@datasynx/agentic-ai-cartography 2.3.0 → 2.4.0

package/dist/api-bin.js

@@ -2,9 +2,9 @@
 import {
   parseApiArgs,
   startApi
-} from "./chunk-7VZH5PFV.js";
-import "./chunk-7QEBFMN4.js";
-import "./chunk-WCR47QA2.js";
+} from "./chunk-L4OSL7I6.js";
+import "./chunk-X5JA2UDT.js";
+import "./chunk-QQOQBE2A.js";
 import "./chunk-2SZ5QHGH.js";
 
 // src/api-bin.ts

package/dist/{chunk-B2AKONVW.js → chunk-B4QWX7CP.js}

@@ -20,7 +20,7 @@ import {
   sanitizeUntrusted,
   stableStringify,
   stripSensitive
-} from "./chunk-7QEBFMN4.js";
+} from "./chunk-X5JA2UDT.js";
 import {
   EdgeSchema,
   NODE_TYPES,
@@ -29,7 +29,7 @@ import {
   SECURITY_METADATA_KEYS,
   SEVERITIES,
   defaultConfig
-} from "./chunk-WCR47QA2.js";
+} from "./chunk-QQOQBE2A.js";
 import {
   IS_WIN,
   PLATFORM,
@@ -965,6 +965,41 @@ var StdoutSink = class {
 
 // src/sinks/webhook.ts
 var LOOPBACK_HOSTS = /* @__PURE__ */ new Set(["localhost", "127.0.0.1", "[::1]", "::1"]);
+async function postJson(opts) {
+  const doFetch = opts.fetchImpl ?? (typeof fetch === "function" ? fetch : void 0);
+  if (!doFetch) {
+    logWarn("sink unavailable: global fetch missing", { sink: opts.sinkName });
+    return;
+  }
+  if (!opts.url) {
+    logWarn("sink unavailable: no url configured", { sink: opts.sinkName });
+    return;
+  }
+  if (!isSecureWebhookUrl(opts.url)) {
+    logWarn("sink refused: insecure scheme (use https:// or a loopback host)", {
+      sink: opts.sinkName,
+      host: stripSensitive(opts.url)
+    });
+    return;
+  }
+  try {
+    const res = await doFetch(opts.url, {
+      method: "POST",
+      headers: { "content-type": "application/json", ...opts.headers ?? {} },
+      body: JSON.stringify(opts.body),
+      signal: AbortSignal.timeout(opts.timeoutMs ?? 1e4)
+    });
+    if (!res.ok) {
+      logError("sink delivery failed", { sink: opts.sinkName, host: stripSensitive(opts.url), status: res.status });
+    }
+  } catch (err) {
+    logError("sink delivery failed", {
+      sink: opts.sinkName,
+      host: stripSensitive(opts.url),
+      reason: err instanceof Error ? err.message : String(err)
+    });
+  }
+}
 function isSecureWebhookUrl(url, env = process.env) {
   if (env.CARTOGRAPHY_ALLOW_INSECURE_SYNC === "1") return true;
   let parsed;
@@ -983,59 +1018,177 @@ var WebhookSink = class {
   }
   name = "webhook";
   async emit(alert) {
-    if (typeof fetch !== "function") {
-      logWarn("webhook sink unavailable: global fetch missing", { sink: this.name });
-      return;
-    }
     const { url, token, timeoutMs } = this.opts;
-    if (!url) {
-      logWarn("webhook sink unavailable: no url configured", { sink: this.name });
-      return;
-    }
-    if (!isSecureWebhookUrl(url)) {
-      logWarn("webhook sink refused: insecure scheme (use https:// or a loopback host)", {
-        sink: this.name,
-        host: stripSensitive(url)
-      });
-      return;
-    }
-    try {
-      const res = await fetch(url, {
-        method: "POST",
-        headers: {
-          "content-type": "application/json",
-          ...token ? { authorization: `Bearer ${token}` } : {}
-        },
-        body: JSON.stringify(redactValue(alert)),
-        signal: AbortSignal.timeout(timeoutMs ?? 1e4)
-      });
-      if (!res.ok) {
-        logError("webhook sink failed", { sink: this.name, host: stripSensitive(url), status: res.status });
+    await postJson({
+      url,
+      body: redactValue(alert),
+      ...token ? { headers: { authorization: `Bearer ${token}` } } : {},
+      ...timeoutMs !== void 0 ? { timeoutMs } : {},
+      sinkName: this.name
+    });
+  }
+};
+
+// src/sinks/providers.ts
+var MAX_ITEMS = 20;
+var SEVERITY_EMOJI = { info: "\u{1F7E2}", warning: "\u{1F7E1}", critical: "\u{1F534}" };
+function headline(alert) {
+  const s = alert.summary;
+  return `${s.nodesAdded}+ / ${s.nodesRemoved}- / ${s.nodesChanged}~ nodes, ${s.edgesAdded}+ / ${s.edgesRemoved}- edges`;
+}
+function itemLine(it) {
+  const sec = it.securityFields?.length ? ` [security: ${it.securityFields.join(", ")}]` : "";
+  const fields = it.changedFields?.length ? ` (${it.changedFields.join(", ")})` : "";
+  return `${it.severity.toUpperCase()} \xB7 ${it.kind} \xB7 ${it.label}${fields}${sec}`;
+}
+function bodyText(alert) {
+  const lines = alert.items.slice(0, MAX_ITEMS).map(itemLine);
+  const more = alert.items.length > MAX_ITEMS ? [`\u2026and ${alert.items.length - MAX_ITEMS} more`] : [];
+  return [headline(alert), "", ...lines, ...more].join("\n");
+}
+function formatSlack(alert) {
+  const title = `${SEVERITY_EMOJI[alert.severity]} Topology drift \u2014 ${alert.severity}`;
+  return {
+    text: `${title}: ${headline(alert)}`,
+    blocks: [
+      { type: "header", text: { type: "plain_text", text: title, emoji: true } },
+      { type: "section", text: { type: "mrkdwn", text: "```" + bodyText(alert) + "```" } },
+      { type: "context", elements: [{ type: "mrkdwn", text: `base ${alert.base.sessionId} \u2192 current ${alert.current.sessionId} \xB7 ${alert.generatedAt}` }] }
+    ]
+  };
+}
+var PD_SEVERITY = {
+  info: "info",
+  warning: "warning",
+  critical: "critical"
+};
+function formatPagerDuty(alert, routingKey) {
+  return {
+    routing_key: routingKey,
+    event_action: "trigger",
+    // Stable per base→current pair so repeated alerts for the same delta de-duplicate.
+    dedup_key: `cartograph-drift:${alert.base.sessionId}:${alert.current.sessionId}`,
+    payload: {
+      summary: `Cartograph topology drift (${alert.severity}): ${headline(alert)}`,
+      source: "cartograph",
+      severity: PD_SEVERITY[alert.severity],
+      timestamp: alert.generatedAt,
+      custom_details: {
+        summary: alert.summary,
+        items: alert.items.slice(0, MAX_ITEMS).map((it) => ({
+          kind: it.kind,
+          ref: it.ref,
+          severity: it.severity,
+          ...it.changedFields ? { changedFields: it.changedFields } : {},
+          ...it.securityFields ? { securityFields: it.securityFields } : {}
+        }))
       }
-    } catch (err) {
-      logError("webhook sink failed", {
-        sink: this.name,
-        host: stripSensitive(url),
-        reason: err instanceof Error ? err.message : String(err)
-      });
     }
+  };
+}
+function formatJira(alert, opts) {
+  return {
+    fields: {
+      project: { key: opts.project },
+      issuetype: { name: opts.issueType ?? "Task" },
+      summary: `Cartograph topology drift (${alert.severity}): ${headline(alert)}`,
+      description: bodyText(alert) + `
+
+base ${alert.base.sessionId} \u2192 current ${alert.current.sessionId}
+generated ${alert.generatedAt}`
+    }
+  };
+}
+
+// src/sinks/provider-sink.ts
+var PAGERDUTY_ENQUEUE_URL = "https://events.pagerduty.com/v2/enqueue";
+function deliver(name, url, body, opts, headers) {
+  return postJson({
+    url,
+    body,
+    sinkName: name,
+    ...headers ? { headers } : {},
+    ...opts.timeoutMs !== void 0 ? { timeoutMs: opts.timeoutMs } : {},
+    ...opts.fetchImpl ? { fetchImpl: opts.fetchImpl } : {}
+  });
+}
+var SlackSink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "slack";
+  async emit(alert) {
+    await deliver(this.name, this.opts.url, formatSlack(redactValue(alert)), this.opts);
+  }
+};
+var PagerDutySink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "pagerduty";
+  async emit(alert) {
+    const body = formatPagerDuty(redactValue(alert), this.opts.routingKey);
+    await deliver(this.name, this.opts.url || PAGERDUTY_ENQUEUE_URL, body, this.opts);
+  }
+};
+var JiraSink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "jira";
+  async emit(alert) {
+    const body = formatJira(redactValue(alert), {
+      project: this.opts.project,
+      ...this.opts.issueType ? { issueType: this.opts.issueType } : {}
+    });
+    const auth = Buffer.from(`${this.opts.email}:${this.opts.token}`).toString("base64");
+    const base = this.opts.url.replace(/\/+$/, "");
+    await deliver(this.name, `${base}/rest/api/2/issue`, body, this.opts, { authorization: `Basic ${auth}` });
   }
 };
 
 // src/sinks/index.ts
 function buildSinks(drift) {
   const configs = drift?.sinks && drift.sinks.length > 0 ? drift.sinks : [{ type: "stdout" }];
+  const envSecret = process.env.CARTOGRAPHY_DRIFT_TOKEN;
   const sinks = [];
   for (const s of configs) {
-    if (s.type === "webhook") {
-      if (!s.url) continue;
-      sinks.push(new WebhookSink({
-        url: s.url,
-        token: s.token ?? process.env.CARTOGRAPHY_DRIFT_TOKEN,
-        timeoutMs: s.timeoutMs
-      }));
-    } else {
-      sinks.push(new StdoutSink());
+    const timeoutMs = s.timeoutMs;
+    switch (s.type) {
+      case "webhook":
+        if (!s.url) {
+          logWarn("drift sink skipped: webhook requires a url", { sink: s.type });
+          break;
+        }
+        sinks.push(new WebhookSink({ url: s.url, token: s.token ?? envSecret, timeoutMs }));
+        break;
+      case "slack":
+        if (!s.url) {
+          logWarn("drift sink skipped: slack requires a webhook url", { sink: s.type });
+          break;
+        }
+        sinks.push(new SlackSink({ url: s.url, timeoutMs }));
+        break;
+      case "pagerduty": {
+        const routingKey = s.routingKey ?? s.token ?? envSecret;
+        if (!routingKey) {
+          logWarn("drift sink skipped: pagerduty requires a routingKey (or CARTOGRAPHY_DRIFT_TOKEN)", { sink: s.type });
+          break;
+        }
+        sinks.push(new PagerDutySink({ url: s.url ?? PAGERDUTY_ENQUEUE_URL, routingKey, timeoutMs }));
+        break;
+      }
+      case "jira": {
+        const token = s.token ?? envSecret;
+        if (!s.url || !s.email || !s.project || !token) {
+          logWarn("drift sink skipped: jira requires url, email, project and a token", { sink: s.type });
+          break;
+        }
+        sinks.push(new JiraSink({ url: s.url, email: s.email, token, project: s.project, issueType: s.issueType, timeoutMs }));
+        break;
+      }
+      default:
+        sinks.push(new StdoutSink());
     }
   }
   return sinks.length > 0 ? sinks : [new StdoutSink()];
@@ -1381,7 +1534,7 @@ async function executeNlQuery(db, sessionId, search, intent, opts = {}) {
 
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.3.0";
+var SERVER_VERSION = "2.4.0";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -2271,7 +2424,7 @@ function revalidateAnonymized(node, level, mode) {
 
 // src/central/ingest.ts
 var INGEST_SCHEMA_VERSION = 1;
-var MAX_ITEMS = 5e4;
+var MAX_ITEMS2 = 5e4;
 var ContributorSchema = z3.object({
   machineId: z3.string().min(1),
   hostname: z3.string().default("unknown"),
@@ -2285,7 +2438,7 @@ var IngestEnvelopeSchema = z3.object({
     contentHash: z3.string(),
     kind: z3.enum(["node", "edge"]),
     payload: z3.unknown()
-  })).max(MAX_ITEMS),
+  })).max(MAX_ITEMS2),
   // Extensions (forward-compatible; 2.11 does not yet send these).
   contributor: ContributorSchema.optional(),
   anonymizationLevel: z3.enum(["none", "anonymized", "full"]).optional()
@@ -2462,4 +2615,4 @@ export {
   parseMcpArgs,
   startMcp
 };
-//# sourceMappingURL=chunk-B2AKONVW.js.map
+//# sourceMappingURL=chunk-B4QWX7CP.js.map