npm - @datasynx/agentic-ai-cartography - Versions diffs - 2.10.0 → 2.11.0 - Mend

@datasynx/agentic-ai-cartography 2.10.0 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/api-bin.js +2 -2
package/dist/{chunk-ASCA3UFM.js → chunk-FFUUNSWP.js} +130 -6
package/dist/chunk-FFUUNSWP.js.map +1 -0
package/dist/{chunk-YVV6NIT2.js → chunk-LO6YFS6H.js} +2 -1
package/dist/{chunk-W4Q3TXHR.js → chunk-PD67MOKR.js} +2 -2
package/dist/cli.js +3 -3
package/dist/index.cjs +155 -26
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +33 -1
package/dist/index.d.ts +33 -1
package/dist/index.js +138 -12
package/dist/index.js.map +1 -1
package/dist/mcp-bin.js +2 -2
package/package.json +1 -1
package/server.json +2 -2
package/dist/chunk-ASCA3UFM.js.map +0 -1
/package/dist/{chunk-YVV6NIT2.js.map → chunk-LO6YFS6H.js.map} +0 -0
/package/dist/{chunk-W4Q3TXHR.js.map → chunk-PD67MOKR.js.map} +0 -0

package/dist/{chunk-YVV6NIT2.js → chunk-LO6YFS6H.js} RENAMED Viewed

@@ -3391,6 +3391,7 @@ export {
   k8sScanner,
   databasesScanner,
   stripSensitive,
+  redactSecrets,
   redactValue,
   buildCartographyToolHandlers,
   createCartographyTools,
@@ -3414,4 +3415,4 @@ export {
   AuthorizationError,
   authorize
 };
-//# sourceMappingURL=chunk-YVV6NIT2.js.map
+//# sourceMappingURL=chunk-LO6YFS6H.js.map

package/dist/{chunk-W4Q3TXHR.js → chunk-PD67MOKR.js} RENAMED Viewed

@@ -10,7 +10,7 @@ import {
   defaultAllowedHosts,
   normalizeTenant,
   resolvePrincipal
-} from "./chunk-YVV6NIT2.js";
+} from "./chunk-LO6YFS6H.js";
 import {
   ANOMALY_KINDS,
   ANOMALY_SEVERITIES,
@@ -1409,4 +1409,4 @@ export {
   parseApiArgs,
   startApi
 };
-//# sourceMappingURL=chunk-W4Q3TXHR.js.map
+//# sourceMappingURL=chunk-PD67MOKR.js.map

package/dist/cli.js CHANGED Viewed

@@ -11,12 +11,12 @@ import {
   runDrift,
   runLocalDiscovery,
   startMcp
-} from "./chunk-ASCA3UFM.js";
+} from "./chunk-FFUUNSWP.js";
 import {
   entitiesToYaml,
   startApi,
   toBackstageEntities
-} from "./chunk-W4Q3TXHR.js";
+} from "./chunk-PD67MOKR.js";
 import {
   CartographyDB,
   buildCartographyToolHandlers,
@@ -28,7 +28,7 @@ import {
   redactValue,
   stableStringify,
   stripSensitive
-} from "./chunk-YVV6NIT2.js";
+} from "./chunk-LO6YFS6H.js";
 import {
   ConfigFileSchema,
   CostEntrySchema,

package/dist/index.cjs CHANGED Viewed

@@ -238,6 +238,7 @@ __export(src_exports, {
   parseNginxUpstreams: () => parseNginxUpstreams,
   parseNlQuery: () => parseNlQuery,
   parseScanHint: () => parseScanHint,
+  parseTerraformState: () => parseTerraformState,
   pixelToHex: () => pixelToHex,
   planInstall: () => planInstall,
   portsScanner: () => portsScanner,
@@ -287,6 +288,8 @@ __export(src_exports, {
   stableStringify: () => stableStringify,
   startApi: () => startApi,
   stripSensitive: () => stripSensitive,
+  terraformScanner: () => terraformScanner,
+  terraformTypeToNode: () => terraformTypeToNode,
   timingSafeEqual: () => timingSafeEqual,
   toBackstageEntities: () => toBackstageEntities,
   validateScanner: () => validateScanner,
@@ -6276,7 +6279,7 @@ function correlateTopology(nodes, _edges = []) {
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.10.0";
+var SERVER_VERSION = "2.11.0";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -7686,9 +7689,132 @@ var serviceConfigScanner = {
   }
 };
+// src/scanners/terraform.ts
+var import_node_fs5 = require("fs");
+var TYPE_RULES = [
+  [/(db_instance|_rds|sql_database|sql_instance|database_instance|cosmosdb|dynamodb|spanner|bigtable|documentdb|redshift)/, "database_server"],
+  [/(elasticache|_redis|memcached|memorystore)/, "cache_server"],
+  [/(s3_bucket|storage_bucket|gcs_bucket|storage_account|_blob)/, "database"],
+  [/(_sqs|_queue|servicebus_queue)/, "queue"],
+  [/(_sns|_topic|pubsub_topic|servicebus_topic)/, "topic"],
+  [/(kafka|_msk|event_hub|kinesis)/, "message_broker"],
+  [/(_eks|_gke|_aks|kubernetes_cluster|container_cluster)/, "k8s_cluster"],
+  [/(ecs_|_container|fargate)/, "container"],
+  [/(lambda|cloud_function|cloudfunctions|function_app|cloud_run)/, "web_service"],
+  [/(_lb$|load_balancer|_alb|_elb|application_gateway)/, "web_service"],
+  [/(api_gateway|apigateway)/, "api_endpoint"],
+  [/(_instance|virtual_machine|_vm$|compute_instance)/, "host"]
+];
+function terraformTypeToNode(tfType) {
+  const t = tfType.toLowerCase();
+  for (const [re, nt] of TYPE_RULES) if (re.test(t)) return nt;
+  return "unknown";
+}
+var IDENTITY_ATTRS = ["id", "arn", "region", "location", "instance_type", "engine", "machine_type"];
+var OWNER_TAGS = ["Owner", "owner", "Team", "team"];
+var SAFE_TAG_KEYS = /* @__PURE__ */ new Set(["Name", "name", "Owner", "owner", "Team", "team", "Env", "env", "Environment", "environment", "Service", "service", "Component", "component", "App", "app", "Project", "project", "Tier", "tier", "Role", "role"]);
+var SECRET_KEY = /pass|secret|token|key|pwd|cred|private/i;
+function attrTags(tags) {
+  if (!tags || typeof tags !== "object") return [];
+  return Object.entries(tags).filter(([k]) => SAFE_TAG_KEYS.has(k) && !SECRET_KEY.test(k)).map(([k, v]) => `${k}:${redactSecrets(String(v))}`);
+}
+function parseTerraformState(json2) {
+  let state;
+  try {
+    state = JSON.parse(json2);
+  } catch {
+    return { nodes: [], edges: [] };
+  }
+  const resources = Array.isArray(state?.resources) ? state.resources : [];
+  const nodes = [];
+  const edges = [];
+  const addrToId = /* @__PURE__ */ new Map();
+  for (const raw of resources) {
+    const r = raw;
+    if (r.mode && r.mode !== "managed") continue;
+    if (typeof r.type !== "string" || typeof r.name !== "string") continue;
+    const address = `${r.type}.${r.name}`;
+    const nt = terraformTypeToNode(r.type);
+    const id = `${nt}:terraform:${address}`;
+    if (addrToId.has(address)) continue;
+    addrToId.set(address, id);
+    const inst = Array.isArray(r.instances) ? r.instances[0] : void 0;
+    const attrs = inst?.attributes ?? {};
+    const identity = { source: "terraform", tfType: r.type };
+    for (const k of IDENTITY_ATTRS) if (attrs[k] !== void 0) identity[k] = attrs[k];
+    const owner = OWNER_TAGS.map((k) => attrs.tags?.[k]).find((v) => typeof v === "string");
+    nodes.push({
+      id,
+      type: nt,
+      name: address,
+      discoveredVia: "terraform-state",
+      confidence: 0.9,
+      // IaC is authoritative declared intent.
+      metadata: redactValue(identity),
+      tags: attrTags(attrs.tags),
+      ...owner ? { owner } : {}
+    });
+  }
+  for (const raw of resources) {
+    const r = raw;
+    if (r.mode && r.mode !== "managed") continue;
+    if (typeof r.type !== "string" || typeof r.name !== "string") continue;
+    const srcId = addrToId.get(`${r.type}.${r.name}`);
+    if (!srcId) continue;
+    const inst = Array.isArray(r.instances) ? r.instances[0] : void 0;
+    const deps = Array.isArray(inst?.dependencies) ? inst.dependencies : [];
+    for (const dep of deps) {
+      if (typeof dep !== "string") continue;
+      const tgtId = addrToId.get(dep) ?? addrToId.get(dep.split("[")[0]);
+      if (!tgtId || tgtId === srcId) continue;
+      edges.push({ sourceId: srcId, targetId: tgtId, relationship: "depends_on", evidence: evidenceLine("config-declared", `terraform depends_on ${dep}`), confidence: 0.85 });
+    }
+  }
+  return { nodes, edges };
+}
+function stateDirs() {
+  return [".", "./terraform", "./infra", "./infrastructure", "./deploy", "./terraform/environments"];
+}
+function hintPath(hint) {
+  if (!hint) return void 0;
+  const m = /(?:^|[\s,])tfstate=([^\s,]+)/.exec(hint);
+  return m ? m[1] : void 0;
+}
+function resolveStatePath(ctx) {
+  const explicit = hintPath(ctx.hint);
+  if (explicit) return explicit;
+  const found = (ctx.findFiles ?? findFiles)(stateDirs(), ["*.tfstate"], 4, 20).split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+  return found[0];
+}
+function readStateFile(path) {
+  try {
+    return (0, import_node_fs5.readFileSync)(path, "utf8");
+  } catch {
+    return "";
+  }
+}
+var terraformScanner = {
+  id: "terraform-state",
+  title: "Terraform state (IaC)",
+  platforms: "all",
+  // No shell commands — the state file is read directly via node:fs, so an
+  // operator-supplied path can never inject a command (no `cat "${path}"` interpolation).
+  detect(ctx) {
+    return resolveStatePath(ctx) !== void 0;
+  },
+  async scan(ctx) {
+    const path = resolveStatePath(ctx);
+    if (!path) return { nodes: [], edges: [] };
+    const json2 = (ctx.readFile ?? readStateFile)(path);
+    if (!json2) return { nodes: [], edges: [] };
+    const result = parseTerraformState(json2);
+    return { ...result, report: `terraform-state: ${result.nodes.length} resources, ${result.edges.length} dependencies from ${path}` };
+  }
+};
 // src/scanners/registry.ts
 function defaultRegistry() {
-  return new ScannerRegistry().register(bookmarksScanner).register(installedAppsScanner).register(portsScanner).register(cloudAwsScanner).register(cloudGcpScanner).register(cloudAzureScanner).register(k8sScanner).register(databasesScanner).register(connectionsScanner).register(serviceConfigScanner);
+  return new ScannerRegistry().register(bookmarksScanner).register(installedAppsScanner).register(portsScanner).register(cloudAwsScanner).register(cloudGcpScanner).register(cloudAzureScanner).register(k8sScanner).register(databasesScanner).register(connectionsScanner).register(serviceConfigScanner).register(terraformScanner);
 }
 // src/scanners/loader.ts
@@ -9056,14 +9182,14 @@ var AuthConfigSchema = import_zod9.z.object({
 });
 // src/api/start.ts
-var import_node_fs5 = require("fs");
+var import_node_fs6 = require("fs");
 var import_node_path5 = require("path");
 var import_node_url = require("url");
 var import_meta = {};
 function readVersion() {
   try {
     const dir = import_meta.dirname ?? (0, import_node_path5.dirname)((0, import_node_url.fileURLToPath)(import_meta.url));
-    return JSON.parse((0, import_node_fs5.readFileSync)((0, import_node_path5.resolve)(dir, "..", "package.json"), "utf-8")).version ?? "0.0.0";
+    return JSON.parse((0, import_node_fs6.readFileSync)((0, import_node_path5.resolve)(dir, "..", "package.json"), "utf-8")).version ?? "0.0.0";
   } catch {
     return "0.0.0";
   }
@@ -9194,7 +9320,7 @@ function defaultServerEntry(opts = {}) {
 }
 // src/installer/install.ts
-var import_node_fs6 = require("fs");
+var import_node_fs7 = require("fs");
 var import_node_path6 = require("path");
 var import_node_os4 = require("os");
 function currentOs() {
@@ -9210,8 +9336,8 @@ function planInstall(spec, ctx, opts) {
   if (!path) {
     throw new Error(`${spec.label} does not support the "${ctx.scope}" scope.`);
   }
-  const fileExists = (0, import_node_fs6.existsSync)(path);
-  const before = fileExists ? (0, import_node_fs6.readFileSync)(path, "utf8") : "";
+  const fileExists = (0, import_node_fs7.existsSync)(path);
+  const before = fileExists ? (0, import_node_fs7.readFileSync)(path, "utf8") : "";
   const existing = parseConfig(before, spec.format);
   const merged = spec.apply(existing, opts.serverName ?? DEFAULT_SERVER_NAME, opts.entry);
   const after = serializeConfig(merged, spec.format);
@@ -9228,8 +9354,8 @@ function planInstall(spec, ctx, opts) {
   };
 }
 function applyInstall(plan) {
-  (0, import_node_fs6.mkdirSync)((0, import_node_path6.dirname)(plan.path), { recursive: true });
-  (0, import_node_fs6.writeFileSync)(plan.path, plan.after, "utf8");
+  (0, import_node_fs7.mkdirSync)((0, import_node_path6.dirname)(plan.path), { recursive: true });
+  (0, import_node_fs7.writeFileSync)(plan.path, plan.after, "utf8");
 }
 function renderDiff(before, after) {
   if (before === after) return "  (no changes)";
@@ -10077,7 +10203,7 @@ Use ask_user when you need context from the user.`;
 }
 // src/cost.ts
-var import_node_fs7 = require("fs");
+var import_node_fs8 = require("fs");
 var import_node_path8 = require("path");
 function splitCsvLine(line) {
   const out = [];
@@ -10156,7 +10282,7 @@ var CsvCostSource = class {
   }
   id;
   async fetch() {
-    const text = (0, import_node_fs7.readFileSync)((0, import_node_path8.resolve)(this.opts.filePath), "utf-8");
+    const text = (0, import_node_fs8.readFileSync)((0, import_node_path8.resolve)(this.opts.filePath), "utf-8");
     const records = parseCostCsv(text);
     const match = this.opts.match ?? "nodeId";
     const out = /* @__PURE__ */ new Map();
@@ -10198,7 +10324,7 @@ async function enrichCosts(db, sessionId, source) {
 }
 // src/exporter.ts
-var import_node_fs8 = require("fs");
+var import_node_fs9 = require("fs");
 var import_node_path9 = require("path");
 // src/hex.ts
@@ -11868,28 +11994,28 @@ function exportComplianceReport(report, format) {
   return lines.join("\n");
 }
 function exportAll(db, sessionId, outputDir, formats = ["mermaid", "json", "yaml", "html", "map", "discovery"]) {
-  (0, import_node_fs8.mkdirSync)(outputDir, { recursive: true });
+  (0, import_node_fs9.mkdirSync)(outputDir, { recursive: true });
   const nodes = db.getNodes(sessionId);
   const edges = db.getEdges(sessionId);
   const jgfPath = (0, import_node_path9.join)(outputDir, "cartography-graph.jgf.json");
-  (0, import_node_fs8.writeFileSync)(jgfPath, exportJGF(nodes, edges));
+  (0, import_node_fs9.writeFileSync)(jgfPath, exportJGF(nodes, edges));
   if (formats.includes("mermaid")) {
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "topology.mermaid"), generateTopologyMermaid(nodes, edges));
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "dependencies.mermaid"), generateDependencyMermaid(nodes, edges));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "topology.mermaid"), generateTopologyMermaid(nodes, edges));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "dependencies.mermaid"), generateDependencyMermaid(nodes, edges));
   }
   if (formats.includes("json")) {
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "catalog.json"), exportJSON(db, sessionId));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "catalog.json"), exportJSON(db, sessionId));
   }
   if (formats.includes("yaml")) {
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "catalog-info.yaml"), exportBackstageYAML(nodes, edges));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "catalog-info.yaml"), exportBackstageYAML(nodes, edges));
   }
   if (formats.includes("html") || formats.includes("map") || formats.includes("discovery")) {
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "discovery.html"), exportDiscoveryApp(nodes, edges));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "discovery.html"), exportDiscoveryApp(nodes, edges));
   }
   if (formats.includes("cost")) {
     const summary = db.getGraphSummary(sessionId);
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "cost-by-domain.csv"), exportCostCSV(summary));
-    (0, import_node_fs8.writeFileSync)((0, import_node_path9.join)(outputDir, "cost-summary.json"), exportCostSummary(summary));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "cost-by-domain.csv"), exportCostCSV(summary));
+    (0, import_node_fs9.writeFileSync)((0, import_node_path9.join)(outputDir, "cost-summary.json"), exportCostSummary(summary));
   }
 }
@@ -11921,7 +12047,7 @@ function formatComplianceText(report) {
 }
 // src/config.ts
-var import_node_fs9 = require("fs");
+var import_node_fs10 = require("fs");
 var ConfigError = class extends Error {
   constructor(message) {
     super(message);
@@ -11946,7 +12072,7 @@ function loadConfig(path) {
 function readConfigFile(path) {
   let raw;
   try {
-    raw = (0, import_node_fs9.readFileSync)(path, "utf-8");
+    raw = (0, import_node_fs10.readFileSync)(path, "utf-8");
   } catch (err) {
     throw new ConfigError(
       `Cannot read config file ${path}: ${err instanceof Error ? err.message : String(err)}`
@@ -12304,14 +12430,14 @@ function runSyncClassify(db, sessionId, config, opts = {}) {
 // src/preflight.ts
 var import_node_child_process2 = require("child_process");
-var import_node_fs10 = require("fs");
+var import_node_fs11 = require("fs");
 var import_node_path10 = require("path");
 function isOAuthLoggedIn() {
   const home = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
   const credFile = (0, import_node_path10.join)(home, ".claude", ".credentials.json");
-  if (!(0, import_node_fs10.existsSync)(credFile)) return false;
+  if (!(0, import_node_fs11.existsSync)(credFile)) return false;
   try {
-    const creds = JSON.parse((0, import_node_fs10.readFileSync)(credFile, "utf8"));
+    const creds = JSON.parse((0, import_node_fs11.readFileSync)(credFile, "utf8"));
     const oauth = creds["claudeAiOauth"];
     return typeof oauth?.["accessToken"] === "string" && oauth["accessToken"].length > 0;
   } catch {
@@ -12571,6 +12697,7 @@ function checkClaudePrerequisites() {
   parseNginxUpstreams,
   parseNlQuery,
   parseScanHint,
+  parseTerraformState,
   pixelToHex,
   planInstall,
   portsScanner,
@@ -12620,6 +12747,8 @@ function checkClaudePrerequisites() {
   stableStringify,
   startApi,
   stripSensitive,
+  terraformScanner,
+  terraformTypeToNode,
   timingSafeEqual,
   toBackstageEntities,
   validateScanner,