@datasynx/agentic-ai-cartography 2.5.0 → 2.7.0

package/dist/index.d.cts

@@ -982,6 +982,12 @@ interface NodeAttribution {
 
 /** Default tenant for single-user / pre-migration installs. */
 declare const DEFAULT_TENANT = "local";
+/**
+ * The current catalog schema version. A fresh DB initializes here and the migration
+ * chain advances to it; the collector readiness probe (4.7) asserts a reopened DB
+ * reports exactly this. Keep in lockstep with the final `user_version` set in `migrate()`.
+ */
+declare const SCHEMA_VERSION = 15;
 /**
  * Normalize an untrusted tenant id: strip invisible/control characters, trim,
  * cap length, and enforce a conservative key charset. Falls back to DEFAULT_TENANT
@@ -1352,6 +1358,12 @@ declare class CartographyDB {
      * Prune sessions older than the given ISO date string. Returns count of deleted sessions.
      */
     pruneSessions(olderThan: string): number;
+    /**
+     * Retention/compaction (4.7): delete audit events older than `olderThan` (ISO 8601).
+     * The audit trail grows unbounded on a busy collector; this bounds it without touching
+     * sessions/nodes/edges. Returns the number of events removed.
+     */
+    pruneEventsOlderThan(olderThan: string): number;
     /** Fetch a single node by id within a session. */
     getNode(sessionId: string, nodeId: string): NodeRow | undefined;
     /** Batch-fetch nodes by id, keyed for O(1) lookup. Chunked to stay under SQLite's bind-variable limit. */
@@ -1558,6 +1570,8 @@ interface QueryBackend {
     nodes(ctx: TenantContext, q: NodeQuery, sessionId?: string): NodesResult;
     /** One node by id (or `undefined` if absent). Throws {@link NotFoundError} if no session resolves. */
     node(ctx: TenantContext, id: string, sessionId?: string): NodeRow | undefined;
+    /** All edges of the resolved session (for full-topology consumers, e.g. the Backstage catalog). Throws {@link NotFoundError} if no session resolves. */
+    edges(ctx: TenantContext, sessionId?: string): EdgeRow[];
     /** Dependency traversal from a node. Throws {@link NotFoundError} if no session resolves. */
     dependencies(ctx: TenantContext, id: string, q: DependencyQuery, sessionId?: string): TraversalResult;
     /** Compare two sessions (both must belong to the tenant). Throws {@link NotFoundError} on an unknown/foreign id. */
@@ -1585,6 +1599,7 @@ declare class SqliteQueryBackend implements QueryBackend {
     summary(ctx: TenantContext, sessionId?: string): GraphSummary;
     nodes(ctx: TenantContext, q: NodeQuery, sessionId?: string): NodesResult;
     node(ctx: TenantContext, id: string, sessionId?: string): NodeRow | undefined;
+    edges(ctx: TenantContext, sessionId?: string): EdgeRow[];
     dependencies(ctx: TenantContext, id: string, q: DependencyQuery, sessionId?: string): TraversalResult;
     diff(ctx: TenantContext, base: string, current: string): TopologyDiff;
     sessions(ctx: TenantContext): SessionRow[];
@@ -1757,6 +1772,37 @@ interface IngestOptions {
  */
 declare function ingestEnvelope(store: StoreBackend, envelope: IngestEnvelope, opts?: IngestOptions): IngestResult;
 
+/**
+ * Ingest backpressure for the central collector (4.7).
+ *
+ * A pure, in-memory **per-org token-bucket** rate limiter. The networked `POST /ingest`
+ * write endpoint must protect the shared store from a runaway or hostile client; over-quota
+ * requests are refused with `429 + Retry-After` rather than admitted. Deterministic given an
+ * injected clock, so it is unit-testable without real time. In-process only (a multi-replica
+ * deployment would front it with a shared limiter; documented in the runbook).
+ */
+interface QuotaConfig {
+    /** Bucket capacity = max burst, and the number of tokens refilled over one `refillMs` window. */
+    capacity: number;
+    /** Milliseconds over which a fully-drained bucket refills to `capacity`. */
+    refillMs: number;
+}
+/** Sensible default: 120 ingests / minute / org (burst 120). */
+declare const DEFAULT_INGEST_QUOTA: QuotaConfig;
+interface QuotaDecision {
+    allowed: boolean;
+    /** Seconds to wait before retrying — populated only when `!allowed` (≥1). */
+    retryAfterSec: number;
+}
+declare class RateLimiter {
+    private readonly cfg;
+    private readonly now;
+    private readonly buckets;
+    constructor(cfg?: QuotaConfig, now?: () => number);
+    /** Consume one token for `key`. Returns whether the request is allowed (+ Retry-After when not). */
+    take(key: string): QuotaDecision;
+}
+
 /**
  * The central-collector ingest HTTP surface (2.12).
  *
@@ -1772,12 +1818,18 @@ declare function ingestEnvelope(store: StoreBackend, envelope: IngestEnvelope, o
  * handler ever runs, so the handler never sees (and never logs) the token.
  */
 
-/** A transport-agnostic HTTP-ish response: a status code and a JSON-serializable body. */
+/** A transport-agnostic HTTP-ish response: a status code, a JSON-serializable body, optional headers. */
 interface IngestResponse {
     status: number;
     body: unknown;
+    /** Extra response headers (e.g. `Retry-After` on a 429). */
+    headers?: Record<string, string>;
 }
 type IngestHandler = (body: unknown) => IngestResponse;
+interface IngestHandlerOptions extends IngestOptions {
+    /** Per-org ingest rate limiter (4.7 backpressure). Over-quota → 429 + Retry-After. */
+    quota?: RateLimiter;
+}
 /**
  * Build the `/ingest` handler over a {@link StoreBackend}. The handler validates the
  * 2.11 push envelope, runs ingest (re-validating anonymization first), and maps the
@@ -1786,7 +1838,7 @@ type IngestHandler = (body: unknown) => IngestResponse;
  *  - 500 — ingest threw (the store's per-node transaction rolls that node back).
  *  - 200 — {@link IngestResult}.
  */
-declare function createIngestHandler(store: StoreBackend, opts?: IngestOptions): IngestHandler;
+declare function createIngestHandler(store: StoreBackend, opts?: IngestHandlerOptions): IngestHandler;
 
 /**
  * Org-key lifecycle for the 2.10 anonymization layer.
@@ -2180,6 +2232,7 @@ interface HttpOptions {
     onIngest?: (body: unknown) => {
         status: number;
         body: unknown;
+        headers?: Record<string, string>;
     };
     /**
      * RBAC (4.5). When `store` holds credentials, the transport runs in RBAC mode: a
@@ -2194,6 +2247,14 @@ interface HttpOptions {
     };
     /** Tenant assigned to implicit (shared/loopback) admin principals. */
     defaultTenant?: string;
+    /**
+     * Readiness probe (4.7). When set, `GET /readyz` calls it: 200 when `ready`, else 503.
+     * `GET /healthz` (liveness) is always 200. Both are PUBLIC (no auth) for k8s/LB probes.
+     */
+    readiness?: () => {
+        ready: boolean;
+        detail?: Record<string, unknown>;
+    };
 }
 /**
  * Start a Streamable HTTP server. A fresh MCP server instance is created per
@@ -3970,6 +4031,42 @@ declare function sanitizeUntrusted(text: string): string;
 /** Recursively apply `sanitizeUntrusted` to every string in an arbitrary value. */
 declare function sanitizeValue(value: unknown): unknown;
 
+/**
+ * Backstage catalog entity mapping (4.6).
+ *
+ * A dependency-free, transport-agnostic mapper: `toBackstageEntities` turns the
+ * discovered topology into plain typed Backstage entity objects, and `entitiesToYaml`
+ * serializes them to the multi-doc `catalog-info.yaml` format. It NEVER imports
+ * `@backstage/*` — Backstage stays an optional adapter, never a core dependency
+ * (ROADMAP locked constraints). The legacy `exportBackstageYAML` is re-expressed over
+ * this mapper and stays byte-identical (snapshot-guarded). The same typed entities are
+ * served live over the API (`GET /v1/backstage/catalog`) so a Backstage instance can
+ * consume the topology as a continuously-refreshed data source.
+ */
+
+interface BackstageEntity {
+    apiVersion: 'backstage.io/v1alpha1';
+    kind: 'Component' | 'API' | 'Resource';
+    metadata: {
+        name: string;
+        annotations: Record<string, string>;
+    };
+    spec: {
+        type: string;
+        lifecycle: string;
+        owner: string;
+        dependsOn?: string[];
+    };
+}
+interface BackstageMapOptions {
+    /** Default owner when a node carries none (the org/tenant). */
+    org?: string;
+}
+/** Map discovered nodes/edges to typed Backstage catalog entities. Pure, deterministic. */
+declare function toBackstageEntities(nodes: NodeRow[], edges: EdgeRow[], opts?: BackstageMapOptions): BackstageEntity[];
+/** Serialize entities to the multi-doc `catalog-info.yaml` string (byte-identical to the legacy exporter). */
+declare function entitiesToYaml(entities: BackstageEntity[]): string;
+
 /**
  * Hex Grid Engine — flat-top axial coordinate system.
  * Reference: https://www.redblobgames.com/grids/hexagons/
@@ -4089,4 +4186,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, ROLES, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BackstageEntity, type BackstageMapOptions, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_INGEST_QUOTA, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestHandlerOptions, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, type QuotaConfig, type QuotaDecision, RELATION_TO_DIRECTION, ROLES, RateLimiter, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SCHEMA_VERSION, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, entitiesToYaml, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, toBackstageEntities, validateScanner, vscodeDeeplink, zodToJsonSchema };

package/dist/index.d.ts

@@ -982,6 +982,12 @@ interface NodeAttribution {
 
 /** Default tenant for single-user / pre-migration installs. */
 declare const DEFAULT_TENANT = "local";
+/**
+ * The current catalog schema version. A fresh DB initializes here and the migration
+ * chain advances to it; the collector readiness probe (4.7) asserts a reopened DB
+ * reports exactly this. Keep in lockstep with the final `user_version` set in `migrate()`.
+ */
+declare const SCHEMA_VERSION = 15;
 /**
  * Normalize an untrusted tenant id: strip invisible/control characters, trim,
  * cap length, and enforce a conservative key charset. Falls back to DEFAULT_TENANT
@@ -1352,6 +1358,12 @@ declare class CartographyDB {
      * Prune sessions older than the given ISO date string. Returns count of deleted sessions.
      */
     pruneSessions(olderThan: string): number;
+    /**
+     * Retention/compaction (4.7): delete audit events older than `olderThan` (ISO 8601).
+     * The audit trail grows unbounded on a busy collector; this bounds it without touching
+     * sessions/nodes/edges. Returns the number of events removed.
+     */
+    pruneEventsOlderThan(olderThan: string): number;
     /** Fetch a single node by id within a session. */
     getNode(sessionId: string, nodeId: string): NodeRow | undefined;
     /** Batch-fetch nodes by id, keyed for O(1) lookup. Chunked to stay under SQLite's bind-variable limit. */
@@ -1558,6 +1570,8 @@ interface QueryBackend {
     nodes(ctx: TenantContext, q: NodeQuery, sessionId?: string): NodesResult;
     /** One node by id (or `undefined` if absent). Throws {@link NotFoundError} if no session resolves. */
     node(ctx: TenantContext, id: string, sessionId?: string): NodeRow | undefined;
+    /** All edges of the resolved session (for full-topology consumers, e.g. the Backstage catalog). Throws {@link NotFoundError} if no session resolves. */
+    edges(ctx: TenantContext, sessionId?: string): EdgeRow[];
     /** Dependency traversal from a node. Throws {@link NotFoundError} if no session resolves. */
     dependencies(ctx: TenantContext, id: string, q: DependencyQuery, sessionId?: string): TraversalResult;
     /** Compare two sessions (both must belong to the tenant). Throws {@link NotFoundError} on an unknown/foreign id. */
@@ -1585,6 +1599,7 @@ declare class SqliteQueryBackend implements QueryBackend {
     summary(ctx: TenantContext, sessionId?: string): GraphSummary;
     nodes(ctx: TenantContext, q: NodeQuery, sessionId?: string): NodesResult;
     node(ctx: TenantContext, id: string, sessionId?: string): NodeRow | undefined;
+    edges(ctx: TenantContext, sessionId?: string): EdgeRow[];
     dependencies(ctx: TenantContext, id: string, q: DependencyQuery, sessionId?: string): TraversalResult;
     diff(ctx: TenantContext, base: string, current: string): TopologyDiff;
     sessions(ctx: TenantContext): SessionRow[];
@@ -1757,6 +1772,37 @@ interface IngestOptions {
  */
 declare function ingestEnvelope(store: StoreBackend, envelope: IngestEnvelope, opts?: IngestOptions): IngestResult;
 
+/**
+ * Ingest backpressure for the central collector (4.7).
+ *
+ * A pure, in-memory **per-org token-bucket** rate limiter. The networked `POST /ingest`
+ * write endpoint must protect the shared store from a runaway or hostile client; over-quota
+ * requests are refused with `429 + Retry-After` rather than admitted. Deterministic given an
+ * injected clock, so it is unit-testable without real time. In-process only (a multi-replica
+ * deployment would front it with a shared limiter; documented in the runbook).
+ */
+interface QuotaConfig {
+    /** Bucket capacity = max burst, and the number of tokens refilled over one `refillMs` window. */
+    capacity: number;
+    /** Milliseconds over which a fully-drained bucket refills to `capacity`. */
+    refillMs: number;
+}
+/** Sensible default: 120 ingests / minute / org (burst 120). */
+declare const DEFAULT_INGEST_QUOTA: QuotaConfig;
+interface QuotaDecision {
+    allowed: boolean;
+    /** Seconds to wait before retrying — populated only when `!allowed` (≥1). */
+    retryAfterSec: number;
+}
+declare class RateLimiter {
+    private readonly cfg;
+    private readonly now;
+    private readonly buckets;
+    constructor(cfg?: QuotaConfig, now?: () => number);
+    /** Consume one token for `key`. Returns whether the request is allowed (+ Retry-After when not). */
+    take(key: string): QuotaDecision;
+}
+
 /**
  * The central-collector ingest HTTP surface (2.12).
  *
@@ -1772,12 +1818,18 @@ declare function ingestEnvelope(store: StoreBackend, envelope: IngestEnvelope, o
  * handler ever runs, so the handler never sees (and never logs) the token.
  */
 
-/** A transport-agnostic HTTP-ish response: a status code and a JSON-serializable body. */
+/** A transport-agnostic HTTP-ish response: a status code, a JSON-serializable body, optional headers. */
 interface IngestResponse {
     status: number;
     body: unknown;
+    /** Extra response headers (e.g. `Retry-After` on a 429). */
+    headers?: Record<string, string>;
 }
 type IngestHandler = (body: unknown) => IngestResponse;
+interface IngestHandlerOptions extends IngestOptions {
+    /** Per-org ingest rate limiter (4.7 backpressure). Over-quota → 429 + Retry-After. */
+    quota?: RateLimiter;
+}
 /**
  * Build the `/ingest` handler over a {@link StoreBackend}. The handler validates the
  * 2.11 push envelope, runs ingest (re-validating anonymization first), and maps the
@@ -1786,7 +1838,7 @@ type IngestHandler = (body: unknown) => IngestResponse;
  *  - 500 — ingest threw (the store's per-node transaction rolls that node back).
  *  - 200 — {@link IngestResult}.
  */
-declare function createIngestHandler(store: StoreBackend, opts?: IngestOptions): IngestHandler;
+declare function createIngestHandler(store: StoreBackend, opts?: IngestHandlerOptions): IngestHandler;
 
 /**
  * Org-key lifecycle for the 2.10 anonymization layer.
@@ -2180,6 +2232,7 @@ interface HttpOptions {
     onIngest?: (body: unknown) => {
         status: number;
         body: unknown;
+        headers?: Record<string, string>;
     };
     /**
      * RBAC (4.5). When `store` holds credentials, the transport runs in RBAC mode: a
@@ -2194,6 +2247,14 @@ interface HttpOptions {
     };
     /** Tenant assigned to implicit (shared/loopback) admin principals. */
     defaultTenant?: string;
+    /**
+     * Readiness probe (4.7). When set, `GET /readyz` calls it: 200 when `ready`, else 503.
+     * `GET /healthz` (liveness) is always 200. Both are PUBLIC (no auth) for k8s/LB probes.
+     */
+    readiness?: () => {
+        ready: boolean;
+        detail?: Record<string, unknown>;
+    };
 }
 /**
  * Start a Streamable HTTP server. A fresh MCP server instance is created per
@@ -3970,6 +4031,42 @@ declare function sanitizeUntrusted(text: string): string;
 /** Recursively apply `sanitizeUntrusted` to every string in an arbitrary value. */
 declare function sanitizeValue(value: unknown): unknown;
 
+/**
+ * Backstage catalog entity mapping (4.6).
+ *
+ * A dependency-free, transport-agnostic mapper: `toBackstageEntities` turns the
+ * discovered topology into plain typed Backstage entity objects, and `entitiesToYaml`
+ * serializes them to the multi-doc `catalog-info.yaml` format. It NEVER imports
+ * `@backstage/*` — Backstage stays an optional adapter, never a core dependency
+ * (ROADMAP locked constraints). The legacy `exportBackstageYAML` is re-expressed over
+ * this mapper and stays byte-identical (snapshot-guarded). The same typed entities are
+ * served live over the API (`GET /v1/backstage/catalog`) so a Backstage instance can
+ * consume the topology as a continuously-refreshed data source.
+ */
+
+interface BackstageEntity {
+    apiVersion: 'backstage.io/v1alpha1';
+    kind: 'Component' | 'API' | 'Resource';
+    metadata: {
+        name: string;
+        annotations: Record<string, string>;
+    };
+    spec: {
+        type: string;
+        lifecycle: string;
+        owner: string;
+        dependsOn?: string[];
+    };
+}
+interface BackstageMapOptions {
+    /** Default owner when a node carries none (the org/tenant). */
+    org?: string;
+}
+/** Map discovered nodes/edges to typed Backstage catalog entities. Pure, deterministic. */
+declare function toBackstageEntities(nodes: NodeRow[], edges: EdgeRow[], opts?: BackstageMapOptions): BackstageEntity[];
+/** Serialize entities to the multi-doc `catalog-info.yaml` string (byte-identical to the legacy exporter). */
+declare function entitiesToYaml(entities: BackstageEntity[]): string;
+
 /**
  * Hex Grid Engine — flat-top axial coordinate system.
  * Reference: https://www.redblobgames.com/grids/hexagons/
@@ -4089,4 +4186,4 @@ declare function logInfo(message: string, context?: Record<string, unknown>): vo
 declare function logWarn(message: string, context?: Record<string, unknown>): void;
 declare function logError(message: string, context?: Record<string, unknown>): void;
 
-export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, RELATION_TO_DIRECTION, ROLES, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, validateScanner, vscodeDeeplink, zodToJsonSchema };
+export { ACTIONS, ANOMALY_KINDS, ANOMALY_SEVERITIES, type Action, ActionSchema, type AgentProvider, type AgentRunContext, type AgentTool, type Anomaly, type AnomalyConfig, type AnomalyKind, type AnomalySeverity, type AnomalyThresholds, type AnonViolation, type AnonymizationLevel, type ApiServerOptions, type AskUserFn, type AuthConfig, AuthConfigSchema, AuthorizationError, type BackstageEntity, type BackstageMapOptions, type BindGuardOptions, CLIENTS, CONFIDENCE, COST_PERIODS, type CartographyConfig, CartographyDB, type CartographyMapData, type CentralDbConfig, CentralDbConfigSchema, type ClassifiedItem, type ClassifyInput, type ClassifyResult, type ClientSpec, type Cluster, ClusterSchema, type ComplianceInput, type ComplianceReport, ComplianceReportSchema, type ComplianceRule, ComplianceRuleSchema, type Condition, ConditionSchema, ConfigError, type ConfigFile, ConfigFileSchema, type ConfigFormat, type Connection, ConnectionSchema, type Contributor, type ControlResult, ControlResultSchema, type CostEntry, CostEntrySchema, type CostPeriod, type CostRecord, type CostSource, type CreateMcpServerOptions, type CredentialConfig, CredentialConfigSchema, type CredentialDb, type CredentialRecord, type CredentialStore, type CronFields, CsvCostSource, type CsvCostSourceOptions, DEFAULT_ANOMALY_THRESHOLDS, DEFAULT_FAST_MODEL, DEFAULT_INGEST_QUOTA, DEFAULT_LEAD_MODEL, DEFAULT_SERVER_NAME, DEFAULT_TENANT, DOMAIN_COLORS, DOMAIN_PALETTE, DRIFT_FIELDS, type DataAsset, DataAssetSchema, type DependencyQuery, type DiscoveryEdge, type DiscoveryEvent, type DiscoveryFn, type DiscoveryNode, type DriftAlert, type DriftAlertItem, type DriftConfig, DriftConfigSchema, type DriftField, type DriftItemKind, type DriftRunRow, type DriftSink, type DriftSinkConfig, EDGE_RELATIONSHIPS, type EdgeRelationship, type EdgeRow, EdgeSchema, type EmbeddingProvider, type EnrichResult, type EntryOptions, type EstablishedConn, type EvidenceKind, type FetchLike, type FragmentKind, type GraphSummary, type HealthResult, type HttpOptions, INGEST_SCHEMA_VERSION, type IngestEnvelope, IngestEnvelopeSchema, type IngestHandler, type IngestHandlerOptions, type IngestOptions, type IngestResponse, type IngestResult, type InstallPlan, InvalidTenantError, type JiraIssue, type JiraOptions, JiraSink, type JiraSinkOptions, LOOPBACK_HOSTS, type LocalDiscoveryOptions, type LocalDiscoveryResult, type LogEntry, type LogLevel, MCP_BIN, type MatchStrategy, NODE_TYPES, NODE_TYPE_GROUPS, type NlIntent, type NlQueryOptions, type NlQueryResult, type NlRelation, type NodeAttribution, type NodeChange, type NodeIdentity, type NodeQuery, type NodeRow, NodeSchema, type NodeType, type NodesResult, NotFoundError, OUTPUT_FORMATS, type OrgKeyOptions, type OrgSummary, type OsKind, type OutputFormat, PACKAGE_NAME, PAGERDUTY_ENQUEUE_URL, PENDING_STATUSES, PERSONAL, PORT_MAP, PRIVATE_IP, PUSH_SCHEMA_VERSION, type PagerDutyEvent, PagerDutySink, type PagerDutySinkOptions, type ParsedApiArgs, type PendingShareRow, type PendingStatus, type PlanOptions, type PolicyResult, type PostJsonOptions, type Principal, PrincipalSchema, type ProviderFactory, type ProviderName, ProviderRegistry, type PushItem, type PushOptions, type PushResult, type QueryBackend, type QuotaConfig, type QuotaDecision, RELATION_TO_DIRECTION, ROLES, RateLimiter, type ResolveContext, type ResolveOptions, type Role, RoleSchema, type RuleCheck, RuleCheckSchema, type RuleScope, type Ruleset, RulesetSchema, type RunDriftOptions, SCAN_ARG_PATTERNS, SCHEMA_VERSION, SDL, SECURITY_METADATA_KEYS, SEVERITIES, SEVERITY_WEIGHT, SHARING_LEVELS, type ScanArgKind, type ScanContext, type ScanHintParams, type ScanResult, type Scanner, type ScannerPlugin, type ScannerPluginApi, ScannerRegistry, ScannerShape, type ScheduleConfig, ScheduleConfigSchema, type ScheduledRunResult, type Scope, type SearchFn, type SemanticSearchOptions, type ServerEntry, type SessionRow, type Severity, type SharePreview, type SharePreviewEntry, type SharingLevel, SharingLevelSchema, type SharingPolicy, type ShellKind, type SlackMessage, SlackSink, SqliteCredentialStore, SqliteQueryBackend, SqliteStoreBackend, type StartApiOptions, StdoutSink, type StoreBackend, type SyncClassifyOptions, type SyncClassifyResult, TENANT_HEADER, type TenantContext, TenantMismatchError, type TenantOptions, type ToolResult, type TopologyDelta, type TopologyDiff, type TopologyInput, type TraversalResult, VectorStore, WebhookSink, type WebhookSinkOptions, applyInstall, applySharingLevel, assertReadOnly, assertSafeBind, assertSafeScanArg, assertSameTenant, assignColors, authorize, bearerToken, bookmarksScanner, buildCartographyToolHandlers, buildMapData, buildOpenApiDocument, buildReport, buildSinks, can, centralDbFromEnv, checkBearer, checkPrerequisites, checkReadOnly, clampText, classify, classifyDrift, cleanupTempFiles, cloudAwsScanner, cloudAzureScanner, cloudGcpScanner, codeAddMcpCommand, computeCentroid, computeClusterBounds, computeIdentity, connectionsScanner, contentHash, createBashTool, createCartographyTools, createClaudeProvider, createDefaultRegistry, createHashEmbedder, createIngestHandler, createLocalEmbedder, createMcpServer, createOllamaProvider, createOpenAIProvider, createScanRunner, createSemanticSearch, createSqliteQueryBackend, currentOs, cursorDeeplink, databasesScanner, deepMerge, defaultAllowedHosts, defaultConfig, defaultContext, defaultProviderRegistry, defaultRegistry, defaultServerEntry, definePlugin, deriveSessionName, detectAnomalies, detectOrphans, detectShadowIt, diffTopology, edgesToConnections, enrichCosts, entitiesToYaml, evaluateCheck, evaluateRule, evidenceLine, executeGraphql, executeNlQuery, exportAll, exportBackstageYAML, exportComplianceReport, exportCostCSV, exportCostSummary, exportDiscoveryApp, exportJGF, exportJSON, extractListeningPorts, filterBySeverity, findAnonViolations, formatComplianceText, formatJira, formatPagerDuty, formatSlack, generateDependencyMermaid, generateDiffMermaid, generateTopologyMermaid, getClient, getRuleset, globalId, groupByDomain, handleGraphqlGet, hashToken, hexCorners, hexDistance, hexNeighbors, hexRing, hexSpiral, hexToPixel, hmacKey, hostname, ingestEnvelope, installedAppsScanner, isLoopbackHost, isPersonalHost, isReadOnlyCommand, isRemembered, isSecureWebhookUrl, k8sScanner, keyMetaOf, layoutClusters, listClients, listRulesets, loadConfig, loadOrgKey, loadPlugins, loadRuleset, localDiscoveryFn, log, logDebug, logError, logInfo, logWarn, machineId, maxSeverity, mcpServerObject, newAnomalies, nextRun, nodesToAssets, normalizeId, normalizeTenant, orgKeyPath, osUser, parseApiArgs, parseComposeDeps, parseConfig, parseConnectionString, parseCostCsv, parseCron, parseEstablished, parseNginxUpstreams, parseNlQuery, parseScanHint, pixelToHex, planInstall, portsScanner, postJson, previewShare, pseudonymize, pseudonymizeFragment, pseudonymizeString, pushDeltas, readConfigFile, redactConnectionString, redactSecrets, redactValue, renderDiff, resolveEffectiveLevel, resolveNlQuery, resolvePrincipal, resolveSharingLevel, resolveTenant, revalidateAnonymized, reversalKey, reversePseudonym, rotateOrgKey, runApi, runDiscovery, runDrift, runHttp, runLocalDiscovery, runOnce, runStdio, runSyncClassify, safeEnv, safeJson, safetyHook, sanitizeUntrusted, sanitizeValue, scopeReads, scoreTopology, securityRelevantChange, serializeConfig, serviceConfigScanner, setVerbose, shadeVariant, shapeToJsonSchema, shareHash, splitSegments, stableStringify, startApi, stripSensitive, timingSafeEqual, toBackstageEntities, validateScanner, vscodeDeeplink, zodToJsonSchema };