@datasynx/agentic-ai-cartography 2.11.0 → 2.12.1

package/README.md

@@ -42,6 +42,7 @@
 [What it does](#what-it-does) ·
 [Cross-platform](#cross-platform-support) ·
 [Features](#features) ·
+[Platform & ecosystem](#platform--ecosystem) ·
 [CLI commands](#commands) ·
 [Architecture](#architecture) ·
 [Safety](#safety) ·
@@ -64,7 +65,7 @@ The topology is exposed with **progressive disclosure** so agents never blow the
 context window:
 
 - **Resources** (read-only context): `cartography://graph/summary` (low-token index — read first), `cartography://nodes/{id}`, `cartography://services`, `cartography://databases`, `cartography://dependencies/{id}`.
-- **Tools** (parameterized queries): `query_infrastructure`, `search_topology` (semantic), `get_dependencies` (recursive graph traversal), `list_services`, `get_node`, `get_summary`, `run_discovery`.
+- **Tools** (parameterized queries): `query_infrastructure`, `search_topology` (semantic), `get_dependencies` (recursive graph traversal), `query_natural_language` (plain-English topology questions, LLM-free), `correlate_topology` (collapse the same resource across clouds/on-prem), `get_cost_summary`, `score_compliance`, `classify_drift`, `list_services`, `get_node`, `get_summary`, `run_discovery`.
 - **Prompts**: `audit-attack-surface`, `map-service-dependencies`, `onboard-to-system`.
 
 ### Quick start
@@ -257,11 +258,125 @@ Cartography runs natively on **Linux**, **macOS**, and **Windows** — no WSL re
 | **Database Discovery** | PostgreSQL, MySQL, MongoDB, Redis, SQLite file scan. Windows: `Get-Service` for DB engine detection |
 | **Cloud Scanning** | AWS (EC2/RDS/EKS/S3), GCP (Compute/GKE/Cloud Run), Azure (AKS/WebApps), Kubernetes |
 | **Human-in-the-Loop** | Chat with the agent mid-discovery: type `"hubspot windsurf"` to search for specific tools |
+| **Terraform Import** | First-class `terraform-state` scanner — `*.tfstate` JSON → authoritative IaC nodes/edges, reconciled with observed reality (no `terraform` CLI, no extra credentials) |
+| **Multi-Cloud Correlation** | Collapse the same logical resource discovered across AWS/GCP/Azure/on-prem into canonical entities + confidence-scored `same_as` links (`correlate_topology`, pure & deterministic) |
+| **Intelligence Layer** | Cost attribution (FinOps rollups), compliance scoring (CIS/SOC2/ISO 27001 starters), anomaly detection (orphans / shadow IT), severity-classified drift |
 | **Export Formats** | Mermaid topology, D3.js interactive graph, Backstage YAML, JSON |
 | **Safety First** | Strict read-only **allowlist** (not a denylist): only known-safe commands run — shell-aware for POSIX *and* PowerShell, enforced at the command runner as defense-in-depth. 100% read-only |
 
 ---
 
+## Platform & Ecosystem
+
+Beyond the MCP server, Cartography ships a **read-only platform** for teams and an
+**ecosystem** of integrations. Everything below is opt-in, read-only by default, and never
+phones home — the same locked constraints as the core.
+
+### REST / GraphQL API + web dashboard (Phase 4)
+
+`cartography api` (and the `cartography-api` binary) exposes the topology over a **read-only**
+HTTP API — REST under `/v1/...` with a published **OpenAPI 3.1** document, and **GraphQL** at
+`/graphql` (SDL + introspection, no `Mutation` type). It reuses the MCP transport's constant-time
+bearer auth + DNS-rebinding hardening and the same tenant-scoped query layer — no new runtime
+dependency (Node's built-in `http`).
+
+```bash
+cartography api                         # loopback dev — REST + /graphql + dashboard, no token
+curl -s http://127.0.0.1:3737/v1/summary | jq .totals
+# Exposed: a non-loopback bind REQUIRES both --allowed-hosts and --token
+cartography api --host 0.0.0.0 --allowed-hosts cartograph.internal:3737 --token "$TOKEN"
+cartography api --no-graphql            # REST only
+cartography api --no-dashboard          # disable the / and /app web UI
+```
+
+The same server hosts a self-contained **web dashboard** at `/` and `/app` — a live, interactive
+Canvas topology view with node drill-down (no CDN, no build step, zero new dependency). It fetches
+the live `/v1/*` API, so it inherits the API's auth + RBAC/tenant scoping for free.
+See **[docs/how-to/api-server.md](docs/how-to/api-server.md)** and
+**[docs/how-to/web-dashboard.md](docs/how-to/web-dashboard.md)**.
+
+### Role-based access control (Phase 4)
+
+`cartography auth` layers **identity + roles** over the HTTP surfaces. A bearer token resolves to a
+principal `{ subject, tenant, role }`; the server returns **401** for an unknown token, **403** for
+an insufficient role, and **pins every read to the principal's tenant** — no cross-tenant read by
+spoofing a header. Roles are `viewer` ⊂ `operator` (adds `run_discovery`) ⊂ `admin` (adds credential
+admin). Fully backward-compatible: with no credentials configured, the server behaves exactly as
+before. Tokens are stored **hashed** (sha256), printed once on creation.
+
+```bash
+cartography auth add alice --role operator --tenant acme   # prints the bearer token ONCE
+cartography auth list                                       # subjects/roles/tenants, never the token
+cartography auth revoke alice
+cartography api --auth-required                             # require auth even on loopback
+```
+
+See **[docs/how-to/rbac.md](docs/how-to/rbac.md)**.
+
+### Central collector → production (Phase 4)
+
+`cartography mcp --server-mode` runs the binary as a self-hostable **central collector** that pools
+every employee's *consented* discovery into one org-wide topology — consent-first, never phones home.
+It exposes an authenticated `POST /ingest` write route (the consent-gated push envelope, server-side
+anonymization re-validation via `--anon-mode reject|strip`, per-org rate limit → `429 + Retry-After`)
+and an org-wide merged `get_summary`. Public `GET /healthz` (liveness) / `GET /readyz` (readiness)
+probes and a `deploy/` Docker bundle make it orchestrator-ready.
+
+```bash
+export CARTOGRAPHY_CENTRAL_TOKEN=$(openssl rand -base64 32)
+cartography mcp --server-mode --host 0.0.0.0 \
+  --allowed-hosts cartograph.internal:3737 --org acme --anon-mode reject
+```
+
+For an org-wide store at **10K+ nodes**, opt into a **Neo4j/Memgraph graph-DB backend** for the
+collector's merge + summary path (`neo4j-driver` is an optional dependency; if absent or unreachable
+it **degrades to SQLite**, never fails):
+
+```bash
+cartography mcp --server-mode --store-backend graph \
+  --graph-url bolt://graph.internal:7687 --graph-user neo4j --graph-password "$NEO4J_PASSWORD"
+# or via env: CARTOGRAPHY_GRAPH_URL / _USER / _PASSWORD (kept out of process listings)
+```
+
+See **[docs/how-to/self-host-collector.md](docs/how-to/self-host-collector.md)**.
+
+### Backstage live data source (Phase 4)
+
+Cartography maps discovered infrastructure to **Backstage catalog entities** (`Component`/`API`/
+`Resource` + `dependsOn` relations). Export a static `catalog-info.yaml` snapshot, or consume the
+**live, tenant-scoped** endpoint `GET /v1/backstage/catalog` on the API server (re-mapped on every
+request, RBAC-pinned). A reference `CartographEntityProvider` lives in
+[`examples/backstage-plugin/`](examples/backstage-plugin/). See
+**[docs/how-to/backstage.md](docs/how-to/backstage.md)**.
+
+### Drift alerting — Slack / PagerDuty / Jira (Phase 4)
+
+`cartography drift` classifies topology drift into `info`/`warning`/`critical` and fans it out to
+the **sinks** configured under the `drift` block of `cartography.config.json` — `stdout`, `slack`,
+`pagerduty`, `jira`, or a generic `webhook`. With no config it prints one redacted JSON line and makes
+**no outbound request**. Every sink is hardened identically (`https:`-or-loopback only, bounded
+timeout, body always credential-redacted, only host:port logged, one failing sink never blocks the
+others). See **[docs/how-to/drift-and-ci.md](docs/how-to/drift-and-ci.md)**.
+
+### Kubernetes operator (Phase 5)
+
+`cartography operator` runs the **deterministic, LLM-free** discovery continuously **inside** a
+cluster and reports drift between reconcile cycles — a "continuous CMDB for Kubernetes". It's a thin
+reconcile loop (no CRD, no controller-runtime, no agent loop), read-only (`kubectl get …` via the
+allowlist only). The `deploy/k8s/` manifests ship a **read-only** ServiceAccount + ClusterRole
+(`get/list/watch` only — no write verbs).
+
+```bash
+kubectl apply -f deploy/k8s/operator.yaml          # in-cluster, single-replica Deployment
+cartography operator --once                         # local dev against your kube-context
+cartography operator --interval 300                 # long-running reconcile loop
+```
+
+See **[docs/how-to/k8s-operator.md](docs/how-to/k8s-operator.md)** and
+**[docs/how-to/terraform-import.md](docs/how-to/terraform-import.md)**.
+
+---
+
 ## Requirements
 
 - **Node.js >= 20** (Linux, macOS, or Windows) — that's it for the MCP server and the
@@ -349,10 +464,31 @@ datasynx-cartography drift [base] [current]        Severity-classified drift ale
   --webhook <url>      Outbound webhook sink (opt-in; token via CARTOGRAPHY_DRIFT_TOKEN)
 datasynx-cartography bookmarks                     View all browser bookmarks
 datasynx-cartography seed [--file <path>]          Manually add infrastructure nodes
+datasynx-cartography cost --file <csv>             Enrich nodes with owner/cost (FinOps)
+datasynx-cartography compliance [session] --ruleset <name>   Grade against baseline/cis/soc2/iso27001
+datasynx-cartography consent <…>                   Per-employee sharing policy + anonymization
+datasynx-cartography sync <status|review|push>     Opt-in central-DB outbound pipeline
+datasynx-cartography schedule --config <file>      Recurring headless discovery + drift
+datasynx-cartography prune [--older-than <days>]   Prune old sessions / compact the audit trail
 datasynx-cartography doctor                        Check all requirements + cloud CLIs
 datasynx-cartography docs                          Full feature reference
 ```
 
+### Platform & Ecosystem
+
+```
+datasynx-cartography mcp [--server-mode] [--http]  MCP server / central collector (Phase 4)
+datasynx-cartography api [--no-graphql] [--no-dashboard]   REST + GraphQL + web dashboard (Phase 4)
+  --host <h> --port <n> --token <secret> --allowed-hosts <list>   (non-loopback needs both)
+  --tenant <id> / --org <id>                       Tenant whose topology to serve
+datasynx-cartography auth add <subject> --role <viewer|operator|admin> --tenant <id>   RBAC (Phase 4)
+datasynx-cartography auth list | revoke <subject>
+datasynx-cartography operator [--once] [--interval <sec>]   Kubernetes operator (Phase 5)
+```
+
+> The `cartography-mcp` and `cartography-api` binaries start the MCP server and the API server
+> directly (used by `server.json` / containers via `npx`).
+
 ---
 
 ## Output Files
@@ -380,7 +516,11 @@ datasynx-output/
 
 The **MCP server is the headline interface** — LLM-agnostic and the same SQLite graph
 underneath every entry point. Discovery (deterministic scanners or the optional Claude
-loop) writes the graph; any MCP host reads it.
+loop) writes the graph; any MCP host reads it. The Phase 4 **platform** adds read-only
+HTTP surfaces over that same graph — the REST/GraphQL API (`cartography api`), the web
+dashboard, RBAC (`cartography auth`), the self-hostable central collector
+(`mcp --server-mode`, with an optional Neo4j/Memgraph backend), and a live Backstage
+data source — all sharing the MCP transport's bearer auth + tenant scoping.
 
 ```
                          ┌──────────────────────────────────────────┐

package/dist/{chunk-FFUUNSWP.js → chunk-OIDAXUW5.js}

@@ -888,201 +888,6 @@ function localDiscoveryFn(registry, plugins) {
   };
 }
 
-// src/compliance/rulesets/baseline.ts
-var baseline = RulesetSchema.parse({
-  name: "baseline",
-  version: "1.0.0",
-  framework: "baseline",
-  description: "Deterministic baseline hygiene controls scored against signals available today.",
-  rules: [
-    {
-      id: "BASE-1",
-      control: "BASE-1",
-      framework: "baseline",
-      severity: "medium",
-      title: "Asset has an owner",
-      rationale: "Every asset should have a clear owning team/person for accountability.",
-      scope: {},
-      check: { any: [
-        { field: "owner", op: "present" },
-        { field: "domain", op: "present" },
-        { field: "tags", op: "matches", pattern: "owner_key" },
-        { field: "metadataKeys", op: "matches", pattern: "owner_key" }
-      ] }
-    },
-    {
-      id: "BASE-2",
-      control: "BASE-2",
-      framework: "baseline",
-      severity: "low",
-      title: "Service/data asset is assigned a business domain",
-      rationale: "Domain assignment enables blast-radius and ownership analysis.",
-      scope: { groups: ["data", "web"] },
-      check: { field: "domain", op: "present" }
-    },
-    {
-      id: "BASE-3",
-      control: "BASE-3",
-      framework: "baseline",
-      severity: "high",
-      title: "Critical asset is discovered with adequate confidence",
-      rationale: "Low-confidence critical assets indicate incomplete or unreliable discovery.",
-      scope: { groups: ["data", "infra"] },
-      check: { field: "confidence", op: "gte", value: 0.5 }
-    },
-    {
-      id: "BASE-4",
-      control: "BASE-4",
-      framework: "baseline",
-      severity: "critical",
-      title: "No embedded credentials / plaintext DSN in metadata",
-      rationale: "A connection string with embedded credentials is a direct secret-exposure risk.",
-      scope: {},
-      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
-    },
-    {
-      id: "BASE-5",
-      control: "BASE-5",
-      framework: "baseline",
-      severity: "medium",
-      title: "Data store carries an acceptable quality score",
-      rationale: "Where a quality score exists, a low score flags an under-governed data store.",
-      scope: { groups: ["data"] },
-      applicableWhen: { field: "qualityScore", op: "present" },
-      check: { field: "qualityScore", op: "gte", value: 50 }
-    }
-  ]
-});
-
-// src/compliance/rulesets/cis.ts
-var cis = RulesetSchema.parse({
-  name: "cis",
-  version: "0.1.0",
-  framework: "CIS",
-  description: "CIS starter subset \u2014 illustrative controls, not a certified benchmark.",
-  rules: [
-    {
-      id: "CIS-1.1",
-      control: "CIS-1.1",
-      framework: "CIS",
-      severity: "critical",
-      title: "No plaintext credentials in service configuration",
-      rationale: "CIS hardening forbids embedded secrets in config/metadata.",
-      scope: {},
-      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
-    },
-    {
-      id: "CIS-2.1",
-      control: "CIS-2.1",
-      framework: "CIS",
-      severity: "high",
-      title: "Data store is not publicly exposed",
-      rationale: "Data stores should not bind to public/0.0.0.0 addresses.",
-      scope: { groups: ["data"] },
-      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
-    },
-    {
-      id: "CIS-3.1",
-      control: "CIS-3.1",
-      framework: "CIS",
-      severity: "medium",
-      title: "Asset inventory has an accountable owner",
-      rationale: "CIS asset management requires an assigned owner.",
-      scope: {},
-      check: { any: [{ field: "owner", op: "present" }, { field: "metadataKeys", op: "matches", pattern: "owner_key" }] }
-    }
-  ]
-});
-
-// src/compliance/rulesets/soc2.ts
-var soc2 = RulesetSchema.parse({
-  name: "soc2",
-  version: "0.1.0",
-  framework: "SOC2",
-  description: "SOC 2 starter subset \u2014 illustrative controls, not a certified control set.",
-  rules: [
-    {
-      id: "CC6.1",
-      control: "CC6.1",
-      framework: "SOC2",
-      severity: "critical",
-      title: "Logical access \u2014 no embedded credentials",
-      rationale: "CC6.1 logical access controls preclude plaintext secrets in config.",
-      scope: {},
-      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
-    },
-    {
-      id: "CC6.6",
-      control: "CC6.6",
-      framework: "SOC2",
-      severity: "high",
-      title: "Boundary protection \u2014 data stores not public",
-      rationale: "CC6.6 requires protection of system boundaries from external access.",
-      scope: { groups: ["data"] },
-      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
-    },
-    {
-      id: "CC1.2",
-      control: "CC1.2",
-      framework: "SOC2",
-      severity: "medium",
-      title: "Accountability \u2014 asset has an owner",
-      rationale: "CC1.2 establishes accountability; assets need an assigned owner.",
-      scope: {},
-      check: { any: [{ field: "owner", op: "present" }, { field: "domain", op: "present" }] }
-    }
-  ]
-});
-
-// src/compliance/rulesets/iso27001.ts
-var iso27001 = RulesetSchema.parse({
-  name: "iso27001",
-  version: "0.1.0",
-  framework: "ISO27001",
-  description: "ISO/IEC 27001 Annex A starter subset \u2014 illustrative, not certified.",
-  rules: [
-    {
-      id: "A.8.1",
-      control: "A.8.1",
-      framework: "ISO27001",
-      severity: "medium",
-      title: "Inventory of assets \u2014 ownership assigned",
-      rationale: "A.8.1 requires an inventory of assets each with an identified owner.",
-      scope: {},
-      check: { any: [{ field: "owner", op: "present" }, { field: "metadataKeys", op: "matches", pattern: "owner_key" }] }
-    },
-    {
-      id: "A.8.12",
-      control: "A.8.12",
-      framework: "ISO27001",
-      severity: "critical",
-      title: "Data leakage prevention \u2014 no embedded secrets",
-      rationale: "A.8.12 mandates measures against data leakage such as exposed credentials.",
-      scope: {},
-      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
-    },
-    {
-      id: "A.8.20",
-      control: "A.8.20",
-      framework: "ISO27001",
-      severity: "high",
-      title: "Network security \u2014 data stores not publicly exposed",
-      rationale: "A.8.20 requires networks to be secured; data stores should not be public.",
-      scope: { groups: ["data"] },
-      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
-    }
-  ]
-});
-
-// src/compliance/rulesets/registry.ts
-var RULESETS = { baseline, cis, soc2, iso27001 };
-function getRuleset(name) {
-  return RULESETS[name];
-}
-function listRulesets() {
-  return Object.values(RULESETS).map((r) => ({ name: r.name, version: r.version, framework: r.framework, ruleCount: r.rules.length }));
-}
-
 // src/sinks/stdout.ts
 var StdoutSink = class {
   name = "stdout";
@@ -1439,6 +1244,201 @@ async function runDrift(db, config, opts = {}) {
   return alert;
 }
 
+// src/compliance/rulesets/baseline.ts
+var baseline = RulesetSchema.parse({
+  name: "baseline",
+  version: "1.0.0",
+  framework: "baseline",
+  description: "Deterministic baseline hygiene controls scored against signals available today.",
+  rules: [
+    {
+      id: "BASE-1",
+      control: "BASE-1",
+      framework: "baseline",
+      severity: "medium",
+      title: "Asset has an owner",
+      rationale: "Every asset should have a clear owning team/person for accountability.",
+      scope: {},
+      check: { any: [
+        { field: "owner", op: "present" },
+        { field: "domain", op: "present" },
+        { field: "tags", op: "matches", pattern: "owner_key" },
+        { field: "metadataKeys", op: "matches", pattern: "owner_key" }
+      ] }
+    },
+    {
+      id: "BASE-2",
+      control: "BASE-2",
+      framework: "baseline",
+      severity: "low",
+      title: "Service/data asset is assigned a business domain",
+      rationale: "Domain assignment enables blast-radius and ownership analysis.",
+      scope: { groups: ["data", "web"] },
+      check: { field: "domain", op: "present" }
+    },
+    {
+      id: "BASE-3",
+      control: "BASE-3",
+      framework: "baseline",
+      severity: "high",
+      title: "Critical asset is discovered with adequate confidence",
+      rationale: "Low-confidence critical assets indicate incomplete or unreliable discovery.",
+      scope: { groups: ["data", "infra"] },
+      check: { field: "confidence", op: "gte", value: 0.5 }
+    },
+    {
+      id: "BASE-4",
+      control: "BASE-4",
+      framework: "baseline",
+      severity: "critical",
+      title: "No embedded credentials / plaintext DSN in metadata",
+      rationale: "A connection string with embedded credentials is a direct secret-exposure risk.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "BASE-5",
+      control: "BASE-5",
+      framework: "baseline",
+      severity: "medium",
+      title: "Data store carries an acceptable quality score",
+      rationale: "Where a quality score exists, a low score flags an under-governed data store.",
+      scope: { groups: ["data"] },
+      applicableWhen: { field: "qualityScore", op: "present" },
+      check: { field: "qualityScore", op: "gte", value: 50 }
+    }
+  ]
+});
+
+// src/compliance/rulesets/cis.ts
+var cis = RulesetSchema.parse({
+  name: "cis",
+  version: "0.1.0",
+  framework: "CIS",
+  description: "CIS starter subset \u2014 illustrative controls, not a certified benchmark.",
+  rules: [
+    {
+      id: "CIS-1.1",
+      control: "CIS-1.1",
+      framework: "CIS",
+      severity: "critical",
+      title: "No plaintext credentials in service configuration",
+      rationale: "CIS hardening forbids embedded secrets in config/metadata.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "CIS-2.1",
+      control: "CIS-2.1",
+      framework: "CIS",
+      severity: "high",
+      title: "Data store is not publicly exposed",
+      rationale: "Data stores should not bind to public/0.0.0.0 addresses.",
+      scope: { groups: ["data"] },
+      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
+    },
+    {
+      id: "CIS-3.1",
+      control: "CIS-3.1",
+      framework: "CIS",
+      severity: "medium",
+      title: "Asset inventory has an accountable owner",
+      rationale: "CIS asset management requires an assigned owner.",
+      scope: {},
+      check: { any: [{ field: "owner", op: "present" }, { field: "metadataKeys", op: "matches", pattern: "owner_key" }] }
+    }
+  ]
+});
+
+// src/compliance/rulesets/soc2.ts
+var soc2 = RulesetSchema.parse({
+  name: "soc2",
+  version: "0.1.0",
+  framework: "SOC2",
+  description: "SOC 2 starter subset \u2014 illustrative controls, not a certified control set.",
+  rules: [
+    {
+      id: "CC6.1",
+      control: "CC6.1",
+      framework: "SOC2",
+      severity: "critical",
+      title: "Logical access \u2014 no embedded credentials",
+      rationale: "CC6.1 logical access controls preclude plaintext secrets in config.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "CC6.6",
+      control: "CC6.6",
+      framework: "SOC2",
+      severity: "high",
+      title: "Boundary protection \u2014 data stores not public",
+      rationale: "CC6.6 requires protection of system boundaries from external access.",
+      scope: { groups: ["data"] },
+      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
+    },
+    {
+      id: "CC1.2",
+      control: "CC1.2",
+      framework: "SOC2",
+      severity: "medium",
+      title: "Accountability \u2014 asset has an owner",
+      rationale: "CC1.2 establishes accountability; assets need an assigned owner.",
+      scope: {},
+      check: { any: [{ field: "owner", op: "present" }, { field: "domain", op: "present" }] }
+    }
+  ]
+});
+
+// src/compliance/rulesets/iso27001.ts
+var iso27001 = RulesetSchema.parse({
+  name: "iso27001",
+  version: "0.1.0",
+  framework: "ISO27001",
+  description: "ISO/IEC 27001 Annex A starter subset \u2014 illustrative, not certified.",
+  rules: [
+    {
+      id: "A.8.1",
+      control: "A.8.1",
+      framework: "ISO27001",
+      severity: "medium",
+      title: "Inventory of assets \u2014 ownership assigned",
+      rationale: "A.8.1 requires an inventory of assets each with an identified owner.",
+      scope: {},
+      check: { any: [{ field: "owner", op: "present" }, { field: "metadataKeys", op: "matches", pattern: "owner_key" }] }
+    },
+    {
+      id: "A.8.12",
+      control: "A.8.12",
+      framework: "ISO27001",
+      severity: "critical",
+      title: "Data leakage prevention \u2014 no embedded secrets",
+      rationale: "A.8.12 mandates measures against data leakage such as exposed credentials.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "A.8.20",
+      control: "A.8.20",
+      framework: "ISO27001",
+      severity: "high",
+      title: "Network security \u2014 data stores not publicly exposed",
+      rationale: "A.8.20 requires networks to be secured; data stores should not be public.",
+      scope: { groups: ["data"] },
+      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
+    }
+  ]
+});
+
+// src/compliance/rulesets/registry.ts
+var RULESETS = { baseline, cis, soc2, iso27001 };
+function getRuleset(name) {
+  return RULESETS[name];
+}
+function listRulesets() {
+  return Object.values(RULESETS).map((r) => ({ name: r.name, version: r.version, framework: r.framework, ruleCount: r.rules.length }));
+}
+
 // src/orgkey.ts
 import { randomBytes, hkdfSync } from "crypto";
 import { existsSync, mkdirSync, readFileSync as readFileSync2, writeFileSync, statSync } from "fs";
@@ -1494,6 +1494,8 @@ function reversalKey(orgKey) {
 import { createHmac, createCipheriv, createDecipheriv, randomBytes as randomBytes2 } from "crypto";
 var PRIVATE_IP = /\b(?:10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2})\b/g;
 var HOSTNAME = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
+var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
+var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
 var POSIX_PATH = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
 var WIN_PATH = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
 var B32_ALPHABET = "abcdefghijklmnopqrstuvwxyz234567";
@@ -1548,8 +1550,18 @@ function pseudonymizeString(s, orgKey, db) {
     (_m, user, host) => `${pseudonymizeFragment(user, "user", orgKey, db)}@${pseudonymizeFragment(host, "host", orgKey, db)}`
   );
   out = out.replace(HOSTNAME, (m) => pseudonymizeFragment(m, "host", orgKey, db));
+  const trimmed = out.trim();
+  if (out === s && !ANON_TOKEN.test(trimmed) && BARE_INTERNAL_HOST.test(trimmed)) {
+    out = pseudonymizeFragment(trimmed, "host", orgKey, db);
+  }
   return out;
 }
+function pseudonymizeId(id, orgKey, db) {
+  const segments = id.split(":");
+  if (segments.length <= 1) return pseudonymizeString(id, orgKey, db);
+  const [type, ...rest] = segments;
+  return [type, ...rest.map((seg) => pseudonymizeString(seg, orgKey, db))].join(":");
+}
 function pseudonymize(value, orgKey, db) {
   if (typeof value === "string") return pseudonymizeString(value, orgKey, db);
   if (Array.isArray(value)) return value.map((v) => pseudonymize(v, orgKey, db));
@@ -1800,7 +1812,7 @@ function correlateTopology(nodes, _edges = []) {
 
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.11.0";
+var SERVER_VERSION = "2.12.1";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -2812,8 +2824,6 @@ var FQDN = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
 var POSIX_PATH2 = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
 var WIN_PATH2 = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
 var HOME_USER = /(?:\/home\/|\/Users\/|[A-Za-z]:\\Users\\)([A-Za-z0-9._-]+)/g;
-var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
-var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
 function violationsInString(s, path) {
   const out = [];
   const trimmed = s.trim();
@@ -3139,17 +3149,19 @@ async function startMcp(opts = {}) {
 }
 
 export {
+  ScannerRegistry,
   isPersonalHost,
   runLocalDiscovery,
+  runDrift,
   getRuleset,
   listRulesets,
-  runDrift,
   loadOrgKey,
   rotateOrgKey,
   pseudonymizeString,
+  pseudonymizeId,
   pseudonymize,
   reversePseudonym,
   parseMcpArgs,
   startMcp
 };
-//# sourceMappingURL=chunk-FFUUNSWP.js.map
+//# sourceMappingURL=chunk-OIDAXUW5.js.map