@j-schreiber/sf-cli-security-audit 0.4.0 → 0.5.0

package/README.md

@@ -38,12 +38,15 @@ Initialises classifications and policies for a security audit.
 
 ```
 USAGE
-  $ sf org audit init -o <value> [--json] [--flags-dir <value>] [-d <value>] [--api-version <value>]
+  $ sf org audit init -o <value> [--json] [--flags-dir <value>] [-d <value>] [-p strict|loose|none] [--api-version
+    <value>]
 
 FLAGS
   -d, --output-dir=<value>   Directory where the audit config is initialised. If not set, the root directory will be
                              used.
   -o, --target-org=<value>   (required) Target org to export permissions, profiles, users, etc.
+  -p, --preset=<option>      [default: strict] Select a preset to initialise permission classifications (risk levels).
+                             <options: strict|loose|none>
       --api-version=<value>  Override the api version used for api requests made by this command
 
 GLOBAL FLAGS
@@ -60,9 +63,21 @@ EXAMPLES
   Initialise audit policies at the root directory
 
     $ sf org audit init -o MyTargetOrg
+
+  Initialise audit config at custom directory with preset
+
+    $ sf org audit init -o MyTargetOrg -d my_dir -p loose
+
+FLAG DESCRIPTIONS
+  -p, --preset=strict|loose|none  Select a preset to initialise permission classifications (risk levels).
+
+    The selected preset is applied before any other default mechanisms (such as template configs). This means, values
+    from a selected template override the preset. Consult the documentation to learn more about the rationale behind the
+    default risk levels. The risk levels interact with the configured preset on profiles and permission sets and
+    essentially control, if a permission is allowed in a certain profile / permission set.
 ```
 
-_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.1.0/src/commands/org/audit/init.ts)_
+_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.4.1/src/commands/org/audit/init.ts)_
 
 ## `sf org audit run`
 
@@ -70,10 +85,10 @@ Audit your org.
 
 ```
 USAGE
-  $ sf org audit run -o <value> -d <value> [--json] [--flags-dir <value>] [--api-version <value>]
+  $ sf org audit run -o <value> [--json] [--flags-dir <value>] [-d <value>] [--api-version <value>]
 
 FLAGS
-  -d, --source-dir=<value>   (required) Location of the audit config.
+  -d, --source-dir=<value>   Location of the audit config.
   -o, --target-org=<value>   (required) The org that is audited.
       --api-version=<value>  Override the api version used for api requests made by this command
 
@@ -93,7 +108,7 @@ EXAMPLES
     $ sf org audit run -o MyTargetOrg -d configs/prod
 ```
 
-_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.1.0/src/commands/org/audit/run.ts)_
+_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.4.1/src/commands/org/audit/run.ts)_
 
 <!-- commandsstop -->
 

package/lib/commands/org/audit/init.d.ts

@@ -1,5 +1,6 @@
 import { SfCommand } from '@salesforce/sf-plugins-core';
-import { AuditRunConfig } from '../../../libs/config/audit-run/schema.js';
+import { AuditRunConfig } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
 export type OrgAuditInitResult = AuditRunConfig;
 export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
     static readonly summary: string;
@@ -8,6 +9,7 @@ export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
     static readonly flags: {
         'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
         'output-dir': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        preset: import("@oclif/core/interfaces").OptionFlag<AuditInitPresets, import("@oclif/core/interfaces").CustomOptions>;
         'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<OrgAuditInitResult>;

package/lib/commands/org/audit/init.js

@@ -1,9 +1,17 @@
 import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
 import { Messages } from '@salesforce/core';
-import AuditConfig from '../../../libs/policies/initialisation/auditConfig.js';
-import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/config/audit-run/schema.js';
+import AuditConfig from '../../../libs/conf-init/auditConfig.js';
+import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
+const presetFlag = Flags.custom({
+    char: 'p',
+    summary: messages.getMessage('flags.preset.summary'),
+    description: messages.getMessage('flags.preset.description'),
+    options: Object.values(AuditInitPresets),
+    default: AuditInitPresets.strict,
+})();
 export default class OrgAuditInit extends SfCommand {
     static summary = messages.getMessage('summary');
     static description = messages.getMessage('description');
@@ -20,12 +28,14 @@ export default class OrgAuditInit extends SfCommand {
             summary: messages.getMessage('flags.output-dir.summary'),
             default: '',
         }),
+        preset: presetFlag,
         'api-version': Flags.orgApiVersion(),
     };
     async run() {
         const { flags } = await this.parse(OrgAuditInit);
         const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
             targetDir: flags['output-dir'],
+            preset: flags.preset,
         });
         this.printResults(auditConfig);
         return auditConfig;

package/lib/commands/org/audit/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,sDAAsD,CAAC;AAC/E,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,0CAA0C,CAAC;AAElD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;SAC/B,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,IAAI;wBACJ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAmB;IAChD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;IACpD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;IAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACxC,OAAO,EAAE,gBAAgB,CAAC,MAAM;CACjC,CAAC,EAAE,CAAC;AAEL,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,IAAI;wBACJ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}

package/lib/commands/org/audit/run.d.ts

@@ -1,6 +1,6 @@
 import { Interfaces } from '@oclif/core';
 import { SfCommand } from '@salesforce/sf-plugins-core';
-import { AuditResult } from '../../../libs/audit/types.js';
+import { AuditResult } from '../../../libs/core/result-types.js';
 export type OrgAuditRunResult = AuditResult & {
     filePath: string;
 };

package/lib/libs/{policies/initialisation → conf-init}/auditConfig.d.ts

@@ -1,10 +1,18 @@
 import { Connection } from '@salesforce/core';
-import { AuditRunConfig } from '../../config/audit-run/schema.js';
+import { AuditRunConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
 /**
  * Additional options how the config should be initialised.
  */
 export type AuditInitOptions = {
+    /**
+     * When set, config files are created at the target location.
+     */
     targetDir?: string;
+    /**
+     * An optional preset to initialise classifications and policies.
+     */
+    preset?: AuditInitPresets;
 };
 /**
  * Exposes key functionality to load an audit config as static methods. This makes

package/lib/libs/{policies/initialisation → conf-init}/auditConfig.js

@@ -1,4 +1,4 @@
-import AuditConfigFileManager from '../../config/audit-run/auditConfigFileManager.js';
+import { DefaultFileManager } from '../core/file-mgmt/auditConfigFileManager.js';
 import { initCustomPermissions, initUserPermissions } from './permissionsClassification.js';
 import { initConnectedApps, initPermissionSets, initProfiles } from './policyConfigs.js';
 /**
@@ -13,9 +13,8 @@ export default class AuditConfig {
      * @param con
      */
     static async init(targetCon, opts) {
-        const fileManager = new AuditConfigFileManager();
         const conf = { classifications: {}, policies: {} };
-        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon) };
+        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon, opts?.preset) };
         const customPerms = await initCustomPermissions(targetCon);
         if (customPerms) {
             conf.classifications.customPermissions = { content: customPerms };
@@ -24,7 +23,7 @@ export default class AuditConfig {
         conf.policies.PermissionSets = { content: await initPermissionSets(targetCon) };
         conf.policies.ConnectedApps = { content: initConnectedApps() };
         if (opts?.targetDir) {
-            fileManager.save(opts.targetDir, conf);
+            DefaultFileManager.save(opts.targetDir, conf);
         }
         return conf;
     }
@@ -34,8 +33,7 @@ export default class AuditConfig {
      * @param sourceDir
      */
     static load(sourceDir) {
-        const fileManager = new AuditConfigFileManager();
-        return fileManager.parse(sourceDir);
+        return DefaultFileManager.parse(sourceDir);
     }
 }
 //# sourceMappingURL=auditConfig.js.map

package/lib/libs/conf-init/auditConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAiBzF;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvG,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,IAAI,IAAI,EAAE,SAAS,EAAE,CAAC;YACpB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}

package/lib/libs/{policies/initialisation → conf-init}/permissionsClassification.d.ts

@@ -1,12 +1,13 @@
 import { Connection } from '@salesforce/core';
-import { NamedPermissionsClassification, PermissionsConfig } from '../../config/audit-run/schema.js';
+import { PermissionsConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
 /**
- * Initialises a fresh set of user permissions from target org connection
+ * Initialises a fresh set of user permissions from target org connection.
  *
  * @param con
  * @returns
  */
-export declare function initUserPermissions(con: Connection): Promise<PermissionsConfig>;
+export declare function initUserPermissions(con: Connection, preset?: AuditInitPresets): Promise<PermissionsConfig>;
 /**
  * Initialises a fresh set of custom permissions from the target org
  *
@@ -14,4 +15,3 @@ export declare function initUserPermissions(con: Connection): Promise<Permission
  * @returns
  */
 export declare function initCustomPermissions(con: Connection): Promise<PermissionsConfig | undefined>;
-export declare const classificationSorter: (a: NamedPermissionsClassification, b: NamedPermissionsClassification) => number;

package/lib/libs/conf-init/permissionsClassification.js

@@ -0,0 +1,80 @@
+import { CUSTOM_PERMS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import MDAPI from '../core/mdapi/mdapiRetriever.js';
+import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
+import { loadPreset } from './presets.js';
+/**
+ * Initialises a fresh set of user permissions from target org connection.
+ *
+ * @param con
+ * @returns
+ */
+export async function initUserPermissions(con, preset) {
+    const describePerms = await parsePermsFromDescribe(con);
+    const assignedPerms = await findAssignedPerms(con);
+    const allPerms = { ...describePerms, ...assignedPerms };
+    const presConfig = loadPreset(preset);
+    const perms = presConfig.classifyUserPermissions(Object.values(allPerms));
+    perms.sort(classificationSorter);
+    const result = { permissions: {} };
+    perms.forEach((perm) => (result.permissions[perm.name] = {
+        label: sanitiseLabel(perm.label),
+        classification: perm.classification,
+        reason: perm.reason,
+    }));
+    return result;
+}
+/**
+ * Initialises a fresh set of custom permissions from the target org
+ *
+ * @param con
+ * @returns
+ */
+export async function initCustomPermissions(con) {
+    const result = { permissions: {} };
+    const customPerms = await con.query(CUSTOM_PERMS_QUERY);
+    if (customPerms.records.length === 0) {
+        return undefined;
+    }
+    const perms = customPerms.records.map((cp) => ({
+        name: cp.DeveloperName,
+        label: cp.MasterLabel,
+        classification: PermissionRiskLevel.UNKNOWN,
+    }));
+    perms.forEach((perm) => (result.permissions[perm.name] = {
+        label: perm.label,
+        classification: perm.classification,
+    }));
+    return result;
+}
+async function parsePermsFromDescribe(con) {
+    const permSet = await con.describe('PermissionSet');
+    const describeAvailablePerms = {};
+    permSet.fields
+        .filter((field) => field.name.startsWith('Permissions'))
+        .forEach((field) => {
+        const permName = field.name.replace('Permissions', '');
+        describeAvailablePerms[permName] = {
+            label: field.label,
+            name: permName,
+        };
+    });
+    return describeAvailablePerms;
+}
+async function findAssignedPerms(con) {
+    const assignedPerms = {};
+    const profiles = await con.query(PROFILES_QUERY);
+    if (profiles.records?.length > 0) {
+        const mdapi = new MDAPI(con);
+        const resolvedProfiles = await mdapi.resolve('Profile', profiles.records.map((p) => p.Profile.Name));
+        Object.values(resolvedProfiles).forEach((profile) => {
+            profile.userPermissions.forEach((userPerm) => {
+                assignedPerms[userPerm.name] = { name: userPerm.name };
+            });
+        });
+    }
+    return assignedPerms;
+}
+function sanitiseLabel(rawLabel) {
+    return rawLabel?.replace(/[ \t]+$|[\r\n]+/g, '');
+}
+//# sourceMappingURL=permissionsClassification.js.map

package/lib/libs/conf-init/permissionsClassification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAClF,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}

package/lib/libs/{policies/initialisation → conf-init}/policyConfigs.d.ts

@@ -1,5 +1,5 @@
 import { Connection } from '@salesforce/core';
-import { BasePolicyFileContent, PermSetsPolicyFileContent, ProfilesPolicyFileContent } from '../../config/audit-run/schema.js';
+import { BasePolicyFileContent, PermSetsPolicyFileContent, ProfilesPolicyFileContent } from '../core/file-mgmt/schema.js';
 /**
  * Initialises a new profiles policy with the local org's
  * profiles and all default rules enabled.

package/lib/libs/{policies/initialisation → conf-init}/policyConfigs.js

@@ -1,8 +1,6 @@
-import { PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../../config/queries.js';
-import { ProfilesRegistry } from '../../config/registries/profiles.js';
-import { PermissionRiskLevelPresets } from '../types.js';
-import { PermissionSetsRegistry } from '../../config/registries/permissionSets.js';
-import { ConnectedAppsRegistry } from '../../config/registries/connectedApps.js';
+import { PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import { RuleRegistries } from '../core/registries/types.js';
+import { ProfilesRiskPreset } from '../core/policy-types.js';
 /**
  * Initialises a new profiles policy with the local org's
  * profiles and all default rules enabled.
@@ -15,9 +13,9 @@ export async function initProfiles(targetOrgCon) {
     const profiles = await targetOrgCon.query(PROFILES_QUERY);
     const content = { enabled: true, profiles: {}, rules: {} };
     profiles.records.forEach((permsetRecord) => {
-        content.profiles[permsetRecord.Profile.Name] = { preset: PermissionRiskLevelPresets.UNKNOWN };
+        content.profiles[permsetRecord.Profile.Name] = { preset: ProfilesRiskPreset.UNKNOWN };
     });
-    ProfilesRegistry.registeredRules().forEach((ruleName) => {
+    RuleRegistries.Profiles.registeredRules().forEach((ruleName) => {
         content.rules[ruleName] = {
             enabled: true,
         };
@@ -41,9 +39,9 @@ export async function initPermissionSets(targetOrgCon) {
     permSets.records
         .filter((permsetRecord) => permsetRecord.IsCustom)
         .forEach((permsetRecord) => {
-        content.permissionSets[permsetRecord.Name] = { preset: PermissionRiskLevelPresets.UNKNOWN };
+        content.permissionSets[permsetRecord.Name] = { preset: ProfilesRiskPreset.UNKNOWN };
     });
-    PermissionSetsRegistry.registeredRules().forEach((ruleName) => {
+    RuleRegistries.PermissionSets.registeredRules().forEach((ruleName) => {
         content.rules[ruleName] = {
             enabled: true,
         };
@@ -57,7 +55,7 @@ export async function initPermissionSets(targetOrgCon) {
  */
 export function initConnectedApps() {
     const content = { enabled: true, rules: {} };
-    ConnectedAppsRegistry.registeredRules().forEach((ruleName) => {
+    RuleRegistries.ConnectedApps.registeredRules().forEach((ruleName) => {
         content.rules[ruleName] = {
             enabled: true,
         };

package/lib/libs/conf-init/policyConfigs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyConfigs.js","sourceRoot":"","sources":["../../../src/libs/conf-init/policyConfigs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAO7E,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAA8B,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACtF,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACxF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAA8B;QACzC,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,EAAE;QAClB,KAAK,EAAE,EAAE;KACV,CAAC;IACF,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACL,cAAc,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QACnE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,OAAO,GAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpE,cAAc,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAClE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/lib/libs/conf-init/presets/loose.d.ts

@@ -0,0 +1,6 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor();
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/loose.js

@@ -0,0 +1,35 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.HIGH,
+            CustomizeApplication: PermissionRiskLevel.HIGH,
+            ModifyMetadata: PermissionRiskLevel.HIGH,
+            AuthorApex: PermissionRiskLevel.HIGH,
+            ManageAuthProviders: PermissionRiskLevel.HIGH,
+            Packaging2: PermissionRiskLevel.HIGH,
+            Packaging2Delete: PermissionRiskLevel.HIGH,
+            Packaging2PromoteVersion: PermissionRiskLevel.HIGH,
+            InstallPackaging: PermissionRiskLevel.HIGH,
+            ViewClientSecret: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            ViewSetup: PermissionRiskLevel.MEDIUM,
+            ViewAllData: PermissionRiskLevel.MEDIUM,
+            ModifyAllData: PermissionRiskLevel.MEDIUM,
+            ExportReport: PermissionRiskLevel.MEDIUM,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+            ApiEnabled: PermissionRiskLevel.LOW,
+        });
+    }
+    initDefault(permName) {
+        const basePerm = super.initDefault(permName);
+        if (basePerm.classification === PermissionRiskLevel.UNKNOWN) {
+            basePerm.classification = PermissionRiskLevel.LOW;
+        }
+        return basePerm;
+    }
+}
+//# sourceMappingURL=loose.js.map

package/lib/libs/conf-init/presets/loose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,GAAG;SACpC,CAAC,CAAC;IACL,CAAC;IAEe,WAAW,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;YAC5D,QAAQ,CAAC,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/lib/libs/conf-init/presets/none.d.ts

@@ -0,0 +1,30 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import { Optional } from '../../core/utils.js';
+export type UnclassifiedPerm = Optional<NamedPermissionsClassification, 'classification'>;
+export type Preset = {
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+};
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset implements Preset {
+    protected userPermissions: Record<string, Partial<NamedPermissionsClassification>>;
+    constructor(userPerms?: Record<string, PermissionRiskLevel>);
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/none.js

@@ -0,0 +1,54 @@
+import { Messages } from '@salesforce/core';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const descriptions = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policyclassifications');
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset {
+    userPermissions;
+    constructor(userPerms) {
+        this.userPermissions = {};
+        if (userPerms) {
+            Object.entries(userPerms).forEach(([name, classification]) => {
+                if (this.userPermissions[name]) {
+                    this.userPermissions[name].classification = classification;
+                }
+                else {
+                    this.userPermissions[name] = { classification };
+                }
+            });
+        }
+    }
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms) {
+        return rawPerms.map((perm) => ({
+            ...this.initDefault(perm.name),
+            ...perm,
+        }));
+    }
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName) {
+        const def = this.userPermissions[permName];
+        const hasDescription = descriptions.messages.has(permName);
+        return {
+            ...def,
+            name: permName,
+            classification: def?.classification ?? PermissionRiskLevel.UNKNOWN,
+            reason: hasDescription ? descriptions.getMessage(permName) : undefined,
+        };
+    }
+}
+//# sourceMappingURL=none.js.map

package/lib/libs/conf-init/presets/none.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"none.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/none.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAGzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,uBAAuB,CAAC,CAAC;AAQ1G;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IACnB,eAAe,CAA0D;IAEnF,YAAmB,SAA+C;QAChE,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE;gBAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,cAAc,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC;gBAClD,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,QAA4B;QACzD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,GAAG,IAAI;SACR,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,OAAO;YACL,GAAG,GAAG;YACN,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,mBAAmB,CAAC,OAAO;YAClE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC;IACJ,CAAC;CACF"}

package/lib/libs/conf-init/presets/strict.d.ts

@@ -0,0 +1,4 @@
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor();
+}

package/lib/libs/conf-init/presets/strict.js

@@ -0,0 +1,28 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.BLOCKED,
+            CustomizeApplication: PermissionRiskLevel.CRITICAL,
+            ModifyMetadata: PermissionRiskLevel.CRITICAL,
+            AuthorApex: PermissionRiskLevel.CRITICAL,
+            ManageAuthProviders: PermissionRiskLevel.CRITICAL,
+            Packaging2: PermissionRiskLevel.CRITICAL,
+            Packaging2Delete: PermissionRiskLevel.CRITICAL,
+            Packaging2PromoteVersion: PermissionRiskLevel.CRITICAL,
+            InstallPackaging: PermissionRiskLevel.CRITICAL,
+            ViewClientSecret: PermissionRiskLevel.CRITICAL,
+            ExportReport: PermissionRiskLevel.HIGH,
+            ViewSetup: PermissionRiskLevel.HIGH,
+            ApiEnabled: PermissionRiskLevel.HIGH,
+            ViewAllData: PermissionRiskLevel.HIGH,
+            ModifyAllData: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+        });
+    }
+}
+//# sourceMappingURL=strict.js.map

package/lib/libs/conf-init/presets/strict.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,SAAS,EAAE,mBAAmB,CAAC,MAAM;SACtC,CAAC,CAAC;IACL,CAAC;CACF"}

package/lib/libs/conf-init/presets.d.ts

@@ -0,0 +1,7 @@
+import { Preset } from './presets/none.js';
+export declare enum AuditInitPresets {
+    strict = "strict",
+    loose = "loose",
+    none = "none"
+}
+export declare function loadPreset(presetName?: AuditInitPresets): Preset;

package/lib/libs/conf-init/presets.js

@@ -0,0 +1,20 @@
+import LoosePreset from './presets/loose.js';
+import NonePreset from './presets/none.js';
+import StrictPreset from './presets/strict.js';
+export var AuditInitPresets;
+(function (AuditInitPresets) {
+    AuditInitPresets["strict"] = "strict";
+    AuditInitPresets["loose"] = "loose";
+    AuditInitPresets["none"] = "none";
+})(AuditInitPresets || (AuditInitPresets = {}));
+export function loadPreset(presetName) {
+    switch (presetName) {
+        case AuditInitPresets.loose:
+            return new LoosePreset();
+        case AuditInitPresets.strict:
+            return new StrictPreset();
+        default:
+            return new NonePreset();
+    }
+}
+//# sourceMappingURL=presets.js.map

package/lib/libs/conf-init/presets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"presets.js","sourceRoot":"","sources":["../../../src/libs/conf-init/presets.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,oBAAoB,CAAC;AAC7C,OAAO,UAAsB,MAAM,mBAAmB,CAAC;AACvD,OAAO,YAAY,MAAM,qBAAqB,CAAC;AAE/C,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B;IACtD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAgB,CAAC,KAAK;YACzB,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B,KAAK,gBAAgB,CAAC,MAAM;YAC1B,OAAO,IAAI,YAAY,EAAE,CAAC;QAC5B;YACE,OAAO,IAAI,UAAU,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC"}

package/lib/libs/core/classification-types.d.ts

@@ -0,0 +1,20 @@
+import { NamedPermissionsClassification } from './file-mgmt/schema.js';
+/**
+ * Enum to classify user and custom permissions.
+ */
+export declare enum PermissionRiskLevel {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    BLOCKED = "Blocked",
+    /** Developer permissions, allow to modify the application */
+    CRITICAL = "Critical",
+    /** Admin permissions, allow to manage users and change permissions */
+    HIGH = "High",
+    /** Elevated business permissions for privileged users */
+    MEDIUM = "Medium",
+    /** Regular user permissions, typically needed for day-to-day work */
+    LOW = "Low",
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    UNKNOWN = "Unknown"
+}
+export declare function resolveRiskLevelOrdinalValue(value: string): number;
+export declare const classificationSorter: (a: NamedPermissionsClassification, b: NamedPermissionsClassification) => number;

package/lib/libs/core/classification-types.js

@@ -0,0 +1,23 @@
+/**
+ * Enum to classify user and custom permissions.
+ */
+export var PermissionRiskLevel;
+(function (PermissionRiskLevel) {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    PermissionRiskLevel["BLOCKED"] = "Blocked";
+    /** Developer permissions, allow to modify the application */
+    PermissionRiskLevel["CRITICAL"] = "Critical";
+    /** Admin permissions, allow to manage users and change permissions */
+    PermissionRiskLevel["HIGH"] = "High";
+    /** Elevated business permissions for privileged users */
+    PermissionRiskLevel["MEDIUM"] = "Medium";
+    /** Regular user permissions, typically needed for day-to-day work */
+    PermissionRiskLevel["LOW"] = "Low";
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    PermissionRiskLevel["UNKNOWN"] = "Unknown";
+})(PermissionRiskLevel || (PermissionRiskLevel = {}));
+export function resolveRiskLevelOrdinalValue(value) {
+    return Object.keys(PermissionRiskLevel).indexOf(value.toUpperCase());
+}
+export const classificationSorter = (a, b) => resolveRiskLevelOrdinalValue(a.classification) - resolveRiskLevelOrdinalValue(b.classification);
+//# sourceMappingURL=classification-types.js.map