@brizz/sdk 0.1.21 → 0.1.25

package/dist/preload.js

@@ -142,6 +142,38 @@ function setLogLevel(level) {
 import { resourceFromAttributes as resourceFromAttributes3 } from "@opentelemetry/resources";
 import { NodeSDK } from "@opentelemetry/sdk-node";
 
+// src/internal/dsn.ts
+var PLACEHOLDER_SERVICE = "<service-name>";
+var SERVICE_NAME_HEADER = "X-Brizz-Service-Name";
+function parseDSN(dsn) {
+  let parsed;
+  try {
+    parsed = new globalThis.URL(dsn);
+  } catch {
+    return null;
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:" || !parsed.username || !parsed.host) {
+    return null;
+  }
+  const scheme = parsed.protocol === "https:" ? "https" : "http";
+  let service;
+  try {
+    service = decodeURIComponent(parsed.pathname.replace(/^\//, ""));
+  } catch {
+    return null;
+  }
+  if (service === "" || service === PLACEHOLDER_SERVICE) {
+    return null;
+  }
+  return {
+    scheme,
+    host: parsed.host,
+    bearer: decodeURIComponent(parsed.username),
+    service,
+    baseUrl: `${scheme}://${parsed.host}`
+  };
+}
+
 // src/internal/config.ts
 function resolveConfig(options) {
   const envLogLevel = process.env["BRIZZ_LOG_LEVEL"] || options.logLevel?.toString() || DEFAULT_LOG_LEVEL.toString();
@@ -168,6 +200,7 @@ function resolveConfig(options) {
     appName: options.appName,
     baseUrl: options.baseUrl,
     hasApiKey: !!options.apiKey,
+    dsnProvided: !!(process.env["BRIZZ_DSN"] || options.dsn),
     disableBatch: options.disableBatch,
     logLevel: resolvedLogLevel,
     headersCount: Object.keys(options.headers || {}).length,
@@ -195,7 +228,42 @@ function resolveConfig(options) {
     logLevel: resolvedLogLevel,
     masking: resolvedMasking
   };
-  if (resolvedConfig.apiKey) {
+  const dsnInput = process.env["BRIZZ_DSN"] || options.dsn;
+  let parsedDSN = null;
+  if (dsnInput) {
+    const kwargConflicts = [];
+    if (options.apiKey !== void 0) {
+      kwargConflicts.push("apiKey");
+    }
+    if (options.baseUrl !== void 0) {
+      kwargConflicts.push("baseUrl");
+    }
+    if (options.appName !== void 0) {
+      kwargConflicts.push("appName");
+    }
+    if (kwargConflicts.length > 0) {
+      throw new Error(
+        `dsn cannot be combined with kwargs ${kwargConflicts.join(", ")}. The DSN bundles bearer, gateway URL, and service name \u2014 choose one configuration style.`
+      );
+    }
+    const envConflicts = ["BRIZZ_API_KEY", "BRIZZ_BASE_URL", "BRIZZ_APP_NAME"].filter(
+      (name) => process.env[name] !== void 0
+    );
+    if (envConflicts.length > 0) {
+      logger.warn(
+        `Ignoring ${envConflicts.join(", ")} \u2014 dsn / BRIZZ_DSN takes precedence.`
+      );
+    }
+    resolvedConfig.apiKey = void 0;
+    resolvedConfig.baseUrl = "https://telemetry.brizz.dev";
+    resolvedConfig.appName = "unknown-app";
+    parsedDSN = parseDSN(dsnInput);
+    if (parsedDSN) {
+      resolvedConfig.appName = parsedDSN.service;
+      resolvedConfig.baseUrl = parsedDSN.baseUrl;
+      resolvedConfig.apiKey = parsedDSN.bearer;
+    }
+  } else if (resolvedConfig.apiKey) {
     resolvedConfig.headers["Authorization"] = `Bearer ${resolvedConfig.apiKey}`;
   }
   if (process.env["BRIZZ_HEADERS"]) {
@@ -210,14 +278,28 @@ function resolveConfig(options) {
       throw new Error("Invalid JSON in BRIZZ_HEADERS environment variable", { cause: error });
     }
   }
+  if (dsnInput) {
+    const authHeaderKeys = /* @__PURE__ */ new Set(["authorization", SERVICE_NAME_HEADER.toLowerCase()]);
+    resolvedConfig.headers = Object.fromEntries(
+      Object.entries(resolvedConfig.headers).filter(
+        ([key]) => !authHeaderKeys.has(key.toLowerCase())
+      )
+    );
+    if (parsedDSN) {
+      resolvedConfig.headers["Authorization"] = `Bearer ${parsedDSN.bearer}`;
+      resolvedConfig.headers[SERVICE_NAME_HEADER] = parsedDSN.service;
+    }
+  }
   logger.debug("Configuration resolved with environment variables", {
     appName: resolvedConfig.appName,
     baseUrl: resolvedConfig.baseUrl,
     hasApiKey: !!resolvedConfig.apiKey,
+    dsnProvided: !!dsnInput,
     disableBatch: resolvedConfig.disableBatch,
     envOverrides: {
       hasEnvApiKey: !!process.env["BRIZZ_API_KEY"],
       hasEnvBaseUrl: !!process.env["BRIZZ_BASE_URL"],
+      hasEnvDsn: !!process.env["BRIZZ_DSN"],
       hasEnvBatch: !!process.env["BRIZZ_DISABLE_BATCH"],
       hasEnvHeaders: !!process.env["BRIZZ_HEADERS"]
     }
@@ -241,6 +323,716 @@ import { PineconeInstrumentation } from "@traceloop/instrumentation-pinecone";
 import { QdrantInstrumentation } from "@traceloop/instrumentation-qdrant";
 import { TogetherInstrumentation } from "@traceloop/instrumentation-together";
 import { VertexAIInstrumentation } from "@traceloop/instrumentation-vertexai";
+
+// src/internal/instrumentation/mcp/instrumentation.ts
+import { MCPInstrumentation as BaseMCPInstrumentation } from "@arizeai/openinference-instrumentation-mcp";
+import { trace as trace2 } from "@opentelemetry/api";
+import { InstrumentationNodeModuleDefinition } from "@opentelemetry/instrumentation";
+
+// src/internal/instrumentation/mcp/patches/protocol.ts
+import { context as context2, propagation, SpanKind as SpanKind2, trace } from "@opentelemetry/api";
+
+// src/internal/instrumentation/mcp/schemas.ts
+import { SpanKind, SpanStatusCode } from "@opentelemetry/api";
+
+// src/internal/semantic-conventions.ts
+import { createContextKey } from "@opentelemetry/api";
+var BRIZZ = "brizz";
+var PROPERTIES = "properties";
+var SESSION_ID = "session.id";
+var PROPERTIES_CONTEXT_KEY = createContextKey(PROPERTIES);
+var SESSION_OBJECT_CONTEXT_KEY = createContextKey("brizz.session.object");
+
+// src/internal/instrumentation/mcp/semantic-conventions.ts
+var MCP_TOOL_NAME = "mcp.tool.name";
+var MCP_TOOL_ARGUMENTS = "mcp.tool.arguments";
+var MCP_TOOL_RESULT = "mcp.tool.result";
+var MCP_COMPONENT_TYPE = "mcp.component.type";
+var MCP_COMPONENT_TOOL = "tool";
+var MCP_COMPONENT_TOOL_SCHEMA = "tool_schema";
+var MCP_TOOL_SCHEMA_PARAMETERS = "mcp.tool.schema.parameters";
+var MCP_TOOL_SCHEMA_OUTPUT = "mcp.tool.schema.output";
+var MCP_TOOL_DESCRIPTION = "mcp.tool.description";
+var SPAN_NAME_TOOL_REGISTER = "mcp.tool.register";
+var MCP_METHOD_NAME = "mcp.method.name";
+var MCP_REQUEST_ID = "mcp.request.id";
+var MCP_SESSION_ID = "mcp.session.id";
+var MCP_PROTOCOL_VERSION = "mcp.protocol.version";
+var MCP_RESOURCE_URI = "mcp.resource.uri";
+var RPC_SYSTEM = "rpc.system";
+var RPC_SYSTEM_MCP = "mcp";
+var RPC_RESPONSE_STATUS_CODE = "rpc.response.status_code";
+var GEN_AI_TOOL_NAME = "gen_ai.tool.name";
+var GEN_AI_PROMPT_NAME = "gen_ai.prompt.name";
+var GEN_AI_OPERATION_NAME = "gen_ai.operation.name";
+var GEN_AI_OPERATION_EXECUTE_TOOL = "execute_tool";
+var NETWORK_TRANSPORT = "network.transport";
+var ERROR_TYPE = "error.type";
+var ERROR_TYPE_TOOL = "tool_error";
+var JSONRPC_REQUEST_ID = "jsonrpc.request.id";
+var SPAN_NAME_TOOLS_CALL = "tools/call";
+var MAX_ATTRIBUTE_LENGTH = 32 * 1024;
+var TRUNCATION_SUFFIX = "\u2026(truncated)";
+var METHOD_TOOLS_CALL = "tools/call";
+var METHOD_TOOLS_LIST = "tools/list";
+var METHOD_RESOURCES_READ = "resources/read";
+var METHOD_PROMPTS_GET = "prompts/get";
+var METHOD_INITIALIZE = "initialize";
+
+// src/internal/instrumentation/mcp/schemas.ts
+var _MAX_SCHEMA_ATTR_BYTES = 4e3;
+function truncateSchemaAttr(value) {
+  if (value.length <= _MAX_SCHEMA_ATTR_BYTES) {
+    return value;
+  }
+  return `{"_truncated":true,"original_length":${value.length}}`;
+}
+function safeStringify(value) {
+  if (value === null || value === void 0) {
+    return "";
+  }
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return "";
+  }
+}
+function emitSchemaSpansFromListResponse(result, transportSessionId, tracer) {
+  if (!transportSessionId) {
+    return;
+  }
+  const tools = extractTools(result);
+  if (tools === void 0) {
+    return;
+  }
+  for (const tool of tools) {
+    const name = typeof tool.name === "string" ? tool.name : void 0;
+    if (!name) {
+      continue;
+    }
+    const span = tracer.startSpan(`${SPAN_NAME_TOOL_REGISTER} ${name}`, {
+      kind: SpanKind.INTERNAL
+    });
+    try {
+      stampSchemaAttributes(span, name, transportSessionId, tool);
+      span.setStatus({ code: SpanStatusCode.OK });
+    } finally {
+      span.end();
+    }
+  }
+}
+function stampSchemaAttributes(span, toolName, transportSessionId, tool) {
+  if (!span.isRecording()) {
+    logger.warn(
+      `Brizz MCP: schema span is not recording; dropping attributes for ${toolName}`
+    );
+    return;
+  }
+  const description = typeof tool.description === "string" ? tool.description : "";
+  const parameters = truncateSchemaAttr(safeStringify(tool.inputSchema));
+  const outputSchema = tool.outputSchema !== void 0 && tool.outputSchema !== null ? truncateSchemaAttr(safeStringify(tool.outputSchema)) : "";
+  span.setAttribute(RPC_SYSTEM, RPC_SYSTEM_MCP);
+  span.setAttribute(MCP_COMPONENT_TYPE, MCP_COMPONENT_TOOL_SCHEMA);
+  span.setAttribute(MCP_SESSION_ID, transportSessionId);
+  span.setAttribute(`${BRIZZ}.${SESSION_ID}`, transportSessionId);
+  span.setAttribute(MCP_TOOL_NAME, toolName);
+  span.setAttribute(MCP_TOOL_SCHEMA_PARAMETERS, parameters);
+  span.setAttribute(MCP_TOOL_SCHEMA_OUTPUT, outputSchema);
+  span.setAttribute(MCP_TOOL_DESCRIPTION, description);
+}
+function extractTools(result) {
+  if (!result || typeof result !== "object") {
+    return void 0;
+  }
+  const tools = result.tools;
+  if (!Array.isArray(tools)) {
+    return void 0;
+  }
+  return tools.filter(
+    (t) => t !== null && typeof t === "object"
+  );
+}
+
+// src/internal/instrumentation/mcp/session.ts
+import { context } from "@opentelemetry/api";
+function stampAndPropagateSession(span, sessionId, baseContext = context.active()) {
+  if (!sessionId) {
+    return { context: baseContext, sessionId: null };
+  }
+  if (span.isRecording()) {
+    try {
+      span.setAttribute(`${BRIZZ}.${SESSION_ID}`, sessionId);
+    } catch (error) {
+      logger.warn(
+        `Brizz MCP: failed to stamp session id on span: ${String(error)}`
+      );
+    }
+  }
+  try {
+    const prev = baseContext.getValue(PROPERTIES_CONTEXT_KEY);
+    const merged = prev ? { ...prev, [SESSION_ID]: sessionId } : { [SESSION_ID]: sessionId };
+    return {
+      context: baseContext.setValue(PROPERTIES_CONTEXT_KEY, merged),
+      sessionId
+    };
+  } catch (error) {
+    logger.warn(`Brizz MCP: failed to attach session context: ${String(error)}`);
+    return { context: baseContext, sessionId };
+  }
+}
+
+// src/internal/instrumentation/mcp/patches/attributes.ts
+import { SpanStatusCode as SpanStatusCode2 } from "@opentelemetry/api";
+function deriveSpanName(method, params) {
+  try {
+    if (method === METHOD_TOOLS_CALL) {
+      const name = typeof params?.["name"] === "string" ? params["name"] : "";
+      return name ? `${SPAN_NAME_TOOLS_CALL} ${name}` : SPAN_NAME_TOOLS_CALL;
+    }
+    if (method === METHOD_RESOURCES_READ) {
+      const uri = typeof params?.["uri"] === "string" ? params["uri"] : "";
+      return uri ? `${METHOD_RESOURCES_READ} ${uri}` : METHOD_RESOURCES_READ;
+    }
+    if (method === METHOD_PROMPTS_GET) {
+      const name = typeof params?.["name"] === "string" ? params["name"] : "";
+      return name ? `${METHOD_PROMPTS_GET} ${name}` : METHOD_PROMPTS_GET;
+    }
+    return method;
+  } catch {
+    return method || "mcp";
+  }
+}
+function applyBaseAttributes(span, request) {
+  span.setAttribute(RPC_SYSTEM, RPC_SYSTEM_MCP);
+  if (request.method) {
+    span.setAttribute(MCP_METHOD_NAME, request.method);
+  }
+  if (request.id !== void 0 && request.id !== null) {
+    const id = String(request.id);
+    span.setAttribute(MCP_REQUEST_ID, id);
+    span.setAttribute(JSONRPC_REQUEST_ID, id);
+  }
+}
+function applyClientRequestAttributes(span, request, transportName) {
+  applyBaseAttributes(span, request);
+  applyMethodSpecificRequestAttributes(span, request);
+  if (transportName) {
+    const transport = normalizeTransport(transportName);
+    if (transport) {
+      span.setAttribute(NETWORK_TRANSPORT, transport);
+    }
+  }
+}
+function applyServerRequestAttributes(span, request, protocol) {
+  applyBaseAttributes(span, request);
+  applyMethodSpecificRequestAttributes(span, request);
+  if (request.method === METHOD_TOOLS_CALL) {
+    const args = request.params?.["arguments"];
+    if (args !== void 0) {
+      span.setAttribute(MCP_TOOL_ARGUMENTS, serializeForAttribute(args));
+    }
+  }
+  const sessionId = protocol.sessionId ?? protocol._transport?.sessionId;
+  if (sessionId) {
+    span.setAttribute(MCP_SESSION_ID, String(sessionId));
+  }
+}
+function applyMethodSpecificRequestAttributes(span, request) {
+  const params = request.params ?? {};
+  switch (request.method) {
+    case METHOD_TOOLS_CALL: {
+      const name = typeof params["name"] === "string" ? params["name"] : "";
+      if (name) {
+        span.setAttribute(MCP_TOOL_NAME, name);
+        span.setAttribute(GEN_AI_TOOL_NAME, name);
+      }
+      span.setAttribute(MCP_COMPONENT_TYPE, MCP_COMPONENT_TOOL);
+      span.setAttribute(GEN_AI_OPERATION_NAME, GEN_AI_OPERATION_EXECUTE_TOOL);
+      break;
+    }
+    case METHOD_RESOURCES_READ: {
+      const uri = typeof params["uri"] === "string" ? params["uri"] : "";
+      if (uri) {
+        span.setAttribute(MCP_RESOURCE_URI, uri);
+      }
+      break;
+    }
+    case METHOD_PROMPTS_GET: {
+      const name = typeof params["name"] === "string" ? params["name"] : "";
+      if (name) {
+        span.setAttribute(GEN_AI_PROMPT_NAME, name);
+      }
+      break;
+    }
+    default:
+      break;
+  }
+}
+function applyResultAttributes(span, method, result) {
+  if (method === METHOD_INITIALIZE && result && typeof result === "object") {
+    const protocolVersion = result["protocolVersion"];
+    if (typeof protocolVersion === "string") {
+      span.setAttribute(MCP_PROTOCOL_VERSION, protocolVersion);
+    }
+    return;
+  }
+  if (method !== METHOD_TOOLS_CALL) {
+    return;
+  }
+  const obj = result && typeof result === "object" ? result : null;
+  const content = obj?.["content"] ?? result;
+  span.setAttribute(MCP_TOOL_RESULT, serializeForAttribute(content));
+  if (obj && obj["isError"] === true) {
+    span.setAttribute(ERROR_TYPE, ERROR_TYPE_TOOL);
+    const message = extractToolErrorMessage(obj);
+    span.setStatus({ code: SpanStatusCode2.ERROR, message });
+  }
+}
+function applyErrorAttributes(span, err) {
+  const error = err;
+  const code = error?.code;
+  if (typeof code === "number") {
+    span.setAttribute(RPC_RESPONSE_STATUS_CODE, code);
+    span.setAttribute(ERROR_TYPE, String(code));
+  } else if (error?.name === "AbortError") {
+    span.setAttribute(ERROR_TYPE, "cancelled");
+  } else if (error?.name === "TimeoutError") {
+    span.setAttribute(ERROR_TYPE, "timeout");
+  } else {
+    span.setAttribute(
+      ERROR_TYPE,
+      error?.constructor?.name || error?.name || "Error"
+    );
+  }
+  try {
+    span.recordException(error);
+  } catch {
+  }
+  span.setStatus({
+    code: SpanStatusCode2.ERROR,
+    message: typeof error?.message === "string" ? error.message : void 0
+  });
+}
+function serializeForAttribute(value) {
+  const raw = rawSerialize(value);
+  if (raw.length <= MAX_ATTRIBUTE_LENGTH) {
+    return raw;
+  }
+  return raw.slice(0, MAX_ATTRIBUTE_LENGTH - TRUNCATION_SUFFIX.length) + TRUNCATION_SUFFIX;
+}
+function rawSerialize(value) {
+  if (value === null || value === void 0) {
+    return "";
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  try {
+    return JSON.stringify(value);
+  } catch {
+    try {
+      if (value === null || value === void 0) {
+        return "";
+      }
+      const tag = Object.prototype.toString.call(value);
+      return typeof value.toString === "function" ? (
+        // eslint-disable-next-line @typescript-eslint/no-base-to-string
+        String(value)
+      ) : tag;
+    } catch {
+      return "";
+    }
+  }
+}
+function extractToolErrorMessage(result) {
+  const content = result["content"];
+  if (Array.isArray(content)) {
+    for (const item of content) {
+      if (item && typeof item === "object") {
+        const text = item["text"];
+        if (typeof text === "string") {
+          return text;
+        }
+      }
+    }
+  }
+  return void 0;
+}
+function normalizeTransport(ctorName) {
+  const name = ctorName.toLowerCase();
+  if (name.includes("stdio")) {
+    return "stdio";
+  }
+  if (name.includes("sse")) {
+    return "sse";
+  }
+  if (name.includes("streamablehttp") || name.includes("http")) {
+    return "http";
+  }
+  return null;
+}
+
+// src/internal/instrumentation/mcp/patches/protocol.ts
+var PATCHED_FLAG = /* @__PURE__ */ Symbol("brizz.mcp.protocol-patched");
+function patchProtocolPrototype(prototype, tracer) {
+  if (!prototype || typeof prototype !== "object") {
+    return false;
+  }
+  const proto = prototype;
+  if (proto[PATCHED_FLAG]) {
+    logger.debug("Brizz MCP: Protocol.prototype already patched, skipping");
+    return false;
+  }
+  const originalRequest = proto["request"];
+  const originalOnRequest = proto["_onrequest"];
+  if (typeof originalRequest === "function") {
+    proto["request"] = wrapRequest(originalRequest, tracer);
+  } else {
+    logger.debug(
+      "Brizz MCP: Protocol.prototype.request missing \u2014 skipping CLIENT patch"
+    );
+  }
+  if (typeof originalOnRequest === "function") {
+    proto["_onrequest"] = wrapOnRequest(
+      originalOnRequest,
+      tracer
+    );
+  } else {
+    logger.debug(
+      "Brizz MCP: Protocol.prototype._onrequest missing \u2014 skipping SERVER patch"
+    );
+  }
+  proto[PATCHED_FLAG] = true;
+  return true;
+}
+function wrapRequest(original, tracer) {
+  return function wrappedRequest(...args) {
+    const request = args[0];
+    if (!request || typeof request !== "object" || !request.method) {
+      return original.apply(this, args);
+    }
+    const span = safeStartClientSpan(tracer, request, this);
+    if (!span) {
+      return original.apply(this, args);
+    }
+    return executeAroundSpan(span, request.method, () => {
+      const ctx = trace.setSpan(context2.active(), span);
+      return context2.with(ctx, () => original.apply(this, args));
+    });
+  };
+}
+function wrapOnRequest(original, tracer) {
+  return function wrappedOnRequest(...args) {
+    const request = args[0];
+    if (!request || typeof request !== "object" || !request.method) {
+      return original.apply(this, args);
+    }
+    const handlers = this._requestHandlers;
+    if (!handlers || typeof handlers.get !== "function") {
+      return original.apply(this, args);
+    }
+    const method = request.method;
+    const handler = handlers.get(method) ?? this.fallbackRequestHandler;
+    if (!handler) {
+      return original.apply(this, args);
+    }
+    const started = safeStartServerSpan(tracer, request, this);
+    if (!started) {
+      return original.apply(this, args);
+    }
+    const { span, spanCtx } = started;
+    const transportSessionId = this.sessionId ?? this._transport?.sessionId;
+    const postResult = method === METHOD_TOOLS_LIST ? (result) => {
+      try {
+        emitSchemaSpansFromListResponse(result, transportSessionId, tracer);
+      } catch (error) {
+        logger.warn(
+          `Brizz MCP: failed to emit tools/list schema spans: ${String(error)}`
+        );
+      }
+    } : void 0;
+    const wrappedHandler = (req, extra) => context2.with(
+      spanCtx,
+      () => executeHandler(span, method, handler, req, extra, postResult)
+    );
+    const hadEntry = handlers.has(method);
+    const prev = handlers.get(method);
+    handlers.set(method, wrappedHandler);
+    const usedFallback = !hadEntry && this.fallbackRequestHandler === handler;
+    const fallbackPrev = usedFallback ? this.fallbackRequestHandler : void 0;
+    if (usedFallback) {
+      this.fallbackRequestHandler = wrappedHandler;
+    }
+    try {
+      return original.apply(this, args);
+    } finally {
+      if (hadEntry) {
+        handlers.set(method, prev);
+      } else {
+        handlers.delete(method);
+      }
+      if (usedFallback) {
+        this.fallbackRequestHandler = fallbackPrev;
+      }
+    }
+  };
+}
+function executeAroundSpan(span, method, run, postResult) {
+  let result;
+  try {
+    result = run();
+  } catch (error) {
+    safeApplyErrorAttributes(span, error);
+    safeEnd(span);
+    throw error;
+  }
+  if (!isThenable(result)) {
+    safeApplyResultAttributes(span, method, result);
+    if (postResult) {
+      postResult(result);
+    }
+    safeEnd(span);
+    return result;
+  }
+  return result.then(
+    (value) => {
+      safeApplyResultAttributes(span, method, value);
+      if (postResult) {
+        postResult(value);
+      }
+      safeEnd(span);
+      return value;
+    },
+    (error) => {
+      safeApplyErrorAttributes(span, error);
+      safeEnd(span);
+      throw error;
+    }
+  );
+}
+function executeHandler(span, method, handler, req, extra, postResult) {
+  return executeAroundSpan(span, method, () => handler(req, extra), postResult);
+}
+function safeStartClientSpan(tracer, request, protocol) {
+  try {
+    const spanName = deriveSpanName(request.method, request.params);
+    const span = tracer.startSpan(spanName, { kind: SpanKind2.CLIENT });
+    applyClientRequestAttributes(
+      span,
+      request,
+      protocol._transport?.constructor?.name
+    );
+    return span;
+  } catch (error) {
+    logger.debug(`Brizz MCP: failed to open CLIENT span: ${String(error)}`);
+    return null;
+  }
+}
+function safeStartServerSpan(tracer, request, protocol) {
+  try {
+    const parentCtx = extractParentContext(request);
+    const spanName = deriveSpanName(request.method, request.params);
+    const span = tracer.startSpan(
+      spanName,
+      { kind: SpanKind2.SERVER },
+      parentCtx
+    );
+    applyServerRequestAttributes(span, request, protocol);
+    const sessionId = protocol.sessionId ?? protocol._transport?.sessionId;
+    const { context: sessCtx } = stampAndPropagateSession(span, sessionId, parentCtx);
+    return { span, spanCtx: trace.setSpan(sessCtx, span) };
+  } catch (error) {
+    logger.debug(`Brizz MCP: failed to open SERVER span: ${String(error)}`);
+    return null;
+  }
+}
+function extractParentContext(request) {
+  try {
+    const meta = request.params?._meta;
+    if (meta && typeof meta === "object") {
+      return propagation.extract(context2.active(), meta);
+    }
+  } catch (error) {
+    logger.debug(
+      `Brizz MCP: failed to extract parent context from _meta: ${String(error)}`
+    );
+  }
+  return context2.active();
+}
+function isThenable(value) {
+  return !!value && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
+}
+function safeApplyResultAttributes(span, method, value) {
+  try {
+    applyResultAttributes(span, method, value);
+  } catch (error) {
+    logger.debug(
+      `Brizz MCP: failed to apply result attributes: ${String(error)}`
+    );
+  }
+}
+function safeApplyErrorAttributes(span, err) {
+  try {
+    applyErrorAttributes(span, err);
+  } catch (error) {
+    logger.debug(
+      `Brizz MCP: failed to apply error attributes: ${String(error)}`
+    );
+  }
+}
+function safeEnd(span) {
+  try {
+    span.end();
+  } catch (error) {
+    logger.debug(`Brizz MCP: failed to end span: ${String(error)}`);
+  }
+}
+
+// src/internal/version.ts
+function getSDKVersion() {
+  return "0.1.25";
+}
+
+// src/internal/instrumentation/mcp/version.ts
+var INSTRUMENTATION_NAME = "@brizz/sdk/mcp";
+var INSTRUMENTATION_VERSION = getSDKVersion();
+
+// src/internal/instrumentation/mcp/instrumentation.ts
+var PROTOCOL_MODULE_NAME = "@modelcontextprotocol/sdk/shared/protocol.js";
+var PROTOCOL_SUPPORTED_VERSIONS = [">=1.0.0 <2"];
+var MCPInstrumentation = class extends BaseMCPInstrumentation {
+  /**
+   * Dedicated Brizz-named tracer for our SERVER + CLIENT spans.
+   *
+   * Why a separate tracer from the parent class's one: Arize's inherited
+   * transport patches don't emit spans (they only inject propagation
+   * headers), so using our own tracer here keeps Brizz spans attributed to
+   * `@brizz/sdk/mcp` in the dashboard. The parent's `tracer` is a
+   * `protected get` (no setter), so fighting it with assignment is the
+   * wrong tool.
+   */
+  brizzTracer;
+  constructor(_config) {
+    super({ instrumentationConfig: _config?.instrumentationConfig });
+    this.brizzTracer = trace2.getTracer(INSTRUMENTATION_NAME, INSTRUMENTATION_VERSION);
+  }
+  /**
+   * Extend `super.init()` with our protocol-layer module definition.
+   *
+   * Arize's `init()` returns definitions for the six transport modules
+   * (SSE client/server, stdio client/server, streamable-HTTP client/server)
+   * whose `send`/`start` methods get patched for W3C trace-context
+   * injection. We append one more: `@modelcontextprotocol/sdk/shared/protocol.js`
+   * where our patches open SERVER/CLIENT spans around the handler + outgoing
+   * request. If `super.init()` throws (unlikely but possible across Arize
+   * versions), we gracefully degrade to protocol-only instrumentation.
+   *
+   * The cast at the end satisfies the parent's strongly-typed generic
+   * without leaking the cast into call sites.
+   */
+  init() {
+    let base;
+    try {
+      base = super.init() ?? [];
+    } catch (error) {
+      logger.warn(
+        `Brizz MCP: base Arize init() failed \u2014 transport context propagation disabled: ${String(error)}`
+      );
+      base = [];
+    }
+    const baseArr = Array.isArray(base) ? base : [base];
+    const brizzDef = new InstrumentationNodeModuleDefinition(
+      PROTOCOL_MODULE_NAME,
+      PROTOCOL_SUPPORTED_VERSIONS,
+      (module3) => {
+        this.patchProtocolModule(module3);
+        return module3;
+      },
+      (module3) => {
+        this.unpatchProtocolModule(module3);
+        return module3;
+      }
+    );
+    return [...baseArr, brizzDef];
+  }
+  /**
+   * Manually instrument MCP modules for Next.js/Webpack where the
+   * auto-instrumentation module-load hook doesn't fire.
+   *
+   * Forwards the six transport module fields to the inherited Arize
+   * `manuallyInstrument(...)` (context propagation) and applies our
+   * protocol patch if `protocolModule` is provided (SERVER/CLIENT spans).
+   * Both legs are try/catch-guarded — a failure in one shouldn't prevent
+   * the other from taking effect.
+   */
+  manuallyInstrument(modules) {
+    const {
+      clientSSEModule,
+      serverSSEModule,
+      clientStdioModule,
+      serverStdioModule,
+      clientStreamableHTTPModule,
+      serverStreamableHTTPModule,
+      protocolModule
+    } = modules;
+    try {
+      super.manuallyInstrument({
+        clientSSEModule,
+        serverSSEModule,
+        clientStdioModule,
+        serverStdioModule,
+        clientStreamableHTTPModule,
+        serverStreamableHTTPModule
+      });
+    } catch (error) {
+      logger.warn(`Brizz MCP: Arize manuallyInstrument(...) failed: ${String(error)}`);
+    }
+    if (protocolModule) {
+      try {
+        this.patchProtocolModule(protocolModule);
+      } catch (error) {
+        logger.warn(
+          `Brizz MCP: failed to manually patch Protocol module: ${String(error)}`
+        );
+      }
+    }
+  }
+  /**
+   * Apply the SERVER + CLIENT patch to a loaded `protocol.js` module. Shared
+   * by both the automatic module-load callback in `init()` and the manual
+   * `manuallyInstrument(...)` path above so there's exactly one place that
+   * calls `patchProtocolPrototype`.
+   */
+  patchProtocolModule(module3) {
+    const proto = module3?.Protocol?.prototype;
+    if (!proto) {
+      logger.debug(
+        "Brizz MCP: module does not expose Protocol.prototype \u2014 skipping protocol patches"
+      );
+      return;
+    }
+    const ok = patchProtocolPrototype(proto, this.brizzTracer);
+    if (ok) {
+      logger.debug("Brizz MCP: patched Protocol.prototype for SERVER+CLIENT spans");
+    }
+  }
+  /**
+   * Unpatch is intentionally a no-op.
+   *
+   * `patchProtocolPrototype` wraps methods in place and sets a PATCHED_FLAG
+   * Symbol on the prototype to prevent double-patching. Restoring the
+   * originals would require us to hold references across module unloads,
+   * which isn't a pattern we need — instrumentation rarely gets torn down
+   * at runtime, and a process reload is the canonical way to detach.
+   */
+  unpatchProtocolModule(_module) {
+    logger.debug(
+      "Brizz MCP: unpatch is a no-op \u2014 reload the process to cleanly detach"
+    );
+  }
+};
+
+// src/internal/instrumentation/registry.ts
 var InstrumentationRegistry = class _InstrumentationRegistry {
   static instance;
   manualModules = null;
@@ -345,6 +1137,14 @@ var InstrumentationRegistry = class _InstrumentationRegistry {
         }
       })();
     }
+    if (this.manualModules?.mcp) {
+      try {
+        new MCPInstrumentation({ exceptionLogger }).manuallyInstrument(this.manualModules.mcp);
+        logger.debug("Manual instrumentation enabled for MCP");
+      } catch (error) {
+        logger.error(`Failed to apply MCP instrumentation: ${String(error)}`);
+      }
+    }
   }
 };
 
@@ -356,32 +1156,17 @@ import {
   LoggerProvider
 } from "@opentelemetry/sdk-logs";
 
-// src/internal/version.ts
-function getSDKVersion() {
-  return "0.1.21";
-}
-
 // src/internal/log/processors/log-processor.ts
-import { context } from "@opentelemetry/api";
+import { context as context3 } from "@opentelemetry/api";
 import { BatchLogRecordProcessor, SimpleLogRecordProcessor } from "@opentelemetry/sdk-logs";
 
 // src/internal/masking/patterns.ts
 var DEFAULT_PII_PATTERNS = [
-  // Email addresses
-  {
-    name: "email_addresses",
-    pattern: String.raw`\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b`
-  },
   // Phone numbers (US format)
   {
     name: "us_phone_numbers",
     pattern: String.raw`(?:^|[\s])(?:\+?1[-.\s]*)?(?:\([0-9]{3}\)\s?[0-9]{3}[-.\s]?[0-9]{4}|[0-9]{3}[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}|[0-9]{10})(?=[\s]|$)`
   },
-  // Social Security Numbers
-  {
-    name: "ssn",
-    pattern: String.raw`\b(?!000|666|9\d{2})\d{3}[-\s]?(?!00)\d{2}[-\s]?(?!0000)\d{4}\b`
-  },
   // Credit card numbers
   {
     name: "credit_cards",
@@ -405,19 +1190,11 @@ var DEFAULT_PII_PATTERNS = [
     name: "openai_keys",
     pattern: String.raw`\bsk[-_][a-zA-Z0-9]{20,}\b`
   },
-  {
-    name: "base64_secrets",
-    pattern: String.raw`\b[A-Za-z0-9+/]{64,}={0,2}\b`
-  },
   // AWS Keys
   {
     name: "aws_access_keys",
     pattern: String.raw`\b(?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16}\b`
   },
-  {
-    name: "aws_secret_keys",
-    pattern: String.raw`\b[A-Za-z0-9/+=]*[A-Z][A-Za-z0-9/+=]*[a-z][A-Za-z0-9/+=]*[/+=][A-Za-z0-9/+=]{30,}\b`
-  },
   // GitHub tokens
   {
     name: "github_tokens",
@@ -448,11 +1225,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "ipv6_addresses",
     pattern: String.raw`\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b`
   },
-  // Medical records
-  {
-    name: "medical_record_numbers",
-    pattern: String.raw`\b(?:[Mm][Rr][Nn])[-\s]?\d{6,10}\b`
-  },
   // Bitcoin addresses
   {
     name: "bitcoin_addresses",
@@ -463,11 +1235,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "ethereum_addresses",
     pattern: String.raw`\b0x[a-fA-F0-9]{40}(?![a-fA-F0-9])\b`
   },
-  // UUIDs
-  {
-    name: "uuids",
-    pattern: String.raw`\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(?![0-9a-fA-F-])\b`
-  },
   // Database connection strings
   {
     name: "database_connections",
@@ -486,90 +1253,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "certificates",
     pattern: "-----BEGIN CERTIFICATE-----"
   },
-  // Date of birth patterns
-  {
-    name: "date_of_birth_us",
-    pattern: String.raw`\b(?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\\d|3[01])[-/](?:19|20)\\d{2}\b`
-  },
-  {
-    name: "date_of_birth_iso",
-    pattern: String.raw`\b(?:19|20)\\d{2}[-/](?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\\d|3[01])\b`
-  },
-  // US Identification Numbers
-  {
-    name: "us_passport_numbers",
-    pattern: String.raw`\b[A-Z]?\\d{6,9}\b`
-  },
-  {
-    name: "drivers_license",
-    pattern: String.raw`\b[A-Z]{1,2}\\d{3,8}[-\s]?\\d{2,5}[-\s]?\\d{2,5}[-\s]?\\d{1,5}[-\s]?\\d?\b`
-  },
-  {
-    name: "bank_account_numbers",
-    pattern: String.raw`\b\\d{10,17}\b`
-  },
-  {
-    name: "aba_routing_numbers",
-    pattern: String.raw`\b((0[0-9])|(1[0-2])|(2[1-9])|(3[0-2])|(6[1-9])|(7[0-2])|80)([0-9]{7})\b`
-  },
-  {
-    name: "health_insurance_numbers",
-    pattern: String.raw`\b\\d{10}[A-Z]\b`
-  },
-  {
-    name: "employee_ids",
-    pattern: String.raw`\b(?:[Ee][Mm][Pp]|[Ee][Mm][Pp][Ll][Oo][Yy][Ee][Ee]|[Ee])[-\s]?\\d{5,8}\b`
-  },
-  {
-    name: "tax_ein",
-    pattern: String.raw`\b\\d{2}-\\d{7}\b`
-  },
-  {
-    name: "medicare_beneficiary_id",
-    pattern: String.raw`\b[1-9][A-Z][A-Z0-9]\\d-[A-Z][A-Z0-9]\\d-[A-Z][A-Z0-9]\\d{2}\b`
-  },
-  {
-    name: "national_provider_id",
-    pattern: String.raw`\b1\\d{9}\b`
-  },
-  {
-    name: "dea_numbers",
-    pattern: String.raw`\b[A-Z]{2}\\d{7}\b`
-  },
-  {
-    name: "itin",
-    pattern: String.raw`\b9\\d{2}(?:[ \\-]?)[7,8]\\d(?:[ \\-]?)\\d{4}\b`
-  },
-  // Vehicle and Location
-  {
-    name: "vin_numbers",
-    pattern: String.raw`\b[A-HJ-NPR-Z0-9]{17}\b`
-  },
-  {
-    name: "coordinates",
-    pattern: String.raw`\b[-+]?(?:[0-8]?\\d(?:\\.\\d+)?|90(?:\\.0+)?),\\s*[-+]?(?:1[0-7]\\d(?:\\.\\d+)?|180(?:\\.0+)?|[0-9]?\\d(?:\\.\\d+)?)\b`
-  },
-  {
-    name: "us_license_plates",
-    pattern: String.raw`\b[A-Z]{1,3}[-\s]\\d{1,4}[A-Z]?\b|\b\\d{1,2}[A-Z]{1,3}\\d{1,4}\b`
-  },
-  {
-    name: "us_zip_codes",
-    pattern: String.raw`\b(\\d{5}-\\d{4}|\\d{5})\b`
-  },
-  {
-    name: "us_street_addresses",
-    pattern: String.raw`\b\\d{1,8}\b[\\s\\S]{10,100}?\b(AK|AL|AR|AZ|CA|CO|CT|DC|DE|FL|GA|HI|IA|ID|IL|IN|KS|KY|LA|MA|MD|ME|MI|MN|MO|MS|MT|NC|ND|NE|NH|NJ|NM|NV|NY|OH|OK|OR|PA|RI|SC|SD|TN|TX|UT|VA|VT|WA|WI|WV|WY)\b\\s\\d{5}\b`
-  },
-  // International Banking
-  {
-    name: "iban",
-    pattern: String.raw`\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}([A-Z0-9]?){0,16}\b`
-  },
-  {
-    name: "swift_bic",
-    pattern: String.raw`\b[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?\b`
-  },
   // Additional API Keys and Tokens
   {
     name: "google_oauth",
@@ -632,73 +1315,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "putty_ssh_keys",
     pattern: String.raw`PuTTY-User-Key-File-2: ssh-(?:rsa|dss)\s*Encryption: none(?:.|\s?)*?Private-MAC:`
   },
-  // International Phone Numbers
-  {
-    name: "france_phone_numbers",
-    pattern: String.raw`\b([0O]?[1lI][1lI])?[3E][3E][0O]?[\\dOIlZEASB]{9}\b`
-  },
-  {
-    name: "german_phone_numbers",
-    pattern: String.raw`\b[\d\w]\d{2}[\d\w]{6}\d[\d\w]\b`
-  },
-  {
-    name: "uk_phone_numbers",
-    pattern: String.raw`\b([0O]?[1lI][1lI])?[4A][4A][\\dOIlZEASB]{10,11}\b`
-  },
-  // International IDs
-  {
-    name: "uk_drivers_license",
-    pattern: String.raw`\b[A-Z]{5}\d{6}[A-Z]{2}\d{1}[A-Z]{2}\b`
-  },
-  {
-    name: "uk_passport",
-    pattern: String.raw`\b\\d{10}GB[RP]\\d{7}[UMF]{1}\\d{9}\b`
-  },
-  {
-    name: "argentina_dni",
-    pattern: String.raw`\b\\d{2}\\.\\d{3}\\.\\d{3}\b`
-  },
-  {
-    name: "australia_tfn",
-    pattern: String.raw`\b[Tt][Ff][Nn](:|:\\s|\\s|)(\\d{8,9})\b`
-  },
-  {
-    name: "canada_passport",
-    pattern: String.raw`\b[\\w]{2}[\\d]{6}\b`
-  },
-  {
-    name: "croatia_vat",
-    pattern: String.raw`\bHR\\d{11}\b`
-  },
-  {
-    name: "czech_vat",
-    pattern: String.raw`\bCZ\\d{8,10}\b`
-  },
-  {
-    name: "denmark_personal_id",
-    pattern: String.raw`\b(?:\\d{10}|\\d{6}[-\\s]\\d{4})\b`
-  },
-  {
-    name: "france_national_id",
-    pattern: String.raw`\b\\d{12}\b`
-  },
-  {
-    name: "france_ssn",
-    pattern: String.raw`\b(?:\\d{13}|\\d{13}\\s\\d{2})\b`
-  },
-  {
-    name: "france_passport",
-    pattern: String.raw`\b\\d{2}11\\d{5}\b`
-  },
-  {
-    name: "california_drivers_license",
-    pattern: String.raw`\b[A-Z]{1}\\d{7}\b`
-  },
-  // Medical and Healthcare
-  {
-    name: "hipaa_ndc",
-    pattern: String.raw`\b\\d{4,5}-\\d{3,4}-\\d{1,2}\b`
-  },
   // Security and Network
   {
     name: "cve_numbers",
@@ -732,44 +1348,6 @@ var DEFAULT_PII_PATTERNS = [
   {
     name: "discover_cards",
     pattern: String.raw`\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}\b`
-  },
-  {
-    name: "enhanced_credit_cards",
-    pattern: String.raw`\b((4\\d{3}|5[1-5]\\d{2}|2\\d{3}|3[47]\\d{1,2})[\\s\\-]?\\d{4,6}[\\s\\-]?\\d{4,6}?([\\s\\-]\\d{3,4})?(\\d{3})?)\b`
-  },
-  // Bank Routing Numbers (US specific)
-  {
-    name: "bbva_routing_ca",
-    pattern: String.raw`\\b321170538\\b`
-  },
-  {
-    name: "boa_routing_ca",
-    pattern: String.raw`\\b(?:121|026)00(?:0|9)(?:358|593)\\b`
-  },
-  {
-    name: "chase_routing_ca",
-    pattern: String.raw`\\b322271627\\b`
-  },
-  {
-    name: "citibank_routing_ca",
-    pattern: String.raw`\\b32(?:11|22)71(?:18|72)4\\b`
-  },
-  {
-    name: "usbank_routing_ca",
-    pattern: String.raw`\\b12(?:1122676|2235821)\\b`
-  },
-  {
-    name: "united_bank_routing_ca",
-    pattern: String.raw`\\b122243350\\b`
-  },
-  {
-    name: "wells_fargo_routing_ca",
-    pattern: String.raw`\\b121042882\\b`
-  },
-  // Unrealistic alphanumeric identifiers
-  {
-    name: "generic_non_usual",
-    pattern: String.raw`(?:^|\s)(?=[A-Za-z0-9_\)\*\=@]*[A-Za-z])(?=[A-Za-z0-9_\)\*\=@]*[0-9])([A-Za-z0-9_\)\*\=@]{5,})(?=\s|$)`
   }
 ];
 
@@ -989,13 +1567,6 @@ function maskAttributes(attributes, rules, outputOriginalValue = false) {
   return maskedAttributes;
 }
 
-// src/internal/semantic-conventions.ts
-import { createContextKey } from "@opentelemetry/api";
-var BRIZZ = "brizz";
-var PROPERTIES = "properties";
-var PROPERTIES_CONTEXT_KEY = createContextKey(PROPERTIES);
-var SESSION_OBJECT_CONTEXT_KEY = createContextKey("brizz.session.object");
-
 // src/internal/log/processors/log-processor.ts
 var DEFAULT_LOG_MASKING_RULES = [
   {
@@ -1015,7 +1586,7 @@ var BrizzSimpleLogRecordProcessor = class extends SimpleLogRecordProcessor {
     if (maskingConfig) {
       maskLog(logRecord, maskingConfig);
     }
-    const associationProperties = context.active().getValue(PROPERTIES_CONTEXT_KEY);
+    const associationProperties = context3.active().getValue(PROPERTIES_CONTEXT_KEY);
     if (associationProperties) {
       for (const [key, value] of Object.entries(associationProperties)) {
         logRecord.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1035,7 +1606,7 @@ var BrizzBatchLogRecordProcessor = class extends BatchLogRecordProcessor {
     if (maskingConfig) {
       maskLog(logRecord, maskingConfig);
     }
-    const associationProperties = context.active().getValue(PROPERTIES_CONTEXT_KEY);
+    const associationProperties = context3.active().getValue(PROPERTIES_CONTEXT_KEY);
     if (associationProperties) {
       for (const [key, value] of Object.entries(associationProperties)) {
         logRecord.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1422,13 +1993,13 @@ var BrizzSpanExporter = class {
 };
 
 // src/internal/trace/processors/span-processor.ts
-import { context as context2 } from "@opentelemetry/api";
+import { context as context4 } from "@opentelemetry/api";
 import {
   BatchSpanProcessor,
   SimpleSpanProcessor
 } from "@opentelemetry/sdk-trace-base";
 function applyContextAttributes(span) {
-  const sessionProperties = context2.active().getValue(PROPERTIES_CONTEXT_KEY);
+  const sessionProperties = context4.active().getValue(PROPERTIES_CONTEXT_KEY);
   if (sessionProperties) {
     for (const [key, value] of Object.entries(sessionProperties)) {
       span.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1438,12 +2009,6 @@ function applyContextAttributes(span) {
 var DEFAULT_MASKING_RULES = [
   {
     mode: "partial",
-    attributePattern: "gen_ai.prompt",
-    patterns: DEFAULT_PII_PATTERNS
-  },
-  {
-    mode: "partial",
-    attributePattern: "gen_ai.completion",
     patterns: DEFAULT_PII_PATTERNS
   }
 ];
@@ -1453,24 +2018,16 @@ var BrizzSimpleSpanProcessor = class extends SimpleSpanProcessor {
     super(spanExporter);
     this.config = config;
   }
-  // Will work with the following code:
-  // const span = tracer.startSpan('sensitive-operation',{attributes:{
-  //     'user.password': 'secret123',
-  //     'user.email': 'user@example.com',
-  //   }});
-  //
-  // Won't work because onStart is called before attributes are set:
-  // span.setAttributes({
-  //    'user.password': 'secret123',
-  //    'user.email': 'user@example.com'
-  //  });
   onStart(span, parentContext) {
+    applyContextAttributes(span);
+    super.onStart(span, parentContext);
+  }
+  onEnd(span) {
     const maskingConfig = this.config.masking?.spanMasking;
     if (maskingConfig) {
-      maskSpan(span, maskingConfig);
+      maskReadableSpan(span, maskingConfig);
     }
-    applyContextAttributes(span);
-    super.onStart(span, parentContext);
+    super.onEnd(span);
   }
 };
 var BrizzBatchSpanProcessor = class extends BatchSpanProcessor {
@@ -1480,39 +2037,39 @@ var BrizzBatchSpanProcessor = class extends BatchSpanProcessor {
     this.config = config;
   }
   onStart(span, parentContext) {
+    applyContextAttributes(span);
+    super.onStart(span, parentContext);
+  }
+  onEnd(span) {
     const maskingConfig = this.config.masking?.spanMasking;
     if (maskingConfig) {
-      maskSpan(span, maskingConfig);
+      maskReadableSpan(span, maskingConfig);
     }
-    applyContextAttributes(span);
-    super.onStart(span, parentContext);
+    super.onEnd(span);
   }
 };
-function maskSpan(span, config) {
-  if (!span.attributes || Object.keys(span.attributes).length === 0) {
-    return span;
+function maskReadableSpan(span, config) {
+  const attrs = span.attributes;
+  if (!attrs || Object.keys(attrs).length === 0) {
+    return;
   }
-  let rules = config.rules || [];
+  let rules = config.rules ? [...config.rules] : [];
   if (!config.disableDefaultRules) {
-    rules = [...DEFAULT_MASKING_RULES, ...rules];
+    rules = [...rules, ...DEFAULT_MASKING_RULES];
   }
   try {
-    const attributesRecord = {};
-    for (const [key, value] of Object.entries(span.attributes)) {
-      attributesRecord[key] = value;
-    }
-    const maskedAttributes = maskAttributes(attributesRecord, rules);
-    if (maskedAttributes && Object.keys(maskedAttributes).length > 0) {
-      const merged = { ...span.attributes };
-      for (const [key, value] of Object.entries(maskedAttributes)) {
-        merged[key] = value;
+    const input = {};
+    for (const [k, v] of Object.entries(attrs)) {
+      input[k] = v;
+    }
+    const masked = maskAttributes(input, rules);
+    for (const [k, v] of Object.entries(masked ?? {})) {
+      if (attrs[k] !== v) {
+        attrs[k] = v;
       }
-      span.setAttributes(merged);
     }
-    return span;
   } catch (error) {
-    logger.error("Error masking span:", error);
-    return span;
+    logger.error("Error masking span", { err: error });
   }
 }
 
@@ -1625,7 +2182,7 @@ function getSpanProcessor() {
 }
 
 // src/internal/trace/session.ts
-import { context as context3, trace, SpanStatusCode } from "@opentelemetry/api";
+import { context as context5, trace as trace3, SpanStatusCode as SpanStatusCode3 } from "@opentelemetry/api";
 
 // src/internal/sdk.ts
 var _Brizz = class __Brizz {
@@ -1957,15 +2514,18 @@ if (runtime.isESM && runtime.supportsLoaderAPI) {
   maybeRegisterESMLoader();
 }
 try {
-  Brizz.initialize({
-    apiKey: process.env["BRIZZ_API_KEY"],
-    baseUrl: process.env["BRIZZ_BASE_URL"],
-    appName: process.env["BRIZZ_APP_NAME"] || process.env["OTEL_SERVICE_NAME"],
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    logLevel: process.env["BRIZZ_LOG_LEVEL"] || DEFAULT_LOG_LEVEL.toString(),
-    // Enable auto-instrumentation by default in preload mode
-    disableNodeSdk: false
-  });
+  const logLevel = process.env["BRIZZ_LOG_LEVEL"] || DEFAULT_LOG_LEVEL.toString();
+  if (process.env["BRIZZ_DSN"]) {
+    Brizz.initialize({ logLevel, disableNodeSdk: false });
+  } else {
+    Brizz.initialize({
+      apiKey: process.env["BRIZZ_API_KEY"],
+      baseUrl: process.env["BRIZZ_BASE_URL"],
+      appName: process.env["BRIZZ_APP_NAME"] || process.env["OTEL_SERVICE_NAME"],
+      logLevel,
+      disableNodeSdk: false
+    });
+  }
   logger.info(`SDK auto-initialized for ${runtime.isESM ? "ESM" : "CJS"} runtime`);
 } catch (error) {
   logger.warn("Failed to auto-initialize SDK:", { error });