blindzero · blindzero · Jan 24, 2026 · Jan 24, 2026 · Jan 24, 2026
diff --git a/src/IdLE.Core/Private/Resolve-IdleStepMetadataCatalog.ps1 b/src/IdLE.Core/Private/Resolve-IdleStepMetadataCatalog.ps1
@@ -224,8 +224,8 @@ function Resolve-IdleStepMetadataCatalog {
             # Check for duplicates across step packs
             if ($StepTypeOwners.ContainsKey([string]$key)) {
                 $existingOwner = $StepTypeOwners[[string]$key]
-                $errorMessage = "DuplicateStepTypeMetadata: Step type '$key' is defined in both '$existingOwner' and '$SourceModuleName'. " +
-                                "Step packs must own unique step types."
+                $errorMessage = "DuplicateStepTypeMetadata: Step type '$key' is defined in both '$existingOwner' and '$SourceModuleName'. " + `
+                    "Step packs must own unique step types."
                 throw [System.InvalidOperationException]::new($errorMessage)
             }
 
@@ -265,8 +265,8 @@ function Resolve-IdleStepMetadataCatalog {
             # Check if this step type already exists in step pack catalog (no override allowed)
             if ($catalog.ContainsKey([string]$key)) {
                 $existingOwner = $stepTypeOwners[[string]$key]
-                $errorMessage = "DuplicateStepTypeMetadata: Step type '$key' is already defined in step pack '$existingOwner'. " +
-                                "Host metadata (Providers.StepMetadata) can only supplement with new step types, not override existing ones."
+                $errorMessage = "DuplicateStepTypeMetadata: Step type '$key' is already defined in step pack '$existingOwner'. " + `
+                    "Host metadata (Providers.StepMetadata) can only supplement with new step types, not override existing ones."
                 throw [System.InvalidOperationException]::new($errorMessage)
             }
 

diff --git a/src/IdLE.Core/Public/New-IdleAuthSessionBroker.ps1 b/src/IdLE.Core/Public/New-IdleAuthSessionBroker.ps1
@@ -76,6 +76,10 @@ function New-IdleAuthSessionBroker {
             [hashtable] $Options
         )
 
+        # $Name is part of the broker contract but not used in this simple implementation
+        # This broker routes based on Options only; custom brokers may use Name for additional routing
+        $null = $Name
+
         # If no options provided, return default
         if ($null -eq $Options -or $Options.Count -eq 0) {
             if ($null -ne $this.DefaultCredential) {

diff --git a/src/IdLE.Core/Public/New-IdlePlanObject.ps1 b/src/IdLE.Core/Public/New-IdlePlanObject.ps1
@@ -501,9 +501,9 @@ function New-IdlePlanObject {
             }
             else {
                 # Workflow references a Step.Type for which no StepMetadata entry is available - fail fast.
-                $errorMessage = "MissingStepTypeMetadata: Workflow step '$stepName' references step type '$stepType' which has no metadata entry. " +
-                                "To resolve this: (1) Import/load the step pack module (IdLE.Steps.*) that provides metadata for '$stepType' via Get-IdleStepMetadataCatalog, OR " +
-                                "(2) For host-defined/custom step types only, provide Providers.StepMetadata['$stepType'] = @{ RequiredCapabilities = @(...) }."
+                $errorMessage = "MissingStepTypeMetadata: Workflow step '$stepName' references step type '$stepType' which has no metadata entry. " + `
+                    "To resolve this: (1) Import/load the step pack module (IdLE.Steps.*) that provides metadata for '$stepType' via Get-IdleStepMetadataCatalog, OR " + `
+                    "(2) For host-defined/custom step types only, provide Providers.StepMetadata['$stepType'] = @{ RequiredCapabilities = @(...) }."
                 throw [System.InvalidOperationException]::new($errorMessage)
             }
 

diff --git a/src/IdLE.Provider.AD/Public/New-IdleADIdentityProvider.ps1 b/src/IdLE.Provider.AD/Public/New-IdleADIdentityProvider.ps1
@@ -297,7 +297,8 @@ function New-IdleADIdentityProvider {
             [object] $AuthSession
         )
 
-        $adapter = $this.GetEffectiveAdapter($AuthSession)
+        # Validate adapter is available
+        $this.GetEffectiveAdapter($AuthSession) | Out-Null
 
         $user = $this.ResolveIdentity($IdentityKey, $AuthSession)
 

diff --git a/....Provider.DirectorySync.EntraConnect/Public/New-IdleEntraConnectDirectorySyncProvider.ps1 b/....Provider.DirectorySync.EntraConnect/Public/New-IdleEntraConnectDirectorySyncProvider.ps1
@@ -90,16 +90,16 @@ function New-IdleEntraConnectDirectorySyncProvider {
 
         # Validate AuthSession contract
         if ($null -eq $AuthSession.PSObject.Methods['InvokeCommand']) {
-            throw "AuthSession must implement InvokeCommand(CommandName, Parameters) method. " +
-                  "The host must provide an elevated remote session via AuthSessionBroker."
+            throw "AuthSession must implement InvokeCommand(CommandName, Parameters) method. " + `
+                "The host must provide an elevated remote session via AuthSessionBroker."
         }
 
         try {
             # Execute Start-ADSyncSyncCycle remotely
             # The remote session should already have ADSync module available or will import it
-            $result = $AuthSession.InvokeCommand('Start-ADSyncSyncCycle', @{
-                PolicyType = $PolicyType
-            })
+            $AuthSession.InvokeCommand('Start-ADSyncSyncCycle', @{
+                    PolicyType = $PolicyType
+                }) | Out-Null
 
             # Start-ADSyncSyncCycle returns a result object or throws on error
             # Success case: return Started = true
@@ -113,8 +113,8 @@ function New-IdleEntraConnectDirectorySyncProvider {
             $errorMessage = $_.Exception.Message
 
             if ($errorMessage -match 'access.*denied|permission|privilege|elevation|administrator|unauthorized') {
-                throw "Failed to start sync cycle. Missing privileges or elevation. " +
-                      "The AuthSession must provide an elevated execution context. Original error: $errorMessage"
+                throw "Failed to start sync cycle. Missing privileges or elevation. " + `
+                    "The AuthSession must provide an elevated execution context. Original error: $errorMessage"
             }
 
             # Re-throw other errors
@@ -149,8 +149,8 @@ function New-IdleEntraConnectDirectorySyncProvider {
 
         # Validate AuthSession contract
         if ($null -eq $AuthSession.PSObject.Methods['InvokeCommand']) {
-            throw "AuthSession must implement InvokeCommand(CommandName, Parameters) method. " +
-                  "The host must provide an elevated remote session via AuthSessionBroker."
+            throw "AuthSession must implement InvokeCommand(CommandName, Parameters) method. " + `
+                "The host must provide an elevated remote session via AuthSessionBroker."
         }
 
         try {
@@ -189,8 +189,8 @@ function New-IdleEntraConnectDirectorySyncProvider {
             $errorMessage = $_.Exception.Message
 
             if ($errorMessage -match 'access.*denied|permission|privilege|elevation|administrator|unauthorized') {
-                throw "Failed to get sync cycle state. Missing privileges or elevation. " +
-                      "The AuthSession must provide an elevated execution context. Original error: $errorMessage"
+                throw "Failed to get sync cycle state. Missing privileges or elevation. " + `
+                    "The AuthSession must provide an elevated execution context. Original error: $errorMessage"
             }
 
             throw "Failed to get sync cycle state: $errorMessage"

diff --git a/src/IdLE.Provider.EntraID/Public/New-IdleEntraIDIdentityProvider.ps1 b/src/IdLE.Provider.EntraID/Public/New-IdleEntraIDIdentityProvider.ps1
@@ -503,7 +503,7 @@ function New-IdleEntraIDIdentityProvider {
             $payload['accountEnabled'] = [bool]$Attributes['Enabled']
         }
 
-        $user = $this.Adapter.CreateUser($payload, $accessToken)
+        $this.Adapter.CreateUser($payload, $accessToken) | Out-Null
 
         return [pscustomobject]@{
             PSTypeName  = 'IdLE.ProviderResult'

diff --git a/src/IdLE.Provider.ExchangeOnline/Private/New-IdleExchangeOnlineAdapter.ps1 b/src/IdLE.Provider.ExchangeOnline/Private/New-IdleExchangeOnlineAdapter.ps1
@@ -71,6 +71,9 @@ function New-IdleExchangeOnlineAdapter {
             [string] $AccessToken
         )
 
+        # AccessToken is reserved for future Graph API integration
+        $null = $AccessToken
+
         try {
             $params = @{
                 Identity    = $MailboxIdentity
@@ -119,6 +122,9 @@ function New-IdleExchangeOnlineAdapter {
             [string] $AccessToken
         )
 
+        # AccessToken is reserved for future Graph API integration
+        $null = $AccessToken
+
         $params = @{
             Identity    = $MailboxIdentity
             ErrorAction = 'Stop'
@@ -156,6 +162,9 @@ function New-IdleExchangeOnlineAdapter {
             [string] $AccessToken
         )
 
+        # AccessToken is reserved for future Graph API integration
+        $null = $AccessToken
+
         try {
             $params = @{
                 Identity    = $MailboxIdentity
@@ -207,6 +216,9 @@ function New-IdleExchangeOnlineAdapter {
             [string] $AccessToken
         )
 
+        # AccessToken is reserved for future Graph API integration
+        $null = $AccessToken
+
         $params = @{
             Identity    = $MailboxIdentity
             ErrorAction = 'Stop'

diff --git a/src/IdLE.Steps.DirectorySync/Public/Invoke-IdleStepTriggerDirectorySync.ps1 b/src/IdLE.Steps.DirectorySync/Public/Invoke-IdleStepTriggerDirectorySync.ps1
@@ -104,8 +104,8 @@ function Invoke-IdleStepTriggerDirectorySync {
     try {
         # Trigger sync cycle
         $Context.EventSink.WriteEvent('DirectorySyncTriggered', "Triggering $policyType sync cycle", $stepName, @{
-            PolicyType = $policyType
-        })
+                PolicyType = $policyType
+            })
 
         $startResult = Invoke-IdleProviderMethod `
             -Context $Context `
@@ -122,9 +122,9 @@ function Invoke-IdleStepTriggerDirectorySync {
         # If wait is requested, poll until complete or timeout
         if ($wait) {
             $Context.EventSink.WriteEvent('DirectorySyncWaiting', "Waiting for sync cycle to complete (timeout: ${timeoutSeconds}s)", $stepName, @{
-                TimeoutSeconds = $timeoutSeconds
-                PollIntervalSeconds = $pollIntervalSeconds
-            })
+                    TimeoutSeconds = $timeoutSeconds
+                    PollIntervalSeconds = $pollIntervalSeconds
+                })
 
             $startTime = [datetime]::UtcNow
             $attempt = 0
@@ -145,10 +145,10 @@ function Invoke-IdleStepTriggerDirectorySync {
                     $lastState = if ($null -ne $stateResult) { $stateResult.State } else { 'Unknown' }
 
                     $Context.EventSink.WriteEvent('DirectorySyncFailed', "Sync cycle wait timeout after ${timeoutSeconds}s", $stepName, @{
-                        TimeoutSeconds = $timeoutSeconds
-                        ElapsedSeconds = [int]$elapsed
-                        LastKnownState = $lastState
-                    })
+                            TimeoutSeconds = $timeoutSeconds
+                            ElapsedSeconds = [int]$elapsed
+                            LastKnownState = $lastState
+                        })
 
                     throw "TriggerDirectorySync: Timeout waiting for sync cycle to complete after ${timeoutSeconds}s. Last known state: $lastState"
                 }
@@ -169,18 +169,18 @@ function Invoke-IdleStepTriggerDirectorySync {
                 $currentState = if ($null -ne $stateResult) { $stateResult.State } else { 'Unknown' }
 
                 $Context.EventSink.WriteEvent('DirectorySyncPoll', "Poll attempt $attempt - State: $currentState", $stepName, @{
-                    Attempt = $attempt
-                    State = $currentState
-                    InProgress = $inProgress
-                    ElapsedSeconds = [int]$elapsed
-                })
+                        Attempt = $attempt
+                        State = $currentState
+                        InProgress = $inProgress
+                        ElapsedSeconds = [int]$elapsed
+                    })
 
                 if (-not $inProgress) {
                     # Sync cycle completed
                     $Context.EventSink.WriteEvent('DirectorySyncCompleted', "Sync cycle completed", $stepName, @{
-                        Attempts = $attempt
-                        ElapsedSeconds = [int]$elapsed
-                    })
+                            Attempts = $attempt
+                            ElapsedSeconds = [int]$elapsed
+                        })
                     break
                 }
 
@@ -191,8 +191,8 @@ function Invoke-IdleStepTriggerDirectorySync {
         else {
             # Not waiting - sync triggered successfully
             $Context.EventSink.WriteEvent('DirectorySyncCompleted', "Sync cycle triggered (not waiting)", $stepName, @{
-                PolicyType = $policyType
-            })
+                    PolicyType = $policyType
+                })
         }
 
         return [pscustomobject]@{
@@ -206,8 +206,8 @@ function Invoke-IdleStepTriggerDirectorySync {
     }
     catch {
         $Context.EventSink.WriteEvent('DirectorySyncFailed', "Failed to trigger or wait for sync cycle: $_", $stepName, @{
-            Error = $_.Exception.Message
-        })
+                Error = $_.Exception.Message
+            })
         throw
     }
 }