@datasynx/agentic-ai-cartography 2.3.0 → 2.5.0

package/dist/index.d.ts

@@ -390,14 +390,22 @@ interface DriftAlert {
     /** ISO-8601 UTC generation time. */
     generatedAt: string;
 }
-/** One configured drift sink. `url` is required when `type === 'webhook'`. */
+/** One configured drift sink. `url` is required for every type except `stdout`. */
 interface DriftSinkConfig {
-    type: 'stdout' | 'webhook';
-    /** Required when type === 'webhook'. */
+    type: 'stdout' | 'webhook' | 'slack' | 'pagerduty' | 'jira';
+    /** Required for `webhook`/`slack`/`jira`; optional for `pagerduty` (defaults to the Events API). */
     url?: string;
-    /** Optional bearer token; falls back to CARTOGRAPHY_DRIFT_TOKEN. */
+    /** Bearer token (`webhook`) / Jira API token (`jira`); falls back to CARTOGRAPHY_DRIFT_TOKEN. */
     token?: string;
     timeoutMs?: number;
+    /** PagerDuty Events API v2 routing key (rides in the body). Falls back to `token`/CARTOGRAPHY_DRIFT_TOKEN. */
+    routingKey?: string;
+    /** Jira account email (basic-auth user). */
+    email?: string;
+    /** Jira target project key, e.g. "OPS". */
+    project?: string;
+    /** Jira issue type name (default "Task"). */
+    issueType?: string;
 }
 /**
  * Opt-in drift-alerting block on {@link CartographyConfig}. Absent → the runner
@@ -420,10 +428,17 @@ declare const DriftConfigSchema: z.ZodObject<{
         type: z.ZodEnum<{
             stdout: "stdout";
             webhook: "webhook";
+            slack: "slack";
+            pagerduty: "pagerduty";
+            jira: "jira";
         }>;
         url: z.ZodOptional<z.ZodString>;
         token: z.ZodOptional<z.ZodString>;
         timeoutMs: z.ZodOptional<z.ZodNumber>;
+        routingKey: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        project: z.ZodOptional<z.ZodString>;
+        issueType: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>>;
 }, z.core.$strip>;
 /** Machine-readable result formats shared by `discover` (#67) and `schedule`. */
@@ -866,6 +881,99 @@ declare const ComplianceReportSchema: z.ZodObject<{
 }, z.core.$strip>;
 type ComplianceReport = z.infer<typeof ComplianceReportSchema>;
 
+/**
+ * RBAC identity types (4.5). A bearer credential resolves to a {@link Principal}
+ * `{ subject, tenant, role }`; the HTTP surfaces (MCP transport + REST/GraphQL API)
+ * enforce a deny-by-default `can(role, action)` matrix and pin every read to the
+ * principal's tenant. Kept dependency-light and free of any import from `db.ts`/
+ * `server.ts` so it can be reused by both transports without a cycle.
+ */
+
+/** Roles, least → most privileged. `admin ⊇ operator ⊇ viewer` (rank-ordered). */
+declare const ROLES: readonly ["viewer", "operator", "admin"];
+type Role = typeof ROLES[number];
+declare const RoleSchema: z.ZodEnum<{
+    viewer: "viewer";
+    operator: "operator";
+    admin: "admin";
+}>;
+/**
+ * Gated action classes:
+ * - `read`      — any read-only query/resource (viewer+).
+ * - `discovery` — trigger a scan that mutates the catalog, e.g. `run_discovery` (operator+).
+ * - `admin`     — manage credentials / admin-only surfaces (admin only).
+ */
+declare const ACTIONS: readonly ["read", "discovery", "admin"];
+type Action = typeof ACTIONS[number];
+declare const ActionSchema: z.ZodEnum<{
+    read: "read";
+    admin: "admin";
+    discovery: "discovery";
+}>;
+/** The authenticated caller, bound to exactly one tenant. */
+interface Principal {
+    /** Stable identity (token label / username / OIDC `sub`). */
+    subject: string;
+    /** Org-scope this principal may read/act within. */
+    tenant: string;
+    role: Role;
+}
+declare const PrincipalSchema: z.ZodObject<{
+    subject: z.ZodString;
+    tenant: z.ZodString;
+    role: z.ZodEnum<{
+        viewer: "viewer";
+        operator: "operator";
+        admin: "admin";
+    }>;
+}, z.core.$strip>;
+/** A seeded credential (config-supplied). The token is hashed before storage; never persisted raw. */
+declare const CredentialConfigSchema: z.ZodObject<{
+    token: z.ZodString;
+    subject: z.ZodString;
+    tenant: z.ZodOptional<z.ZodString>;
+    role: z.ZodDefault<z.ZodEnum<{
+        viewer: "viewer";
+        operator: "operator";
+        admin: "admin";
+    }>>;
+}, z.core.$strip>;
+type CredentialConfig = z.infer<typeof CredentialConfigSchema>;
+/**
+ * Opt-in auth block on {@link CartographyConfig}. Absent → today's behavior exactly
+ * (loopback no-token → implicit admin; a configured shared token → one implicit admin).
+ * When `credentials` are present (here or in the SQLite store), the server runs in RBAC
+ * mode: only a known token resolves to a principal, everything else is 401.
+ */
+declare const AuthConfigSchema: z.ZodObject<{
+    credentials: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        token: z.ZodString;
+        subject: z.ZodString;
+        tenant: z.ZodOptional<z.ZodString>;
+        role: z.ZodDefault<z.ZodEnum<{
+            viewer: "viewer";
+            operator: "operator";
+            admin: "admin";
+        }>>;
+    }, z.core.$strip>>>;
+    required: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+type AuthConfig = z.infer<typeof AuthConfigSchema>;
+/** A stored credential record (token already hashed). */
+interface CredentialRecord {
+    tokenHash: string;
+    subject: string;
+    tenant: string;
+    role: Role;
+    createdAt: string;
+}
+/** Resolves a stored credential by its token hash. Implemented over SQLite (and, later, OIDC). */
+interface CredentialStore {
+    /** Number of stored credentials — `0` means "no RBAC configured" (fall back to shared/loopback). */
+    count(): number;
+    findByHash(tokenHash: string): CredentialRecord | undefined;
+}
+
 /** Attribution applied by an enrichment pass (3.3). `null` clears the field; `undefined` leaves it unchanged. */
 interface NodeAttribution {
     owner?: string | null;
@@ -1143,7 +1251,28 @@ declare class CartographyDB {
         limit?: number;
         offset?: number;
     }): EdgeRow[];
-    insertEvent(sessionId: string, event: Pick<EventRow, 'eventType' | 'process' | 'pid' | 'target' | 'targetType' | 'port'> & Partial<Pick<EventRow, 'command' | 'resultBytes'>>, taskId?: string): void;
+    insertEvent(sessionId: string, event: Pick<EventRow, 'eventType' | 'process' | 'pid' | 'target' | 'targetType' | 'port'> & Partial<Pick<EventRow, 'command' | 'resultBytes'>>, taskId?: string, 
+    /** Authenticated actor (4.5 RBAC) — stamped into the audit trail when present. */
+    actor?: {
+        subject: string;
+        role: string;
+        tenant: string;
+    }): void;
+    /** Number of stored credentials. `0` ⇒ no RBAC configured (fall back to shared/loopback). */
+    countCredentials(): number;
+    /** Look up a credential by its sha256 token hash. */
+    findCredentialByHash(tokenHash: string): CredentialRecord | undefined;
+    /** Upsert a credential (idempotent on the token hash). Stores only the hash, never the raw token. */
+    addCredential(rec: {
+        tokenHash: string;
+        subject: string;
+        tenant: string;
+        role: string;
+    }): void;
+    /** List all credentials (token hashes only — the raw token is unrecoverable). */
+    listCredentials(): Array<CredentialRecord>;
+    /** Revoke every credential for a subject. Returns the number removed. */
+    revokeCredentialsBySubject(subject: string): number;
     getEvents(sessionId: string, since?: string): EventRow[];
     startTask(sessionId: string, description?: string): string;
     endCurrentTask(sessionId: string): void;
@@ -2005,6 +2134,13 @@ interface CreateMcpServerOptions {
      * behaviour exactly. The org is normalized to a tenant.
      */
     org?: string;
+    /**
+     * The authenticated principal (4.5 RBAC). When set, mutating tools (`run_discovery`)
+     * are gated by role: a `viewer` is refused with a forbidden error. Read tools are
+     * unaffected (any principal is at least `viewer`). Unset → no role gating (the
+     * transport already handled 401, or it's an in-process/stdio caller).
+     */
+    principal?: Principal;
 }
 /**
  * Build a fully-configured Cartography MCP server. Call `.connect(transport)` to run it.
@@ -2045,12 +2181,25 @@ interface HttpOptions {
         status: number;
         body: unknown;
     };
+    /**
+     * RBAC (4.5). When `store` holds credentials, the transport runs in RBAC mode: a
+     * request's bearer token must resolve to a {@link Principal} (else 401), and the
+     * principal is passed to `factory(principal)` so the per-session server is pinned to
+     * the principal's tenant and gates mutating tools by role. Without a populated store
+     * the legacy shared-token / open-loopback behavior is preserved.
+     */
+    auth?: {
+        store?: CredentialStore;
+        required?: boolean;
+    };
+    /** Tenant assigned to implicit (shared/loopback) admin principals. */
+    defaultTenant?: string;
 }
 /**
  * Start a Streamable HTTP server. A fresh MCP server instance is created per
  * session via `factory`, so multiple clients can connect concurrently.
  */
-declare function runHttp(factory: () => McpServer, opts?: HttpOptions): Promise<http.Server>;
+declare function runHttp(factory: (principal?: Principal) => McpServer, opts?: HttpOptions): Promise<http.Server>;
 
 /**
  * Shared HTTP auth + bind-hardening primitives.
@@ -2151,6 +2300,18 @@ interface ApiServerOptions extends BindGuardOptions {
     tenant?: TenantOptions;
     /** Expose `/graphql` (default true). */
     graphql?: boolean;
+    /**
+     * RBAC (4.5). When `store` holds credentials, the API runs in RBAC mode: a request's
+     * bearer token must resolve to a {@link Principal} (else 401), the principal's role must
+     * permit `read` (else 403), and reads are **pinned to the principal's tenant** (any
+     * caller-supplied tenant header/param is ignored). Without a populated store the legacy
+     * behavior is preserved: the configured shared `token` (or open loopback) is one implicit
+     * admin that may still select a tenant via header/param.
+     */
+    auth?: {
+        store?: CredentialStore;
+        required?: boolean;
+    };
     /** Access logger (stderr). */
     log?: (msg: string) => void;
 }
@@ -2212,6 +2373,78 @@ declare function handleGraphqlGet(): {
     body: string;
 };
 
+/**
+ * The RBAC decision core (4.5): a pure, deny-by-default `can(role, action)` matrix
+ * and the `authorize`/`assertSameTenant` guards the transports call. No I/O, no DB —
+ * trivially unit-testable and identical for the MCP transport and the REST/GraphQL API.
+ */
+
+/** True iff `role` is at least the minimum role required for `action`. */
+declare function can(role: Role, action: Action): boolean;
+/** Thrown when an authenticated principal lacks the role for an action → HTTP 403. */
+declare class AuthorizationError extends Error {
+    readonly action: Action;
+    readonly role: Role;
+    constructor(action: Action, role: Role);
+}
+/** Throw {@link AuthorizationError} unless `principal` may perform `action`. */
+declare function authorize(principal: Principal, action: Action): void;
+/** Thrown when a principal references a tenant other than its own → HTTP 403. */
+declare class TenantMismatchError extends Error {
+    constructor();
+}
+/**
+ * The tenant a principal's reads are pinned to. Callers MUST use this rather than any
+ * caller-supplied tenant header/param, so a principal can never read another tenant by
+ * spoofing the request — isolation is structural, not advisory.
+ */
+declare function scopeReads(principal: Principal): string;
+/** Throw {@link TenantMismatchError} if `requestedTenant` differs from the principal's tenant. */
+declare function assertSameTenant(principal: Principal, requestedTenant: string): void;
+
+/**
+ * Identity resolution (4.5): turn a presented bearer token into a {@link Principal},
+ * or `undefined` (→ 401). Three modes, in precedence order:
+ *  1. **RBAC** — a populated SQLite {@link CredentialStore} is the source of truth; the
+ *     token is sha256-hashed and looked up (tokens are never stored or compared raw).
+ *  2. **Shared token** — a single configured token resolves to one implicit `admin`
+ *     (today's behavior; constant-time compare).
+ *  3. **Open/loopback dev** — no token configured → implicit `admin`, unless `required`.
+ *
+ * The hash-and-store design means a DB leak never exposes a usable credential, and the
+ * OIDC seam is just another {@link CredentialStore}/resolver behind this one function.
+ */
+
+/** Stable sha256 hex of a token — the only form ever persisted or compared in the store. */
+declare function hashToken(token: string): string;
+/** Minimal DB surface the SQLite credential store needs (CartographyDB satisfies it structurally). */
+interface CredentialDb {
+    countCredentials(): number;
+    findCredentialByHash(tokenHash: string): CredentialRecord | undefined;
+}
+/** {@link CredentialStore} backed by `CartographyDB`'s `auth_credentials` table. */
+declare class SqliteCredentialStore implements CredentialStore {
+    private readonly db;
+    constructor(db: CredentialDb);
+    count(): number;
+    findByHash(tokenHash: string): CredentialRecord | undefined;
+}
+interface ResolveOptions {
+    /** Populated → RBAC mode (source of truth). */
+    store?: CredentialStore;
+    /** Single shared token (one implicit admin) when no store credentials exist. */
+    sharedToken?: string;
+    /** Tenant assigned to implicit (shared/loopback) admin principals. */
+    defaultTenant?: string;
+    /** Reject unauthenticated requests even when neither store nor shared token is set. */
+    required?: boolean;
+}
+/**
+ * Resolve an already-parsed bearer token to a {@link Principal}, or `undefined` (→ 401).
+ * `presentedToken` is the value from `bearerToken(authorizationHeader)` (may be undefined).
+ */
+declare function resolvePrincipal(presentedToken: string | undefined, opts: ResolveOptions): Principal | undefined;
+
 /**
  * Shared entry logic for the read-only API server (4.2), used by both the dedicated
  * `cartography-api` binary and the `api` CLI sub-command. Mirrors `src/mcp/start.ts`:
@@ -2232,6 +2465,8 @@ interface StartApiOptions {
     graphql?: boolean;
     /** Default tenant served when a request names none. */
     tenant?: string;
+    /** Reject unauthenticated requests even on loopback (RBAC `required` mode). */
+    authRequired?: boolean;
     log?: (msg: string) => void;
 }
 interface ParsedApiArgs extends StartApiOptions {
@@ -2840,7 +3075,12 @@ declare const SCAN_ARG_PATTERNS: {
 type ScanArgKind = keyof typeof SCAN_ARG_PATTERNS;
 /** Throw if `value` fails the strict pattern for `kind`; otherwise return it. */
 declare function assertSafeScanArg(kind: ScanArgKind, value: string): string;
-/** Redact `user:password@` credentials embedded in any URL/DSN-like string. */
+/**
+ * Redact `user:password@` credentials embedded in any URL/DSN-like string. The
+ * quantifiers are length-bounded (schemes <64, userinfo/password <256 chars — far
+ * beyond any real DSN) so the pattern is linear and cannot polynomially backtrack
+ * (ReDoS) on adversarial input like `aaaa…` with no `://`.
+ */
 declare function redactSecrets(value: string): string;
 /** Recursively redact secrets from arbitrary metadata before persistence. */
 declare function redactValue(value: unknown): unknown;
@@ -3269,6 +3509,42 @@ interface WebhookSinkOptions {
     token?: string;
     timeoutMs?: number;
 }
+/** Injectable fetch (defaults to the global) — lets tests deliver without a socket. */
+type FetchLike = (url: string, init: RequestInit) => Promise<{
+    ok: boolean;
+    status: number;
+}>;
+interface PostJsonOptions {
+    url: string;
+    body: unknown;
+    /** Extra request headers (e.g. provider auth). `content-type: application/json` is always set. */
+    headers?: Record<string, string>;
+    timeoutMs?: number;
+    /** Sink name for structured logs (never logs the url/token/body). */
+    sinkName: string;
+    /** Injected fetch for tests; defaults to the global. */
+    fetchImpl?: FetchLike;
+}
+/**
+ * Shared outbound JSON POST carrying the load-bearing sink hardening, reused by
+ * {@link WebhookSink} and the Slack/PagerDuty/Jira provider sinks so there is exactly
+ * one egress code path:
+ *  - refuses a non-`https:` / non-loopback target ({@link isSecureWebhookUrl}, SSRF/plaintext guard);
+ *  - `AbortSignal.timeout` bounded;
+ *  - **never throws** for a transient failure (logs and resolves so the runner continues);
+ *  - logs only `stripSensitive(url)` (host:port) — never the full url, headers, token, or body.
+ * The body must already be redaction-safe (callers pass `redactValue(...)` output or a
+ * provider payload derived from it).
+ */
+declare function postJson(opts: PostJsonOptions): Promise<void>;
+/**
+ * True if `url` is safe to POST to: `https:`, or `http:` only to a loopback host,
+ * or any scheme when the documented `CARTOGRAPHY_ALLOW_INSECURE_SYNC=1` escape
+ * hatch (test-only) is set. An unparseable URL is treated as insecure. Mirrors the
+ * 2.11 `pushDeltas` guard so the drift feature never silently exfiltrates over the
+ * wire in plaintext.
+ */
+declare function isSecureWebhookUrl(url: string, env?: NodeJS.ProcessEnv): boolean;
 /**
  * Outbound sink: POSTs the alert as JSON to an operator-configured endpoint. The
  * first and only outbound network surface of the drift feature — off by default
@@ -3290,11 +3566,114 @@ declare class WebhookSink implements DriftSink {
     emit(alert: DriftAlert): Promise<void>;
 }
 
+/**
+ * Provider drift sinks (4.4): Slack / PagerDuty / Jira. Each is a thin {@link DriftSink}
+ * that (1) redacts the alert (`redactValue`), (2) maps it to the provider payload via the
+ * pure adapters in `providers.ts`, and (3) delivers it through the shared {@link postJson}
+ * helper — inheriting the *exact* `WebhookSink` hardening (https-or-loopback SSRF guard,
+ * bounded timeout, never-throw, `stripSensitive` log-only). They differ only in where the
+ * provider places its secret: Slack in the URL, PagerDuty as a `routing_key` in the body,
+ * Jira as an `Authorization: Basic` header.
+ */
+
+/** Default PagerDuty Events API v2 ingest endpoint. */
+declare const PAGERDUTY_ENQUEUE_URL = "https://events.pagerduty.com/v2/enqueue";
+interface BaseSinkOptions {
+    url: string;
+    timeoutMs?: number;
+    /** Injected fetch for tests; defaults to the global. */
+    fetchImpl?: FetchLike;
+}
+/** Slack incoming webhook. The configured `url` is the secret; no auth header is sent. */
+declare class SlackSink implements DriftSink {
+    private readonly opts;
+    readonly name = "slack";
+    constructor(opts: BaseSinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+interface PagerDutySinkOptions extends BaseSinkOptions {
+    /** Events API v2 routing key (rides in the body, PagerDuty's auth model). */
+    routingKey: string;
+}
+/** PagerDuty Events API v2 `trigger`. `url` defaults to {@link PAGERDUTY_ENQUEUE_URL}. */
+declare class PagerDutySink implements DriftSink {
+    private readonly opts;
+    readonly name = "pagerduty";
+    constructor(opts: PagerDutySinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+interface JiraSinkOptions extends BaseSinkOptions {
+    /** Jira account email (basic-auth user). */
+    email: string;
+    /** Jira API token (basic-auth pass). */
+    token: string;
+    /** Target project key (e.g. "OPS"). */
+    project: string;
+    /** Issue type name (default "Task"). */
+    issueType?: string;
+}
+/** Jira REST API v2 create-issue, authenticated with `Authorization: Basic base64(email:token)`. */
+declare class JiraSink implements DriftSink {
+    private readonly opts;
+    readonly name = "jira";
+    constructor(opts: JiraSinkOptions);
+    emit(alert: DriftAlert): Promise<void>;
+}
+
+/**
+ * Pure provider payload mappers (4.4): a classified {@link DriftAlert} → the JSON
+ * shape Slack / PagerDuty / Jira each expect. Deterministic, no I/O, no secrets —
+ * they operate on the **already-`redactValue`'d** alert the sinks pass in, and read
+ * only structured fields (severity/counts/item refs), never raw node metadata. The
+ * delivery + auth + SSRF hardening lives in `provider-sink.ts`/`webhook.ts`; these
+ * are just shape transforms, so they are trivially snapshot-testable.
+ */
+
+interface SlackMessage {
+    text: string;
+    blocks: unknown[];
+}
+/** Map an alert to a Slack incoming-webhook message (Block Kit). The webhook URL is the secret. */
+declare function formatSlack(alert: DriftAlert): SlackMessage;
+interface PagerDutyEvent {
+    routing_key: string;
+    event_action: 'trigger';
+    dedup_key: string;
+    payload: {
+        summary: string;
+        source: string;
+        severity: 'info' | 'warning' | 'critical';
+        timestamp: string;
+        custom_details: Record<string, unknown>;
+    };
+}
+/** Map an alert to a PagerDuty Events API v2 `trigger`. `routingKey` rides in the body (PD's auth model). */
+declare function formatPagerDuty(alert: DriftAlert, routingKey: string): PagerDutyEvent;
+interface JiraIssue {
+    fields: {
+        project: {
+            key: string;
+        };
+        issuetype: {
+            name: string;
+        };
+        summary: string;
+        description: string;
+    };
+}
+interface JiraOptions {
+    project: string;
+    issueType?: string;
+}
+/** Map an alert to a Jira create-issue body. Auth (Basic email:token) is applied by the sink, not here. */
+declare function formatJira(alert: DriftAlert, opts: JiraOptions): JiraIssue;
+
 /**
  * Construct sinks from config. Absent/empty config → `[new StdoutSink()]` (the
- * local default). A webhook sink's token falls back to `CARTOGRAPHY_DRIFT_TOKEN`
- * when not given explicitly (mirroring `CARTOGRAPHY_HTTP_TOKEN`). A webhook entry
- * without a url is skipped defensively (the schema already rejects it).
+ * local default). Secrets (webhook `token`, Jira token, PagerDuty routing key) fall
+ * back to `CARTOGRAPHY_DRIFT_TOKEN` when not given explicitly (mirroring
+ * `CARTOGRAPHY_HTTP_TOKEN`). A provider entry missing a required field is skipped
+ * with a warning rather than aborting the others — graceful degradation.
  */
 declare function buildSinks(drift?: DriftConfig): DriftSink[];
 
@@ -3710,4 +4089,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, ROLES, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };