npm - @brizz/sdk - Versions diffs - 0.1.21 → 0.1.25 - Mend

@brizz/sdk 0.1.21 → 0.1.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/preload.cjs CHANGED Viewed

@@ -159,6 +159,38 @@ function setLogLevel(level) {
 var import_resources3 = require("@opentelemetry/resources");
 var import_sdk_node = require("@opentelemetry/sdk-node");
+// src/internal/dsn.ts
+var PLACEHOLDER_SERVICE = "<service-name>";
+var SERVICE_NAME_HEADER = "X-Brizz-Service-Name";
+function parseDSN(dsn) {
+  let parsed;
+  try {
+    parsed = new globalThis.URL(dsn);
+  } catch {
+    return null;
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:" || !parsed.username || !parsed.host) {
+    return null;
+  }
+  const scheme = parsed.protocol === "https:" ? "https" : "http";
+  let service;
+  try {
+    service = decodeURIComponent(parsed.pathname.replace(/^\//, ""));
+  } catch {
+    return null;
+  }
+  if (service === "" || service === PLACEHOLDER_SERVICE) {
+    return null;
+  }
+  return {
+    scheme,
+    host: parsed.host,
+    bearer: decodeURIComponent(parsed.username),
+    service,
+    baseUrl: `${scheme}://${parsed.host}`
+  };
+}
 // src/internal/config.ts
 function resolveConfig(options) {
   const envLogLevel = process.env["BRIZZ_LOG_LEVEL"] || options.logLevel?.toString() || DEFAULT_LOG_LEVEL.toString();
@@ -185,6 +217,7 @@ function resolveConfig(options) {
     appName: options.appName,
     baseUrl: options.baseUrl,
     hasApiKey: !!options.apiKey,
+    dsnProvided: !!(process.env["BRIZZ_DSN"] || options.dsn),
     disableBatch: options.disableBatch,
     logLevel: resolvedLogLevel,
     headersCount: Object.keys(options.headers || {}).length,
@@ -212,7 +245,42 @@ function resolveConfig(options) {
     logLevel: resolvedLogLevel,
     masking: resolvedMasking
   };
-  if (resolvedConfig.apiKey) {
+  const dsnInput = process.env["BRIZZ_DSN"] || options.dsn;
+  let parsedDSN = null;
+  if (dsnInput) {
+    const kwargConflicts = [];
+    if (options.apiKey !== void 0) {
+      kwargConflicts.push("apiKey");
+    }
+    if (options.baseUrl !== void 0) {
+      kwargConflicts.push("baseUrl");
+    }
+    if (options.appName !== void 0) {
+      kwargConflicts.push("appName");
+    }
+    if (kwargConflicts.length > 0) {
+      throw new Error(
+        `dsn cannot be combined with kwargs ${kwargConflicts.join(", ")}. The DSN bundles bearer, gateway URL, and service name \u2014 choose one configuration style.`
+      );
+    }
+    const envConflicts = ["BRIZZ_API_KEY", "BRIZZ_BASE_URL", "BRIZZ_APP_NAME"].filter(
+      (name) => process.env[name] !== void 0
+    );
+    if (envConflicts.length > 0) {
+      logger.warn(
+        `Ignoring ${envConflicts.join(", ")} \u2014 dsn / BRIZZ_DSN takes precedence.`
+      );
+    }
+    resolvedConfig.apiKey = void 0;
+    resolvedConfig.baseUrl = "https://telemetry.brizz.dev";
+    resolvedConfig.appName = "unknown-app";
+    parsedDSN = parseDSN(dsnInput);
+    if (parsedDSN) {
+      resolvedConfig.appName = parsedDSN.service;
+      resolvedConfig.baseUrl = parsedDSN.baseUrl;
+      resolvedConfig.apiKey = parsedDSN.bearer;
+    }
+  } else if (resolvedConfig.apiKey) {
     resolvedConfig.headers["Authorization"] = `Bearer ${resolvedConfig.apiKey}`;
   }
   if (process.env["BRIZZ_HEADERS"]) {
@@ -227,14 +295,28 @@ function resolveConfig(options) {
       throw new Error("Invalid JSON in BRIZZ_HEADERS environment variable", { cause: error });
     }
   }
+  if (dsnInput) {
+    const authHeaderKeys = /* @__PURE__ */ new Set(["authorization", SERVICE_NAME_HEADER.toLowerCase()]);
+    resolvedConfig.headers = Object.fromEntries(
+      Object.entries(resolvedConfig.headers).filter(
+        ([key]) => !authHeaderKeys.has(key.toLowerCase())
+      )
+    );
+    if (parsedDSN) {
+      resolvedConfig.headers["Authorization"] = `Bearer ${parsedDSN.bearer}`;
+      resolvedConfig.headers[SERVICE_NAME_HEADER] = parsedDSN.service;
+    }
+  }
   logger.debug("Configuration resolved with environment variables", {
     appName: resolvedConfig.appName,
     baseUrl: resolvedConfig.baseUrl,
     hasApiKey: !!resolvedConfig.apiKey,
+    dsnProvided: !!dsnInput,
     disableBatch: resolvedConfig.disableBatch,
     envOverrides: {
       hasEnvApiKey: !!process.env["BRIZZ_API_KEY"],
       hasEnvBaseUrl: !!process.env["BRIZZ_BASE_URL"],
+      hasEnvDsn: !!process.env["BRIZZ_DSN"],
       hasEnvBatch: !!process.env["BRIZZ_DISABLE_BATCH"],
       hasEnvHeaders: !!process.env["BRIZZ_HEADERS"]
     }
@@ -258,6 +340,716 @@ var import_instrumentation_pinecone = require("@traceloop/instrumentation-pineco
 var import_instrumentation_qdrant = require("@traceloop/instrumentation-qdrant");
 var import_instrumentation_together = require("@traceloop/instrumentation-together");
 var import_instrumentation_vertexai = require("@traceloop/instrumentation-vertexai");
+// src/internal/instrumentation/mcp/instrumentation.ts
+var import_openinference_instrumentation_mcp = require("@arizeai/openinference-instrumentation-mcp");
+var import_api7 = require("@opentelemetry/api");
+var import_instrumentation = require("@opentelemetry/instrumentation");
+// src/internal/instrumentation/mcp/patches/protocol.ts
+var import_api6 = require("@opentelemetry/api");
+// src/internal/instrumentation/mcp/schemas.ts
+var import_api3 = require("@opentelemetry/api");
+// src/internal/semantic-conventions.ts
+var import_api2 = require("@opentelemetry/api");
+var BRIZZ = "brizz";
+var PROPERTIES = "properties";
+var SESSION_ID = "session.id";
+var PROPERTIES_CONTEXT_KEY = (0, import_api2.createContextKey)(PROPERTIES);
+var SESSION_OBJECT_CONTEXT_KEY = (0, import_api2.createContextKey)("brizz.session.object");
+// src/internal/instrumentation/mcp/semantic-conventions.ts
+var MCP_TOOL_NAME = "mcp.tool.name";
+var MCP_TOOL_ARGUMENTS = "mcp.tool.arguments";
+var MCP_TOOL_RESULT = "mcp.tool.result";
+var MCP_COMPONENT_TYPE = "mcp.component.type";
+var MCP_COMPONENT_TOOL = "tool";
+var MCP_COMPONENT_TOOL_SCHEMA = "tool_schema";
+var MCP_TOOL_SCHEMA_PARAMETERS = "mcp.tool.schema.parameters";
+var MCP_TOOL_SCHEMA_OUTPUT = "mcp.tool.schema.output";
+var MCP_TOOL_DESCRIPTION = "mcp.tool.description";
+var SPAN_NAME_TOOL_REGISTER = "mcp.tool.register";
+var MCP_METHOD_NAME = "mcp.method.name";
+var MCP_REQUEST_ID = "mcp.request.id";
+var MCP_SESSION_ID = "mcp.session.id";
+var MCP_PROTOCOL_VERSION = "mcp.protocol.version";
+var MCP_RESOURCE_URI = "mcp.resource.uri";
+var RPC_SYSTEM = "rpc.system";
+var RPC_SYSTEM_MCP = "mcp";
+var RPC_RESPONSE_STATUS_CODE = "rpc.response.status_code";
+var GEN_AI_TOOL_NAME = "gen_ai.tool.name";
+var GEN_AI_PROMPT_NAME = "gen_ai.prompt.name";
+var GEN_AI_OPERATION_NAME = "gen_ai.operation.name";
+var GEN_AI_OPERATION_EXECUTE_TOOL = "execute_tool";
+var NETWORK_TRANSPORT = "network.transport";
+var ERROR_TYPE = "error.type";
+var ERROR_TYPE_TOOL = "tool_error";
+var JSONRPC_REQUEST_ID = "jsonrpc.request.id";
+var SPAN_NAME_TOOLS_CALL = "tools/call";
+var MAX_ATTRIBUTE_LENGTH = 32 * 1024;
+var TRUNCATION_SUFFIX = "\u2026(truncated)";
+var METHOD_TOOLS_CALL = "tools/call";
+var METHOD_TOOLS_LIST = "tools/list";
+var METHOD_RESOURCES_READ = "resources/read";
+var METHOD_PROMPTS_GET = "prompts/get";
+var METHOD_INITIALIZE = "initialize";
+// src/internal/instrumentation/mcp/schemas.ts
+var _MAX_SCHEMA_ATTR_BYTES = 4e3;
+function truncateSchemaAttr(value) {
+  if (value.length <= _MAX_SCHEMA_ATTR_BYTES) {
+    return value;
+  }
+  return `{"_truncated":true,"original_length":${value.length}}`;
+}
+function safeStringify(value) {
+  if (value === null || value === void 0) {
+    return "";
+  }
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return "";
+  }
+}
+function emitSchemaSpansFromListResponse(result, transportSessionId, tracer) {
+  if (!transportSessionId) {
+    return;
+  }
+  const tools = extractTools(result);
+  if (tools === void 0) {
+    return;
+  }
+  for (const tool of tools) {
+    const name = typeof tool.name === "string" ? tool.name : void 0;
+    if (!name) {
+      continue;
+    }
+    const span = tracer.startSpan(`${SPAN_NAME_TOOL_REGISTER} ${name}`, {
+      kind: import_api3.SpanKind.INTERNAL
+    });
+    try {
+      stampSchemaAttributes(span, name, transportSessionId, tool);
+      span.setStatus({ code: import_api3.SpanStatusCode.OK });
+    } finally {
+      span.end();
+    }
+  }
+}
+function stampSchemaAttributes(span, toolName, transportSessionId, tool) {
+  if (!span.isRecording()) {
+    logger.warn(
+      `Brizz MCP: schema span is not recording; dropping attributes for ${toolName}`
+    );
+    return;
+  }
+  const description = typeof tool.description === "string" ? tool.description : "";
+  const parameters = truncateSchemaAttr(safeStringify(tool.inputSchema));
+  const outputSchema = tool.outputSchema !== void 0 && tool.outputSchema !== null ? truncateSchemaAttr(safeStringify(tool.outputSchema)) : "";
+  span.setAttribute(RPC_SYSTEM, RPC_SYSTEM_MCP);
+  span.setAttribute(MCP_COMPONENT_TYPE, MCP_COMPONENT_TOOL_SCHEMA);
+  span.setAttribute(MCP_SESSION_ID, transportSessionId);
+  span.setAttribute(`${BRIZZ}.${SESSION_ID}`, transportSessionId);
+  span.setAttribute(MCP_TOOL_NAME, toolName);
+  span.setAttribute(MCP_TOOL_SCHEMA_PARAMETERS, parameters);
+  span.setAttribute(MCP_TOOL_SCHEMA_OUTPUT, outputSchema);
+  span.setAttribute(MCP_TOOL_DESCRIPTION, description);
+}
+function extractTools(result) {
+  if (!result || typeof result !== "object") {
+    return void 0;
+  }
+  const tools = result.tools;
+  if (!Array.isArray(tools)) {
+    return void 0;
+  }
+  return tools.filter(
+    (t) => t !== null && typeof t === "object"
+  );
+}
+// src/internal/instrumentation/mcp/session.ts
+var import_api4 = require("@opentelemetry/api");
+function stampAndPropagateSession(span, sessionId, baseContext = import_api4.context.active()) {
+  if (!sessionId) {
+    return { context: baseContext, sessionId: null };
+  }
+  if (span.isRecording()) {
+    try {
+      span.setAttribute(`${BRIZZ}.${SESSION_ID}`, sessionId);
+    } catch (error) {
+      logger.warn(
+        `Brizz MCP: failed to stamp session id on span: ${String(error)}`
+      );
+    }
+  }
+  try {
+    const prev = baseContext.getValue(PROPERTIES_CONTEXT_KEY);
+    const merged = prev ? { ...prev, [SESSION_ID]: sessionId } : { [SESSION_ID]: sessionId };
+    return {
+      context: baseContext.setValue(PROPERTIES_CONTEXT_KEY, merged),
+      sessionId
+    };
+  } catch (error) {
+    logger.warn(`Brizz MCP: failed to attach session context: ${String(error)}`);
+    return { context: baseContext, sessionId };
+  }
+}
+// src/internal/instrumentation/mcp/patches/attributes.ts
+var import_api5 = require("@opentelemetry/api");
+function deriveSpanName(method, params) {
+  try {
+    if (method === METHOD_TOOLS_CALL) {
+      const name = typeof params?.["name"] === "string" ? params["name"] : "";
+      return name ? `${SPAN_NAME_TOOLS_CALL} ${name}` : SPAN_NAME_TOOLS_CALL;
+    }
+    if (method === METHOD_RESOURCES_READ) {
+      const uri = typeof params?.["uri"] === "string" ? params["uri"] : "";
+      return uri ? `${METHOD_RESOURCES_READ} ${uri}` : METHOD_RESOURCES_READ;
+    }
+    if (method === METHOD_PROMPTS_GET) {
+      const name = typeof params?.["name"] === "string" ? params["name"] : "";
+      return name ? `${METHOD_PROMPTS_GET} ${name}` : METHOD_PROMPTS_GET;
+    }
+    return method;
+  } catch {
+    return method || "mcp";
+  }
+}
+function applyBaseAttributes(span, request) {
+  span.setAttribute(RPC_SYSTEM, RPC_SYSTEM_MCP);
+  if (request.method) {
+    span.setAttribute(MCP_METHOD_NAME, request.method);
+  }
+  if (request.id !== void 0 && request.id !== null) {
+    const id = String(request.id);
+    span.setAttribute(MCP_REQUEST_ID, id);
+    span.setAttribute(JSONRPC_REQUEST_ID, id);
+  }
+}
+function applyClientRequestAttributes(span, request, transportName) {
+  applyBaseAttributes(span, request);
+  applyMethodSpecificRequestAttributes(span, request);
+  if (transportName) {
+    const transport = normalizeTransport(transportName);
+    if (transport) {
+      span.setAttribute(NETWORK_TRANSPORT, transport);
+    }
+  }
+}
+function applyServerRequestAttributes(span, request, protocol) {
+  applyBaseAttributes(span, request);
+  applyMethodSpecificRequestAttributes(span, request);
+  if (request.method === METHOD_TOOLS_CALL) {
+    const args = request.params?.["arguments"];
+    if (args !== void 0) {
+      span.setAttribute(MCP_TOOL_ARGUMENTS, serializeForAttribute(args));
+    }
+  }
+  const sessionId = protocol.sessionId ?? protocol._transport?.sessionId;
+  if (sessionId) {
+    span.setAttribute(MCP_SESSION_ID, String(sessionId));
+  }
+}
+function applyMethodSpecificRequestAttributes(span, request) {
+  const params = request.params ?? {};
+  switch (request.method) {
+    case METHOD_TOOLS_CALL: {
+      const name = typeof params["name"] === "string" ? params["name"] : "";
+      if (name) {
+        span.setAttribute(MCP_TOOL_NAME, name);
+        span.setAttribute(GEN_AI_TOOL_NAME, name);
+      }
+      span.setAttribute(MCP_COMPONENT_TYPE, MCP_COMPONENT_TOOL);
+      span.setAttribute(GEN_AI_OPERATION_NAME, GEN_AI_OPERATION_EXECUTE_TOOL);
+      break;
+    }
+    case METHOD_RESOURCES_READ: {
+      const uri = typeof params["uri"] === "string" ? params["uri"] : "";
+      if (uri) {
+        span.setAttribute(MCP_RESOURCE_URI, uri);
+      }
+      break;
+    }
+    case METHOD_PROMPTS_GET: {
+      const name = typeof params["name"] === "string" ? params["name"] : "";
+      if (name) {
+        span.setAttribute(GEN_AI_PROMPT_NAME, name);
+      }
+      break;
+    }
+    default:
+      break;
+  }
+}
+function applyResultAttributes(span, method, result) {
+  if (method === METHOD_INITIALIZE && result && typeof result === "object") {
+    const protocolVersion = result["protocolVersion"];
+    if (typeof protocolVersion === "string") {
+      span.setAttribute(MCP_PROTOCOL_VERSION, protocolVersion);
+    }
+    return;
+  }
+  if (method !== METHOD_TOOLS_CALL) {
+    return;
+  }
+  const obj = result && typeof result === "object" ? result : null;
+  const content = obj?.["content"] ?? result;
+  span.setAttribute(MCP_TOOL_RESULT, serializeForAttribute(content));
+  if (obj && obj["isError"] === true) {
+    span.setAttribute(ERROR_TYPE, ERROR_TYPE_TOOL);
+    const message = extractToolErrorMessage(obj);
+    span.setStatus({ code: import_api5.SpanStatusCode.ERROR, message });
+  }
+}
+function applyErrorAttributes(span, err) {
+  const error = err;
+  const code = error?.code;
+  if (typeof code === "number") {
+    span.setAttribute(RPC_RESPONSE_STATUS_CODE, code);
+    span.setAttribute(ERROR_TYPE, String(code));
+  } else if (error?.name === "AbortError") {
+    span.setAttribute(ERROR_TYPE, "cancelled");
+  } else if (error?.name === "TimeoutError") {
+    span.setAttribute(ERROR_TYPE, "timeout");
+  } else {
+    span.setAttribute(
+      ERROR_TYPE,
+      error?.constructor?.name || error?.name || "Error"
+    );
+  }
+  try {
+    span.recordException(error);
+  } catch {
+  }
+  span.setStatus({
+    code: import_api5.SpanStatusCode.ERROR,
+    message: typeof error?.message === "string" ? error.message : void 0
+  });
+}
+function serializeForAttribute(value) {
+  const raw = rawSerialize(value);
+  if (raw.length <= MAX_ATTRIBUTE_LENGTH) {
+    return raw;
+  }
+  return raw.slice(0, MAX_ATTRIBUTE_LENGTH - TRUNCATION_SUFFIX.length) + TRUNCATION_SUFFIX;
+}
+function rawSerialize(value) {
+  if (value === null || value === void 0) {
+    return "";
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  try {
+    return JSON.stringify(value);
+  } catch {
+    try {
+      if (value === null || value === void 0) {
+        return "";
+      }
+      const tag = Object.prototype.toString.call(value);
+      return typeof value.toString === "function" ? (
+        // eslint-disable-next-line @typescript-eslint/no-base-to-string
+        String(value)
+      ) : tag;
+    } catch {
+      return "";
+    }
+  }
+}
+function extractToolErrorMessage(result) {
+  const content = result["content"];
+  if (Array.isArray(content)) {
+    for (const item of content) {
+      if (item && typeof item === "object") {
+        const text = item["text"];
+        if (typeof text === "string") {
+          return text;
+        }
+      }
+    }
+  }
+  return void 0;
+}
+function normalizeTransport(ctorName) {
+  const name = ctorName.toLowerCase();
+  if (name.includes("stdio")) {
+    return "stdio";
+  }
+  if (name.includes("sse")) {
+    return "sse";
+  }
+  if (name.includes("streamablehttp") || name.includes("http")) {
+    return "http";
+  }
+  return null;
+}
+// src/internal/instrumentation/mcp/patches/protocol.ts
+var PATCHED_FLAG = /* @__PURE__ */ Symbol("brizz.mcp.protocol-patched");
+function patchProtocolPrototype(prototype, tracer) {
+  if (!prototype || typeof prototype !== "object") {
+    return false;
+  }
+  const proto = prototype;
+  if (proto[PATCHED_FLAG]) {
+    logger.debug("Brizz MCP: Protocol.prototype already patched, skipping");
+    return false;
+  }
+  const originalRequest = proto["request"];
+  const originalOnRequest = proto["_onrequest"];
+  if (typeof originalRequest === "function") {
+    proto["request"] = wrapRequest(originalRequest, tracer);
+  } else {
+    logger.debug(
+      "Brizz MCP: Protocol.prototype.request missing \u2014 skipping CLIENT patch"
+    );
+  }
+  if (typeof originalOnRequest === "function") {
+    proto["_onrequest"] = wrapOnRequest(
+      originalOnRequest,
+      tracer
+    );
+  } else {
+    logger.debug(
+      "Brizz MCP: Protocol.prototype._onrequest missing \u2014 skipping SERVER patch"
+    );
+  }
+  proto[PATCHED_FLAG] = true;
+  return true;
+}
+function wrapRequest(original, tracer) {
+  return function wrappedRequest(...args) {
+    const request = args[0];
+    if (!request || typeof request !== "object" || !request.method) {
+      return original.apply(this, args);
+    }
+    const span = safeStartClientSpan(tracer, request, this);
+    if (!span) {
+      return original.apply(this, args);
+    }
+    return executeAroundSpan(span, request.method, () => {
+      const ctx = import_api6.trace.setSpan(import_api6.context.active(), span);
+      return import_api6.context.with(ctx, () => original.apply(this, args));
+    });
+  };
+}
+function wrapOnRequest(original, tracer) {
+  return function wrappedOnRequest(...args) {
+    const request = args[0];
+    if (!request || typeof request !== "object" || !request.method) {
+      return original.apply(this, args);
+    }
+    const handlers = this._requestHandlers;
+    if (!handlers || typeof handlers.get !== "function") {
+      return original.apply(this, args);
+    }
+    const method = request.method;
+    const handler = handlers.get(method) ?? this.fallbackRequestHandler;
+    if (!handler) {
+      return original.apply(this, args);
+    }
+    const started = safeStartServerSpan(tracer, request, this);
+    if (!started) {
+      return original.apply(this, args);
+    }
+    const { span, spanCtx } = started;
+    const transportSessionId = this.sessionId ?? this._transport?.sessionId;
+    const postResult = method === METHOD_TOOLS_LIST ? (result) => {
+      try {
+        emitSchemaSpansFromListResponse(result, transportSessionId, tracer);
+      } catch (error) {
+        logger.warn(
+          `Brizz MCP: failed to emit tools/list schema spans: ${String(error)}`
+        );
+      }
+    } : void 0;
+    const wrappedHandler = (req, extra) => import_api6.context.with(
+      spanCtx,
+      () => executeHandler(span, method, handler, req, extra, postResult)
+    );
+    const hadEntry = handlers.has(method);
+    const prev = handlers.get(method);
+    handlers.set(method, wrappedHandler);
+    const usedFallback = !hadEntry && this.fallbackRequestHandler === handler;
+    const fallbackPrev = usedFallback ? this.fallbackRequestHandler : void 0;
+    if (usedFallback) {
+      this.fallbackRequestHandler = wrappedHandler;
+    }
+    try {
+      return original.apply(this, args);
+    } finally {
+      if (hadEntry) {
+        handlers.set(method, prev);
+      } else {
+        handlers.delete(method);
+      }
+      if (usedFallback) {
+        this.fallbackRequestHandler = fallbackPrev;
+      }
+    }
+  };
+}
+function executeAroundSpan(span, method, run, postResult) {
+  let result;
+  try {
+    result = run();
+  } catch (error) {
+    safeApplyErrorAttributes(span, error);
+    safeEnd(span);
+    throw error;
+  }
+  if (!isThenable(result)) {
+    safeApplyResultAttributes(span, method, result);
+    if (postResult) {
+      postResult(result);
+    }
+    safeEnd(span);
+    return result;
+  }
+  return result.then(
+    (value) => {
+      safeApplyResultAttributes(span, method, value);
+      if (postResult) {
+        postResult(value);
+      }
+      safeEnd(span);
+      return value;
+    },
+    (error) => {
+      safeApplyErrorAttributes(span, error);
+      safeEnd(span);
+      throw error;
+    }
+  );
+}
+function executeHandler(span, method, handler, req, extra, postResult) {
+  return executeAroundSpan(span, method, () => handler(req, extra), postResult);
+}
+function safeStartClientSpan(tracer, request, protocol) {
+  try {
+    const spanName = deriveSpanName(request.method, request.params);
+    const span = tracer.startSpan(spanName, { kind: import_api6.SpanKind.CLIENT });
+    applyClientRequestAttributes(
+      span,
+      request,
+      protocol._transport?.constructor?.name
+    );
+    return span;
+  } catch (error) {
+    logger.debug(`Brizz MCP: failed to open CLIENT span: ${String(error)}`);
+    return null;
+  }
+}
+function safeStartServerSpan(tracer, request, protocol) {
+  try {
+    const parentCtx = extractParentContext(request);
+    const spanName = deriveSpanName(request.method, request.params);
+    const span = tracer.startSpan(
+      spanName,
+      { kind: import_api6.SpanKind.SERVER },
+      parentCtx
+    );
+    applyServerRequestAttributes(span, request, protocol);
+    const sessionId = protocol.sessionId ?? protocol._transport?.sessionId;
+    const { context: sessCtx } = stampAndPropagateSession(span, sessionId, parentCtx);
+    return { span, spanCtx: import_api6.trace.setSpan(sessCtx, span) };
+  } catch (error) {
+    logger.debug(`Brizz MCP: failed to open SERVER span: ${String(error)}`);
+    return null;
+  }
+}
+function extractParentContext(request) {
+  try {
+    const meta = request.params?._meta;
+    if (meta && typeof meta === "object") {
+      return import_api6.propagation.extract(import_api6.context.active(), meta);
+    }
+  } catch (error) {
+    logger.debug(
+      `Brizz MCP: failed to extract parent context from _meta: ${String(error)}`
+    );
+  }
+  return import_api6.context.active();
+}
+function isThenable(value) {
+  return !!value && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
+}
+function safeApplyResultAttributes(span, method, value) {
+  try {
+    applyResultAttributes(span, method, value);
+  } catch (error) {
+    logger.debug(
+      `Brizz MCP: failed to apply result attributes: ${String(error)}`
+    );
+  }
+}
+function safeApplyErrorAttributes(span, err) {
+  try {
+    applyErrorAttributes(span, err);
+  } catch (error) {
+    logger.debug(
+      `Brizz MCP: failed to apply error attributes: ${String(error)}`
+    );
+  }
+}
+function safeEnd(span) {
+  try {
+    span.end();
+  } catch (error) {
+    logger.debug(`Brizz MCP: failed to end span: ${String(error)}`);
+  }
+}
+// src/internal/version.ts
+function getSDKVersion() {
+  return "0.1.25";
+}
+// src/internal/instrumentation/mcp/version.ts
+var INSTRUMENTATION_NAME = "@brizz/sdk/mcp";
+var INSTRUMENTATION_VERSION = getSDKVersion();
+// src/internal/instrumentation/mcp/instrumentation.ts
+var PROTOCOL_MODULE_NAME = "@modelcontextprotocol/sdk/shared/protocol.js";
+var PROTOCOL_SUPPORTED_VERSIONS = [">=1.0.0 <2"];
+var MCPInstrumentation = class extends import_openinference_instrumentation_mcp.MCPInstrumentation {
+  /**
+   * Dedicated Brizz-named tracer for our SERVER + CLIENT spans.
+   *
+   * Why a separate tracer from the parent class's one: Arize's inherited
+   * transport patches don't emit spans (they only inject propagation
+   * headers), so using our own tracer here keeps Brizz spans attributed to
+   * `@brizz/sdk/mcp` in the dashboard. The parent's `tracer` is a
+   * `protected get` (no setter), so fighting it with assignment is the
+   * wrong tool.
+   */
+  brizzTracer;
+  constructor(_config) {
+    super({ instrumentationConfig: _config?.instrumentationConfig });
+    this.brizzTracer = import_api7.trace.getTracer(INSTRUMENTATION_NAME, INSTRUMENTATION_VERSION);
+  }
+  /**
+   * Extend `super.init()` with our protocol-layer module definition.
+   *
+   * Arize's `init()` returns definitions for the six transport modules
+   * (SSE client/server, stdio client/server, streamable-HTTP client/server)
+   * whose `send`/`start` methods get patched for W3C trace-context
+   * injection. We append one more: `@modelcontextprotocol/sdk/shared/protocol.js`
+   * where our patches open SERVER/CLIENT spans around the handler + outgoing
+   * request. If `super.init()` throws (unlikely but possible across Arize
+   * versions), we gracefully degrade to protocol-only instrumentation.
+   *
+   * The cast at the end satisfies the parent's strongly-typed generic
+   * without leaking the cast into call sites.
+   */
+  init() {
+    let base;
+    try {
+      base = super.init() ?? [];
+    } catch (error) {
+      logger.warn(
+        `Brizz MCP: base Arize init() failed \u2014 transport context propagation disabled: ${String(error)}`
+      );
+      base = [];
+    }
+    const baseArr = Array.isArray(base) ? base : [base];
+    const brizzDef = new import_instrumentation.InstrumentationNodeModuleDefinition(
+      PROTOCOL_MODULE_NAME,
+      PROTOCOL_SUPPORTED_VERSIONS,
+      (module3) => {
+        this.patchProtocolModule(module3);
+        return module3;
+      },
+      (module3) => {
+        this.unpatchProtocolModule(module3);
+        return module3;
+      }
+    );
+    return [...baseArr, brizzDef];
+  }
+  /**
+   * Manually instrument MCP modules for Next.js/Webpack where the
+   * auto-instrumentation module-load hook doesn't fire.
+   *
+   * Forwards the six transport module fields to the inherited Arize
+   * `manuallyInstrument(...)` (context propagation) and applies our
+   * protocol patch if `protocolModule` is provided (SERVER/CLIENT spans).
+   * Both legs are try/catch-guarded — a failure in one shouldn't prevent
+   * the other from taking effect.
+   */
+  manuallyInstrument(modules) {
+    const {
+      clientSSEModule,
+      serverSSEModule,
+      clientStdioModule,
+      serverStdioModule,
+      clientStreamableHTTPModule,
+      serverStreamableHTTPModule,
+      protocolModule
+    } = modules;
+    try {
+      super.manuallyInstrument({
+        clientSSEModule,
+        serverSSEModule,
+        clientStdioModule,
+        serverStdioModule,
+        clientStreamableHTTPModule,
+        serverStreamableHTTPModule
+      });
+    } catch (error) {
+      logger.warn(`Brizz MCP: Arize manuallyInstrument(...) failed: ${String(error)}`);
+    }
+    if (protocolModule) {
+      try {
+        this.patchProtocolModule(protocolModule);
+      } catch (error) {
+        logger.warn(
+          `Brizz MCP: failed to manually patch Protocol module: ${String(error)}`
+        );
+      }
+    }
+  }
+  /**
+   * Apply the SERVER + CLIENT patch to a loaded `protocol.js` module. Shared
+   * by both the automatic module-load callback in `init()` and the manual
+   * `manuallyInstrument(...)` path above so there's exactly one place that
+   * calls `patchProtocolPrototype`.
+   */
+  patchProtocolModule(module3) {
+    const proto = module3?.Protocol?.prototype;
+    if (!proto) {
+      logger.debug(
+        "Brizz MCP: module does not expose Protocol.prototype \u2014 skipping protocol patches"
+      );
+      return;
+    }
+    const ok = patchProtocolPrototype(proto, this.brizzTracer);
+    if (ok) {
+      logger.debug("Brizz MCP: patched Protocol.prototype for SERVER+CLIENT spans");
+    }
+  }
+  /**
+   * Unpatch is intentionally a no-op.
+   *
+   * `patchProtocolPrototype` wraps methods in place and sets a PATCHED_FLAG
+   * Symbol on the prototype to prevent double-patching. Restoring the
+   * originals would require us to hold references across module unloads,
+   * which isn't a pattern we need — instrumentation rarely gets torn down
+   * at runtime, and a process reload is the canonical way to detach.
+   */
+  unpatchProtocolModule(_module) {
+    logger.debug(
+      "Brizz MCP: unpatch is a no-op \u2014 reload the process to cleanly detach"
+    );
+  }
+};
+// src/internal/instrumentation/registry.ts
 var InstrumentationRegistry = class _InstrumentationRegistry {
   static instance;
   manualModules = null;
@@ -362,6 +1154,14 @@ var InstrumentationRegistry = class _InstrumentationRegistry {
         }
       })();
     }
+    if (this.manualModules?.mcp) {
+      try {
+        new MCPInstrumentation({ exceptionLogger }).manuallyInstrument(this.manualModules.mcp);
+        logger.debug("Manual instrumentation enabled for MCP");
+      } catch (error) {
+        logger.error(`Failed to apply MCP instrumentation: ${String(error)}`);
+      }
+    }
   }
 };
@@ -371,32 +1171,17 @@ var import_exporter_logs_otlp_http = require("@opentelemetry/exporter-logs-otlp-
 var import_resources = require("@opentelemetry/resources");
 var import_sdk_logs2 = require("@opentelemetry/sdk-logs");
-// src/internal/version.ts
-function getSDKVersion() {
-  return "0.1.21";
-}
 // src/internal/log/processors/log-processor.ts
-var import_api3 = require("@opentelemetry/api");
+var import_api8 = require("@opentelemetry/api");
 var import_sdk_logs = require("@opentelemetry/sdk-logs");
 // src/internal/masking/patterns.ts
 var DEFAULT_PII_PATTERNS = [
-  // Email addresses
-  {
-    name: "email_addresses",
-    pattern: String.raw`\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b`
-  },
   // Phone numbers (US format)
   {
     name: "us_phone_numbers",
     pattern: String.raw`(?:^|[\s])(?:\+?1[-.\s]*)?(?:\([0-9]{3}\)\s?[0-9]{3}[-.\s]?[0-9]{4}|[0-9]{3}[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}|[0-9]{10})(?=[\s]|$)`
   },
-  // Social Security Numbers
-  {
-    name: "ssn",
-    pattern: String.raw`\b(?!000|666|9\d{2})\d{3}[-\s]?(?!00)\d{2}[-\s]?(?!0000)\d{4}\b`
-  },
   // Credit card numbers
   {
     name: "credit_cards",
@@ -420,19 +1205,11 @@ var DEFAULT_PII_PATTERNS = [
     name: "openai_keys",
     pattern: String.raw`\bsk[-_][a-zA-Z0-9]{20,}\b`
   },
-  {
-    name: "base64_secrets",
-    pattern: String.raw`\b[A-Za-z0-9+/]{64,}={0,2}\b`
-  },
   // AWS Keys
   {
     name: "aws_access_keys",
     pattern: String.raw`\b(?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16}\b`
   },
-  {
-    name: "aws_secret_keys",
-    pattern: String.raw`\b[A-Za-z0-9/+=]*[A-Z][A-Za-z0-9/+=]*[a-z][A-Za-z0-9/+=]*[/+=][A-Za-z0-9/+=]{30,}\b`
-  },
   // GitHub tokens
   {
     name: "github_tokens",
@@ -463,11 +1240,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "ipv6_addresses",
     pattern: String.raw`\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b`
   },
-  // Medical records
-  {
-    name: "medical_record_numbers",
-    pattern: String.raw`\b(?:[Mm][Rr][Nn])[-\s]?\d{6,10}\b`
-  },
   // Bitcoin addresses
   {
     name: "bitcoin_addresses",
@@ -478,11 +1250,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "ethereum_addresses",
     pattern: String.raw`\b0x[a-fA-F0-9]{40}(?![a-fA-F0-9])\b`
   },
-  // UUIDs
-  {
-    name: "uuids",
-    pattern: String.raw`\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(?![0-9a-fA-F-])\b`
-  },
   // Database connection strings
   {
     name: "database_connections",
@@ -501,90 +1268,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "certificates",
     pattern: "-----BEGIN CERTIFICATE-----"
   },
-  // Date of birth patterns
-  {
-    name: "date_of_birth_us",
-    pattern: String.raw`\b(?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\\d|3[01])[-/](?:19|20)\\d{2}\b`
-  },
-  {
-    name: "date_of_birth_iso",
-    pattern: String.raw`\b(?:19|20)\\d{2}[-/](?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\\d|3[01])\b`
-  },
-  // US Identification Numbers
-  {
-    name: "us_passport_numbers",
-    pattern: String.raw`\b[A-Z]?\\d{6,9}\b`
-  },
-  {
-    name: "drivers_license",
-    pattern: String.raw`\b[A-Z]{1,2}\\d{3,8}[-\s]?\\d{2,5}[-\s]?\\d{2,5}[-\s]?\\d{1,5}[-\s]?\\d?\b`
-  },
-  {
-    name: "bank_account_numbers",
-    pattern: String.raw`\b\\d{10,17}\b`
-  },
-  {
-    name: "aba_routing_numbers",
-    pattern: String.raw`\b((0[0-9])|(1[0-2])|(2[1-9])|(3[0-2])|(6[1-9])|(7[0-2])|80)([0-9]{7})\b`
-  },
-  {
-    name: "health_insurance_numbers",
-    pattern: String.raw`\b\\d{10}[A-Z]\b`
-  },
-  {
-    name: "employee_ids",
-    pattern: String.raw`\b(?:[Ee][Mm][Pp]|[Ee][Mm][Pp][Ll][Oo][Yy][Ee][Ee]|[Ee])[-\s]?\\d{5,8}\b`
-  },
-  {
-    name: "tax_ein",
-    pattern: String.raw`\b\\d{2}-\\d{7}\b`
-  },
-  {
-    name: "medicare_beneficiary_id",
-    pattern: String.raw`\b[1-9][A-Z][A-Z0-9]\\d-[A-Z][A-Z0-9]\\d-[A-Z][A-Z0-9]\\d{2}\b`
-  },
-  {
-    name: "national_provider_id",
-    pattern: String.raw`\b1\\d{9}\b`
-  },
-  {
-    name: "dea_numbers",
-    pattern: String.raw`\b[A-Z]{2}\\d{7}\b`
-  },
-  {
-    name: "itin",
-    pattern: String.raw`\b9\\d{2}(?:[ \\-]?)[7,8]\\d(?:[ \\-]?)\\d{4}\b`
-  },
-  // Vehicle and Location
-  {
-    name: "vin_numbers",
-    pattern: String.raw`\b[A-HJ-NPR-Z0-9]{17}\b`
-  },
-  {
-    name: "coordinates",
-    pattern: String.raw`\b[-+]?(?:[0-8]?\\d(?:\\.\\d+)?|90(?:\\.0+)?),\\s*[-+]?(?:1[0-7]\\d(?:\\.\\d+)?|180(?:\\.0+)?|[0-9]?\\d(?:\\.\\d+)?)\b`
-  },
-  {
-    name: "us_license_plates",
-    pattern: String.raw`\b[A-Z]{1,3}[-\s]\\d{1,4}[A-Z]?\b|\b\\d{1,2}[A-Z]{1,3}\\d{1,4}\b`
-  },
-  {
-    name: "us_zip_codes",
-    pattern: String.raw`\b(\\d{5}-\\d{4}|\\d{5})\b`
-  },
-  {
-    name: "us_street_addresses",
-    pattern: String.raw`\b\\d{1,8}\b[\\s\\S]{10,100}?\b(AK|AL|AR|AZ|CA|CO|CT|DC|DE|FL|GA|HI|IA|ID|IL|IN|KS|KY|LA|MA|MD|ME|MI|MN|MO|MS|MT|NC|ND|NE|NH|NJ|NM|NV|NY|OH|OK|OR|PA|RI|SC|SD|TN|TX|UT|VA|VT|WA|WI|WV|WY)\b\\s\\d{5}\b`
-  },
-  // International Banking
-  {
-    name: "iban",
-    pattern: String.raw`\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}([A-Z0-9]?){0,16}\b`
-  },
-  {
-    name: "swift_bic",
-    pattern: String.raw`\b[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?\b`
-  },
   // Additional API Keys and Tokens
   {
     name: "google_oauth",
@@ -647,73 +1330,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "putty_ssh_keys",
     pattern: String.raw`PuTTY-User-Key-File-2: ssh-(?:rsa|dss)\s*Encryption: none(?:.|\s?)*?Private-MAC:`
   },
-  // International Phone Numbers
-  {
-    name: "france_phone_numbers",
-    pattern: String.raw`\b([0O]?[1lI][1lI])?[3E][3E][0O]?[\\dOIlZEASB]{9}\b`
-  },
-  {
-    name: "german_phone_numbers",
-    pattern: String.raw`\b[\d\w]\d{2}[\d\w]{6}\d[\d\w]\b`
-  },
-  {
-    name: "uk_phone_numbers",
-    pattern: String.raw`\b([0O]?[1lI][1lI])?[4A][4A][\\dOIlZEASB]{10,11}\b`
-  },
-  // International IDs
-  {
-    name: "uk_drivers_license",
-    pattern: String.raw`\b[A-Z]{5}\d{6}[A-Z]{2}\d{1}[A-Z]{2}\b`
-  },
-  {
-    name: "uk_passport",
-    pattern: String.raw`\b\\d{10}GB[RP]\\d{7}[UMF]{1}\\d{9}\b`
-  },
-  {
-    name: "argentina_dni",
-    pattern: String.raw`\b\\d{2}\\.\\d{3}\\.\\d{3}\b`
-  },
-  {
-    name: "australia_tfn",
-    pattern: String.raw`\b[Tt][Ff][Nn](:|:\\s|\\s|)(\\d{8,9})\b`
-  },
-  {
-    name: "canada_passport",
-    pattern: String.raw`\b[\\w]{2}[\\d]{6}\b`
-  },
-  {
-    name: "croatia_vat",
-    pattern: String.raw`\bHR\\d{11}\b`
-  },
-  {
-    name: "czech_vat",
-    pattern: String.raw`\bCZ\\d{8,10}\b`
-  },
-  {
-    name: "denmark_personal_id",
-    pattern: String.raw`\b(?:\\d{10}|\\d{6}[-\\s]\\d{4})\b`
-  },
-  {
-    name: "france_national_id",
-    pattern: String.raw`\b\\d{12}\b`
-  },
-  {
-    name: "france_ssn",
-    pattern: String.raw`\b(?:\\d{13}|\\d{13}\\s\\d{2})\b`
-  },
-  {
-    name: "france_passport",
-    pattern: String.raw`\b\\d{2}11\\d{5}\b`
-  },
-  {
-    name: "california_drivers_license",
-    pattern: String.raw`\b[A-Z]{1}\\d{7}\b`
-  },
-  // Medical and Healthcare
-  {
-    name: "hipaa_ndc",
-    pattern: String.raw`\b\\d{4,5}-\\d{3,4}-\\d{1,2}\b`
-  },
   // Security and Network
   {
     name: "cve_numbers",
@@ -747,44 +1363,6 @@ var DEFAULT_PII_PATTERNS = [
   {
     name: "discover_cards",
     pattern: String.raw`\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}\b`
-  },
-  {
-    name: "enhanced_credit_cards",
-    pattern: String.raw`\b((4\\d{3}|5[1-5]\\d{2}|2\\d{3}|3[47]\\d{1,2})[\\s\\-]?\\d{4,6}[\\s\\-]?\\d{4,6}?([\\s\\-]\\d{3,4})?(\\d{3})?)\b`
-  },
-  // Bank Routing Numbers (US specific)
-  {
-    name: "bbva_routing_ca",
-    pattern: String.raw`\\b321170538\\b`
-  },
-  {
-    name: "boa_routing_ca",
-    pattern: String.raw`\\b(?:121|026)00(?:0|9)(?:358|593)\\b`
-  },
-  {
-    name: "chase_routing_ca",
-    pattern: String.raw`\\b322271627\\b`
-  },
-  {
-    name: "citibank_routing_ca",
-    pattern: String.raw`\\b32(?:11|22)71(?:18|72)4\\b`
-  },
-  {
-    name: "usbank_routing_ca",
-    pattern: String.raw`\\b12(?:1122676|2235821)\\b`
-  },
-  {
-    name: "united_bank_routing_ca",
-    pattern: String.raw`\\b122243350\\b`
-  },
-  {
-    name: "wells_fargo_routing_ca",
-    pattern: String.raw`\\b121042882\\b`
-  },
-  // Unrealistic alphanumeric identifiers
-  {
-    name: "generic_non_usual",
-    pattern: String.raw`(?:^|\s)(?=[A-Za-z0-9_\)\*\=@]*[A-Za-z])(?=[A-Za-z0-9_\)\*\=@]*[0-9])([A-Za-z0-9_\)\*\=@]{5,})(?=\s|$)`
   }
 ];
@@ -1004,13 +1582,6 @@ function maskAttributes(attributes, rules, outputOriginalValue = false) {
   return maskedAttributes;
 }
-// src/internal/semantic-conventions.ts
-var import_api2 = require("@opentelemetry/api");
-var BRIZZ = "brizz";
-var PROPERTIES = "properties";
-var PROPERTIES_CONTEXT_KEY = (0, import_api2.createContextKey)(PROPERTIES);
-var SESSION_OBJECT_CONTEXT_KEY = (0, import_api2.createContextKey)("brizz.session.object");
 // src/internal/log/processors/log-processor.ts
 var DEFAULT_LOG_MASKING_RULES = [
   {
@@ -1030,7 +1601,7 @@ var BrizzSimpleLogRecordProcessor = class extends import_sdk_logs.SimpleLogRecor
     if (maskingConfig) {
       maskLog(logRecord, maskingConfig);
     }
-    const associationProperties = import_api3.context.active().getValue(PROPERTIES_CONTEXT_KEY);
+    const associationProperties = import_api8.context.active().getValue(PROPERTIES_CONTEXT_KEY);
     if (associationProperties) {
       for (const [key, value] of Object.entries(associationProperties)) {
         logRecord.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1050,7 +1621,7 @@ var BrizzBatchLogRecordProcessor = class extends import_sdk_logs.BatchLogRecordP
     if (maskingConfig) {
       maskLog(logRecord, maskingConfig);
     }
-    const associationProperties = import_api3.context.active().getValue(PROPERTIES_CONTEXT_KEY);
+    const associationProperties = import_api8.context.active().getValue(PROPERTIES_CONTEXT_KEY);
     if (associationProperties) {
       for (const [key, value] of Object.entries(associationProperties)) {
         logRecord.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1437,10 +2008,10 @@ var BrizzSpanExporter = class {
 };
 // src/internal/trace/processors/span-processor.ts
-var import_api4 = require("@opentelemetry/api");
+var import_api9 = require("@opentelemetry/api");
 var import_sdk_trace_base = require("@opentelemetry/sdk-trace-base");
 function applyContextAttributes(span) {
-  const sessionProperties = import_api4.context.active().getValue(PROPERTIES_CONTEXT_KEY);
+  const sessionProperties = import_api9.context.active().getValue(PROPERTIES_CONTEXT_KEY);
   if (sessionProperties) {
     for (const [key, value] of Object.entries(sessionProperties)) {
       span.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1450,12 +2021,6 @@ function applyContextAttributes(span) {
 var DEFAULT_MASKING_RULES = [
   {
     mode: "partial",
-    attributePattern: "gen_ai.prompt",
-    patterns: DEFAULT_PII_PATTERNS
-  },
-  {
-    mode: "partial",
-    attributePattern: "gen_ai.completion",
     patterns: DEFAULT_PII_PATTERNS
   }
 ];
@@ -1465,24 +2030,16 @@ var BrizzSimpleSpanProcessor = class extends import_sdk_trace_base.SimpleSpanPro
     super(spanExporter);
     this.config = config;
   }
-  // Will work with the following code:
-  // const span = tracer.startSpan('sensitive-operation',{attributes:{
-  //     'user.password': 'secret123',
-  //     'user.email': 'user@example.com',
-  //   }});
-  //
-  // Won't work because onStart is called before attributes are set:
-  // span.setAttributes({
-  //    'user.password': 'secret123',
-  //    'user.email': 'user@example.com'
-  //  });
   onStart(span, parentContext) {
+    applyContextAttributes(span);
+    super.onStart(span, parentContext);
+  }
+  onEnd(span) {
     const maskingConfig = this.config.masking?.spanMasking;
     if (maskingConfig) {
-      maskSpan(span, maskingConfig);
+      maskReadableSpan(span, maskingConfig);
     }
-    applyContextAttributes(span);
-    super.onStart(span, parentContext);
+    super.onEnd(span);
   }
 };
 var BrizzBatchSpanProcessor = class extends import_sdk_trace_base.BatchSpanProcessor {
@@ -1492,39 +2049,39 @@ var BrizzBatchSpanProcessor = class extends import_sdk_trace_base.BatchSpanProce
     this.config = config;
   }
   onStart(span, parentContext) {
+    applyContextAttributes(span);
+    super.onStart(span, parentContext);
+  }
+  onEnd(span) {
     const maskingConfig = this.config.masking?.spanMasking;
     if (maskingConfig) {
-      maskSpan(span, maskingConfig);
+      maskReadableSpan(span, maskingConfig);
     }
-    applyContextAttributes(span);
-    super.onStart(span, parentContext);
+    super.onEnd(span);
   }
 };
-function maskSpan(span, config) {
-  if (!span.attributes || Object.keys(span.attributes).length === 0) {
-    return span;
+function maskReadableSpan(span, config) {
+  const attrs = span.attributes;
+  if (!attrs || Object.keys(attrs).length === 0) {
+    return;
   }
-  let rules = config.rules || [];
+  let rules = config.rules ? [...config.rules] : [];
   if (!config.disableDefaultRules) {
-    rules = [...DEFAULT_MASKING_RULES, ...rules];
+    rules = [...rules, ...DEFAULT_MASKING_RULES];
   }
   try {
-    const attributesRecord = {};
-    for (const [key, value] of Object.entries(span.attributes)) {
-      attributesRecord[key] = value;
-    }
-    const maskedAttributes = maskAttributes(attributesRecord, rules);
-    if (maskedAttributes && Object.keys(maskedAttributes).length > 0) {
-      const merged = { ...span.attributes };
-      for (const [key, value] of Object.entries(maskedAttributes)) {
-        merged[key] = value;
+    const input = {};
+    for (const [k, v] of Object.entries(attrs)) {
+      input[k] = v;
+    }
+    const masked = maskAttributes(input, rules);
+    for (const [k, v] of Object.entries(masked ?? {})) {
+      if (attrs[k] !== v) {
+        attrs[k] = v;
       }
-      span.setAttributes(merged);
     }
-    return span;
   } catch (error) {
-    logger.error("Error masking span:", error);
-    return span;
+    logger.error("Error masking span", { err: error });
   }
 }
@@ -1637,7 +2194,7 @@ function getSpanProcessor() {
 }
 // src/internal/trace/session.ts
-var import_api5 = require("@opentelemetry/api");
+var import_api10 = require("@opentelemetry/api");
 // src/internal/sdk.ts
 var _Brizz = class __Brizz {
@@ -1970,15 +2527,18 @@ if (runtime.isESM && runtime.supportsLoaderAPI) {
   maybeRegisterESMLoader();
 }
 try {
-  Brizz.initialize({
-    apiKey: process.env["BRIZZ_API_KEY"],
-    baseUrl: process.env["BRIZZ_BASE_URL"],
-    appName: process.env["BRIZZ_APP_NAME"] || process.env["OTEL_SERVICE_NAME"],
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    logLevel: process.env["BRIZZ_LOG_LEVEL"] || DEFAULT_LOG_LEVEL.toString(),
-    // Enable auto-instrumentation by default in preload mode
-    disableNodeSdk: false
-  });
+  const logLevel = process.env["BRIZZ_LOG_LEVEL"] || DEFAULT_LOG_LEVEL.toString();
+  if (process.env["BRIZZ_DSN"]) {
+    Brizz.initialize({ logLevel, disableNodeSdk: false });
+  } else {
+    Brizz.initialize({
+      apiKey: process.env["BRIZZ_API_KEY"],
+      baseUrl: process.env["BRIZZ_BASE_URL"],
+      appName: process.env["BRIZZ_APP_NAME"] || process.env["OTEL_SERVICE_NAME"],
+      logLevel,
+      disableNodeSdk: false
+    });
+  }
   logger.info(`SDK auto-initialized for ${runtime.isESM ? "ESM" : "CJS"} runtime`);
 } catch (error) {
   logger.warn("Failed to auto-initialize SDK:", { error });