sfdx-hardis 6.2.1 → 6.3.1

package/oclif.manifest.json

@@ -57,13 +57,12 @@
         "world:hello"
       ]
     },
-    "hardis:auth:login": {
+    "hardis:cache:clear": {
       "aliases": [],
       "args": {},
-      "description": "\n## Command Behavior\n\n**Authenticates to a Salesforce org, primarily designed for CI/CD workflows.**\n\nThis command facilitates secure and automated logins to Salesforce organizations within continuous integration and continuous delivery pipelines. It leverages pre-configured authentication details, ensuring that CI/CD processes can interact with Salesforce without manual intervention.\n\nKey aspects:\n\n- **Configuration-Driven:** It relies on authentication variables and files set up by dedicated configuration commands:\n  - For CI/CD repositories: [Configure Org CI Authentication](https://sfdx-hardis.cloudity.com/hardis/project/configure/auth/)\n  - For Monitoring repositories: [Configure Org Monitoring](https://sfdx-hardis.cloudity.com/hardis/org/configure/monitoring/)\n- **Technical Org Support:** Supports authentication to a 'technical org' (e.g., for calling Agentforce from another org) by utilizing the `SFDX_AUTH_URL_TECHNICAL_ORG` environment variable. If this variable is set, the command authenticates to this org with the alias `TECHNICAL_ORG`.\n\nTo obtain the `SFDX_AUTH_URL_TECHNICAL_ORG` value, you can run `sf org display --verbose --json` and copy the `sfdxAuthUrl` field from the output.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical flow involves:\n\n- **Flag Parsing:** It parses command-line flags such as `instanceurl`, `devhub`, `scratchorg`, and `debug` to determine the authentication context.\n- **Authentication Hook:** It triggers an internal authentication hook (`this.config.runHook('auth', ...`)) which is responsible for executing the actual authentication logic based on the provided flags (e.g., whether it's a Dev Hub or a scratch org).\n- **Environment Variable Check:** It checks for the presence of `SFDX_AUTH_URL_TECHNICAL_ORG` or `TECHNICAL_ORG_ALIAS` environment variables.\n- **`authOrg` Utility:** If a technical org is configured, it calls the `authOrg` utility function to perform the authentication for that specific org, ensuring it's connected and available for subsequent operations.\n- **Salesforce CLI Integration:** It integrates with the Salesforce CLI's authentication mechanisms to establish and manage org connections.\n</details>\n",
+      "description": "\n## Command Behavior\n\n**Clears the local cache generated by the sfdx-hardis plugin.**\n\nThis command is designed to remove temporary files, stored configurations, and other cached data that sfdx-hardis uses to optimize its operations. Clearing the cache can be beneficial for:\n\n- **Troubleshooting:** Resolving unexpected behavior or inconsistencies.\n- **Disk Space Management:** Freeing up storage on your local machine.\n- **Ensuring Fresh Data:** Guaranteeing that the plugin operates with the most current data and configurations.\n\n## Technical explanations\n\nThe command's technical implementation is straightforward:\n\n- **Direct Function Call:** It directly invokes the `clearCache()` function, which is imported from \buri../../../common/cache/index.js\buri.\n- **Cache Management Logic:** The \buriclearCache()` function encapsulates the logic for identifying and removing the specific files and directories that constitute the sfdx-hardis cache.\n",
       "examples": [
-        "$ sf hardis:auth:login",
-        "CI=true sf hardis:auth:login"
+        "$ sf hardis:cache:clear"
       ],
       "flags": {
         "json": {
@@ -81,28 +80,6 @@
           "multiple": false,
           "type": "option"
         },
-        "instanceurl": {
-          "char": "r",
-          "description": "URL of org instance",
-          "name": "instanceurl",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "devhub": {
-          "char": "h",
-          "description": "Also connect associated DevHub",
-          "name": "devhub",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "scratchorg": {
-          "char": "s",
-          "description": "Scratch org",
-          "name": "scratchorg",
-          "allowNo": false,
-          "type": "boolean"
-        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -126,38 +103,42 @@
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "hardis:auth:login",
+      "id": "hardis:cache:clear",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Login",
+      "title": "Clear sfdx-hardis cache",
+      "uiConfig": {
+        "hide": true
+      },
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
         "lib",
         "commands",
         "hardis",
-        "auth",
-        "login.js"
+        "cache",
+        "clear.js"
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:auth:login",
-        "auth:hardis:login",
-        "auth:login:hardis",
-        "hardis:login:auth",
-        "login:hardis:auth",
-        "login:auth:hardis"
+        "hardis:cache:clear",
+        "cache:hardis:clear",
+        "cache:clear:hardis",
+        "hardis:clear:cache",
+        "clear:hardis:cache",
+        "clear:cache:hardis"
       ]
     },
-    "hardis:cache:clear": {
+    "hardis:auth:login": {
       "aliases": [],
       "args": {},
-      "description": "\n## Command Behavior\n\n**Clears the local cache generated by the sfdx-hardis plugin.**\n\nThis command is designed to remove temporary files, stored configurations, and other cached data that sfdx-hardis uses to optimize its operations. Clearing the cache can be beneficial for:\n\n- **Troubleshooting:** Resolving unexpected behavior or inconsistencies.\n- **Disk Space Management:** Freeing up storage on your local machine.\n- **Ensuring Fresh Data:** Guaranteeing that the plugin operates with the most current data and configurations.\n\n## Technical explanations\n\nThe command's technical implementation is straightforward:\n\n- **Direct Function Call:** It directly invokes the `clearCache()` function, which is imported from \buri../../../common/cache/index.js\buri.\n- **Cache Management Logic:** The \buriclearCache()` function encapsulates the logic for identifying and removing the specific files and directories that constitute the sfdx-hardis cache.\n",
+      "description": "\n## Command Behavior\n\n**Authenticates to a Salesforce org, primarily designed for CI/CD workflows.**\n\nThis command facilitates secure and automated logins to Salesforce organizations within continuous integration and continuous delivery pipelines. It leverages pre-configured authentication details, ensuring that CI/CD processes can interact with Salesforce without manual intervention.\n\nKey aspects:\n\n- **Configuration-Driven:** It relies on authentication variables and files set up by dedicated configuration commands:\n  - For CI/CD repositories: [Configure Org CI Authentication](https://sfdx-hardis.cloudity.com/hardis/project/configure/auth/)\n  - For Monitoring repositories: [Configure Org Monitoring](https://sfdx-hardis.cloudity.com/hardis/org/configure/monitoring/)\n- **Technical Org Support:** Supports authentication to a 'technical org' (e.g., for calling Agentforce from another org) by utilizing the `SFDX_AUTH_URL_TECHNICAL_ORG` environment variable. If this variable is set, the command authenticates to this org with the alias `TECHNICAL_ORG`.\n\nTo obtain the `SFDX_AUTH_URL_TECHNICAL_ORG` value, you can run `sf org display --verbose --json` and copy the `sfdxAuthUrl` field from the output.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical flow involves:\n\n- **Flag Parsing:** It parses command-line flags such as `instanceurl`, `devhub`, `scratchorg`, and `debug` to determine the authentication context.\n- **Authentication Hook:** It triggers an internal authentication hook (`this.config.runHook('auth', ...`)) which is responsible for executing the actual authentication logic based on the provided flags (e.g., whether it's a Dev Hub or a scratch org).\n- **Environment Variable Check:** It checks for the presence of `SFDX_AUTH_URL_TECHNICAL_ORG` or `TECHNICAL_ORG_ALIAS` environment variables.\n- **`authOrg` Utility:** If a technical org is configured, it calls the `authOrg` utility function to perform the authentication for that specific org, ensuring it's connected and available for subsequent operations.\n- **Salesforce CLI Integration:** It integrates with the Salesforce CLI's authentication mechanisms to establish and manage org connections.\n</details>\n",
       "examples": [
-        "$ sf hardis:cache:clear"
+        "$ sf hardis:auth:login",
+        "CI=true sf hardis:auth:login"
       ],
       "flags": {
         "json": {
@@ -175,6 +156,28 @@
           "multiple": false,
           "type": "option"
         },
+        "instanceurl": {
+          "char": "r",
+          "description": "URL of org instance",
+          "name": "instanceurl",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "devhub": {
+          "char": "h",
+          "description": "Also connect associated DevHub",
+          "name": "devhub",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "scratchorg": {
+          "char": "s",
+          "description": "Scratch org",
+          "name": "scratchorg",
+          "allowNo": false,
+          "type": "boolean"
+        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -198,33 +201,30 @@
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "hardis:cache:clear",
+      "id": "hardis:auth:login",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Clear sfdx-hardis cache",
-      "uiConfig": {
-        "hide": true
-      },
+      "title": "Login",
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
         "lib",
         "commands",
         "hardis",
-        "cache",
-        "clear.js"
+        "auth",
+        "login.js"
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:cache:clear",
-        "cache:hardis:clear",
-        "cache:clear:hardis",
-        "hardis:clear:cache",
-        "clear:hardis:cache",
-        "clear:cache:hardis"
+        "hardis:auth:login",
+        "auth:hardis:login",
+        "auth:login:hardis",
+        "hardis:login:auth",
+        "login:hardis:auth",
+        "login:auth:hardis"
       ]
     },
     "hardis:config:get": {
@@ -3037,7 +3037,7 @@
     "hardis:scratch:create": {
       "aliases": [],
       "args": {},
-      "description": "Create and initialize a scratch org or a source-tracked sandbox (config can be defined using `config/.sfdx-hardis.yml`):\n\n- **Install packages**\n  - Use property `installedPackages`\n- **Push sources**\n- **Assign permission sets**\n  - Use property `initPermissionSets`\n- **Run apex initialization scripts**\n  - Use property `scratchOrgInitApexScripts`\n- **Load data**\n  - Use property `dataPackages`\n  ",
+      "description": "\n## Command Behavior\n\n**Creates and fully initializes a Salesforce scratch org with complete development environment setup.**\n\nThis command is a comprehensive scratch org provisioning tool that automates the entire process of creating, configuring, and initializing a Salesforce scratch org for development work. It handles everything from basic org creation to advanced configuration including package installation, metadata deployment, and data initialization.\n\nKey functionalities:\n\n- **Intelligent Org Management:** Automatically generates unique scratch org aliases based on username, git branch, and timestamp, with options to reuse existing orgs or force creation of new ones.\n- **Scratch Org Pool Integration:** Supports fetching pre-configured scratch orgs from pools for faster development cycles and CI/CD optimization.\n- **Custom Scratch Definition:** Dynamically builds project-scratch-def.json files with user-specific configurations including email, username patterns, and org shape settings (set variable **SCRATCH_ORG_SHAPE** to use org shapes).\n- **Package Installation:** Automatically installs all configured packages defined in `installedPackages` configuration property.\n- **Metadata Deployment:** Pushes source code and deploys metadata using optimized deployment strategies for scratch org environments.\n- **Permission Set Assignment:** Assigns specified permission sets defined in `initPermissionSets` configuration to the scratch org user.\n- **Apex Script Execution:** Runs custom Apex initialization scripts defined in `scratchOrgInitApexScripts` for org-specific setup.\n- **Data Loading:** Loads initial data using SFDMU data packages from `dataPackages` configuration for realistic development environments.\n- **User Configuration:** Automatically configures the scratch org admin user with proper names, email, country settings, and marketing user permissions.\n- **Password Generation:** Creates and stores secure passwords for easy scratch org access during development.\n- **CI/CD Integration:** Provides specialized handling for continuous integration environments including automated cleanup and pool management.\n- **Error Handling:** Comprehensive error recovery including scratch org cleanup on failure and detailed troubleshooting messages.\n\nThe command configuration can be customized using:\n\n- `config/.sfdx-hardis.yml` file with properties like `installedPackages`, `initPermissionSets`, `scratchOrgInitApexScripts`, and `dataPackages`.\n- Environment variable **SCRATCH_ORG_SHAPE** with shape org id, if you want to use org shapes\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **Configuration Management:** Loads hierarchical configuration from `.sfdx-hardis.yml`, branch-specific, and user-specific configuration files using `getConfig('user')`.\n- **Alias Generation Logic:** Creates intelligent scratch org aliases using username, git branch, timestamp patterns with CI and pool prefixes for different environments.\n- **Scratch Org Definition Building:** Dynamically constructs `project-scratch-def.json` with user email, custom usernames, org shapes, and feature flags like StateAndCountryPicklist and MarketingUser.\n- **Pool Integration:** Implements scratch org pool fetching using `fetchScratchOrg` for rapid org provisioning in development and CI environments.\n- **Salesforce CLI Integration:** Executes `sf org create scratch` commands with proper parameter handling including wait times, duration, and dev hub targeting.\n- **Package Installation Pipeline:** Uses `installPackages` utility to install managed and unmanaged packages with dependency resolution and error handling.\n- **Metadata Deployment:** Leverages `initOrgMetadatas` for optimized source pushing and metadata deployment specific to scratch org environments.\n- **Permission Set Assignment:** Implements `initPermissionSetAssignments` for automated permission set assignment to scratch org users.\n- **Apex Script Execution:** Runs custom Apex initialization scripts using `initApexScripts` for org-specific configuration and setup.\n- **Data Loading Integration:** Uses SFDMU integration through `initOrgData` for comprehensive data loading from configured data packages.\n- **User Management:** Performs SOQL queries and DML operations to configure scratch org users with proper names, emails, country codes, and permission flags.\n- **Authentication Management:** Handles SFDX auth URL generation and storage for CI/CD environments and scratch org pool management.\n- **Error Recovery:** Implements comprehensive error handling with scratch org cleanup, pool management, and detailed error messaging for troubleshooting.\n- **WebSocket Integration:** Provides real-time status updates and file reporting through WebSocket connections for VS Code extension integration.\n</details>\n",
       "examples": [
         "$ sf hardis:scratch:create"
       ],
@@ -5800,6 +5800,121 @@
         "import:files:org:hardis"
       ]
     },
+    "hardis:org:fix:listviewmine": {
+      "aliases": [],
+      "args": {},
+      "description": "Fix listviews whose scope Mine has been replaced by Everything\n\n[![Invalid scope:Mine, not allowed ? Deploy your ListViews anyway !](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-invalid-scope-mine.jpg)](https://nicolas.vuillamy.fr/invalid-scope-mine-not-allowed-deploy-your-listviews-anyway-443aceca8ac7)\n\nList of ListViews can be:\n\n- read from .sfdx-hardis.yml file in property **listViewsToSetToMine**\n- sent in argument listviews\n\nNote: property **listViewsToSetToMine** can be auto-generated by command hardis:work:save if .sfdx-hardis.yml contains the following configuration\n\n```yaml\nautoCleanTypes:\n  - listViewsMine\n```\n\n- Example of sfdx-hardis.yml property `listViewsToSetToMine`:\n\n```yaml\nlistViewsToSetToMine:\n  - \"force-app/main/default/objects/Operation__c/listViews/MyCurrentOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Operation__c/listViews/MyFinalizedOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/Default_Opportunity_Pipeline.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MyCurrentSubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MySubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Account/listViews/MyActivePartners.listView-meta.xml\"\n```\n\n- If manually written, this could also be:\n\n```yaml\nlistViewsToSetToMine:\n  - \"Operation__c:MyCurrentOperations\"\n  - \"Operation__c:MyFinalizedOperations\"\n  - \"Opportunity:Default_Opportunity_Pipeline\"\n  - \"Opportunity:MyCurrentSubscriptions\"\n  - \"Opportunity:MySubscriptions\"\n  - \"Account:MyActivePartners\"\n```\n\nTroubleshooting: if you need to run this command from an alpine-linux based docker image, use this workaround in your dockerfile:\n\n```dockerfile\n# Do not use puppeteer embedded chromium\nRUN apk add --update --no-cache chromium\nENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=\"true\"\nENV CHROMIUM_PATH=\"/usr/bin/chromium-browser\"\nENV PUPPETEER_EXECUTABLE_PATH=\"$\\{CHROMIUM_PATH}\" // remove \\ before {\n```\n",
+      "examples": [
+        "$ sf hardis:org:fix:listviewmine",
+        "$ sf hardis:org:fix:listviewmine --listviews Opportunity:MySubscriptions,Account:MyActivePartners"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "listviews": {
+          "char": "l",
+          "description": "Comma-separated list of listviews following format Object:ListViewName\nExample: Contact:MyContacts,Contact:MyActiveContacts,Opportunity:MYClosedOpportunities",
+          "name": "listviews",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:fix:listviewmine",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Fix listviews with ",
+      "requiresProject": true,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "fix",
+        "listviewmine.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:fix:listviewmine",
+        "org:hardis:fix:listviewmine",
+        "org:fix:hardis:listviewmine",
+        "org:fix:listviewmine:hardis",
+        "hardis:fix:org:listviewmine",
+        "fix:hardis:org:listviewmine",
+        "fix:org:hardis:listviewmine",
+        "fix:org:listviewmine:hardis",
+        "hardis:fix:listviewmine:org",
+        "fix:hardis:listviewmine:org",
+        "fix:listviewmine:hardis:org",
+        "fix:listviewmine:org:hardis",
+        "hardis:org:listviewmine:fix",
+        "org:hardis:listviewmine:fix",
+        "org:listviewmine:hardis:fix",
+        "org:listviewmine:fix:hardis",
+        "hardis:listviewmine:org:fix",
+        "listviewmine:hardis:org:fix",
+        "listviewmine:org:hardis:fix",
+        "listviewmine:org:fix:hardis",
+        "hardis:listviewmine:fix:org",
+        "listviewmine:hardis:fix:org",
+        "listviewmine:fix:hardis:org",
+        "listviewmine:fix:org:hardis"
+      ]
+    },
     "hardis:org:diagnose:audittrail": {
       "aliases": [],
       "args": {},
@@ -6409,13 +6524,12 @@
         "releaseupdates:diagnose:org:hardis"
       ]
     },
-    "hardis:org:diagnose:unused-apex-classes": {
+    "hardis:org:diagnose:unsecure-connected-apps": {
       "aliases": [],
       "args": {},
-      "description": "List all async Apex classes (Batch,Queueable,Schedulable) that has not been called for more than 365 days.\n  \nThe result class list probably can be removed from the project, and that will improve your test classes performances :)\n\nThe number of unused day is overridable using --days option. \n\nThe command uses queries on AsyncApexJob and CronTrigger technical tables to build the result.\n\nApex Classes CreatedBy and CreatedOn fields are calculated from MIN(date from git, date from org)\n\nThis command is part of [sfdx-hardis Monitoring](https://sfdx-hardis.cloudity.com/salesforce-monitoring-unused-apex-classes/) and can output Grafana, Slack and MsTeams Notifications.\n\n![](https://sfdx-hardis.cloudity.com/assets/images/screenshot-monitoring-unused-apex-grafana.jpg)\n",
+      "description": "\n## Command Behavior\n\n**Detects unsecured Connected Apps in a Salesforce org and generates detailed reports for security analysis.**\n\nThis command is a critical security diagnostic tool that helps administrators identify Connected Apps that may pose security risks due to improper configuration. It provides comprehensive analysis of OAuth tokens and Connected App security settings to ensure proper access control.\n\nKey functionalities:\n\n- **OAuth Token Analysis:** Queries all OAuth tokens in the org using SOQL to retrieve comprehensive token information including app names, users, authorization status, and usage statistics.\n- **Security Status Assessment:** Evaluates each Connected App's security configuration by checking the `IsUsingAdminAuthorization` flag to determine if admin pre-approval is required.\n- **Unsecured App Detection:** Identifies Connected Apps that allow users to authorize themselves without admin approval, which can pose security risks.\n- **Detailed Reporting:** Generates two comprehensive CSV reports:\n  - **OAuth Tokens Report:** Lists all OAuth tokens with security status, user information, and usage data\n  - **Connected Apps Summary:** Aggregates unsecured Connected Apps with counts of associated OAuth tokens\n- **Visual Indicators:** Uses status icons (❌ for unsecured, ✅ for secured) to provide immediate visual feedback on security status.\n- **Security Recommendations:** Provides actionable guidance on how to secure Connected Apps through proper configuration.\n- **Notifications:** Sends alerts to configured channels (Grafana, Slack, MS Teams) with security findings and attached reports.\n\nThis command is part of [sfdx-hardis Monitoring](https://sfdx-hardis.cloudity.com/salesforce-monitoring-org-security/) and can output Grafana, Slack and MsTeams Notifications.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **SOQL Query Execution:** Executes a comprehensive SOQL query on the `OauthToken` object, joining with `AppMenuItem` and `User` objects to gather complete security context.\n- **Security Analysis Logic:** Analyzes the `AppMenuItem.IsUsingAdminAuthorization` field to determine if a Connected App requires admin pre-approval for user authorization.\n- **Data Transformation:** Processes raw SOQL results to add security status indicators and reorganize data for optimal reporting and analysis.\n- **Aggregation Processing:** Groups OAuth tokens by Connected App name to provide summary statistics and identify the most problematic applications.\n- **Report Generation:** Uses `generateCsvFile` to create structured CSV reports with proper formatting and metadata for easy analysis and sharing.\n- **Notification Integration:** Integrates with the `NotifProvider` to send security alerts with detailed metrics, including the number of unsecured Connected Apps and associated OAuth tokens.\n- **File Management:** Generates multiple output formats (CSV, XLSX) and manages file paths using `generateReportPath` for consistent report organization.\n- **Connection Management:** Uses `setConnectionVariables` to ensure proper authentication context for notification providers that require org connection details.\n</details>\n",
       "examples": [
-        "$ sf hardis:org:diagnose:unused-apex-classes",
-        "$ sf hardis:org:diagnose:unused-apex-classes --days 700"
+        "$ sf hardis:org:diagnose:unsecure-connected-apps"
       ],
       "flags": {
         "json": {
@@ -6441,14 +6555,6 @@
           "multiple": false,
           "type": "option"
         },
-        "days": {
-          "char": "t",
-          "description": "Extracts the users that have been inactive for the amount of days specified. In CI, default is 180 days",
-          "name": "days",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
         "debug": {
           "char": "d",
           "description": "Activate debug mode (more logs)",
@@ -6487,13 +6593,13 @@
       },
       "hasDynamicHelp": true,
       "hiddenAliases": [],
-      "id": "hardis:org:diagnose:unused-apex-classes",
+      "id": "hardis:org:diagnose:unsecure-connected-apps",
       "pluginAlias": "sfdx-hardis",
       "pluginName": "sfdx-hardis",
       "pluginType": "core",
       "strict": true,
       "enableJsonFlag": true,
-      "title": "Detect unused Apex classes in an org",
+      "title": "Detect Unsecured Connected Apps",
       "requiresProject": false,
       "isESM": true,
       "relativePath": [
@@ -6502,32 +6608,155 @@
         "hardis",
         "org",
         "diagnose",
-        "unused-apex-classes.js"
+        "unsecure-connected-apps.js"
       ],
       "aliasPermutations": [],
       "permutations": [
-        "hardis:org:diagnose:unused-apex-classes",
-        "org:hardis:diagnose:unused-apex-classes",
-        "org:diagnose:hardis:unused-apex-classes",
-        "org:diagnose:unused-apex-classes:hardis",
-        "hardis:diagnose:org:unused-apex-classes",
-        "diagnose:hardis:org:unused-apex-classes",
-        "diagnose:org:hardis:unused-apex-classes",
-        "diagnose:org:unused-apex-classes:hardis",
-        "hardis:diagnose:unused-apex-classes:org",
-        "diagnose:hardis:unused-apex-classes:org",
-        "diagnose:unused-apex-classes:hardis:org",
-        "diagnose:unused-apex-classes:org:hardis",
-        "hardis:org:unused-apex-classes:diagnose",
-        "org:hardis:unused-apex-classes:diagnose",
-        "org:unused-apex-classes:hardis:diagnose",
-        "org:unused-apex-classes:diagnose:hardis",
-        "hardis:unused-apex-classes:org:diagnose",
-        "unused-apex-classes:hardis:org:diagnose",
-        "unused-apex-classes:org:hardis:diagnose",
-        "unused-apex-classes:org:diagnose:hardis",
-        "hardis:unused-apex-classes:diagnose:org",
-        "unused-apex-classes:hardis:diagnose:org",
+        "hardis:org:diagnose:unsecure-connected-apps",
+        "org:hardis:diagnose:unsecure-connected-apps",
+        "org:diagnose:hardis:unsecure-connected-apps",
+        "org:diagnose:unsecure-connected-apps:hardis",
+        "hardis:diagnose:org:unsecure-connected-apps",
+        "diagnose:hardis:org:unsecure-connected-apps",
+        "diagnose:org:hardis:unsecure-connected-apps",
+        "diagnose:org:unsecure-connected-apps:hardis",
+        "hardis:diagnose:unsecure-connected-apps:org",
+        "diagnose:hardis:unsecure-connected-apps:org",
+        "diagnose:unsecure-connected-apps:hardis:org",
+        "diagnose:unsecure-connected-apps:org:hardis",
+        "hardis:org:unsecure-connected-apps:diagnose",
+        "org:hardis:unsecure-connected-apps:diagnose",
+        "org:unsecure-connected-apps:hardis:diagnose",
+        "org:unsecure-connected-apps:diagnose:hardis",
+        "hardis:unsecure-connected-apps:org:diagnose",
+        "unsecure-connected-apps:hardis:org:diagnose",
+        "unsecure-connected-apps:org:hardis:diagnose",
+        "unsecure-connected-apps:org:diagnose:hardis",
+        "hardis:unsecure-connected-apps:diagnose:org",
+        "unsecure-connected-apps:hardis:diagnose:org",
+        "unsecure-connected-apps:diagnose:hardis:org",
+        "unsecure-connected-apps:diagnose:org:hardis"
+      ]
+    },
+    "hardis:org:diagnose:unused-apex-classes": {
+      "aliases": [],
+      "args": {},
+      "description": "List all async Apex classes (Batch,Queueable,Schedulable) that has not been called for more than 365 days.\n  \nThe result class list probably can be removed from the project, and that will improve your test classes performances :)\n\nThe number of unused day is overridable using --days option. \n\nThe command uses queries on AsyncApexJob and CronTrigger technical tables to build the result.\n\nApex Classes CreatedBy and CreatedOn fields are calculated from MIN(date from git, date from org)\n\nThis command is part of [sfdx-hardis Monitoring](https://sfdx-hardis.cloudity.com/salesforce-monitoring-unused-apex-classes/) and can output Grafana, Slack and MsTeams Notifications.\n\n![](https://sfdx-hardis.cloudity.com/assets/images/screenshot-monitoring-unused-apex-grafana.jpg)\n",
+      "examples": [
+        "$ sf hardis:org:diagnose:unused-apex-classes",
+        "$ sf hardis:org:diagnose:unused-apex-classes --days 700"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "outputfile": {
+          "char": "f",
+          "description": "Force the path and name of output report file. Must end with .csv",
+          "name": "outputfile",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "days": {
+          "char": "t",
+          "description": "Extracts the users that have been inactive for the amount of days specified. In CI, default is 180 days",
+          "name": "days",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:diagnose:unused-apex-classes",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Detect unused Apex classes in an org",
+      "requiresProject": false,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "diagnose",
+        "unused-apex-classes.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:diagnose:unused-apex-classes",
+        "org:hardis:diagnose:unused-apex-classes",
+        "org:diagnose:hardis:unused-apex-classes",
+        "org:diagnose:unused-apex-classes:hardis",
+        "hardis:diagnose:org:unused-apex-classes",
+        "diagnose:hardis:org:unused-apex-classes",
+        "diagnose:org:hardis:unused-apex-classes",
+        "diagnose:org:unused-apex-classes:hardis",
+        "hardis:diagnose:unused-apex-classes:org",
+        "diagnose:hardis:unused-apex-classes:org",
+        "diagnose:unused-apex-classes:hardis:org",
+        "diagnose:unused-apex-classes:org:hardis",
+        "hardis:org:unused-apex-classes:diagnose",
+        "org:hardis:unused-apex-classes:diagnose",
+        "org:unused-apex-classes:hardis:diagnose",
+        "org:unused-apex-classes:diagnose:hardis",
+        "hardis:unused-apex-classes:org:diagnose",
+        "unused-apex-classes:hardis:org:diagnose",
+        "unused-apex-classes:org:hardis:diagnose",
+        "unused-apex-classes:org:diagnose:hardis",
+        "hardis:unused-apex-classes:diagnose:org",
+        "unused-apex-classes:hardis:diagnose:org",
         "unused-apex-classes:diagnose:hardis:org",
         "unused-apex-classes:diagnose:org:hardis"
       ]
@@ -6949,121 +7178,6 @@
         "unusedusers:diagnose:org:hardis"
       ]
     },
-    "hardis:org:fix:listviewmine": {
-      "aliases": [],
-      "args": {},
-      "description": "Fix listviews whose scope Mine has been replaced by Everything\n\n[![Invalid scope:Mine, not allowed ? Deploy your ListViews anyway !](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-invalid-scope-mine.jpg)](https://nicolas.vuillamy.fr/invalid-scope-mine-not-allowed-deploy-your-listviews-anyway-443aceca8ac7)\n\nList of ListViews can be:\n\n- read from .sfdx-hardis.yml file in property **listViewsToSetToMine**\n- sent in argument listviews\n\nNote: property **listViewsToSetToMine** can be auto-generated by command hardis:work:save if .sfdx-hardis.yml contains the following configuration\n\n```yaml\nautoCleanTypes:\n  - listViewsMine\n```\n\n- Example of sfdx-hardis.yml property `listViewsToSetToMine`:\n\n```yaml\nlistViewsToSetToMine:\n  - \"force-app/main/default/objects/Operation__c/listViews/MyCurrentOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Operation__c/listViews/MyFinalizedOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/Default_Opportunity_Pipeline.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MyCurrentSubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MySubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Account/listViews/MyActivePartners.listView-meta.xml\"\n```\n\n- If manually written, this could also be:\n\n```yaml\nlistViewsToSetToMine:\n  - \"Operation__c:MyCurrentOperations\"\n  - \"Operation__c:MyFinalizedOperations\"\n  - \"Opportunity:Default_Opportunity_Pipeline\"\n  - \"Opportunity:MyCurrentSubscriptions\"\n  - \"Opportunity:MySubscriptions\"\n  - \"Account:MyActivePartners\"\n```\n\nTroubleshooting: if you need to run this command from an alpine-linux based docker image, use this workaround in your dockerfile:\n\n```dockerfile\n# Do not use puppeteer embedded chromium\nRUN apk add --update --no-cache chromium\nENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=\"true\"\nENV CHROMIUM_PATH=\"/usr/bin/chromium-browser\"\nENV PUPPETEER_EXECUTABLE_PATH=\"$\\{CHROMIUM_PATH}\" // remove \\ before {\n```\n",
-      "examples": [
-        "$ sf hardis:org:fix:listviewmine",
-        "$ sf hardis:org:fix:listviewmine --listviews Opportunity:MySubscriptions,Account:MyActivePartners"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "listviews": {
-          "char": "l",
-          "description": "Comma-separated list of listviews following format Object:ListViewName\nExample: Contact:MyContacts,Contact:MyActiveContacts,Opportunity:MYClosedOpportunities",
-          "name": "listviews",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "target-org": {
-          "aliases": [
-            "targetusername",
-            "u"
-          ],
-          "char": "o",
-          "deprecateAliases": true,
-          "name": "target-org",
-          "noCacheDefault": true,
-          "required": true,
-          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:fix:listviewmine",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Fix listviews with ",
-      "requiresProject": true,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "fix",
-        "listviewmine.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:fix:listviewmine",
-        "org:hardis:fix:listviewmine",
-        "org:fix:hardis:listviewmine",
-        "org:fix:listviewmine:hardis",
-        "hardis:fix:org:listviewmine",
-        "fix:hardis:org:listviewmine",
-        "fix:org:hardis:listviewmine",
-        "fix:org:listviewmine:hardis",
-        "hardis:fix:listviewmine:org",
-        "fix:hardis:listviewmine:org",
-        "fix:listviewmine:hardis:org",
-        "fix:listviewmine:org:hardis",
-        "hardis:org:listviewmine:fix",
-        "org:hardis:listviewmine:fix",
-        "org:listviewmine:hardis:fix",
-        "org:listviewmine:fix:hardis",
-        "hardis:listviewmine:org:fix",
-        "listviewmine:hardis:org:fix",
-        "listviewmine:org:hardis:fix",
-        "listviewmine:org:fix:hardis",
-        "hardis:listviewmine:fix:org",
-        "listviewmine:hardis:fix:org",
-        "listviewmine:fix:hardis:org",
-        "listviewmine:fix:org:hardis"
-      ]
-    },
     "hardis:org:generate:packagexmlfull": {
       "aliases": [],
       "args": {},
@@ -7189,7 +7303,7 @@
     "hardis:org:monitor:all": {
       "aliases": [],
       "args": {},
-      "description": "Monitor org, generate reports and sends notifications\n\nYou can disable some commands defining either a **monitoringDisable** property in `.sfdx-hardis.yml`, or a comma separated list in env variable **MONITORING_DISABLE**\n\nExample in .sfdx-hardis.yml:\n  \n```yaml\nmonitoringDisable:\n  - METADATA_STATUS\n  - MISSING_ATTRIBUTES\n  - UNUSED_METADATAS\n```\n  \nExample in env var:\n\n```sh\nMONITORING_DISABLE=METADATA_STATUS,MISSING_ATTRIBUTES,UNUSED_METADATAS\n```\n\nA [default list of monitoring commands](https://sfdx-hardis.cloudity.com/salesforce-monitoring-home/#monitoring-commands) is used, if you want to override it you can define property **monitoringCommands** in your .sfdx-hardis.yml file\n\nExample:\n\n```yaml\nmonitoringCommands:\n  - title: My Custom command\n    command: sf my:custom:command\n  - title: My Custom command 2\n    command: sf my:other:custom:command\n```\n\nYou can force the daily run of all commands by defining env var `MONITORING_IGNORE_FREQUENCY=true`\n\nThe default list of commands is the following:\n\n| Key | Description | Command | Frequency |\n| :---: | :---- | :---- | :-----: |\n| [AUDIT_TRAIL](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | Detect suspect setup actions in major org | [sf hardis:org:diagnose:audittrail](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | daily |\n| [LEGACY_API](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | Detect calls to deprecated API versions | [sf hardis:org:diagnose:legacyapi](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | daily |\n| [ORG_LIMITS](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | Detect if org limits are close to be reached | [sf hardis:org:monitor:limits](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | daily |\n| [LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | Extract licenses information | [sf hardis:org:diagnose:licenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | weekly |\n| [LINT_ACCESS](https://sfdx-hardis.cloudity.com/hardis/lint/access) | Detect custom elements with no access rights defined in permission sets | [sf hardis:lint:access](https://sfdx-hardis.cloudity.com/hardis/lint/access) | weekly |\n| [UNUSED_LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | Detect permission set licenses that are assigned to users that do not need them | [sf hardis:org:diagnose:unusedlicenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | weekly |\n| [UNUSED_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users without recent logins | [sf hardis:org:diagnose:unusedusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ACTIVE_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users with recent logins | [sf hardis:org:diagnose:unusedusers --returnactiveusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ORG_INFO](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | Get org info + SF instance info + next major upgrade date | [sf hardis:org:diagnose:instanceupgrade](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | weekly |\n| [RELEASE_UPDATES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | Gather warnings about incoming and overdue Release Updates | [sf hardis:org:diagnose:releaseupdates](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | weekly |\n| [UNUSED_METADATAS](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | Detect custom labels and custom permissions that are not in use | [sf hardis:lint:unusedmetadatas](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | weekly |\n| [UNUSED_APEX_CLASSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | Detect unused Apex classes in an org | [sf hardis:org:diagnose:unused-apex-classes](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | weekly |\n| [CONNECTED_APPS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | Detect unused Connected Apps in an org | [sf hardis:org:diagnose:unused-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | weekly |\n| [METADATA_STATUS](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | Detect inactive metadata | [sf hardis:lint:metadatastatus](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | weekly |\n| [MISSING_ATTRIBUTES](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | Detect missing description on custom field | [sf hardis:lint:missingattributes](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | weekly |\n\n",
+      "description": "Monitor org, generate reports and sends notifications\n\nYou can disable some commands defining either a **monitoringDisable** property in `.sfdx-hardis.yml`, or a comma separated list in env variable **MONITORING_DISABLE**\n\nExample in .sfdx-hardis.yml:\n  \n```yaml\nmonitoringDisable:\n  - METADATA_STATUS\n  - MISSING_ATTRIBUTES\n  - UNUSED_METADATAS\n```\n  \nExample in env var:\n\n```sh\nMONITORING_DISABLE=METADATA_STATUS,MISSING_ATTRIBUTES,UNUSED_METADATAS\n```\n\nA [default list of monitoring commands](https://sfdx-hardis.cloudity.com/salesforce-monitoring-home/#monitoring-commands) is used, if you want to override it you can define property **monitoringCommands** in your .sfdx-hardis.yml file\n\nExample:\n\n```yaml\nmonitoringCommands:\n  - title: My Custom command\n    command: sf my:custom:command\n  - title: My Custom command 2\n    command: sf my:other:custom:command\n```\n\nYou can force the daily run of all commands by defining env var `MONITORING_IGNORE_FREQUENCY=true`\n\nThe default list of commands is the following:\n\n| Key | Description | Command | Frequency |\n| :---: | :---- | :---- | :-----: |\n| [AUDIT_TRAIL](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | Detect suspect setup actions in major org | [sf hardis:org:diagnose:audittrail](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | daily |\n| [LEGACY_API](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | Detect calls to deprecated API versions | [sf hardis:org:diagnose:legacyapi](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | daily |\n| [ORG_LIMITS](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | Detect if org limits are close to be reached | [sf hardis:org:monitor:limits](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | daily |\n| [LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | Extract licenses information | [sf hardis:org:diagnose:licenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | weekly |\n| [LINT_ACCESS](https://sfdx-hardis.cloudity.com/hardis/lint/access) | Detect custom elements with no access rights defined in permission sets | [sf hardis:lint:access](https://sfdx-hardis.cloudity.com/hardis/lint/access) | weekly |\n| [UNUSED_LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | Detect permission set licenses that are assigned to users that do not need them | [sf hardis:org:diagnose:unusedlicenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | weekly |\n| [UNUSED_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users without recent logins | [sf hardis:org:diagnose:unusedusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ACTIVE_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users with recent logins | [sf hardis:org:diagnose:unusedusers --returnactiveusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ORG_INFO](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | Get org info + SF instance info + next major upgrade date | [sf hardis:org:diagnose:instanceupgrade](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | weekly |\n| [RELEASE_UPDATES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | Gather warnings about incoming and overdue Release Updates | [sf hardis:org:diagnose:releaseupdates](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | weekly |\n| [UNUSED_METADATAS](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | Detect custom labels and custom permissions that are not in use | [sf hardis:lint:unusedmetadatas](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | weekly |\n| [UNUSED_APEX_CLASSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | Detect unused Apex classes in an org | [sf hardis:org:diagnose:unused-apex-classes](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | weekly |\n| [CONNECTED_APPS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | Detect unused Connected Apps in an org | [sf hardis:org:diagnose:unused-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | weekly |\n| [UNSECURED_CONNECTED_APPS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unsecure-connected-apps) | Detect unsecured Connected Apps in an org | [sf hardis:org:diagnose:unsecure-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unsecure-connected-apps) | weekly |\n| [METADATA_STATUS](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | Detect inactive metadata | [sf hardis:lint:metadatastatus](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | weekly |\n| [MISSING_ATTRIBUTES](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | Detect missing description on custom field | [sf hardis:lint:missingattributes](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | weekly |\n\n",
       "examples": [
         "$ sf hardis:org:monitor:all"
       ],
@@ -7333,6 +7447,12 @@
           "command": "sf hardis:org:diagnose:unused-connected-apps",
           "frequency": "weekly"
         },
+        {
+          "key": "UNSECURED_CONNECTED_APPS",
+          "title": "Detect unsecured Connected Apps in an org",
+          "command": "sf hardis:org:diagnose:unsecure-connected-apps",
+          "frequency": "weekly"
+        },
         {
           "key": "METADATA_STATUS",
           "title": "Detect inactive metadata",
@@ -9562,244 +9682,12 @@
         "remotesites:audit:project:hardis"
       ]
     },
-    "hardis:project:configure:auth": {
+    "hardis:project:clean:emptyitems": {
       "aliases": [],
       "args": {},
-      "description": "\n## Command Behavior\n\n**Configures authentication between a Git branch and a target Salesforce org for CI/CD deployments.**\n\nThis command facilitates the setup of automated CI/CD pipelines, enabling seamless deployments from specific Git branches to designated Salesforce orgs. It supports both standard Salesforce orgs and Dev Hub configurations, catering to various enterprise deployment workflows.\n\nKey functionalities include:\n\n- **Org Selection/Login:** Guides the user to select an existing Salesforce org or log in to a new one.\n- **Git Branch Association:** Allows associating a specific Git branch with the chosen Salesforce org.\n- **Merge Target Definition:** Enables defining target Git branches into which the configured branch can merge, ensuring controlled deployment flows.\n- **Salesforce Username Configuration:** Prompts for the Salesforce username to be used by the CI server for deployments.\n- **SSL Certificate Generation:** Automatically generates an SSL certificate for secure authentication.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's implementation involves several key technical aspects:\n\n- **SF CLI Integration:** Utilizes \n@salesforce/sf-plugins-core\n for command structure and flag parsing.\n- **Interactive Prompts:** Employs the \nprompts\n library for interactive user input, guiding the configuration process.\n- **Git Integration:** Interacts with Git to retrieve branch information using \n`git().branch([\"--list\", \"-r\"])`\n.\n- **Configuration Management:** Leverages internal utilities (`checkConfig`, `getConfig`, `setConfig`, `setInConfigFile`) to read from and write to project-specific configuration files (e.g., `.sfdx-hardis.<branchName>.yml`).\n- **Salesforce CLI Execution:** Executes Salesforce CLI commands programmatically via `execSfdxJson` for org interactions.\n- **SSL Certificate Generation:** Calls `generateSSLCertificate` to create necessary SSL certificates for JWT-based authentication.\n- **WebSocket Communication:** Uses `WebSocketClient` for potential communication with external tools or processes, such as restarting the command in VS Code.\n- **Dependency Check:** Ensures the presence of `openssl` on the system, which is required for SSL certificate generation.\n",
+      "description": "\n## Command Behavior\n\n**Removes empty or irrelevant metadata items from your Salesforce DX project sources.**\n\nThis command helps maintain a clean and efficient Salesforce codebase by deleting metadata files that are essentially empty or contain no meaningful configuration. These files can sometimes be generated during retrieval processes or remain after refactoring, contributing to unnecessary clutter in your project.\n\nKey functionalities:\n\n- **Targeted Cleaning:** Specifically targets and removes empty instances of:\n  - Global Value Set Translations (`.globalValueSetTranslation-meta.xml`)\n  - Standard Value Sets (`.standardValueSet-meta.xml`)\n  - Sharing Rules (`.sharingRules-meta.xml`)\n- **Content-Based Deletion:** It checks the XML content of these files for the presence of specific tags (e.g., `valueTranslation` for Global Value Set Translations) to determine if they are truly empty or lack relevant data.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **File Discovery:** Uses `glob` to find files matching predefined patterns for Global Value Set Translations, Standard Value Sets, and Sharing Rules within the specified root folder (defaults to `force-app`).\n- **XML Parsing:** For each matching file, it reads and parses the XML content using `parseXmlFile`.\n- **Content Validation:** It then checks the parsed XML object for the existence of specific nested properties (e.g., `xmlContent.GlobalValueSetTranslation.valueTranslation`). If these properties are missing or empty, the file is considered empty.\n- **File Deletion:** If a file is determined to be empty, it is removed from the file system using `fs.remove`.\n- **Logging:** Provides clear messages about which files are being removed and a summary of the total number of items cleaned.\n</details>\n",
       "examples": [
-        "$ sf hardis:project:configure:auth"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "devhub": {
-          "char": "b",
-          "description": "Configure project DevHub",
-          "name": "devhub",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "target-org": {
-          "aliases": [
-            "targetusername",
-            "u"
-          ],
-          "char": "o",
-          "deprecateAliases": true,
-          "name": "target-org",
-          "noCacheDefault": true,
-          "summary": "Username or alias of the target org.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        },
-        "target-dev-hub": {
-          "aliases": [
-            "targetdevhubusername"
-          ],
-          "char": "v",
-          "deprecateAliases": true,
-          "name": "target-dev-hub",
-          "noCacheDefault": true,
-          "required": false,
-          "summary": "Username or alias of the Dev Hub org.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:project:configure:auth",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Configure authentication",
-      "requiresProject": false,
-      "requiresDependencies": [
-        "openssl"
-      ],
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "project",
-        "configure",
-        "auth.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:project:configure:auth",
-        "project:hardis:configure:auth",
-        "project:configure:hardis:auth",
-        "project:configure:auth:hardis",
-        "hardis:configure:project:auth",
-        "configure:hardis:project:auth",
-        "configure:project:hardis:auth",
-        "configure:project:auth:hardis",
-        "hardis:configure:auth:project",
-        "configure:hardis:auth:project",
-        "configure:auth:hardis:project",
-        "configure:auth:project:hardis",
-        "hardis:project:auth:configure",
-        "project:hardis:auth:configure",
-        "project:auth:hardis:configure",
-        "project:auth:configure:hardis",
-        "hardis:auth:project:configure",
-        "auth:hardis:project:configure",
-        "auth:project:hardis:configure",
-        "auth:project:configure:hardis",
-        "hardis:auth:configure:project",
-        "auth:hardis:configure:project",
-        "auth:configure:hardis:project",
-        "auth:configure:project:hardis"
-      ]
-    },
-    "hardis:project:convert:profilestopermsets": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Converts existing Salesforce Profiles into Permission Sets, facilitating a more granular and recommended security model.**\n\nThis command helps in migrating permissions from Profiles to Permission Sets, which is a best practice for managing user access in Salesforce. It creates a new Permission Set for each specified Profile, adopting a naming convention of `PS_PROFILENAME`.\n\nKey functionalities:\n\n- **Profile to Permission Set Conversion:** Automatically extracts permissions from a Profile and creates a corresponding Permission Set.\n- **Naming Convention:** New Permission Sets are named with a `PS_` prefix followed by the Profile name (e.g., `PS_Standard_User`).\n- **Exclusion Filter:** Allows you to exclude specific Profiles from the conversion process using the `--except` flag.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **External Plugin Integration:** It relies on the `shane-sfdx-plugins` (specifically the `sf shane:profile:convert` command) to perform the actual conversion.\n- **File System Scan:** It reads the contents of the `force-app/main/default/profiles` directory to identify all available Profile metadata files.\n- **Command Execution:** For each identified Profile (that is not excluded), it constructs and executes the `sf shane:profile:convert` command with the appropriate Profile name and desired Permission Set name.\n- **Error Handling:** Includes basic error handling for the external command execution.\n</details>\n",
-      "examples": [
-        "$ sf hardis:project:convert:profilestopermsets"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "except": {
-          "char": "e",
-          "description": "List of filters",
-          "name": "except",
-          "default": [],
-          "hasDynamicHelp": false,
-          "multiple": true,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        }
-      },
-      "hasDynamicHelp": false,
-      "hiddenAliases": [],
-      "id": "hardis:project:convert:profilestopermsets",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Convert Profiles into Permission Sets",
-      "requiresProject": true,
-      "requiresSfdxPlugins": [
-        "shane-sfdx-plugins"
-      ],
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "project",
-        "convert",
-        "profilestopermsets.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:project:convert:profilestopermsets",
-        "project:hardis:convert:profilestopermsets",
-        "project:convert:hardis:profilestopermsets",
-        "project:convert:profilestopermsets:hardis",
-        "hardis:convert:project:profilestopermsets",
-        "convert:hardis:project:profilestopermsets",
-        "convert:project:hardis:profilestopermsets",
-        "convert:project:profilestopermsets:hardis",
-        "hardis:convert:profilestopermsets:project",
-        "convert:hardis:profilestopermsets:project",
-        "convert:profilestopermsets:hardis:project",
-        "convert:profilestopermsets:project:hardis",
-        "hardis:project:profilestopermsets:convert",
-        "project:hardis:profilestopermsets:convert",
-        "project:profilestopermsets:hardis:convert",
-        "project:profilestopermsets:convert:hardis",
-        "hardis:profilestopermsets:project:convert",
-        "profilestopermsets:hardis:project:convert",
-        "profilestopermsets:project:hardis:convert",
-        "profilestopermsets:project:convert:hardis",
-        "hardis:profilestopermsets:convert:project",
-        "profilestopermsets:hardis:convert:project",
-        "profilestopermsets:convert:hardis:project",
-        "profilestopermsets:convert:project:hardis"
-      ]
-    },
-    "hardis:project:clean:emptyitems": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Removes empty or irrelevant metadata items from your Salesforce DX project sources.**\n\nThis command helps maintain a clean and efficient Salesforce codebase by deleting metadata files that are essentially empty or contain no meaningful configuration. These files can sometimes be generated during retrieval processes or remain after refactoring, contributing to unnecessary clutter in your project.\n\nKey functionalities:\n\n- **Targeted Cleaning:** Specifically targets and removes empty instances of:\n  - Global Value Set Translations (`.globalValueSetTranslation-meta.xml`)\n  - Standard Value Sets (`.standardValueSet-meta.xml`)\n  - Sharing Rules (`.sharingRules-meta.xml`)\n- **Content-Based Deletion:** It checks the XML content of these files for the presence of specific tags (e.g., `valueTranslation` for Global Value Set Translations) to determine if they are truly empty or lack relevant data.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **File Discovery:** Uses `glob` to find files matching predefined patterns for Global Value Set Translations, Standard Value Sets, and Sharing Rules within the specified root folder (defaults to `force-app`).\n- **XML Parsing:** For each matching file, it reads and parses the XML content using `parseXmlFile`.\n- **Content Validation:** It then checks the parsed XML object for the existence of specific nested properties (e.g., `xmlContent.GlobalValueSetTranslation.valueTranslation`). If these properties are missing or empty, the file is considered empty.\n- **File Deletion:** If a file is determined to be empty, it is removed from the file system using `fs.remove`.\n- **Logging:** Provides clear messages about which files are being removed and a summary of the total number of items cleaned.\n</details>\n",
-      "examples": [
-        "$ sf hardis:project:clean:emptyitems"
+        "$ sf hardis:project:clean:emptyitems"
       ],
       "flags": {
         "json": {
@@ -11279,6 +11167,238 @@
         "xml:clean:project:hardis"
       ]
     },
+    "hardis:project:configure:auth": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Configures authentication between a Git branch and a target Salesforce org for CI/CD deployments.**\n\nThis command facilitates the setup of automated CI/CD pipelines, enabling seamless deployments from specific Git branches to designated Salesforce orgs. It supports both standard Salesforce orgs and Dev Hub configurations, catering to various enterprise deployment workflows.\n\nKey functionalities include:\n\n- **Org Selection/Login:** Guides the user to select an existing Salesforce org or log in to a new one.\n- **Git Branch Association:** Allows associating a specific Git branch with the chosen Salesforce org.\n- **Merge Target Definition:** Enables defining target Git branches into which the configured branch can merge, ensuring controlled deployment flows.\n- **Salesforce Username Configuration:** Prompts for the Salesforce username to be used by the CI server for deployments.\n- **SSL Certificate Generation:** Automatically generates an SSL certificate for secure authentication.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's implementation involves several key technical aspects:\n\n- **SF CLI Integration:** Utilizes \n@salesforce/sf-plugins-core\n for command structure and flag parsing.\n- **Interactive Prompts:** Employs the \nprompts\n library for interactive user input, guiding the configuration process.\n- **Git Integration:** Interacts with Git to retrieve branch information using \n`git().branch([\"--list\", \"-r\"])`\n.\n- **Configuration Management:** Leverages internal utilities (`checkConfig`, `getConfig`, `setConfig`, `setInConfigFile`) to read from and write to project-specific configuration files (e.g., `.sfdx-hardis.<branchName>.yml`).\n- **Salesforce CLI Execution:** Executes Salesforce CLI commands programmatically via `execSfdxJson` for org interactions.\n- **SSL Certificate Generation:** Calls `generateSSLCertificate` to create necessary SSL certificates for JWT-based authentication.\n- **WebSocket Communication:** Uses `WebSocketClient` for potential communication with external tools or processes, such as restarting the command in VS Code.\n- **Dependency Check:** Ensures the presence of `openssl` on the system, which is required for SSL certificate generation.\n",
+      "examples": [
+        "$ sf hardis:project:configure:auth"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "devhub": {
+          "char": "b",
+          "description": "Configure project DevHub",
+          "name": "devhub",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "summary": "Username or alias of the target org.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        },
+        "target-dev-hub": {
+          "aliases": [
+            "targetdevhubusername"
+          ],
+          "char": "v",
+          "deprecateAliases": true,
+          "name": "target-dev-hub",
+          "noCacheDefault": true,
+          "required": false,
+          "summary": "Username or alias of the Dev Hub org.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:project:configure:auth",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Configure authentication",
+      "requiresProject": false,
+      "requiresDependencies": [
+        "openssl"
+      ],
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "project",
+        "configure",
+        "auth.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:project:configure:auth",
+        "project:hardis:configure:auth",
+        "project:configure:hardis:auth",
+        "project:configure:auth:hardis",
+        "hardis:configure:project:auth",
+        "configure:hardis:project:auth",
+        "configure:project:hardis:auth",
+        "configure:project:auth:hardis",
+        "hardis:configure:auth:project",
+        "configure:hardis:auth:project",
+        "configure:auth:hardis:project",
+        "configure:auth:project:hardis",
+        "hardis:project:auth:configure",
+        "project:hardis:auth:configure",
+        "project:auth:hardis:configure",
+        "project:auth:configure:hardis",
+        "hardis:auth:project:configure",
+        "auth:hardis:project:configure",
+        "auth:project:hardis:configure",
+        "auth:project:configure:hardis",
+        "hardis:auth:configure:project",
+        "auth:hardis:configure:project",
+        "auth:configure:hardis:project",
+        "auth:configure:project:hardis"
+      ]
+    },
+    "hardis:project:convert:profilestopermsets": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Converts existing Salesforce Profiles into Permission Sets, facilitating a more granular and recommended security model.**\n\nThis command helps in migrating permissions from Profiles to Permission Sets, which is a best practice for managing user access in Salesforce. It creates a new Permission Set for each specified Profile, adopting a naming convention of `PS_PROFILENAME`.\n\nKey functionalities:\n\n- **Profile to Permission Set Conversion:** Automatically extracts permissions from a Profile and creates a corresponding Permission Set.\n- **Naming Convention:** New Permission Sets are named with a `PS_` prefix followed by the Profile name (e.g., `PS_Standard_User`).\n- **Exclusion Filter:** Allows you to exclude specific Profiles from the conversion process using the `--except` flag.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **External Plugin Integration:** It relies on the `shane-sfdx-plugins` (specifically the `sf shane:profile:convert` command) to perform the actual conversion.\n- **File System Scan:** It reads the contents of the `force-app/main/default/profiles` directory to identify all available Profile metadata files.\n- **Command Execution:** For each identified Profile (that is not excluded), it constructs and executes the `sf shane:profile:convert` command with the appropriate Profile name and desired Permission Set name.\n- **Error Handling:** Includes basic error handling for the external command execution.\n</details>\n",
+      "examples": [
+        "$ sf hardis:project:convert:profilestopermsets"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "except": {
+          "char": "e",
+          "description": "List of filters",
+          "name": "except",
+          "default": [],
+          "hasDynamicHelp": false,
+          "multiple": true,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "hardis:project:convert:profilestopermsets",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Convert Profiles into Permission Sets",
+      "requiresProject": true,
+      "requiresSfdxPlugins": [
+        "shane-sfdx-plugins"
+      ],
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "project",
+        "convert",
+        "profilestopermsets.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:project:convert:profilestopermsets",
+        "project:hardis:convert:profilestopermsets",
+        "project:convert:hardis:profilestopermsets",
+        "project:convert:profilestopermsets:hardis",
+        "hardis:convert:project:profilestopermsets",
+        "convert:hardis:project:profilestopermsets",
+        "convert:project:hardis:profilestopermsets",
+        "convert:project:profilestopermsets:hardis",
+        "hardis:convert:profilestopermsets:project",
+        "convert:hardis:profilestopermsets:project",
+        "convert:profilestopermsets:hardis:project",
+        "convert:profilestopermsets:project:hardis",
+        "hardis:project:profilestopermsets:convert",
+        "project:hardis:profilestopermsets:convert",
+        "project:profilestopermsets:hardis:convert",
+        "project:profilestopermsets:convert:hardis",
+        "hardis:profilestopermsets:project:convert",
+        "profilestopermsets:hardis:project:convert",
+        "profilestopermsets:project:hardis:convert",
+        "profilestopermsets:project:convert:hardis",
+        "hardis:profilestopermsets:convert:project",
+        "profilestopermsets:hardis:convert:project",
+        "profilestopermsets:convert:hardis:project",
+        "profilestopermsets:convert:project:hardis"
+      ]
+    },
     "hardis:project:deploy:notify": {
       "aliases": [],
       "args": {},
@@ -15151,5 +15271,5 @@
       ]
     }
   },
-  "version": "6.2.1"
+  "version": "6.3.1"
 }