@datasynx/agentic-ai-cartography 2.4.0 → 2.5.0

package/dist/index.js

@@ -2815,7 +2815,10 @@ CREATE TABLE IF NOT EXISTS activity_events (
   duration_ms INTEGER,
   command TEXT,
   result_bytes INTEGER,
-  tenant TEXT NOT NULL DEFAULT 'local'
+  tenant TEXT NOT NULL DEFAULT 'local',
+  actor_subject TEXT,
+  actor_role TEXT,
+  actor_tenant TEXT
 );
 
 CREATE TABLE IF NOT EXISTS tasks (
@@ -2924,6 +2927,16 @@ CREATE INDEX IF NOT EXISTS idx_nodes_tenant_content ON nodes(tenant, content_has
 CREATE INDEX IF NOT EXISTS idx_contrib_org ON node_contributors(organization, global_id);
 CREATE INDEX IF NOT EXISTS idx_nodes_owner ON nodes(session_id, owner);
 `;
+var AUTH_SCHEMA = `
+CREATE TABLE IF NOT EXISTS auth_credentials (
+  token_hash TEXT PRIMARY KEY,
+  subject TEXT NOT NULL,
+  tenant TEXT NOT NULL DEFAULT 'local',
+  role TEXT NOT NULL,
+  created_at TEXT NOT NULL
+);
+CREATE INDEX IF NOT EXISTS idx_auth_subject ON auth_credentials(subject);
+`;
 var CartographyDB = class {
   db;
   /** 3.6 anomaly settings; defaults apply when no `anomaly` config is supplied. */
@@ -2943,7 +2956,8 @@ var CartographyDB = class {
     const version = this.db.pragma("user_version", { simple: true });
     if (version === 0) {
       this.db.exec(SCHEMA);
-      this.db.pragma("user_version = 14");
+      this.db.exec(AUTH_SCHEMA);
+      this.db.pragma("user_version = 15");
       return;
     } else if (version === 1) {
       const cols = this.db.prepare("PRAGMA table_info(nodes)").all().map((c) => c.name);
@@ -3129,6 +3143,18 @@ var CartographyDB = class {
       }
       this.db.pragma("user_version = 14");
     }
+    const v14 = this.db.pragma("user_version", { simple: true });
+    if (v14 < 15) {
+      this.db.exec(AUTH_SCHEMA);
+      const ev = this.db.prepare("PRAGMA table_info(activity_events)").all();
+      if (ev.length > 0) {
+        const cols = ev.map((c) => c.name);
+        if (!cols.includes("actor_subject")) this.db.exec("ALTER TABLE activity_events ADD COLUMN actor_subject TEXT");
+        if (!cols.includes("actor_role")) this.db.exec("ALTER TABLE activity_events ADD COLUMN actor_role TEXT");
+        if (!cols.includes("actor_tenant")) this.db.exec("ALTER TABLE activity_events ADD COLUMN actor_tenant TEXT");
+      }
+      this.db.pragma("user_version = 15");
+    }
   }
   close() {
     this.db.pragma("optimize");
@@ -3559,13 +3585,13 @@ var CartographyDB = class {
     });
   }
   // ── Events ──────────────────────────────
-  insertEvent(sessionId, event, taskId) {
+  insertEvent(sessionId, event, taskId, actor) {
     const id = crypto.randomUUID();
     const tenant = this.tenantOf(sessionId);
     this.db.prepare(`
       INSERT INTO activity_events
-        (id, session_id, task_id, timestamp, event_type, process, pid, target, target_type, port, command, result_bytes, tenant)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        (id, session_id, task_id, timestamp, event_type, process, pid, target, target_type, port, command, result_bytes, tenant, actor_subject, actor_role, actor_tenant)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
     `).run(
       id,
       sessionId,
@@ -3579,9 +3605,52 @@ var CartographyDB = class {
       event.port ?? null,
       event.command ?? null,
       event.resultBytes ?? null,
-      tenant
+      tenant,
+      actor?.subject ?? null,
+      actor?.role ?? null,
+      actor?.tenant ?? null
     );
   }
+  // ── RBAC credential store (4.5) ─────────────
+  /** Number of stored credentials. `0` ⇒ no RBAC configured (fall back to shared/loopback). */
+  countCredentials() {
+    return this.db.prepare("SELECT COUNT(*) AS n FROM auth_credentials").get().n;
+  }
+  /** Look up a credential by its sha256 token hash. */
+  findCredentialByHash(tokenHash) {
+    const r = this.db.prepare("SELECT * FROM auth_credentials WHERE token_hash = ?").get(tokenHash);
+    if (!r) return void 0;
+    return {
+      tokenHash: r["token_hash"],
+      subject: r["subject"],
+      tenant: r["tenant"],
+      role: r["role"],
+      createdAt: r["created_at"]
+    };
+  }
+  /** Upsert a credential (idempotent on the token hash). Stores only the hash, never the raw token. */
+  addCredential(rec) {
+    this.db.prepare(`
+      INSERT INTO auth_credentials (token_hash, subject, tenant, role, created_at)
+      VALUES (?, ?, ?, ?, ?)
+      ON CONFLICT(token_hash) DO UPDATE SET subject = excluded.subject, tenant = excluded.tenant, role = excluded.role
+    `).run(rec.tokenHash, rec.subject, rec.tenant, rec.role, (/* @__PURE__ */ new Date()).toISOString());
+  }
+  /** List all credentials (token hashes only — the raw token is unrecoverable). */
+  listCredentials() {
+    const rows = this.db.prepare("SELECT * FROM auth_credentials ORDER BY created_at").all();
+    return rows.map((r) => ({
+      tokenHash: r["token_hash"],
+      subject: r["subject"],
+      tenant: r["tenant"],
+      role: r["role"],
+      createdAt: r["created_at"]
+    }));
+  }
+  /** Revoke every credential for a subject. Returns the number removed. */
+  revokeCredentialsBySubject(subject) {
+    return this.db.prepare("DELETE FROM auth_credentials WHERE subject = ?").run(subject).changes;
+  }
   getEvents(sessionId, since) {
     const rows = since ? this.db.prepare("SELECT * FROM activity_events WHERE session_id = ? AND timestamp > ? ORDER BY timestamp").all(sessionId, since) : this.db.prepare("SELECT * FROM activity_events WHERE session_id = ? ORDER BY timestamp").all(sessionId);
     return rows.map((r) => {
@@ -5260,6 +5329,36 @@ async function runDrift(db, config, opts = {}) {
   return alert;
 }
 
+// src/auth/rbac.ts
+var ROLE_RANK = { viewer: 1, operator: 2, admin: 3 };
+var ACTION_MIN_ROLE = { read: "viewer", discovery: "operator", admin: "admin" };
+function can(role, action) {
+  return ROLE_RANK[role] >= ROLE_RANK[ACTION_MIN_ROLE[action]];
+}
+var AuthorizationError = class extends Error {
+  constructor(action, role) {
+    super(`forbidden: role '${role}' may not perform '${action}'`);
+    this.action = action;
+    this.role = role;
+    this.name = "AuthorizationError";
+  }
+};
+function authorize(principal, action) {
+  if (!can(principal.role, action)) throw new AuthorizationError(action, principal.role);
+}
+var TenantMismatchError = class extends Error {
+  constructor() {
+    super("forbidden: principal is not scoped to the requested tenant");
+    this.name = "TenantMismatchError";
+  }
+};
+function scopeReads(principal) {
+  return principal.tenant;
+}
+function assertSameTenant(principal, requestedTenant) {
+  if (requestedTenant !== principal.tenant) throw new TenantMismatchError();
+}
+
 // src/compliance/rulesets/baseline.ts
 var baseline = RulesetSchema.parse({
   name: "baseline",
@@ -5547,7 +5646,7 @@ async function resolveNlQuery(db, sessionId, search, raw, opts) {
 
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.4.0";
+var SERVER_VERSION = "2.5.0";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -5949,6 +6048,14 @@ function createMcpServer(opts = {}) {
         annotations: { readOnlyHint: false, destructiveHint: false, openWorldHint: true }
       },
       async (args) => {
+        if (opts.principal) {
+          try {
+            authorize(opts.principal, "discovery");
+          } catch (err) {
+            if (err instanceof AuthorizationError) return json({ error: `forbidden: role '${opts.principal.role}' may not run discovery (operator required)` });
+            throw err;
+          }
+        }
         let sid = resolveSession();
         if (args.update) {
           if (!sid) return json({ error: "No session to update; run discovery first." });
@@ -6091,7 +6198,41 @@ function defaultAllowedHosts(host2, port) {
   return [`${host2}:${port}`, `localhost:${port}`, `127.0.0.1:${port}`];
 }
 
+// src/auth/identity.ts
+import { createHash as createHash2 } from "crypto";
+function hashToken(token) {
+  return createHash2("sha256").update(token, "utf8").digest("hex");
+}
+var SqliteCredentialStore = class {
+  constructor(db) {
+    this.db = db;
+  }
+  count() {
+    return this.db.countCredentials();
+  }
+  findByHash(tokenHash) {
+    return this.db.findCredentialByHash(tokenHash);
+  }
+};
+function resolvePrincipal(presentedToken, opts) {
+  const tenant = opts.defaultTenant ?? DEFAULT_TENANT;
+  if (opts.store && opts.store.count() > 0) {
+    if (!presentedToken) return void 0;
+    const rec = opts.store.findByHash(hashToken(presentedToken));
+    return rec ? { subject: rec.subject, tenant: rec.tenant, role: rec.role } : void 0;
+  }
+  if (opts.sharedToken) {
+    if (!presentedToken || !timingSafeEqual(presentedToken, opts.sharedToken)) return void 0;
+    return { subject: "shared-token", tenant, role: "admin" };
+  }
+  if (opts.required) return void 0;
+  return { subject: "anonymous", tenant, role: "admin" };
+}
+
 // src/mcp/transports.ts
+function samePrincipal(a, b) {
+  return a.subject === b.subject && a.tenant === b.tenant && a.role === b.role;
+}
 async function runStdio(server) {
   const transport = new StdioServerTransport();
   await server.connect(transport);
@@ -6136,6 +6277,14 @@ async function runHttp(factory, opts = {}) {
   assertSafeBind({ host: host2, port, ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {}, ...opts.token ? { token: opts.token } : {} });
   const allowedHosts = opts.allowedHosts ?? defaultAllowedHosts(host2, port);
   const token = opts.token;
+  const authStore = opts.auth?.store;
+  const defaultTenant = opts.defaultTenant;
+  const resolveAuth = (header) => resolvePrincipal(bearerToken(header), {
+    ...authStore ? { store: authStore } : {},
+    ...token ? { sharedToken: token } : {},
+    ...defaultTenant ? { defaultTenant } : {},
+    ...opts.auth?.required ? { required: true } : {}
+  });
   const transports = /* @__PURE__ */ new Map();
   const httpServer = http.createServer(async (req, res) => {
     try {
@@ -6145,7 +6294,8 @@ async function runHttp(factory, opts = {}) {
         res.writeHead(404, { "content-type": "application/json" }).end('{"error":"not found"}');
         return;
       }
-      if (!checkBearer(req.headers["authorization"], token)) {
+      const principal = resolveAuth(req.headers["authorization"]);
+      if (!principal) {
         res.writeHead(401, { "content-type": "application/json", "www-authenticate": "Bearer" }).end('{"error":"unauthorized"}');
         return;
       }
@@ -6172,8 +6322,12 @@ async function runHttp(factory, opts = {}) {
       const sessionId = req.headers["mcp-session-id"];
       const existing = sessionId ? transports.get(sessionId) : void 0;
       if (existing) {
+        if (!samePrincipal(existing.principal, principal)) {
+          res.writeHead(403, { "content-type": "application/json" }).end('{"error":"session belongs to a different principal"}');
+          return;
+        }
         const body2 = req.method === "POST" ? await readJsonBody(req) : void 0;
-        await existing.handleRequest(req, res, body2);
+        await existing.transport.handleRequest(req, res, body2);
         return;
       }
       if (req.method !== "POST") {
@@ -6187,13 +6341,13 @@ async function runHttp(factory, opts = {}) {
         allowedHosts,
         ...opts.allowedOrigins ? { allowedOrigins: opts.allowedOrigins } : {},
         onsessioninitialized: (id) => {
-          transports.set(id, transport);
+          transports.set(id, { transport, principal });
         }
       });
       transport.onclose = () => {
         if (transport.sessionId) transports.delete(transport.sessionId);
       };
-      await factory().connect(transport);
+      await factory(principal).connect(transport);
       await transport.handleRequest(req, res, body);
     } catch (err) {
       process.stderr.write(`[cartography-mcp] HTTP request failed: ${err instanceof Error ? err.message : String(err)}
@@ -7820,6 +7974,8 @@ async function runApi(opts) {
   const token = opts.token;
   const graphqlEnabled = opts.graphql !== false;
   const defaultTenant = opts.tenant?.defaultTenant ?? DEFAULT_TENANT;
+  const authStore = opts.auth?.store;
+  const rbacMode = !!(authStore && authStore.count() > 0);
   const log2 = opts.log ?? (() => {
   });
   const restDeps = { backend: opts.backend, version: opts.version };
@@ -7878,23 +8034,44 @@ async function runApi(opts) {
           finish(r.status);
           return;
         }
-        if (!checkBearer(req.headers["authorization"], token)) {
+        const principal = resolvePrincipal(bearerToken(req.headers["authorization"]), {
+          ...authStore ? { store: authStore } : {},
+          ...token ? { sharedToken: token } : {},
+          defaultTenant,
+          ...opts.auth?.required ? { required: true } : {}
+        });
+        if (!principal) {
           send(res, 401, { error: "unauthorized" }, { "www-authenticate": "Bearer", ...cors });
           finish(401);
           return;
         }
-        let ctx;
         try {
-          ctx = resolveTenant(req, url, opts.tenant ?? {});
-          tenantLabel = ctx.tenant;
+          authorize(principal, "read");
         } catch (err) {
-          if (err instanceof InvalidTenantError) {
-            send(res, 400, { error: "invalid tenant" }, cors);
-            finish(400);
+          if (err instanceof AuthorizationError) {
+            send(res, 403, { error: "forbidden" }, cors);
+            finish(403);
             return;
           }
           throw err;
         }
+        let ctx;
+        if (rbacMode) {
+          ctx = { tenant: principal.tenant };
+          tenantLabel = principal.tenant;
+        } else {
+          try {
+            ctx = resolveTenant(req, url, opts.tenant ?? {});
+            tenantLabel = ctx.tenant;
+          } catch (err) {
+            if (err instanceof InvalidTenantError) {
+              send(res, 400, { error: "invalid tenant" }, cors);
+              finish(400);
+              return;
+            }
+            throw err;
+          }
+        }
         if (graphqlEnabled && path === "/graphql") {
           if (req.method === "GET") {
             const g = handleGraphqlGet();
@@ -7964,6 +8141,30 @@ function dispatchRest(ctx, path, url, deps) {
   }
 }
 
+// src/auth/types.ts
+import { z as z9 } from "zod";
+var ROLES = ["viewer", "operator", "admin"];
+var RoleSchema = z9.enum(ROLES);
+var ACTIONS = ["read", "discovery", "admin"];
+var ActionSchema = z9.enum(ACTIONS);
+var PrincipalSchema = z9.object({
+  subject: z9.string().min(1),
+  tenant: z9.string().min(1),
+  role: RoleSchema
+});
+var CredentialConfigSchema = z9.object({
+  token: z9.string().min(1),
+  subject: z9.string().min(1),
+  tenant: z9.string().optional(),
+  role: RoleSchema.default("viewer")
+});
+var AuthConfigSchema = z9.object({
+  /** Seed credentials (merged into the SQLite store on startup). */
+  credentials: z9.array(CredentialConfigSchema).optional(),
+  /** Reject unauthenticated requests even on loopback (default: loopback dev stays open). */
+  required: z9.boolean().optional()
+});
+
 // src/api/start.ts
 import { readFileSync as readFileSync4 } from "fs";
 import { dirname as dirname3, resolve } from "path";
@@ -7990,6 +8191,7 @@ function parseApiArgs(argv) {
     else if (a === "--db") opts.dbPath = argv[++i];
     else if (a === "--session") opts.session = argv[++i];
     else if (a === "--tenant" || a === "--org") opts.tenant = argv[++i];
+    else if (a === "--auth-required") opts.authRequired = true;
     else if (a === "--help" || a === "-h") opts.help = true;
   }
   return opts;
@@ -8005,11 +8207,13 @@ async function startApi(opts = {}) {
   const host2 = opts.host ?? "127.0.0.1";
   const port = opts.port ?? 3737;
   const version = readVersion();
+  const authStore = new SqliteCredentialStore(db);
   const server = await runApi({
     host: host2,
     port,
     backend,
     version,
+    auth: { store: authStore, ...opts.authRequired ? { required: true } : {} },
     ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {},
     ...opts.allowedOrigins ? { allowedOrigins: opts.allowedOrigins } : {},
     ...token ? { token } : {},
@@ -8504,13 +8708,13 @@ function createClaudeProvider() {
 }
 
 // src/providers/shell.ts
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 function createBashTool() {
   const shell = IS_WIN ? "powershell" : "posix";
   return {
     name: "Bash",
     description: "Run a read-only shell command (inspect ports, processes, config). Mutating or destructive commands are blocked by the read-only allowlist.",
-    inputShape: { command: z9.string().describe("The read-only shell command to run") },
+    inputShape: { command: z10.string().describe("The read-only shell command to run") },
     annotations: { readOnlyHint: true, openWorldHint: true },
     handler: async (args) => {
       const command = String(args["command"] ?? "").trim();
@@ -11022,9 +11226,9 @@ async function runOnce(cfg, db) {
 }
 
 // src/sync/hash.ts
-import { createHash as createHash2 } from "crypto";
+import { createHash as createHash3 } from "crypto";
 function shareHash(kind, payload) {
-  return createHash2("sha256").update(stableStringify({ kind, payload })).digest("hex");
+  return createHash3("sha256").update(stableStringify({ kind, payload })).digest("hex");
 }
 
 // src/sync/classify.ts
@@ -11068,7 +11272,7 @@ function classify2(input) {
 }
 
 // src/sync/push.ts
-import { createHash as createHash3 } from "crypto";
+import { createHash as createHash4 } from "crypto";
 var PUSH_SCHEMA_VERSION = 1;
 var DEFAULT_BATCH = 100;
 var DEFAULT_RETRIES = 4;
@@ -11082,7 +11286,7 @@ function defaultSleep(ms) {
 }
 function batchKey(items) {
   const hashes = items.map((i) => i.contentHash).sort();
-  return createHash3("sha256").update(stableStringify(hashes)).digest("hex");
+  return createHash4("sha256").update(stableStringify(hashes)).digest("hex");
 }
 async function pushDeltas(config, items, opts = {}) {
   const central = config.centralDb;
@@ -11287,6 +11491,10 @@ function checkClaudePrerequisites() {
   }
 }
 export {
+  ACTIONS,
+  ActionSchema,
+  AuthConfigSchema,
+  AuthorizationError,
   CLIENTS,
   CONFIDENCE,
   CartographyDB,
@@ -11295,6 +11503,7 @@ export {
   ConditionSchema,
   ConfigError,
   ControlResultSchema,
+  CredentialConfigSchema,
   CsvCostSource,
   DEFAULT_ANOMALY_THRESHOLDS,
   DEFAULT_SERVER_NAME,
@@ -11314,8 +11523,11 @@ export {
   PRIVATE_IP,
   PUSH_SCHEMA_VERSION,
   PagerDutySink,
+  PrincipalSchema,
   ProviderRegistry,
   RELATION_TO_DIRECTION,
+  ROLES,
+  RoleSchema,
   RuleCheckSchema,
   RulesetSchema,
   SCAN_ARG_PATTERNS,
@@ -11326,10 +11538,12 @@ export {
   ScannerShape,
   SharingLevelSchema,
   SlackSink,
+  SqliteCredentialStore,
   SqliteQueryBackend,
   SqliteStoreBackend,
   StdoutSink,
   TENANT_HEADER,
+  TenantMismatchError,
   VectorStore,
   WebhookSink,
   applyInstall,
@@ -11337,7 +11551,9 @@ export {
   assertReadOnly,
   assertSafeBind,
   assertSafeScanArg,
+  assertSameTenant,
   assignColors,
+  authorize,
   bearerToken,
   bookmarksScanner,
   buildCartographyToolHandlers,
@@ -11345,6 +11561,7 @@ export {
   buildOpenApiDocument,
   buildReport,
   buildSinks,
+  can,
   centralDbFromEnv,
   checkBearer,
   checkPrerequisites,
@@ -11421,6 +11638,7 @@ export {
   globalId,
   groupByDomain,
   handleGraphqlGet,
+  hashToken,
   hexCorners,
   hexDistance,
   hexNeighbors,
@@ -11487,6 +11705,7 @@ export {
   renderDiff,
   resolveEffectiveLevel,
   resolveNlQuery,
+  resolvePrincipal,
   resolveSharingLevel,
   resolveTenant,
   revalidateAnonymized,
@@ -11506,6 +11725,7 @@ export {
   safetyHook,
   sanitizeUntrusted,
   sanitizeValue,
+  scopeReads,
   scoreTopology,
   securityRelevantChange,
   serializeConfig,