[PM-25821] Migrate Cipher Admin operation API calls to SDK

[nikwithak]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-25821

📔 Objective

Migrates the logic for orchestrating API calls for several operations related to the Admin API functionality. Adds the following operations to CiphersClient, which call the appropriate API endpoints:

• delete
• delete_many
• delete_as_admin
• delete_many_as_admin
• soft_delete
• soft_delete_many
• soft_delete_as_admin
• soft_delete_many_as_admin
• restore
• restore_many
• restore_as_admin
• restore_many_as_admin
• edit_as_admin
• list_org_ciphers
• create_as_admin

PR Notes: Sorry for the heft - The line count is high on this PR, but a majority of it is unit tests. This should have been split into multiple tickets, in hindsight.

Note also that this hasn't been tested directly with the client yet, and so additional changes may be needed if bugs are discovered when integrating into the clients (future tickets) - these operations are not currently used anywhere.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – dfbea2a3-07bd-444f-9108-7d0c8bb0a0f9

Great job! No new security vulnerabilities introduced in this pull request

[github-actions]

🔍 SDK Breaking Change Detection Results

SDK Version: vault/pm-25821/cipher-admin-ops (26bc2ee)
Completed: 2025-12-20 00:06:05 UTC
Total Time: 246s

Client	Status	Details
typescript	✅ No breaking changes detected	TypeScript compilation passed with new SDK version - View Details

---

Breaking change detection completed. View SDK workflow

[codecov]

Codecov Report

❌ Patch coverage is 75.37212% with 364 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.70%. Comparing base (b9cf7b7) to head (26bc2ee).

Files with missing lines	Patch %	Lines
crates/bitwarden-vault/src/cipher/cipher.rs	49.20%	64 Missing ⚠️
...arden-vault/src/cipher/cipher_client/admin/edit.rs	72.00%	56 Missing ⚠️
...den-vault/src/cipher/cipher_client/admin/delete.rs	71.26%	50 Missing ⚠️
...bitwarden-vault/src/cipher/cipher_client/delete.rs	83.39%	43 Missing ⚠️
...s/bitwarden-vault/src/cipher/cipher_client/edit.rs	23.25%	33 Missing ⚠️
...en-vault/src/cipher/cipher_client/admin/restore.rs	86.13%	28 Missing ⚠️
...itwarden-vault/src/cipher/cipher_client/restore.rs	88.84%	26 Missing ⚠️
...den-vault/src/cipher/cipher_client/admin/create.rs	77.06%	25 Missing ⚠️
...warden-vault/src/cipher/cipher_client/admin/get.rs	0.00%	23 Missing ⚠️
...bitwarden-vault/src/cipher/cipher_client/create.rs	89.42%	11 Missing ⚠️
... and 1 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #560      +/-   ##
==========================================
- Coverage   78.84%   78.70%   -0.14%     
==========================================
  Files         283      290       +7     
  Lines       29660    31121    +1461     
==========================================
+ Hits        23384    24493    +1109     
- Misses       6276     6628     +352     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Hinton]

Most of my issues are resolved and I think this looks generally good. There are couple of smaller things and improvements to be made but once resolved feel free to not request another review from me.

[Hinton]

suggestion: Document the purpose of this client and compare it against the regular CipherClient?

[Hinton]

Yea sounds good.

[Hinton]

issue: Remove? Now that you have the admin error these can be removed right?

[nikwithak]

No, these are still used by the operations, since they make API calls and parse the responses using the non-admin endpoints. The Admin operations only apply in certain use cases.

[Hinton]

question: Why accept an optional cipher? The function might be nicer if cipher is required and you just do and_then on callers.

[nikwithak]

We have some situations where we don't necessarily have the original cipher when parsing the response - the intent is to allow the functions to create a Cipher object from the details in the response, in that event.