[PM-32009] feat: Add infrastructure for new vault item types

[SaintPatrck]

🎟️ Tracking

PM-32009

📔 Objective

First of three stacked PRs introducing Bank Account, Driver's License, and Passport cipher types. This PR lands the foundation only — network/model plumbing, enums, feature-flag registration, and exhaustive-when branches — so the UI and vault-integration PRs can be reviewed in isolation on top of it.

The entire effort ships behind the pm-32009-new-item-types feature flag so infrastructure can merge well ahead of user-visible surface area.

Why it looks the way it does

• SDK decryption gracefully skips unsupported types. The Bitwarden SDK does not yet expose types for these ciphers, so sync could otherwise fail open on accounts that already hold server-side rows with the new CipherType values. The mapping layer defensively drops unknown types instead of throwing, keeping sync resilient while SDK variants are being added.
• Exhaustive when branches are updated across every affected ViewModel. Adding the enum values forces compile-time coverage everywhere — reviewers can trust that no call site silently falls into an else.
• LinkedIdTypeJson entries (600–812) mirror the server's contract so linked-field resolution works the moment data arrives, without a second round-trip PR.

Stacked on: main
Followed by: new-item-types/phase-05-07_cipher-type-ui (UI screens)

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: REQUEST CHANGES

Reviewed the network/model/enum/feature-flag foundation for Bank Account, Driver's License, and Passport cipher types in :network, :core, :app, and :ui. The exhaustive-when coverage is thorough, feature-flag gating in VaultViewModel and VaultItemListingViewModel looks correct, and the save-path guard via isSdkSupported is a sensible safety net while SDK support is catching up. One issue undermines the PR description's "defensively drops unknown types" promise: the single-cipher mapping path still throws.

Code Review Details

• ⚠️ : Single-cipher toSdkCipherType() throws; callers outside toEncryptedSdkCipherList are not defensive and can crash on new-type ciphers.
  • app/src/main/kotlin/com/x8bit/bitwarden/data/vault/repository/util/VaultSdkCipherExtensions.kt:624

[codecov]

Codecov Report

❌ Patch coverage is 14.87603% with 103 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.32%. Comparing base (c01fc62) to head (5f659d4).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
.../ui/vault/feature/addedit/VaultAddEditViewModel.kt	1.72%	56 Missing and 1 partial ⚠️
...t/bitwarden/ui/vault/model/VaultBankAccountType.kt	0.00%	15 Missing ⚠️
...i/vault/feature/addedit/VaultAddEditItemContent.kt	0.00%	3 Missing and 3 partials ⚠️
...t/feature/itemlisting/VaultItemListingViewModel.kt	33.33%	6 Missing ⚠️
.../feature/vault/util/VaultAddItemStateExtensions.kt	0.00%	3 Missing and 1 partial ⚠️
.../vault/repository/util/VaultSdkCipherExtensions.kt	72.72%	1 Missing and 2 partials ⚠️
...ult/feature/addedit/util/VaultAddEditExtensions.kt	0.00%	3 Missing ⚠️
...warden/ui/vault/feature/item/VaultItemViewModel.kt	0.00%	3 Missing ⚠️
...bitwarden/ui/vault/feature/vault/VaultViewModel.kt	50.00%	3 Missing ⚠️
...it/bitwarden/ui/vault/model/VaultItemCipherType.kt	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6828      +/-   ##
==========================================
- Coverage   85.58%   85.32%   -0.27%     
==========================================
  Files         830      834       +4     
  Lines       61509    59179    -2330     
  Branches     8592     8611      +19     
==========================================
- Hits        52642    50492    -2150     
+ Misses       5900     5708     -192     
- Partials     2967     2979      +12     

Flag	Coverage Δ
app-data	17.40% <7.76%> (+0.04%)	⬆️
app-ui-auth-tools	20.25% <0.00%> (-0.07%)	⬇️
app-ui-platform	15.45% <0.00%> (-0.06%)	⬇️
app-ui-vault	25.83% <9.70%> (-0.06%)	⬇️
authenticator	6.67% <0.00%> (+<0.01%)	⬆️
lib-core-network-bridge	4.25% <0.00%> (+0.03%)	⬆️
lib-data-ui	1.02% <0.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Checkmarx One – Scan Summary & Details – a1e43a9e-c96d-45c1-9f61-ad0d32623c04

Great job! No new security vulnerabilities introduced in this pull request

[claude]

⚠️ IMPORTANT: Single-cipher toSdkCipherType() throws; callers outside toEncryptedSdkCipherList are not defensive and can crash on new-type ciphers.

Details and fix

The PR description states "the mapping layer defensively drops unknown types instead of throwing, keeping sync resilient." That promise only holds for toEncryptedSdkCipherList (line 389–394). The single-item path still throws via toSdkCipherType(), and several call sites invoke toEncryptedSdkCipher() directly without a runCatching wrapper:

• SdkCipherRepository.list() → map { it.toEncryptedSdkCipher() } (line 27). The SDK invokes this during its own crypto operations.
• SdkCipherRepository.get(id) → ?.toEncryptedSdkCipher() (line 20).
• VaultRepositoryImpl.exportVaultDataToString → .map { it.toEncryptedSdkCipher() } (line 457).
• VaultRepositoryImpl.exportVaultDataToCxf → .map { it.toEncryptedSdkCipher() } (line 518).
• CipherManagerImpl.getCipher → syncResponseCipher.toEncryptedSdkCipher() (line 335).

Trigger path: A web vault with the server-side flag enabled stores a bank account cipher. Mobile syncs (storing the CipherTypeJson.BANK_ACCOUNT row in vaultDiskSource regardless of the mobile feature flag). User then exports their vault or the SDK enumerates ciphers for a crypto op → IllegalArgumentException propagates.

Suggested fix: either (a) filter new types out of the disk source before they reach these call sites, or (b) make SdkCipherRepository.list()/get() and the export paths use the same mapNotNull { runCatching { ... }.getOrNull() } pattern, or (c) relocate the exhaustive branch to a non-throwing toSdkCipherTypeOrNull() and adjust callers to skip nulls. This aligns the runtime behavior with the resilience claim in the PR description.

[claude]

⚠️ IMPORTANT: Single-cipher toSdkCipherType() throws; callers outside toEncryptedSdkCipherList are not defensive and can crash on new-type ciphers.

Details and fix

The PR description states "the mapping layer defensively drops unknown types instead of throwing, keeping sync resilient." That promise only holds for toEncryptedSdkCipherList (line 389–394). The single-item path still throws via toSdkCipherType(), and several call sites invoke toEncryptedSdkCipher() directly without a runCatching wrapper:

• SdkCipherRepository.list() → map { it.toEncryptedSdkCipher() } (line 27). The SDK invokes this during its own crypto operations.
• SdkCipherRepository.get(id) → ?.toEncryptedSdkCipher() (line 20).
• VaultRepositoryImpl.exportVaultDataToString → .map { it.toEncryptedSdkCipher() } (line 457).
• VaultRepositoryImpl.exportVaultDataToCxf → .map { it.toEncryptedSdkCipher() } (line 518).
• CipherManagerImpl.getCipher → syncResponseCipher.toEncryptedSdkCipher() (line 335).

Trigger path: A web vault with the server-side flag enabled stores a bank account cipher. Mobile syncs (storing the CipherTypeJson.BANK_ACCOUNT row in vaultDiskSource regardless of the mobile feature flag). User then exports their vault or the SDK enumerates ciphers for a crypto op → IllegalArgumentException propagates.

Suggested fix: either (a) filter new types out of the disk source before they reach these call sites, or (b) make SdkCipherRepository.list()/get() and the export paths use the same mapNotNull { runCatching { ... }.getOrNull() } pattern, or (c) relocate the exhaustive branch to a non-throwing toSdkCipherTypeOrNull() and adjust callers to skip nulls. This aligns the runtime behavior with the resilience claim in the PR description.

[david-livefront]

Why would this need to be wrapped in runCatching

[david-livefront]

Ding on formatting

[david-livefront]

Can we just give these values?

enum class VaultBankAccountType(val value: String) {
    SELECT(value = "select"),
    ...

    companion object {
        fun parse(value: String?): VaultBankAccountType =
            VaultBankAccountType
                .entries
                .firstOrNull { it.value.equals(other = value, ignoreCase = true) }
                ?: VaultBankAccountType.OTHER
    }
}

[david-livefront]

Should this be enumerated?

[david-livefront]

Can we add the helper functions?

fun createMockBankAccount(
    number: Int,
    bankName: String? = "mockBankName-$number",
    nameOnAccount: String? = "mockNameOnAccount-$number",
    accountType: String? = "mockAccountType-$number",
    accountNumber: String? = "mockAccountNumber-$number",
    routingNumber: String? = "mockRoutingNumber-$number",
    branchNumber: String? = "mockBranchNumber-$number",
    pin: String? = "mockPin-$number",
    swiftCode: String? = "mokSwiftCode-$number",
    iban: String? = "mockIban-$number",
    bankContactPhone: String? = "mockBankContractPhone-$number",
): SyncResponseJson.Cipher.BankAccount =
    SyncResponseJson.Cipher.BankAccount(
        bankName = bankName,
        nameOnAccount = nameOnAccount,
        accountType = accountType,
        accountNumber = accountNumber,
        routingNumber = routingNumber,
        branchNumber = branchNumber,
        pin = pin,
        swiftCode = swiftCode,
        iban = iban,
        bankContactPhone = bankContactPhone,
    )

[david-livefront]

Ohh, there is one literally a few lines down.

[david-livefront]

All this still should also be made for VaultItemState.ViewState.Content.ItemType., right?