote = new SecureNote();
-    secureNote.type = SecureNoteType.Generic;
-
-    const view = await secureNote.decrypt(null);
-
-    expect(view).toEqual({
-      type: 0,
-    });
-  });
-});

jslib/common/spec/domain/send.spec.ts

@@ -1,144 +0,0 @@
-import { Substitute, Arg, SubstituteOf } from "@fluffy-spoon/substitute";
-
-import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
-import { SendType } from "@/jslib/common/src/enums/sendType";
-import { SendData } from "@/jslib/common/src/models/data/sendData";
-import { EncString } from "@/jslib/common/src/models/domain/encString";
-import { Send } from "@/jslib/common/src/models/domain/send";
-import { SendText } from "@/jslib/common/src/models/domain/sendText";
-import { ContainerService } from "@/jslib/common/src/services/container.service";
-
-import { makeStaticByteArray, mockEnc } from "../utils";
-
-describe("Send", () => {
-  let data: SendData;
-
-  beforeEach(() => {
-    data = {
-      id: "id",
-      accessId: "accessId",
-      userId: "userId",
-      type: SendType.Text,
-      name: "encName",
-      notes: "encNotes",
-      text: {
-        text: "encText",
-        hidden: true,
-      },
-      file: null,
-      key: "encKey",
-      maxAccessCount: null,
-      accessCount: 10,
-      revisionDate: "2022-01-31T12:00:00.000Z",
-      expirationDate: "2022-01-31T12:00:00.000Z",
-      deletionDate: "2022-01-31T12:00:00.000Z",
-      password: "password",
-      disabled: false,
-      hideEmail: true,
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new SendData();
-    const send = new Send(data);
-
-    expect(send).toEqual({
-      id: null,
-      accessId: null,
-      userId: null,
-      type: undefined,
-      name: null,
-      notes: null,
-      text: undefined,
-      file: undefined,
-      key: null,
-      maxAccessCount: undefined,
-      accessCount: undefined,
-      revisionDate: null,
-      expirationDate: null,
-      deletionDate: null,
-      password: undefined,
-      disabled: undefined,
-      hideEmail: undefined,
-    });
-  });
-
-  it("Convert", () => {
-    const send = new Send(data);
-
-    expect(send).toEqual({
-      id: "id",
-      accessId: "accessId",
-      userId: "userId",
-      type: SendType.Text,
-      name: { encryptedString: "encName", encryptionType: 0 },
-      notes: { encryptedString: "encNotes", encryptionType: 0 },
-      text: {
-        text: { encryptedString: "encText", encryptionType: 0 },
-        hidden: true,
-      },
-      key: { encryptedString: "encKey", encryptionType: 0 },
-      maxAccessCount: null,
-      accessCount: 10,
-      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
-      deletionDate: new Date("2022-01-31T12:00:00.000Z"),
-      password: "password",
-      disabled: false,
-      hideEmail: true,
-    });
-  });
-
-  it("Decrypt", async () => {
-    const text = Substitute.for<SendText>();
-    text.decrypt(Arg.any()).resolves("textView" as any);
-
-    const send = new Send();
-    send.id = "id";
-    send.accessId = "accessId";
-    send.userId = "userId";
-    send.type = SendType.Text;
-    send.name = mockEnc("name");
-    send.notes = mockEnc("notes");
-    send.text = text;
-    send.key = mockEnc("key");
-    send.accessCount = 10;
-    send.revisionDate = new Date("2022-01-31T12:00:00.000Z");
-    send.expirationDate = new Date("2022-01-31T12:00:00.000Z");
-    send.deletionDate = new Date("2022-01-31T12:00:00.000Z");
-    send.password = "password";
-    send.disabled = false;
-    send.hideEmail = true;
-
-    const cryptoService = Substitute.for<CryptoService>();
-    cryptoService.decryptToBytes(send.key, null).resolves(makeStaticByteArray(32));
-    cryptoService.makeSendKey(Arg.any()).resolves("cryptoKey" as any);
-
-    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
-
-    const view = await send.decrypt();
-
-    text.received(1).decrypt("cryptoKey" as any);
-    (send.name as SubstituteOf<EncString>).received(1).decrypt(null, "cryptoKey" as any);
-
-    expect(view).toMatchObject({
-      id: "id",
-      accessId: "accessId",
-      name: "name",
-      notes: "notes",
-      type: 0,
-      key: expect.anything(),
-      cryptoKey: "cryptoKey",
-      file: expect.anything(),
-      text: "textView",
-      maxAccessCount: undefined,
-      accessCount: 10,
-      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
-      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
-      deletionDate: new Date("2022-01-31T12:00:00.000Z"),
-      password: "password",
-      disabled: false,
-      hideEmail: true,
-    });
-  });
-});

jslib/common/spec/domain/sendAccess.spec.ts

@@ -1,84 +0,0 @@
-import { Substitute, Arg } from "@fluffy-spoon/substitute";
-
-import { SendType } from "@/jslib/common/src/enums/sendType";
-import { SendAccess } from "@/jslib/common/src/models/domain/sendAccess";
-import { SendText } from "@/jslib/common/src/models/domain/sendText";
-import { SendAccessResponse } from "@/jslib/common/src/models/response/sendAccessResponse";
-
-import { mockEnc } from "../utils";
-
-describe("SendAccess", () => {
-  let request: SendAccessResponse;
-
-  beforeEach(() => {
-    request = {
-      id: "id",
-      type: SendType.Text,
-      name: "encName",
-      file: null,
-      text: {
-        text: "encText",
-        hidden: true,
-      },
-      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
-      creatorIdentifier: "creatorIdentifier",
-    } as SendAccessResponse;
-  });
-
-  it("Convert from empty", () => {
-    const request = new SendAccessResponse({});
-    const sendAccess = new SendAccess(request);
-
-    expect(sendAccess).toEqual({
-      id: null,
-      type: undefined,
-      name: null,
-      creatorIdentifier: null,
-      expirationDate: null,
-    });
-  });
-
-  it("Convert", () => {
-    const sendAccess = new SendAccess(request);
-
-    expect(sendAccess).toEqual({
-      id: "id",
-      type: 0,
-      name: { encryptedString: "encName", encryptionType: 0 },
-      text: {
-        hidden: true,
-        text: { encryptedString: "encText", encryptionType: 0 },
-      },
-      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
-      creatorIdentifier: "creatorIdentifier",
-    });
-  });
-
-  it("Decrypt", async () => {
-    const sendAccess = new SendAccess();
-    sendAccess.id = "id";
-    sendAccess.type = SendType.Text;
-    sendAccess.name = mockEnc("name");
-
-    const text = Substitute.for<SendText>();
-    text.decrypt(Arg.any()).resolves({} as any);
-    sendAccess.text = text;
-
-    sendAccess.expirationDate = new Date("2022-01-31T12:00:00.000Z");
-    sendAccess.creatorIdentifier = "creatorIdentifier";
-
-    const view = await sendAccess.decrypt(null);
-
-    text.received(1).decrypt(Arg.any());
-
-    expect(view).toEqual({
-      id: "id",
-      type: 0,
-      name: "name",
-      text: {},
-      file: expect.anything(),
-      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
-      creatorIdentifier: "creatorIdentifier",
-    });
-  });
-});

jslib/common/spec/domain/sendFile.spec.ts

@@ -1,57 +0,0 @@
-import { SendFileData } from "@/jslib/common/src/models/data/sendFileData";
-import { SendFile } from "@/jslib/common/src/models/domain/sendFile";
-
-import { mockEnc } from "../utils";
-
-describe("SendFile", () => {
-  let data: SendFileData;
-
-  beforeEach(() => {
-    data = {
-      id: "id",
-      size: "1100",
-      sizeName: "1.1 KB",
-      fileName: "encFileName",
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new SendFileData();
-    const sendFile = new SendFile(data);
-
-    expect(sendFile).toEqual({
-      fileName: null,
-      id: null,
-      size: undefined,
-      sizeName: null,
-    });
-  });
-
-  it("Convert", () => {
-    const sendFile = new SendFile(data);
-
-    expect(sendFile).toEqual({
-      id: "id",
-      size: "1100",
-      sizeName: "1.1 KB",
-      fileName: { encryptedString: "encFileName", encryptionType: 0 },
-    });
-  });
-
-  it("Decrypt", async () => {
-    const sendFile = new SendFile();
-    sendFile.id = "id";
-    sendFile.size = "1100";
-    sendFile.sizeName = "1.1 KB";
-    sendFile.fileName = mockEnc("fileName");
-
-    const view = await sendFile.decrypt(null);
-
-    expect(view).toEqual({
-      fileName: "fileName",
-      id: "id",
-      size: "1100",
-      sizeName: "1.1 KB",
-    });
-  });
-});

jslib/common/spec/domain/sendText.spec.ts

@@ -1,47 +0,0 @@
-import { SendTextData } from "@/jslib/common/src/models/data/sendTextData";
-import { SendText } from "@/jslib/common/src/models/domain/sendText";
-
-import { mockEnc } from "../utils";
-
-describe("SendText", () => {
-  let data: SendTextData;
-
-  beforeEach(() => {
-    data = {
-      text: "encText",
-      hidden: false,
-    };
-  });
-
-  it("Convert from empty", () => {
-    const data = new SendTextData();
-    const secureNote = new SendText(data);
-
-    expect(secureNote).toEqual({
-      hidden: undefined,
-      text: null,
-    });
-  });
-
-  it("Convert", () => {
-    const secureNote = new SendText(data);
-
-    expect(secureNote).toEqual({
-      hidden: false,
-      text: { encryptedString: "encText", encryptionType: 0 },
-    });
-  });
-
-  it("Decrypt", async () => {
-    const secureNote = new SendText();
-    secureNote.text = mockEnc("text");
-    secureNote.hidden = true;
-
-    const view = await secureNote.decrypt(null);
-
-    expect(view).toEqual({
-      text: "text",
-      hidden: true,
-    });
-  });
-});

jslib/common/spec/domain/symmetricCryptoKey.spec.ts

@@ -1,69 +0,0 @@
-import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
-import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
-
-import { makeStaticByteArray } from "../utils";
-
-describe("SymmetricCryptoKey", () => {
-  it("errors if no key", () => {
-    const t = () => {
-      new SymmetricCryptoKey(null);
-    };
-
-    expect(t).toThrowError("Must provide key");
-  });
-
-  describe("guesses encKey from key length", () => {
-    it("AesCbc256_B64", () => {
-      const key = makeStaticByteArray(32);
-      const cryptoKey = new SymmetricCryptoKey(key);
-
-      expect(cryptoKey).toEqual({
-        encKey: key,
-        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
-        encType: 0,
-        key: key,
-        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
-        macKey: null,
-      });
-    });
-
-    it("AesCbc128_HmacSha256_B64", () => {
-      const key = makeStaticByteArray(32);
-      const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
-
-      expect(cryptoKey).toEqual({
-        encKey: key.slice(0, 16),
-        encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
-        encType: 1,
-        key: key,
-        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
-        macKey: key.slice(16, 32),
-        macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
-      });
-    });
-
-    it("AesCbc256_HmacSha256_B64", () => {
-      const key = makeStaticByteArray(64);
-      const cryptoKey = new SymmetricCryptoKey(key);
-
-      expect(cryptoKey).toEqual({
-        encKey: key.slice(0, 32),
-        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
-        encType: 2,
-        key: key,
-        keyB64:
-          "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==",
-        macKey: key.slice(32, 64),
-        macKeyB64: "ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=",
-      });
-    });
-
-    it("unknown length", () => {
-      const t = () => {
-        new SymmetricCryptoKey(makeStaticByteArray(30));
-      };
-
-      expect(t).toThrowError("Unable to determine encType.");
-    });
-  });
-});

jslib/common/spec/misc/sequentialize.spec.ts

@@ -1,127 +0,0 @@
-import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
-
-describe("sequentialize decorator", () => {
-  it("should call the function once", async () => {
-    const foo = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.bar(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(1);
-  });
-
-  it("should call the function once for each instance of the object", async () => {
-    const foo = new Foo();
-    const foo2 = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.bar(1));
-      promises.push(foo2.bar(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(1);
-    expect(foo2.calls).toBe(1);
-  });
-
-  it("should call the function once with key function", async () => {
-    const foo = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.baz(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(1);
-  });
-
-  it("should call the function again when already resolved", async () => {
-    const foo = new Foo();
-    await foo.bar(1);
-    expect(foo.calls).toBe(1);
-    await foo.bar(1);
-    expect(foo.calls).toBe(2);
-  });
-
-  it("should call the function again when already resolved with a key function", async () => {
-    const foo = new Foo();
-    await foo.baz(1);
-    expect(foo.calls).toBe(1);
-    await foo.baz(1);
-    expect(foo.calls).toBe(2);
-  });
-
-  it("should call the function for each argument", async () => {
-    const foo = new Foo();
-    await Promise.all([foo.bar(1), foo.bar(1), foo.bar(2), foo.bar(2), foo.bar(3), foo.bar(3)]);
-    expect(foo.calls).toBe(3);
-  });
-
-  it("should call the function for each argument with key function", async () => {
-    const foo = new Foo();
-    await Promise.all([foo.baz(1), foo.baz(1), foo.baz(2), foo.baz(2), foo.baz(3), foo.baz(3)]);
-    expect(foo.calls).toBe(3);
-  });
-
-  it("should return correct result for each call", async () => {
-    const foo = new Foo();
-    const allRes: number[] = [];
-
-    await Promise.all([
-      foo.bar(1).then((res) => allRes.push(res)),
-      foo.bar(1).then((res) => allRes.push(res)),
-      foo.bar(2).then((res) => allRes.push(res)),
-      foo.bar(2).then((res) => allRes.push(res)),
-      foo.bar(3).then((res) => allRes.push(res)),
-      foo.bar(3).then((res) => allRes.push(res)),
-    ]);
-    expect(foo.calls).toBe(3);
-    expect(allRes.length).toBe(6);
-    allRes.sort();
-    expect(allRes).toEqual([2, 2, 4, 4, 6, 6]);
-  });
-
-  it("should return correct result for each call with key function", async () => {
-    const foo = new Foo();
-    const allRes: number[] = [];
-
-    await Promise.all([
-      foo.baz(1).then((res) => allRes.push(res)),
-      foo.baz(1).then((res) => allRes.push(res)),
-      foo.baz(2).then((res) => allRes.push(res)),
-      foo.baz(2).then((res) => allRes.push(res)),
-      foo.baz(3).then((res) => allRes.push(res)),
-      foo.baz(3).then((res) => allRes.push(res)),
-    ]);
-    expect(foo.calls).toBe(3);
-    expect(allRes.length).toBe(6);
-    allRes.sort();
-    expect(allRes).toEqual([3, 3, 6, 6, 9, 9]);
-  });
-});
-
-class Foo {
-  calls = 0;
-
-  @sequentialize((args) => "bar" + args[0])
-  bar(a: number): Promise<number> {
-    this.calls++;
-    return new Promise((res) => {
-      setTimeout(() => {
-        res(a * 2);
-      }, Math.random() * 100);
-    });
-  }
-
-  @sequentialize((args) => "baz" + args[0])
-  baz(a: number): Promise<number> {
-    this.calls++;
-    return new Promise((res) => {
-      setTimeout(() => {
-        res(a * 3);
-      }, Math.random() * 100);
-    });
-  }
-}

jslib/common/spec/misc/throttle.spec.ts

@@ -1,110 +0,0 @@
-import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
-import { throttle } from "@/jslib/common/src/misc/throttle";
-
-describe("throttle decorator", () => {
-  it("should call the function once at a time", async () => {
-    const foo = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.bar(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(10);
-  });
-
-  it("should call the function once at a time for each object", async () => {
-    const foo = new Foo();
-    const foo2 = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.bar(1));
-      promises.push(foo2.bar(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(10);
-    expect(foo2.calls).toBe(10);
-  });
-
-  it("should call the function limit at a time", async () => {
-    const foo = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.baz(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(10);
-  });
-
-  it("should call the function limit at a time for each object", async () => {
-    const foo = new Foo();
-    const foo2 = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.baz(1));
-      promises.push(foo2.baz(1));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(10);
-    expect(foo2.calls).toBe(10);
-  });
-
-  it("should work together with sequentialize", async () => {
-    const foo = new Foo();
-    const promises = [];
-    for (let i = 0; i < 10; i++) {
-      promises.push(foo.qux(Math.floor(i / 2) * 2));
-    }
-    await Promise.all(promises);
-
-    expect(foo.calls).toBe(5);
-  });
-});
-
-class Foo {
-  calls = 0;
-  inflight = 0;
-
-  @throttle(1, () => "bar")
-  bar(a: number) {
-    this.calls++;
-    this.inflight++;
-    return new Promise((res) => {
-      setTimeout(() => {
-        expect(this.inflight).toBe(1);
-        this.inflight--;
-        res(a * 2);
-      }, Math.random() * 10);
-    });
-  }
-
-  @throttle(5, () => "baz")
-  baz(a: number) {
-    this.calls++;
-    this.inflight++;
-    return new Promise((res) => {
-      setTimeout(() => {
-        expect(this.inflight).toBeLessThanOrEqual(5);
-        this.inflight--;
-        res(a * 3);
-      }, Math.random() * 10);
-    });
-  }
-
-  @sequentialize((args) => "qux" + args[0])
-  @throttle(1, () => "qux")
-  qux(a: number) {
-    this.calls++;
-    this.inflight++;
-    return new Promise((res) => {
-      setTimeout(() => {
-        expect(this.inflight).toBe(1);
-        this.inflight--;
-        res(a * 3);
-      }, Math.random() * 10);
-    });
-  }
-}

jslib/common/spec/services/consoleLog.service.spec.ts

@@ -1,102 +0,0 @@
-import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
-
-const originalConsole = console;
-let caughtMessage: any;
-
-declare let console: any;
-
-export function interceptConsole(interceptions: any): object {
-  console = {
-    log: function () {
-      // eslint-disable-next-line
-      interceptions.log = arguments;
-    },
-    warn: function () {
-      // eslint-disable-next-line
-      interceptions.warn = arguments;
-    },
-    error: function () {
-      // eslint-disable-next-line
-      interceptions.error = arguments;
-    },
-  };
-  return interceptions;
-}
-
-export function restoreConsole() {
-  console = originalConsole;
-}
-
-describe("ConsoleLogService", () => {
-  let logService: ConsoleLogService;
-  beforeEach(() => {
-    caughtMessage = {};
-    interceptConsole(caughtMessage);
-    logService = new ConsoleLogService(true);
-  });
-
-  afterAll(() => {
-    restoreConsole();
-  });
-
-  it("filters messages below the set threshold", () => {
-    logService = new ConsoleLogService(true, () => true);
-    logService.debug("debug");
-    logService.info("info");
-    logService.warning("warning");
-    logService.error("error");
-
-    expect(caughtMessage).toEqual({});
-  });
-  it("only writes debug messages in dev mode", () => {
-    logService = new ConsoleLogService(false);
-
-    logService.debug("debug message");
-    expect(caughtMessage.log).toBeUndefined();
-  });
-
-  it("writes debug/info messages to console.log", () => {
-    logService.debug("this is a debug message");
-    expect(caughtMessage).toMatchObject({
-      log: { "0": "this is a debug message" },
-    });
-
-    logService.info("this is an info message");
-    expect(caughtMessage).toMatchObject({
-      log: { "0": "this is an info message" },
-    });
-  });
-  it("writes warning messages to console.warn", () => {
-    logService.warning("this is a warning message");
-    expect(caughtMessage).toMatchObject({
-      warn: { 0: "this is a warning message" },
-    });
-  });
-  it("writes error messages to console.error", () => {
-    logService.error("this is an error message");
-    expect(caughtMessage).toMatchObject({
-      error: { 0: "this is an error message" },
-    });
-  });
-
-  it("times with output to info", async () => {
-    logService.time();
-    await new Promise((r) => setTimeout(r, 250));
-    const duration = logService.timeEnd();
-    expect(duration[0]).toBe(0);
-    expect(duration[1]).toBeGreaterThan(0);
-    expect(duration[1]).toBeLessThan(500 * 10e6);
-
-    expect(caughtMessage).toEqual(expect.arrayContaining([]));
-    expect(caughtMessage.log.length).toBe(1);
-    expect(caughtMessage.log[0]).toEqual(expect.stringMatching(/^default: \d+\.?\d*ms$/));
-  });
-
-  it("filters time output", async () => {
-    logService = new ConsoleLogService(true, () => true);
-    logService.time();
-    logService.timeEnd();
-
-    expect(caughtMessage).toEqual({});
-  });
-});

jslib/common/spec/services/stateMigration.service.ts

@@ -1,84 +0,0 @@
-import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
-
-import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
-import { StateVersion } from "@/jslib/common/src/enums/stateVersion";
-import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
-import { Account } from "@/jslib/common/src/models/domain/account";
-import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
-import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
-
-const userId = "USER_ID";
-
-describe("State Migration Service", () => {
-  let storageService: SubstituteOf<StorageService>;
-  let secureStorageService: SubstituteOf<StorageService>;
-  let stateFactory: SubstituteOf<StateFactory>;
-
-  let stateMigrationService: StateMigrationService;
-
-  beforeEach(() => {
-    storageService = Substitute.for<StorageService>();
-    secureStorageService = Substitute.for<StorageService>();
-    stateFactory = Substitute.for<StateFactory>();
-
-    stateMigrationService = new StateMigrationService(
-      storageService,
-      secureStorageService,
-      stateFactory,
-    );
-  });
-
-  describe("StateVersion 3 to 4 migration", async () => {
-    beforeEach(() => {
-      const globalVersion3: Partial<GlobalState> = {
-        stateVersion: StateVersion.Three,
-      };
-
-      storageService.get("global", Arg.any()).resolves(globalVersion3);
-      storageService.get("authenticatedAccounts", Arg.any()).resolves([userId]);
-    });
-
-    it("clears everBeenUnlocked", async () => {
-      const accountVersion3: Account = {
-        profile: {
-          apiKeyClientId: null,
-          convertAccountToKeyConnector: null,
-          email: "EMAIL",
-          emailVerified: true,
-          everBeenUnlocked: true,
-          hasPremiumPersonally: false,
-          kdfIterations: 100000,
-          kdfType: 0,
-          keyHash: "KEY_HASH",
-          lastSync: "LAST_SYNC",
-          userId: userId,
-          usesKeyConnector: false,
-          forcePasswordReset: false,
-        },
-      };
-
-      const expectedAccountVersion4: Account = {
-        profile: {
-          ...accountVersion3.profile,
-        },
-      };
-      delete expectedAccountVersion4.profile.everBeenUnlocked;
-
-      storageService.get(userId, Arg.any()).resolves(accountVersion3);
-
-      await stateMigrationService.migrate();
-
-      storageService.received(1).save(userId, expectedAccountVersion4, Arg.any());
-    });
-
-    it("updates StateVersion number", async () => {
-      await stateMigrationService.migrate();
-
-      storageService.received(1).save(
-        "global",
-        Arg.is((globals: GlobalState) => globals.stateVersion === StateVersion.Four),
-        Arg.any(),
-      );
-    });
-  });
-});

jslib/common/spec/test.ts

@@ -1,5 +0,0 @@
-import { webcrypto } from "crypto";
-
-Object.defineProperty(window, "crypto", {
-  value: webcrypto,
-});

jslib/common/spec/utils.ts

@@ -1,7 +1,3 @@
-import { Substitute, Arg } from "@fluffy-spoon/substitute";
-
-import { EncString } from "@/jslib/common/src/models/domain/encString";
-
 function newGuid() {
   return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
     const r = (Math.random() * 16) | 0;
@@ -21,17 +17,10 @@ export function BuildTestObject<T, K extends keyof T = keyof T>(
   return Object.assign(constructor === null ? {} : new constructor(), def) as T;
 }
 
-export function mockEnc(s: string): EncString {
-  const mock = Substitute.for<EncString>();
-  mock.decrypt(Arg.any(), Arg.any()).resolves(s);
-
-  return mock;
-}
-
 export function makeStaticByteArray(length: number, start = 0) {
   const arr = new Uint8Array(length);
   for (let i = 0; i < length; i++) {
     arr[i] = start + i;
   }
-  return arr;
+  return arr.buffer;
 }

jslib/common/src/abstractions/api.service.ts

@@ -1,679 +1,14 @@
-import { PolicyType } from "../enums/policyType";
-import { SetKeyConnectorKeyRequest } from "../models/request/account/setKeyConnectorKeyRequest";
-import { VerifyOTPRequest } from "../models/request/account/verifyOTPRequest";
-import { AttachmentRequest } from "../models/request/attachmentRequest";
-import { BitPayInvoiceRequest } from "../models/request/bitPayInvoiceRequest";
-import { CipherBulkDeleteRequest } from "../models/request/cipherBulkDeleteRequest";
-import { CipherBulkMoveRequest } from "../models/request/cipherBulkMoveRequest";
-import { CipherBulkRestoreRequest } from "../models/request/cipherBulkRestoreRequest";
-import { CipherBulkShareRequest } from "../models/request/cipherBulkShareRequest";
-import { CipherCollectionsRequest } from "../models/request/cipherCollectionsRequest";
-import { CipherCreateRequest } from "../models/request/cipherCreateRequest";
-import { CipherRequest } from "../models/request/cipherRequest";
-import { CipherShareRequest } from "../models/request/cipherShareRequest";
-import { CollectionRequest } from "../models/request/collectionRequest";
-import { DeleteRecoverRequest } from "../models/request/deleteRecoverRequest";
-import { EmailRequest } from "../models/request/emailRequest";
-import { EmailTokenRequest } from "../models/request/emailTokenRequest";
-import { EmergencyAccessAcceptRequest } from "../models/request/emergencyAccessAcceptRequest";
-import { EmergencyAccessConfirmRequest } from "../models/request/emergencyAccessConfirmRequest";
-import { EmergencyAccessInviteRequest } from "../models/request/emergencyAccessInviteRequest";
-import { EmergencyAccessPasswordRequest } from "../models/request/emergencyAccessPasswordRequest";
-import { EmergencyAccessUpdateRequest } from "../models/request/emergencyAccessUpdateRequest";
-import { EventRequest } from "../models/request/eventRequest";
-import { FolderRequest } from "../models/request/folderRequest";
-import { GroupRequest } from "../models/request/groupRequest";
-import { IapCheckRequest } from "../models/request/iapCheckRequest";
 import { ApiTokenRequest } from "../models/request/identityToken/apiTokenRequest";
 import { PasswordTokenRequest } from "../models/request/identityToken/passwordTokenRequest";
 import { SsoTokenRequest } from "../models/request/identityToken/ssoTokenRequest";
-import { ImportCiphersRequest } from "../models/request/importCiphersRequest";
-import { ImportDirectoryRequest } from "../models/request/importDirectoryRequest";
-import { ImportOrganizationCiphersRequest } from "../models/request/importOrganizationCiphersRequest";
-import { KdfRequest } from "../models/request/kdfRequest";
-import { KeyConnectorUserKeyRequest } from "../models/request/keyConnectorUserKeyRequest";
-import { KeysRequest } from "../models/request/keysRequest";
-import { OrganizationSponsorshipCreateRequest } from "../models/request/organization/organizationSponsorshipCreateRequest";
-import { OrganizationSponsorshipRedeemRequest } from "../models/request/organization/organizationSponsorshipRedeemRequest";
-import { OrganizationSsoRequest } from "../models/request/organization/organizationSsoRequest";
-import { OrganizationCreateRequest } from "../models/request/organizationCreateRequest";
 import { OrganizationImportRequest } from "../models/request/organizationImportRequest";
-import { OrganizationKeysRequest } from "../models/request/organizationKeysRequest";
-import { OrganizationSubscriptionUpdateRequest } from "../models/request/organizationSubscriptionUpdateRequest";
-import { OrganizationTaxInfoUpdateRequest } from "../models/request/organizationTaxInfoUpdateRequest";
-import { OrganizationUpdateRequest } from "../models/request/organizationUpdateRequest";
-import { OrganizationUpgradeRequest } from "../models/request/organizationUpgradeRequest";
-import { OrganizationUserAcceptRequest } from "../models/request/organizationUserAcceptRequest";
-import { OrganizationUserBulkConfirmRequest } from "../models/request/organizationUserBulkConfirmRequest";
-import { OrganizationUserBulkRequest } from "../models/request/organizationUserBulkRequest";
-import { OrganizationUserConfirmRequest } from "../models/request/organizationUserConfirmRequest";
-import { OrganizationUserInviteRequest } from "../models/request/organizationUserInviteRequest";
-import { OrganizationUserResetPasswordEnrollmentRequest } from "../models/request/organizationUserResetPasswordEnrollmentRequest";
-import { OrganizationUserResetPasswordRequest } from "../models/request/organizationUserResetPasswordRequest";
-import { OrganizationUserUpdateGroupsRequest } from "../models/request/organizationUserUpdateGroupsRequest";
-import { OrganizationUserUpdateRequest } from "../models/request/organizationUserUpdateRequest";
-import { PasswordHintRequest } from "../models/request/passwordHintRequest";
-import { PasswordRequest } from "../models/request/passwordRequest";
-import { PaymentRequest } from "../models/request/paymentRequest";
-import { PolicyRequest } from "../models/request/policyRequest";
-import { PreloginRequest } from "../models/request/preloginRequest";
-import { ProviderAddOrganizationRequest } from "../models/request/provider/providerAddOrganizationRequest";
-import { ProviderOrganizationCreateRequest } from "../models/request/provider/providerOrganizationCreateRequest";
-import { ProviderSetupRequest } from "../models/request/provider/providerSetupRequest";
-import { ProviderUpdateRequest } from "../models/request/provider/providerUpdateRequest";
-import { ProviderUserAcceptRequest } from "../models/request/provider/providerUserAcceptRequest";
-import { ProviderUserBulkConfirmRequest } from "../models/request/provider/providerUserBulkConfirmRequest";
-import { ProviderUserBulkRequest } from "../models/request/provider/providerUserBulkRequest";
-import { ProviderUserConfirmRequest } from "../models/request/provider/providerUserConfirmRequest";
-import { ProviderUserInviteRequest } from "../models/request/provider/providerUserInviteRequest";
-import { ProviderUserUpdateRequest } from "../models/request/provider/providerUserUpdateRequest";
-import { RegisterRequest } from "../models/request/registerRequest";
-import { SeatRequest } from "../models/request/seatRequest";
-import { SecretVerificationRequest } from "../models/request/secretVerificationRequest";
-import { SelectionReadOnlyRequest } from "../models/request/selectionReadOnlyRequest";
-import { SendAccessRequest } from "../models/request/sendAccessRequest";
-import { SendRequest } from "../models/request/sendRequest";
-import { SetPasswordRequest } from "../models/request/setPasswordRequest";
-import { StorageRequest } from "../models/request/storageRequest";
-import { TaxInfoUpdateRequest } from "../models/request/taxInfoUpdateRequest";
-import { TwoFactorEmailRequest } from "../models/request/twoFactorEmailRequest";
-import { TwoFactorProviderRequest } from "../models/request/twoFactorProviderRequest";
-import { TwoFactorRecoveryRequest } from "../models/request/twoFactorRecoveryRequest";
-import { UpdateDomainsRequest } from "../models/request/updateDomainsRequest";
-import { UpdateKeyRequest } from "../models/request/updateKeyRequest";
-import { UpdateProfileRequest } from "../models/request/updateProfileRequest";
-import { UpdateTempPasswordRequest } from "../models/request/updateTempPasswordRequest";
-import { UpdateTwoFactorAuthenticatorRequest } from "../models/request/updateTwoFactorAuthenticatorRequest";
-import { UpdateTwoFactorDuoRequest } from "../models/request/updateTwoFactorDuoRequest";
-import { UpdateTwoFactorEmailRequest } from "../models/request/updateTwoFactorEmailRequest";
-import { UpdateTwoFactorWebAuthnDeleteRequest } from "../models/request/updateTwoFactorWebAuthnDeleteRequest";
-import { UpdateTwoFactorWebAuthnRequest } from "../models/request/updateTwoFactorWebAuthnRequest";
-import { UpdateTwoFactorYubioOtpRequest } from "../models/request/updateTwoFactorYubioOtpRequest";
-import { VerifyBankRequest } from "../models/request/verifyBankRequest";
-import { VerifyDeleteRecoverRequest } from "../models/request/verifyDeleteRecoverRequest";
-import { VerifyEmailRequest } from "../models/request/verifyEmailRequest";
-import { ApiKeyResponse } from "../models/response/apiKeyResponse";
-import { AttachmentResponse } from "../models/response/attachmentResponse";
-import { AttachmentUploadDataResponse } from "../models/response/attachmentUploadDataResponse";
-import { BillingResponse } from "../models/response/billingResponse";
-import { BreachAccountResponse } from "../models/response/breachAccountResponse";
-import { CipherResponse } from "../models/response/cipherResponse";
-import {
-  CollectionGroupDetailsResponse,
-  CollectionResponse,
-} from "../models/response/collectionResponse";
-import { DomainsResponse } from "../models/response/domainsResponse";
-import {
-  EmergencyAccessGranteeDetailsResponse,
-  EmergencyAccessGrantorDetailsResponse,
-  EmergencyAccessTakeoverResponse,
-  EmergencyAccessViewResponse,
-} from "../models/response/emergencyAccessResponse";
-import { EventResponse } from "../models/response/eventResponse";
-import { FolderResponse } from "../models/response/folderResponse";
-import { GroupDetailsResponse, GroupResponse } from "../models/response/groupResponse";
 import { IdentityCaptchaResponse } from "../models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
 import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
-import { KeyConnectorUserKeyResponse } from "../models/response/keyConnectorUserKeyResponse";
-import { ListResponse } from "../models/response/listResponse";
-import { OrganizationSsoResponse } from "../models/response/organization/organizationSsoResponse";
-import { OrganizationAutoEnrollStatusResponse } from "../models/response/organizationAutoEnrollStatusResponse";
-import { OrganizationKeysResponse } from "../models/response/organizationKeysResponse";
-import { OrganizationResponse } from "../models/response/organizationResponse";
-import { OrganizationSubscriptionResponse } from "../models/response/organizationSubscriptionResponse";
-import { OrganizationUserBulkPublicKeyResponse } from "../models/response/organizationUserBulkPublicKeyResponse";
-import { OrganizationUserBulkResponse } from "../models/response/organizationUserBulkResponse";
-import {
-  OrganizationUserDetailsResponse,
-  OrganizationUserResetPasswordDetailsReponse,
-  OrganizationUserUserDetailsResponse,
-} from "../models/response/organizationUserResponse";
-import { PaymentResponse } from "../models/response/paymentResponse";
-import { PlanResponse } from "../models/response/planResponse";
-import { PolicyResponse } from "../models/response/policyResponse";
-import { PreloginResponse } from "../models/response/preloginResponse";
-import { ProfileResponse } from "../models/response/profileResponse";
-import {
-  ProviderOrganizationOrganizationDetailsResponse,
-  ProviderOrganizationResponse,
-} from "../models/response/provider/providerOrganizationResponse";
-import { ProviderResponse } from "../models/response/provider/providerResponse";
-import { ProviderUserBulkPublicKeyResponse } from "../models/response/provider/providerUserBulkPublicKeyResponse";
-import { ProviderUserBulkResponse } from "../models/response/provider/providerUserBulkResponse";
-import {
-  ProviderUserResponse,
-  ProviderUserUserDetailsResponse,
-} from "../models/response/provider/providerUserResponse";
-import { SelectionReadOnlyResponse } from "../models/response/selectionReadOnlyResponse";
-import { SendAccessResponse } from "../models/response/sendAccessResponse";
-import { SendFileDownloadDataResponse } from "../models/response/sendFileDownloadDataResponse";
-import { SendFileUploadDataResponse } from "../models/response/sendFileUploadDataResponse";
-import { SendResponse } from "../models/response/sendResponse";
-import { SubscriptionResponse } from "../models/response/subscriptionResponse";
-import { SyncResponse } from "../models/response/syncResponse";
-import { TaxInfoResponse } from "../models/response/taxInfoResponse";
-import { TaxRateResponse } from "../models/response/taxRateResponse";
-import { TwoFactorAuthenticatorResponse } from "../models/response/twoFactorAuthenticatorResponse";
-import { TwoFactorDuoResponse } from "../models/response/twoFactorDuoResponse";
-import { TwoFactorEmailResponse } from "../models/response/twoFactorEmailResponse";
-import { TwoFactorProviderResponse } from "../models/response/twoFactorProviderResponse";
-import { TwoFactorRecoverResponse } from "../models/response/twoFactorRescoverResponse";
-import {
-  ChallengeResponse,
-  TwoFactorWebAuthnResponse,
-} from "../models/response/twoFactorWebAuthnResponse";
-import { TwoFactorYubiKeyResponse } from "../models/response/twoFactorYubiKeyResponse";
-import { UserKeyResponse } from "../models/response/userKeyResponse";
-import { SendAccessView } from "../models/view/sendAccessView";
 
 export abstract class ApiService {
   postIdentityToken: (
     request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest,
   ) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse>;
-  refreshIdentityToken: () => Promise<any>;
-
-  getProfile: () => Promise<ProfileResponse>;
-  getUserBilling: () => Promise<BillingResponse>;
-  getUserSubscription: () => Promise<SubscriptionResponse>;
-  getTaxInfo: () => Promise<TaxInfoResponse>;
-  putProfile: (request: UpdateProfileRequest) => Promise<ProfileResponse>;
-  putTaxInfo: (request: TaxInfoUpdateRequest) => Promise<any>;
-  postPrelogin: (request: PreloginRequest) => Promise<PreloginResponse>;
-  postEmailToken: (request: EmailTokenRequest) => Promise<any>;
-  postEmail: (request: EmailRequest) => Promise<any>;
-  postPassword: (request: PasswordRequest) => Promise<any>;
-  setPassword: (request: SetPasswordRequest) => Promise<any>;
-  postSetKeyConnectorKey: (request: SetKeyConnectorKeyRequest) => Promise<any>;
-  postSecurityStamp: (request: SecretVerificationRequest) => Promise<any>;
-  deleteAccount: (request: SecretVerificationRequest) => Promise<any>;
-  getAccountRevisionDate: () => Promise<number>;
-  postPasswordHint: (request: PasswordHintRequest) => Promise<any>;
-  postRegister: (request: RegisterRequest) => Promise<any>;
-  postPremium: (data: FormData) => Promise<PaymentResponse>;
-  postIapCheck: (request: IapCheckRequest) => Promise<any>;
-  postReinstatePremium: () => Promise<any>;
-  postCancelPremium: () => Promise<any>;
-  postAccountStorage: (request: StorageRequest) => Promise<PaymentResponse>;
-  postAccountPayment: (request: PaymentRequest) => Promise<any>;
-  postAccountLicense: (data: FormData) => Promise<any>;
-  postAccountKey: (request: UpdateKeyRequest) => Promise<any>;
-  postAccountKeys: (request: KeysRequest) => Promise<any>;
-  postAccountVerifyEmail: () => Promise<any>;
-  postAccountVerifyEmailToken: (request: VerifyEmailRequest) => Promise<any>;
-  postAccountVerifyPassword: (request: SecretVerificationRequest) => Promise<any>;
-  postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
-  postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
-  postAccountKdf: (request: KdfRequest) => Promise<any>;
-  postUserApiKey: (id: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
-  postUserRotateApiKey: (id: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
-  putUpdateTempPassword: (request: UpdateTempPasswordRequest) => Promise<any>;
-  postAccountRequestOTP: () => Promise<void>;
-  postAccountVerifyOTP: (request: VerifyOTPRequest) => Promise<void>;
-  postConvertToKeyConnector: () => Promise<void>;
-
-  getFolder: (id: string) => Promise<FolderResponse>;
-  postFolder: (request: FolderRequest) => Promise<FolderResponse>;
-  putFolder: (id: string, request: FolderRequest) => Promise<FolderResponse>;
-  deleteFolder: (id: string) => Promise<any>;
-
-  getSend: (id: string) => Promise<SendResponse>;
-  postSendAccess: (
-    id: string,
-    request: SendAccessRequest,
-    apiUrl?: string,
-  ) => Promise<SendAccessResponse>;
-  getSends: () => Promise<ListResponse<SendResponse>>;
-  postSend: (request: SendRequest) => Promise<SendResponse>;
-  postFileTypeSend: (request: SendRequest) => Promise<SendFileUploadDataResponse>;
-  postSendFile: (sendId: string, fileId: string, data: FormData) => Promise<any>;
-  /**
-   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
-   * This method still exists for backward compatibility with old server versions.
-   */
-  postSendFileLegacy: (data: FormData) => Promise<SendResponse>;
-  putSend: (id: string, request: SendRequest) => Promise<SendResponse>;
-  putSendRemovePassword: (id: string) => Promise<SendResponse>;
-  deleteSend: (id: string) => Promise<any>;
-  getSendFileDownloadData: (
-    send: SendAccessView,
-    request: SendAccessRequest,
-    apiUrl?: string,
-  ) => Promise<SendFileDownloadDataResponse>;
-  renewSendFileUploadUrl: (sendId: string, fileId: string) => Promise<SendFileUploadDataResponse>;
-
-  getCipher: (id: string) => Promise<CipherResponse>;
-  getCipherAdmin: (id: string) => Promise<CipherResponse>;
-  getAttachmentData: (
-    cipherId: string,
-    attachmentId: string,
-    emergencyAccessId?: string,
-  ) => Promise<AttachmentResponse>;
-  getCiphersOrganization: (organizationId: string) => Promise<ListResponse<CipherResponse>>;
-  postCipher: (request: CipherRequest) => Promise<CipherResponse>;
-  postCipherCreate: (request: CipherCreateRequest) => Promise<CipherResponse>;
-  postCipherAdmin: (request: CipherCreateRequest) => Promise<CipherResponse>;
-  putCipher: (id: string, request: CipherRequest) => Promise<CipherResponse>;
-  putCipherAdmin: (id: string, request: CipherRequest) => Promise<CipherResponse>;
-  deleteCipher: (id: string) => Promise<any>;
-  deleteCipherAdmin: (id: string) => Promise<any>;
-  deleteManyCiphers: (request: CipherBulkDeleteRequest) => Promise<any>;
-  deleteManyCiphersAdmin: (request: CipherBulkDeleteRequest) => Promise<any>;
-  putMoveCiphers: (request: CipherBulkMoveRequest) => Promise<any>;
-  putShareCipher: (id: string, request: CipherShareRequest) => Promise<CipherResponse>;
-  putShareCiphers: (request: CipherBulkShareRequest) => Promise<any>;
-  putCipherCollections: (id: string, request: CipherCollectionsRequest) => Promise<any>;
-  putCipherCollectionsAdmin: (id: string, request: CipherCollectionsRequest) => Promise<any>;
-  postPurgeCiphers: (request: SecretVerificationRequest, organizationId?: string) => Promise<any>;
-  postImportCiphers: (request: ImportCiphersRequest) => Promise<any>;
-  postImportOrganizationCiphers: (
-    organizationId: string,
-    request: ImportOrganizationCiphersRequest,
-  ) => Promise<any>;
-  putDeleteCipher: (id: string) => Promise<any>;
-  putDeleteCipherAdmin: (id: string) => Promise<any>;
-  putDeleteManyCiphers: (request: CipherBulkDeleteRequest) => Promise<any>;
-  putDeleteManyCiphersAdmin: (request: CipherBulkDeleteRequest) => Promise<any>;
-  putRestoreCipher: (id: string) => Promise<CipherResponse>;
-  putRestoreCipherAdmin: (id: string) => Promise<CipherResponse>;
-  putRestoreManyCiphers: (
-    request: CipherBulkRestoreRequest,
-  ) => Promise<ListResponse<CipherResponse>>;
-
-  /**
-   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
-   * This method still exists for backward compatibility with old server versions.
-   */
-  postCipherAttachmentLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
-  /**
-   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
-   * This method still exists for backward compatibility with old server versions.
-   */
-  postCipherAttachmentAdminLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
-  postCipherAttachment: (
-    id: string,
-    request: AttachmentRequest,
-  ) => Promise<AttachmentUploadDataResponse>;
-  deleteCipherAttachment: (id: string, attachmentId: string) => Promise<any>;
-  deleteCipherAttachmentAdmin: (id: string, attachmentId: string) => Promise<any>;
-  postShareCipherAttachment: (
-    id: string,
-    attachmentId: string,
-    data: FormData,
-    organizationId: string,
-  ) => Promise<any>;
-  renewAttachmentUploadUrl: (
-    id: string,
-    attachmentId: string,
-  ) => Promise<AttachmentUploadDataResponse>;
-  postAttachmentFile: (id: string, attachmentId: string, data: FormData) => Promise<any>;
-
-  getCollectionDetails: (
-    organizationId: string,
-    id: string,
-  ) => Promise<CollectionGroupDetailsResponse>;
-  getUserCollections: () => Promise<ListResponse<CollectionResponse>>;
-  getCollections: (organizationId: string) => Promise<ListResponse<CollectionResponse>>;
-  getCollectionUsers: (organizationId: string, id: string) => Promise<SelectionReadOnlyResponse[]>;
-  postCollection: (
-    organizationId: string,
-    request: CollectionRequest,
-  ) => Promise<CollectionResponse>;
-  putCollectionUsers: (
-    organizationId: string,
-    id: string,
-    request: SelectionReadOnlyRequest[],
-  ) => Promise<any>;
-  putCollection: (
-    organizationId: string,
-    id: string,
-    request: CollectionRequest,
-  ) => Promise<CollectionResponse>;
-  deleteCollection: (organizationId: string, id: string) => Promise<any>;
-  deleteCollectionUser: (
-    organizationId: string,
-    id: string,
-    organizationUserId: string,
-  ) => Promise<any>;
-
-  getGroupDetails: (organizationId: string, id: string) => Promise<GroupDetailsResponse>;
-  getGroups: (organizationId: string) => Promise<ListResponse<GroupResponse>>;
-  getGroupUsers: (organizationId: string, id: string) => Promise<string[]>;
-  postGroup: (organizationId: string, request: GroupRequest) => Promise<GroupResponse>;
-  putGroup: (organizationId: string, id: string, request: GroupRequest) => Promise<GroupResponse>;
-  putGroupUsers: (organizationId: string, id: string, request: string[]) => Promise<any>;
-  deleteGroup: (organizationId: string, id: string) => Promise<any>;
-  deleteGroupUser: (organizationId: string, id: string, organizationUserId: string) => Promise<any>;
-
-  getPolicy: (organizationId: string, type: PolicyType) => Promise<PolicyResponse>;
-  getPolicies: (organizationId: string) => Promise<ListResponse<PolicyResponse>>;
-  getPoliciesByToken: (
-    organizationId: string,
-    token: string,
-    email: string,
-    organizationUserId: string,
-  ) => Promise<ListResponse<PolicyResponse>>;
-  getPoliciesByInvitedUser: (
-    organizationId: string,
-    userId: string,
-  ) => Promise<ListResponse<PolicyResponse>>;
-  putPolicy: (
-    organizationId: string,
-    type: PolicyType,
-    request: PolicyRequest,
-  ) => Promise<PolicyResponse>;
-
-  getOrganizationUser: (
-    organizationId: string,
-    id: string,
-  ) => Promise<OrganizationUserDetailsResponse>;
-  getOrganizationUserGroups: (organizationId: string, id: string) => Promise<string[]>;
-  getOrganizationUsers: (
-    organizationId: string,
-  ) => Promise<ListResponse<OrganizationUserUserDetailsResponse>>;
-  getOrganizationUserResetPasswordDetails: (
-    organizationId: string,
-    id: string,
-  ) => Promise<OrganizationUserResetPasswordDetailsReponse>;
-  postOrganizationUserInvite: (
-    organizationId: string,
-    request: OrganizationUserInviteRequest,
-  ) => Promise<any>;
-  postOrganizationUserReinvite: (organizationId: string, id: string) => Promise<any>;
-  postManyOrganizationUserReinvite: (
-    organizationId: string,
-    request: OrganizationUserBulkRequest,
-  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
-  postOrganizationUserAccept: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserAcceptRequest,
-  ) => Promise<any>;
-  postOrganizationUserConfirm: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserConfirmRequest,
-  ) => Promise<any>;
-  postOrganizationUsersPublicKey: (
-    organizationId: string,
-    request: OrganizationUserBulkRequest,
-  ) => Promise<ListResponse<OrganizationUserBulkPublicKeyResponse>>;
-  postOrganizationUserBulkConfirm: (
-    organizationId: string,
-    request: OrganizationUserBulkConfirmRequest,
-  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
-
-  putOrganizationUser: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserUpdateRequest,
-  ) => Promise<any>;
-  putOrganizationUserGroups: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserUpdateGroupsRequest,
-  ) => Promise<any>;
-  putOrganizationUserResetPasswordEnrollment: (
-    organizationId: string,
-    userId: string,
-    request: OrganizationUserResetPasswordEnrollmentRequest,
-  ) => Promise<any>;
-  putOrganizationUserResetPassword: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserResetPasswordRequest,
-  ) => Promise<any>;
-  deleteOrganizationUser: (organizationId: string, id: string) => Promise<any>;
-  deleteManyOrganizationUsers: (
-    organizationId: string,
-    request: OrganizationUserBulkRequest,
-  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
-
-  getSync: () => Promise<SyncResponse>;
-  postImportDirectory: (organizationId: string, request: ImportDirectoryRequest) => Promise<any>;
   postPublicImportDirectory: (request: OrganizationImportRequest) => Promise<any>;
-
-  getSettingsDomains: () => Promise<DomainsResponse>;
-  putSettingsDomains: (request: UpdateDomainsRequest) => Promise<DomainsResponse>;
-
-  getTwoFactorProviders: () => Promise<ListResponse<TwoFactorProviderResponse>>;
-  getTwoFactorOrganizationProviders: (
-    organizationId: string,
-  ) => Promise<ListResponse<TwoFactorProviderResponse>>;
-  getTwoFactorAuthenticator: (
-    request: SecretVerificationRequest,
-  ) => Promise<TwoFactorAuthenticatorResponse>;
-  getTwoFactorEmail: (request: SecretVerificationRequest) => Promise<TwoFactorEmailResponse>;
-  getTwoFactorDuo: (request: SecretVerificationRequest) => Promise<TwoFactorDuoResponse>;
-  getTwoFactorOrganizationDuo: (
-    organizationId: string,
-    request: SecretVerificationRequest,
-  ) => Promise<TwoFactorDuoResponse>;
-  getTwoFactorYubiKey: (request: SecretVerificationRequest) => Promise<TwoFactorYubiKeyResponse>;
-  getTwoFactorWebAuthn: (request: SecretVerificationRequest) => Promise<TwoFactorWebAuthnResponse>;
-  getTwoFactorWebAuthnChallenge: (request: SecretVerificationRequest) => Promise<ChallengeResponse>;
-  getTwoFactorRecover: (request: SecretVerificationRequest) => Promise<TwoFactorRecoverResponse>;
-  putTwoFactorAuthenticator: (
-    request: UpdateTwoFactorAuthenticatorRequest,
-  ) => Promise<TwoFactorAuthenticatorResponse>;
-  putTwoFactorEmail: (request: UpdateTwoFactorEmailRequest) => Promise<TwoFactorEmailResponse>;
-  putTwoFactorDuo: (request: UpdateTwoFactorDuoRequest) => Promise<TwoFactorDuoResponse>;
-  putTwoFactorOrganizationDuo: (
-    organizationId: string,
-    request: UpdateTwoFactorDuoRequest,
-  ) => Promise<TwoFactorDuoResponse>;
-  putTwoFactorYubiKey: (
-    request: UpdateTwoFactorYubioOtpRequest,
-  ) => Promise<TwoFactorYubiKeyResponse>;
-  putTwoFactorWebAuthn: (
-    request: UpdateTwoFactorWebAuthnRequest,
-  ) => Promise<TwoFactorWebAuthnResponse>;
-  deleteTwoFactorWebAuthn: (
-    request: UpdateTwoFactorWebAuthnDeleteRequest,
-  ) => Promise<TwoFactorWebAuthnResponse>;
-  putTwoFactorDisable: (request: TwoFactorProviderRequest) => Promise<TwoFactorProviderResponse>;
-  putTwoFactorOrganizationDisable: (
-    organizationId: string,
-    request: TwoFactorProviderRequest,
-  ) => Promise<TwoFactorProviderResponse>;
-  postTwoFactorRecover: (request: TwoFactorRecoveryRequest) => Promise<any>;
-  postTwoFactorEmailSetup: (request: TwoFactorEmailRequest) => Promise<any>;
-  postTwoFactorEmail: (request: TwoFactorEmailRequest) => Promise<any>;
-
-  getEmergencyAccessTrusted: () => Promise<ListResponse<EmergencyAccessGranteeDetailsResponse>>;
-  getEmergencyAccessGranted: () => Promise<ListResponse<EmergencyAccessGrantorDetailsResponse>>;
-  getEmergencyAccess: (id: string) => Promise<EmergencyAccessGranteeDetailsResponse>;
-  getEmergencyGrantorPolicies: (id: string) => Promise<ListResponse<PolicyResponse>>;
-  putEmergencyAccess: (id: string, request: EmergencyAccessUpdateRequest) => Promise<any>;
-  deleteEmergencyAccess: (id: string) => Promise<any>;
-  postEmergencyAccessInvite: (request: EmergencyAccessInviteRequest) => Promise<any>;
-  postEmergencyAccessReinvite: (id: string) => Promise<any>;
-  postEmergencyAccessAccept: (id: string, request: EmergencyAccessAcceptRequest) => Promise<any>;
-  postEmergencyAccessConfirm: (id: string, request: EmergencyAccessConfirmRequest) => Promise<any>;
-  postEmergencyAccessInitiate: (id: string) => Promise<any>;
-  postEmergencyAccessApprove: (id: string) => Promise<any>;
-  postEmergencyAccessReject: (id: string) => Promise<any>;
-  postEmergencyAccessTakeover: (id: string) => Promise<EmergencyAccessTakeoverResponse>;
-  postEmergencyAccessPassword: (
-    id: string,
-    request: EmergencyAccessPasswordRequest,
-  ) => Promise<any>;
-  postEmergencyAccessView: (id: string) => Promise<EmergencyAccessViewResponse>;
-
-  getOrganization: (id: string) => Promise<OrganizationResponse>;
-  getOrganizationBilling: (id: string) => Promise<BillingResponse>;
-  getOrganizationSubscription: (id: string) => Promise<OrganizationSubscriptionResponse>;
-  getOrganizationLicense: (id: string, installationId: string) => Promise<any>;
-  getOrganizationTaxInfo: (id: string) => Promise<TaxInfoResponse>;
-  getOrganizationAutoEnrollStatus: (
-    identifier: string,
-  ) => Promise<OrganizationAutoEnrollStatusResponse>;
-  getOrganizationSso: (id: string) => Promise<OrganizationSsoResponse>;
-  postOrganization: (request: OrganizationCreateRequest) => Promise<OrganizationResponse>;
-  putOrganization: (
-    id: string,
-    request: OrganizationUpdateRequest,
-  ) => Promise<OrganizationResponse>;
-  putOrganizationTaxInfo: (id: string, request: OrganizationTaxInfoUpdateRequest) => Promise<any>;
-  postLeaveOrganization: (id: string) => Promise<any>;
-  postOrganizationLicense: (data: FormData) => Promise<OrganizationResponse>;
-  postOrganizationLicenseUpdate: (id: string, data: FormData) => Promise<any>;
-  postOrganizationApiKey: (
-    id: string,
-    request: SecretVerificationRequest,
-  ) => Promise<ApiKeyResponse>;
-  postOrganizationRotateApiKey: (
-    id: string,
-    request: SecretVerificationRequest,
-  ) => Promise<ApiKeyResponse>;
-  postOrganizationSso: (
-    id: string,
-    request: OrganizationSsoRequest,
-  ) => Promise<OrganizationSsoResponse>;
-  postOrganizationUpgrade: (
-    id: string,
-    request: OrganizationUpgradeRequest,
-  ) => Promise<PaymentResponse>;
-  postOrganizationUpdateSubscription: (
-    id: string,
-    request: OrganizationSubscriptionUpdateRequest,
-  ) => Promise<void>;
-  postOrganizationSeat: (id: string, request: SeatRequest) => Promise<PaymentResponse>;
-  postOrganizationStorage: (id: string, request: StorageRequest) => Promise<any>;
-  postOrganizationPayment: (id: string, request: PaymentRequest) => Promise<any>;
-  postOrganizationVerifyBank: (id: string, request: VerifyBankRequest) => Promise<any>;
-  postOrganizationCancel: (id: string) => Promise<any>;
-  postOrganizationReinstate: (id: string) => Promise<any>;
-  deleteOrganization: (id: string, request: SecretVerificationRequest) => Promise<any>;
-  getPlans: () => Promise<ListResponse<PlanResponse>>;
-  getTaxRates: () => Promise<ListResponse<TaxRateResponse>>;
-  getOrganizationKeys: (id: string) => Promise<OrganizationKeysResponse>;
-  postOrganizationKeys: (
-    id: string,
-    request: OrganizationKeysRequest,
-  ) => Promise<OrganizationKeysResponse>;
-
-  postProviderSetup: (id: string, request: ProviderSetupRequest) => Promise<ProviderResponse>;
-  getProvider: (id: string) => Promise<ProviderResponse>;
-  putProvider: (id: string, request: ProviderUpdateRequest) => Promise<ProviderResponse>;
-
-  getProviderUsers: (providerId: string) => Promise<ListResponse<ProviderUserUserDetailsResponse>>;
-  getProviderUser: (providerId: string, id: string) => Promise<ProviderUserResponse>;
-  postProviderUserInvite: (providerId: string, request: ProviderUserInviteRequest) => Promise<any>;
-  postProviderUserReinvite: (providerId: string, id: string) => Promise<any>;
-  postManyProviderUserReinvite: (
-    providerId: string,
-    request: ProviderUserBulkRequest,
-  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
-  postProviderUserAccept: (
-    providerId: string,
-    id: string,
-    request: ProviderUserAcceptRequest,
-  ) => Promise<any>;
-  postProviderUserConfirm: (
-    providerId: string,
-    id: string,
-    request: ProviderUserConfirmRequest,
-  ) => Promise<any>;
-  postProviderUsersPublicKey: (
-    providerId: string,
-    request: ProviderUserBulkRequest,
-  ) => Promise<ListResponse<ProviderUserBulkPublicKeyResponse>>;
-  postProviderUserBulkConfirm: (
-    providerId: string,
-    request: ProviderUserBulkConfirmRequest,
-  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
-  putProviderUser: (
-    providerId: string,
-    id: string,
-    request: ProviderUserUpdateRequest,
-  ) => Promise<any>;
-  deleteProviderUser: (organizationId: string, id: string) => Promise<any>;
-  deleteManyProviderUsers: (
-    providerId: string,
-    request: ProviderUserBulkRequest,
-  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
-  getProviderClients: (
-    providerId: string,
-  ) => Promise<ListResponse<ProviderOrganizationOrganizationDetailsResponse>>;
-  postProviderAddOrganization: (
-    providerId: string,
-    request: ProviderAddOrganizationRequest,
-  ) => Promise<any>;
-  postProviderCreateOrganization: (
-    providerId: string,
-    request: ProviderOrganizationCreateRequest,
-  ) => Promise<ProviderOrganizationResponse>;
-  deleteProviderOrganization: (providerId: string, organizationId: string) => Promise<any>;
-
-  getEvents: (start: string, end: string, token: string) => Promise<ListResponse<EventResponse>>;
-  getEventsCipher: (
-    id: string,
-    start: string,
-    end: string,
-    token: string,
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsOrganization: (
-    id: string,
-    start: string,
-    end: string,
-    token: string,
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsOrganizationUser: (
-    organizationId: string,
-    id: string,
-    start: string,
-    end: string,
-    token: string,
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsProvider: (
-    id: string,
-    start: string,
-    end: string,
-    token: string,
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsProviderUser: (
-    providerId: string,
-    id: string,
-    start: string,
-    end: string,
-    token: string,
-  ) => Promise<ListResponse<EventResponse>>;
-  postEventsCollect: (request: EventRequest[]) => Promise<any>;
-
-  deleteSsoUser: (organizationId: string) => Promise<any>;
-  getSsoUserIdentifier: () => Promise<string>;
-
-  getUserPublicKey: (id: string) => Promise<UserKeyResponse>;
-
-  getHibpBreach: (username: string) => Promise<BreachAccountResponse[]>;
-
-  postBitPayInvoice: (request: BitPayInvoiceRequest) => Promise<string>;
-  postSetupPayment: () => Promise<string>;
-
-  getActiveBearerToken: () => Promise<string>;
-  fetch: (request: Request) => Promise<Response>;
-  nativeFetch: (request: Request) => Promise<Response>;
-
-  preValidateSso: (identifier: string) => Promise<boolean>;
-
-  postCreateSponsorship: (
-    sponsorshipOrgId: string,
-    request: OrganizationSponsorshipCreateRequest,
-  ) => Promise<void>;
-  deleteRevokeSponsorship: (sponsoringOrganizationId: string) => Promise<void>;
-  deleteRemoveSponsorship: (sponsoringOrgId: string) => Promise<void>;
-  postPreValidateSponsorshipToken: (sponsorshipToken: string) => Promise<boolean>;
-  postRedeemSponsorship: (
-    sponsorshipToken: string,
-    request: OrganizationSponsorshipRedeemRequest,
-  ) => Promise<void>;
-  postResendSponsorshipOffer: (sponsoringOrgId: string) => Promise<void>;
-
-  getUserKeyFromKeyConnector: (keyConnectorUrl: string) => Promise<KeyConnectorUserKeyResponse>;
-  postUserKeyToKeyConnector: (
-    keyConnectorUrl: string,
-    request: KeyConnectorUserKeyRequest,
-  ) => Promise<void>;
-  getKeyConnectorAlive: (keyConnectorUrl: string) => Promise<void>;
 }

jslib/common/src/abstractions/crypto.service.ts

@@ -1,86 +0,0 @@
-import { HashPurpose } from "../enums/hashPurpose";
-import { KdfType } from "../enums/kdfType";
-import { KeySuffixOptions } from "../enums/keySuffixOptions";
-import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
-import { EncString } from "../models/domain/encString";
-import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { ProfileOrganizationResponse } from "../models/response/profileOrganizationResponse";
-import { ProfileProviderOrganizationResponse } from "../models/response/profileProviderOrganizationResponse";
-import { ProfileProviderResponse } from "../models/response/profileProviderResponse";
-
-export abstract class CryptoService {
-  setKey: (key: SymmetricCryptoKey) => Promise<any>;
-  setKeyHash: (keyHash: string) => Promise<void>;
-  setEncKey: (encKey: string) => Promise<void>;
-  setEncPrivateKey: (encPrivateKey: string) => Promise<void>;
-  setOrgKeys: (
-    orgs: ProfileOrganizationResponse[],
-    providerOrgs: ProfileProviderOrganizationResponse[],
-  ) => Promise<void>;
-  setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
-  getKey: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
-  getKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
-  getKeyHash: () => Promise<string>;
-  compareAndUpdateKeyHash: (masterPassword: string, key: SymmetricCryptoKey) => Promise<boolean>;
-  getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
-  getPublicKey: () => Promise<ArrayBuffer>;
-  getPrivateKey: () => Promise<ArrayBuffer>;
-  getFingerprint: (userId: string, publicKey?: ArrayBuffer) => Promise<string[]>;
-  getOrgKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
-  getOrgKey: (orgId: string) => Promise<SymmetricCryptoKey>;
-  getProviderKey: (providerId: string) => Promise<SymmetricCryptoKey>;
-  hasKey: () => Promise<boolean>;
-  hasKeyInMemory: (userId?: string) => Promise<boolean>;
-  hasKeyStored: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<boolean>;
-  hasEncKey: () => Promise<boolean>;
-  clearKey: (clearSecretStorage?: boolean, userId?: string) => Promise<any>;
-  clearKeyHash: () => Promise<any>;
-  clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  clearProviderKeys: (memoryOnly?: boolean) => Promise<any>;
-  clearPinProtectedKey: () => Promise<any>;
-  clearKeys: (userId?: string) => Promise<any>;
-  toggleKey: () => Promise<any>;
-  makeKey: (
-    password: string,
-    salt: string,
-    kdf: KdfType,
-    kdfIterations: number,
-  ) => Promise<SymmetricCryptoKey>;
-  makeKeyFromPin: (
-    pin: string,
-    salt: string,
-    kdf: KdfType,
-    kdfIterations: number,
-    protectedKeyCs?: EncString,
-  ) => Promise<SymmetricCryptoKey>;
-  makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
-  makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
-  makePinKey: (
-    pin: string,
-    salt: string,
-    kdf: KdfType,
-    kdfIterations: number,
-  ) => Promise<SymmetricCryptoKey>;
-  makeSendKey: (keyMaterial: ArrayBuffer) => Promise<SymmetricCryptoKey>;
-  hashPassword: (
-    password: string,
-    key: SymmetricCryptoKey,
-    hashPurpose?: HashPurpose,
-  ) => Promise<string>;
-  makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, EncString]>;
-  remakeEncKey: (
-    key: SymmetricCryptoKey,
-    encKey?: SymmetricCryptoKey,
-  ) => Promise<[SymmetricCryptoKey, EncString]>;
-  encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncString>;
-  encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;
-  rsaEncrypt: (data: ArrayBuffer, publicKey?: ArrayBuffer) => Promise<EncString>;
-  rsaDecrypt: (encValue: string, privateKeyValue?: ArrayBuffer) => Promise<ArrayBuffer>;
-  decryptToBytes: (encString: EncString, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>;
-  decryptToUtf8: (encString: EncString, key?: SymmetricCryptoKey) => Promise<string>;
-  decryptFromBytes: (encBuf: ArrayBuffer, key: SymmetricCryptoKey) => Promise<ArrayBuffer>;
-  randomNumber: (min: number, max: number) => Promise<number>;
-  validateKey: (key: SymmetricCryptoKey) => Promise<boolean>;
-}

jslib/common/src/abstractions/environment.service.ts

@@ -1,34 +1,2 @@
-import { Observable } from "rxjs";
-
-export type Urls = {
-  base?: string;
-  webVault?: string;
-  api?: string;
-  identity?: string;
-  icons?: string;
-  notifications?: string;
-  events?: string;
-  keyConnector?: string;
-};
-
-export type PayPalConfig = {
-  businessId?: string;
-  buttonAction?: string;
-};
-
-export abstract class EnvironmentService {
-  urls: Observable<Urls>;
-
-  hasBaseUrl: () => boolean;
-  getNotificationsUrl: () => string;
-  getWebVaultUrl: () => string;
-  getSendUrl: () => string;
-  getIconsUrl: () => string;
-  getApiUrl: () => string;
-  getIdentityUrl: () => string;
-  getEventsUrl: () => string;
-  getKeyConnectorUrl: () => string;
-  setUrlsFromStorage: () => Promise<void>;
-  setUrls: (urls: Urls) => Promise<Urls>;
-  getUrls: () => Urls;
-}
+// Stub file - re-exports DC EnvironmentService
+export { EnvironmentService, EnvironmentUrls } from "@/libs/abstractions/environment.service";

jslib/common/src/abstractions/state.service.ts

@@ -1,304 +1,2 @@
-import { Observable } from "rxjs";
-
-import { KdfType } from "../enums/kdfType";
-import { ThemeType } from "../enums/themeType";
-import { UriMatchType } from "../enums/uriMatchType";
-import { CipherData } from "../models/data/cipherData";
-import { CollectionData } from "../models/data/collectionData";
-import { EventData } from "../models/data/eventData";
-import { FolderData } from "../models/data/folderData";
-import { OrganizationData } from "../models/data/organizationData";
-import { PolicyData } from "../models/data/policyData";
-import { ProviderData } from "../models/data/providerData";
-import { SendData } from "../models/data/sendData";
-import { Account } from "../models/domain/account";
-import { EncString } from "../models/domain/encString";
-import { EnvironmentUrls } from "../models/domain/environmentUrls";
-import { GeneratedPasswordHistory } from "../models/domain/generatedPasswordHistory";
-import { Policy } from "../models/domain/policy";
-import { StorageOptions } from "../models/domain/storageOptions";
-import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { WindowState } from "../models/domain/windowState";
-import { CipherView } from "../models/view/cipherView";
-import { CollectionView } from "../models/view/collectionView";
-import { FolderView } from "../models/view/folderView";
-import { SendView } from "../models/view/sendView";
-
-export abstract class StateService<T extends Account = Account> {
-  accounts$: Observable<{ [userId: string]: T }>;
-  activeAccount$: Observable<string>;
-
-  addAccount: (account: T) => Promise<void>;
-  setActiveUser: (userId: string) => Promise<void>;
-  clean: (options?: StorageOptions) => Promise<void>;
-  init: () => Promise<void>;
-
-  getAccessToken: (options?: StorageOptions) => Promise<string>;
-  setAccessToken: (value: string, options?: StorageOptions) => Promise<void>;
-  getAddEditCipherInfo: (options?: StorageOptions) => Promise<any>;
-  setAddEditCipherInfo: (value: any, options?: StorageOptions) => Promise<void>;
-  getAlwaysShowDock: (options?: StorageOptions) => Promise<boolean>;
-  setAlwaysShowDock: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getApiKeyClientId: (options?: StorageOptions) => Promise<string>;
-  setApiKeyClientId: (value: string, options?: StorageOptions) => Promise<void>;
-  getApiKeyClientSecret: (options?: StorageOptions) => Promise<string>;
-  setApiKeyClientSecret: (value: string, options?: StorageOptions) => Promise<void>;
-  getAutoConfirmFingerPrints: (options?: StorageOptions) => Promise<boolean>;
-  setAutoConfirmFingerprints: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getAutoFillOnPageLoadDefault: (options?: StorageOptions) => Promise<boolean>;
-  setAutoFillOnPageLoadDefault: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getBiometricAwaitingAcceptance: (options?: StorageOptions) => Promise<boolean>;
-  setBiometricAwaitingAcceptance: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getBiometricFingerprintValidated: (options?: StorageOptions) => Promise<boolean>;
-  setBiometricFingerprintValidated: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getBiometricLocked: (options?: StorageOptions) => Promise<boolean>;
-  setBiometricLocked: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getBiometricText: (options?: StorageOptions) => Promise<string>;
-  setBiometricText: (value: string, options?: StorageOptions) => Promise<void>;
-  getBiometricUnlock: (options?: StorageOptions) => Promise<boolean>;
-  setBiometricUnlock: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getCanAccessPremium: (options?: StorageOptions) => Promise<boolean>;
-  getClearClipboard: (options?: StorageOptions) => Promise<number>;
-  setClearClipboard: (value: number, options?: StorageOptions) => Promise<void>;
-  getCollapsedGroupings: (options?: StorageOptions) => Promise<string[]>;
-  setCollapsedGroupings: (value: string[], options?: StorageOptions) => Promise<void>;
-  getConvertAccountToKeyConnector: (options?: StorageOptions) => Promise<boolean>;
-  setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getCryptoMasterKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
-  setCryptoMasterKey: (value: SymmetricCryptoKey, options?: StorageOptions) => Promise<void>;
-  getCryptoMasterKeyAuto: (options?: StorageOptions) => Promise<string>;
-  setCryptoMasterKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
-  getCryptoMasterKeyB64: (options?: StorageOptions) => Promise<string>;
-  setCryptoMasterKeyB64: (value: string, options?: StorageOptions) => Promise<void>;
-  getCryptoMasterKeyBiometric: (options?: StorageOptions) => Promise<string>;
-  hasCryptoMasterKeyBiometric: (options?: StorageOptions) => Promise<boolean>;
-  setCryptoMasterKeyBiometric: (value: string, options?: StorageOptions) => Promise<void>;
-  getDecodedToken: (options?: StorageOptions) => Promise<any>;
-  setDecodedToken: (value: any, options?: StorageOptions) => Promise<void>;
-  getDecryptedCiphers: (options?: StorageOptions) => Promise<CipherView[]>;
-  setDecryptedCiphers: (value: CipherView[], options?: StorageOptions) => Promise<void>;
-  getDecryptedCollections: (options?: StorageOptions) => Promise<CollectionView[]>;
-  setDecryptedCollections: (value: CollectionView[], options?: StorageOptions) => Promise<void>;
-  getDecryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
-  setDecryptedCryptoSymmetricKey: (
-    value: SymmetricCryptoKey,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getDecryptedFolders: (options?: StorageOptions) => Promise<FolderView[]>;
-  setDecryptedFolders: (value: FolderView[], options?: StorageOptions) => Promise<void>;
-  getDecryptedOrganizationKeys: (
-    options?: StorageOptions,
-  ) => Promise<Map<string, SymmetricCryptoKey>>;
-  setDecryptedOrganizationKeys: (
-    value: Map<string, SymmetricCryptoKey>,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getDecryptedPasswordGenerationHistory: (
-    options?: StorageOptions,
-  ) => Promise<GeneratedPasswordHistory[]>;
-  setDecryptedPasswordGenerationHistory: (
-    value: GeneratedPasswordHistory[],
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getDecryptedPinProtected: (options?: StorageOptions) => Promise<EncString>;
-  setDecryptedPinProtected: (value: EncString, options?: StorageOptions) => Promise<void>;
-  getDecryptedPolicies: (options?: StorageOptions) => Promise<Policy[]>;
-  setDecryptedPolicies: (value: Policy[], options?: StorageOptions) => Promise<void>;
-  getDecryptedPrivateKey: (options?: StorageOptions) => Promise<ArrayBuffer>;
-  setDecryptedPrivateKey: (value: ArrayBuffer, options?: StorageOptions) => Promise<void>;
-  getDecryptedProviderKeys: (options?: StorageOptions) => Promise<Map<string, SymmetricCryptoKey>>;
-  setDecryptedProviderKeys: (
-    value: Map<string, SymmetricCryptoKey>,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getDecryptedSends: (options?: StorageOptions) => Promise<SendView[]>;
-  setDecryptedSends: (value: SendView[], options?: StorageOptions) => Promise<void>;
-  getDefaultUriMatch: (options?: StorageOptions) => Promise<UriMatchType>;
-  setDefaultUriMatch: (value: UriMatchType, options?: StorageOptions) => Promise<void>;
-  getDisableAddLoginNotification: (options?: StorageOptions) => Promise<boolean>;
-  setDisableAddLoginNotification: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableAutoBiometricsPrompt: (options?: StorageOptions) => Promise<boolean>;
-  setDisableAutoBiometricsPrompt: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableAutoTotpCopy: (options?: StorageOptions) => Promise<boolean>;
-  setDisableAutoTotpCopy: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableBadgeCounter: (options?: StorageOptions) => Promise<boolean>;
-  setDisableBadgeCounter: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableChangedPasswordNotification: (options?: StorageOptions) => Promise<boolean>;
-  setDisableChangedPasswordNotification: (
-    value: boolean,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getDisableContextMenuItem: (options?: StorageOptions) => Promise<boolean>;
-  setDisableContextMenuItem: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableFavicon: (options?: StorageOptions) => Promise<boolean>;
-  setDisableFavicon: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableGa: (options?: StorageOptions) => Promise<boolean>;
-  setDisableGa: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDontShowCardsCurrentTab: (options?: StorageOptions) => Promise<boolean>;
-  setDontShowCardsCurrentTab: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDontShowIdentitiesCurrentTab: (options?: StorageOptions) => Promise<boolean>;
-  setDontShowIdentitiesCurrentTab: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEmail: (options?: StorageOptions) => Promise<string>;
-  setEmail: (value: string, options?: StorageOptions) => Promise<void>;
-  getEmailVerified: (options?: StorageOptions) => Promise<boolean>;
-  setEmailVerified: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableAlwaysOnTop: (options?: StorageOptions) => Promise<boolean>;
-  setEnableAlwaysOnTop: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableAutoFillOnPageLoad: (options?: StorageOptions) => Promise<boolean>;
-  setEnableAutoFillOnPageLoad: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableBiometric: (options?: StorageOptions) => Promise<boolean>;
-  setEnableBiometric: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableBrowserIntegration: (options?: StorageOptions) => Promise<boolean>;
-  setEnableBrowserIntegration: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableBrowserIntegrationFingerprint: (options?: StorageOptions) => Promise<boolean>;
-  setEnableBrowserIntegrationFingerprint: (
-    value: boolean,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEnableCloseToTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableCloseToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableFullWidth: (options?: StorageOptions) => Promise<boolean>;
-  setEnableFullWidth: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableGravitars: (options?: StorageOptions) => Promise<boolean>;
-  setEnableGravitars: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableMinimizeToTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableMinimizeToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableStartToTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableStartToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableTray: (options?: StorageOptions) => Promise<boolean>;
-  setEnableTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEncryptedCiphers: (options?: StorageOptions) => Promise<{ [id: string]: CipherData }>;
-  setEncryptedCiphers: (
-    value: { [id: string]: CipherData },
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEncryptedCollections: (options?: StorageOptions) => Promise<{ [id: string]: CollectionData }>;
-  setEncryptedCollections: (
-    value: { [id: string]: CollectionData },
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEncryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<string>;
-  setEncryptedCryptoSymmetricKey: (value: string, options?: StorageOptions) => Promise<void>;
-  getEncryptedFolders: (options?: StorageOptions) => Promise<{ [id: string]: FolderData }>;
-  setEncryptedFolders: (
-    value: { [id: string]: FolderData },
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEncryptedOrganizationKeys: (options?: StorageOptions) => Promise<any>;
-  setEncryptedOrganizationKeys: (
-    value: Map<string, SymmetricCryptoKey>,
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEncryptedPasswordGenerationHistory: (
-    options?: StorageOptions,
-  ) => Promise<GeneratedPasswordHistory[]>;
-  setEncryptedPasswordGenerationHistory: (
-    value: GeneratedPasswordHistory[],
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEncryptedPinProtected: (options?: StorageOptions) => Promise<string>;
-  setEncryptedPinProtected: (value: string, options?: StorageOptions) => Promise<void>;
-  getEncryptedPolicies: (options?: StorageOptions) => Promise<{ [id: string]: PolicyData }>;
-  setEncryptedPolicies: (
-    value: { [id: string]: PolicyData },
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getEncryptedPrivateKey: (options?: StorageOptions) => Promise<string>;
-  setEncryptedPrivateKey: (value: string, options?: StorageOptions) => Promise<void>;
-  getEncryptedProviderKeys: (options?: StorageOptions) => Promise<any>;
-  setEncryptedProviderKeys: (value: any, options?: StorageOptions) => Promise<void>;
-  getEncryptedSends: (options?: StorageOptions) => Promise<{ [id: string]: SendData }>;
-  setEncryptedSends: (value: { [id: string]: SendData }, options?: StorageOptions) => Promise<void>;
-  getEntityId: (options?: StorageOptions) => Promise<string>;
-  getEnvironmentUrls: (options?: StorageOptions) => Promise<EnvironmentUrls>;
-  setEnvironmentUrls: (value: EnvironmentUrls, options?: StorageOptions) => Promise<void>;
-  getEquivalentDomains: (options?: StorageOptions) => Promise<any>;
-  setEquivalentDomains: (value: string, options?: StorageOptions) => Promise<void>;
-  getEventCollection: (options?: StorageOptions) => Promise<EventData[]>;
-  setEventCollection: (value: EventData[], options?: StorageOptions) => Promise<void>;
-  getEverBeenUnlocked: (options?: StorageOptions) => Promise<boolean>;
-  setEverBeenUnlocked: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getForcePasswordReset: (options?: StorageOptions) => Promise<boolean>;
-  setForcePasswordReset: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getInstalledVersion: (options?: StorageOptions) => Promise<string>;
-  setInstalledVersion: (value: string, options?: StorageOptions) => Promise<void>;
-  getIsAuthenticated: (options?: StorageOptions) => Promise<boolean>;
-  getKdfIterations: (options?: StorageOptions) => Promise<number>;
-  setKdfIterations: (value: number, options?: StorageOptions) => Promise<void>;
-  getKdfType: (options?: StorageOptions) => Promise<KdfType>;
-  setKdfType: (value: KdfType, options?: StorageOptions) => Promise<void>;
-  getKeyHash: (options?: StorageOptions) => Promise<string>;
-  setKeyHash: (value: string, options?: StorageOptions) => Promise<void>;
-  getLastActive: (options?: StorageOptions) => Promise<number>;
-  setLastActive: (value: number, options?: StorageOptions) => Promise<void>;
-  getLastSync: (options?: StorageOptions) => Promise<string>;
-  setLastSync: (value: string, options?: StorageOptions) => Promise<void>;
-  getLegacyEtmKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
-  setLegacyEtmKey: (value: SymmetricCryptoKey, options?: StorageOptions) => Promise<void>;
-  getLocalData: (options?: StorageOptions) => Promise<any>;
-  setLocalData: (value: string, options?: StorageOptions) => Promise<void>;
-  getLocale: (options?: StorageOptions) => Promise<string>;
-  setLocale: (value: string, options?: StorageOptions) => Promise<void>;
-  getLoginRedirect: (options?: StorageOptions) => Promise<any>;
-  setLoginRedirect: (value: any, options?: StorageOptions) => Promise<void>;
-  getMainWindowSize: (options?: StorageOptions) => Promise<number>;
-  setMainWindowSize: (value: number, options?: StorageOptions) => Promise<void>;
-  getMinimizeOnCopyToClipboard: (options?: StorageOptions) => Promise<boolean>;
-  setMinimizeOnCopyToClipboard: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getNeverDomains: (options?: StorageOptions) => Promise<{ [id: string]: any }>;
-  setNeverDomains: (value: { [id: string]: any }, options?: StorageOptions) => Promise<void>;
-  getNoAutoPromptBiometrics: (options?: StorageOptions) => Promise<boolean>;
-  setNoAutoPromptBiometrics: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getNoAutoPromptBiometricsText: (options?: StorageOptions) => Promise<string>;
-  setNoAutoPromptBiometricsText: (value: string, options?: StorageOptions) => Promise<void>;
-  getOpenAtLogin: (options?: StorageOptions) => Promise<boolean>;
-  setOpenAtLogin: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getOrganizationInvitation: (options?: StorageOptions) => Promise<any>;
-  setOrganizationInvitation: (value: any, options?: StorageOptions) => Promise<void>;
-  getOrganizations: (options?: StorageOptions) => Promise<{ [id: string]: OrganizationData }>;
-  setOrganizations: (
-    value: { [id: string]: OrganizationData },
-    options?: StorageOptions,
-  ) => Promise<void>;
-  getPasswordGenerationOptions: (options?: StorageOptions) => Promise<any>;
-  setPasswordGenerationOptions: (value: any, options?: StorageOptions) => Promise<void>;
-  getUsernameGenerationOptions: (options?: StorageOptions) => Promise<any>;
-  setUsernameGenerationOptions: (value: any, options?: StorageOptions) => Promise<void>;
-  getGeneratorOptions: (options?: StorageOptions) => Promise<any>;
-  setGeneratorOptions: (value: any, options?: StorageOptions) => Promise<void>;
-  getProtectedPin: (options?: StorageOptions) => Promise<string>;
-  setProtectedPin: (value: string, options?: StorageOptions) => Promise<void>;
-  getProviders: (options?: StorageOptions) => Promise<{ [id: string]: ProviderData }>;
-  setProviders: (value: { [id: string]: ProviderData }, options?: StorageOptions) => Promise<void>;
-  getPublicKey: (options?: StorageOptions) => Promise<ArrayBuffer>;
-  setPublicKey: (value: ArrayBuffer, options?: StorageOptions) => Promise<void>;
-  getRefreshToken: (options?: StorageOptions) => Promise<string>;
-  setRefreshToken: (value: string, options?: StorageOptions) => Promise<void>;
-  getRememberedEmail: (options?: StorageOptions) => Promise<string>;
-  setRememberedEmail: (value: string, options?: StorageOptions) => Promise<void>;
-  getSecurityStamp: (options?: StorageOptions) => Promise<string>;
-  setSecurityStamp: (value: string, options?: StorageOptions) => Promise<void>;
-  getSettings: (options?: StorageOptions) => Promise<any>;
-  setSettings: (value: string, options?: StorageOptions) => Promise<void>;
-  getSsoCodeVerifier: (options?: StorageOptions) => Promise<string>;
-  setSsoCodeVerifier: (value: string, options?: StorageOptions) => Promise<void>;
-  getSsoOrgIdentifier: (options?: StorageOptions) => Promise<string>;
-  setSsoOrganizationIdentifier: (value: string, options?: StorageOptions) => Promise<void>;
-  getSsoState: (options?: StorageOptions) => Promise<string>;
-  setSsoState: (value: string, options?: StorageOptions) => Promise<void>;
-  getTheme: (options?: StorageOptions) => Promise<ThemeType>;
-  setTheme: (value: ThemeType, options?: StorageOptions) => Promise<void>;
-  getTwoFactorToken: (options?: StorageOptions) => Promise<string>;
-  setTwoFactorToken: (value: string, options?: StorageOptions) => Promise<void>;
-  getUserId: (options?: StorageOptions) => Promise<string>;
-  getUsesKeyConnector: (options?: StorageOptions) => Promise<boolean>;
-  setUsesKeyConnector: (vaule: boolean, options?: StorageOptions) => Promise<void>;
-  getVaultTimeout: (options?: StorageOptions) => Promise<number>;
-  setVaultTimeout: (value: number, options?: StorageOptions) => Promise<void>;
-  getVaultTimeoutAction: (options?: StorageOptions) => Promise<string>;
-  setVaultTimeoutAction: (value: string, options?: StorageOptions) => Promise<void>;
-  getStateVersion: () => Promise<number>;
-  setStateVersion: (value: number) => Promise<void>;
-  getWindow: () => Promise<WindowState>;
-  setWindow: (value: WindowState) => Promise<void>;
-}
+// Stub file - re-exports DC StateService
+export { StateService } from "@/libs/abstractions/state.service";

jslib/common/src/abstractions/stateMigration.service.ts

@@ -1,4 +0,0 @@
-export abstract class StateMigrationService {
-  needsMigration: () => Promise<boolean>;
-  migrate: () => Promise<void>;
-}

jslib/common/src/abstractions/token.service.ts

@@ -1,32 +1,2 @@
-import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
-
-export abstract class TokenService {
-  setTokens: (
-    accessToken: string,
-    refreshToken: string,
-    clientIdClientSecret: [string, string],
-  ) => Promise<any>;
-  setToken: (token: string) => Promise<any>;
-  getToken: () => Promise<string>;
-  setRefreshToken: (refreshToken: string) => Promise<any>;
-  getRefreshToken: () => Promise<string>;
-  setClientId: (clientId: string) => Promise<any>;
-  getClientId: () => Promise<string>;
-  setClientSecret: (clientSecret: string) => Promise<any>;
-  getClientSecret: () => Promise<string>;
-  setTwoFactorToken: (tokenResponse: IdentityTokenResponse) => Promise<any>;
-  getTwoFactorToken: () => Promise<string>;
-  clearTwoFactorToken: () => Promise<any>;
-  clearToken: (userId?: string) => Promise<any>;
-  decodeToken: (token?: string) => any;
-  getTokenExpirationDate: () => Promise<Date>;
-  tokenSecondsRemaining: (offsetSeconds?: number) => Promise<number>;
-  tokenNeedsRefresh: (minutes?: number) => Promise<boolean>;
-  getUserId: () => Promise<string>;
-  getEmail: () => Promise<string>;
-  getEmailVerified: () => Promise<boolean>;
-  getName: () => Promise<string>;
-  getPremium: () => Promise<boolean>;
-  getIssuer: () => Promise<string>;
-  getIsExternal: () => Promise<boolean>;
-}
+// Stub file - re-exports DC TokenService
+export { TokenService } from "@/libs/abstractions/token.service";

jslib/common/src/enums/authenticationStatus.ts

@@ -1,6 +0,0 @@
-export enum AuthenticationStatus {
-  Locked = "locked",
-  Unlocked = "unlocked",
-  LoggedOut = "loggedOut",
-  Active = "active",
-}

jslib/common/src/enums/cipherRepromptType.ts

@@ -1,4 +0,0 @@
-export enum CipherRepromptType {
-  None = 0,
-  Password = 1,
-}

jslib/common/src/enums/cipherType.ts

@@ -1,6 +0,0 @@
-export enum CipherType {
-  Login = 1,
-  SecureNote = 2,
-  Card = 3,
-  Identity = 4,
-}

jslib/common/src/enums/emergencyAccessStatusType.ts

@@ -1,7 +0,0 @@
-export enum EmergencyAccessStatusType {
-  Invited = 0,
-  Accepted = 1,
-  Confirmed = 2,
-  RecoveryInitiated = 3,
-  RecoveryApproved = 4,
-}

jslib/common/src/enums/emergencyAccessType.ts

@@ -1,4 +0,0 @@
-export enum EmergencyAccessType {
-  View = 0,
-  Takeover = 1,
-}

jslib/common/src/enums/eventType.ts

@@ -1,72 +0,0 @@
-export enum EventType {
-  User_LoggedIn = 1000,
-  User_ChangedPassword = 1001,
-  User_Updated2fa = 1002,
-  User_Disabled2fa = 1003,
-  User_Recovered2fa = 1004,
-  User_FailedLogIn = 1005,
-  User_FailedLogIn2fa = 1006,
-  User_ClientExportedVault = 1007,
-  User_UpdatedTempPassword = 1008,
-  User_MigratedKeyToKeyConnector = 1009,
-
-  Cipher_Created = 1100,
-  Cipher_Updated = 1101,
-  Cipher_Deleted = 1102,
-  Cipher_AttachmentCreated = 1103,
-  Cipher_AttachmentDeleted = 1104,
-  Cipher_Shared = 1105,
-  Cipher_UpdatedCollections = 1106,
-  Cipher_ClientViewed = 1107,
-  Cipher_ClientToggledPasswordVisible = 1108,
-  Cipher_ClientToggledHiddenFieldVisible = 1109,
-  Cipher_ClientToggledCardCodeVisible = 1110,
-  Cipher_ClientCopiedPassword = 1111,
-  Cipher_ClientCopiedHiddenField = 1112,
-  Cipher_ClientCopiedCardCode = 1113,
-  Cipher_ClientAutofilled = 1114,
-  Cipher_SoftDeleted = 1115,
-  Cipher_Restored = 1116,
-  Cipher_ClientToggledCardNumberVisible = 1117,
-
-  Collection_Created = 1300,
-  Collection_Updated = 1301,
-  Collection_Deleted = 1302,
-
-  Group_Created = 1400,
-  Group_Updated = 1401,
-  Group_Deleted = 1402,
-
-  OrganizationUser_Invited = 1500,
-  OrganizationUser_Confirmed = 1501,
-  OrganizationUser_Updated = 1502,
-  OrganizationUser_Removed = 1503,
-  OrganizationUser_UpdatedGroups = 1504,
-  OrganizationUser_UnlinkedSso = 1505,
-  OrganizationUser_ResetPassword_Enroll = 1506,
-  OrganizationUser_ResetPassword_Withdraw = 1507,
-  OrganizationUser_AdminResetPassword = 1508,
-  OrganizationUser_ResetSsoLink = 1509,
-  OrganizationUser_FirstSsoLogin = 1510,
-
-  Organization_Updated = 1600,
-  Organization_PurgedVault = 1601,
-  // Organization_ClientExportedVault = 1602,
-  Organization_VaultAccessed = 1603,
-  Organization_EnabledSso = 1604,
-  Organization_DisabledSso = 1605,
-  Organization_EnabledKeyConnector = 1606,
-  Organization_DisabledKeyConnector = 1607,
-
-  Policy_Updated = 1700,
-
-  ProviderUser_Invited = 1800,
-  ProviderUser_Confirmed = 1801,
-  ProviderUser_Updated = 1802,
-  ProviderUser_Removed = 1803,
-
-  ProviderOrganization_Created = 1900,
-  ProviderOrganization_Added = 1901,
-  ProviderOrganization_Removed = 1902,
-  ProviderOrganization_VaultAccessed = 1903,
-}

jslib/common/src/enums/fieldType.ts

@@ -1,6 +0,0 @@
-export enum FieldType {
-  Text = 0,
-  Hidden = 1,
-  Boolean = 2,
-  Linked = 3,
-}

jslib/common/src/enums/fileUploadType.ts

@@ -1,4 +0,0 @@
-export enum FileUploadType {
-  Direct = 0,
-  Azure = 1,
-}

jslib/common/src/enums/hashPurpose.ts

@@ -1,4 +0,0 @@
-export enum HashPurpose {
-  ServerAuthorization = 1,
-  LocalAuthorization = 2,
-}

jslib/common/src/enums/keySuffixOptions.ts

@@ -1,4 +0,0 @@
-export enum KeySuffixOptions {
-  Auto = "auto",
-  Biometric = "biometric",
-}

jslib/common/src/enums/linkedIdType.ts

@@ -1,40 +0,0 @@
-export type LinkedIdType = LoginLinkedId | CardLinkedId | IdentityLinkedId;
-
-// LoginView
-export enum LoginLinkedId {
-  Username = 100,
-  Password = 101,
-}
-
-// CardView
-export enum CardLinkedId {
-  CardholderName = 300,
-  ExpMonth = 301,
-  ExpYear = 302,
-  Code = 303,
-  Brand = 304,
-  Number = 305,
-}
-
-// IdentityView
-export enum IdentityLinkedId {
-  Title = 400,
-  MiddleName = 401,
-  Address1 = 402,
-  Address2 = 403,
-  Address3 = 404,
-  City = 405,
-  State = 406,
-  PostalCode = 407,
-  Country = 408,
-  Company = 409,
-  Email = 410,
-  Phone = 411,
-  Ssn = 412,
-  Username = 413,
-  PassportNumber = 414,
-  LicenseNumber = 415,
-  FirstName = 416,
-  LastName = 417,
-  FullName = 418,
-}

jslib/common/src/enums/notificationType.ts

@@ -1,20 +0,0 @@
-export enum NotificationType {
-  SyncCipherUpdate = 0,
-  SyncCipherCreate = 1,
-  SyncLoginDelete = 2,
-  SyncFolderDelete = 3,
-  SyncCiphers = 4,
-
-  SyncVault = 5,
-  SyncOrgKeys = 6,
-  SyncFolderCreate = 7,
-  SyncFolderUpdate = 8,
-  SyncCipherDelete = 9,
-  SyncSettings = 10,
-
-  LogOut = 11,
-
-  SyncSendCreate = 12,
-  SyncSendUpdate = 13,
-  SyncSendDelete = 14,
-}

jslib/common/src/enums/organizationUserStatusType.ts

@@ -1,5 +0,0 @@
-export enum OrganizationUserStatusType {
-  Invited = 0,
-  Accepted = 1,
-  Confirmed = 2,
-}

jslib/common/src/enums/organizationUserType.ts

@@ -1,7 +0,0 @@
-export enum OrganizationUserType {
-  Owner = 0,
-  Admin = 1,
-  User = 2,
-  Manager = 3,
-  Custom = 4,
-}

jslib/common/src/enums/paymentMethodType.ts

@@ -1,11 +0,0 @@
-export enum PaymentMethodType {
-  Card = 0,
-  BankAccount = 1,
-  PayPal = 2,
-  BitPay = 3,
-  Credit = 4,
-  WireTransfer = 5,
-  AppleInApp = 6,
-  GoogleInApp = 7,
-  Check = 8,
-}

jslib/common/src/enums/permissions.ts

@@ -1,27 +0,0 @@
-export enum Permissions {
-  AccessEventLogs,
-  AccessImportExport,
-  AccessReports,
-  /**
-   * @deprecated Sep 29 2021: This permission has been split out to `createNewCollections`, `editAnyCollection`, and
-   * `deleteAnyCollection`. It exists here for backwards compatibility with Server versions <= 1.43.0
-   */
-  ManageAllCollections,
-  /**
-   * @deprecated Sep 29 2021: This permission has been split out to `editAssignedCollections` and
-   * `deleteAssignedCollections`. It exists here for backwards compatibility with Server versions <= 1.43.0
-   */
-  ManageAssignedCollections,
-  ManageGroups,
-  ManageOrganization,
-  ManagePolicies,
-  ManageProvider,
-  ManageUsers,
-  ManageUsersPassword,
-  CreateNewCollections,
-  EditAnyCollection,
-  DeleteAnyCollection,
-  EditAssignedCollections,
-  DeleteAssignedCollections,
-  ManageSso,
-}

jslib/common/src/enums/planSponsorshipType.ts

@@ -1,3 +0,0 @@
-export enum PlanSponsorshipType {
-  FamiliesForEnterprise = 0,
-}

jslib/common/src/enums/planType.ts

@@ -1,14 +0,0 @@
-export enum PlanType {
-  Free = 0,
-  FamiliesAnnually2019 = 1,
-  TeamsMonthly2019 = 2,
-  TeamsAnnually2019 = 3,
-  EnterpriseMonthly2019 = 4,
-  EnterpriseAnnually2019 = 5,
-  Custom = 6,
-  FamiliesAnnually = 7,
-  TeamsMonthly = 8,
-  TeamsAnnually = 9,
-  EnterpriseMonthly = 10,
-  EnterpriseAnnually = 11,
-}

jslib/common/src/enums/policyType.ts

@@ -1,13 +0,0 @@
-export enum PolicyType {
-  TwoFactorAuthentication = 0, // Requires users to have 2fa enabled
-  MasterPassword = 1, // Sets minimum requirements for master password complexity
-  PasswordGenerator = 2, // Sets minimum requirements/default type for generated passwords/passphrases
-  SingleOrg = 3, // Allows users to only be apart of one organization
-  RequireSso = 4, // Requires users to authenticate with SSO
-  PersonalOwnership = 5, // Disables personal vault ownership for adding/cloning items
-  DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
-  SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
-  ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
-  MaximumVaultTimeout = 9, // Sets the maximum allowed vault timeout
-  DisablePersonalVaultExport = 10, // Disable personal vault export
-}