npm - @datasynx/agentic-ai-cartography - Versions diffs - 2.11.0 → 2.12.1 - Mend

@datasynx/agentic-ai-cartography 2.11.0 → 2.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +142 -2
package/dist/{chunk-FFUUNSWP.js → chunk-OIDAXUW5.js} +212 -200
package/dist/chunk-OIDAXUW5.js.map +1 -0
package/dist/cli.js +95 -3
package/dist/cli.js.map +1 -1
package/dist/index.cjs +87 -5
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +94 -3
package/dist/index.d.ts +94 -3
package/dist/index.js +80 -5
package/dist/index.js.map +1 -1
package/dist/mcp-bin.js +1 -1
package/llms-full.txt +305 -25
package/package.json +1 -1
package/server.json +2 -2
package/dist/chunk-FFUUNSWP.js.map +0 -1

package/dist/index.d.cts CHANGED Viewed

@@ -1984,6 +1984,18 @@ type FragmentKind = 'host' | 'user' | 'path' | 'ip';
  * left intact (so topology against public infra still reads).
  */
 declare const PRIVATE_IP: RegExp;
+/**
+ * A bare single-label internal hostname — the known 2.10 residual that {@link HOSTNAME}
+ * (multi-label only) never tokenizes. We only treat a single label as an internal host
+ * when it *looks* like one: it contains a hyphen or a digit run (e.g. `db-01`, `web2`,
+ * `prod-db`) so we do not false-positive ordinary English words used as a `name`
+ * (`Postgres`, `Marketing`) or the literal `localhost`. Single-sourced here so the
+ * client (this module) and the server (`src/central/anonymization.ts`, which re-imports
+ * this constant) agree on what counts as a bare internal host.
+ */
+declare const BARE_INTERNAL_HOST: RegExp;
+/** A pseudonym token produced by this module (`anon:host:abc…`) — already anonymized. */
+declare const ANON_TOKEN: RegExp;
 /**
  * Deterministic token for one identifying fragment. When `db` is supplied, the
  * plaintext is AES-256-GCM-encrypted under `reversalKey(orgKey)` and persisted so
@@ -1998,6 +2010,17 @@ declare function pseudonymizeFragment(plaintext: string, kind: FragmentKind, org
  * or a path segment is never mis-tokenized as a host.
  */
 declare function pseudonymizeString(s: string, orgKey: Buffer, db?: CartographyDB): string;
+/**
+ * Pseudonymize the host material of a structured node id (`{type}:{host}[:{port}]` or
+ * `{type}:{provider}:{name}`). The leading `{type}` segment is a non-identifying schema
+ * prefix and is left verbatim; every later colon-delimited segment is run through
+ * {@link pseudonymizeString} (so an FQDN, a private IP, an absolute path, or a bare
+ * internal host inside a segment all tokenize, while a numeric port — matching no rule —
+ * is preserved). Re-join with `:`. This is the structural id transform used for node ids
+ * and for edge endpoints, so both stay consistent. A token already inside a segment is
+ * not re-tokenized (the bare-host pass is whole-string and `anon:` tokens are excluded).
+ */
+declare function pseudonymizeId(id: string, orgKey: Buffer, db?: CartographyDB): string;
 /**
  * Recursive, structure-preserving walker — same shape as `redactValue`
  * (`src/tools.ts`): strings → {@link pseudonymizeString}, arrays → map,
@@ -2042,8 +2065,16 @@ declare function resolveEffectiveLevel(node: DiscoveryNode, policy: SharingPolic
  *                  (structure-preserving); identifying fragments tokenized.
  * - `full`       → a structural clone, verbatim.
  *
- * The same deterministic `pseudonymizeString` is applied to the id here and by
- * {@link previewShare} when remapping edges, so endpoints always resolve.
+ * The same deterministic `pseudonymizeId` is applied to the id here and by
+ * {@link previewShare} when remapping edges (via the shared idMap), so endpoints
+ * always resolve. `pseudonymizeId` is id-aware: it tokenizes the host segment(s) —
+ * including a bare single-label internal host — while sparing the `{type}` prefix.
+ *
+ * At the `anonymized` level the derived identity fields `globalId`
+ * (`{tenant}:{normalizeId(id)}`, which embeds the raw id) and `contentHash` are
+ * dropped from the outgoing payload — they would otherwise carry the raw id past
+ * anonymization, and the central collector recomputes both from the (anonymized)
+ * node on ingest (`computeIdentity`), so omitting them is both leak-free and lossless.
  */
 declare function applySharingLevel(node: DiscoveryNode, level: SharingLevel, orgKey: Buffer, db?: CartographyDB): DiscoveryNode | null;
 interface SharePreviewEntry {
@@ -3550,6 +3581,66 @@ declare function executeNlQuery(db: CartographyDB, sessionId: string, search: Se
 /** Convenience: parse + execute in one call. */
 declare function resolveNlQuery(db: CartographyDB, sessionId: string, search: SearchFn, raw: string, opts?: NlQueryOptions): Promise<NlQueryResult>;
+/**
+ * Kubernetes operator (5.2) — a thin, deterministic, LLM-free reconcile loop.
+ *
+ * Runs Cartograph's discovery continuously **inside** a cluster and reports drift between
+ * cycles — the "continuous CMDB for Kubernetes" outcome. It is a thin orchestration over
+ * two engine halves that already exist and are DB-agnostic: the deterministic discovery
+ * driver `runLocalDiscovery` (with a **k8s-only** scanner registry — it maps in-cluster
+ * resources, never the host) and the drift engine `runDrift` (which classifies the delta
+ * vs the previous cycle and dispatches it to the configured sinks, 3.1/4.4). No agent loop,
+ * no Anthropic coupling, read-only (only `kubectl` reads via the allowlist).
+ *
+ * It is a periodic-reconcile operator, not a CRD controller — no custom resource or
+ * controller-runtime dependency; the loop is a plain interval (or a single `--once` pass
+ * for a CronJob driver). All side effects are injectable, so a cycle is unit-testable
+ * without a cluster.
+ */
+/** A k8s-only scanner registry — the operator discovers cluster resources, not the host. */
+declare function k8sRegistry(): ScannerRegistry;
+/** True when running inside a Kubernetes pod (the service-account API env is injected). */
+declare function isInCluster(env?: NodeJS.ProcessEnv): boolean;
+interface OperatorCycleResult {
+    sessionId: string;
+    nodes: number;
+    edges: number;
+    /** The classified drift vs the previous cycle, or null (first cycle / no change). */
+    drift: DriftAlert | null;
+}
+interface OperatorOptions {
+    /** Reconcile interval (ms). Default 5 minutes. */
+    intervalMs?: number;
+    /** Run a single reconcile and return — CronJob-driver friendly. */
+    once?: boolean;
+    /** Injected discovery (tests). Default: `runLocalDiscovery` over the k8s registry. */
+    discover?: (db: CartographyDB, sessionId: string) => Promise<{
+        nodes: number;
+        edges: number;
+    }>;
+    /** Injected drift dispatch (tests). Default: `runDrift` (dispatches to `config.drift` sinks). */
+    drift?: (db: CartographyDB, config: CartographyConfig) => Promise<DriftAlert | null>;
+    /** Stop the reconcile loop (SIGINT/SIGTERM → abort). */
+    signal?: AbortSignal;
+    /** Sleep between cycles (tests inject a controlled/no-wait sleep). */
+    sleep?: (ms: number) => Promise<void>;
+    /**
+     * Keep only the most recent N discovery sessions (default 10) — a continuous operator
+     * creates one session per cycle, so older snapshots are pruned each cycle to bound the
+     * catalog. Drift only needs the latest two; the rest are retained history.
+     */
+    retain?: number;
+    log?: (msg: string) => void;
+}
+/**
+ * One reconcile cycle: discover in-cluster → record the session → classify + dispatch drift
+ * vs the previous cycle. Returns the cycle outcome.
+ */
+declare function runOperatorCycle(db: CartographyDB, config: CartographyConfig, opts?: OperatorOptions): Promise<OperatorCycleResult>;
+/** Run the operator: a single cycle if `once`, else a reconcile loop until the signal aborts. */
+declare function runOperator(db: CartographyDB, config: CartographyConfig, opts?: OperatorOptions): Promise<void>;
 /**
  * Multi-cloud correlation engine (5.1).
  *
@@ -4411,4 +4502,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
-export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type Awaitable, type BackstageEntity, type BackstageMapOptions, type BindGuardOptions, type BoltDriver, type BoltRecord, type BoltResult, type BoltSession, CLIENTS, CONFIDENCE, CORRELATION_CONFIDENCE, COST_PERIODS, type CanonicalNode, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CorrelatedTopology, type CorrelationEdge, type CorrelationSignal, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_INGEST_QUOTA, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DashboardOptions, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, GraphStoreBackend, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestHandlerOptions, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeSignals, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, type QuotaConfig, type QuotaDecision, RELATION_TO_DIRECTION, ROLES, RateLimiter, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SCHEMA_VERSION, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type StoreBackendOptions, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, correlateTopology, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, dashboardHtml, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, entitiesToYaml, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, extractSignals, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, openStoreBackend, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, parseTerraformState, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, terraformScanner, terraformTypeToNode, timingSafeEqual, toBackstageEntities, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, ANON_TOKEN, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type Awaitable, BARE_INTERNAL_HOST, type BackstageEntity, type BackstageMapOptions, type BindGuardOptions, type BoltDriver, type BoltRecord, type BoltResult, type BoltSession, CLIENTS, CONFIDENCE, CORRELATION_CONFIDENCE, COST_PERIODS, type CanonicalNode, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CorrelatedTopology, type CorrelationEdge, type CorrelationSignal, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_INGEST_QUOTA, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DashboardOptions, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, GraphStoreBackend, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestHandlerOptions, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeSignals, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OperatorCycleResult, type OperatorOptions, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, type QuotaConfig, type QuotaDecision, RELATION_TO_DIRECTION, ROLES, RateLimiter, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SCHEMA_VERSION, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type StoreBackendOptions, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, correlateTopology, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, dashboardHtml, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, entitiesToYaml, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, extractSignals, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isInCluster, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sRegistry, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, openStoreBackend, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, parseTerraformState, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeId, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runOperator, runOperatorCycle, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, terraformScanner, terraformTypeToNode, timingSafeEqual, toBackstageEntities, validateScanner, vscodeDeeplink, zodToJsonSchema };

package/dist/index.d.ts CHANGED Viewed

@@ -1984,6 +1984,18 @@ type FragmentKind = 'host' | 'user' | 'path' | 'ip';
  * left intact (so topology against public infra still reads).
  */
 declare const PRIVATE_IP: RegExp;
+/**
+ * A bare single-label internal hostname — the known 2.10 residual that {@link HOSTNAME}
+ * (multi-label only) never tokenizes. We only treat a single label as an internal host
+ * when it *looks* like one: it contains a hyphen or a digit run (e.g. `db-01`, `web2`,
+ * `prod-db`) so we do not false-positive ordinary English words used as a `name`
+ * (`Postgres`, `Marketing`) or the literal `localhost`. Single-sourced here so the
+ * client (this module) and the server (`src/central/anonymization.ts`, which re-imports
+ * this constant) agree on what counts as a bare internal host.
+ */
+declare const BARE_INTERNAL_HOST: RegExp;
+/** A pseudonym token produced by this module (`anon:host:abc…`) — already anonymized. */
+declare const ANON_TOKEN: RegExp;
 /**
  * Deterministic token for one identifying fragment. When `db` is supplied, the
  * plaintext is AES-256-GCM-encrypted under `reversalKey(orgKey)` and persisted so
@@ -1998,6 +2010,17 @@ declare function pseudonymizeFragment(plaintext: string, kind: FragmentKind, org
  * or a path segment is never mis-tokenized as a host.
  */
 declare function pseudonymizeString(s: string, orgKey: Buffer, db?: CartographyDB): string;
+/**
+ * Pseudonymize the host material of a structured node id (`{type}:{host}[:{port}]` or
+ * `{type}:{provider}:{name}`). The leading `{type}` segment is a non-identifying schema
+ * prefix and is left verbatim; every later colon-delimited segment is run through
+ * {@link pseudonymizeString} (so an FQDN, a private IP, an absolute path, or a bare
+ * internal host inside a segment all tokenize, while a numeric port — matching no rule —
+ * is preserved). Re-join with `:`. This is the structural id transform used for node ids
+ * and for edge endpoints, so both stay consistent. A token already inside a segment is
+ * not re-tokenized (the bare-host pass is whole-string and `anon:` tokens are excluded).
+ */
+declare function pseudonymizeId(id: string, orgKey: Buffer, db?: CartographyDB): string;
 /**
  * Recursive, structure-preserving walker — same shape as `redactValue`
  * (`src/tools.ts`): strings → {@link pseudonymizeString}, arrays → map,
@@ -2042,8 +2065,16 @@ declare function resolveEffectiveLevel(node: DiscoveryNode, policy: SharingPolic
  *                  (structure-preserving); identifying fragments tokenized.
  * - `full`       → a structural clone, verbatim.
  *
- * The same deterministic `pseudonymizeString` is applied to the id here and by
- * {@link previewShare} when remapping edges, so endpoints always resolve.
+ * The same deterministic `pseudonymizeId` is applied to the id here and by
+ * {@link previewShare} when remapping edges (via the shared idMap), so endpoints
+ * always resolve. `pseudonymizeId` is id-aware: it tokenizes the host segment(s) —
+ * including a bare single-label internal host — while sparing the `{type}` prefix.
+ *
+ * At the `anonymized` level the derived identity fields `globalId`
+ * (`{tenant}:{normalizeId(id)}`, which embeds the raw id) and `contentHash` are
+ * dropped from the outgoing payload — they would otherwise carry the raw id past
+ * anonymization, and the central collector recomputes both from the (anonymized)
+ * node on ingest (`computeIdentity`), so omitting them is both leak-free and lossless.
  */
 declare function applySharingLevel(node: DiscoveryNode, level: SharingLevel, orgKey: Buffer, db?: CartographyDB): DiscoveryNode | null;
 interface SharePreviewEntry {
@@ -3550,6 +3581,66 @@ declare function executeNlQuery(db: CartographyDB, sessionId: string, search: Se
 /** Convenience: parse + execute in one call. */
 declare function resolveNlQuery(db: CartographyDB, sessionId: string, search: SearchFn, raw: string, opts?: NlQueryOptions): Promise<NlQueryResult>;
+/**
+ * Kubernetes operator (5.2) — a thin, deterministic, LLM-free reconcile loop.
+ *
+ * Runs Cartograph's discovery continuously **inside** a cluster and reports drift between
+ * cycles — the "continuous CMDB for Kubernetes" outcome. It is a thin orchestration over
+ * two engine halves that already exist and are DB-agnostic: the deterministic discovery
+ * driver `runLocalDiscovery` (with a **k8s-only** scanner registry — it maps in-cluster
+ * resources, never the host) and the drift engine `runDrift` (which classifies the delta
+ * vs the previous cycle and dispatches it to the configured sinks, 3.1/4.4). No agent loop,
+ * no Anthropic coupling, read-only (only `kubectl` reads via the allowlist).
+ *
+ * It is a periodic-reconcile operator, not a CRD controller — no custom resource or
+ * controller-runtime dependency; the loop is a plain interval (or a single `--once` pass
+ * for a CronJob driver). All side effects are injectable, so a cycle is unit-testable
+ * without a cluster.
+ */
+/** A k8s-only scanner registry — the operator discovers cluster resources, not the host. */
+declare function k8sRegistry(): ScannerRegistry;
+/** True when running inside a Kubernetes pod (the service-account API env is injected). */
+declare function isInCluster(env?: NodeJS.ProcessEnv): boolean;
+interface OperatorCycleResult {
+    sessionId: string;
+    nodes: number;
+    edges: number;
+    /** The classified drift vs the previous cycle, or null (first cycle / no change). */
+    drift: DriftAlert | null;
+}
+interface OperatorOptions {
+    /** Reconcile interval (ms). Default 5 minutes. */
+    intervalMs?: number;
+    /** Run a single reconcile and return — CronJob-driver friendly. */
+    once?: boolean;
+    /** Injected discovery (tests). Default: `runLocalDiscovery` over the k8s registry. */
+    discover?: (db: CartographyDB, sessionId: string) => Promise<{
+        nodes: number;
+        edges: number;
+    }>;
+    /** Injected drift dispatch (tests). Default: `runDrift` (dispatches to `config.drift` sinks). */
+    drift?: (db: CartographyDB, config: CartographyConfig) => Promise<DriftAlert | null>;
+    /** Stop the reconcile loop (SIGINT/SIGTERM → abort). */
+    signal?: AbortSignal;
+    /** Sleep between cycles (tests inject a controlled/no-wait sleep). */
+    sleep?: (ms: number) => Promise<void>;
+    /**
+     * Keep only the most recent N discovery sessions (default 10) — a continuous operator
+     * creates one session per cycle, so older snapshots are pruned each cycle to bound the
+     * catalog. Drift only needs the latest two; the rest are retained history.
+     */
+    retain?: number;
+    log?: (msg: string) => void;
+}
+/**
+ * One reconcile cycle: discover in-cluster → record the session → classify + dispatch drift
+ * vs the previous cycle. Returns the cycle outcome.
+ */
+declare function runOperatorCycle(db: CartographyDB, config: CartographyConfig, opts?: OperatorOptions): Promise<OperatorCycleResult>;
+/** Run the operator: a single cycle if `once`, else a reconcile loop until the signal aborts. */
+declare function runOperator(db: CartographyDB, config: CartographyConfig, opts?: OperatorOptions): Promise<void>;
 /**
  * Multi-cloud correlation engine (5.1).
  *
@@ -4411,4 +4502,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
-export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type Awaitable, type BackstageEntity, type BackstageMapOptions, type BindGuardOptions, type BoltDriver, type BoltRecord, type BoltResult, type BoltSession, CLIENTS, CONFIDENCE, CORRELATION_CONFIDENCE, COST_PERIODS, type CanonicalNode, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CorrelatedTopology, type CorrelationEdge, type CorrelationSignal, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_INGEST_QUOTA, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DashboardOptions, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, GraphStoreBackend, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestHandlerOptions, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeSignals, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, type QuotaConfig, type QuotaDecision, RELATION_TO_DIRECTION, ROLES, RateLimiter, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SCHEMA_VERSION, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type StoreBackendOptions, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, correlateTopology, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, dashboardHtml, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, entitiesToYaml, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, extractSignals, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, openStoreBackend, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, parseTerraformState, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, terraformScanner, terraformTypeToNode, timingSafeEqual, toBackstageEntities, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, ANON_TOKEN, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type Awaitable, BARE_INTERNAL_HOST, type BackstageEntity, type BackstageMapOptions, type BindGuardOptions, type BoltDriver, type BoltRecord, type BoltResult, type BoltSession, CLIENTS, CONFIDENCE, CORRELATION_CONFIDENCE, COST_PERIODS, type CanonicalNode, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CorrelatedTopology, type CorrelationEdge, type CorrelationSignal, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_INGEST_QUOTA, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DashboardOptions, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, GraphStoreBackend, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestHandlerOptions, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeSignals, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OperatorCycleResult, type OperatorOptions, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, type QuotaConfig, type QuotaDecision, RELATION_TO_DIRECTION, ROLES, RateLimiter, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SCHEMA_VERSION, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type StoreBackendOptions, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, correlateTopology, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, dashboardHtml, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, entitiesToYaml, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, extractSignals, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isInCluster, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sRegistry, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, openStoreBackend, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, parseTerraformState, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeId, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runOperator, runOperatorCycle, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, terraformScanner, terraformTypeToNode, timingSafeEqual, toBackstageEntities, validateScanner, vscodeDeeplink, zodToJsonSchema };

package/dist/index.js CHANGED Viewed

@@ -4652,6 +4652,8 @@ function reversalKey(orgKey) {
 // src/anonymize.ts
 var PRIVATE_IP = /\b(?:10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2})\b/g;
 var HOSTNAME = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
+var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
+var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
 var POSIX_PATH = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
 var WIN_PATH = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
 var B32_ALPHABET = "abcdefghijklmnopqrstuvwxyz234567";
@@ -4706,8 +4708,18 @@ function pseudonymizeString(s, orgKey, db) {
     (_m, user, host2) => `${pseudonymizeFragment(user, "user", orgKey, db)}@${pseudonymizeFragment(host2, "host", orgKey, db)}`
   );
   out = out.replace(HOSTNAME, (m) => pseudonymizeFragment(m, "host", orgKey, db));
+  const trimmed = out.trim();
+  if (out === s && !ANON_TOKEN.test(trimmed) && BARE_INTERNAL_HOST.test(trimmed)) {
+    out = pseudonymizeFragment(trimmed, "host", orgKey, db);
+  }
   return out;
 }
+function pseudonymizeId(id, orgKey, db) {
+  const segments = id.split(":");
+  if (segments.length <= 1) return pseudonymizeString(id, orgKey, db);
+  const [type, ...rest] = segments;
+  return [type, ...rest.map((seg) => pseudonymizeString(seg, orgKey, db))].join(":");
+}
 function pseudonymize(value, orgKey, db) {
   if (typeof value === "string") return pseudonymizeString(value, orgKey, db);
   if (Array.isArray(value)) return value.map((v) => pseudonymize(v, orgKey, db));
@@ -4734,8 +4746,6 @@ var FQDN = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
 var POSIX_PATH2 = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
 var WIN_PATH2 = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
 var HOME_USER = /(?:\/home\/|\/Users\/|[A-Za-z]:\\Users\\)([A-Za-z0-9._-]+)/g;
-var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
-var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
 function violationsInString(s, path) {
   const out = [];
   const trimmed = s.trim();
@@ -5125,9 +5135,10 @@ function resolveEffectiveLevel(node, policy) {
 function applySharingLevel(node, level, orgKey, db) {
   if (level === "none") return null;
   if (level === "full") return { ...node, metadata: { ...node.metadata ?? {} }, tags: [...node.tags ?? []] };
+  const { globalId: _g, contentHash: _h, ...rest } = node;
   return {
-    ...node,
-    id: pseudonymizeString(node.id, orgKey, db),
+    ...rest,
+    id: pseudonymizeId(node.id, orgKey, db),
     name: pseudonymizeString(node.name, orgKey, db),
     metadata: pseudonymize(node.metadata ?? {}, orgKey, db),
     tags: (node.tags ?? []).map((t) => pseudonymizeString(t, orgKey, db))
@@ -5979,7 +5990,7 @@ function correlateTopology(nodes, _edges = []) {
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.11.0";
+var SERVER_VERSION = "2.12.1";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -9901,6 +9912,63 @@ Use ask_user when you need context from the user.`;
   }
 }
+// src/k8s/operator.ts
+function k8sRegistry() {
+  return new ScannerRegistry().register(k8sScanner);
+}
+function isInCluster(env = process.env) {
+  return typeof env["KUBERNETES_SERVICE_HOST"] === "string" && env["KUBERNETES_SERVICE_HOST"].length > 0;
+}
+function pruneToRetention(db, keep, tenant) {
+  const stale = db.getSessions(tenant).slice(Math.max(1, keep));
+  for (const s of stale) db.deleteSession(s.id);
+  return stale.length;
+}
+async function runOperatorCycle(db, config, opts = {}) {
+  const sessionId = db.createSession("discover", config);
+  const discover = opts.discover ?? ((d, s) => runLocalDiscovery(d, s, { registry: k8sRegistry() }));
+  const res = await discover(db, sessionId);
+  const sess = db.getSession(sessionId);
+  if (sess && !sess.name) db.setSessionName(sessionId, deriveSessionName(db.getGraphSummary(sessionId), sess.startedAt));
+  const driftFn = opts.drift ?? ((d, c) => runDrift(d, c));
+  const drift = await driftFn(db, config);
+  pruneToRetention(db, opts.retain ?? 10, normalizeTenant(config.organization));
+  return { sessionId, nodes: res.nodes, edges: res.edges, drift };
+}
+async function runOperator(db, config, opts = {}) {
+  const log2 = opts.log ?? ((m) => process.stderr.write(m + "\n"));
+  const intervalMs = opts.intervalMs ?? 5 * 6e4;
+  const sleep = opts.sleep ?? ((ms) => new Promise((resolve3) => {
+    if (opts.signal?.aborted) {
+      resolve3();
+      return;
+    }
+    const t = setTimeout(() => {
+      opts.signal?.removeEventListener?.("abort", onAbort);
+      resolve3();
+    }, ms);
+    const onAbort = () => {
+      clearTimeout(t);
+      resolve3();
+    };
+    opts.signal?.addEventListener?.("abort", onAbort, { once: true });
+  }));
+  log2(`Cartograph Kubernetes operator (in-cluster: ${isInCluster()}, interval: ${Math.round(intervalMs / 1e3)}s${opts.once ? ", single pass" : ""})`);
+  for (; ; ) {
+    try {
+      const c = await runOperatorCycle(db, config, opts);
+      log2(
+        `reconcile: session ${c.sessionId} \u2014 ${c.nodes} nodes, ${c.edges} edges` + (c.drift ? `, drift ${c.drift.severity} (${c.drift.items.length} change${c.drift.items.length === 1 ? "" : "s"})` : ", no drift")
+      );
+    } catch (err) {
+      log2(`reconcile failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (opts.once || opts.signal?.aborted) return;
+    await sleep(intervalMs);
+    if (opts.signal?.aborted) return;
+  }
+}
 // src/cost.ts
 import { readFileSync as readFileSync7 } from "fs";
 import { resolve as resolve2 } from "path";
@@ -12188,9 +12256,11 @@ function checkClaudePrerequisites() {
 }
 export {
   ACTIONS,
+  ANON_TOKEN,
   ActionSchema,
   AuthConfigSchema,
   AuthorizationError,
+  BARE_INTERNAL_HOST,
   CLIENTS,
   CONFIDENCE,
   CORRELATION_CONFIDENCE,
@@ -12354,11 +12424,13 @@ export {
   hostname,
   ingestEnvelope,
   installedAppsScanner,
+  isInCluster,
   isLoopbackHost,
   isPersonalHost,
   isReadOnlyCommand,
   isRemembered,
   isSecureWebhookUrl,
+  k8sRegistry,
   k8sScanner,
   keyMetaOf,
   layoutClusters,
@@ -12403,6 +12475,7 @@ export {
   previewShare,
   pseudonymize,
   pseudonymizeFragment,
+  pseudonymizeId,
   pseudonymizeString,
   pushDeltas,
   readConfigFile,
@@ -12425,6 +12498,8 @@ export {
   runHttp,
   runLocalDiscovery,
   runOnce,
+  runOperator,
+  runOperatorCycle,
   runStdio,
   runSyncClassify,
   safeEnv,