@etcsec-com/etc-collector 1.4.0

package/dist/services/auth/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/services/auth/errors.ts"],"names":[],"mappings":";;;AAMA,MAAa,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAO,GAAG,mBAAmB;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AALD,8CAKC;AAED,MAAa,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAO,GAAG,wBAAwB;QAC5C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AALD,8CAKC;AAED,MAAa,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAO,GAAG,4BAA4B;QAChD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AALD,0DAKC;AAED,MAAa,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,OAAO,GAAG,6BAA6B;QACjD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AALD,gDAKC;AAED,MAAa,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAO,GAAG,yBAAyB;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AALD,sDAKC;AAED,MAAa,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAO,GAAG,eAAe;QACnC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AALD,8CAKC"}

package/dist/services/auth/token.service.d.ts

@@ -0,0 +1,41 @@
+import { TokenRepository } from '../../data/repositories/token.repository';
+import { CryptoService } from './crypto.service';
+export interface GenerateTokenRequest {
+    expiresIn: string;
+    maxUses: number;
+    metadata?: Record<string, any>;
+}
+export interface TokenPayload {
+    jti: string;
+    iss: string;
+    sub: string;
+    iat: number;
+    exp: number;
+    service: string;
+    maxUses: number;
+}
+export interface TokenInfo {
+    jti: string;
+    created_at: string;
+    expires_at: string;
+    max_uses: number;
+    used_count: number;
+    remaining_uses: number;
+    revoked: boolean;
+    revoked_at: string | null;
+    revoked_reason: string | null;
+}
+export declare class TokenService {
+    private tokenRepo;
+    private cryptoService;
+    private logger;
+    constructor(tokenRepo: TokenRepository, cryptoService: CryptoService);
+    generate(options: GenerateTokenRequest): Promise<string>;
+    validate(token: string): Promise<TokenPayload>;
+    revoke(jti: string, revokedBy: string, reason: string): Promise<void>;
+    getInfo(jti: string): Promise<TokenInfo>;
+    incrementUsage(jti: string): Promise<void>;
+    listAll(): Promise<TokenInfo[]>;
+    private parseExpiry;
+}
+//# sourceMappingURL=token.service.d.ts.map

package/dist/services/auth/token.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.service.d.ts","sourceRoot":"","sources":["../../../src/services/auth/token.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAC3E,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AA2BjD,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,qBAAa,YAAY;IAIrB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,aAAa;IAJvB,OAAO,CAAC,MAAM,CAAS;gBAGb,SAAS,EAAE,eAAe,EAC1B,aAAa,EAAE,aAAa;IAmBhC,QAAQ,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC;IAsExD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IA2F9C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0CrE,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAwCxC,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB1C,OAAO,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IAgDrC,OAAO,CAAC,WAAW;CA4BpB"}

package/dist/services/auth/token.service.js

@@ -0,0 +1,208 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenService = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const uuid_1 = require("uuid");
+const logger_1 = require("../../utils/logger");
+const errors_1 = require("./errors");
+class TokenService {
+    tokenRepo;
+    cryptoService;
+    logger;
+    constructor(tokenRepo, cryptoService) {
+        this.tokenRepo = tokenRepo;
+        this.cryptoService = cryptoService;
+        this.logger = logger_1.logger;
+    }
+    async generate(options) {
+        const jti = (0, uuid_1.v4)();
+        const iat = Math.floor(Date.now() / 1000);
+        const expirySeconds = this.parseExpiry(options.expiresIn);
+        const exp = iat + expirySeconds;
+        const payload = {
+            jti,
+            iss: 'etc-collector',
+            sub: 'system',
+            iat,
+            exp,
+            service: 'etc-collector',
+            maxUses: options.maxUses,
+        };
+        const privateKey = this.cryptoService.getPrivateKey();
+        const token = jsonwebtoken_1.default.sign(payload, privateKey, {
+            algorithm: 'RS256',
+        });
+        const publicKey = this.cryptoService.getPublicKey();
+        const expiresAt = new Date(exp * 1000).toISOString();
+        this.tokenRepo.create({
+            jti,
+            public_key: publicKey,
+            expires_at: expiresAt,
+            max_uses: options.maxUses,
+            metadata: options.metadata ? JSON.stringify(options.metadata) : undefined,
+        });
+        this.logger.info('JWT token generated', {
+            jti,
+            expiresIn: options.expiresIn,
+            expiresAt,
+            maxUses: options.maxUses,
+        });
+        return token;
+    }
+    async validate(token) {
+        let decoded;
+        try {
+            const publicKey = this.cryptoService.getPublicKey();
+            decoded = jsonwebtoken_1.default.verify(token, publicKey, {
+                algorithms: ['RS256'],
+            });
+        }
+        catch (error) {
+            if (error instanceof jsonwebtoken_1.default.TokenExpiredError) {
+                this.logger.warn('Token validation failed: expired');
+                throw new errors_1.TokenExpiredError();
+            }
+            if (error instanceof jsonwebtoken_1.default.JsonWebTokenError) {
+                this.logger.warn('Token validation failed: invalid signature', {
+                    error: error.message,
+                });
+                throw new errors_1.InvalidSignatureError();
+            }
+            this.logger.error('Token validation failed: unknown error', {
+                error: error instanceof Error ? error.message : 'Unknown error',
+            });
+            throw new errors_1.InvalidTokenError('Token validation failed');
+        }
+        const now = Math.floor(Date.now() / 1000);
+        if (decoded.exp < now) {
+            this.logger.warn('Token expired', { jti: decoded.jti, exp: decoded.exp, now });
+            throw new errors_1.TokenExpiredError();
+        }
+        if (decoded.iss !== 'etc-collector') {
+            this.logger.warn('Token validation failed: invalid issuer', {
+                jti: decoded.jti,
+                iss: decoded.iss,
+            });
+            throw new errors_1.InvalidTokenError('Invalid token issuer');
+        }
+        const tokenRecord = this.tokenRepo.findByJti(decoded.jti);
+        if (!tokenRecord) {
+            this.logger.warn('Token validation failed: not found in database', {
+                jti: decoded.jti,
+            });
+            throw new errors_1.TokenNotFoundError();
+        }
+        if (tokenRecord.revoked_at) {
+            this.logger.warn('Token validation failed: revoked', {
+                jti: decoded.jti,
+                revokedAt: tokenRecord.revoked_at,
+                revokedBy: tokenRecord.revoked_by,
+                revokedReason: tokenRecord.revoked_reason,
+            });
+            throw new errors_1.TokenRevokedError();
+        }
+        if (tokenRecord.max_uses > 0 && tokenRecord.used_count >= tokenRecord.max_uses) {
+            this.logger.warn('Token validation failed: usage limit exceeded', {
+                jti: decoded.jti,
+                usedCount: tokenRecord.used_count,
+                maxUses: tokenRecord.max_uses,
+            });
+            throw new errors_1.UsageLimitExceededError();
+        }
+        this.logger.debug('Token validated successfully', { jti: decoded.jti });
+        return decoded;
+    }
+    async revoke(jti, revokedBy, reason) {
+        const tokenRecord = this.tokenRepo.findByJti(jti);
+        if (!tokenRecord) {
+            this.logger.warn('Token revocation failed: not found', { jti });
+            throw new errors_1.TokenNotFoundError();
+        }
+        if (tokenRecord.revoked_at) {
+            this.logger.warn('Token already revoked', {
+                jti,
+                revokedAt: tokenRecord.revoked_at,
+                revokedBy: tokenRecord.revoked_by,
+            });
+            return;
+        }
+        this.tokenRepo.revoke(jti, revokedBy, reason);
+        this.logger.info('Token revoked', {
+            jti,
+            revokedBy,
+            reason,
+        });
+    }
+    async getInfo(jti) {
+        const tokenRecord = this.tokenRepo.findByJti(jti);
+        if (!tokenRecord) {
+            this.logger.warn('Token info request failed: not found', { jti });
+            throw new errors_1.TokenNotFoundError();
+        }
+        const remainingUses = tokenRecord.max_uses === 0
+            ? -1
+            : Math.max(0, tokenRecord.max_uses - tokenRecord.used_count);
+        const info = {
+            jti: tokenRecord.jti,
+            created_at: tokenRecord.created_at,
+            expires_at: tokenRecord.expires_at,
+            max_uses: tokenRecord.max_uses,
+            used_count: tokenRecord.used_count,
+            remaining_uses: remainingUses,
+            revoked: !!tokenRecord.revoked_at,
+            revoked_at: tokenRecord.revoked_at || null,
+            revoked_reason: tokenRecord.revoked_reason || null,
+        };
+        return info;
+    }
+    async incrementUsage(jti) {
+        this.tokenRepo.incrementUsage(jti);
+        this.logger.debug('Token usage incremented', { jti });
+    }
+    async listAll() {
+        const tokens = this.tokenRepo.findAll();
+        const tokenInfoList = tokens.map((token) => {
+            const remainingUses = token.max_uses === 0
+                ? -1
+                : Math.max(0, token.max_uses - token.used_count);
+            return {
+                jti: token.jti,
+                created_at: token.created_at,
+                expires_at: token.expires_at,
+                max_uses: token.max_uses,
+                used_count: token.used_count,
+                remaining_uses: remainingUses,
+                revoked: !!token.revoked_at,
+                revoked_at: token.revoked_at || null,
+                revoked_reason: token.revoked_reason || null,
+            };
+        });
+        return tokenInfoList;
+    }
+    parseExpiry(expiresIn) {
+        const match = expiresIn.match(/^(\d+)([smhd])$/);
+        if (!match || !match[1] || !match[2]) {
+            throw new Error(`Invalid expiry format: ${expiresIn}. Expected format: <number><unit> (e.g., '1h', '7d')`);
+        }
+        const value = parseInt(match[1], 10);
+        const unit = match[2];
+        const multipliers = {
+            s: 1,
+            m: 60,
+            h: 3600,
+            d: 86400,
+        };
+        const multiplier = multipliers[unit];
+        if (multiplier === undefined) {
+            throw new Error(`Invalid time unit: ${unit}`);
+        }
+        const seconds = value * multiplier;
+        this.logger.debug('Parsed expiry', { expiresIn, seconds });
+        return seconds;
+    }
+}
+exports.TokenService = TokenService;
+//# sourceMappingURL=token.service.js.map

package/dist/services/auth/token.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.service.js","sourceRoot":"","sources":["../../../src/services/auth/token.service.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,+BAAoC;AAIpC,+CAA4C;AAC5C,qCAOkB;AA6ClB,MAAa,YAAY;IAIb;IACA;IAJF,MAAM,CAAS;IAEvB,YACU,SAA0B,EAC1B,aAA4B;QAD5B,cAAS,GAAT,SAAS,CAAiB;QAC1B,kBAAa,GAAb,aAAa,CAAe;QAEpC,IAAI,CAAC,MAAM,GAAG,eAAM,CAAC;IACvB,CAAC;IAgBD,KAAK,CAAC,QAAQ,CAAC,OAA6B;QAE1C,MAAM,GAAG,GAAG,IAAA,SAAM,GAAE,CAAC;QAGrB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAG,GAAG,GAAG,aAAa,CAAC;QAGhC,MAAM,OAAO,GAAiB;YAC5B,GAAG;YACH,GAAG,EAAE,eAAe;YACpB,GAAG,EAAE,QAAQ;YACb,GAAG;YACH,GAAG;YACH,OAAO,EAAE,eAAe;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC;QAGF,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE;YAC1C,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QAGH,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAErD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YACpB,GAAG;YACH,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,OAAO,CAAC,OAAO;YACzB,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SAC1E,CAAC,CAAC;QAGH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE;YACtC,GAAG;YACH,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,SAAS;YACT,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAuBD,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC1B,IAAI,OAAqB,CAAC;QAE1B,IAAI,CAAC;YAEH,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACpD,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;gBACrC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAiB,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAG,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACrD,MAAM,IAAI,0BAAiB,EAAE,CAAC;YAChC,CAAC;YACD,IAAI,KAAK,YAAY,sBAAG,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;oBAC7D,KAAK,EAAE,KAAK,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,IAAI,8BAAqB,EAAE,CAAC;YACpC,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE;gBAC1D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAChE,CAAC,CAAC;YACH,MAAM,IAAI,0BAAiB,CAAC,yBAAyB,CAAC,CAAC;QACzD,CAAC;QAGD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/E,MAAM,IAAI,0BAAiB,EAAE,CAAC;QAChC,CAAC;QAGD,IAAI,OAAO,CAAC,GAAG,KAAK,eAAe,EAAE,CAAC;YACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;gBAC1D,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;aACjB,CAAC,CAAC;YACH,MAAM,IAAI,0BAAiB,CAAC,sBAAsB,CAAC,CAAC;QACtD,CAAC;QAGD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE;gBACjE,GAAG,EAAE,OAAO,CAAC,GAAG;aACjB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAkB,EAAE,CAAC;QACjC,CAAC;QAGD,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACnD,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,SAAS,EAAE,WAAW,CAAC,UAAU;gBACjC,SAAS,EAAE,WAAW,CAAC,UAAU;gBACjC,aAAa,EAAE,WAAW,CAAC,cAAc;aAC1C,CAAC,CAAC;YACH,MAAM,IAAI,0BAAiB,EAAE,CAAC;QAChC,CAAC;QAGD,IAAI,WAAW,CAAC,QAAQ,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC/E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;gBAChE,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,SAAS,EAAE,WAAW,CAAC,UAAU;gBACjC,OAAO,EAAE,WAAW,CAAC,QAAQ;aAC9B,CAAC,CAAC;YACH,MAAM,IAAI,gCAAuB,EAAE,CAAC;QACtC,CAAC;QAGD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACxE,OAAO,OAAO,CAAC;IACjB,CAAC;IAgBD,KAAK,CAAC,MAAM,CAAC,GAAW,EAAE,SAAiB,EAAE,MAAc;QAEzD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YAChE,MAAM,IAAI,2BAAkB,EAAE,CAAC;QACjC,CAAC;QAGD,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;gBACxC,GAAG;gBACH,SAAS,EAAE,WAAW,CAAC,UAAU;gBACjC,SAAS,EAAE,WAAW,CAAC,UAAU;aAClC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAGD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAG9C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE;YAChC,GAAG;YACH,SAAS;YACT,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAeD,KAAK,CAAC,OAAO,CAAC,GAAW;QAEvB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YAClE,MAAM,IAAI,2BAAkB,EAAE,CAAC;QACjC,CAAC;QAGD,MAAM,aAAa,GACjB,WAAW,CAAC,QAAQ,KAAK,CAAC;YACxB,CAAC,CAAC,CAAC,CAAC;YACJ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;QAGjE,MAAM,IAAI,GAAc;YACtB,GAAG,EAAE,WAAW,CAAC,GAAG;YACpB,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,cAAc,EAAE,aAAa;YAC7B,OAAO,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU;YACjC,UAAU,EAAE,WAAW,CAAC,UAAU,IAAI,IAAI;YAC1C,cAAc,EAAE,WAAW,CAAC,cAAc,IAAI,IAAI;SACnD,CAAC;QAGF,OAAO,IAAI,CAAC;IACd,CAAC;IAWD,KAAK,CAAC,cAAc,CAAC,GAAW;QAE9B,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAGnC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IACxD,CAAC;IAYD,KAAK,CAAC,OAAO;QAEX,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAGxC,MAAM,aAAa,GAAgB,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YACtD,MAAM,aAAa,GACjB,KAAK,CAAC,QAAQ,KAAK,CAAC;gBAClB,CAAC,CAAC,CAAC,CAAC;gBACJ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;YAErD,OAAO;gBACL,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,cAAc,EAAE,aAAa;gBAC7B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU;gBAC3B,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;gBACpC,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,IAAI;aAC7C,CAAC;QACJ,CAAC,CAAC,CAAC;QAGH,OAAO,aAAa,CAAC;IACvB,CAAC;IAsBO,WAAW,CAAC,SAAiB;QACnC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACjD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,0BAA0B,SAAS,sDAAsD,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,MAAM,WAAW,GAA2B;YAC1C,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,EAAE;YACL,CAAC,EAAE,IAAI;YACP,CAAC,EAAE,KAAK;SACT,CAAC;QAEF,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,GAAG,UAAU,CAAC;QAEnC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3D,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAzWD,oCAyWC"}

package/dist/services/config/config.service.d.ts

@@ -0,0 +1,6 @@
+import { AppConfig } from '../../types/config.types';
+export declare function loadConfig(): Promise<AppConfig>;
+export declare class ConfigService {
+    getConfig(): unknown;
+}
+//# sourceMappingURL=config.service.d.ts.map

package/dist/services/config/config.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.service.d.ts","sourceRoot":"","sources":["../../../src/services/config/config.service.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAOrD,wBAAsB,UAAU,IAAI,OAAO,CAAC,SAAS,CAAC,CAuDrD;AAED,qBAAa,aAAa;IACxB,SAAS,IAAI,OAAO;CAGrB"}

package/dist/services/config/config.service.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigService = void 0;
+exports.loadConfig = loadConfig;
+const config_schema_1 = require("../../config/config.schema");
+async function loadConfig() {
+    const rawConfig = {
+        server: {
+            port: process.env['PORT'] || 8443,
+            nodeEnv: process.env['NODE_ENV'] || 'production',
+        },
+        infoEndpoints: {
+            tokenInfoEnabled: process.env['TOKEN_INFO_ENABLED'],
+            providersInfoEnabled: process.env['PROVIDERS_INFO_ENABLED'],
+        },
+        jwt: {
+            privateKeyPath: process.env['JWT_PRIVATE_KEY_PATH'] || './keys/private.pem',
+            publicKeyPath: process.env['JWT_PUBLIC_KEY_PATH'] || './keys/public.pem',
+            tokenExpiry: process.env['TOKEN_EXPIRY'] || '1h',
+            tokenMaxUses: process.env['TOKEN_MAX_USES'] || 10,
+        },
+        ldap: {
+            url: process.env['LDAP_URL'] || '',
+            bindDN: process.env['LDAP_BIND_DN'] || '',
+            bindPassword: process.env['LDAP_BIND_PASSWORD'] || '',
+            baseDN: process.env['LDAP_BASE_DN'] || '',
+            tlsVerify: process.env['LDAP_TLS_VERIFY'] !== 'false',
+            caCertPath: process.env['LDAP_CA_CERT_PATH'],
+            timeout: process.env['LDAP_TIMEOUT'] || 30000,
+            skipHostnameVerification: process.env['LDAP_SKIP_HOSTNAME_VERIFICATION'],
+            tlsServername: process.env['LDAP_TLS_SERVERNAME'],
+        },
+        azure: {
+            enabled: process.env['AZURE_ENABLED'],
+            tenantId: process.env['AZURE_TENANT_ID'],
+            clientId: process.env['AZURE_CLIENT_ID'],
+            clientSecret: process.env['AZURE_CLIENT_SECRET'],
+        },
+        smb: {
+            enabled: process.env['SMB_ENABLED'],
+            username: process.env['SMB_USERNAME'],
+            password: process.env['SMB_PASSWORD'],
+            timeout: process.env['SMB_TIMEOUT'] || 10000,
+        },
+        logging: {
+            level: process.env['LOG_LEVEL'] || 'info',
+            format: process.env['LOG_FORMAT'] || 'json',
+        },
+        database: {
+            path: process.env['DATABASE_PATH'] || './data/etc-collector.db',
+            enableWAL: process.env['DATABASE_ENABLE_WAL'] !== 'false',
+            busyTimeout: process.env['DATABASE_BUSY_TIMEOUT'] || 5000,
+        },
+    };
+    const config = config_schema_1.ConfigSchema.parse(rawConfig);
+    return config;
+}
+class ConfigService {
+    getConfig() {
+        throw new Error('Config service not implemented yet');
+    }
+}
+exports.ConfigService = ConfigService;
+//# sourceMappingURL=config.service.js.map

package/dist/services/config/config.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.service.js","sourceRoot":"","sources":["../../../src/services/config/config.service.ts"],"names":[],"mappings":";;;AAaA,gCAuDC;AA/DD,8DAA0D;AAQnD,KAAK,UAAU,UAAU;IAE9B,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE;YACN,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI;YACjC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,YAAY;SACjD;QACD,aAAa,EAAE;YACb,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;YACnD,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;SAC5D;QACD,GAAG,EAAE;YACH,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,oBAAoB;YAC3E,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,mBAAmB;YACxE,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,IAAI;YAChD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE;SAClD;QACD,IAAI,EAAE;YACJ,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;YAClC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE;YACzC,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,EAAE;YACrD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE;YACzC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,OAAO;YACrD,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;YAC5C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,KAAK;YAC7C,wBAAwB,EAAE,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC;YACxE,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;SAClD;QACD,KAAK,EAAE;YACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;YACxC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;YACxC,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;SACjD;QACD,GAAG,EAAE;YACH,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;YACnC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;YACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;YACrC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,KAAK;SAC7C;QACD,OAAO,EAAE;YACP,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,MAAM;YACzC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,MAAM;SAC5C;QACD,QAAQ,EAAE;YACR,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,yBAAyB;YAC/D,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,KAAK,OAAO;YACzD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI;SAC1D;KACF,CAAC;IAGF,MAAM,MAAM,GAAG,4BAAY,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAE7C,OAAO,MAAmB,CAAC;AAC7B,CAAC;AAED,MAAa,aAAa;IACxB,SAAS;QACP,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;CACF;AAJD,sCAIC"}

package/dist/services/export/export.service.d.ts

@@ -0,0 +1,28 @@
+import { Finding } from '../../types/finding.types';
+import { SecurityScore } from '../audit/scoring.service';
+import { JSONExportOptions } from './formatters/json.formatter';
+import { CSVExportOptions } from './formatters/csv.formatter';
+export interface ExportAuditResult {
+    score: SecurityScore;
+    findings: Finding[];
+    stats: {
+        totalUsers?: number;
+        totalGroups?: number;
+        totalComputers?: number;
+        totalApps?: number;
+        totalPolicies?: number;
+        totalFindings: number;
+        executionTimeMs: number;
+    };
+    timestamp: Date;
+}
+export interface ExportResult {
+    content: string;
+    contentType: string;
+    contentDisposition: string;
+}
+export declare class ExportService {
+    exportToJSON(auditResult: ExportAuditResult, options: JSONExportOptions): ExportResult;
+    exportToCSV(auditResult: ExportAuditResult, provider: string, domain: string, options?: CSVExportOptions): ExportResult;
+}
+//# sourceMappingURL=export.service.d.ts.map

package/dist/services/export/export.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.service.d.ts","sourceRoot":"","sources":["../../../src/services/export/export.service.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAA2C,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACzG,OAAO,EAAyC,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAKrG,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE;QACL,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,SAAS,EAAE,IAAI,CAAC;CACjB;AAKD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAKD,qBAAa,aAAa;IAQxB,YAAY,CAAC,WAAW,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,GAAG,YAAY;IAwBtF,WAAW,CACT,WAAW,EAAE,iBAAiB,EAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,gBAAqB,GAC7B,YAAY;CAahB"}

package/dist/services/export/export.service.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExportService = void 0;
+const json_formatter_1 = require("./formatters/json.formatter");
+const csv_formatter_1 = require("./formatters/csv.formatter");
+class ExportService {
+    exportToJSON(auditResult, options) {
+        const content = (0, json_formatter_1.formatAsJSON)(auditResult.score, auditResult.findings, auditResult.stats, options);
+        const domain = options.domain || options.tenantId || 'unknown';
+        const contentDisposition = (0, json_formatter_1.getJSONContentDisposition)(options.provider, domain);
+        return {
+            content,
+            contentType: 'application/json; charset=utf-8',
+            contentDisposition,
+        };
+    }
+    exportToCSV(auditResult, provider, domain, options = {}) {
+        const content = (0, csv_formatter_1.formatAsCSV)(auditResult.findings, options);
+        const contentDisposition = (0, csv_formatter_1.getCSVContentDisposition)(provider, domain);
+        return {
+            content,
+            contentType: 'text/csv; charset=utf-8',
+            contentDisposition,
+        };
+    }
+}
+exports.ExportService = ExportService;
+//# sourceMappingURL=export.service.js.map

package/dist/services/export/export.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.service.js","sourceRoot":"","sources":["../../../src/services/export/export.service.ts"],"names":[],"mappings":";;;AAeA,gEAAyG;AACzG,8DAAqG;AAgCrG,MAAa,aAAa;IAQxB,YAAY,CAAC,WAA8B,EAAE,OAA0B;QAErE,MAAM,OAAO,GAAG,IAAA,6BAAY,EAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAGlG,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAC;QAC/D,MAAM,kBAAkB,GAAG,IAAA,0CAAyB,EAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/E,OAAO;YACL,OAAO;YACP,WAAW,EAAE,iCAAiC;YAC9C,kBAAkB;SACnB,CAAC;IACJ,CAAC;IAWD,WAAW,CACT,WAA8B,EAC9B,QAAgB,EAChB,MAAc,EACd,UAA4B,EAAE;QAG9B,MAAM,OAAO,GAAG,IAAA,2BAAW,EAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAG3D,MAAM,kBAAkB,GAAG,IAAA,wCAAwB,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEtE,OAAO;YACL,OAAO;YACP,WAAW,EAAE,yBAAyB;YACtC,kBAAkB;SACnB,CAAC;IACJ,CAAC;CACF;AAlDD,sCAkDC"}

package/dist/services/export/formatters/csv.formatter.d.ts

@@ -0,0 +1,8 @@
+import { Finding } from '../../../types/finding.types';
+export interface CSVExportOptions {
+    includeAffectedEntities?: boolean;
+    delimiter?: string;
+}
+export declare function formatAsCSV(findings: Finding[], options?: CSVExportOptions): string;
+export declare function getCSVContentDisposition(provider: string, domain: string): string;
+//# sourceMappingURL=csv.formatter.d.ts.map

package/dist/services/export/formatters/csv.formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csv.formatter.d.ts","sourceRoot":"","sources":["../../../../src/services/export/formatters/csv.formatter.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AAKvD,MAAM,WAAW,gBAAgB;IAI/B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAKlC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAqCD,wBAAgB,WAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,OAAO,GAAE,gBAAqB,GAAG,MAAM,CAmCvF;AAYD,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAMjF"}

package/dist/services/export/formatters/csv.formatter.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatAsCSV = formatAsCSV;
+exports.getCSVContentDisposition = getCSVContentDisposition;
+function escapeCSVValue(value, delimiter) {
+    if (!value)
+        return '';
+    const needsEscaping = value.includes(delimiter) || value.includes('"') || value.includes('\n') || value.includes('\r');
+    if (!needsEscaping) {
+        return value;
+    }
+    const escaped = value.replace(/"/g, '""');
+    return `"${escaped}"`;
+}
+function formatAsCSV(findings, options = {}) {
+    const { includeAffectedEntities = false, delimiter = ',' } = options;
+    const headers = ['Category', 'Type', 'Severity', 'Count', 'Title', 'Description'];
+    if (includeAffectedEntities) {
+        headers.push('Affected Objects');
+    }
+    const rows = [headers.join(delimiter)];
+    findings.forEach((finding) => {
+        const row = [
+            escapeCSVValue(finding.category, delimiter),
+            escapeCSVValue(finding.type, delimiter),
+            escapeCSVValue(finding.severity, delimiter),
+            String(finding.count),
+            escapeCSVValue(finding.title, delimiter),
+            escapeCSVValue(finding.description, delimiter),
+        ];
+        if (includeAffectedEntities) {
+            const affectedObjects = finding.affectedEntities?.join('; ') || '';
+            row.push(escapeCSVValue(affectedObjects, delimiter));
+        }
+        rows.push(row.join(delimiter));
+    });
+    const csvContent = rows.join('\n');
+    return '\uFEFF' + csvContent;
+}
+function getCSVContentDisposition(provider, domain) {
+    const timestamp = new Date().toISOString().replace(/:/g, '-').replace(/\..+/, 'Z');
+    const sanitizedDomain = domain.replace(/[^a-zA-Z0-9-_]/g, '-');
+    const filename = `audit-${provider}-${sanitizedDomain}-${timestamp}.csv`;
+    return `attachment; filename="${filename}"`;
+}
+//# sourceMappingURL=csv.formatter.js.map

package/dist/services/export/formatters/csv.formatter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csv.formatter.js","sourceRoot":"","sources":["../../../../src/services/export/formatters/csv.formatter.ts"],"names":[],"mappings":";;AAsEA,kCAmCC;AAYD,4DAMC;AA7ED,SAAS,cAAc,CAAC,KAAa,EAAE,SAAiB;IACtD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAGtB,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEvH,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IAGD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG1C,OAAO,IAAI,OAAO,GAAG,CAAC;AACxB,CAAC;AASD,SAAgB,WAAW,CAAC,QAAmB,EAAE,UAA4B,EAAE;IAC7E,MAAM,EAAE,uBAAuB,GAAG,KAAK,EAAE,SAAS,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAGrE,MAAM,OAAO,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;IAClF,IAAI,uBAAuB,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,IAAI,GAAa,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAGjD,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,MAAM,GAAG,GAAG;YACV,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC3C,cAAc,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC;YACvC,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC3C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;YACrB,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC;YACxC,cAAc,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,CAAC;SAC/C,CAAC;QAEF,IAAI,uBAAuB,EAAE,CAAC;YAC5B,MAAM,eAAe,GAAG,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACnE,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAInC,OAAO,QAAQ,GAAG,UAAU,CAAC;AAC/B,CAAC;AAYD,SAAgB,wBAAwB,CAAC,QAAgB,EAAE,MAAc;IACvE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACnF,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,QAAQ,IAAI,eAAe,IAAI,SAAS,MAAM,CAAC;IAEzE,OAAO,yBAAyB,QAAQ,GAAG,CAAC;AAC9C,CAAC"}

package/dist/services/export/formatters/json.formatter.d.ts

@@ -0,0 +1,40 @@
+import { Finding } from '../../../types/finding.types';
+import { SecurityScore } from '../../audit/scoring.service';
+export interface JSONExportResult {
+    metadata: {
+        timestamp: string;
+        provider: 'ad' | 'azure';
+        domain?: string;
+        tenantId?: string;
+        executionTimeMs: number;
+        version: string;
+    };
+    summary: {
+        score: SecurityScore;
+        totalFindings: number;
+        severityBreakdown: {
+            critical: number;
+            high: number;
+            medium: number;
+            low: number;
+        };
+        categoryBreakdown: Record<string, number>;
+    };
+    findings: Finding[];
+    stats: {
+        totalUsers?: number;
+        totalGroups?: number;
+        totalComputers?: number;
+        totalApps?: number;
+        totalPolicies?: number;
+    };
+}
+export interface JSONExportOptions {
+    provider: 'ad' | 'azure';
+    domain?: string;
+    tenantId?: string;
+    includeDetails?: boolean;
+}
+export declare function formatAsJSON(score: SecurityScore, findings: Finding[], stats: Record<string, number>, options: JSONExportOptions): string;
+export declare function getJSONContentDisposition(provider: string, domain: string): string;
+//# sourceMappingURL=json.formatter.d.ts.map

package/dist/services/export/formatters/json.formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.formatter.d.ts","sourceRoot":"","sources":["../../../../src/services/export/formatters/json.formatter.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAK5D,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,IAAI,GAAG,OAAO,CAAC;QACzB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,OAAO,EAAE;QACP,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;QACtB,iBAAiB,EAAE;YACjB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;QACF,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,CAAC;IACF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE;QACL,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAKD,MAAM,WAAW,iBAAiB;IAIhC,QAAQ,EAAE,IAAI,GAAG,OAAO,CAAC;IAKzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAKhB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAKlB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAWD,wBAAgB,YAAY,CAC1B,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,OAAO,EAAE,EACnB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC7B,OAAO,EAAE,iBAAiB,GACzB,MAAM,CAqDR;AAYD,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAMlF"}

package/dist/services/export/formatters/json.formatter.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatAsJSON = formatAsJSON;
+exports.getJSONContentDisposition = getJSONContentDisposition;
+function formatAsJSON(score, findings, stats, options) {
+    const timestamp = new Date().toISOString();
+    const severityBreakdown = {
+        critical: findings.filter((f) => f.severity === 'critical').reduce((sum, f) => sum + f.count, 0),
+        high: findings.filter((f) => f.severity === 'high').reduce((sum, f) => sum + f.count, 0),
+        medium: findings.filter((f) => f.severity === 'medium').reduce((sum, f) => sum + f.count, 0),
+        low: findings.filter((f) => f.severity === 'low').reduce((sum, f) => sum + f.count, 0),
+    };
+    const categoryBreakdown = {};
+    findings.forEach((finding) => {
+        const category = finding.category;
+        if (!categoryBreakdown[category]) {
+            categoryBreakdown[category] = 0;
+        }
+        categoryBreakdown[category] += finding.count;
+    });
+    const result = {
+        metadata: {
+            timestamp,
+            provider: options.provider,
+            domain: options.domain,
+            tenantId: options.tenantId,
+            executionTimeMs: stats['executionTimeMs'] || 0,
+            version: '1.1.9',
+        },
+        summary: {
+            score,
+            totalFindings: findings.reduce((sum, f) => sum + f.count, 0),
+            severityBreakdown,
+            categoryBreakdown,
+        },
+        findings: options.includeDetails
+            ? findings
+            : findings.map((f) => {
+                const { affectedEntities: _affectedEntities, ...rest } = f;
+                return rest;
+            }),
+        stats: {
+            totalUsers: stats['totalUsers'],
+            totalGroups: stats['totalGroups'],
+            totalComputers: stats['totalComputers'],
+            totalApps: stats['totalApps'],
+            totalPolicies: stats['totalPolicies'],
+        },
+    };
+    return JSON.stringify(result, null, 2);
+}
+function getJSONContentDisposition(provider, domain) {
+    const timestamp = new Date().toISOString().replace(/:/g, '-').replace(/\..+/, 'Z');
+    const sanitizedDomain = domain.replace(/[^a-zA-Z0-9-_]/g, '-');
+    const filename = `audit-${provider}-${sanitizedDomain}-${timestamp}.json`;
+    return `attachment; filename="${filename}"`;
+}
+//# sourceMappingURL=json.formatter.js.map

package/dist/services/export/formatters/json.formatter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.formatter.js","sourceRoot":"","sources":["../../../../src/services/export/formatters/json.formatter.ts"],"names":[],"mappings":";;AAmFA,oCA0DC;AAYD,8DAMC;AA5ED,SAAgB,YAAY,CAC1B,KAAoB,EACpB,QAAmB,EACnB,KAA6B,EAC7B,OAA0B;IAE1B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAG3C,MAAM,iBAAiB,GAAG;QACxB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAChG,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACxF,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAC5F,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;KACvF,CAAC;IAGF,MAAM,iBAAiB,GAA2B,EAAE,CAAC;IACrD,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QACD,iBAAiB,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC;IAC/C,CAAC,CAAC,CAAC;IAGH,MAAM,MAAM,GAAqB;QAC/B,QAAQ,EAAE;YACR,SAAS;YACT,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,eAAe,EAAE,KAAK,CAAC,iBAAiB,CAAC,IAAI,CAAC;YAC9C,OAAO,EAAE,OAAO;SACjB;QACD,OAAO,EAAE;YACP,KAAK;YACL,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC5D,iBAAiB;YACjB,iBAAiB;SAClB;QACD,QAAQ,EAAE,OAAO,CAAC,cAAc;YAC9B,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACjB,MAAM,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC,CAAC;QACN,KAAK,EAAE;YACL,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC;YAC/B,WAAW,EAAE,KAAK,CAAC,aAAa,CAAC;YACjC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;YACvC,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC;YAC7B,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC;SACtC;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAYD,SAAgB,yBAAyB,CAAC,QAAgB,EAAE,MAAc;IACxE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACnF,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,QAAQ,IAAI,eAAe,IAAI,SAAS,OAAO,CAAC;IAE1E,OAAO,yBAAyB,QAAQ,GAAG,CAAC;AAC9C,CAAC"}

package/dist/services/jobs/azure-job-runner.d.ts

@@ -0,0 +1,38 @@
+import { GraphProvider } from '../../providers/azure/graph.provider';
+import { Finding } from '../../types/finding.types';
+import { SecurityScore } from '../audit/scoring.service';
+import { Job } from './job.types';
+export interface AzureJobRunnerOptions {
+    includeDetails?: boolean;
+    maxUsers?: number;
+    maxGroups?: number;
+    maxApps?: number;
+}
+export interface AzureAuditResult {
+    score: SecurityScore;
+    findings: Finding[];
+    stats: {
+        totalUsers: number;
+        enabledUsers: number;
+        disabledUsers: number;
+        totalGroups: number;
+        totalApps: number;
+        totalPolicies: number;
+        totalFindings: number;
+        executionTimeMs: number;
+    };
+    timestamp: Date;
+}
+export declare class AzureJobRunner {
+    private jobStore;
+    private graphProvider;
+    constructor(graphProvider: GraphProvider);
+    startAudit(options?: AzureJobRunnerOptions): Job;
+    private runAuditAsync;
+    private fetchUsers;
+    private fetchGroups;
+    private fetchApplications;
+    private fetchPolicies;
+    private fetchRoleAssignments;
+}
+//# sourceMappingURL=azure-job-runner.d.ts.map

package/dist/services/jobs/azure-job-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-job-runner.d.ts","sourceRoot":"","sources":["../../../src/services/jobs/azure-job-runner.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAA0B,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAGjF,OAAO,EAAE,GAAG,EAAW,MAAM,aAAa,CAAC;AAW3C,MAAM,WAAW,qBAAqB;IACpC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAKD,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,SAAS,EAAE,IAAI,CAAC;CACjB;AAKD,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,aAAa,CAAgB;gBAEzB,aAAa,EAAE,aAAa;IASxC,UAAU,CAAC,OAAO,GAAE,qBAA0B,GAAG,GAAG;YAiBtC,aAAa;YAgHb,UAAU;YA8CV,WAAW;YAiBX,iBAAiB;YA0BjB,aAAa;YAYb,oBAAoB;CAenC"}