npm - ownerlens - Versions diffs - 0.1.0 - Mend

ownerlens 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

package/src/report/export/csv.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { ReportCsvRow } from "../reportTypes";
+export function serializeCsv(rows: ReportCsvRow[]): string {
+  if (rows.length === 0) {
+    return "";
+  }
+  const headers = Object.keys(rows[0]);
+  const body = rows.map((row) => headers.map((header) => escapeCsvValue(row[header])).join(","));
+  return [headers.join(","), ...body].join("\n");
+}
+function escapeCsvValue(value: unknown): string {
+  const text = formatCsvValue(value);
+  if (!/[",\n\r]/.test(text)) {
+    return text;
+  }
+  return `"${text.replace(/"/g, '""')}"`;
+}
+function formatCsvValue(value: unknown): string {
+  if (value === null || value === undefined) {
+    return "";
+  }
+  if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+    return String(value);
+  }
+  return JSON.stringify(value);
+}

package/src/report/ownerManualPrecheck.test.ts ADDED Viewed

@@ -0,0 +1,137 @@
+import {
+  applyOwnerManualPrecheck,
+  buildOwnerManualPrecheckExportArtifact,
+  buildOwnerManualPrecheckExport,
+  disableOwnerCandidate,
+  enableOwnerCandidate,
+  getOwnerEvidenceKey
+} from "./ownerManualPrecheck";
+import type { OwnerReport, OwnerReportRow } from "./types";
+test("disabled activity owner candidates are skipped when selecting the row owner", () => {
+  const row = ownerRow([
+    ["alice@example.com", "2026-05-01T10:00:00.000Z"],
+    ["bob@example.com", "2026-04-30T10:00:00.000Z"]
+  ]);
+  const disabledKeys = disableOwnerCandidate(new Set(), getOwnerEvidenceKey(row, row.evidence[0]));
+  const report = applyOwnerManualPrecheck(ownerReport([row]), disabledKeys);
+  expect(report.owners[0].owner).toBe("bob@example.com");
+  expect(report.owners[0].confidence).toBe("low");
+  expect(report.owners[0].evidence[0].disabled).toBe(true);
+});
+test("activity owner candidates without email addresses are disabled by default", () => {
+  const row = ownerRow([
+    ["automation-account", "2026-05-01T10:00:00.000Z"],
+    ["alice@example.com", "2026-04-30T10:00:00.000Z"]
+  ]);
+  const report = applyOwnerManualPrecheck(ownerReport([row]), new Set());
+  expect(report.owners[0].owner).toBe("alice@example.com");
+  expect(report.owners[0].confidence).toBe("low");
+  expect(report.owners[0].evidence[0].disabled).toBe(true);
+  expect(report.owners[0].evidence[1].disabled).toBeUndefined();
+});
+test("manual precheck keeps disabled activity evidence visible when no candidate remains active", () => {
+  const row = ownerRow([["alice@example.com", "2026-05-01T10:00:00.000Z"]]);
+  const disabledKeys = disableOwnerCandidate(new Set(), getOwnerEvidenceKey(row, row.evidence[0]));
+  const report = applyOwnerManualPrecheck(ownerReport([row]), disabledKeys);
+  expect(report.owners[0]).toMatchObject({
+    owner: null,
+    confidence: "none",
+    source: "activity.lastModifier",
+    evidence: [
+      {
+        user: "alice@example.com",
+        date: "2026-05-01T10:00:00.000Z",
+        disabled: true
+      }
+    ]
+  });
+});
+test("export keeps disabled activity evidence while omitting it from owner selection", () => {
+  const row = ownerRow([["alice@example.com", "2026-05-01T10:00:00.000Z"]]);
+  const disabledKeys = disableOwnerCandidate(new Set(), getOwnerEvidenceKey(row, row.evidence[0]));
+  const report = applyOwnerManualPrecheck(ownerReport([row]), disabledKeys);
+  const exportableReport = buildOwnerManualPrecheckExport(report);
+  expect(exportableReport.owners[0]).toMatchObject({
+    owner: null,
+    confidence: "none",
+    source: "activity.lastModifier",
+    evidence: [
+      {
+        user: "alice@example.com",
+        date: "2026-05-01T10:00:00.000Z",
+        disabled: true
+      }
+    ]
+  });
+});
+test("owner manual precheck export artifact builds csv rows from report layer", () => {
+  const row = ownerRow([["alice@example.com", "2026-05-01T10:00:00.000Z"]]);
+  const disabledKeys = disableOwnerCandidate(new Set(), getOwnerEvidenceKey(row, row.evidence[0]));
+  const report = applyOwnerManualPrecheck(ownerReport([row]), disabledKeys);
+  const artifact = buildOwnerManualPrecheckExportArtifact(report, "csv", "owners");
+  expect(artifact).toEqual({
+    kind: "csv",
+    fileName: "owners.csv",
+    rows: [
+      {
+        kind: "resourceGroup",
+        subscriptionId: "sub-1",
+        subscriptionName: "Subscription One",
+        resourceGroup: "rg-one",
+        owner: null,
+        confidence: "none",
+        source: "activity.lastModifier",
+        evidence: "alice@example.com (2026-05-01T10:00:00.000Z) [disabled]"
+      }
+    ]
+  });
+});
+test("manual precheck can re-enable disabled owner candidates", () => {
+  const row = ownerRow([["alice@example.com", "2026-05-01T10:00:00.000Z"]]);
+  const key = getOwnerEvidenceKey(row, row.evidence[0]);
+  const disabledKeys = enableOwnerCandidate(disableOwnerCandidate(new Set(), key), key);
+  const report = applyOwnerManualPrecheck(ownerReport([row]), disabledKeys);
+  expect(report.owners[0].owner).toBe("alice@example.com");
+  expect(report.owners[0].evidence[0].disabled).toBeUndefined();
+});
+function ownerReport(owners: OwnerReportRow[]): OwnerReport {
+  return {
+    owners
+  };
+}
+function ownerRow(evidence: Array<[string, string]>): OwnerReportRow {
+  return {
+    targetKey: "resourceGroup:sub-1:rg-one",
+    kind: "resourceGroup",
+    subscriptionId: "sub-1",
+    subscriptionName: "Subscription One",
+    resourceGroup: "rg-one",
+    owner: evidence[0][0],
+    confidence: "low",
+    source: "activity.lastModifier",
+    evidence: evidence.map(([user, date]) => ({
+      user,
+      date
+    }))
+  };
+}

package/src/report/ownerManualPrecheck.ts ADDED Viewed

@@ -0,0 +1,132 @@
+import type { ReportCsvRow, ReportExportArtifact, ReportExportFormat } from "./reportTypes";
+import type { OwnerEvidence, OwnerReport, OwnerReportRow } from "./types";
+export type DisabledOwnerKey = string;
+export function getOwnerRowKey(row: Pick<OwnerReportRow, "targetKey">): string {
+  return row.targetKey;
+}
+export function getOwnerEvidenceKey(
+  row: Pick<OwnerReportRow, "targetKey">,
+  evidence: Pick<OwnerEvidence, "user" | "date">
+): DisabledOwnerKey {
+  return [getOwnerRowKey(row), normalizeEvidencePart(evidence.user), evidence.date ?? ""].join(":");
+}
+export function isActivityOwnerRow(row: Pick<OwnerReportRow, "source">): boolean {
+  return row.source.startsWith("activity.");
+}
+export function disableOwnerCandidate(disabledKeys: ReadonlySet<DisabledOwnerKey>, key: DisabledOwnerKey): Set<DisabledOwnerKey> {
+  return new Set([...disabledKeys, key]);
+}
+export function enableOwnerCandidate(disabledKeys: ReadonlySet<DisabledOwnerKey>, key: DisabledOwnerKey): Set<DisabledOwnerKey> {
+  const next = new Set(disabledKeys);
+  next.delete(key);
+  return next;
+}
+export function applyOwnerManualPrecheck(report: OwnerReport, disabledKeys: ReadonlySet<DisabledOwnerKey>): OwnerReport {
+  return {
+    ...report,
+    owners: report.owners.map((row) => applyOwnerManualPrecheckToRow(row, disabledKeys))
+  };
+}
+export function buildOwnerManualPrecheckExport(report: OwnerReport): OwnerReport {
+  return {
+    ...report,
+    owners: report.owners.map((row) => {
+      const activeEvidence = row.evidence.filter((entry) => !entry.disabled);
+      if (isActivityOwnerRow(row) && activeEvidence.length === 0) {
+        return {
+          ...row,
+          owner: null,
+          confidence: "none",
+          evidence: row.evidence
+        };
+      }
+      return row;
+    })
+  };
+}
+export function buildOwnerManualPrecheckExportArtifact(
+  report: OwnerReport,
+  format: ReportExportFormat,
+  fileBaseName: string
+): ReportExportArtifact {
+  const exportableReport = buildOwnerManualPrecheckExport(report);
+  if (format === "csv") {
+    return {
+      kind: "csv",
+      fileName: `${fileBaseName}.csv`,
+      rows: buildOwnerCsvRows(exportableReport.owners)
+    };
+  }
+  return {
+    kind: "json",
+    fileName: `${fileBaseName}.json`,
+    data: exportableReport
+  };
+}
+function applyOwnerManualPrecheckToRow(
+  row: OwnerReportRow,
+  disabledKeys: ReadonlySet<DisabledOwnerKey>
+): OwnerReportRow {
+  if (!isActivityOwnerRow(row)) {
+    return row;
+  }
+  const evidence = row.evidence.map((entry) => ({
+    ...entry,
+    disabled: isDefaultDisabledOwnerEvidence(entry) || disabledKeys.has(getOwnerEvidenceKey(row, entry)) || undefined
+  }));
+  const activeEvidence = evidence.filter((entry) => !entry.disabled);
+  if (activeEvidence.length === 0) {
+    return {
+      ...row,
+      owner: null,
+      confidence: "none",
+      evidence
+    };
+  }
+  return {
+    ...row,
+    owner: activeEvidence[0].user,
+    confidence: "low",
+    evidence
+  };
+}
+function normalizeEvidencePart(value: string): string {
+  return value.trim().toLowerCase();
+}
+function isDefaultDisabledOwnerEvidence(evidence: Pick<OwnerEvidence, "user">): boolean {
+  return !evidence.user.includes("@");
+}
+function buildOwnerCsvRows(rows: OwnerReportRow[]): ReportCsvRow[] {
+  return rows.map((row) => ({
+    kind: row.kind,
+    subscriptionId: row.subscriptionId,
+    subscriptionName: row.subscriptionName,
+    resourceGroup: row.resourceGroup,
+    owner: row.owner,
+    confidence: row.confidence,
+    source: row.source,
+    evidence: row.evidence
+      .map((entry) => `${entry.user}${entry.date ? ` (${entry.date})` : ""}${entry.disabled ? " [disabled]" : ""}`)
+      .join("; ")
+  }));
+}

package/src/report/reportArchitecture.test.ts ADDED Viewed

@@ -0,0 +1,125 @@
+import { readdirSync, readFileSync, statSync } from "node:fs";
+import { join, relative } from "node:path";
+import { applyCollectionControls } from "./applyCollectionControls.ts";
+import { buildCollectionColumns } from "./buildCollectionColumns.tsx";
+import type { ReportFieldDescriptor } from "./reportTypes.ts";
+type Row = {
+  id: string;
+  owner: string;
+  risk: "high" | "low" | "none";
+};
+const rows: Row[] = [
+  { id: "platform-high", owner: "platform-team@example.com", risk: "high" },
+  { id: "platform-low", owner: "platform-team@example.com", risk: "low" },
+  { id: "app-high", owner: "app-team@example.com", risk: "high" }
+];
+const fields: ReportFieldDescriptor<Row>[] = [
+  {
+    id: "owner",
+    label: "Owner",
+    valueType: "text",
+    getValue: (row) => row.owner
+  },
+  {
+    id: "risk",
+    label: "Permission risk",
+    valueType: "riskLevel",
+    getValue: (row) => row.risk,
+    filter: {
+      kind: "multiSelect",
+      options: ["high", "low", "none"]
+    }
+  }
+];
+test("generic filter engine applies provider-defined field filters", () => {
+  const filteredRows = applyCollectionControls(rows, fields, {
+    query: "platform",
+    filters: {
+      risk: { type: "values", values: ["high"] }
+    }
+  }).controlledRows;
+  expect(filteredRows.map((row) => row.id)).toEqual(["platform-high"]);
+});
+test("generic column factory builds columns from field descriptors", () => {
+  const columns = buildCollectionColumns(fields);
+  expect(columns.map((column) => [column.id, column.label, column.filter])).toEqual([
+    ["owner", "Owner", "auto"],
+    ["risk", "Permission risk", "multiselect"]
+  ]);
+  expect(columns[1]).not.toHaveProperty("getValue");
+  expect(columns[1].render).toEqual(expect.any(Function));
+});
+test("generic column factory attaches help definitions by field id", () => {
+  const columns = buildCollectionColumns(fields, {
+    columnHelp: {
+      owner: {
+        source: "Computed from owner evidence.",
+        logic: ["Uses the resolved owner value."]
+      }
+    }
+  });
+  expect(columns[0].help).toEqual({
+    source: "Computed from owner evidence.",
+    logic: ["Uses the resolved owner value."]
+  });
+});
+test("Azure provider source does not contain UI rendering concepts", () => {
+  const providerSources = readSourceFiles(join(process.cwd(), "src/providers/azure"));
+  for (const [file, source] of providerSources) {
+    expect({ file, source }).toEqual({
+      file,
+      source: expect.not.stringMatching(/from\s+["'][^"']*\.tsx["']/)
+    });
+    expect({ file, source }).toEqual({
+      file,
+      source: expect.not.stringMatching(/from\s+["'][^"']*(components|ui)\/[^"']*["']/)
+    });
+    expect({ file, source }).toEqual({
+      file,
+      source: expect.not.stringMatching(/\bcell\s*:/)
+    });
+    expect({ file, source }).toEqual({
+      file,
+      source: expect.not.stringMatching(/<\s*(Badge|Table|DetailsCell)\b/)
+    });
+  }
+});
+test("generic report source does not import Azure directly", () => {
+  const reportSources = readSourceFiles(join(process.cwd(), "src/report"));
+  for (const [file, source] of reportSources) {
+    expect({ file, source }).toEqual({
+      file,
+      source: expect.not.stringMatching(/providers\/azure/)
+    });
+  }
+});
+function readSourceFiles(root: string): Array<[string, string]> {
+  return walk(root)
+    .filter((file) => /\.(ts|tsx)$/.test(file))
+    .filter((file) => !/\.(test|spec)\.(ts|tsx)$/.test(file))
+    .map((file) => [relative(process.cwd(), file), readFileSync(file, "utf8")]);
+}
+function walk(path: string): string[] {
+  const stat = statSync(path);
+  if (stat.isFile()) {
+    return [path];
+  }
+  return readdirSync(path).flatMap((entry) => walk(join(path, entry)));
+}

package/src/report/reportTypes.ts ADDED Viewed

@@ -0,0 +1,54 @@
+export type ReportColumnHelp = {
+  source: string;
+  field?: string;
+  logic?: string[];
+};
+export type ReportValueType =
+  | "text"
+  | "number"
+  | "date"
+  | "boolean"
+  | "list"
+  | "riskLevel"
+  | "ownerConfidence"
+  | "details";
+export type ReportDetailsValue = {
+  title: string;
+  details: Array<{ label: string; value: string }>;
+  searchText?: string;
+};
+export type ReportFilterDescriptor = {
+  kind: "text" | "multiSelect";
+  options?: readonly string[];
+};
+export type ReportFieldDescriptor<TRow> = {
+  id: string;
+  label: string;
+  help?: ReportColumnHelp;
+  valueType: ReportValueType;
+  getValue: (row: TRow) => unknown;
+  getFilterValue?: (row: TRow) => unknown;
+  filterColumnId?: string;
+  searchable?: boolean;
+  filter?: ReportFilterDescriptor;
+};
+export type ReportExportFormat = "json" | "csv";
+export type ReportExportArtifact =
+  | {
+      kind: "json";
+      fileName: string;
+      data: unknown;
+    }
+  | {
+      kind: "csv";
+      fileName: string;
+      rows: ReportCsvRow[];
+    };
+export type ReportCsvRow = Record<string, unknown>;

package/src/report/reportValueRenderers.tsx ADDED Viewed

@@ -0,0 +1,54 @@
+import { formatValue } from "../lib/utils";
+import type { OwnerConfidence } from "./types";
+import type { ReportDetailsValue, ReportFieldDescriptor } from "./reportTypes";
+import { ConfidenceBadge } from "./components/ConfidenceBadge";
+import { PermissionRiskBadge } from "./components/PermissionRiskBadge";
+import type { PermissionRiskLevel } from "../core/risk/types";
+export function renderReportValue<TRow>(
+  field: ReportFieldDescriptor<TRow>,
+  row: TRow
+) {
+  const value = field.getValue(row);
+  if (field.valueType === "riskLevel") {
+    if (value === null || value === undefined || value === "") {
+      return "";
+    }
+    return <PermissionRiskBadge riskLevel={value as PermissionRiskLevel} />;
+  }
+  if (field.valueType === "ownerConfidence") {
+    return <ConfidenceBadge confidence={value as OwnerConfidence} />;
+  }
+  if (field.valueType === "details") {
+    return renderDetailsValue(value);
+  }
+  if (field.valueType === "boolean") {
+    return typeof value === "boolean" ? (value ? "Yes" : "No") : formatValue(value);
+  }
+  if (field.valueType === "list") {
+    return Array.isArray(value) ? value.map(formatValue).filter(Boolean).join(", ") : formatValue(value);
+  }
+  return formatValue(value);
+}
+function renderDetailsValue(value: unknown) {
+  const details = value as ReportDetailsValue;
+  return (
+    <div>
+      <div>{details.title}</div>
+      {details.details.map((detail) => (
+        <div key={detail.label} className="mt-1 text-xs text-muted-foreground">
+          {detail.label}: {detail.value}
+        </div>
+      ))}
+    </div>
+  );
+}

package/src/report/runtimeCollectionQuery.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { ColumnFilter, ColumnFilters } from "./components/reportTableControls";
+export function appendRuntimeCollectionFilters(url: URL, filters: ColumnFilters): void {
+  Object.entries(filters).forEach(([column, filter], filterIndex) => {
+    const values = getRuntimeCollectionFilterValues(filter);
+    if (values.length === 0) {
+      return;
+    }
+    url.searchParams.set(`filter[${filterIndex}][column]`, column);
+    values.forEach((value, valueIndex) => {
+      url.searchParams.append(`filter[${filterIndex}][value][${valueIndex}]`, value);
+    });
+  });
+}
+function getRuntimeCollectionFilterValues(filter: ColumnFilter): string[] {
+  if (filter.type === "values") {
+    return filter.values;
+  }
+  return filter.value.trim() ? [filter.value] : [];
+}

package/src/report/types.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export type { OwnerConfidence, OwnerEvidence, OwnerResolution } from "../core/ownership/types";
+import type { OwnerResolution } from "../core/ownership/types";
+export type OwnerReportRow = OwnerResolution & {
+  kind: "subscription" | "resourceGroup";
+  resourceGroup: string | null;
+  subscriptionId: string;
+  subscriptionName: string;
+  targetKey: string;
+};
+export type OwnerReport = {
+  owners: OwnerReportRow[];
+};

package/src/styles.css ADDED Viewed

@@ -0,0 +1,43 @@
+@import "tailwindcss";
+@theme {
+  --color-background: #f4f6f8;
+  --color-foreground: #17202a;
+  --color-card: #ffffff;
+  --color-card-foreground: #17202a;
+  --color-primary: #184e77;
+  --color-primary-foreground: #ffffff;
+  --color-secondary: #eef2f6;
+  --color-secondary-foreground: #24313d;
+  --color-muted: #f7f9fb;
+  --color-muted-foreground: #5d6976;
+  --color-destructive: #b42318;
+  --color-destructive-foreground: #ffffff;
+  --color-border: #dce2e8;
+  --color-input: #cfd7df;
+  --color-ring: #184e77;
+}
+:root {
+  background: #f4f6f8;
+  color: #17202a;
+  font-family:
+    Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+  font-synthesis: none;
+  text-rendering: optimizeLegibility;
+}
+* {
+  box-sizing: border-box;
+}
+body {
+  margin: 0;
+  min-width: 320px;
+}
+button,
+input,
+select {
+  font: inherit;
+}