Open-Source Wikis

/

Bitwarden Server

/

Maintainers

bitwarden/server

Maintainers

This page summarises who owns what in the repo, derived from .github/CODEOWNERS. Use it to figure out who to ask when a PR needs review or when a system gets weird.

CODEOWNERS rules are evaluated last-match-wins, so the more-specific a rule is the more authoritative it is.

Default owners

There is no global default owner; CODEOWNERS only applies the rules listed. Files outside any rule fall back to repository-level reviewers.

Teams

GitHub team Domain
@bitwarden/team-auth-dev Auth — Identity host, IdentityServer, Sso, login flows, 2FA, login-with-device, key derivation. Owns **/Auth, bitwarden_license/src/Sso, src/Identity, src/Core/Identity, src/Core/IdentityServer, and test/Identity*.
@bitwarden/team-vault-dev Vault — ciphers, folders, attachments, sends. Owns **/Vault. Joint ownership of **/Vault/AuthorizationHandlers with Admin Console.
@bitwarden/team-admin-console-dev Admin Console — organizations, members, groups, policies, SCIM. Owns **/AdminConsole, bitwarden_license/src/Scim.
@bitwarden/team-billing-dev Billing — Stripe / PayPal / Braintree / BitPay, subscriptions, payments, invoices, organization licenses. Owns **/*billing*, **/*stripe*, **/*paypal*, **/*braintree*, **/*bitpay*, **/*subscription*, **/*payment*, **/*invoice*, **/*OrganizationLicense*, **/Billing.
@bitwarden/team-tools-dev Tools — sends, imports/exports, password generator. Owns **/Tools.
@bitwarden/team-key-management-dev Key Management — user-key rotation, KDF, master-password change. Owns **/KeyManagement.
@bitwarden/team-data-insights-and-reporting-dev Dirt (Data Insights & Reporting) — reports, audit-event ingest, integrations. Owns **/Dirt, src/Events, src/EventsProcessor, test/Events*, test/EventsProcessor*.
@bitwarden/team-platform-dev Platform — cross-cutting infra, push, configuration, application cache, build / test workflows, MsSqlMigratorUtility. Owns **/*Platform* and many .github/workflows/*.yml files.
@bitwarden/team-autofill-dev AutofillStaticStore.cs, GlobalEquivalentDomainsType.cs. (Most autofill code is on the clients; the server contributions are narrow.)
@bitwarden/team-ui-foundation UIFsrc/Core/MailTemplates/Mjml. Owns the shared MJML components; other teams own their own template subdirectories.
@bitwarden/team-sdk-sme SDK SMEutil/RustSdk (the Rust SDK port consumed by the cipher domain).
@bitwarden/team-ai-sme AI SME.claude/, .github/workflows/respond.yml, .github/workflows/review-code.yml.
@bitwarden/team-appsec AppSec — Dockerfiles, dockerignore, docker-compose, entrypoints, .checkmarx/. (Joint with Shot.)
@bitwarden/dept-shot Shot — Docker / packaging / OS-level integration. Joint with AppSec on container files. Joint with Platform on util/Setup.
@bitwarden/dept-bre BRE (Build & Release Engineering).github/workflows/publish.yml, plus the unowned-but-protected files (every packages.lock.json, Directory.Build.props, .devcontainer/**, dev/docker-compose.yml).
@bitwarden/dept-dbops DBOpssrc/Sql/**, every migration script under util/Migrator/DbScripts*, every EF migrations project, scaffold project.

File-level callouts

File / path Owner Reason
src/Core/Platform/Push/PushType.cs No owner (intentional) Any team adds new push types without needing Platform review.
.github/workflows/_move_edd_db_scripts.yml No owner Shared CI workflow.
.github/workflows/release.yml No owner Shared CI workflow.
src/Core/MailTemplates/Mjml/.mjmlconfig No owner Lets teams add MJML components in their own subdirectories without UIF review.

Multi-owner rules of thumb

  • A vault PR that touches authorization handlers needs both Vault and Admin Console reviewers.
  • A Dockerfile change needs both AppSec and Shot.
  • A util/Setup change needs Shot and Platform.
  • A migration script lands with DBOps approval; the Migrator C# project itself is owned by Platform.

When in doubt

  • Ask in #server on Bitwarden's internal Slack.
  • For self-host operator-facing changes, also loop in @bitwarden/dept-shot (they own the bundle).
  • For changes that touch the public OpenAPI specs, coordinate with the API consumers (Directory Connector, mobile, web vault) — those teams live in sibling repos.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Maintainers – Bitwarden Server wiki | Factory