@j-schreiber/sf-cli-security-audit 0.6.0 → 0.7.1

package/lib/libs/core/file-mgmt/auditConfigFileManager.js

@@ -2,8 +2,9 @@ import path from 'node:path';
 import fs from 'node:fs';
 import yaml from 'js-yaml';
 import { Messages } from '@salesforce/core';
-import { capitalize, isEmpty, uncapitalize } from '../utils.js';
-import { PermissionsConfigFileSchema, PermSetsPolicyFileSchema, PolicyFileSchema, ProfilesPolicyFileSchema, } from './schema.js';
+import { isEmpty } from '../utils.js';
+import { classificationDefs, policyDefs } from '../policyRegistry.js';
+import { throwAsSfError, } from './schema.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
 /**
@@ -32,31 +33,8 @@ export default class AuditConfigFileManager {
     directoryStructure;
     constructor() {
         this.directoryStructure = {
-            policies: {
-                profiles: {
-                    schema: ProfilesPolicyFileSchema,
-                    dependencies: [
-                        { path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForProfiles' },
-                    ],
-                },
-                permissionSets: {
-                    schema: PermSetsPolicyFileSchema,
-                    dependencies: [
-                        { path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForPermSets' },
-                    ],
-                },
-                connectedApps: {
-                    schema: PolicyFileSchema,
-                },
-            },
-            classifications: {
-                userPermissions: {
-                    schema: PermissionsConfigFileSchema,
-                },
-                customPermissions: {
-                    schema: PermissionsConfigFileSchema,
-                },
-            },
+            policies: policyDefs,
+            classifications: classificationDefs,
         };
     }
     /**
@@ -68,7 +46,7 @@ export default class AuditConfigFileManager {
      */
     parse(dirPath) {
         const classifications = this.parseSubdir(dirPath, 'classifications');
-        const policies = capitalizeKeys(this.parseSubdir(dirPath, 'policies'));
+        const policies = this.parseSubdir(dirPath, 'policies');
         const conf = { classifications, policies };
         assertIsMinimalConfig(conf, dirPath);
         this.validateDependencies(conf);
@@ -83,41 +61,55 @@ export default class AuditConfigFileManager {
      * @returns
      */
     save(targetDirPath, conf) {
-        Object.entries(conf).forEach(([dirName, configFiles]) => {
-            fs.mkdirSync(path.join(targetDirPath, dirName), { recursive: true });
-            this.writeSubdir(configFiles, dirName, targetDirPath);
-        });
+        this.writeClassifications(conf.classifications, targetDirPath);
+        this.writePolicies(conf.policies, targetDirPath);
     }
     parseSubdir(dirPath, subdirName) {
         const parseResults = {};
         Object.entries(this.directoryStructure[subdirName]).forEach(([fileName, fileConfig]) => {
-            const filePath = path.join(dirPath, subdirName, `${fileName}.yml`);
+            const filePath = path.join(dirPath.toString(), subdirName, `${fileName}.yml`);
             if (fs.existsSync(filePath)) {
                 const fileContent = yaml.load(fs.readFileSync(filePath, 'utf-8'));
-                const content = fileConfig.schema.parse(fileContent);
-                parseResults[fileName] = { filePath, content };
+                const parseResult = fileConfig.schema.safeParse(fileContent);
+                if (parseResult.success) {
+                    parseResults[fileName] = { filePath, content: parseResult.data };
+                }
+                else {
+                    throwAsSfError(`${fileName}.yml`, parseResult.error);
+                }
             }
         });
         return parseResults;
     }
-    writeSubdir(configFiles, dirName, targetDirPath) {
-        const dirConf = this.directoryStructure[dirName];
-        if (!dirConf) {
-            return;
-        }
-        Object.entries(configFiles).forEach(([fileKey, confFile]) => {
-            const uncapitalizedKey = uncapitalize(fileKey);
-            const fileDef = dirConf[uncapitalizedKey];
+    writeClassifications(content, targetDirPath) {
+        const dirPath = path.join(targetDirPath.toString(), 'classifications');
+        fs.mkdirSync(dirPath, { recursive: true });
+        const dirConf = this.directoryStructure.classifications;
+        Object.entries(content).forEach(([fileKey, confFile]) => {
+            const fileDef = dirConf[fileKey];
+            if (fileDef && !isEmpty(confFile.content)) {
+                // eslint-disable-next-line no-param-reassign
+                confFile.filePath = path.join(dirPath, `${fileKey}.yml`);
+                fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
+            }
+        });
+    }
+    writePolicies(content, targetDirPath) {
+        const dirPath = path.join(targetDirPath.toString(), 'policies');
+        fs.mkdirSync(dirPath, { recursive: true });
+        const dirConf = this.directoryStructure.policies;
+        Object.entries(content).forEach(([fileKey, confFile]) => {
+            const fileDef = dirConf[fileKey];
             if (fileDef && !isEmpty(confFile.content)) {
                 // eslint-disable-next-line no-param-reassign
-                confFile.filePath = path.join(targetDirPath, dirName, `${uncapitalizedKey}.yml`);
+                confFile.filePath = path.join(dirPath, `${fileKey}.yml`);
                 fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
             }
         });
     }
     validateDependencies(conf) {
         Object.keys(conf.policies).forEach((policyName) => {
-            const policyDef = this.directoryStructure.policies[uncapitalize(policyName)];
+            const policyDef = this.directoryStructure.policies[policyName];
             if (policyDef?.dependencies) {
                 policyDef.dependencies.forEach((dependency) => {
                     if (!dependencyExists(dependency.path, conf)) {
@@ -128,11 +120,6 @@ export default class AuditConfigFileManager {
         });
     }
 }
-function capitalizeKeys(object) {
-    const newObj = {};
-    Object.keys(object).forEach((key) => (newObj[capitalize(key)] = object[key]));
-    return newObj;
-}
 function dependencyExists(fullPath, rootNode) {
     const dep = traverseDependencyPath(fullPath, rootNode);
     return Boolean(dep);
@@ -150,7 +137,7 @@ function traverseDependencyPath(remainingPath, rootNode) {
 }
 function assertIsMinimalConfig(conf, dirPath) {
     if (Object.keys(conf.policies).length === 0) {
-        const formattedDirPath = !dirPath || dirPath.length === 0 ? '<root-dir>' : dirPath;
+        const formattedDirPath = !dirPath || dirPath.toString().length === 0 ? '<root-dir>' : dirPath.toString();
         throw messages.createError('NoAuditConfigFound', [formattedDirPath]);
     }
 }

package/lib/libs/core/file-mgmt/auditConfigFileManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAErB,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAgB9F;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAEtG;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,kBAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAA4B;IAEtD;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE;gBACR,QAAQ,EAAE;oBACR,MAAM,EAAE,wBAAwB;oBAChC,YAAY,EAAE;wBACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;qBACzG;iBACF;gBACD,cAAc,EAAE;oBACd,MAAM,EAAE,wBAAwB;oBAChC,YAAY,EAAE;wBACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;qBACzG;iBACF;gBACD,aAAa,EAAE;oBACb,MAAM,EAAE,gBAAgB;iBACzB;aACF;YACD,eAAe,EAAE;gBACf,eAAe,EAAE;oBACf,MAAM,EAAE,2BAA2B;iBACpC;gBACD,iBAAiB,EAAE;oBACjB,MAAM,EAAE,2BAA2B;iBACpC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAe;QAC1B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;QAC3C,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,EAAE;YACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,WAAW,CAAC,WAAkD,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACrD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YACnE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACrD,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,WAAgD,EAAE,OAAe,EAAE,aAAqB;QAC1G,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YAC1D,MAAM,gBAAgB,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC1C,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,GAAG,gBAAgB,MAAM,CAAC,CAAC;gBACjF,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAoB;QAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAChD,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC;YAC7E,IAAI,SAAS,EAAE,YAAY,EAAE,CAAC;gBAC5B,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;oBAC5C,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;wBAC7C,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,cAAc,CAAC,MAA+B;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9E,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB,EAAE,QAAiC;IAC7E,MAAM,GAAG,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,aAAuB,EAAE,QAAiC;IACxF,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,sBAAsB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAA4B,CAAC,CAAC;IAC/G,CAAC;SAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;SAAM,CAAC;QACN,OAAO,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAoB,EAAE,OAAe;IAClE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC;QACnF,MAAM,QAAQ,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,sBAAsB,EAAE,CAAC"}
+{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAgB,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,SAAS,CAAC;AAC3B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAuB,UAAU,EAAe,MAAM,sBAAsB,CAAC;AACxG,OAAO,EAKL,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAEtG;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,kBAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAAC;IAE3B;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE,UAAU;YACpB,eAAe,EAAE,kBAAkB;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAiB;QAC5B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;QAC3C,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;QAC/D,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACnD,CAAC;IAEO,WAAW,CACjB,OAAiB,EACjB,UAAgD;QAEhD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAC9E,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC7D,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;oBACxB,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;gBACnE,CAAC;qBAAM,CAAC;oBACN,cAAc,CAAC,GAAG,QAAQ,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,oBAAoB,CAAC,OAAsC,EAAE,aAAuB;QAC1F,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,CAAC;QACvE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAA8B,CAAC,CAAC;YACxD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;gBACzD,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,OAA+B,EAAE,aAAuB;QAC5E,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAC;QAChE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAsB,CAAC,CAAC;YAChD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;gBACzD,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAoB;QAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAChD,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAyB,CAAC,CAAC;YAC9E,IAAI,SAAS,EAAE,YAAY,EAAE,CAAC;gBAC5B,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;oBAC5C,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;wBAC7C,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,gBAAgB,CAAC,QAAkB,EAAE,QAAiC;IAC7E,MAAM,GAAG,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,aAAuB,EAAE,QAAiC;IACxF,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,sBAAsB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAA4B,CAAC,CAAC;IAC/G,CAAC;SAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;SAAM,CAAC;QACN,OAAO,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAoB,EAAE,OAAiB;IACpE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzG,MAAM,QAAQ,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,sBAAsB,EAAE,CAAC"}

package/lib/libs/core/file-mgmt/schema.d.ts

@@ -1,6 +1,7 @@
 import z from 'zod';
 import { PermissionRiskLevel } from '../classification-types.js';
 import { ProfilesRiskPreset } from '../policy-types.js';
+export declare function throwAsSfError(fileName: string, parseError: z.ZodError, rulePath?: PropertyKey[]): never;
 declare const PermissionsClassificationSchema: z.ZodObject<{
     label: z.ZodOptional<z.ZodString>;
     reason: z.ZodOptional<z.ZodString>;
@@ -19,11 +20,11 @@ declare const NamedPermissionsClassificationSchema: z.ZodObject<{
 }, z.z.core.$strip>;
 declare const PolicyRuleConfigSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
-    config: z.ZodOptional<z.ZodUnknown>;
+    options: z.ZodOptional<z.ZodUnknown>;
 }, z.z.core.$strip>;
 declare const RuleMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
-    config: z.ZodOptional<z.ZodUnknown>;
+    options: z.ZodOptional<z.ZodUnknown>;
 }, z.z.core.$strip>>;
 declare const PermSetConfig: z.ZodObject<{
     preset: z.ZodEnum<typeof ProfilesRiskPreset>;
@@ -31,18 +32,25 @@ declare const PermSetConfig: z.ZodObject<{
 declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
     preset: z.ZodEnum<typeof ProfilesRiskPreset>;
 }, z.z.core.$strip>>;
+export declare const UsersPolicyConfig: z.ZodObject<{
+    defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
+    analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
+}, z.z.core.$strict>;
+export declare const NoInactiveUsersOptionsSchema: z.ZodObject<{
+    daysAfterUserIsInactive: z.ZodDefault<z.ZodNumber>;
+}, z.z.core.$strict>;
 export declare const PolicyFileSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
     rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
-        config: z.ZodOptional<z.ZodUnknown>;
+        options: z.ZodOptional<z.ZodUnknown>;
     }, z.z.core.$strip>>>;
 }, z.z.core.$strip>;
 export declare const ProfilesPolicyFileSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
     rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
-        config: z.ZodOptional<z.ZodUnknown>;
+        options: z.ZodOptional<z.ZodUnknown>;
     }, z.z.core.$strip>>>;
     profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
         preset: z.ZodEnum<typeof ProfilesRiskPreset>;
@@ -52,7 +60,7 @@ export declare const PermSetsPolicyFileSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
     rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
-        config: z.ZodOptional<z.ZodUnknown>;
+        options: z.ZodOptional<z.ZodUnknown>;
     }, z.z.core.$strip>>>;
     permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
         preset: z.ZodEnum<typeof ProfilesRiskPreset>;
@@ -65,14 +73,30 @@ export declare const PermissionsConfigFileSchema: z.ZodObject<{
         classification: z.ZodEnum<typeof PermissionRiskLevel>;
     }, z.z.core.$strip>>;
 }, z.z.core.$strip>;
+export declare const UsersPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+    users: z.ZodRecord<z.ZodString, z.ZodObject<{
+        role: z.ZodEnum<typeof ProfilesRiskPreset>;
+    }, z.z.core.$strip>>;
+    options: z.ZodObject<{
+        defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
+        analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
+    }, z.z.core.$strict>;
+}, z.z.core.$strip>;
 export type PermissionsClassification = z.infer<typeof PermissionsClassificationSchema>;
 export type NamedPermissionsClassification = z.infer<typeof NamedPermissionsClassificationSchema>;
 export type PermsClassificationsMap = z.infer<typeof PermsClassificationsMapSchema>;
 export type PermissionsConfig = z.infer<typeof PermissionsConfigFileSchema>;
+export type NoInactiveUsersOptions = z.infer<typeof NoInactiveUsersOptionsSchema>;
 export type PolicyRuleConfig = z.infer<typeof PolicyRuleConfigSchema>;
 export type BasePolicyFileContent = z.infer<typeof PolicyFileSchema>;
 export type ProfilesPolicyFileContent = z.infer<typeof ProfilesPolicyFileSchema>;
 export type PermSetsPolicyFileContent = z.infer<typeof PermSetsPolicyFileSchema>;
+export type UsersPolicyFileContent = z.infer<typeof UsersPolicyFileSchema>;
 export type PermissionSetConfig = z.infer<typeof PermSetConfig>;
 export type PermissionSetLikeMap = z.infer<typeof PermSetMap>;
 export type RuleMap = z.infer<typeof RuleMapSchema>;
@@ -81,18 +105,16 @@ export type ConfigFile<T> = {
     content: T;
 };
 export type AuditRunConfigClassifications = {
-    [classificationName: string]: unknown;
     userPermissions?: ConfigFile<PermissionsConfig>;
     customPermissions?: ConfigFile<PermissionsConfig>;
 };
 export type AuditRunConfigPolicies = {
-    [policyName: string]: unknown;
-    Profiles?: ConfigFile<ProfilesPolicyFileContent>;
-    PermissionSets?: ConfigFile<PermSetsPolicyFileContent>;
-    ConnectedApps?: ConfigFile<BasePolicyFileContent>;
+    profiles?: ConfigFile<ProfilesPolicyFileContent>;
+    permissionSets?: ConfigFile<PermSetsPolicyFileContent>;
+    connectedApps?: ConfigFile<BasePolicyFileContent>;
+    users?: ConfigFile<UsersPolicyFileContent>;
 };
 export type AuditRunConfig = {
-    [configType: string]: unknown;
     classifications: AuditRunConfigClassifications;
     policies: AuditRunConfigPolicies;
 };

package/lib/libs/core/file-mgmt/schema.js

@@ -1,6 +1,16 @@
 import z from 'zod';
+import { Messages } from '@salesforce/core';
 import { PermissionRiskLevel } from '../classification-types.js';
 import { ProfilesRiskPreset } from '../policy-types.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+export function throwAsSfError(fileName, parseError, rulePath) {
+    const issues = parseError.issues.map((zodIssue) => {
+        const definitivePath = rulePath ? [...rulePath, ...zodIssue.path] : zodIssue.path;
+        return definitivePath.length > 0 ? `${zodIssue.message} in "${definitivePath.join('.')}"` : zodIssue.message;
+    });
+    throw messages.createError('error.InvalidConfigFileSchema', [fileName, issues.join(', ')]);
+}
 const PermissionsClassificationSchema = z.object({
     /** UI Label */
     label: z.string().optional(),
@@ -16,13 +26,22 @@ const NamedPermissionsClassificationSchema = PermissionsClassificationSchema.ext
 });
 const PolicyRuleConfigSchema = z.object({
     enabled: z.boolean().default(true),
-    config: z.unknown().optional(),
+    options: z.unknown().optional(),
 });
 const RuleMapSchema = z.record(z.string(), PolicyRuleConfigSchema);
 const PermSetConfig = z.object({
     preset: z.enum(ProfilesRiskPreset),
 });
 const PermSetMap = z.record(z.string(), PermSetConfig);
+const UserConfig = z.object({ role: z.enum(ProfilesRiskPreset) });
+const UsersMap = z.record(z.string(), UserConfig);
+export const UsersPolicyConfig = z.strictObject({
+    defaultRoleForMissingUsers: z.enum(ProfilesRiskPreset).default(ProfilesRiskPreset.STANDARD_USER),
+    analyseLastNDaysOfLoginHistory: z.number().optional(),
+});
+export const NoInactiveUsersOptionsSchema = z.strictObject({
+    daysAfterUserIsInactive: z.number().default(90),
+});
 // FILE CONTENT SCHEMATA
 export const PolicyFileSchema = z.object({
     enabled: z.boolean().default(true),
@@ -37,6 +56,10 @@ export const PermSetsPolicyFileSchema = PolicyFileSchema.extend({
 export const PermissionsConfigFileSchema = z.object({
     permissions: z.record(z.string(), PermissionsClassificationSchema),
 });
+export const UsersPolicyFileSchema = PolicyFileSchema.extend({
+    users: UsersMap,
+    options: UsersPolicyConfig,
+});
 export function isPermissionsConfig(cls) {
     return cls.content?.permissions !== undefined;
 }

package/lib/libs/core/file-mgmt/schema.js.map

@@ -1 +1 @@
-{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AA0CH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,KAAK,EAAE,QAAQ;IACf,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AA+CH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}

package/lib/libs/core/policies/connectedAppPolicy.d.ts

@@ -0,0 +1,10 @@
+import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
+import { AuditContext } from '../registries/types.js';
+import { ResolvedConnectedApp } from '../registries/connectedApps.js';
+import Policy, { ResolveEntityResult } from './policy.js';
+export default class ConnectedAppPolicy extends Policy<ResolvedConnectedApp> {
+    config: BasePolicyFileContent;
+    auditConfig: AuditRunConfig;
+    constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/connectedApps.js").default);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedConnectedApp>>;
+}

package/lib/libs/{policies → core/policies}/connectedAppPolicy.js

@@ -1,11 +1,11 @@
-import { CONNECTED_APPS_QUERY, OAUTH_TOKEN_QUERY } from '../core/constants.js';
-import { RuleRegistries } from '../core/registries/types.js';
-import MDAPI from '../core/mdapi/mdapiRetriever.js';
+import { CONNECTED_APPS_QUERY, OAUTH_TOKEN_QUERY } from '../constants.js';
+import { ConnectedAppsRegistry } from '../registries/connectedApps.js';
+import MDAPI from '../mdapi/mdapiRetriever.js';
 import Policy, { getTotal } from './policy.js';
 export default class ConnectedAppPolicy extends Policy {
     config;
     auditConfig;
-    constructor(config, auditConfig, registry = RuleRegistries.ConnectedApps) {
+    constructor(config, auditConfig, registry = ConnectedAppsRegistry) {
         super(config, auditConfig, registry);
         this.config = config;
         this.auditConfig = auditConfig;

package/lib/libs/core/policies/connectedAppPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connectedAppPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/connectedAppPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,qBAAqB,EAAwB,MAAM,gCAAgC,CAAC;AAC7F,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAC/C,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAGpE,MAAM,CAAC,OAAO,OAAO,kBAAmB,SAAQ,MAA4B;IAEjE;IACA;IAFT,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,qBAAqB;QAEhC,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;IAIpC,CAAC;IAED,kDAAkD;IACxC,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,oBAAoB,GAAyC,EAAE,CAAC;QACtE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAe,oBAAoB,CAAC,CAAC;QAClG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa,CAAC,SAAS;YAC9B,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;YAC7C,oBAAoB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;gBACxC,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,WAAW;gBACnB,6BAA6B,EAAE,YAAY,CAAC,kCAAkC;gBAC9E,2BAA2B,EAAE,KAAK;gBAClC,QAAQ,EAAE,CAAC;gBACX,KAAK,EAAE,EAAE;aACV,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAa,iBAAiB,CAAC,CAAC;QAC/F,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YACxC,IAAI,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,SAAS,EAAE,CAAC;gBACtD,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG;oBACpC,IAAI,EAAE,KAAK,CAAC,OAAO;oBACnB,MAAM,EAAE,YAAY;oBACpB,6BAA6B,EAAE,KAAK;oBACpC,2BAA2B,EAAE,KAAK;oBAClC,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,KAAK,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;iBAC7B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC;gBAC/D,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7E,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;YAC/C,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,IAAI,2BAA2B,GAAG,KAAK,CAAC;QACxC,MAAM,wBAAwB,GAAG,MAAM,WAAW,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;QAC5F,IAAI,wBAAwB,IAAI,wBAAwB,CAAC,2BAA2B,EAAE,CAAC;YACrF,2BAA2B,GAAG,IAAI,CAAC;QACrC,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACrD,6CAA6C;YAC7C,MAAM,CAAC,2BAA2B,GAAG,2BAA2B,CAAC;QACnE,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;YACvB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,8DAA8D;QAC9D,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/lib/libs/core/policies/permissionSetPolicy.d.ts

@@ -0,0 +1,11 @@
+import { AuditRunConfig, PermSetsPolicyFileContent } from '../file-mgmt/schema.js';
+import { AuditContext } from '../registries/types.js';
+import { ResolvedPermissionSet } from '../registries/permissionSets.js';
+import Policy, { ResolveEntityResult } from './policy.js';
+export default class PermissionSetPolicy extends Policy<ResolvedPermissionSet> {
+    config: PermSetsPolicyFileContent;
+    auditContext: AuditRunConfig;
+    private totalEntities;
+    constructor(config: PermSetsPolicyFileContent, auditContext: AuditRunConfig, registry?: import("../registries/permissionSets.js").default);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedPermissionSet>>;
+}

package/lib/libs/{policies → core/policies}/permissionSetPolicy.js

@@ -1,7 +1,7 @@
 import { Messages } from '@salesforce/core';
-import MDAPI from '../core/mdapi/mdapiRetriever.js';
-import { RuleRegistries } from '../core/registries/types.js';
-import { ProfilesRiskPreset } from '../core/policy-types.js';
+import MDAPI from '../mdapi/mdapiRetriever.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+import { PermissionSetsRegistry } from '../registries/permissionSets.js';
 import Policy, { getTotal } from './policy.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
@@ -9,7 +9,7 @@ export default class PermissionSetPolicy extends Policy {
     config;
     auditContext;
     totalEntities;
-    constructor(config, auditContext, registry = RuleRegistries.PermissionSets) {
+    constructor(config, auditContext, registry = PermissionSetsRegistry) {
         super(config, auditContext, registry);
         this.config = config;
         this.auditContext = auditContext;

package/lib/libs/core/policies/permissionSetPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAGnE;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAA2B;QACjC,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvG,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC9C,eAAe,EACf,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CACtD,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YAChE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM;oBAC9C,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC9C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA8B;IAC/D,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC9C,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}

package/lib/libs/{policies → core/policies}/policy.d.ts

@@ -1,23 +1,23 @@
 import EventEmitter from 'node:events';
-import { AuditPolicyResult, EntityResolveError } from '../core/result-types.js';
-import { AuditRunConfig, BasePolicyFileContent } from '../core/file-mgmt/schema.js';
-import RuleRegistry, { RegistryRuleResolveResult } from '../core/registries/ruleRegistry.js';
-import { AuditContext, IPolicy } from '../core/registries/types.js';
-export type ResolveEntityResult = {
-    resolvedEntities: Record<string, unknown>;
+import { AuditPolicyResult, EntityResolveError } from '../result-types.js';
+import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
+import RuleRegistry, { RegistryRuleResolveResult } from '../registries/ruleRegistry.js';
+import { AuditContext, IPolicy } from '../registries/types.js';
+export type ResolveEntityResult<T> = {
+    resolvedEntities: Record<string, T>;
     ignoredEntities: EntityResolveError[];
 };
-export default abstract class Policy extends EventEmitter implements IPolicy {
+export default abstract class Policy<T> extends EventEmitter implements IPolicy {
     config: BasePolicyFileContent;
     auditConfig: AuditRunConfig;
     protected registry: RuleRegistry;
     protected resolvedRules: RegistryRuleResolveResult;
-    protected entities?: ResolveEntityResult;
+    protected entities?: ResolveEntityResult<T>;
     constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry: RuleRegistry);
     /**
      * Resolves all entities of the policy.
      */
-    resolve(context: AuditContext): Promise<ResolveEntityResult>;
+    resolve(context: AuditContext): Promise<ResolveEntityResult<T>>;
     /**
      * Runs all rules of a policy. If the entities are not yet resolved, they are
      * resolved on the fly before rules are executed.
@@ -26,6 +26,6 @@ export default abstract class Policy extends EventEmitter implements IPolicy {
      * @returns
      */
     run(context: AuditContext): Promise<AuditPolicyResult>;
-    protected abstract resolveEntities(context: AuditContext): Promise<ResolveEntityResult>;
+    protected abstract resolveEntities(context: AuditContext): Promise<ResolveEntityResult<T>>;
 }
-export declare function getTotal(resolveResult: ResolveEntityResult): number;
+export declare function getTotal(resolveResult: ResolveEntityResult<unknown>): number;

package/lib/libs/{policies → core/policies}/policy.js

@@ -16,6 +16,11 @@ export default class Policy extends EventEmitter {
      * Resolves all entities of the policy.
      */
     async resolve(context) {
+        // when a policy is disabled, we still want to appear it in audit results
+        // as disabled with 0 resolved entities and 0 executed rules
+        if (!this.config.enabled) {
+            return { resolvedEntities: {}, ignoredEntities: [] };
+        }
         if (!this.entities) {
             this.entities = await this.resolveEntities(context);
         }

package/lib/libs/core/policies/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,KAAK,EAAoC,CAAC;QACrE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,UAAU,EAAE,aAAa,CAAC,CAAC;YACnG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}

package/lib/libs/core/policies/profilePolicy.d.ts

@@ -0,0 +1,11 @@
+import { AuditRunConfig, ProfilesPolicyFileContent } from '../file-mgmt/schema.js';
+import { AuditContext } from '../registries/types.js';
+import { ResolvedProfile } from '../registries/profiles.js';
+import Policy, { ResolveEntityResult } from './policy.js';
+export default class ProfilePolicy extends Policy<ResolvedProfile> {
+    config: ProfilesPolicyFileContent;
+    auditConfig: AuditRunConfig;
+    private totalEntities;
+    constructor(config: ProfilesPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/profiles.js").default);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedProfile>>;
+}

package/lib/libs/{policies → core/policies}/profilePolicy.js

@@ -1,7 +1,7 @@
 import { Messages } from '@salesforce/core';
-import MDAPI from '../core/mdapi/mdapiRetriever.js';
-import { RuleRegistries } from '../core/registries/types.js';
-import { ProfilesRiskPreset } from '../core/policy-types.js';
+import MDAPI from '../mdapi/mdapiRetriever.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+import { ProfilesRegistry } from '../registries/profiles.js';
 import Policy, { getTotal } from './policy.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
@@ -9,7 +9,7 @@ export default class ProfilePolicy extends Policy {
     config;
     auditConfig;
     totalEntities;
-    constructor(config, auditConfig, registry = RuleRegistries.Profiles) {
+    constructor(config, auditConfig, registry = ProfilesRegistry) {
         super(config, auditConfig, registry);
         this.config = config;
         this.auditConfig = auditConfig;

package/lib/libs/core/policies/profilePolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAGvD;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC,MAAM;oBAC9C,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/lib/libs/{policies → core/policies}/salesforceStandardTypes.d.ts

@@ -18,6 +18,9 @@ export type OauthToken = Record & {
 };
 export type User = Record & {
     Username: string;
+    LastLoginDate?: string;
+    CreatedDate: string;
+    Profile: ProfileBasic;
 };
 export type Profile = ProfileBasic & {
     Metadata: JsForceProfile;
@@ -36,4 +39,15 @@ export type PermissionSet = Record & {
     Profile: ProfileBasic;
     NamespacePrefix?: string;
 };
+export type PermissionSetAssignment = Record & {
+    AssigneeId: string;
+    PermissionSet: Pick<PermissionSet, 'Name'>;
+};
+export type UserLoginsAggregate = Record & {
+    LoginType: string;
+    Application: string;
+    UserId: string;
+    LoginCount: number;
+    LastLogin: string;
+};
 export {};

package/lib/libs/core/policies/salesforceStandardTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"salesforceStandardTypes.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/salesforceStandardTypes.ts"],"names":[],"mappings":""}

package/lib/libs/core/policies/userPolicy.d.ts

@@ -0,0 +1,11 @@
+import { AuditRunConfig, UsersPolicyFileContent } from '../file-mgmt/schema.js';
+import { AuditContext } from '../registries/types.js';
+import { ResolvedUser } from '../registries/users.js';
+import Policy, { ResolveEntityResult } from './policy.js';
+export default class UserPolicy extends Policy<ResolvedUser> {
+    config: UsersPolicyFileContent;
+    auditConfig: AuditRunConfig;
+    private totalEntities;
+    constructor(config: UsersPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/users.js").default);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedUser>>;
+}