[PM-29825] Add prepare_ciphers_for_bulk_share method for mobile clients

[shane-melton]

🎟️ Tracking

PM-29825

📔 Objective

Expose the logic of bulk transferring personal items to an organization without making an API call for Mobile clients that don't yet support authenticated API calls yet.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @shane-melton's task in 2m 22s —— View job

---

Code Review Complete

I've reviewed the changes to add prepare_ciphers_for_bulk_share for mobile clients.

Summary

This is a well-executed refactoring that safely exposes existing cipher preparation logic for mobile clients that don't yet support authenticated API calls. The implementation properly reuses tested logic and is appropriately feature-gated.

Overall Assessment: ✅ APPROVE with minor documentation suggestions

---

Findings

📝 Documentation - Usage guidance for mobile clients

The UniFFI binding at crates/bitwarden-uniffi/src/vault/ciphers.rs:59 could benefit from comprehensive doc comments explaining:

• What to do with the returned Vec<EncryptionContext>
• What API call mobile clients should make after receiving these encrypted ciphers
• Error handling if the API call fails
• Whether clients need to store these encrypted ciphers or can discard them

❓ API Design - Removal plan

The comment mentions "Can be removed once Mobile supports authenticated API calls via the SDK." Consider:

• Is there a tracking issue for removing this method?
• Should this be marked #[deprecated] to discourage new usage?
• What's the migration path for mobile clients?

🌱 Testing - Integration test

While share_ciphers_bulk tests provide good coverage, consider adding a test that:

1. Calls prepare_ciphers_for_bulk_share
2. Verifies returned EncryptionContext objects have correct encrypted_for UserId
3. Confirms serialization works across the UniFFI boundary

---

Security & Correctness ✅

• ✅ Properly validates organization membership
• ✅ Updates password history correctly
• ✅ Uses existing encryption logic (no new crypto)
• ✅ Properly gated by #[cfg(feature = "uniffi")]
• ✅ Reuses well-tested internal logic

---

[github-actions]

Checkmarx One – Scan Summary & Details – 696117a9-39cd-4a13-a361-7e52cd09fb00

Great job! No new security vulnerabilities introduced in this pull request

[github-actions]

🔍 SDK Breaking Change Detection Results

SDK Version: vault/pm-29825/bulk-move-to-org-for-mobile (03eeed8)
Completed: 2025-12-15 23:42:17 UTC
Total Time: 215s

Client	Status	Details
typescript	✅ No breaking changes detected	TypeScript compilation passed with new SDK version - View Details

---

Breaking change detection completed. View SDK workflow

[codecov]

Codecov Report

❌ Patch coverage is 45.94595% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.53%. Comparing base (e4bee57) to head (03eeed8).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
crates/bitwarden-uniffi/src/vault/ciphers.rs	0.00%	11 Missing ⚠️
...den-vault/src/cipher/cipher_client/share_cipher.rs	65.38%	9 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #613      +/-   ##
==========================================
- Coverage   78.57%   78.53%   -0.05%     
==========================================
  Files         283      283              
  Lines       29188    29223      +35     
==========================================
+ Hits        22934    22949      +15     
- Misses       6254     6274      +20     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.