@datasynx/agentic-ai-cartography 2.4.0 → 2.5.0

package/dist/index.d.cts

@@ -881,6 +881,99 @@ declare const ComplianceReportSchema: z.ZodObject<{
 }, z.core.$strip>;
 type ComplianceReport = z.infer<typeof ComplianceReportSchema>;
 
+/**
+ * RBAC identity types (4.5). A bearer credential resolves to a {@link Principal}
+ * `{ subject, tenant, role }`; the HTTP surfaces (MCP transport + REST/GraphQL API)
+ * enforce a deny-by-default `can(role, action)` matrix and pin every read to the
+ * principal's tenant. Kept dependency-light and free of any import from `db.ts`/
+ * `server.ts` so it can be reused by both transports without a cycle.
+ */
+
+/** Roles, least → most privileged. `admin ⊇ operator ⊇ viewer` (rank-ordered). */
+declare const ROLES: readonly ["viewer", "operator", "admin"];
+type Role = typeof ROLES[number];
+declare const RoleSchema: z.ZodEnum<{
+    viewer: "viewer";
+    operator: "operator";
+    admin: "admin";
+}>;
+/**
+ * Gated action classes:
+ * - `read`      — any read-only query/resource (viewer+).
+ * - `discovery` — trigger a scan that mutates the catalog, e.g. `run_discovery` (operator+).
+ * - `admin`     — manage credentials / admin-only surfaces (admin only).
+ */
+declare const ACTIONS: readonly ["read", "discovery", "admin"];
+type Action = typeof ACTIONS[number];
+declare const ActionSchema: z.ZodEnum<{
+    read: "read";
+    admin: "admin";
+    discovery: "discovery";
+}>;
+/** The authenticated caller, bound to exactly one tenant. */
+interface Principal {
+    /** Stable identity (token label / username / OIDC `sub`). */
+    subject: string;
+    /** Org-scope this principal may read/act within. */
+    tenant: string;
+    role: Role;
+}
+declare const PrincipalSchema: z.ZodObject<{
+    subject: z.ZodString;
+    tenant: z.ZodString;
+    role: z.ZodEnum<{
+        viewer: "viewer";
+        operator: "operator";
+        admin: "admin";
+    }>;
+}, z.core.$strip>;
+/** A seeded credential (config-supplied). The token is hashed before storage; never persisted raw. */
+declare const CredentialConfigSchema: z.ZodObject<{
+    token: z.ZodString;
+    subject: z.ZodString;
+    tenant: z.ZodOptional<z.ZodString>;
+    role: z.ZodDefault<z.ZodEnum<{
+        viewer: "viewer";
+        operator: "operator";
+        admin: "admin";
+    }>>;
+}, z.core.$strip>;
+type CredentialConfig = z.infer<typeof CredentialConfigSchema>;
+/**
+ * Opt-in auth block on {@link CartographyConfig}. Absent → today's behavior exactly
+ * (loopback no-token → implicit admin; a configured shared token → one implicit admin).
+ * When `credentials` are present (here or in the SQLite store), the server runs in RBAC
+ * mode: only a known token resolves to a principal, everything else is 401.
+ */
+declare const AuthConfigSchema: z.ZodObject<{
+    credentials: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        token: z.ZodString;
+        subject: z.ZodString;
+        tenant: z.ZodOptional<z.ZodString>;
+        role: z.ZodDefault<z.ZodEnum<{
+            viewer: "viewer";
+            operator: "operator";
+            admin: "admin";
+        }>>;
+    }, z.core.$strip>>>;
+    required: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+type AuthConfig = z.infer<typeof AuthConfigSchema>;
+/** A stored credential record (token already hashed). */
+interface CredentialRecord {
+    tokenHash: string;
+    subject: string;
+    tenant: string;
+    role: Role;
+    createdAt: string;
+}
+/** Resolves a stored credential by its token hash. Implemented over SQLite (and, later, OIDC). */
+interface CredentialStore {
+    /** Number of stored credentials — `0` means "no RBAC configured" (fall back to shared/loopback). */
+    count(): number;
+    findByHash(tokenHash: string): CredentialRecord | undefined;
+}
+
 /** Attribution applied by an enrichment pass (3.3). `null` clears the field; `undefined` leaves it unchanged. */
 interface NodeAttribution {
     owner?: string | null;
@@ -1158,7 +1251,28 @@ declare class CartographyDB {
         limit?: number;
         offset?: number;
     }): EdgeRow[];
-    insertEvent(sessionId: string, event: Pick<EventRow, 'eventType' | 'process' | 'pid' | 'target' | 'targetType' | 'port'> & Partial<Pick<EventRow, 'command' | 'resultBytes'>>, taskId?: string): void;
+    insertEvent(sessionId: string, event: Pick<EventRow, 'eventType' | 'process' | 'pid' | 'target' | 'targetType' | 'port'> & Partial<Pick<EventRow, 'command' | 'resultBytes'>>, taskId?: string, 
+    /** Authenticated actor (4.5 RBAC) — stamped into the audit trail when present. */
+    actor?: {
+        subject: string;
+        role: string;
+        tenant: string;
+    }): void;
+    /** Number of stored credentials. `0` ⇒ no RBAC configured (fall back to shared/loopback). */
+    countCredentials(): number;
+    /** Look up a credential by its sha256 token hash. */
+    findCredentialByHash(tokenHash: string): CredentialRecord | undefined;
+    /** Upsert a credential (idempotent on the token hash). Stores only the hash, never the raw token. */
+    addCredential(rec: {
+        tokenHash: string;
+        subject: string;
+        tenant: string;
+        role: string;
+    }): void;
+    /** List all credentials (token hashes only — the raw token is unrecoverable). */
+    listCredentials(): Array<CredentialRecord>;
+    /** Revoke every credential for a subject. Returns the number removed. */
+    revokeCredentialsBySubject(subject: string): number;
     getEvents(sessionId: string, since?: string): EventRow[];
     startTask(sessionId: string, description?: string): string;
     endCurrentTask(sessionId: string): void;
@@ -2020,6 +2134,13 @@ interface CreateMcpServerOptions {
      * behaviour exactly. The org is normalized to a tenant.
      */
     org?: string;
+    /**
+     * The authenticated principal (4.5 RBAC). When set, mutating tools (`run_discovery`)
+     * are gated by role: a `viewer` is refused with a forbidden error. Read tools are
+     * unaffected (any principal is at least `viewer`). Unset → no role gating (the
+     * transport already handled 401, or it's an in-process/stdio caller).
+     */
+    principal?: Principal;
 }
 /**
  * Build a fully-configured Cartography MCP server. Call `.connect(transport)` to run it.
@@ -2060,12 +2181,25 @@ interface HttpOptions {
         status: number;
         body: unknown;
     };
+    /**
+     * RBAC (4.5). When `store` holds credentials, the transport runs in RBAC mode: a
+     * request's bearer token must resolve to a {@link Principal} (else 401), and the
+     * principal is passed to `factory(principal)` so the per-session server is pinned to
+     * the principal's tenant and gates mutating tools by role. Without a populated store
+     * the legacy shared-token / open-loopback behavior is preserved.
+     */
+    auth?: {
+        store?: CredentialStore;
+        required?: boolean;
+    };
+    /** Tenant assigned to implicit (shared/loopback) admin principals. */
+    defaultTenant?: string;
 }
 /**
  * Start a Streamable HTTP server. A fresh MCP server instance is created per
  * session via `factory`, so multiple clients can connect concurrently.
  */
-declare function runHttp(factory: () => McpServer, opts?: HttpOptions): Promise<http.Server>;
+declare function runHttp(factory: (principal?: Principal) => McpServer, opts?: HttpOptions): Promise<http.Server>;
 
 /**
  * Shared HTTP auth + bind-hardening primitives.
@@ -2166,6 +2300,18 @@ interface ApiServerOptions extends BindGuardOptions {
     tenant?: TenantOptions;
     /** Expose `/graphql` (default true). */
     graphql?: boolean;
+    /**
+     * RBAC (4.5). When `store` holds credentials, the API runs in RBAC mode: a request's
+     * bearer token must resolve to a {@link Principal} (else 401), the principal's role must
+     * permit `read` (else 403), and reads are **pinned to the principal's tenant** (any
+     * caller-supplied tenant header/param is ignored). Without a populated store the legacy
+     * behavior is preserved: the configured shared `token` (or open loopback) is one implicit
+     * admin that may still select a tenant via header/param.
+     */
+    auth?: {
+        store?: CredentialStore;
+        required?: boolean;
+    };
     /** Access logger (stderr). */
     log?: (msg: string) => void;
 }
@@ -2227,6 +2373,78 @@ declare function handleGraphqlGet(): {
     body: string;
 };
 
+/**
+ * The RBAC decision core (4.5): a pure, deny-by-default `can(role, action)` matrix
+ * and the `authorize`/`assertSameTenant` guards the transports call. No I/O, no DB —
+ * trivially unit-testable and identical for the MCP transport and the REST/GraphQL API.
+ */
+
+/** True iff `role` is at least the minimum role required for `action`. */
+declare function can(role: Role, action: Action): boolean;
+/** Thrown when an authenticated principal lacks the role for an action → HTTP 403. */
+declare class AuthorizationError extends Error {
+    readonly action: Action;
+    readonly role: Role;
+    constructor(action: Action, role: Role);
+}
+/** Throw {@link AuthorizationError} unless `principal` may perform `action`. */
+declare function authorize(principal: Principal, action: Action): void;
+/** Thrown when a principal references a tenant other than its own → HTTP 403. */
+declare class TenantMismatchError extends Error {
+    constructor();
+}
+/**
+ * The tenant a principal's reads are pinned to. Callers MUST use this rather than any
+ * caller-supplied tenant header/param, so a principal can never read another tenant by
+ * spoofing the request — isolation is structural, not advisory.
+ */
+declare function scopeReads(principal: Principal): string;
+/** Throw {@link TenantMismatchError} if `requestedTenant` differs from the principal's tenant. */
+declare function assertSameTenant(principal: Principal, requestedTenant: string): void;
+
+/**
+ * Identity resolution (4.5): turn a presented bearer token into a {@link Principal},
+ * or `undefined` (→ 401). Three modes, in precedence order:
+ *  1. **RBAC** — a populated SQLite {@link CredentialStore} is the source of truth; the
+ *     token is sha256-hashed and looked up (tokens are never stored or compared raw).
+ *  2. **Shared token** — a single configured token resolves to one implicit `admin`
+ *     (today's behavior; constant-time compare).
+ *  3. **Open/loopback dev** — no token configured → implicit `admin`, unless `required`.
+ *
+ * The hash-and-store design means a DB leak never exposes a usable credential, and the
+ * OIDC seam is just another {@link CredentialStore}/resolver behind this one function.
+ */
+
+/** Stable sha256 hex of a token — the only form ever persisted or compared in the store. */
+declare function hashToken(token: string): string;
+/** Minimal DB surface the SQLite credential store needs (CartographyDB satisfies it structurally). */
+interface CredentialDb {
+    countCredentials(): number;
+    findCredentialByHash(tokenHash: string): CredentialRecord | undefined;
+}
+/** {@link CredentialStore} backed by `CartographyDB`'s `auth_credentials` table. */
+declare class SqliteCredentialStore implements CredentialStore {
+    private readonly db;
+    constructor(db: CredentialDb);
+    count(): number;
+    findByHash(tokenHash: string): CredentialRecord | undefined;
+}
+interface ResolveOptions {
+    /** Populated → RBAC mode (source of truth). */
+    store?: CredentialStore;
+    /** Single shared token (one implicit admin) when no store credentials exist. */
+    sharedToken?: string;
+    /** Tenant assigned to implicit (shared/loopback) admin principals. */
+    defaultTenant?: string;
+    /** Reject unauthenticated requests even when neither store nor shared token is set. */
+    required?: boolean;
+}
+/**
+ * Resolve an already-parsed bearer token to a {@link Principal}, or `undefined` (→ 401).
+ * `presentedToken` is the value from `bearerToken(authorizationHeader)` (may be undefined).
+ */
+declare function resolvePrincipal(presentedToken: string | undefined, opts: ResolveOptions): Principal | undefined;
+
 /**
  * Shared entry logic for the read-only API server (4.2), used by both the dedicated
  * `cartography-api` binary and the `api` CLI sub-command. Mirrors `src/mcp/start.ts`:
@@ -2247,6 +2465,8 @@ interface StartApiOptions {
     graphql?: boolean;
     /** Default tenant served when a request names none. */
     tenant?: string;
+    /** Reject unauthenticated requests even on loopback (RBAC `required` mode). */
+    authRequired?: boolean;
     log?: (msg: string) => void;
 }
 interface ParsedApiArgs extends StartApiOptions {
@@ -3869,4 +4089,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, ROLES, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };

package/dist/index.d.ts

@@ -881,6 +881,99 @@ declare const ComplianceReportSchema: z.ZodObject<{
 }, z.core.$strip>;
 type ComplianceReport = z.infer<typeof ComplianceReportSchema>;
 
+/**
+ * RBAC identity types (4.5). A bearer credential resolves to a {@link Principal}
+ * `{ subject, tenant, role }`; the HTTP surfaces (MCP transport + REST/GraphQL API)
+ * enforce a deny-by-default `can(role, action)` matrix and pin every read to the
+ * principal's tenant. Kept dependency-light and free of any import from `db.ts`/
+ * `server.ts` so it can be reused by both transports without a cycle.
+ */
+
+/** Roles, least → most privileged. `admin ⊇ operator ⊇ viewer` (rank-ordered). */
+declare const ROLES: readonly ["viewer", "operator", "admin"];
+type Role = typeof ROLES[number];
+declare const RoleSchema: z.ZodEnum<{
+    viewer: "viewer";
+    operator: "operator";
+    admin: "admin";
+}>;
+/**
+ * Gated action classes:
+ * - `read`      — any read-only query/resource (viewer+).
+ * - `discovery` — trigger a scan that mutates the catalog, e.g. `run_discovery` (operator+).
+ * - `admin`     — manage credentials / admin-only surfaces (admin only).
+ */
+declare const ACTIONS: readonly ["read", "discovery", "admin"];
+type Action = typeof ACTIONS[number];
+declare const ActionSchema: z.ZodEnum<{
+    read: "read";
+    admin: "admin";
+    discovery: "discovery";
+}>;
+/** The authenticated caller, bound to exactly one tenant. */
+interface Principal {
+    /** Stable identity (token label / username / OIDC `sub`). */
+    subject: string;
+    /** Org-scope this principal may read/act within. */
+    tenant: string;
+    role: Role;
+}
+declare const PrincipalSchema: z.ZodObject<{
+    subject: z.ZodString;
+    tenant: z.ZodString;
+    role: z.ZodEnum<{
+        viewer: "viewer";
+        operator: "operator";
+        admin: "admin";
+    }>;
+}, z.core.$strip>;
+/** A seeded credential (config-supplied). The token is hashed before storage; never persisted raw. */
+declare const CredentialConfigSchema: z.ZodObject<{
+    token: z.ZodString;
+    subject: z.ZodString;
+    tenant: z.ZodOptional<z.ZodString>;
+    role: z.ZodDefault<z.ZodEnum<{
+        viewer: "viewer";
+        operator: "operator";
+        admin: "admin";
+    }>>;
+}, z.core.$strip>;
+type CredentialConfig = z.infer<typeof CredentialConfigSchema>;
+/**
+ * Opt-in auth block on {@link CartographyConfig}. Absent → today's behavior exactly
+ * (loopback no-token → implicit admin; a configured shared token → one implicit admin).
+ * When `credentials` are present (here or in the SQLite store), the server runs in RBAC
+ * mode: only a known token resolves to a principal, everything else is 401.
+ */
+declare const AuthConfigSchema: z.ZodObject<{
+    credentials: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        token: z.ZodString;
+        subject: z.ZodString;
+        tenant: z.ZodOptional<z.ZodString>;
+        role: z.ZodDefault<z.ZodEnum<{
+            viewer: "viewer";
+            operator: "operator";
+            admin: "admin";
+        }>>;
+    }, z.core.$strip>>>;
+    required: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+type AuthConfig = z.infer<typeof AuthConfigSchema>;
+/** A stored credential record (token already hashed). */
+interface CredentialRecord {
+    tokenHash: string;
+    subject: string;
+    tenant: string;
+    role: Role;
+    createdAt: string;
+}
+/** Resolves a stored credential by its token hash. Implemented over SQLite (and, later, OIDC). */
+interface CredentialStore {
+    /** Number of stored credentials — `0` means "no RBAC configured" (fall back to shared/loopback). */
+    count(): number;
+    findByHash(tokenHash: string): CredentialRecord | undefined;
+}
+
 /** Attribution applied by an enrichment pass (3.3). `null` clears the field; `undefined` leaves it unchanged. */
 interface NodeAttribution {
     owner?: string | null;
@@ -1158,7 +1251,28 @@ declare class CartographyDB {
         limit?: number;
         offset?: number;
     }): EdgeRow[];
-    insertEvent(sessionId: string, event: Pick<EventRow, 'eventType' | 'process' | 'pid' | 'target' | 'targetType' | 'port'> & Partial<Pick<EventRow, 'command' | 'resultBytes'>>, taskId?: string): void;
+    insertEvent(sessionId: string, event: Pick<EventRow, 'eventType' | 'process' | 'pid' | 'target' | 'targetType' | 'port'> & Partial<Pick<EventRow, 'command' | 'resultBytes'>>, taskId?: string, 
+    /** Authenticated actor (4.5 RBAC) — stamped into the audit trail when present. */
+    actor?: {
+        subject: string;
+        role: string;
+        tenant: string;
+    }): void;
+    /** Number of stored credentials. `0` ⇒ no RBAC configured (fall back to shared/loopback). */
+    countCredentials(): number;
+    /** Look up a credential by its sha256 token hash. */
+    findCredentialByHash(tokenHash: string): CredentialRecord | undefined;
+    /** Upsert a credential (idempotent on the token hash). Stores only the hash, never the raw token. */
+    addCredential(rec: {
+        tokenHash: string;
+        subject: string;
+        tenant: string;
+        role: string;
+    }): void;
+    /** List all credentials (token hashes only — the raw token is unrecoverable). */
+    listCredentials(): Array<CredentialRecord>;
+    /** Revoke every credential for a subject. Returns the number removed. */
+    revokeCredentialsBySubject(subject: string): number;
     getEvents(sessionId: string, since?: string): EventRow[];
     startTask(sessionId: string, description?: string): string;
     endCurrentTask(sessionId: string): void;
@@ -2020,6 +2134,13 @@ interface CreateMcpServerOptions {
      * behaviour exactly. The org is normalized to a tenant.
      */
     org?: string;
+    /**
+     * The authenticated principal (4.5 RBAC). When set, mutating tools (`run_discovery`)
+     * are gated by role: a `viewer` is refused with a forbidden error. Read tools are
+     * unaffected (any principal is at least `viewer`). Unset → no role gating (the
+     * transport already handled 401, or it's an in-process/stdio caller).
+     */
+    principal?: Principal;
 }
 /**
  * Build a fully-configured Cartography MCP server. Call `.connect(transport)` to run it.
@@ -2060,12 +2181,25 @@ interface HttpOptions {
         status: number;
         body: unknown;
     };
+    /**
+     * RBAC (4.5). When `store` holds credentials, the transport runs in RBAC mode: a
+     * request's bearer token must resolve to a {@link Principal} (else 401), and the
+     * principal is passed to `factory(principal)` so the per-session server is pinned to
+     * the principal's tenant and gates mutating tools by role. Without a populated store
+     * the legacy shared-token / open-loopback behavior is preserved.
+     */
+    auth?: {
+        store?: CredentialStore;
+        required?: boolean;
+    };
+    /** Tenant assigned to implicit (shared/loopback) admin principals. */
+    defaultTenant?: string;
 }
 /**
  * Start a Streamable HTTP server. A fresh MCP server instance is created per
  * session via `factory`, so multiple clients can connect concurrently.
  */
-declare function runHttp(factory: () => McpServer, opts?: HttpOptions): Promise<http.Server>;
+declare function runHttp(factory: (principal?: Principal) => McpServer, opts?: HttpOptions): Promise<http.Server>;
 
 /**
  * Shared HTTP auth + bind-hardening primitives.
@@ -2166,6 +2300,18 @@ interface ApiServerOptions extends BindGuardOptions {
     tenant?: TenantOptions;
     /** Expose `/graphql` (default true). */
     graphql?: boolean;
+    /**
+     * RBAC (4.5). When `store` holds credentials, the API runs in RBAC mode: a request's
+     * bearer token must resolve to a {@link Principal} (else 401), the principal's role must
+     * permit `read` (else 403), and reads are **pinned to the principal's tenant** (any
+     * caller-supplied tenant header/param is ignored). Without a populated store the legacy
+     * behavior is preserved: the configured shared `token` (or open loopback) is one implicit
+     * admin that may still select a tenant via header/param.
+     */
+    auth?: {
+        store?: CredentialStore;
+        required?: boolean;
+    };
     /** Access logger (stderr). */
     log?: (msg: string) => void;
 }
@@ -2227,6 +2373,78 @@ declare function handleGraphqlGet(): {
     body: string;
 };
 
+/**
+ * The RBAC decision core (4.5): a pure, deny-by-default `can(role, action)` matrix
+ * and the `authorize`/`assertSameTenant` guards the transports call. No I/O, no DB —
+ * trivially unit-testable and identical for the MCP transport and the REST/GraphQL API.
+ */
+
+/** True iff `role` is at least the minimum role required for `action`. */
+declare function can(role: Role, action: Action): boolean;
+/** Thrown when an authenticated principal lacks the role for an action → HTTP 403. */
+declare class AuthorizationError extends Error {
+    readonly action: Action;
+    readonly role: Role;
+    constructor(action: Action, role: Role);
+}
+/** Throw {@link AuthorizationError} unless `principal` may perform `action`. */
+declare function authorize(principal: Principal, action: Action): void;
+/** Thrown when a principal references a tenant other than its own → HTTP 403. */
+declare class TenantMismatchError extends Error {
+    constructor();
+}
+/**
+ * The tenant a principal's reads are pinned to. Callers MUST use this rather than any
+ * caller-supplied tenant header/param, so a principal can never read another tenant by
+ * spoofing the request — isolation is structural, not advisory.
+ */
+declare function scopeReads(principal: Principal): string;
+/** Throw {@link TenantMismatchError} if `requestedTenant` differs from the principal's tenant. */
+declare function assertSameTenant(principal: Principal, requestedTenant: string): void;
+
+/**
+ * Identity resolution (4.5): turn a presented bearer token into a {@link Principal},
+ * or `undefined` (→ 401). Three modes, in precedence order:
+ *  1. **RBAC** — a populated SQLite {@link CredentialStore} is the source of truth; the
+ *     token is sha256-hashed and looked up (tokens are never stored or compared raw).
+ *  2. **Shared token** — a single configured token resolves to one implicit `admin`
+ *     (today's behavior; constant-time compare).
+ *  3. **Open/loopback dev** — no token configured → implicit `admin`, unless `required`.
+ *
+ * The hash-and-store design means a DB leak never exposes a usable credential, and the
+ * OIDC seam is just another {@link CredentialStore}/resolver behind this one function.
+ */
+
+/** Stable sha256 hex of a token — the only form ever persisted or compared in the store. */
+declare function hashToken(token: string): string;
+/** Minimal DB surface the SQLite credential store needs (CartographyDB satisfies it structurally). */
+interface CredentialDb {
+    countCredentials(): number;
+    findCredentialByHash(tokenHash: string): CredentialRecord | undefined;
+}
+/** {@link CredentialStore} backed by `CartographyDB`'s `auth_credentials` table. */
+declare class SqliteCredentialStore implements CredentialStore {
+    private readonly db;
+    constructor(db: CredentialDb);
+    count(): number;
+    findByHash(tokenHash: string): CredentialRecord | undefined;
+}
+interface ResolveOptions {
+    /** Populated → RBAC mode (source of truth). */
+    store?: CredentialStore;
+    /** Single shared token (one implicit admin) when no store credentials exist. */
+    sharedToken?: string;
+    /** Tenant assigned to implicit (shared/loopback) admin principals. */
+    defaultTenant?: string;
+    /** Reject unauthenticated requests even when neither store nor shared token is set. */
+    required?: boolean;
+}
+/**
+ * Resolve an already-parsed bearer token to a {@link Principal}, or `undefined` (→ 401).
+ * `presentedToken` is the value from `bearerToken(authorizationHeader)` (may be undefined).
+ */
+declare function resolvePrincipal(presentedToken: string | undefined, opts: ResolveOptions): Principal | undefined;
+
 /**
  * Shared entry logic for the read-only API server (4.2), used by both the dedicated
  * `cartography-api` binary and the `api` CLI sub-command. Mirrors `src/mcp/start.ts`:
@@ -2247,6 +2465,8 @@ interface StartApiOptions {
     graphql?: boolean;
     /** Default tenant served when a request names none. */
     tenant?: string;
+    /** Reject unauthenticated requests even on loopback (RBAC `required` mode). */
+    authRequired?: boolean;
     log?: (msg: string) => void;
 }
 interface ParsedApiArgs extends StartApiOptions {
@@ -3869,4 +4089,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ANOMALY_KINDS, ANOMALY_SEVERITIES, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, type ResolveContext, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assignColors, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, ROLES, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };