npm - @datasynx/agentic-ai-cartography - Versions diffs - 2.8.0 → 2.10.0 - Mend

@datasynx/agentic-ai-cartography 2.8.0 → 2.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/api-bin.js +1 -1
package/dist/{chunk-5D5ZZEZM.js → chunk-ASCA3UFM.js} +148 -2
package/dist/chunk-ASCA3UFM.js.map +1 -0
package/dist/{chunk-TBPGFEMQ.js → chunk-W4Q3TXHR.js} +162 -2
package/dist/chunk-W4Q3TXHR.js.map +1 -0
package/dist/cli.js +4 -3
package/dist/cli.js.map +1 -1
package/dist/index.cjs +316 -2
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +105 -1
package/dist/index.d.ts +105 -1
package/dist/index.js +312 -2
package/dist/index.js.map +1 -1
package/dist/mcp-bin.js +1 -1
package/llms-full.txt +1 -0
package/package.json +1 -1
package/server.json +2 -2
package/dist/chunk-5D5ZZEZM.js.map +0 -1
package/dist/chunk-TBPGFEMQ.js.map +0 -1

package/dist/index.cjs CHANGED Viewed

@@ -36,6 +36,7 @@ __export(src_exports, {
   AuthorizationError: () => AuthorizationError,
   CLIENTS: () => CLIENTS,
   CONFIDENCE: () => CONFIDENCE,
+  CORRELATION_CONFIDENCE: () => CORRELATION_CONFIDENCE,
   CartographyDB: () => CartographyDB,
   ComplianceReportSchema: () => ComplianceReportSchema,
   ComplianceRuleSchema: () => ComplianceRuleSchema,
@@ -122,6 +123,7 @@ __export(src_exports, {
   computeIdentity: () => computeIdentity,
   connectionsScanner: () => connectionsScanner,
   contentHash: () => contentHash,
+  correlateTopology: () => correlateTopology,
   createBashTool: () => createBashTool,
   createCartographyTools: () => createCartographyTools,
   createClaudeProvider: () => createClaudeProvider,
@@ -137,6 +139,7 @@ __export(src_exports, {
   createSqliteQueryBackend: () => createSqliteQueryBackend,
   currentOs: () => currentOs,
   cursorDeeplink: () => cursorDeeplink,
+  dashboardHtml: () => dashboardHtml,
   databasesScanner: () => databasesScanner,
   deepMerge: () => deepMerge,
   defaultAllowedHosts: () => defaultAllowedHosts,
@@ -168,6 +171,7 @@ __export(src_exports, {
   exportJGF: () => exportJGF,
   exportJSON: () => exportJSON,
   extractListeningPorts: () => extractListeningPorts,
+  extractSignals: () => extractSignals,
   filterBySeverity: () => filterBySeverity,
   findAnonViolations: () => findAnonViolations,
   formatComplianceText: () => formatComplianceText,
@@ -6133,9 +6137,146 @@ async function resolveNlQuery(db, sessionId, search, raw, opts) {
   return executeNlQuery(db, sessionId, search, parseNlQuery(raw), opts);
 }
+// src/correlation/signals.ts
+var IPV4 = /\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b/g;
+var DNS = /\b(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.){1,8}[a-z]{2,24}\b/gi;
+var ENDPOINT = /\b((?:[a-z0-9][a-z0-9.-]{0,253})):(\d{1,5})\b/gi;
+function isPrivateIp(ip) {
+  return /^(?:10\.|127\.|169\.254\.|192\.168\.|172\.(?:1[6-9]|2\d|3[01])\.)/.test(ip);
+}
+function sources(node) {
+  const out = [node.id, node.name];
+  const meta = node.metadata;
+  if (meta) {
+    for (const k of ["host", "hostname", "ip", "address", "dns", "dnsName", "endpoint", "fqdn", "publicIp", "privateIp", "url"]) {
+      const v = meta[k];
+      if (typeof v === "string") out.push(v);
+    }
+  }
+  return out;
+}
+var KNOWN_PROVIDERS = /* @__PURE__ */ new Set(["aws", "gcp", "azure", "k8s", "kubernetes", "localhost", "docker"]);
+function parseProvider(id) {
+  const seg = id.split(":");
+  if (seg.length >= 3 && KNOWN_PROVIDERS.has(seg[1])) return seg[1];
+  return void 0;
+}
+function extractSignals(node) {
+  const text = sources(node).join(" \n ");
+  const publicIps = /* @__PURE__ */ new Set();
+  const privateIps = /* @__PURE__ */ new Set();
+  const dnsNames = /* @__PURE__ */ new Set();
+  const endpoints = /* @__PURE__ */ new Set();
+  for (const m of text.matchAll(IPV4)) (isPrivateIp(m[0]) ? privateIps : publicIps).add(m[0]);
+  for (const m of text.matchAll(DNS)) dnsNames.add(m[0].toLowerCase());
+  for (const m of text.matchAll(ENDPOINT)) endpoints.add(`${m[1].toLowerCase()}:${m[2]}`);
+  const provider = parseProvider(node.id);
+  const sortUniq = (s) => [...s].sort();
+  return {
+    ...provider ? { provider } : {},
+    endpoints: sortUniq(endpoints),
+    publicIps: sortUniq(publicIps),
+    privateIps: sortUniq(privateIps),
+    // The DNS regex requires an alphabetic TLD, so pure IPv4s never land here.
+    dnsNames: sortUniq(dnsNames)
+  };
+}
+// src/correlation/correlate.ts
+var CORRELATION_CONFIDENCE = {
+  "global-identity": 1,
+  "dns-name": 0.95,
+  "public-ip": 0.9,
+  "endpoint": 0.85,
+  "private-ip": 0.5
+};
+var MERGE_THRESHOLD = 0.85;
+var DSU = class {
+  parent;
+  constructor(n) {
+    this.parent = Array.from({ length: n }, (_, i) => i);
+  }
+  find(x) {
+    while (this.parent[x] !== x) {
+      this.parent[x] = this.parent[this.parent[x]];
+      x = this.parent[x];
+    }
+    return x;
+  }
+  union(a, b) {
+    const ra = this.find(a), rb = this.find(b);
+    if (ra !== rb) this.parent[Math.max(ra, rb)] = Math.min(ra, rb);
+  }
+};
+function correlateTopology(nodes, _edges = []) {
+  const n = nodes.length;
+  const signals = nodes.map(extractSignals);
+  const dsu = new DSU(n);
+  const correlations = [];
+  const merged = /* @__PURE__ */ new Set();
+  const buckets = /* @__PURE__ */ new Map();
+  const add = (sig, val, i) => {
+    const k = `${sig}|${val}`;
+    const arr = buckets.get(k);
+    if (arr) arr.push(i);
+    else buckets.set(k, [i]);
+  };
+  nodes.forEach((node, i) => {
+    if (node.globalId) add("global-identity", node.globalId, i);
+    for (const d of signals[i].dnsNames) add("dns-name", d, i);
+    for (const ip of signals[i].publicIps) add("public-ip", ip, i);
+    for (const e of signals[i].endpoints) add("endpoint", e, i);
+  });
+  const order = ["global-identity", "dns-name", "public-ip", "endpoint"];
+  for (const sig of order) {
+    const conf = CORRELATION_CONFIDENCE[sig];
+    const keys = [...buckets.keys()].filter((k) => k.startsWith(`${sig}|`)).sort();
+    for (const key of keys) {
+      const members = buckets.get(key).slice().sort((x, y) => nodes[x].id.localeCompare(nodes[y].id));
+      const value = key.slice(sig.length + 1);
+      for (let j = 1; j < members.length; j++) {
+        const a = members[0], b = members[j];
+        if (conf < MERGE_THRESHOLD) continue;
+        dsu.union(a, b);
+        merged.add(a);
+        merged.add(b);
+        const [s, t] = [nodes[a].id, nodes[b].id].sort();
+        correlations.push({ sourceId: s, targetId: t, relationship: "same_as", signal: sig, confidence: conf, evidence: `[${sig}] shared ${value}` });
+      }
+    }
+  }
+  const clusters = /* @__PURE__ */ new Map();
+  for (let i = 0; i < n; i++) {
+    const r = dsu.find(i);
+    const arr = clusters.get(r);
+    if (arr) arr.push(i);
+    else clusters.set(r, [i]);
+  }
+  const canonical = [];
+  let crossCloud = 0;
+  for (const idxs of clusters.values()) {
+    const memberNodes = idxs.map((i) => nodes[i]);
+    const members = memberNodes.map((m) => m.id).sort();
+    const providers = [...new Set(idxs.map((i) => signals[i].provider).filter((p) => !!p))].sort();
+    const rep = memberNodes.reduce((a, b) => a.id < b.id ? a : b);
+    const memberIds = new Set(members);
+    const internal = correlations.filter((c) => memberIds.has(c.sourceId) && memberIds.has(c.targetId));
+    const confidence = internal.length ? Math.min(...internal.map((c) => c.confidence)) : 1;
+    if (providers.length > 1) crossCloud += 1;
+    canonical.push({ id: rep.id, type: rep.type, name: rep.name, members, providers, confidence });
+  }
+  canonical.sort((a, b) => a.id.localeCompare(b.id));
+  correlations.sort((a, b) => b.confidence - a.confidence || a.sourceId.localeCompare(b.sourceId) || a.targetId.localeCompare(b.targetId));
+  return {
+    canonical,
+    correlations,
+    summary: { rawNodes: n, canonicalNodes: canonical.length, collapsed: n - canonical.length, crossCloud }
+  };
+}
 // src/mcp/server.ts
 var SERVER_NAME = "cartography";
-var SERVER_VERSION = "2.8.0";
+var SERVER_VERSION = "2.10.0";
 var SERVICE_TYPES = NODE_TYPE_GROUPS.web;
 var DATA_TYPES = NODE_TYPE_GROUPS.data;
 var lexicalSearch = async (db, sessionId, query, opts) => db.searchNodes(sessionId, query, { types: opts.types, limit: opts.limit }).map((node) => ({ node }));
@@ -6295,6 +6436,15 @@ function createMcpServer(opts = {}) {
       return json(db.getGraphSummary(sid));
     }
   );
+  server.registerTool(
+    "correlate_topology",
+    { title: "Correlate multi-cloud topology", description: "Collapse the same logical resource discovered across clouds/on-prem (by global identity or a shared DNS name / public IP / endpoint) into canonical entities with confidence-scored same_as links. Read-only, non-destructive (5.1).", inputSchema: {}, annotations: readOnly },
+    () => {
+      const sid = resolveSession();
+      if (!sid) return json({ error: "No discovery session found." });
+      return json(correlateTopology(db.getNodes(sid), db.getEdges(sid)));
+    }
+  );
   server.registerTool(
     "get_cost_summary",
     { title: "Get cost summary", description: "FinOps rollup: cost by domain and owner, currency/period-bucketed (3.3).", inputSchema: {}, annotations: readOnly },
@@ -8520,6 +8670,156 @@ function handleGraphqlGet() {
   return { status: 200, body: SDL };
 }
+// src/web/dashboard.ts
+var STYLE = `
+*{box-sizing:border-box;margin:0;padding:0}
+:root{--bg:#0f1419;--panel:#161b22;--line:#2d333b;--fg:#e6edf3;--dim:#8b949e;--accent:#3b82f6;--ok:#3fb950;--warn:#d29922;--crit:#f85149}
+body{font:13px/1.5 ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto,sans-serif;background:var(--bg);color:var(--fg);height:100vh;display:flex;flex-direction:column;overflow:hidden}
+header{display:flex;align-items:center;gap:12px;padding:8px 14px;border-bottom:1px solid var(--line);background:var(--panel)}
+header h1{font-size:15px;font-weight:600;letter-spacing:.3px}
+header .ver{color:var(--dim);font-size:11px}
+header .spacer{flex:1}
+header input{background:var(--bg);border:1px solid var(--line);color:var(--fg);border-radius:6px;padding:5px 8px;font-size:12px;width:200px}
+header input:focus{outline:none;border-color:var(--accent)}
+header button{background:var(--accent);border:none;color:#fff;border-radius:6px;padding:6px 12px;font-size:12px;cursor:pointer}
+main{flex:1;display:grid;grid-template-columns:300px 1fr 320px;overflow:hidden}
+.col{overflow:auto;padding:12px;border-right:1px solid var(--line)}
+.col:last-child{border-right:none;border-left:1px solid var(--line)}
+.card{background:var(--panel);border:1px solid var(--line);border-radius:8px;padding:10px 12px;margin-bottom:10px}
+.card h2{font-size:11px;text-transform:uppercase;letter-spacing:.6px;color:var(--dim);margin-bottom:8px}
+.stat{display:flex;justify-content:space-between;padding:2px 0}
+.stat b{font-variant-numeric:tabular-nums}
+.bar{height:4px;border-radius:2px;background:var(--accent);margin-top:2px}
+#search{width:100%;background:var(--bg);border:1px solid var(--line);color:var(--fg);border-radius:6px;padding:6px 8px;margin-bottom:8px}
+.node-item{padding:6px 8px;border-radius:6px;cursor:pointer;border:1px solid transparent}
+.node-item:hover{background:var(--panel)}
+.node-item.sel{background:var(--panel);border-color:var(--accent)}
+.node-item .t{color:var(--dim);font-size:11px}
+#center{position:relative;padding:0}
+#graph{display:block;width:100%;height:100%;background:radial-gradient(circle at 50% 40%,#11161d,#0d1117)}
+#empty{position:absolute;inset:0;display:flex;align-items:center;justify-content:center;color:var(--dim);text-align:center;padding:20px}
+.kv{display:flex;justify-content:space-between;gap:8px;padding:3px 0;border-bottom:1px solid var(--line)}
+.kv span:first-child{color:var(--dim)}
+.kv span:last-child{text-align:right;word-break:break-all}
+.chip{display:inline-block;background:var(--bg);border:1px solid var(--line);border-radius:10px;padding:1px 8px;font-size:11px;margin:2px 2px 0 0}
+.sev-high,.sev-critical{color:var(--crit)} .sev-medium,.sev-warning{color:var(--warn)} .sev-low,.sev-info{color:var(--dim)}
+#toast{position:fixed;bottom:14px;left:50%;transform:translateX(-50%);background:var(--crit);color:#fff;padding:8px 14px;border-radius:6px;font-size:12px;opacity:0;transition:opacity .2s;pointer-events:none}
+#toast.show{opacity:1}
+`;
+var SCRIPT = String.raw`
+const $=(s)=>document.querySelector(s), api=(p)=>{
+  const h={accept:'application/json'};
+  const t=sessionStorage.getItem('cartograph_token'); if(t) h.authorization='Bearer '+t;
+  const tn=sessionStorage.getItem('cartograph_tenant'); if(tn) h['x-cartograph-tenant']=tn;
+  return fetch(p,{headers:h}).then(async r=>{ if(!r.ok){ const e=new Error('http '+r.status); e.status=r.status; throw e; } return r.json(); });
+};
+function toast(m){ const t=$('#toast'); t.textContent=m; t.classList.add('show'); setTimeout(()=>t.classList.remove('show'),2600); }
+let NODES=[], SELECTED=null;
+async function boot(){
+  try{
+    const s=await api('/v1/summary'); renderSummary(s);
+    const n=await api('/v1/nodes?limit=1000'); NODES=n.nodes; renderList(NODES);
+  }catch(e){
+    if(e.status===401){ toast('Unauthorized — enter a bearer token and Reload.'); }
+    else if(e.status===404){ const em=$('#empty'); em.textContent='No discovery session yet. Run a scan, then Reload.'; em.style.display='flex'; }
+    else toast('Failed to load: '+e.message);
+  }
+}
+function renderSummary(s){
+  const max=Math.max(1,...Object.values(s.nodesByType));
+  const types=Object.entries(s.nodesByType).sort((a,b)=>b[1]-a[1]).slice(0,12)
+    .map(([k,v])=>'<div class="stat"><span>'+esc(k)+'</span><b>'+v+'</b></div><div class="bar" style="width:'+(v/max*100)+'%"></div>').join('');
+  const anom=(s.anomalies||[]).slice(0,12).map(a=>'<div class="stat"><span class="sev-'+a.severity+'">'+esc(a.kind)+'</span><span class="t">'+esc(a.nodeId)+'</span></div>').join('') || '<div class="t">none</div>';
+  $('#summary').innerHTML=
+    '<div class="card"><h2>Totals</h2><div class="stat"><span>Nodes</span><b>'+s.totals.nodes+'</b></div><div class="stat"><span>Edges</span><b>'+s.totals.edges+'</b></div>'+(s.contributors!=null?'<div class="stat"><span>Contributors</span><b>'+s.contributors+'</b></div>':'')+'</div>'+
+    '<div class="card"><h2>Nodes by type</h2>'+types+'</div>'+
+    '<div class="card"><h2>Anomalies</h2>'+anom+'</div>';
+}
+function renderList(nodes){
+  $('#list').innerHTML=nodes.map(n=>'<div class="node-item" data-id="'+esc(n.id)+'"><div>'+esc(n.name)+'</div><div class="t">'+esc(n.type)+'</div></div>').join('')||'<div class="t">no nodes</div>';
+  $('#list').querySelectorAll('.node-item').forEach(el=>el.onclick=()=>select(el.dataset.id));
+}
+function esc(s){ return String(s==null?'':s).replace(/[&<>"]/g,c=>({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;'}[c])); }
+async function select(id){
+  SELECTED=id;
+  $('#list').querySelectorAll('.node-item').forEach(el=>el.classList.toggle('sel',el.dataset.id===id));
+  const node=NODES.find(n=>n.id===id);
+  try{
+    const dep=await api('/v1/nodes/'+encodeURIComponent(id)+'/dependencies?direction=both&maxDepth=2');
+    renderDetail(node,dep); drawGraph(id,dep);
+  }catch(e){ toast('drill-down failed: '+e.message); }
+}
+function renderDetail(node,dep){
+  if(!node){ $('#detail').innerHTML='<div class="t">node not in current page</div>'; return; }
+  const fields=[['id',node.id],['type',node.type],['name',node.name],['confidence',node.confidence],['domain',node.domain],['owner',node.owner]]
+    .filter(([,v])=>v!=null).map(([k,v])=>'<div class="kv"><span>'+k+'</span><span>'+esc(v)+'</span></div>').join('');
+  const tags=(node.tags||[]).map(t=>'<span class="chip">'+esc(t)+'</span>').join('');
+  const edges=(dep.edges||[]).map(e=>'<div class="kv"><span>'+esc(e.relationship)+'</span><span>'+esc(e.sourceId===node.id?('→ '+e.targetId):('← '+e.sourceId))+'</span></div>').join('')||'<div class="t">no dependencies</div>';
+  $('#detail').innerHTML='<div class="card"><h2>Node</h2>'+fields+(tags?'<div style="margin-top:6px">'+tags+'</div>':'')+'</div><div class="card"><h2>Dependencies ('+(dep.nodes?dep.nodes.length:0)+')</h2>'+edges+'</div>';
+}
+const cv=()=>$('#graph'), ctx=()=>cv().getContext('2d');
+function drawGraph(rootId,dep){
+  $('#empty').style.display='none';
+  const c=cv(); const dpr=window.devicePixelRatio||1; const w=c.clientWidth,h=c.clientHeight;
+  c.width=w*dpr; c.height=h*dpr; const g=ctx(); g.setTransform(dpr,0,0,dpr,0,0); g.clearRect(0,0,w,h);
+  const nodes=dep.nodes||[]; const cx=w/2,cy=h/2;
+  // root at center; others on a circle, radius by depth.
+  const pos={}; pos[rootId]={x:cx,y:cy};
+  const others=nodes.filter(n=>n.id!==rootId);
+  others.forEach((n,i)=>{ const a=(i/Math.max(1,others.length))*Math.PI*2; const r=90+(n.depth||1)*70; pos[n.id]={x:cx+Math.cos(a)*r,y:cy+Math.sin(a)*r}; });
+  // edges
+  g.strokeStyle='#30363d'; g.lineWidth=1.2;
+  (dep.edges||[]).forEach(e=>{ const a=pos[e.sourceId],b=pos[e.targetId]; if(a&&b){ g.beginPath(); g.moveTo(a.x,a.y); g.lineTo(b.x,b.y); g.stroke(); } });
+  // nodes
+  const byId={}; nodes.forEach(n=>byId[n.id]=n);
+  Object.entries(pos).forEach(([id,p])=>{ const n=byId[id]; const root=id===rootId;
+    g.beginPath(); g.arc(p.x,p.y,root?13:8,0,Math.PI*2);
+    g.fillStyle=root?'#3b82f6':'#21262d'; g.fill(); g.lineWidth=root?2:1; g.strokeStyle=root?'#60a5fa':'#484f58'; g.stroke();
+    g.fillStyle='#c9d1d9'; g.font=(root?'600 12px':'11px')+' ui-sans-serif'; g.textAlign='center';
+    g.fillText((n&&n.name?n.name:id).slice(0,22),p.x,p.y-(root?20:14));
+  });
+}
+document.addEventListener('DOMContentLoaded',()=>{
+  const t=sessionStorage.getItem('cartograph_token'); if(t)$('#token').value=t;
+  const tn=sessionStorage.getItem('cartograph_tenant'); if(tn)$('#tenant').value=tn;
+  $('#reload').onclick=()=>{ sessionStorage.setItem('cartograph_token',$('#token').value.trim()); sessionStorage.setItem('cartograph_tenant',$('#tenant').value.trim()); boot(); };
+  $('#search').oninput=(e)=>{ const q=e.target.value.toLowerCase(); renderList(NODES.filter(n=>n.name.toLowerCase().includes(q)||n.id.toLowerCase().includes(q)||n.type.toLowerCase().includes(q))); };
+  boot();
+});
+`;
+function dashboardHtml(opts = {}) {
+  const version = opts.version ?? "";
+  return `<!DOCTYPE html>
+<html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Cartograph dashboard</title>
+<style>${STYLE}</style>
+</head><body>
+<header>
+  <h1>Cartograph</h1><span class="ver">${version ? `v${version}` : ""}</span>
+  <span class="spacer"></span>
+  <input id="tenant" placeholder="tenant (optional)" autocomplete="off">
+  <input id="token" type="password" placeholder="bearer token" autocomplete="off">
+  <button id="reload">Reload</button>
+</header>
+<main>
+  <div class="col"><div id="summary"></div></div>
+  <div class="col" id="center"><canvas id="graph"></canvas><div id="empty">Select a node to explore its dependencies.</div></div>
+  <div class="col">
+    <input id="search" placeholder="Search nodes\u2026" autocomplete="off">
+    <div id="list"></div>
+    <div id="detail"></div>
+  </div>
+</main>
+<div id="toast"></div>
+<script>${SCRIPT}</script>
+</body></html>`;
+}
 // src/api/server.ts
 var DEPENDENCIES_RE = /^\/v1\/nodes\/(.+)\/dependencies$/;
 var MAX_GRAPHQL_BYTES = 1024 * 1024;
@@ -8561,6 +8861,8 @@ async function runApi(opts) {
   });
   const restDeps = { backend: opts.backend, version: opts.version };
   const openApiDoc = buildOpenApiDocument({ version: opts.version });
+  const dashboardEnabled = opts.dashboard !== false;
+  const dashboardPage = dashboardEnabled ? dashboardHtml({ version: opts.version }) : "";
   const allowedOrigins = opts.allowedOrigins ?? [];
   assertSafeBind({ host: host2, port: requestedPort, ...opts.allowedHosts ? { allowedHosts: opts.allowedHosts } : {}, ...token ? { token } : {} });
   let allowedHosts = opts.allowedHosts ?? [];
@@ -8603,6 +8905,11 @@ async function runApi(opts) {
           finish(200);
           return;
         }
+        if (dashboardEnabled && (path === "/" || path === "/app") && req.method === "GET") {
+          res.writeHead(200, { "content-type": "text/html; charset=utf-8", ...cors }).end(dashboardPage);
+          finish(200);
+          return;
+        }
         if (path === "/v1/health") {
           if (req.method !== "GET") {
             send(res, 405, { error: "method not allowed" }, { allow: "GET", ...cors });
@@ -8767,6 +9074,7 @@ function parseApiArgs(argv) {
     const a = argv[i];
     if (a === "--http") continue;
     else if (a === "--no-graphql") opts.graphql = false;
+    else if (a === "--no-dashboard") opts.dashboard = false;
     else if (a === "--port") opts.port = Number(argv[++i]);
     else if (a === "--host") opts.host = argv[++i];
     else if (a === "--allowed-hosts") opts.allowedHosts = splitList(argv[++i]);
@@ -8802,12 +9110,14 @@ async function startApi(opts = {}) {
     ...opts.allowedOrigins ? { allowedOrigins: opts.allowedOrigins } : {},
     ...token ? { token } : {},
     ...opts.graphql === false ? { graphql: false } : {},
+    ...opts.dashboard === false ? { dashboard: false } : {},
     ...opts.tenant ? { tenant: { defaultTenant: normalizeTenant(opts.tenant) } } : {},
     log: log2
   });
   const graphqlNote = opts.graphql === false ? " [REST only]" : " + /graphql";
+  const dashNote = opts.dashboard === false ? "" : ` \xB7 dashboard http://${host2}:${port}/`;
   log2(
-    `Cartograph API (REST${graphqlNote}) on http://${host2}:${port}/v1${token ? " (auth: bearer token required)" : ""} (tenant: ${normalizeTenant(opts.tenant)})`
+    `Cartograph API (REST${graphqlNote}) on http://${host2}:${port}/v1${token ? " (auth: bearer token required)" : ""} (tenant: ${normalizeTenant(opts.tenant)})${dashNote}`
   );
   return server;
 }
@@ -12059,6 +12369,7 @@ function checkClaudePrerequisites() {
   AuthorizationError,
   CLIENTS,
   CONFIDENCE,
+  CORRELATION_CONFIDENCE,
   CartographyDB,
   ComplianceReportSchema,
   ComplianceRuleSchema,
@@ -12145,6 +12456,7 @@ function checkClaudePrerequisites() {
   computeIdentity,
   connectionsScanner,
   contentHash,
+  correlateTopology,
   createBashTool,
   createCartographyTools,
   createClaudeProvider,
@@ -12160,6 +12472,7 @@ function checkClaudePrerequisites() {
   createSqliteQueryBackend,
   currentOs,
   cursorDeeplink,
+  dashboardHtml,
   databasesScanner,
   deepMerge,
   defaultAllowedHosts,
@@ -12191,6 +12504,7 @@ function checkClaudePrerequisites() {
   exportJGF,
   exportJSON,
   extractListeningPorts,
+  extractSignals,
   filterBySeverity,
   findAnonViolations,
   formatComplianceText,