@datasynx/agentic-ai-cartography 2.3.0 → 2.5.0

package/dist/index.js

@@ -156,15 +156,26 @@ var SECURITY_METADATA_KEYS = [
 var DriftConfigSchema = z.object({
   minSeverity: z.enum(SEVERITIES).default("info"),
   sinks: z.array(z.object({
-    type: z.enum(["stdout", "webhook"]),
+    type: z.enum(["stdout", "webhook", "slack", "pagerduty", "jira"]),
     url: z.string().url().optional(),
     token: z.string().optional(),
-    timeoutMs: z.number().int().positive().optional()
+    timeoutMs: z.number().int().positive().optional(),
+    routingKey: z.string().optional(),
+    email: z.string().optional(),
+    project: z.string().optional(),
+    issueType: z.string().optional()
   })).default([{ type: "stdout" }])
 }).superRefine((cfg, ctx) => {
   for (const [i, s] of cfg.sinks.entries()) {
-    if (s.type === "webhook" && !s.url) {
-      ctx.addIssue({ code: "custom", path: ["sinks", i, "url"], message: "webhook sink requires a url" });
+    const requireUrl = (msg) => {
+      if (!s.url) ctx.addIssue({ code: "custom", path: ["sinks", i, "url"], message: msg });
+    };
+    if (s.type === "webhook") requireUrl("webhook sink requires a url");
+    if (s.type === "slack") requireUrl("slack sink requires a webhook url");
+    if (s.type === "jira") {
+      requireUrl("jira sink requires a base url");
+      if (!s.email) ctx.addIssue({ code: "custom", path: ["sinks", i, "email"], message: "jira sink requires an email" });
+      if (!s.project) ctx.addIssue({ code: "custom", path: ["sinks", i, "project"], message: "jira sink requires a project key" });
     }
   }
 });
@@ -1778,8 +1789,17 @@ function stripSensitive(target) {
     const stripped = `${url.hostname}${url.port ? ":" + url.port : ""}`;
     return stripped || raw;
   } catch {
-    const stripped = raw.replace(/\/.*$/, "").replace(/\?.*$/, "").replace(/@.*:/, ":");
-    return stripped || raw;
+    let s = raw;
+    const slash = s.indexOf("/");
+    if (slash >= 0) s = s.slice(0, slash);
+    const q = s.indexOf("?");
+    if (q >= 0) s = s.slice(0, q);
+    const at = s.indexOf("@");
+    if (at >= 0) {
+      const colon = s.lastIndexOf(":");
+      if (colon > at) s = s.slice(0, at) + ":" + s.slice(colon + 1);
+    }
+    return s || raw;
   }
 }
 var SCAN_ARG_PATTERNS = {
@@ -1797,7 +1817,7 @@ function assertSafeScanArg(kind, value) {
   return value;
 }
 function redactSecrets(value) {
-  return value.replace(/([a-z][a-z0-9+.-]*:\/\/[^:@/\s]+):[^@/\s]+@/gi, "$1:***@");
+  return value.replace(/([a-z][a-z0-9+.-]{0,63}:\/\/[^:@/\s]{1,256}):[^@/\s]{1,256}@/gi, "$1:***@");
 }
 function redactValue(value) {
   if (typeof value === "string") return redactSecrets(value);
@@ -2795,7 +2815,10 @@ CREATE TABLE IF NOT EXISTS activity_events (
   duration_ms INTEGER,
   command TEXT,
   result_bytes INTEGER,
-  tenant TEXT NOT NULL DEFAULT 'local'
+  tenant TEXT NOT NULL DEFAULT 'local',
+  actor_subject TEXT,
+  actor_role TEXT,
+  actor_tenant TEXT
 );
 
 CREATE TABLE IF NOT EXISTS tasks (
@@ -2904,6 +2927,16 @@ CREATE INDEX IF NOT EXISTS idx_nodes_tenant_content ON nodes(tenant, content_has
 CREATE INDEX IF NOT EXISTS idx_contrib_org ON node_contributors(organization, global_id);
 CREATE INDEX IF NOT EXISTS idx_nodes_owner ON nodes(session_id, owner);
 `;
+var AUTH_SCHEMA = `
+CREATE TABLE IF NOT EXISTS auth_credentials (
+  token_hash TEXT PRIMARY KEY,
+  subject TEXT NOT NULL,
+  tenant TEXT NOT NULL DEFAULT 'local',
+  role TEXT NOT NULL,
+  created_at TEXT NOT NULL
+);
+CREATE INDEX IF NOT EXISTS idx_auth_subject ON auth_credentials(subject);
+`;
 var CartographyDB = class {
   db;
   /** 3.6 anomaly settings; defaults apply when no `anomaly` config is supplied. */
@@ -2923,7 +2956,8 @@ var CartographyDB = class {
     const version = this.db.pragma("user_version", { simple: true });
     if (version === 0) {
       this.db.exec(SCHEMA);
-      this.db.pragma("user_version = 14");
+      this.db.exec(AUTH_SCHEMA);
+      this.db.pragma("user_version = 15");
       return;
     } else if (version === 1) {
       const cols = this.db.prepare("PRAGMA table_info(nodes)").all().map((c) => c.name);
@@ -3109,6 +3143,18 @@ var CartographyDB = class {
       }
       this.db.pragma("user_version = 14");
     }
+    const v14 = this.db.pragma("user_version", { simple: true });
+    if (v14 < 15) {
+      this.db.exec(AUTH_SCHEMA);
+      const ev = this.db.prepare("PRAGMA table_info(activity_events)").all();
+      if (ev.length > 0) {
+        const cols = ev.map((c) => c.name);
+        if (!cols.includes("actor_subject")) this.db.exec("ALTER TABLE activity_events ADD COLUMN actor_subject TEXT");
+        if (!cols.includes("actor_role")) this.db.exec("ALTER TABLE activity_events ADD COLUMN actor_role TEXT");
+        if (!cols.includes("actor_tenant")) this.db.exec("ALTER TABLE activity_events ADD COLUMN actor_tenant TEXT");
+      }
+      this.db.pragma("user_version = 15");
+    }
   }
   close() {
     this.db.pragma("optimize");
@@ -3539,13 +3585,13 @@ var CartographyDB = class {
     });
   }
   // ── Events ──────────────────────────────
-  insertEvent(sessionId, event, taskId) {
+  insertEvent(sessionId, event, taskId, actor) {
     const id = crypto.randomUUID();
     const tenant = this.tenantOf(sessionId);
     this.db.prepare(`
       INSERT INTO activity_events
-        (id, session_id, task_id, timestamp, event_type, process, pid, target, target_type, port, command, result_bytes, tenant)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        (id, session_id, task_id, timestamp, event_type, process, pid, target, target_type, port, command, result_bytes, tenant, actor_subject, actor_role, actor_tenant)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
     `).run(
       id,
       sessionId,
@@ -3559,9 +3605,52 @@ var CartographyDB = class {
       event.port ?? null,
       event.command ?? null,
       event.resultBytes ?? null,
-      tenant
+      tenant,
+      actor?.subject ?? null,
+      actor?.role ?? null,
+      actor?.tenant ?? null
     );
   }
+  // ── RBAC credential store (4.5) ─────────────
+  /** Number of stored credentials. `0` ⇒ no RBAC configured (fall back to shared/loopback). */
+  countCredentials() {
+    return this.db.prepare("SELECT COUNT(*) AS n FROM auth_credentials").get().n;
+  }
+  /** Look up a credential by its sha256 token hash. */
+  findCredentialByHash(tokenHash) {
+    const r = this.db.prepare("SELECT * FROM auth_credentials WHERE token_hash = ?").get(tokenHash);
+    if (!r) return void 0;
+    return {
+      tokenHash: r["token_hash"],
+      subject: r["subject"],
+      tenant: r["tenant"],
+      role: r["role"],
+      createdAt: r["created_at"]
+    };
+  }
+  /** Upsert a credential (idempotent on the token hash). Stores only the hash, never the raw token. */
+  addCredential(rec) {
+    this.db.prepare(`
+      INSERT INTO auth_credentials (token_hash, subject, tenant, role, created_at)
+      VALUES (?, ?, ?, ?, ?)
+      ON CONFLICT(token_hash) DO UPDATE SET subject = excluded.subject, tenant = excluded.tenant, role = excluded.role
+    `).run(rec.tokenHash, rec.subject, rec.tenant, rec.role, (/* @__PURE__ */ new Date()).toISOString());
+  }
+  /** List all credentials (token hashes only — the raw token is unrecoverable). */
+  listCredentials() {
+    const rows = this.db.prepare("SELECT * FROM auth_credentials ORDER BY created_at").all();
+    return rows.map((r) => ({
+      tokenHash: r["token_hash"],
+      subject: r["subject"],
+      tenant: r["tenant"],
+      role: r["role"],
+      createdAt: r["created_at"]
+    }));
+  }
+  /** Revoke every credential for a subject. Returns the number removed. */
+  revokeCredentialsBySubject(subject) {
+    return this.db.prepare("DELETE FROM auth_credentials WHERE subject = ?").run(subject).changes;
+  }
   getEvents(sessionId, since) {
     const rows = since ? this.db.prepare("SELECT * FROM activity_events WHERE session_id = ? AND timestamp > ? ORDER BY timestamp").all(sessionId, since) : this.db.prepare("SELECT * FROM activity_events WHERE session_id = ? ORDER BY timestamp").all(sessionId);
     return rows.map((r) => {
@@ -4895,6 +4984,41 @@ var StdoutSink = class {
 
 // src/sinks/webhook.ts
 var LOOPBACK_HOSTS = /* @__PURE__ */ new Set(["localhost", "127.0.0.1", "[::1]", "::1"]);
+async function postJson(opts) {
+  const doFetch = opts.fetchImpl ?? (typeof fetch === "function" ? fetch : void 0);
+  if (!doFetch) {
+    logWarn("sink unavailable: global fetch missing", { sink: opts.sinkName });
+    return;
+  }
+  if (!opts.url) {
+    logWarn("sink unavailable: no url configured", { sink: opts.sinkName });
+    return;
+  }
+  if (!isSecureWebhookUrl(opts.url)) {
+    logWarn("sink refused: insecure scheme (use https:// or a loopback host)", {
+      sink: opts.sinkName,
+      host: stripSensitive(opts.url)
+    });
+    return;
+  }
+  try {
+    const res = await doFetch(opts.url, {
+      method: "POST",
+      headers: { "content-type": "application/json", ...opts.headers ?? {} },
+      body: JSON.stringify(opts.body),
+      signal: AbortSignal.timeout(opts.timeoutMs ?? 1e4)
+    });
+    if (!res.ok) {
+      logError("sink delivery failed", { sink: opts.sinkName, host: stripSensitive(opts.url), status: res.status });
+    }
+  } catch (err) {
+    logError("sink delivery failed", {
+      sink: opts.sinkName,
+      host: stripSensitive(opts.url),
+      reason: err instanceof Error ? err.message : String(err)
+    });
+  }
+}
 function isSecureWebhookUrl(url, env = process.env) {
   if (env.CARTOGRAPHY_ALLOW_INSECURE_SYNC === "1") return true;
   let parsed;
@@ -4913,59 +5037,177 @@ var WebhookSink = class {
   }
   name = "webhook";
   async emit(alert) {
-    if (typeof fetch !== "function") {
-      logWarn("webhook sink unavailable: global fetch missing", { sink: this.name });
-      return;
-    }
     const { url, token, timeoutMs } = this.opts;
-    if (!url) {
-      logWarn("webhook sink unavailable: no url configured", { sink: this.name });
-      return;
-    }
-    if (!isSecureWebhookUrl(url)) {
-      logWarn("webhook sink refused: insecure scheme (use https:// or a loopback host)", {
-        sink: this.name,
-        host: stripSensitive(url)
-      });
-      return;
-    }
-    try {
-      const res = await fetch(url, {
-        method: "POST",
-        headers: {
-          "content-type": "application/json",
-          ...token ? { authorization: `Bearer ${token}` } : {}
-        },
-        body: JSON.stringify(redactValue(alert)),
-        signal: AbortSignal.timeout(timeoutMs ?? 1e4)
-      });
-      if (!res.ok) {
-        logError("webhook sink failed", { sink: this.name, host: stripSensitive(url), status: res.status });
+    await postJson({
+      url,
+      body: redactValue(alert),
+      ...token ? { headers: { authorization: `Bearer ${token}` } } : {},
+      ...timeoutMs !== void 0 ? { timeoutMs } : {},
+      sinkName: this.name
+    });
+  }
+};
+
+// src/sinks/providers.ts
+var MAX_ITEMS2 = 20;
+var SEVERITY_EMOJI = { info: "\u{1F7E2}", warning: "\u{1F7E1}", critical: "\u{1F534}" };
+function headline(alert) {
+  const s = alert.summary;
+  return `${s.nodesAdded}+ / ${s.nodesRemoved}- / ${s.nodesChanged}~ nodes, ${s.edgesAdded}+ / ${s.edgesRemoved}- edges`;
+}
+function itemLine(it) {
+  const sec = it.securityFields?.length ? ` [security: ${it.securityFields.join(", ")}]` : "";
+  const fields = it.changedFields?.length ? ` (${it.changedFields.join(", ")})` : "";
+  return `${it.severity.toUpperCase()} \xB7 ${it.kind} \xB7 ${it.label}${fields}${sec}`;
+}
+function bodyText(alert) {
+  const lines = alert.items.slice(0, MAX_ITEMS2).map(itemLine);
+  const more = alert.items.length > MAX_ITEMS2 ? [`\u2026and ${alert.items.length - MAX_ITEMS2} more`] : [];
+  return [headline(alert), "", ...lines, ...more].join("\n");
+}
+function formatSlack(alert) {
+  const title = `${SEVERITY_EMOJI[alert.severity]} Topology drift \u2014 ${alert.severity}`;
+  return {
+    text: `${title}: ${headline(alert)}`,
+    blocks: [
+      { type: "header", text: { type: "plain_text", text: title, emoji: true } },
+      { type: "section", text: { type: "mrkdwn", text: "```" + bodyText(alert) + "```" } },
+      { type: "context", elements: [{ type: "mrkdwn", text: `base ${alert.base.sessionId} \u2192 current ${alert.current.sessionId} \xB7 ${alert.generatedAt}` }] }
+    ]
+  };
+}
+var PD_SEVERITY = {
+  info: "info",
+  warning: "warning",
+  critical: "critical"
+};
+function formatPagerDuty(alert, routingKey) {
+  return {
+    routing_key: routingKey,
+    event_action: "trigger",
+    // Stable per base→current pair so repeated alerts for the same delta de-duplicate.
+    dedup_key: `cartograph-drift:${alert.base.sessionId}:${alert.current.sessionId}`,
+    payload: {
+      summary: `Cartograph topology drift (${alert.severity}): ${headline(alert)}`,
+      source: "cartograph",
+      severity: PD_SEVERITY[alert.severity],
+      timestamp: alert.generatedAt,
+      custom_details: {
+        summary: alert.summary,
+        items: alert.items.slice(0, MAX_ITEMS2).map((it) => ({
+          kind: it.kind,
+          ref: it.ref,
+          severity: it.severity,
+          ...it.changedFields ? { changedFields: it.changedFields } : {},
+          ...it.securityFields ? { securityFields: it.securityFields } : {}
+        }))
       }
-    } catch (err) {
-      logError("webhook sink failed", {
-        sink: this.name,
-        host: stripSensitive(url),
-        reason: err instanceof Error ? err.message : String(err)
-      });
     }
+  };
+}
+function formatJira(alert, opts) {
+  return {
+    fields: {
+      project: { key: opts.project },
+      issuetype: { name: opts.issueType ?? "Task" },
+      summary: `Cartograph topology drift (${alert.severity}): ${headline(alert)}`,
+      description: bodyText(alert) + `
+
+base ${alert.base.sessionId} \u2192 current ${alert.current.sessionId}
+generated ${alert.generatedAt}`
+    }
+  };
+}
+
+// src/sinks/provider-sink.ts
+var PAGERDUTY_ENQUEUE_URL = "https://events.pagerduty.com/v2/enqueue";
+function deliver(name, url, body, opts, headers) {
+  return postJson({
+    url,
+    body,
+    sinkName: name,
+    ...headers ? { headers } : {},
+    ...opts.timeoutMs !== void 0 ? { timeoutMs: opts.timeoutMs } : {},
+    ...opts.fetchImpl ? { fetchImpl: opts.fetchImpl } : {}
+  });
+}
+var SlackSink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "slack";
+  async emit(alert) {
+    await deliver(this.name, this.opts.url, formatSlack(redactValue(alert)), this.opts);
+  }
+};
+var PagerDutySink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "pagerduty";
+  async emit(alert) {
+    const body = formatPagerDuty(redactValue(alert), this.opts.routingKey);
+    await deliver(this.name, this.opts.url || PAGERDUTY_ENQUEUE_URL, body, this.opts);
+  }
+};
+var JiraSink = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  name = "jira";
+  async emit(alert) {
+    const body = formatJira(redactValue(alert), {
+      project: this.opts.project,
+      ...this.opts.issueType ? { issueType: this.opts.issueType } : {}
+    });
+    const auth = Buffer.from(`${this.opts.email}:${this.opts.token}`).toString("base64");
+    const base = this.opts.url.replace(/\/+$/, "");
+    await deliver(this.name, `${base}/rest/api/2/issue`, body, this.opts, { authorization: `Basic ${auth}` });
   }
 };
 
 // src/sinks/index.ts
 function buildSinks(drift) {
   const configs = drift?.sinks && drift.sinks.length > 0 ? drift.sinks : [{ type: "stdout" }];
+  const envSecret = process.env.CARTOGRAPHY_DRIFT_TOKEN;
   const sinks = [];
   for (const s of configs) {
-    if (s.type === "webhook") {
-      if (!s.url) continue;
-      sinks.push(new WebhookSink({
-        url: s.url,
-        token: s.token ?? process.env.CARTOGRAPHY_DRIFT_TOKEN,
-        timeoutMs: s.timeoutMs
-      }));
-    } else {
-      sinks.push(new StdoutSink());
+    const timeoutMs = s.timeoutMs;
+    switch (s.type) {
+      case "webhook":
+        if (!s.url) {
+          logWarn("drift sink skipped: webhook requires a url", { sink: s.type });
+          break;
+        }
+        sinks.push(new WebhookSink({ url: s.url, token: s.token ?? envSecret, timeoutMs }));
+        break;
+      case "slack":
+        if (!s.url) {
+          logWarn("drift sink skipped: slack requires a webhook url", { sink: s.type });
+          break;
+        }
+        sinks.push(new SlackSink({ url: s.url, timeoutMs }));
+        break;
+      case "pagerduty": {
+        const routingKey = s.routingKey ?? s.token ?? envSecret;
+        if (!routingKey) {
+          logWarn("drift sink skipped: pagerduty requires a routingKey (or CARTOGRAPHY_DRIFT_TOKEN)", { sink: s.type });
+          break;
+        }
+        sinks.push(new PagerDutySink({ url: s.url ?? PAGERDUTY_ENQUEUE_URL, routingKey, timeoutMs }));
+        break;
+      }
+      case "jira": {
+        const token = s.token ?? envSecret;
+        if (!s.url || !s.email || !s.project || !token) {
+          logWarn("drift sink skipped: jira requires url, email, project and a token", { sink: s.type });
+          break;
+        }
+        sinks.push(new JiraSink({ url: s.url, email: s.email, token, project: s.project, issueType: s.issueType, timeoutMs }));
+        break;
+      }
+      default:
+        sinks.push(new StdoutSink());
     }
   }
   return sinks.length > 0 ? sinks : [new StdoutSink()];
@@ -5087,6 +5329,36 @@ async function runDrift(db, config, opts = {}) {
   return alert;
 }
 
+// src/auth/rbac.ts
+var ROLE_RANK = { viewer: 1, operator: 2, admin: 3 };
+var ACTION_MIN_ROLE = { read: "viewer", discovery: "operator", admin: "admin" };
+function can(role, action) {
+  return ROLE_RANK[role] >= ROLE_RANK[ACTION_MIN_ROLE[action]];
+}
+var AuthorizationError = class extends Error {
+  constructor(action, role) {
+    super(`forbidden: role '${role}' may not perform '${action}'`);
+    this.action = action;
+    this.role = role;
+    this.name = "AuthorizationError";
+  }
+};
+function authorize(principal, action) {
+  if (!can(principal.role, action)) throw new AuthorizationError(action, principal.role);
+}
+var TenantMismatchError = class extends Error {
+  constructor() {
+    super("forbidden: principal is not scoped to the requested tenant");
+    this.name = "TenantMismatchError";
+  }
+};
+function scopeReads(principal) {
+  return principal.tenant;
+}
+function assertSameTenant(principal, requestedTenant) {
+  if (requestedTenant !== principal.tenant) throw new TenantMismatchError();
+}
+
 // src/compliance/rulesets/baseline.ts
 var baseline = RulesetSchema.parse({
   name: "baseline",
@@ -5374,7 +5646,7 @@ async function resolveNlQuery(db, sessionId, search, raw, opts) {
 
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.3.0";
+var SERVER_VERSION = "2.5.0";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -5776,6 +6048,14 @@ function createMcpServer(opts = {}) {
         annotations: { readOnlyHint: false, destructiveHint: false, openWorldHint: true }
       },
       async (args) => {
+        if (opts.principal) {
+          try {
+            authorize(opts.principal, "discovery");
+          } catch (err) {
+            if (err instanceof AuthorizationError) return json({ error: `forbidden: role '${opts.principal.role}' may not run discovery (operator required)` });
+            throw err;
+          }
+        }
         let sid = resolveSession();
         if (args.update) {
           if (!sid) return json({ error: "No session to update; run discovery first." });
@@ -5918,7 +6198,41 @@ function defaultAllowedHosts(host2, port) {
   return [`${host2}:${port}`, `localhost:${port}`, `127.0.0.1:${port}`];
 }
 
+// src/auth/identity.ts
+import { createHash as createHash2 } from "crypto";
+function hashToken(token) {
+  return createHash2("sha256").update(token, "utf8").digest("hex");
+}
+var SqliteCredentialStore = class {
+  constructor(db) {
+    this.db = db;
+  }
+  count() {
+    return this.db.countCredentials();
+  }
+  findByHash(tokenHash) {
+    return this.db.findCredentialByHash(tokenHash);
+  }
+};
+function resolvePrincipal(presentedToken, opts) {
+  const tenant = opts.defaultTenant ?? DEFAULT_TENANT;
+  if (opts.store && opts.store.count() > 0) {
+    if (!presentedToken) return void 0;
+    const rec = opts.store.findByHash(hashToken(presentedToken));
+    return rec ? { subject: rec.subject, tenant: rec.tenant, role: rec.role } : void 0;
+  }
+  if (opts.sharedToken) {
+    if (!presentedToken || !timingSafeEqual(presentedToken, opts.sharedToken)) return void 0;
+    return { subject: "shared-token", tenant, role: "admin" };
+  }
+  if (opts.required) return void 0;
+  return { subject: "anonymous", tenant, role: "admin" };
+}
+
 // src/mcp/transports.ts
+function samePrincipal(a, b) {
+  return a.subject === b.subject && a.tenant === b.tenant && a.role === b.role;
+}
 async function runStdio(server) {
   const transport = new StdioServerTransport();
   await server.connect(transport);
@@ -5963,6 +6277,14 @@ async function runHttp(factory, opts = {}) {
   assertSafeBind({ host: host2, port, ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {}, ...opts.token ? { token: opts.token } : {} });
   const allowedHosts = opts.allowedHosts ?? defaultAllowedHosts(host2, port);
   const token = opts.token;
+  const authStore = opts.auth?.store;
+  const defaultTenant = opts.defaultTenant;
+  const resolveAuth = (header) => resolvePrincipal(bearerToken(header), {
+    ...authStore ? { store: authStore } : {},
+    ...token ? { sharedToken: token } : {},
+    ...defaultTenant ? { defaultTenant } : {},
+    ...opts.auth?.required ? { required: true } : {}
+  });
   const transports = /* @__PURE__ */ new Map();
   const httpServer = http.createServer(async (req, res) => {
     try {
@@ -5972,7 +6294,8 @@ async function runHttp(factory, opts = {}) {
         res.writeHead(404, { "content-type": "application/json" }).end('{"error":"not found"}');
         return;
       }
-      if (!checkBearer(req.headers["authorization"], token)) {
+      const principal = resolveAuth(req.headers["authorization"]);
+      if (!principal) {
         res.writeHead(401, { "content-type": "application/json", "www-authenticate": "Bearer" }).end('{"error":"unauthorized"}');
         return;
       }
@@ -5999,8 +6322,12 @@ async function runHttp(factory, opts = {}) {
       const sessionId = req.headers["mcp-session-id"];
       const existing = sessionId ? transports.get(sessionId) : void 0;
       if (existing) {
+        if (!samePrincipal(existing.principal, principal)) {
+          res.writeHead(403, { "content-type": "application/json" }).end('{"error":"session belongs to a different principal"}');
+          return;
+        }
         const body2 = req.method === "POST" ? await readJsonBody(req) : void 0;
-        await existing.handleRequest(req, res, body2);
+        await existing.transport.handleRequest(req, res, body2);
         return;
       }
       if (req.method !== "POST") {
@@ -6014,13 +6341,13 @@ async function runHttp(factory, opts = {}) {
         allowedHosts,
         ...opts.allowedOrigins ? { allowedOrigins: opts.allowedOrigins } : {},
         onsessioninitialized: (id) => {
-          transports.set(id, transport);
+          transports.set(id, { transport, principal });
         }
       });
       transport.onclose = () => {
         if (transport.sessionId) transports.delete(transport.sessionId);
       };
-      await factory().connect(transport);
+      await factory(principal).connect(transport);
       await transport.handleRequest(req, res, body);
     } catch (err) {
       process.stderr.write(`[cartography-mcp] HTTP request failed: ${err instanceof Error ? err.message : String(err)}
@@ -7647,6 +7974,8 @@ async function runApi(opts) {
   const token = opts.token;
   const graphqlEnabled = opts.graphql !== false;
   const defaultTenant = opts.tenant?.defaultTenant ?? DEFAULT_TENANT;
+  const authStore = opts.auth?.store;
+  const rbacMode = !!(authStore && authStore.count() > 0);
   const log2 = opts.log ?? (() => {
   });
   const restDeps = { backend: opts.backend, version: opts.version };
@@ -7705,23 +8034,44 @@ async function runApi(opts) {
           finish(r.status);
           return;
         }
-        if (!checkBearer(req.headers["authorization"], token)) {
+        const principal = resolvePrincipal(bearerToken(req.headers["authorization"]), {
+          ...authStore ? { store: authStore } : {},
+          ...token ? { sharedToken: token } : {},
+          defaultTenant,
+          ...opts.auth?.required ? { required: true } : {}
+        });
+        if (!principal) {
           send(res, 401, { error: "unauthorized" }, { "www-authenticate": "Bearer", ...cors });
           finish(401);
           return;
         }
-        let ctx;
         try {
-          ctx = resolveTenant(req, url, opts.tenant ?? {});
-          tenantLabel = ctx.tenant;
+          authorize(principal, "read");
         } catch (err) {
-          if (err instanceof InvalidTenantError) {
-            send(res, 400, { error: "invalid tenant" }, cors);
-            finish(400);
+          if (err instanceof AuthorizationError) {
+            send(res, 403, { error: "forbidden" }, cors);
+            finish(403);
             return;
           }
           throw err;
         }
+        let ctx;
+        if (rbacMode) {
+          ctx = { tenant: principal.tenant };
+          tenantLabel = principal.tenant;
+        } else {
+          try {
+            ctx = resolveTenant(req, url, opts.tenant ?? {});
+            tenantLabel = ctx.tenant;
+          } catch (err) {
+            if (err instanceof InvalidTenantError) {
+              send(res, 400, { error: "invalid tenant" }, cors);
+              finish(400);
+              return;
+            }
+            throw err;
+          }
+        }
         if (graphqlEnabled && path === "/graphql") {
           if (req.method === "GET") {
             const g = handleGraphqlGet();
@@ -7791,6 +8141,30 @@ function dispatchRest(ctx, path, url, deps) {
   }
 }
 
+// src/auth/types.ts
+import { z as z9 } from "zod";
+var ROLES = ["viewer", "operator", "admin"];
+var RoleSchema = z9.enum(ROLES);
+var ACTIONS = ["read", "discovery", "admin"];
+var ActionSchema = z9.enum(ACTIONS);
+var PrincipalSchema = z9.object({
+  subject: z9.string().min(1),
+  tenant: z9.string().min(1),
+  role: RoleSchema
+});
+var CredentialConfigSchema = z9.object({
+  token: z9.string().min(1),
+  subject: z9.string().min(1),
+  tenant: z9.string().optional(),
+  role: RoleSchema.default("viewer")
+});
+var AuthConfigSchema = z9.object({
+  /** Seed credentials (merged into the SQLite store on startup). */
+  credentials: z9.array(CredentialConfigSchema).optional(),
+  /** Reject unauthenticated requests even on loopback (default: loopback dev stays open). */
+  required: z9.boolean().optional()
+});
+
 // src/api/start.ts
 import { readFileSync as readFileSync4 } from "fs";
 import { dirname as dirname3, resolve } from "path";
@@ -7817,6 +8191,7 @@ function parseApiArgs(argv) {
     else if (a === "--db") opts.dbPath = argv[++i];
     else if (a === "--session") opts.session = argv[++i];
     else if (a === "--tenant" || a === "--org") opts.tenant = argv[++i];
+    else if (a === "--auth-required") opts.authRequired = true;
     else if (a === "--help" || a === "-h") opts.help = true;
   }
   return opts;
@@ -7832,11 +8207,13 @@ async function startApi(opts = {}) {
   const host2 = opts.host ?? "127.0.0.1";
   const port = opts.port ?? 3737;
   const version = readVersion();
+  const authStore = new SqliteCredentialStore(db);
   const server = await runApi({
     host: host2,
     port,
     backend,
     version,
+    auth: { store: authStore, ...opts.authRequired ? { required: true } : {} },
     ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {},
     ...opts.allowedOrigins ? { allowedOrigins: opts.allowedOrigins } : {},
     ...token ? { token } : {},
@@ -8331,13 +8708,13 @@ function createClaudeProvider() {
 }
 
 // src/providers/shell.ts
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 function createBashTool() {
   const shell = IS_WIN ? "powershell" : "posix";
   return {
     name: "Bash",
     description: "Run a read-only shell command (inspect ports, processes, config). Mutating or destructive commands are blocked by the read-only allowlist.",
-    inputShape: { command: z9.string().describe("The read-only shell command to run") },
+    inputShape: { command: z10.string().describe("The read-only shell command to run") },
     annotations: { readOnlyHint: true, openWorldHint: true },
     handler: async (args) => {
       const command = String(args["command"] ?? "").trim();
@@ -10849,9 +11226,9 @@ async function runOnce(cfg, db) {
 }
 
 // src/sync/hash.ts
-import { createHash as createHash2 } from "crypto";
+import { createHash as createHash3 } from "crypto";
 function shareHash(kind, payload) {
-  return createHash2("sha256").update(stableStringify({ kind, payload })).digest("hex");
+  return createHash3("sha256").update(stableStringify({ kind, payload })).digest("hex");
 }
 
 // src/sync/classify.ts
@@ -10895,7 +11272,7 @@ function classify2(input) {
 }
 
 // src/sync/push.ts
-import { createHash as createHash3 } from "crypto";
+import { createHash as createHash4 } from "crypto";
 var PUSH_SCHEMA_VERSION = 1;
 var DEFAULT_BATCH = 100;
 var DEFAULT_RETRIES = 4;
@@ -10909,7 +11286,7 @@ function defaultSleep(ms) {
 }
 function batchKey(items) {
   const hashes = items.map((i) => i.contentHash).sort();
-  return createHash3("sha256").update(stableStringify(hashes)).digest("hex");
+  return createHash4("sha256").update(stableStringify(hashes)).digest("hex");
 }
 async function pushDeltas(config, items, opts = {}) {
   const central = config.centralDb;
@@ -11114,6 +11491,10 @@ function checkClaudePrerequisites() {
   }
 }
 export {
+  ACTIONS,
+  ActionSchema,
+  AuthConfigSchema,
+  AuthorizationError,
   CLIENTS,
   CONFIDENCE,
   CartographyDB,
@@ -11122,6 +11503,7 @@ export {
   ConditionSchema,
   ConfigError,
   ControlResultSchema,
+  CredentialConfigSchema,
   CsvCostSource,
   DEFAULT_ANOMALY_THRESHOLDS,
   DEFAULT_SERVER_NAME,
@@ -11130,16 +11512,22 @@ export {
   INGEST_SCHEMA_VERSION,
   IngestEnvelopeSchema,
   InvalidTenantError,
+  JiraSink,
   LOOPBACK_HOSTS2 as LOOPBACK_HOSTS,
   MCP_BIN,
   NotFoundError,
   PACKAGE_NAME,
+  PAGERDUTY_ENQUEUE_URL,
   PERSONAL,
   PORT_MAP,
   PRIVATE_IP,
   PUSH_SCHEMA_VERSION,
+  PagerDutySink,
+  PrincipalSchema,
   ProviderRegistry,
   RELATION_TO_DIRECTION,
+  ROLES,
+  RoleSchema,
   RuleCheckSchema,
   RulesetSchema,
   SCAN_ARG_PATTERNS,
@@ -11149,10 +11537,13 @@ export {
   ScannerRegistry,
   ScannerShape,
   SharingLevelSchema,
+  SlackSink,
+  SqliteCredentialStore,
   SqliteQueryBackend,
   SqliteStoreBackend,
   StdoutSink,
   TENANT_HEADER,
+  TenantMismatchError,
   VectorStore,
   WebhookSink,
   applyInstall,
@@ -11160,7 +11551,9 @@ export {
   assertReadOnly,
   assertSafeBind,
   assertSafeScanArg,
+  assertSameTenant,
   assignColors,
+  authorize,
   bearerToken,
   bookmarksScanner,
   buildCartographyToolHandlers,
@@ -11168,6 +11561,7 @@ export {
   buildOpenApiDocument,
   buildReport,
   buildSinks,
+  can,
   centralDbFromEnv,
   checkBearer,
   checkPrerequisites,
@@ -11233,6 +11627,9 @@ export {
   filterBySeverity,
   findAnonViolations,
   formatComplianceText,
+  formatJira,
+  formatPagerDuty,
+  formatSlack,
   generateDependencyMermaid,
   generateDiffMermaid,
   generateTopologyMermaid,
@@ -11241,6 +11638,7 @@ export {
   globalId,
   groupByDomain,
   handleGraphqlGet,
+  hashToken,
   hexCorners,
   hexDistance,
   hexNeighbors,
@@ -11255,6 +11653,7 @@ export {
   isPersonalHost,
   isReadOnlyCommand,
   isRemembered,
+  isSecureWebhookUrl,
   k8sScanner,
   keyMetaOf,
   layoutClusters,
@@ -11293,6 +11692,7 @@ export {
   pixelToHex,
   planInstall,
   portsScanner,
+  postJson,
   previewShare,
   pseudonymize,
   pseudonymizeFragment,
@@ -11305,6 +11705,7 @@ export {
   renderDiff,
   resolveEffectiveLevel,
   resolveNlQuery,
+  resolvePrincipal,
   resolveSharingLevel,
   resolveTenant,
   revalidateAnonymized,
@@ -11324,6 +11725,7 @@ export {
   safetyHook,
   sanitizeUntrusted,
   sanitizeValue,
+  scopeReads,
   scoreTopology,
   securityRelevantChange,
   serializeConfig,