npm - @j-schreiber/sf-cli-security-audit - Versions diffs - 0.11.0 → 0.11.2 - Mend

@j-schreiber/sf-cli-security-audit 0.11.0 → 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (276) hide show

package/lib/libs/{core/registries → audit-engine/registry}/rules/noInactiveUsers.js RENAMED Viewed

@@ -1,14 +1,18 @@
+import z from 'zod';
 import { Messages } from '@salesforce/core';
-import { NoInactiveUsersOptionsSchema } from '../../file-mgmt/schema.js';
-import { differenceInDays } from '../../utils.js';
-import PolicyRule, { parseRuleOptions } from './policyRule.js';
+import { differenceInDays } from '../../../../utils.js';
+import { throwAsSfError } from '../schema.js';
+import PolicyRule from './policyRule.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.users');
+const NoInactiveUsersOptionsSchema = z.strictObject({
+    daysAfterUserIsInactive: z.number().default(90),
+});
 export default class NoInactiveUsers extends PolicyRule {
     ruleConfig;
     constructor(localOpts) {
         super(localOpts);
-        this.ruleConfig = parseRuleOptions('users.yml', ['rules', 'NoInactiveUsers'], NoInactiveUsersOptionsSchema, localOpts.ruleConfig);
+        this.ruleConfig = parseRuleOptions(localOpts.ruleConfig);
     }
     run(context) {
         const result = this.initResult();
@@ -41,4 +45,13 @@ export default class NoInactiveUsers extends PolicyRule {
         return Promise.resolve(result);
     }
 }
+function parseRuleOptions(anyObject) {
+    const parseResult = NoInactiveUsersOptionsSchema.safeParse(anyObject ?? {});
+    if (parseResult.success) {
+        return parseResult.data;
+    }
+    else {
+        throwAsSfError('users.yml', parseResult.error, ['rules', 'NoInactiveUsers', 'options']);
+    }
+}
 //# sourceMappingURL=noInactiveUsers.js.map

package/lib/libs/audit-engine/registry/rules/noInactiveUsers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noInactiveUsers.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/noInactiveUsers.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,UAAuC,MAAM,iBAAiB,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IAClD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAIH,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,UAAwB;IAClD,UAAU,CAAC;IAE5B,YAAmB,SAA0D;QAC3E,KAAK,CAAC,SAAS,CAAC,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC3D,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;gBAChE,IAAI,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,uBAAuB,EAAE,CAAC;oBACzD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;wBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,EAAE;4BAC/D,UAAU;4BACV,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;yBACvC,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,MAAM,eAAe,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACvE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE;wBAC7D,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;wBACxC,eAAe;qBAChB,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF;AAED,SAAS,gBAAgB,CAAC,SAAmB;IAC3C,MAAM,WAAW,GAAG,4BAA4B,CAAC,SAAS,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAC5E,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC,IAAI,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,WAAW,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC,CAAC;IAC1F,CAAC;AACH,CAAC"}

package/lib/libs/{core/registries → audit-engine/registry}/rules/noOtherApexApiLogins.d.ts RENAMED Viewed

@@ -1,5 +1,5 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedUser } from '../users.js';
+import { PartialPolicyRuleResult, RuleAuditContext } from '../context.types.js';
+import { ResolvedUser } from '../policies/users.js';
 import PolicyRule, { RuleOptions } from './policyRule.js';
 export default class NoOtherApexApiLogins extends PolicyRule<ResolvedUser> {
     constructor(opts: RuleOptions);

package/lib/libs/{core/registries → audit-engine/registry}/rules/noOtherApexApiLogins.js RENAMED Viewed

@@ -16,7 +16,10 @@ export default class NoOtherApexApiLogins extends PolicyRule {
                 if (loginSummary.loginType === 'Other Apex API') {
                     result.violations.push({
                         identifier: [user.username, new Date(loginSummary.lastLogin).toISOString()],
-                        message: messages.getMessage('violations.no-other-apex-api-logins', [loginSummary.loginCount]),
+                        message: messages.getMessage('violations.no-other-apex-api-logins', [
+                            loginSummary.loginCount,
+                            this.opts.auditConfig.policies.users?.options.analyseLastNDaysOfLoginHistory,
+                        ]),
                     });
                 }
             }

package/lib/libs/audit-engine/registry/rules/noOtherApexApiLogins.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3E,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE;4BAClE,YAAY,CAAC,UAAU;4BACvB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,8BAA8B;yBAC7E,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { PartialPolicyRuleResult, RuleAuditContext } from '../context.types.js';
+import { ConnectedApp } from '../../../../salesforce/index.js';
+import PolicyRule, { RuleOptions } from './policyRule.js';
+export default class NoUserCanSelfAuthorize extends PolicyRule<ConnectedApp> {
+    constructor(opts: RuleOptions);
+    run(context: RuleAuditContext<ConnectedApp>): Promise<PartialPolicyRuleResult>;
+}

package/lib/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"noUserCanSelfAuthorize.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,UAAwB;IAC1E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC;gBACvC,IAAI,GAAG,CAAC,2BAA2B,EAAE,CAAC;oBACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yDAAyD,CAAC;qBACxF,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,CAAC;qBACpE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/{core/registries → audit-engine/registry}/rules/policyRule.d.ts RENAMED Viewed

@@ -1,8 +1,7 @@
-import z from 'zod';
-import { PartialPolicyRuleResult, RowLevelPolicyRule, RuleAuditContext } from '../types.js';
-import { AuditRunConfig } from '../../file-mgmt/schema.js';
+import { PartialPolicyRuleResult, RowLevelPolicyRule, RuleAuditContext } from '../context.types.js';
+import { AuditRunConfig } from '../shape/auditConfigShape.js';
 export type RuleOptions = {
-    auditContext: AuditRunConfig;
+    auditConfig: AuditRunConfig;
     ruleDisplayName: string;
 };
 export type ConfigurableRuleOptions<T> = RuleOptions & {
@@ -10,10 +9,9 @@ export type ConfigurableRuleOptions<T> = RuleOptions & {
 };
 export default abstract class PolicyRule<EntityType> implements RowLevelPolicyRule<EntityType> {
     protected opts: RuleOptions;
-    auditContext: AuditRunConfig;
+    auditConfig: AuditRunConfig;
     ruleDisplayName: string;
     constructor(opts: RuleOptions);
     protected initResult(): PartialPolicyRuleResult;
     abstract run(context: RuleAuditContext<EntityType>): Promise<PartialPolicyRuleResult>;
 }
-export declare function parseRuleOptions(policyName: string, rulePath: string[], schema: z.ZodObject, anyObject?: unknown): z.infer<typeof schema>;

package/lib/libs/{core/registries → audit-engine/registry}/rules/policyRule.js RENAMED Viewed

@@ -1,13 +1,12 @@
 import { Messages } from '@salesforce/core';
-import { throwAsSfError } from '../../file-mgmt/schema.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 export default class PolicyRule {
     opts;
-    auditContext;
+    auditConfig;
     ruleDisplayName;
     constructor(opts) {
         this.opts = opts;
-        this.auditContext = opts.auditContext;
+        this.auditConfig = opts.auditConfig;
         this.ruleDisplayName = opts.ruleDisplayName;
     }
     initResult() {
@@ -20,13 +19,4 @@ export default class PolicyRule {
         };
     }
 }
-export function parseRuleOptions(policyName, rulePath, schema, anyObject) {
-    const parseResult = schema.safeParse(anyObject ?? {});
-    if (parseResult.success) {
-        return parseResult.data;
-    }
-    else {
-        throwAsSfError(policyName, parseResult.error, [...rulePath, 'options']);
-    }
-}
 //# sourceMappingURL=policyRule.js.map

package/lib/libs/audit-engine/registry/rules/policyRule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policyRule.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/policyRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAK5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAW7D,MAAM,CAAC,OAAO,OAAgB,UAAU;IAIT;IAHtB,WAAW,CAAiB;IAC5B,eAAe,CAAS;IAE/B,YAA6B,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;QAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;IAC9C,CAAC;IAES,UAAU;QAClB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,eAAe;YAC9B,UAAU,EAAE,IAAI,KAAK,EAAuB;YAC5C,eAAe,EAAE,IAAI,KAAK,EAA2B;YACrD,QAAQ,EAAE,IAAI,KAAK,EAAwB;YAC3C,MAAM,EAAE,IAAI,KAAK,EAAwB;SAC1C,CAAC;IACJ,CAAC;CAGF"}

package/lib/libs/audit-engine/registry/schema.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import z from 'zod';
2	+ export declare function throwAsSfError(fileName: string, parseError: z.ZodError, rulePath?: PropertyKey[]): never;

package/lib/libs/audit-engine/registry/schema.js ADDED Viewed

@@ -0,0 +1,11 @@
+import { Messages } from '@salesforce/core';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+export function throwAsSfError(fileName, parseError, rulePath) {
+    const issues = parseError.issues.map((zodIssue) => {
+        const definitivePath = rulePath ? [...rulePath, ...zodIssue.path] : zodIssue.path;
+        return definitivePath.length > 0 ? `${zodIssue.message} in "${definitivePath.join('.')}"` : zodIssue.message;
+    });
+    throw messages.createError('error.InvalidConfigFileSchema', [fileName, issues.join(', ')]);
+}
+//# sourceMappingURL=schema.js.map

package/lib/libs/audit-engine/registry/schema.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/schema.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC"}

package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts ADDED Viewed

@@ -0,0 +1,122 @@
+import { ParsedAuditConfig } from '../../file-manager/fileManager.types.js';
+export type AuditRunConfig = ParsedAuditConfig<typeof AuditConfigShape>;
+export type Policies = keyof (typeof AuditConfigShape)['policies'];
+export type PolicyShapes = AuditRunConfig['policies'];
+export type Classifications = keyof (typeof AuditConfigShape)['classifications'];
+export type ClassificationShapes = AuditRunConfig['classifications'];
+/**
+ * The shape defines the directory structure and schema files to
+ * parse YAML files. It is the foundation to derive the runtime type of
+ * the audit config that is used by rules and policies.
+ */
+export declare const AuditConfigShape: {
+    classifications: {
+        userPermissions: {
+            schema: import("zod").ZodObject<{
+                permissions: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    label: import("zod").ZodOptional<import("zod").ZodString>;
+                    reason: import("zod").ZodOptional<import("zod").ZodString>;
+                    classification: import("zod").ZodEnum<typeof import("./schema.js").PermissionRiskLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        customPermissions: {
+            schema: import("zod").ZodObject<{
+                permissions: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    label: import("zod").ZodOptional<import("zod").ZodString>;
+                    reason: import("zod").ZodOptional<import("zod").ZodString>;
+                    classification: import("zod").ZodEnum<typeof import("./schema.js").PermissionRiskLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        profiles: {
+            schema: import("zod").ZodObject<{
+                profiles: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    role: import("zod").ZodEnum<typeof import("./schema.js").UserPrivilegeLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        permissionSets: {
+            schema: import("zod").ZodObject<{
+                permissionSets: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    role: import("zod").ZodEnum<typeof import("./schema.js").UserPrivilegeLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+        users: {
+            schema: import("zod").ZodObject<{
+                users: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    role: import("zod").ZodEnum<typeof import("./schema.js").UserPrivilegeLevel>;
+                }, import("zod/v4/core").$strip>>;
+            }, import("zod/v4/core").$strip>;
+            entities: string;
+        };
+    };
+    policies: {
+        profiles: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+            dependencies: {
+                path: string[];
+                errorName: string;
+            }[];
+        };
+        permissionSets: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+            dependencies: {
+                path: string[];
+                errorName: string;
+            }[];
+        };
+        connectedApps: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+        };
+        users: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodObject<{
+                    defaultRoleForMissingUsers: import("zod").ZodDefault<import("zod").ZodEnum<typeof import("./schema.js").UserPrivilegeLevel>>;
+                    analyseLastNDaysOfLoginHistory: import("zod").ZodOptional<import("zod").ZodNumber>;
+                }, import("zod/v4/core").$strict>;
+            }, import("zod/v4/core").$strip>;
+        };
+        settings: {
+            schema: import("zod").ZodObject<{
+                enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                rules: import("zod").ZodDefault<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
+                    enabled: import("zod").ZodDefault<import("zod").ZodBoolean>;
+                    options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+                }, import("zod/v4/core").$strip>>>;
+                options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
+            }, import("zod/v4/core").$strip>;
+        };
+    };
+};

package/lib/libs/audit-engine/registry/shape/auditConfigShape.js ADDED Viewed

@@ -0,0 +1,54 @@
+import { PermissionsClassificationFileSchema, PermissionSetsClassificationFileSchema, PolicyFileSchema, ProfilesClassificationFileSchema, UserClassificationFileSchema, UserPolicyFileSchema, } from './schema.js';
+/**
+ * The shape defines the directory structure and schema files to
+ * parse YAML files. It is the foundation to derive the runtime type of
+ * the audit config that is used by rules and policies.
+ */
+export const AuditConfigShape = {
+    classifications: {
+        userPermissions: {
+            schema: PermissionsClassificationFileSchema,
+            entities: 'permissions',
+        },
+        customPermissions: {
+            schema: PermissionsClassificationFileSchema,
+            entities: 'permissions',
+        },
+        profiles: {
+            schema: ProfilesClassificationFileSchema,
+            entities: 'profiles',
+        },
+        permissionSets: {
+            schema: PermissionSetsClassificationFileSchema,
+            entities: 'permissionSets',
+        },
+        users: {
+            schema: UserClassificationFileSchema,
+            entities: 'users',
+        },
+    },
+    policies: {
+        profiles: {
+            schema: PolicyFileSchema,
+            dependencies: [
+                { path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForProfiles' },
+            ],
+        },
+        permissionSets: {
+            schema: PolicyFileSchema,
+            dependencies: [
+                { path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForPermSets' },
+            ],
+        },
+        connectedApps: {
+            schema: PolicyFileSchema,
+        },
+        users: {
+            schema: UserPolicyFileSchema,
+        },
+        settings: {
+            schema: PolicyFileSchema,
+        },
+    },
+};
+//# sourceMappingURL=auditConfigShape.js.map

package/lib/libs/audit-engine/registry/shape/auditConfigShape.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auditConfigShape.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/auditConfigShape.ts"],"names":[],"mappings":"AACA,OAAO,EACL,mCAAmC,EACnC,sCAAsC,EACtC,gBAAgB,EAChB,gCAAgC,EAChC,4BAA4B,EAC5B,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAQrB;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,eAAe,EAAE;QACf,eAAe,EAAE;YACf,MAAM,EAAE,mCAAmC;YAC3C,QAAQ,EAAE,aAAa;SACxB;QACD,iBAAiB,EAAE;YACjB,MAAM,EAAE,mCAAmC;YAC3C,QAAQ,EAAE,aAAa;SACxB;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,gCAAgC;YACxC,QAAQ,EAAE,UAAU;SACrB;QACD,cAAc,EAAE;YACd,MAAM,EAAE,sCAAsC;YAC9C,QAAQ,EAAE,gBAAgB;SAC3B;QACD,KAAK,EAAE;YACL,MAAM,EAAE,4BAA4B;YACpC,QAAQ,EAAE,OAAO;SAClB;KACF;IACD,QAAQ,EAAE;QACR,QAAQ,EAAE;YACR,MAAM,EAAE,gBAAgB;YACxB,YAAY,EAAE;gBACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;aACzG;SACF;QACD,cAAc,EAAE;YACd,MAAM,EAAE,gBAAgB;YACxB,YAAY,EAAE;gBACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;aACzG;SACF;QACD,aAAa,EAAE;YACb,MAAM,EAAE,gBAAgB;SACzB;QACD,KAAK,EAAE;YACL,MAAM,EAAE,oBAAoB;SAC7B;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,gBAAgB;SACzB;KACF;CACF,CAAC"}

package/lib/libs/audit-engine/registry/shape/schema.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import z from 'zod';
+/**
+ * Enum to classify user and custom permissions.
+ */
+export declare enum PermissionRiskLevel {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    BLOCKED = "Blocked",
+    /** Developer permissions, allow to modify the application */
+    CRITICAL = "Critical",
+    /** Admin permissions, allow to manage users and change permissions */
+    HIGH = "High",
+    /** Elevated business permissions for privileged users */
+    MEDIUM = "Medium",
+    /** Regular user permissions, typically needed for day-to-day work */
+    LOW = "Low",
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    UNKNOWN = "Unknown"
+}
+/**
+ * Privilege levels are assigned to users, profiles and permission sets.
+ * Each level determins the allowed permissions, based on their risk levels.
+ */
+export declare enum UserPrivilegeLevel {
+    /** Allows up to "Critical" permissions */
+    DEVELOPER = "Developer",
+    /** Allows up to "High" permissions */
+    ADMIN = "Admin",
+    /** Allows up to "Medium" permissions */
+    POWER_USER = "Power User",
+    /** Allows only "Low" permissions */
+    STANDARD_USER = "Standard User",
+    /** Disables the profile for audit */
+    UNKNOWN = "Unknown"
+}
+declare const PermissionClassifications: z.ZodRecord<z.ZodString, z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PermissionRiskLevel>;
+}, z.z.core.$strip>>;
+declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
+    role: z.ZodEnum<typeof UserPrivilegeLevel>;
+}, z.z.core.$strip>>;
+declare const ProfilesMap: z.ZodRecord<z.ZodString, z.ZodObject<{
+    role: z.ZodEnum<typeof UserPrivilegeLevel>;
+}, z.z.core.$strip>>;
+declare const UsersMap: z.ZodRecord<z.ZodString, z.ZodObject<{
+    role: z.ZodEnum<typeof UserPrivilegeLevel>;
+}, z.z.core.$strip>>;
+export declare const PermissionsClassificationFileSchema: z.ZodObject<{
+    permissions: z.ZodRecord<z.ZodString, z.ZodObject<{
+        label: z.ZodOptional<z.ZodString>;
+        reason: z.ZodOptional<z.ZodString>;
+        classification: z.ZodEnum<typeof PermissionRiskLevel>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const ProfilesClassificationFileSchema: z.ZodObject<{
+    profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
+        role: z.ZodEnum<typeof UserPrivilegeLevel>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const PermissionSetsClassificationFileSchema: z.ZodObject<{
+    permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
+        role: z.ZodEnum<typeof UserPrivilegeLevel>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const UserClassificationFileSchema: z.ZodObject<{
+    users: z.ZodRecord<z.ZodString, z.ZodObject<{
+        role: z.ZodEnum<typeof UserPrivilegeLevel>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const PolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.z.core.$strip>>>;
+    options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.z.core.$strip>;
+export declare const UserPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.z.core.$strip>>>;
+    options: z.ZodObject<{
+        defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof UserPrivilegeLevel>>;
+        analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
+    }, z.z.core.$strict>;
+}, z.z.core.$strip>;
+export type PermissionClassifications = z.infer<typeof PermissionClassifications>;
+export type PermissionSetClassifications = z.infer<typeof PermSetMap>;
+export type ProfileClassifications = z.infer<typeof ProfilesMap>;
+export type UserClassifications = z.infer<typeof UsersMap>;
+export type PolicyConfig = z.infer<typeof PolicyFileSchema>;
+export type UserPolicyConfig = z.infer<typeof UserPolicyFileSchema>;
+export {};

package/lib/libs/audit-engine/registry/shape/schema.js ADDED Viewed

@@ -0,0 +1,84 @@
+import z from 'zod';
+/**
+ * Enum to classify user and custom permissions.
+ */
+export var PermissionRiskLevel;
+(function (PermissionRiskLevel) {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    PermissionRiskLevel["BLOCKED"] = "Blocked";
+    /** Developer permissions, allow to modify the application */
+    PermissionRiskLevel["CRITICAL"] = "Critical";
+    /** Admin permissions, allow to manage users and change permissions */
+    PermissionRiskLevel["HIGH"] = "High";
+    /** Elevated business permissions for privileged users */
+    PermissionRiskLevel["MEDIUM"] = "Medium";
+    /** Regular user permissions, typically needed for day-to-day work */
+    PermissionRiskLevel["LOW"] = "Low";
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    PermissionRiskLevel["UNKNOWN"] = "Unknown";
+})(PermissionRiskLevel || (PermissionRiskLevel = {}));
+/**
+ * Privilege levels are assigned to users, profiles and permission sets.
+ * Each level determins the allowed permissions, based on their risk levels.
+ */
+export var UserPrivilegeLevel;
+(function (UserPrivilegeLevel) {
+    /** Allows up to "Critical" permissions */
+    UserPrivilegeLevel["DEVELOPER"] = "Developer";
+    /** Allows up to "High" permissions */
+    UserPrivilegeLevel["ADMIN"] = "Admin";
+    /** Allows up to "Medium" permissions */
+    UserPrivilegeLevel["POWER_USER"] = "Power User";
+    /** Allows only "Low" permissions */
+    UserPrivilegeLevel["STANDARD_USER"] = "Standard User";
+    /** Disables the profile for audit */
+    UserPrivilegeLevel["UNKNOWN"] = "Unknown";
+})(UserPrivilegeLevel || (UserPrivilegeLevel = {}));
+const PermClassification = z.object({
+    /** UI Label */
+    label: z.string().optional(),
+    /** An optional description to explain the classification */
+    reason: z.string().optional(),
+    /** Risk assessment of the permissions */
+    classification: z.enum(PermissionRiskLevel),
+});
+const PermissionClassifications = z.record(z.string(), PermClassification);
+const PolicyRuleConfigSchema = z.object({
+    enabled: z.boolean().default(false),
+    options: z.record(z.string(), z.unknown()).optional(),
+});
+const RuleMapSchema = z.record(z.string(), PolicyRuleConfigSchema);
+const PermSetConfig = z.object({
+    role: z.enum(UserPrivilegeLevel),
+});
+const PermSetMap = z.record(z.string(), PermSetConfig);
+const ProfilesMap = z.record(z.string(), PermSetConfig);
+const UserConfig = z.object({ role: z.enum(UserPrivilegeLevel) });
+const UsersMap = z.record(z.string(), UserConfig);
+const UsersPolicyOptions = z.strictObject({
+    defaultRoleForMissingUsers: z.enum(UserPrivilegeLevel).default(UserPrivilegeLevel.STANDARD_USER),
+    analyseLastNDaysOfLoginHistory: z.number().optional(),
+});
+// Classification File Schemata
+export const PermissionsClassificationFileSchema = z.object({
+    permissions: PermissionClassifications,
+});
+export const ProfilesClassificationFileSchema = z.object({
+    profiles: ProfilesMap,
+});
+export const PermissionSetsClassificationFileSchema = z.object({
+    permissionSets: PermSetMap,
+});
+export const UserClassificationFileSchema = z.object({
+    users: UsersMap,
+});
+// Policy File Schemata
+export const PolicyFileSchema = z.object({
+    enabled: z.boolean().default(true),
+    rules: RuleMapSchema.default({}),
+    options: z.record(z.string(), z.unknown()).optional(),
+});
+export const UserPolicyFileSchema = PolicyFileSchema.extend({
+    options: UsersPolicyOptions,
+});
+//# sourceMappingURL=schema.js.map

package/lib/libs/audit-engine/registry/shape/schema.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,0CAA0C;IAC1C,6CAAuB,CAAA;IACvB,sCAAsC;IACtC,qCAAe,CAAA;IACf,wCAAwC;IACxC,+CAAyB,CAAA;IACzB,oCAAoC;IACpC,qDAA+B,CAAA;IAC/B,qCAAqC;IACrC,yCAAmB,CAAA;AACrB,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE3E,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAExD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,kBAAkB,GAAG,CAAC,CAAC,YAAY,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,+BAA+B;AAE/B,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,WAAW,EAAE,yBAAyB;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,QAAQ,EAAE,WAAW;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,KAAK,EAAE,QAAQ;CAChB,CAAC,CAAC;AAEH,uBAAuB;AAEvB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC1D,OAAO,EAAE,kBAAkB;CAC5B,CAAC,CAAC"}

package/lib/libs/conf-init/auditConfig.d.ts CHANGED Viewed

@@ -1,14 +1,10 @@
 import { Connection } from '@salesforce/core';
-import { AuditRunConfig } from '../core/file-mgmt/schema.js';
-import { AuditInitPresets } from './presets.js';
+import { AuditRunConfig, Policies, PolicyDefinitions } from '../audit-engine/index.js';
+import { AuditInitPresets } from './init.types.js';
 /**
  * Additional options how the config should be initialised.
  */
 export type AuditInitOptions = {
-    /**
-     * When set, config files are created at the target location.
-     */
-    targetDir?: string;
     /**
      * An optional preset to initialise classifications and policies.
      */
@@ -26,10 +22,5 @@ export default class AuditConfig {
      * @param con
      */
     static init(targetCon: Connection, opts?: AuditInitOptions): Promise<AuditRunConfig>;
-    /**
-     * Loads an existing audit config from a source directory
-     *
-     * @param sourceDir
-     */
-    static load(sourceDir: string): AuditRunConfig;
 }
+export declare function initPolicyConfig<P extends Policies>(policyName: P): (typeof PolicyDefinitions)[P]['configType'];

package/lib/libs/conf-init/auditConfig.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import { DefaultFileManager } from '../core/file-mgmt/auditConfigFileManager.js';
-import { initCustomPermissions, initPermissionSets, initProfiles, initUserPermissions, initUsers, } from './permissionsClassification.js';
-import { initDefaultPolicy, initSettings, initUserPolicy } from './policyConfigs.js';
+import { RuleRegistry, PolicyDefinitions, } from '../audit-engine/index.js';
+import { ClassificationInitDefinitions } from './defaultClassifications.js';
+import { DefaultPolicyDefinitions } from './defaultPolicies.js';
 /**
  * Exposes key functionality to load an audit config as static methods. This makes
  * it easy to mock the results during tests.
@@ -14,32 +14,32 @@ export default class AuditConfig {
      */
     static async init(targetCon, opts) {
         const conf = { classifications: {}, policies: {} };
-        conf.classifications.profiles = { content: await initProfiles(targetCon) };
-        conf.classifications.permissionSets = { content: await initPermissionSets(targetCon) };
-        conf.classifications.users = { content: await initUsers(targetCon) };
-        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon, opts?.preset) };
-        const customPerms = await initCustomPermissions(targetCon);
-        if (customPerms) {
-            conf.classifications.customPermissions = { content: customPerms };
+        for (const [className, classInitDef] of Object.entries(ClassificationInitDefinitions)) {
+            // eslint-disable-next-line no-await-in-loop
+            const defaultClassification = await classInitDef.initialiser(targetCon, opts?.preset);
+            if (defaultClassification) {
+                conf.classifications[className] = defaultClassification;
+            }
         }
-        conf.policies.profiles = { content: initDefaultPolicy('profiles') };
-        conf.policies.permissionSets = { content: initDefaultPolicy('permissionSets') };
-        conf.policies.users = { content: initUserPolicy() };
-        conf.policies.connectedApps = { content: initDefaultPolicy('connectedApps') };
-        conf.policies.settings = { content: initSettings() };
-        // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
-        if (opts?.targetDir || opts?.targetDir === '') {
-            DefaultFileManager.save(opts.targetDir, conf);
+        for (const policyName of Object.keys(PolicyDefinitions)) {
+            const policy = initPolicyConfig(policyName);
+            conf.policies[policyName] = policy;
         }
         return conf;
     }
-    /**
-     * Loads an existing audit config from a source directory
-     *
-     * @param sourceDir
-     */
-    static load(sourceDir) {
-        return DefaultFileManager.parse(sourceDir);
+}
+export function initPolicyConfig(policyName) {
+    const def = PolicyDefinitions[policyName];
+    const registry = new RuleRegistry(def.rules);
+    const content = { enabled: true, rules: {} };
+    for (const validRule of registry.registeredRules()) {
+        content.rules[validRule] = {
+            enabled: true,
+        };
+    }
+    if (DefaultPolicyDefinitions[policyName]) {
+        return { ...content, ...DefaultPolicyDefinitions[policyName]() };
     }
+    return content;
 }
 //# sourceMappingURL=auditConfig.js.map