bitwarden · Hinton · May 23, 2025 · Apr 25, 2025 · Apr 25, 2025 · Apr 28, 2025
@@ -1,4 +1,4 @@
-use bitwarden_vault::{Cipher, CipherListView, CipherView, Fido2CredentialView};
+use bitwarden_vault::{Cipher, CipherListView, CipherView, Fido2CredentialView, OrganizationId};
 use uuid::Uuid;
 
 use crate::{error::Error, Result};
@@ -41,7 +41,7 @@
     ) -> Result<CipherView> {
         Ok(self
             .0
-            .move_to_organization(cipher, organization_id)
+            .move_to_organization(cipher, OrganizationId(organization_id))
             .map_err(Error::Cipher)?)
     }
 }
@@ -1,15 +1,27 @@
 use bitwarden_core::Client;
 use bitwarden_crypto::IdentifyKey;
-use uuid::Uuid;
+#[cfg(feature = "wasm")]
+use wasm_bindgen::prelude::*;
 
 use crate::{
     Cipher, CipherError, CipherListView, CipherView, DecryptError, EncryptError, VaultClient,
 };
 
+/// NewType representing an Organization ID. This ensures type safety.
+#[cfg_attr(
+    feature = "wasm",
+    derive(serde::Serialize, serde::Deserialize, tsify_next::Tsify),
+    tsify(into_wasm_abi, from_wasm_abi)
+)]
+#[repr(transparent)]
+pub struct OrganizationId(#[tsify(type = r#"Tagged<Uuid, "OrganizationId">"#)] pub uuid::Uuid);
+
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
 pub struct CiphersClient {
     pub(crate) client: Client,
 }
 
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
 impl CiphersClient {
     pub fn encrypt(&self, mut cipher_view: CipherView) -> Result<Cipher, EncryptError> {
         let key_store = self.client.internal.get_key_store();
@@ -55,10 +67,10 @@ impl CiphersClient {
     pub fn move_to_organization(
         &self,
         mut cipher_view: CipherView,
-        organization_id: Uuid,
+        organization_id: OrganizationId,
     ) -> Result<CipherView, CipherError> {
         let key_store = self.client.internal.get_key_store();
-        cipher_view.move_to_organization(&mut key_store.context(), organization_id)?;
+        cipher_view.move_to_organization(&mut key_store.context(), organization_id.0)?;
         Ok(cipher_view)
     }
 
@@ -206,7 +218,7 @@ mod tests {
         //  Move cipher to organization
         let res = client.vault().ciphers().move_to_organization(
             view,
-            "1bc9ac1e-f5aa-45f2-94bf-b181009709b8".parse().unwrap(),
+            OrganizationId("1bc9ac1e-f5aa-45f2-94bf-b181009709b8".parse().unwrap()),
         );
 
         assert!(res.is_err());
@@ -305,7 +317,7 @@ mod tests {
             .ciphers()
             .move_to_organization(
                 view,
-                "1bc9ac1e-f5aa-45f2-94bf-b181009709b8".parse().unwrap(),
+                OrganizationId("1bc9ac1e-f5aa-45f2-94bf-b181009709b8".parse().unwrap()),
             )
             .unwrap();
         let new_cipher = client.vault().ciphers().encrypt(new_view).unwrap();

diff --git a/crates/bitwarden-vault/src/cipher/mod.rs b/crates/bitwarden-vault/src/cipher/mod.rs
@@ -22,7 +22,7 @@ pub use cipher::{
     Cipher, CipherError, CipherListView, CipherListViewType, CipherRepromptType, CipherType,
     CipherView,
 };
-pub use cipher_client::CiphersClient;
+pub use cipher_client::{CiphersClient, OrganizationId};
 pub use field::FieldView;
 pub use identity::IdentityView;
 pub use login::{

@@ -1,14 +1,18 @@
 use bitwarden_core::Client;
+#[cfg(feature = "wasm")]
+use wasm_bindgen::prelude::*;
 
 use crate::{
     error::{DecryptError, EncryptError},
     Folder, FolderView, VaultClient,
 };
 
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
 pub struct FoldersClient {
     pub(crate) client: Client,
 }
 
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
 impl FoldersClient {
     pub fn encrypt(&self, folder_view: FolderView) -> Result<Folder, EncryptError> {
         let key_store = self.client.internal.get_key_store();

@@ -22,5 +22,8 @@
   "scripts": {},
   "sideEffects": [
     "./bitwarden_wasm_internal.js"
-  ]
+  ],
+  "dependencies": {
+    "type-fest": "^4.41.0"
+  }
 }
@@ -2,7 +2,15 @@
 /// Everything in the string below is appended to the generated TypeScript definition file.
 #[wasm_bindgen::prelude::wasm_bindgen(typescript_custom_section)]
 const TS_CUSTOM_TYPES: &'static str = r#"
-export type Uuid = string;
+
+import { Tagged } from "type-fest";
+
+/**
+ * A string that **MUST** be a valid UUID.
+ *
+ * Never create or cast to this type directly, use the `uuid<T>()` function instead.
+ */
+export type Uuid = unknown;
 
 /**
  * RFC3339 compliant date-time string.

@@ -12,4 +12,4 @@ pub use bitwarden_ipc::wasm::*;
 pub use client::BitwardenClient;
 pub use crypto::CryptoClient;
 pub use init::init_sdk;
-pub use vault::{folders::FoldersClient, VaultClient};
+pub use vault::VaultClient;
@@ -1,15 +1,11 @@
 pub mod attachments;
-pub mod ciphers;
-pub mod folders;
 pub mod totp;
 
 use attachments::AttachmentsClient;
-use ciphers::CiphersClient;
+use bitwarden_vault::{CiphersClient, FoldersClient};
 use totp::TotpClient;
 use wasm_bindgen::prelude::*;
 
-use crate::FoldersClient;
-
 #[wasm_bindgen]
 pub struct VaultClient(bitwarden_vault::VaultClient);
 
@@ -26,11 +22,11 @@
     }
 
     pub fn ciphers(&self) -> CiphersClient {
-        CiphersClient::new(self.0.ciphers())
+        self.0.ciphers()
     }
 
     pub fn folders(&self) -> FoldersClient {
-        FoldersClient::new(self.0.folders())
+        self.0.folders()
     }
 
     pub fn totp(&self) -> TotpClient {