🔐 Security Policy Enforcement by Plan

• Introduced BuildSecurityPolicyWithDefaults, a utility that constructs a complete security policy based on user input, default values, and plan-based access control.

• The following plan-based restrictions are now enforced:

  • Free Plan: Only compliance, secret, and pii scanners can be enabled.

  • Premium Plan: Adds support for sast, sca, container, iac, and api scanners.

  • Ultimate Plan: All scanners are allowed.

• Even if users attempt to enable unauthorized scanners, they are automatically disabled (set to false).

• All scanners are now always present in the policy for consistency, with unavailable ones disabled as per plan.

• Invalid frequency values are now replaced with "none" using cron syntax validation.

🧱 Group Management Enhancements

• CreateGroup and UpdateGroup functions in the datastore now:

  • Return the full group document (not just success/failure).

  • Include security_policy integration with enforcement.

• API endpoints for group creation (POST) and update (PUT) now:

  • Accept name and security_policy in JSON body.

  • Apply default policy structure and plan-based overrides before saving.

  • Return the newly created or updated group object in the response.

✅ Stability & Safety

• Improved validation of input data (e.g. cron expressions, JSON formats).

• Resolved issues with scanner value enforcement logic.

• Ensured consistent scanner output structure regardless of user input.