@j-schreiber/sf-cli-security-audit 0.2.0 → 0.4.0

package/README.md

@@ -2,17 +2,25 @@
 
 > This plugin is still in beta and under active development. Command signatures may be subject to change.
 
+For an in-depth documentation that goes beyond command signatures and explains the core concepts, design decisions, and a variety of use cases [see our Wiki](https://github.com/j-schreiber/js-sf-cli-security-audit/wiki).
+
 # Installation
 
-This plugin is not yet published on NPM. You must check out the repo and link it locally.
+To build from source, follow these steps
 
 ```bash
-git clone https://...
+git clone https://github.com/j-schreiber/js-sf-cli-security-audit
 mkdir sf-cli-security-audit
 yarn && yarn build
 sf plugins link .
 ```
 
+To install the latest version from NPM
+
+```bash
+sf plugins install @j-schreiber/sf-cli-security-audit
+```
+
 # Contribute
 
 Contributers are welcome! Please reach out on [Linkedin](https://www.linkedin.com/in/jannis-schreiber/) or via [Email](mailto:info@lietzau-consulting.de).

package/lib/commands/org/audit/init.d.ts

@@ -0,0 +1,17 @@
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { AuditRunConfig } from '../../../libs/config/audit-run/schema.js';
+export type OrgAuditInitResult = AuditRunConfig;
+export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
+        'output-dir': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<OrgAuditInitResult>;
+    private printResults;
+    private printClassifications;
+    private printPolicies;
+}

package/lib/commands/org/audit/init.js

@@ -0,0 +1,61 @@
+import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import AuditConfig from '../../../libs/policies/initialisation/auditConfig.js';
+import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/config/audit-run/schema.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
+export default class OrgAuditInit extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'output-dir': Flags.directory({
+            required: false,
+            char: 'd',
+            summary: messages.getMessage('flags.output-dir.summary'),
+            default: '',
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgAuditInit);
+        const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
+            targetDir: flags['output-dir'],
+        });
+        this.printResults(auditConfig);
+        return auditConfig;
+    }
+    printResults(config) {
+        this.printClassifications(config.classifications);
+        this.printPolicies(config.policies);
+    }
+    printClassifications(classifications) {
+        Object.values(classifications).forEach((def) => {
+            if (isPermissionsConfig(def)) {
+                const perms = def.content.permissions ? Object.entries(def.content.permissions) : [];
+                if (perms.length > 0) {
+                    this.logSuccess(messages.getMessage('success.perm-classification-summary', [perms.length ?? 0, def.filePath]));
+                }
+            }
+        });
+    }
+    printPolicies(policies) {
+        Object.entries(policies).forEach(([name, def]) => {
+            if (isPolicyConfig(def)) {
+                if (def.filePath) {
+                    this.logSuccess(messages.getMessage('success.policy-summary', [
+                        name,
+                        Object.keys(def.content.rules).length ?? 0,
+                        def.filePath,
+                    ]));
+                }
+            }
+        });
+    }
+}
+//# sourceMappingURL=init.js.map

package/lib/commands/org/audit/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,sDAAsD,CAAC;AAC/E,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,0CAA0C,CAAC;AAElD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;SAC/B,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,IAAI;wBACJ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}

package/lib/commands/org/audit/run.d.ts

@@ -0,0 +1,22 @@
+import { Interfaces } from '@oclif/core';
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { AuditResult } from '../../../libs/audit/types.js';
+export type OrgAuditRunResult = AuditResult & {
+    filePath: string;
+};
+export default class OrgAuditRun extends SfCommand<OrgAuditRunResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        'target-org': Interfaces.OptionFlag<import("@salesforce/core").Org, Interfaces.CustomOptions>;
+        'source-dir': Interfaces.OptionFlag<string, Interfaces.CustomOptions>;
+        'api-version': Interfaces.OptionFlag<string | undefined, Interfaces.CustomOptions>;
+    };
+    run(): Promise<OrgAuditRunResult>;
+    private printResults;
+    private printPoliciesSummary;
+    private printExecutedRulesSummary;
+    private printRuleViolations;
+    private writeReport;
+}

package/lib/commands/org/audit/run.js

@@ -0,0 +1,113 @@
+import { writeFileSync } from 'node:fs';
+import path from 'node:path';
+import { SfCommand, Flags, StandardColors } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import { startAuditRun } from '../../../libs/policies/auditRun.js';
+import AuditRunMultiStageOutput from '../../../ux/auditRunMultiStage.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+export default class OrgAuditRun extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'source-dir': Flags.directory({
+            required: false,
+            char: 'd',
+            summary: messages.getMessage('flags.source-dir.summary'),
+            default: '',
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgAuditRun);
+        const stageOutput = AuditRunMultiStageOutput.create({
+            directoryRootPath: flags['source-dir'],
+            targetOrg: flags['target-org'].getUsername() ?? flags['target-org'].getOrgId(),
+            jsonEnabled: flags.json,
+        });
+        stageOutput.start();
+        const auditRun = startAuditRun(flags['source-dir']);
+        stageOutput.startPolicyResolve(auditRun);
+        await auditRun.resolve(flags['target-org'].getConnection(flags['api-version']));
+        stageOutput.startRuleExecution();
+        const partialResult = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
+        const result = { orgId: flags['target-org'].getOrgId(), ...partialResult };
+        stageOutput.finish();
+        this.printResults(result);
+        const filePath = this.writeReport(result, flags);
+        return { ...result, filePath };
+    }
+    printResults(result) {
+        this.printPoliciesSummary(result);
+        Object.entries(result.policies).forEach(([policyName, policyDetails]) => {
+            this.printExecutedRulesSummary(policyName, policyDetails);
+            this.printRuleViolations(policyDetails.executedRules);
+        });
+    }
+    printPoliciesSummary(result) {
+        const polSummaries = transposePoliciesToTable(result);
+        if (result.isCompliant) {
+            this.logSuccess(messages.getMessage('success.all-policies-compliant'));
+            this.log('');
+        }
+        else {
+            this.log(StandardColors.error(messages.getMessage('summary-non-compliant')));
+            this.log('');
+        }
+        this.table({ data: polSummaries, title: '=== Summary ===', titleOptions: { bold: true } });
+    }
+    printExecutedRulesSummary(policyName, policyDetails) {
+        const rulesSummary = transposeExecutedPolicyRules(policyDetails);
+        if (rulesSummary.length > 0) {
+            this.table({
+                data: rulesSummary,
+                title: `--- Executed Rules for ${policyName} ---`,
+                titleOptions: { underline: true },
+            });
+        }
+    }
+    printRuleViolations(executedRules) {
+        Object.values(executedRules)
+            .filter((ruleDetails) => !ruleDetails.isCompliant)
+            .forEach((uncompliantRule) => {
+            this.table({ data: uncompliantRule.violations, title: `Violations for ${uncompliantRule.ruleName}` });
+        });
+    }
+    writeReport(result, flags) {
+        const fileName = `report_${flags['target-org'].getOrgId()}_${Date.now()}.json`;
+        const fullPath = path.join(flags['source-dir'], fileName);
+        writeFileSync(fullPath, JSON.stringify(result, null, 2));
+        this.info(messages.getMessage('info.report-file-location', [fullPath]));
+        return fullPath;
+    }
+}
+function transposePoliciesToTable(result) {
+    return Object.entries(result.policies).map(([policyName, policyDetails]) => {
+        const rulesExecuted = policyDetails?.executedRules ? Object.keys(policyDetails.executedRules).length : 0;
+        return {
+            policy: policyName,
+            isCompliant: policyDetails.isCompliant,
+            rulesExecuted,
+            auditedEntities: policyDetails.auditedEntities?.length ?? 0,
+            ignoredEntities: policyDetails.ignoredEntities?.length ?? 0,
+        };
+    });
+}
+function transposeExecutedPolicyRules(result) {
+    return Object.entries(result.executedRules).map(([ruleName, ruleDetails]) => ({
+        rule: ruleName,
+        isCompliant: ruleDetails.isCompliant,
+        compliantEntities: ruleDetails.compliantEntities?.length ?? 0,
+        violatedEntities: ruleDetails.violatedEntities?.length ?? 0,
+        violations: ruleDetails.violations.length,
+        warnings: ruleDetails.warnings.length,
+        errors: ruleDetails.errors.length,
+    }));
+}
+//# sourceMappingURL=run.js.map

package/lib/commands/org/audit/run.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AACnE,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AAEzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAQ9F,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACtG,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAC3E,WAAW,CAAC,MAAM,EAAE,CAAC;QACrB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;YACtE,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,MAAM;gBACjD,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD;QAClF,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;aACzB,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC;aACjD,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE;YAC3B,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACxG,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACzE,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC"}

package/lib/libs/audit/types.d.ts

@@ -0,0 +1,154 @@
+/**
+ * A single violation from a policy rule execution.
+ */
+export type PolicyRuleViolation = RuleComponentMessage & {
+    /**
+     * Optional descriptive message that explains how to fix the violation.
+     */
+    hint?: string;
+};
+/**
+ * A muted violation with additional information why it was muted
+ */
+export type PolicyRuleViolationMute = PolicyRuleViolation & {
+    /**
+     * Descriptive reason from allow-config why this violation is muted.
+     */
+    reason: string;
+    /**
+     * Path to the config file that allowed this violation for reference.
+     */
+    allowListEntryPath?: string;
+};
+/**
+ * Details about s config entity of a policy (such as a profile, perm set, user)
+ * that did not resolve successfully. This may be because the entity does not exist
+ * on the target org or because it is not registered.
+ */
+export type EntityResolveError = {
+    /**
+     * Identifier of the entity, e.g. profile name, username, rule, policy, etc
+     */
+    name: string;
+    /**
+     * Message that explains, why the entity was not successfully resolved
+     */
+    message: string;
+};
+export type RuleComponentMessage = {
+    /**
+     * Path to a component. This can be a developer name of a connected app,
+     * permission set name or the permission within a profile.
+     */
+    identifier: string | string[];
+    /**
+     * Descriptive message of the error, warning or violation.
+     */
+    message: string;
+};
+export type PolicyRuleSkipResult = {
+    /**
+     * Identifier of the rule, as it is configured in the policy.yml.
+     */
+    name: string;
+    /**
+     * Descriptive message why the rule was skipped.
+     */
+    skipReason: string;
+};
+export type PolicyRuleExecutionResult = {
+    /**
+     * Identifier of the rule, as it is configured in the policy.yml.
+     */
+    ruleName: string;
+    /**
+     * Short-hand accessor, if an execution had at least one violation.
+     */
+    isCompliant: boolean;
+    /**
+     * All violations of the rule that were reported.
+     */
+    violations: PolicyRuleViolation[];
+    /**
+     * Identifiers of compliant entities. An entity is compliant, if it has
+     * zero violations.
+     */
+    compliantEntities: string[];
+    /**
+     * Identifiers of violated entities. Each entity may have several violations,
+     * depending on the analysis depth of the rule.
+     */
+    violatedEntities: string[];
+    /**
+     * Violations that were identified, but were muted by a matching allow-list.
+     * Muted violations do not affect compliance.
+     */
+    mutedViolations: PolicyRuleViolationMute[];
+    /**
+     * Components of a rule that were not successfully processed and returned errors from the org
+     */
+    errors: RuleComponentMessage[];
+    /**
+     * Components that were not auditable, but did not hinder the execution of the audit
+     * Such as permissions on the org that are not classified.
+     */
+    warnings: RuleComponentMessage[];
+};
+export type AuditPolicyResult = {
+    /**
+     * Flag that indicates, if the policy was executed.
+     */
+    enabled: boolean;
+    /**
+     * All executed rules were compliant.
+     */
+    isCompliant: boolean;
+    /**
+     * Record of rules that were executed. Rules are mapped by their name.
+     */
+    executedRules: {
+        [ruleName: string]: PolicyRuleExecutionResult;
+    };
+    /**
+     * List of rules that exist for the policy that were not executed.
+     */
+    skippedRules: PolicyRuleSkipResult[];
+    /**
+     * If the policy was not enabled, a brief message that explains why.
+     */
+    disabledReason?: string;
+    /**
+     * Path to the config file that was processed for this audit.
+     */
+    configPath?: string;
+    /**
+     * A full list of audited entities. Use together with violations to see, which
+     * entities were not compliant.
+     */
+    auditedEntities: string[];
+    /**
+     * Full list of entities that were present in the config file, but could not
+     * be resolved for this org.
+     */
+    ignoredEntities: EntityResolveError[];
+};
+export type AuditResult = {
+    /**
+     * All executed policies were compliant.
+     */
+    isCompliant: boolean;
+    /**
+     * Id of the audited org.
+     */
+    orgId: string;
+    /**
+     * ISO date time of the audit
+     */
+    auditDate: string;
+    /**
+     * Record map of all modules (policies) that were run.
+     */
+    policies: {
+        [moduleName: string]: AuditPolicyResult;
+    };
+};

package/lib/libs/audit/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/lib/libs/audit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/libs/audit/types.ts"],"names":[],"mappings":""}

package/lib/libs/config/audit-run/auditConfigFileManager.d.ts

@@ -0,0 +1,26 @@
+import { AuditRunConfig } from './schema.js';
+export declare const loadAuditConfig: (dirPath: string) => AuditRunConfig;
+export declare const saveAuditConfig: (dirPath: string, conf: AuditRunConfig) => void;
+export default class AuditConfigFileManager {
+    private directoryStructure;
+    constructor();
+    /**
+     * Parses a directory path for policy and classification files
+     * and initialises an audit config from file contents.
+     *
+     * @param dirPath
+     * @returns
+     */
+    parse(dirPath: string): AuditRunConfig;
+    /**
+     * Writes a full audit config to disk. If the config was not
+     * saved yet, initialises filePath on each element.
+     *
+     * @param dirPath
+     * @param subdirName
+     * @returns
+     */
+    save(targetDirPath: string, conf: AuditRunConfig): void;
+    private parseSubdir;
+    private writeSubdir;
+}

package/lib/libs/config/audit-run/auditConfigFileManager.js

@@ -0,0 +1,98 @@
+import path from 'node:path';
+import fs from 'node:fs';
+import yaml from 'js-yaml';
+import { isEmpty } from '../../utils.js';
+import { PermissionsConfigFileSchema, PermSetsPolicyFileSchema, PolicyFileSchema, ProfilesPolicyFileSchema, } from './schema.js';
+export const loadAuditConfig = (dirPath) => {
+    const fileManager = new AuditConfigFileManager();
+    return fileManager.parse(dirPath);
+};
+export const saveAuditConfig = (dirPath, conf) => {
+    const fileManager = new AuditConfigFileManager();
+    fileManager.save(dirPath, conf);
+};
+export default class AuditConfigFileManager {
+    directoryStructure;
+    constructor() {
+        this.directoryStructure = {
+            policies: {
+                profiles: {
+                    schema: ProfilesPolicyFileSchema,
+                },
+                permissionSets: {
+                    schema: PermSetsPolicyFileSchema,
+                },
+                connectedApps: {
+                    schema: PolicyFileSchema,
+                },
+            },
+            classifications: {
+                userPermissions: {
+                    schema: PermissionsConfigFileSchema,
+                },
+                customPermissions: {
+                    schema: PermissionsConfigFileSchema,
+                },
+            },
+        };
+    }
+    /**
+     * Parses a directory path for policy and classification files
+     * and initialises an audit config from file contents.
+     *
+     * @param dirPath
+     * @returns
+     */
+    parse(dirPath) {
+        const classifications = this.parseSubdir(dirPath, 'classifications');
+        const policies = capitalizeKeys(this.parseSubdir(dirPath, 'policies'));
+        return { classifications, policies };
+    }
+    /**
+     * Writes a full audit config to disk. If the config was not
+     * saved yet, initialises filePath on each element.
+     *
+     * @param dirPath
+     * @param subdirName
+     * @returns
+     */
+    save(targetDirPath, conf) {
+        Object.entries(conf).forEach(([dirName, configFiles]) => {
+            fs.mkdirSync(path.join(targetDirPath, dirName), { recursive: true });
+            this.writeSubdir(configFiles, dirName, targetDirPath);
+        });
+    }
+    parseSubdir(dirPath, subdirName) {
+        const parseResults = {};
+        Object.entries(this.directoryStructure[subdirName]).forEach(([fileName, fileConfig]) => {
+            const filePath = path.join(dirPath, subdirName, `${fileName}.yml`);
+            if (fs.existsSync(filePath)) {
+                const fileContent = yaml.load(fs.readFileSync(filePath, 'utf-8'));
+                const content = fileConfig.schema.parse(fileContent);
+                parseResults[fileName] = { filePath, content };
+            }
+        });
+        return parseResults;
+    }
+    writeSubdir(configFiles, dirName, targetDirPath) {
+        const dirConf = this.directoryStructure[dirName];
+        if (!dirConf) {
+            return;
+        }
+        Object.entries(configFiles).forEach(([fileKey, confFile]) => {
+            const uncapitalizedKey = `${fileKey[0].toLowerCase()}${fileKey.slice(1)}`;
+            const fileDef = dirConf[uncapitalizedKey];
+            if (fileDef && !isEmpty(confFile.content)) {
+                // eslint-disable-next-line no-param-reassign
+                confFile.filePath = path.join(targetDirPath, dirName, `${uncapitalizedKey}.yml`);
+                fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
+            }
+        });
+    }
+}
+function capitalizeKeys(object) {
+    const newObj = {};
+    Object.keys(object).forEach((key) => (newObj[`${key[0].toUpperCase()}${key.slice(1)}`] = object[key]));
+    return newObj;
+}
+//# sourceMappingURL=auditConfigFileManager.js.map

package/lib/libs/config/audit-run/auditConfigFileManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAUrB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE;IACjE,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAA4B;IAEtD;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE;gBACR,QAAQ,EAAE;oBACR,MAAM,EAAE,wBAAwB;iBACjC;gBACD,cAAc,EAAE;oBACd,MAAM,EAAE,wBAAwB;iBACjC;gBACD,aAAa,EAAE;oBACb,MAAM,EAAE,gBAAgB;iBACzB;aACF;YACD,eAAe,EAAE;gBACf,eAAe,EAAE;oBACf,MAAM,EAAE,2BAA2B;iBACpC;gBACD,iBAAiB,EAAE;oBACjB,MAAM,EAAE,2BAA2B;iBACpC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAe;QAC1B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QACvE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,EAAE;YACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,WAAW,CAAC,WAAkD,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACrD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YACnE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACrD,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,WAAgD,EAAE,OAAe,EAAE,aAAqB;QAC1G,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YAC1D,MAAM,gBAAgB,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC1C,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,GAAG,gBAAgB,MAAM,CAAC,CAAC;gBACjF,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,cAAc,CAAC,MAA+B;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvG,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/lib/libs/config/audit-run/schema.d.ts

@@ -0,0 +1,100 @@
+import z from 'zod';
+import { PermissionRiskLevelPresets, PolicyRiskLevel } from '../../policies/types.js';
+declare const PermissionsClassificationSchema: z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PolicyRiskLevel>;
+}, z.z.core.$strip>;
+declare const PermsClassificationsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PolicyRiskLevel>;
+}, z.z.core.$strip>>;
+declare const NamedPermissionsClassificationSchema: z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PolicyRiskLevel>;
+    name: z.ZodString;
+}, z.z.core.$strip>;
+declare const PolicyRuleConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    config: z.ZodOptional<z.ZodUnknown>;
+}, z.z.core.$strip>;
+declare const RuleMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    config: z.ZodOptional<z.ZodUnknown>;
+}, z.z.core.$strip>>;
+declare const PermSetConfig: z.ZodObject<{
+    preset: z.ZodEnum<typeof PermissionRiskLevelPresets>;
+}, z.z.core.$strip>;
+declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
+    preset: z.ZodEnum<typeof PermissionRiskLevelPresets>;
+}, z.z.core.$strip>>;
+export declare const PolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        config: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+}, z.z.core.$strip>;
+export declare const ProfilesPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        config: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+    profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
+        preset: z.ZodEnum<typeof PermissionRiskLevelPresets>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const PermSetsPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        config: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+    permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
+        preset: z.ZodEnum<typeof PermissionRiskLevelPresets>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const PermissionsConfigFileSchema: z.ZodObject<{
+    permissions: z.ZodRecord<z.ZodString, z.ZodObject<{
+        label: z.ZodOptional<z.ZodString>;
+        reason: z.ZodOptional<z.ZodString>;
+        classification: z.ZodEnum<typeof PolicyRiskLevel>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export type PermissionsClassification = z.infer<typeof PermissionsClassificationSchema>;
+export type NamedPermissionsClassification = z.infer<typeof NamedPermissionsClassificationSchema>;
+export type PermsClassificationsMap = z.infer<typeof PermsClassificationsMapSchema>;
+export type PermissionsConfig = z.infer<typeof PermissionsConfigFileSchema>;
+export type PolicyRuleConfig = z.infer<typeof PolicyRuleConfigSchema>;
+export type BasePolicyFileContent = z.infer<typeof PolicyFileSchema>;
+export type ProfilesPolicyFileContent = z.infer<typeof ProfilesPolicyFileSchema>;
+export type PermSetsPolicyFileContent = z.infer<typeof PermSetsPolicyFileSchema>;
+export type PermissionSetConfig = z.infer<typeof PermSetConfig>;
+export type PermissionSetLikeMap = z.infer<typeof PermSetMap>;
+export type RuleMap = z.infer<typeof RuleMapSchema>;
+export type ConfigFile<T> = {
+    filePath?: string;
+    content: T;
+};
+export type AuditRunConfigClassifications = {
+    [classificationName: string]: unknown;
+    userPermissions?: ConfigFile<PermissionsConfig>;
+    customPermissions?: ConfigFile<PermissionsConfig>;
+};
+export type AuditRunConfigPolicies = {
+    [policyName: string]: unknown;
+    Profiles?: ConfigFile<ProfilesPolicyFileContent>;
+    PermissionSets?: ConfigFile<PermSetsPolicyFileContent>;
+    ConnectedApps?: ConfigFile<BasePolicyFileContent>;
+};
+export type AuditRunConfig = {
+    [configType: string]: unknown;
+    classifications: AuditRunConfigClassifications;
+    policies: AuditRunConfigPolicies;
+};
+export declare function isPermissionsConfig(cls: unknown): cls is ConfigFile<PermissionsConfig>;
+export declare function isPolicyConfig(cls: unknown): cls is ConfigFile<BasePolicyFileContent>;
+export {};