@datasynx/agentic-ai-cartography 1.1.1 → 2.2.0

package/AGENTS.md

@@ -0,0 +1,32 @@
+# Working with Cartography
+
+This project can use **Cartography** — an MCP server that maps the system landscape
+(services, datastores, SaaS tools, dependencies) read-only.
+
+## Enable it
+
+```json
+{
+  "mcpServers": {
+    "cartography": {
+      "command": "npx",
+      "args": [
+        "-y",
+        "--package",
+        "@datasynx/agentic-ai-cartography",
+        "cartography-mcp"
+      ]
+    }
+  }
+}
+```
+
+Or run `datasynx-cartography install --client <id>` (see `list-clients`).
+
+## Use it
+
+- Read `cartography://graph/summary` first — a low-token overview.
+- Then drill in with `query_infrastructure`, `get_dependencies`, `get_node`.
+- All tools are read-only; run `run_discovery` to (re)scan the local system.
+
+<!-- Generated by `npm run docs:tables`; edit scripts/gen-docs.ts, not this file. -->

package/README.md

@@ -1,6 +1,10 @@
 <div align="center">
 
-# 🗺️ Datasynx Cartography
+<a href="https://github.com/datasynx/agentic-ai-cartography">
+  <img src="https://raw.githubusercontent.com/datasynx/agentic-ai-cartography/main/docs/assets/datasynx-logo.png" alt="Datasynx" width="340" />
+</a>
+
+# Datasynx Cartography
 
 **AI-powered Infrastructure Discovery & Agentic AI Cartography**
 
@@ -9,22 +13,194 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square)](https://opensource.org/licenses/MIT)
 [![Node.js >=20](https://img.shields.io/badge/Node.js-%E2%89%A520-339933?style=flat-square&logo=node.js&logoColor=white)](https://nodejs.org)
 [![CI](https://github.com/datasynx/agentic-ai-cartography/actions/workflows/ci.yml/badge.svg)](https://github.com/datasynx/agentic-ai-cartography/actions/workflows/ci.yml)
-[![Built with Claude](https://img.shields.io/badge/Built_with-Claude_Agent_SDK-D4A017?style=flat-square&logo=anthropic&logoColor=white)](https://github.com/anthropics/claude-code)
+[![Release](https://github.com/datasynx/agentic-ai-cartography/actions/workflows/release.yml/badge.svg)](https://github.com/datasynx/agentic-ai-cartography/actions/workflows/release.yml)
+[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=flat-square)](https://github.com/semantic-release/semantic-release)
+[![MCP](https://img.shields.io/badge/MCP-server-6E56CF?style=flat-square)](https://modelcontextprotocol.io)
+[![Docs](https://img.shields.io/badge/docs-live-2E8555?style=flat-square&logo=readthedocs&logoColor=white)](https://datasynx.github.io/agentic-ai-cartography/)
+[![Provenance](https://img.shields.io/badge/npm-provenance_signed-3B7DBD?style=flat-square&logo=npm&logoColor=white)](https://docs.npmjs.com/generating-provenance-statements)
+[![Agentic AI](https://img.shields.io/badge/Agentic_AI-Provider_Agnostic-D4A017?style=flat-square)](https://github.com/datasynx/agentic-ai-cartography)
 [![LinkedIn](https://img.shields.io/badge/LinkedIn-Datasynx_AI-0077B5?style=flat-square&logo=linkedin&logoColor=white)](https://www.linkedin.com/company/datasynx-ai/)
 [![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS%20%7C%20Windows-blue?style=flat-square)](https://github.com/datasynx/agentic-ai-cartography)
 
 <br/>
 
-*Claude IS the agent — it decides which read-only commands to run, analyses the output, and stores results via custom MCP tools into SQLite. No hand-written parsers, diff logic, or decision trees.*
+*A **Model Context Protocol server** that gives any AI agent read-only awareness of your complete system landscape — local services, databases, SaaS tools, installed apps and their dependencies — with progressive disclosure, recursive dependency traversal and semantic search. Discovery runs deterministically (no LLM required) or via an optional Claude-driven loop. Provider-agnostic: works with Claude, OpenAI, Ollama, or any MCP-compatible host.*
 
 <br/>
 
-**[📦 npm](https://www.npmjs.com/package/@datasynx/agentic-ai-cartography) · [💼 LinkedIn](https://www.linkedin.com/company/datasynx-ai/) · [🐛 Issues](https://github.com/datasynx/agentic-ai-cartography/issues)**
+**[📖 Documentation](https://datasynx.github.io/agentic-ai-cartography/) · [📦 npm](https://www.npmjs.com/package/@datasynx/agentic-ai-cartography) · [💼 LinkedIn](https://www.linkedin.com/company/datasynx-ai/) · [🐛 Issues](https://github.com/datasynx/agentic-ai-cartography/issues)**
 
 </div>
 
 ---
 
+## Contents
+
+[MCP-first quick start](#-mcp-first--install-once-every-agent-knows-your-landscape) ·
+[Connect your client](#connect-your-client-copy-paste) ·
+[Embed in your app](#embed-in-your-own-app) ·
+[What it does](#what-it-does) ·
+[Cross-platform](#cross-platform-support) ·
+[Features](#features) ·
+[CLI commands](#commands) ·
+[Architecture](#architecture) ·
+[Safety](#safety) ·
+[Public API](#public-api) ·
+[Releasing](#releasing) ·
+[Star History](#star-history)
+
+---
+
+## 🤖 MCP-first — install once, every agent knows your landscape
+
+> **v2.0** inverts the architecture: the package's primary interface is now a
+> production **Model Context Protocol (MCP) server**. Any MCP host — Claude Code,
+> Cursor, Cline, Windsurf, VS Code Copilot, the Vercel AI SDK, LangGraph — connects
+> to it and gains read-only awareness of your complete system landscape. The bundled
+> Claude-driven discovery loop is now one optional turnkey adapter; the server needs
+> **no LLM dependency of its own**.
+
+The topology is exposed with **progressive disclosure** so agents never blow their
+context window:
+
+- **Resources** (read-only context): `cartography://graph/summary` (low-token index — read first), `cartography://nodes/{id}`, `cartography://services`, `cartography://databases`, `cartography://dependencies/{id}`.
+- **Tools** (parameterized queries): `query_infrastructure`, `search_topology` (semantic), `get_dependencies` (recursive graph traversal), `list_services`, `get_node`, `get_summary`, `run_discovery`.
+- **Prompts**: `audit-attack-surface`, `map-service-dependencies`, `onboard-to-system`.
+
+### Quick start
+
+```bash
+# 1. Discover your system (read-only, deterministic — no LLM required)
+npx -p @datasynx/agentic-ai-cartography cartography-mcp --help
+datasynx-cartography discover          # or the richer Claude-driven loop
+
+# 2. Run the MCP server (stdio by default)
+npx -p @datasynx/agentic-ai-cartography cartography-mcp
+```
+
+### Auto-install into your client
+
+Let the harness write the correct config for your host — it parses the existing
+file and merges in the server entry **without clobbering** your other servers:
+
+```bash
+datasynx-cartography list-clients                          # supported hosts
+# claude-code · cursor · vscode · codex · windsurf · cline · roo
+# zed · junie · gemini · goose · openhands · claude-desktop
+datasynx-cartography install --client claude-code          # global/user config
+datasynx-cartography install --client claude-code --project # project-local (.mcp.json)
+datasynx-cartography install --client claude-code --dry-run # preview the merge diff
+```
+
+Flags: `--global` (default) / `--project` scope, `--dry-run` (no write), `--name <server>`,
+`--http`/`--url <url>` (register the HTTP endpoint), `--db <path>`, `--session <id>`,
+`--deeplink` (print a one-click Cursor/VS Code install link instead of writing).
+
+```bash
+datasynx-cartography install --client cursor --deeplink   # cursor://… one-click link
+datasynx-cartography install --client vscode --deeplink   # vscode://… + `code --add-mcp`
+```
+
+> Thirteen hosts are supported today (see `list-clients`). The server is also
+> deployable on [Smithery](https://smithery.ai) (TypeScript runtime, `smithery.yaml`)
+> and published to the official MCP Registry (`server.json`).
+>
+> **Smithery scope:** the hosted runtime needs no secrets (`smithery.yaml` declares
+> `env: {}`) because it serves a read-only catalog from an in-memory or supplied
+> SQLite database. The cloud scanners (`scan_aws_resources`, `scan_gcp_resources`,
+> `scan_azure_resources`, `scan_k8s_resources`) require the respective CLI and its
+> credentials on the host, so they are intended for local/self-hosted runs, not the
+> managed Smithery instance.
+
+**Claude Desktop one-click** — build the portable bundle and double-click it
+(Settings → Extensions → Install), or drag it onto the window:
+```bash
+npm run build:mcpb     # → dist/cartography.mcpb (validated against the mcpb v0.3 schema)
+```
+
+### Connect your client (copy-paste)
+
+**Claude Code** — install as a plugin from the Datasynx marketplace (recommended):
+```text
+/plugin marketplace add datasynx/claude-plugins
+/plugin install cartography@datasynx
+```
+This wires up the MCP server in one step (verify with `/mcp`) — the same flow as
+[`shadowing`](https://github.com/datasynx/agentic-ai-shadowing). The plugin lives
+in [`plugin/`](plugin/). Prefer to wire it by hand instead?
+```bash
+claude mcp add cartography -- npx -p @datasynx/agentic-ai-cartography cartography-mcp
+```
+
+**Cursor / Windsurf / Cline** — `mcp.json` (or `~/.codeium/windsurf/mcp_config.json`):
+```json
+{
+  "mcpServers": {
+    "cartography": {
+      "command": "npx",
+      "args": ["-p", "@datasynx/agentic-ai-cartography", "cartography-mcp"]
+    }
+  }
+}
+```
+
+**VS Code (Copilot)** — `.vscode/mcp.json` (note: `servers`, not `mcpServers`):
+```json
+{
+  "servers": {
+    "cartography": { "command": "npx", "args": ["-p", "@datasynx/agentic-ai-cartography", "cartography-mcp"] }
+  }
+}
+```
+
+**Remote / team use** — Streamable HTTP (localhost-bound, DNS-rebind protected):
+```bash
+cartography-mcp --http --port 3737      # → http://127.0.0.1:3737/mcp (loopback, no auth)
+
+# Exposing beyond loopback requires BOTH an explicit Host allowlist (CVE-2025-66414)
+# AND a bearer token — clients must send `Authorization: Bearer <token>`:
+export CARTOGRAPHY_HTTP_TOKEN=$(openssl rand -hex 32)
+cartography-mcp --http --host 0.0.0.0 --port 3737 \
+  --allowed-hosts cartography.internal:3737 --token "$CARTOGRAPHY_HTTP_TOKEN"
+```
+> Binding a non-loopback `--host` **without** `--allowed-hosts` (DNS-rebinding) **or without
+> `--token`** (`CARTOGRAPHY_HTTP_TOKEN`) is refused on purpose — it would leave the scanning
+> tools open to anyone who can reach the host. Put it behind TLS / a reverse proxy for real
+> deployments. The same flags work on `datasynx-cartography mcp` and the Smithery deployment.
+
+**Vercel AI SDK** (provider-agnostic):
+```ts
+import { experimental_createMCPClient } from 'ai';
+const mcp = await experimental_createMCPClient({
+  transport: { type: 'sse', url: 'http://127.0.0.1:3737/mcp' },
+});
+const tools = await mcp.tools(); // MCP tools → AI SDK tools, any model
+```
+
+**Frameworks without a config file** (CrewAI, AutoGen/MAF, LangGraph, Pydantic AI,
+OpenAI Agents SDK, Smolagents, Vercel AI SDK) load MCP tools via their own adapters —
+copy-paste snippets in **[docs/adapters.md](docs/adapters.md)**.
+
+> Full documentation lives at **[datasynx.github.io/agentic-ai-cartography](https://datasynx.github.io/agentic-ai-cartography/)**
+> — quickstart, the client matrix, MCP tools and CLI reference. Drop **[AGENTS.md](AGENTS.md)**
+> into a repo to give coding agents the standard config block.
+
+### Embed in your own app
+
+```ts
+import { createMcpServer, runStdio, createSemanticSearch, localDiscoveryFn, CartographyDB } from '@datasynx/agentic-ai-cartography';
+
+const db = new CartographyDB('/path/to/cartography.db');
+const server = createMcpServer({
+  db,
+  search: await createSemanticSearch(db),   // semantic (sqlite-vec) + lexical fallback
+  discovery: localDiscoveryFn(),            // deterministic, LLM-free scanners
+});
+await runStdio(server);
+```
+
+---
+
 ## What it does
 
 ```
@@ -68,7 +244,7 @@ Cartography runs natively on **Linux**, **macOS**, and **Windows** — no WSL re
 | **DB service detection** | CLI probes (psql, mysql, etc.) | CLI probes | `Get-Service` + CLI probes |
 | **Browser bookmarks** | `~/.config/google-chrome` + Snap/Flatpak | `~/Library/Application Support/...` | `%LOCALAPPDATA%\Google\Chrome\User Data` |
 | **Firefox profiles** | `~/.mozilla/firefox` + Snap/Flatpak | `~/Library/.../Firefox/Profiles` | `%APPDATA%\Mozilla\Firefox\Profiles` |
-| **Safety hook** | Blocks `rm`, `mv`, `kill`, etc. | Blocks `rm`, `mv`, `kill`, etc. | Blocks `Remove-Item`, `Stop-Process`, etc. |
+| **Safety policy** | Read-only **allowlist** (POSIX parser) | Read-only **allowlist** (POSIX parser) | Read-only allowlist (PowerShell mutating-cmdlet denylist) |
 
 ---
 
@@ -82,19 +258,21 @@ Cartography runs natively on **Linux**, **macOS**, and **Windows** — no WSL re
 | **Cloud Scanning** | AWS (EC2/RDS/EKS/S3), GCP (Compute/GKE/Cloud Run), Azure (AKS/WebApps), Kubernetes |
 | **Human-in-the-Loop** | Chat with the agent mid-discovery: type `"hubspot windsurf"` to search for specific tools |
 | **Export Formats** | Mermaid topology, D3.js interactive graph, Backstage YAML, JSON |
-| **Safety First** | `PreToolUse` hook blocks all destructive commands — Unix AND PowerShell. 100% read-only |
+| **Safety First** | Strict read-only **allowlist** (not a denylist): only known-safe commands run — shell-aware for POSIX *and* PowerShell, enforced at the command runner as defense-in-depth. 100% read-only |
 
 ---
 
 ## Requirements
 
-- **Node.js >= 20** (Linux, macOS, or Windows)
-- **Claude CLI** — the Agent SDK starts it as a subprocess
-
-```bash
-npm install -g @anthropic-ai/claude-code
-claude login
-```
+- **Node.js >= 20** (Linux, macOS, or Windows) — that's it for the MCP server and the
+  deterministic, read-only discovery. **No LLM and no API key required.**
+- **Optional — Claude CLI**, only for the richer Claude-driven discovery loop
+  (`datasynx-cartography discover`): `npm install -g @anthropic-ai/claude-code && claude login`.
+- **Optional — semantic search** auto-upgrades when `sqlite-vec` and a local embedder
+  (`@huggingface/transformers`) are present; otherwise it falls back to lexical search.
+  These ship as `optionalDependencies` and are lazy-loaded, so installs that skip them
+  pay no cost. On startup the server logs `semantic search: ready` when the upgrade is
+  active, or names the missing dependency and that it is using lexical search when it isn't.
 
 ---
 
@@ -114,7 +292,7 @@ npm install -g @datasynx/agentic-ai-cartography
 # Check all requirements (platform-aware)
 datasynx-cartography doctor
 
-# Discover your full infrastructure (one-shot, Claude Sonnet)
+# Discover your full infrastructure (autonomous agent scan)
 # → scans bookmarks, installed apps, local services, cloud, config files
 # → then interactive follow-up: type tool names to search further
 datasynx-cartography discover
@@ -142,7 +320,7 @@ datasynx-cartography discover [options]
   --entry <hosts...>    Start hosts          (default: localhost)
   --depth <n>           Max crawl depth      (default: 8)
   --max-turns <n>       Max agent turns      (default: 50)
-  --model <m>           Claude model         (default: claude-sonnet-4-5-...)
+  --model <m>           LLM model            (default: claude-sonnet-4-5-...)
   --org <name>          Org name for Backstage YAML
   -o, --output <dir>    Output directory     (default: ./datasynx-output)
   -v, --verbose         Show agent reasoning
@@ -165,6 +343,10 @@ datasynx-cartography export [session-id] [options]
   -o, --output <dir>   Output directory
 datasynx-cartography show [session-id]             Session details + node list
 datasynx-cartography sessions                      List all sessions
+datasynx-cartography diff [base] [current]         Topology drift between two sessions (default: two most recent)
+datasynx-cartography drift [base] [current]        Severity-classified drift alert → sink (default: stdout)
+  --min-severity <s>   info | warning | critical    (drop items below this)
+  --webhook <url>      Outbound webhook sink (opt-in; token via CARTOGRAPHY_DRIFT_TOKEN)
 datasynx-cartography bookmarks                     View all browser bookmarks
 datasynx-cartography seed [--file <path>]          Manually add infrastructure nodes
 datasynx-cartography doctor                        Check all requirements + cloud CLIs
@@ -196,33 +378,60 @@ datasynx-output/
 
 ## Architecture
 
+The **MCP server is the headline interface** — LLM-agnostic and the same SQLite graph
+underneath every entry point. Discovery (deterministic scanners or the optional Claude
+loop) writes the graph; any MCP host reads it.
+
 ```
-CLI (Commander.js)
-  └── Preflight: Claude CLI + API key check
-      └── Platform Detection (src/platform.ts)
-          ├── Shell: /bin/sh (Unix) | PowerShell (Windows)
-          ├── Commands: which (Unix) | Get-Command (Windows)
-          └── Agent Orchestrator (src/agent.ts)
-              └── runDiscovery()     Claude Sonnet + Bash + MCP Tools
-                  ├── scan_bookmarks()          browser bookmark extraction (all platforms)
-                  ├── scan_browser_history()     anonymized hostname extraction
-                  ├── scan_installed_apps()      platform-native app detection
-                  ├── scan_local_databases()     DB service + file scanning
-                  ├── scan_k8s_resources()       kubectl (readonly)
-                  ├── scan_aws/gcp/azure()       cloud CLI scans (readonly)
-                  ├── ask_user()                 human-in-the-loop questions
-                  └── Custom MCP Tools → CartographyDB (SQLite WAL)
+                         ┌──────────────────────────────────────────┐
+   MCP hosts ───────────►│  MCP server (src/mcp) — primary interface │
+   (Claude Code,         │    Resources · Tools · Prompts            │
+    Cursor, Cline,       │    stdio + Streamable HTTP transports     │
+    Windsurf, VS Code,   └───────────────────┬──────────────────────┘
+    Vercel AI SDK, …)                        │
+                                             ▼
+                              CartographyDB (SQLite WAL, src/db)
+                         recursive-CTE traversal · search · summary
+                                             ▲
+                ┌────────────────────────────┴────────────────────────────┐
+                │                                                          │
+   Deterministic discovery (src/discovery, src/scanners)     Optional Claude loop (src/agent)
+     bookmarks · installed-apps · local ports · DBs            runDiscovery() — human-in-the-loop
+     LLM-free, registry-driven                                 LLM + Bash + custom MCP tools
+                │                                                          │
+                └──────────────────────────┬───────────────────────────────┘
+                                           ▼
+                    Platform layer (src/platform) + read-only allowlist (src/allowlist)
+                    Shell/commands resolved per-OS · every command vetted before it runs
 ```
 
 ### Safety
 
-Every Bash call is guarded by a `PreToolUse` hook that blocks destructive commands:
+v2.0 replaces the old "block bad commands" denylist with a **strict read-only allowlist**
+(`src/allowlist.ts`): a command runs only if it is explicitly known to be safe. The check
+is shell-aware and enforced in two places — the command runner itself (defense-in-depth)
+and the Claude loop's `PreToolUse` hook.
 
-**Unix:** `rm`, `mv`, `dd`, `chmod`, `kill`, `docker rm/run/exec`, `kubectl delete/apply/exec`, redirects (`>`), and more.
+- **POSIX:** parses the command line, resolves `sudo`/`env`/command-runners and brace
+  groups, and allows only read-only tools (`ss`, `lsof`, `ps`, `which`, `find`, DB
+  probes, cloud `describe/list/get`, `kubectl get/describe`, …). Redirections, pipes to
+  writers, and anything unrecognized are rejected.
+- **Windows/PowerShell:** allows read-only cmdlets and rejects mutating ones
+  (`Remove-Item`, `Move-Item`, `Stop-Process`, `Stop-Service`, `Restart-Computer`,
+  `Format-Volume`, `Out-File`, `Set-Content`, …).
 
-**Windows/PowerShell:** `Remove-Item`, `Move-Item`, `Stop-Process`, `Stop-Service`, `Restart-Computer`, `Format-Volume`, `Out-File`, `Set-Content`, and more.
+**Cartography only reads — never writes, never deletes.**
 
-**Claude only reads — never writes, never deletes.**
+### Extending: scanner plugins
+
+Add new discovery sources with **zero core changes** via the Scanner SPI. An out-of-tree
+`@datasynx/scanner-*` package default-exports `definePlugin({ name, register })` and is
+loaded **opt-in** (`config.plugins`, `--plugins`, or `CARTOGRAPHY_PLUGINS`) — a plugin that
+is not named is never loaded. The host validates, namespaces (`plugin:<pkg>:<id>`), and
+**enforces each scanner's declared `allowedCommands`** against the read-only allowlist; a
+broken plugin is logged and skipped, never aborting discovery. See the authoring guide in
+**[docs/plugins.md](docs/plugins.md)** and the template in
+[`examples/scanner-template/`](examples/scanner-template/).
 
 ---
 
@@ -243,10 +452,68 @@ await runDiscovery(config, db, sessionId, onEvent, onAskUser, 'hubspot windsurf'
 
 ---
 
+## Releasing
+
+[`release.yml`](.github/workflows/release.yml) publishes to npm automatically on every push
+to `main`, in one of **two modes** — auto-selected by which secrets are present:
+
+- **`RELEASE_TOKEN` present → full [semantic-release](https://github.com/semantic-release/semantic-release).**
+  Version, `CHANGELOG.md`, git tag `v<version>`, GitHub Release and the provenance-signed npm
+  publish are all derived from [Conventional Commits](https://www.conventionalcommits.org/)
+  since the last tag (`fix:` → patch, `feat:` → minor, `feat!:`/`BREAKING CHANGE:` → major;
+  `docs/chore/refactor/test/ci` → no release). No manual version bumps. PR titles are linted
+  by [`pr-title.yml`](.github/workflows/pr-title.yml) so the squash-merge commit stays analyzable.
+- **`RELEASE_TOKEN` absent → idempotent npm publish.** The `package.json` version is published
+  (provenance-signed) only when it isn't already on npm — so doc/refactor merges are no-ops.
+  Bump the version + merge to release.
+
+> **Why two modes:** every commit here carries `.github/workflows/` files, and the Actions
+> `GITHUB_TOKEN` may not push a git ref that touches workflow files (it can't hold the
+> `workflow` scope). semantic-release pushes a tag, so it needs a workflow-scoped
+> `RELEASE_TOKEN`. Until one exists, the idempotent publish keeps releases flowing with only
+> `NPM_TOKEN`; adding `RELEASE_TOKEN` later upgrades to the full flow with no other changes.
+
+Quality is gated independently by [`ci.yml`](.github/workflows/ci.yml) on every PR and push:
+**lint/typecheck → test matrix (Node 20/22) + coverage → audit + license check → build &
+validate (publint, [are-the-types-wrong](https://github.com/arethetypeswrong/arethetypeswrong.github.io),
+ESM/CJS consumer smoke tests)**.
+
+**Repository secrets** (*Settings → Secrets and variables → Actions*):
+
+| Secret | Required | Purpose |
+|---|---|---|
+| `NPM_TOKEN` | **yes** | npm *Automation*/granular token with publish rights for the `@datasynx` scope. Provenance signing itself needs no secret (OIDC). |
+| `RELEASE_TOKEN` | optional | PAT (classic: `repo` + `workflow`) or deploy key. Unlocks full semantic-release (auto-versioning, changelog, tags, GitHub Releases). Without it, the idempotent npm publish is used. |
+| `CODECOV_TOKEN` | optional | Upload coverage to Codecov (non-blocking if absent). |
+
+---
+
+## Star History
+
+<div align="center">
+
+<a href="https://star-history.com/#datasynx/agentic-ai-cartography&Date">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=datasynx/agentic-ai-cartography&type=Date&theme=dark" />
+    <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=datasynx/agentic-ai-cartography&type=Date" />
+    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=datasynx/agentic-ai-cartography&type=Date" width="640" />
+  </picture>
+</a>
+
+</div>
+
+---
+
 ## Built by
 
 <div align="center">
 
+<a href="https://www.linkedin.com/company/datasynx-ai/">
+  <img src="https://raw.githubusercontent.com/datasynx/agentic-ai-cartography/main/docs/assets/datasynx-mark.png" alt="Datasynx" width="72" />
+</a>
+
+<br/>
+
 [![Datasynx AI on LinkedIn](https://img.shields.io/badge/Datasynx_AI-Follow_on_LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white)](https://www.linkedin.com/company/datasynx-ai/)
 
 </div>
@@ -256,3 +523,9 @@ await runDiscovery(config, db, sessionId, onEvent, onAskUser, 'hubspot windsurf'
 ## License
 
 MIT — © [Datasynx AI](https://www.linkedin.com/company/datasynx-ai/)
+
+---
+
+## Related Projects
+
+- [**agentic-ai-shadowing**](https://github.com/datasynx/agentic-ai-shadowing) — AI-powered agent session shadowing & replay

package/dist/bookmarks-WXHE7GN7.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+import {
+  chromeLikeHistoryPaths,
+  chromeLikePaths,
+  cleanupTempFiles,
+  extractHost,
+  readChromeLike,
+  readChromiumHistory,
+  readFirefoxBookmarks,
+  readFirefoxHistory,
+  scanAllBookmarks,
+  scanAllHistory,
+  walkChrome
+} from "./chunk-2SZ5QHGH.js";
+export {
+  chromeLikeHistoryPaths,
+  chromeLikePaths,
+  cleanupTempFiles,
+  extractHost,
+  readChromeLike,
+  readChromiumHistory,
+  readFirefoxBookmarks,
+  readFirefoxHistory,
+  scanAllBookmarks,
+  scanAllHistory,
+  walkChrome
+};
+//# sourceMappingURL=bookmarks-WXHE7GN7.js.map