bitwarden · prograhamming · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026 · Feb 26, 2026
@@ -0,0 +1,12 @@
+using Bit.Core.Enums;
+
+namespace Bit.Api.Dirt.Models.Response;
+
+public class OrganizationReportFileResponseModel
+{
+    public OrganizationReportFileResponseModel() { }
+
+    public string ReportFileUploadUrl { get; set; } = string.Empty;
+    public OrganizationReportResponseModel ReportResponse { get; set; } = null!;
+    public FileUploadType FileUploadType { get; set; }
+}
@@ -1,4 +1,5 @@
 using Bit.Core.Dirt.Entities;
+using Bit.Core.Dirt.Models.Data;
 
 namespace Bit.Api.Dirt.Models.Response;
 
@@ -10,11 +11,10 @@ public class OrganizationReportResponseModel
     public string? ContentEncryptionKey { get; set; }
     public string? SummaryData { get; set; }
     public string? ApplicationData { get; set; }
-    public int? PasswordCount { get; set; }
-    public int? PasswordAtRiskCount { get; set; }
-    public int? MemberCount { get; set; }
-    public DateTime? CreationDate { get; set; } = null;
-    public DateTime? RevisionDate { get; set; } = null;
+    public ReportFile? ReportFile { get; set; }
+    public string? ReportFileDownloadUrl { get; set; }
+    public DateTime? CreationDate { get; set; }
+    public DateTime? RevisionDate { get; set; }
 
     public OrganizationReportResponseModel(OrganizationReport organizationReport)
     {
@@ -29,9 +29,7 @@ public OrganizationReportResponseModel(OrganizationReport organizationReport)
         ContentEncryptionKey = organizationReport.ContentEncryptionKey;
         SummaryData = organizationReport.SummaryData;
         ApplicationData = organizationReport.ApplicationData;
-        PasswordCount = organizationReport.PasswordCount;
-        PasswordAtRiskCount = organizationReport.PasswordAtRiskCount;
-        MemberCount = organizationReport.MemberCount;
+        ReportFile = organizationReport.GetReportFile();
         CreationDate = organizationReport.CreationDate;
         RevisionDate = organizationReport.RevisionDate;
     }

diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
@@ -268,6 +268,7 @@ public static class FeatureFlagKeys
     public const string ArchiveVaultItems = "pm-19148-innovation-archive";
 
     /* DIRT Team */
+    public const string AccessIntelligenceVersion2 = "pm-31920-access-intelligence-azure-file-storage";
     public const string EventManagementForDataDogAndCrowdStrike = "event-management-for-datadog-and-crowdstrike";
     public const string EventDiagnosticLogging = "pm-27666-siem-event-log-debugging";
     public const string EventManagementForHuntress = "event-management-for-huntress";

@@ -1,5 +1,5 @@
-#nullable enable
-
+using System.Text.Json;
+using Bit.Core.Dirt.Models.Data;
 using Bit.Core.Entities;
 using Bit.Core.Utilities;
 
@@ -29,6 +29,21 @@ public class OrganizationReport : ITableObject<Guid>
     public int? CriticalPasswordAtRiskCount { get; set; }
     public string? ReportFile { get; set; }
 
+    public ReportFile? GetReportFile()
+    {
+        if (string.IsNullOrWhiteSpace(ReportFile))
+        {
+            return null;
+        }
+
+        return JsonSerializer.Deserialize<ReportFile>(ReportFile);
+    }
+
+    public void SetReportFile(ReportFile data)
+    {
+        ReportFile = JsonSerializer.Serialize(data, JsonHelpers.IgnoreWritingNull);
+    }
+
     public void SetNewId()
     {
         Id = CoreHelpers.GenerateComb();

@@ -18,7 +18,7 @@ public class OrganizationReportMetricsData
     public int? CriticalPasswordCount { get; set; }
     public int? CriticalPasswordAtRiskCount { get; set; }
 
-    public static OrganizationReportMetricsData From(Guid organizationId, OrganizationReportMetricsRequest? request)
+    public static OrganizationReportMetricsData From(Guid organizationId, OrganizationReportMetrics? request)
     {
         if (request == null)
         {

@@ -1,6 +1,4 @@
-#nullable enable
-
-using System.Diagnostics.CodeAnalysis;
+using System.Diagnostics.CodeAnalysis;
 using System.Text.Json.Serialization;
 using static System.Text.Json.Serialization.JsonNumberHandling;
 
@@ -28,5 +26,5 @@ public class ReportFile
     /// <summary>
     /// When true the uploaded file's length has been validated.
     /// </summary>
-    public bool Validated { get; set; } = true;
+    public bool Validated { get; set; } = false;
 }
@@ -41,7 +41,7 @@ public async Task<OrganizationReport> AddOrganizationReportAsync(AddOrganization
             throw new BadRequestException(errorMessage);
         }
 
-        var requestMetrics = request.Metrics ?? new OrganizationReportMetricsRequest();
+        var requestMetrics = request.ReportMetrics ?? new OrganizationReportMetrics();
 
         var organizationReport = new OrganizationReport
         {

@@ -0,0 +1,99 @@
+using Bit.Core.Dirt.Entities;
+using Bit.Core.Dirt.Models.Data;
+using Bit.Core.Dirt.Reports.ReportFeatures.Interfaces;
+using Bit.Core.Dirt.Reports.ReportFeatures.Requests;
+using Bit.Core.Dirt.Repositories;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.Extensions.Logging;
+
+namespace Bit.Core.Dirt.Reports.ReportFeatures;
+
+public class CreateOrganizationReportCommand : ICreateOrganizationReportCommand
+{
+    private readonly IOrganizationRepository _organizationRepo;
+    private readonly IOrganizationReportRepository _organizationReportRepo;
+    private readonly ILogger<CreateOrganizationReportCommand> _logger;
+
+    public CreateOrganizationReportCommand(
+        IOrganizationRepository organizationRepository,
+        IOrganizationReportRepository organizationReportRepository,
+        ILogger<CreateOrganizationReportCommand> logger)
+    {
+        _organizationRepo = organizationRepository;
+        _organizationReportRepo = organizationReportRepository;
+        _logger = logger;
+    }
+
+    public async Task<OrganizationReport> CreateAsync(AddOrganizationReportRequest request)
+    {
+        _logger.LogInformation(Constants.BypassFiltersEventId,
+            "Creating organization report for organization {organizationId}", request.OrganizationId);
+
+        var (isValid, errorMessage) = await ValidateRequestAsync(request);
+        if (!isValid)
+        {
+            _logger.LogInformation(Constants.BypassFiltersEventId,
+                "Failed to create organization {organizationId} report: {errorMessage}",
+                request.OrganizationId, errorMessage);
+            throw new BadRequestException(errorMessage);
+        }
+
+        var fileData = new ReportFile
+        {
+            Id = CoreHelpers.SecureRandomString(32, upper: false, special: false),
+            FileName = "report-data.json",
+            Size = request.FileSize ?? 0,
+            Validated = false
+        };
+
+        var organizationReport = new OrganizationReport
+        {
+            OrganizationId = request.OrganizationId,
+            CreationDate = DateTime.UtcNow,
+            ContentEncryptionKey = request.ContentEncryptionKey ?? string.Empty,
+            SummaryData = request.SummaryData,
+            ApplicationData = request.ApplicationData,
+            ApplicationCount = request.ReportMetrics?.ApplicationCount,
+            ApplicationAtRiskCount = request.ReportMetrics?.ApplicationAtRiskCount,
+            CriticalApplicationCount = request.ReportMetrics?.CriticalApplicationCount,
+            CriticalApplicationAtRiskCount = request.ReportMetrics?.CriticalApplicationAtRiskCount,
+            MemberCount = request.ReportMetrics?.MemberCount,
+            MemberAtRiskCount = request.ReportMetrics?.MemberAtRiskCount,
+            CriticalMemberCount = request.ReportMetrics?.CriticalMemberCount,
+            CriticalMemberAtRiskCount = request.ReportMetrics?.CriticalMemberAtRiskCount,
+            PasswordCount = request.ReportMetrics?.PasswordCount,
+            PasswordAtRiskCount = request.ReportMetrics?.PasswordAtRiskCount,
+            CriticalPasswordCount = request.ReportMetrics?.CriticalPasswordCount,
+            CriticalPasswordAtRiskCount = request.ReportMetrics?.CriticalPasswordAtRiskCount,
+            RevisionDate = DateTime.UtcNow
+        };
+        organizationReport.SetReportFile(fileData);
+
+        var data = await _organizationReportRepo.CreateAsync(organizationReport);
+
+        _logger.LogInformation(Constants.BypassFiltersEventId,
+            "Successfully created organization report for organization {organizationId}, {organizationReportId}",
+            request.OrganizationId, data.Id);
+
+        return data;
+    }
+
+    private async Task<(bool IsValid, string errorMessage)> ValidateRequestAsync(
+        AddOrganizationReportRequest request)
+    {
+        var organization = await _organizationRepo.GetByIdAsync(request.OrganizationId);
+        if (organization == null)
+        {
+            return (false, "Invalid Organization");
+        }
+
+        if (string.IsNullOrWhiteSpace(request.ContentEncryptionKey))
+        {
+            return (false, "Content Encryption Key is required");
+        }
+
+        return (true, string.Empty);
+    }
+}
@@ -21,42 +21,23 @@ public GetOrganizationReportApplicationDataQuery(
 
     public async Task<OrganizationReportApplicationDataResponse> GetOrganizationReportApplicationDataAsync(Guid organizationId, Guid reportId)
     {
-        try
+        if (organizationId == Guid.Empty)
         {
-            _logger.LogInformation(Constants.BypassFiltersEventId, "Fetching organization report application data for organization {organizationId} and report {reportId}",
-                organizationId, reportId);
-
-            if (organizationId == Guid.Empty)
-            {
-                _logger.LogWarning(Constants.BypassFiltersEventId, "GetOrganizationReportApplicationDataAsync called with empty OrganizationId");
-                throw new BadRequestException("OrganizationId is required.");
-            }
-
-            if (reportId == Guid.Empty)
-            {
-                _logger.LogWarning(Constants.BypassFiltersEventId, "GetOrganizationReportApplicationDataAsync called with empty ReportId");
-                throw new BadRequestException("ReportId is required.");
-            }
-
-            var applicationDataResponse = await _organizationReportRepo.GetApplicationDataAsync(reportId);
-
-            if (applicationDataResponse == null)
-            {
-                _logger.LogWarning(Constants.BypassFiltersEventId, "No application data found for organization {organizationId} and report {reportId}",
-                    organizationId, reportId);
-                throw new NotFoundException("Organization report application data not found.");
-            }
-
-            _logger.LogInformation(Constants.BypassFiltersEventId, "Successfully retrieved organization report application data for organization {organizationId} and report {reportId}",
-                organizationId, reportId);
-
-            return applicationDataResponse;
+            throw new BadRequestException("OrganizationId is required.");
         }
-        catch (Exception ex) when (!(ex is BadRequestException || ex is NotFoundException))
+
+        if (reportId == Guid.Empty)
+        {
+            throw new BadRequestException("ReportId is required.");
+        }
+
+        var applicationDataResponse = await _organizationReportRepo.GetApplicationDataAsync(reportId);
+
+        if (applicationDataResponse == null)
         {
-            _logger.LogError(ex, "Error fetching organization report application data for organization {organizationId} and report {reportId}",
-                organizationId, reportId);
-            throw;
+            throw new NotFoundException("Organization report application data not found.");
         }
+
+        return applicationDataResponse;
     }
 }
@@ -0,0 +1,9 @@
+using Bit.Core.Dirt.Entities;
+using Bit.Core.Dirt.Reports.ReportFeatures.Requests;
+
+namespace Bit.Core.Dirt.Reports.ReportFeatures.Interfaces;
+
+public interface ICreateOrganizationReportCommand
+{
+    Task<OrganizationReport> CreateAsync(AddOrganizationReportRequest request);
+}
@@ -0,0 +1,9 @@
+using Bit.Core.Dirt.Entities;
+using Bit.Core.Dirt.Reports.ReportFeatures.Requests;
+
+namespace Bit.Core.Dirt.Reports.ReportFeatures.Interfaces;
+
+public interface IUpdateOrganizationReportV2Command
+{
+    Task<OrganizationReport> UpdateAsync(UpdateOrganizationReportV2Request request);
+}
@@ -0,0 +1,8 @@
+using Bit.Core.Dirt.Entities;
+
+namespace Bit.Core.Dirt.Reports.ReportFeatures.Interfaces;
+
+public interface IValidateOrganizationReportFileCommand
+{
+    Task<bool> ValidateAsync(OrganizationReport report, string reportFileId);
+}
@@ -27,5 +27,10 @@ public static void AddReportingServices(this IServiceCollection services, IGloba
         services.AddScoped<IUpdateOrganizationReportDataCommand, UpdateOrganizationReportDataCommand>();
         services.AddScoped<IGetOrganizationReportApplicationDataQuery, GetOrganizationReportApplicationDataQuery>();
         services.AddScoped<IUpdateOrganizationReportApplicationDataCommand, UpdateOrganizationReportApplicationDataCommand>();
+
+        // v2 file storage commands
+        services.AddScoped<ICreateOrganizationReportCommand, CreateOrganizationReportCommand>();
+        services.AddScoped<IUpdateOrganizationReportV2Command, UpdateOrganizationReportV2Command>();
+        services.AddScoped<IValidateOrganizationReportFileCommand, ValidateOrganizationReportFileCommand>();
     }
 }
@@ -11,5 +11,10 @@ public class AddOrganizationReportRequest
 
     public string? ApplicationData { get; set; }
 
-    public OrganizationReportMetricsRequest? Metrics { get; set; }
+    public OrganizationReportMetrics? ReportMetrics { get; set; }
+
+    /// <summary>
+    /// Estimated size of the report file in bytes. Required for v2 reports.
+    /// </summary>
+    public long? FileSize { get; set; }
 }
@@ -0,0 +1,31 @@
+using System.Text.Json.Serialization;
+
+namespace Bit.Core.Dirt.Reports.ReportFeatures.Requests;
+
+public class OrganizationReportMetrics
+{
+    [JsonPropertyName("totalApplicationCount")]
+    public int? ApplicationCount { get; set; } = null;
+    [JsonPropertyName("totalAtRiskApplicationCount")]
+    public int? ApplicationAtRiskCount { get; set; } = null;
+    [JsonPropertyName("totalCriticalApplicationCount")]
+    public int? CriticalApplicationCount { get; set; } = null;
+    [JsonPropertyName("totalCriticalAtRiskApplicationCount")]
+    public int? CriticalApplicationAtRiskCount { get; set; } = null;
+    [JsonPropertyName("totalMemberCount")]
+    public int? MemberCount { get; set; } = null;
+    [JsonPropertyName("totalAtRiskMemberCount")]
+    public int? MemberAtRiskCount { get; set; } = null;
+    [JsonPropertyName("totalCriticalMemberCount")]
+    public int? CriticalMemberCount { get; set; } = null;
+    [JsonPropertyName("totalCriticalAtRiskMemberCount")]
+    public int? CriticalMemberAtRiskCount { get; set; } = null;
+    [JsonPropertyName("totalPasswordCount")]
+    public int? PasswordCount { get; set; } = null;
+    [JsonPropertyName("totalAtRiskPasswordCount")]
+    public int? PasswordAtRiskCount { get; set; } = null;
+    [JsonPropertyName("totalCriticalPasswordCount")]
+    public int? CriticalPasswordCount { get; set; } = null;
+    [JsonPropertyName("totalCriticalAtRiskPasswordCount")]
+    public int? CriticalPasswordAtRiskCount { get; set; } = null;
+}
@@ -1,11 +1,8 @@
-// FIXME: Update this file to be null safe and then delete the line below
-#nullable disable
-
-namespace Bit.Core.Dirt.Reports.ReportFeatures.Requests;
+namespace Bit.Core.Dirt.Reports.ReportFeatures.Requests;
 
 public class UpdateOrganizationReportDataRequest
 {
     public Guid OrganizationId { get; set; }
     public Guid ReportId { get; set; }
-    public string ReportData { get; set; }
+    public string? ReportData { get; set; }
 }
@@ -5,5 +5,5 @@ public class UpdateOrganizationReportSummaryRequest
     public Guid OrganizationId { get; set; }
     public Guid ReportId { get; set; }
     public string? SummaryData { get; set; }
-    public OrganizationReportMetricsRequest? Metrics { get; set; }
+    public OrganizationReportMetrics? ReportMetrics { get; set; }
 }
@@ -0,0 +1,18 @@
+namespace Bit.Core.Dirt.Reports.ReportFeatures.Requests;
+
+public class UpdateOrganizationReportV2Request
+{
+    public Guid ReportId { get; set; }
+    public Guid OrganizationId { get; set; }
+    public string? ReportData { get; set; }
+    public string? ContentEncryptionKey { get; set; }
+    public string? SummaryData { get; set; }
+    public string? ApplicationData { get; set; }
+    public OrganizationReportMetrics? ReportMetrics { get; set; }
+    public bool RequiresNewFileUpload { get; set; }
+
+    /// <summary>
+    /// Estimated size of the report file in bytes. Required when RequiresNewFileUpload is true.
+    /// </summary>
+    public long? FileSize { get; set; }
+}