azp-cli 0.0.1

package/.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
+}

package/.vscode/launch.json

@@ -0,0 +1,25 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug CLI",
+      "program": "${workspaceFolder}/src/index.ts",
+      "preLaunchTask": "npm: build",
+      "skipFiles": ["<node_internals>/**"],
+      "outFiles": ["${workspaceFolder}/dist/**/*.js"],
+      "sourceMaps": true,
+      "console": "integratedTerminal"
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug Current TS File",
+      "program": "${file}",
+      "runtimeArgs": ["-r", "ts-node/register"],
+      "skipFiles": ["<node_internals>/**"],
+      "console": "integratedTerminal"
+    }
+  ]
+}

package/.vscode/settings.json

@@ -0,0 +1,25 @@
+{
+  "editor.formatOnSave": true,
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit",
+    "source.organizeImports": "explicit"
+  },
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "[typescript]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "[json]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "typescript.tsdk": "node_modules/typescript/lib",
+  "typescript.preferences.importModuleSpecifier": "non-relative",
+  "files.exclude": {
+    "**/node_modules": true,
+    "**/dist": true
+  },
+  "search.exclude": {
+    "**/node_modules": true,
+    "**/dist": true,
+    "**/pnpm-lock.yaml": true
+  }
+}

package/.vscode/tasks.json

@@ -0,0 +1,28 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "type": "npm",
+      "script": "build",
+      "group": {
+        "kind": "build",
+        "isDefault": true
+      },
+      "problemMatcher": ["$tsc"],
+      "label": "npm: build"
+    },
+    {
+      "type": "npm",
+      "script": "dev",
+      "problemMatcher": ["$tsc"],
+      "label": "npm: dev",
+      "isBackground": true
+    },
+    {
+      "type": "npm",
+      "script": "lint",
+      "problemMatcher": ["$eslint-stylish"],
+      "label": "npm: lint"
+    }
+  ]
+}

package/README.md

@@ -0,0 +1,203 @@
+# Azure PIM CLI (azp-cli)
+
+A command-line interface tool for managing Azure Privileged Identity Management (PIM) role activations directly from your terminal.
+
+![Terminal UI](https://img.shields.io/badge/Terminal-UI-cyan)
+![TypeScript](https://img.shields.io/badge/TypeScript-5.9-blue)
+![License](https://img.shields.io/badge/License-ISC-green)
+
+## Features
+
+- 🔐 **Role Activation** - Quickly activate eligible Azure PIM roles
+- 🔓 **Role Deactivation** - Deactivate active roles when no longer needed
+- 📋 **Interactive Menu** - User-friendly menu-driven interface
+- ✨ **Beautiful UI** - Polished terminal experience with spinners and colors
+- 🔄 **Multi-role Support** - Activate or deactivate multiple roles at once
+- 📊 **Status Tracking** - Real-time feedback on activation/deactivation status
+
+## Prerequisites
+
+Before using azp-cli, ensure you have:
+
+1. **Node.js** (v18 or higher)
+2. **Azure CLI** installed and configured
+3. **Azure account** with PIM-eligible roles
+
+### Azure CLI Setup
+
+```bash
+# Install Azure CLI (if not installed)
+# See: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
+
+# Login to Azure
+az login
+
+# Verify you're logged in
+az account show
+```
+
+## Installation
+
+### From Source
+
+```bash
+# Clone the repository
+git clone https://github.com/tapanmeena/azp-cli.git
+cd azp-cli
+
+# Install dependencies
+pnpm install
+# or
+npm install
+
+# Build the project
+pnpm build
+# or
+npm run build
+```
+
+## Usage
+
+### Running the CLI
+
+```bash
+# Development mode
+pnpm dev
+# or
+npm run dev
+
+# After building
+node dist/index.js
+```
+
+### Commands
+
+| Command | Alias | Description |
+|---------|-------|-------------|
+| `activate` | `a` | Activate a role in Azure PIM (default) |
+| `deactivate` | `d` | Deactivate a role in Azure PIM |
+| `help` | - | Display help information |
+
+### Example Session
+
+```
+╔════════════════════════════════════════════════════╗
+║     Azure PIM CLI - Role Activation Manager        ║
+╚════════════════════════════════════════════════════╝
+
+✔ Authentication successful
+
+┌─ User Information ──────────────────────────────────
+│ Name: John Doe
+│ Email: john@example.com
+└──────────────────────────────────────────────────────
+
+✔ Found 3 subscription(s)
+
+? What would you like to do?
+❯ ▶ Activate Role(s)
+  ◼ Deactivate Role(s)
+  ✕ Exit
+```
+
+### Role Activation Flow
+
+1. Select a subscription from your available Azure subscriptions
+2. Choose one or more eligible roles to activate
+3. Specify activation duration (1-8 hours)
+4. Provide a justification for the activation
+5. Confirm and activate
+
+### Role Deactivation Flow
+
+1. View all currently active roles across subscriptions
+2. Select roles to deactivate
+3. Confirm deactivation
+
+## Development
+
+### Available Scripts
+
+```bash
+# Run in development mode with hot reload
+pnpm dev
+
+# Build the TypeScript project
+pnpm build
+
+# Run the built application
+pnpm start
+
+# Lint the codebase
+pnpm lint
+```
+
+### Project Structure
+
+```
+azp-cli/
+├── src/
+│   ├── index.ts      # CLI entry point and command definitions
+│   ├── auth.ts       # Azure authentication handling
+│   ├── azure-pim.ts  # Azure PIM API operations
+│   ├── cli.ts        # Interactive menu and user flows
+│   └── ui.ts         # Terminal UI utilities (spinners, formatting)
+├── package.json
+├── tsconfig.json
+└── README.md
+```
+
+### Tech Stack
+
+- **TypeScript** - Type-safe JavaScript
+- **Commander.js** - CLI framework
+- **Inquirer.js** - Interactive prompts
+- **Ora** - Elegant terminal spinners
+- **Chalk** - Terminal string styling
+- **Azure SDK** - Azure service integration
+
+## Troubleshooting
+
+### "Azure CLI not found" Error
+
+Ensure Azure CLI is installed and accessible in your PATH:
+```bash
+az --version
+```
+
+### Authentication Errors
+
+1. Make sure you're logged in to Azure CLI:
+   ```bash
+   az login
+   ```
+
+2. Verify your account has PIM-eligible roles:
+   ```bash
+   az account show
+   ```
+
+3. Check if you have the necessary permissions in Azure AD
+
+### No Subscriptions Found
+
+- Verify your Azure account has access to subscriptions
+- Try refreshing your Azure CLI login: `az login --refresh`
+
+## License
+
+This project is licensed under the ISC License.
+
+## Author
+
+**Tapan Meena** - [tapanmeena1998@gmail.com](mailto:tapanmeena1998@gmail.com)
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit your changes (`git commit -m 'Add some amazing feature'`)
+4. Push to the branch (`git push origin feature/amazing-feature`)
+5. Open a Pull Request

package/dist/auth.d.ts

@@ -0,0 +1,11 @@
+import { AzureCliCredential } from "@azure/identity";
+import { Client } from "@microsoft/microsoft-graph-client";
+export interface AuthContext {
+    credential: AzureCliCredential;
+    graphClient: Client;
+    userId: string;
+    userPrincipalName: string;
+}
+export declare const authenticate: () => Promise<AuthContext>;
+export declare const getArmToken: (credential: AzureCliCredential) => Promise<string>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAQ3D,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,kBAAkB,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAWD,eAAO,MAAM,YAAY,QAAa,OAAO,CAAC,WAAW,CAgCxD,CAAC;AAEF,eAAO,MAAM,WAAW,GAAU,YAAY,kBAAkB,KAAG,OAAO,CAAC,MAAM,CAMhF,CAAC"}

package/dist/auth.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getArmToken = exports.authenticate = void 0;
+const identity_1 = require("@azure/identity");
+const microsoft_graph_client_1 = require("@microsoft/microsoft-graph-client");
+const azureTokenCredentials_1 = require("@microsoft/microsoft-graph-client/authProviders/azureTokenCredentials");
+const ui_1 = require("./ui");
+const GRAPH_SCOPES = ["https://graph.microsoft.com/.default"];
+const ARM_SCOPES = ["https://management.azure.com/.default"];
+let cachedCredential = null;
+const getCredential = () => {
+    if (!cachedCredential) {
+        cachedCredential = new identity_1.AzureCliCredential();
+    }
+    return cachedCredential;
+};
+const authenticate = async () => {
+    (0, ui_1.startSpinner)("Authenticating with Azure CLI...");
+    try {
+        const credential = getCredential();
+        const authProvider = new azureTokenCredentials_1.TokenCredentialAuthenticationProvider(credential, { scopes: GRAPH_SCOPES });
+        const graphClient = microsoft_graph_client_1.Client.initWithMiddleware({ authProvider, defaultVersion: "v1.0" });
+        const user = await graphClient.api("/me").header("Accept-Language", "en-US").select("id,userPrincipalName,displayName").get();
+        const userId = user.id;
+        const userPrincipalName = user.userPrincipalName;
+        (0, ui_1.succeedSpinner)("Authentication successful");
+        (0, ui_1.showSummary)("User Information", [
+            { label: "Name", value: user.displayName },
+            { label: "Email", value: userPrincipalName },
+        ]);
+        return {
+            credential,
+            graphClient,
+            userId,
+            userPrincipalName,
+        };
+    }
+    catch (error) {
+        (0, ui_1.failSpinner)("Authentication failed");
+        throw error;
+    }
+};
+exports.authenticate = authenticate;
+const getArmToken = async (credential) => {
+    const tokenResponse = await credential.getToken(ARM_SCOPES);
+    if (!tokenResponse) {
+        throw new Error("Failed to acquire ARM token");
+    }
+    return tokenResponse.token;
+};
+exports.getArmToken = getArmToken;
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":";;;AAAA,8CAAqD;AACrD,8EAA2D;AAC3D,iHAA8H;AAC9H,6BAA8E;AAE9E,MAAM,YAAY,GAAG,CAAC,sCAAsC,CAAC,CAAC;AAE9D,MAAM,UAAU,GAAG,CAAC,uCAAuC,CAAC,CAAC;AAS7D,IAAI,gBAAgB,GAA8B,IAAI,CAAC;AAEvD,MAAM,aAAa,GAAG,GAAuB,EAAE;IAC7C,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,gBAAgB,GAAG,IAAI,6BAAkB,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC,CAAC;AAEK,MAAM,YAAY,GAAG,KAAK,IAA0B,EAAE;IAC3D,IAAA,iBAAY,EAAC,kCAAkC,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QAGnC,MAAM,YAAY,GAAG,IAAI,6DAAqC,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QAErG,MAAM,WAAW,GAAG,+BAAM,CAAC,kBAAkB,CAAC,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;QAGxF,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,kCAAkC,CAAC,CAAC,GAAG,EAAE,CAAC;QAC9H,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAEjD,IAAA,mBAAc,EAAC,2BAA2B,CAAC,CAAC;QAC5C,IAAA,gBAAW,EAAC,kBAAkB,EAAE;YAC9B,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE;YAC1C,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE;SAC7C,CAAC,CAAC;QAEH,OAAO;YACL,UAAU;YACV,WAAW;YACX,MAAM;YACN,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAA,gBAAW,EAAC,uBAAuB,CAAC,CAAC;QACrC,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAhCW,QAAA,YAAY,gBAgCvB;AAEK,MAAM,WAAW,GAAG,KAAK,EAAE,UAA8B,EAAmB,EAAE;IACnF,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC5D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,aAAa,CAAC,KAAK,CAAC;AAC7B,CAAC,CAAC;AANW,QAAA,WAAW,eAMtB"}

package/dist/azure-pim.d.ts

@@ -0,0 +1,44 @@
+import { AzureCliCredential } from "@azure/identity";
+export interface AzureSubscription {
+    subscriptionId: string;
+    displayName: string;
+    tenantId: string;
+}
+export interface EligibleAzureRole {
+    id: string;
+    roleEligibilityScheduleId: string;
+    roleDefinitionId: string;
+    roleName: string;
+    roleDescription: string;
+    scope: string;
+    scopeDisplayName: string;
+    principalId: string;
+}
+export interface ActiveAzureRole {
+    id: string;
+    roleDefinitionId: string;
+    roleName: string;
+    scope: string;
+    scopeDisplayName: string;
+    principalId: string;
+    linkedRoleEligibilityScheduleId: string;
+    startDateTime: string;
+    endDateTime: string;
+    subscriptionId: string;
+    subscriptionName: string;
+}
+export interface AzureActivationRequest {
+    roleEligibilityScheduleId: string;
+    roleDefinitionId: string;
+    roleName: string;
+    scope: string;
+    principalId: string;
+    justification: string;
+    durationHours: number;
+}
+export declare const fetchSubscriptions: (credential: AzureCliCredential) => Promise<AzureSubscription[]>;
+export declare const fetchEligibleRolesForSubscription: (credential: AzureCliCredential, subscriptionId: string, subscriptionName: string, principalId: string) => Promise<EligibleAzureRole[]>;
+export declare const listActiveAzureRoles: (credential: AzureCliCredential, subscriptionId: string, subscriptionName: string, principalId: string) => Promise<ActiveAzureRole[]>;
+export declare const activateAzureRole: (credential: AzureCliCredential, request: AzureActivationRequest, subscriptionId: string) => Promise<void>;
+export declare const deactivateAzureRole: (credential: AzureCliCredential, scope: string, roleEligibilityScheduleId: string, subscriptionId: string, principalId: string, roleDefinitionId: string, roleName?: string) => Promise<void>;
+//# sourceMappingURL=azure-pim.d.ts.map

package/dist/azure-pim.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-pim.d.ts","sourceRoot":"","sources":["../src/azure-pim.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAIrD,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,yBAAyB,EAAE,MAAM,CAAC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B,EAAE,MAAM,CAAC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,sBAAsB;IACrC,yBAAyB,EAAE,MAAM,CAAC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,eAAO,MAAM,kBAAkB,GAAU,YAAY,kBAAkB,KAAG,OAAO,CAAC,iBAAiB,EAAE,CAgBpG,CAAC;AAEF,eAAO,MAAM,iCAAiC,GAC5C,YAAY,kBAAkB,EAC9B,gBAAgB,MAAM,EACtB,kBAAkB,MAAM,EACxB,aAAa,MAAM,KAClB,OAAO,CAAC,iBAAiB,EAAE,CAqC7B,CAAC;AAEF,eAAO,MAAM,oBAAoB,GAC/B,YAAY,kBAAkB,EAC9B,gBAAgB,MAAM,EACtB,kBAAkB,MAAM,EACxB,aAAa,MAAM,KAClB,OAAO,CAAC,eAAe,EAAE,CAwC3B,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAU,YAAY,kBAAkB,EAAE,SAAS,sBAAsB,EAAE,gBAAgB,MAAM,KAAG,OAAO,CAAC,IAAI,CAgD7I,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,YAAY,kBAAkB,EAC9B,OAAO,MAAM,EACb,2BAA2B,MAAM,EACjC,gBAAgB,MAAM,EACtB,aAAa,MAAM,EACnB,kBAAkB,MAAM,EACxB,WAAW,MAAM,KAChB,OAAO,CAAC,IAAI,CAoBd,CAAC"}

package/dist/azure-pim.js

@@ -0,0 +1,183 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deactivateAzureRole = exports.activateAzureRole = exports.listActiveAzureRoles = exports.fetchEligibleRolesForSubscription = exports.fetchSubscriptions = void 0;
+const arm_authorization_1 = require("@azure/arm-authorization");
+const arm_resources_subscriptions_1 = require("@azure/arm-resources-subscriptions");
+const uuid_1 = require("uuid");
+const ui_1 = require("./ui");
+const fetchSubscriptions = async (credential) => {
+    (0, ui_1.startSpinner)("Fetching Azure subscriptions...");
+    const subscriptionClient = new arm_resources_subscriptions_1.SubscriptionClient(credential);
+    const subscriptions = [];
+    for await (const sub of subscriptionClient.subscriptions.list()) {
+        subscriptions.push({
+            subscriptionId: sub.subscriptionId || "",
+            displayName: sub.displayName || "N/A",
+            tenantId: sub.tenantId || "",
+        });
+    }
+    (0, ui_1.succeedSpinner)(`Found ${subscriptions.length} subscription(s)`);
+    return subscriptions;
+};
+exports.fetchSubscriptions = fetchSubscriptions;
+const fetchEligibleRolesForSubscription = async (credential, subscriptionId, subscriptionName, principalId) => {
+    (0, ui_1.startSpinner)(`Fetching eligible roles for "${subscriptionName}"...`);
+    const client = new arm_authorization_1.AuthorizationManagementClient(credential, subscriptionId);
+    const scope = `/subscriptions/${subscriptionId}`;
+    const eligibleRoles = [];
+    try {
+        const schedules = client.roleEligibilitySchedules.listForScope(scope, {
+            filter: `asTarget()`,
+        });
+        for await (const schedule of schedules) {
+            if (schedule.id && schedule.roleDefinitionId) {
+                eligibleRoles.push({
+                    id: schedule.id,
+                    roleEligibilityScheduleId: schedule.id,
+                    roleDefinitionId: schedule.roleDefinitionId,
+                    roleName: schedule.expandedProperties?.roleDefinition?.displayName || "Unknown Role",
+                    roleDescription: "No description available",
+                    scope: schedule.scope || scope,
+                    scopeDisplayName: getScopeDisplayName(schedule.scope || scope),
+                    principalId: schedule.principalId || principalId,
+                });
+            }
+        }
+        (0, ui_1.succeedSpinner)(`Found ${eligibleRoles.length} eligible role(s) for "${subscriptionName}"`);
+        return eligibleRoles;
+    }
+    catch (error) {
+        if (error.statusCode === 403 || error.code === "AuthorizationFailed") {
+            (0, ui_1.warnSpinner)(`Insufficient permissions for subscription "${subscriptionName}"`);
+            return [];
+        }
+        (0, ui_1.failSpinner)(`Failed to fetch eligible roles for "${subscriptionName}"`);
+        throw error;
+    }
+};
+exports.fetchEligibleRolesForSubscription = fetchEligibleRolesForSubscription;
+const listActiveAzureRoles = async (credential, subscriptionId, subscriptionName, principalId) => {
+    (0, ui_1.startSpinner)(`Fetching active roles for "${subscriptionName}"...`);
+    const client = new arm_authorization_1.AuthorizationManagementClient(credential, subscriptionId);
+    const scope = `/subscriptions/${subscriptionId}`;
+    const activeRoles = [];
+    try {
+        const schedules = client.roleAssignmentSchedules.listForScope(scope, {
+            filter: `asTarget()`,
+        });
+        for await (const schedule of schedules) {
+            if (schedule.id && schedule.roleDefinitionId && schedule.assignmentType === "Activated") {
+                activeRoles.push({
+                    id: schedule.id,
+                    roleDefinitionId: schedule.roleDefinitionId,
+                    roleName: schedule.expandedProperties?.roleDefinition?.displayName || "Unknown Role",
+                    scope: schedule.scope || scope,
+                    scopeDisplayName: getScopeDisplayName(schedule.scope || scope),
+                    principalId: schedule.principalId || principalId,
+                    linkedRoleEligibilityScheduleId: schedule.linkedRoleEligibilityScheduleId || "",
+                    startDateTime: schedule.startDateTime?.toISOString() || "",
+                    endDateTime: schedule.endDateTime?.toISOString() || "",
+                    subscriptionId,
+                    subscriptionName,
+                });
+            }
+        }
+        (0, ui_1.succeedSpinner)(`Found ${activeRoles.length} active role(s) for "${subscriptionName}"`);
+        return activeRoles;
+    }
+    catch (error) {
+        if (error.statusCode === 403 || error.code === "AuthorizationFailed") {
+            (0, ui_1.warnSpinner)(`Insufficient permissions for subscription "${subscriptionName}"`);
+            return [];
+        }
+        (0, ui_1.failSpinner)(`Failed to fetch active roles for "${subscriptionName}"`);
+        throw error;
+    }
+};
+exports.listActiveAzureRoles = listActiveAzureRoles;
+const activateAzureRole = async (credential, request, subscriptionId) => {
+    const client = new arm_authorization_1.AuthorizationManagementClient(credential, subscriptionId);
+    const requestName = (0, uuid_1.v4)();
+    const now = new Date();
+    const durationISO = `PT${request.durationHours}H`;
+    const linkedScheduleId = request.roleEligibilityScheduleId.includes("/")
+        ? request.roleEligibilityScheduleId
+        : `${request.scope}/providers/Microsoft.Authorization/roleEligibilitySchedules/${request.roleEligibilityScheduleId}`;
+    const requestBody = {
+        principalId: request.principalId,
+        roleDefinitionId: request.roleDefinitionId,
+        requestType: "SelfActivate",
+        linkedRoleEligibilityScheduleId: linkedScheduleId,
+        scheduleInfo: {
+            startDateTime: now,
+            expiration: {
+                type: "AfterDuration",
+                duration: durationISO,
+            },
+        },
+        justification: request.justification,
+    };
+    (0, ui_1.startSpinner)(`Activating role "${request.roleName}"...`);
+    try {
+        const response = await client.roleAssignmentScheduleRequests.create(request.scope, requestName, requestBody);
+        (0, ui_1.succeedSpinner)(`Activation request submitted for "${request.roleName}"`);
+        (0, ui_1.logBlank)();
+        if (response.status) {
+            console.log(`   Status: ${(0, ui_1.formatStatus)(response.status)}`);
+        }
+        if (response.status === "Approved" || response.status === "Provisioned") {
+            (0, ui_1.logSuccess)(`Role "${request.roleName}" has been activated successfully`);
+        }
+        else if (response.status === "Denied") {
+            (0, ui_1.logError)(`Role activation for "${request.roleName}" has been denied`);
+        }
+        else if (response.status === "PendingApproval") {
+            (0, ui_1.logWarning)(`Role activation for "${request.roleName}" is pending approval`);
+        }
+    }
+    catch (error) {
+        (0, ui_1.failSpinner)(`Failed to activate role "${request.roleName}"`);
+        throw error;
+    }
+};
+exports.activateAzureRole = activateAzureRole;
+const deactivateAzureRole = async (credential, scope, roleEligibilityScheduleId, subscriptionId, principalId, roleDefinitionId, roleName) => {
+    const client = new arm_authorization_1.AuthorizationManagementClient(credential, subscriptionId);
+    const requestName = (0, uuid_1.v4)();
+    const displayName = roleName || "role";
+    (0, ui_1.startSpinner)(`Deactivating "${displayName}"...`);
+    try {
+        await client.roleAssignmentScheduleRequests.create(scope, requestName, {
+            principalId,
+            roleDefinitionId,
+            requestType: "SelfDeactivate",
+            linkedRoleEligibilityScheduleId: roleEligibilityScheduleId,
+        });
+        (0, ui_1.succeedSpinner)(`Successfully deactivated "${displayName}"`);
+    }
+    catch (error) {
+        (0, ui_1.failSpinner)(`Failed to deactivate "${displayName}"`);
+        throw error;
+    }
+};
+exports.deactivateAzureRole = deactivateAzureRole;
+const getScopeDisplayName = (scope) => {
+    if (!scope)
+        return "Unknown Scope";
+    const parts = scope.split("/");
+    if (scope.includes("/managementGroups/")) {
+        const mgIndex = parts.indexOf("managementGroups");
+        return `Management Group: ${parts[mgIndex + 1]}`;
+    }
+    if (scope.includes("/resourceGroups/")) {
+        const rgIndex = parts.indexOf("resourceGroups");
+        const subIndex = parts.indexOf("subscriptions");
+        return `Resource Group: ${parts[rgIndex + 1]} (Subscription: ${parts[subIndex + 1]})`;
+    }
+    if (scope.includes("/subscriptions/")) {
+        const subIndex = parts.indexOf("subscriptions");
+        return `Subscription: ${parts[subIndex + 1]}`;
+    }
+    return scope;
+};
+//# sourceMappingURL=azure-pim.js.map

package/dist/azure-pim.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-pim.js","sourceRoot":"","sources":["../src/azure-pim.ts"],"names":[],"mappings":";;;AAAA,gEAAyE;AACzE,oFAAwE;AAExE,+BAAoC;AACpC,6BAAwI;AA2CjI,MAAM,kBAAkB,GAAG,KAAK,EAAE,UAA8B,EAAgC,EAAE;IACvG,IAAA,iBAAY,EAAC,iCAAiC,CAAC,CAAC;IAEhD,MAAM,kBAAkB,GAAG,IAAI,gDAAkB,CAAC,UAAU,CAAC,CAAC;IAC9D,MAAM,aAAa,GAAwB,EAAE,CAAC;IAE9C,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC;QAChE,aAAa,CAAC,IAAI,CAAC;YACjB,cAAc,EAAE,GAAG,CAAC,cAAc,IAAI,EAAE;YACxC,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,KAAK;YACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,IAAA,mBAAc,EAAC,SAAS,aAAa,CAAC,MAAM,kBAAkB,CAAC,CAAC;IAChE,OAAO,aAAa,CAAC;AACvB,CAAC,CAAC;AAhBW,QAAA,kBAAkB,sBAgB7B;AAEK,MAAM,iCAAiC,GAAG,KAAK,EACpD,UAA8B,EAC9B,cAAsB,EACtB,gBAAwB,EACxB,WAAmB,EACW,EAAE;IAChC,IAAA,iBAAY,EAAC,gCAAgC,gBAAgB,MAAM,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,IAAI,iDAA6B,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,kBAAkB,cAAc,EAAE,CAAC;IACjD,MAAM,aAAa,GAAwB,EAAE,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,wBAAwB,CAAC,YAAY,CAAC,KAAK,EAAE;YACpE,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACvC,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;gBAC7C,aAAa,CAAC,IAAI,CAAC;oBACjB,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,yBAAyB,EAAE,QAAQ,CAAC,EAAE;oBACtC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;oBAC3C,QAAQ,EAAE,QAAQ,CAAC,kBAAkB,EAAE,cAAc,EAAE,WAAW,IAAI,cAAc;oBACpF,eAAe,EAAE,0BAA0B;oBAC3C,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,KAAK;oBAC9B,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,CAAC,KAAK,IAAI,KAAK,CAAC;oBAC9D,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,WAAW;iBACjD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAA,mBAAc,EAAC,SAAS,aAAa,CAAC,MAAM,0BAA0B,gBAAgB,GAAG,CAAC,CAAC;QAC3F,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;YACrE,IAAA,gBAAW,EAAC,8CAA8C,gBAAgB,GAAG,CAAC,CAAC;YAC/E,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,IAAA,gBAAW,EAAC,uCAAuC,gBAAgB,GAAG,CAAC,CAAC;QACxE,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AA1CW,QAAA,iCAAiC,qCA0C5C;AAEK,MAAM,oBAAoB,GAAG,KAAK,EACvC,UAA8B,EAC9B,cAAsB,EACtB,gBAAwB,EACxB,WAAmB,EACS,EAAE;IAC9B,IAAA,iBAAY,EAAC,8BAA8B,gBAAgB,MAAM,CAAC,CAAC;IAEnE,MAAM,MAAM,GAAG,IAAI,iDAA6B,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,kBAAkB,cAAc,EAAE,CAAC;IACjD,MAAM,WAAW,GAAsB,EAAE,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,uBAAuB,CAAC,YAAY,CAAC,KAAK,EAAE;YACnE,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACvC,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,gBAAgB,IAAI,QAAQ,CAAC,cAAc,KAAK,WAAW,EAAE,CAAC;gBACxF,WAAW,CAAC,IAAI,CAAC;oBACf,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;oBAC3C,QAAQ,EAAE,QAAQ,CAAC,kBAAkB,EAAE,cAAc,EAAE,WAAW,IAAI,cAAc;oBACpF,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,KAAK;oBAC9B,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,CAAC,KAAK,IAAI,KAAK,CAAC;oBAC9D,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,WAAW;oBAChD,+BAA+B,EAAE,QAAQ,CAAC,+BAA+B,IAAI,EAAE;oBAC/E,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE,WAAW,EAAE,IAAI,EAAE;oBAC1D,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE;oBACtD,cAAc;oBACd,gBAAgB;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAA,mBAAc,EAAC,SAAS,WAAW,CAAC,MAAM,wBAAwB,gBAAgB,GAAG,CAAC,CAAC;QACvF,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;YACrE,IAAA,gBAAW,EAAC,8CAA8C,gBAAgB,GAAG,CAAC,CAAC;YAC/E,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,IAAA,gBAAW,EAAC,qCAAqC,gBAAgB,GAAG,CAAC,CAAC;QACtE,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AA7CW,QAAA,oBAAoB,wBA6C/B;AAEK,MAAM,iBAAiB,GAAG,KAAK,EAAE,UAA8B,EAAE,OAA+B,EAAE,cAAsB,EAAiB,EAAE;IAChJ,MAAM,MAAM,GAAG,IAAI,iDAA6B,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC7E,MAAM,WAAW,GAAG,IAAA,SAAM,GAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,WAAW,GAAG,KAAK,OAAO,CAAC,aAAa,GAAG,CAAC;IAElD,MAAM,gBAAgB,GAAG,OAAO,CAAC,yBAAyB,CAAC,QAAQ,CAAC,GAAG,CAAC;QACtE,CAAC,CAAC,OAAO,CAAC,yBAAyB;QACnC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,+DAA+D,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAEvH,MAAM,WAAW,GAAG;QAClB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;QAC1C,WAAW,EAAE,cAAc;QAC3B,+BAA+B,EAAE,gBAAgB;QACjD,YAAY,EAAE;YACZ,aAAa,EAAE,GAAG;YAClB,UAAU,EAAE;gBACV,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,WAAW;aACtB;SACF;QACD,aAAa,EAAE,OAAO,CAAC,aAAa;KACrC,CAAC;IAEF,IAAA,iBAAY,EAAC,oBAAoB,OAAO,CAAC,QAAQ,MAAM,CAAC,CAAC;IAEzD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;QAE7G,IAAA,mBAAc,EAAC,qCAAqC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACzE,IAAA,aAAQ,GAAE,CAAC;QAEX,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,cAAc,IAAA,iBAAY,EAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,IAAI,QAAQ,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACxE,IAAA,eAAU,EAAC,SAAS,OAAO,CAAC,QAAQ,mCAAmC,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxC,IAAA,aAAQ,EAAC,wBAAwB,OAAO,CAAC,QAAQ,mBAAmB,CAAC,CAAC;QACxE,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjD,IAAA,eAAU,EAAC,wBAAwB,OAAO,CAAC,QAAQ,uBAAuB,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAA,gBAAW,EAAC,4BAA4B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAhDW,QAAA,iBAAiB,qBAgD5B;AAEK,MAAM,mBAAmB,GAAG,KAAK,EACtC,UAA8B,EAC9B,KAAa,EACb,yBAAiC,EACjC,cAAsB,EACtB,WAAmB,EACnB,gBAAwB,EACxB,QAAiB,EACF,EAAE;IACjB,MAAM,MAAM,GAAG,IAAI,iDAA6B,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC7E,MAAM,WAAW,GAAG,IAAA,SAAM,GAAE,CAAC;IAC7B,MAAM,WAAW,GAAG,QAAQ,IAAI,MAAM,CAAC;IAEvC,IAAA,iBAAY,EAAC,iBAAiB,WAAW,MAAM,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,8BAA8B,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE;YACrE,WAAW;YACX,gBAAgB;YAChB,WAAW,EAAE,gBAAgB;YAC7B,+BAA+B,EAAE,yBAAyB;SAC3D,CAAC,CAAC;QAEH,IAAA,mBAAc,EAAC,6BAA6B,WAAW,GAAG,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAA,gBAAW,EAAC,yBAAyB,WAAW,GAAG,CAAC,CAAC;QACrD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AA5BW,QAAA,mBAAmB,uBA4B9B;AAEF,MAAM,mBAAmB,GAAG,CAAC,KAAa,EAAU,EAAE;IACpD,IAAI,CAAC,KAAK;QAAE,OAAO,eAAe,CAAC;IAEnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAG/B,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAClD,OAAO,qBAAqB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC;IACnD,CAAC;IAGD,IAAI,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChD,OAAO,mBAAmB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,mBAAmB,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC;IACxF,CAAC;IAGD,IAAI,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChD,OAAO,iBAAiB,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,5 @@
+import { AuthContext } from "./auth";
+export declare const showMainMenu: (authContext: AuthContext) => Promise<void>;
+export declare const handleActivation: (authContext: AuthContext) => Promise<void>;
+export declare const handleDeactivation: (authContext: AuthContext) => Promise<void>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AA6CrC,eAAO,MAAM,YAAY,GAAU,aAAa,WAAW,KAAG,OAAO,CAAC,IAAI,CAgCzE,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,aAAa,WAAW,KAAG,OAAO,CAAC,IAAI,CAwL7E,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAU,aAAa,WAAW,KAAG,OAAO,CAAC,IAAI,CAqI/E,CAAC"}