feat: riskAssessments integration #1217

josh-cain · 2025-11-24T21:05:39Z

🔧 Changes

Add the ability manage risk assessment settings (/v2/risk-assessments/settings) via the CLI. This change includes two settings:

Examples

YAML format

(from tenant.yaml)

riskAssessments:
  enabled: true
  newDevice:
    remember_for: 30

JSON format

(from risk-assessments/settings.json)

{
  "enabled": true,
  "newDevice": {
    "remember_for": 15
  }
}

📚 References

https://auth0.com/docs/api/management/v2/risk-assessments/get-risk-assessments-settings

🔬 Testing

Unit tests passing ✅

Smoke tested locally with:

node lib/index.js export -c config.json -f yaml -o ./local-export/

Everything seemed fine, the tenant.json file rendered correctly with riskAssessment.

Next, ran the import script:

node lib/index.js import -c config.json -i ./local-export/tenant.yaml
.
2025-12-01T23:59:09.571Z - info: Updated [riskAssessments]: {"enabled":false}
.
2025-12-01T23:59:45.590Z - info: Import Successful

Everything checked out, and was properly reflected in tenant logs and the tenant:

📝 Checklist

All new/changed/fixed functionality is covered by tests (or N/A)
I have added documentation for all new/changed functionality (or N/A)

kushalshit27 · 2025-11-25T04:04:40Z

Hi, @josh-cain
Thank you for submitting this PR! Please add proper PR description (e.g #1204).

Contributing guideline: https://github.com/auth0/auth0-deploy-cli/blob/master/CONTRIBUTING.md

Let me know if you have any questions. Looking forward to your updates!

josh-cain · 2025-11-25T14:58:33Z

Hey @kushalshit27 , will when I go to move it out of draft state, build is passing, etc. Thanks 👍

josh-cain · 2025-12-03T01:53:49Z

Should be ready to go. Only issue is the e2e tests, for which it looks like I'd need to record prior to running, is that accurate @kushalshit27 ?

kushalshit27 · 2025-12-03T03:40:38Z

Hi, @josh-cain
E2E tests sometimes fail for fork PRs; I will handle that.

kushalshit27 · 2025-12-03T03:42:12Z

Please add PR description similar to #1204

kushalshit27

HI, @josh-cain ,
Since there are no multiple risk assessments, use the singular riskAssessment.

Please keep a single file for riskAssessment , riskAssessmentsNewDevice.ts is not needed.

Refer to attackProtection for a reference on combining multiple APIs under a single resource.

josh-cain · 2025-12-04T17:27:54Z

@kushalshit27 Updated ✅ . Please LMK if those changes are what you had in mind.

kushalshit27

@josh-cain
One small request, renaming all the files and variables:

riskAssessments to riskAssessment

kushalshit27 · 2025-12-05T06:06:58Z

@claude

src/tools/auth0/handlers/riskAssessments.ts

src/context/directory/handlers/riskAssessments.ts

src/context/yaml/handlers/riskAssessments.ts

src/tools/auth0/handlers/riskAssessments.ts

josh-cain · 2025-12-05T14:55:16Z

@josh-cain One small request, renaming all the files and variables:

riskAssessments to riskAssessment

🤔 The API endpoint + docs are riskAssessments, I thought we would want to match?

kushalshit27 · 2025-12-06T06:27:28Z

Hi, @josh-cain ,

🤔 The API endpoint + docs are riskAssessments, I thought we would want to match?

Since there are no multiple risk assessments, we should use the singular riskAssessment here.
Example: tenant though API has /v2/tenants/.....

josh-cain force-pushed the addRiskAssessmentConfig branch from dce807e to c774018 Compare December 2, 2025 18:11

josh-cain marked this pull request as ready for review December 3, 2025 01:48

josh-cain requested a review from a team as a code owner December 3, 2025 01:48

feat: riskAssessments integration

9f6141b

josh-cain force-pushed the addRiskAssessmentConfig branch from 2d7d33b to 9f6141b Compare December 3, 2025 01:52

kushalshit27 reviewed Dec 3, 2025

View reviewed changes

josh-cain added 2 commits December 4, 2025 10:50

feedback: nest new device settings under riskAssessment

2bf229d

Merge branch 'master' into addRiskAssessmentConfig

659aed8

kushalshit27 requested changes Dec 5, 2025

View reviewed changes

This comment was marked as outdated.

Sign in to view