@j-schreiber/sf-cli-security-audit 0.4.1 → 0.5.0

package/lib/libs/core/mdapi/mdapiRetriever.js

@@ -1,6 +1,7 @@
-import { readFileSync } from 'node:fs';
-import { ComponentSet } from '@salesforce/source-deploy-retrieve';
 import { XMLParser } from 'fast-xml-parser';
+import NamedMetadata from './namedMetadataType.js';
+import SingletonMetadata from './singletonMetadataType.js';
+import NamedMetadataQueryable from './namedMetadataToolingQueryable.js';
 export default class MDAPI {
     connection;
     cache;
@@ -80,94 +81,6 @@ class MetadataCache {
         this.components[cmpName] = content;
     }
 }
-class MetadataRegistryEntry {
-    opts;
-    parser;
-    retrieveType;
-    rootNodeName;
-    constructor(opts) {
-        this.opts = opts;
-        this.retrieveType = this.opts.retrieveType;
-        this.parser = this.opts.parser ?? new XMLParser();
-        this.rootNodeName = this.opts.rootNodeName;
-    }
-    parse(fullFilePath) {
-        const fileContent = readFileSync(fullFilePath, 'utf-8');
-        const parsedContent = this.parser.parse(fileContent);
-        if (this.opts.parsePostProcessor) {
-            return this.opts.parsePostProcessor(parsedContent[this.rootNodeName]);
-        }
-        return parsedContent[this.rootNodeName];
-    }
-}
-/**
- * The entry is a type that only has one single instance on the org, such as
- * a Setting. The component is retrieved by its root node name
- * (e.g. ConnectedAppSettings, AccountSettings, etc).
- */
-class SingletonMetadata extends MetadataRegistryEntry {
-    retrieveName;
-    constructor(opts) {
-        super(opts);
-        this.retrieveName = opts.retrieveName ?? String(this.rootNodeName);
-    }
-    /**
-     * Resolves component names, retrieves the metadata and returns
-     * as a strongly typed result.
-     *
-     * @param con
-     * @param componentNames
-     * @returns
-     */
-    async resolve(con) {
-        const cmpSet = new ComponentSet([{ type: this.retrieveType, fullName: this.retrieveName }]);
-        const retrieveResult = await retrieve(cmpSet, con);
-        return this.parseSourceFile(retrieveResult.components);
-    }
-    parseSourceFile(componentSet) {
-        const cmps = componentSet.getSourceComponents({ type: this.retrieveType, fullName: this.retrieveName }).toArray();
-        if (cmps.length > 0 && cmps[0].xml) {
-            return this.parse(cmps[0].xml);
-        }
-        throw new Error('Failed to resolve settings for: ' + this.retrieveName);
-    }
-}
-class NamedMetadata extends MetadataRegistryEntry {
-    constructor(opts) {
-        super(opts);
-    }
-    /**
-     * Resolves component names, retrieves the metadata and returns
-     * as a strongly typed result.
-     *
-     * @param con
-     * @param componentNames
-     * @returns
-     */
-    async resolve(con, componentNames) {
-        const cmpSet = new ComponentSet(componentNames.map((cname) => ({ type: this.retrieveType, fullName: cname })));
-        const retrieveResult = await retrieve(cmpSet, con);
-        return this.parseSourceFiles(retrieveResult.components, componentNames);
-    }
-    parseSourceFiles(componentSet, retrievedNames) {
-        const cmps = componentSet.getSourceComponents().toArray();
-        const result = {};
-        cmps.forEach((sourceComponent) => {
-            if (sourceComponent.xml && retrievedNames.includes(sourceComponent.name)) {
-                result[sourceComponent.name] = this.parse(sourceComponent.xml);
-            }
-        });
-        return result;
-    }
-}
-async function retrieve(compSet, con) {
-    const retrieveRequest = await compSet.retrieve({
-        usernameOrConnection: con,
-        output: '.jsc/retrieves',
-    });
-    const retrieveResult = await retrieveRequest.pollStatus();
-    return retrieveResult;
-}
 export const NamedTypesRegistry = {
     PermissionSet: new NamedMetadata({
         retrieveType: 'PermissionSet',
@@ -182,6 +95,16 @@ export const NamedTypesRegistry = {
             classAccesses: parseResult.classAccesses ?? [],
         }),
     }),
+    Profile: new NamedMetadataQueryable({
+        objectName: 'Profile',
+        nameField: 'Name',
+        parsePostProcessor: (parseResult) => ({
+            ...parseResult,
+            userPermissions: parseResult.userPermissions ?? [],
+            customPermissions: parseResult.customPermissions ?? [],
+            classAccesses: parseResult.classAccesses ?? [],
+        }),
+    }),
 };
 export const SingletonRegistry = {
     ConnectedAppSettings: new SingletonMetadata({

package/lib/libs/core/mdapi/mdapiRetriever.js.map

@@ -1 +1 @@
-{"version":3,"file":"mdapiRetriever.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/mdapiRetriever.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,YAAY,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,EAAE,YAAY,EAAkB,MAAM,oCAAoC,CAAC;AAClF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAG5C,MAAM,CAAC,OAAO,OAAO,KAAK;IAGG;IAFnB,KAAK,CAAgB;IAE7B,YAA2B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,aAAa,EAAE,CAAC;IACnC,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAClB,QAAyC,EACzC,cAAwB;QAExB,MAAM,SAAS,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAC7E,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YACnC,OAAO;gBACL,GAAG,MAAM;gBACT,GAAG,eAAe;aACI,CAAC;QAC3B,CAAC;QACD,OAAO,MAA6B,CAAC;IACvC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,gBAAgB,CAC3B,QAAwC;QAExC,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;YAC1C,OAAO,eAA0C,CAAC;QACpD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,CAA4B,CAAC;IACrD,CAAC;IAEO,YAAY,CAAC,OAAiC;QACpD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;YACjD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,cAAwB;QAC1C,MAAM,UAAU,GAAG,EAAE,CAAC;QACtB,MAAM,MAAM,GAA6B,EAAE,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;IAChC,CAAC;CACF;AAED,MAAM,aAAa;IACT,UAAU,GAA6B,EAAE,CAAC;IAE3C,QAAQ,CAAC,OAAe;QAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;IACrF,CAAC;IAEM,KAAK,CAAC,OAAe;QAC1B,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,qDAAqD,GAAG,OAAO,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAEM,GAAG,CAAC,OAAe,EAAE,OAAiB;QAC3C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACrC,CAAC;CACF;AA0BD,MAAe,qBAAqB;IAKP;IAJpB,MAAM,CAAY;IAClB,YAAY,CAAS;IACrB,YAAY,CAAM;IAEzB,YAA2B,IAA0C;QAA1C,SAAI,GAAJ,IAAI,CAAsC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;IAC7C,CAAC;IAEM,KAAK,CAAC,YAAsB;QACjC,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAS,CAAC;QAC7D,IAAI,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1C,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,iBAAgD,SAAQ,qBAAgC;IACrF,YAAY,CAAS;IAC5B,YAAmB,IAA0C;QAC3D,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrE,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAAC,GAAe;QAClC,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QAC5F,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACzD,CAAC;IAEO,eAAe,CAAC,YAA0B;QAChD,MAAM,IAAI,GAAG,YAAY,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;QAClH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,kCAAkC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1E,CAAC;CACF;AAED,MAAM,aAA4C,SAAQ,qBAAgC;IACxF,YAAmB,IAA0C;QAC3D,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IACD;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAAC,GAAe,EAAE,cAAwB;QAC5D,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/G,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC1E,CAAC;IAEO,gBAAgB,CAAC,YAA0B,EAAE,cAAwB;QAC3E,MAAM,IAAI,GAAG,YAAY,CAAC,mBAAmB,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1D,MAAM,MAAM,GAA8B,EAAE,CAAC;QAC7C,IAAI,CAAC,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE;YAC/B,IAAI,eAAe,CAAC,GAAG,IAAI,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzE,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YACjE,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CAAC,OAAqB,EAAE,GAAe;IAC5D,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;QAC7C,oBAAoB,EAAE,GAAG;QACzB,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,CAAC;IAC1D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;SAChG,CAAC;QACF,kBAAkB,EAAE,CAAC,WAAW,EAAiB,EAAE,CAAC,CAAC;YACnD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;SAC/C,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,oBAAoB,EAAE,IAAI,iBAAiB,CAAkD;QAC3F,YAAY,EAAE,sBAAsB;QACpC,YAAY,EAAE,cAAc;QAC5B,YAAY,EAAE,UAAU;KACzB,CAAC;CACH,CAAC"}
+{"version":3,"file":"mdapiRetriever.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/mdapiRetriever.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAO5C,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAC3D,OAAO,sBAAsB,MAAM,oCAAoC,CAAC;AAExE,MAAM,CAAC,OAAO,OAAO,KAAK;IAGG;IAFnB,KAAK,CAAgB;IAE7B,YAA2B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,aAAa,EAAE,CAAC;IACnC,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAClB,QAAW,EACX,cAAwB;QAExB,MAAM,SAAS,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAC7E,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YACnC,OAAO;gBACL,GAAG,MAAM;gBACT,GAAG,eAAe;aACI,CAAC;QAC3B,CAAC;QACD,OAAO,MAA6B,CAAC;IACvC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,gBAAgB,CAC3B,QAAW;QAEX,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;YAC1C,OAAO,eAA0C,CAAC;QACpD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,CAA4B,CAAC;IACrD,CAAC;IAEO,YAAY,CAAC,OAAiC;QACpD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;YACjD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,cAAwB;QAC1C,MAAM,UAAU,GAAG,EAAE,CAAC;QACtB,MAAM,MAAM,GAA6B,EAAE,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;IAChC,CAAC;CACF;AAED,MAAM,aAAa;IACT,UAAU,GAA6B,EAAE,CAAC;IAE3C,QAAQ,CAAC,OAAe;QAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;IACrF,CAAC;IAEM,KAAK,CAAC,OAAe;QAC1B,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,qDAAqD,GAAG,OAAO,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAEM,GAAG,CAAC,OAAe,EAAE,OAAiB;QAC3C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACrC,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;SAChG,CAAC;QACF,kBAAkB,EAAE,CAAC,WAAW,EAAiB,EAAE,CAAC,CAAC;YACnD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;SAC/C,CAAC;KACH,CAAC;IACF,OAAO,EAAE,IAAI,sBAAsB,CAAwB;QACzD,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,MAAM;QACjB,kBAAkB,EAAE,CAAC,WAAW,EAAmB,EAAE,CAAC,CAAC;YACrD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;SAC/C,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,oBAAoB,EAAE,IAAI,iBAAiB,CAAkD;QAC3F,YAAY,EAAE,sBAAsB;QACpC,YAAY,EAAE,cAAc;QAC5B,YAAY,EAAE,UAAU;KACzB,CAAC;CACH,CAAC"}

package/lib/libs/core/mdapi/metadataRegistryEntry.d.ts

@@ -0,0 +1,39 @@
+import { PathLike } from 'node:fs';
+import { XMLParser } from 'fast-xml-parser';
+import { ComponentSet, RetrieveResult } from '@salesforce/source-deploy-retrieve';
+import { Connection } from '@salesforce/core';
+export type MetadataRegistryEntryOpts<Type, Key extends keyof Type> = {
+    /**
+     * Metadata API name of the type.
+     */
+    retrieveType: string;
+    /**
+     * Metadata API name entity.
+     */
+    retrieveName?: string;
+    /**
+     * Optional XML parser instance. Typically used to fix errors for
+     * properties that must be parsed as list.
+     */
+    parser?: XMLParser;
+    /**
+     * Name of the root node in XML file content
+     */
+    rootNodeName: Key;
+    /**
+     * Post processor function that sanitises the XML parse result
+     */
+    parsePostProcessor?: (parseResult: Type[Key]) => Type[Key];
+};
+export type NamedMetadataResolver<Type> = {
+    resolve(con: Connection, componentNames: string[]): Promise<Record<string, Type>>;
+};
+export default abstract class MetadataRegistryEntry<Type, Key extends keyof Type> {
+    private opts;
+    parser: XMLParser;
+    retrieveType: string;
+    rootNodeName: Key;
+    constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
+    parse(fullFilePath: PathLike): Type[Key];
+}
+export declare function retrieve(compSet: ComponentSet, con: Connection): Promise<RetrieveResult>;

package/lib/libs/core/mdapi/metadataRegistryEntry.js

@@ -0,0 +1,31 @@
+import { readFileSync } from 'node:fs';
+import { XMLParser } from 'fast-xml-parser';
+export default class MetadataRegistryEntry {
+    opts;
+    parser;
+    retrieveType;
+    rootNodeName;
+    constructor(opts) {
+        this.opts = opts;
+        this.retrieveType = this.opts.retrieveType;
+        this.parser = this.opts.parser ?? new XMLParser();
+        this.rootNodeName = this.opts.rootNodeName;
+    }
+    parse(fullFilePath) {
+        const fileContent = readFileSync(fullFilePath, 'utf-8');
+        const parsedContent = this.parser.parse(fileContent);
+        if (this.opts.parsePostProcessor) {
+            return this.opts.parsePostProcessor(parsedContent[this.rootNodeName]);
+        }
+        return parsedContent[this.rootNodeName];
+    }
+}
+export async function retrieve(compSet, con) {
+    const retrieveRequest = await compSet.retrieve({
+        usernameOrConnection: con,
+        output: '.jsc/retrieves',
+    });
+    const retrieveResult = await retrieveRequest.pollStatus();
+    return retrieveResult;
+}
+//# sourceMappingURL=metadataRegistryEntry.js.map

package/lib/libs/core/mdapi/metadataRegistryEntry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadataRegistryEntry.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/metadataRegistryEntry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,YAAY,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAgC5C,MAAM,CAAC,OAAO,OAAgB,qBAAqB;IAKtB;IAJpB,MAAM,CAAY;IAClB,YAAY,CAAS;IACrB,YAAY,CAAM;IAEzB,YAA2B,IAA0C;QAA1C,SAAI,GAAJ,IAAI,CAAsC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;IAC7C,CAAC;IAEM,KAAK,CAAC,YAAsB;QACjC,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAS,CAAC;QAC7D,IAAI,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAqB,EAAE,GAAe;IACnE,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;QAC7C,oBAAoB,EAAE,GAAG;QACzB,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,CAAC;IAC1D,OAAO,cAAc,CAAC;AACxB,CAAC"}

package/lib/libs/core/mdapi/namedMetadataToolingQueryable.d.ts

@@ -0,0 +1,33 @@
+import { Connection } from '@salesforce/core';
+import { NamedMetadataResolver } from './metadataRegistryEntry.js';
+export type NamedMetadataQueryableOpts<Type> = {
+    /**
+     * Object API name to retrieve. Must be available in tooling API
+     */
+    objectName: string;
+    /**
+     * Unique name field that is used to retrieve the object
+     */
+    nameField: string;
+    /**
+     * Post processor function that sanitises the XML parse result
+     */
+    parsePostProcessor?: (parseResult: Type) => Type;
+};
+/**
+ * The entry is a typical named metadata that is organized in a dedicated source folder
+ * where all entities have the same format. The components are queries from tooling API
+ * and organized by their developer name.
+ */
+export default class NamedMetadataQueryable<Type, Key extends keyof Type> implements NamedMetadataResolver<Type[Key]> {
+    private opts;
+    constructor(opts: NamedMetadataQueryableOpts<Type[Key]>);
+    /**
+     * Resolves a set of component names by querying "Metadata" property from tooling API
+     *
+     * @param con
+     * @param componentNames
+     * @returns
+     */
+    resolve(con: Connection, componentNames: string[]): Promise<Record<string, Type[Key]>>;
+}

package/lib/libs/core/mdapi/namedMetadataToolingQueryable.js

@@ -0,0 +1,41 @@
+import { isNullish } from '../utils.js';
+/**
+ * The entry is a typical named metadata that is organized in a dedicated source folder
+ * where all entities have the same format. The components are queries from tooling API
+ * and organized by their developer name.
+ */
+export default class NamedMetadataQueryable {
+    opts;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    /**
+     * Resolves a set of component names by querying "Metadata" property from tooling API
+     *
+     * @param con
+     * @param componentNames
+     * @returns
+     */
+    async resolve(con, componentNames) {
+        const pendingQueries = new Array();
+        componentNames.forEach((cname) => {
+            const qr = Promise.resolve(con.tooling.query(`SELECT ${this.opts.nameField},Metadata FROM ${this.opts.objectName} WHERE ${this.opts.nameField} = '${cname}'`));
+            pendingQueries.push(qr);
+        });
+        const queryResults = await Promise.all(pendingQueries);
+        const resultMap = {};
+        queryResults.forEach((qr) => {
+            if (qr.totalSize > 0) {
+                const record = qr.records[0];
+                const identifier = record[this.opts.nameField];
+                if (identifier && !isNullish(record.Metadata)) {
+                    resultMap[identifier] = this.opts.parsePostProcessor
+                        ? this.opts.parsePostProcessor(record.Metadata)
+                        : record.Metadata;
+                }
+            }
+        });
+        return resultMap;
+    }
+}
+//# sourceMappingURL=namedMetadataToolingQueryable.js.map

package/lib/libs/core/mdapi/namedMetadataToolingQueryable.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"namedMetadataToolingQueryable.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/namedMetadataToolingQueryable.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAoBxC;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACd;IAA3B,YAA2B,IAA2C;QAA3C,SAAI,GAAJ,IAAI,CAAuC;IAAG,CAAC;IAC1E;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,GAAe,EAAE,cAAwB;QAC5D,MAAM,cAAc,GAAG,IAAI,KAAK,EAAmD,CAAC;QACpF,cAAc,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC/B,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CACxB,GAAG,CAAC,OAAO,CAAC,KAAK,CACf,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,kBAAkB,IAAI,CAAC,IAAI,CAAC,UAAU,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,OAAO,KAAK,GAAG,CAChH,CACF,CAAC;YACF,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACvD,MAAM,SAAS,GAA8B,EAAE,CAAC;QAChD,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC1B,IAAI,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAW,CAAC;gBACzD,IAAI,UAAU,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB;wBAClD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC;wBAC/C,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/lib/libs/core/mdapi/namedMetadataType.d.ts

@@ -0,0 +1,20 @@
+import { Connection } from '@salesforce/core';
+import MetadataRegistryEntry, { MetadataRegistryEntryOpts } from './metadataRegistryEntry.js';
+/**
+ * The entry is a typical named metadata that is organized in a dedicated source folder
+ * where all entities have the same format. The components are retrieved and organized
+ * by their developer name.
+ */
+export default class NamedMetadata<Type, Key extends keyof Type> extends MetadataRegistryEntry<Type, Key> {
+    constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
+    /**
+     * Resolves component names, retrieves the metadata and returns
+     * as a strongly typed result.
+     *
+     * @param con
+     * @param componentNames
+     * @returns
+     */
+    resolve(con: Connection, componentNames: string[]): Promise<Record<string, Type[Key]>>;
+    private parseSourceFiles;
+}

package/lib/libs/core/mdapi/namedMetadataType.js

@@ -0,0 +1,36 @@
+import { ComponentSet } from '@salesforce/source-deploy-retrieve';
+import MetadataRegistryEntry, { retrieve } from './metadataRegistryEntry.js';
+/**
+ * The entry is a typical named metadata that is organized in a dedicated source folder
+ * where all entities have the same format. The components are retrieved and organized
+ * by their developer name.
+ */
+export default class NamedMetadata extends MetadataRegistryEntry {
+    constructor(opts) {
+        super(opts);
+    }
+    /**
+     * Resolves component names, retrieves the metadata and returns
+     * as a strongly typed result.
+     *
+     * @param con
+     * @param componentNames
+     * @returns
+     */
+    async resolve(con, componentNames) {
+        const cmpSet = new ComponentSet(componentNames.map((cname) => ({ type: this.retrieveType, fullName: cname })));
+        const retrieveResult = await retrieve(cmpSet, con);
+        return this.parseSourceFiles(retrieveResult.components, componentNames);
+    }
+    parseSourceFiles(componentSet, retrievedNames) {
+        const cmps = componentSet.getSourceComponents().toArray();
+        const result = {};
+        cmps.forEach((sourceComponent) => {
+            if (sourceComponent.xml && retrievedNames.includes(sourceComponent.name)) {
+                result[sourceComponent.name] = this.parse(sourceComponent.xml);
+            }
+        });
+        return result;
+    }
+}
+//# sourceMappingURL=namedMetadataType.js.map

package/lib/libs/core/mdapi/namedMetadataType.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"namedMetadataType.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/namedMetadataType.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,qBAAqB,EAAE,EAA6B,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAExG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,aAA4C,SAAQ,qBAAgC;IACvG,YAAmB,IAA0C;QAC3D,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IACD;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAAC,GAAe,EAAE,cAAwB;QAC5D,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/G,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC1E,CAAC;IAEO,gBAAgB,CAAC,YAA0B,EAAE,cAAwB;QAC3E,MAAM,IAAI,GAAG,YAAY,CAAC,mBAAmB,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1D,MAAM,MAAM,GAA8B,EAAE,CAAC;QAC7C,IAAI,CAAC,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE;YAC/B,IAAI,eAAe,CAAC,GAAG,IAAI,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzE,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YACjE,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/lib/libs/core/mdapi/singletonMetadataType.d.ts

@@ -0,0 +1,21 @@
+import { Connection } from '@salesforce/core';
+import MetadataRegistryEntry, { MetadataRegistryEntryOpts } from './metadataRegistryEntry.js';
+/**
+ * The entry is a type that only has one single instance on the org, such as
+ * a Setting. The component is typically retrieved by a more generic name and
+ * organized & cached by the explicit name.
+ */
+export default class SingletonMetadata<Type, Key extends keyof Type> extends MetadataRegistryEntry<Type, Key> {
+    retrieveName: string;
+    constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
+    /**
+     * Resolves component names, retrieves the metadata and returns
+     * as a strongly typed result.
+     *
+     * @param con
+     * @param componentNames
+     * @returns
+     */
+    resolve(con: Connection): Promise<Type[Key]>;
+    private parseSourceFile;
+}

package/lib/libs/core/mdapi/singletonMetadataType.js

@@ -0,0 +1,35 @@
+import { ComponentSet } from '@salesforce/source-deploy-retrieve';
+import MetadataRegistryEntry, { retrieve } from './metadataRegistryEntry.js';
+/**
+ * The entry is a type that only has one single instance on the org, such as
+ * a Setting. The component is typically retrieved by a more generic name and
+ * organized & cached by the explicit name.
+ */
+export default class SingletonMetadata extends MetadataRegistryEntry {
+    retrieveName;
+    constructor(opts) {
+        super(opts);
+        this.retrieveName = opts.retrieveName ?? String(this.rootNodeName);
+    }
+    /**
+     * Resolves component names, retrieves the metadata and returns
+     * as a strongly typed result.
+     *
+     * @param con
+     * @param componentNames
+     * @returns
+     */
+    async resolve(con) {
+        const cmpSet = new ComponentSet([{ type: this.retrieveType, fullName: this.retrieveName }]);
+        const retrieveResult = await retrieve(cmpSet, con);
+        return this.parseSourceFile(retrieveResult.components);
+    }
+    parseSourceFile(componentSet) {
+        const cmps = componentSet.getSourceComponents({ type: this.retrieveType, fullName: this.retrieveName }).toArray();
+        if (cmps.length > 0 && cmps[0].xml) {
+            return this.parse(cmps[0].xml);
+        }
+        throw new Error('Failed to resolve settings for: ' + this.retrieveName);
+    }
+}
+//# sourceMappingURL=singletonMetadataType.js.map

package/lib/libs/core/mdapi/singletonMetadataType.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"singletonMetadataType.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/singletonMetadataType.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,qBAAqB,EAAE,EAA6B,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAExG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,iBAAgD,SAAQ,qBAAgC;IACpG,YAAY,CAAS;IAC5B,YAAmB,IAA0C;QAC3D,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrE,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAAC,GAAe;QAClC,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QAC5F,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACzD,CAAC;IAEO,eAAe,CAAC,YAA0B;QAChD,MAAM,IAAI,GAAG,YAAY,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;QAClH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,kCAAkC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1E,CAAC;CACF"}

package/lib/libs/policies/profilePolicy.js

@@ -1,5 +1,5 @@
 import { Messages } from '@salesforce/core';
-import { isNullish } from '../core/utils.js';
+import MDAPI from '../core/mdapi/mdapiRetriever.js';
 import { RuleRegistries } from '../core/registries/types.js';
 import { ProfilesRiskPreset } from '../core/policy-types.js';
 import Policy, { getTotal } from './policy.js';
@@ -22,42 +22,35 @@ export default class ProfilePolicy extends Policy {
         });
         const successfullyResolved = {};
         const ignoredEntities = {};
-        const profileQueryResults = Array();
         const definitiveProfiles = this.config.profiles ?? {};
+        const classifiedProfiles = [];
         Object.entries(definitiveProfiles).forEach(([profileName, profileDef]) => {
-            if (profileDef.preset !== ProfilesRiskPreset.UNKNOWN) {
-                const qr = Promise.resolve(context.targetOrgConnection.tooling.query(`SELECT Name,Metadata FROM Profile WHERE Name = '${profileName}'`));
-                profileQueryResults.push(qr);
-            }
-            else {
+            if (profileDef.preset === ProfilesRiskPreset.UNKNOWN) {
                 ignoredEntities[profileName] = {
                     name: profileName,
                     message: messages.getMessage('preset-unknown', ['Profile']),
                 };
             }
-        });
-        const queryResults = await Promise.all(profileQueryResults);
-        queryResults.forEach((qr) => {
-            if (qr.records && qr.records.length > 0) {
-                const record = qr.records[0];
-                if (isNullish(record.Metadata)) {
-                    ignoredEntities[record.Name] = {
-                        name: record.Name,
-                        message: messages.getMessage('profile-invalid-no-metadata'),
-                    };
-                }
-                else {
-                    successfullyResolved[record.Name] = {
-                        name: record.Name,
-                        preset: definitiveProfiles[record.Name].preset,
-                        metadata: record.Metadata,
-                    };
-                }
+            else {
+                classifiedProfiles.push(profileName);
             }
         });
-        Object.keys(definitiveProfiles).forEach((profileName) => {
-            if (successfullyResolved[profileName] === undefined && ignoredEntities[profileName] === undefined) {
-                ignoredEntities[profileName] = { name: profileName, message: messages.getMessage('entity-not-found') };
+        const mdapi = new MDAPI(context.targetOrgConnection);
+        const resolvedProfiles = await mdapi.resolve('Profile', classifiedProfiles);
+        classifiedProfiles.forEach((profileName) => {
+            const resolvedProfile = resolvedProfiles[profileName];
+            if (!resolvedProfile) {
+                ignoredEntities[profileName] = {
+                    name: profileName,
+                    message: messages.getMessage('entity-not-found'),
+                };
+            }
+            else {
+                successfullyResolved[profileName] = {
+                    name: profileName,
+                    preset: definitiveProfiles[profileName].preset,
+                    metadata: resolvedProfile,
+                };
             }
         });
         const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(ignoredEntities) };

package/lib/libs/policies/profilePolicy.js.map

@@ -1 +1 @@
-{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/profilePolicy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAgB,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAGpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAM;IAGtC;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,QAAQ,GAAG,cAAc,CAAC,QAAQ;QAElC,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAE/D,MAAM,mBAAmB,GAAG,KAAK,EAAoC,CAAC;QACtE,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CACxB,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CACvC,mDAAmD,WAAW,GAAG,CAClE,CACF,CAAC;gBACF,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAC5D,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC1B,IAAI,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC7B,IAAI,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/B,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;wBAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;qBAC5D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;wBAClC,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM;wBAC9C,QAAQ,EAAE,MAAM,CAAC,QAAQ;qBAC1B,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACtD,IAAI,oBAAoB,CAAC,WAAW,CAAC,KAAK,SAAS,IAAI,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;gBAClG,eAAe,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzG,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
+{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAgB,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAM;IAGtC;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,QAAQ,GAAG,cAAc,CAAC,QAAQ;QAElC,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC,MAAM;oBAC9C,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/messages/org.audit.init.md

@@ -14,12 +14,24 @@ Target org to export permissions, profiles, users, etc.
 
 Directory where the audit config is initialised. If not set, the root directory will be used.
 
+# flags.preset.summary
+
+Select a preset to initialise permission classifications (risk levels).
+
+# flags.preset.description
+
+The selected preset is applied before any other default mechanisms (such as template configs). This means, values from a selected template override the preset. Consult the documentation to learn more about the rationale behind the default risk levels. The risk levels interact with the configured preset on profiles and permission sets and essentially control, if a permission is allowed in a certain profile / permission set.
+
 # examples
 
 - Initialise audit policies at the root directory
 
   <%= config.bin %> <%= command.id %> -o MyTargetOrg
 
+- Initialise audit config at custom directory with preset
+
+  <%= config.bin %> <%= command.id %> -o MyTargetOrg -d my_dir -p loose
+
 # success.perm-classification-summary
 
 Initialised %s permissions at %s.

package/messages/policyclassifications.md

@@ -2,9 +2,25 @@
 
 Allows to modify all parts of the app, including security settings.
 
-# Packaging
+# ModifyMetadata
 
-Allows to create, manage and install packages.
+Allows to modify all parts of the app, including security settings.
+
+# Packaging2
+
+General permissions for 2nd generation packages.
+
+# InstallPackaging
+
+Install unlocked and managed packages.
+
+# Packaging2PromoteVersion
+
+Promote 2nd generation packages for distribution and install on production orgs.
+
+# Packaging2Delete
+
+Delete versions of 2nd generation packages.
 
 # ViewSetup
 
@@ -14,6 +30,10 @@ Allows to browse setup and view sensitive configurations.
 
 Bypass all sharing, making all sharing architecture obsolete.
 
+# ModifyAllData
+
+Bypass all sharing and layout permissions.
+
 # AuthorApex
 
 Apex can perform harmful actions, and deployed Apex runs in system mode.
@@ -33,3 +53,19 @@ Set up and reset the connected MFA for a user.
 # CanApproveUninstalledApps
 
 Allows to authorize new connected apps and therefore new integrations.
+
+# UseAnyApiClient
+
+Bypass all security settings and use deprecated login types.
+
+# ViewClientSecret
+
+Access and export secrets from connected apps.
+
+# ExportReport
+
+Reports allow to export classified or sensitive data.
+
+# ManageRemoteAccess
+
+Manage, create, edit, and delete connected applications.

package/oclif.manifest.json

@@ -5,7 +5,8 @@
       "args": {},
       "description": "Exports permissions (standard and custom), permission sets, profiles, users, etc from the target org. All classifications are initialised with sane defaults that you can customize later.",
       "examples": [
-        "Initialise audit policies at the root directory\n<%= config.bin %> <%= command.id %> -o MyTargetOrg"
+        "Initialise audit policies at the root directory\n<%= config.bin %> <%= command.id %> -o MyTargetOrg",
+        "Initialise audit config at custom directory with preset\n<%= config.bin %> <%= command.id %> -o MyTargetOrg -d my_dir -p loose"
       ],
       "flags": {
         "json": {
@@ -43,6 +44,21 @@
           "multiple": false,
           "type": "option"
         },
+        "preset": {
+          "char": "p",
+          "description": "The selected preset is applied before any other default mechanisms (such as template configs). This means, values from a selected template override the preset. Consult the documentation to learn more about the rationale behind the default risk levels. The risk levels interact with the configured preset on profiles and permission sets and essentially control, if a permission is allowed in a certain profile / permission set.",
+          "name": "preset",
+          "summary": "Select a preset to initialise permission classifications (risk levels).",
+          "default": "strict",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "options": [
+            "strict",
+            "loose",
+            "none"
+          ],
+          "type": "option"
+        },
         "api-version": {
           "description": "Override the api version used for api requests made by this command",
           "name": "api-version",
@@ -157,5 +173,5 @@
       ]
     }
   },
-  "version": "0.4.1"
+  "version": "0.5.0"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@j-schreiber/sf-cli-security-audit",
   "description": "Salesforce CLI plugin to automate highly configurable security audits",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "repository": {
     "type": "https",
     "url": "https://github.com/j-schreiber/js-sf-cli-security-audit"