clients/apps/cli
Andreas Coroiu 35d25b7f8e
[PM-24047] Make popout windows respect vault timeout when unfocused (#19019)
* PM-24047: Make popout windows respect vault timeout when unfocused

Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection

Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:

- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
  popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
  (always focused), sidebar tab views (always focused), and popout
  tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
  uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
  MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
  isPopupOpen() so unfocused popouts don't block vault timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Move MV3/MV2 routing into BrowserApi

isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.

Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only

isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Restore isPopupOpen to main branch implementation

isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat

Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Simplify isAnyViewFocused() using Array.some()

Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: improve tabs loop readability somewhat

* PM-24047: Fix MV3 popout focus check using wrong uilocation filter

The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy

The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 14:10:32 +01:00
..
.vscode Multi root workspace tweaks (#2858) 2022-06-13 21:39:36 -05:00
config [PM-11290] Enable SDK (#11378) 2024-10-07 13:56:02 +02:00
examples Move CLI to apps/cli 2022-05-25 10:57:15 +02:00
scripts [BRE-610] - Sign windows CLI (#13542) 2025-02-26 13:17:24 +00:00
src [PM-24047] Make popout windows respect vault timeout when unfocused (#19019) 2026-03-11 14:10:32 +01:00
stores Bump year in copyright (#18132) 2025-12-29 09:10:34 -06:00
.npmignore Move CLI to apps/cli 2022-05-25 10:57:15 +02:00
CLAUDE.md [PM-26337] Create a Claude markdown file (#16676) 2025-10-03 16:48:01 +02:00
entitlements.plist [PM-12416] Fix cli signing issues (#15132) 2025-06-24 09:36:14 +02:00
jest.config.js Implement and extend tsconfig.base across projects (#14554) 2025-06-02 20:38:17 +00:00
package.json [deps] Vault: Update @koa/router to v15.3.0 (#18998) 2026-02-27 15:50:59 -05:00
project.json build(cli): integrate nx (#16648) 2025-10-07 09:48:02 -04:00
README.md Remove gitter chat badges from READMEs (#19368) 2026-03-04 16:33:27 +00:00
test.setup.ts [EC-423] Fix unit tests (#3265) 2022-08-11 11:35:08 +10:00
tsconfig.json Implement and extend tsconfig.base across projects (#14554) 2025-06-02 20:38:17 +00:00
tsconfig.spec.json [EC-423] Fix unit tests (#3265) 2022-08-11 11:35:08 +10:00
webpack.base.js [PM-25911] Add commercial sdk internal as dependency (#16883) 2025-10-27 15:17:20 +01:00
webpack.config.js build(cli): integrate nx (#16648) 2025-10-07 09:48:02 -04:00

Github Workflow build on main

Bitwarden Command-line Interface

Platforms

The Bitwarden CLI is a powerful, full-featured command-line interface (CLI) tool to access and manage a Bitwarden vault. The CLI is written with TypeScript and Node.js and can be run on Windows, macOS, and Linux distributions.

Developer Documentation

Please refer to the CLI section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.

User Documentation

Download/Install

You can install the Bitwarden CLI multiple different ways:

NPM

If you already have the Node.js runtime installed on your system, you can install the CLI using NPM. NPM makes it easy to keep your installation updated and should be the preferred installation method if you are already using Node.js.

npm install -g @bitwarden/cli

Native Executable

We provide natively packaged versions of the CLI for each platform which have no requirements on installing the Node.js runtime. You can obtain these from the downloads section in the documentation.

Other Package Managers

  • Chocolatey
    choco install bitwarden-cli
    
  • Homebrew
    brew install bitwarden-cli
    

    ⚠️ The homebrew version is not recommended for all users.

    Homebrew pulls the CLI's GPL build and does not include device approval commands for Enterprise SSO customers.

  • Snap
    sudo snap install bw
    

Help Command

The Bitwarden CLI is self-documented with --help content and examples for every command. You should start exploring the CLI by using the global --help option:

bw --help

This option will list all available commands that you can use with the CLI.

Additionally, you can run the --help option on a specific command to learn more about it:

bw list --help
bw create --help

Help Center

We provide detailed documentation and examples for using the CLI in our help center at https://help.bitwarden.com/article/cli/.