@datasynx/agentic-ai-cartography 2.3.0 → 2.4.0

package/dist/index.d.cts

@@ -390,14 +390,22 @@ interface DriftAlert {
     /** ISO-8601 UTC generation time. */
     generatedAt: string;
 }
-/** One configured drift sink. `url` is required when `type === 'webhook'`. */
+/** One configured drift sink. `url` is required for every type except `stdout`. */
 interface DriftSinkConfig {
-    type: 'stdout' | 'webhook';
-    /** Required when type === 'webhook'. */
+    type: 'stdout' | 'webhook' | 'slack' | 'pagerduty' | 'jira';
+    /** Required for `webhook`/`slack`/`jira`; optional for `pagerduty` (defaults to the Events API). */
     url?: string;
-    /** Optional bearer token; falls back to CARTOGRAPHY_DRIFT_TOKEN. */
+    /** Bearer token (`webhook`) / Jira API token (`jira`); falls back to CARTOGRAPHY_DRIFT_TOKEN. */
     token?: string;
     timeoutMs?: number;
+    /** PagerDuty Events API v2 routing key (rides in the body). Falls back to `token`/CARTOGRAPHY_DRIFT_TOKEN. */
+    routingKey?: string;
+    /** Jira account email (basic-auth user). */
+    email?: string;
+    /** Jira target project key, e.g. "OPS". */
+    project?: string;
+    /** Jira issue type name (default "Task"). */
+    issueType?: string;
 }
 /**
  * Opt-in drift-alerting block on {@link CartographyConfig}. Absent → the runner
@@ -420,10 +428,17 @@ declare const DriftConfigSchema: z.ZodObject<{
         type: z.ZodEnum<{
             stdout: "stdout";
             webhook: "webhook";
+            slack: "slack";
+            pagerduty: "pagerduty";
+            jira: "jira";
         }>;
         url: z.ZodOptional<z.ZodString>;
         token: z.ZodOptional<z.ZodString>;
         timeoutMs: z.ZodOptional<z.ZodNumber>;
+        routingKey: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        project: z.ZodOptional<z.ZodString>;
+        issueType: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>>;
 }, z.core.$strip>;
 /** Machine-readable result formats shared by `discover` (#67) and `schedule`. */
@@ -2840,7 +2855,12 @@ declare const SCAN_ARG_PATTERNS: {
 type ScanArgKind = keyof typeof SCAN_ARG_PATTERNS;
 /** Throw if `value` fails the strict pattern for `kind`; otherwise return it. */
 declare function assertSafeScanArg(kind: ScanArgKind, value: string): string;
-/** Redact `user:password@` credentials embedded in any URL/DSN-like string. */
+/**
+ * Redact `user:password@` credentials embedded in any URL/DSN-like string. The
+ * quantifiers are length-bounded (schemes <64, userinfo/password <256 chars — far
+ * beyond any real DSN) so the pattern is linear and cannot polynomially backtrack
+ * (ReDoS) on adversarial input like `aaaa…` with no `://`.
+ */
 declare function redactSecrets(value: string): string;
 /** Recursively redact secrets from arbitrary metadata before persistence. */
 declare function redactValue(value: unknown): unknown;
@@ -3269,6 +3289,42 @@ interface WebhookSinkOptions {
     token?: string;
     timeoutMs?: number;
 }
+/** Injectable fetch (defaults to the global) — lets tests deliver without a socket. */
+type FetchLike = (url: string, init: RequestInit) => Promise<{
+    ok: boolean;
+    status: number;
+}>;
+interface PostJsonOptions {
+    url: string;
+    body: unknown;
+    /** Extra request headers (e.g. provider auth). `content-type: application/json` is always set. */
+    headers?: Record<string, string>;
+    timeoutMs?: number;
+    /** Sink name for structured logs (never logs the url/token/body). */
+    sinkName: string;
+    /** Injected fetch for tests; defaults to the global. */
+    fetchImpl?: FetchLike;
+}
+/**
+ * Shared outbound JSON POST carrying the load-bearing sink hardening, reused by
+ * {@link WebhookSink} and the Slack/PagerDuty/Jira provider sinks so there is exactly
+ * one egress code path:
+ *  - refuses a non-`https:` / non-loopback target ({@link isSecureWebhookUrl}, SSRF/plaintext guard);
+ *  - `AbortSignal.timeout` bounded;
+ *  - **never throws** for a transient failure (logs and resolves so the runner continues);
+ *  - logs only `stripSensitive(url)` (host:port) — never the full url, headers, token, or body.
+ * The body must already be redaction-safe (callers pass `redactValue(...)` output or a
+ * provider payload derived from it).
+ */
+declare function postJson(opts: PostJsonOptions): Promise<void>;
+/**
+ * True if `url` is safe to POST to: `https:`, or `http:` only to a loopback host,
+ * or any scheme when the documented `CARTOGRAPHY_ALLOW_INSECURE_SYNC=1` escape
+ * hatch (test-only) is set. An unparseable URL is treated as insecure. Mirrors the
+ * 2.11 `pushDeltas` guard so the drift feature never silently exfiltrates over the
+ * wire in plaintext.
+ */
+declare function isSecureWebhookUrl(url: string, env?: NodeJS.ProcessEnv): boolean;
 /**
  * Outbound sink: POSTs the alert as JSON to an operator-configured endpoint. The
  * first and only outbound network surface of the drift feature — off by default
@@ -3290,11 +3346,114 @@ declare class WebhookSink implements DriftSink {
     emit(alert: DriftAlert): Promise<void>;
 }
 
+/**
+ * Provider drift sinks (4.4): Slack / PagerDuty / Jira. Each is a thin {@link DriftSink}
+ * that (1) redacts the alert (`redactValue`), (2) maps it to the provider payload via the
+ * pure adapters in `providers.ts`, and (3) delivers it through the shared {@link postJson}
+ * helper — inheriting the *exact* `WebhookSink` hardening (https-or-loopback SSRF guard,
+ * bounded timeout, never-throw, `stripSensitive` log-only). They differ only in where the
+ * provider places its secret: Slack in the URL, PagerDuty as a `routing_key` in the body,
+ * Jira as an `Authorization: Basic` header.
+ */
+
+/** Default PagerDuty Events API v2 ingest endpoint. */
+declare const PAGERDUTY_ENQUEUE_URL = "https://events.pagerduty.com/v2/enqueue";
+interface BaseSinkOptions {
+    url: string;
+    timeoutMs?: number;
+    /** Injected fetch for tests; defaults to the global. */
+    fetchImpl?: FetchLike;
+}
+/** Slack incoming webhook. The configured `url` is the secret; no auth header is sent. */
+declare class SlackSink implements DriftSink {
+    private readonly opts;
+    readonly name = "slack";
+    constructor(opts: BaseSinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+interface PagerDutySinkOptions extends BaseSinkOptions {
+    /** Events API v2 routing key (rides in the body, PagerDuty's auth model). */
+    routingKey: string;
+}
+/** PagerDuty Events API v2 `trigger`. `url` defaults to {@link PAGERDUTY_ENQUEUE_URL}. */
+declare class PagerDutySink implements DriftSink {
+    private readonly opts;
+    readonly name = "pagerduty";
+    constructor(opts: PagerDutySinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+interface JiraSinkOptions extends BaseSinkOptions {
+    /** Jira account email (basic-auth user). */
+    email: string;
+    /** Jira API token (basic-auth pass). */
+    token: string;
+    /** Target project key (e.g. "OPS"). */
+    project: string;
+    /** Issue type name (default "Task"). */
+    issueType?: string;
+}
+/** Jira REST API v2 create-issue, authenticated with `Authorization: Basic base64(email:token)`. */
+declare class JiraSink implements DriftSink {
+    private readonly opts;
+    readonly name = "jira";
+    constructor(opts: JiraSinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+
+/**
+ * Pure provider payload mappers (4.4): a classified {@link DriftAlert} → the JSON
+ * shape Slack / PagerDuty / Jira each expect. Deterministic, no I/O, no secrets —
+ * they operate on the **already-`redactValue`'d** alert the sinks pass in, and read
+ * only structured fields (severity/counts/item refs), never raw node metadata. The
+ * delivery + auth + SSRF hardening lives in `provider-sink.ts`/`webhook.ts`; these
+ * are just shape transforms, so they are trivially snapshot-testable.
+ */
+
+interface SlackMessage {
+    text: string;
+    blocks: unknown[];
+}
+/** Map an alert to a Slack incoming-webhook message (Block Kit). The webhook URL is the secret. */
+declare function formatSlack(alert: DriftAlert): SlackMessage;
+interface PagerDutyEvent {
+    routing_key: string;
+    event_action: 'trigger';
+    dedup_key: string;
+    payload: {
+        summary: string;
+        source: string;
+        severity: 'info' | 'warning' | 'critical';
+        timestamp: string;
+        custom_details: Record<string, unknown>;
+    };
+}
+/** Map an alert to a PagerDuty Events API v2 `trigger`. `routingKey` rides in the body (PD's auth model). */
+declare function formatPagerDuty(alert: DriftAlert, routingKey: string): PagerDutyEvent;
+interface JiraIssue {
+    fields: {
+        project: {
+            key: string;
+        };
+        issuetype: {
+            name: string;
+        };
+        summary: string;
+        description: string;
+    };
+}
+interface JiraOptions {
+    project: string;
+    issueType?: string;
+}
+/** Map an alert to a Jira create-issue body. Auth (Basic email:token) is applied by the sink, not here. */
+declare function formatJira(alert: DriftAlert, opts: JiraOptions): JiraIssue;
+
 /**
  * Construct sinks from config. Absent/empty config → `[new StdoutSink()]` (the
- * local default). A webhook sink's token falls back to `CARTOGRAPHY_DRIFT_TOKEN`
- * when not given explicitly (mirroring `CARTOGRAPHY_HTTP_TOKEN`). A webhook entry
- * without a url is skipped defensively (the schema already rejects it).
+ * local default). Secrets (webhook `token`, Jira token, PagerDuty routing key) fall
+ * back to `CARTOGRAPHY_DRIFT_TOKEN` when not given explicitly (mirroring
+ * `CARTOGRAPHY_HTTP_TOKEN`). A provider entry missing a required field is skipped
+ * with a warning rather than aborting the others — graceful degradation.
  */
 declare function buildSinks(drift?: DriftConfig): DriftSink[];
 
@@ -3710,4 +3869,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };

package/dist/index.d.ts

@@ -390,14 +390,22 @@ interface DriftAlert {
     /** ISO-8601 UTC generation time. */
     generatedAt: string;
 }
-/** One configured drift sink. `url` is required when `type === 'webhook'`. */
+/** One configured drift sink. `url` is required for every type except `stdout`. */
 interface DriftSinkConfig {
-    type: 'stdout' | 'webhook';
-    /** Required when type === 'webhook'. */
+    type: 'stdout' | 'webhook' | 'slack' | 'pagerduty' | 'jira';
+    /** Required for `webhook`/`slack`/`jira`; optional for `pagerduty` (defaults to the Events API). */
     url?: string;
-    /** Optional bearer token; falls back to CARTOGRAPHY_DRIFT_TOKEN. */
+    /** Bearer token (`webhook`) / Jira API token (`jira`); falls back to CARTOGRAPHY_DRIFT_TOKEN. */
     token?: string;
     timeoutMs?: number;
+    /** PagerDuty Events API v2 routing key (rides in the body). Falls back to `token`/CARTOGRAPHY_DRIFT_TOKEN. */
+    routingKey?: string;
+    /** Jira account email (basic-auth user). */
+    email?: string;
+    /** Jira target project key, e.g. "OPS". */
+    project?: string;
+    /** Jira issue type name (default "Task"). */
+    issueType?: string;
 }
 /**
  * Opt-in drift-alerting block on {@link CartographyConfig}. Absent → the runner
@@ -420,10 +428,17 @@ declare const DriftConfigSchema: z.ZodObject<{
         type: z.ZodEnum<{
             stdout: "stdout";
             webhook: "webhook";
+            slack: "slack";
+            pagerduty: "pagerduty";
+            jira: "jira";
         }>;
         url: z.ZodOptional<z.ZodString>;
         token: z.ZodOptional<z.ZodString>;
         timeoutMs: z.ZodOptional<z.ZodNumber>;
+        routingKey: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        project: z.ZodOptional<z.ZodString>;
+        issueType: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>>;
 }, z.core.$strip>;
 /** Machine-readable result formats shared by `discover` (#67) and `schedule`. */
@@ -2840,7 +2855,12 @@ declare const SCAN_ARG_PATTERNS: {
 type ScanArgKind = keyof typeof SCAN_ARG_PATTERNS;
 /** Throw if `value` fails the strict pattern for `kind`; otherwise return it. */
 declare function assertSafeScanArg(kind: ScanArgKind, value: string): string;
-/** Redact `user:password@` credentials embedded in any URL/DSN-like string. */
+/**
+ * Redact `user:password@` credentials embedded in any URL/DSN-like string. The
+ * quantifiers are length-bounded (schemes <64, userinfo/password <256 chars — far
+ * beyond any real DSN) so the pattern is linear and cannot polynomially backtrack
+ * (ReDoS) on adversarial input like `aaaa…` with no `://`.
+ */
 declare function redactSecrets(value: string): string;
 /** Recursively redact secrets from arbitrary metadata before persistence. */
 declare function redactValue(value: unknown): unknown;
@@ -3269,6 +3289,42 @@ interface WebhookSinkOptions {
     token?: string;
     timeoutMs?: number;
 }
+/** Injectable fetch (defaults to the global) — lets tests deliver without a socket. */
+type FetchLike = (url: string, init: RequestInit) => Promise<{
+    ok: boolean;
+    status: number;
+}>;
+interface PostJsonOptions {
+    url: string;
+    body: unknown;
+    /** Extra request headers (e.g. provider auth). `content-type: application/json` is always set. */
+    headers?: Record<string, string>;
+    timeoutMs?: number;
+    /** Sink name for structured logs (never logs the url/token/body). */
+    sinkName: string;
+    /** Injected fetch for tests; defaults to the global. */
+    fetchImpl?: FetchLike;
+}
+/**
+ * Shared outbound JSON POST carrying the load-bearing sink hardening, reused by
+ * {@link WebhookSink} and the Slack/PagerDuty/Jira provider sinks so there is exactly
+ * one egress code path:
+ *  - refuses a non-`https:` / non-loopback target ({@link isSecureWebhookUrl}, SSRF/plaintext guard);
+ *  - `AbortSignal.timeout` bounded;
+ *  - **never throws** for a transient failure (logs and resolves so the runner continues);
+ *  - logs only `stripSensitive(url)` (host:port) — never the full url, headers, token, or body.
+ * The body must already be redaction-safe (callers pass `redactValue(...)` output or a
+ * provider payload derived from it).
+ */
+declare function postJson(opts: PostJsonOptions): Promise<void>;
+/**
+ * True if `url` is safe to POST to: `https:`, or `http:` only to a loopback host,
+ * or any scheme when the documented `CARTOGRAPHY_ALLOW_INSECURE_SYNC=1` escape
+ * hatch (test-only) is set. An unparseable URL is treated as insecure. Mirrors the
+ * 2.11 `pushDeltas` guard so the drift feature never silently exfiltrates over the
+ * wire in plaintext.
+ */
+declare function isSecureWebhookUrl(url: string, env?: NodeJS.ProcessEnv): boolean;
 /**
  * Outbound sink: POSTs the alert as JSON to an operator-configured endpoint. The
  * first and only outbound network surface of the drift feature — off by default
@@ -3290,11 +3346,114 @@ declare class WebhookSink implements DriftSink {
     emit(alert: DriftAlert): Promise<void>;
 }
 
+/**
+ * Provider drift sinks (4.4): Slack / PagerDuty / Jira. Each is a thin {@link DriftSink}
+ * that (1) redacts the alert (`redactValue`), (2) maps it to the provider payload via the
+ * pure adapters in `providers.ts`, and (3) delivers it through the shared {@link postJson}
+ * helper — inheriting the *exact* `WebhookSink` hardening (https-or-loopback SSRF guard,
+ * bounded timeout, never-throw, `stripSensitive` log-only). They differ only in where the
+ * provider places its secret: Slack in the URL, PagerDuty as a `routing_key` in the body,
+ * Jira as an `Authorization: Basic` header.
+ */
+
+/** Default PagerDuty Events API v2 ingest endpoint. */
+declare const PAGERDUTY_ENQUEUE_URL = "https://events.pagerduty.com/v2/enqueue";
+interface BaseSinkOptions {
+    url: string;
+    timeoutMs?: number;
+    /** Injected fetch for tests; defaults to the global. */
+    fetchImpl?: FetchLike;
+}
+/** Slack incoming webhook. The configured `url` is the secret; no auth header is sent. */
+declare class SlackSink implements DriftSink {
+    private readonly opts;
+    readonly name = "slack";
+    constructor(opts: BaseSinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+interface PagerDutySinkOptions extends BaseSinkOptions {
+    /** Events API v2 routing key (rides in the body, PagerDuty's auth model). */
+    routingKey: string;
+}
+/** PagerDuty Events API v2 `trigger`. `url` defaults to {@link PAGERDUTY_ENQUEUE_URL}. */
+declare class PagerDutySink implements DriftSink {
+    private readonly opts;
+    readonly name = "pagerduty";
+    constructor(opts: PagerDutySinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+interface JiraSinkOptions extends BaseSinkOptions {
+    /** Jira account email (basic-auth user). */
+    email: string;
+    /** Jira API token (basic-auth pass). */
+    token: string;
+    /** Target project key (e.g. "OPS"). */
+    project: string;
+    /** Issue type name (default "Task"). */
+    issueType?: string;
+}
+/** Jira REST API v2 create-issue, authenticated with `Authorization: Basic base64(email:token)`. */
+declare class JiraSink implements DriftSink {
+    private readonly opts;
+    readonly name = "jira";
+    constructor(opts: JiraSinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+
+/**
+ * Pure provider payload mappers (4.4): a classified {@link DriftAlert} → the JSON
+ * shape Slack / PagerDuty / Jira each expect. Deterministic, no I/O, no secrets —
+ * they operate on the **already-`redactValue`'d** alert the sinks pass in, and read
+ * only structured fields (severity/counts/item refs), never raw node metadata. The
+ * delivery + auth + SSRF hardening lives in `provider-sink.ts`/`webhook.ts`; these
+ * are just shape transforms, so they are trivially snapshot-testable.
+ */
+
+interface SlackMessage {
+    text: string;
+    blocks: unknown[];
+}
+/** Map an alert to a Slack incoming-webhook message (Block Kit). The webhook URL is the secret. */
+declare function formatSlack(alert: DriftAlert): SlackMessage;
+interface PagerDutyEvent {
+    routing_key: string;
+    event_action: 'trigger';
+    dedup_key: string;
+    payload: {
+        summary: string;
+        source: string;
+        severity: 'info' | 'warning' | 'critical';
+        timestamp: string;
+        custom_details: Record<string, unknown>;
+    };
+}
+/** Map an alert to a PagerDuty Events API v2 `trigger`. `routingKey` rides in the body (PD's auth model). */
+declare function formatPagerDuty(alert: DriftAlert, routingKey: string): PagerDutyEvent;
+interface JiraIssue {
+    fields: {
+        project: {
+            key: string;
+        };
+        issuetype: {
+            name: string;
+        };
+        summary: string;
+        description: string;
+    };
+}
+interface JiraOptions {
+    project: string;
+    issueType?: string;
+}
+/** Map an alert to a Jira create-issue body. Auth (Basic email:token) is applied by the sink, not here. */
+declare function formatJira(alert: DriftAlert, opts: JiraOptions): JiraIssue;
+
 /**
  * Construct sinks from config. Absent/empty config → `[new StdoutSink()]` (the
- * local default). A webhook sink's token falls back to `CARTOGRAPHY_DRIFT_TOKEN`
- * when not given explicitly (mirroring `CARTOGRAPHY_HTTP_TOKEN`). A webhook entry
- * without a url is skipped defensively (the schema already rejects it).
+ * local default). Secrets (webhook `token`, Jira token, PagerDuty routing key) fall
+ * back to `CARTOGRAPHY_DRIFT_TOKEN` when not given explicitly (mirroring
+ * `CARTOGRAPHY_HTTP_TOKEN`). A provider entry missing a required field is skipped
+ * with a warning rather than aborting the others — graceful degradation.
  */
 declare function buildSinks(drift?: DriftConfig): DriftSink[];
 
@@ -3710,4 +3869,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };