Add headless macOS CLI workflow

Headless/IntuneManagement.Headless.psd1

@@ -0,0 +1,17 @@
+@{
+    RootModule = 'IntuneManagement.Headless.psm1'
+    ModuleVersion = '0.1.0'
+    GUID = 'b5b4183d-8d6b-4b31-bbde-f2f0f0a0739d'
+    Author = 'OpenAI Codex'
+    Copyright = '(c) OpenAI. Adapter module for headless Intune policy migration.'
+    Description = 'Headless export/import wrapper for IntuneManagement.'
+    FunctionsToExport = @(
+        'Get-DefaultIntunePolicyObjectTypes',
+        'Export-IntunePolicies',
+        'Import-IntunePolicies',
+        'Invoke-IntunePolicyAction'
+    )
+    AliasesToExport = @()
+    VariablesToExport = @()
+    CmdletsToExport = @()
+}

Headless/IntuneManagement.Headless.psm1

@@ -0,0 +1,311 @@
+function Get-DefaultIntunePolicyObjectTypes
+{
+    @(
+        "DeviceConfiguration",
+        "SettingsCatalog",
+        "AdministrativeTemplates",
+        "CompliancePolicies",
+        "EndpointSecurity",
+        "PolicySets"
+    )
+}
+
+function Get-IntuneManagementProjectRoot
+{
+    Split-Path -Parent $PSScriptRoot
+}
+
+function Resolve-HeadlessSettingsPath
+{
+    param([string]$SettingsFile)
+
+    if($SettingsFile)
+    {
+        return $SettingsFile
+    }
+
+    Join-Path ([IO.Path]::GetTempPath()) "IntuneManagement.Settings.json"
+}
+
+function New-TemporaryBatchFile
+{
+    param([string]$Prefix)
+
+    Join-Path ([IO.Path]::GetTempPath()) ("IntuneManagement.{0}.{1}.json" -f $Prefix, [guid]::NewGuid().ToString())
+}
+
+function Test-AuthParameters
+{
+    param(
+        [string]$Secret,
+        [string]$Certificate
+    )
+
+    if((-not $Secret) -and (-not $Certificate))
+    {
+        throw "Specify -Secret or -Certificate."
+    }
+}
+
+function Invoke-IntuneHeadlessBatch
+{
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [Parameter(Mandatory = $true)]
+        [psobject]$BatchConfig,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile
+    )
+
+    Test-AuthParameters -Secret $Secret -Certificate $Certificate
+
+    $projectRoot = Get-IntuneManagementProjectRoot
+    $startScript = Join-Path $projectRoot "Start-IntuneManagement.ps1"
+
+    if(-not (Test-Path $startScript))
+    {
+        throw "Could not find Start-IntuneManagement.ps1 in $projectRoot"
+    }
+
+    $settingsPath = Resolve-HeadlessSettingsPath $SettingsFile
+
+    $deleteBatchFile = $false
+    if(-not $BatchFile)
+    {
+        $BatchFile = New-TemporaryBatchFile "Batch"
+        $deleteBatchFile = $true
+    }
+
+    try
+    {
+        $BatchConfig | ConvertTo-Json -Depth 20 | Out-File -LiteralPath $BatchFile -Encoding utf8 -Force
+
+        $invokeParams = @{
+            Silent = $true
+            JSonSettings = $true
+            JSonFile = $settingsPath
+            TenantId = $TenantId
+            AppId = $AppId
+            SilentBatchFile = $BatchFile
+        }
+
+        if($Secret)
+        {
+            $invokeParams.Secret = $Secret
+        }
+        else
+        {
+            $invokeParams.Certificate = $Certificate
+        }
+
+        & $startScript @invokeParams
+    }
+    finally
+    {
+        if($deleteBatchFile -and (Test-Path $BatchFile))
+        {
+            Remove-Item -LiteralPath $BatchFile -Force -ErrorAction SilentlyContinue
+        }
+    }
+}
+
+function Export-IntunePolicies
+{
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [Parameter(Mandatory = $true)]
+        [string]$ExportPath,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile,
+
+        [string]$NameFilter = "",
+
+        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
+
+        [switch]$IncludeAssignments,
+
+        [switch]$AddCompanyName
+    )
+
+    $batchConfig = [PSCustomObject]@{
+        BulkExport = @(
+            [PSCustomObject]@{ Name = "txtExportPath"; Value = $ExportPath },
+            [PSCustomObject]@{ Name = "txtExportNameFilter"; Value = $NameFilter },
+            [PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
+            [PSCustomObject]@{ Name = "chkExportAssignments"; Value = $IncludeAssignments.IsPresent },
+            [PSCustomObject]@{ Name = "chkAddCompanyName"; Value = $AddCompanyName.IsPresent },
+            [PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
+        )
+    }
+
+    Invoke-IntuneHeadlessBatch `
+        -TenantId $TenantId `
+        -AppId $AppId `
+        -Secret $Secret `
+        -Certificate $Certificate `
+        -BatchConfig $batchConfig `
+        -SettingsFile $SettingsFile `
+        -BatchFile $BatchFile
+}
+
+function Import-IntunePolicies
+{
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [Parameter(Mandatory = $true)]
+        [string]$ImportPath,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile,
+
+        [string]$NameFilter = "",
+
+        [ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
+        [string]$ImportType = "alwaysImport",
+
+        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
+
+        [switch]$IncludeAssignments,
+
+        [switch]$IncludeScopeTags,
+
+        [switch]$ReplaceDependencyIds
+    )
+
+    $batchConfig = [PSCustomObject]@{
+        BulkImport = @(
+            [PSCustomObject]@{ Name = "txtImportPath"; Value = $ImportPath },
+            [PSCustomObject]@{ Name = "txtImportNameFilter"; Value = $NameFilter },
+            [PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
+            [PSCustomObject]@{ Name = "chkImportScopes"; Value = $IncludeScopeTags.IsPresent },
+            [PSCustomObject]@{ Name = "chkImportAssignments"; Value = $IncludeAssignments.IsPresent },
+            [PSCustomObject]@{ Name = "chkReplaceDependencyIDs"; Value = $ReplaceDependencyIds.IsPresent },
+            [PSCustomObject]@{ Name = "cbImportType"; Value = $ImportType },
+            [PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
+        )
+    }
+
+    Invoke-IntuneHeadlessBatch `
+        -TenantId $TenantId `
+        -AppId $AppId `
+        -Secret $Secret `
+        -Certificate $Certificate `
+        -BatchConfig $batchConfig `
+        -SettingsFile $SettingsFile `
+        -BatchFile $BatchFile
+}
+
+function Invoke-IntunePolicyAction
+{
+    [CmdletBinding(DefaultParameterSetName = 'Export')]
+    param(
+        [Parameter(Mandatory = $true)]
+        [ValidateSet("Export","Import")]
+        [string]$Action,
+
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AppId,
+
+        [string]$Secret,
+
+        [string]$Certificate,
+
+        [string]$SettingsFile,
+
+        [string]$BatchFile,
+
+        [string]$NameFilter = "",
+
+        [string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
+
+        [string]$ExportPath,
+
+        [string]$ImportPath,
+
+        [ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
+        [string]$ImportType = "alwaysImport",
+
+        [switch]$IncludeAssignments,
+
+        [switch]$AddCompanyName,
+
+        [switch]$IncludeScopeTags,
+
+        [switch]$ReplaceDependencyIds
+    )
+
+    switch($Action)
+    {
+        "Export"
+        {
+            if(-not $ExportPath) { throw "Export requires -ExportPath." }
+            Export-IntunePolicies `
+                -TenantId $TenantId `
+                -AppId $AppId `
+                -Secret $Secret `
+                -Certificate $Certificate `
+                -ExportPath $ExportPath `
+                -SettingsFile $SettingsFile `
+                -BatchFile $BatchFile `
+                -NameFilter $NameFilter `
+                -ObjectTypes $ObjectTypes `
+                -IncludeAssignments:$IncludeAssignments `
+                -AddCompanyName:$AddCompanyName
+        }
+        "Import"
+        {
+            if(-not $ImportPath) { throw "Import requires -ImportPath." }
+            Import-IntunePolicies `
+                -TenantId $TenantId `
+                -AppId $AppId `
+                -Secret $Secret `
+                -Certificate $Certificate `
+                -ImportPath $ImportPath `
+                -SettingsFile $SettingsFile `
+                -BatchFile $BatchFile `
+                -NameFilter $NameFilter `
+                -ImportType $ImportType `
+                -ObjectTypes $ObjectTypes `
+                -IncludeAssignments:$IncludeAssignments `
+                -IncludeScopeTags:$IncludeScopeTags `
+                -ReplaceDependencyIds:$ReplaceDependencyIds
+        }
+    }
+}

Headless/README.md

@@ -0,0 +1,40 @@
+# IntuneManagement Headless
+
+This is the CLI-first surface for a cross-platform fork of the original IntuneManagement project.
+
+The original project is still a Windows WPF application. This layer treats that codebase as an implementation backend and exposes a smaller product surface focused on:
+
+* app-only authentication
+* headless export/import
+* macOS/Linux/Windows execution with `pwsh`
+* automation and CI usage
+
+## Entry points
+
+* [Start-HeadlessIntune.ps1](/Users/avedelphina/Local/IntuneManagement/Start-HeadlessIntune.ps1)
+* [Scripts/Export-Policies.ps1](/Users/avedelphina/Local/IntuneManagement/Scripts/Export-Policies.ps1)
+* [Scripts/Import-Policies.ps1](/Users/avedelphina/Local/IntuneManagement/Scripts/Import-Policies.ps1)
+* [Headless/IntuneManagement.Headless.psd1](/Users/avedelphina/Local/IntuneManagement/Headless/IntuneManagement.Headless.psd1)
+
+## Default policy scope
+
+The default object types are:
+
+* `DeviceConfiguration`
+* `SettingsCatalog`
+* `AdministrativeTemplates`
+* `CompliancePolicies`
+* `EndpointSecurity`
+* `PolicySets`
+
+## Example
+
+```powershell
+pwsh ./Start-HeadlessIntune.ps1 `
+  -Action Export `
+  -TenantId "<source-tenant-id>" `
+  -AppId "<app-id>" `
+  -Secret "<client-secret>" `
+  -ExportPath "/tmp/intune-export" `
+  -IncludeAssignments
+```