npm - @datasynx/agentic-ai-cartography - Versions diffs - 0.1.8 → 0.2.0 - Mend

@datasynx/agentic-ai-cartography 0.1.8 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/bookmarks-O7KNR7D3.js +8 -0
package/dist/bookmarks-O7KNR7D3.js.map +1 -0
package/dist/chunk-EVJP2FWQ.js +118 -0
package/dist/chunk-EVJP2FWQ.js.map +1 -0
package/dist/chunk-GUZXO6PM.js +647 -0
package/dist/chunk-GUZXO6PM.js.map +1 -0
package/dist/chunk-JAFRT2R6.js +97 -0
package/dist/chunk-JAFRT2R6.js.map +1 -0
package/dist/cli.js +657 -722
package/dist/cli.js.map +1 -1
package/dist/exporter-BDVDYA3K.js +24 -0
package/dist/exporter-BDVDYA3K.js.map +1 -0
package/dist/index.d.ts +15 -2
package/dist/index.js +342 -3
package/dist/index.js.map +1 -1
package/dist/types-NKF6BRMZ.js +26 -0
package/dist/types-NKF6BRMZ.js.map +1 -0
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -1,4 +1,18 @@
 #!/usr/bin/env node
+import {
+  EDGE_RELATIONSHIPS,
+  EVENT_TYPES,
+  MIN_POLL_INTERVAL_MS,
+  NODE_TYPES,
+  SOPStepSchema,
+  defaultConfig
+} from "./chunk-EVJP2FWQ.js";
+import {
+  scanAllBookmarks
+} from "./chunk-JAFRT2R6.js";
+import {
+  exportAll
+} from "./chunk-GUZXO6PM.js";
 // src/cli.ts
 import { Command } from "commander";
@@ -7,111 +21,6 @@ import { Command } from "commander";
 import { execSync } from "child_process";
 import { existsSync, readFileSync } from "fs";
 import { join } from "path";
-// src/types.ts
-import { z } from "zod";
-var NODE_TYPES = [
-  "host",
-  "database_server",
-  "database",
-  "table",
-  "web_service",
-  "api_endpoint",
-  "cache_server",
-  "message_broker",
-  "queue",
-  "topic",
-  "container",
-  "pod",
-  "k8s_cluster",
-  "config_file",
-  "saas_tool",
-  "unknown"
-];
-var EDGE_RELATIONSHIPS = [
-  "connects_to",
-  "reads_from",
-  "writes_to",
-  "calls",
-  "contains",
-  "depends_on"
-];
-var EVENT_TYPES = [
-  "process_start",
-  "process_end",
-  "connection_open",
-  "connection_close",
-  "window_focus",
-  "tool_switch"
-];
-var NodeSchema = z.object({
-  id: z.string().describe('Format: "{type}:{host}:{port}" oder "{type}:{name}"'),
-  type: z.enum(NODE_TYPES),
-  name: z.string(),
-  discoveredVia: z.string(),
-  confidence: z.number().min(0).max(1).default(0.5),
-  metadata: z.record(z.unknown()).default({}),
-  tags: z.array(z.string()).default([])
-});
-var EdgeSchema = z.object({
-  sourceId: z.string(),
-  targetId: z.string(),
-  relationship: z.enum(EDGE_RELATIONSHIPS),
-  evidence: z.string(),
-  confidence: z.number().min(0).max(1).default(0.5)
-});
-var EventSchema = z.object({
-  eventType: z.enum(EVENT_TYPES),
-  process: z.string(),
-  pid: z.number(),
-  target: z.string().optional(),
-  targetType: z.enum(NODE_TYPES).optional(),
-  protocol: z.string().optional(),
-  port: z.number().optional()
-});
-var SOPStepSchema = z.object({
-  order: z.number(),
-  instruction: z.string(),
-  tool: z.string(),
-  target: z.string().optional(),
-  notes: z.string().optional()
-});
-var SOPSchema = z.object({
-  title: z.string(),
-  description: z.string(),
-  steps: z.array(SOPStepSchema),
-  involvedSystems: z.array(z.string()),
-  estimatedDuration: z.string(),
-  frequency: z.string(),
-  confidence: z.number().min(0).max(1)
-});
-var MIN_POLL_INTERVAL_MS = 15e3;
-function defaultConfig(overrides = {}) {
-  const home = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
-  return {
-    mode: "discover",
-    maxDepth: 8,
-    maxTurns: 50,
-    entryPoints: ["localhost"],
-    agentModel: "claude-sonnet-4-5-20250929",
-    shadowMode: "daemon",
-    pollIntervalMs: 3e4,
-    inactivityTimeoutMs: 3e5,
-    promptTimeoutMs: 6e4,
-    trackWindowFocus: false,
-    autoSaveNodes: false,
-    enableNotifications: true,
-    shadowModel: "claude-haiku-4-5-20251001",
-    outputDir: "./cartography-output",
-    dbPath: `${home}/.cartography/cartography.db`,
-    socketPath: `${home}/.cartography/daemon.sock`,
-    pidFile: `${home}/.cartography/daemon.pid`,
-    verbose: false,
-    ...overrides
-  };
-}
-// src/preflight.ts
 function isOAuthLoggedIn() {
   const home = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
   const credFile = join(home, ".claude", ".credentials.json");
@@ -542,6 +451,24 @@ var CartographyDB = class {
       confidence: r["confidence"]
     }));
   }
+  markTaskAsSOPCandidate(taskId) {
+    this.db.prepare("UPDATE tasks SET is_sop_candidate = 1 WHERE id = ?").run(taskId);
+  }
+  getAllSOPs() {
+    const rows = this.db.prepare("SELECT * FROM sops ORDER BY generated_at DESC").all();
+    return rows.map((r) => ({
+      id: r["id"],
+      workflowId: r["workflow_id"],
+      title: r["title"],
+      description: r["description"],
+      steps: JSON.parse(r["steps"]),
+      involvedSystems: JSON.parse(r["involved_systems"]),
+      estimatedDuration: r["estimated_duration"],
+      frequency: r["frequency"],
+      confidence: r["confidence"],
+      generatedAt: r["generated_at"]
+    }));
+  }
   // ── Approvals ───────────────────────────
   setApproval(pattern, action) {
     this.db.prepare(`
@@ -563,100 +490,7 @@ var CartographyDB = class {
 };
 // src/tools.ts
-import { z as z2 } from "zod";
-// src/bookmarks.ts
-import { homedir, tmpdir } from "os";
-import { existsSync as existsSync2, readFileSync as readFileSync2, readdirSync, copyFileSync } from "fs";
-import { join as join2 } from "path";
-function extractHost(rawUrl, source) {
-  try {
-    const u = new URL(rawUrl);
-    if (u.protocol !== "http:" && u.protocol !== "https:") return null;
-    const protocol = u.protocol === "https:" ? "https" : "http";
-    const port = u.port ? parseInt(u.port, 10) : protocol === "https" ? 443 : 80;
-    const hostname = u.hostname.toLowerCase();
-    if (!hostname || hostname === "localhost" || hostname === "127.0.0.1") return null;
-    return { hostname, port, protocol, source };
-  } catch {
-    return null;
-  }
-}
-function walkChrome(node, source, out) {
-  if (node.type === "url" && node.url) {
-    const h = extractHost(node.url, source);
-    if (h) out.push(h);
-  }
-  if (node.children) {
-    for (const child of node.children) walkChrome(child, source, out);
-  }
-}
-function readChromeLike(filePath, source) {
-  if (!existsSync2(filePath)) return [];
-  try {
-    const raw = JSON.parse(readFileSync2(filePath, "utf8"));
-    const out = [];
-    for (const root of Object.values(raw.roots)) {
-      if (root) walkChrome(root, source, out);
-    }
-    return out;
-  } catch {
-    return [];
-  }
-}
-async function readFirefox(profileDir) {
-  const src = join2(profileDir, "places.sqlite");
-  if (!existsSync2(src)) return [];
-  const tmp = join2(tmpdir(), `cartograph_ff_${Date.now()}.sqlite`);
-  try {
-    copyFileSync(src, tmp);
-    const { default: Database2 } = await import("better-sqlite3");
-    const db = new Database2(tmp, { readonly: true, fileMustExist: true });
-    const rows = db.prepare(`
-      SELECT DISTINCT p.url
-      FROM moz_places p
-      JOIN moz_bookmarks b ON b.fk = p.id
-      WHERE b.type = 1 AND p.url NOT LIKE 'place:%'
-      LIMIT 3000
-    `).all();
-    db.close();
-    return rows.map((r) => extractHost(r.url, "firefox")).filter((h) => h !== null);
-  } catch {
-    return [];
-  }
-}
-var HOME = homedir();
-var IS_MAC = process.platform === "darwin";
-var CHROME_PATHS = IS_MAC ? [`${HOME}/Library/Application Support/Google/Chrome/Default/Bookmarks`] : [`${HOME}/.config/google-chrome/Default/Bookmarks`];
-var EDGE_PATHS = IS_MAC ? [`${HOME}/Library/Application Support/Microsoft Edge/Default/Bookmarks`] : [`${HOME}/.config/microsoft-edge/Default/Bookmarks`];
-var BRAVE_PATHS = IS_MAC ? [`${HOME}/Library/Application Support/BraveSoftware/Brave-Browser/Default/Bookmarks`] : [`${HOME}/.config/BraveSoftware/Brave-Browser/Default/Bookmarks`];
-function firefoxProfileDirs() {
-  const base = IS_MAC ? `${HOME}/Library/Application Support/Firefox/Profiles` : `${HOME}/.mozilla/firefox`;
-  if (!existsSync2(base)) return [];
-  try {
-    return readdirSync(base).filter((d) => d.includes(".default") || d.includes("-release")).map((d) => join2(base, d));
-  } catch {
-    return [];
-  }
-}
-async function scanAllBookmarks() {
-  const all = [];
-  for (const p of CHROME_PATHS) all.push(...readChromeLike(p, "chrome"));
-  for (const p of EDGE_PATHS) all.push(...readChromeLike(p, "edge"));
-  for (const p of BRAVE_PATHS) all.push(...readChromeLike(p, "brave"));
-  for (const dir of firefoxProfileDirs()) {
-    all.push(...await readFirefox(dir));
-  }
-  const seen = /* @__PURE__ */ new Set();
-  return all.filter((h) => {
-    const key = h.hostname;
-    if (seen.has(key)) return false;
-    seen.add(key);
-    return true;
-  });
-}
-// src/tools.ts
+import { z } from "zod";
 function stripSensitive(target) {
   try {
     const url = new URL(target.startsWith("http") ? target : `tcp://${target}`);
@@ -670,13 +504,13 @@ async function createCartographyTools(db, sessionId, opts = {}) {
   const { tool, createSdkMcpServer } = sdk;
   const tools = [
     tool("save_node", "Infrastructure-Node speichern", {
-      id: z2.string(),
-      type: z2.enum(NODE_TYPES),
-      name: z2.string(),
-      discoveredVia: z2.string(),
-      confidence: z2.number().min(0).max(1),
-      metadata: z2.record(z2.unknown()).optional(),
-      tags: z2.array(z2.string()).optional()
+      id: z.string(),
+      type: z.enum(NODE_TYPES),
+      name: z.string(),
+      discoveredVia: z.string(),
+      confidence: z.number().min(0).max(1),
+      metadata: z.record(z.unknown()).optional(),
+      tags: z.array(z.string()).optional()
     }, async (args) => {
       const node = {
         id: stripSensitive(args["id"]),
@@ -691,11 +525,11 @@ async function createCartographyTools(db, sessionId, opts = {}) {
       return { content: [{ type: "text", text: `\u2713 Node: ${node.id}` }] };
     }),
     tool("save_edge", "Verbindung zwischen zwei Nodes speichern", {
-      sourceId: z2.string(),
-      targetId: z2.string(),
-      relationship: z2.enum(EDGE_RELATIONSHIPS),
-      evidence: z2.string(),
-      confidence: z2.number().min(0).max(1)
+      sourceId: z.string(),
+      targetId: z.string(),
+      relationship: z.enum(EDGE_RELATIONSHIPS),
+      evidence: z.string(),
+      confidence: z.number().min(0).max(1)
     }, async (args) => {
       db.insertEdge(sessionId, {
         sourceId: args["sourceId"],
@@ -707,12 +541,12 @@ async function createCartographyTools(db, sessionId, opts = {}) {
       return { content: [{ type: "text", text: `\u2713 ${args["sourceId"]}\u2192${args["targetId"]}` }] };
     }),
     tool("save_event", "Activity-Event (Prozess/Verbindung) speichern", {
-      eventType: z2.enum(EVENT_TYPES),
-      process: z2.string(),
-      pid: z2.number(),
-      target: z2.string().optional(),
-      targetType: z2.enum(NODE_TYPES).optional(),
-      port: z2.number().optional()
+      eventType: z.enum(EVENT_TYPES),
+      process: z.string(),
+      pid: z.number(),
+      target: z.string().optional(),
+      targetType: z.enum(NODE_TYPES).optional(),
+      port: z.number().optional()
     }, async (args) => {
       db.insertEvent(sessionId, {
         eventType: args["eventType"],
@@ -725,7 +559,7 @@ async function createCartographyTools(db, sessionId, opts = {}) {
       return { content: [{ type: "text", text: `\u2713 ${args["eventType"]}` }] };
     }),
     tool("get_catalog", "Aktuellen Katalog abrufen (Duplikat-Check)", {
-      includeEdges: z2.boolean().default(true)
+      includeEdges: z.boolean().default(true)
     }, async (args) => {
       const nodes = db.getNodes(sessionId);
       const edges = args["includeEdges"] ? db.getEdges(sessionId) : [];
@@ -740,8 +574,8 @@ async function createCartographyTools(db, sessionId, opts = {}) {
       };
     }),
     tool("manage_task", "Task starten, beenden oder beschreiben", {
-      action: z2.enum(["start", "end", "describe"]),
-      description: z2.string().optional()
+      action: z.enum(["start", "end", "describe"]),
+      description: z.string().optional()
     }, async (args) => {
       const action = args["action"];
       if (action === "start") {
@@ -756,8 +590,8 @@ async function createCartographyTools(db, sessionId, opts = {}) {
       return { content: [{ type: "text", text: "\u2713 Beschreibung aktualisiert" }] };
     }),
     tool("ask_user", "R\xFCckfrage an den User stellen \u2014 bei Unklarheiten, fehlenden Credentials-Hinweisen oder wenn Kontext fehlt", {
-      question: z2.string().describe("Die Frage an den User (klar und konkret)"),
-      context: z2.string().optional().describe("Optionaler Zusatzkontext warum die Frage relevant ist")
+      question: z.string().describe("Die Frage an den User (klar und konkret)"),
+      context: z.string().optional().describe("Optionaler Zusatzkontext warum die Frage relevant ist")
     }, async (args) => {
       const question = args["question"];
       const context = args["context"];
@@ -770,7 +604,7 @@ async function createCartographyTools(db, sessionId, opts = {}) {
       };
     }),
     tool("scan_bookmarks", "Alle Browser-Lesezeichen scannen \u2014 nur Hostnamen, keine pers\xF6nlichen Daten", {
-      minConfidence: z2.number().min(0).max(1).default(0.5).optional()
+      minConfidence: z.number().min(0).max(1).default(0.5).optional()
     }, async () => {
       const hosts = await scanAllBookmarks();
       return {
@@ -789,15 +623,133 @@ async function createCartographyTools(db, sessionId, opts = {}) {
         }]
       };
     }),
+    tool("scan_k8s_resources", "Kubernetes-Cluster via kubectl scannen \u2014 100% readonly (get, describe)", {
+      namespace: z.string().optional().describe("Namespace filtern \u2014 leer = alle Namespaces")
+    }, async (args) => {
+      const { execSync: execSync3 } = await import("child_process");
+      const ns = args["namespace"];
+      const nsFlag = ns ? `-n ${ns}` : "--all-namespaces";
+      const run = (cmd) => {
+        try {
+          return execSync3(cmd, { stdio: "pipe", timeout: 15e3, shell: "/bin/sh" }).toString().trim();
+        } catch (e) {
+          return `(error: ${e instanceof Error ? e.message.split("\n")[0] : String(e)})`;
+        }
+      };
+      const sections = [
+        ["CONTEXT", 'kubectl config current-context 2>/dev/null || echo "(kein Context gesetzt)"'],
+        ["NODES", "kubectl get nodes -o wide"],
+        ["NAMESPACES", "kubectl get namespaces"],
+        ["SERVICES", `kubectl get services ${nsFlag}`],
+        ["DEPLOYMENTS", `kubectl get deployments ${nsFlag}`],
+        ["STATEFULSETS", `kubectl get statefulsets ${nsFlag}`],
+        ["INGRESSES", `kubectl get ingress ${nsFlag} 2>/dev/null || echo "(keine)"`],
+        ["PODS_RUNNING", `kubectl get pods ${nsFlag} --field-selector=status.phase=Running 2>/dev/null | head -60`],
+        ["CONFIGMAPS_SYSTEM", "kubectl get configmaps -n kube-system 2>/dev/null | head -30"]
+      ];
+      const out = sections.map(([l, c]) => `=== ${l} ===
+${run(c)}`).join("\n\n");
+      return { content: [{ type: "text", text: out }] };
+    }),
+    tool("scan_aws_resources", "AWS-Infrastruktur via AWS CLI scannen \u2014 100% readonly (describe, list)", {
+      region: z.string().optional().describe("AWS Region \u2014 default: AWS_DEFAULT_REGION oder Profil"),
+      profile: z.string().optional().describe("AWS CLI Profil")
+    }, async (args) => {
+      const { execSync: execSync3 } = await import("child_process");
+      const region = args["region"];
+      const profile = args["profile"];
+      const env = { ...process.env };
+      if (region) env["AWS_DEFAULT_REGION"] = region;
+      const pf = profile ? `--profile ${profile}` : "";
+      const run = (cmd) => {
+        try {
+          return execSync3(cmd, { stdio: "pipe", timeout: 2e4, shell: "/bin/sh", env }).toString().trim();
+        } catch (e) {
+          return `(error: ${e instanceof Error ? e.message.split("\n")[0] : String(e)})`;
+        }
+      };
+      const sections = [
+        ["IDENTITY", `aws sts get-caller-identity ${pf} --output json`],
+        ["EC2", `aws ec2 describe-instances ${pf} --query 'Reservations[*].Instances[*].[InstanceId,InstanceType,State.Name,PublicIpAddress,PrivateIpAddress,Tags[?Key==\`Name\`].Value|[0]]' --output table`],
+        ["RDS", `aws rds describe-db-instances ${pf} --query 'DBInstances[*].[DBInstanceIdentifier,Engine,DBInstanceStatus,Endpoint.Address,Endpoint.Port]' --output table`],
+        ["ELB_V2", `aws elbv2 describe-load-balancers ${pf} --query 'LoadBalancers[*].[LoadBalancerName,DNSName,Type,State.Code]' --output table`],
+        ["EKS", `aws eks list-clusters ${pf} --output json`],
+        ["ELASTICACHE", `aws elasticache describe-cache-clusters ${pf} --query 'CacheClusters[*].[CacheClusterId,Engine,CacheClusterStatus]' --output table 2>/dev/null || echo "(nicht verf\xFCgbar)"`],
+        ["S3", `aws s3 ls ${pf} 2>/dev/null || echo "(nicht verf\xFCgbar)"`],
+        ["VPC", `aws ec2 describe-vpcs ${pf} --query 'Vpcs[*].[VpcId,CidrBlock,IsDefault,Tags[?Key==\`Name\`].Value|[0]]' --output table`]
+      ];
+      const out = sections.map(([l, c]) => `=== ${l} ===
+${run(c)}`).join("\n\n");
+      return { content: [{ type: "text", text: out }] };
+    }),
+    tool("scan_gcp_resources", "Google Cloud Platform via gcloud CLI scannen \u2014 100% readonly (list, describe)", {
+      project: z.string().optional().describe("GCP Project ID \u2014 default: aktuelles gcloud-Projekt")
+    }, async (args) => {
+      const { execSync: execSync3 } = await import("child_process");
+      const project = args["project"];
+      const pf = project ? `--project ${project}` : "";
+      const run = (cmd) => {
+        try {
+          return execSync3(cmd, { stdio: "pipe", timeout: 2e4, shell: "/bin/sh" }).toString().trim();
+        } catch (e) {
+          return `(error: ${e instanceof Error ? e.message.split("\n")[0] : String(e)})`;
+        }
+      };
+      const sections = [
+        ["IDENTITY", `gcloud config list account --format='value(core.account)' 2>/dev/null; gcloud config get-value project 2>/dev/null`],
+        ["COMPUTE_INSTANCES", `gcloud compute instances list ${pf} 2>/dev/null || echo "(error)"`],
+        ["SQL_INSTANCES", `gcloud sql instances list ${pf} 2>/dev/null || echo "(error)"`],
+        ["GKE_CLUSTERS", `gcloud container clusters list ${pf} 2>/dev/null || echo "(error)"`],
+        ["CLOUD_RUN", `gcloud run services list ${pf} --platform managed 2>/dev/null || echo "(error)"`],
+        ["CLOUD_FUNCTIONS", `gcloud functions list ${pf} 2>/dev/null || echo "(error)"`],
+        ["REDIS", `gcloud redis instances list ${pf} --regions=- 2>/dev/null || echo "(error)"`],
+        ["PUBSUB", `gcloud pubsub topics list ${pf} 2>/dev/null || echo "(error)"`],
+        ["SPANNER", `gcloud spanner instances list ${pf} 2>/dev/null || echo "(error)"`]
+      ];
+      const out = sections.map(([l, c]) => `=== ${l} ===
+${run(c)}`).join("\n\n");
+      return { content: [{ type: "text", text: out }] };
+    }),
+    tool("scan_azure_resources", "Azure-Infrastruktur via az CLI scannen \u2014 100% readonly (list, show)", {
+      subscription: z.string().optional().describe("Azure Subscription ID"),
+      resourceGroup: z.string().optional().describe("Resource Group filtern")
+    }, async (args) => {
+      const { execSync: execSync3 } = await import("child_process");
+      const sub = args["subscription"];
+      const rg = args["resourceGroup"];
+      const sf = sub ? `--subscription ${sub}` : "";
+      const rf = rg ? `--resource-group ${rg}` : "";
+      const run = (cmd) => {
+        try {
+          return execSync3(cmd, { stdio: "pipe", timeout: 2e4, shell: "/bin/sh" }).toString().trim();
+        } catch (e) {
+          return `(error: ${e instanceof Error ? e.message.split("\n")[0] : String(e)})`;
+        }
+      };
+      const sections = [
+        ["IDENTITY", `az account show --output json ${sf} 2>/dev/null || echo "(nicht eingeloggt \u2014 az login)"`],
+        ["VMS", `az vm list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["AKS", `az aks list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["SQL_SERVERS", `az sql server list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["POSTGRES", `az postgres server list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["REDIS", `az redis list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["WEBAPPS", `az webapp list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["CONTAINER_APPS", `az containerapp list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`],
+        ["FUNCTIONS", `az functionapp list ${sf} ${rf} --output table 2>/dev/null || echo "(error)"`]
+      ];
+      const out = sections.map(([l, c]) => `=== ${l} ===
+${run(c)}`).join("\n\n");
+      return { content: [{ type: "text", text: out }] };
+    }),
     tool("save_sop", "Standard Operating Procedure speichern", {
-      workflowId: z2.string(),
-      title: z2.string(),
-      description: z2.string(),
-      steps: z2.array(SOPStepSchema),
-      involvedSystems: z2.array(z2.string()),
-      estimatedDuration: z2.string(),
-      frequency: z2.string(),
-      confidence: z2.number().min(0).max(1)
+      workflowId: z.string(),
+      title: z.string(),
+      description: z.string(),
+      steps: z.array(SOPStepSchema),
+      involvedSystems: z.array(z.string()),
+      estimatedDuration: z.string(),
+      frequency: z.string(),
+      confidence: z.number().min(0).max(1)
     }, async (args) => {
       db.insertSOP({
         workflowId: args["workflowId"],
@@ -860,15 +812,22 @@ SCHRITT 2 \u2014 Lokale Infrastruktur:
   ss -tlnp && ps aux \u2192 alle lauschenden Ports/Prozesse identifizieren
   Jeden Service vertiefen: DB\u2192Schemas, API\u2192Endpoints, Queue\u2192Topics
-SCHRITT 3 \u2014 Config-Files:
+SCHRITT 3 \u2014 Cloud & Kubernetes (falls CLI vorhanden):
+  scan_k8s_resources() \u2192 Nodes, Services, Pods, Deployments, Ingresses
+  scan_aws_resources()  \u2192 EC2, RDS, ELB, EKS, ElastiCache, S3 (falls AWS CLI + Credentials)
+  scan_gcp_resources()  \u2192 Compute, SQL, GKE, Cloud Run, Functions (falls gcloud + Auth)
+  scan_azure_resources() \u2192 VMs, AKS, SQL, Redis, WebApps (falls az CLI + Login)
+  Fehler / "nicht verf\xFCgbar" \u2192 ignorieren, weiter mit n\xE4chstem Tool
+SCHRITT 4 \u2014 Config-Files:
   .env, docker-compose.yml, application.yml, kubernetes/*.yml
   Nur Host:Port extrahieren \u2014 KEINE Credentials
-SCHRITT 4 \u2014 R\xFCckfragen bei Unklarheit:
+SCHRITT 5 \u2014 R\xFCckfragen bei Unklarheit:
   ask_user() nutzen wenn: Dienst unklar ist, Kontext fehlt, oder User Input sinnvoll w\xE4re
   Beispiele: "Welche Umgebung ist das (dev/staging/prod)?", "Ist <host> ein internes Tool?"
-SCHRITT 5 \u2014 Fertig wenn alle Spuren ersch\xF6pft.
+SCHRITT 6 \u2014 Fertig wenn alle Spuren ersch\xF6pft.
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
 PORT-MAPPING: 5432=postgres, 3306=mysql, 27017=mongodb, 6379=redis,
@@ -903,6 +862,10 @@ Nutze ask_user wenn du Kontext vom User brauchst.`;
         "mcp__cartograph__save_edge",
         "mcp__cartograph__get_catalog",
         "mcp__cartograph__scan_bookmarks",
+        "mcp__cartograph__scan_k8s_resources",
+        "mcp__cartograph__scan_aws_resources",
+        "mcp__cartograph__scan_gcp_resources",
+        "mcp__cartograph__scan_azure_resources",
         "mcp__cartograph__ask_user"
       ],
       hooks: {
@@ -1050,461 +1013,19 @@ function clusterTasks(tasks) {
   return clusters;
 }
-// src/exporter.ts
-import { mkdirSync as mkdirSync2, writeFileSync } from "fs";
-import { join as join3 } from "path";
-function nodeLayer(type) {
-  if (type === "saas_tool") return "saas";
-  if (["web_service", "api_endpoint"].includes(type)) return "web";
-  if (["database_server", "database", "table", "cache_server"].includes(type)) return "data";
-  if (["message_broker", "queue", "topic"].includes(type)) return "messaging";
-  if (["host", "container", "pod", "k8s_cluster"].includes(type)) return "infra";
-  if (type === "config_file") return "config";
-  return "other";
-}
-var LAYER_LABELS = {
-  saas: "\u2601 SaaS Tools",
-  web: "\u{1F310} Web / API",
-  data: "\u{1F5C4} Data Layer",
-  messaging: "\u{1F4E8} Messaging",
-  infra: "\u{1F5A5} Infrastructure",
-  config: "\u{1F4C4} Config",
-  other: "\u2753 Sonstige"
-};
-var LAYER_ORDER = ["saas", "web", "data", "messaging", "infra", "config", "other"];
-var MERMAID_ICONS = {
-  host: "\u{1F5A5}",
-  database_server: "\u{1F5C4}",
-  database: "\u{1F5C4}",
-  table: "\u{1F4CB}",
-  web_service: "\u{1F310}",
-  api_endpoint: "\u{1F50C}",
-  cache_server: "\u26A1",
-  message_broker: "\u{1F4E8}",
-  queue: "\u{1F4EC}",
-  topic: "\u{1F4E2}",
-  container: "\u{1F4E6}",
-  pod: "\u2638",
-  k8s_cluster: "\u2638",
-  config_file: "\u{1F4C4}",
-  saas_tool: "\u2601",
-  unknown: "\u2753"
-};
-var EDGE_LABELS = {
-  connects_to: "\u2192",
-  reads_from: "reads",
-  writes_to: "writes",
-  calls: "calls",
-  contains: "contains",
-  depends_on: "depends on"
-};
-var MERMAID_CLASSES = {
-  host: "fill:#1e3352,stroke:#4a82c4,color:#cce",
-  database_server: "fill:#1e3352,stroke:#4a82c4,color:#cce",
-  database: "fill:#163352,stroke:#3a8ad4,color:#bdf",
-  table: "fill:#0f2a40,stroke:#2a6090,color:#9bd",
-  web_service: "fill:#1a3a1a,stroke:#3a9a3a,color:#bfb",
-  api_endpoint: "fill:#0f2a0f,stroke:#2a7a2a,color:#9d9",
-  cache_server: "fill:#3a2a0a,stroke:#ca8a0a,color:#fda",
-  message_broker: "fill:#2a1a3a,stroke:#7a3aaa,color:#daf",
-  queue: "fill:#1f1030,stroke:#5a2a8a,color:#caf",
-  topic: "fill:#1f1030,stroke:#5a2a8a,color:#caf",
-  container: "fill:#1a2a3a,stroke:#3a6a9a,color:#acd",
-  pod: "fill:#0f1f2f,stroke:#2a5a8a,color:#8bc",
-  k8s_cluster: "fill:#0a1520,stroke:#1a4a7a,color:#7ab",
-  config_file: "fill:#2a2a1a,stroke:#7a7a2a,color:#ddc",
-  saas_tool: "fill:#2a1a2a,stroke:#9a3a9a,color:#daf",
-  unknown: "fill:#2a2a2a,stroke:#5a5a5a,color:#aaa"
-};
-function sanitize(id) {
-  return id.replace(/[^a-zA-Z0-9_]/g, "_");
-}
-function nodeLabel(node) {
-  const icon = MERMAID_ICONS[node.type] ?? "?";
-  const parts = node.id.split(":");
-  const location = parts.length >= 3 ? `${parts[1]}:${parts[2]}` : parts[1] ?? "";
-  const conf = `${Math.round(node.confidence * 100)}%`;
-  const meta = node.metadata;
-  const extras = [];
-  for (const key of ["category", "version", "description"]) {
-    const v = meta[key];
-    if (typeof v === "string" && v.length > 0) {
-      extras.push(v.substring(0, 28));
-      break;
-    }
-  }
-  const locLine = location ? `<br/><small>${location}</small>` : "";
-  const extraLine = extras.length ? `<br/><small>${extras[0]}</small>` : "";
-  return `["${icon} <b>${node.name}</b>${locLine}${extraLine}<br/><small>${node.type} \xB7 ${conf}</small>"]`;
-}
-function generateTopologyMermaid(nodes, edges) {
-  if (nodes.length === 0) return 'graph TB\n    empty["No nodes discovered yet"]';
-  const lines = ["graph TB"];
-  const usedTypes = new Set(nodes.map((n) => n.type));
-  for (const type of usedTypes) {
-    const style = MERMAID_CLASSES[type] ?? MERMAID_CLASSES["unknown"];
-    lines.push(`    classDef ${type.replace(/_/g, "")} ${style}`);
-  }
-  lines.push("");
-  const layerMap = /* @__PURE__ */ new Map();
-  for (const node of nodes) {
-    const layer = nodeLayer(node.type);
-    if (!layerMap.has(layer)) layerMap.set(layer, []);
-    layerMap.get(layer).push(node);
-  }
-  for (const layerKey of LAYER_ORDER) {
-    const layerNodes = layerMap.get(layerKey);
-    if (!layerNodes || layerNodes.length === 0) continue;
-    const label = LAYER_LABELS[layerKey] ?? layerKey;
-    lines.push(`    subgraph ${layerKey}["${label}"]`);
-    for (const node of layerNodes) {
-      lines.push(`      ${sanitize(node.id)}${nodeLabel(node)}:::${node.type.replace(/_/g, "")}`);
-    }
-    lines.push("    end");
-    lines.push("");
-  }
-  for (const edge of edges) {
-    const src = sanitize(edge.sourceId);
-    const tgt = sanitize(edge.targetId);
-    const label = EDGE_LABELS[edge.relationship] ?? edge.relationship;
-    const arrow = edge.confidence < 0.6 ? `-. "${label}" .->` : `-->|"${label}"|`;
-    lines.push(`    ${src} ${arrow} ${tgt}`);
-  }
-  return lines.join("\n");
-}
-function generateDependencyMermaid(nodes, edges) {
-  const depEdges = edges.filter(
-    (e) => ["calls", "reads_from", "writes_to", "depends_on"].includes(e.relationship)
-  );
-  if (depEdges.length === 0) return 'graph LR\n    empty["No dependency edges found"]';
-  const lines = ["graph LR"];
-  const usedIds = /* @__PURE__ */ new Set();
-  for (const edge of depEdges) {
-    usedIds.add(edge.sourceId);
-    usedIds.add(edge.targetId);
-  }
-  const usedNodes = nodes.filter((n) => usedIds.has(n.id));
-  const usedTypes = new Set(usedNodes.map((n) => n.type));
-  for (const type of usedTypes) {
-    const style = MERMAID_CLASSES[type] ?? MERMAID_CLASSES["unknown"];
-    lines.push(`    classDef ${type.replace(/_/g, "")} ${style}`);
-  }
-  lines.push("");
-  for (const node of usedNodes) {
-    lines.push(`    ${sanitize(node.id)}${nodeLabel(node)}:::${node.type.replace(/_/g, "")}`);
-  }
-  lines.push("");
-  for (const edge of depEdges) {
-    const label = EDGE_LABELS[edge.relationship] ?? edge.relationship;
-    lines.push(`    ${sanitize(edge.sourceId)} -->|"${label}"| ${sanitize(edge.targetId)}`);
-  }
-  return lines.join("\n");
-}
-function generateWorkflowMermaid(sop) {
-  const lines = ["flowchart TD"];
-  for (const step of sop.steps) {
-    const nodeId = `S${step.order}`;
-    const label = `${step.order}. ${step.instruction.substring(0, 60)}`;
-    lines.push(`    ${nodeId}["${label}"]`);
-    if (step.order > 1) {
-      lines.push(`    S${step.order - 1} --> ${nodeId}`);
-    }
-  }
-  return lines.join("\n");
-}
-function exportBackstageYAML(nodes, edges, org) {
-  const owner = org ?? "unknown";
-  const docs = [];
-  for (const node of nodes) {
-    const isComponent = ["web_service", "container", "pod"].includes(node.type);
-    const isAPI = node.type === "api_endpoint";
-    const kind = isComponent ? "Component" : isAPI ? "API" : "Resource";
-    const deps = edges.filter((e) => e.sourceId === node.id).map((e) => `    - resource:default/${sanitize(e.targetId)}`);
-    const doc = [
-      `apiVersion: backstage.io/v1alpha1`,
-      `kind: ${kind}`,
-      `metadata:`,
-      `  name: ${sanitize(node.id)}`,
-      `  annotations:`,
-      `    cartography/discovered-at: "${node.discoveredAt}"`,
-      `    cartography/confidence: "${node.confidence}"`,
-      `spec:`,
-      `  type: ${node.type}`,
-      `  lifecycle: production`,
-      `  owner: ${owner}`,
-      ...deps.length > 0 ? ["  dependsOn:", ...deps] : []
-    ].join("\n");
-    docs.push(doc);
-  }
-  return docs.join("\n---\n");
-}
-function exportJSON(db, sessionId) {
-  const nodes = db.getNodes(sessionId);
-  const edges = db.getEdges(sessionId);
-  const events = db.getEvents(sessionId);
-  const tasks = db.getTasks(sessionId);
-  const sops = db.getSOPs(sessionId);
-  const stats = db.getStats(sessionId);
-  return JSON.stringify({
-    sessionId,
-    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    stats,
-    nodes,
-    edges,
-    events,
-    tasks,
-    sops
-  }, null, 2);
-}
-function exportHTML(nodes, edges) {
-  const graphData = JSON.stringify({
-    nodes: nodes.map((n) => ({
-      id: n.id,
-      name: n.name,
-      type: n.type,
-      confidence: n.confidence,
-      discoveredVia: n.discoveredVia,
-      discoveredAt: n.discoveredAt,
-      tags: n.tags,
-      metadata: n.metadata
-    })),
-    links: edges.map((e) => ({
-      source: e.sourceId,
-      target: e.targetId,
-      relationship: e.relationship,
-      confidence: e.confidence,
-      evidence: e.evidence
-    }))
-  });
-  return `<!DOCTYPE html>
-<html lang="de">
-<head>
-  <meta charset="UTF-8">
-  <title>Cartography \u2014 Topology</title>
-  <script src="https://d3js.org/d3.v7.min.js"></script>
-  <style>
-    * { box-sizing: border-box; }
-    body { margin: 0; background: #0d1117; color: #e6edf3; font-family: 'SF Mono', 'Fira Code', monospace; display: flex; }
-    #graph { flex: 1; height: 100vh; }
-    svg { width: 100%; height: 100%; }
-    .link { stroke-opacity: 0.5; }
-    .link-label { font-size: 9px; fill: #8b949e; }
-    .node circle { stroke-width: 2px; cursor: pointer; transition: r 0.15s; }
-    .node circle:hover { r: 14; }
-    .node text { font-size: 11px; fill: #c9d1d9; pointer-events: none; }
-    /* \u2500\u2500 Sidebar \u2500\u2500 */
-    #sidebar {
-      width: 300px; min-width: 300px; height: 100vh; overflow-y: auto;
-      background: #161b22; border-left: 1px solid #30363d;
-      padding: 16px; font-size: 12px; line-height: 1.6;
-    }
-    #sidebar h2 { margin: 0 0 8px; font-size: 14px; color: #58a6ff; }
-    #sidebar .meta-table { width: 100%; border-collapse: collapse; }
-    #sidebar .meta-table td { padding: 3px 6px; border-bottom: 1px solid #21262d; vertical-align: top; }
-    #sidebar .meta-table td:first-child { color: #8b949e; white-space: nowrap; width: 90px; }
-    #sidebar .tag { display: inline-block; background: #21262d; border-radius: 3px; padding: 1px 5px; margin: 1px; }
-    #sidebar .conf-bar { height: 6px; border-radius: 3px; background: #21262d; margin-top: 3px; }
-    #sidebar .conf-fill { height: 100%; border-radius: 3px; }
-    #sidebar .edges-list { margin-top: 12px; }
-    #sidebar .edge-item { padding: 4px 0; border-bottom: 1px solid #21262d; color: #8b949e; }
-    #sidebar .edge-item span { color: #c9d1d9; }
-    .hint { color: #484f58; font-size: 11px; margin-top: 8px; }
-    #header { position: fixed; top: 10px; left: 10px; background: rgba(13,17,23,0.85);
-              padding: 8px 12px; border-radius: 6px; font-size: 12px; border: 1px solid #30363d; }
-    #header strong { color: #58a6ff; }
-  </style>
-</head>
-<body>
-<div id="graph">
-  <div id="header">
-    <strong>Cartography</strong> &nbsp;
-    <span style="color:#8b949e">${nodes.length} Nodes \xB7 ${edges.length} Edges</span><br>
-    <span style="color:#484f58;font-size:10px">Scroll=zoom \xB7 Drag=pan \xB7 Click=details</span>
-  </div>
-  <svg></svg>
-</div>
-<div id="sidebar">
-  <h2>Infrastructure Map</h2>
-  <p class="hint">Klicke einen Node um Details anzuzeigen.</p>
-</div>
-<script>
-const data = ${graphData};
-const TYPE_COLORS = {
-  host: '#4a9eff', database_server: '#ff6b6b', database: '#ff8c42',
-  web_service: '#6bcb77', api_endpoint: '#4d96ff', cache_server: '#ffd93d',
-  message_broker: '#c77dff', queue: '#e0aaff', topic: '#9d4edd',
-  container: '#48cae4', pod: '#00b4d8', k8s_cluster: '#0077b6',
-  config_file: '#adb5bd', saas_tool: '#da8bff', unknown: '#6c757d',
-};
-const NODE_RADIUS = { saas_tool: 10, host: 11, database_server: 11, k8s_cluster: 13, default: 8 };
-const radius = d => NODE_RADIUS[d.type] || NODE_RADIUS.default;
-const sidebar = document.getElementById('sidebar');
-function showNode(d) {
-  const c = TYPE_COLORS[d.type] || '#aaa';
-  const confPct = Math.round(d.confidence * 100);
-  const tags = (d.tags || []).map(t => \`<span class="tag">\${t}</span>\`).join('');
-  const metaRows = Object.entries(d.metadata || {})
-    .filter(([,v]) => v !== null && v !== undefined && String(v).length > 0)
-    .map(([k,v]) => \`<tr><td>\${k}</td><td>\${JSON.stringify(v)}</td></tr>\`)
-    .join('');
-  const related = data.links.filter(l =>
-    (l.source.id||l.source) === d.id || (l.target.id||l.target) === d.id
-  );
-  const edgeItems = related.map(l => {
-    const isOut = (l.source.id||l.source) === d.id;
-    const other = isOut ? (l.target.id||l.target) : (l.source.id||l.source);
-    return \`<div class="edge-item">\${isOut ? '\u2192' : '\u2190'} <span>\${other}</span> <small>[\${l.relationship}]</small></div>\`;
-  }).join('');
-  sidebar.innerHTML = \`
-    <h2>\${d.name}</h2>
-    <table class="meta-table">
-      <tr><td>ID</td><td style="font-size:10px;word-break:break-all">\${d.id}</td></tr>
-      <tr><td>Typ</td><td><span style="color:\${c}">\${d.type}</span></td></tr>
-      <tr><td>Confidence</td><td>
-        \${confPct}%
-        <div class="conf-bar"><div class="conf-fill" style="width:\${confPct}%;background:\${c}"></div></div>
-      </td></tr>
-      <tr><td>Entdeckt via</td><td>\${d.discoveredVia || '\u2014'}</td></tr>
-      <tr><td>Zeitpunkt</td><td>\${d.discoveredAt ? d.discoveredAt.substring(0,19).replace('T',' ') : '\u2014'}</td></tr>
-      \${tags ? '<tr><td>Tags</td><td>'+tags+'</td></tr>' : ''}
-      \${metaRows}
-    </table>
-    \${related.length > 0 ? '<div class="edges-list"><strong>Verbindungen:</strong>'+edgeItems+'</div>' : ''}
-  \`;
-}
-const svgEl = d3.select('svg');
-const graphDiv = document.getElementById('graph');
-const width = () => graphDiv.clientWidth;
-const height = () => graphDiv.clientHeight;
-const g = svgEl.append('g');
-svgEl.call(d3.zoom().scaleExtent([0.1, 4]).on('zoom', e => g.attr('transform', e.transform)));
-const sim = d3.forceSimulation(data.nodes)
-  .force('link', d3.forceLink(data.links).id(d => d.id).distance(d => d.relationship === 'contains' ? 60 : 120))
-  .force('charge', d3.forceManyBody().strength(-320))
-  .force('center', d3.forceCenter(width() / 2, height() / 2))
-  .force('collision', d3.forceCollide().radius(d => radius(d) + 20));
-const link = g.append('g')
-  .selectAll('line').data(data.links).join('line')
-  .attr('class', 'link')
-  .attr('stroke', d => d.confidence < 0.6 ? '#444' : '#555')
-  .attr('stroke-dasharray', d => d.confidence < 0.6 ? '4 3' : null)
-  .attr('stroke-width', d => d.confidence < 0.6 ? 1 : 1.5);
-link.append('title').text(d => \`\${d.relationship} (conf:\${d.confidence})
-\${d.evidence||''}\`);
-const node = g.append('g')
-  .selectAll('g').data(data.nodes).join('g').attr('class', 'node')
-  .call(d3.drag()
-    .on('start', (e, d) => { if (!e.active) sim.alphaTarget(0.3).restart(); d.fx = d.x; d.fy = d.y; })
-    .on('drag', (e, d) => { d.fx = e.x; d.fy = e.y; })
-    .on('end', (e, d) => { if (!e.active) sim.alphaTarget(0); d.fx = null; d.fy = null; })
-  )
-  .on('click', (e, d) => { e.stopPropagation(); showNode(d); });
-node.append('circle')
-  .attr('r', radius)
-  .attr('fill', d => TYPE_COLORS[d.type] || '#aaa')
-  .attr('stroke', d => d3.color(TYPE_COLORS[d.type] || '#aaa').brighter(1).formatHex())
-  .append('title').text(d => \`\${d.id}
-conf:\${d.confidence}\`);
-node.append('text').attr('dx', d => radius(d) + 4).attr('dy', '.35em').text(d => d.name);
-sim.on('tick', () => {
-  link.attr('x1', d => d.source.x).attr('y1', d => d.source.y)
-      .attr('x2', d => d.target.x).attr('y2', d => d.target.y);
-  node.attr('transform', d => \`translate(\${d.x},\${d.y})\`);
-});
-svgEl.on('click', () => {
-  sidebar.innerHTML = '<h2>Infrastructure Map</h2><p class="hint">Klicke einen Node um Details anzuzeigen.</p>';
-});
-</script>
-</body>
-</html>`;
-}
-function exportSOPMarkdown(sop) {
-  const lines = [
-    `# ${sop.title}`,
-    "",
-    `**Beschreibung:** ${sop.description}`,
-    `**Systeme:** ${sop.involvedSystems.join(", ")}`,
-    `**Dauer:** ${sop.estimatedDuration}`,
-    `**H\xE4ufigkeit:** ${sop.frequency}`,
-    `**Confidence:** ${sop.confidence.toFixed(2)}`,
-    "",
-    "## Schritte",
-    ""
-  ];
-  for (const step of sop.steps) {
-    lines.push(`${step.order}. **${step.tool}**${step.target ? ` \u2192 \`${step.target}\`` : ""}`);
-    lines.push(`   ${step.instruction}`);
-    if (step.notes) lines.push(`   _${step.notes}_`);
-    lines.push("");
-  }
-  return lines.join("\n");
-}
-function exportAll(db, sessionId, outputDir, formats = ["mermaid", "json", "yaml", "html", "sops"]) {
-  mkdirSync2(outputDir, { recursive: true });
-  mkdirSync2(join3(outputDir, "sops"), { recursive: true });
-  mkdirSync2(join3(outputDir, "workflows"), { recursive: true });
-  const nodes = db.getNodes(sessionId);
-  const edges = db.getEdges(sessionId);
-  if (formats.includes("mermaid")) {
-    writeFileSync(join3(outputDir, "topology.mermaid"), generateTopologyMermaid(nodes, edges));
-    writeFileSync(join3(outputDir, "dependencies.mermaid"), generateDependencyMermaid(nodes, edges));
-    process.stderr.write("\u2713 topology.mermaid, dependencies.mermaid\n");
-  }
-  if (formats.includes("json")) {
-    writeFileSync(join3(outputDir, "catalog.json"), exportJSON(db, sessionId));
-    process.stderr.write("\u2713 catalog.json\n");
-  }
-  if (formats.includes("yaml")) {
-    writeFileSync(join3(outputDir, "catalog-info.yaml"), exportBackstageYAML(nodes, edges));
-    process.stderr.write("\u2713 catalog-info.yaml\n");
-  }
-  if (formats.includes("html")) {
-    writeFileSync(join3(outputDir, "topology.html"), exportHTML(nodes, edges));
-    process.stderr.write("\u2713 topology.html\n");
-  }
-  if (formats.includes("sops")) {
-    const sops = db.getSOPs(sessionId);
-    for (const sop of sops) {
-      const filename = sop.title.toLowerCase().replace(/[^a-z0-9]+/g, "-") + ".md";
-      writeFileSync(join3(outputDir, "sops", filename), exportSOPMarkdown(sop));
-      const wfFilename = `workflow-${sop.workflowId.substring(0, 8)}.mermaid`;
-      writeFileSync(join3(outputDir, "workflows", wfFilename), generateWorkflowMermaid(sop));
-    }
-    if (sops.length > 0) {
-      process.stderr.write(`\u2713 ${sops.length} SOPs + workflow diagrams
-`);
-    }
-  }
-}
 // src/cli.ts
-import { readFileSync as readFileSync4, existsSync as existsSync5 } from "fs";
+import { readFileSync as readFileSync3, existsSync as existsSync4 } from "fs";
 import { resolve } from "path";
 import { createInterface } from "readline";
 // src/daemon.ts
 import { execSync as execSync2, spawn } from "child_process";
-import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync2, unlinkSync as unlinkSync2 } from "fs";
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync, unlinkSync as unlinkSync2 } from "fs";
 // src/ipc.ts
 import net from "net";
 import { EventEmitter } from "events";
-import { chmodSync, existsSync as existsSync3, unlinkSync } from "fs";
+import { chmodSync, existsSync as existsSync2, unlinkSync } from "fs";
 var IPCServer = class extends EventEmitter {
   server = null;
   clients = /* @__PURE__ */ new Set();
@@ -1606,7 +1127,7 @@ var IPCClient = class extends EventEmitter {
   }
 };
 function cleanStaleSocket(socketPath) {
-  if (existsSync3(socketPath)) {
+  if (existsSync2(socketPath)) {
     try {
       unlinkSync(socketPath);
     } catch {
@@ -1675,22 +1196,62 @@ var ShadowDaemon = class {
     this.notify = notify;
   }
   running = false;
+  paused = false;
   prevSnapshot = "";
   cyclesRun = 0;
   cyclesSkipped = 0;
+  lastTaskCount = 0;
+  sessionId = "";
   async run() {
     this.running = true;
-    const sessionId = this.db.createSession("shadow", this.config);
+    this.sessionId = this.db.createSession("shadow", this.config);
     process.on("SIGTERM", () => this.stop());
     process.on("SIGINT", () => this.stop());
+    process.on("SIGUSR1", () => this.pause());
+    process.on("SIGUSR2", () => this.resume());
+    this.ipc.on("message", (msg) => {
+      switch (msg.type) {
+        case "command":
+          if (msg.command === "pause") this.pause();
+          else if (msg.command === "resume") this.resume();
+          else if (msg.command === "stop") this.stop();
+          else if (msg.command === "status") {
+            this.ipc.broadcast({ type: "status", data: this.getStatus() });
+          } else if (msg.command === "new-task") {
+            this.db.startTask(this.sessionId);
+            this.ipc.broadcast({ type: "info", message: "Task gestartet" });
+          } else if (msg.command === "end-task") {
+            this.db.endCurrentTask(this.sessionId);
+            this.ipc.broadcast({ type: "info", message: "Task beendet" });
+          }
+          break;
+        case "task-description":
+          this.db.updateTaskDescription(this.sessionId, msg.description);
+          break;
+        case "prompt-response":
+          if (msg.id.startsWith("sop-suggest:")) {
+            const taskId = msg.id.replace("sop-suggest:", "");
+            if (msg.answer === "ja" || msg.answer === "yes" || msg.answer === "Ja, als SOP speichern") {
+              this.db.markTaskAsSOPCandidate(taskId);
+              this.ipc.broadcast({ type: "info", message: `Task als SOP-Kandidat markiert` });
+            }
+          }
+          break;
+      }
+    });
     while (this.running) {
+      if (this.paused) {
+        this.ipc.broadcast({ type: "status", data: this.getStatus() });
+        await sleep(this.config.pollIntervalMs);
+        continue;
+      }
       const snapshot = takeSnapshot(this.config);
       if (snapshot !== this.prevSnapshot) {
         try {
           await runShadowCycle(
             this.config,
             this.db,
-            sessionId,
+            this.sessionId,
             this.prevSnapshot,
             snapshot,
             (msg) => {
@@ -1705,38 +1266,84 @@ var ShadowDaemon = class {
 `);
         }
         this.prevSnapshot = snapshot;
+        this.checkForCompletedTasks();
       } else {
         this.cyclesSkipped++;
       }
-      const status = this.getStatus(sessionId);
-      this.ipc.broadcast({ type: "status", data: status });
+      this.ipc.broadcast({ type: "status", data: this.getStatus() });
       if (!this.ipc.hasClients()) {
-        const stats = this.db.getStats(sessionId);
+        const stats = this.db.getStats(this.sessionId);
         if (stats.events > 0 && this.cyclesRun % 10 === 0) {
           this.notify.workflowDetected(stats.tasks, `${stats.events} events so far`);
         }
       }
       await sleep(this.config.pollIntervalMs);
     }
-    this.db.endSession(sessionId);
+    this.db.endSession(this.sessionId);
     this.ipc.stop();
     cleanup(this.config);
+    return this.sessionId;
+  }
+  pause() {
+    if (!this.paused) {
+      this.paused = true;
+      this.ipc.broadcast({ type: "info", message: "\u23F8 Shadow-Daemon pausiert" });
+    }
+  }
+  resume() {
+    if (this.paused) {
+      this.paused = false;
+      this.ipc.broadcast({ type: "info", message: "\u25B6 Shadow-Daemon fortgesetzt" });
+    }
   }
   stop() {
     this.running = false;
   }
-  getStatus(sessionId) {
-    const stats = this.db.getStats(sessionId);
+  getSessionId() {
+    return this.sessionId;
+  }
+  checkForCompletedTasks() {
+    const tasks = this.db.getTasks(this.sessionId);
+    const completedCount = tasks.filter((t) => t.status === "completed").length;
+    if (completedCount > this.lastTaskCount) {
+      const newlyCompleted = tasks.filter((t) => t.status === "completed" && !t.isSOPCandidate).slice(-1);
+      for (const task of newlyCompleted) {
+        const desc = task.description ?? `Task ${task.id.substring(0, 8)}`;
+        if (this.ipc.hasClients()) {
+          this.ipc.broadcast({
+            type: "prompt",
+            id: `sop-suggest:${task.id}`,
+            prompt: {
+              kind: "task-boundary",
+              context: { taskId: task.id, description: desc },
+              options: ["Ja, als SOP speichern", "Nein, \xFCberspringen"],
+              defaultAnswer: "Ja, als SOP speichern",
+              timeoutMs: 3e4,
+              createdAt: (/* @__PURE__ */ new Date()).toISOString()
+            }
+          });
+        } else {
+          this.db.markTaskAsSOPCandidate(task.id);
+        }
+      }
+      this.lastTaskCount = completedCount;
+    }
+  }
+  getStatus() {
+    const stats = this.db.getStats(this.sessionId);
+    const sops = this.db.getSOPs(this.sessionId);
     return {
       pid: process.pid,
       uptime: process.uptime(),
       nodeCount: stats.nodes,
       eventCount: stats.events,
       taskCount: stats.tasks,
+      sopCount: sops.length,
       pendingPrompts: 0,
       autoSave: this.config.autoSaveNodes,
       mode: this.config.shadowMode,
       agentActive: false,
+      paused: this.paused,
       cyclesRun: this.cyclesRun,
       cyclesSkipped: this.cyclesSkipped
     };
@@ -1759,13 +1366,13 @@ function forkDaemon(config) {
   child.unref();
   const pid = child.pid;
   if (!pid) throw new Error("Failed to fork daemon");
-  writeFileSync2(config.pidFile, String(pid), "utf8");
+  writeFileSync(config.pidFile, String(pid), "utf8");
   return pid;
 }
 function isDaemonRunning(pidFile) {
-  if (!existsSync4(pidFile)) return { running: false };
+  if (!existsSync3(pidFile)) return { running: false };
   try {
-    const pid = parseInt(readFileSync3(pidFile, "utf8").trim(), 10);
+    const pid = parseInt(readFileSync2(pidFile, "utf8").trim(), 10);
     if (isNaN(pid)) return { running: false };
     process.kill(pid, 0);
     return { running: true, pid };
@@ -1791,6 +1398,26 @@ function stopDaemon(pidFile) {
     return false;
   }
 }
+function pauseDaemon(pidFile) {
+  const { running, pid } = isDaemonRunning(pidFile);
+  if (!running || !pid) return false;
+  try {
+    process.kill(pid, "SIGUSR1");
+    return true;
+  } catch {
+    return false;
+  }
+}
+function resumeDaemon(pidFile) {
+  const { running, pid } = isDaemonRunning(pidFile);
+  if (!running || !pid) return false;
+  try {
+    process.kill(pid, "SIGUSR2");
+    return true;
+  } catch {
+    return false;
+  }
+}
 function cleanup(config) {
   try {
     unlinkSync2(config.socketPath);
@@ -1826,6 +1453,7 @@ var ForegroundClient = class {
   }
 };
 var AttachClient = class {
+  isPaused = false;
   async attach(socketPath) {
     const client = new IPCClient();
     try {
@@ -1838,7 +1466,7 @@ var AttachClient = class {
       return;
     }
     process.stderr.write("\u{1F4E1} Verbunden mit Shadow-Daemon\n");
-    process.stderr.write("   [T] Neuer Task  [S] Status  [D] Trennen  [Q] Daemon stoppen\n\n");
+    process.stderr.write("   [T] Neuer Task  [S] Status  [P] Pause/Resume  [D] Trennen  [Q] Stoppen\n\n");
     if (process.stdin.isTTY) {
       process.stdin.setRawMode(true);
     }
@@ -1861,6 +1489,17 @@ var AttachClient = class {
         client.send({ type: "command", command: "status" });
         return;
       }
+      if (k === "p") {
+        if (this.isPaused) {
+          client.send({ type: "command", command: "resume" });
+          process.stderr.write("\n\u25B6 Resume gesendet\n");
+        } else {
+          client.send({ type: "command", command: "pause" });
+          process.stderr.write("\n\u23F8 Pause gesendet\n");
+        }
+        this.isPaused = !this.isPaused;
+        return;
+      }
       if (k === "d" || k === "") {
         process.stderr.write("\n\u{1F4E1} Getrennt. Daemon l\xE4uft weiter.\n");
         client.disconnect();
@@ -1882,6 +1521,7 @@ var AttachClient = class {
     client.on("message", (msg) => {
       switch (msg.type) {
         case "status":
+          this.isPaused = msg.data.paused;
           renderStatus(msg.data);
           break;
         case "event":
@@ -1898,7 +1538,7 @@ var AttachClient = class {
 `);
           break;
         case "prompt":
-          renderPrompt(msg.prompt.kind, msg.prompt.options, (answer) => {
+          renderPrompt(msg.id, msg.prompt.kind, msg.prompt.context, msg.prompt.options, (answer) => {
             client.send({ type: "prompt-response", id: msg.id, answer });
           });
           break;
@@ -1912,17 +1552,34 @@ var AttachClient = class {
   }
 };
 function renderStatus(status) {
+  const state = status.paused ? "\x1B[33m\u23F8 PAUSED\x1B[0m" : "\x1B[32m\u25CF RUNNING\x1B[0m";
   process.stdout.write(
     `
 \u2500\u2500 Shadow Status \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
-  PID: ${status.pid} | Uptime: ${Math.round(status.uptime)}s
-  Nodes: ${status.nodeCount} | Events: ${status.eventCount} | Tasks: ${status.taskCount}
+  ${state}  PID: ${status.pid} | Uptime: ${Math.round(status.uptime)}s
+  Nodes: ${status.nodeCount} | Events: ${status.eventCount} | Tasks: ${status.taskCount} | SOPs: ${status.sopCount}
   Cycles: ${status.cyclesRun} run, ${status.cyclesSkipped} skipped
 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
 `
   );
 }
-function renderPrompt(kind, options, callback) {
+function renderPrompt(id, kind, context, options, callback) {
+  if (id.startsWith("sop-suggest:")) {
+    const desc = context["description"] ?? "Unbenannter Task";
+    process.stdout.write(`
+  \u{1F4CB} Task abgeschlossen: "${desc}"
+`);
+    process.stdout.write(`     Als SOP speichern?
+`);
+    options.forEach((opt, i) => process.stdout.write(`     [${i + 1}] ${opt}
+`));
+    process.stdout.write("  \u2192 ");
+    process.stdin.once("data", (data) => {
+      const idx = parseInt(data.trim(), 10) - 1;
+      callback(options[idx] ?? options[0] ?? "");
+    });
+    return;
+  }
   process.stdout.write(`
 \u2753 ${kind}
 `);
@@ -1936,6 +1593,13 @@ function renderPrompt(kind, options, callback) {
 }
 // src/cli.ts
+var bold = (s) => `\x1B[1m${s}\x1B[0m`;
+var dim = (s) => `\x1B[2m${s}\x1B[0m`;
+var cyan = (s) => `\x1B[36m${s}\x1B[0m`;
+var green = (s) => `\x1B[32m${s}\x1B[0m`;
+var yellow = (s) => `\x1B[33m${s}\x1B[0m`;
+var magenta = (s) => `\x1B[35m${s}\x1B[0m`;
+var red = (s) => `\x1B[31m${s}\x1B[0m`;
 if (process.env.CARTOGRAPHYY_DAEMON === "1") {
   const config = JSON.parse(process.env.CARTOGRAPHYY_CONFIG ?? "{}");
   startDaemonProcess(config).catch((err) => {
@@ -1946,17 +1610,10 @@ if (process.env.CARTOGRAPHYY_DAEMON === "1") {
 } else {
   main();
 }
-var bold = (s) => `\x1B[1m${s}\x1B[0m`;
-var dim = (s) => `\x1B[2m${s}\x1B[0m`;
-var cyan = (s) => `\x1B[36m${s}\x1B[0m`;
-var green = (s) => `\x1B[32m${s}\x1B[0m`;
-var yellow = (s) => `\x1B[33m${s}\x1B[0m`;
-var magenta = (s) => `\x1B[35m${s}\x1B[0m`;
-var red = (s) => `\x1B[31m${s}\x1B[0m`;
 function main() {
   const program = new Command();
   const CMD = "datasynx-cartography";
-  const VERSION = "0.1.8";
+  const VERSION = "0.2.0";
   program.name(CMD).description("AI-powered Infrastructure Cartography & SOP Generation").version(VERSION);
   program.command("discover").description("Infrastruktur scannen und kartographieren").option("--entry <hosts...>", "Startpunkte", ["localhost"]).option("--depth <n>", "Max Tiefe", "8").option("--max-turns <n>", "Max Agent-Turns", "50").option("--model <m>", "Agent-Model", "claude-sonnet-4-5-20250929").option("--org <name>", "Organisation (f\xFCr Backstage)").option("-o, --output <dir>", "Output-Dir", "./datasynx-output").option("--db <path>", "DB-Pfad").option("-v, --verbose", "Agent-Reasoning anzeigen", false).action(async (opts) => {
     checkPrerequisites();
@@ -2150,13 +1807,13 @@ function main() {
     const htmlPath = resolve(config.outputDir, "topology.html");
     const topoPath = resolve(config.outputDir, "topology.mermaid");
     w("\n");
-    if (existsSync5(htmlPath)) {
+    if (existsSync4(htmlPath)) {
       w(`  ${green("\u2192")}  ${osc8(`file://${htmlPath}`, bold("topology.html \xF6ffnen"))}
 `);
     }
-    if (existsSync5(topoPath)) {
+    if (existsSync4(topoPath)) {
       try {
-        const code = readFileSync4(topoPath, "utf8");
+        const code = readFileSync3(topoPath, "utf8");
         const b64 = Buffer.from(JSON.stringify({ code, mermaid: { theme: "dark" } })).toString("base64");
         w(`  ${cyan("\u2192")}  ${osc8(`https://mermaid.live/view#base64:${b64}`, bold("mermaid.live \xF6ffnen"))}
 `);
@@ -2200,11 +1857,99 @@ function main() {
       process.stderr.write("   datasynx-cartography shadow stop    \u2014 stoppen\n\n");
     }
   });
-  shadow.command("stop").description("Shadow-Daemon stoppen").action(() => {
-    const config = defaultConfig();
+  shadow.command("stop").description("Shadow-Daemon stoppen + SOP-Review").option("-o, --output <dir>", "Output-Dir f\xFCr SOPs + Dashboard", "./datasynx-output").option("--no-review", "SOP-Review \xFCberspringen").action(async (opts) => {
+    const config = defaultConfig({ outputDir: opts.output });
     const stopped = stopDaemon(config.pidFile);
-    if (stopped) {
-      process.stderr.write("\u2713 Shadow-Daemon gestoppt\n");
+    if (!stopped) {
+      process.stderr.write("\u26A0 Kein laufender Shadow-Daemon gefunden\n");
+      return;
+    }
+    process.stderr.write("\u2713 Shadow-Daemon gestoppt\n");
+    if (opts.review === false) return;
+    await new Promise((r) => setTimeout(r, 500));
+    const db = new CartographyDB(config.dbPath);
+    const session = db.getLatestSession("shadow");
+    if (!session) {
+      db.close();
+      return;
+    }
+    const stats = db.getStats(session.id);
+    const w = (s) => process.stderr.write(s);
+    w("\n");
+    w(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n"));
+    w(bold("  Shadow-Session Review\n"));
+    w(dim(`  Session: ${session.id}
+`));
+    w(dim(`  Nodes: ${stats.nodes} | Events: ${stats.events} | Tasks: ${stats.tasks}
+`));
+    w(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n"));
+    w("\n");
+    if (stats.tasks > 0) {
+      try {
+        w("  SOPs generieren...\n");
+        const count = await generateSOPs(db, session.id);
+        w(`  ${green("\u2713")} ${count} SOPs generiert
+`);
+      } catch (err) {
+        w(`  ${red("\u2717")} SOP-Generierung fehlgeschlagen: ${err}
+`);
+      }
+    }
+    const { exportSOPMarkdown, exportSOPDashboard } = await import("./exporter-BDVDYA3K.js");
+    const sops = db.getSOPs(session.id);
+    if (sops.length > 0) {
+      w(bold("  SOPs zur \xDCberpr\xFCfung:\n\n"));
+      for (const sop of sops) {
+        const md = exportSOPMarkdown(sop);
+        for (const line of md.split("\n")) {
+          process.stdout.write(`  ${line}
+`);
+        }
+        process.stdout.write("\n");
+        w(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n"));
+      }
+      const { mkdirSync: mkdirSync2, writeFileSync: writeFileSync2 } = await import("fs");
+      const { join: join2, resolve: resolvePath } = await import("path");
+      mkdirSync2(config.outputDir, { recursive: true });
+      mkdirSync2(join2(config.outputDir, "sops"), { recursive: true });
+      for (const sop of sops) {
+        const filename = sop.title.toLowerCase().replace(/[^a-z0-9]+/g, "-") + ".md";
+        writeFileSync2(join2(config.outputDir, "sops", filename), exportSOPMarkdown(sop));
+      }
+      const allSOPs = db.getAllSOPs();
+      const dashboardHtml = exportSOPDashboard(allSOPs);
+      const dashboardPath = join2(config.outputDir, "sop-dashboard.html");
+      writeFileSync2(dashboardPath, dashboardHtml);
+      const absPath = resolvePath(dashboardPath);
+      w(`  ${green("\u2713")} ${sops.length} SOP-Markdown-Dateien geschrieben
+`);
+      w(`  ${green("\u2713")} SOP Dashboard: ${cyan(`file://${absPath}`)}
+`);
+      w("\n");
+      w(dim(`  \xD6ffne im Browser: ${bold(`file://${absPath}`)}
+`));
+      w("\n");
+    } else {
+      w(dim("  Keine SOPs in dieser Session.\n\n"));
+    }
+    db.close();
+  });
+  shadow.command("pause").description("Shadow-Daemon pausieren").action(() => {
+    const config = defaultConfig();
+    const paused = pauseDaemon(config.pidFile);
+    if (paused) {
+      process.stderr.write("\u23F8 Shadow-Daemon pausiert\n");
+    } else {
+      process.stderr.write("\u26A0 Kein laufender Shadow-Daemon gefunden\n");
+    }
+  });
+  shadow.command("resume").description("Shadow-Daemon fortsetzen").action(() => {
+    const config = defaultConfig();
+    const resumed = resumeDaemon(config.pidFile);
+    if (resumed) {
+      process.stderr.write("\u25B6 Shadow-Daemon fortgesetzt\n");
     } else {
       process.stderr.write("\u26A0 Kein laufender Shadow-Daemon gefunden\n");
     }
@@ -2614,10 +2359,172 @@ ${infraSummary.substring(0, 12e3)}`;
     out(dim("  PID:    ~/.cartography/daemon.pid\n"));
     out("\n");
   });
+  program.command("bookmarks").description("Alle Browser-Lesezeichen anzeigen (Chrome, Edge, Brave, Firefox)").action(async () => {
+    const { scanAllBookmarks: scanAllBookmarks2 } = await import("./bookmarks-O7KNR7D3.js");
+    const out = (s) => process.stdout.write(s);
+    process.stderr.write("  Scanning bookmarks...\n\n");
+    const hosts = await scanAllBookmarks2();
+    if (hosts.length === 0) {
+      out("  (Keine Lesezeichen gefunden \u2014 Chrome, Edge, Brave und Firefox werden unterst\xFCtzt)\n\n");
+      return;
+    }
+    const bySource = /* @__PURE__ */ new Map();
+    for (const h of hosts) {
+      if (!bySource.has(h.source)) bySource.set(h.source, []);
+      bySource.get(h.source).push(h);
+    }
+    for (const [source, entries] of bySource) {
+      out(bold(cyan(`  ${source.toUpperCase()}`)) + dim(`  (${entries.length} Hosts)
+`));
+      out(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n"));
+      for (const h of entries) {
+        const isDefault = h.protocol === "https" && h.port === 443 || h.protocol === "http" && h.port === 80;
+        const portStr = isDefault ? "" : `:${h.port}`;
+        out(`  ${cyan(h.protocol + "://")}${h.hostname}${dim(portStr)}
+`);
+      }
+      out("\n");
+    }
+    out(dim(`  Total: ${hosts.length} unique hosts
+`));
+    out(dim("  Tipp: ") + "datasynx-cartography discover" + dim(" \u2014 scannt + klassifiziert alle Lesezeichen automatisch\n\n"));
+  });
+  program.command("seed").description("Bekannte Infrastruktur manuell eintragen (Tools, DBs, APIs, etc.)").option("--file <path>", "JSON-Datei mit Node-Definitionen einlesen").option("--session <id>", "In existierende Session eintragen (default: neue Session)").option("--db <path>", "DB-Pfad").action(async (opts) => {
+    const config = defaultConfig({ ...opts.db ? { dbPath: opts.db } : {} });
+    const db = new CartographyDB(config.dbPath);
+    const sessionId = opts.session ?? db.createSession("discover", config);
+    const out = (s) => process.stdout.write(s);
+    const w = (s) => process.stderr.write(s);
+    if (opts.file) {
+      let raw;
+      try {
+        raw = JSON.parse(readFileSync3(resolve(opts.file), "utf8"));
+      } catch (e) {
+        w(red(`
+  \u2717  Datei konnte nicht gelesen werden: ${e}
+`));
+        process.exitCode = 1;
+        return;
+      }
+      if (!Array.isArray(raw)) {
+        w(red('\n  \u2717  JSON muss ein Array sein: [{ "type": "...", "name": "...", "host": "..." }]\n\n'));
+        process.exitCode = 1;
+        return;
+      }
+      let saved2 = 0;
+      for (const entry of raw) {
+        const type = entry["type"];
+        const name = entry["name"];
+        const host = entry["host"];
+        const port = entry["port"];
+        const tags = entry["tags"] ?? [];
+        const metadata = entry["metadata"] ?? {};
+        if (!type || !name) {
+          w(yellow(`  \u26A0  \xDCbersprungen (kein type/name): ${JSON.stringify(entry)}
+`));
+          continue;
+        }
+        const id = host ? `${type}:${host}${port ? ":" + port : ""}` : `${type}:${name.toLowerCase().replace(/\s+/g, "-")}`;
+        db.upsertNode(sessionId, {
+          id,
+          type,
+          name,
+          discoveredVia: "manual",
+          confidence: 1,
+          metadata: { ...metadata, ...host ? { host } : {}, ...port ? { port } : {} },
+          tags
+        });
+        out(`  ${green("+")}  ${cyan(id)}  ${dim("(" + type + ")")}
+`);
+        saved2++;
+      }
+      db.endSession(sessionId);
+      w(`
+  ${green(bold("DONE"))}  ${saved2} Nodes gespeichert  ${dim("Session: " + sessionId)}
+`);
+      return;
+    }
+    const { NODE_TYPES: NODE_TYPES2 } = await import("./types-NKF6BRMZ.js");
+    if (!process.stdin.isTTY) {
+      w(red("\n  \u2717  Interaktiver Modus ben\xF6tigt ein Terminal (--file f\xFCr nicht-interaktiven Betrieb)\n\n"));
+      process.exitCode = 1;
+      return;
+    }
+    w("\n");
+    w(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n"));
+    w(bold("  Bekannte Infrastruktur eintragen\n"));
+    w(dim("  Beispiele: Datenbanken, APIs, SaaS-Tools, Cloud-Services\n"));
+    w(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n"));
+    w("\n");
+    const rl = createInterface({ input: process.stdin, output: process.stderr });
+    const ask = (q) => new Promise((res) => rl.question(q, res));
+    let saved = 0;
+    const typeList = NODE_TYPES2.map((t, i) => `${dim((i + 1).toString().padStart(2))}  ${t}`).join("\n  ");
+    while (true) {
+      w("\n");
+      w(dim("  Node-Typen:\n"));
+      w(`  ${typeList}
+`);
+      const typeInput = (await ask(`  ${cyan("Typ")} ${dim("[Nr. oder Name, Enter=abbrechen]")}: `)).trim();
+      if (!typeInput) break;
+      let nodeType;
+      const asNum = parseInt(typeInput, 10);
+      if (!isNaN(asNum) && asNum >= 1 && asNum <= NODE_TYPES2.length) {
+        nodeType = NODE_TYPES2[asNum - 1];
+      } else if (NODE_TYPES2.includes(typeInput)) {
+        nodeType = typeInput;
+      } else {
+        w(yellow(`  \u26A0  Unbekannter Typ: "${typeInput}"
+`));
+        continue;
+      }
+      const name = (await ask(`  ${cyan("Name")} ${dim('[z.B. "Prod PostgreSQL"]')}: `)).trim();
+      if (!name) {
+        w(dim("  (Abgebrochen)\n"));
+        continue;
+      }
+      const hostRaw = (await ask(`  ${cyan("Host / IP")} ${dim("[optional, Enter=\xFCberspringen]")}: `)).trim();
+      const portRaw = (await ask(`  ${cyan("Port")} ${dim("[optional]")}: `)).trim();
+      const tagsRaw = (await ask(`  ${cyan("Tags")} ${dim("[komma-getrennt, optional]")}: `)).trim();
+      const host = hostRaw || void 0;
+      const port = portRaw ? parseInt(portRaw, 10) : void 0;
+      const tags = tagsRaw ? tagsRaw.split(",").map((t) => t.trim()).filter(Boolean) : [];
+      const id = host ? `${nodeType}:${host}${port ? ":" + port : ""}` : `${nodeType}:${name.toLowerCase().replace(/\s+/g, "-")}`;
+      db.upsertNode(sessionId, {
+        id,
+        type: nodeType,
+        name,
+        discoveredVia: "manual",
+        confidence: 1,
+        metadata: { ...host ? { host } : {}, ...port ? { port } : {} },
+        tags
+      });
+      out(`  ${green("+")}  ${cyan(id)}
+`);
+      saved++;
+      const again = (await ask(`  ${dim("Weiteren Node hinzuf\xFCgen? [Y/n]")}: `)).trim().toLowerCase();
+      if (again === "n" || again === "nein") break;
+    }
+    rl.close();
+    db.endSession(sessionId);
+    w("\n");
+    w(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n"));
+    w(`  ${green(bold("DONE"))}  ${saved} Node${saved !== 1 ? "s" : ""} gespeichert
+`);
+    w(`  ${dim("Session: " + sessionId)}
+`);
+    w(`  ${dim("Tipp: datasynx-cartography show " + sessionId)}
+`);
+  });
   program.command("doctor").description("Pr\xFCft ob alle Voraussetzungen erf\xFCllt sind").action(async () => {
     const { execSync: execSync3 } = await import("child_process");
-    const { existsSync: existsSync6, readFileSync: readFileSync5 } = await import("fs");
-    const { join: join4 } = await import("path");
+    const { existsSync: existsSync5, readFileSync: readFileSync4 } = await import("fs");
+    const { join: join2 } = await import("path");
     const out = (s) => process.stdout.write(s);
     const ok = (msg) => out(`  \x1B[32m\u2713\x1B[0m  ${msg}
 `);
@@ -2648,7 +2555,7 @@ ${infraSummary.substring(0, 12e3)}`;
     const home = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
     let hasOAuth = false;
     try {
-      const creds = JSON.parse(readFileSync5(join4(home, ".claude", ".credentials.json"), "utf8"));
+      const creds = JSON.parse(readFileSync4(join2(home, ".claude", ".credentials.json"), "utf8"));
       const oauth = creds["claudeAiOauth"];
       hasOAuth = typeof oauth?.["accessToken"] === "string" && oauth["accessToken"].length > 0;
     } catch {
@@ -2661,12 +2568,30 @@ ${infraSummary.substring(0, 12e3)}`;
       err("Keine Authentifizierung \u2014 claude login  oder  export ANTHROPIC_API_KEY=sk-ant-...");
       allGood = false;
     }
-    const optional = [
+    try {
+      const v = execSync3("kubectl version --client --short 2>/dev/null || kubectl version --client", { stdio: "pipe" }).toString().split("\n")[0]?.trim() ?? "";
+      ok(`kubectl  ${dim2(v || "(Client OK)")}`);
+    } catch {
+      warn(`kubectl nicht gefunden  ${dim2("\u2014 Installation: https://kubernetes.io/docs/tasks/tools/")}`);
+    }
+    const cloudClis = [
+      ["aws", "aws --version", "AWS CLI \u2014 https://aws.amazon.com/cli/"],
+      ["gcloud", "gcloud --version", "Google Cloud SDK \u2014 https://cloud.google.com/sdk/"],
+      ["az", "az --version", "Azure CLI \u2014 https://aka.ms/installazurecliwindows"]
+    ];
+    for (const [name, cmd, hint] of cloudClis) {
+      try {
+        execSync3(cmd, { stdio: "pipe" });
+        ok(`${name}  ${dim2("(Cloud-Scanning verf\xFCgbar)")}`);
+      } catch {
+        warn(`${name} nicht gefunden  ${dim2("\u2014 Cloud-Scan \xFCbersprungen | " + hint)}`);
+      }
+    }
+    const localTools = [
       ["docker", "docker --version"],
-      ["kubectl", "kubectl version --client --short"],
       ["ss", "ss --version"]
     ];
-    for (const [name, cmd] of optional) {
+    for (const [name, cmd] of localTools) {
       try {
         execSync3(cmd, { stdio: "pipe" });
         ok(`${name}  ${dim2("(Discovery-Tool)")}`);
@@ -2674,8 +2599,8 @@ ${infraSummary.substring(0, 12e3)}`;
         warn(`${name} nicht gefunden  ${dim2("\u2014 Discovery ohne " + name + " eingeschr\xE4nkt")}`);
       }
     }
-    const dbDir = join4(home, ".cartography");
-    if (existsSync6(dbDir)) {
+    const dbDir = join2(home, ".cartography");
+    if (existsSync5(dbDir)) {
       ok(`~/.cartography  ${dim2("(Daten-Verzeichnis vorhanden)")}`);
     } else {
       warn("~/.cartography existiert noch nicht  " + dim2("\u2014 wird beim ersten Start angelegt"));
@@ -2712,14 +2637,22 @@ ${infraSummary.substring(0, 12e3)}`;
     o(_b("  Commands:\n"));
     o("\n");
     o(`  ${_g("discover")}             ${_d("Infrastruktur scannen (Claude Sonnet)")}
+`);
+    o(`  ${_g("seed")}                 ${_d("Bekannte Tools/DBs/APIs manuell eintragen")}
+`);
+    o(`  ${_g("bookmarks")}            ${_d("Browser-Lesezeichen anzeigen")}
 `);
     o(`  ${_g("shadow start")}         ${_d("Background-Daemon starten (Claude Haiku)")}
 `);
-    o(`  ${_g("shadow stop")}          ${_d("Daemon stoppen")}
+    o(`  ${_g("shadow pause")}         ${_d("Daemon pausieren")}
+`);
+    o(`  ${_g("shadow resume")}        ${_d("Daemon fortsetzen")}
+`);
+    o(`  ${_g("shadow stop")}          ${_d("Stoppen + SOP-Review + Dashboard")}
 `);
     o(`  ${_g("shadow status")}        ${_d("Daemon-Status anzeigen")}
 `);
-    o(`  ${_g("shadow attach")}        ${_d("Live an Daemon ankoppeln")}
+    o(`  ${_g("shadow attach")}        ${_d("Live-Steuerung: [T] [S] [P] [D] [Q]")}
 `);
     o(`  ${_g("sops")} ${_d("[session]")}      ${_d("SOPs aus Workflows generieren")}
 `);
@@ -2729,7 +2662,7 @@ ${infraSummary.substring(0, 12e3)}`;
 `);
     o(`  ${_g("sessions")}             ${_d("Alle Sessions auflisten")}
 `);
-    o(`  ${_g("doctor")}               ${_d("Installations-Check")}
+    o(`  ${_g("doctor")}               ${_d("Installations-Check (kubectl, aws, gcloud, az)")}
 `);
     o(`  ${_g("docs")}                 ${_d("Vollst\xE4ndige Dokumentation")}
 `);
@@ -2739,6 +2672,8 @@ ${infraSummary.substring(0, 12e3)}`;
     o(_b("  Quick Start:\n"));
     o("\n");
     o(`  ${_m("$")} ${_b("datasynx-cartography doctor")}         ${_d("Alles bereit?")}
+`);
+    o(`  ${_m("$")} ${_b("datasynx-cartography seed")}           ${_d("Bekannte Infra eintragen")}
 `);
     o(`  ${_m("$")} ${_b("datasynx-cartography discover")}       ${_d("Einmal-Scan")}
 `);