npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/src/services/export/formatters/csv.formatter.ts ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * CSV Formatter
+ *
+ * Formats audit results as CSV for export.
+ * Story 1.9: Export Service
+ *
+ * CSV structure (flat table):
+ * - Category
+ * - Type
+ * - Severity
+ * - Count
+ * - Title
+ * - Description
+ * - Affected Objects (optional)
+ *
+ * Excel-compatible: UTF-8 with BOM (Byte Order Mark)
+ */
+import { Finding } from '../../../types/finding.types';
+/**
+ * Export options for CSV formatter
+ */
+export interface CSVExportOptions {
+  /**
+   * Include affected entities column (default: false)
+   */
+  includeAffectedEntities?: boolean;
+  /**
+   * Column delimiter (default: ',')
+   */
+  delimiter?: string;
+}
+/**
+ * Escape CSV value
+ *
+ * Rules:
+ * - If value contains delimiter, double quote, or newline: wrap in double quotes
+ * - Escape internal double quotes by doubling them (" -> "")
+ *
+ * @param value Value to escape
+ * @param delimiter Column delimiter
+ * @returns Escaped value
+ */
+function escapeCSVValue(value: string, delimiter: string): string {
+  if (!value) return '';
+  // Check if escaping is needed
+  const needsEscaping = value.includes(delimiter) || value.includes('"') || value.includes('\n') || value.includes('\r');
+  if (!needsEscaping) {
+    return value;
+  }
+  // Escape internal double quotes by doubling them
+  const escaped = value.replace(/"/g, '""');
+  // Wrap in double quotes
+  return `"${escaped}"`;
+}
+/**
+ * Format audit findings as CSV
+ *
+ * @param findings Vulnerability findings
+ * @param options Export options
+ * @returns CSV string with UTF-8 BOM
+ */
+export function formatAsCSV(findings: Finding[], options: CSVExportOptions = {}): string {
+  const { includeAffectedEntities = false, delimiter = ',' } = options;
+  // Build CSV header
+  const headers = ['Category', 'Type', 'Severity', 'Count', 'Title', 'Description'];
+  if (includeAffectedEntities) {
+    headers.push('Affected Objects');
+  }
+  const rows: string[] = [headers.join(delimiter)];
+  // Build CSV rows
+  findings.forEach((finding) => {
+    const row = [
+      escapeCSVValue(finding.category, delimiter),
+      escapeCSVValue(finding.type, delimiter),
+      escapeCSVValue(finding.severity, delimiter),
+      String(finding.count),
+      escapeCSVValue(finding.title, delimiter),
+      escapeCSVValue(finding.description, delimiter),
+    ];
+    if (includeAffectedEntities) {
+      const affectedObjects = finding.affectedEntities?.join('; ') || '';
+      row.push(escapeCSVValue(affectedObjects, delimiter));
+    }
+    rows.push(row.join(delimiter));
+  });
+  const csvContent = rows.join('\n');
+  // Add UTF-8 BOM for Excel compatibility
+  // BOM: \uFEFF (EF BB BF in UTF-8)
+  return '\uFEFF' + csvContent;
+}
+/**
+ * Generate Content-Disposition header value for CSV export
+ *
+ * Format: `attachment; filename="audit-{provider}-{domain}-{timestamp}.csv"`
+ * Example: `attachment; filename="audit-ad-EXAMPLE-2026-01-12T10-30-00Z.csv"`
+ *
+ * @param provider Provider type (ad or azure)
+ * @param domain Domain name or tenant ID
+ * @returns Content-Disposition header value
+ */
+export function getCSVContentDisposition(provider: string, domain: string): string {
+  const timestamp = new Date().toISOString().replace(/:/g, '-').replace(/\..+/, 'Z');
+  const sanitizedDomain = domain.replace(/[^a-zA-Z0-9-_]/g, '-');
+  const filename = `audit-${provider}-${sanitizedDomain}-${timestamp}.csv`;
+  return `attachment; filename="${filename}"`;
+}

package/src/services/export/formatters/json.formatter.ts ADDED Viewed

@@ -0,0 +1,160 @@
+/**
+ * JSON Formatter
+ *
+ * Formats audit results as JSON for export.
+ * Story 1.9: Export Service
+ *
+ * Output structure:
+ * - metadata: timestamp, provider, domain, duration, version
+ * - summary: score, total findings, breakdown by severity and category
+ * - findings: detailed vulnerability list
+ * - stats: entity counts, execution time
+ */
+import { Finding } from '../../../types/finding.types';
+import { SecurityScore } from '../../audit/scoring.service';
+/**
+ * JSON export result structure
+ */
+export interface JSONExportResult {
+  metadata: {
+    timestamp: string;
+    provider: 'ad' | 'azure';
+    domain?: string;
+    tenantId?: string;
+    executionTimeMs: number;
+    version: string;
+  };
+  summary: {
+    score: SecurityScore;
+    totalFindings: number;
+    severityBreakdown: {
+      critical: number;
+      high: number;
+      medium: number;
+      low: number;
+    };
+    categoryBreakdown: Record<string, number>;
+  };
+  findings: Finding[];
+  stats: {
+    totalUsers?: number;
+    totalGroups?: number;
+    totalComputers?: number;
+    totalApps?: number;
+    totalPolicies?: number;
+  };
+}
+/**
+ * Export options for JSON formatter
+ */
+export interface JSONExportOptions {
+  /**
+   * Provider type (ad or azure)
+   */
+  provider: 'ad' | 'azure';
+  /**
+   * Domain name for AD or Tenant ID for Azure
+   */
+  domain?: string;
+  /**
+   * Tenant ID for Azure exports
+   */
+  tenantId?: string;
+  /**
+   * Include detailed entities in findings (default: false)
+   */
+  includeDetails?: boolean;
+}
+/**
+ * Format audit results as JSON
+ *
+ * @param score Security score
+ * @param findings Vulnerability findings
+ * @param stats Statistics (entity counts, execution time)
+ * @param options Export options
+ * @returns JSON string
+ */
+export function formatAsJSON(
+  score: SecurityScore,
+  findings: Finding[],
+  stats: Record<string, number>,
+  options: JSONExportOptions
+): string {
+  const timestamp = new Date().toISOString();
+  // Calculate severity breakdown
+  const severityBreakdown = {
+    critical: findings.filter((f) => f.severity === 'critical').reduce((sum, f) => sum + f.count, 0),
+    high: findings.filter((f) => f.severity === 'high').reduce((sum, f) => sum + f.count, 0),
+    medium: findings.filter((f) => f.severity === 'medium').reduce((sum, f) => sum + f.count, 0),
+    low: findings.filter((f) => f.severity === 'low').reduce((sum, f) => sum + f.count, 0),
+  };
+  // Calculate category breakdown
+  const categoryBreakdown: Record<string, number> = {};
+  findings.forEach((finding) => {
+    const category = finding.category;
+    if (!categoryBreakdown[category]) {
+      categoryBreakdown[category] = 0;
+    }
+    categoryBreakdown[category] += finding.count;
+  });
+  // Build export result
+  const result: JSONExportResult = {
+    metadata: {
+      timestamp,
+      provider: options.provider,
+      domain: options.domain,
+      tenantId: options.tenantId,
+      executionTimeMs: stats['executionTimeMs'] || 0,
+      version: '1.1.9',
+    },
+    summary: {
+      score,
+      totalFindings: findings.reduce((sum, f) => sum + f.count, 0),
+      severityBreakdown,
+      categoryBreakdown,
+    },
+    findings: options.includeDetails
+      ? findings
+      : findings.map((f) => {
+          const { affectedEntities: _affectedEntities, ...rest } = f;
+          return rest;
+        }),
+    stats: {
+      totalUsers: stats['totalUsers'],
+      totalGroups: stats['totalGroups'],
+      totalComputers: stats['totalComputers'],
+      totalApps: stats['totalApps'],
+      totalPolicies: stats['totalPolicies'],
+    },
+  };
+  return JSON.stringify(result, null, 2);
+}
+/**
+ * Generate Content-Disposition header value for JSON export
+ *
+ * Format: `attachment; filename="audit-{provider}-{domain}-{timestamp}.json"`
+ * Example: `attachment; filename="audit-ad-EXAMPLE-2026-01-12T10-30-00Z.json"`
+ *
+ * @param provider Provider type (ad or azure)
+ * @param domain Domain name or tenant ID
+ * @returns Content-Disposition header value
+ */
+export function getJSONContentDisposition(provider: string, domain: string): string {
+  const timestamp = new Date().toISOString().replace(/:/g, '-').replace(/\..+/, 'Z');
+  const sanitizedDomain = domain.replace(/[^a-zA-Z0-9-_]/g, '-');
+  const filename = `audit-${provider}-${sanitizedDomain}-${timestamp}.json`;
+  return `attachment; filename="${filename}"`;
+}

package/src/services/jobs/azure-job-runner.ts ADDED Viewed

@@ -0,0 +1,312 @@
+/**
+ * Azure Job Runner
+ *
+ * Executes Azure AD audits asynchronously with step-by-step progress tracking.
+ * Each step reports progress to JobStore for polling clients.
+ */
+import { GraphProvider } from '../../providers/azure/graph.provider';
+import { AzureUser, AzureGroup, AzureApp, AzurePolicy } from '../../types/azure.types';
+import { Finding } from '../../types/finding.types';
+import { calculateSecurityScore, SecurityScore } from '../audit/scoring.service';
+import { logger } from '../../utils/logger';
+import { JobStore } from './job-store';
+import { Job, JobType } from './job.types';
+// Import all Azure detectors
+import { detectUserSecurityVulnerabilities } from '../audit/detectors/azure/user-security.detector';
+import { detectAppSecurityVulnerabilities } from '../audit/detectors/azure/app-security.detector';
+import { detectConditionalAccessVulnerabilities } from '../audit/detectors/azure/conditional-access.detector';
+import { detectPrivilegeSecurityVulnerabilities } from '../audit/detectors/azure/privilege-security.detector';
+/**
+ * Audit options for Azure job runner
+ */
+export interface AzureJobRunnerOptions {
+  includeDetails?: boolean;
+  maxUsers?: number;
+  maxGroups?: number;
+  maxApps?: number;
+}
+/**
+ * Azure audit result
+ */
+export interface AzureAuditResult {
+  score: SecurityScore;
+  findings: Finding[];
+  stats: {
+    totalUsers: number;
+    enabledUsers: number;
+    disabledUsers: number;
+    totalGroups: number;
+    totalApps: number;
+    totalPolicies: number;
+    totalFindings: number;
+    executionTimeMs: number;
+  };
+  timestamp: Date;
+}
+/**
+ * Azure Job Runner - Executes Azure AD audits with progress tracking
+ */
+export class AzureJobRunner {
+  private jobStore: JobStore;
+  private graphProvider: GraphProvider;
+  constructor(graphProvider: GraphProvider) {
+    this.jobStore = JobStore.getInstance();
+    this.graphProvider = graphProvider;
+  }
+  /**
+   * Start an async Azure audit job
+   * Returns immediately with job ID, audit runs in background
+   */
+  startAudit(options: AzureJobRunnerOptions = {}): Job {
+    const job = this.jobStore.createJob({
+      type: 'azure-audit' as JobType,
+      options: options as Record<string, unknown>,
+    });
+    // Start audit in background (don't await)
+    this.runAuditAsync(job.job_id, options).catch((error) => {
+      logger.error('Async Azure audit failed', { job_id: job.job_id, error });
+    });
+    return job;
+  }
+  /**
+   * Run the audit asynchronously with step progress updates
+   */
+  private async runAuditAsync(jobId: string, options: AzureJobRunnerOptions): Promise<void> {
+    const startTime = Date.now();
+    const { includeDetails = false, maxUsers, maxGroups, maxApps } = options;
+    try {
+      // Mark job as running
+      this.jobStore.startJob(jobId);
+      // ===== STEP 1: AUTHENTICATING =====
+      this.jobStore.startStep(jobId, 'AUTHENTICATING', 'Authenticating with Microsoft Graph');
+      await this.graphProvider.authenticate();
+      this.jobStore.completeStep(jobId, 'AUTHENTICATING');
+      // ===== STEP 2: FETCHING_USERS =====
+      this.jobStore.startStep(jobId, 'FETCHING_USERS', 'Fetching users from Azure AD');
+      const users = await this.fetchUsers(maxUsers);
+      this.jobStore.completeStep(jobId, 'FETCHING_USERS', { count: users.length });
+      // ===== STEP 3: FETCHING_GROUPS =====
+      this.jobStore.startStep(jobId, 'FETCHING_GROUPS', 'Fetching groups from Azure AD');
+      const groups = await this.fetchGroups(maxGroups);
+      this.jobStore.completeStep(jobId, 'FETCHING_GROUPS', { count: groups.length });
+      // ===== STEP 4: FETCHING_APPS =====
+      this.jobStore.startStep(jobId, 'FETCHING_APPS', 'Fetching applications from Azure AD');
+      const apps = await this.fetchApplications(maxApps);
+      this.jobStore.completeStep(jobId, 'FETCHING_APPS', { count: apps.length });
+      // ===== STEP 5: FETCHING_POLICIES =====
+      this.jobStore.startStep(jobId, 'FETCHING_POLICIES', 'Fetching Conditional Access policies');
+      const policies = await this.fetchPolicies();
+      this.jobStore.completeStep(jobId, 'FETCHING_POLICIES', { count: policies.length });
+      // ===== STEP 6: FETCHING_ROLES =====
+      this.jobStore.startStep(jobId, 'FETCHING_ROLES', 'Fetching directory role assignments');
+      const roleMap = await this.fetchRoleAssignments(users);
+      this.jobStore.completeStep(jobId, 'FETCHING_ROLES', { count: roleMap.size });
+      // ===== STEP 7: DETECTING_USER_SECURITY =====
+      this.jobStore.startStep(jobId, 'DETECTING_USER_SECURITY', 'Analyzing user security vulnerabilities');
+      const userFindings = detectUserSecurityVulnerabilities(users, roleMap, includeDetails);
+      this.jobStore.completeStep(jobId, 'DETECTING_USER_SECURITY', { findings: userFindings.length });
+      // ===== STEP 8: DETECTING_PRIVILEGE_SECURITY =====
+      this.jobStore.startStep(jobId, 'DETECTING_PRIVILEGE_SECURITY', 'Analyzing privilege security vulnerabilities');
+      const privilegeFindings = detectPrivilegeSecurityVulnerabilities(users, groups, roleMap, includeDetails);
+      this.jobStore.completeStep(jobId, 'DETECTING_PRIVILEGE_SECURITY', { findings: privilegeFindings.length });
+      // ===== STEP 9: DETECTING_APP_SECURITY =====
+      this.jobStore.startStep(jobId, 'DETECTING_APP_SECURITY', 'Analyzing application security vulnerabilities');
+      const appFindings = detectAppSecurityVulnerabilities(apps, includeDetails);
+      this.jobStore.completeStep(jobId, 'DETECTING_APP_SECURITY', { findings: appFindings.length });
+      // ===== STEP 10: DETECTING_CONDITIONAL_ACCESS =====
+      this.jobStore.startStep(jobId, 'DETECTING_CONDITIONAL_ACCESS', 'Analyzing Conditional Access vulnerabilities');
+      const caFindings = detectConditionalAccessVulnerabilities(policies, includeDetails);
+      this.jobStore.completeStep(jobId, 'DETECTING_CONDITIONAL_ACCESS', { findings: caFindings.length });
+      // Aggregate all findings
+      const findings: Finding[] = [
+        ...userFindings,
+        ...privilegeFindings,
+        ...appFindings,
+        ...caFindings,
+      ];
+      // ===== STEP 11: CALCULATING_SCORE =====
+      this.jobStore.startStep(jobId, 'CALCULATING_SCORE', 'Calculating security score');
+      const score = calculateSecurityScore(findings, users.length);
+      this.jobStore.completeStep(jobId, 'CALCULATING_SCORE');
+      // ===== STEP 12: FORMATTING =====
+      this.jobStore.startStep(jobId, 'FORMATTING', 'Formatting audit response');
+      const executionTimeMs = Date.now() - startTime;
+      // Calculate enabled/disabled user counts
+      const disabledUsers = users.filter((u) => !u.accountEnabled).length;
+      const enabledUsers = users.length - disabledUsers;
+      const result: AzureAuditResult = {
+        score,
+        findings,
+        stats: {
+          totalUsers: users.length,
+          enabledUsers,
+          disabledUsers,
+          totalGroups: groups.length,
+          totalApps: apps.length,
+          totalPolicies: policies.length,
+          totalFindings: findings.length,
+          executionTimeMs,
+        },
+        timestamp: new Date(),
+      };
+      this.jobStore.completeStep(jobId, 'FORMATTING');
+      // Complete job with result
+      this.jobStore.completeJob(jobId, result);
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+      logger.error('Azure audit job failed', { jobId, error: errorMessage });
+      this.jobStore.failJob(jobId, {
+        code: 'AZURE_AUDIT_FAILED',
+        message: errorMessage,
+        step: this.jobStore.getJob(jobId)?.current_step || 'AUTHENTICATING',
+      });
+    }
+  }
+  /**
+   * Fetch users from Azure AD with all attributes for enriched entities
+   */
+  private async fetchUsers(maxUsers?: number): Promise<AzureUser[]> {
+    try {
+      const options = {
+        select: [
+          // Identity
+          'id',
+          'userPrincipalName',
+          'displayName',
+          'mail',
+          'givenName',
+          'surname',
+          // Organization
+          'jobTitle',
+          'department',
+          'companyName',
+          'manager',
+          'officeLocation',
+          'employeeId',
+          // Dates
+          'createdDateTime',
+          'lastSignInDateTime',
+          'lastPasswordChangeDateTime',
+          // Security
+          'accountEnabled',
+          'userType',
+          'riskLevel',
+          'riskState',
+          'isMfaRegistered',
+          'strongAuthenticationMethods',
+          'assignedLicenses',
+          'passwordPolicies',
+        ],
+        expand: ['manager($select=id,displayName)'],
+        top: maxUsers,
+      };
+      return await this.graphProvider.getUsers(options);
+    } catch (error) {
+      logger.error('Failed to fetch users:', error);
+      return [];
+    }
+  }
+  /**
+   * Fetch groups from Azure AD
+   */
+  private async fetchGroups(maxGroups?: number): Promise<AzureGroup[]> {
+    try {
+      const options = {
+        select: ['id', 'displayName', 'mailEnabled', 'securityEnabled', 'groupTypes', 'membershipRule'],
+        top: maxGroups,
+      };
+      return await this.graphProvider.getGroups(options);
+    } catch (error) {
+      logger.error('Failed to fetch groups:', error);
+      return [];
+    }
+  }
+  /**
+   * Fetch applications from Azure AD
+   */
+  private async fetchApplications(maxApps?: number): Promise<AzureApp[]> {
+    try {
+      const options = {
+        select: [
+          'id',
+          'appId',
+          'displayName',
+          'createdDateTime',
+          'signInAudience',
+          'requiredResourceAccess',
+          'passwordCredentials',
+          'keyCredentials',
+        ],
+        top: maxApps,
+      };
+      return await this.graphProvider.getApplications(options);
+    } catch (error) {
+      logger.error('Failed to fetch applications:', error);
+      return [];
+    }
+  }
+  /**
+   * Fetch Conditional Access policies from Azure AD
+   */
+  private async fetchPolicies(): Promise<AzurePolicy[]> {
+    try {
+      return await this.graphProvider.getPolicies();
+    } catch (error) {
+      logger.error('Failed to fetch policies:', error);
+      return [];
+    }
+  }
+  /**
+   * Fetch role assignments and build a map of userId -> roleIds
+   */
+  private async fetchRoleAssignments(_users: AzureUser[]): Promise<Map<string, string[]>> {
+    const roleMap = new Map<string, string[]>();
+    try {
+      // Note: In a real implementation, we would fetch directory roles and their members
+      // This would be implemented by calling:
+      // - GET /directoryRoles (to get all roles)
+      // - GET /directoryRoles/{roleId}/members (to get members of each role)
+      logger.warn('Role assignment fetching not yet fully implemented - role-based detectors will be limited');
+      return roleMap;
+    } catch (error) {
+      logger.warn('Failed to fetch role assignments:', error);
+      return roleMap;
+    }
+  }
+}

package/src/services/jobs/index.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Jobs Module
+ *
+ * Exports for async job management
+ */
+export * from './job.types';
+export * from './job-store';
+export * from './job-runner';