@j-schreiber/sf-cli-security-audit 0.8.2 → 0.8.3

package/lib/libs/core/registries/rules/policyRule.js

@@ -0,0 +1,32 @@
+import { Messages } from '@salesforce/core';
+import { throwAsSfError } from '../../file-mgmt/schema.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+export default class PolicyRule {
+    opts;
+    auditContext;
+    ruleDisplayName;
+    constructor(opts) {
+        this.opts = opts;
+        this.auditContext = opts.auditContext;
+        this.ruleDisplayName = opts.ruleDisplayName;
+    }
+    initResult() {
+        return {
+            ruleName: this.ruleDisplayName,
+            violations: new Array(),
+            mutedViolations: new Array(),
+            warnings: new Array(),
+            errors: new Array(),
+        };
+    }
+}
+export function parseRuleOptions(policyName, rulePath, schema, anyObject) {
+    const parseResult = schema.safeParse(anyObject ?? {});
+    if (parseResult.success) {
+        return parseResult.data;
+    }
+    else {
+        throwAsSfError(policyName, parseResult.error, [...rulePath, 'options']);
+    }
+}
+//# sourceMappingURL=policyRule.js.map

package/lib/libs/core/registries/rules/policyRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyRule.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/policyRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAkB,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3E,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAW7D,MAAM,CAAC,OAAO,OAAgB,UAAU;IAIT;IAHtB,YAAY,CAAiB;IAC7B,eAAe,CAAS;IAE/B,YAA6B,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;QAC5C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACtC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;IAC9C,CAAC;IAES,UAAU;QAClB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,eAAe;YAC9B,UAAU,EAAE,IAAI,KAAK,EAAuB;YAC5C,eAAe,EAAE,IAAI,KAAK,EAA2B;YACrD,QAAQ,EAAE,IAAI,KAAK,EAAwB;YAC3C,MAAM,EAAE,IAAI,KAAK,EAAwB;SAC1C,CAAC;IACJ,CAAC;CAGF;AAED,MAAM,UAAU,gBAAgB,CAC9B,UAAkB,EAClB,QAAkB,EAClB,MAAmB,EACnB,SAAmB;IAEnB,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACtD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC,IAAI,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,UAAU,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,GAAG,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC"}

package/lib/libs/core/registries/types.d.ts

@@ -0,0 +1,37 @@
+import { Connection } from '@salesforce/core';
+import { AuditPolicyResult, PolicyRuleExecutionResult } from '../result-types.js';
+import { Optional } from '../utils.js';
+export declare const RuleRegistries: {
+    ConnectedApps: import("./connectedApps.js").default;
+    Profiles: import("./profiles.js").default;
+    PermissionSets: import("./permissionSets.js").default;
+    Users: import("./users.js").default;
+};
+export type Constructor<T, Args extends any[] = any[]> = new (...args: Args) => T;
+/**
+ * A rule must only implement a subset of the rule result. All optional
+ * properties are completed by the policy.
+ */
+export type PartialPolicyRuleResult = Optional<PolicyRuleExecutionResult, 'isCompliant' | 'compliantEntities' | 'violatedEntities'>;
+/**
+ *
+ */
+export type RowLevelPolicyRule<ResolvedEntityType> = {
+    run(context: RuleAuditContext<ResolvedEntityType>): Promise<PartialPolicyRuleResult>;
+};
+export type IPolicy = {
+    run(context: AuditContext): Promise<AuditPolicyResult>;
+};
+export type AuditContext = {
+    /**
+     * Connection to the target org
+     */
+    targetOrgConnection: Connection;
+};
+export type RuleAuditContext<T> = AuditContext & {
+    /**
+     * Resolved entities from the policy. Can be permission sets,
+     * profiles, users, connected apps, etc.
+     */
+    resolvedEntities: Record<string, T>;
+};

package/lib/libs/core/registries/types.js

@@ -0,0 +1,11 @@
+import { ConnectedAppsRegistry } from './connectedApps.js';
+import { PermissionSetsRegistry } from './permissionSets.js';
+import { ProfilesRegistry } from './profiles.js';
+import { UsersRegistry } from './users.js';
+export const RuleRegistries = {
+    ConnectedApps: ConnectedAppsRegistry,
+    Profiles: ProfilesRegistry,
+    PermissionSets: PermissionSetsRegistry,
+    Users: UsersRegistry,
+};
+//# sourceMappingURL=types.js.map

package/lib/libs/core/registries/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,aAAa,EAAE,qBAAqB;IACpC,QAAQ,EAAE,gBAAgB;IAC1B,cAAc,EAAE,sBAAsB;IACtC,KAAK,EAAE,aAAa;CACrB,CAAC"}

package/lib/libs/core/registries/users.d.ts

@@ -0,0 +1,10 @@
+import { User } from '../mdapi/usersRepository.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+import RuleRegistry from './ruleRegistry.js';
+export type ResolvedUser = User & {
+    role: ProfilesRiskPreset;
+};
+export default class UsersRuleRegistry extends RuleRegistry {
+    constructor();
+}
+export declare const UsersRegistry: UsersRuleRegistry;

package/lib/libs/core/registries/users.js

@@ -0,0 +1,17 @@
+import RuleRegistry from './ruleRegistry.js';
+import EnforcePermissionPresets from './rules/enforcePermissionPresets.js';
+import EnforcePermissionsOnUser from './rules/enforcePermissionsOnUser.js';
+import NoInactiveUsers from './rules/noInactiveUsers.js';
+import NoOtherApexApiLogins from './rules/noOtherApexApiLogins.js';
+export default class UsersRuleRegistry extends RuleRegistry {
+    constructor() {
+        super({
+            NoOtherApexApiLogins,
+            NoInactiveUsers,
+            EnforcePermissionClassifications: EnforcePermissionsOnUser,
+            EnforcePermissionPresets,
+        });
+    }
+}
+export const UsersRegistry = new UsersRuleRegistry();
+//# sourceMappingURL=users.js.map

package/lib/libs/core/registries/users.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/users.ts"],"names":[],"mappings":"AAEA,OAAO,YAAY,MAAM,mBAAmB,CAAC;AAC7C,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,eAAe,MAAM,4BAA4B,CAAC;AACzD,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AAMnE,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,YAAY;IACzD;QACE,KAAK,CAAC;YACJ,oBAAoB;YACpB,eAAe;YACf,gCAAgC,EAAE,wBAAwB;YAC1D,wBAAwB;SACzB,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,iBAAiB,EAAE,CAAC"}

package/lib/libs/core/result-types.d.ts

@@ -0,0 +1,172 @@
+import { AuditRunConfigPolicies } from './file-mgmt/schema.js';
+/**
+ * A single violation from a policy rule execution.
+ */
+export type PolicyRuleViolation = RuleComponentMessage & {
+    /**
+     * Optional descriptive message that explains how to fix the violation.
+     */
+    hint?: string;
+};
+/**
+ * A muted violation with additional information why it was muted
+ */
+export type PolicyRuleViolationMute = PolicyRuleViolation & {
+    /**
+     * Descriptive reason from allow-config why this violation is muted.
+     */
+    reason: string;
+    /**
+     * Path to the config file that allowed this violation for reference.
+     */
+    allowListEntryPath?: string;
+};
+/**
+ * Details about s config entity of a policy (such as a profile, perm set, user)
+ * that did not resolve successfully. This may be because the entity does not exist
+ * on the target org or because it is not registered.
+ */
+export type EntityResolveError = {
+    /**
+     * Identifier of the entity, e.g. profile name, username, rule, policy, etc
+     */
+    name: string;
+    /**
+     * Message that explains, why the entity was not successfully resolved
+     */
+    message: string;
+};
+/**
+ * Generic message for a particular element of a rule
+ */
+export type RuleComponentMessage = {
+    /**
+     * Path to a component. This can be a developer name of a connected app,
+     * permission set name or the permission within a profile.
+     */
+    identifier: string | string[];
+    /**
+     * Descriptive message of the error, warning or violation.
+     */
+    message: string;
+};
+/**
+ *
+ */
+export type PolicyRuleSkipResult = {
+    /**
+     * Identifier of the rule, as it is configured in the policy.yml.
+     */
+    name: string;
+    /**
+     * Descriptive message why the rule was skipped.
+     */
+    skipReason: string;
+};
+/**
+ * Full execution summary of a single rule. Includes audited entities,
+ * violations, execution errors, etc.
+ */
+export type PolicyRuleExecutionResult = {
+    /**
+     * Identifier of the rule, as it is configured in the policy.yml.
+     */
+    ruleName: string;
+    /**
+     * Short-hand accessor, if an execution had at least one violation.
+     */
+    isCompliant: boolean;
+    /**
+     * All violations of the rule that were reported.
+     */
+    violations: PolicyRuleViolation[];
+    /**
+     * Identifiers of compliant entities. An entity is compliant, if it has
+     * zero violations.
+     */
+    compliantEntities: string[];
+    /**
+     * Identifiers of violated entities. Each entity may have several violations,
+     * depending on the analysis depth of the rule.
+     */
+    violatedEntities: string[];
+    /**
+     * Violations that were identified, but were muted by a matching allow-list.
+     * Muted violations do not affect compliance.
+     */
+    mutedViolations: PolicyRuleViolationMute[];
+    /**
+     * Components of a rule that were not successfully processed and returned errors from the org
+     */
+    errors: RuleComponentMessage[];
+    /**
+     * Components that were not auditable, but did not hinder the execution of the audit
+     * Such as permissions on the org that are not classified.
+     */
+    warnings: RuleComponentMessage[];
+};
+/**
+ * Full execution result of a policy. Contains full results of each executed
+ * rule and more information about skipped rules, audited entities, etc.
+ */
+export type AuditPolicyResult = {
+    /**
+     * Flag that indicates, if the policy was executed.
+     */
+    enabled: boolean;
+    /**
+     * All executed rules were compliant.
+     */
+    isCompliant: boolean;
+    /**
+     * Record of rules that were executed. Rules are mapped by their name.
+     */
+    executedRules: {
+        [ruleName: string]: PolicyRuleExecutionResult;
+    };
+    /**
+     * List of rules that exist for the policy that were not executed.
+     */
+    skippedRules: PolicyRuleSkipResult[];
+    /**
+     * If the policy was not enabled, a brief message that explains why.
+     */
+    disabledReason?: string;
+    /**
+     * Path to the config file that was processed for this audit.
+     */
+    configPath?: string;
+    /**
+     * A full list of audited entities. Use together with violations to see, which
+     * entities were not compliant.
+     */
+    auditedEntities: string[];
+    /**
+     * Full list of entities that were present in the config file, but could not
+     * be resolved for this org.
+     */
+    ignoredEntities: EntityResolveError[];
+};
+/**
+ * The final audit result, contains all policy results.
+ */
+export type AuditResult = {
+    /**
+     * All executed policies were compliant.
+     */
+    isCompliant: boolean;
+    /**
+     * Id of the audited org.
+     */
+    orgId: string;
+    /**
+     * ISO date time of the audit
+     */
+    auditDate: string;
+    /**
+     * Record map of all modules (policies) that were run.
+     */
+    policies: {
+        [P in keyof AuditRunConfigPolicies]: AuditPolicyResult;
+    };
+};

package/lib/libs/core/result-types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=result-types.js.map

package/lib/libs/core/result-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"result-types.js","sourceRoot":"","sources":["../../../src/libs/core/result-types.ts"],"names":[],"mappings":""}

package/lib/libs/core/utils.d.ts

@@ -0,0 +1,12 @@
+export declare function isEmpty(anything?: unknown): boolean;
+export declare function isNullish(anything: unknown): boolean;
+export declare function capitalize(anyString: string): string;
+export declare function uncapitalize(anyString: string): string;
+/**
+ * Both dates have to be UNIX timestamps
+ *
+ * @param date1
+ * @param date2
+ */
+export declare function differenceInDays(date1: number | string, date2: number | string): number;
+export type Optional<T, K extends keyof T> = Pick<Partial<T>, K> & Omit<T, K>;

package/lib/libs/core/utils.js

@@ -0,0 +1,31 @@
+export function isEmpty(anything) {
+    if (isNullish(anything)) {
+        return true;
+    }
+    if (typeof anything === 'object') {
+        return Object.entries(anything).length === 0;
+    }
+    return false;
+}
+export function isNullish(anything) {
+    return !(Boolean(anything) && anything !== null);
+}
+export function capitalize(anyString) {
+    return `${anyString[0].toUpperCase()}${anyString.slice(1)}`;
+}
+export function uncapitalize(anyString) {
+    return `${anyString[0].toLowerCase()}${anyString.slice(1)}`;
+}
+/**
+ * Both dates have to be UNIX timestamps
+ *
+ * @param date1
+ * @param date2
+ */
+export function differenceInDays(date1, date2) {
+    const convertedDate1 = typeof date1 === 'number' ? date1 : Date.parse(date1);
+    const convertedDate2 = typeof date2 === 'number' ? date2 : Date.parse(date2);
+    const diff = Math.abs(convertedDate2 - convertedDate1);
+    return Math.floor(diff / (1000 * 60 * 60 * 24));
+}
+//# sourceMappingURL=utils.js.map

package/lib/libs/core/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/libs/core/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAsB,EAAE,KAAsB;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/lib/libs/quick-scan/types.d.ts

@@ -0,0 +1,17 @@
+import { Connection } from '@salesforce/core';
+export type QuickScanResult = {
+    permissions: QuickScanPermissionResult;
+    scannedProfiles: string[];
+    scannedPermissionSets: string[];
+};
+export type QuickScanPermissionResult = {
+    [permissionName: string]: PermissionScanResult;
+};
+export type PermissionScanResult = {
+    profiles: string[];
+    permissionSets: string[];
+};
+export type QuickScanOptions = {
+    targetOrg: Connection;
+    permissions: string[];
+};

package/lib/libs/quick-scan/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/lib/libs/quick-scan/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/libs/quick-scan/types.ts"],"names":[],"mappings":""}

package/lib/libs/quick-scan/userPermissionScanner.d.ts

@@ -0,0 +1,22 @@
+import { EventEmitter } from 'node:events';
+import { QuickScanOptions, QuickScanResult } from './types.js';
+export type ScanStatusEvent = {
+    profiles: EntityScanStatus;
+    permissionSets: EntityScanStatus;
+    users: EntityScanStatus;
+    status: 'Pending' | 'In Progress' | 'Completed';
+};
+export type EntityScanStatus = {
+    total?: number;
+    resolved?: number;
+    status?: string;
+};
+export default class UserPermissionScanner extends EventEmitter {
+    private status;
+    constructor();
+    quickScan(opts: QuickScanOptions): Promise<QuickScanResult>;
+    private resolveEntities;
+    private resolveProfiles;
+    private resolvePermissionSets;
+    private emitProgress;
+}

package/lib/libs/quick-scan/userPermissionScanner.js

@@ -0,0 +1,75 @@
+import { EventEmitter } from 'node:events';
+import MDAPI from '../core/mdapi/mdapiRetriever.js';
+import { PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+export default class UserPermissionScanner extends EventEmitter {
+    status = {
+        profiles: {},
+        permissionSets: {},
+        users: {},
+        status: 'Pending',
+    };
+    constructor() {
+        super();
+    }
+    async quickScan(opts) {
+        this.emitProgress({ status: 'Pending' });
+        const scannedEntities = await this.resolveEntities(opts.targetOrg);
+        const scanResult = {
+            permissions: {},
+            scannedProfiles: Object.keys(scannedEntities.profiles),
+            scannedPermissionSets: Object.keys(scannedEntities.permissionSets),
+        };
+        opts.permissions.forEach((permName) => {
+            const profiles = findGrantingEntities(permName, scannedEntities.profiles);
+            const permissionSets = findGrantingEntities(permName, scannedEntities.permissionSets);
+            scanResult.permissions[permName] = { permissionSets, profiles };
+        });
+        this.emitProgress({ status: 'Completed' });
+        return scanResult;
+    }
+    async resolveEntities(targetOrg) {
+        const promises = [];
+        this.emitProgress({ status: 'In Progress' });
+        promises.push(this.resolveProfiles(targetOrg));
+        promises.push(this.resolvePermissionSets(targetOrg));
+        const resolvedEntities = await Promise.all(promises);
+        return {
+            profiles: resolvedEntities[0],
+            permissionSets: resolvedEntities[1],
+        };
+    }
+    async resolveProfiles(targetOrg) {
+        const profiles = await targetOrg.query(PROFILES_QUERY);
+        this.emitProgress({ profiles: { total: profiles.records.length, resolved: 0 } });
+        const mdapi = MDAPI.create(targetOrg);
+        const resolved = await mdapi.resolve('Profile', profiles.records.map((permsetRecord) => permsetRecord.Profile.Name));
+        this.emitProgress({ profiles: { resolved: Object.keys(resolved).length } });
+        return resolved;
+    }
+    async resolvePermissionSets(targetOrg) {
+        const permSets = await targetOrg.query(PERMISSION_SETS_QUERY);
+        this.emitProgress({ permissionSets: { total: permSets.records.length, resolved: 0 } });
+        const mdapi = MDAPI.create(targetOrg);
+        const resolved = await mdapi.resolve('PermissionSet', permSets.records.map((permsetRecord) => permsetRecord.Name));
+        this.emitProgress({ permissionSets: { resolved: Object.keys(resolved).length } });
+        return resolved;
+    }
+    emitProgress(update) {
+        this.status.profiles = { ...this.status.profiles, ...update.profiles };
+        this.status.permissionSets = { ...this.status.permissionSets, ...update.permissionSets };
+        this.status.users = { ...this.status.users, ...update.users };
+        this.status.status = update.status ?? this.status.status;
+        this.emit('progress', structuredClone(this.status));
+    }
+}
+function findGrantingEntities(permName, resolvedEntities) {
+    const entities = new Set();
+    Object.entries(resolvedEntities).forEach(([entityName, metadata]) => {
+        const userPerms = metadata.userPermissions.map((userPerm) => userPerm.name);
+        if (userPerms.includes(permName)) {
+            entities.add(entityName);
+        }
+    });
+    return Array.from(entities);
+}
+//# sourceMappingURL=userPermissionScanner.js.map

package/lib/libs/quick-scan/userPermissionScanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userPermissionScanner.js","sourceRoot":"","sources":["../../../src/libs/quick-scan/userPermissionScanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,KAAK,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAsB7E,MAAM,CAAC,OAAO,OAAO,qBAAsB,SAAQ,YAAY;IACrD,MAAM,GAAoB;QAChC,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,EAAE;QAClB,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,IAAsB;QAC3C,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACnE,MAAM,UAAU,GAAoB;YAClC,WAAW,EAAE,EAAE;YACf,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;YACtD,qBAAqB,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC;SACnE,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;YACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC;YAC1E,MAAM,cAAc,GAAG,oBAAoB,CAAC,QAAQ,EAAE,eAAe,CAAC,cAAc,CAAC,CAAC;YACtF,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC;QAClE,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3C,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,SAAqB;QACjD,MAAM,QAAQ,GAA4B,EAAE,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrD,OAAO;YACL,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAA4B;YACxD,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAA0C;SAC7E,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,SAAqB;QACjD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;QACtE,IAAI,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAClC,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CACpE,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC5E,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,SAAqB;QACvD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;QAC7E,IAAI,CAAC,YAAY,CAAC,EAAE,cAAc,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACvF,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAClC,eAAe,EACf,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAC5D,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAClF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,YAAY,CAAC,MAAgC;QACnD,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QACzF,IAAI,CAAC,MAAM,CAAC,KAAK,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;CACF;AAED,SAAS,oBAAoB,CAC3B,QAAgB,EAChB,gBAAiE;IAEjE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE;QAClE,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5E,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}

package/lib/ux/auditRunMultiStage.d.ts

@@ -0,0 +1,65 @@
+import { MultiStageOutput, MultiStageOutputOptions } from '@oclif/multi-stage-output';
+import AuditRun from '../libs/core/auditRun.js';
+export declare const LOAD_AUDIT_CONFIG = "Loading audit config";
+export declare const RESOLVE_POLICIES = "Resolving policies";
+export declare const EXECUTE_RULES = "Executing rules";
+export declare const FINALISE = "Formatting results";
+export type AuditRunStageOptions = {
+    targetOrg: string;
+    directoryRootPath: string;
+    jsonEnabled?: boolean;
+};
+/**
+ * This type mimics the original "StageBlockInfo" type from
+ * MultiStageOutput and allows us to make test asserts.
+ */
+type StageBlockInfo<T> = {
+    stage: string;
+    type: 'dynamic-key-value' | 'static-key-value' | 'message';
+    label?: string;
+    get(data: T): string;
+};
+export default class AuditRunMultiStageOutput {
+    mso: MultiStageOutput<AuditRunData>;
+    stageSpecificBlocks: Array<StageBlockInfo<AuditRunData>>;
+    private polStats;
+    constructor(opts: MultiStageOutputOptions<AuditRunData>);
+    /**
+     * In unit tests, we stub the actual UX class to hide output in terminal.
+     *
+     * @param opts
+     * @returns
+     */
+    static initUx(opts: MultiStageOutputOptions<AuditRunData>): MultiStageOutput<AuditRunData>;
+    /**
+     * This pattern allows to stub multi-stage outputs in tests to mute output
+     * to stdout during test execution.
+     *
+     * In your code, create a new instance like this
+     * ```
+     * const ms = AuditRunMultiStageOutput.create(sobj, flags.json);
+     * ```
+     *
+     * @param opts
+     * @param jsonEnabled
+     * @returns
+     */
+    static create(opts: AuditRunStageOptions): AuditRunMultiStageOutput;
+    start(): void;
+    startPolicyResolve(runInstance: AuditRun): void;
+    startRuleExecution(): void;
+    finish(): void;
+    private addPolicyStatsListener;
+}
+export type AuditRunData = {
+    enabledRulesInPolicy: string[];
+    currentStatus: string;
+    policies: PolicyStatistics;
+};
+type PolicyStatistics = {
+    [policyName: string]: {
+        total?: number;
+        resolved?: number;
+    };
+};
+export {};