npm - @datasynx/agentic-ai-cartography - Versions diffs - 2.11.0 → 2.12.1 - Mend

@datasynx/agentic-ai-cartography 2.11.0 → 2.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +142 -2
package/dist/{chunk-FFUUNSWP.js → chunk-OIDAXUW5.js} +212 -200
package/dist/chunk-OIDAXUW5.js.map +1 -0
package/dist/cli.js +95 -3
package/dist/cli.js.map +1 -1
package/dist/index.cjs +87 -5
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +94 -3
package/dist/index.d.ts +94 -3
package/dist/index.js +80 -5
package/dist/index.js.map +1 -1
package/dist/mcp-bin.js +1 -1
package/llms-full.txt +305 -25
package/package.json +1 -1
package/server.json +2 -2
package/dist/chunk-FFUUNSWP.js.map +0 -1

package/dist/index.cjs CHANGED Viewed

@@ -31,9 +31,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var src_exports = {};
 __export(src_exports, {
   ACTIONS: () => ACTIONS,
+  ANON_TOKEN: () => ANON_TOKEN,
   ActionSchema: () => ActionSchema,
   AuthConfigSchema: () => AuthConfigSchema,
   AuthorizationError: () => AuthorizationError,
+  BARE_INTERNAL_HOST: () => BARE_INTERNAL_HOST,
   CLIENTS: () => CLIENTS,
   CONFIDENCE: () => CONFIDENCE,
   CORRELATION_CONFIDENCE: () => CORRELATION_CONFIDENCE,
@@ -197,11 +199,13 @@ __export(src_exports, {
   hostname: () => hostname,
   ingestEnvelope: () => ingestEnvelope,
   installedAppsScanner: () => installedAppsScanner,
+  isInCluster: () => isInCluster,
   isLoopbackHost: () => isLoopbackHost,
   isPersonalHost: () => isPersonalHost,
   isReadOnlyCommand: () => isReadOnlyCommand,
   isRemembered: () => isRemembered,
   isSecureWebhookUrl: () => isSecureWebhookUrl,
+  k8sRegistry: () => k8sRegistry,
   k8sScanner: () => k8sScanner,
   keyMetaOf: () => keyMetaOf,
   layoutClusters: () => layoutClusters,
@@ -246,6 +250,7 @@ __export(src_exports, {
   previewShare: () => previewShare,
   pseudonymize: () => pseudonymize,
   pseudonymizeFragment: () => pseudonymizeFragment,
+  pseudonymizeId: () => pseudonymizeId,
   pseudonymizeString: () => pseudonymizeString,
   pushDeltas: () => pushDeltas,
   readConfigFile: () => readConfigFile,
@@ -268,6 +273,8 @@ __export(src_exports, {
   runHttp: () => runHttp,
   runLocalDiscovery: () => runLocalDiscovery,
   runOnce: () => runOnce,
+  runOperator: () => runOperator,
+  runOperatorCycle: () => runOperatorCycle,
   runStdio: () => runStdio,
   runSyncClassify: () => runSyncClassify,
   safeEnv: () => safeEnv,
@@ -4952,6 +4959,8 @@ function reversalKey(orgKey) {
 // src/anonymize.ts
 var PRIVATE_IP = /\b(?:10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2})\b/g;
 var HOSTNAME = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
+var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
+var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
 var POSIX_PATH = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
 var WIN_PATH = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
 var B32_ALPHABET = "abcdefghijklmnopqrstuvwxyz234567";
@@ -5006,8 +5015,18 @@ function pseudonymizeString(s, orgKey, db) {
     (_m, user, host2) => `${pseudonymizeFragment(user, "user", orgKey, db)}@${pseudonymizeFragment(host2, "host", orgKey, db)}`
   );
   out = out.replace(HOSTNAME, (m) => pseudonymizeFragment(m, "host", orgKey, db));
+  const trimmed = out.trim();
+  if (out === s && !ANON_TOKEN.test(trimmed) && BARE_INTERNAL_HOST.test(trimmed)) {
+    out = pseudonymizeFragment(trimmed, "host", orgKey, db);
+  }
   return out;
 }
+function pseudonymizeId(id, orgKey, db) {
+  const segments = id.split(":");
+  if (segments.length <= 1) return pseudonymizeString(id, orgKey, db);
+  const [type, ...rest] = segments;
+  return [type, ...rest.map((seg) => pseudonymizeString(seg, orgKey, db))].join(":");
+}
 function pseudonymize(value, orgKey, db) {
   if (typeof value === "string") return pseudonymizeString(value, orgKey, db);
   if (Array.isArray(value)) return value.map((v) => pseudonymize(v, orgKey, db));
@@ -5034,8 +5053,6 @@ var FQDN = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
 var POSIX_PATH2 = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
 var WIN_PATH2 = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
 var HOME_USER = /(?:\/home\/|\/Users\/|[A-Za-z]:\\Users\\)([A-Za-z0-9._-]+)/g;
-var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
-var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
 function violationsInString(s, path) {
   const out = [];
   const trimmed = s.trim();
@@ -5425,9 +5442,10 @@ function resolveEffectiveLevel(node, policy) {
 function applySharingLevel(node, level, orgKey, db) {
   if (level === "none") return null;
   if (level === "full") return { ...node, metadata: { ...node.metadata ?? {} }, tags: [...node.tags ?? []] };
+  const { globalId: _g, contentHash: _h, ...rest } = node;
   return {
-    ...node,
-    id: pseudonymizeString(node.id, orgKey, db),
+    ...rest,
+    id: pseudonymizeId(node.id, orgKey, db),
     name: pseudonymizeString(node.name, orgKey, db),
     metadata: pseudonymize(node.metadata ?? {}, orgKey, db),
     tags: (node.tags ?? []).map((t) => pseudonymizeString(t, orgKey, db))
@@ -6279,7 +6297,7 @@ function correlateTopology(nodes, _edges = []) {
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.11.0";
+var SERVER_VERSION = "2.12.1";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -10202,6 +10220,63 @@ Use ask_user when you need context from the user.`;
   }
 }
+// src/k8s/operator.ts
+function k8sRegistry() {
+  return new ScannerRegistry().register(k8sScanner);
+}
+function isInCluster(env = process.env) {
+  return typeof env["KUBERNETES_SERVICE_HOST"] === "string" && env["KUBERNETES_SERVICE_HOST"].length > 0;
+}
+function pruneToRetention(db, keep, tenant) {
+  const stale = db.getSessions(tenant).slice(Math.max(1, keep));
+  for (const s of stale) db.deleteSession(s.id);
+  return stale.length;
+}
+async function runOperatorCycle(db, config, opts = {}) {
+  const sessionId = db.createSession("discover", config);
+  const discover = opts.discover ?? ((d, s) => runLocalDiscovery(d, s, { registry: k8sRegistry() }));
+  const res = await discover(db, sessionId);
+  const sess = db.getSession(sessionId);
+  if (sess && !sess.name) db.setSessionName(sessionId, deriveSessionName(db.getGraphSummary(sessionId), sess.startedAt));
+  const driftFn = opts.drift ?? ((d, c) => runDrift(d, c));
+  const drift = await driftFn(db, config);
+  pruneToRetention(db, opts.retain ?? 10, normalizeTenant(config.organization));
+  return { sessionId, nodes: res.nodes, edges: res.edges, drift };
+}
+async function runOperator(db, config, opts = {}) {
+  const log2 = opts.log ?? ((m) => process.stderr.write(m + "\n"));
+  const intervalMs = opts.intervalMs ?? 5 * 6e4;
+  const sleep = opts.sleep ?? ((ms) => new Promise((resolve3) => {
+    if (opts.signal?.aborted) {
+      resolve3();
+      return;
+    }
+    const t = setTimeout(() => {
+      opts.signal?.removeEventListener?.("abort", onAbort);
+      resolve3();
+    }, ms);
+    const onAbort = () => {
+      clearTimeout(t);
+      resolve3();
+    };
+    opts.signal?.addEventListener?.("abort", onAbort, { once: true });
+  }));
+  log2(`Cartograph Kubernetes operator (in-cluster: ${isInCluster()}, interval: ${Math.round(intervalMs / 1e3)}s${opts.once ? ", single pass" : ""})`);
+  for (; ; ) {
+    try {
+      const c = await runOperatorCycle(db, config, opts);
+      log2(
+        `reconcile: session ${c.sessionId} \u2014 ${c.nodes} nodes, ${c.edges} edges` + (c.drift ? `, drift ${c.drift.severity} (${c.drift.items.length} change${c.drift.items.length === 1 ? "" : "s"})` : ", no drift")
+      );
+    } catch (err) {
+      log2(`reconcile failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (opts.once || opts.signal?.aborted) return;
+    await sleep(intervalMs);
+    if (opts.signal?.aborted) return;
+  }
+}
 // src/cost.ts
 var import_node_fs8 = require("fs");
 var import_node_path8 = require("path");
@@ -12490,9 +12565,11 @@ function checkClaudePrerequisites() {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ACTIONS,
+  ANON_TOKEN,
   ActionSchema,
   AuthConfigSchema,
   AuthorizationError,
+  BARE_INTERNAL_HOST,
   CLIENTS,
   CONFIDENCE,
   CORRELATION_CONFIDENCE,
@@ -12656,11 +12733,13 @@ function checkClaudePrerequisites() {
   hostname,
   ingestEnvelope,
   installedAppsScanner,
+  isInCluster,
   isLoopbackHost,
   isPersonalHost,
   isReadOnlyCommand,
   isRemembered,
   isSecureWebhookUrl,
+  k8sRegistry,
   k8sScanner,
   keyMetaOf,
   layoutClusters,
@@ -12705,6 +12784,7 @@ function checkClaudePrerequisites() {
   previewShare,
   pseudonymize,
   pseudonymizeFragment,
+  pseudonymizeId,
   pseudonymizeString,
   pushDeltas,
   readConfigFile,
@@ -12727,6 +12807,8 @@ function checkClaudePrerequisites() {
   runHttp,
   runLocalDiscovery,
   runOnce,
+  runOperator,
+  runOperatorCycle,
   runStdio,
   runSyncClassify,
   safeEnv,