npm - @j-schreiber/sf-cli-security-audit - Versions diffs - 0.11.0 → 0.11.2 - Mend

@j-schreiber/sf-cli-security-audit 0.11.0 → 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (276) hide show

package/lib/libs/audit-engine/index.d.ts ADDED Viewed

@@ -0,0 +1,121 @@
+import FileManager from './file-manager/fileManager.js';
+export { default as AuditRun, startAuditRun } from './auditRun.js';
+export { AuditConfigShape } from './registry/shape/auditConfigShape.js';
+export { PermissionRiskLevel, UserPrivilegeLevel } from './registry/shape/schema.js';
+export { default as RuleRegistry } from './registry/ruleRegistry.js';
+export type { AuditRunConfig, Policies, Classifications } from './registry/shape/auditConfigShape.js';
+export type { PolicyConfig } from './registry/shape/schema.js';
+export type { EntityResolveEvent } from './auditRun.js';
+export type { AuditResult } from './registry/result.types.js';
+export declare const ConfigFileManager: FileManager<{
+    classifications: {
+        userPermissions: {
+            schema: import("zod").ZodObject<{
+                permissions: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    label: import("zod").ZodOptional<import("zod").ZodString>;
+                    reason: import("zod").ZodOptional<import("zod").ZodString>;
+                    classification: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        customPermissions: {
+            schema: import("zod").ZodObject<{
+                permissions: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    label: import("zod").ZodOptional<import("zod").ZodString>;
+                    reason: import("zod").ZodOptional<import("zod").ZodString>;
+                    classification: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        profiles: {
+            schema: import("zod").ZodObject<{
+                profiles: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    role: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").UserPrivilegeLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        permissionSets: {
+            schema: import("zod").ZodObject<{
+                permissionSets: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    role: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").UserPrivilegeLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        users: {
+            schema: import("zod").ZodObject<{
+                users: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    role: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").UserPrivilegeLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+    };
+    policies: {
+        profiles: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+            dependencies: {
+                path: string[];
+                errorName: string;
+            }[];
+        };
+        permissionSets: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+            dependencies: {
+                path: string[];
+                errorName: string;
+            }[];
+        };
+        connectedApps: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+        };
+        users: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodObject<{
+                    defaultRoleForMissingUsers: import("zod").ZodDefault<import("zod").ZodEnum<typeof import("./registry/shape/schema.js").UserPrivilegeLevel>>;
+                    analyseLastNDaysOfLoginHistory: import("zod").ZodOptional<import("zod").ZodNumber>;
+                }, import("zod/v4/core").$strict>;
+            }, import("zod/v4/core").$strip>;
+        };
+        settings: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+        };
+    };
+}>;
+export { PolicyDefinitions, loadPolicy } from './registry/definitions.js';

package/lib/libs/audit-engine/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+import FileManager from './file-manager/fileManager.js';
+import { AuditConfigShape } from './registry/shape/auditConfigShape.js';
+export { default as AuditRun, startAuditRun } from './auditRun.js';
+export { AuditConfigShape } from './registry/shape/auditConfigShape.js';
+export { PermissionRiskLevel, UserPrivilegeLevel } from './registry/shape/schema.js';
+export { default as RuleRegistry } from './registry/ruleRegistry.js';
+export const ConfigFileManager = new FileManager(AuditConfigShape);
+export { PolicyDefinitions, loadPolicy } from './registry/definitions.js';
+//# sourceMappingURL=index.js.map

package/lib/libs/audit-engine/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/index.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,+BAA+B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAExE,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrF,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAOrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,WAAW,CAAC,gBAAgB,CAAC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC"}

package/lib/libs/{core/registries/types.d.ts → audit-engine/registry/context.types.d.ts} RENAMED Viewed

@@ -1,14 +1,6 @@
 import { Connection } from '@salesforce/core';
-import { AuditPolicyResult, PolicyRuleExecutionResult } from '../result-types.js';
-import { Optional } from '../utils.js';
-export declare const RuleRegistries: {
-    connectedApps: import("./connectedApps.js").default;
-    profiles: import("./profiles.js").default;
-    permissionSets: import("./permissionSets.js").default;
-    users: import("./users.js").default;
-    settings: import("./settings.js").default;
-};
-export type Constructor<T, Args extends any[] = any[]> = new (...args: Args) => T;
+import { Optional } from '../../../utils.js';
+import { AuditPolicyResult, PolicyRuleExecutionResult } from './result.types.js';
 /**
  * A rule must only implement a subset of the rule result. All optional
  * properties are completed by the policy.
@@ -29,6 +21,10 @@ export type AuditContext = {
      */
     targetOrgConnection: Connection;
 };
+/**
+ * Run-time context of execution, that is directly resolved
+ * from the target org.
+ */
 export type RuleAuditContext<T> = AuditContext & {
     /**
      * Resolved entities from the policy. Can be permission sets,

package/lib/libs/audit-engine/registry/context.types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=context.types.js.map

package/lib/libs/audit-engine/registry/context.types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"context.types.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/context.types.ts"],"names":[],"mappings":""}

package/lib/libs/audit-engine/registry/definitions.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import ConnectedAppsPolicy from './policies/connectedApps.js';
+import PermissionSetsPolicy from './policies/permissionSets.js';
+import ProfilesPolicy from './policies/profiles.js';
+import SettingsPolicy from './policies/settings.js';
+import UsersPolicy from './policies/users.js';
+import { RuleHandlerMap, Constructor } from './ruleRegistry.js';
+import { AuditRunConfig, Policies } from './shape/auditConfigShape.js';
+import { PolicyConfig, UserPolicyConfig } from './shape/schema.js';
+type PolicyDefinition<T, C extends PolicyConfig = PolicyConfig> = {
+    handler: Constructor<T>;
+    rules?: RuleHandlerMap;
+    configType?: C;
+};
+type PolicyDefinitions = {
+    permissionSets: PolicyDefinition<PermissionSetsPolicy>;
+    profiles: PolicyDefinition<ProfilesPolicy>;
+    users: PolicyDefinition<UsersPolicy, UserPolicyConfig>;
+    connectedApps: PolicyDefinition<ConnectedAppsPolicy>;
+    settings: PolicyDefinition<SettingsPolicy>;
+};
+export declare const PolicyDefinitions: PolicyDefinitions;
+export declare function loadPolicy<P extends Policies>(policyName: P, config: AuditRunConfig): InstanceType<PolicyDefinitions[P]['handler']>;
+export {};

package/lib/libs/audit-engine/registry/definitions.js ADDED Viewed

@@ -0,0 +1,53 @@
+import ConnectedAppsPolicy from './policies/connectedApps.js';
+import PermissionSetsPolicy from './policies/permissionSets.js';
+import ProfilesPolicy from './policies/profiles.js';
+import SettingsPolicy from './policies/settings.js';
+import UsersPolicy from './policies/users.js';
+import RuleRegistry from './ruleRegistry.js';
+import AllUsedAppsUnderManagement from './rules/allUsedAppsUnderManagement.js';
+import EnforcePermissionPresets from './rules/enforcePermissionPresets.js';
+import EnforcePermissionsOnProfileLike from './rules/enforcePermissionsOnProfileLike.js';
+import EnforcePermissionsOnUser from './rules/enforcePermissionsOnUser.js';
+import NoInactiveUsers from './rules/noInactiveUsers.js';
+import NoOtherApexApiLogins from './rules/noOtherApexApiLogins.js';
+import NoUserCanSelfAuthorize from './rules/noUserCanSelfAuthorize.js';
+export const PolicyDefinitions = {
+    permissionSets: {
+        handler: PermissionSetsPolicy,
+        rules: {
+            EnforcePermissionClassifications: EnforcePermissionsOnProfileLike,
+        },
+    },
+    profiles: {
+        handler: ProfilesPolicy,
+        rules: {
+            EnforcePermissionClassifications: EnforcePermissionsOnProfileLike,
+        },
+    },
+    users: {
+        handler: UsersPolicy,
+        rules: {
+            NoOtherApexApiLogins,
+            NoInactiveUsers,
+            EnforcePermissionClassifications: EnforcePermissionsOnUser,
+            EnforcePermissionPresets,
+        },
+    },
+    connectedApps: {
+        handler: ConnectedAppsPolicy,
+        rules: {
+            AllUsedAppsUnderManagement,
+            NoUserCanSelfAuthorize,
+        },
+    },
+    settings: {
+        handler: SettingsPolicy,
+    },
+};
+export function loadPolicy(policyName, config) {
+    const def = PolicyDefinitions[policyName];
+    const policyConfig = config.policies[policyName];
+    const policy = new def.handler(policyConfig, config, new RuleRegistry(def.rules));
+    return policy;
+}
+//# sourceMappingURL=definitions.js.map

package/lib/libs/audit-engine/registry/definitions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,mBAAmB,MAAM,6BAA6B,CAAC;AAC9D,OAAO,oBAAoB,MAAM,8BAA8B,CAAC;AAChE,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,YAA6C,MAAM,mBAAmB,CAAC;AAC9E,OAAO,0BAA0B,MAAM,uCAAuC,CAAC;AAC/E,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,eAAe,MAAM,4BAA4B,CAAC;AACzD,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,sBAAsB,MAAM,mCAAmC,CAAC;AAkBvE,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,cAAc,EAAE;QACd,OAAO,EAAE,oBAAoB;QAC7B,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;SAClE;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;SAClE;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE,WAAW;QACpB,KAAK,EAAE;YACL,oBAAoB;YACpB,eAAe;YACf,gCAAgC,EAAE,wBAAwB;YAC1D,wBAAwB;SACzB;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE;YACL,0BAA0B;YAC1B,sBAAsB;SACvB;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;KACxB;CACF,CAAC;AAEF,MAAM,UAAU,UAAU,CACxB,UAAa,EACb,MAAsB;IAEtB,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAE/E,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/lib/libs/{core/registries → audit-engine/registry}/helpers/permissionsScanning.d.ts RENAMED Viewed

@@ -1,6 +1,7 @@
 import { Profile } from '@jsforce/jsforce-node/lib/api/metadata.js';
-import { AuditRunConfig } from '../../file-mgmt/schema.js';
-import { PolicyRuleViolation, RuleComponentMessage } from '../../result-types.js';
+import { PolicyRuleViolation, RuleComponentMessage } from '../result.types.js';
+import { AuditRunConfig } from '../shape/auditConfigShape.js';
+import { PermissionClassifications } from '../shape/schema.js';
 export type ResolvedProfileLike = {
     name: string;
     role: string;
@@ -12,6 +13,12 @@ export type ScanResult = {
 };
 export type PartialProfileLike = Pick<Profile, 'userPermissions' | 'customPermissions'>;
 type PermissionsListKey = keyof PartialProfileLike;
+/**
+ * Moves the "name" from the classifications map to object prop
+ */
+type NamedPermissionClassification = PermissionClassifications['string'] & {
+    name: string;
+};
 /**
  * Scan userPermissions and customPermissions of a profile or permission set and
  * get a unified scan result with violations (risk level not allowed) and warnings
@@ -24,4 +31,7 @@ type PermissionsListKey = keyof PartialProfileLike;
  */
 export declare function scanProfileLike(profileLike: ResolvedProfileLike, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
 export declare function scanPermissions(profile: ResolvedProfileLike, permissionListName: PermissionsListKey, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
+export declare function resolvePresetOrdinalValue(value: string): number;
+export declare function permissionAllowedInPreset(permClassification: string, preset: string): boolean;
+export declare const classificationSorter: (a: NamedPermissionClassification, b: NamedPermissionClassification) => number;
 export {};

package/lib/libs/{core/registries → audit-engine/registry}/helpers/permissionsScanning.js RENAMED Viewed

@@ -1,6 +1,5 @@
 import { Messages } from '@salesforce/core';
-import { PermissionRiskLevel } from '../../classification-types.js';
-import { permissionAllowedInPreset } from '../../policy-types.js';
+import { PermissionRiskLevel, UserPrivilegeLevel } from '../shape/schema.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
 /**
@@ -60,8 +59,21 @@ export function scanPermissions(profile, permissionListName, auditRun, rootIdent
     }
     return result;
 }
+export function resolvePresetOrdinalValue(value) {
+    return Object.keys(UserPrivilegeLevel).indexOf(value.toUpperCase().replace(' ', '_'));
+}
+export function permissionAllowedInPreset(permClassification, preset) {
+    // this works, as long as we are mindful when adding new risk levels and presets
+    const invertedPermValue = Object.keys(PermissionRiskLevel).length - resolveRiskLevelOrdinalValue(permClassification);
+    const invertedPresetValue = Object.keys(UserPrivilegeLevel).length - resolvePresetOrdinalValue(preset);
+    return invertedPresetValue >= invertedPermValue;
+}
+function resolveRiskLevelOrdinalValue(value) {
+    return Object.keys(PermissionRiskLevel).indexOf(value.toUpperCase());
+}
+export const classificationSorter = (a, b) => resolveRiskLevelOrdinalValue(a.classification) - resolveRiskLevelOrdinalValue(b.classification);
 function resolvePerm(permName, auditRun, type) {
-    return nameClassification(permName, auditRun.classifications[type]?.content.permissions[permName]);
+    return nameClassification(permName, auditRun.classifications[type]?.permissions[permName]);
 }
 function nameClassification(permName, perm) {
     return perm ? { name: permName, ...perm } : undefined;

package/lib/libs/audit-engine/registry/helpers/permissionsScanning.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissionsScanning.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/helpers/permissionsScanning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAsBnH;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAgC,EAChC,QAAwB,EACxB,cAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClG,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACtG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA4B,EAC5B,kBAAsC,EACtC,QAAwB,EACxB,cAAyB;IAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7G,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAChF,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;wBACxE,kBAAkB,CAAC,cAAc;wBACjC,OAAO,CAAC,IAAI;qBACb,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;aACnE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAa;IACrD,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AACxF,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,kBAA0B,EAAE,MAAc;IAClF,gFAAgF;IAChF,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,GAAG,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;IACrH,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACvG,OAAO,mBAAmB,IAAI,iBAAiB,CAAC;AAClD,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CACjH,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;AAElG,SAAS,WAAW,CAClB,QAAgB,EAChB,QAAwB,EACxB,IAAwB;IAExB,OAAO,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA0C;IAE1C,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC"}

package/lib/libs/audit-engine/registry/policies/connectedApps.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import RuleRegistry from '../ruleRegistry.js';
+import { ConnectedApp } from '../../../../salesforce/index.js';
+import { AuditRunConfig } from '../shape/auditConfigShape.js';
+import { AuditContext } from '../context.types.js';
+import { PolicyConfig } from '../shape/schema.js';
+import Policy, { ResolveEntityResult } from './../policy.js';
+export default class ConnectedAppsPolicy extends Policy<ConnectedApp> {
+    config: PolicyConfig;
+    auditConfig: AuditRunConfig;
+    constructor(config: PolicyConfig, auditConfig: AuditRunConfig, registry: RuleRegistry);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ConnectedApp>>;
+}

package/lib/libs/audit-engine/registry/policies/connectedApps.js ADDED Viewed

@@ -0,0 +1,22 @@
+import { ConnectedApps } from '../../../../salesforce/index.js';
+import Policy from './../policy.js';
+export default class ConnectedAppsPolicy extends Policy {
+    config;
+    auditConfig;
+    constructor(config, auditConfig, registry) {
+        super(config, auditConfig, registry);
+        this.config = config;
+        this.auditConfig = auditConfig;
+    }
+    async resolveEntities(context) {
+        const resolvedEntities = {};
+        const appsRepo = new ConnectedApps(context.targetOrgConnection);
+        appsRepo.addListener('entityresolve', (resolveEvt) => this.emit('entityresolve', resolveEvt));
+        const apps = await appsRepo.resolve({ withOAuthToken: true });
+        for (const app of apps.values()) {
+            resolvedEntities[app.name] = app;
+        }
+        return { resolvedEntities, ignoredEntities: [] };
+    }
+}
+//# sourceMappingURL=connectedApps.js.map

package/lib/libs/audit-engine/registry/policies/connectedApps.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"connectedApps.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/connectedApps.ts"],"names":[],"mappings":"AACA,OAAO,EAAgB,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAI9E,OAAO,MAA+B,MAAM,gBAAgB,CAAC;AAE7D,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAAoB;IACzC;IAA6B;IAAvD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADb,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;IAElF,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAChE,QAAQ,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC;QAC9F,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YAChC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;IACnD,CAAC;CACF"}

package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { PermissionSet } from '../../../../salesforce/index.js';
+import Policy, { ResolveEntityResult } from '../policy.js';
+import RuleRegistry from '../ruleRegistry.js';
+import { AuditContext } from '../context.types.js';
+import { AuditRunConfig } from '../shape/auditConfigShape.js';
+import { PolicyConfig, UserPrivilegeLevel } from '../shape/schema.js';
+export type ClassifiedPermissionSet = PermissionSet & {
+    role: UserPrivilegeLevel;
+};
+export default class PermissionSetsPolicy extends Policy<ClassifiedPermissionSet> {
+    config: PolicyConfig;
+    auditConfig: AuditRunConfig;
+    private totalEntities;
+    private readonly classifications;
+    constructor(config: PolicyConfig, auditConfig: AuditRunConfig, registry: RuleRegistry);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ClassifiedPermissionSet>>;
+    private buildIgnoredEntities;
+}

package/lib/libs/audit-engine/registry/policies/permissionSets.js ADDED Viewed

@@ -0,0 +1,80 @@
+import { Messages } from '@salesforce/core';
+import { PermissionSets } from '../../../../salesforce/index.js';
+import Policy from '../policy.js';
+import { UserPrivilegeLevel } from '../shape/schema.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
+export default class PermissionSetsPolicy extends Policy {
+    config;
+    auditConfig;
+    totalEntities;
+    classifications;
+    constructor(config, auditConfig, registry) {
+        super(config, auditConfig, registry);
+        this.config = config;
+        this.auditConfig = auditConfig;
+        this.classifications = this.auditConfig.classifications.permissionSets?.permissionSets ?? {};
+        this.totalEntities = Object.keys(this.classifications).length;
+    }
+    async resolveEntities(context) {
+        const permsetsRepo = new PermissionSets(context.targetOrgConnection);
+        permsetsRepo.addListener('entityresolve', (statusEvt) => this.emit('entityresolve', statusEvt));
+        const allPermsets = await permsetsRepo.resolve();
+        const ignoredEntities = this.buildIgnoredEntities(allPermsets);
+        const classifiedPermsets = Object.keys(this.classifications).filter((permsetName) => ignoredEntities[permsetName] === undefined);
+        this.totalEntities = Object.keys(ignoredEntities).length + classifiedPermsets.length;
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: 0,
+        });
+        const resolvedPermsets = await permsetsRepo.resolve({ withMetadata: true, filterNames: classifiedPermsets });
+        const resolvedEntities = {};
+        for (const permsetName of classifiedPermsets) {
+            const metadata = resolvedPermsets.get(permsetName);
+            if (metadata) {
+                resolvedEntities[permsetName] = {
+                    ...metadata,
+                    role: this.classifications[permsetName].role,
+                };
+            }
+            else {
+                ignoredEntities[permsetName] = {
+                    name: permsetName,
+                    message: messages.getMessage('permission-set-invalid-no-metadata'),
+                };
+            }
+        }
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: this.totalEntities,
+        });
+        return { resolvedEntities, ignoredEntities: Object.values(ignoredEntities) };
+    }
+    buildIgnoredEntities(allPermsets) {
+        const ignoredEntities = {};
+        for (const [permsetName, permsetDef] of Object.entries(this.classifications)) {
+            if (permsetDef.role === UserPrivilegeLevel.UNKNOWN) {
+                ignoredEntities[permsetName] = {
+                    name: permsetName,
+                    message: messages.getMessage('preset-unknown', ['Permission Set']),
+                };
+            }
+            else if (!allPermsets.has(permsetName)) {
+                ignoredEntities[permsetName] = {
+                    name: permsetName,
+                    message: messages.getMessage('entity-not-found'),
+                };
+            }
+        }
+        for (const permset of allPermsets.values()) {
+            if (this.classifications[permset.name] === undefined) {
+                ignoredEntities[permset.name] = {
+                    name: permset.name,
+                    message: messages.getMessage('entity-not-classified'),
+                };
+            }
+        }
+        return ignoredEntities;
+    }
+}
+//# sourceMappingURL=permissionSets.js.map

package/lib/libs/audit-engine/registry/policies/permissionSets.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADb,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,IAAI,EAAE,CAAC;QAC7F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}

package/lib/libs/audit-engine/registry/policies/profiles.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { Profile } from '../../../../salesforce/index.js';
+import { AuditContext } from '../context.types.js';
+import Policy, { ResolveEntityResult } from '../policy.js';
+import RuleRegistry from '../ruleRegistry.js';
+import { AuditRunConfig } from '../shape/auditConfigShape.js';
+import { PolicyConfig } from '../shape/schema.js';
+export type ResolvedProfile = Profile & {
+    role: string;
+};
+export default class ProfilesPolicy extends Policy<ResolvedProfile> {
+    config: PolicyConfig;
+    auditConfig: AuditRunConfig;
+    private resolveState;
+    private readonly classifications;
+    constructor(config: PolicyConfig, auditConfig: AuditRunConfig, registry: RuleRegistry);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedProfile>>;
+    private updateResolveState;
+}

package/lib/libs/audit-engine/registry/policies/profiles.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { Messages } from '@salesforce/core';
+import { Profiles } from '../../../../salesforce/index.js';
+import Policy, { getTotal } from '../policy.js';
+import { UserPrivilegeLevel } from '../shape/schema.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
+export default class ProfilesPolicy extends Policy {
+    config;
+    auditConfig;
+    resolveState = { total: 0, resolved: 0 };
+    classifications;
+    constructor(config, auditConfig, registry) {
+        super(config, auditConfig, registry);
+        this.config = config;
+        this.auditConfig = auditConfig;
+        this.classifications = this.auditConfig.classifications.profiles?.profiles ?? {};
+        this.updateResolveState({ total: Object.keys(this.classifications).length });
+    }
+    async resolveEntities(context) {
+        this.updateResolveState({ resolved: 0 });
+        const profilesRepo = new Profiles(context.targetOrgConnection);
+        const allProfiles = await profilesRepo.resolve();
+        const ignoredEntities = {};
+        const classifiedProfiles = [];
+        for (const [profileName, profileDef] of Object.entries(this.classifications)) {
+            if (profileDef.role === UserPrivilegeLevel.UNKNOWN) {
+                ignoredEntities[profileName] = {
+                    name: profileName,
+                    message: messages.getMessage('preset-unknown', ['Profile']),
+                };
+            }
+            else if (!allProfiles.has(profileName)) {
+                ignoredEntities[profileName] = {
+                    name: profileName,
+                    message: messages.getMessage('entity-not-found'),
+                };
+            }
+            else {
+                classifiedProfiles.push(profileName);
+            }
+        }
+        for (const profile of allProfiles.values()) {
+            if (this.classifications[profile.name] === undefined) {
+                ignoredEntities[profile.name] = {
+                    name: profile.name,
+                    message: messages.getMessage('entity-not-classified'),
+                };
+            }
+        }
+        this.updateResolveState({ total: Object.keys(ignoredEntities).length + classifiedProfiles.length });
+        const profiles = await profilesRepo.resolve({ withMetadata: true, filterNames: classifiedProfiles });
+        const resolvedEntities = {};
+        classifiedProfiles.forEach((profileName) => {
+            if (profiles.has(profileName) && profiles.get(profileName)) {
+                resolvedEntities[profileName] = {
+                    ...profiles.get(profileName),
+                    role: this.classifications[profileName].role,
+                };
+            }
+            else {
+                ignoredEntities[profileName] = {
+                    name: profileName,
+                    message: messages.getMessage('profile-invalid-no-metadata'),
+                };
+            }
+        });
+        const result = { resolvedEntities, ignoredEntities: Object.values(ignoredEntities) };
+        this.updateResolveState({ resolved: getTotal(result) });
+        return result;
+    }
+    updateResolveState(update) {
+        this.resolveState = { ...this.resolveState, ...update };
+        this.emit('entityresolve', this.resolveState);
+    }
+}
+//# sourceMappingURL=profiles.js.map

package/lib/libs/audit-engine/registry/policies/profiles.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAWjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADb,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,CAAC;QACjF,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACrG,MAAM,gBAAgB,GAAoC,EAAE,CAAC;QAC7D,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3D,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAE;oBAC7B,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,kBAAkB,CAAC,MAA6B;QACtD,IAAI,CAAC,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF"}

package/lib/libs/audit-engine/registry/policies/settings.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import RuleRegistry, { RegistryRuleResolveResult } from '../ruleRegistry.js';
+import { MdapiRegistry } from '../../../../salesforce/index.js';
+import Policy, { ResolveEntityResult } from '../policy.js';
+import { AuditContext } from '../context.types.js';
+import { AuditRunConfig } from '../shape/auditConfigShape.js';
+import { PolicyConfig } from '../shape/schema.js';
+export type SalesforceSetting = Awaited<ReturnType<MdapiRegistry['namedTypes']['Settings']['resolve']>>['string'];
+export declare class SettingsRuleRegistry extends RuleRegistry {
+    constructor();
+    resolveRules(ruleObjs: PolicyConfig['rules'], auditContext: AuditRunConfig): RegistryRuleResolveResult;
+}
+export default class SettingsPolicy extends Policy<SalesforceSetting> {
+    config: PolicyConfig;
+    auditConfig: AuditRunConfig;
+    constructor(config: PolicyConfig, auditConfig: AuditRunConfig);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<SalesforceSetting>>;
+    private removeInvalidSettingsFromResolvedRules;
+}