@j-schreiber/sf-cli-security-audit 0.7.0 → 0.8.0

package/lib/libs/core/registries/ruleRegistry.d.ts

@@ -1,37 +0,0 @@
-import { EntityResolveError, PolicyRuleSkipResult } from '../result-types.js';
-import { AuditRunConfig, RuleMap } from '../../core/file-mgmt/schema.js';
-import { Constructor, RowLevelPolicyRule } from './types.js';
-/**
- * Result contains the actually available and enabled rules
- * from the raw config file. Rules that are not present in the
- * policie's registry are errors, disabled rules are skipped.
- */
-export type RegistryRuleResolveResult = {
-    enabledRules: Array<RowLevelPolicyRule<unknown>>;
-    skippedRules: PolicyRuleSkipResult[];
-    resolveErrors: EntityResolveError[];
-};
-/**
- * The rule registry holds all available rules for a given policy at run time.
- * It is designed to be extendible so we can easily register new rules and it will
- * allow users to BYOR ("bring your own rules").
- */
-export default class RuleRegistry {
-    rules: Record<string, Constructor<RowLevelPolicyRule<unknown>>>;
-    constructor(rules: Record<string, Constructor<RowLevelPolicyRule<unknown>>>);
-    /**
-     * Returns the display/config names of all registered rules
-     *
-     * @returns
-     */
-    registeredRules(): string[];
-    /**
-     * Resolves a given set of rule configs to actually registered rules. Unknown
-     * rules are ignored and disabled rules are skipped.
-     *
-     * @param ruleObjs
-     * @param auditContext
-     * @returns
-     */
-    resolveRules(ruleObjs: RuleMap, auditContext: AuditRunConfig): RegistryRuleResolveResult;
-}

package/lib/libs/core/registries/ruleRegistry.js

@@ -1,48 +0,0 @@
-import { Messages } from '@salesforce/core';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
-/**
- * The rule registry holds all available rules for a given policy at run time.
- * It is designed to be extendible so we can easily register new rules and it will
- * allow users to BYOR ("bring your own rules").
- */
-export default class RuleRegistry {
-    rules;
-    constructor(rules) {
-        this.rules = rules;
-    }
-    /**
-     * Returns the display/config names of all registered rules
-     *
-     * @returns
-     */
-    registeredRules() {
-        return Object.keys(this.rules);
-    }
-    /**
-     * Resolves a given set of rule configs to actually registered rules. Unknown
-     * rules are ignored and disabled rules are skipped.
-     *
-     * @param ruleObjs
-     * @param auditContext
-     * @returns
-     */
-    resolveRules(ruleObjs, auditContext) {
-        const enabledRules = new Array();
-        const skippedRules = new Array();
-        const resolveErrors = new Array();
-        Object.entries(ruleObjs).forEach(([ruleName, ruleConfig]) => {
-            if (this.rules[ruleName] && ruleConfig.enabled) {
-                enabledRules.push(new this.rules[ruleName]({ auditContext, ruleDisplayName: ruleName, ruleConfig: ruleConfig.options }));
-            }
-            else if (!ruleConfig.enabled) {
-                skippedRules.push({ name: ruleName, skipReason: messages.getMessage('skip-reason.rule-not-enabled') });
-            }
-            else {
-                resolveErrors.push({ name: ruleName, message: messages.getMessage('resolve-error.rule-not-registered') });
-            }
-        });
-        return { enabledRules, skippedRules, resolveErrors };
-    }
-}
-//# sourceMappingURL=ruleRegistry.js.map

package/lib/libs/core/registries/ruleRegistry.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"ruleRegistry.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/ruleRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAK5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAajG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,YAAY;IACL;IAA1B,YAA0B,KAA+D;QAA/D,UAAK,GAAL,KAAK,CAA0D;IAAG,CAAC;IAE7F;;;;OAIG;IACI,eAAe;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,YAAY,CAAC,QAAiB,EAAE,YAA4B;QACjE,MAAM,YAAY,GAAG,IAAI,KAAK,EAA+B,CAAC;QAC9D,MAAM,YAAY,GAAG,IAAI,KAAK,EAAwB,CAAC;QACvD,MAAM,aAAa,GAAG,IAAI,KAAK,EAAsB,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CACf,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CACtG,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/B,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YACzG,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;YAC5G,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IACvD,CAAC;CACF"}

package/lib/libs/core/registries/rules/allUsedAppsUnderManagement.d.ts

@@ -1,7 +0,0 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedConnectedApp } from '../connectedApps.js';
-import PolicyRule, { RuleOptions } from './policyRule.js';
-export default class AllUsedAppsUnderManagement extends PolicyRule<ResolvedConnectedApp> {
-    constructor(opts: RuleOptions);
-    run(context: RuleAuditContext<ResolvedConnectedApp>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/allUsedAppsUnderManagement.js

@@ -1,23 +0,0 @@
-import { Messages } from '@salesforce/core';
-import PolicyRule from './policyRule.js';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.connectedApps');
-export default class AllUsedAppsUnderManagement extends PolicyRule {
-    constructor(opts) {
-        super(opts);
-    }
-    run(context) {
-        const result = this.initResult();
-        const resolvedConnectedApps = context.resolvedEntities;
-        Object.values(resolvedConnectedApps).forEach((app) => {
-            if (app.origin === 'OauthToken') {
-                result.violations.push({
-                    identifier: [app.name],
-                    message: messages.getMessage('violations.app-used-but-not-registered', [app.users.length, app.useCount]),
-                });
-            }
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=allUsedAppsUnderManagement.js.map

package/lib/libs/core/registries/rules/allUsedAppsUnderManagement.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"allUsedAppsUnderManagement.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/allUsedAppsUnderManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,0BAA2B,SAAQ,UAAgC;IACtF,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA+C;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;oBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wCAAwC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;iBACzG,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/enforceCustomPermsClassificationOnProfiles.d.ts

@@ -1,7 +0,0 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedProfile } from '../profiles.js';
-import PolicyRule, { RuleOptions } from './policyRule.js';
-export default class EnforceCustomPermsClassificationOnProfiles extends PolicyRule<ResolvedProfile> {
-    constructor(opts: RuleOptions);
-    run(context: RuleAuditContext<ResolvedProfile>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/enforceCustomPermsClassificationOnProfiles.js

@@ -1,52 +0,0 @@
-import { Messages } from '@salesforce/core';
-import { PermissionRiskLevel } from '../../classification-types.js';
-import { permissionAllowedInPreset } from '../../policy-types.js';
-import PolicyRule from './policyRule.js';
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
-export default class EnforceCustomPermsClassificationOnProfiles extends PolicyRule {
-    constructor(opts) {
-        super(opts);
-    }
-    run(context) {
-        const result = this.initResult();
-        const resolvedProfiles = context.resolvedEntities;
-        Object.values(resolvedProfiles).forEach((profile) => {
-            const customPerms = profile.metadata.customPermissions ?? [];
-            customPerms.forEach((perm) => {
-                const identifier = [profile.name, perm.name];
-                const classifiedPerm = this.resolveCustomPermission(perm.name);
-                if (classifiedPerm) {
-                    if (classifiedPerm.classification === PermissionRiskLevel.BLOCKED) {
-                        result.violations.push({
-                            identifier,
-                            message: messages.getMessage('violations.permission-is-blocked'),
-                        });
-                    }
-                    else if (!permissionAllowedInPreset(classifiedPerm.classification, profile.preset)) {
-                        result.violations.push({
-                            identifier,
-                            message: messages.getMessage('violations.classification-preset-mismatch', [
-                                classifiedPerm.classification,
-                                profile.preset,
-                            ]),
-                        });
-                    }
-                    else if (classifiedPerm.classification === PermissionRiskLevel.UNKNOWN) {
-                        result.warnings.push({
-                            identifier,
-                            message: messages.getMessage('warnings.permission-unknown'),
-                        });
-                    }
-                }
-                else {
-                    result.warnings.push({
-                        identifier,
-                        message: messages.getMessage('warnings.permission-not-classified-in-profile'),
-                    });
-                }
-            });
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=enforceCustomPermsClassificationOnProfiles.js.map

package/lib/libs/core/registries/rules/enforceCustomPermsClassificationOnProfiles.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"enforceCustomPermsClassificationOnProfiles.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforceCustomPermsClassificationOnProfiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAC1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,0CAA2C,SAAQ,UAA2B;IACjG,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA0C;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,CAAC;YAC7D,WAAW,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC3B,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7C,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/D,IAAI,cAAc,EAAE,CAAC;oBACnB,IAAI,cAAc,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;wBAClE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;yBACjE,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBACrF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;gCACxE,cAAc,CAAC,cAAc;gCAC7B,OAAO,CAAC,MAAM;6BACf,CAAC;yBACH,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,cAAc,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;wBACzE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACnB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;yBAC5D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,+CAA+C,CAAC;qBAC9E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnPermSets.d.ts

@@ -1,7 +0,0 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedPermissionSet } from '../permissionSets.js';
-import PolicyRule, { RuleOptions } from './policyRule.js';
-export default class EnforceUserPermsClassificationOnPermSets extends PolicyRule<ResolvedPermissionSet> {
-    constructor(opts: RuleOptions);
-    run(context: RuleAuditContext<ResolvedPermissionSet>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnPermSets.js

@@ -1,52 +0,0 @@
-import { Messages } from '@salesforce/core';
-import { PermissionRiskLevel } from '../../classification-types.js';
-import { permissionAllowedInPreset } from '../../policy-types.js';
-import PolicyRule from './policyRule.js';
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
-export default class EnforceUserPermsClassificationOnPermSets extends PolicyRule {
-    constructor(opts) {
-        super(opts);
-    }
-    run(context) {
-        const result = this.initResult();
-        const resolvedPermsets = context.resolvedEntities;
-        Object.values(resolvedPermsets).forEach((permset) => {
-            const userPerms = permset.metadata.userPermissions ?? [];
-            userPerms.forEach((userPerm) => {
-                const identifier = [permset.name, userPerm.name];
-                const classifiedUserPerm = this.resolveUserPermission(userPerm.name);
-                if (classifiedUserPerm) {
-                    if (classifiedUserPerm.classification === PermissionRiskLevel.BLOCKED) {
-                        result.violations.push({
-                            identifier,
-                            message: messages.getMessage('violations.permission-is-blocked'),
-                        });
-                    }
-                    else if (!permissionAllowedInPreset(classifiedUserPerm.classification, permset.preset)) {
-                        result.violations.push({
-                            identifier,
-                            message: messages.getMessage('violations.classification-preset-mismatch', [
-                                classifiedUserPerm.classification,
-                                permset.preset,
-                            ]),
-                        });
-                    }
-                    else if (classifiedUserPerm.classification === PermissionRiskLevel.UNKNOWN) {
-                        result.warnings.push({
-                            identifier,
-                            message: messages.getMessage('warnings.permission-unknown'),
-                        });
-                    }
-                }
-                else {
-                    result.warnings.push({
-                        identifier,
-                        message: messages.getMessage('warnings.permission-not-classified-in-permission-set'),
-                    });
-                }
-            });
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=enforceUserPermsClassificationOnPermSets.js.map

package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnPermSets.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"enforceUserPermsClassificationOnPermSets.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforceUserPermsClassificationOnPermSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,wCAAyC,SAAQ,UAAiC;IACrG,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAgD;QACzD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,eAAe,IAAI,EAAE,CAAC;YACzD,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC7B,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACrE,IAAI,kBAAkB,EAAE,CAAC;oBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;wBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;yBACjE,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;gCACxE,kBAAkB,CAAC,cAAc;gCACjC,OAAO,CAAC,MAAM;6BACf,CAAC;yBACH,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;wBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACnB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;yBAC5D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sDAAsD,CAAC;qBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnProfiles.d.ts

@@ -1,7 +0,0 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedProfile } from '../profiles.js';
-import PolicyRule, { RuleOptions } from './policyRule.js';
-export default class EnforceUserPermsClassificationOnProfiles extends PolicyRule<ResolvedProfile> {
-    constructor(opts: RuleOptions);
-    run(context: RuleAuditContext<ResolvedProfile>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnProfiles.js

@@ -1,54 +0,0 @@
-import { Messages } from '@salesforce/core';
-import { isNullish } from '../../utils.js';
-import { PermissionRiskLevel } from '../../classification-types.js';
-import { permissionAllowedInPreset } from '../../policy-types.js';
-import PolicyRule from './policyRule.js';
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
-export default class EnforceUserPermsClassificationOnProfiles extends PolicyRule {
-    constructor(opts) {
-        super(opts);
-    }
-    run(context) {
-        const result = this.initResult();
-        const resolvedProfiles = context.resolvedEntities;
-        Object.values(resolvedProfiles).forEach((profile) => {
-            if (!isNullish(profile.metadata.userPermissions)) {
-                profile.metadata.userPermissions.forEach((userPerm) => {
-                    const identifier = [profile.name, userPerm.name];
-                    const classifiedUserPerm = this.resolveUserPermission(userPerm.name);
-                    if (classifiedUserPerm) {
-                        if (classifiedUserPerm.classification === PermissionRiskLevel.BLOCKED) {
-                            result.violations.push({
-                                identifier,
-                                message: messages.getMessage('violations.permission-is-blocked'),
-                            });
-                        }
-                        else if (!permissionAllowedInPreset(classifiedUserPerm.classification, profile.preset)) {
-                            result.violations.push({
-                                identifier,
-                                message: messages.getMessage('violations.classification-preset-mismatch', [
-                                    classifiedUserPerm.classification,
-                                    profile.preset,
-                                ]),
-                            });
-                        }
-                        else if (classifiedUserPerm.classification === PermissionRiskLevel.UNKNOWN) {
-                            result.warnings.push({
-                                identifier,
-                                message: messages.getMessage('warnings.permission-unknown'),
-                            });
-                        }
-                    }
-                    else {
-                        result.warnings.push({
-                            identifier,
-                            message: messages.getMessage('warnings.permission-not-classified-in-profile'),
-                        });
-                    }
-                });
-            }
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=enforceUserPermsClassificationOnProfiles.js.map

package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnProfiles.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"enforceUserPermsClassificationOnProfiles.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforceUserPermsClassificationOnProfiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,wCAAyC,SAAQ,UAA2B;IAC/F,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA0C;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;gBACjD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpD,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,kBAAkB,EAAE,CAAC;wBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;4BACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gCACrB,UAAU;gCACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;6BACjE,CAAC,CAAC;wBACL,CAAC;6BAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;4BACzF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gCACrB,UAAU;gCACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;oCACxE,kBAAkB,CAAC,cAAc;oCACjC,OAAO,CAAC,MAAM;iCACf,CAAC;6BACH,CAAC,CAAC;wBACL,CAAC;6BAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;4BAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gCACnB,UAAU;gCACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;6BAC5D,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACnB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,+CAA+C,CAAC;yBAC9E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/noInactiveUsers.d.ts

@@ -1,9 +0,0 @@
-import { NoInactiveUsersOptions } from '../../file-mgmt/schema.js';
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedUser } from '../users.js';
-import PolicyRule, { ConfigurableRuleOptions } from './policyRule.js';
-export default class NoInactiveUsers extends PolicyRule<ResolvedUser> {
-    private ruleConfig;
-    constructor(localOpts: ConfigurableRuleOptions<NoInactiveUsersOptions>);
-    run(context: RuleAuditContext<ResolvedUser>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/noInactiveUsers.js

@@ -1,44 +0,0 @@
-import { Messages } from '@salesforce/core';
-import { NoInactiveUsersOptionsSchema } from '../../file-mgmt/schema.js';
-import { differenceInDays } from '../../utils.js';
-import PolicyRule from './policyRule.js';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.users');
-export default class NoInactiveUsers extends PolicyRule {
-    ruleConfig;
-    constructor(localOpts) {
-        super(localOpts);
-        this.ruleConfig = NoInactiveUsersOptionsSchema.parse(localOpts.ruleConfig ?? {});
-    }
-    run(context) {
-        const result = this.initResult();
-        Object.values(context.resolvedEntities).forEach((user) => {
-            if (user.lastLogin) {
-                const diffInDays = differenceInDays(Date.now(), user.lastLogin);
-                if (diffInDays > this.ruleConfig.daysAfterUserIsInactive) {
-                    result.violations.push({
-                        identifier: [user.username],
-                        message: messages.getMessage('violations.inactive-since-n-days', [
-                            diffInDays,
-                            new Date(user.lastLogin).toISOString(),
-                        ]),
-                    });
-                }
-            }
-        });
-        Object.values(context.resolvedEntities).forEach((user) => {
-            if (!user.lastLogin) {
-                const createdNDaysAgo = differenceInDays(Date.now(), user.createdDate);
-                result.violations.push({
-                    identifier: [user.username],
-                    message: messages.getMessage('violations.has-never-logged-in', [
-                        new Date(user.createdDate).toISOString(),
-                        createdNDaysAgo,
-                    ]),
-                });
-            }
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=noInactiveUsers.js.map

package/lib/libs/core/registries/rules/noInactiveUsers.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"noInactiveUsers.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noInactiveUsers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA0B,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAEjG,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,UAAuC,MAAM,iBAAiB,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,UAAwB;IAC3D,UAAU,CAAyB;IAE3C,YAAmB,SAA0D;QAC3E,KAAK,CAAC,SAAS,CAAC,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,4BAA4B,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;IACnF,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;gBAChE,IAAI,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,uBAAuB,EAAE,CAAC;oBACzD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;wBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,EAAE;4BAC/D,UAAU;4BACV,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;yBACvC,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,MAAM,eAAe,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACvE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE;wBAC7D,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;wBACxC,eAAe;qBAChB,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/noOtherApexApiLogins.d.ts

@@ -1,7 +0,0 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedUser } from '../users.js';
-import PolicyRule, { RuleOptions } from './policyRule.js';
-export default class NoOtherApexApiLogins extends PolicyRule<ResolvedUser> {
-    constructor(opts: RuleOptions);
-    run(context: RuleAuditContext<ResolvedUser>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/noOtherApexApiLogins.js

@@ -1,24 +0,0 @@
-import { Messages } from '@salesforce/core';
-import PolicyRule from './policyRule.js';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.users');
-export default class NoOtherApexApiLogins extends PolicyRule {
-    constructor(opts) {
-        super(opts);
-    }
-    run(context) {
-        const result = this.initResult();
-        Object.values(context.resolvedEntities).forEach((user) => {
-            user.logins.forEach((loginSummary) => {
-                if (loginSummary.loginType === 'Other Apex API') {
-                    result.violations.push({
-                        identifier: [user.username],
-                        message: messages.getMessage('violations.no-other-apex-api-logins', [loginSummary.loginCount]),
-                    });
-                }
-            });
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=noOtherApexApiLogins.js.map

package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;gBACnC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;wBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;qBAC/F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/noUserCanSelfAuthorize.d.ts

@@ -1,7 +0,0 @@
-import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
-import { ResolvedConnectedApp } from '../connectedApps.js';
-import PolicyRule, { RuleOptions } from './policyRule.js';
-export default class NoUserCanSelfAuthorize extends PolicyRule<ResolvedConnectedApp> {
-    constructor(opts: RuleOptions);
-    run(context: RuleAuditContext<ResolvedConnectedApp>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/noUserCanSelfAuthorize.js

@@ -1,31 +0,0 @@
-import { Messages } from '@salesforce/core';
-import PolicyRule from './policyRule.js';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.connectedApps');
-export default class NoUserCanSelfAuthorize extends PolicyRule {
-    constructor(opts) {
-        super(opts);
-    }
-    run(context) {
-        const result = this.initResult();
-        const resolvedConnectedApps = context.resolvedEntities;
-        Object.values(resolvedConnectedApps).forEach((app) => {
-            if (!app.onlyAdminApprovedUsersAllowed) {
-                if (app.overrideByApiSecurityAccess) {
-                    result.warnings.push({
-                        identifier: [app.name],
-                        message: messages.getMessage('warnings.users-can-self-authorize-but-setting-overrides'),
-                    });
-                }
-                else {
-                    result.violations.push({
-                        identifier: [app.name],
-                        message: messages.getMessage('violations.users-can-self-authorize'),
-                    });
-                }
-            }
-        });
-        return Promise.resolve(result);
-    }
-}
-//# sourceMappingURL=noUserCanSelfAuthorize.js.map

package/lib/libs/core/registries/rules/noUserCanSelfAuthorize.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"noUserCanSelfAuthorize.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noUserCanSelfAuthorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,UAAgC;IAClF,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA+C;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC;gBACvC,IAAI,GAAG,CAAC,2BAA2B,EAAE,CAAC;oBACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yDAAyD,CAAC;qBACxF,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,CAAC;qBACpE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}

package/lib/libs/core/registries/rules/policyRule.d.ts

@@ -1,19 +0,0 @@
-import { PartialPolicyRuleResult, RowLevelPolicyRule, RuleAuditContext } from '../types.js';
-import { AuditRunConfig, NamedPermissionsClassification } from '../../file-mgmt/schema.js';
-export type RuleOptions = {
-    auditContext: AuditRunConfig;
-    ruleDisplayName: string;
-};
-export type ConfigurableRuleOptions<T> = RuleOptions & {
-    ruleConfig: T;
-};
-export default abstract class PolicyRule<EntityType> implements RowLevelPolicyRule<EntityType> {
-    protected opts: RuleOptions;
-    auditContext: AuditRunConfig;
-    ruleDisplayName: string;
-    constructor(opts: RuleOptions);
-    protected initResult(): PartialPolicyRuleResult;
-    protected resolveUserPermission(permName: string): NamedPermissionsClassification | undefined;
-    protected resolveCustomPermission(permName: string): NamedPermissionsClassification | undefined;
-    abstract run(context: RuleAuditContext<EntityType>): Promise<PartialPolicyRuleResult>;
-}

package/lib/libs/core/registries/rules/policyRule.js

@@ -1,31 +0,0 @@
-import { Messages } from '@salesforce/core';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-export default class PolicyRule {
-    opts;
-    auditContext;
-    ruleDisplayName;
-    constructor(opts) {
-        this.opts = opts;
-        this.auditContext = opts.auditContext;
-        this.ruleDisplayName = opts.ruleDisplayName;
-    }
-    initResult() {
-        return {
-            ruleName: this.ruleDisplayName,
-            violations: new Array(),
-            mutedViolations: new Array(),
-            warnings: new Array(),
-            errors: new Array(),
-        };
-    }
-    resolveUserPermission(permName) {
-        return nameClassification(permName, this.auditContext.classifications.userPermissions?.content.permissions[permName]);
-    }
-    resolveCustomPermission(permName) {
-        return nameClassification(permName, this.auditContext.classifications.customPermissions?.content.permissions[permName]);
-    }
-}
-function nameClassification(permName, perm) {
-    return perm ? { name: permName, ...perm } : undefined;
-}
-//# sourceMappingURL=policyRule.js.map

package/lib/libs/core/registries/rules/policyRule.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"policyRule.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/policyRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAK5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAW7D,MAAM,CAAC,OAAO,OAAgB,UAAU;IAIT;IAHtB,YAAY,CAAiB;IAC7B,eAAe,CAAS;IAE/B,YAA6B,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;QAC5C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACtC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;IAC9C,CAAC;IAES,UAAU;QAClB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,eAAe;YAC9B,UAAU,EAAE,IAAI,KAAK,EAAuB;YAC5C,eAAe,EAAE,IAAI,KAAK,EAA2B;YACrD,QAAQ,EAAE,IAAI,KAAK,EAAwB;YAC3C,MAAM,EAAE,IAAI,KAAK,EAAwB;SAC1C,CAAC;IACJ,CAAC;IAES,qBAAqB,CAAC,QAAgB;QAC9C,OAAO,kBAAkB,CACvB,QAAQ,EACR,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,eAAe,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CACjF,CAAC;IACJ,CAAC;IAES,uBAAuB,CAAC,QAAgB;QAChD,OAAO,kBAAkB,CACvB,QAAQ,EACR,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CACnF,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAAgC;IAEhC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC"}

package/lib/libs/core/registries/types.d.ts

@@ -1,37 +0,0 @@
-import { Connection } from '@salesforce/core';
-import { AuditPolicyResult, PolicyRuleExecutionResult } from '../result-types.js';
-import { Optional } from '../utils.js';
-export declare const RuleRegistries: {
-    ConnectedApps: import("./connectedApps.js").default;
-    Profiles: import("./profiles.js").default;
-    PermissionSets: import("./permissionSets.js").default;
-    Users: import("./users.js").default;
-};
-export type Constructor<T, Args extends any[] = any[]> = new (...args: Args) => T;
-/**
- * A rule must only implement a subset of the rule result. All optional
- * properties are completed by the policy.
- */
-export type PartialPolicyRuleResult = Optional<PolicyRuleExecutionResult, 'isCompliant' | 'compliantEntities' | 'violatedEntities'>;
-/**
- *
- */
-export type RowLevelPolicyRule<ResolvedEntityType> = {
-    run(context: RuleAuditContext<ResolvedEntityType>): Promise<PartialPolicyRuleResult>;
-};
-export type IPolicy = {
-    run(context: AuditContext): Promise<AuditPolicyResult>;
-};
-export type AuditContext = {
-    /**
-     * Connection to the target org
-     */
-    targetOrgConnection: Connection;
-};
-export type RuleAuditContext<T> = AuditContext & {
-    /**
-     * Resolved entities from the policy. Can be permission sets,
-     * profiles, users, connected apps, etc.
-     */
-    resolvedEntities: Record<string, T>;
-};

package/lib/libs/core/registries/types.js

@@ -1,11 +0,0 @@
-import { ConnectedAppsRegistry } from './connectedApps.js';
-import { PermissionSetsRegistry } from './permissionSets.js';
-import { ProfilesRegistry } from './profiles.js';
-import { UsersRegistry } from './users.js';
-export const RuleRegistries = {
-    ConnectedApps: ConnectedAppsRegistry,
-    Profiles: ProfilesRegistry,
-    PermissionSets: PermissionSetsRegistry,
-    Users: UsersRegistry,
-};
-//# sourceMappingURL=types.js.map

package/lib/libs/core/registries/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,aAAa,EAAE,qBAAqB;IACpC,QAAQ,EAAE,gBAAgB;IAC1B,cAAc,EAAE,sBAAsB;IACtC,KAAK,EAAE,aAAa;CACrB,CAAC"}

package/lib/libs/core/registries/users.d.ts

@@ -1,26 +0,0 @@
-import { ProfilesRiskPreset } from '../policy-types.js';
-import RuleRegistry from './ruleRegistry.js';
-export type ResolvedUser = {
-    userId: string;
-    username: string;
-    role: ProfilesRiskPreset;
-    assignedPermissionSets: UserPermissionSetAssignment[];
-    logins: UserLogins[];
-    assignedProfile: string;
-    createdDate: number;
-    lastLogin?: number;
-};
-type UserLogins = {
-    loginType: string;
-    application: string;
-    loginCount: number;
-    lastLogin: number;
-};
-type UserPermissionSetAssignment = {
-    permissionSetIdentifier: string;
-};
-export default class UsersRuleRegistry extends RuleRegistry {
-    constructor();
-}
-export declare const UsersRegistry: UsersRuleRegistry;
-export {};

package/lib/libs/core/registries/users.js

@@ -1,10 +0,0 @@
-import RuleRegistry from './ruleRegistry.js';
-import NoInactiveUsers from './rules/noInactiveUsers.js';
-import NoOtherApexApiLogins from './rules/noOtherApexApiLogins.js';
-export default class UsersRuleRegistry extends RuleRegistry {
-    constructor() {
-        super({ NoOtherApexApiLogins, NoInactiveUsers });
-    }
-}
-export const UsersRegistry = new UsersRuleRegistry();
-//# sourceMappingURL=users.js.map