@spottoai/types-package 1.0.2-beta.27 → 1.0.2-beta.271

package/dist/accounts/readPermissions.js

@@ -0,0 +1,148 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLOUD_ACCOUNT_READ_PERMISSIONS_METADATA = exports.SUBSCRIPTION_READ_PERMISSIONS_METADATA = exports.CloudAccountReadPermission = exports.SubscriptionReadPermission = void 0;
+/**
+ * Subscription-scoped read capability bitmask enum.
+ * Each capability maps to a single bit.
+ */
+var SubscriptionReadPermission;
+(function (SubscriptionReadPermission) {
+    /** Permission to read Azure Monitor metrics. */
+    SubscriptionReadPermission[SubscriptionReadPermission["MonitoringReader"] = 1] = "MonitoringReader";
+    /** Permission to run Log Analytics / App Insights data queries. */
+    SubscriptionReadPermission[SubscriptionReadPermission["LogAnalyticsDataReader"] = 2] = "LogAnalyticsDataReader";
+    /** Permission to read subscription resource groups. */
+    SubscriptionReadPermission[SubscriptionReadPermission["ResourceGroupsReader"] = 4] = "ResourceGroupsReader";
+    /** Permission to read subscription resource inventory. */
+    SubscriptionReadPermission[SubscriptionReadPermission["ResourceInventoryReader"] = 8] = "ResourceInventoryReader";
+    /** Permission to read Azure Activity Log events. */
+    SubscriptionReadPermission[SubscriptionReadPermission["ActivityLogReader"] = 16] = "ActivityLogReader";
+    /** Permission to run Azure Resource Graph queries. */
+    SubscriptionReadPermission[SubscriptionReadPermission["ResourceGraphReader"] = 32] = "ResourceGraphReader";
+    /** Permission to read Azure Cost Management query results. */
+    SubscriptionReadPermission[SubscriptionReadPermission["CostManagementReader"] = 64] = "CostManagementReader";
+    /** Permission to read Azure Consumption usage details. */
+    SubscriptionReadPermission[SubscriptionReadPermission["ConsumptionUsageReader"] = 128] = "ConsumptionUsageReader";
+    /** Permission to read Azure Advisor recommendations and Advisor score. */
+    SubscriptionReadPermission[SubscriptionReadPermission["AdvisorRecommendationsReader"] = 256] = "AdvisorRecommendationsReader";
+    /** Permission to read Defender for Cloud security posture data. */
+    SubscriptionReadPermission[SubscriptionReadPermission["SecurityReader"] = 512] = "SecurityReader";
+})(SubscriptionReadPermission || (exports.SubscriptionReadPermission = SubscriptionReadPermission = {}));
+/**
+ * Cloud-account-scoped read capability bitmask enum.
+ * Each capability maps to a single bit.
+ */
+var CloudAccountReadPermission;
+(function (CloudAccountReadPermission) {
+    /** Permission to read management group entities. */
+    CloudAccountReadPermission[CloudAccountReadPermission["ManagementGroupReader"] = 1] = "ManagementGroupReader";
+    /** Permission to read reservation resources and related consumption artifacts. */
+    CloudAccountReadPermission[CloudAccountReadPermission["ReservationsReader"] = 2] = "ReservationsReader";
+    /** Permission to read savings plan resources. */
+    CloudAccountReadPermission[CloudAccountReadPermission["SavingsPlanReader"] = 4] = "SavingsPlanReader";
+    /** Permission to read Microsoft Graph applications/service principals. */
+    CloudAccountReadPermission[CloudAccountReadPermission["GraphApplicationReadAll"] = 8] = "GraphApplicationReadAll";
+})(CloudAccountReadPermission || (exports.CloudAccountReadPermission = CloudAccountReadPermission = {}));
+exports.SUBSCRIPTION_READ_PERMISSIONS_METADATA = [
+    {
+        id: SubscriptionReadPermission.MonitoringReader,
+        displayName: 'Monitoring Reader',
+        description: 'Allows Spotto to read Azure Monitor metrics for subscription resources.',
+        requiredRoles: ['Monitoring Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/azure-monitor/roles-permissions-security',
+    },
+    {
+        id: SubscriptionReadPermission.LogAnalyticsDataReader,
+        displayName: 'Log Analytics Data Reader',
+        description: 'Allows Spotto to run Log Analytics and App Insights data queries.',
+        requiredRoles: ['Log Analytics Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/azure-monitor/logs/manage-access',
+    },
+    {
+        id: SubscriptionReadPermission.ResourceGroupsReader,
+        displayName: 'Resource Groups Reader',
+        description: 'Allows Spotto to read resource groups for subscription inventory and grouping.',
+        requiredRoles: ['Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general#reader',
+    },
+    {
+        id: SubscriptionReadPermission.ResourceInventoryReader,
+        displayName: 'Resource Inventory Reader',
+        description: 'Allows Spotto to read subscription resources for inventory, recommendations, relationship graph, and portal/plugin views.',
+        requiredRoles: ['Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general#reader',
+    },
+    {
+        id: SubscriptionReadPermission.ActivityLogReader,
+        displayName: 'Activity Log Reader',
+        description: 'Allows Spotto to read Azure Activity Log events for operational context and refresh decisions.',
+        requiredRoles: ['Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log',
+    },
+    {
+        id: SubscriptionReadPermission.ResourceGraphReader,
+        displayName: 'Resource Graph Reader',
+        description: 'Allows Spotto to run Azure Resource Graph queries used by inventory, governance, reliability, and security checks.',
+        requiredRoles: ['Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/governance/resource-graph/overview',
+    },
+    {
+        id: SubscriptionReadPermission.CostManagementReader,
+        displayName: 'Cost Management Reader',
+        description: 'Allows Spotto to read scoped Azure Cost Management data for costs, budgets, and savings calculations.',
+        requiredRoles: ['Cost Management Reader', 'Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/assign-access-acm-data',
+    },
+    {
+        id: SubscriptionReadPermission.ConsumptionUsageReader,
+        displayName: 'Consumption Usage Reader',
+        description: 'Allows Spotto to read Azure usage detail rows for usage attribution and commitment analysis.',
+        requiredRoles: ['Cost Management Reader', 'Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/rest/api/consumption/usage-details/list',
+    },
+    {
+        id: SubscriptionReadPermission.AdvisorRecommendationsReader,
+        displayName: 'Advisor Reader',
+        description: 'Allows Spotto to read Azure Advisor recommendations and Advisor score for recommendation import and optimization workflows.',
+        requiredRoles: ['Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/advisor/advisor-overview',
+    },
+    {
+        id: SubscriptionReadPermission.SecurityReader,
+        displayName: 'Security Reader',
+        description: 'Allows Spotto to read Defender for Cloud assessments, secure score, and security posture data.',
+        requiredRoles: ['Security Reader', 'Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions',
+    },
+];
+exports.CLOUD_ACCOUNT_READ_PERMISSIONS_METADATA = [
+    {
+        id: CloudAccountReadPermission.ManagementGroupReader,
+        displayName: 'Management Group Reader',
+        description: 'Allows Spotto to read tenant management group entities.',
+        requiredRoles: ['Management Group Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/governance/management-groups/how-to/protect-resource-hierarchy',
+    },
+    {
+        id: CloudAccountReadPermission.ReservationsReader,
+        displayName: 'Reservations Reader',
+        description: 'Allows Spotto to read reservation resources and reservation usage artifacts.',
+        requiredRoles: ['Reservations Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/cost-management-billing/reservations/view-reservations',
+    },
+    {
+        id: CloudAccountReadPermission.SavingsPlanReader,
+        displayName: 'Savings Plan Reader',
+        description: 'Allows Spotto to read savings plan resources.',
+        requiredRoles: ['Savings plan Reader'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/cost-management-billing/savings-plan/view-utilization',
+    },
+    {
+        id: CloudAccountReadPermission.GraphApplicationReadAll,
+        displayName: 'Graph Application Read.All',
+        description: 'Allows Spotto to read Microsoft Graph applications and service principals.',
+        requiredRoles: ['Application.Read.All'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/graph/permissions-reference#applicationreadall',
+    },
+];
+//# sourceMappingURL=readPermissions.js.map

package/dist/accounts/readPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"readPermissions.js","sourceRoot":"","sources":["../../src/accounts/readPermissions.ts"],"names":[],"mappings":";;;AAcA;;;GAGG;AACH,IAAY,0BAqBX;AArBD,WAAY,0BAA0B;IACpC,gDAAgD;IAChD,mGAAyB,CAAA;IACzB,mEAAmE;IACnE,+GAA+B,CAAA;IAC/B,uDAAuD;IACvD,2GAA6B,CAAA;IAC7B,0DAA0D;IAC1D,iHAAgC,CAAA;IAChC,oDAAoD;IACpD,sGAA0B,CAAA;IAC1B,sDAAsD;IACtD,0GAA4B,CAAA;IAC5B,8DAA8D;IAC9D,4GAA6B,CAAA;IAC7B,0DAA0D;IAC1D,iHAA+B,CAAA;IAC/B,0EAA0E;IAC1E,6HAAqC,CAAA;IACrC,mEAAmE;IACnE,iGAAuB,CAAA;AACzB,CAAC,EArBW,0BAA0B,0CAA1B,0BAA0B,QAqBrC;AAED;;;GAGG;AACH,IAAY,0BASX;AATD,WAAY,0BAA0B;IACpC,oDAAoD;IACpD,6GAA8B,CAAA;IAC9B,kFAAkF;IAClF,uGAA2B,CAAA;IAC3B,iDAAiD;IACjD,qGAA0B,CAAA;IAC1B,0EAA0E;IAC1E,iHAAgC,CAAA;AAClC,CAAC,EATW,0BAA0B,0CAA1B,0BAA0B,QASrC;AAwBY,QAAA,sCAAsC,GAAyC;IAC1F;QACE,EAAE,EAAE,0BAA0B,CAAC,gBAAgB;QAC/C,WAAW,EAAE,mBAAmB;QAChC,WAAW,EAAE,yEAAyE;QACtF,aAAa,EAAE,CAAC,mBAAmB,CAAC;QACpC,gBAAgB,EAAE,kFAAkF;KACrG;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,sBAAsB;QACrD,WAAW,EAAE,2BAA2B;QACxC,WAAW,EAAE,mEAAmE;QAChF,aAAa,EAAE,CAAC,sBAAsB,CAAC;QACvC,gBAAgB,EAAE,0EAA0E;KAC7F;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,oBAAoB;QACnD,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,gFAAgF;QAC7F,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,gBAAgB,EAAE,iGAAiG;KACpH;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,uBAAuB;QACtD,WAAW,EAAE,2BAA2B;QACxC,WAAW,EAAE,2HAA2H;QACxI,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,gBAAgB,EAAE,iGAAiG;KACpH;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,iBAAiB;QAChD,WAAW,EAAE,qBAAqB;QAClC,WAAW,EAAE,gGAAgG;QAC7G,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,gBAAgB,EAAE,+EAA+E;KAClG;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,mBAAmB;QAClD,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,oHAAoH;QACjI,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,gBAAgB,EAAE,4EAA4E;KAC/F;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,oBAAoB;QACnD,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,uGAAuG;QACpH,aAAa,EAAE,CAAC,wBAAwB,EAAE,QAAQ,CAAC;QACnD,gBAAgB,EAAE,8FAA8F;KACjH;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,sBAAsB;QACrD,WAAW,EAAE,0BAA0B;QACvC,WAAW,EAAE,8FAA8F;QAC3G,aAAa,EAAE,CAAC,wBAAwB,EAAE,QAAQ,CAAC;QACnD,gBAAgB,EAAE,2EAA2E;KAC9F;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,4BAA4B;QAC3D,WAAW,EAAE,gBAAgB;QAC7B,WAAW,EAAE,6HAA6H;QAC1I,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,gBAAgB,EAAE,kEAAkE;KACrF;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,cAAc;QAC7C,WAAW,EAAE,iBAAiB;QAC9B,WAAW,EAAE,gGAAgG;QAC7G,aAAa,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC;QAC5C,gBAAgB,EAAE,wEAAwE;KAC3F;CACF,CAAC;AAEW,QAAA,uCAAuC,GAAyC;IAC3F;QACE,EAAE,EAAE,0BAA0B,CAAC,qBAAqB;QACpD,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,yDAAyD;QACtE,aAAa,EAAE,CAAC,yBAAyB,CAAC;QAC1C,gBAAgB,EAAE,wGAAwG;KAC3H;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,kBAAkB;QACjD,WAAW,EAAE,qBAAqB;QAClC,WAAW,EAAE,8EAA8E;QAC3F,aAAa,EAAE,CAAC,qBAAqB,CAAC;QACtC,gBAAgB,EAAE,gGAAgG;KACnH;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,iBAAiB;QAChD,WAAW,EAAE,qBAAqB;QAClC,WAAW,EAAE,+CAA+C;QAC5D,aAAa,EAAE,CAAC,qBAAqB,CAAC;QACtC,gBAAgB,EAAE,+FAA+F;KAClH;IACD;QACE,EAAE,EAAE,0BAA0B,CAAC,uBAAuB;QACtD,WAAW,EAAE,4BAA4B;QACzC,WAAW,EAAE,4EAA4E;QACzF,aAAa,EAAE,CAAC,sBAAsB,CAAC;QACvC,gBAAgB,EAAE,kFAAkF;KACrG;CACF,CAAC"}

package/dist/accounts/validation.d.ts

@@ -0,0 +1,91 @@
+import type { SubscriptionAccount } from './accounts';
+export type SubscriptionValidationStatus = 'confirmed' | 'forbidden' | 'unauthorized' | 'throttled' | 'unavailable';
+export interface SubscriptionReadValidationResult {
+    subscription: SubscriptionAccount;
+    valid: boolean;
+    status: SubscriptionValidationStatus;
+    statusCode: number;
+    message?: string;
+}
+export interface CloudAccountReadAccessValidation {
+    valid: boolean;
+    subscriptions: SubscriptionAccount[];
+    subscriptionResults: SubscriptionReadValidationResult[];
+}
+export interface CloudAccountWriteAccessValidation {
+    valid: boolean;
+    subscriptions: SubscriptionAccount[];
+}
+export type CloudAccountCapabilityValidationStatus = 'confirmed' | 'missing' | 'notApplicable' | 'notTested' | 'warning' | 'unknown';
+export type CloudAccountCapabilityValidationScope = 'tenant' | 'subscription' | 'resource' | 'write';
+export interface CloudAccountCapabilityValidationResult {
+    key: string;
+    section: string;
+    scope: CloudAccountCapabilityValidationScope;
+    status: CloudAccountCapabilityValidationStatus;
+    severity: 'required' | 'recommended' | 'optional';
+    displayName: string;
+    description: string;
+    requiredRoles: string[];
+    affectedFeatures: string[];
+    documentationUrl?: string;
+    testedBy: string;
+    subscriptionId?: string;
+    statusCode?: number;
+    message?: string;
+}
+export interface CloudAccountValidationResult {
+    valid: boolean;
+    readAccess: CloudAccountReadAccessValidation;
+    writeAccess?: CloudAccountWriteAccessValidation;
+    capabilityChecks?: CloudAccountCapabilityValidationResult[];
+}
+export interface CloudAccountCapabilityValidationProgress {
+    result: CloudAccountCapabilityValidationResult;
+    completed: number;
+    total: number;
+}
+export interface CloudAccountCapabilityValidationPlan {
+    tenantCheckCount: number;
+    subscriptionCheckCount: number;
+    subscriptionCount: number;
+    totalCheckCount: number;
+}
+export type CloudAccountValidationStreamEvent = {
+    event: 'started';
+    message: string;
+} | {
+    event: 'readAccessStarted';
+    message: string;
+} | {
+    event: 'subscriptionsDiscovered';
+    message: string;
+    readAccess: CloudAccountReadAccessValidation;
+    visibleSubscriptionCount: number;
+    readableSubscriptionCount: number;
+} | {
+    event: 'capabilityStarted';
+    message: string;
+    plan: CloudAccountCapabilityValidationPlan;
+} | {
+    event: 'capabilityResult';
+    message: string;
+    result: CloudAccountCapabilityValidationResult;
+    completed: number;
+    total: number;
+} | {
+    event: 'writeAccessStarted';
+    message: string;
+} | {
+    event: 'writeAccessCompleted';
+    message: string;
+    writeAccess: CloudAccountWriteAccessValidation;
+} | {
+    event: 'completed';
+    message: string;
+    result: CloudAccountValidationResult;
+} | {
+    event: 'error';
+    message: string;
+};
+//# sourceMappingURL=validation.d.ts.map

package/dist/accounts/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/accounts/validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEtD,MAAM,MAAM,4BAA4B,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,CAAC;AAEpH,MAAM,WAAW,gCAAgC;IAC/C,YAAY,EAAE,mBAAmB,CAAC;IAClC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,4BAA4B,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gCAAgC;IAC/C,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,EAAE,mBAAmB,EAAE,CAAC;IACrC,mBAAmB,EAAE,gCAAgC,EAAE,CAAC;CACzD;AAED,MAAM,WAAW,iCAAiC;IAChD,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,EAAE,mBAAmB,EAAE,CAAC;CACtC;AAED,MAAM,MAAM,sCAAsC,GAC9C,WAAW,GACX,SAAS,GACT,eAAe,GACf,WAAW,GACX,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,MAAM,qCAAqC,GAAG,QAAQ,GAAG,cAAc,GAAG,UAAU,GAAG,OAAO,CAAC;AAErG,MAAM,WAAW,sCAAsC;IACrD,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,qCAAqC,CAAC;IAC7C,MAAM,EAAE,sCAAsC,CAAC;IAC/C,QAAQ,EAAE,UAAU,GAAG,aAAa,GAAG,UAAU,CAAC;IAClD,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,gCAAgC,CAAC;IAC7C,WAAW,CAAC,EAAE,iCAAiC,CAAC;IAChD,gBAAgB,CAAC,EAAE,sCAAsC,EAAE,CAAC;CAC7D;AAED,MAAM,WAAW,wCAAwC;IACvD,MAAM,EAAE,sCAAsC,CAAC;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,oCAAoC;IACnD,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,MAAM,iCAAiC,GACzC;IACE,KAAK,EAAE,SAAS,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB,GACD;IACE,KAAK,EAAE,mBAAmB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB,GACD;IACE,KAAK,EAAE,yBAAyB,CAAC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,gCAAgC,CAAC;IAC7C,wBAAwB,EAAE,MAAM,CAAC;IACjC,yBAAyB,EAAE,MAAM,CAAC;CACnC,GACD;IACE,KAAK,EAAE,mBAAmB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,oCAAoC,CAAC;CAC5C,GACD;IACE,KAAK,EAAE,kBAAkB,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,sCAAsC,CAAC;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf,GACD;IACE,KAAK,EAAE,oBAAoB,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;CACjB,GACD;IACE,KAAK,EAAE,sBAAsB,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,iCAAiC,CAAC;CAChD,GACD;IACE,KAAK,EAAE,WAAW,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,4BAA4B,CAAC;CACtC,GACD;IACE,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC"}

package/dist/accounts/validation.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=validation.js.map

package/dist/accounts/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/accounts/validation.ts"],"names":[],"mappings":""}

package/dist/accounts/writePermissions.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Write Permission Bitmask Enum
+ * Each permission gets a unique bit position for efficient storage
+ */
+export declare enum WritePermission {
+    /** Permission to dismiss Azure Advisor recommendations */
+    DismissRecommendations = 1,// 1
+    /** Permission to enable storage inventory reports on storage accounts */
+    StorageInventory = 2
+}
+/**
+ * Metadata for a write permission
+ * Contains display information, required roles, and documentation links
+ */
+export interface WritePermissionMetadata {
+    /** Unique identifier matching the WritePermission enum */
+    id: WritePermission;
+    /** Human-readable display name */
+    displayName: string;
+    /** Description of what this permission allows */
+    description: string;
+    /** Required Azure RBAC role(s) for this permission */
+    requiredRoles: string[];
+    /** URL to documentation about this permission */
+    documentationUrl?: string;
+    /** URL to script generator for creating custom roles */
+    scriptGeneratorUrl?: string;
+}
+/**
+ * Permission metadata array
+ * Define all available write permissions with their metadata
+ */
+export declare const WRITE_PERMISSIONS_METADATA: WritePermissionMetadata[];
+//# sourceMappingURL=writePermissions.d.ts.map

package/dist/accounts/writePermissions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"writePermissions.d.ts","sourceRoot":"","sources":["../../src/accounts/writePermissions.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,oBAAY,eAAe;IACzB,0DAA0D;IAC1D,sBAAsB,IAAS,CAAE,IAAI;IACrC,yEAAyE;IACzE,gBAAgB,IAAS;CAC1B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,0DAA0D;IAC1D,EAAE,EAAE,eAAe,CAAC;IACpB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,iDAAiD;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,iDAAiD;IACjD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wDAAwD;IACxD,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,uBAAuB,EAiB/D,CAAC"}

package/dist/accounts/writePermissions.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WRITE_PERMISSIONS_METADATA = exports.WritePermission = void 0;
+/**
+ * Write Permission Bitmask Enum
+ * Each permission gets a unique bit position for efficient storage
+ */
+var WritePermission;
+(function (WritePermission) {
+    /** Permission to dismiss Azure Advisor recommendations */
+    WritePermission[WritePermission["DismissRecommendations"] = 1] = "DismissRecommendations";
+    /** Permission to enable storage inventory reports on storage accounts */
+    WritePermission[WritePermission["StorageInventory"] = 2] = "StorageInventory";
+})(WritePermission || (exports.WritePermission = WritePermission = {}));
+/**
+ * Permission metadata array
+ * Define all available write permissions with their metadata
+ */
+exports.WRITE_PERMISSIONS_METADATA = [
+    {
+        id: WritePermission.DismissRecommendations,
+        displayName: 'Dismiss Azure Advisor Recommendations',
+        description: 'Allows Spotto to dismiss recommendations in Azure when dismissed here.',
+        requiredRoles: ['Advisor Recommendations Contributor'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/advisor/permissions',
+        scriptGeneratorUrl: '/scripts/advisor-role',
+    },
+    {
+        id: WritePermission.StorageInventory,
+        displayName: 'Enable Storage Inventory Reports',
+        description: 'Allows Spotto to enable blob inventory on storage accounts you select.',
+        requiredRoles: ['Storage Account Contributor'],
+        documentationUrl: 'https://learn.microsoft.com/en-us/azure/storage/blobs/blob-inventory',
+        scriptGeneratorUrl: '/scripts/storage-role',
+    },
+];
+//# sourceMappingURL=writePermissions.js.map

package/dist/accounts/writePermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"writePermissions.js","sourceRoot":"","sources":["../../src/accounts/writePermissions.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,IAAY,eAKX;AALD,WAAY,eAAe;IACzB,0DAA0D;IAC1D,yFAA+B,CAAA;IAC/B,yEAAyE;IACzE,6EAAyB,CAAA;AAC3B,CAAC,EALW,eAAe,+BAAf,eAAe,QAK1B;AAqBD;;;GAGG;AACU,QAAA,0BAA0B,GAA8B;IACnE;QACE,EAAE,EAAE,eAAe,CAAC,sBAAsB;QAC1C,WAAW,EAAE,uCAAuC;QACpD,WAAW,EAAE,wEAAwE;QACrF,aAAa,EAAE,CAAC,qCAAqC,CAAC;QACtD,gBAAgB,EAAE,6DAA6D;QAC/E,kBAAkB,EAAE,uBAAuB;KAC5C;IACD;QACE,EAAE,EAAE,eAAe,CAAC,gBAAgB;QACpC,WAAW,EAAE,kCAAkC;QAC/C,WAAW,EAAE,wEAAwE;QACrF,aAAa,EAAE,CAAC,6BAA6B,CAAC;QAC9C,gBAAgB,EAAE,sEAAsE;QACxF,kBAAkB,EAAE,uBAAuB;KAC5C;CACF,CAAC"}