npm - @datasynx/agentic-ai-cartography - Versions diffs - 2.11.0 → 2.12.1 - Mend

@datasynx/agentic-ai-cartography 2.11.0 → 2.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +142 -2
package/dist/{chunk-FFUUNSWP.js → chunk-OIDAXUW5.js} +212 -200
package/dist/chunk-OIDAXUW5.js.map +1 -0
package/dist/cli.js +95 -3
package/dist/cli.js.map +1 -1
package/dist/index.cjs +87 -5
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +94 -3
package/dist/index.d.ts +94 -3
package/dist/index.js +80 -5
package/dist/index.js.map +1 -1
package/dist/mcp-bin.js +1 -1
package/llms-full.txt +305 -25
package/package.json +1 -1
package/server.json +2 -2
package/dist/chunk-FFUUNSWP.js.map +0 -1

package/dist/cli.js CHANGED Viewed

@@ -1,17 +1,19 @@
 #!/usr/bin/env node
 import {
+  ScannerRegistry,
   getRuleset,
   isPersonalHost,
   listRulesets,
   loadOrgKey,
   pseudonymize,
+  pseudonymizeId,
   pseudonymizeString,
   reversePseudonym,
   rotateOrgKey,
   runDrift,
   runLocalDiscovery,
   startMcp
-} from "./chunk-FFUUNSWP.js";
+} from "./chunk-OIDAXUW5.js";
 import {
   entitiesToYaml,
   startApi,
@@ -24,6 +26,7 @@ import {
   deriveSessionName,
   diffTopology,
   hashToken,
+  k8sScanner,
   normalizeTenant,
   redactValue,
   stableStringify,
@@ -952,6 +955,63 @@ async function runOnce(cfg, db) {
   }
 }
+// src/k8s/operator.ts
+function k8sRegistry() {
+  return new ScannerRegistry().register(k8sScanner);
+}
+function isInCluster(env = process.env) {
+  return typeof env["KUBERNETES_SERVICE_HOST"] === "string" && env["KUBERNETES_SERVICE_HOST"].length > 0;
+}
+function pruneToRetention(db, keep, tenant) {
+  const stale = db.getSessions(tenant).slice(Math.max(1, keep));
+  for (const s of stale) db.deleteSession(s.id);
+  return stale.length;
+}
+async function runOperatorCycle(db, config, opts = {}) {
+  const sessionId = db.createSession("discover", config);
+  const discover = opts.discover ?? ((d, s) => runLocalDiscovery(d, s, { registry: k8sRegistry() }));
+  const res = await discover(db, sessionId);
+  const sess = db.getSession(sessionId);
+  if (sess && !sess.name) db.setSessionName(sessionId, deriveSessionName(db.getGraphSummary(sessionId), sess.startedAt));
+  const driftFn = opts.drift ?? ((d, c) => runDrift(d, c));
+  const drift = await driftFn(db, config);
+  pruneToRetention(db, opts.retain ?? 10, normalizeTenant(config.organization));
+  return { sessionId, nodes: res.nodes, edges: res.edges, drift };
+}
+async function runOperator(db, config, opts = {}) {
+  const log = opts.log ?? ((m) => process.stderr.write(m + "\n"));
+  const intervalMs = opts.intervalMs ?? 5 * 6e4;
+  const sleep = opts.sleep ?? ((ms) => new Promise((resolve3) => {
+    if (opts.signal?.aborted) {
+      resolve3();
+      return;
+    }
+    const t = setTimeout(() => {
+      opts.signal?.removeEventListener?.("abort", onAbort);
+      resolve3();
+    }, ms);
+    const onAbort = () => {
+      clearTimeout(t);
+      resolve3();
+    };
+    opts.signal?.addEventListener?.("abort", onAbort, { once: true });
+  }));
+  log(`Cartograph Kubernetes operator (in-cluster: ${isInCluster()}, interval: ${Math.round(intervalMs / 1e3)}s${opts.once ? ", single pass" : ""})`);
+  for (; ; ) {
+    try {
+      const c = await runOperatorCycle(db, config, opts);
+      log(
+        `reconcile: session ${c.sessionId} \u2014 ${c.nodes} nodes, ${c.edges} edges` + (c.drift ? `, drift ${c.drift.severity} (${c.drift.items.length} change${c.drift.items.length === 1 ? "" : "s"})` : ", no drift")
+      );
+    } catch (err) {
+      log(`reconcile failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (opts.once || opts.signal?.aborted) return;
+    await sleep(intervalMs);
+    if (opts.signal?.aborted) return;
+  }
+}
 // src/exporter.ts
 import { mkdirSync, writeFileSync } from "fs";
 import { join as join2 } from "path";
@@ -2792,9 +2852,10 @@ function resolveEffectiveLevel(node, policy) {
 function applySharingLevel(node, level, orgKey, db) {
   if (level === "none") return null;
   if (level === "full") return { ...node, metadata: { ...node.metadata ?? {} }, tags: [...node.tags ?? []] };
+  const { globalId: _g, contentHash: _h, ...rest } = node;
   return {
-    ...node,
-    id: pseudonymizeString(node.id, orgKey, db),
+    ...rest,
+    id: pseudonymizeId(node.id, orgKey, db),
     name: pseudonymizeString(node.name, orgKey, db),
     metadata: pseudonymize(node.metadata ?? {}, orgKey, db),
     tags: (node.tags ?? []).map((t) => pseudonymizeString(t, orgKey, db))
@@ -5052,6 +5113,37 @@ error: ${err instanceof Error ? err.message : String(err)}
       process.exitCode = 1;
     }
   });
+  program.command("operator").description("Run the Kubernetes operator: continuous in-cluster discovery + drift reporting (5.2)").option("--config <file>", "JSON config file (drift sinks, db path)").option("--interval <sec>", "Reconcile interval in seconds", "300").option("--once", "Run a single reconcile and exit (CronJob-driver friendly)", false).option("--db <path>", "DB path (overrides config)").action(async (opts) => {
+    let db;
+    try {
+      const config = opts.config ? loadConfig(opts.config) : defaultConfig(opts.db ? { dbPath: opts.db } : {});
+      const interval = parseInt(opts.interval, 10);
+      if (Number.isNaN(interval) || interval < 1) {
+        process.stderr.write(`
+error: --interval must be a positive number of seconds (got '${opts.interval}')
+`);
+        process.exitCode = 1;
+        return;
+      }
+      db = new CartographyDB(opts.db ?? config.dbPath);
+      const controller = new AbortController();
+      process.once("SIGINT", () => controller.abort());
+      process.once("SIGTERM", () => controller.abort());
+      process.stderr.write(`Cartograph operator: ${isInCluster() ? "in-cluster" : "out-of-cluster (dev)"}
+`);
+      await runOperator(db, config, { intervalMs: interval * 1e3, once: opts.once === true, signal: controller.signal });
+    } catch (err) {
+      if (err instanceof ConfigError) process.stderr.write(`
+config error: ${err.message}
+`);
+      else process.stderr.write(`
+error: ${err instanceof Error ? err.message : String(err)}
+`);
+      process.exitCode = 1;
+    } finally {
+      db?.close();
+    }
+  });
   const authCmd = program.command("auth").description("Manage RBAC credentials for the HTTP surfaces (MCP transport + API server, 4.5)");
   authCmd.command("add <subject>").description("Create a credential and print its bearer token ONCE (only the hash is stored)").option("--role <role>", "viewer | operator | admin", "viewer").option("--tenant <id>", "Tenant the credential is scoped to (default: local)").option("--token <secret>", "Use this token instead of generating one").option("--db <path>", "DB path").action((subject, opts) => {
     const role = RoleSchema.safeParse(opts.role);