[BWA-211] Add BitwardenSdk to Authenticator target

[KatherineInCode]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/BWA-211

📔 Objective

This fixes a crash that was caused by the SDK not being linked properly in the Authenticator target by adding the SDK as a dependent package.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – c3676723-c366-4d25-b763-09b46fc32eab

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.13%. Comparing base (df3b0c3) to head (5f80e23).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2189      +/-   ##
==========================================
- Coverage   85.43%   84.13%   -1.31%     
==========================================
  Files        1733     1974     +241     
  Lines      146438   161568   +15130     
==========================================
+ Hits       125111   135934   +10823     
- Misses      21327    25634    +4307     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

Claude finished @KatherineInCode's task —— View job

---

Code Review Complete ✓

Tasks:

• Read the modified file
• Analyze PR changes with git diff
• Conduct comprehensive code review using bitwarden-code-reviewer
• Post review findings

---

Code Review: BWA-211 Add BitwardenSdk to Authenticator target

Overall Assessment: ✅ APPROVED

This PR correctly fixes a runtime linking crash by adding the BitwardenSdk package dependency to the Authenticator app target.

---

Summary

The change adds a single line (- package: BitwardenSdk) to the Authenticator target's dependencies in project-bwa.yml:112. This ensures proper SDK linking at runtime when the app uses types from the BitwardenSdk package through its AuthenticatorShared framework dependency.

---

Detailed Findings

✅ Correctness

• Root cause properly addressed: The AuthenticatorShared framework already depends on BitwardenSdk (line 190) and contains 20+ Swift files that import it
• Proper linking pattern: When a framework dependency uses types from a package, the app target must explicitly list that package to ensure proper linking at runtime
• Matches established pattern: The main Bitwarden app target (project-pm.yml:187) uses this identical pattern

✅ Consistency

• Placement: Added in the correct location within the dependencies: section (after target dependencies, before Firebase)
• Formatting: Uses consistent YAML syntax matching all other package dependencies in the file
• Pattern alignment: Follows the exact same dependency ordering as the main Bitwarden app

✅ Completeness

• No additional changes needed: The package is already defined in project-common.yml:15-18 and used by multiple test targets
• Test targets: Already have BitwardenSdk dependencies where needed (lines 267, 292, 319)

✅ Architecture Compliance

• Follows dependency graph: App → Framework → Package is the correct dependency flow
• Explicit linking required: Xcode/XcodeGen requires app targets to explicitly list transitive package dependencies for proper binary embedding
• Zero additional coupling: This doesn't change any code behavior, only ensures proper linking

✅ Security Implications

• No security impact: This is a build configuration change only
• SDK version unchanged: Uses existing BitwardenSdk definition from project-common.yml

---

Context

The BitwardenSdk is extensively used throughout AuthenticatorShared (found in 20+ files including VaultClientService, TOTPService, IconImageHelper, etc.). Without this explicit dependency in the app target, the SDK framework may not be properly linked at runtime, causing crashes when code paths attempt to use SDK types or functions.

This is a minimal, correct fix that follows established patterns in the codebase. 👍

---