npm - @brizz/sdk - Versions diffs - 0.1.22 → 0.1.25 - Mend

@brizz/sdk 0.1.22 → 0.1.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/preload.cjs CHANGED Viewed

@@ -159,6 +159,38 @@ function setLogLevel(level) {
 var import_resources3 = require("@opentelemetry/resources");
 var import_sdk_node = require("@opentelemetry/sdk-node");
+// src/internal/dsn.ts
+var PLACEHOLDER_SERVICE = "<service-name>";
+var SERVICE_NAME_HEADER = "X-Brizz-Service-Name";
+function parseDSN(dsn) {
+  let parsed;
+  try {
+    parsed = new globalThis.URL(dsn);
+  } catch {
+    return null;
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:" || !parsed.username || !parsed.host) {
+    return null;
+  }
+  const scheme = parsed.protocol === "https:" ? "https" : "http";
+  let service;
+  try {
+    service = decodeURIComponent(parsed.pathname.replace(/^\//, ""));
+  } catch {
+    return null;
+  }
+  if (service === "" || service === PLACEHOLDER_SERVICE) {
+    return null;
+  }
+  return {
+    scheme,
+    host: parsed.host,
+    bearer: decodeURIComponent(parsed.username),
+    service,
+    baseUrl: `${scheme}://${parsed.host}`
+  };
+}
 // src/internal/config.ts
 function resolveConfig(options) {
   const envLogLevel = process.env["BRIZZ_LOG_LEVEL"] || options.logLevel?.toString() || DEFAULT_LOG_LEVEL.toString();
@@ -185,6 +217,7 @@ function resolveConfig(options) {
     appName: options.appName,
     baseUrl: options.baseUrl,
     hasApiKey: !!options.apiKey,
+    dsnProvided: !!(process.env["BRIZZ_DSN"] || options.dsn),
     disableBatch: options.disableBatch,
     logLevel: resolvedLogLevel,
     headersCount: Object.keys(options.headers || {}).length,
@@ -212,7 +245,42 @@ function resolveConfig(options) {
     logLevel: resolvedLogLevel,
     masking: resolvedMasking
   };
-  if (resolvedConfig.apiKey) {
+  const dsnInput = process.env["BRIZZ_DSN"] || options.dsn;
+  let parsedDSN = null;
+  if (dsnInput) {
+    const kwargConflicts = [];
+    if (options.apiKey !== void 0) {
+      kwargConflicts.push("apiKey");
+    }
+    if (options.baseUrl !== void 0) {
+      kwargConflicts.push("baseUrl");
+    }
+    if (options.appName !== void 0) {
+      kwargConflicts.push("appName");
+    }
+    if (kwargConflicts.length > 0) {
+      throw new Error(
+        `dsn cannot be combined with kwargs ${kwargConflicts.join(", ")}. The DSN bundles bearer, gateway URL, and service name \u2014 choose one configuration style.`
+      );
+    }
+    const envConflicts = ["BRIZZ_API_KEY", "BRIZZ_BASE_URL", "BRIZZ_APP_NAME"].filter(
+      (name) => process.env[name] !== void 0
+    );
+    if (envConflicts.length > 0) {
+      logger.warn(
+        `Ignoring ${envConflicts.join(", ")} \u2014 dsn / BRIZZ_DSN takes precedence.`
+      );
+    }
+    resolvedConfig.apiKey = void 0;
+    resolvedConfig.baseUrl = "https://telemetry.brizz.dev";
+    resolvedConfig.appName = "unknown-app";
+    parsedDSN = parseDSN(dsnInput);
+    if (parsedDSN) {
+      resolvedConfig.appName = parsedDSN.service;
+      resolvedConfig.baseUrl = parsedDSN.baseUrl;
+      resolvedConfig.apiKey = parsedDSN.bearer;
+    }
+  } else if (resolvedConfig.apiKey) {
     resolvedConfig.headers["Authorization"] = `Bearer ${resolvedConfig.apiKey}`;
   }
   if (process.env["BRIZZ_HEADERS"]) {
@@ -227,14 +295,28 @@ function resolveConfig(options) {
       throw new Error("Invalid JSON in BRIZZ_HEADERS environment variable", { cause: error });
     }
   }
+  if (dsnInput) {
+    const authHeaderKeys = /* @__PURE__ */ new Set(["authorization", SERVICE_NAME_HEADER.toLowerCase()]);
+    resolvedConfig.headers = Object.fromEntries(
+      Object.entries(resolvedConfig.headers).filter(
+        ([key]) => !authHeaderKeys.has(key.toLowerCase())
+      )
+    );
+    if (parsedDSN) {
+      resolvedConfig.headers["Authorization"] = `Bearer ${parsedDSN.bearer}`;
+      resolvedConfig.headers[SERVICE_NAME_HEADER] = parsedDSN.service;
+    }
+  }
   logger.debug("Configuration resolved with environment variables", {
     appName: resolvedConfig.appName,
     baseUrl: resolvedConfig.baseUrl,
     hasApiKey: !!resolvedConfig.apiKey,
+    dsnProvided: !!dsnInput,
     disableBatch: resolvedConfig.disableBatch,
     envOverrides: {
       hasEnvApiKey: !!process.env["BRIZZ_API_KEY"],
       hasEnvBaseUrl: !!process.env["BRIZZ_BASE_URL"],
+      hasEnvDsn: !!process.env["BRIZZ_DSN"],
       hasEnvBatch: !!process.env["BRIZZ_DISABLE_BATCH"],
       hasEnvHeaders: !!process.env["BRIZZ_HEADERS"]
     }
@@ -261,13 +343,13 @@ var import_instrumentation_vertexai = require("@traceloop/instrumentation-vertex
 // src/internal/instrumentation/mcp/instrumentation.ts
 var import_openinference_instrumentation_mcp = require("@arizeai/openinference-instrumentation-mcp");
-var import_api6 = require("@opentelemetry/api");
+var import_api7 = require("@opentelemetry/api");
 var import_instrumentation = require("@opentelemetry/instrumentation");
 // src/internal/instrumentation/mcp/patches/protocol.ts
-var import_api5 = require("@opentelemetry/api");
+var import_api6 = require("@opentelemetry/api");
-// src/internal/instrumentation/mcp/session.ts
+// src/internal/instrumentation/mcp/schemas.ts
 var import_api3 = require("@opentelemetry/api");
 // src/internal/semantic-conventions.ts
@@ -278,42 +360,17 @@ var SESSION_ID = "session.id";
 var PROPERTIES_CONTEXT_KEY = (0, import_api2.createContextKey)(PROPERTIES);
 var SESSION_OBJECT_CONTEXT_KEY = (0, import_api2.createContextKey)("brizz.session.object");
-// src/internal/instrumentation/mcp/session.ts
-function stampAndPropagateSession(span, sessionId, baseContext = import_api3.context.active()) {
-  if (!sessionId) {
-    return { context: baseContext, sessionId: null };
-  }
-  if (span.isRecording()) {
-    try {
-      span.setAttribute(`${BRIZZ}.${SESSION_ID}`, sessionId);
-    } catch (error) {
-      logger.warn(
-        `Brizz MCP: failed to stamp session id on span: ${String(error)}`
-      );
-    }
-  }
-  try {
-    const prev = baseContext.getValue(PROPERTIES_CONTEXT_KEY);
-    const merged = prev ? { ...prev, [SESSION_ID]: sessionId } : { [SESSION_ID]: sessionId };
-    return {
-      context: baseContext.setValue(PROPERTIES_CONTEXT_KEY, merged),
-      sessionId
-    };
-  } catch (error) {
-    logger.warn(`Brizz MCP: failed to attach session context: ${String(error)}`);
-    return { context: baseContext, sessionId };
-  }
-}
-// src/internal/instrumentation/mcp/patches/attributes.ts
-var import_api4 = require("@opentelemetry/api");
 // src/internal/instrumentation/mcp/semantic-conventions.ts
 var MCP_TOOL_NAME = "mcp.tool.name";
 var MCP_TOOL_ARGUMENTS = "mcp.tool.arguments";
 var MCP_TOOL_RESULT = "mcp.tool.result";
 var MCP_COMPONENT_TYPE = "mcp.component.type";
 var MCP_COMPONENT_TOOL = "tool";
+var MCP_COMPONENT_TOOL_SCHEMA = "tool_schema";
+var MCP_TOOL_SCHEMA_PARAMETERS = "mcp.tool.schema.parameters";
+var MCP_TOOL_SCHEMA_OUTPUT = "mcp.tool.schema.output";
+var MCP_TOOL_DESCRIPTION = "mcp.tool.description";
+var SPAN_NAME_TOOL_REGISTER = "mcp.tool.register";
 var MCP_METHOD_NAME = "mcp.method.name";
 var MCP_REQUEST_ID = "mcp.request.id";
 var MCP_SESSION_ID = "mcp.session.id";
@@ -334,11 +391,115 @@ var SPAN_NAME_TOOLS_CALL = "tools/call";
 var MAX_ATTRIBUTE_LENGTH = 32 * 1024;
 var TRUNCATION_SUFFIX = "\u2026(truncated)";
 var METHOD_TOOLS_CALL = "tools/call";
+var METHOD_TOOLS_LIST = "tools/list";
 var METHOD_RESOURCES_READ = "resources/read";
 var METHOD_PROMPTS_GET = "prompts/get";
 var METHOD_INITIALIZE = "initialize";
+// src/internal/instrumentation/mcp/schemas.ts
+var _MAX_SCHEMA_ATTR_BYTES = 4e3;
+function truncateSchemaAttr(value) {
+  if (value.length <= _MAX_SCHEMA_ATTR_BYTES) {
+    return value;
+  }
+  return `{"_truncated":true,"original_length":${value.length}}`;
+}
+function safeStringify(value) {
+  if (value === null || value === void 0) {
+    return "";
+  }
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return "";
+  }
+}
+function emitSchemaSpansFromListResponse(result, transportSessionId, tracer) {
+  if (!transportSessionId) {
+    return;
+  }
+  const tools = extractTools(result);
+  if (tools === void 0) {
+    return;
+  }
+  for (const tool of tools) {
+    const name = typeof tool.name === "string" ? tool.name : void 0;
+    if (!name) {
+      continue;
+    }
+    const span = tracer.startSpan(`${SPAN_NAME_TOOL_REGISTER} ${name}`, {
+      kind: import_api3.SpanKind.INTERNAL
+    });
+    try {
+      stampSchemaAttributes(span, name, transportSessionId, tool);
+      span.setStatus({ code: import_api3.SpanStatusCode.OK });
+    } finally {
+      span.end();
+    }
+  }
+}
+function stampSchemaAttributes(span, toolName, transportSessionId, tool) {
+  if (!span.isRecording()) {
+    logger.warn(
+      `Brizz MCP: schema span is not recording; dropping attributes for ${toolName}`
+    );
+    return;
+  }
+  const description = typeof tool.description === "string" ? tool.description : "";
+  const parameters = truncateSchemaAttr(safeStringify(tool.inputSchema));
+  const outputSchema = tool.outputSchema !== void 0 && tool.outputSchema !== null ? truncateSchemaAttr(safeStringify(tool.outputSchema)) : "";
+  span.setAttribute(RPC_SYSTEM, RPC_SYSTEM_MCP);
+  span.setAttribute(MCP_COMPONENT_TYPE, MCP_COMPONENT_TOOL_SCHEMA);
+  span.setAttribute(MCP_SESSION_ID, transportSessionId);
+  span.setAttribute(`${BRIZZ}.${SESSION_ID}`, transportSessionId);
+  span.setAttribute(MCP_TOOL_NAME, toolName);
+  span.setAttribute(MCP_TOOL_SCHEMA_PARAMETERS, parameters);
+  span.setAttribute(MCP_TOOL_SCHEMA_OUTPUT, outputSchema);
+  span.setAttribute(MCP_TOOL_DESCRIPTION, description);
+}
+function extractTools(result) {
+  if (!result || typeof result !== "object") {
+    return void 0;
+  }
+  const tools = result.tools;
+  if (!Array.isArray(tools)) {
+    return void 0;
+  }
+  return tools.filter(
+    (t) => t !== null && typeof t === "object"
+  );
+}
+// src/internal/instrumentation/mcp/session.ts
+var import_api4 = require("@opentelemetry/api");
+function stampAndPropagateSession(span, sessionId, baseContext = import_api4.context.active()) {
+  if (!sessionId) {
+    return { context: baseContext, sessionId: null };
+  }
+  if (span.isRecording()) {
+    try {
+      span.setAttribute(`${BRIZZ}.${SESSION_ID}`, sessionId);
+    } catch (error) {
+      logger.warn(
+        `Brizz MCP: failed to stamp session id on span: ${String(error)}`
+      );
+    }
+  }
+  try {
+    const prev = baseContext.getValue(PROPERTIES_CONTEXT_KEY);
+    const merged = prev ? { ...prev, [SESSION_ID]: sessionId } : { [SESSION_ID]: sessionId };
+    return {
+      context: baseContext.setValue(PROPERTIES_CONTEXT_KEY, merged),
+      sessionId
+    };
+  } catch (error) {
+    logger.warn(`Brizz MCP: failed to attach session context: ${String(error)}`);
+    return { context: baseContext, sessionId };
+  }
+}
 // src/internal/instrumentation/mcp/patches/attributes.ts
+var import_api5 = require("@opentelemetry/api");
 function deriveSpanName(method, params) {
   try {
     if (method === METHOD_TOOLS_CALL) {
@@ -441,7 +602,7 @@ function applyResultAttributes(span, method, result) {
   if (obj && obj["isError"] === true) {
     span.setAttribute(ERROR_TYPE, ERROR_TYPE_TOOL);
     const message = extractToolErrorMessage(obj);
-    span.setStatus({ code: import_api4.SpanStatusCode.ERROR, message });
+    span.setStatus({ code: import_api5.SpanStatusCode.ERROR, message });
   }
 }
 function applyErrorAttributes(span, err) {
@@ -465,7 +626,7 @@ function applyErrorAttributes(span, err) {
   } catch {
   }
   span.setStatus({
-    code: import_api4.SpanStatusCode.ERROR,
+    code: import_api5.SpanStatusCode.ERROR,
     message: typeof error?.message === "string" ? error.message : void 0
   });
 }
@@ -572,8 +733,8 @@ function wrapRequest(original, tracer) {
       return original.apply(this, args);
     }
     return executeAroundSpan(span, request.method, () => {
-      const ctx = import_api5.trace.setSpan(import_api5.context.active(), span);
-      return import_api5.context.with(ctx, () => original.apply(this, args));
+      const ctx = import_api6.trace.setSpan(import_api6.context.active(), span);
+      return import_api6.context.with(ctx, () => original.apply(this, args));
     });
   };
 }
@@ -597,7 +758,20 @@ function wrapOnRequest(original, tracer) {
       return original.apply(this, args);
     }
     const { span, spanCtx } = started;
-    const wrappedHandler = (req, extra) => import_api5.context.with(spanCtx, () => executeHandler(span, method, handler, req, extra));
+    const transportSessionId = this.sessionId ?? this._transport?.sessionId;
+    const postResult = method === METHOD_TOOLS_LIST ? (result) => {
+      try {
+        emitSchemaSpansFromListResponse(result, transportSessionId, tracer);
+      } catch (error) {
+        logger.warn(
+          `Brizz MCP: failed to emit tools/list schema spans: ${String(error)}`
+        );
+      }
+    } : void 0;
+    const wrappedHandler = (req, extra) => import_api6.context.with(
+      spanCtx,
+      () => executeHandler(span, method, handler, req, extra, postResult)
+    );
     const hadEntry = handlers.has(method);
     const prev = handlers.get(method);
     handlers.set(method, wrappedHandler);
@@ -620,7 +794,7 @@ function wrapOnRequest(original, tracer) {
     }
   };
 }
-function executeAroundSpan(span, method, run) {
+function executeAroundSpan(span, method, run, postResult) {
   let result;
   try {
     result = run();
@@ -631,12 +805,18 @@ function executeAroundSpan(span, method, run) {
   }
   if (!isThenable(result)) {
     safeApplyResultAttributes(span, method, result);
+    if (postResult) {
+      postResult(result);
+    }
     safeEnd(span);
     return result;
   }
   return result.then(
     (value) => {
       safeApplyResultAttributes(span, method, value);
+      if (postResult) {
+        postResult(value);
+      }
       safeEnd(span);
       return value;
     },
@@ -647,13 +827,13 @@ function executeAroundSpan(span, method, run) {
     }
   );
 }
-function executeHandler(span, method, handler, req, extra) {
-  return executeAroundSpan(span, method, () => handler(req, extra));
+function executeHandler(span, method, handler, req, extra, postResult) {
+  return executeAroundSpan(span, method, () => handler(req, extra), postResult);
 }
 function safeStartClientSpan(tracer, request, protocol) {
   try {
     const spanName = deriveSpanName(request.method, request.params);
-    const span = tracer.startSpan(spanName, { kind: import_api5.SpanKind.CLIENT });
+    const span = tracer.startSpan(spanName, { kind: import_api6.SpanKind.CLIENT });
     applyClientRequestAttributes(
       span,
       request,
@@ -671,13 +851,13 @@ function safeStartServerSpan(tracer, request, protocol) {
     const spanName = deriveSpanName(request.method, request.params);
     const span = tracer.startSpan(
       spanName,
-      { kind: import_api5.SpanKind.SERVER },
+      { kind: import_api6.SpanKind.SERVER },
       parentCtx
     );
     applyServerRequestAttributes(span, request, protocol);
     const sessionId = protocol.sessionId ?? protocol._transport?.sessionId;
     const { context: sessCtx } = stampAndPropagateSession(span, sessionId, parentCtx);
-    return { span, spanCtx: import_api5.trace.setSpan(sessCtx, span) };
+    return { span, spanCtx: import_api6.trace.setSpan(sessCtx, span) };
   } catch (error) {
     logger.debug(`Brizz MCP: failed to open SERVER span: ${String(error)}`);
     return null;
@@ -687,14 +867,14 @@ function extractParentContext(request) {
   try {
     const meta = request.params?._meta;
     if (meta && typeof meta === "object") {
-      return import_api5.propagation.extract(import_api5.context.active(), meta);
+      return import_api6.propagation.extract(import_api6.context.active(), meta);
     }
   } catch (error) {
     logger.debug(
       `Brizz MCP: failed to extract parent context from _meta: ${String(error)}`
     );
   }
-  return import_api5.context.active();
+  return import_api6.context.active();
 }
 function isThenable(value) {
   return !!value && (typeof value === "object" || typeof value === "function") && typeof value.then === "function";
@@ -727,7 +907,7 @@ function safeEnd(span) {
 // src/internal/version.ts
 function getSDKVersion() {
-  return "0.1.22";
+  return "0.1.25";
 }
 // src/internal/instrumentation/mcp/version.ts
@@ -751,7 +931,7 @@ var MCPInstrumentation = class extends import_openinference_instrumentation_mcp.
   brizzTracer;
   constructor(_config) {
     super({ instrumentationConfig: _config?.instrumentationConfig });
-    this.brizzTracer = import_api6.trace.getTracer(INSTRUMENTATION_NAME, INSTRUMENTATION_VERSION);
+    this.brizzTracer = import_api7.trace.getTracer(INSTRUMENTATION_NAME, INSTRUMENTATION_VERSION);
   }
   /**
    * Extend `super.init()` with our protocol-layer module definition.
@@ -992,26 +1172,16 @@ var import_resources = require("@opentelemetry/resources");
 var import_sdk_logs2 = require("@opentelemetry/sdk-logs");
 // src/internal/log/processors/log-processor.ts
-var import_api7 = require("@opentelemetry/api");
+var import_api8 = require("@opentelemetry/api");
 var import_sdk_logs = require("@opentelemetry/sdk-logs");
 // src/internal/masking/patterns.ts
 var DEFAULT_PII_PATTERNS = [
-  // Email addresses
-  {
-    name: "email_addresses",
-    pattern: String.raw`\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b`
-  },
   // Phone numbers (US format)
   {
     name: "us_phone_numbers",
     pattern: String.raw`(?:^|[\s])(?:\+?1[-.\s]*)?(?:\([0-9]{3}\)\s?[0-9]{3}[-.\s]?[0-9]{4}|[0-9]{3}[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}|[0-9]{10})(?=[\s]|$)`
   },
-  // Social Security Numbers
-  {
-    name: "ssn",
-    pattern: String.raw`\b(?!000|666|9\d{2})\d{3}[-\s]?(?!00)\d{2}[-\s]?(?!0000)\d{4}\b`
-  },
   // Credit card numbers
   {
     name: "credit_cards",
@@ -1035,19 +1205,11 @@ var DEFAULT_PII_PATTERNS = [
     name: "openai_keys",
     pattern: String.raw`\bsk[-_][a-zA-Z0-9]{20,}\b`
   },
-  {
-    name: "base64_secrets",
-    pattern: String.raw`\b[A-Za-z0-9+/]{64,}={0,2}\b`
-  },
   // AWS Keys
   {
     name: "aws_access_keys",
     pattern: String.raw`\b(?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16}\b`
   },
-  {
-    name: "aws_secret_keys",
-    pattern: String.raw`\b[A-Za-z0-9/+=]*[A-Z][A-Za-z0-9/+=]*[a-z][A-Za-z0-9/+=]*[/+=][A-Za-z0-9/+=]{30,}\b`
-  },
   // GitHub tokens
   {
     name: "github_tokens",
@@ -1078,11 +1240,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "ipv6_addresses",
     pattern: String.raw`\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b`
   },
-  // Medical records
-  {
-    name: "medical_record_numbers",
-    pattern: String.raw`\b(?:[Mm][Rr][Nn])[-\s]?\d{6,10}\b`
-  },
   // Bitcoin addresses
   {
     name: "bitcoin_addresses",
@@ -1093,11 +1250,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "ethereum_addresses",
     pattern: String.raw`\b0x[a-fA-F0-9]{40}(?![a-fA-F0-9])\b`
   },
-  // UUIDs
-  {
-    name: "uuids",
-    pattern: String.raw`\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(?![0-9a-fA-F-])\b`
-  },
   // Database connection strings
   {
     name: "database_connections",
@@ -1116,90 +1268,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "certificates",
     pattern: "-----BEGIN CERTIFICATE-----"
   },
-  // Date of birth patterns
-  {
-    name: "date_of_birth_us",
-    pattern: String.raw`\b(?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\\d|3[01])[-/](?:19|20)\\d{2}\b`
-  },
-  {
-    name: "date_of_birth_iso",
-    pattern: String.raw`\b(?:19|20)\\d{2}[-/](?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\\d|3[01])\b`
-  },
-  // US Identification Numbers
-  {
-    name: "us_passport_numbers",
-    pattern: String.raw`\b[A-Z]?\\d{6,9}\b`
-  },
-  {
-    name: "drivers_license",
-    pattern: String.raw`\b[A-Z]{1,2}\\d{3,8}[-\s]?\\d{2,5}[-\s]?\\d{2,5}[-\s]?\\d{1,5}[-\s]?\\d?\b`
-  },
-  {
-    name: "bank_account_numbers",
-    pattern: String.raw`\b\\d{10,17}\b`
-  },
-  {
-    name: "aba_routing_numbers",
-    pattern: String.raw`\b((0[0-9])|(1[0-2])|(2[1-9])|(3[0-2])|(6[1-9])|(7[0-2])|80)([0-9]{7})\b`
-  },
-  {
-    name: "health_insurance_numbers",
-    pattern: String.raw`\b\\d{10}[A-Z]\b`
-  },
-  {
-    name: "employee_ids",
-    pattern: String.raw`\b(?:[Ee][Mm][Pp]|[Ee][Mm][Pp][Ll][Oo][Yy][Ee][Ee]|[Ee])[-\s]?\\d{5,8}\b`
-  },
-  {
-    name: "tax_ein",
-    pattern: String.raw`\b\\d{2}-\\d{7}\b`
-  },
-  {
-    name: "medicare_beneficiary_id",
-    pattern: String.raw`\b[1-9][A-Z][A-Z0-9]\\d-[A-Z][A-Z0-9]\\d-[A-Z][A-Z0-9]\\d{2}\b`
-  },
-  {
-    name: "national_provider_id",
-    pattern: String.raw`\b1\\d{9}\b`
-  },
-  {
-    name: "dea_numbers",
-    pattern: String.raw`\b[A-Z]{2}\\d{7}\b`
-  },
-  {
-    name: "itin",
-    pattern: String.raw`\b9\\d{2}(?:[ \\-]?)[7,8]\\d(?:[ \\-]?)\\d{4}\b`
-  },
-  // Vehicle and Location
-  {
-    name: "vin_numbers",
-    pattern: String.raw`\b[A-HJ-NPR-Z0-9]{17}\b`
-  },
-  {
-    name: "coordinates",
-    pattern: String.raw`\b[-+]?(?:[0-8]?\\d(?:\\.\\d+)?|90(?:\\.0+)?),\\s*[-+]?(?:1[0-7]\\d(?:\\.\\d+)?|180(?:\\.0+)?|[0-9]?\\d(?:\\.\\d+)?)\b`
-  },
-  {
-    name: "us_license_plates",
-    pattern: String.raw`\b[A-Z]{1,3}[-\s]\\d{1,4}[A-Z]?\b|\b\\d{1,2}[A-Z]{1,3}\\d{1,4}\b`
-  },
-  {
-    name: "us_zip_codes",
-    pattern: String.raw`\b(\\d{5}-\\d{4}|\\d{5})\b`
-  },
-  {
-    name: "us_street_addresses",
-    pattern: String.raw`\b\\d{1,8}\b[\\s\\S]{10,100}?\b(AK|AL|AR|AZ|CA|CO|CT|DC|DE|FL|GA|HI|IA|ID|IL|IN|KS|KY|LA|MA|MD|ME|MI|MN|MO|MS|MT|NC|ND|NE|NH|NJ|NM|NV|NY|OH|OK|OR|PA|RI|SC|SD|TN|TX|UT|VA|VT|WA|WI|WV|WY)\b\\s\\d{5}\b`
-  },
-  // International Banking
-  {
-    name: "iban",
-    pattern: String.raw`\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}([A-Z0-9]?){0,16}\b`
-  },
-  {
-    name: "swift_bic",
-    pattern: String.raw`\b[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?\b`
-  },
   // Additional API Keys and Tokens
   {
     name: "google_oauth",
@@ -1262,73 +1330,6 @@ var DEFAULT_PII_PATTERNS = [
     name: "putty_ssh_keys",
     pattern: String.raw`PuTTY-User-Key-File-2: ssh-(?:rsa|dss)\s*Encryption: none(?:.|\s?)*?Private-MAC:`
   },
-  // International Phone Numbers
-  {
-    name: "france_phone_numbers",
-    pattern: String.raw`\b([0O]?[1lI][1lI])?[3E][3E][0O]?[\\dOIlZEASB]{9}\b`
-  },
-  {
-    name: "german_phone_numbers",
-    pattern: String.raw`\b[\d\w]\d{2}[\d\w]{6}\d[\d\w]\b`
-  },
-  {
-    name: "uk_phone_numbers",
-    pattern: String.raw`\b([0O]?[1lI][1lI])?[4A][4A][\\dOIlZEASB]{10,11}\b`
-  },
-  // International IDs
-  {
-    name: "uk_drivers_license",
-    pattern: String.raw`\b[A-Z]{5}\d{6}[A-Z]{2}\d{1}[A-Z]{2}\b`
-  },
-  {
-    name: "uk_passport",
-    pattern: String.raw`\b\\d{10}GB[RP]\\d{7}[UMF]{1}\\d{9}\b`
-  },
-  {
-    name: "argentina_dni",
-    pattern: String.raw`\b\\d{2}\\.\\d{3}\\.\\d{3}\b`
-  },
-  {
-    name: "australia_tfn",
-    pattern: String.raw`\b[Tt][Ff][Nn](:|:\\s|\\s|)(\\d{8,9})\b`
-  },
-  {
-    name: "canada_passport",
-    pattern: String.raw`\b[\\w]{2}[\\d]{6}\b`
-  },
-  {
-    name: "croatia_vat",
-    pattern: String.raw`\bHR\\d{11}\b`
-  },
-  {
-    name: "czech_vat",
-    pattern: String.raw`\bCZ\\d{8,10}\b`
-  },
-  {
-    name: "denmark_personal_id",
-    pattern: String.raw`\b(?:\\d{10}|\\d{6}[-\\s]\\d{4})\b`
-  },
-  {
-    name: "france_national_id",
-    pattern: String.raw`\b\\d{12}\b`
-  },
-  {
-    name: "france_ssn",
-    pattern: String.raw`\b(?:\\d{13}|\\d{13}\\s\\d{2})\b`
-  },
-  {
-    name: "france_passport",
-    pattern: String.raw`\b\\d{2}11\\d{5}\b`
-  },
-  {
-    name: "california_drivers_license",
-    pattern: String.raw`\b[A-Z]{1}\\d{7}\b`
-  },
-  // Medical and Healthcare
-  {
-    name: "hipaa_ndc",
-    pattern: String.raw`\b\\d{4,5}-\\d{3,4}-\\d{1,2}\b`
-  },
   // Security and Network
   {
     name: "cve_numbers",
@@ -1362,44 +1363,6 @@ var DEFAULT_PII_PATTERNS = [
   {
     name: "discover_cards",
     pattern: String.raw`\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}\b`
-  },
-  {
-    name: "enhanced_credit_cards",
-    pattern: String.raw`\b((4\\d{3}|5[1-5]\\d{2}|2\\d{3}|3[47]\\d{1,2})[\\s\\-]?\\d{4,6}[\\s\\-]?\\d{4,6}?([\\s\\-]\\d{3,4})?(\\d{3})?)\b`
-  },
-  // Bank Routing Numbers (US specific)
-  {
-    name: "bbva_routing_ca",
-    pattern: String.raw`\\b321170538\\b`
-  },
-  {
-    name: "boa_routing_ca",
-    pattern: String.raw`\\b(?:121|026)00(?:0|9)(?:358|593)\\b`
-  },
-  {
-    name: "chase_routing_ca",
-    pattern: String.raw`\\b322271627\\b`
-  },
-  {
-    name: "citibank_routing_ca",
-    pattern: String.raw`\\b32(?:11|22)71(?:18|72)4\\b`
-  },
-  {
-    name: "usbank_routing_ca",
-    pattern: String.raw`\\b12(?:1122676|2235821)\\b`
-  },
-  {
-    name: "united_bank_routing_ca",
-    pattern: String.raw`\\b122243350\\b`
-  },
-  {
-    name: "wells_fargo_routing_ca",
-    pattern: String.raw`\\b121042882\\b`
-  },
-  // Unrealistic alphanumeric identifiers
-  {
-    name: "generic_non_usual",
-    pattern: String.raw`(?:^|\s)(?=[A-Za-z0-9_\)\*\=@]*[A-Za-z])(?=[A-Za-z0-9_\)\*\=@]*[0-9])([A-Za-z0-9_\)\*\=@]{5,})(?=\s|$)`
   }
 ];
@@ -1638,7 +1601,7 @@ var BrizzSimpleLogRecordProcessor = class extends import_sdk_logs.SimpleLogRecor
     if (maskingConfig) {
       maskLog(logRecord, maskingConfig);
     }
-    const associationProperties = import_api7.context.active().getValue(PROPERTIES_CONTEXT_KEY);
+    const associationProperties = import_api8.context.active().getValue(PROPERTIES_CONTEXT_KEY);
     if (associationProperties) {
       for (const [key, value] of Object.entries(associationProperties)) {
         logRecord.setAttribute(`${BRIZZ}.${key}`, value);
@@ -1658,7 +1621,7 @@ var BrizzBatchLogRecordProcessor = class extends import_sdk_logs.BatchLogRecordP
     if (maskingConfig) {
       maskLog(logRecord, maskingConfig);
     }
-    const associationProperties = import_api7.context.active().getValue(PROPERTIES_CONTEXT_KEY);
+    const associationProperties = import_api8.context.active().getValue(PROPERTIES_CONTEXT_KEY);
     if (associationProperties) {
       for (const [key, value] of Object.entries(associationProperties)) {
         logRecord.setAttribute(`${BRIZZ}.${key}`, value);
@@ -2045,10 +2008,10 @@ var BrizzSpanExporter = class {
 };
 // src/internal/trace/processors/span-processor.ts
-var import_api8 = require("@opentelemetry/api");
+var import_api9 = require("@opentelemetry/api");
 var import_sdk_trace_base = require("@opentelemetry/sdk-trace-base");
 function applyContextAttributes(span) {
-  const sessionProperties = import_api8.context.active().getValue(PROPERTIES_CONTEXT_KEY);
+  const sessionProperties = import_api9.context.active().getValue(PROPERTIES_CONTEXT_KEY);
   if (sessionProperties) {
     for (const [key, value] of Object.entries(sessionProperties)) {
       span.setAttribute(`${BRIZZ}.${key}`, value);
@@ -2058,12 +2021,6 @@ function applyContextAttributes(span) {
 var DEFAULT_MASKING_RULES = [
   {
     mode: "partial",
-    attributePattern: "gen_ai.prompt",
-    patterns: DEFAULT_PII_PATTERNS
-  },
-  {
-    mode: "partial",
-    attributePattern: "gen_ai.completion",
     patterns: DEFAULT_PII_PATTERNS
   }
 ];
@@ -2073,24 +2030,16 @@ var BrizzSimpleSpanProcessor = class extends import_sdk_trace_base.SimpleSpanPro
     super(spanExporter);
     this.config = config;
   }
-  // Will work with the following code:
-  // const span = tracer.startSpan('sensitive-operation',{attributes:{
-  //     'user.password': 'secret123',
-  //     'user.email': 'user@example.com',
-  //   }});
-  //
-  // Won't work because onStart is called before attributes are set:
-  // span.setAttributes({
-  //    'user.password': 'secret123',
-  //    'user.email': 'user@example.com'
-  //  });
   onStart(span, parentContext) {
+    applyContextAttributes(span);
+    super.onStart(span, parentContext);
+  }
+  onEnd(span) {
     const maskingConfig = this.config.masking?.spanMasking;
     if (maskingConfig) {
-      maskSpan(span, maskingConfig);
+      maskReadableSpan(span, maskingConfig);
     }
-    applyContextAttributes(span);
-    super.onStart(span, parentContext);
+    super.onEnd(span);
   }
 };
 var BrizzBatchSpanProcessor = class extends import_sdk_trace_base.BatchSpanProcessor {
@@ -2100,39 +2049,39 @@ var BrizzBatchSpanProcessor = class extends import_sdk_trace_base.BatchSpanProce
     this.config = config;
   }
   onStart(span, parentContext) {
+    applyContextAttributes(span);
+    super.onStart(span, parentContext);
+  }
+  onEnd(span) {
     const maskingConfig = this.config.masking?.spanMasking;
     if (maskingConfig) {
-      maskSpan(span, maskingConfig);
+      maskReadableSpan(span, maskingConfig);
     }
-    applyContextAttributes(span);
-    super.onStart(span, parentContext);
+    super.onEnd(span);
   }
 };
-function maskSpan(span, config) {
-  if (!span.attributes || Object.keys(span.attributes).length === 0) {
-    return span;
+function maskReadableSpan(span, config) {
+  const attrs = span.attributes;
+  if (!attrs || Object.keys(attrs).length === 0) {
+    return;
   }
-  let rules = config.rules || [];
+  let rules = config.rules ? [...config.rules] : [];
   if (!config.disableDefaultRules) {
-    rules = [...DEFAULT_MASKING_RULES, ...rules];
+    rules = [...rules, ...DEFAULT_MASKING_RULES];
   }
   try {
-    const attributesRecord = {};
-    for (const [key, value] of Object.entries(span.attributes)) {
-      attributesRecord[key] = value;
-    }
-    const maskedAttributes = maskAttributes(attributesRecord, rules);
-    if (maskedAttributes && Object.keys(maskedAttributes).length > 0) {
-      const merged = { ...span.attributes };
-      for (const [key, value] of Object.entries(maskedAttributes)) {
-        merged[key] = value;
+    const input = {};
+    for (const [k, v] of Object.entries(attrs)) {
+      input[k] = v;
+    }
+    const masked = maskAttributes(input, rules);
+    for (const [k, v] of Object.entries(masked ?? {})) {
+      if (attrs[k] !== v) {
+        attrs[k] = v;
       }
-      span.setAttributes(merged);
     }
-    return span;
   } catch (error) {
-    logger.error("Error masking span:", error);
-    return span;
+    logger.error("Error masking span", { err: error });
   }
 }
@@ -2245,7 +2194,7 @@ function getSpanProcessor() {
 }
 // src/internal/trace/session.ts
-var import_api9 = require("@opentelemetry/api");
+var import_api10 = require("@opentelemetry/api");
 // src/internal/sdk.ts
 var _Brizz = class __Brizz {
@@ -2578,15 +2527,18 @@ if (runtime.isESM && runtime.supportsLoaderAPI) {
   maybeRegisterESMLoader();
 }
 try {
-  Brizz.initialize({
-    apiKey: process.env["BRIZZ_API_KEY"],
-    baseUrl: process.env["BRIZZ_BASE_URL"],
-    appName: process.env["BRIZZ_APP_NAME"] || process.env["OTEL_SERVICE_NAME"],
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    logLevel: process.env["BRIZZ_LOG_LEVEL"] || DEFAULT_LOG_LEVEL.toString(),
-    // Enable auto-instrumentation by default in preload mode
-    disableNodeSdk: false
-  });
+  const logLevel = process.env["BRIZZ_LOG_LEVEL"] || DEFAULT_LOG_LEVEL.toString();
+  if (process.env["BRIZZ_DSN"]) {
+    Brizz.initialize({ logLevel, disableNodeSdk: false });
+  } else {
+    Brizz.initialize({
+      apiKey: process.env["BRIZZ_API_KEY"],
+      baseUrl: process.env["BRIZZ_BASE_URL"],
+      appName: process.env["BRIZZ_APP_NAME"] || process.env["OTEL_SERVICE_NAME"],
+      logLevel,
+      disableNodeSdk: false
+    });
+  }
   logger.info(`SDK auto-initialized for ${runtime.isESM ? "ESM" : "CJS"} runtime`);
 } catch (error) {
   logger.warn("Failed to auto-initialize SDK:", { error });