npm - @brunsforge/aarm - Versions diffs - 0.1.0 - Mend

@brunsforge/aarm 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/README.md +1180 -0
package/dist/aarm.cjs +39260 -0
package/dist/aarm.mjs +39262 -0
package/dist/commands/apps.d.ts +2 -0
package/dist/commands/apps.js +32 -0
package/dist/commands/apps.js.map +1 -0
package/dist/commands/preflight.d.ts +2 -0
package/dist/commands/preflight.js +160 -0
package/dist/commands/preflight.js.map +1 -0
package/dist/commands/report.d.ts +2 -0
package/dist/commands/report.js +166 -0
package/dist/commands/report.js.map +1 -0
package/dist/commands/secrets.d.ts +2 -0
package/dist/commands/secrets.js +88 -0
package/dist/commands/secrets.js.map +1 -0
package/dist/commands/tenants.d.ts +2 -0
package/dist/commands/tenants.js +209 -0
package/dist/commands/tenants.js.map +1 -0
package/dist/commands/usage.d.ts +2 -0
package/dist/commands/usage.js +203 -0
package/dist/commands/usage.js.map +1 -0
package/dist/config/ConfigStore.d.ts +12 -0
package/dist/config/ConfigStore.js +53 -0
package/dist/config/ConfigStore.js.map +1 -0
package/dist/config/CredentialStore.d.ts +8 -0
package/dist/config/CredentialStore.js +29 -0
package/dist/config/CredentialStore.js.map +1 -0
package/dist/config/HistoryStore.d.ts +19 -0
package/dist/config/HistoryStore.js +64 -0
package/dist/config/HistoryStore.js.map +1 -0
package/dist/exitCodes.d.ts +9 -0
package/dist/exitCodes.js +10 -0
package/dist/exitCodes.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +38 -0
package/dist/index.js.map +1 -0
package/dist/output/formatters.d.ts +10 -0
package/dist/output/formatters.js +129 -0
package/dist/output/formatters.js.map +1 -0
package/dist/shared/context.d.ts +31 -0
package/dist/shared/context.js +124 -0
package/dist/shared/context.js.map +1 -0
package/package.json +43 -0

package/dist/commands/tenants.js ADDED Viewed

@@ -0,0 +1,209 @@
+import readline from 'node:readline';
+import chalk from 'chalk';
+import { createResultEnvelope, envelopeToJson } from '@brunsforge/azure-app-registration-monitor';
+import { ConfigStore } from '../config/ConfigStore.js';
+import { CredentialStore } from '../config/CredentialStore.js';
+import { printTenantsTable } from '../output/formatters.js';
+import { buildContext, handleError } from '../shared/context.js';
+import { EXIT } from '../exitCodes.js';
+function ask(rl, question) {
+    return new Promise((resolve) => rl.question(question, resolve));
+}
+function readSecret(prompt) {
+    return new Promise((resolve) => {
+        process.stdout.write(prompt);
+        let input = '';
+        const onData = (chunk) => {
+            const char = chunk.toString('utf8');
+            // Enter or Ctrl-D (EOF)
+            if (char === '\r' || char === '\n' || char === '') {
+                process.stdin.setRawMode?.(false);
+                process.stdin.pause();
+                process.stdin.removeListener('data', onData);
+                process.stdout.write('\n');
+                resolve(input);
+                // Ctrl-C
+            }
+            else if (char === '') {
+                process.stdout.write('\n');
+                process.exit(130);
+                // DEL or Backspace
+            }
+            else if (char === '' || char === '\b') {
+                input = input.slice(0, -1);
+                // Ignore ANSI escape sequences
+            }
+            else if (!char.startsWith('')) {
+                input += char;
+            }
+        };
+        readline.emitKeypressEvents(process.stdin);
+        if (process.stdin.isTTY)
+            process.stdin.setRawMode(true);
+        process.stdin.resume();
+        process.stdin.on('data', onData);
+    });
+}
+const VALID_AUTH_MODES = [
+    'client-secret',
+    'device-code',
+    'interactive-browser',
+    'certificate',
+    'azure-cli',
+    'username-password',
+];
+export function registerTenantsCommand(program) {
+    const tenants = program
+        .command('tenants')
+        .description('Manage configured tenants')
+        .action(() => tenants.help());
+    tenants
+        .command('list')
+        .description('List configured tenants')
+        .action(async () => {
+        const parent = tenants.parent;
+        const opts = parent.opts();
+        const store = new ConfigStore(opts.configDir);
+        const list = await store.listTenants();
+        if (opts.output === 'json') {
+            process.stdout.write(envelopeToJson(createResultEnvelope(list, 'local', 'config')) + '\n');
+        }
+        else {
+            printTenantsTable(list);
+        }
+    });
+    tenants
+        .command('add')
+        .description('Add or update a tenant configuration')
+        .option('--tenant-id <id>', 'Entra tenant ID (GUID)')
+        .option('--display-name <name>', 'Friendly name for this tenant')
+        .option('--auth-mode <mode>', `Authentication mode: ${VALID_AUTH_MODES.join(', ')}`)
+        .option('--client-id <id>', 'App Registration client ID used for auth')
+        .option('--username <email>', 'UPN / email address (username-password mode only)')
+        .option('--workspace-id <id>', 'Log Analytics workspace ID (optional)')
+        .action(async (opts) => {
+        const parent = tenants.parent;
+        const globalOpts = parent.opts();
+        const store = new ConfigStore(globalOpts.configDir);
+        const credStore = new CredentialStore();
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        const tenantId = opts.tenantId ?? (await ask(rl, 'Tenant ID (GUID): ')).trim();
+        const displayName = opts.displayName ?? (await ask(rl, 'Display name: ')).trim();
+        const authModeRaw = opts.authMode ??
+            (await ask(rl, `Auth mode (${VALID_AUTH_MODES.join('/')}): `)).trim();
+        if (!VALID_AUTH_MODES.includes(authModeRaw)) {
+            process.stderr.write(`Invalid auth mode: "${authModeRaw}"\n`);
+            rl.close();
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        const authMode = authModeRaw;
+        let clientId;
+        if (authMode !== 'azure-cli') {
+            clientId =
+                opts.clientId ?? (await ask(rl, 'Client ID (App Registration GUID): ')).trim();
+        }
+        const workspaceId = opts.workspaceId ??
+            ((await ask(rl, 'Log Analytics Workspace ID (optional, press Enter to skip): ')).trim() ||
+                undefined);
+        rl.close();
+        let username;
+        const now = new Date().toISOString();
+        const profile = {
+            tenantId,
+            displayName,
+            authMode,
+            clientId,
+            defaultEnvironmentName: 'default',
+            ...(workspaceId ? { logAnalyticsWorkspaceId: workspaceId } : {}),
+            createdAt: now,
+            updatedAt: now,
+        };
+        if (authMode === 'client-secret' && clientId) {
+            const secret = await readSecret('Client Secret (hidden): ');
+            if (!secret) {
+                process.stderr.write('Client secret cannot be empty.\n');
+                process.exit(EXIT.CONFIG_INVALID);
+            }
+            await credStore.setClientSecret(tenantId, clientId, secret);
+            process.stdout.write(chalk.green('✓') + ' Client secret saved to Windows Credential Manager.\n');
+        }
+        else if (authMode === 'username-password' && clientId) {
+            process.stdout.write(chalk.yellow('⚠') +
+                ' username-password mode does not support MFA. Use device-code for accounts with MFA.\n');
+            username =
+                opts.username ?? (await (async () => {
+                    const rl2 = readline.createInterface({ input: process.stdin, output: process.stdout });
+                    const val = await ask(rl2, 'Username (email / UPN): ');
+                    rl2.close();
+                    return val.trim();
+                })());
+            if (!username) {
+                process.stderr.write('Username cannot be empty.\n');
+                process.exit(EXIT.CONFIG_INVALID);
+            }
+            const password = await readSecret('Password (hidden): ');
+            if (!password) {
+                process.stderr.write('Password cannot be empty.\n');
+                process.exit(EXIT.CONFIG_INVALID);
+            }
+            profile.username = username;
+            await credStore.setUserPassword(tenantId, clientId, username, password);
+            process.stdout.write(chalk.green('✓') + ' Password saved to Windows Credential Manager.\n');
+        }
+        await store.upsertTenant(profile);
+        process.stdout.write(chalk.green('✓') + ` Tenant "${displayName}" saved.\n`);
+    });
+    tenants
+        .command('remove')
+        .description('Remove a tenant configuration')
+        .argument('<name-or-id>', 'Tenant display name or ID')
+        .action(async (nameOrId) => {
+        const parent = tenants.parent;
+        const globalOpts = parent.opts();
+        const store = new ConfigStore(globalOpts.configDir);
+        const tenant = await store.getTenant(nameOrId);
+        if (!tenant) {
+            process.stderr.write(`Tenant "${nameOrId}" not found.\n`);
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        await store.removeTenant(tenant.tenantId);
+        process.stdout.write(chalk.green('✓') + ` Tenant "${tenant.displayName}" removed.\n`);
+    });
+    tenants
+        .command('validate')
+        .description('Validate that a tenant can authenticate and reach Microsoft Graph')
+        .action(async () => {
+        try {
+            const globalOpts = tenants.parent.opts();
+            const ctx = await buildContext(globalOpts);
+            // Progress to stderr only — stdout must remain clean for JSON consumers
+            process.stderr.write(chalk.dim(`Validating tenant ${ctx.tenantId}...\n`));
+            const result = await ctx.preflightService.run({
+                tenantId: ctx.tenantId,
+                environmentName: ctx.environmentName,
+                authMode: ctx.authMode,
+            });
+            if (result.authValid && result.graphReachable) {
+                process.stdout.write(chalk.green('✓') +
+                    ` Tenant "${globalOpts.tenant}" is valid.\n` +
+                    `  Auth: OK  |  Graph: reachable\n`);
+                if (result.missingPermissions.length > 0) {
+                    process.stdout.write(chalk.yellow('  Warnings:\n') +
+                        result.missingPermissions.map((p) => `    • ${p}`).join('\n') +
+                        '\n');
+                }
+            }
+            else {
+                process.stderr.write(chalk.red('✗') + ' Validation failed.\n');
+                for (const e of result.errors) {
+                    process.stderr.write(`  ${e}\n`);
+                }
+                process.exit(EXIT.AUTH_FAILED);
+            }
+        }
+        catch (err) {
+            handleError(err);
+        }
+    });
+}
+//# sourceMappingURL=tenants.js.map

package/dist/commands/tenants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenants.js","sourceRoot":"","sources":["../../src/commands/tenants.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,eAAe,CAAC;AAErC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,4CAA4C,CAAC;AAClG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAsB,MAAM,sBAAsB,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAEvC,SAAS,GAAG,CAAC,EAAsB,EAAE,QAAgB;IACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,KAAK,GAAG,EAAE,CAAC;QAEf,MAAM,MAAM,GAAG,CAAC,KAAa,EAAE,EAAE;YAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACpC,wBAAwB;YACxB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACnD,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC;gBAClC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,SAAS;YACT,CAAC;iBAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpB,mBAAmB;YACnB,CAAC;iBAAM,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBACzC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC7B,+BAA+B;YAC/B,CAAC;iBAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,KAAK,IAAI,IAAI,CAAC;YAChB,CAAC;QACH,CAAC,CAAC;QAEF,QAAQ,CAAC,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK;YAAE,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACxD,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,gBAAgB,GAAe;IACnC,eAAe;IACf,aAAa;IACb,qBAAqB;IACrB,aAAa;IACb,WAAW;IACX,mBAAmB;CACpB,CAAC;AAEF,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,MAAM,OAAO,GAAG,OAAO;SACpB,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAEhC,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,yBAAyB,CAAC;SACtC,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAO,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAA0C,CAAC;QACnE,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;QAEvC,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7F,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,KAAK,CAAC;SACd,WAAW,CAAC,sCAAsC,CAAC;SACnD,MAAM,CAAC,kBAAkB,EAAE,wBAAwB,CAAC;SACpD,MAAM,CAAC,uBAAuB,EAAE,+BAA+B,CAAC;SAChE,MAAM,CACL,oBAAoB,EACpB,wBAAwB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtD;SACA,MAAM,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;SACtE,MAAM,CAAC,oBAAoB,EAAE,mDAAmD,CAAC;SACjF,MAAM,CAAC,qBAAqB,EAAE,uCAAuC,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAO,CAAC;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,EAA0B,CAAC;QACzD,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,eAAe,EAAE,CAAC;QAExC,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAEtF,MAAM,QAAQ,GACZ,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,WAAW,GACf,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/D,MAAM,WAAW,GACf,IAAI,CAAC,QAAQ;YACb,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,cAAc,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAExE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,WAAuB,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,WAAW,KAAK,CAAC,CAAC;YAC9D,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,QAAQ,GAAG,WAAuB,CAAC;QAEzC,IAAI,QAA4B,CAAC;QACjC,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC7B,QAAQ;gBACN,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,qCAAqC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACnF,CAAC;QAED,MAAM,WAAW,GACf,IAAI,CAAC,WAAW;YAChB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,8DAA8D,CAAC,CAAC,CAAC,IAAI,EAAE;gBACrF,SAAS,CAAC,CAAC;QAEf,EAAE,CAAC,KAAK,EAAE,CAAC;QAEX,IAAI,QAA4B,CAAC;QAEjC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,OAAO,GAAkB;YAC7B,QAAQ;YACR,WAAW;YACX,QAAQ;YACR,QAAQ;YACR,sBAAsB,EAAE,SAAS;YACjC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,uBAAuB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,0BAA0B,CAAC,CAAC;YAC5D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;gBACzD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACpC,CAAC;YACD,MAAM,SAAS,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,uDAAuD,CAC3E,CAAC;QACJ,CAAC;aAAM,IAAI,QAAQ,KAAK,mBAAmB,IAAI,QAAQ,EAAE,CAAC;YACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC;gBACf,wFAAwF,CAC3F,CAAC;YACF,QAAQ;gBACN,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;oBAClC,MAAM,GAAG,GAAG,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;oBACvF,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC;oBACvD,GAAG,CAAC,KAAK,EAAE,CAAC;oBACZ,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;gBACpB,CAAC,CAAC,EAAE,CAAC,CAAC;YACR,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACpD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACpC,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,qBAAqB,CAAC,CAAC;YACzD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACpD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACpC,CAAC;YACD,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC5B,MAAM,SAAS,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,kDAAkD,CACtE,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,YAAY,WAAW,YAAY,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,+BAA+B,CAAC;SAC5C,QAAQ,CAAC,cAAc,EAAE,2BAA2B,CAAC;SACrD,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,EAAE;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAO,CAAC;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,EAA0B,CAAC;QACzD,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,QAAQ,gBAAgB,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,YAAY,MAAM,CAAC,WAAW,cAAc,CAChE,CAAC;IACJ,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,mEAAmE,CAAC;SAChF,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,OAAO,CAAC,MAAO,CAAC,IAAI,EAAiB,CAAC;YACzD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;YAE3C,wEAAwE;YACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,GAAG,CAAC,QAAQ,OAAO,CAAC,CAAC,CAAC;YAE1E,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC;gBAC5C,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,eAAe,EAAE,GAAG,CAAC,eAAe;gBACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;aACvB,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;oBACd,YAAY,UAAU,CAAC,MAAM,eAAe;oBAC5C,mCAAmC,CACtC,CAAC;gBACF,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC;wBAC3B,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;wBAC7D,IAAI,CACP,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,uBAAuB,CAAC,CAAC;gBAC/D,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACnC,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/usage.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { Command } from 'commander';
2	+ export declare function registerUsageCommand(program: Command): void;

package/dist/commands/usage.js ADDED Viewed

@@ -0,0 +1,203 @@
+import chalk from 'chalk';
+import Table from 'cli-table3';
+import { LogAnalyticsClient, createResultEnvelope, envelopeToJson, } from '@brunsforge/azure-app-registration-monitor';
+import { buildContext, handleError } from '../shared/context.js';
+import { EXIT } from '../exitCodes.js';
+async function resolveAppId(ctx, appId, appName) {
+    if (appId)
+        return appId;
+    if (!appName) {
+        process.stderr.write('Error: either --app-id or --app-name is required.\n');
+        process.exit(EXIT.CONFIG_INVALID);
+    }
+    const app = await ctx.graphReader.findByDisplayName(appName);
+    if (!app) {
+        process.stderr.write(`Error: no app registration found with display name "${appName}".\n` +
+            '  Check the exact name or use --app-id with the client ID.\n');
+        process.exit(EXIT.CONFIG_INVALID);
+    }
+    return app.appId;
+}
+function requireWorkspace(workspaceId, isJson) {
+    if (!workspaceId) {
+        if (!isJson) {
+            process.stderr.write(chalk.red('✗') +
+                ' No Log Analytics workspace configured for this tenant.\n' +
+                '  Re-run "aarm tenants add --tenant <name>" and provide a Workspace ID,\n' +
+                '  or verify that the tenant was configured with a workspace ID.\n');
+        }
+        else {
+            process.stdout.write(JSON.stringify({ success: false, errors: ['No Log Analytics workspace configured for this tenant.'] }) + '\n');
+        }
+        process.exit(EXIT.NO_DATA_SOURCE);
+    }
+}
+function printAppUsage(result) {
+    process.stdout.write(`\nUsage Analysis — App ID: ${chalk.bold(result.appId)}\n`);
+    process.stdout.write(`Look-back: ${result.lookBackDays} days  |  Workspace: ${result.workspaceId}\n\n`);
+    process.stdout.write(`Total: ${result.totalCount}  ` +
+        `Success: ${chalk.green(String(result.successCount))}  ` +
+        `Failures: ${result.failureCount > 0 ? chalk.red(String(result.failureCount)) : '0'}\n` +
+        `First seen: ${result.firstSeen ?? chalk.dim('—')}  Last seen: ${result.lastSeen ?? chalk.dim('—')}\n` +
+        `Active credential keys: ${result.distinctKeyIds.length > 0 ? result.distinctKeyIds.join(', ') : chalk.dim('none')}\n\n`);
+    if (result.rows.length === 0) {
+        process.stdout.write(chalk.dim('No sign-in activity found in this window.\n'));
+        return;
+    }
+    const table = new Table({
+        head: ['Time', 'Key ID', 'Resource', 'IP', 'Result'],
+        style: { head: ['cyan'] },
+    });
+    for (const row of result.rows.slice(0, 100)) {
+        const ts = row.timeGenerated ? new Date(row.timeGenerated).toLocaleString() : '—';
+        const keyShort = row.credentialKeyId ? row.credentialKeyId.slice(0, 8) + '…' : '—';
+        const result_ = row.resultType === '0' ? chalk.green('OK') : chalk.red(row.resultType);
+        table.push([ts, keyShort, row.resourceDisplayName || '—', row.ipAddress || '—', result_]);
+    }
+    process.stdout.write(table.toString() + '\n');
+    if (result.rows.length > 100) {
+        process.stdout.write(chalk.dim(`Showing 100 of ${result.rows.length} rows. Use --output json for full data.\n`));
+    }
+}
+function printSecretUsage(result, label) {
+    process.stdout.write(`\n${label}\n`);
+    process.stdout.write(`Look-back: ${result.lookBackDays} days  |  Total sign-ins: ${result.totalCount}\n`);
+    process.stdout.write(`Last seen: ${result.lastSeen ?? chalk.dim('never in this window')}\n\n`);
+    if (result.rows.length === 0) {
+        process.stdout.write(chalk.dim('No sign-in activity found for this key in this window.\n'));
+        return;
+    }
+    const table = new Table({
+        head: ['Last Seen', 'Count', 'Resource', 'IP', 'Result'],
+        style: { head: ['cyan'] },
+    });
+    for (const row of result.rows) {
+        const ts = row.lastSeen ? new Date(row.lastSeen).toLocaleString() : '—';
+        const result_ = row.resultType === '0' ? chalk.green('OK') : chalk.red(row.resultType);
+        table.push([ts, String(row.count), row.resourceDisplayName || '—', row.ipAddress || '—', result_]);
+    }
+    process.stdout.write(table.toString() + '\n');
+}
+export function registerUsageCommand(program) {
+    const usage = program
+        .command('usage')
+        .description('Analyze Service Principal Sign-in Logs via Log Analytics')
+        .action(() => usage.help());
+    usage
+        .command('analyze')
+        .description('Show sign-in history for an App Registration')
+        .option('--app-id <client-id>', 'App Registration client ID (GUID)')
+        .option('--app-name <name>', 'App Registration display name (resolved via Graph)')
+        .option('--days <n>', 'Look-back window in days', '90')
+        .action(async (cmdOpts) => {
+        try {
+            const ctx = await buildContext(program.opts());
+            requireWorkspace(ctx.logAnalyticsWorkspaceId, ctx.isJson);
+            const appId = await resolveAppId(ctx, cmdOpts.appId, cmdOpts.appName);
+            const days = parseInt(cmdOpts.days, 10);
+            const client = new LogAnalyticsClient(ctx.credential);
+            const result = await client.queryAppUsage(ctx.logAnalyticsWorkspaceId, appId, days);
+            if (ctx.isJson) {
+                process.stdout.write(envelopeToJson(createResultEnvelope(result, ctx.tenantId, ctx.environmentName)) + '\n');
+            }
+            else {
+                printAppUsage(result);
+            }
+        }
+        catch (err) {
+            handleError(err);
+        }
+    });
+    usage
+        .command('analyze-secret')
+        .description('Show sign-in history for a specific credential key ID')
+        .requiredOption('--key-id <secret-key-id>', 'Credential key ID (GUID from the secret)')
+        .option('--days <n>', 'Look-back window in days', '90')
+        .action(async (cmdOpts) => {
+        try {
+            const ctx = await buildContext(program.opts());
+            requireWorkspace(ctx.logAnalyticsWorkspaceId, ctx.isJson);
+            const days = parseInt(cmdOpts.days, 10);
+            const client = new LogAnalyticsClient(ctx.credential);
+            const result = await client.querySecretUsage(ctx.logAnalyticsWorkspaceId, cmdOpts.keyId, days);
+            if (ctx.isJson) {
+                process.stdout.write(envelopeToJson(createResultEnvelope(result, ctx.tenantId, ctx.environmentName)) + '\n');
+            }
+            else {
+                printSecretUsage(result, `Usage — Key ID: ${chalk.bold(cmdOpts.keyId)}`);
+            }
+        }
+        catch (err) {
+            handleError(err);
+        }
+    });
+    usage
+        .command('last-seen')
+        .description('Show when an App Registration was last used (summarized)')
+        .option('--app-id <client-id>', 'App Registration client ID (GUID)')
+        .option('--app-name <name>', 'App Registration display name (resolved via Graph)')
+        .option('--days <n>', 'Look-back window in days', '90')
+        .action(async (cmdOpts) => {
+        try {
+            const ctx = await buildContext(program.opts());
+            requireWorkspace(ctx.logAnalyticsWorkspaceId, ctx.isJson);
+            const appId = await resolveAppId(ctx, cmdOpts.appId, cmdOpts.appName);
+            const days = parseInt(cmdOpts.days, 10);
+            const client = new LogAnalyticsClient(ctx.credential);
+            const result = await client.queryAppUsage(ctx.logAnalyticsWorkspaceId, appId, days);
+            const summary = {
+                appId: result.appId,
+                lastSeen: result.lastSeen,
+                totalSignIns: result.totalCount,
+                activeKeyIds: result.distinctKeyIds,
+                lookBackDays: days,
+            };
+            if (ctx.isJson) {
+                process.stdout.write(envelopeToJson(createResultEnvelope(summary, ctx.tenantId, ctx.environmentName)) + '\n');
+            }
+            else {
+                process.stdout.write(`App ID   : ${result.appId}\n`);
+                process.stdout.write(`Last seen: ${result.lastSeen ?? chalk.dim('not seen in this window')}\n`);
+                process.stdout.write(`Sign-ins : ${result.totalCount} (last ${days} days)\n`);
+                process.stdout.write(`Keys used: ${result.distinctKeyIds.join(', ') || chalk.dim('none')}\n`);
+            }
+        }
+        catch (err) {
+            handleError(err);
+        }
+    });
+    usage
+        .command('rotation-check')
+        .description('Check whether an old key ID is still being used after rotation')
+        .requiredOption('--app-id <client-id>', 'App Registration client ID')
+        .requiredOption('--old-key-id <secret-key-id>', 'The old credential key ID to watch')
+        .option('--days <n>', 'Look-back window in days', '14')
+        .action(async (cmdOpts) => {
+        try {
+            const ctx = await buildContext(program.opts());
+            requireWorkspace(ctx.logAnalyticsWorkspaceId, ctx.isJson);
+            const days = parseInt(cmdOpts.days, 10);
+            const client = new LogAnalyticsClient(ctx.credential);
+            const result = await client.queryRotationCheck(ctx.logAnalyticsWorkspaceId, cmdOpts.appId, cmdOpts.oldKeyId, days);
+            if (ctx.isJson) {
+                process.stdout.write(envelopeToJson(createResultEnvelope(result, ctx.tenantId, ctx.environmentName)) + '\n');
+            }
+            else {
+                const label = `Rotation Check — App: ${chalk.bold(cmdOpts.appId)}  Old Key: ${chalk.bold(cmdOpts.oldKeyId)}`;
+                if (result.totalCount === 0) {
+                    process.stdout.write(chalk.green('✓') + ` Old key not seen in the last ${days} days. Safe to delete.\n`);
+                }
+                else {
+                    process.stdout.write(chalk.yellow('⚠') +
+                        ` Old key still active: ${result.totalCount} sign-in(s) in the last ${days} days.\n` +
+                        `  Last seen: ${result.lastSeen}\n`);
+                    printSecretUsage(result, label);
+                }
+            }
+        }
+        catch (err) {
+            handleError(err);
+        }
+    });
+}
+//# sourceMappingURL=usage.js.map

package/dist/commands/usage.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"usage.js","sourceRoot":"","sources":["../../src/commands/usage.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,cAAc,GAGf,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AACtF,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAEvC,KAAK,UAAU,YAAY,CACzB,GAAmB,EACnB,KAAyB,EACzB,OAA2B;IAE3B,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uDAAuD,OAAO,MAAM;YAClE,8DAA8D,CACjE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,GAAG,CAAC,KAAK,CAAC;AACnB,CAAC;AAED,SAAS,gBAAgB,CAAC,WAA+B,EAAE,MAAe;IACxE,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC;gBACZ,2DAA2D;gBAC3D,2EAA2E;gBAC3E,mEAAmE,CACtE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,wDAAwD,CAAC,EAAE,CAAC,GAAG,IAAI,CAC9G,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAsB;IAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,YAAY,wBAAwB,MAAM,CAAC,WAAW,MAAM,CAAC,CAAC;IAExG,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,MAAM,CAAC,UAAU,IAAI;QAC/B,YAAY,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI;QACxD,aAAa,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI;QACvF,eAAe,MAAM,CAAC,SAAS,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;QACtG,2BAA2B,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CACzH,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC,CAAC;QAC/E,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;KAC1B,CAAC,CAAC;IACH,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAClF,MAAM,QAAQ,GAAG,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACnF,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvF,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,mBAAmB,IAAI,GAAG,EAAE,GAAG,CAAC,SAAS,IAAI,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5F,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,IAAI,CAAC,MAAM,2CAA2C,CAAC,CAAC,CAAC;IACnH,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAyB,EAAE,KAAa;IAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,YAAY,6BAA6B,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;IAC1G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAE/F,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAC5F,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC;QACxD,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;KAC1B,CAAC,CAAC;IACH,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QACxE,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvF,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,mBAAmB,IAAI,GAAG,EAAE,GAAG,CAAC,SAAS,IAAI,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IACrG,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAE9B,KAAK;SACF,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,8CAA8C,CAAC;SAC3D,MAAM,CAAC,sBAAsB,EAAE,mCAAmC,CAAC;SACnE,MAAM,CAAC,mBAAmB,EAAE,oDAAoD,CAAC;SACjF,MAAM,CAAC,YAAY,EAAE,0BAA0B,EAAE,IAAI,CAAC;SACtD,MAAM,CAAC,KAAK,EAAE,OAA2D,EAAE,EAAE;QAC5E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/C,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;YACtE,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YAEpF,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,CAAC,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,GAAG,IAAI,CACvF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,MAAM,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,gBAAgB,CAAC;SACzB,WAAW,CAAC,uDAAuD,CAAC;SACpE,cAAc,CAAC,0BAA0B,EAAE,0CAA0C,CAAC;SACtF,MAAM,CAAC,YAAY,EAAE,0BAA0B,EAAE,IAAI,CAAC;SACtD,MAAM,CAAC,KAAK,EAAE,OAAwC,EAAE,EAAE;QACzD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/C,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAE/F,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,CAAC,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,GAAG,IAAI,CACvF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,MAAM,EAAE,mBAAmB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,sBAAsB,EAAE,mCAAmC,CAAC;SACnE,MAAM,CAAC,mBAAmB,EAAE,oDAAoD,CAAC;SACjF,MAAM,CAAC,YAAY,EAAE,0BAA0B,EAAE,IAAI,CAAC;SACtD,MAAM,CAAC,KAAK,EAAE,OAA2D,EAAE,EAAE;QAC5E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/C,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;YACtE,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YAEpF,MAAM,OAAO,GAAG;gBACd,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,YAAY,EAAE,MAAM,CAAC,UAAU;gBAC/B,YAAY,EAAE,MAAM,CAAC,cAAc;gBACnC,YAAY,EAAE,IAAI;aACnB,CAAC;YAEF,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,GAAG,IAAI,CACxF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC;gBACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;gBAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,UAAU,UAAU,IAAI,UAAU,CAAC,CAAC;gBAC9E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAChG,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,gBAAgB,CAAC;SACzB,WAAW,CAAC,gEAAgE,CAAC;SAC7E,cAAc,CAAC,sBAAsB,EAAE,4BAA4B,CAAC;SACpE,cAAc,CAAC,8BAA8B,EAAE,oCAAoC,CAAC;SACpF,MAAM,CAAC,YAAY,EAAE,0BAA0B,EAAE,IAAI,CAAC;SACtD,MAAM,CAAC,KAAK,EAAE,OAA0D,EAAE,EAAE;QAC3E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/C,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAC5C,GAAG,CAAC,uBAAuB,EAC3B,OAAO,CAAC,KAAK,EACb,OAAO,CAAC,QAAQ,EAChB,IAAI,CACL,CAAC;YAEF,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,CAAC,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,GAAG,IAAI,CACvF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,yBAAyB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7G,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;oBAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,iCAAiC,IAAI,0BAA0B,CAAC,CAAC;gBAC3G,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC;wBACf,0BAA0B,MAAM,CAAC,UAAU,2BAA2B,IAAI,UAAU;wBACpF,gBAAgB,MAAM,CAAC,QAAQ,IAAI,CACtC,CAAC;oBACF,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/config/ConfigStore.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { TenantProfile } from '@brunsforge/azure-app-registration-monitor';
+export declare class ConfigStore {
+    private readonly configDir;
+    constructor(configDir?: string);
+    getConfigDir(): string;
+    private get tenantsPath();
+    listTenants(): Promise<TenantProfile[]>;
+    getTenant(nameOrId: string): Promise<TenantProfile | undefined>;
+    upsertTenant(profile: TenantProfile): Promise<void>;
+    removeTenant(tenantId: string): Promise<boolean>;
+    private save;
+}

package/dist/config/ConfigStore.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+const DEFAULT_CONFIG_DIR = join(homedir(), '.aarm');
+export class ConfigStore {
+    configDir;
+    constructor(configDir = DEFAULT_CONFIG_DIR) {
+        this.configDir = configDir;
+    }
+    getConfigDir() {
+        return this.configDir;
+    }
+    get tenantsPath() {
+        return join(this.configDir, 'tenants.json');
+    }
+    async listTenants() {
+        try {
+            const raw = await readFile(this.tenantsPath, 'utf8');
+            return JSON.parse(raw);
+        }
+        catch {
+            return [];
+        }
+    }
+    async getTenant(nameOrId) {
+        const tenants = await this.listTenants();
+        return tenants.find((t) => t.tenantId === nameOrId || t.displayName === nameOrId);
+    }
+    async upsertTenant(profile) {
+        const tenants = await this.listTenants();
+        const idx = tenants.findIndex((t) => t.tenantId === profile.tenantId);
+        if (idx >= 0) {
+            tenants[idx] = profile;
+        }
+        else {
+            tenants.push(profile);
+        }
+        await this.save(tenants);
+    }
+    async removeTenant(tenantId) {
+        const tenants = await this.listTenants();
+        const filtered = tenants.filter((t) => t.tenantId !== tenantId);
+        if (filtered.length === tenants.length)
+            return false;
+        await this.save(filtered);
+        return true;
+    }
+    async save(tenants) {
+        await mkdir(this.configDir, { recursive: true });
+        await writeFile(this.tenantsPath, JSON.stringify(tenants, null, 2), 'utf8');
+    }
+}
+//# sourceMappingURL=ConfigStore.js.map

package/dist/config/ConfigStore.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ConfigStore.js","sourceRoot":"","sources":["../../src/config/ConfigStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AAEpD,MAAM,OAAO,WAAW;IACO;IAA7B,YAA6B,YAAoB,kBAAkB;QAAtC,cAAS,GAAT,SAAS,CAA6B;IAAG,CAAC;IAEvE,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAY,WAAW;QACrB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,OAAO,OAAO,CAAC,IAAI,CACjB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,QAAQ,CAC7D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAsB;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACrD,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,IAAI,CAAC,OAAwB;QACzC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;CACF"}

package/dist/config/CredentialStore.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export declare class CredentialStore {
+    getClientSecret(tenantId: string, clientId: string): Promise<string | null>;
+    setClientSecret(tenantId: string, clientId: string, secret: string): Promise<void>;
+    deleteClientSecret(tenantId: string, clientId: string): Promise<boolean>;
+    getUserPassword(tenantId: string, clientId: string, username: string): Promise<string | null>;
+    setUserPassword(tenantId: string, clientId: string, username: string, password: string): Promise<void>;
+    deleteUserPassword(tenantId: string, clientId: string, username: string): Promise<boolean>;
+}

package/dist/config/CredentialStore.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { createRequire } from 'node:module';
+const require = createRequire(import.meta.url);
+// keytar is a CommonJS native addon — import via createRequire for ESM compatibility.
+const keytar = require('keytar');
+const SERVICE = 'aarm';
+export class CredentialStore {
+    // ── Client secrets (service-principal / client-secret mode) ──────────────
+    async getClientSecret(tenantId, clientId) {
+        return keytar.getPassword(SERVICE, `${tenantId}:${clientId}`);
+    }
+    async setClientSecret(tenantId, clientId, secret) {
+        await keytar.setPassword(SERVICE, `${tenantId}:${clientId}`, secret);
+    }
+    async deleteClientSecret(tenantId, clientId) {
+        return keytar.deletePassword(SERVICE, `${tenantId}:${clientId}`);
+    }
+    // ── User passwords (username-password / ROPC mode) ───────────────────────
+    // Key includes the UPN so a single client-id can hold credentials for different users.
+    async getUserPassword(tenantId, clientId, username) {
+        return keytar.getPassword(SERVICE, `${tenantId}:${clientId}:upw:${username}`);
+    }
+    async setUserPassword(tenantId, clientId, username, password) {
+        await keytar.setPassword(SERVICE, `${tenantId}:${clientId}:upw:${username}`, password);
+    }
+    async deleteUserPassword(tenantId, clientId, username) {
+        return keytar.deletePassword(SERVICE, `${tenantId}:${clientId}:upw:${username}`);
+    }
+}
+//# sourceMappingURL=CredentialStore.js.map

package/dist/config/CredentialStore.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CredentialStore.js","sourceRoot":"","sources":["../../src/config/CredentialStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,sFAAsF;AACtF,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAI9B,CAAC;AAEF,MAAM,OAAO,GAAG,MAAM,CAAC;AAEvB,MAAM,OAAO,eAAe;IAC1B,4EAA4E;IAE5E,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,QAAgB;QACtD,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,QAAgB,EAAE,MAAc;QACtE,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,QAAgB,EAAE,QAAgB;QACzD,OAAO,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,4EAA4E;IAC5E,uFAAuF;IAEvF,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,QAAgB,EAChB,QAAgB;QAEhB,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,QAAQ,QAAQ,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,MAAM,CAAC,WAAW,CACtB,OAAO,EACP,GAAG,QAAQ,IAAI,QAAQ,QAAQ,QAAQ,EAAE,EACzC,QAAQ,CACT,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB;QAEhB,OAAO,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,QAAQ,QAAQ,EAAE,CAAC,CAAC;IACnF,CAAC;CACF"}

package/dist/config/HistoryStore.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+type HistoryType = 'secrets' | 'preflight';
+export declare class HistoryStore {
+    private readonly configDir;
+    constructor(configDir: string);
+    /**
+     * Persist a scan or preflight result.
+     * Failures are silently swallowed — history is a side effect, never a blocker.
+     */
+    save(type: HistoryType, tenantId: string, data: unknown): Promise<void>;
+    /**
+     * Load the most recent saved result for the given type.
+     * Returns null if no history exists or on any read error.
+     */
+    loadLatest<T>(type: HistoryType, tenantId: string): Promise<T | null>;
+    private slotDir;
+    private listFiles;
+    private prune;
+}
+export {};