@j-schreiber/sf-cli-security-audit 0.8.2 → 0.8.4

package/lib/libs/core/file-mgmt/auditConfigFileManager.d.ts

@@ -0,0 +1,48 @@
+import { PathLike } from 'node:fs';
+import { AuditRunConfig } from './schema.js';
+/**
+ * Loads an audit run config with the default file manager
+ *
+ * @param dirPath
+ * @returns
+ */
+export declare const loadAuditConfig: (dirPath: string) => AuditRunConfig;
+/**
+ * Saves a new or modified audit run config with the default file manager
+ *
+ * @param dirPath
+ * @param conf
+ */
+export declare const saveAuditConfig: (dirPath: string, conf: AuditRunConfig) => void;
+/**
+ * The file manager streamlines initialisation of an audit config from
+ * a source directory and writing updated content back to disk. The directory
+ * structure is configurable, but most of the time using the default file manager
+ * will be enough.
+ */
+export default class AuditConfigFileManager {
+    private readonly directoryStructure;
+    constructor();
+    /**
+     * Parses a directory path for policy and classification files
+     * and initialises an audit config from file contents.
+     *
+     * @param dirPath
+     * @returns
+     */
+    parse(dirPath: PathLike): AuditRunConfig;
+    /**
+     * Writes a full audit config to disk. If the config was not
+     * saved yet, initialises filePath on each element.
+     *
+     * @param dirPath
+     * @param subdirName
+     * @returns
+     */
+    save(targetDirPath: string, conf: AuditRunConfig): void;
+    private parseSubdir;
+    private writeClassifications;
+    private writePolicies;
+    private validateDependencies;
+}
+export declare const DefaultFileManager: AuditConfigFileManager;

package/lib/libs/core/file-mgmt/auditConfigFileManager.js

@@ -0,0 +1,145 @@
+import path from 'node:path';
+import fs from 'node:fs';
+import yaml from 'js-yaml';
+import { Messages } from '@salesforce/core';
+import { isEmpty } from '../utils.js';
+import { classificationDefs, policyDefs } from '../policyRegistry.js';
+import { throwAsSfError, } from './schema.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+/**
+ * Loads an audit run config with the default file manager
+ *
+ * @param dirPath
+ * @returns
+ */
+export const loadAuditConfig = (dirPath) => DefaultFileManager.parse(dirPath);
+/**
+ * Saves a new or modified audit run config with the default file manager
+ *
+ * @param dirPath
+ * @param conf
+ */
+export const saveAuditConfig = (dirPath, conf) => {
+    DefaultFileManager.save(dirPath, conf);
+};
+/**
+ * The file manager streamlines initialisation of an audit config from
+ * a source directory and writing updated content back to disk. The directory
+ * structure is configurable, but most of the time using the default file manager
+ * will be enough.
+ */
+export default class AuditConfigFileManager {
+    directoryStructure;
+    constructor() {
+        this.directoryStructure = {
+            policies: policyDefs,
+            classifications: classificationDefs,
+        };
+    }
+    /**
+     * Parses a directory path for policy and classification files
+     * and initialises an audit config from file contents.
+     *
+     * @param dirPath
+     * @returns
+     */
+    parse(dirPath) {
+        const classifications = this.parseSubdir(dirPath, 'classifications');
+        const policies = this.parseSubdir(dirPath, 'policies');
+        const conf = { classifications, policies };
+        assertIsMinimalConfig(conf, dirPath);
+        this.validateDependencies(conf);
+        return conf;
+    }
+    /**
+     * Writes a full audit config to disk. If the config was not
+     * saved yet, initialises filePath on each element.
+     *
+     * @param dirPath
+     * @param subdirName
+     * @returns
+     */
+    save(targetDirPath, conf) {
+        this.writeClassifications(conf.classifications, targetDirPath);
+        this.writePolicies(conf.policies, targetDirPath);
+    }
+    parseSubdir(dirPath, subdirName) {
+        const parseResults = {};
+        Object.entries(this.directoryStructure[subdirName]).forEach(([fileName, fileConfig]) => {
+            const filePath = path.join(dirPath.toString(), subdirName, `${fileName}.yml`);
+            if (fs.existsSync(filePath)) {
+                const fileContent = yaml.load(fs.readFileSync(filePath, 'utf-8'));
+                const parseResult = fileConfig.schema.safeParse(fileContent);
+                if (parseResult.success) {
+                    parseResults[fileName] = { filePath, content: parseResult.data };
+                }
+                else {
+                    throwAsSfError(`${fileName}.yml`, parseResult.error);
+                }
+            }
+        });
+        return parseResults;
+    }
+    writeClassifications(content, targetDirPath) {
+        const dirPath = path.join(targetDirPath.toString(), 'classifications');
+        fs.mkdirSync(dirPath, { recursive: true });
+        const dirConf = this.directoryStructure.classifications;
+        Object.entries(content).forEach(([fileKey, confFile]) => {
+            const fileDef = dirConf[fileKey];
+            if (fileDef && !isEmpty(confFile.content)) {
+                // eslint-disable-next-line no-param-reassign
+                confFile.filePath = path.join(dirPath, `${fileKey}.yml`);
+                fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
+            }
+        });
+    }
+    writePolicies(content, targetDirPath) {
+        const dirPath = path.join(targetDirPath.toString(), 'policies');
+        fs.mkdirSync(dirPath, { recursive: true });
+        const dirConf = this.directoryStructure.policies;
+        Object.entries(content).forEach(([fileKey, confFile]) => {
+            const fileDef = dirConf[fileKey];
+            if (fileDef && !isEmpty(confFile.content)) {
+                // eslint-disable-next-line no-param-reassign
+                confFile.filePath = path.join(dirPath, `${fileKey}.yml`);
+                fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
+            }
+        });
+    }
+    validateDependencies(conf) {
+        Object.keys(conf.policies).forEach((policyName) => {
+            const policyDef = this.directoryStructure.policies[policyName];
+            if (policyDef?.dependencies) {
+                policyDef.dependencies.forEach((dependency) => {
+                    if (!dependencyExists(dependency.path, conf)) {
+                        throw messages.createError(dependency.errorName);
+                    }
+                });
+            }
+        });
+    }
+}
+function dependencyExists(fullPath, rootNode) {
+    const dep = traverseDependencyPath(fullPath, rootNode);
+    return Boolean(dep);
+}
+function traverseDependencyPath(remainingPath, rootNode) {
+    if (remainingPath.length >= 2) {
+        return traverseDependencyPath(remainingPath.slice(1), rootNode[remainingPath[0]]);
+    }
+    else if (remainingPath.length === 0) {
+        return undefined;
+    }
+    else {
+        return rootNode[remainingPath[0]];
+    }
+}
+function assertIsMinimalConfig(conf, dirPath) {
+    if (Object.keys(conf.policies).length === 0) {
+        const formattedDirPath = !dirPath || dirPath.toString().length === 0 ? '<root-dir>' : dirPath.toString();
+        throw messages.createError('NoAuditConfigFound', [formattedDirPath]);
+    }
+}
+export const DefaultFileManager = new AuditConfigFileManager();
+//# sourceMappingURL=auditConfigFileManager.js.map

package/lib/libs/core/file-mgmt/auditConfigFileManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAgB,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,SAAS,CAAC;AAC3B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAuB,UAAU,EAAe,MAAM,sBAAsB,CAAC;AACxG,OAAO,EAKL,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAEtG;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,kBAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACxB,kBAAkB,CAAC;IAEpC;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE,UAAU;YACpB,eAAe,EAAE,kBAAkB;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAiB;QAC5B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;QAC3C,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;QAC/D,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACnD,CAAC;IAEO,WAAW,CACjB,OAAiB,EACjB,UAAgD;QAEhD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAC9E,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC7D,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;oBACxB,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;gBACnE,CAAC;qBAAM,CAAC;oBACN,cAAc,CAAC,GAAG,QAAQ,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,oBAAoB,CAAC,OAAsC,EAAE,aAAuB;QAC1F,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,CAAC;QACvE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAA8B,CAAC,CAAC;YACxD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;gBACzD,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,OAA+B,EAAE,aAAuB;QAC5E,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAC;QAChE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAsB,CAAC,CAAC;YAChD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;gBACzD,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAoB;QAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAChD,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAyB,CAAC,CAAC;YAC9E,IAAI,SAAS,EAAE,YAAY,EAAE,CAAC;gBAC5B,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;oBAC5C,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;wBAC7C,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,gBAAgB,CAAC,QAAkB,EAAE,QAAiC;IAC7E,MAAM,GAAG,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,aAAuB,EAAE,QAAiC;IACxF,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,sBAAsB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAA4B,CAAC,CAAC;IAC/G,CAAC;SAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;SAAM,CAAC;QACN,OAAO,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAoB,EAAE,OAAiB;IACpE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzG,MAAM,QAAQ,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,sBAAsB,EAAE,CAAC"}

package/lib/libs/core/file-mgmt/schema.d.ts

@@ -0,0 +1,123 @@
+import z from 'zod';
+import { PermissionRiskLevel } from '../classification-types.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+export declare function throwAsSfError(fileName: string, parseError: z.ZodError, rulePath?: PropertyKey[]): never;
+declare const PermissionsClassificationSchema: z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PermissionRiskLevel>;
+}, z.z.core.$strip>;
+declare const PermsClassificationsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PermissionRiskLevel>;
+}, z.z.core.$strip>>;
+declare const NamedPermissionsClassificationSchema: z.ZodObject<{
+    label: z.ZodOptional<z.ZodString>;
+    reason: z.ZodOptional<z.ZodString>;
+    classification: z.ZodEnum<typeof PermissionRiskLevel>;
+    name: z.ZodString;
+}, z.z.core.$strip>;
+declare const PolicyRuleConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    options: z.ZodOptional<z.ZodUnknown>;
+}, z.z.core.$strip>;
+declare const RuleMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    options: z.ZodOptional<z.ZodUnknown>;
+}, z.z.core.$strip>>;
+declare const PermSetConfig: z.ZodObject<{
+    preset: z.ZodEnum<typeof ProfilesRiskPreset>;
+}, z.z.core.$strip>;
+declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
+    preset: z.ZodEnum<typeof ProfilesRiskPreset>;
+}, z.z.core.$strip>>;
+export declare const UsersPolicyConfig: z.ZodObject<{
+    defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
+    analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
+}, z.z.core.$strict>;
+export declare const NoInactiveUsersOptionsSchema: z.ZodObject<{
+    daysAfterUserIsInactive: z.ZodDefault<z.ZodNumber>;
+}, z.z.core.$strict>;
+export declare const PolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+}, z.z.core.$strip>;
+export declare const ProfilesPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+    profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
+        preset: z.ZodEnum<typeof ProfilesRiskPreset>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const PermSetsPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+    permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
+        preset: z.ZodEnum<typeof ProfilesRiskPreset>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const PermissionsConfigFileSchema: z.ZodObject<{
+    permissions: z.ZodRecord<z.ZodString, z.ZodObject<{
+        label: z.ZodOptional<z.ZodString>;
+        reason: z.ZodOptional<z.ZodString>;
+        classification: z.ZodEnum<typeof PermissionRiskLevel>;
+    }, z.z.core.$strip>>;
+}, z.z.core.$strip>;
+export declare const UsersPolicyFileSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        options: z.ZodOptional<z.ZodUnknown>;
+    }, z.z.core.$strip>>>;
+    users: z.ZodRecord<z.ZodString, z.ZodObject<{
+        role: z.ZodEnum<typeof ProfilesRiskPreset>;
+    }, z.z.core.$strip>>;
+    options: z.ZodObject<{
+        defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
+        analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
+    }, z.z.core.$strict>;
+}, z.z.core.$strip>;
+export type PermissionsClassification = z.infer<typeof PermissionsClassificationSchema>;
+export type NamedPermissionsClassification = z.infer<typeof NamedPermissionsClassificationSchema>;
+export type PermsClassificationsMap = z.infer<typeof PermsClassificationsMapSchema>;
+export type PermissionsConfig = z.infer<typeof PermissionsConfigFileSchema>;
+export type NoInactiveUsersOptions = z.infer<typeof NoInactiveUsersOptionsSchema>;
+export type PolicyRuleConfig = z.infer<typeof PolicyRuleConfigSchema>;
+export type BasePolicyFileContent = z.infer<typeof PolicyFileSchema>;
+export type ProfilesPolicyFileContent = z.infer<typeof ProfilesPolicyFileSchema>;
+export type PermSetsPolicyFileContent = z.infer<typeof PermSetsPolicyFileSchema>;
+export type UsersPolicyFileContent = z.infer<typeof UsersPolicyFileSchema>;
+export type PermissionSetConfig = z.infer<typeof PermSetConfig>;
+export type PermissionSetLikeMap = z.infer<typeof PermSetMap>;
+export type RuleMap = z.infer<typeof RuleMapSchema>;
+export type ConfigFile<T> = {
+    filePath?: string;
+    content: T;
+};
+export type AuditRunConfigClassifications = {
+    userPermissions?: ConfigFile<PermissionsConfig>;
+    customPermissions?: ConfigFile<PermissionsConfig>;
+};
+export type AuditRunConfigPolicies = {
+    profiles?: ConfigFile<ProfilesPolicyFileContent>;
+    permissionSets?: ConfigFile<PermSetsPolicyFileContent>;
+    connectedApps?: ConfigFile<BasePolicyFileContent>;
+    users?: ConfigFile<UsersPolicyFileContent>;
+};
+export type AuditRunConfig = {
+    classifications: AuditRunConfigClassifications;
+    policies: AuditRunConfigPolicies;
+};
+export declare function isPermissionsConfig(cls: unknown): cls is ConfigFile<PermissionsConfig>;
+export declare function isPolicyConfig(cls: unknown): cls is ConfigFile<BasePolicyFileContent>;
+export {};

package/lib/libs/core/file-mgmt/schema.js

@@ -0,0 +1,69 @@
+import z from 'zod';
+import { Messages } from '@salesforce/core';
+import { PermissionRiskLevel } from '../classification-types.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+export function throwAsSfError(fileName, parseError, rulePath) {
+    const issues = parseError.issues.map((zodIssue) => {
+        const definitivePath = rulePath ? [...rulePath, ...zodIssue.path] : zodIssue.path;
+        return definitivePath.length > 0 ? `${zodIssue.message} in "${definitivePath.join('.')}"` : zodIssue.message;
+    });
+    throw messages.createError('error.InvalidConfigFileSchema', [fileName, issues.join(', ')]);
+}
+const PermissionsClassificationSchema = z.object({
+    /** UI Label */
+    label: z.string().optional(),
+    /** An optional description to explain the classification */
+    reason: z.string().optional(),
+    /** Risk assessment of the permissions */
+    classification: z.enum(PermissionRiskLevel),
+});
+const PermsClassificationsMapSchema = z.record(z.string(), PermissionsClassificationSchema);
+const NamedPermissionsClassificationSchema = PermissionsClassificationSchema.extend({
+    /** Developer name of the permission, used in metadata */
+    name: z.string(),
+});
+const PolicyRuleConfigSchema = z.object({
+    enabled: z.boolean().default(true),
+    options: z.unknown().optional(),
+});
+const RuleMapSchema = z.record(z.string(), PolicyRuleConfigSchema);
+const PermSetConfig = z.object({
+    preset: z.enum(ProfilesRiskPreset),
+});
+const PermSetMap = z.record(z.string(), PermSetConfig);
+const UserConfig = z.object({ role: z.enum(ProfilesRiskPreset) });
+const UsersMap = z.record(z.string(), UserConfig);
+export const UsersPolicyConfig = z.strictObject({
+    defaultRoleForMissingUsers: z.enum(ProfilesRiskPreset).default(ProfilesRiskPreset.STANDARD_USER),
+    analyseLastNDaysOfLoginHistory: z.number().optional(),
+});
+export const NoInactiveUsersOptionsSchema = z.strictObject({
+    daysAfterUserIsInactive: z.number().default(90),
+});
+// FILE CONTENT SCHEMATA
+export const PolicyFileSchema = z.object({
+    enabled: z.boolean().default(true),
+    rules: RuleMapSchema.default({}),
+});
+export const ProfilesPolicyFileSchema = PolicyFileSchema.extend({
+    profiles: PermSetMap,
+});
+export const PermSetsPolicyFileSchema = PolicyFileSchema.extend({
+    permissionSets: PermSetMap,
+});
+export const PermissionsConfigFileSchema = z.object({
+    permissions: z.record(z.string(), PermissionsClassificationSchema),
+});
+export const UsersPolicyFileSchema = PolicyFileSchema.extend({
+    users: UsersMap,
+    options: UsersPolicyConfig,
+});
+export function isPermissionsConfig(cls) {
+    return cls.content?.permissions !== undefined;
+}
+export function isPolicyConfig(cls) {
+    return cls.content?.rules !== undefined;
+}
+//# sourceMappingURL=schema.js.map

package/lib/libs/core/file-mgmt/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,KAAK,EAAE,QAAQ;IACf,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AA+CH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}

package/lib/libs/core/mdapi/mdapiRetriever.d.ts

@@ -0,0 +1,54 @@
+import { Connection } from '@salesforce/core';
+import { ConnectedAppSettings, PermissionSet, Profile as ProfileMetadata } from '@jsforce/jsforce-node/lib/api/metadata.js';
+import NamedMetadata from './namedMetadataType.js';
+import SingletonMetadata from './singletonMetadataType.js';
+import NamedMetadataQueryable from './namedMetadataToolingQueryable.js';
+export default class MDAPI {
+    private readonly connection;
+    private static readonly retrievers;
+    private readonly cache;
+    constructor(connection: Connection);
+    static create(connection: Connection): MDAPI;
+    /**
+     * Resolves one of the pre-configured metadata types and returns
+     * a map of resolved names and entire XML content of source file body.
+     *
+     * @param typeName
+     * @param componentNames
+     * @returns
+     */
+    resolve<K extends keyof typeof NamedTypesRegistry>(typeName: K, componentNames: string[]): Promise<NamedReturnTypes[K]>;
+    /**
+     * Resolves one of the pre-configured metadata types and returns
+     * the entire XML content of source file body.
+     *
+     * @param typeName
+     * @returns
+     */
+    resolveSingleton<K extends keyof typeof SingletonRegistry>(typeName: K): Promise<SingletonReturnTypes[K]>;
+    private cacheResults;
+    private fetchCached;
+}
+export declare const NamedTypesRegistry: {
+    PermissionSet: NamedMetadata<PermissionSetXml, "PermissionSet">;
+    Profile: NamedMetadataQueryable<ProfileXml, "Profile">;
+};
+export declare const SingletonRegistry: {
+    ConnectedAppSettings: SingletonMetadata<ConnectedAppSettingsXml, "ConnectedAppSettings">;
+};
+type NamedReturnTypes = {
+    [K in keyof typeof NamedTypesRegistry]: Awaited<ReturnType<(typeof NamedTypesRegistry)[K]['resolve']>>;
+};
+type SingletonReturnTypes = {
+    [K in keyof typeof SingletonRegistry]: Awaited<ReturnType<(typeof SingletonRegistry)[K]['resolve']>>;
+};
+type ProfileXml = {
+    Profile: ProfileMetadata;
+};
+type PermissionSetXml = {
+    PermissionSet: PermissionSet;
+};
+type ConnectedAppSettingsXml = {
+    ConnectedAppSettings: ConnectedAppSettings;
+};
+export {};

package/lib/libs/core/mdapi/mdapiRetriever.js

@@ -0,0 +1,123 @@
+import { XMLParser } from 'fast-xml-parser';
+import NamedMetadata from './namedMetadataType.js';
+import SingletonMetadata from './singletonMetadataType.js';
+import NamedMetadataQueryable from './namedMetadataToolingQueryable.js';
+export default class MDAPI {
+    connection;
+    static retrievers = new Map();
+    cache;
+    constructor(connection) {
+        this.connection = connection;
+        this.cache = new MetadataCache();
+    }
+    static create(connection) {
+        if (!this.retrievers.has(connection.instanceUrl)) {
+            this.retrievers.set(connection.instanceUrl, new MDAPI(connection));
+        }
+        return this.retrievers.get(connection.instanceUrl);
+    }
+    /**
+     * Resolves one of the pre-configured metadata types and returns
+     * a map of resolved names and entire XML content of source file body.
+     *
+     * @param typeName
+     * @param componentNames
+     * @returns
+     */
+    async resolve(typeName, componentNames) {
+        const retriever = NamedTypesRegistry[typeName];
+        const { toRetrieve, cached } = this.fetchCached(componentNames);
+        if (toRetrieve.length > 0) {
+            const retrieveResults = await retriever.resolve(this.connection, toRetrieve);
+            this.cacheResults(retrieveResults);
+            return {
+                ...cached,
+                ...retrieveResults,
+            };
+        }
+        return cached;
+    }
+    /**
+     * Resolves one of the pre-configured metadata types and returns
+     * the entire XML content of source file body.
+     *
+     * @param typeName
+     * @returns
+     */
+    async resolveSingleton(typeName) {
+        const retriever = SingletonRegistry[typeName];
+        const { toRetrieve, cached } = this.fetchCached([typeName]);
+        if (toRetrieve.length > 0) {
+            const retrieveResults = await retriever.resolve(this.connection);
+            this.cache.set(typeName, retrieveResults);
+            return retrieveResults;
+        }
+        return cached[typeName];
+    }
+    cacheResults(results) {
+        for (const [cname, mdata] of Object.entries(results)) {
+            this.cache.set(cname, mdata);
+        }
+    }
+    fetchCached(componentNames) {
+        const toRetrieve = [];
+        const cached = {};
+        for (const cname of componentNames) {
+            if (this.cache.isCached(cname)) {
+                cached[cname] = this.cache.fetch(cname);
+            }
+            else {
+                toRetrieve.push(cname);
+            }
+        }
+        return { toRetrieve, cached };
+    }
+}
+class MetadataCache {
+    components = {};
+    isCached(cmpName) {
+        return this.components[cmpName] !== undefined && this.components[cmpName] !== null;
+    }
+    fetch(cmpName) {
+        if (!this.isCached(cmpName)) {
+            throw new Error('Component not cached. Check first before fetching: ' + cmpName);
+        }
+        return this.components[cmpName];
+    }
+    set(cmpName, content) {
+        this.components[cmpName] = content;
+    }
+}
+export const NamedTypesRegistry = {
+    PermissionSet: new NamedMetadata({
+        retrieveType: 'PermissionSet',
+        rootNodeName: 'PermissionSet',
+        parser: new XMLParser({
+            isArray: (jpath) => ['userPermissions', 'fieldPermissions', 'customPermissions', 'classAccesses'].includes(jpath),
+        }),
+        parsePostProcessor: (parseResult) => ({
+            ...parseResult,
+            userPermissions: parseResult.userPermissions ?? [],
+            customPermissions: parseResult.customPermissions ?? [],
+            classAccesses: parseResult.classAccesses ?? [],
+        }),
+    }),
+    Profile: new NamedMetadataQueryable({
+        objectName: 'Profile',
+        nameField: 'Name',
+        parsePostProcessor: (parseResult) => ({
+            ...parseResult,
+            userPermissions: parseResult.userPermissions ?? [],
+            customPermissions: parseResult.customPermissions ?? [],
+            classAccesses: parseResult.classAccesses ?? [],
+        }),
+    }),
+};
+export const SingletonRegistry = {
+    ConnectedAppSettings: new SingletonMetadata({
+        rootNodeName: 'ConnectedAppSettings',
+        retrieveName: 'ConnectedApp',
+        retrieveType: 'Settings',
+    }),
+};
+//# sourceMappingURL=mdapiRetriever.js.map

package/lib/libs/core/mdapi/mdapiRetriever.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mdapiRetriever.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/mdapiRetriever.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAO5C,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAC3D,OAAO,sBAAsB,MAAM,oCAAoC,CAAC;AAExE,MAAM,CAAC,OAAO,OAAO,KAAK;IAIY;IAH5B,MAAM,CAAU,UAAU,GAAG,IAAI,GAAG,EAAiB,CAAC;IAC7C,KAAK,CAAgB;IAEtC,YAAoC,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QACxD,IAAI,CAAC,KAAK,GAAG,IAAI,aAAa,EAAE,CAAC;IACnC,CAAC;IAEM,MAAM,CAAC,MAAM,CAAC,UAAsB;QACzC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAE,CAAC;IACtD,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAClB,QAAW,EACX,cAAwB;QAExB,MAAM,SAAS,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAC7E,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YACnC,OAAO;gBACL,GAAG,MAAM;gBACT,GAAG,eAAe;aACI,CAAC;QAC3B,CAAC;QACD,OAAO,MAA6B,CAAC;IACvC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,gBAAgB,CAC3B,QAAW;QAEX,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;YAC1C,OAAO,eAA0C,CAAC;QACpD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,CAA4B,CAAC;IACrD,CAAC;IAEO,YAAY,CAAC,OAAiC;QACpD,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,cAAwB;QAC1C,MAAM,UAAU,GAAG,EAAE,CAAC;QACtB,MAAM,MAAM,GAA6B,EAAE,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;IAChC,CAAC;;AAGH,MAAM,aAAa;IACT,UAAU,GAA6B,EAAE,CAAC;IAE3C,QAAQ,CAAC,OAAe;QAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;IACrF,CAAC;IAEM,KAAK,CAAC,OAAe;QAC1B,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,qDAAqD,GAAG,OAAO,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAEM,GAAG,CAAC,OAAe,EAAE,OAAiB;QAC3C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACrC,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;SAChG,CAAC;QACF,kBAAkB,EAAE,CAAC,WAAW,EAAiB,EAAE,CAAC,CAAC;YACnD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;SAC/C,CAAC;KACH,CAAC;IACF,OAAO,EAAE,IAAI,sBAAsB,CAAwB;QACzD,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,MAAM;QACjB,kBAAkB,EAAE,CAAC,WAAW,EAAmB,EAAE,CAAC,CAAC;YACrD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;SAC/C,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,oBAAoB,EAAE,IAAI,iBAAiB,CAAkD;QAC3F,YAAY,EAAE,sBAAsB;QACpC,YAAY,EAAE,cAAc;QAC5B,YAAY,EAAE,UAAU;KACzB,CAAC;CACH,CAAC"}

package/lib/libs/core/mdapi/metadataRegistryEntry.d.ts

@@ -0,0 +1,40 @@
+import { PathLike } from 'node:fs';
+import { XMLParser } from 'fast-xml-parser';
+import { ComponentSet, FileResponse, RetrieveResult } from '@salesforce/source-deploy-retrieve';
+import { Connection } from '@salesforce/core';
+export type MetadataRegistryEntryOpts<Type, Key extends keyof Type> = {
+    /**
+     * Metadata API name of the type.
+     */
+    retrieveType: string;
+    /**
+     * Metadata API name entity.
+     */
+    retrieveName?: string;
+    /**
+     * Optional XML parser instance. Typically used to fix errors for
+     * properties that must be parsed as list.
+     */
+    parser?: XMLParser;
+    /**
+     * Name of the root node in XML file content
+     */
+    rootNodeName: Key;
+    /**
+     * Post processor function that sanitises the XML parse result
+     */
+    parsePostProcessor?: (parseResult: Type[Key]) => Type[Key];
+};
+export type NamedMetadataResolver<Type> = {
+    resolve(con: Connection, componentNames: string[]): Promise<Record<string, Type>>;
+};
+export default abstract class MetadataRegistryEntry<Type, Key extends keyof Type> {
+    private opts;
+    parser: XMLParser;
+    retrieveType: string;
+    rootNodeName: Key;
+    constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
+    parse(fullFilePath: PathLike): Type[Key];
+}
+export declare function retrieve(compSet: ComponentSet, con: Connection): Promise<RetrieveResult>;
+export declare function cleanRetrieveDir(files: FileResponse[]): void;