@datasynx/agentic-ai-cartography 2.2.0 → 2.3.0

package/dist/chunk-B2AKONVW.js

@@ -0,0 +1,2465 @@
+#!/usr/bin/env node
+import {
+  CartographyDB,
+  RulesetSchema,
+  assertSafeBind,
+  checkBearer,
+  cloudAwsScanner,
+  cloudAzureScanner,
+  cloudGcpScanner,
+  contentHash,
+  databasesScanner,
+  defaultAllowedHosts,
+  deriveSessionName,
+  diffTopology,
+  globalId,
+  k8sScanner,
+  keyMetaOf,
+  normalizeTenant,
+  redactValue,
+  sanitizeUntrusted,
+  stableStringify,
+  stripSensitive
+} from "./chunk-7QEBFMN4.js";
+import {
+  EdgeSchema,
+  NODE_TYPES,
+  NODE_TYPE_GROUPS,
+  NodeSchema,
+  SECURITY_METADATA_KEYS,
+  SEVERITIES,
+  defaultConfig
+} from "./chunk-WCR47QA2.js";
+import {
+  IS_WIN,
+  PLATFORM,
+  checkReadOnly,
+  commandExists,
+  findFiles,
+  logDebug,
+  logError,
+  logInfo,
+  logWarn,
+  run,
+  scanAllBookmarks,
+  scanEstablishedConnections,
+  scanListeningPorts
+} from "./chunk-2SZ5QHGH.js";
+
+// src/scanners/spi.ts
+import { z } from "zod";
+var ScannerShape = z.object({
+  id: z.string().min(1),
+  title: z.string().min(1),
+  platforms: z.union([
+    z.literal("all"),
+    z.array(z.enum(["linux", "darwin", "win32"])).nonempty()
+  ]),
+  allowedCommands: z.array(z.string().min(1)).optional(),
+  detect: z.custom((v) => typeof v === "function", {
+    message: "detect must be a function"
+  }),
+  scan: z.custom((v) => typeof v === "function", {
+    message: "scan must be a function"
+  })
+});
+function validateScanner(value) {
+  ScannerShape.parse(value);
+  return value;
+}
+
+// src/scanners/types.ts
+var ScannerRegistry = class {
+  scanners = /* @__PURE__ */ new Map();
+  register(scanner) {
+    if (this.scanners.has(scanner.id)) throw new Error(`scanner already registered: ${scanner.id}`);
+    this.scanners.set(scanner.id, scanner);
+    return this;
+  }
+  /**
+   * Register a {@link Scanner} produced by an external plugin package. Validates
+   * the shape (throws `ZodError` on mismatch), namespaces the id to
+   * `plugin:<pkg>:<id>` (avoiding collisions with built-ins and across plugins),
+   * wraps `scan()` so the scanner's `ctx.run` is gated by its declared
+   * `allowedCommands` intersected with the central read-only allowlist
+   * ({@link checkReadOnly}), and freezes the wrapper. Reuses the duplicate-id
+   * guard in {@link register}.
+   *
+   * The gated runner delegates the actual execution to the host-supplied
+   * `ctx.run` (the platform runner), so the global read-only floor still applies
+   * and `allowedCommands` is a *second*, scanner-scoped least-privilege boundary.
+   * A command runs only if its leading executable is declared AND the whole
+   * command passes `checkReadOnly`; otherwise the runner returns `''` (the
+   * documented "blocked → ''" contract).
+   */
+  registerExternal(pkg, scanner) {
+    const valid = validateScanner(scanner);
+    const id = `plugin:${pkg}:${valid.id}`;
+    const declared = valid.allowedCommands ?? [];
+    const wrapped = Object.freeze({
+      id,
+      title: valid.title,
+      platforms: valid.platforms,
+      allowedCommands: declared,
+      detect: (ctx) => valid.detect(ctx),
+      scan: (ctx) => valid.scan({
+        ...ctx,
+        run: (cmd, opts) => {
+          const exe = cmd.trim().split(/\s+/)[0] ?? "";
+          if (!declared.includes(exe)) return "";
+          if (!checkReadOnly(cmd).allowed) return "";
+          return ctx.run(cmd, opts);
+        }
+      })
+    });
+    return this.register(wrapped);
+  }
+  get(id) {
+    return this.scanners.get(id);
+  }
+  list() {
+    return [...this.scanners.values()];
+  }
+  /** Scanners whose `platforms` include the given platform. */
+  forPlatform(platform) {
+    return this.list().filter((s) => s.platforms === "all" || s.platforms.includes(platform));
+  }
+};
+
+// src/scanners/bookmarks.ts
+var PERSONAL = [
+  "facebook.",
+  "instagram.",
+  "twitter.",
+  "x.com",
+  "tiktok.",
+  "reddit.",
+  "youtube.",
+  "netflix.",
+  "spotify.",
+  "twitch.",
+  "pinterest.",
+  "snapchat.",
+  "whatsapp.",
+  "amazon.",
+  "ebay.",
+  "aliexpress.",
+  "cnn.",
+  "bbc.",
+  "nytimes.",
+  "espn.",
+  "booking.",
+  "airbnb.",
+  "tripadvisor.",
+  "wikipedia."
+];
+function isPersonalHost(host) {
+  const h = host.toLowerCase();
+  return PERSONAL.some((p) => h.includes(p));
+}
+var BUSINESS = [
+  "github.",
+  "gitlab.",
+  "bitbucket.",
+  "atlassian.",
+  "jira.",
+  "confluence.",
+  "notion.",
+  "linear.",
+  "slack.",
+  "zoom.",
+  "figma.",
+  "miro.",
+  "vercel.",
+  "netlify.",
+  "heroku.",
+  "datadog",
+  "sentry.",
+  "grafana.",
+  "pagerduty.",
+  "aws.amazon.",
+  "console.cloud.google",
+  "portal.azure",
+  "cloudflare.",
+  "hubspot.",
+  "salesforce.",
+  "stripe.",
+  "twilio.",
+  "sendgrid.",
+  "mailchimp.",
+  "segment.",
+  "mixpanel.",
+  "amplitude.",
+  "looker.",
+  "tableau.",
+  "snowflake.",
+  "databricks.",
+  "mongodb.",
+  "redis.",
+  "elastic.",
+  "openai.",
+  "anthropic.",
+  "huggingface.",
+  "docker.",
+  "npmjs.",
+  "pypi.",
+  "circleci.",
+  "travis-ci.",
+  "jenkins.",
+  "terraform.",
+  "hashicorp.",
+  "okta.",
+  "auth0.",
+  "1password.",
+  "asana.",
+  "trello.",
+  "monday."
+];
+function classify(hostname) {
+  const h = hostname.toLowerCase();
+  if (isPersonalHost(h)) return null;
+  if (BUSINESS.some((b) => h.includes(b))) return { type: "saas_tool", confidence: 0.7 };
+  if (/^\d+\.\d+\.\d+\.\d+$/.test(h) || /\.(internal|local|corp|lan)\b/.test(h)) {
+    return { type: "web_service", confidence: 0.6 };
+  }
+  return null;
+}
+var bookmarksScanner = {
+  id: "bookmarks",
+  title: "Browser bookmarks",
+  platforms: "all",
+  detect: () => true,
+  async scan(ctx) {
+    const hosts = await (ctx.scanBookmarks ?? scanAllBookmarks)();
+    const seen = /* @__PURE__ */ new Set();
+    const nodes = [];
+    for (const host of hosts) {
+      const klass = classify(host.hostname);
+      if (!klass) continue;
+      const id = `${klass.type}:${host.hostname}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      nodes.push({
+        id,
+        type: klass.type,
+        name: host.hostname,
+        discoveredVia: "bookmark",
+        confidence: klass.confidence,
+        tags: ["bookmark"],
+        metadata: { protocol: host.protocol, ...host.port ? { port: host.port } : {} }
+      });
+    }
+    return { nodes, edges: [] };
+  }
+};
+
+// src/scanners/installed-apps.ts
+var KNOWN_TOOLS = {
+  ide: ["code", "code-insiders", "cursor", "windsurf", "zed", "nvim", "vim", "emacs", "idea", "webstorm", "pycharm", "goland", "datagrip", "clion", "rider", "phpstorm"],
+  "dev-tool": ["git", "gh", "docker", "docker-compose", "podman", "kubectl", "helm", "terraform", "ansible", "vagrant", "packer", "consul", "vault", "nomad"],
+  runtime: ["node", "npm", "pnpm", "yarn", "bun", "deno", "python", "python3", "pip", "poetry", "ruby", "rails", "java", "mvn", "gradle", "go", "cargo", "rustc", "php", "composer", "dotnet"],
+  database: ["psql", "mysql", "mongosh", "redis-cli", "sqlite3", "clickhouse-client"],
+  cloud: ["aws", "gcloud", "az", "heroku", "fly", "vercel", "netlify", "wrangler", "supabase"],
+  browser: ["google-chrome", "chromium", "firefox", "brave", "opera"],
+  observability: ["prometheus", "grafana-cli", "datadog-agent", "newrelic-agent"]
+};
+var installedAppsScanner = {
+  id: "installed-apps",
+  title: "Installed apps & developer tools",
+  platforms: "all",
+  allowedCommands: ["which", "command", "Get-Command"],
+  detect: () => true,
+  async scan(ctx) {
+    const nodes = [];
+    const hintTerms = (ctx.hint ?? "").toLowerCase().split(/[\s,]+/).filter(Boolean);
+    for (const [category, tools] of Object.entries(KNOWN_TOOLS)) {
+      for (const tool of tools) {
+        const path = (ctx.commandExists ?? commandExists)(tool);
+        if (!path) continue;
+        const boosted = hintTerms.some((t) => tool.includes(t));
+        nodes.push({
+          id: `saas_tool:${tool}`,
+          type: "saas_tool",
+          name: tool,
+          discoveredVia: "installed-app",
+          confidence: boosted ? 0.95 : 0.9,
+          tags: [category],
+          metadata: { category, path }
+        });
+      }
+    }
+    return { nodes, edges: [] };
+  }
+};
+
+// src/scanners/ports.ts
+var PORT_MAP = {
+  5432: { type: "database_server", service: "postgresql" },
+  3306: { type: "database_server", service: "mysql" },
+  1433: { type: "database_server", service: "sqlserver" },
+  27017: { type: "database_server", service: "mongodb" },
+  9200: { type: "database_server", service: "elasticsearch" },
+  6379: { type: "cache_server", service: "redis" },
+  11211: { type: "cache_server", service: "memcached" },
+  9092: { type: "message_broker", service: "kafka" },
+  5672: { type: "message_broker", service: "rabbitmq" },
+  4222: { type: "message_broker", service: "nats" },
+  9090: { type: "web_service", service: "prometheus" },
+  3e3: { type: "web_service", service: "http-app" },
+  8080: { type: "web_service", service: "http-app" },
+  8e3: { type: "web_service", service: "http-app" },
+  80: { type: "web_service", service: "http" },
+  443: { type: "web_service", service: "https" },
+  8200: { type: "web_service", service: "vault" },
+  8500: { type: "web_service", service: "consul" },
+  2379: { type: "web_service", service: "etcd" },
+  5601: { type: "web_service", service: "kibana" },
+  15672: { type: "web_service", service: "rabbitmq-management" }
+};
+function extractListeningPorts(raw) {
+  const ports = /* @__PURE__ */ new Set();
+  for (const m of raw.matchAll(/[:.](\d{2,5})\b/g)) {
+    const p = Number(m[1]);
+    if (p in PORT_MAP) ports.add(p);
+  }
+  return [...ports];
+}
+var portsScanner = {
+  id: "local-ports",
+  title: "Local listening ports",
+  platforms: "all",
+  allowedCommands: ["ss", "lsof", "Get-NetTCPConnection"],
+  detect: () => true,
+  async scan(ctx) {
+    const raw = (ctx.scanListeningPorts ?? scanListeningPorts)();
+    const nodes = [];
+    for (const port of extractListeningPorts(raw)) {
+      const { type, service } = PORT_MAP[port];
+      nodes.push({
+        id: `${type}:localhost:${port}`,
+        type,
+        name: `${service} (:${port})`,
+        discoveredVia: "listening-port",
+        confidence: 0.9,
+        tags: ["local", service],
+        metadata: { port, service, host: "localhost" }
+      });
+    }
+    return { nodes, edges: [] };
+  }
+};
+
+// src/scanners/confidence.ts
+var CONFIDENCE = {
+  "established-connection": 0.85,
+  "config-declared": 0.7,
+  "connection-string": 0.6,
+  "co-location": 0.4
+};
+function evidenceLine(kind, detail) {
+  return `[${kind}] ${detail} @ ${(/* @__PURE__ */ new Date()).toISOString()}`;
+}
+
+// src/scanners/connections.ts
+var PORT_RE = /^\d{1,5}$/;
+function splitHostPort(token) {
+  const t = token.trim();
+  if (!t) return null;
+  const idx = t.lastIndexOf(":");
+  if (idx <= 0) return null;
+  const host = t.slice(0, idx).replace(/^\[|\]$/g, "");
+  const portStr = t.slice(idx + 1);
+  if (!PORT_RE.test(portStr)) return null;
+  const port = Number(portStr);
+  if (port < 1 || port > 65535) return null;
+  return { host, port };
+}
+function parseEstablished(raw) {
+  const out = [];
+  const seen = /* @__PURE__ */ new Set();
+  const push = (local, remote) => {
+    const key = `${local.port}->${remote.host}:${remote.port}`;
+    if (seen.has(key)) return;
+    seen.add(key);
+    out.push({ localPort: local.port, remoteHost: remote.host, remotePort: remote.port });
+  };
+  for (const line of raw.split(/\r?\n/)) {
+    const l = line.trim();
+    if (!l) continue;
+    const arrow = l.match(/([^\s]+:\d{1,5})\s*->\s*([^\s(]+:\d{1,5})/);
+    if (arrow) {
+      const local = splitHostPort(arrow[1]);
+      const remote = splitHostPort(arrow[2]);
+      if (local && remote) push(local, remote);
+      continue;
+    }
+    if (/^ESTAB\b/i.test(l) || /\bESTAB\b/i.test(l)) {
+      const cols = l.split(/\s+/).filter(Boolean);
+      const hostPorts = cols.map((c) => splitHostPort(c)).filter((x) => x !== null);
+      if (hostPorts.length >= 2) {
+        const local = hostPorts[hostPorts.length - 2];
+        const remote = hostPorts[hostPorts.length - 1];
+        push(local, remote);
+      }
+    }
+  }
+  return out;
+}
+var connectionsScanner = {
+  id: "local-connections",
+  title: "Local established connections",
+  platforms: "all",
+  allowedCommands: ["ss", "lsof", "netstat", "Get-NetTCPConnection"],
+  detect: () => true,
+  async scan(ctx) {
+    const conns = parseEstablished((ctx.scanEstablishedConnections ?? scanEstablishedConnections)());
+    const nodes = [];
+    const edges = [];
+    if (conns.length === 0) return { nodes, edges };
+    const selfId = "host:localhost";
+    nodes.push({
+      id: selfId,
+      type: "host",
+      name: "localhost",
+      discoveredVia: "established-connection",
+      confidence: 0.9,
+      metadata: { host: "localhost" },
+      tags: ["local"]
+    });
+    const seenEdge = /* @__PURE__ */ new Set();
+    for (const c of conns) {
+      const svc = PORT_MAP[c.remotePort];
+      if (!svc) continue;
+      const targetId = `${svc.type}:localhost:${c.remotePort}`;
+      if (seenEdge.has(targetId)) continue;
+      seenEdge.add(targetId);
+      edges.push({
+        sourceId: selfId,
+        targetId,
+        relationship: "connects_to",
+        evidence: evidenceLine("established-connection", `${c.localPort} -> ${c.remoteHost}:${c.remotePort}`),
+        confidence: CONFIDENCE["established-connection"]
+      });
+    }
+    return { nodes, edges };
+  }
+};
+
+// src/scanners/service-config.ts
+var CONN_VAR_RE = /^(DATABASE_URL|[A-Z0-9_]*_DATABASE_URL|REDIS_URL|[A-Z0-9_]*_REDIS_URL|MONGO_URL|MONGODB_URI|AMQP_URL|[A-Z0-9_]*_URL)$/;
+var SCHEME_PORT = {
+  postgres: 5432,
+  postgresql: 5432,
+  mysql: 3306,
+  mongodb: 27017,
+  redis: 6379,
+  amqp: 5672,
+  kafka: 9092,
+  elasticsearch: 9200
+};
+function configDirs() {
+  const dirs = [process.cwd()];
+  if (!IS_WIN) dirs.push("/etc/nginx", "/etc/nginx/conf.d");
+  return dirs;
+}
+function redactConnectionString(url) {
+  return url.replace(/(\b[a-z][a-z0-9+.-]*:\/\/)([^/\s]+)@/i, (_m, scheme) => `${scheme}****@`).replace(/\b(password|pwd)=([^&\s]+)/gi, "$1=****");
+}
+function parseNginxUpstreams(raw) {
+  const out = [];
+  const seen = /* @__PURE__ */ new Set();
+  const add = (host, port) => {
+    const key = `${host}:${port}`;
+    if (seen.has(key)) return;
+    seen.add(key);
+    out.push({ host, port });
+  };
+  for (const m of raw.matchAll(/\bserver\s+([a-zA-Z0-9_.-]+):(\d{1,5})/g)) add(m[1], Number(m[2]));
+  for (const m of raw.matchAll(/\bproxy_pass\s+https?:\/\/([a-zA-Z0-9_.-]+):(\d{1,5})/g)) add(m[1], Number(m[2]));
+  return out;
+}
+function parseComposeDeps(raw) {
+  const lines = raw.split(/\r?\n/);
+  const result = [];
+  let inServices = false;
+  let servicesIndent = -1;
+  let current = null;
+  let serviceIndent = -1;
+  let inDeps = false;
+  let depsIndent = -1;
+  const indentOf = (s) => s.length - s.trimStart().length;
+  for (const rawLine of lines) {
+    if (!rawLine.trim() || rawLine.trim().startsWith("#")) continue;
+    const indent = indentOf(rawLine);
+    const trimmed = rawLine.trim();
+    if (/^services:\s*$/.test(trimmed)) {
+      inServices = true;
+      servicesIndent = indent;
+      continue;
+    }
+    if (!inServices) continue;
+    if (indent <= servicesIndent && !/^services:/.test(trimmed)) {
+      inServices = false;
+      current = null;
+      inDeps = false;
+      continue;
+    }
+    const svcMatch = trimmed.match(/^([a-zA-Z0-9._-]+):\s*$/);
+    const isServiceHeader = !!svcMatch && indent > servicesIndent && (serviceIndent === -1 || indent === serviceIndent);
+    if (isServiceHeader) {
+      current = { service: svcMatch[1], dependsOn: [] };
+      result.push(current);
+      serviceIndent = indent;
+      inDeps = false;
+      continue;
+    }
+    if (!current) continue;
+    if (/^depends_on:/.test(trimmed)) {
+      inDeps = true;
+      depsIndent = indent;
+      const inline = trimmed.match(/^depends_on:\s*\[(.*)\]\s*$/);
+      if (inline) {
+        for (const dep of inline[1].split(",").map((d) => d.trim().replace(/['"]/g, "")).filter(Boolean)) {
+          current.dependsOn.push(dep);
+        }
+        inDeps = false;
+      }
+      continue;
+    }
+    if (inDeps) {
+      if (indent <= depsIndent) {
+        inDeps = false;
+      } else {
+        const listItem = trimmed.match(/^-\s*([a-zA-Z0-9._-]+)\s*$/);
+        const mapItem = trimmed.match(/^([a-zA-Z0-9._-]+):\s*$/);
+        const dep = listItem?.[1] ?? mapItem?.[1];
+        if (dep) {
+          if (!current.dependsOn.includes(dep)) current.dependsOn.push(dep);
+          continue;
+        }
+      }
+    }
+  }
+  return result;
+}
+function parseConnectionString(name, url) {
+  const m = url.match(/^([a-z][a-z0-9+.-]*):\/\//i);
+  if (!m) return null;
+  const scheme = m[1].toLowerCase();
+  if (!(scheme in SCHEME_PORT)) return null;
+  const portMatch = url.match(/:\/\/[^/]*?:(\d{1,5})(?:[/?]|$)/);
+  const port = portMatch ? Number(portMatch[1]) : SCHEME_PORT[scheme];
+  if (!port || !(port in PORT_MAP)) return null;
+  const relationship = scheme === "amqp" || scheme === "kafka" ? "depends_on" : "reads_from";
+  const redacted = redactConnectionString(url);
+  return {
+    relationship,
+    service: PORT_MAP[port].service,
+    port,
+    evidence: evidenceLine("connection-string", `${name}=${redacted}`)
+  };
+}
+function hasConnVar(env) {
+  for (const line of env.split(/\r?\n/)) {
+    const eq = line.indexOf("=");
+    if (eq <= 0) continue;
+    const name = line.slice(0, eq).trim();
+    if (!CONN_VAR_RE.test(name)) continue;
+    if (parseConnectionString(name, line.slice(eq + 1).trim())) return true;
+  }
+  return false;
+}
+var serviceConfigScanner = {
+  id: "service-config",
+  title: "Service & reverse-proxy config",
+  platforms: "all",
+  allowedCommands: ["cat", "grep", "find", "printenv", "ls", "Get-ChildItem"],
+  detect(ctx) {
+    const files = (ctx.findFiles ?? findFiles)(configDirs(), ["*.conf", "nginx.conf", "docker-compose.y*ml", "compose.y*ml"], 4, 50);
+    if (files.trim().length > 0) return true;
+    return hasConnVar(ctx.run("printenv"));
+  },
+  async scan(ctx) {
+    const nodes = [];
+    const edges = [];
+    const selfId = "host:localhost";
+    let selfEmitted = false;
+    const emitSelf = () => {
+      if (selfEmitted) return;
+      selfEmitted = true;
+      nodes.push({ id: selfId, type: "host", name: "localhost", discoveredVia: "service-config", confidence: 0.9, metadata: { host: "localhost" }, tags: ["local"] });
+    };
+    for (const line of ctx.run("printenv").split(/\r?\n/)) {
+      const eq = line.indexOf("=");
+      if (eq <= 0) continue;
+      const name = line.slice(0, eq).trim();
+      const value = line.slice(eq + 1).trim();
+      if (!CONN_VAR_RE.test(name)) continue;
+      const parsed = parseConnectionString(name, value);
+      if (!parsed) continue;
+      emitSelf();
+      edges.push({
+        sourceId: selfId,
+        targetId: `${PORT_MAP[parsed.port].type}:localhost:${parsed.port}`,
+        relationship: parsed.relationship,
+        evidence: parsed.evidence,
+        confidence: CONFIDENCE["connection-string"]
+      });
+    }
+    const findFilesFn = ctx.findFiles ?? findFiles;
+    const nginxFiles = findFilesFn(configDirs(), ["*.conf", "nginx.conf"], 4, 50).split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+    for (const file of nginxFiles) {
+      const content = ctx.run(`cat "${file}"`);
+      if (!content) continue;
+      for (const { host, port } of parseNginxUpstreams(content)) {
+        if (!(port in PORT_MAP)) continue;
+        emitSelf();
+        edges.push({
+          sourceId: selfId,
+          targetId: `${PORT_MAP[port].type}:localhost:${port}`,
+          relationship: "depends_on",
+          evidence: evidenceLine("config-declared", `nginx ${file}: ${host}:${port}`),
+          confidence: CONFIDENCE["config-declared"]
+        });
+      }
+    }
+    const composeFiles = findFilesFn(configDirs(), ["docker-compose.y*ml", "compose.y*ml"], 4, 50).split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+    for (const file of composeFiles) {
+      const content = ctx.run(`cat "${file}"`);
+      if (!content) continue;
+      for (const { service, dependsOn } of parseComposeDeps(content)) {
+        if (dependsOn.length === 0) continue;
+        const srcId = `container:${service}`;
+        nodes.push({ id: srcId, type: "container", name: service, discoveredVia: "service-config", confidence: 0.7, metadata: { compose: file }, tags: ["compose"] });
+        for (const dep of dependsOn) {
+          const depId = `container:${dep}`;
+          nodes.push({ id: depId, type: "container", name: dep, discoveredVia: "service-config", confidence: 0.7, metadata: { compose: file }, tags: ["compose"] });
+          edges.push({
+            sourceId: srcId,
+            targetId: depId,
+            relationship: "depends_on",
+            evidence: evidenceLine("config-declared", `compose ${file}: ${service} depends_on ${dep}`),
+            confidence: CONFIDENCE["config-declared"]
+          });
+        }
+      }
+    }
+    return { nodes, edges };
+  }
+};
+
+// src/scanners/registry.ts
+function defaultRegistry() {
+  return new ScannerRegistry().register(bookmarksScanner).register(installedAppsScanner).register(portsScanner).register(cloudAwsScanner).register(cloudGcpScanner).register(cloudAzureScanner).register(k8sScanner).register(databasesScanner).register(connectionsScanner).register(serviceConfigScanner);
+}
+
+// src/scanners/loader.ts
+async function loadPlugins(registry, pkgs) {
+  const loaded = [];
+  for (const pkg of pkgs) {
+    try {
+      const mod = await import(pkg);
+      const plugin = mod.default;
+      if (!plugin || typeof plugin.register !== "function") {
+        logWarn("scanner plugin missing default export", { pkg });
+        continue;
+      }
+      const api = {
+        registerScanner: (scanner) => {
+          registry.registerExternal(pkg, scanner);
+        }
+      };
+      plugin.register(api);
+      loaded.push(pkg);
+      logInfo("scanner plugin loaded", { pkg, name: plugin.name });
+    } catch (err) {
+      logWarn("scanner plugin load failed (skipped)", {
+        pkg,
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  }
+  return loaded;
+}
+
+// src/discovery/local.ts
+function projectScan(sessionId, nodes, edges) {
+  const ts = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    nodes: nodes.map((n) => ({
+      ...n,
+      sessionId,
+      discoveredAt: ts,
+      depth: 0,
+      tags: n.tags ?? [],
+      metadata: n.metadata ?? {}
+    })),
+    edges: edges.map((e) => ({ ...e, id: "", sessionId, discoveredAt: ts }))
+  };
+}
+async function runLocalDiscovery(db, sessionId, opts = {}) {
+  const registry = opts.registry ?? defaultRegistry();
+  if (!opts.registry && opts.plugins && opts.plugins.length > 0) {
+    await loadPlugins(registry, opts.plugins);
+  }
+  const ctx = { hint: opts.hint, platform: PLATFORM, run, commandExists, scanListeningPorts, scanEstablishedConnections, findFiles, scanBookmarks: scanAllBookmarks, ...opts.ctx };
+  const nodes = /* @__PURE__ */ new Map();
+  const edges = [];
+  const ran = [];
+  for (const scanner of registry.forPlatform(PLATFORM)) {
+    try {
+      if (!await scanner.detect(ctx)) continue;
+      const result = await scanner.scan(ctx);
+      ran.push(scanner.id);
+      for (const node of result.nodes) {
+        const prev = nodes.get(node.id);
+        if (!prev || node.confidence > prev.confidence) nodes.set(node.id, node);
+      }
+      edges.push(...result.edges);
+      opts.onProgress?.(`${scanner.title}: +${result.nodes.length} nodes`);
+    } catch (err) {
+      opts.onProgress?.(`${scanner.title}: failed (${err instanceof Error ? err.message : String(err)})`);
+    }
+  }
+  const session = db.getSession(sessionId);
+  const baseAttribution = session?.machineId ? {
+    machineId: session.machineId,
+    hostname: session.hostname ?? "unknown-host",
+    user: session.user ?? "unknown-user",
+    organization: session.tenant,
+    at: (/* @__PURE__ */ new Date()).toISOString()
+  } : void 0;
+  const validEdges = edges.filter((e) => nodes.has(e.sourceId) && nodes.has(e.targetId));
+  if (opts.mode === "update") {
+    const prior = { nodes: db.getNodes(sessionId), edges: db.getEdges(sessionId) };
+    const current = projectScan(sessionId, [...nodes.values()], validEdges);
+    const delta = diffTopology(prior, current);
+    db.applyTopologyDelta(
+      sessionId,
+      delta,
+      baseAttribution ? { ...baseAttribution, confidence: 0.5 } : void 0
+    );
+    return { nodes: current.nodes.length, edges: current.edges.length, scanners: ran, delta };
+  }
+  for (const node of nodes.values()) {
+    db.upsertNode(
+      sessionId,
+      node,
+      0,
+      baseAttribution ? { ...baseAttribution, confidence: node.confidence } : void 0
+    );
+  }
+  for (const edge of validEdges) db.insertEdge(sessionId, edge);
+  return { nodes: nodes.size, edges: validEdges.length, scanners: ran };
+}
+function localDiscoveryFn(registry, plugins) {
+  return async (db, sessionId, opts) => {
+    const r = await runLocalDiscovery(db, sessionId, { hint: opts.hint, mode: opts.mode, registry, plugins });
+    return { nodes: r.nodes, edges: r.edges, ...r.delta ? { delta: r.delta } : {} };
+  };
+}
+
+// src/compliance/rulesets/baseline.ts
+var baseline = RulesetSchema.parse({
+  name: "baseline",
+  version: "1.0.0",
+  framework: "baseline",
+  description: "Deterministic baseline hygiene controls scored against signals available today.",
+  rules: [
+    {
+      id: "BASE-1",
+      control: "BASE-1",
+      framework: "baseline",
+      severity: "medium",
+      title: "Asset has an owner",
+      rationale: "Every asset should have a clear owning team/person for accountability.",
+      scope: {},
+      check: { any: [
+        { field: "owner", op: "present" },
+        { field: "domain", op: "present" },
+        { field: "tags", op: "matches", pattern: "owner_key" },
+        { field: "metadataKeys", op: "matches", pattern: "owner_key" }
+      ] }
+    },
+    {
+      id: "BASE-2",
+      control: "BASE-2",
+      framework: "baseline",
+      severity: "low",
+      title: "Service/data asset is assigned a business domain",
+      rationale: "Domain assignment enables blast-radius and ownership analysis.",
+      scope: { groups: ["data", "web"] },
+      check: { field: "domain", op: "present" }
+    },
+    {
+      id: "BASE-3",
+      control: "BASE-3",
+      framework: "baseline",
+      severity: "high",
+      title: "Critical asset is discovered with adequate confidence",
+      rationale: "Low-confidence critical assets indicate incomplete or unreliable discovery.",
+      scope: { groups: ["data", "infra"] },
+      check: { field: "confidence", op: "gte", value: 0.5 }
+    },
+    {
+      id: "BASE-4",
+      control: "BASE-4",
+      framework: "baseline",
+      severity: "critical",
+      title: "No embedded credentials / plaintext DSN in metadata",
+      rationale: "A connection string with embedded credentials is a direct secret-exposure risk.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "BASE-5",
+      control: "BASE-5",
+      framework: "baseline",
+      severity: "medium",
+      title: "Data store carries an acceptable quality score",
+      rationale: "Where a quality score exists, a low score flags an under-governed data store.",
+      scope: { groups: ["data"] },
+      applicableWhen: { field: "qualityScore", op: "present" },
+      check: { field: "qualityScore", op: "gte", value: 50 }
+    }
+  ]
+});
+
+// src/compliance/rulesets/cis.ts
+var cis = RulesetSchema.parse({
+  name: "cis",
+  version: "0.1.0",
+  framework: "CIS",
+  description: "CIS starter subset \u2014 illustrative controls, not a certified benchmark.",
+  rules: [
+    {
+      id: "CIS-1.1",
+      control: "CIS-1.1",
+      framework: "CIS",
+      severity: "critical",
+      title: "No plaintext credentials in service configuration",
+      rationale: "CIS hardening forbids embedded secrets in config/metadata.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "CIS-2.1",
+      control: "CIS-2.1",
+      framework: "CIS",
+      severity: "high",
+      title: "Data store is not publicly exposed",
+      rationale: "Data stores should not bind to public/0.0.0.0 addresses.",
+      scope: { groups: ["data"] },
+      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
+    },
+    {
+      id: "CIS-3.1",
+      control: "CIS-3.1",
+      framework: "CIS",
+      severity: "medium",
+      title: "Asset inventory has an accountable owner",
+      rationale: "CIS asset management requires an assigned owner.",
+      scope: {},
+      check: { any: [{ field: "owner", op: "present" }, { field: "metadataKeys", op: "matches", pattern: "owner_key" }] }
+    }
+  ]
+});
+
+// src/compliance/rulesets/soc2.ts
+var soc2 = RulesetSchema.parse({
+  name: "soc2",
+  version: "0.1.0",
+  framework: "SOC2",
+  description: "SOC 2 starter subset \u2014 illustrative controls, not a certified control set.",
+  rules: [
+    {
+      id: "CC6.1",
+      control: "CC6.1",
+      framework: "SOC2",
+      severity: "critical",
+      title: "Logical access \u2014 no embedded credentials",
+      rationale: "CC6.1 logical access controls preclude plaintext secrets in config.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "CC6.6",
+      control: "CC6.6",
+      framework: "SOC2",
+      severity: "high",
+      title: "Boundary protection \u2014 data stores not public",
+      rationale: "CC6.6 requires protection of system boundaries from external access.",
+      scope: { groups: ["data"] },
+      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
+    },
+    {
+      id: "CC1.2",
+      control: "CC1.2",
+      framework: "SOC2",
+      severity: "medium",
+      title: "Accountability \u2014 asset has an owner",
+      rationale: "CC1.2 establishes accountability; assets need an assigned owner.",
+      scope: {},
+      check: { any: [{ field: "owner", op: "present" }, { field: "domain", op: "present" }] }
+    }
+  ]
+});
+
+// src/compliance/rulesets/iso27001.ts
+var iso27001 = RulesetSchema.parse({
+  name: "iso27001",
+  version: "0.1.0",
+  framework: "ISO27001",
+  description: "ISO/IEC 27001 Annex A starter subset \u2014 illustrative, not certified.",
+  rules: [
+    {
+      id: "A.8.1",
+      control: "A.8.1",
+      framework: "ISO27001",
+      severity: "medium",
+      title: "Inventory of assets \u2014 ownership assigned",
+      rationale: "A.8.1 requires an inventory of assets each with an identified owner.",
+      scope: {},
+      check: { any: [{ field: "owner", op: "present" }, { field: "metadataKeys", op: "matches", pattern: "owner_key" }] }
+    },
+    {
+      id: "A.8.12",
+      control: "A.8.12",
+      framework: "ISO27001",
+      severity: "critical",
+      title: "Data leakage prevention \u2014 no embedded secrets",
+      rationale: "A.8.12 mandates measures against data leakage such as exposed credentials.",
+      scope: {},
+      check: { not: { field: "metadataValues", op: "matches", pattern: "dsn_with_credentials" } }
+    },
+    {
+      id: "A.8.20",
+      control: "A.8.20",
+      framework: "ISO27001",
+      severity: "high",
+      title: "Network security \u2014 data stores not publicly exposed",
+      rationale: "A.8.20 requires networks to be secured; data stores should not be public.",
+      scope: { groups: ["data"] },
+      check: { not: { field: "metadataValues", op: "matches", pattern: "public_exposure" } }
+    }
+  ]
+});
+
+// src/compliance/rulesets/registry.ts
+var RULESETS = { baseline, cis, soc2, iso27001 };
+function getRuleset(name) {
+  return RULESETS[name];
+}
+function listRulesets() {
+  return Object.values(RULESETS).map((r) => ({ name: r.name, version: r.version, framework: r.framework, ruleCount: r.rules.length }));
+}
+
+// src/sinks/stdout.ts
+var StdoutSink = class {
+  name = "stdout";
+  async emit(alert) {
+    process.stdout.write(JSON.stringify(redactValue(alert)) + "\n");
+    logInfo("drift alert emitted", { sink: this.name, severity: alert.severity, items: alert.items.length });
+  }
+};
+
+// src/sinks/webhook.ts
+var LOOPBACK_HOSTS = /* @__PURE__ */ new Set(["localhost", "127.0.0.1", "[::1]", "::1"]);
+function isSecureWebhookUrl(url, env = process.env) {
+  if (env.CARTOGRAPHY_ALLOW_INSECURE_SYNC === "1") return true;
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return false;
+  }
+  if (parsed.protocol === "https:") return true;
+  if (parsed.protocol === "http:" && LOOPBACK_HOSTS.has(parsed.hostname)) return true;
+  return false;
+}
+var WebhookSink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "webhook";
+  async emit(alert) {
+    if (typeof fetch !== "function") {
+      logWarn("webhook sink unavailable: global fetch missing", { sink: this.name });
+      return;
+    }
+    const { url, token, timeoutMs } = this.opts;
+    if (!url) {
+      logWarn("webhook sink unavailable: no url configured", { sink: this.name });
+      return;
+    }
+    if (!isSecureWebhookUrl(url)) {
+      logWarn("webhook sink refused: insecure scheme (use https:// or a loopback host)", {
+        sink: this.name,
+        host: stripSensitive(url)
+      });
+      return;
+    }
+    try {
+      const res = await fetch(url, {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          ...token ? { authorization: `Bearer ${token}` } : {}
+        },
+        body: JSON.stringify(redactValue(alert)),
+        signal: AbortSignal.timeout(timeoutMs ?? 1e4)
+      });
+      if (!res.ok) {
+        logError("webhook sink failed", { sink: this.name, host: stripSensitive(url), status: res.status });
+      }
+    } catch (err) {
+      logError("webhook sink failed", {
+        sink: this.name,
+        host: stripSensitive(url),
+        reason: err instanceof Error ? err.message : String(err)
+      });
+    }
+  }
+};
+
+// src/sinks/index.ts
+function buildSinks(drift) {
+  const configs = drift?.sinks && drift.sinks.length > 0 ? drift.sinks : [{ type: "stdout" }];
+  const sinks = [];
+  for (const s of configs) {
+    if (s.type === "webhook") {
+      if (!s.url) continue;
+      sinks.push(new WebhookSink({
+        url: s.url,
+        token: s.token ?? process.env.CARTOGRAPHY_DRIFT_TOKEN,
+        timeoutMs: s.timeoutMs
+      }));
+    } else {
+      sinks.push(new StdoutSink());
+    }
+  }
+  return sinks.length > 0 ? sinks : [new StdoutSink()];
+}
+
+// src/drift.ts
+function maxSeverity(items) {
+  let rank = 0;
+  for (const it of items) {
+    const r = SEVERITIES.indexOf(it.severity);
+    if (r > rank) rank = r;
+  }
+  return SEVERITIES[rank];
+}
+var SECURITY_KEY_SET = new Set(SECURITY_METADATA_KEYS);
+function securityRelevantChange(change) {
+  if (!change.changedFields.includes("metadata")) return [];
+  const before = change.before.metadata ?? {};
+  const after = change.after.metadata ?? {};
+  const keys = /* @__PURE__ */ new Set([...Object.keys(before), ...Object.keys(after)]);
+  const triggered = [];
+  for (const k of keys) {
+    if (!SECURITY_KEY_SET.has(k.toLowerCase())) continue;
+    if (stableStringify(before[k]) !== stableStringify(after[k])) {
+      triggered.push(k);
+    }
+  }
+  return triggered.sort();
+}
+var edgeRef = (sourceId, rel, targetId) => `${sourceId} -${rel}-> ${targetId}`;
+function classifyDrift(diff, now = /* @__PURE__ */ new Date()) {
+  const items = [];
+  for (const n of diff.nodes.added) {
+    items.push({ kind: "node-added", ref: n.id, label: n.name, nodeType: n.type, severity: "info" });
+  }
+  for (const n of diff.nodes.removed) {
+    items.push({ kind: "node-removed", ref: n.id, label: n.name, nodeType: n.type, severity: "warning" });
+  }
+  for (const c of diff.nodes.changed) {
+    const securityFields = securityRelevantChange(c);
+    const severity = securityFields.length > 0 ? "critical" : "info";
+    items.push({
+      kind: "node-changed",
+      ref: c.id,
+      label: c.after.name,
+      nodeType: c.after.type,
+      severity,
+      changedFields: c.changedFields,
+      ...securityFields.length > 0 ? { securityFields } : {}
+    });
+  }
+  for (const e of diff.edges.added) {
+    items.push({
+      kind: "edge-added",
+      ref: edgeRef(e.sourceId, e.relationship, e.targetId),
+      label: `${e.sourceId} \u2192 ${e.targetId}`,
+      severity: "info"
+    });
+  }
+  for (const e of diff.edges.removed) {
+    items.push({
+      kind: "edge-removed",
+      ref: edgeRef(e.sourceId, e.relationship, e.targetId),
+      label: `${e.sourceId} \u2192 ${e.targetId}`,
+      severity: "warning"
+    });
+  }
+  return {
+    base: diff.base,
+    current: diff.current,
+    summary: diff.summary,
+    severity: maxSeverity(items),
+    items,
+    generatedAt: now.toISOString()
+  };
+}
+function filterBySeverity(alert, min) {
+  const minRank = SEVERITIES.indexOf(min);
+  const items = alert.items.filter((it) => SEVERITIES.indexOf(it.severity) >= minRank);
+  return { ...alert, items, severity: maxSeverity(items) };
+}
+async function runDrift(db, config, opts = {}) {
+  const sessions = db.getSessions();
+  const currentId = opts.current ?? sessions[0]?.id;
+  const baseId = opts.base ?? sessions[1]?.id;
+  if (!baseId || !currentId) {
+    logInfo("drift: fewer than two sessions, skipping");
+    return null;
+  }
+  if (baseId === currentId) {
+    logWarn("drift: base and current session are the same, skipping", { session: currentId });
+    return null;
+  }
+  const diff = db.diffSessions(baseId, currentId);
+  let alert = classifyDrift(diff);
+  alert = filterBySeverity(alert, opts.minSeverity ?? config.drift?.minSeverity ?? "info");
+  const sinks = buildSinks(config.drift);
+  const results = await Promise.allSettled(sinks.map((s) => s.emit(alert)));
+  results.forEach((r, i) => {
+    if (r.status === "rejected") {
+      logError("drift sink rejected", {
+        sink: sinks[i]?.name,
+        reason: r.reason instanceof Error ? r.reason.message : String(r.reason)
+      });
+    }
+  });
+  db.insertEvent(currentId, {
+    eventType: "drift_alert_dispatched",
+    process: "drift",
+    pid: process.pid,
+    command: JSON.stringify(redactValue({
+      base: baseId,
+      current: currentId,
+      severity: alert.severity,
+      items: alert.items.length,
+      sinks: sinks.map((s) => s.name)
+    }))
+  });
+  return alert;
+}
+
+// src/orgkey.ts
+import { randomBytes, hkdfSync } from "crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync, statSync } from "fs";
+import { homedir } from "os";
+import { dirname, join } from "path";
+function orgKeyPath(home = homedir()) {
+  return join(home, ".cartography", "org-key");
+}
+var KEY_BYTES = 32;
+function loadFileSecret(path) {
+  if (existsSync(path)) {
+    try {
+      const mode = statSync(path).mode & 511;
+      if (mode & 63) {
+        logWarn("org-key file is not 0600 \u2014 restrict it: chmod 600 " + path);
+      }
+    } catch {
+    }
+    const hex = readFileSync(path, "utf8").trim();
+    const buf = Buffer.from(hex, "hex");
+    if (buf.length === KEY_BYTES) return buf;
+    logWarn("org-key file was malformed \u2014 regenerating a fresh org key");
+  }
+  mkdirSync(dirname(path), { recursive: true });
+  const secret = randomBytes(KEY_BYTES);
+  writeFileSync(path, secret.toString("hex"), { mode: 384 });
+  logInfo("created org key at ~/.cartography/org-key (mode 0600) \u2014 distribute to admins out-of-band");
+  return secret;
+}
+function loadOrgKey(opts = {}) {
+  const path = opts.keyPath ?? orgKeyPath();
+  const secret = loadFileSecret(path);
+  const info = opts.organization && opts.organization.trim() ? opts.organization.trim() : "default";
+  return Buffer.from(hkdfSync("sha256", secret, Buffer.alloc(0), info, KEY_BYTES));
+}
+function rotateOrgKey(opts = {}) {
+  const path = opts.keyPath ?? orgKeyPath();
+  mkdirSync(dirname(path), { recursive: true });
+  const secret = randomBytes(KEY_BYTES);
+  writeFileSync(path, secret.toString("hex"), { mode: 384 });
+  logWarn("org key rotated \u2014 pseudonym_reversal entries created under the previous key are now UNRECOVERABLE");
+  const info = opts.organization && opts.organization.trim() ? opts.organization.trim() : "default";
+  return Buffer.from(hkdfSync("sha256", secret, Buffer.alloc(0), info, KEY_BYTES));
+}
+function hmacKey(orgKey) {
+  return Buffer.from(hkdfSync("sha256", orgKey, Buffer.from("cartography-hmac-v1"), "hmac", 32));
+}
+function reversalKey(orgKey) {
+  return Buffer.from(hkdfSync("sha256", orgKey, Buffer.from("cartography-reversal-v1"), "reversal", 32));
+}
+
+// src/anonymize.ts
+import { createHmac, createCipheriv, createDecipheriv, randomBytes as randomBytes2 } from "crypto";
+var PRIVATE_IP = /\b(?:10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[01])(?:\.\d{1,3}){2})\b/g;
+var HOSTNAME = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
+var POSIX_PATH = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
+var WIN_PATH = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
+var B32_ALPHABET = "abcdefghijklmnopqrstuvwxyz234567";
+function base32(buf) {
+  let bits = 0;
+  let value = 0;
+  let out = "";
+  for (const byte of buf) {
+    value = value << 8 | byte;
+    bits += 8;
+    while (bits >= 5) {
+      out += B32_ALPHABET[value >>> bits - 5 & 31];
+      bits -= 5;
+    }
+  }
+  if (bits > 0) out += B32_ALPHABET[value << 5 - bits & 31];
+  return out;
+}
+function encryptPlaintext(plaintext, key) {
+  const iv = randomBytes2(12);
+  const cipher = createCipheriv("aes-256-gcm", key, iv);
+  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return Buffer.concat([iv, tag, ct]).toString("base64");
+}
+function decryptPlaintext(encoded, key) {
+  try {
+    const raw = Buffer.from(encoded, "base64");
+    const iv = raw.subarray(0, 12);
+    const tag = raw.subarray(12, 28);
+    const ct = raw.subarray(28);
+    const decipher = createDecipheriv("aes-256-gcm", key, iv);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(ct), decipher.final()]).toString("utf8");
+  } catch {
+    return void 0;
+  }
+}
+function pseudonymizeFragment(plaintext, kind, orgKey, db) {
+  const digest = createHmac("sha256", hmacKey(orgKey)).update(plaintext).digest();
+  const token = `anon:${kind}:${base32(digest.subarray(0, 12))}`;
+  if (db) db.saveReversal(token, encryptPlaintext(plaintext, reversalKey(orgKey)));
+  return token;
+}
+function pseudonymizeString(s, orgKey, db) {
+  let out = s;
+  out = out.replace(PRIVATE_IP, (m) => pseudonymizeFragment(m, "ip", orgKey, db));
+  out = out.replace(WIN_PATH, (m) => pseudonymizeFragment(m, "path", orgKey, db));
+  out = out.replace(POSIX_PATH, (m) => pseudonymizeFragment(m, "path", orgKey, db));
+  out = out.replace(
+    /\b([a-z0-9._-]+)@((?:[a-z0-9-]+\.)+[a-z]{2,})\b/gi,
+    (_m, user, host) => `${pseudonymizeFragment(user, "user", orgKey, db)}@${pseudonymizeFragment(host, "host", orgKey, db)}`
+  );
+  out = out.replace(HOSTNAME, (m) => pseudonymizeFragment(m, "host", orgKey, db));
+  return out;
+}
+function pseudonymize(value, orgKey, db) {
+  if (typeof value === "string") return pseudonymizeString(value, orgKey, db);
+  if (Array.isArray(value)) return value.map((v) => pseudonymize(v, orgKey, db));
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) out[k] = pseudonymize(v, orgKey, db);
+    return out;
+  }
+  return value;
+}
+function reversePseudonym(token, orgKey, db) {
+  const encoded = db.getReversal(token);
+  if (encoded == null) return void 0;
+  const plaintext = decryptPlaintext(encoded, reversalKey(orgKey));
+  if (plaintext === void 0) {
+    logError("reversePseudonym: ciphertext failed authentication (tampered or wrong/rotated org key)");
+  }
+  return plaintext;
+}
+
+// src/mcp/server.ts
+import { McpServer, ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z as z2 } from "zod";
+
+// src/nlq/resolve.ts
+var RELATION_TO_DIRECTION = {
+  "depends-on": "downstream",
+  "depended-on-by": "upstream",
+  "connected-to": "both",
+  "list": void 0
+};
+var MAX_QUERY_LEN = 1e3;
+var GROUP_WORDS = [
+  [/\bservices?\b/i, NODE_TYPE_GROUPS.web],
+  [/\b(?:databases?|datastores?|data ?stores?)\b/i, NODE_TYPE_GROUPS.data],
+  [/\b(?:queues?|topics?|brokers?|messaging)\b/i, NODE_TYPE_GROUPS.messaging],
+  [/\b(?:hosts?|containers?|pods?|clusters?|infra(?:structure)?)\b/i, NODE_TYPE_GROUPS.infra],
+  [/\bsaas\b/i, NODE_TYPE_GROUPS.saas]
+];
+var UPSTREAM = [
+  /^(?:.*?)\b(?:that|which)\s+depends?\s+(?:on|upon)\s+(?<subject>.+)$/i,
+  /^(?:.*?)\bdepending\s+(?:on|upon)\s+(?<subject>.+)$/i,
+  /^(?:.*?)\b(?:that|which)\s+relies?\s+on\s+(?<subject>.+)$/i,
+  /^\s*what\s+depends?\s+(?:on|upon)\s+(?<subject>.+)$/i
+];
+var DOWNSTREAM = [
+  /\bwhat\s+(?:does|do)\s+(?<subject>.+?)\s+depend\s+(?:on|upon)\b/i,
+  /^(?<subject>.+?)['’]s\s+dependencies\b/i,
+  /\bdependencies\s+of\s+(?<subject>.+)$/i,
+  /^(?<subject>.+?)\s+dependencies\b/i,
+  /^(?<subject>.+?)\s+depends?\s+(?:on|upon)\s+.*$/i
+];
+var CONNECTED = [
+  /\bwhat\s+is\s+connected\s+to\s+(?<subject>.+)$/i,
+  /\b(?:connected|related|linked)\s+to\s+(?<subject>.+)$/i,
+  /\btalks?\s+to\s+(?<subject>.+)$/i
+];
+function firstMatch(query, pats) {
+  for (const re of pats) {
+    const m = query.match(re);
+    if (m?.groups?.subject) return m.groups.subject;
+  }
+  return null;
+}
+function cleanSubject(s) {
+  return s.replace(/[?.!,]+\s*$/g, "").replace(/^\s*(?:the|a|an|my|our|all)\s+/i, "").trim();
+}
+function detectTypeFilter(text) {
+  const set = /* @__PURE__ */ new Set();
+  for (const [re, types] of GROUP_WORDS) if (re.test(text)) for (const t of types) set.add(t);
+  return set.size > 0 ? [...set] : void 0;
+}
+function parseNlQuery(raw) {
+  const query = sanitizeUntrusted(raw).slice(0, MAX_QUERY_LEN).trim();
+  let relation = "list";
+  let subj = firstMatch(query, UPSTREAM);
+  if (subj !== null) relation = "depended-on-by";
+  else if ((subj = firstMatch(query, DOWNSTREAM)) !== null) relation = "depends-on";
+  else if ((subj = firstMatch(query, CONNECTED)) !== null) relation = "connected-to";
+  const degraded = subj === null;
+  const subjectQuery = cleanSubject(subj ?? query);
+  const scanText = subj === null ? query : query.replace(subj, " ");
+  const typeFilter = detectTypeFilter(scanText);
+  return { query, subjectQuery, relation, direction: RELATION_TO_DIRECTION[relation], typeFilter, degraded };
+}
+async function executeNlQuery(db, sessionId, search, intent, opts = {}) {
+  const anchorLimit = opts.anchorLimit ?? 5;
+  if (intent.relation === "list") {
+    const anchors2 = await search(db, sessionId, intent.subjectQuery, { types: intent.typeFilter, limit: anchorLimit });
+    logDebug("nlq.execute", { relation: "list", typeFilter: intent.typeFilter?.length ?? 0, anchors: anchors2.length });
+    return { intent, anchors: anchors2, nodes: anchors2.map((a) => a.node), paths: [] };
+  }
+  const anchors = await search(db, sessionId, intent.subjectQuery, { limit: anchorLimit });
+  if (anchors.length === 0) {
+    logDebug("nlq.execute", { relation: intent.relation, anchors: 0, results: 0 });
+    return { intent, anchors, nodes: [], paths: [] };
+  }
+  const root = anchors[0].node;
+  const trav = db.getDependencies(sessionId, root.id, { direction: intent.direction, maxDepth: opts.maxDepth ?? 8 });
+  const allow = intent.typeFilter ? new Set(intent.typeFilter) : void 0;
+  const nodes = allow ? trav.nodes.filter((n) => allow.has(n.type)) : trav.nodes;
+  logDebug("nlq.execute", {
+    relation: intent.relation,
+    direction: intent.direction,
+    typeFilter: intent.typeFilter?.length ?? 0,
+    anchors: anchors.length,
+    results: nodes.length
+  });
+  return { intent, anchors, nodes, paths: trav.edges };
+}
+
+// src/mcp/server.ts
+var SERVER_NAME = "cartography";
+var SERVER_VERSION = "2.3.0";
+var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
+var DATA_TYPES = NODE_TYPE_GROUPS.data;
+var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
+function compactNode(n) {
+  return {
+    id: n.id,
+    type: n.type,
+    name: n.name,
+    confidence: n.confidence,
+    ...n.domain ? { domain: n.domain } : {},
+    ...n.tags.length ? { tags: n.tags } : {}
+  };
+}
+function json(data) {
+  return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+}
+function isOrgSummary(s) {
+  return "org" in s;
+}
+function summaryText(s) {
+  const header = isOrgSummary(s) ? `# Organization topology \u2014 org ${s.org} (${s.contributors} contributor${s.contributors === 1 ? "" : "s"})` : `# Infrastructure topology \u2014 session ${s.sessionId}`;
+  const lines = [
+    header,
+    ``,
+    `Totals: ${s.totals.nodes} nodes, ${s.totals.edges} edges`,
+    ``,
+    `Nodes by type:`,
+    ...Object.entries(s.nodesByType).sort((a, b) => b[1] - a[1]).map(([t, c]) => `  - ${t}: ${c}`),
+    ``,
+    `Nodes by domain:`,
+    ...Object.entries(s.nodesByDomain).sort((a, b) => b[1] - a[1]).map(([d, c]) => `  - ${d}: ${c}`),
+    ``,
+    `Edges by relationship:`,
+    ...Object.entries(s.edgesByRelationship).sort((a, b) => b[1] - a[1]).map(([r, c]) => `  - ${r}: ${c}`),
+    ``,
+    `Most connected:`,
+    ...s.topConnected.map((n) => `  - ${n.id} (${n.type}) \u2014 degree ${n.degree}`),
+    // 3.6 anomalies — single-session GraphSummary only.
+    ...!isOrgSummary(s) ? [
+      ``,
+      `Anomalies (${s.anomalies.length}):`,
+      ...s.anomalies.length === 0 ? ["  - none"] : s.anomalies.slice(0, 20).map((a) => `  - [${a.severity}] ${a.kind}: ${a.nodeId} \u2014 ${a.reason}`)
+    ] : [],
+    // 3.3 cost section — only for the single-session GraphSummary, and only when costs exist.
+    ...!isOrgSummary(s) && s.costByDomain.length ? [``, `Cost by domain:`, ...s.costByDomain.map((c) => `  - ${c.domain} [${c.currency}/${c.period}]: ${c.total} (${c.nodes} nodes)`)] : [],
+    ...!isOrgSummary(s) && s.costCoverage.withCost ? [``, `Cost coverage: ${s.costCoverage.withCost}/${s.costCoverage.total} nodes attributed`] : [],
+    ``,
+    `Read cartography://nodes/{id} or cartography://dependencies/{id} for detail.`
+  ];
+  return lines.join("\n");
+}
+function createMcpServer(opts = {}) {
+  const db = opts.db ?? new CartographyDB(opts.dbPath ?? defaultConfig().dbPath);
+  const search = opts.search ?? lexicalSearch;
+  const tenant = normalizeTenant(opts.tenant);
+  const org = opts.org !== void 0 ? normalizeTenant(opts.org) : void 0;
+  const resolveSession = () => {
+    if (opts.session && opts.session !== "latest") {
+      const s = db.getSession(opts.session);
+      return s && s.tenant === tenant ? s.id : void 0;
+    }
+    return db.getLatestSession("discover", tenant)?.id ?? db.getLatestSession(void 0, tenant)?.id;
+  };
+  const server = new McpServer(
+    { name: SERVER_NAME, version: SERVER_VERSION },
+    {
+      capabilities: { resources: { subscribe: true, listChanged: true }, tools: {}, prompts: {}, logging: {} },
+      instructions: "Cartography exposes a discovered infrastructure/SaaS topology. Start by reading cartography://graph/summary for a low-token overview, then drill into specific nodes via cartography://nodes/{id} or query with the query_infrastructure / get_dependencies tools."
+    }
+  );
+  server.registerResource(
+    "graph-summary",
+    "cartography://graph/summary",
+    { title: "Topology summary", description: "Low-token aggregate index of the whole landscape \u2014 read this first.", mimeType: "text/markdown" },
+    (uri) => {
+      if (org !== void 0) {
+        return { contents: [{ uri: uri.href, mimeType: "text/markdown", text: summaryText(db.getOrgSummary(org)) }] };
+      }
+      const sid = resolveSession();
+      if (!sid) return { contents: [{ uri: uri.href, mimeType: "text/markdown", text: "No discovery session found. Run discovery first." }] };
+      return { contents: [{ uri: uri.href, mimeType: "text/markdown", text: summaryText(db.getGraphSummary(sid)) }] };
+    }
+  );
+  server.registerResource(
+    "cost-summary",
+    "cartography://cost/summary",
+    { title: "Cost summary", description: "Cost rolled up by domain and owner (currency/period-bucketed).", mimeType: "application/json" },
+    (uri) => {
+      const sid = resolveSession();
+      if (!sid) return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({ error: "No discovery session found." }) }] };
+      const s = db.getGraphSummary(sid);
+      return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({ costByDomain: s.costByDomain, costByOwner: s.costByOwner, costCoverage: s.costCoverage }, null, 2) }] };
+    }
+  );
+  server.registerResource(
+    "nodes-index",
+    "cartography://nodes",
+    { title: "Node index", description: "Lightweight list of all nodes (id, type, name only).", mimeType: "application/json" },
+    (uri) => {
+      const sid = resolveSession();
+      const nodes = sid ? db.getNodes(sid) : [];
+      return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({ count: nodes.length, nodes: nodes.map((n) => ({ id: n.id, type: n.type, name: n.name })) }, null, 2) }] };
+    }
+  );
+  server.registerResource(
+    "node-detail",
+    new ResourceTemplate("cartography://nodes/{id}", { list: void 0 }),
+    { title: "Node detail", description: "Full node record plus its incident edges.", mimeType: "application/json" },
+    (uri, variables) => {
+      const sid = resolveSession();
+      const id = decodeURIComponent(String(variables["id"]));
+      const node = sid ? db.getNode(sid, id) : void 0;
+      if (!node) return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({ error: `node not found: ${id}` }) }] };
+      const edges = db.getEdges(sid).filter((e) => e.sourceId === id || e.targetId === id);
+      return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({ node, edges }, null, 2) }] };
+    }
+  );
+  const typedListResource = (name, uri, title, types) => server.registerResource(name, uri, { title, description: `Nodes of type: ${types.join(", ")}.`, mimeType: "application/json" }, (u) => {
+    const sid = resolveSession();
+    const nodes = sid ? db.getNodesByType(sid, types) : [];
+    return { contents: [{ uri: u.href, mimeType: "application/json", text: JSON.stringify({ count: nodes.length, nodes: nodes.map(compactNode) }, null, 2) }] };
+  });
+  typedListResource("services", "cartography://services", "Services", SERVICE_TYPES);
+  typedListResource("databases", "cartography://databases", "Data stores", DATA_TYPES);
+  server.registerResource(
+    "dependencies",
+    new ResourceTemplate("cartography://dependencies/{id}", { list: void 0 }),
+    { title: "Dependencies", description: "Transitive downstream dependencies of a node.", mimeType: "application/json" },
+    (uri, variables) => {
+      const sid = resolveSession();
+      const id = decodeURIComponent(String(variables["id"]));
+      if (!sid) return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({ error: "no session" }) }] };
+      const r = db.getDependencies(sid, id, { direction: "downstream", maxDepth: 8 });
+      return { contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify({
+        root: id,
+        count: r.nodes.length,
+        nodes: r.nodes.map((n) => ({ ...compactNode(n), depth: n.depth })),
+        edges: r.edges.map((e) => ({ from: e.sourceId, to: e.targetId, rel: e.relationship, confidence: e.confidence, evidence: e.evidence }))
+      }, null, 2) }] };
+    }
+  );
+  server.registerResource(
+    "sessions",
+    "cartography://sessions",
+    { title: "Discovery sessions", description: "All discovery sessions in the catalog.", mimeType: "application/json" },
+    (uri) => ({ contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify(db.getSessions(tenant), null, 2) }] })
+  );
+  const readOnly = { readOnlyHint: true, openWorldHint: false };
+  server.registerTool(
+    "get_summary",
+    { title: "Get topology summary", description: "Low-token overview of the whole landscape (counts, types, domains, most-connected, anomalies).", inputSchema: {}, annotations: readOnly },
+    () => {
+      if (org !== void 0) return json(db.getOrgSummary(org));
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      return json(db.getGraphSummary(sid));
+    }
+  );
+  server.registerTool(
+    "get_cost_summary",
+    { title: "Get cost summary", description: "FinOps rollup: cost by domain and owner, currency/period-bucketed (3.3).", inputSchema: {}, annotations: readOnly },
+    () => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const s = db.getGraphSummary(sid);
+      return json({ costByDomain: s.costByDomain, costByOwner: s.costByOwner, costCoverage: s.costCoverage });
+    }
+  );
+  server.registerTool(
+    "query_infrastructure",
+    {
+      title: "Query infrastructure",
+      description: "Search the topology by name/id/domain (optionally filtered by node type). Returns compact node records.",
+      inputSchema: {
+        query: z2.string().describe('Free-text query, e.g. "postgres", "auth", "github"'),
+        types: z2.array(z2.enum(NODE_TYPES)).optional().describe("Restrict to these node types"),
+        limit: z2.number().int().min(1).max(200).default(25).optional()
+      },
+      annotations: readOnly
+    },
+    async (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const results = await search(db, sid, args.query, { types: args.types, limit: args.limit ?? 25 });
+      return json({ count: results.length, results: results.map((r) => ({ ...compactNode(r.node), ...r.score !== void 0 ? { score: r.score } : {} })) });
+    }
+  );
+  server.registerTool(
+    "search_topology",
+    {
+      title: "Search topology (semantic)",
+      description: "Find nodes related to a concept by meaning (semantic search when available, lexical otherwise).",
+      inputSchema: { query: z2.string(), limit: z2.number().int().min(1).max(100).default(10).optional() },
+      annotations: readOnly
+    },
+    async (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const results = await search(db, sid, args.query, { limit: args.limit ?? 10 });
+      return json({ count: results.length, results: results.map((r) => ({ ...compactNode(r.node), ...r.score !== void 0 ? { score: r.score } : {} })) });
+    }
+  );
+  server.registerTool(
+    "list_services",
+    {
+      title: "List services",
+      description: "List discovered services or data stores.",
+      inputSchema: { kind: z2.enum(["services", "databases", "all"]).default("all").optional() },
+      annotations: readOnly
+    },
+    (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const kind = args.kind ?? "all";
+      const types = kind === "services" ? SERVICE_TYPES : kind === "databases" ? DATA_TYPES : [...SERVICE_TYPES, ...DATA_TYPES];
+      return json(db.getNodesByType(sid, types).map(compactNode));
+    }
+  );
+  server.registerTool(
+    "get_node",
+    { title: "Get node", description: "Fetch a single node with its incident edges.", inputSchema: { id: z2.string() }, annotations: readOnly },
+    (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const node = db.getNode(sid, args.id);
+      if (!node) return json({ error: `node not found: ${args.id}` });
+      const edges = db.getEdges(sid).filter((e) => e.sourceId === args.id || e.targetId === args.id);
+      return json({ node, edges });
+    }
+  );
+  server.registerTool(
+    "get_dependencies",
+    {
+      title: "Get dependencies",
+      description: "Traverse the dependency graph from a node (downstream/upstream/both) with a depth limit.",
+      inputSchema: {
+        id: z2.string(),
+        direction: z2.enum(["downstream", "upstream", "both"]).default("downstream").optional(),
+        maxDepth: z2.number().int().min(1).max(64).default(8).optional(),
+        minConfidence: z2.number().min(0).max(1).optional().describe("Drop edges below this confidence (0..1).")
+      },
+      annotations: readOnly
+    },
+    (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const r = db.getDependencies(sid, args.id, { direction: args.direction ?? "downstream", maxDepth: args.maxDepth ?? 8 });
+      const minConfidence = args.minConfidence ?? 0;
+      return json({
+        root: r.root ? compactNode(r.root) : null,
+        direction: r.direction,
+        count: r.nodes.length,
+        nodes: r.nodes.map((n) => ({ ...compactNode(n), depth: n.depth })),
+        edges: r.edges.filter((e) => e.confidence >= minConfidence).map((e) => ({ from: e.sourceId, to: e.targetId, rel: e.relationship, confidence: e.confidence, evidence: e.evidence }))
+      });
+    }
+  );
+  server.registerTool(
+    "query_natural_language",
+    {
+      title: "Query in natural language",
+      description: 'Answer a plain-English topology question (e.g. "services that depend on the payments DB"). Deterministically parses the question into a structured intent, then anchors via search and traverses dependencies, applying any node-type filter to the results. Echoes the parsed intent for explainability. Read-only, LLM-free.',
+      inputSchema: {
+        query: z2.string().min(1).max(1e3).describe("Natural-language question about the topology"),
+        maxDepth: z2.number().int().min(1).max(64).default(8).optional()
+      },
+      annotations: readOnly
+    },
+    async (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const intent = parseNlQuery(args.query);
+      const r = await executeNlQuery(db, sid, search, intent, { maxDepth: args.maxDepth ?? 8 });
+      return json({
+        intent: {
+          query: r.intent.query,
+          subjectQuery: r.intent.subjectQuery,
+          relation: r.intent.relation,
+          direction: r.intent.direction ?? null,
+          typeFilter: r.intent.typeFilter ?? null,
+          degraded: r.intent.degraded
+        },
+        anchors: r.anchors.map((a) => ({ ...compactNode(a.node), ...a.score !== void 0 ? { score: a.score } : {} })),
+        count: r.nodes.length,
+        nodes: r.nodes.map((n) => ({ ...compactNode(n), ...n.depth !== void 0 ? { depth: n.depth } : {} })),
+        paths: r.paths.map((e) => ({ from: e.sourceId, to: e.targetId, rel: e.relationship }))
+      });
+    }
+  );
+  server.registerTool(
+    "diff_topology",
+    {
+      title: "Diff topology (drift detection)",
+      description: "Compare two discovery sessions and report added/removed/changed nodes and added/removed edges, plus newly-appearing structural anomalies (3.6). Defaults to the two most recent sessions (base = second-most-recent, current = most-recent).",
+      inputSchema: {
+        base: z2.string().optional().describe("Baseline session id (default: second-most-recent session)"),
+        current: z2.string().optional().describe("Current session id (default: most-recent session)")
+      },
+      annotations: readOnly
+    },
+    (args) => {
+      const sessions = db.getSessions(tenant);
+      const currentId = args.current ?? sessions[0]?.id;
+      const baseId = args.base ?? sessions[1]?.id;
+      if (!baseId || !currentId) return json({ error: "Need at least two discovery sessions to diff." });
+      if (baseId === currentId) return json({ error: "Base and current session are the same." });
+      const d = db.diffSessions(baseId, currentId);
+      return json({
+        base: d.base,
+        current: d.current,
+        summary: d.summary,
+        nodes: {
+          added: d.nodes.added.map(compactNode),
+          removed: d.nodes.removed.map(compactNode),
+          changed: d.nodes.changed.map((c) => ({ ...compactNode(c.after), changedFields: c.changedFields }))
+        },
+        edges: {
+          added: d.edges.added.map((e) => ({ from: e.sourceId, to: e.targetId, rel: e.relationship })),
+          removed: d.edges.removed.map((e) => ({ from: e.sourceId, to: e.targetId, rel: e.relationship }))
+        },
+        anomalies: {
+          added: d.anomalies.added,
+          baseCount: d.anomalies.base.length,
+          currentCount: d.anomalies.current.length
+        }
+      });
+    }
+  );
+  server.registerTool(
+    "classify_drift",
+    {
+      title: "Classify drift (severity-ranked drift detection)",
+      description: "Compare two discovery sessions and return a severity-classified drift alert (info|warning|critical per item plus an overall severity). Defaults to the two most recent. Read-only: never dispatches to sinks.",
+      inputSchema: {
+        base: z2.string().optional().describe("Baseline session id (default: second-most-recent)"),
+        current: z2.string().optional().describe("Current session id (default: most-recent)"),
+        minSeverity: z2.enum(["info", "warning", "critical"]).optional().describe("Drop items below this severity")
+      },
+      annotations: readOnly
+    },
+    (args) => {
+      const sessions = db.getSessions(tenant);
+      const currentId = args.current ?? sessions[0]?.id;
+      const baseId = args.base ?? sessions[1]?.id;
+      if (!baseId || !currentId) return json({ error: "Need at least two discovery sessions to diff." });
+      if (baseId === currentId) return json({ error: "Base and current session are the same." });
+      let alert = classifyDrift(db.diffSessions(baseId, currentId));
+      if (args.minSeverity) alert = filterBySeverity(alert, args.minSeverity);
+      return json(redactValue(alert));
+    }
+  );
+  server.registerTool(
+    "score_compliance",
+    {
+      title: "Score compliance",
+      description: "Grade the served session against a compliance ruleset (baseline/cis/soc2/iso27001 starter sets) and list gaps with the node ids that caused them. Read-only; never throws.",
+      inputSchema: {
+        ruleset: z2.string().default("baseline").optional().describe("Ruleset name (default: baseline)"),
+        session: z2.string().optional().describe("Session id (default: the served session)")
+      },
+      annotations: readOnly
+    },
+    (args) => {
+      const sid = args.session ?? resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const name = args.ruleset ?? "baseline";
+      const rs = getRuleset(name);
+      if (!rs) return json({ error: `Unknown ruleset: ${name}`, available: listRulesets().map((r) => r.name) });
+      return json(db.scoreSession(sid, rs));
+    }
+  );
+  server.registerTool(
+    "get_activity_events",
+    {
+      title: "Get activity events (audit trail)",
+      description: "Recent executed tool calls and their result sizes for the current session.",
+      inputSchema: { limit: z2.number().int().min(1).max(500).default(50).optional() },
+      annotations: readOnly
+    },
+    (args) => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      const events = db.getEvents(sid).slice(-(args.limit ?? 50));
+      return json({ count: events.length, events });
+    }
+  );
+  if (opts.discovery) {
+    const discovery = opts.discovery;
+    server.registerTool(
+      "run_discovery",
+      {
+        title: "Run discovery",
+        description: "Scan the local system (read-only) and update the catalog. Returns counts of nodes/edges found. Pass `update: true` to rescan the served session in place and return the delta (2.1 incremental discovery).",
+        inputSchema: {
+          hint: z2.string().optional().describe("Optional focus, e.g. tool names to look for"),
+          update: z2.boolean().optional().describe("Rescan the served session in place and return the delta instead of creating a new session")
+        },
+        // Scans read-only but writes results to the local catalog, so not a read-only tool; never destructive.
+        annotations: { readOnlyHint: false, destructiveHint: false, openWorldHint: true }
+      },
+      async (args) => {
+        let sid = resolveSession();
+        if (args.update) {
+          if (!sid) return json({ error: "No session to update; run discovery first." });
+        } else if (!sid) {
+          sid = db.createSession("discover", defaultConfig(), tenant);
+        }
+        const result = await discovery(db, sid, { hint: args.hint, mode: args.update ? "update" : "replace" });
+        const sess = db.getSession(sid);
+        if (sess && !sess.name) db.setSessionName(sid, deriveSessionName(db.getGraphSummary(sid), sess.startedAt));
+        server.server.sendResourceUpdated({ uri: "cartography://graph/summary" }).catch((err) => {
+          process.stderr.write(`[cartography-mcp] resource update notification failed: ${err instanceof Error ? err.message : String(err)}
+`);
+        });
+        server.server.sendResourceListChanged?.();
+        return json({
+          session: sid,
+          nodes: result.nodes,
+          edges: result.edges,
+          ...result.delta ? { summary: result.delta.summary } : {}
+        });
+      }
+    );
+  }
+  server.registerPrompt(
+    "audit-attack-surface",
+    { title: "Audit attack surface", description: "Review the discovered topology for externally-reachable services and risky dependencies." },
+    () => ({
+      messages: [{
+        role: "user",
+        content: { type: "text", text: "Read cartography://graph/summary and cartography://services. Identify externally-reachable services, data stores with broad inbound dependencies, and any node with low confidence that warrants verification. Use get_dependencies to assess blast radius. Summarize the attack surface and concrete hardening recommendations." }
+      }]
+    })
+  );
+  server.registerPrompt(
+    "map-service-dependencies",
+    {
+      title: "Map service dependencies",
+      description: "Produce a dependency map for a given service.",
+      argsSchema: { service: z2.string().describe("Service node id or name") }
+    },
+    (args) => ({
+      messages: [{
+        role: "user",
+        content: { type: "text", text: `Use query_infrastructure to locate "${args.service}", then get_dependencies (direction=both) to map everything it depends on and everything that depends on it. Present the result as a clear dependency tree and call out single points of failure.` }
+      }]
+    })
+  );
+  server.registerPrompt(
+    "compare-environments",
+    { title: "Compare environments", description: "Summarize infrastructure drift between two discovery snapshots." },
+    () => ({
+      messages: [{
+        role: "user",
+        content: { type: "text", text: "Call diff_topology to compare the two most recent discovery sessions. Summarize what was added, removed, and changed. Flag newly externally-reachable services and removed dependencies that could indicate an outage or decommission. Recommend what an operator should verify." }
+      }]
+    })
+  );
+  server.registerPrompt(
+    "onboard-to-system",
+    { title: "Onboard to system", description: "Explain the system landscape to a new engineer." },
+    () => ({
+      messages: [{
+        role: "user",
+        content: { type: "text", text: "Read cartography://graph/summary, then cartography://services and cartography://databases. Write a concise onboarding briefing for a new engineer: what the major systems are, how they connect, which data stores are central, and where to look first." }
+      }]
+    })
+  );
+  server.registerPrompt(
+    "find-single-points-of-failure",
+    { title: "Find single points of failure", description: "Rank chokepoints whose loss has the largest blast radius." },
+    () => ({
+      messages: [{
+        role: "user",
+        content: { type: "text", text: "Call get_summary and read topConnected (the most-connected nodes). For each, call get_dependencies (direction=both) to measure how many services depend on it. Identify single points of failure \u2014 nodes whose loss would disconnect or degrade the largest blast radius \u2014 rank them by impact, and recommend redundancy or mitigation for each." }
+      }]
+    })
+  );
+  server.registerPrompt(
+    "generate-runbook",
+    {
+      title: "Generate operations runbook",
+      description: "Produce an operations/onboarding runbook from the topology.",
+      argsSchema: { service: z2.string().optional().describe("Optional service id/name to scope the runbook") }
+    },
+    (args) => ({
+      messages: [{
+        role: "user",
+        content: { type: "text", text: args.service ? `Use query_infrastructure to locate "${args.service}", then get_dependencies (direction=both). Write an operations runbook for it: purpose, upstream/downstream dependencies, startup/shutdown order, health checks, common failure modes, and escalation steps.` : "Read cartography://graph/summary, then call get_summary and list_services. Write a system-wide operations runbook: major components, how they connect, critical data stores, startup/shutdown order, health checks, and where an on-call engineer should look first." }
+      }]
+    })
+  );
+  return server;
+}
+
+// src/mcp/transports.ts
+import { randomUUID } from "crypto";
+import http from "http";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+async function runStdio(server) {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+var MAX_INGEST_BYTES = 5 * 1024 * 1024;
+async function readCappedBody(req, cap) {
+  const chunks = [];
+  let total = 0;
+  let overflow = false;
+  for await (const chunk of req) {
+    if (overflow) continue;
+    const buf = chunk;
+    total += buf.length;
+    if (total > cap) {
+      overflow = true;
+      chunks.length = 0;
+      continue;
+    }
+    chunks.push(buf);
+  }
+  if (overflow) return { overflow: true, value: void 0 };
+  if (chunks.length === 0) return { overflow: false, value: void 0 };
+  try {
+    return { overflow: false, value: JSON.parse(Buffer.concat(chunks).toString("utf8")) };
+  } catch {
+    return { overflow: false, value: void 0 };
+  }
+}
+async function readJsonBody(req) {
+  const chunks = [];
+  for await (const chunk of req) chunks.push(chunk);
+  if (chunks.length === 0) return void 0;
+  try {
+    return JSON.parse(Buffer.concat(chunks).toString("utf8"));
+  } catch {
+    return void 0;
+  }
+}
+async function runHttp(factory, opts = {}) {
+  const host = opts.host ?? "127.0.0.1";
+  const port = opts.port ?? 3737;
+  assertSafeBind({ host, port, ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {}, ...opts.token ? { token: opts.token } : {} });
+  const allowedHosts = opts.allowedHosts ?? defaultAllowedHosts(host, port);
+  const token = opts.token;
+  const transports = /* @__PURE__ */ new Map();
+  const httpServer = http.createServer(async (req, res) => {
+    try {
+      const url = req.url ?? "";
+      const isIngest = url.startsWith("/ingest") && opts.onIngest !== void 0;
+      if (!url.startsWith("/mcp") && !isIngest) {
+        res.writeHead(404, { "content-type": "application/json" }).end('{"error":"not found"}');
+        return;
+      }
+      if (!checkBearer(req.headers["authorization"], token)) {
+        res.writeHead(401, { "content-type": "application/json", "www-authenticate": "Bearer" }).end('{"error":"unauthorized"}');
+        return;
+      }
+      if (isIngest) {
+        const hostHeader = (req.headers["host"] ?? "").toLowerCase();
+        if (!allowedHosts.some((h) => h.toLowerCase() === hostHeader)) {
+          res.writeHead(403, { "content-type": "application/json" }).end('{"error":"host not allowed"}');
+          return;
+        }
+        const onIngest = opts.onIngest;
+        if (req.method !== "POST") {
+          res.writeHead(405, { "content-type": "application/json", "allow": "POST" }).end('{"error":"method not allowed"}');
+          return;
+        }
+        const { overflow, value } = await readCappedBody(req, MAX_INGEST_BYTES);
+        if (overflow) {
+          res.writeHead(413, { "content-type": "application/json" }).end('{"error":"payload too large"}');
+          return;
+        }
+        const out = onIngest(value);
+        res.writeHead(out.status, { "content-type": "application/json" }).end(JSON.stringify(out.body));
+        return;
+      }
+      const sessionId = req.headers["mcp-session-id"];
+      const existing = sessionId ? transports.get(sessionId) : void 0;
+      if (existing) {
+        const body2 = req.method === "POST" ? await readJsonBody(req) : void 0;
+        await existing.handleRequest(req, res, body2);
+        return;
+      }
+      if (req.method !== "POST") {
+        res.writeHead(400, { "content-type": "application/json" }).end('{"error":"missing or unknown mcp-session-id"}');
+        return;
+      }
+      const body = await readJsonBody(req);
+      const transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => randomUUID(),
+        enableDnsRebindingProtection: true,
+        allowedHosts,
+        ...opts.allowedOrigins ? { allowedOrigins: opts.allowedOrigins } : {},
+        onsessioninitialized: (id) => {
+          transports.set(id, transport);
+        }
+      });
+      transport.onclose = () => {
+        if (transport.sessionId) transports.delete(transport.sessionId);
+      };
+      await factory().connect(transport);
+      await transport.handleRequest(req, res, body);
+    } catch (err) {
+      process.stderr.write(`[cartography-mcp] HTTP request failed: ${err instanceof Error ? err.message : String(err)}
+`);
+      if (!res.headersSent) res.writeHead(500, { "content-type": "application/json" }).end('{"error":"internal error"}');
+    }
+  });
+  await new Promise((resolve) => httpServer.listen(port, host, resolve));
+  return httpServer;
+}
+
+// src/semantic/hash.ts
+function fnv1a(s) {
+  let h = 2166136261;
+  for (let i = 0; i < s.length; i++) {
+    h ^= s.charCodeAt(i);
+    h = Math.imul(h, 16777619);
+  }
+  return h >>> 0;
+}
+
+// src/semantic/embeddings.ts
+async function createLocalEmbedder(model = "Xenova/all-MiniLM-L6-v2") {
+  try {
+    const tf = await import("@huggingface/transformers");
+    const extractor = await tf.pipeline("feature-extraction", model);
+    return {
+      id: `local:${model}`,
+      dimensions: 384,
+      async embed(texts) {
+        const out = [];
+        for (const text of texts) {
+          const tensor = await extractor(text, { pooling: "mean", normalize: true });
+          out.push(Float32Array.from(tensor.data));
+        }
+        return out;
+      }
+    };
+  } catch {
+    return void 0;
+  }
+}
+
+// src/semantic/store.ts
+function nodeText(n) {
+  const desc = typeof n.metadata?.["description"] === "string" ? n.metadata["description"] : "";
+  const category = typeof n.metadata?.["category"] === "string" ? n.metadata["category"] : "";
+  return [n.name, n.id.replace(/[:_]/g, " "), `type ${n.type}`, n.domain ?? "", n.subDomain ?? "", category, n.tags.join(" "), desc].filter(Boolean).join(" \u2014 ");
+}
+function hash(s) {
+  return fnv1a(s).toString(16);
+}
+function toBuffer(v) {
+  return Buffer.from(v.buffer, v.byteOffset, v.byteLength);
+}
+var VectorStore = class {
+  constructor(db, embedder) {
+    this.db = db;
+    this.embedder = embedder;
+  }
+  loaded = false;
+  /** Load sqlite-vec and ensure the schema exists. Returns false if unavailable. */
+  async init() {
+    if (this.loaded) return true;
+    try {
+      const conn = this.db.rawConnection();
+      const sqliteVec = await import("sqlite-vec");
+      sqliteVec.load(conn);
+      conn.exec(`
+        CREATE TABLE IF NOT EXISTS vec_index (
+          rowid INTEGER PRIMARY KEY AUTOINCREMENT,
+          session_id TEXT NOT NULL,
+          node_id TEXT NOT NULL,
+          hash TEXT NOT NULL,
+          UNIQUE(session_id, node_id)
+        );
+        CREATE TABLE IF NOT EXISTS vec_meta (key TEXT PRIMARY KEY, value TEXT NOT NULL);
+      `);
+      const dimRow = conn.prepare("SELECT value FROM vec_meta WHERE key = 'dims'").get();
+      const dims = this.embedder.dimensions;
+      if (dimRow && Number(dimRow.value) !== dims) {
+        conn.exec("DROP TABLE IF EXISTS vec_nodes; DELETE FROM vec_index;");
+      }
+      conn.exec(`CREATE VIRTUAL TABLE IF NOT EXISTS vec_nodes USING vec0(embedding float[${dims}])`);
+      conn.prepare("INSERT OR REPLACE INTO vec_meta(key, value) VALUES (?, ?)").run("dims", String(dims));
+      conn.prepare("INSERT OR REPLACE INTO vec_meta(key, value) VALUES (?, ?)").run("embedder", this.embedder.id);
+      this.loaded = true;
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /** Incrementally embed and index any new/changed nodes for a session. */
+  async index(sessionId) {
+    if (!await this.init()) return { embedded: 0, total: 0 };
+    const conn = this.db.rawConnection();
+    const nodes = this.db.getNodes(sessionId);
+    const getRow = conn.prepare("SELECT rowid, hash FROM vec_index WHERE session_id = ? AND node_id = ?");
+    const insIndex = conn.prepare("INSERT INTO vec_index (session_id, node_id, hash) VALUES (?, ?, ?)");
+    const updHash = conn.prepare("UPDATE vec_index SET hash = ? WHERE rowid = ?");
+    const delVec = conn.prepare("DELETE FROM vec_nodes WHERE rowid = ?");
+    const insVec = conn.prepare("INSERT INTO vec_nodes (rowid, embedding) VALUES (?, ?)");
+    const pending = [];
+    for (const n of nodes) {
+      const text = nodeText(n);
+      const h = hash(`${this.embedder.id}:${text}`);
+      const existing = getRow.get(sessionId, n.id);
+      if (existing) {
+        if (existing.hash === h) continue;
+        updHash.run(h, existing.rowid);
+        delVec.run(BigInt(existing.rowid));
+        pending.push({ rowid: BigInt(existing.rowid), text });
+      } else {
+        const info = insIndex.run(sessionId, n.id, h);
+        pending.push({ rowid: BigInt(info.lastInsertRowid), text });
+      }
+    }
+    if (pending.length > 0) {
+      const vectors = await this.embedder.embed(pending.map((p) => p.text));
+      const tx = conn.transaction(() => {
+        pending.forEach((p, i) => insVec.run(p.rowid, toBuffer(vectors[i])));
+      });
+      tx();
+    }
+    return { embedded: pending.length, total: nodes.length };
+  }
+  /** k-nearest-neighbour search within a session. Returns node ids + distances. */
+  async search(sessionId, query, k) {
+    if (!await this.init()) return [];
+    await this.index(sessionId);
+    const conn = this.db.rawConnection();
+    const [qv] = await this.embedder.embed([query]);
+    if (!qv) return [];
+    const overfetch = Math.max(k * 5, k);
+    const knn = conn.prepare(
+      "SELECT rowid, distance FROM vec_nodes WHERE embedding MATCH ? ORDER BY distance LIMIT ?"
+    ).all(toBuffer(qv), overfetch);
+    const meta = conn.prepare("SELECT node_id AS nodeId, session_id AS sessionId FROM vec_index WHERE rowid = ?");
+    const out = [];
+    for (const row of knn) {
+      const m = meta.get(row.rowid);
+      if (m && m.sessionId === sessionId) out.push({ nodeId: m.nodeId, distance: row.distance });
+      if (out.length >= k) break;
+    }
+    return out;
+  }
+};
+
+// src/semantic/search.ts
+var lexical = (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
+var lexicalSearch2 = () => async (d, sid, q, opts) => lexical(d, sid, q, opts);
+async function createSemanticSearch(db, embedder, opts = {}) {
+  const log = opts.log;
+  const provider = embedder ?? await createLocalEmbedder();
+  if (!provider) {
+    log?.("semantic search: embeddings unavailable (@huggingface/transformers not installed or failed to load) \u2014 using lexical search");
+    return lexicalSearch2();
+  }
+  const store = new VectorStore(db, provider);
+  const ok = await store.init();
+  if (!ok) {
+    log?.("semantic search: vector store unavailable (sqlite-vec not installed or failed to load) \u2014 using lexical search");
+    return lexicalSearch2();
+  }
+  log?.("semantic search: ready");
+  return async (d, sid, query, queryOpts) => {
+    const hits = await store.search(sid, query, queryOpts.limit);
+    if (hits.length === 0) return lexical(d, sid, query, queryOpts);
+    const byId = d.getNodesByIds(sid, hits.map((h) => h.nodeId));
+    const results = [];
+    for (const h of hits) {
+      const node = byId.get(h.nodeId);
+      if (!node) continue;
+      if (queryOpts.types && queryOpts.types.length > 0 && !queryOpts.types.includes(node.type)) continue;
+      results.push({ node, score: Math.max(0, 1 - h.distance / 2) });
+    }
+    return results.length > 0 ? results : lexical(d, sid, query, queryOpts);
+  };
+}
+
+// src/store/sqlite.ts
+var SqliteStoreBackend = class {
+  constructor(db) {
+    this.db = db;
+  }
+  upsertNode(org, node, identity, contributor) {
+    return this.db.upsertCentralNode(org, node, identity, contributor);
+  }
+  insertEdge(org, edge) {
+    this.db.insertCentralEdge(org, edge);
+  }
+  getSummary(org) {
+    return this.db.getOrgSummary(org);
+  }
+  getContributors(globalId2) {
+    return this.db.getContributorsByGlobalId(globalId2);
+  }
+  /**
+   * No-op: the wrapped `CartographyDB` is owned by the caller (it is shared with the
+   * read-side MCP server in server-mode), so the backend never closes it. The caller
+   * closes the `CartographyDB` directly.
+   */
+  close() {
+  }
+};
+
+// src/central/ingest.ts
+import { z as z3 } from "zod";
+
+// src/central/merge.ts
+function computeIdentity(org, node) {
+  return {
+    globalId: globalId(org, node.id),
+    contentHash: contentHash(node.type, node.name, keyMetaOf(node.metadata ?? {}))
+  };
+}
+
+// src/central/anonymization.ts
+var LOOPBACK_IP = /\b127(?:\.\d{1,3}){3}\b/g;
+var FQDN = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}\b/gi;
+var POSIX_PATH2 = /(?:^|(?<=\s|=|:|"|'|\())(\/[A-Za-z0-9._-]+(?:\/[A-Za-z0-9._-]+)+)/g;
+var WIN_PATH2 = /\b[A-Za-z]:\\[A-Za-z0-9._\\-]+/g;
+var HOME_USER = /(?:\/home\/|\/Users\/|[A-Za-z]:\\Users\\)([A-Za-z0-9._-]+)/g;
+var BARE_INTERNAL_HOST = /^[a-z0-9]+(?:-[a-z0-9]+)+$|^[a-z]+\d+$|^\d+[a-z]+$/i;
+var ANON_TOKEN = /^anon:(?:host|user|path|ip):[a-z2-7]+$/;
+function violationsInString(s, path) {
+  const out = [];
+  const trimmed = s.trim();
+  if (trimmed === "" || ANON_TOKEN.test(trimmed)) return out;
+  if (PRIVATE_IP.test(s) || LOOPBACK_IP.test(s)) out.push({ path, kind: "private-ip" });
+  PRIVATE_IP.lastIndex = 0;
+  LOOPBACK_IP.lastIndex = 0;
+  if (HOME_USER.test(s)) out.push({ path, kind: "username" });
+  HOME_USER.lastIndex = 0;
+  if (WIN_PATH2.test(s) || POSIX_PATH2.test(s)) out.push({ path, kind: "absolute-path" });
+  WIN_PATH2.lastIndex = 0;
+  POSIX_PATH2.lastIndex = 0;
+  if (FQDN.test(s)) out.push({ path, kind: "hostname" });
+  FQDN.lastIndex = 0;
+  if (out.length === 0 && BARE_INTERNAL_HOST.test(trimmed)) out.push({ path, kind: "hostname" });
+  return out;
+}
+function findAnonViolations(value, level, path = "") {
+  if (level !== "anonymized") return [];
+  return collect(value, path);
+}
+function collect(value, path) {
+  if (typeof value === "string") return violationsInString(value, path || "(root)");
+  if (Array.isArray(value)) return value.flatMap((v, i) => collect(v, `${path}[${i}]`));
+  if (value && typeof value === "object") {
+    return Object.entries(value).flatMap(([k, v]) => collect(v, path ? `${path}.${k}` : k));
+  }
+  return [];
+}
+function scrub(value, path) {
+  if (typeof value === "string") return violationsInString(value, path || "(root)").length > 0 ? "***" : value;
+  if (Array.isArray(value)) return value.map((v, i) => scrub(v, `${path}[${i}]`));
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) out[k] = scrub(v, path ? `${path}.${k}` : k);
+    return out;
+  }
+  return value;
+}
+function revalidateAnonymized(node, level, mode) {
+  const violations = [
+    ...findAnonViolations(node.name, level, "name"),
+    ...findAnonViolations(node.id, level, "id"),
+    ...findAnonViolations(node.metadata ?? {}, level, "metadata"),
+    ...findAnonViolations(node.tags ?? [], level, "tags"),
+    ...findAnonViolations(node.domain ?? "", level, "domain"),
+    ...findAnonViolations(node.subDomain ?? "", level, "subDomain")
+  ];
+  if (violations.length === 0 || mode === "reject") return { node, violations };
+  const scrubbed = {
+    ...node,
+    name: scrub(node.name, "name"),
+    metadata: scrub(node.metadata ?? {}, "metadata"),
+    tags: (node.tags ?? []).map((t, i) => scrub(t, `tags[${i}]`)),
+    ...node.domain != null ? { domain: scrub(node.domain, "domain") } : {},
+    ...node.subDomain != null ? { subDomain: scrub(node.subDomain, "subDomain") } : {}
+  };
+  return { node: scrubbed, violations };
+}
+
+// src/central/ingest.ts
+var INGEST_SCHEMA_VERSION = 1;
+var MAX_ITEMS = 5e4;
+var ContributorSchema = z3.object({
+  machineId: z3.string().min(1),
+  hostname: z3.string().default("unknown"),
+  user: z3.string().default("unknown"),
+  confidence: z3.number().min(0).max(1).default(0.5)
+});
+var IngestEnvelopeSchema = z3.object({
+  schemaVersion: z3.literal(INGEST_SCHEMA_VERSION),
+  org: z3.string().min(1).optional(),
+  items: z3.array(z3.object({
+    contentHash: z3.string(),
+    kind: z3.enum(["node", "edge"]),
+    payload: z3.unknown()
+  })).max(MAX_ITEMS),
+  // Extensions (forward-compatible; 2.11 does not yet send these).
+  contributor: ContributorSchema.optional(),
+  anonymizationLevel: z3.enum(["none", "anonymized", "full"]).optional()
+});
+function ingestEnvelope(store, envelope, opts = {}) {
+  const anonMode = opts.anonMode ?? "reject";
+  const org = envelope.org ?? opts.defaultOrg ?? "local";
+  const level = envelope.anonymizationLevel ?? "anonymized";
+  const at = (/* @__PURE__ */ new Date()).toISOString();
+  const contributor = {
+    machineId: envelope.contributor?.machineId ?? "unknown",
+    hostname: envelope.contributor?.hostname ?? "unknown",
+    user: envelope.contributor?.user ?? "unknown",
+    organization: org,
+    at,
+    confidence: envelope.contributor?.confidence ?? 0.5
+  };
+  let accepted = 0;
+  let merged = 0;
+  let rejected = 0;
+  let edges = 0;
+  let violations = 0;
+  const acceptedNodeIds = /* @__PURE__ */ new Set();
+  for (const item of envelope.items) {
+    if (item.kind !== "node") continue;
+    const parsed = NodeSchema.safeParse(item.payload);
+    if (!parsed.success) {
+      rejected += 1;
+      logWarn("ingest: dropped malformed node payload", { org, contentHash: item.contentHash });
+      continue;
+    }
+    const node = parsed.data;
+    const check = revalidateAnonymized(node, level, anonMode);
+    if (check.violations.length > 0) {
+      violations += check.violations.length;
+      const idViolation = check.violations.some((v) => v.path === "id");
+      if (anonMode === "reject" || idViolation) {
+        rejected += 1;
+        logWarn("ingest: rejected node with un-anonymized fragments", {
+          org,
+          nodeId: node.id,
+          action: "reject",
+          mode: anonMode,
+          idViolation,
+          kinds: check.violations.map((v) => `${v.path}:${v.kind}`)
+        });
+        continue;
+      }
+      logWarn("ingest: scrubbed un-anonymized fragments from node", {
+        org,
+        nodeId: node.id,
+        action: "strip",
+        kinds: check.violations.map((v) => `${v.path}:${v.kind}`)
+      });
+    }
+    const safe = check.node;
+    const identity = computeIdentity(org, safe);
+    const outcome = store.upsertNode(org, safe, identity, { ...contributor, confidence: safe.confidence });
+    accepted += 1;
+    if (outcome === "merged") merged += 1;
+    acceptedNodeIds.add(safe.id);
+  }
+  for (const item of envelope.items) {
+    if (item.kind !== "edge") continue;
+    const parsed = EdgeSchema.safeParse(item.payload);
+    if (!parsed.success) {
+      logWarn("ingest: dropped malformed edge payload", { org, contentHash: item.contentHash });
+      continue;
+    }
+    const edge = parsed.data;
+    if (acceptedNodeIds.size > 0 && (!acceptedNodeIds.has(edge.sourceId) || !acceptedNodeIds.has(edge.targetId))) {
+      continue;
+    }
+    store.insertEdge(org, edge);
+    edges += 1;
+  }
+  logInfo("ingest", { org, accepted, merged, rejected, edges, violations, level, anonMode });
+  return { org, accepted, merged, rejected, edges, violations };
+}
+
+// src/central/server.ts
+function createIngestHandler(store, opts = {}) {
+  return (body) => {
+    const parsed = IngestEnvelopeSchema.safeParse(body);
+    if (!parsed.success) {
+      const issues = parsed.error.issues.map((i) => `${i.path.join(".") || "(root)"}: ${i.message}`);
+      logWarn("ingest: rejected invalid envelope", { issues });
+      return { status: 400, body: { error: "invalid envelope", issues } };
+    }
+    try {
+      const result = ingestEnvelope(store, parsed.data, opts);
+      return { status: 200, body: result };
+    } catch (err) {
+      logWarn("ingest: failed", { error: err instanceof Error ? err.message : String(err) });
+      return { status: 500, body: { error: "ingest failed" } };
+    }
+  };
+}
+
+// src/mcp/start.ts
+function parseMcpArgs(argv) {
+  const opts = {};
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === "--http") opts.transport = "http";
+    else if (a === "--stdio") opts.transport = "stdio";
+    else if (a === "--no-semantic") opts.semantic = false;
+    else if (a === "--port") opts.port = Number(argv[++i]);
+    else if (a === "--host") opts.host = argv[++i];
+    else if (a === "--allowed-hosts") opts.allowedHosts = (argv[++i] ?? "").split(",").map((h) => h.trim()).filter(Boolean);
+    else if (a === "--token") opts.token = argv[++i];
+    else if (a === "--db") opts.dbPath = argv[++i];
+    else if (a === "--session") opts.session = argv[++i];
+    else if (a === "--tenant" || a === "--org") opts.tenant = argv[++i];
+    else if (a === "--plugins") opts.plugins = (argv[++i] ?? "").split(",").map((p) => p.trim()).filter(Boolean);
+    else if (a === "--server-mode") opts.serverMode = true;
+    else if (a === "--anon-mode") {
+      const m = argv[++i];
+      if (m === "reject" || m === "strip") opts.anonMode = m;
+    } else if (a === "--help" || a === "-h") opts.help = true;
+  }
+  return opts;
+}
+async function startMcp(opts = {}) {
+  const log = opts.log ?? ((m) => process.stderr.write(m + "\n"));
+  const db = new CartographyDB(opts.dbPath ?? defaultConfig().dbPath);
+  let search;
+  if (opts.semantic !== false) {
+    search = await createSemanticSearch(db, void 0, { log });
+  }
+  const plugins = opts.plugins ?? (process.env["CARTOGRAPHY_PLUGINS"] ? process.env["CARTOGRAPHY_PLUGINS"].split(",").map((p) => p.trim()).filter(Boolean) : []);
+  const discovery = localDiscoveryFn(void 0, plugins);
+  const tenant = normalizeTenant(opts.tenant);
+  const serverMode = opts.serverMode === true;
+  const org = serverMode ? tenant : void 0;
+  const factory = () => createMcpServer({ db, session: opts.session ?? "latest", tenant, search, discovery, ...org !== void 0 ? { org } : {} });
+  const transport = serverMode ? "http" : opts.transport;
+  if (transport === "http") {
+    const port = opts.port ?? 3737;
+    const host = opts.host ?? "127.0.0.1";
+    const token = opts.token ?? process.env["CARTOGRAPHY_HTTP_TOKEN"] ?? process.env["CARTOGRAPHY_CENTRAL_TOKEN"];
+    let onIngest;
+    if (serverMode) {
+      const store = new SqliteStoreBackend(db);
+      const anonMode = opts.anonMode ?? "reject";
+      onIngest = createIngestHandler(store, { anonMode, defaultOrg: tenant });
+    }
+    await runHttp(factory, {
+      port,
+      host,
+      ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {},
+      ...token ? { token } : {},
+      ...onIngest ? { onIngest } : {}
+    });
+    const modeNote = serverMode ? ` [central collector: POST /ingest enabled, anon-mode=${opts.anonMode ?? "reject"}]` : "";
+    log(`Cartography MCP server (Streamable HTTP) on http://${host}:${port}/mcp${token ? " (auth: bearer token required)" : ""} (tenant: ${tenant})${modeNote}`);
+  } else {
+    log(`Cartography MCP server (stdio) ready (tenant: ${tenant})`);
+    await runStdio(factory());
+  }
+}
+
+export {
+  isPersonalHost,
+  runLocalDiscovery,
+  getRuleset,
+  listRulesets,
+  runDrift,
+  loadOrgKey,
+  rotateOrgKey,
+  pseudonymizeString,
+  pseudonymize,
+  reversePseudonym,
+  parseMcpArgs,
+  startMcp
+};
+//# sourceMappingURL=chunk-B2AKONVW.js.map