@brunsforge/aarm 0.1.0

package/dist/config/HistoryStore.js

@@ -0,0 +1,64 @@
+import { mkdir, readdir, readFile, writeFile, unlink } from 'node:fs/promises';
+import { join } from 'node:path';
+const MAX_FILES_PER_SLOT = 50;
+export class HistoryStore {
+    configDir;
+    constructor(configDir) {
+        this.configDir = configDir;
+    }
+    /**
+     * Persist a scan or preflight result.
+     * Failures are silently swallowed — history is a side effect, never a blocker.
+     */
+    async save(type, tenantId, data) {
+        try {
+            const dir = this.slotDir(tenantId);
+            await mkdir(dir, { recursive: true });
+            const ts = new Date().toISOString().replace(/[:.]/g, '-');
+            await writeFile(join(dir, `${type}-${ts}.json`), JSON.stringify(data, null, 2), 'utf8');
+            await this.prune(type, dir);
+        }
+        catch {
+            // intentionally silent
+        }
+    }
+    /**
+     * Load the most recent saved result for the given type.
+     * Returns null if no history exists or on any read error.
+     */
+    async loadLatest(type, tenantId) {
+        try {
+            const dir = this.slotDir(tenantId);
+            const files = await this.listFiles(type, dir);
+            if (files.length === 0)
+                return null;
+            const raw = await readFile(join(dir, files[files.length - 1]), 'utf8');
+            return JSON.parse(raw);
+        }
+        catch {
+            return null;
+        }
+    }
+    slotDir(tenantId) {
+        return join(this.configDir, 'history', tenantId);
+    }
+    async listFiles(type, dir) {
+        try {
+            const all = await readdir(dir);
+            return all
+                .filter((f) => f.startsWith(`${type}-`) && f.endsWith('.json'))
+                .sort();
+        }
+        catch {
+            return [];
+        }
+    }
+    async prune(type, dir) {
+        const files = await this.listFiles(type, dir);
+        if (files.length <= MAX_FILES_PER_SLOT)
+            return;
+        const stale = files.slice(0, files.length - MAX_FILES_PER_SLOT);
+        await Promise.all(stale.map((f) => unlink(join(dir, f)).catch(() => undefined)));
+    }
+}
+//# sourceMappingURL=HistoryStore.js.map

package/dist/config/HistoryStore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"HistoryStore.js","sourceRoot":"","sources":["../../src/config/HistoryStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAIjC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B,MAAM,OAAO,YAAY;IACM;IAA7B,YAA6B,SAAiB;QAAjB,cAAS,GAAT,SAAS,CAAQ;IAAG,CAAC;IAElD;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,IAAiB,EAAE,QAAgB,EAAE,IAAa;QAC3D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACtC,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC1D,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACxF,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAI,IAAiB,EAAE,QAAgB;QACrD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACpC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACvE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAM,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,OAAO,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACnD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,IAAiB,EAAE,GAAW;QACpD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/B,OAAO,GAAG;iBACP,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;iBAC9D,IAAI,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,KAAK,CAAC,IAAiB,EAAE,GAAW;QAChD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,KAAK,CAAC,MAAM,IAAI,kBAAkB;YAAE,OAAO;QAC/C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,kBAAkB,CAAC,CAAC;QAChE,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACnF,CAAC;CACF"}

package/dist/exitCodes.d.ts

@@ -0,0 +1,9 @@
+export declare const EXIT: {
+    readonly OK: 0;
+    readonly ERROR: 1;
+    readonly AUTH_FAILED: 2;
+    readonly PERMISSION_MISSING: 3;
+    readonly CONFIG_INVALID: 4;
+    readonly NO_DATA_SOURCE: 5;
+    readonly FINDINGS_THRESHOLD: 10;
+};

package/dist/exitCodes.js

@@ -0,0 +1,10 @@
+export const EXIT = {
+    OK: 0,
+    ERROR: 1,
+    AUTH_FAILED: 2,
+    PERMISSION_MISSING: 3,
+    CONFIG_INVALID: 4,
+    NO_DATA_SOURCE: 5,
+    FINDINGS_THRESHOLD: 10,
+};
+//# sourceMappingURL=exitCodes.js.map

package/dist/exitCodes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exitCodes.js","sourceRoot":"","sources":["../src/exitCodes.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,IAAI,GAAG;IAClB,EAAE,EAAE,CAAC;IACL,KAAK,EAAE,CAAC;IACR,WAAW,EAAE,CAAC;IACd,kBAAkB,EAAE,CAAC;IACrB,cAAc,EAAE,CAAC;IACjB,cAAc,EAAE,CAAC;IACjB,kBAAkB,EAAE,EAAE;CACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { registerAppsCommand } from './commands/apps.js';
+import { registerPreflightCommand } from './commands/preflight.js';
+import { registerSecretsCommand } from './commands/secrets.js';
+import { registerTenantsCommand } from './commands/tenants.js';
+import { registerUsageCommand } from './commands/usage.js';
+import { registerReportCommand } from './commands/report.js';
+const program = new Command();
+program
+    .name('aarm')
+    .description('Azure App Registration Monitor — inspect and track Entra client secrets')
+    .version('0.1.0', '-V, --version', 'Print version')
+    .option('--tenant <name-or-id>', 'Tenant display name or ID from local config')
+    .option('--config-dir <path>', 'Override default config directory (~/.aarm)')
+    .option('--output <format>', 'Output format: table, json', 'table')
+    .option('--verbose', 'Enable verbose output', false)
+    .option('--no-color', 'Disable color output')
+    // Show help when aarm is called with no arguments
+    .action(() => program.help());
+// Enable `aarm help [command]` in addition to `aarm [command] --help`
+program.addHelpCommand('help [command]', 'Display help for a command');
+program.hook('preAction', (_thisCommand, actionCommand) => {
+    const { color } = program.opts();
+    if (!color)
+        chalk.level = 0;
+    if (actionCommand === program)
+        return; // avoid recursion from the .action above
+});
+registerTenantsCommand(program);
+registerAppsCommand(program);
+registerSecretsCommand(program);
+registerPreflightCommand(program);
+registerUsageCommand(program);
+registerReportCommand(program);
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,yEAAyE,CAAC;KACtF,OAAO,CAAC,OAAO,EAAE,eAAe,EAAE,eAAe,CAAC;KAClD,MAAM,CAAC,uBAAuB,EAAE,6CAA6C,CAAC;KAC9E,MAAM,CAAC,qBAAqB,EAAE,6CAA6C,CAAC;KAC5E,MAAM,CAAC,mBAAmB,EAAE,4BAA4B,EAAE,OAAO,CAAC;KAClE,MAAM,CAAC,WAAW,EAAE,uBAAuB,EAAE,KAAK,CAAC;KACnD,MAAM,CAAC,YAAY,EAAE,sBAAsB,CAAC;IAC7C,kDAAkD;KACjD,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAEhC,sEAAsE;AACtE,OAAO,CAAC,cAAc,CAAC,gBAAgB,EAAE,4BAA4B,CAAC,CAAC;AAEvE,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,YAAY,EAAE,aAAa,EAAE,EAAE;IACxD,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC;IACrD,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5B,IAAI,aAAa,KAAK,OAAO;QAAE,OAAO,CAAC,yCAAyC;AAClF,CAAC,CAAC,CAAC;AAEH,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAClC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAE/B,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/dist/output/formatters.d.ts

@@ -0,0 +1,10 @@
+import type { AppRegistrationSummary, SecretSummary, TenantProfile } from '@brunsforge/azure-app-registration-monitor';
+import type { ResultEnvelope } from '@brunsforge/azure-app-registration-monitor';
+export declare function printJson<T>(envelope: ResultEnvelope<T>): void;
+export declare function riskColor(level: string): string;
+export declare function statusColor(status: string): string;
+export declare function printTenantsTable(tenants: TenantProfile[]): void;
+export declare function printAppsTable(apps: AppRegistrationSummary[]): void;
+export declare function secretsToMarkdown(secrets: SecretSummary[], tenantId: string, _envName?: string): string;
+export declare function secretsToCsv(secrets: SecretSummary[]): string;
+export declare function printSecretsTable(secrets: SecretSummary[]): void;

package/dist/output/formatters.js

@@ -0,0 +1,129 @@
+import chalk from 'chalk';
+import Table from 'cli-table3';
+export function printJson(envelope) {
+    process.stdout.write(JSON.stringify(envelope, null, 2) + '\n');
+}
+export function riskColor(level) {
+    switch (level) {
+        case 'Critical': return chalk.red.bold(level);
+        case 'High': return chalk.red(level);
+        case 'Medium': return chalk.yellow(level);
+        case 'Low': return chalk.cyan(level);
+        default: return chalk.dim(level);
+    }
+}
+export function statusColor(status) {
+    switch (status) {
+        case 'Expired': return chalk.red.bold(status);
+        case 'ExpiringSoon': return chalk.yellow(status);
+        case 'Valid': return chalk.green(status);
+        default: return chalk.dim(status);
+    }
+}
+export function printTenantsTable(tenants) {
+    if (tenants.length === 0) {
+        process.stdout.write('No tenants configured. Run "aarm tenants add" to add one.\n');
+        return;
+    }
+    const table = new Table({
+        head: ['Name', 'Tenant ID', 'Auth Mode', 'Client ID', 'Last Scan'],
+        style: { head: ['cyan'] },
+    });
+    for (const t of tenants) {
+        table.push([
+            t.displayName,
+            t.tenantId,
+            t.authMode,
+            t.clientId ?? '-',
+            t.lastSuccessfulScanAt
+                ? new Date(t.lastSuccessfulScanAt).toLocaleDateString()
+                : 'Never',
+        ]);
+    }
+    process.stdout.write(table.toString() + '\n');
+}
+export function printAppsTable(apps) {
+    if (apps.length === 0) {
+        process.stdout.write('No App Registrations found.\n');
+        return;
+    }
+    const table = new Table({
+        head: ['Risk', 'App Name', 'Client ID', 'Secrets', 'Expired', 'Expiring'],
+        style: { head: ['cyan'] },
+    });
+    for (const a of apps) {
+        table.push([
+            riskColor(a.riskLevel),
+            a.displayName,
+            a.appId,
+            String(a.secretCount),
+            a.expiredSecretCount > 0 ? chalk.red(String(a.expiredSecretCount)) : '0',
+            a.expiringSecretCount > 0 ? chalk.yellow(String(a.expiringSecretCount)) : '0',
+        ]);
+    }
+    process.stdout.write(table.toString() + '\n');
+    process.stdout.write(chalk.dim(`${apps.length} app registration(s)\n`));
+}
+export function secretsToMarkdown(secrets, tenantId, _envName) {
+    const lines = [
+        `# Secret Expiry Report`,
+        ``,
+        `**Tenant:** ${tenantId}  **Generated:** ${new Date().toISOString().slice(0, 10)}`,
+        ``,
+        `| Risk | App | Secret | Key ID | Expires | Days | Status |`,
+        `|------|-----|--------|--------|---------|------|--------|`,
+    ];
+    for (const s of secrets) {
+        const expires = s.endDateTime ? new Date(s.endDateTime).toISOString().slice(0, 10) : '—';
+        const days = s.daysUntilExpiry !== null ? String(s.daysUntilExpiry) : '—';
+        const keyShort = s.keyId ? s.keyId.slice(0, 8) + '…' : '—';
+        lines.push(`| ${s.riskLevel} | ${s.appDisplayName} | ${s.displayName ?? '—'} | ${keyShort} | ${expires} | ${days} | ${s.status} |`);
+    }
+    lines.push('');
+    return lines.join('\n');
+}
+export function secretsToCsv(secrets) {
+    const header = 'risk,app,appId,secret,keyId,startDate,endDate,daysUntilExpiry,status';
+    const rows = secrets.map((s) => {
+        const csv = (v) => `"${(v ?? '').replace(/"/g, '""')}"`;
+        return [
+            csv(s.riskLevel),
+            csv(s.appDisplayName),
+            csv(s.appId),
+            csv(s.displayName),
+            csv(s.keyId),
+            csv(s.startDateTime),
+            csv(s.endDateTime),
+            String(s.daysUntilExpiry ?? ''),
+            csv(s.status),
+        ].join(',');
+    });
+    return [header, ...rows, ''].join('\n');
+}
+export function printSecretsTable(secrets) {
+    if (secrets.length === 0) {
+        process.stdout.write('No secrets found.\n');
+        return;
+    }
+    const table = new Table({
+        head: ['Risk', 'App', 'Secret', 'Expires', 'Days', 'Status'],
+        style: { head: ['cyan'] },
+    });
+    for (const s of secrets) {
+        const expires = s.endDateTime
+            ? new Date(s.endDateTime).toLocaleDateString()
+            : '-';
+        const days = s.daysUntilExpiry !== null ? String(s.daysUntilExpiry) : '-';
+        table.push([
+            riskColor(s.riskLevel),
+            s.appDisplayName,
+            s.displayName ?? s.keyId,
+            expires,
+            days,
+            statusColor(s.status),
+        ]);
+    }
+    process.stdout.write(table.toString() + '\n');
+    process.stdout.write(chalk.dim(`${secrets.length} secret(s)\n`));
+}
+//# sourceMappingURL=formatters.js.map

package/dist/output/formatters.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"formatters.js","sourceRoot":"","sources":["../../src/output/formatters.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,YAAY,CAAC;AAI/B,MAAM,UAAU,SAAS,CAAI,QAA2B;IACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,UAAU,CAAC,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9C,KAAK,MAAM,CAAC,CAAK,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,KAAK,QAAQ,CAAC,CAAG,OAAO,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5C,KAAK,KAAK,CAAC,CAAM,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,CAAC,CAAS,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,SAAS,CAAC,CAAM,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnD,KAAK,cAAc,CAAC,CAAC,OAAO,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACjD,KAAK,OAAO,CAAC,CAAQ,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAChD,OAAO,CAAC,CAAa,OAAO,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAwB;IACxD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACpF,OAAO;IACT,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC;QAClE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;KAC1B,CAAC,CAAC;IACH,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC;YACT,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,QAAQ,IAAI,GAAG;YACjB,CAAC,CAAC,oBAAoB;gBACpB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,kBAAkB,EAAE;gBACvD,CAAC,CAAC,OAAO;SACZ,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAA8B;IAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC;QACzE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;KAC1B,CAAC,CAAC;IACH,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC;YACT,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YACtB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,KAAK;YACP,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC;YACrB,CAAC,CAAC,kBAAkB,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;YACxE,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;SAC9E,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,wBAAwB,CAAC,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,OAAwB,EACxB,QAAgB,EAChB,QAAiB;IAEjB,MAAM,KAAK,GAAa;QACtB,wBAAwB;QACxB,EAAE;QACF,eAAe,QAAQ,oBAAoB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;QAClF,EAAE;QACF,4DAA4D;QAC5D,4DAA4D;KAC7D,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACzF,MAAM,IAAI,GAAG,CAAC,CAAC,eAAe,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1E,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAC3D,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,CAAC,SAAS,MAAM,CAAC,CAAC,cAAc,MAAM,CAAC,CAAC,WAAW,IAAI,GAAG,MAAM,QAAQ,MAAM,OAAO,MAAM,IAAI,MAAM,CAAC,CAAC,MAAM,IAAI,CACxH,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAwB;IACnD,MAAM,MAAM,GAAG,sEAAsE,CAAC;IACtF,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,CAAC,CAA4B,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;QACnF,OAAO;YACL,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YAChB,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC;YACrB,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;YACZ,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC;YAClB,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;YACZ,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC;YACpB,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC;YAClB,MAAM,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC;YAC/B,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;SACd,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAwB;IACxD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;QAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;KAC1B,CAAC,CAAC;IACH,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,CAAC,CAAC,WAAW;YAC3B,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,kBAAkB,EAAE;YAC9C,CAAC,CAAC,GAAG,CAAC;QACR,MAAM,IAAI,GACR,CAAC,CAAC,eAAe,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC;YACT,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YACtB,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,KAAK;YACxB,OAAO;YACP,IAAI;YACJ,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,cAAc,CAAC,CAAC,CAAC;AACnE,CAAC"}

package/dist/shared/context.d.ts

@@ -0,0 +1,31 @@
+import { createCredential, createGraphClient, GraphApplicationReader, PreflightService, SecretInventoryService, type AuthMode, type TenantProfile } from '@brunsforge/azure-app-registration-monitor';
+import { ConfigStore } from '../config/ConfigStore.js';
+import { CredentialStore } from '../config/CredentialStore.js';
+type Credential = ReturnType<typeof createCredential>;
+type GraphClient = ReturnType<typeof createGraphClient>;
+export interface GlobalOptions {
+    tenant?: string;
+    configDir?: string;
+    output: string;
+    verbose: boolean;
+    color: boolean;
+}
+export interface CommandContext {
+    configStore: ConfigStore;
+    credentialStore: CredentialStore;
+    credential: Credential;
+    graphClient: GraphClient;
+    graphReader: GraphApplicationReader;
+    inventoryService: SecretInventoryService;
+    preflightService: PreflightService;
+    tenant: TenantProfile;
+    tenantId: string;
+    environmentName: string;
+    authMode: AuthMode;
+    logAnalyticsWorkspaceId?: string;
+    isJson: boolean;
+    verbose: boolean;
+}
+export declare function buildContext(opts: GlobalOptions): Promise<CommandContext>;
+export declare function handleError(err: unknown): never;
+export {};

package/dist/shared/context.js

@@ -0,0 +1,124 @@
+import { AuthError, ConfigError, GraphError, PermissionError, createCredential, createGraphClient, GraphApplicationReader, PreflightService, SecretInventoryService, } from '@brunsforge/azure-app-registration-monitor';
+import { ConfigStore } from '../config/ConfigStore.js';
+import { CredentialStore } from '../config/CredentialStore.js';
+import { EXIT } from '../exitCodes.js';
+export async function buildContext(opts) {
+    const configStore = new ConfigStore(opts.configDir);
+    const credentialStore = new CredentialStore();
+    if (!opts.tenant) {
+        process.stderr.write('Error: --tenant is required. Run "aarm tenants list" to see configured tenants.\n');
+        process.exit(EXIT.CONFIG_INVALID);
+    }
+    const tenant = await configStore.getTenant(opts.tenant);
+    if (!tenant) {
+        process.stderr.write(`Error: Tenant "${opts.tenant}" not found. Run "aarm tenants add" to configure it.\n`);
+        process.exit(EXIT.CONFIG_INVALID);
+    }
+    let authConfig;
+    if (tenant.authMode === 'client-secret') {
+        if (!tenant.clientId) {
+            process.stderr.write(`Error: Tenant "${tenant.displayName}" has no client ID configured.\n`);
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        const secret = await credentialStore.getClientSecret(tenant.tenantId, tenant.clientId);
+        if (!secret) {
+            process.stderr.write(`Error: No client secret found for tenant "${tenant.displayName}". Re-run "aarm tenants add".\n`);
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        authConfig = {
+            mode: 'client-secret',
+            tenantId: tenant.tenantId,
+            clientId: tenant.clientId,
+            clientSecret: secret,
+        };
+    }
+    else if (tenant.authMode === 'username-password') {
+        if (!tenant.clientId || !tenant.username) {
+            process.stderr.write(`Error: Tenant "${tenant.displayName}" is missing clientId or username. Re-run "aarm tenants add".\n`);
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        const password = await credentialStore.getUserPassword(tenant.tenantId, tenant.clientId, tenant.username);
+        if (!password) {
+            process.stderr.write(`Error: No password found for "${tenant.username}". Re-run "aarm tenants add".\n`);
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        authConfig = {
+            mode: 'username-password',
+            tenantId: tenant.tenantId,
+            clientId: tenant.clientId,
+            username: tenant.username,
+            password,
+        };
+    }
+    else if (tenant.authMode === 'azure-cli') {
+        authConfig = { mode: 'azure-cli', tenantId: tenant.tenantId };
+    }
+    else if (tenant.authMode === 'workload-identity-federation') {
+        process.stderr.write(`Error: The "workload-identity-federation" auth mode requires an Azure-hosted runtime\n` +
+            `(Function App, VM, ACI) and cannot be used with the aarm CLI.\n` +
+            `For unattended automation use "client-secret" or "certificate".\n` +
+            `For interactive use on a developer workstation use "device-code".\n`);
+        process.exit(EXIT.CONFIG_INVALID);
+    }
+    else {
+        if (!tenant.clientId) {
+            process.stderr.write(`Error: Tenant "${tenant.displayName}" has no client ID configured.\n`);
+            process.exit(EXIT.CONFIG_INVALID);
+        }
+        authConfig = {
+            mode: tenant.authMode,
+            tenantId: tenant.tenantId,
+            clientId: tenant.clientId,
+        };
+    }
+    const credential = createCredential(authConfig);
+    const graphClient = createGraphClient(credential);
+    const graphReader = new GraphApplicationReader(graphClient);
+    const inventoryService = new SecretInventoryService(graphReader);
+    const preflightService = new PreflightService(graphClient, credential);
+    return {
+        configStore,
+        credentialStore,
+        credential,
+        graphClient,
+        graphReader,
+        inventoryService,
+        preflightService,
+        tenant,
+        tenantId: tenant.tenantId,
+        environmentName: tenant.defaultEnvironmentName ?? 'default',
+        authMode: tenant.authMode,
+        logAnalyticsWorkspaceId: tenant.logAnalyticsWorkspaceId,
+        isJson: opts.output === 'json',
+        verbose: opts.verbose,
+    };
+}
+export function handleError(err) {
+    if (err instanceof AuthError) {
+        process.stderr.write(`Authentication failed: ${err.message}\n`);
+        process.stderr.write('Check: correct tenant ID, client ID, secret value, and that the App Registration exists.\n');
+        process.exit(EXIT.AUTH_FAILED);
+    }
+    if (err instanceof PermissionError) {
+        process.stderr.write(`Permission denied: ${err.message}\n`);
+        process.stderr.write('Check: Application.Read.All is in API permissions AND admin consent has been granted.\n' +
+            'Run "aarm --tenant <name> preflight explain" for detailed grant instructions.\n');
+        process.exit(EXIT.PERMISSION_MISSING);
+    }
+    if (err instanceof GraphError) {
+        process.stderr.write(`Graph API error: ${err.message}\n`);
+        process.exit(EXIT.ERROR);
+    }
+    if (err instanceof ConfigError) {
+        process.stderr.write(`Configuration error: ${err.message}\n`);
+        process.exit(EXIT.CONFIG_INVALID);
+    }
+    if (err instanceof Error) {
+        process.stderr.write(`Error: ${err.message}\n`);
+    }
+    else {
+        process.stderr.write(`Unexpected error: ${String(err)}\n`);
+    }
+    process.exit(EXIT.ERROR);
+}
+//# sourceMappingURL=context.js.map

package/dist/shared/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/shared/context.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,gBAAgB,EAChB,sBAAsB,GAIvB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAkCvC,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAmB;IACpD,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;IAE9C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mFAAmF,CACpF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kBAAkB,IAAI,CAAC,MAAM,wDAAwD,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,UAAsB,CAAC;IAE3B,IAAI,MAAM,CAAC,QAAQ,KAAK,eAAe,EAAE,CAAC;QACxC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,WAAW,kCAAkC,CAAC,CAAC;YAC7F,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6CAA6C,MAAM,CAAC,WAAW,iCAAiC,CACjG,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,UAAU,GAAG;YACX,IAAI,EAAE,eAAe;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM;SACrB,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,EAAE,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kBAAkB,MAAM,CAAC,WAAW,iEAAiE,CACtG,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,eAAe,CACpD,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,QAAQ,CAChB,CAAC;QACF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,iCAAiC,MAAM,CAAC,QAAQ,iCAAiC,CAClF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,UAAU,GAAG;YACX,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ;SACT,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC3C,UAAU,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;IAChE,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,8BAA8B,EAAE,CAAC;QAC9D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wFAAwF;YACxF,iEAAiE;YACjE,mEAAmE;YACnE,qEAAqE,CACtE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,WAAW,kCAAkC,CAAC,CAAC;YAC7F,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;QACD,UAAU,GAAG;YACX,IAAI,EAAE,MAAM,CAAC,QAAiE;YAC9E,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;SACZ,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,IAAI,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,IAAI,sBAAsB,CAAC,WAAW,CAAC,CAAC;IACjE,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAEvE,OAAO;QACL,WAAW;QACX,eAAe;QACf,UAAU;QACV,WAAW;QACX,WAAW;QACX,gBAAgB;QAChB,gBAAgB;QAChB,MAAM;QACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,eAAe,EAAE,MAAM,CAAC,sBAAsB,IAAI,SAAS;QAC3D,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;QACvD,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,MAAM;QAC9B,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAY;IACtC,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,4FAA4F,CAC7F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;QACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yFAAyF;YACzF,iFAAiF,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IACD,IAAI,GAAG,YAAY,WAAW,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@brunsforge/aarm",
+  "version": "0.1.0",
+  "description": "Azure App Registration Monitor CLI — aarm binary for monitoring Entra client secrets",
+  "license": "MIT",
+  "private": false,
+  "type": "module",
+  "bin": {
+    "aarm": "./dist/index.js"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/brunsforge/AzureAppRegistrationSecretMonitor.git",
+    "directory": "packages/cli"
+  },
+  "scripts": {
+    "build": "tsc",
+    "build:bundle": "node esbuild.config.mjs",
+    "dev": "node --import tsx/esm src/index.ts"
+  },
+  "dependencies": {
+    "@brunsforge/azure-app-registration-monitor": "^0.1.0",
+    "chalk": "^5.3.0",
+    "cli-table3": "^0.6.5",
+    "commander": "^12.0.0",
+    "keytar": "^7.9.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "esbuild": "^0.21.0",
+    "typescript": "^5.5.0"
+  }
+}