@ciandt-flow/flow-ai-obs 0.3.0 → 0.3.1-beta.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +99 -77
- package/dist/index.js +11 -11
- package/dist/setup.js +9 -54
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -1,120 +1,140 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
'use strict';var c=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,n)=>(typeof require<"u"?require:t)[n]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var p=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var
|
|
2
|
+
'use strict';var c=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,n)=>(typeof require<"u"?require:t)[n]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var p=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var Ee=p((Ma,fs)=>{fs.exports={name:"@ciandt-flow/flow-ai-obs",version:"0.3.1-beta.67",description:"Claude Code hooks for Langfuse OTLP tracing \u2014 cross-platform",main:"dist/index.js",bin:{"flow-ai-obs":"dist/cli.js","flow-ai-obs-setup":"dist/setup.js"},scripts:{build:"tsup",test:"node --test src/**/*.test.js",typecheck:"node --check src/**/*.js bin/cli.js",lint:"node --check src/**/*.js bin/cli.js","security-scan":"trufflehog filesystem src/ --fail --no-update --exclude-paths .trufflehogignore",postinstall:`node -e "require('fs').existsSync('dist/setup.js') && require('child_process').execFileSync(process.execPath, ['dist/setup.js'], {stdio:'inherit'})"`,prepublishOnly:"npm run security-scan && npm run build","release:npm":"changeset publish",changeset:"changeset","version-packages":"changeset version","install:hooks":"node bin/cli.js install","auth:login":"node bin/cli.js auth login","auth:logout":"node bin/cli.js auth logout","auth:status":"node bin/cli.js auth status",smoke:"bash scripts/smoke-test.sh","smoke:debug":"bash scripts/smoke-test.sh --debug","smoke:send":"bash scripts/smoke-test.sh --send --allow-http --debug"},files:["dist/","README.md","LICENSE.md"],keywords:["claude-code","langfuse","observability","otlp","hooks","flow","ciandt"],author:"CI&T Flow Team",license:"SEE LICENSE IN LICENSE.md",private:false,dependencies:{keytar:"7.9.0"},devDependencies:{"@changesets/changelog-github":"^0.6.0","@changesets/cli":"^2.30.0",tsup:"^8.5.1",typescript:"^6.0.3"},engines:{node:">=18.0.0"},publishConfig:{registry:"https://registry.npmjs.org",access:"public"},repository:{type:"git",url:"git+https://github.com/CI-T-HyperX/flow-codeassistant-observability.git"}};});var F=p((Ba,pt)=>{var hs=!process.env.NO_COLOR&&process.stdout.isTTY;function q(e,t){return hs?n=>`\x1B[${e}m${n}\x1B[${t}m`:n=>n}var Ss=q("32","39"),Ts=q("31","39"),Es=q("33","39"),ws=q("36","39"),gs=q("1","22"),_s=q("2","22");pt.exports={green:Ss,red:Ts,yellow:Es,cyan:ws,bold:gs,dim:_s};});var we=p((Da,Et)=>{var ms=c("https"),St=c("fs"),ys=c("os"),Os=c("path"),{spawn:As}=c("child_process"),be;function x(){return be||(be=Ee()),be}var Tt=Os.join(ys.tmpdir(),"flow-obs-update-cache.json"),Ls=1440*60*1e3,Ns=3e3;function Ue(e,t){let n=o=>{let i=String(o).replace(/^v/,"").match(/^(\d+)\.(\d+)\.(\d+)/);return i?[+i[1],+i[2],+i[3]]:null},s=n(e),r=n(t);return !s||!r?false:r[0]!==s[0]?r[0]>s[0]:r[1]!==s[1]?r[1]>s[1]:r[2]>s[2]}function Is(){try{let e=JSON.parse(St.readFileSync(Tt,"utf8"));return typeof e.latestVersion!="string"||Date.now()-e.checkedAt>=Ls?null:e}catch{return null}}function ks(e,t){try{St.writeFileSync(Tt,JSON.stringify({latestVersion:e,updatePriority:t||null,checkedAt:Date.now()}),{mode:384});}catch{}}function Cs(e){let t=x().name,n=ms.get(`https://registry.npmjs.org/${encodeURIComponent(t)}/latest`,{timeout:Ns},s=>{if(s.statusCode!==200)return s.resume(),e(new Error(`HTTP ${s.statusCode}`));let r="";s.setEncoding("utf8"),s.on("data",o=>{r+=o;}),s.on("end",()=>{try{let o=JSON.parse(r);if(typeof o.version!="string")throw new Error("no version field");e(null,{version:o.version,updatePriority:typeof o.updatePriority=="string"?o.updatePriority:null});}catch(o){e(o);}});});n.on("error",e),n.on("timeout",()=>{n.destroy(new Error("timeout"));});}function ft(e){let t=x().name,s=` Update available: ${x().version} \u2192 ${e}`,r=` Run: npm install -g ${t}`,o=Math.max(s.length,r.length)+2,i="\u2500".repeat(o);process.stderr.write(`
|
|
3
3
|
\u256D${i}\u256E
|
|
4
4
|
\u2502${s.padEnd(o)}\u2502
|
|
5
5
|
\u2502${r.padEnd(o)}\u2502
|
|
6
6
|
\u2570${i}\u256F
|
|
7
7
|
|
|
8
|
-
`);}function ht(e){let t=
|
|
8
|
+
`);}function ht(e){let t=x().name;process.stderr.write(`
|
|
9
9
|
[${t}] Critical update detected \u2014 auto-updating to ${e}...
|
|
10
10
|
|
|
11
|
-
`),
|
|
12
|
-
`,"utf8");}finally{
|
|
13
|
-
`,"utf8");}finally{
|
|
14
|
-
`;try{
|
|
15
|
-
`);}}
|
|
11
|
+
`),As("npm",["install","-g",`${t}@${e}`],{detached:true,stdio:"ignore",windowsHide:true}).unref();}function vs(){try{let e=Is();if(e){Ue(x().version,e.latestVersion)&&(e.updatePriority==="auto"?ht(e.latestVersion):ft(e.latestVersion));return}setImmediate(()=>{Cs((t,n)=>{t||!n||(ks(n.version,n.updatePriority),Ue(x().version,n.version)&&(n.updatePriority==="auto"?ht(n.version):ft(n.version)));});});}catch{}}Et.exports={checkForUpdate:vs,isNewer:Ue};});var w=p((Ha,gt)=>{var M=process.env.FLOW_BASE_URL||"https://flow.ciandt.com",wt={AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${M}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${M}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${M}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${M}/otel`},bs={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},Us="FLOW-nodejs",Rs="config.json",Ps={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"},$s={ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL||`${M}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL||"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL||"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"},qs={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:wt.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},Fs={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP"},xs={KEYCHAIN_ENABLED:false},Ms={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},Bs={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},Ds={FILE_PREFIX:"flow-obs-buffer-",MAX_AGE_MS:5760*60*1e3,MAX_FILES:50},Hs="flow-ai-obs-debug.log",js={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60},Gs="flow-obs-";gt.exports={FLOW_BASE_URL:M,FLOW_URLS:wt,VAULT:bs,CONFIG_DIR_NAME:Us,CONFIG_FILE_NAME:Rs,OTLP:Ps,LLM_PROXY:$s,NATIVE_OTEL:qs,ENV:Fs,FEATURES:xs,INSTALLER:Ms,HOOK_TIMEOUTS:Bs,BUFFER:Ds,DEBUG_LOG_FILENAME:Hs,STATE_FILE_PREFIX:Gs,TRACE_LIMITS:js};});var z=p((ja,mt)=>{var Ys=c("https"),Ks=c("http"),{FLOW_URLS:Vs}=w(),Ws=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function Js(e){if(!Ws.test(e))throw new Error(`Invalid tenant value: "${e}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var _t={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function Xs(e,t){try{let n=JSON.parse(t);if(typeof n.error=="string"&&_t[n.error])return new Error(_t[n.error])}catch{}return e===401||e===403||e===500?new Error("Invalid credentials"):e>=400&&e<500?new Error("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function zs(e){return new Promise((t,n)=>{try{Js(e.tenant);}catch(d){return n(d)}let s=JSON.stringify({clientSecret:e.clientSecret}),r=new URL(Vs.AUTH_ENGINE),o=r.protocol==="https:",i={hostname:r.hostname,port:r.port||(o?443:80),path:r.pathname+r.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(s),FlowTenant:e.tenant}},u=(o?Ys:Ks).request(i,d=>{let l=[];d.on("data",h=>l.push(h)),d.on("end",()=>{let h=l.join("");if(d.statusCode>=400)return n(Xs(d.statusCode,h));let T;try{T=JSON.parse(h);}catch{return n(new Error("Invalid response from auth engine"))}let O=T.expires_at??new Date(Date.now()+(T.expires_in??3600)*1e3).toISOString();t({accessToken:T.access_token,expiresAt:O});});});u.on("error",d=>n(new Error(`Network error: ${d.message}`))),u.write(s),u.end();})}mt.exports={getToken:zs};});var ee=p((Ga,Lt)=>{var g=c("fs"),Q=c("path"),yt=c("os"),{FLOW_URLS:Zs,INSTALLER:Z,HOOK_TIMEOUTS:ge,NATIVE_OTEL:Qs,LLM_PROXY:er}=w(),{getToken:tr}=z();function Pe(){return process.platform==="win32"?Q.join(process.env.APPDATA||Q.join(yt.homedir(),"AppData","Roaming"),"Claude","settings.json"):Q.join(yt.homedir(),".claude","settings.json")}var nr=Z.LOCK_STALE_MS;function Ot(e){try{let t=g.statSync(e);Date.now()-t.mtimeMs>nr&&g.unlinkSync(e);}catch{}try{g.writeFileSync(e,String(process.pid),{flag:"wx"});}catch(t){throw t.code==="EEXIST"?new Error("Another install is already in progress. If this is stale, remove: "+e):t}}function At(e){try{g.unlinkSync(e);}catch{}}function sr(){let e=Pe(),t=e+".lock";g.mkdirSync(Q.dirname(e),{recursive:true}),Ot(t);try{if(g.existsSync(e)){g.copyFileSync(e,e+".bkp");try{g.chmodSync(e+".bkp",384);}catch{}}let n={};try{n=JSON.parse(g.readFileSync(e,"utf8"));}catch{}(!n.env||typeof n.env!="object")&&(n.env={}),Object.assign(n.env,Qs),Object.assign(n.env,er),n.otelHeadersHelper="flow-ai-obs otel-headers",(!n.hooks||typeof n.hooks!="object")&&(n.hooks={});let s=(r,o)=>({matcher:"",hooks:[{type:"command",command:`flow-ai-obs ${r}`,timeout:o}]});n.hooks.UserPromptSubmit=[s("UserPromptSubmit",ge.UserPromptSubmit)],n.hooks.PreToolUse=[s("PreToolUse",ge.PreToolUse)],n.hooks.PostToolUse=[s("PostToolUse",ge.PostToolUse)],n.hooks.Stop=[s("Stop",ge.Stop)],g.writeFileSync(e,JSON.stringify(n,null,2)+`
|
|
12
|
+
`,{encoding:"utf8",mode:384});try{g.chmodSync(e,384);}catch{}}finally{At(t);}return e}async function rr(e){let t;try{t=(await tr(e)).accessToken;}catch{return false}return t?new Promise(n=>{Re(`Bearer ${t}`,n,1);}):false}function Re(e,t,n){let s=new URL(Zs.GATEWAY_TRACES),r=JSON.stringify({resourceSpans:[],validation_run:true}),o=s.protocol==="https:",i={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:e,"Content-Length":Buffer.byteLength(r)}},u=(o?c("https"):c("http")).request(i,d=>{d.resume(),d.statusCode===200||d.statusCode===204?t(true):n<Z.CONNECTIVITY_MAX_RETRY?setTimeout(()=>Re(e,t,n+1),Z.CONNECTIVITY_RETRY_MS):t(false);});u.on("error",()=>{n<Z.CONNECTIVITY_MAX_RETRY?setTimeout(()=>Re(e,t,n+1),Z.CONNECTIVITY_RETRY_MS):t(false);}),u.write(r),u.end();}function or(e){let t=Pe(),n=t+".lock";g.mkdirSync(Q.dirname(t),{recursive:true}),Ot(n);try{let s={};try{s=JSON.parse(g.readFileSync(t,"utf8"));}catch{}(!s.env||typeof s.env!="object")&&(s.env={}),Object.assign(s.env,e),g.writeFileSync(t,JSON.stringify(s,null,2)+`
|
|
13
|
+
`,{encoding:"utf8",mode:384});try{g.chmodSync(t,384);}catch{}}finally{At(n);}}Lt.exports={getClaudeSettingsPath:Pe,writeClaudeSettings:sr,addEnvToClaudeSettings:or,validateConnectivity:rr};});var kt=p((Ya,It)=>{var ne=c("fs"),B=c("path"),ir=c("os"),{CONFIG_DIR_NAME:$e,CONFIG_FILE_NAME:qe}=w(),Fe={credentials:"credentials","token-cache":"tokenCache"};function te(){let e=ir.homedir();if(process.platform==="darwin")return B.join(e,"Library","Preferences",$e,qe);if(process.platform==="win32"){let n=process.env.APPDATA||B.join(e,"AppData","Roaming");return B.join(n,$e,qe)}let t=process.env.XDG_CONFIG_HOME||B.join(e,".config");return B.join(t,$e,qe)}function xe(){try{let e=ne.readFileSync(te(),"utf8");return JSON.parse(e)}catch{return {}}}function Nt(e){let t=te();ne.mkdirSync(B.dirname(t),{recursive:true}),ne.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var _e=class{static isAvailable(){return true}static hasExistingData(){try{if(!ne.existsSync(te()))return !1;let t=JSON.parse(ne.readFileSync(te(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,n){let s=xe(),r=Fe[n]||n,o=s[r];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,n,s){let r=xe(),o=Fe[n]||n;if(n==="token-cache")try{r[o]=JSON.parse(s);}catch{r[o]=s;}else r[o]=s;Nt(r);}async deleteSecret(t,n){let s=xe(),r=Fe[n]||n;return r in s?(delete s[r],Nt(s),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${te()}`}};function ar(){}var cr=_e;It.exports={JsonFallbackProvider:_e,ScryptFallbackProvider:cr,_resetWarningState:ar};});var vt=p((Ka,Ct)=>{var{execFile:ur}=c("child_process"),{promisify:lr}=c("util"),{accessSync:dr,constants:pr}=c("fs"),Me=lr(ur),Be=class{static async isAvailable(){try{return dr("/usr/bin/security",pr.X_OK),!0}catch{return false}}async getSecret(t,n){try{let{stdout:s}=await Me("security",["find-generic-password","-w","-a",n,"-s",t]);return s.trim()||null}catch{return null}}async setSecret(t,n,s){await Me("security",["add-generic-password","-U","-a",n,"-s",t,"-w",s]);}async deleteSecret(t,n){try{return await Me("security",["delete-generic-password","-a",n,"-s",t]),!0}catch{return false}}getStoragePath(){return "macOS Keychain"}};Ct.exports={MacOsKeyVaultProvider:Be};});var Rt=p((Va,Ut)=>{var{execFile:fr,spawn:hr}=c("child_process"),{promisify:Sr}=c("util"),{accessSync:Tr,constants:Er}=c("fs"),bt=Sr(fr),De=class{static async isAvailable(){let t=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let n of t)try{return Tr(n,Er.X_OK),!0}catch{}return false}async getSecret(t,n){try{let{stdout:s}=await bt("secret-tool",["lookup","service",t,"account",n]);return s.trim()||null}catch{return null}}async setSecret(t,n,s){await new Promise((r,o)=>{let i=hr("secret-tool",["store","--label",t,"service",t,"account",n]);i.on("error",o),i.on("close",a=>{a===0?r():o(new Error(`secret-tool exited with code ${a}`));}),i.stdin.write(s),i.stdin.end();});}async deleteSecret(t,n){try{return await bt("secret-tool",["clear","service",t,"account",n]),!0}catch{return false}}getStoragePath(){return "Linux Secret Service (libsecret)"}};Ut.exports={LinuxKeyVaultProvider:De};});var $t=p((Wa,Pt)=>{var He=class{static async isAvailable(){try{return await c("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return false}}async getSecret(t,n){return c("keytar").getPassword(t,n)}async setSecret(t,n,s){await c("keytar").setPassword(t,n,s);}async deleteSecret(t,n){return c("keytar").deletePassword(t,n)}getStoragePath(){return "Windows Credential Manager"}};Pt.exports={WindowsKeyVaultProvider:He};});var xt=p((Ja,Ft)=>{async function qt(){let{JsonFallbackProvider:e}=kt();return await wr()??new e}async function wr(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=vt();return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=Rt();return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=$t();return await e.isAvailable()?new e:null}default:return null}}var gr=qt;Ft.exports={createSecretVaultProvider:qt,createKeyVaultProvider:gr};});var j=p((Xa,Bt)=>{var{createSecretVaultProvider:_r}=xt(),{VAULT:Ge}=w(),D=Ge.SERVICE,Ye=Ge.ACCOUNT_CREDS,Ke=Ge.ACCOUNT_TOKEN,je=null;function H(){return je||(je=_r()),je}async function Mt(){let t=await(await H()).getSecret(D,Ye);if(!t)return null;try{return JSON.parse(t)}catch{return null}}async function mr(e){if(!e.clientId||!e.clientSecret||!e.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await H()).setSecret(D,Ye,JSON.stringify(e));}async function yr(){let e=await H();await e.deleteSecret(D,Ye),await e.deleteSecret(D,Ke);}async function Or(e){await(await H()).setSecret(D,Ke,JSON.stringify({accessToken:e.accessToken,expiresAt:e.expiresAt}));}async function Ve(){let t=await(await H()).getSecret(D,Ke);if(!t)return null;try{let n=JSON.parse(t);return {accessToken:n.accessToken,expiresAt:n.expiresAt}}catch{return null}}async function Ar(){let e=await Ve();return e?new Date(e.expiresAt)>new Date:false}async function Lr(){let e=await Ve();if(!e||!e.accessToken)return null;try{let t=e.accessToken.split(".");if(t.length<2)return null;let n=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return n.email||n.preferred_username||n.upn||n.sub||null}catch{return null}}async function Nr(){let e=await H();if(typeof e.getStoragePath=="function")return e.getStoragePath();let t=process.platform;return t==="darwin"?"macOS Keychain":t==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function Ir(){let e=await Mt();return !!(e&&e.clientId&&e.clientSecret&&e.tenant)}Bt.exports={getFlowCredentials:Mt,saveFlowCredentials:mr,clearFlowCredentials:yr,saveTokenCache:Or,getTokenCache:Ve,isTokenValid:Ar,getEmailFromToken:Lr,getConfigPath:Nr,hasCredentials:Ir};});var C=p((za,Ht)=>{var{writeFileSync:kr}=c("fs"),{tmpdir:Cr}=c("os"),{join:vr}=c("path"),{DEBUG_LOG_FILENAME:br,ENV:Ur}=w(),Dt=vr(Cr(),br);function Rr(...e){if(process.env[Ur.FLOW_OBS_DEBUG]!=="1")return;let t=`[${new Date().toISOString()}] ${e.join(" ")}
|
|
14
|
+
`;try{kr(Dt,t,{flag:"a"});}catch(n){process.stderr.write(`[flow-obs debug ERROR] ${n.message}
|
|
15
|
+
`);}}Ht.exports={dbg:Rr,DEBUG_LOG:Dt};});var P=p((Za,Gt)=>{var{getFlowCredentials:We,isTokenValid:Pr,getEmailFromToken:se,getTokenCache:$r,saveTokenCache:qr}=j(),{getToken:Fr}=z(),{FLOW_BASE_URL:xr,ENV:A,FEATURES:Je}=w(),{dbg:G}=C(),Mr=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];function Br(e){return Mr.some(t=>t.test(e))}function me(e){if(!e)return null;try{let t=e.split(".");if(t.length<2)return null;let n=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:s,clientSecret:r,tenant:o}=n;return !s||!r||!o?null:{clientId:s,clientSecret:r,tenant:o}}catch{return null}}function Dr(e){let t=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),n=Buffer.from(JSON.stringify({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant})).toString("base64url");return `${t}.${n}.`}function Xe(e){let t;try{t=new URL(e);}catch{throw new Error(`Invalid URL: ${e}`)}if(!(process.env[A.FLOW_OBS_ALLOW_HTTP]==="true")&&t.protocol!=="https:")throw new Error(`URL must use HTTPS: ${e}`);if(t.username||t.password)throw new Error(`URL must not contain embedded credentials: ${e}`);if(Br(t.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${t.hostname}`);return e}async function Hr(){let e=me(process.env[A.ANTHROPIC_AUTH_TOKEN]);if(e)return {user:await se().catch(()=>null)||e.clientId,tenant:e.tenant};if(Je.KEYCHAIN_ENABLED)try{let t=await We();if(!t)return {user:"",tenant:""};let n=await se()||t.clientId||"",s=t.tenant||"";return {user:n,tenant:s}}catch{return {user:"",tenant:""}}return {user:"",tenant:""}}async function jr(e){if(await Pr())return (await $r()).accessToken;G("getOrRefreshToken","token expired \u2014 refreshing via auth-engine");let t=await Fr(e);return await qr(t),G("getOrRefreshToken",`token refreshed, expires=${t.expiresAt}`),t.accessToken}function Gr(e,t){let n=t&&t.accessToken?t.accessToken:"";return {endpoint:e.replace(/\/$/,"")+"/langfuse/traces",authHeader:`Bearer ${n}`}}function Yr(e,t,n){let s=Buffer.from(`${t}:${n}`).toString("base64");return {endpoint:e.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${s}`}}async function jt(){let e=[],t=process.env[A.ANTHROPIC_MODEL]||"",n=process.env[A.FLOW_TELEMETRY]==="true",s=process.env[A.LANGFUSE_BASE_URL],r=process.env[A.LANGFUSE_PUBLIC_KEY],o=process.env[A.LANGFUSE_SECRET_KEY];if(n&&s&&r&&o){let l="",h="",T=me(process.env[A.ANTHROPIC_AUTH_TOKEN]);if(T)l=await se().catch(()=>null)||T.clientId,h=T.tenant;else if(Je.KEYCHAIN_ENABLED)try{let I=await We();I&&(l=await se()||I.clientId,h=I.tenant);}catch{}let O={user:l||"",tenant:h||"",team:"",project:"",model:t};e.push({mode:"direct",...Yr(Xe(s),r,o),...O}),G("resolveCredentials","direct mode active",`user=${O.user}`,`tenant=${O.tenant}`);}let i=me(process.env[A.ANTHROPIC_AUTH_TOKEN]);if(G("resolveCredentials",i?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),!i&&Je.KEYCHAIN_ENABLED&&(i=await We(),i&&G("resolveCredentials","credentials resolved from keychain (FEATURES.KEYCHAIN_ENABLED=true)")),!i){if(e.length===0){let l=[];return l.authError=false,l}return e}let a;try{a=await jr(i);}catch(l){if(G("resolveCredentials",`token refresh failed: ${l.message}`),e.length>0)return e;let h=[];return h.authError=true,h}let u={user:await se()||i.clientId,tenant:i.tenant,team:"",project:"",model:t},d=process.env[A.FLOW_TELEMETRY_GATEWAY]||xr;return e.push({mode:"gateway",...Gr(Xe(d),{accessToken:a}),...u}),e}async function Kr(){return (await jt()).length>0}Gt.exports={credentialsAvailable:Kr,getIdentityFromToken:Hr,resolveCredentials:jt,validateUrl:Xe,parseCredsFromAnthropicToken:me,buildAnthropicAuthToken:Dr};});var ae=p((Qa,zt)=>{var{getFlowCredentials:ze,saveFlowCredentials:Yt,clearFlowCredentials:Vr,saveTokenCache:Wr,isTokenValid:Jr,getConfigPath:Kt,hasCredentials:Xr}=j(),{getToken:zr}=z(),{buildAnthropicAuthToken:Zr,parseCredsFromAnthropicToken:Vt}=P(),{addEnvToClaudeSettings:Qr}=ee(),{ENV:Ze}=w(),{green:Oe,red:re,yellow:ye,cyan:oe,bold:Wt,dim:Y}=F(),eo=/[\x00-\x08\x0B-\x1F\x7F]|\x1b\[[0-9;]*[a-zA-Z]/g;function v(e){return typeof e=="string"?e.replace(eo,""):e}function ie(e,t={}){return new Promise((n,s)=>{let{masked:r=false,defaultValue:o=""}=t;process.stdout.write(e+o);let i=o;function a(){try{process.stdin.setRawMode(!1);}catch{}}process.once("uncaughtException",a),process.once("unhandledRejection",a);let u=l=>{if(l===""){d(),s(new Error("SIGINT"));return}if(l==="\r"||l===`
|
|
16
16
|
`){d(),process.stdout.write(`
|
|
17
|
-
`),n(i);return}if(l==="\x7F"){i.length>0&&(i=i.slice(0,-1),process.stdout.write("\b \b"));return}l.startsWith("\x1B")||(i+=l,process.stdout.write(r?"*".repeat(l.length):l));};function d(){process.stdin.setRawMode(false),process.stdin.removeListener("data",u),process.removeListener("uncaughtException",a),process.removeListener("unhandledRejection",a);}process.stdin.setRawMode(true),process.stdin.resume(),process.stdin.setEncoding("utf8"),process.stdin.on("data",u);})}async function
|
|
18
|
-
|
|
19
|
-
`)),0}catch(t){return process.stderr.write(
|
|
20
|
-
`)),1}}async function
|
|
21
|
-
`);let e=(await oe(
|
|
22
|
-
`)),1;try{await
|
|
23
|
-
`)),1}return process.stdout.write(
|
|
24
|
-
`)),process.stdout.write(` Storage: ${await
|
|
25
|
-
|
|
26
|
-
`),0}catch(e){if(e.message==="SIGINT")throw e;return process.stderr.write(
|
|
27
|
-
`)),1}}async function
|
|
28
|
-
`),process.stdout.write(
|
|
29
|
-
`)),process.stdout.write(
|
|
30
|
-
`),process.stdout.write(
|
|
17
|
+
`),n(i);return}if(l==="\x7F"){i.length>0&&(i=i.slice(0,-1),process.stdout.write("\b \b"));return}l.startsWith("\x1B")||(i+=l,process.stdout.write(r?"*".repeat(l.length):l));};function d(){process.stdin.setRawMode(false),process.stdin.removeListener("data",u),process.removeListener("uncaughtException",a),process.removeListener("unhandledRejection",a);}process.stdin.setRawMode(true),process.stdin.resume(),process.stdin.setEncoding("utf8"),process.stdin.on("data",u);})}async function Jt(e){try{let t=await ze();(!t||t.clientId!==e.clientId||t.clientSecret!==e.clientSecret||t.tenant!==e.tenant)&&await Yt(e);}catch{}}async function Xt(e){let{accessToken:t,expiresAt:n}=await zr(e);await Yt(e),await Wr({accessToken:t,expiresAt:n});try{let s=Zr(e);Qr({[Ze.ANTHROPIC_AUTH_TOKEN]:s});}catch{}}async function to(e){try{return await Xt(e),process.stdout.write(Oe(` \u2713 Setup complete. Tenant: ${v(e.tenant)}
|
|
18
|
+
|
|
19
|
+
`)),0}catch(t){return process.stderr.write(re(` \u2717 Authentication failed: ${v(t.message)}
|
|
20
|
+
`)),1}}async function no(){try{process.stdout.write(`
|
|
21
|
+
`);let e=(await ie(oe(" ? ")+"Client ID: ")).trim(),t=(await ie(oe(" ? ")+"Client Secret: ",{masked:!0})).trim(),n=(await ie(oe(" ? ")+"Tenant: ")).trim();if(!e||!t||!n)return process.stderr.write(re(` \u2717 All fields are required
|
|
22
|
+
`)),1;try{await Xt({clientId:e,clientSecret:t,tenant:n});}catch(s){return process.stderr.write(re(` \u2717 Authentication failed: ${v(s.message)}
|
|
23
|
+
`)),1}return process.stdout.write(Oe(` \u2713 Setup complete. Tenant: ${v(n)}
|
|
24
|
+
`)),process.stdout.write(` Storage: ${await Kt()}
|
|
25
|
+
|
|
26
|
+
`),0}catch(e){if(e.message==="SIGINT")throw e;return process.stderr.write(re(` \u2717 Unexpected error: ${e.message}
|
|
27
|
+
`)),1}}async function so(e={}){if(e.clientId&&e.clientSecret&&e.tenant)return to({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant});let t=Vt(process.env[Ze.ANTHROPIC_AUTH_TOKEN]);t&&await Jt(t);let n=t||await ze();if(n){process.stdout.write(`
|
|
28
|
+
`),process.stdout.write(Wt(` Already authenticated
|
|
29
|
+
`)),process.stdout.write(Y(" Tenant: ")+v(n.tenant)+`
|
|
30
|
+
`),process.stdout.write(Y(" Client ID: ")+v(n.clientId)+`
|
|
31
31
|
`),process.stdout.write(`
|
|
32
|
-
`);let s;try{s=await oe(
|
|
33
|
-
`),130;throw r}if(s.trim().toLowerCase()!=="y")return process.stdout.write(
|
|
32
|
+
`);let s;try{s=await ie(oe(" ? ")+"Re-authenticate? (y/N): ");}catch(r){if(r.message==="SIGINT")return process.stdout.write(`
|
|
33
|
+
`),130;throw r}if(s.trim().toLowerCase()!=="y")return process.stdout.write(Oe(` \u2713 Using existing credentials.
|
|
34
34
|
|
|
35
|
-
`)),0}try{return await
|
|
36
|
-
`),130;throw s}}async function
|
|
37
|
-
`),(await oe(
|
|
35
|
+
`)),0}try{return await no()}catch(s){if(s.message==="SIGINT")return process.stdout.write(`
|
|
36
|
+
`),130;throw s}}async function ro(){try{return process.stdout.write(`
|
|
37
|
+
`),(await ie(oe(" ? ")+"Are you sure? This will remove your local credentials. (y/N): ")).toLowerCase()!=="y"?(process.stdout.write(ye(` \u26A0 Logout cancelled
|
|
38
38
|
`)),0):null}catch(e){if(e.message==="SIGINT")return process.stdout.write(`
|
|
39
|
-
`),130;throw e}}async function
|
|
40
|
-
`)),0;if(!e){let t=await
|
|
41
|
-
`)),0}catch{return process.stderr.write(
|
|
42
|
-
`)),1}}async function
|
|
43
|
-
`+
|
|
44
|
-
`)),process.stdout.write(
|
|
45
|
-
`),process.stdout.write(
|
|
46
|
-
`),process.stdout.write(
|
|
47
|
-
`),process.stdout.write(
|
|
48
|
-
|
|
49
|
-
`),0}
|
|
39
|
+
`),130;throw e}}async function oo(e=false){if(!await Xr())return process.stdout.write(ye(` \u26A0 You are not authenticated
|
|
40
|
+
`)),0;if(!e){let t=await ro();if(t!==null)return t}try{return await Vr(),process.stdout.write(Oe(` \u2713 Credentials removed successfully
|
|
41
|
+
`)),0}catch{return process.stderr.write(re(` \u2717 Error removing credentials
|
|
42
|
+
`)),1}}async function io(){let e=Vt(process.env[Ze.ANTHROPIC_AUTH_TOKEN]);e&&await Jt(e);let t=e||await ze();if(!t)return process.stdout.write(ye(" \u26A0 Not authenticated. Run `flow-ai-obs auth login` to set up.\n")),0;if(!e&&!await Jr())return process.stdout.write(ye(" \u26A0 Session expired. Run `flow-ai-obs auth login` to re-authenticate.\n")),0;let n=t.clientSecret.length>4?"****...****"+t.clientSecret.slice(-4):"****",s=e?"ANTHROPIC_AUTH_TOKEN (settings.json)":await Kt();return process.stdout.write(`
|
|
43
|
+
`+Wt(` Authenticated
|
|
44
|
+
`)),process.stdout.write(Y(" Tenant: ")+v(t.tenant)+`
|
|
45
|
+
`),process.stdout.write(Y(" Client ID: ")+v(t.clientId)+`
|
|
46
|
+
`),process.stdout.write(Y(" Client Secret: ")+n+`
|
|
47
|
+
`),process.stdout.write(Y(" Storage: ")+s+`
|
|
48
|
+
|
|
49
|
+
`),0}zt.exports={runLogin:so,runLogout:oo,runStatus:io};});var et=p((ec,tn)=>{var ao=c("fs"),Qe=c("path"),Zt=c("os"),{spawnSync:co}=c("child_process"),{writeClaudeSettings:uo}=ee(),{NATIVE_OTEL:lo,ENV:po}=w(),{green:fo,red:ho,yellow:So,bold:Qt,dim:L,cyan:To}=F(),{runLogin:Eo}=ae(),en={darwin:`npm install -g @anthropic-ai/claude-code
|
|
50
50
|
or visit: https://claude.ai/download`,linux:"npm install -g @anthropic-ai/claude-code",win32:`npm install -g @anthropic-ai/claude-code
|
|
51
|
-
or visit: https://claude.ai/download`};function
|
|
52
|
-
`+
|
|
51
|
+
or visit: https://claude.ai/download`};function wo(){let e=process.platform==="win32"?"where":"which";return co(e,["claude"],{encoding:"utf8",timeout:5e3}).status===0}function go(){return process.platform==="win32"?Qe.join(process.env.APPDATA||Qe.join(Zt.homedir(),"AppData","Roaming"),"Claude","settings.json"):Qe.join(Zt.homedir(),".claude","settings.json")}function _o(){try{let e=ao.readFileSync(go(),"utf8"),t=JSON.parse(e);return !!(t.env&&t.env[po.ANTHROPIC_AUTH_TOKEN])}catch{return false}}async function mo(){if(!wo()){let t=en[process.platform]||en.linux;return process.stderr.write(`
|
|
52
|
+
`+ho(` \u2717 Claude Code is not installed or not found in PATH.
|
|
53
53
|
|
|
54
54
|
`)+` flow-ai-obs requires Claude Code to function.
|
|
55
55
|
Install it with:
|
|
56
56
|
|
|
57
|
-
`+
|
|
57
|
+
`+To(` ${t}`)+`
|
|
58
58
|
|
|
59
|
-
`),1}
|
|
59
|
+
`),1}if(!_o()){process.stdout.write(So(` \u26A0 No credentials found in settings.json \u2014 authentication required.
|
|
60
60
|
|
|
61
|
-
`));let
|
|
61
|
+
`));let t=await Eo();if(t!==0)return t}let e;try{e=uo();}catch(t){return process.stderr.write(` \u2717 Failed to write settings: ${t.message}
|
|
62
62
|
`),1}process.stdout.write(`
|
|
63
|
-
`+
|
|
64
|
-
`);for(let[
|
|
65
|
-
`);process.stdout.write(`
|
|
66
|
-
`),process.stdout.write(et(" Native OTEL configured")+` (metrics & logs)
|
|
67
|
-
`);for(let[s,r]of Object.entries(ro))process.stdout.write(L(` ${s.padEnd(36)}`)+r+`
|
|
63
|
+
`+Qt(" Native OTEL configured")+` (metrics & logs)
|
|
64
|
+
`);for(let[t,n]of Object.entries(lo))process.stdout.write(L(` ${t.padEnd(36)}`)+n+`
|
|
68
65
|
`);return process.stdout.write(`
|
|
69
|
-
`),process.stdout.write(
|
|
66
|
+
`),process.stdout.write(Qt(" Hooks registered")+` (Langfuse trace capture)
|
|
70
67
|
`),process.stdout.write(L(" UserPromptSubmit")+` \u2192 flow-ai-obs UserPromptSubmit (timeout: 5s)
|
|
71
68
|
`),process.stdout.write(L(" PreToolUse ")+` \u2192 flow-ai-obs PreToolUse (timeout: 3s)
|
|
72
69
|
`),process.stdout.write(L(" PostToolUse ")+` \u2192 flow-ai-obs PostToolUse (timeout: 10s)
|
|
73
70
|
`),process.stdout.write(L(" Stop ")+` \u2192 flow-ai-obs Stop (timeout: 15s)
|
|
74
71
|
`),process.stdout.write(`
|
|
75
|
-
`),process.stdout.write(L(" Settings: ")+
|
|
76
|
-
`),process.stdout.write(L(" Backup: ")+
|
|
72
|
+
`),process.stdout.write(L(" Settings: ")+e+`
|
|
73
|
+
`),process.stdout.write(L(" Backup: ")+e+`.bkp
|
|
77
74
|
`),process.stdout.write(L(" OTEL auth: flow-ai-obs otel-headers")+L(` (reads keychain at runtime)
|
|
78
75
|
`)),process.stdout.write(`
|
|
79
|
-
`),process.stdout.write(
|
|
76
|
+
`),process.stdout.write(fo(` \u2713 Ready. Native OTEL + Langfuse trace capture active.
|
|
77
|
+
`)),process.stdout.write(L(" Run `flow-ai-obs setup` to also configure the Flow LLM Proxy.\n\n")),0}tn.exports={runInstall:mo};});var cn=p((tc,an)=>{var{LLM_PROXY:nn}=w(),{green:sn,yellow:rn,bold:yo,dim:on}=F(),{runLogin:Oo}=ae(),{runInstall:Ao}=et(),{addEnvToClaudeSettings:Lo,validateConnectivity:No,getClaudeSettingsPath:Io}=ee(),{getFlowCredentials:ko}=j();async function Co(e={}){process.stdout.write(`
|
|
78
|
+
\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
|
|
79
|
+
`),process.stdout.write(`\u2551 flow-ai-obs \u2014 setup \u2551
|
|
80
|
+
`),process.stdout.write(`\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
|
|
81
|
+
|
|
82
|
+
`);let t=await Oo(e);if(t!==0)return process.stderr.write(`
|
|
83
|
+
Setup aborted. Run \`flow-ai-obs auth login\` to retry.
|
|
84
|
+
|
|
85
|
+
`),t;process.stdout.write(`
|
|
86
|
+
`);let n=await Ao();if(n!==0)return n;try{Lo(nn);}catch(r){process.stderr.write(` \u26A0 Could not write LLM Proxy config: ${r.message}
|
|
87
|
+
`);}process.stdout.write(yo(" Flow LLM Proxy configured")+` (model provider)
|
|
88
|
+
`);for(let[r,o]of Object.entries(nn))process.stdout.write(on(` ${r.padEnd(36)}`)+o+`
|
|
89
|
+
`);process.stdout.write(`
|
|
90
|
+
`),process.stdout.write(` Validating connectivity to Flow OTEL endpoint\u2026
|
|
91
|
+
`);let s=await ko();return s?await No(s)?process.stdout.write(sn(` \u2713 Connectivity validated \u2014 telemetry is active.
|
|
92
|
+
|
|
93
|
+
`)):process.stdout.write(rn(` \u26A0 Could not reach the OTEL endpoint. Telemetry will activate once connectivity is restored.
|
|
94
|
+
|
|
95
|
+
`)):process.stdout.write(rn(` \u26A0 Could not read stored credentials \u2014 skipping connectivity check.
|
|
96
|
+
|
|
97
|
+
`)),process.stdout.write(sn(` \u2713 Setup complete!
|
|
98
|
+
`)),process.stdout.write(on(` Settings: ${Io()}
|
|
80
99
|
|
|
81
|
-
`)),0}
|
|
100
|
+
`)),0}an.exports={runSetup:Co};});var ln=p((nc,un)=>{var{getFlowCredentials:vo}=j(),{getToken:bo}=z();async function Uo(){let e;try{e=await vo();}catch{return process.stderr.write(`[flow-ai-obs otel-headers] Failed to read credentials
|
|
82
101
|
`),1}if(!e)return process.stderr.write(`[flow-ai-obs otel-headers] Not authenticated \u2014 run: flow-ai-obs auth login
|
|
83
|
-
`),1;let t;try{t=(await
|
|
102
|
+
`),1;let t;try{t=(await bo(e)).accessToken;}catch(n){return process.stderr.write(`[flow-ai-obs otel-headers] Token fetch failed: ${n.message}
|
|
84
103
|
`),1}return t?(process.stdout.write(`{"Authorization": "Bearer ${t}"}
|
|
85
104
|
`),0):(process.stderr.write(`[flow-ai-obs otel-headers] Empty token received
|
|
86
|
-
`),1)}
|
|
105
|
+
`),1)}un.exports={runOtelHeaders:Uo};});var Sn=p((sc,hn)=>{var{getFlowCredentials:dn,isTokenValid:Ro,getEmailFromToken:Po,getTokenCache:$o}=j(),{resolveCredentials:qo,parseCredsFromAnthropicToken:pn}=P(),{getClaudeSettingsPath:Fo}=ee(),{ENV:b,NATIVE_OTEL:xo}=w(),{runLogin:fn}=ae(),Mo=c("fs");function tt(e){return !e||e.length<=8?"****":e.slice(0,4)+"****...****"+e.slice(-4)}function ce(e){process.stdout.write(` \u2713 ${e}
|
|
87
106
|
`);}function Ae(e){process.stdout.write(` \u26A0 ${e}
|
|
88
|
-
`);}function
|
|
107
|
+
`);}function Le(e){process.stdout.write(` \u2717 ${e}
|
|
89
108
|
`);}function m(e){process.stdout.write(` ${e}
|
|
90
109
|
`);}function y(){process.stdout.write(`
|
|
91
|
-
`);}async function
|
|
110
|
+
`);}async function Bo(){y(),process.stdout.write(` flow-claude-observability \u2014 configuration check
|
|
92
111
|
`),y(),process.stdout.write(` Auth
|
|
93
|
-
`);let e=
|
|
94
|
-
`);}if(!e&&!await
|
|
95
|
-
`);}let n=await
|
|
96
|
-
`);let s={};try{let a=
|
|
97
|
-
`),process.env[
|
|
98
|
-
`),y(),0}
|
|
99
|
-
`)[0].slice(0,t).trim()}function
|
|
100
|
-
`);for(let n=t.length-1;n>=0;n--)try{let s=JSON.parse(t[n]);if(s.type==="user"&&s.uuid)return s.uuid}catch{}}catch{}return null}function
|
|
112
|
+
`);let e=pn(process.env[b.ANTHROPIC_AUTH_TOKEN]),t=e||await dn();if(!t){Ae("Not authenticated \u2014 starting setup..."),y();let a=await fn();if(a!==0)return a;if(e=pn(process.env[b.ANTHROPIC_AUTH_TOKEN]),t=e||await dn(),!t)return Le("Authentication failed"),y(),1;y(),process.stdout.write(` Auth
|
|
113
|
+
`);}if(!e&&!await Ro()){Ae("Session expired \u2014 re-authenticating..."),y();let a=await fn();if(a!==0)return a;y(),process.stdout.write(` Auth
|
|
114
|
+
`);}let n=await Po()||t.clientId;ce("Authenticated"),m(`Tenant: ${t.tenant}`),m(`User: ${n}`),y(),process.stdout.write(` Native OTEL
|
|
115
|
+
`);let s={};try{let a=Mo.readFileSync(Fo(),"utf8");s=JSON.parse(a).env||{};}catch{}let r=Object.keys(xo).filter(a=>!s[a]);if(r.length===0?(ce("All OTEL env vars present in settings.json"),m(`Endpoint: ${s.OTEL_EXPORTER_OTLP_ENDPOINT}`)):(Ae(`${r.length} OTEL var(s) missing from settings.json \u2014 native metrics/logs disabled`),r.forEach(a=>Le(`Missing: ${a}`)),m("Run: flow-ai-obs install (restores missing vars automatically)")),y(),process.stdout.write(` Tracing
|
|
116
|
+
`),process.env[b.FLOW_TELEMETRY]==="true"){ce("FLOW_TELEMETRY=true (direct mode enabled)");let a=[b.LANGFUSE_BASE_URL,b.LANGFUSE_PUBLIC_KEY,b.LANGFUSE_SECRET_KEY].filter(u=>!process.env[u]);a.length>0&&a.forEach(u=>Ae(`Missing: ${u}`));}else m("FLOW_TELEMETRY not set \u2014 direct mode inactive (gateway mode may still be active)");let i=await qo();if(!i||i.length===0)return i&&i.authError?Le("Token refresh failed \u2014 gateway mode could not activate"):(Le("No active destinations \u2014 no traces will be sent"),m("For direct mode: set FLOW_TELEMETRY=true + LANGFUSE_BASE_URL + LANGFUSE_PUBLIC_KEY + LANGFUSE_SECRET_KEY"),m("For gateway mode: run flow-claude-observability auth login")),y(),1;for(let a of i)if(a.mode==="gateway"){let u=await $o();ce("Mode: gateway"),m(`Endpoint: ${a.endpoint}`),m(`Token: ${tt(u&&u.accessToken)}`);}else a.mode==="direct"&&(ce("Mode: direct"),m(`Endpoint: ${a.endpoint}`),m(`PK: ${tt(process.env[b.LANGFUSE_PUBLIC_KEY])}`),m(`SK: ${tt(process.env[b.LANGFUSE_SECRET_KEY])}`));return y(),process.stdout.write(` All checks passed \u2014 observability is active.
|
|
117
|
+
`),y(),0}hn.exports={runCheck:Bo};});var K=p((rc,Tn)=>{function Do(e,t){let n=typeof e=="object"?JSON.stringify(e):String(e??"");return n.length>t?n.slice(0,t)+" \u2026[truncated]":n}function Ho(e,t=100){return String(e??"").split(`
|
|
118
|
+
`)[0].slice(0,t).trim()}function jo(){return new Promise(e=>{let t="";process.stdin.setEncoding("utf8"),process.stdin.on("data",n=>t+=n),process.stdin.on("end",()=>{try{e(JSON.parse(t));}catch{e({});}});})}function Go(e){process.stdout.write(JSON.stringify(e));}Tn.exports={truncate:Do,firstLine:Ho,readInput:jo,passthrough:Go};});var ue=p((oc,wn)=>{var{randomBytes:En}=c("crypto"),Yo=()=>En(16).toString("hex"),Ko=()=>En(8).toString("hex");function Vo(){return String(BigInt(Date.now())*1000000n)}wn.exports={generateTraceId:Yo,generateSpanId:Ko,nowNs:Vo};});var le=p((ac,_n)=>{var{readFileSync:Wo,writeFileSync:Jo,unlinkSync:Xo,existsSync:zo,realpathSync:ic}=c("fs"),{tmpdir:gn}=c("os"),{join:Zo,resolve:Qo,normalize:ei,sep:ti}=c("path"),ni=/^[0-9a-f-]{1,64}$/i,si=ei(gn())+ti;function ri(e,t){let n=Qo(e);if(!n.startsWith(t))throw new Error(`Path traversal detected: ${e}`);return n}function nt(e){if(!ni.test(e))throw new Error(`Invalid session ID: ${e}`);return ri(Zo(gn(),`flow-obs-${e}.json`),si)}function oi(e){let t=nt(e);if(!zo(t))return null;try{return JSON.parse(Wo(t,"utf8"))}catch{return null}}function ii(e,t){Jo(nt(e),JSON.stringify(t),{encoding:"utf8",mode:384});}function ai(e){try{Xo(nt(e));}catch{}}_n.exports={loadState:oi,saveState:ii,deleteState:ai};});var st=p((cc,On)=>{var{readFileSync:mn,existsSync:yn}=c("fs");function ci(e){if(!e||!yn(e))return null;try{let t=mn(e,"utf8").trimEnd().split(`
|
|
119
|
+
`);for(let n=t.length-1;n>=0;n--)try{let s=JSON.parse(t[n]);if(s.type==="user"&&s.uuid)return s.uuid}catch{}}catch{}return null}function ui(e){if(!e||!yn(e))return null;try{let t=mn(e,"utf8").trimEnd().split(`
|
|
101
120
|
`),n=[],s=0,r=0,o=!1;for(let i=t.length-1;i>=0;i--)try{let a=JSON.parse(t[i]);if(a.type==="user"){if(o)break;continue}if(a.type==="assistant"){o=!0;let d=(a.message?.content??[]).filter(h=>h.type==="text").map(h=>h.text).join("");d&&n.unshift(d);let l=a.message?.usage??{};s+=(l.input_tokens??0)+(l.cache_read_input_tokens??0)+(l.cache_creation_input_tokens??0),r+=l.output_tokens??0;}}catch{}return !n.length&&s===0?null:{text:n.join(`
|
|
102
121
|
|
|
103
|
-
`),inputTokens:s,outputTokens:r}}catch{}return null}
|
|
122
|
+
`),inputTokens:s,outputTokens:r}}catch{}return null}On.exports={readPromptUuid:ci,readLastAssistantOutput:ui};});var Ne=p((uc,In)=>{var{readFileSync:li,existsSync:An,readdirSync:di}=c("fs"),{homedir:Ln}=c("os"),{join:V,extname:pi}=c("path"),fi=new Set([".venv","__pycache__",".git","node_modules"]),hi=new Set([".pyc",".pyo"]),Si=new Set(["SKILL.md",".DS_Store",".gitignore"]);function Ti(e,t){if(!e)return null;let n=[V(Ln(),".claude","skills",e,"SKILL.md"),V(t||"",".claude","skills",e,"SKILL.md")];for(let s of n)if(An(s))try{return li(s,"utf8")}catch{}return null}function Ei(e){return e.match(/^\/([a-z][a-z0-9-]*)(?:\s.*)?$/i)?.[1]||null}var Nn=new Set(["Read","Write","Edit","MultiEdit","Bash","Glob","Grep","TodoWrite","WebFetch","WebSearch","Agent","Task"]);function wi(e){return !!e.slashSkill||e.toolCalls.some(s=>s.tool==="Skill")?e.toolCalls.some(s=>Nn.has(s.tool))?"complete":"prerequisite_required":null}function gi(e,t){if(!e)return null;let n=[V(Ln(),".claude","skills",e),V(t||"",".claude","skills",e)],s=null;for(let i of n)if(An(V(i,"SKILL.md"))){s=i;break}if(!s)return null;let r=[];function o(i,a){for(let u of di(i,{withFileTypes:true})){if(fi.has(u.name)||Si.has(u.name)||hi.has(pi(u.name)))continue;let d=a?`${a}/${u.name}`:u.name;u.isDirectory()?o(V(i,u.name),d):r.push(d);}}return o(s,""),r.length>0?r:null}In.exports={readSkillContent:Ti,readSkillArtifacts:gi,detectSlashSkill:Ei,EXECUTION_TOOLS:Nn,detectExecutionStatus:wi};});var bn=p((lc,vn)=>{var{generateTraceId:kn,generateSpanId:_i,nowNs:mi}=ue(),{saveState:yi}=le(),{readPromptUuid:Oi}=st(),{detectSlashSkill:Ai,readSkillContent:Li,readSkillArtifacts:Ni}=Ne(),{passthrough:Ii}=K(),{dbg:Cn}=C(),{ENV:ki}=w(),{resolveCredentials:Ci}=P();async function vi(e){let t=e.session_id||"unknown",n=e.prompt||"",s=e.cwd||"";try{(await Ci()).authError===!0&&(process.stderr.write(`
|
|
104
123
|
\u26A0 flow-ai-obs: Your Flow credentials have expired.
|
|
105
124
|
Traces will not be captured until you re-authenticate.
|
|
106
125
|
Run: flow-ai-obs auth login
|
|
107
126
|
|
|
108
|
-
`),
|
|
127
|
+
`),Cn("UserPromptSubmit","auth expired \u2014 warning emitted to stderr"));}catch{}let r=Oi(e.transcript_path)||kn(),o=Ai(n),i=o?Li(o,s):null,a=o?Ni(o,s):null;yi(t,{traceId:kn(),spanId:_i(),startNs:mi(),sessionId:t,prompt:n,cwd:s,traceName:r,transcriptPath:e.transcript_path||"",model:process.env[ki.ANTHROPIC_MODEL]||"",toolCalls:[],spans:[],pendingTool:null,slashSkill:o,skillContent:i,skillArtifacts:a}),Cn("UserPromptSubmit",`sid=${t}`,`traceName=${r}`,`slashSkill=${o}`),Ii(e);}vn.exports={onUserPromptSubmit:vi};});var Rn=p((dc,Un)=>{var{nowNs:bi}=ue(),{loadState:Ui,saveState:Ri}=le(),{truncate:Pi,passthrough:$i}=K(),{dbg:qi}=C(),{TRACE_LIMITS:Fi}=w();async function xi(e){let t=e.session_id||"unknown",n=e.tool_name||"unknown",s=e.tool_input||{},r=Ui(t);r&&(r.pendingTool={name:n,inputStr:Pi(s,Fi.TOOL_INPUT),startNs:bi()},Ri(t,r)),qi("PreToolUse",`sid=${t}`,`tool=${n}`,`stateFound=${!!r}`),$i(e);}Un.exports={onPreToolUse:xi};});var qn=p((pc,$n)=>{var Mi=c("https"),Bi=c("http"),{FLOW_URLS:Di}=w();function Hi(e){let t=new URL(e),n=new URL(Di.GATEWAY_HEALTH);return n.hostname=t.hostname,n.port=t.port,n.protocol=t.protocol,n}function Pn(e,t){return new Promise((n,s)=>{let o=(e._isSSL?Mi:Bi).request(e,i=>{let a=[];i.on("data",u=>a.push(u)),i.on("end",()=>n({statusCode:i.statusCode,body:a.join("")}));});o.on("error",i=>s(new Error(`Network error: ${i.message}`))),t&&o.write(t),o.end();})}async function ji(e){let t;try{t=Hi(e);}catch{return false}let n=t.protocol==="https:";try{let s=await Pn({hostname:t.hostname,port:t.port||(n?443:80),path:t.pathname,method:"GET",_isSSL:n},null);return s.statusCode>=200&&s.statusCode<300}catch{return false}}async function Gi(e,t,n){let s=JSON.stringify(e),r=new URL(t),o=r.protocol==="https:",i=String(n).replace(/[\r\n]/g,"");try{return (await Pn({hostname:r.hostname,port:r.port||(o?443:80),path:r.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:i,"Content-Length":Buffer.byteLength(s)},_isSSL:o},s)).statusCode}catch{return 0}}$n.exports={checkHealth:ji,sendTraces:Gi};});var Bn=p((fc,Mn)=>{var U=c("fs"),rt=c("path"),Fn=c("os"),{BUFFER:de}=w(),{dbg:pe}=C();function xn(e){if(/[/\\]/.test(e))throw new Error(`Invalid buffer fileId: ${e}`);return rt.join(Fn.tmpdir(),`${de.FILE_PREFIX}${e}.json`)}function ot(){let e=Fn.tmpdir(),t;try{t=U.readdirSync(e);}catch{return []}return t.filter(n=>n.startsWith(de.FILE_PREFIX)&&n.endsWith(".json")).map(n=>{let s=rt.join(e,n),r=0;try{r=U.statSync(s).mtimeMs;}catch{}return {full:s,mtime:r}}).sort((n,s)=>n.mtime-s.mtime).map(n=>n.full)}function Yi(e){try{let t=ot();if(t.length>=de.MAX_FILES){let r=t.slice(0,t.length-de.MAX_FILES+1);for(let o of r)try{U.unlinkSync(o);}catch{}}let n=`${Date.now()}-${Math.random().toString(36).slice(2,8)}`,s={fileId:n,bufferedAt:Date.now(),payload:e};return U.writeFileSync(xn(n),JSON.stringify(s),{encoding:"utf8",mode:384}),pe("buffer",`saved fileId=${n}`),n}catch(t){return pe("buffer",`saveToBuffer failed: ${t.message}`),null}}function Ki(){let e=ot(),t=[];for(let n of e)try{let s=U.readFileSync(n,"utf8"),r=JSON.parse(s);r&&r.fileId&&r.payload&&t.push(r);}catch{pe("buffer",`skipping malformed file: ${n}`);}return t}function Vi(e){try{U.unlinkSync(xn(e)),pe("buffer",`deleted fileId=${e}`);}catch{}}function Wi(){let e=ot(),t=Date.now()-de.MAX_AGE_MS;for(let n of e)try{let{mtimeMs:s}=U.statSync(n);s<t&&(U.unlinkSync(n),pe("buffer",`evicted stale: ${rt.basename(n)}`));}catch{}}Mn.exports={saveToBuffer:Yi,loadBuffer:Ki,deleteBuffer:Vi,cleanStaleBuffers:Wi};});var it=p((hc,Gn)=>{var{resolveCredentials:Ji}=P(),{OTLP:Dn}=w(),{dbg:W}=C(),{checkHealth:Xi,sendTraces:jn}=qn(),{saveToBuffer:Hn,loadBuffer:zi,deleteBuffer:Zi,cleanStaleBuffers:Qi}=Bn(),ea={name:Dn.SCOPE_NAME,version:Dn.SCOPE_VERSION},ta={TRACE_NAME:"langfuse.trace.name",TRACE_INPUT:"langfuse.trace.input",TRACE_OUTPUT:"langfuse.trace.output",TRACE_METADATA:"langfuse.trace.metadata",TRACE_TAGS:"langfuse.trace.tags",USER_ID:"langfuse.user.id",SESSION_ID:"langfuse.session.id",OBS_NAME:"langfuse.observation.name",OBS_INPUT:"langfuse.observation.input",OBS_OUTPUT:"langfuse.observation.output",OBS_LEVEL:"langfuse.observation.level",OBS_TYPE:"langfuse.observation.type",MODEL:"gen_ai.request.model",INPUT_TOKENS:"gen_ai.usage.input_tokens",OUTPUT_TOKENS:"gen_ai.usage.output_tokens"};function na(e,t){return t==null||t===""?null:{key:e,value:{stringValue:String(t)}}}function sa(...e){return e.filter(Boolean)}function ra(e,t){return {resourceSpans:[{resource:{attributes:e},scopeSpans:[{scope:ea,spans:Array.isArray(t)?t:[t]}]}]}}function oa(e,t){return new Promise(n=>{let s=JSON.stringify(e),r=new URL(t.endpoint),o=r.protocol==="https:",i=l=>String(l).replace(/[\r\n]/g,""),a={hostname:r.hostname,port:r.port||(o?443:80),path:r.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:i(t.authHeader),"Content-Length":Buffer.byteLength(s)}},d=(o?c("https"):c("http")).request(a,l=>{l.resume(),n(l.statusCode);});d.on("error",()=>n(0)),d.write(s),d.end();})}async function ia(e){Qi();let t=zi();if(t.length){W("replayBufferedTraces",`replaying ${t.length} buffered trace(s)`);for(let n of t)try{let s=await jn(n.payload,e.endpoint,e.authHeader);s>=200&&s<300?(Zi(n.fileId),W("replayBufferedTraces",`replayed fileId=${n.fileId} status=${s}`)):W("replayBufferedTraces",`replay failed fileId=${n.fileId} status=${s}`);}catch(s){W("replayBufferedTraces",`replay error fileId=${n.fileId}: ${s.message}`);}}}async function aa(e){let t=await Ji();return t.length?(await Promise.all(t.map(async s=>s.mode==="gateway"?await Xi(s.endpoint)?(await ia(s),jn(e,s.endpoint,s.authHeader)):(W("postToLangfuse","gateway health check failed \u2014 buffering trace"),Hn(e),0):oa(e,s)))).find(s=>s!==0)||0:(t.authError&&(W("postToLangfuse","auth refresh failed \u2014 buffering trace"),Hn(e)),0)}Gn.exports={LF:ta,a:na,attrs:sa,buildPayload:ra,postToLangfuse:aa};});var at=p((Sc,Yn)=>{var _="[REDACTED]",ca=[{re:/\b(sk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`sk-${_}`},{re:/\b(pk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`pk-${_}`},{re:/\b(Bearer\s+)[A-Za-z0-9\-._~+/]+=*/gi,replace:(e,t)=>`${t}${_}`},{re:/\b(Basic\s+)[A-Za-z0-9+/]+=*/gi,replace:(e,t)=>`${t}${_}`},{re:/(-----BEGIN [A-Z ]+-----)[^-]*(-----END [A-Z ]+-----)/g,replace:(e,t,n)=>`${t}
|
|
109
128
|
${_}
|
|
110
|
-
${n}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${_}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(e,t)=>`${t}${_}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${_}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${_}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${_}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(e,t,n)=>`${t}${n}${_}${n}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(e,t)=>`${t}:${_}@`}];function
|
|
111
|
-
`)),h=a?.inputTokens??0,
|
|
112
|
-
`),process.stdout.write(JSON.stringify(t));}}
|
|
113
|
-
`),process.exit(0);});});var
|
|
114
|
-
`),process.exit(0);}else if(
|
|
129
|
+
${n}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${_}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(e,t)=>`${t}${_}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${_}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${_}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${_}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(e,t,n)=>`${t}${n}${_}${n}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(e,t)=>`${t}:${_}@`}];function ua(e){if(e==null)return "";let t=typeof e=="string"?e:JSON.stringify(e);return ca.reduce((n,{re:s,replace:r})=>n.replace(s,r),t)}Yn.exports={sanitize:ua,REDACTED:_};});var Zn=p((Tc,zn)=>{var{generateSpanId:la,nowNs:da}=ue(),{loadState:pa,saveState:fa}=le(),{LF:fe,a:$,attrs:ha}=it(),{truncate:Kn,firstLine:Sa,passthrough:Vn}=K(),{readSkillContent:Ta,readSkillArtifacts:Ea}=Ne(),{dbg:Wn}=C(),{TRACE_LIMITS:Jn}=w(),{sanitize:Xn}=at();async function wa(e){let t=e.session_id||"unknown",n=e.tool_name||"unknown",s=e.tool_input||{},r=e.tool_response||"",o=pa(t);if(!o){Vn(e);return}let i=da(),a=o.pendingTool?.name===n,u=a?o.pendingTool.startNs:String(BigInt(i)-200000000n),d=a?o.pendingTool.inputStr:Kn(s,Jn.TOOL_INPUT),l=d;if(n==="Skill"){let R=typeof s=="object"&&s!==null?s.skill||s.name||s.skillName||String(Object.values(s)[0]??""):String(s),k=R?Ta(R.trim(),o.cwd):null;k&&(l=k,o.skillContent||(o.skillContent=k),o.slashSkill||(o.slashSkill=R.trim()),o.skillArtifacts||(o.skillArtifacts=Ea(R.trim(),o.cwd))),Wn("PostToolUse","Skill tool detected",`skillName=${R}`,`contentFound=${!!k}`);}let h=Xn(Kn(r,Jn.TOOL_OUTPUT)),T=/\b(error|exception|failed|failure|traceback|errno)\b/i.test(h.slice(0,500)),O=T?"ERROR":"DEFAULT",I=la(),Se=Math.round(Number(BigInt(i)-BigInt(u))/1e6),ve={Agent:"AGENT",Task:"AGENT"}[n]??"TOOL";o.toolCalls.push({tool:n,brief:Sa(d,60),error:T,durationMs:Se}),o.spans.push({traceId:o.traceId,spanId:I,parentSpanId:o.spanId,name:n,kind:3,startTimeUnixNano:u,endTimeUnixNano:i,attributes:ha($(fe.OBS_NAME,n),$(fe.OBS_TYPE,ve),$(fe.OBS_LEVEL,O),$(fe.OBS_INPUT,Xn(l)),$(fe.OBS_OUTPUT,h),$("tool.name",n),$("tool.error",String(T))),status:{code:T?2:1}}),o.pendingTool=null,fa(t,o),Wn("PostToolUse",`sid=${t}`,`tool=${n}`,`error=${T}`,`durationMs=${Se}`,`totalSpans=${o.spans.length}`),Vn(e);}zn.exports={onPostToolUse:wa};});var es=p((Ec,Qn)=>{var ct={"claude-opus-4-6":{input:15,output:75},"claude-opus-4-5":{input:15,output:75},"claude-sonnet-4-6":{input:3,output:15},"claude-sonnet-4-5":{input:3,output:15},"claude-haiku-4-5":{input:.8,output:4},"claude-4-6-opus":{input:15,output:75},"claude-4-6-sonnet":{input:3,output:15},"claude-4-5-opus":{input:15,output:75},"claude-4-5-sonnet":{input:3,output:15},"claude-4-5-haiku":{input:.8,output:4},"claude-3-5-sonnet-20241022":{input:3,output:15},"claude-3-5-haiku-20241022":{input:.8,output:4},"claude-3-opus-20240229":{input:15,output:75}};function ga(e,t,n){let s=Object.keys(ct).find(i=>(e||"").toLowerCase().includes(i));if(!s)return;let r=ct[s],o=(t*r.input+n*r.output)/1e6;return Math.round(o*1e6)/1e6}Qn.exports={MODEL_PRICING:ct,calcCostUsd:ga};});var os=p((wc,rs)=>{var{generateSpanId:ts,nowNs:_a}=ue(),{loadState:ma,deleteState:ns}=le(),{LF:E,a:f,attrs:Ie,buildPayload:ya,postToLangfuse:Oa}=it(),{getIdentityFromToken:Aa}=P(),{calcCostUsd:La}=es(),{readLastAssistantOutput:Na}=st(),{truncate:ke,firstLine:Ia,passthrough:ut}=K(),{dbg:J}=C(),{detectExecutionStatus:ka}=Ne(),{sanitize:ss}=at(),{TRACE_LIMITS:Ce}=w();async function Ca(e){let t=e.session_id||"unknown",n=e.stop_reason||"end_turn",s=ma(t);if(!s){ut(e);return}s.slashSkill&&!/^[a-z][a-z0-9-]*$/i.test(s.slashSkill)&&(J("Stop",`sid=${t}`,`slashSkill rejected post-disk: "${s.slashSkill}"`),s.slashSkill=null);let r=_a(),o=await Aa();if(s.slashSkill&&!s.toolCalls.some(S=>S.tool==="Skill")){let S=ts(),X=s.skillContent?s.skillContent:JSON.stringify({skill:s.slashSkill});s.toolCalls.push({tool:"Skill",brief:s.slashSkill,error:false,durationMs:0,synthetic:true}),s.spans.push({traceId:s.traceId,spanId:S,parentSpanId:s.spanId,name:"Skill",kind:3,startTimeUnixNano:s.startNs,endTimeUnixNano:s.startNs,attributes:Ie(f(E.OBS_NAME,"Skill"),f(E.OBS_TYPE,"TOOL"),f(E.OBS_LEVEL,"DEFAULT"),f(E.OBS_INPUT,X),f(E.OBS_OUTPUT,"loaded via slash command"),f("tool.name","Skill"),f("tool.error","false"),f("skill.name",s.slashSkill),f("skill.invocation","slash-command")),status:{code:1}}),J("Stop",`slashSkill=${s.slashSkill}`,"synthetic span injected");}let i=e.transcript_path||s.transcriptPath||"",a=Na(i),u=s.toolCalls.length,d=s.toolCalls.filter(S=>S.error).length,l=ss(a?.text?ke(a.text,Ce.TRACE_OUTPUT):u===0?"No tools used":s.toolCalls.map((S,X)=>`${X+1}. ${S.tool}${S.brief?` \u2192 ${S.brief}`:""}${S.error?" [ERROR]":""}`).join(`
|
|
130
|
+
`)),h=a?.inputTokens??0,T=a?.outputTokens??0,O=s.toolCalls.map((S,X)=>`${X+1}. ${S.tool}${S.brief?` \u2192 ${S.brief}`:""}${S.error?" [ERROR]":""} (${S.durationMs}ms)`),I=!!(s.slashSkill||s.toolCalls.some(S=>S.tool==="Skill")),Se=s.toolCalls.some(S=>S.tool==="Agent");if(!I&&!Se){J("Stop",`sid=${t}`,"skipping trace \u2014 no Skill or Agent calls found"),ns(t),ut(e);return}let Te=I?"skill":"agent",ve=Math.round(Number(BigInt(r)-BigInt(s.startNs))/1e6),R=La(s.model,h,T),k=ka(s);k==="prerequisite_required"&&(s.spans.push({traceId:s.traceId,spanId:ts(),parentSpanId:s.spanId,name:"prerequisite-check",kind:3,startTimeUnixNano:s.startNs,endTimeUnixNano:r,attributes:Ie(f(E.OBS_NAME,"prerequisite-check"),f(E.OBS_TYPE,"EVENT"),f(E.OBS_LEVEL,"WARNING"),f(E.OBS_OUTPUT,l),f("skill.name",s.slashSkill||void 0),f("execution_status","prerequisite_required")),status:{code:1}}),J("Stop",`sid=${t}`,"prerequisite-check span injected",`skill=${s.slashSkill}`));let lt=(()=>{if(!(!I||!s.prompt)){if(s.slashSkill){let S=s.prompt.replace(new RegExp(`^\\/${s.slashSkill}\\s*`,"i"),"").trim();return S?ke(S,Ce.USER_INSTRUCTION):void 0}return ke(s.prompt,Ce.USER_INSTRUCTION)||void 0}})(),as=JSON.stringify({trace_type:Te,...k!==null&&{execution_status:k},...s.slashSkill&&{skill_name:s.slashSkill},...s.skillArtifacts?.length&&{skill_artifacts:s.skillArtifacts},...lt!==void 0&&{user_instruction:lt},latency_ms:ve,...h&&{tokens_input:h},...T&&{tokens_output:T},cost_usd:R,...s.model&&{model:s.model},toolCount:u,errorCount:d,stopReason:n,sessionId:s.sessionId,tools:O.length?O:void 0}),cs=ss(ke(s.prompt,Ce.TRACE_INPUT)),us=Ie(f(E.TRACE_NAME,s.traceName),f(E.TRACE_INPUT,cs),f(E.TRACE_OUTPUT,l),f(E.TRACE_METADATA,as),f(E.SESSION_ID,s.sessionId),f(E.USER_ID,o.user),f(E.OBS_TYPE,"GENERATION"),f(E.MODEL,s.model),h?f(E.INPUT_TOKENS,h):null,T?f(E.OUTPUT_TOKENS,T):null,f("claude.stop_reason",n),f("claude.tool_count",String(u)),f("claude.error_count",String(d)),f("claude.session_id",s.sessionId),f("flow.trace_type",Te),{key:E.TRACE_TAGS,value:{arrayValue:{values:[{stringValue:Te}]}}}),ls={traceId:s.traceId,spanId:s.spanId,name:s.traceName,kind:1,startTimeUnixNano:s.startNs,endTimeUnixNano:r,attributes:us,status:{code:d>0?2:1}},ds=Ie(f("service.name",process.env.LANGFUSE_PROJECT_NAME||"claude-code"),f("deployment.environment",process.env.LANGFUSE_ENVIRONMENT||"default")),dt=[...s.spans||[],ls];J("Stop",`sid=${t}`,`totalTools=${u}`,`errorTools=${d}`,`spans=${dt.length}`,`inputTokens=${h}`,`outputTokens=${T}`,`traceOutput="${Ia(l,80)}"`);let ps=await Oa(ya(ds,dt));J("Stop",`POST status=${ps}`,`traceId=${s.traceId}`),ns(t),ut(e);}rs.exports={onStop:Ca};});var is=p(()=>{var{credentialsAvailable:va}=P(),{readInput:ba}=K(),{onUserPromptSubmit:Ua}=bn(),{onPreToolUse:Ra}=Rn(),{onPostToolUse:Pa}=Zn(),{onStop:$a}=os();async function qa(){let e=process.argv[2];if(!await va()){let n=[];process.stdin.on("data",s=>n.push(s)),process.stdin.on("end",()=>process.stdout.write(n.join("")));return}let t=await ba();switch(e){case "UserPromptSubmit":await Ua(t);break;case "PreToolUse":await Ra(t);break;case "PostToolUse":await Pa(t);break;case "Stop":await $a(t);break;default:process.stderr.write(`[flow-obs] unknown event: ${e}
|
|
131
|
+
`),process.stdout.write(JSON.stringify(t));}}qa().catch(e=>{process.stderr.write(`[flow-obs] fatal: ${e.message}
|
|
132
|
+
`),process.exit(0);});});var Fa=new Set(["UserPromptSubmit","PreToolUse","PostToolUse","Stop"]),[,,N,he]=process.argv;if(N==="--version"||N==="-v"){let{version:e}=Ee();process.stdout.write(e+`
|
|
133
|
+
`),process.exit(0);}else if(N==="--help"||N==="-h"){let{bold:e,cyan:t,dim:n}=F(),{version:s}=Ee();process.stdout.write(`
|
|
115
134
|
`+e(" flow-ai-obs")+n(" v"+s)+`
|
|
116
135
|
|
|
117
|
-
`),process.stdout.write(t(" install")+n(`
|
|
136
|
+
`),process.stdout.write(t(" install")+n(` Auth (if needed) + hooks + native OTEL
|
|
137
|
+
`)),process.stdout.write(t(" setup")+n(` Full Flow wizard: auth + hooks + OTEL + LLM proxy + connectivity
|
|
118
138
|
`)),process.stdout.write(t(" auth login")+n(` Authenticate with Flow (clientId / clientSecret / tenant)
|
|
119
139
|
`)),process.stdout.write(t(" auth logout")+n(` Remove credentials
|
|
120
140
|
`)),process.stdout.write(t(" auth status")+n(` Show current auth status
|
|
@@ -125,14 +145,16 @@ ${n}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${_}`},{re:/(aws_secret_ac
|
|
|
125
145
|
|
|
126
146
|
`)),process.stdout.write(n(` (Hook events: UserPromptSubmit | PreToolUse | PostToolUse | Stop)
|
|
127
147
|
|
|
128
|
-
`)),process.exit(0);}else if(
|
|
129
|
-
`),process.exit(1);});}else if(
|
|
148
|
+
`)),process.exit(0);}else if(N==="install"){we().checkForUpdate();let{runInstall:e}=et();e().then(t=>process.exit(t)).catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
|
|
149
|
+
`),process.exit(1);});}else if(N==="setup"){we().checkForUpdate();let{runSetup:e}=cn(),t=process.argv.slice(3),n=s=>{let r=t.indexOf(s);return r!==-1?t[r+1]:void 0};e({clientId:n("--client-id"),clientSecret:n("--client-secret"),tenant:n("--tenant")}).then(s=>process.exit(s)).catch(s=>{process.stderr.write(`Unexpected error: ${s.message}
|
|
150
|
+
`),process.exit(1);});}else if(N==="auth"){we().checkForUpdate();let{runLogin:e,runLogout:t,runStatus:n}=ae();(async()=>{let s=0;if(he==="login"||!he){let r=process.argv.slice(4),o=i=>{let a=r.indexOf(i);return a!==-1?r[a+1]:void 0};s=await e({clientId:o("--client-id"),clientSecret:o("--client-secret"),tenant:o("--tenant")});}else if(he==="logout"){let r=process.argv.includes("--force");s=await t(r);}else he==="status"?s=await n():(process.stderr.write(`Unknown auth subcommand: ${he}
|
|
130
151
|
`),process.stderr.write(`Usage: flow-ai-obs auth [login|logout|status]
|
|
131
|
-
`),s=1);process.exit(s);})();}else if(
|
|
132
|
-
`),process.exit(1);});}else if(
|
|
152
|
+
`),s=1);process.exit(s);})();}else if(N==="otel-headers"){let{runOtelHeaders:e}=ln();e().then(t=>process.exit(t)).catch(()=>process.exit(1));}else if(N==="check"){let{runCheck:e}=Sn();e().then(t=>process.exit(t)).catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
|
|
153
|
+
`),process.exit(1);});}else if(Fa.has(N))is();else {let{bold:e,cyan:t,dim:n}=F();process.stdout.write(`
|
|
133
154
|
`+e(" flow-ai-obs")+`
|
|
134
155
|
|
|
135
|
-
`),process.stdout.write(t(" install")+n(`
|
|
156
|
+
`),process.stdout.write(t(" install")+n(` Auth (if needed) + hooks + native OTEL
|
|
157
|
+
`)),process.stdout.write(t(" setup")+n(` Full Flow wizard: auth + hooks + OTEL + LLM proxy + connectivity
|
|
136
158
|
`)),process.stdout.write(t(" auth login")+n(` Authenticate with Flow (clientId / clientSecret / tenant)
|
|
137
159
|
`)),process.stdout.write(t(" auth logout")+n(` Remove credentials
|
|
138
160
|
`)),process.stdout.write(t(" auth status")+n(` Show current auth status
|
package/dist/index.js
CHANGED
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
'use strict';var c=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var _=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var h=_((so,Re)=>{var k=process.env.FLOW_BASE_URL||"https://flow.ciandt.com",Ce={AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${k}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${k}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${k}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${k}/otel`},tn={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},nn="FLOW-nodejs",rn="config.json",sn={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"},on={ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL||`${k}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL||"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL||"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"},an={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:Ce.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},cn={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP"},ln={KEYCHAIN_ENABLED:false},un={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},dn={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},pn={FILE_PREFIX:"flow-obs-buffer-",MAX_AGE_MS:5760*60*1e3,MAX_FILES:50},fn="flow-ai-obs-debug.log",_n={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60},Sn="flow-obs-";Re.exports={FLOW_BASE_URL:k,FLOW_URLS:Ce,VAULT:tn,CONFIG_DIR_NAME:nn,CONFIG_FILE_NAME:rn,OTLP:sn,LLM_PROXY:on,NATIVE_OTEL:an,ENV:cn,FEATURES:ln,INSTALLER:un,HOOK_TIMEOUTS:dn,BUFFER:pn,DEBUG_LOG_FILENAME:fn,STATE_FILE_PREFIX:Sn,TRACE_LIMITS:_n};});var be=_((oo,Pe)=>{var B=c("fs"),C=c("path"),En=c("os"),{CONFIG_DIR_NAME:ne,CONFIG_FILE_NAME:re}=h(),se={credentials:"credentials","token-cache":"tokenCache"};function q(){let e=En.homedir();if(process.platform==="darwin")return C.join(e,"Library","Preferences",ne,re);if(process.platform==="win32"){let r=process.env.APPDATA||C.join(e,"AppData","Roaming");return C.join(r,ne,re)}let t=process.env.XDG_CONFIG_HOME||C.join(e,".config");return C.join(t,ne,re)}function oe(){try{let e=B.readFileSync(q(),"utf8");return JSON.parse(e)}catch{return {}}}function Ue(e){let t=q();B.mkdirSync(C.dirname(t),{recursive:true}),B.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var ae=class{static isAvailable(){return true}static hasExistingData(){try{if(!B.existsSync(q()))return !1;let t=JSON.parse(B.readFileSync(q(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,r){let n=oe(),s=se[r]||r,o=n[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,r,n){let s=oe(),o=se[r]||r;if(r==="token-cache")try{s[o]=JSON.parse(n);}catch{s[o]=n;}else s[o]=n;Ue(s);}async deleteSecret(t,r){let n=oe(),s=se[r]||r;return s in n?(delete n[s],Ue(n),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${q()}`}};function Tn(){}Pe.exports={ScryptFallbackProvider:ae,_resetWarningState:Tn};});var $e=_((ao,ve)=>{var{VAULT:D}=h();async function hn(e,t){let r=[D.ACCOUNT_CREDS,D.ACCOUNT_TOKEN];for(let n of r)try{if(await t.getSecret(D.SERVICE,n)!==null)continue;let o=await e.getSecret(D.SERVICE,n);o!==null&&await t.setSecret(D.SERVICE,n,o);}catch{}}ve.exports={migrateFromJsonFallback:hn};});var Be=_((io,qe)=>{var{execFile:gn,exec:On}=c("child_process"),{promisify:Fe}=c("util"),ie=Fe(gn),An=Fe(On),ce=class{static async isAvailable(){try{return await An("command -v security"),!0}catch{return false}}async getSecret(t,r){try{let{stdout:n}=await ie("security",["find-generic-password","-w","-a",r,"-s",t]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await ie("security",["add-generic-password","-U","-a",r,"-s",t,"-w",n]);}async deleteSecret(t,r){try{return await ie("security",["delete-generic-password","-a",r,"-s",t]),!0}catch{return false}}getStoragePath(){return "macOS Keychain"}};qe.exports={MacOsKeyVaultProvider:ce};});var He=_((co,Me)=>{var{execFile:yn,exec:mn,spawn:Ln}=c("child_process"),{promisify:xe}=c("util"),De=xe(yn),wn=xe(mn),le=class{static async isAvailable(){try{return await wn("command -v secret-tool"),!0}catch{return false}}async getSecret(t,r){try{let{stdout:n}=await De("secret-tool",["lookup","service",t,"account",r]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await new Promise((s,o)=>{let a=Ln("secret-tool",["store","--label",t,"service",t,"account",r]);a.on("error",o),a.on("close",l=>{l===0?s():o(new Error(`secret-tool exited with code ${l}`));}),a.stdin.write(n),a.stdin.end();});}async deleteSecret(t,r){try{return await De("secret-tool",["clear","service",t,"account",r]),!0}catch{return false}}getStoragePath(){return "Linux Secret Service (libsecret)"}};Me.exports={LinuxKeyVaultProvider:le};});var We=_((lo,Ge)=>{var ue=class{static async isAvailable(){try{return await c("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return false}}async getSecret(t,r){return c("keytar").getPassword(t,r)}async setSecret(t,r,n){await c("keytar").setPassword(t,r,n);}async deleteSecret(t,r){return c("keytar").deletePassword(t,r)}getStoragePath(){return "Windows Credential Manager"}};Ge.exports={WindowsKeyVaultProvider:ue};});var Je=_((uo,Ve)=>{async function Ke(){let{ScryptFallbackProvider:e}=be();if(e.hasExistingData()){let t=await Ye();if(t){let{migrateFromJsonFallback:r}=$e(),{VAULT:n}=h();if(await r(new e,t),await t.getSecret(n.SERVICE,n.ACCOUNT_CREDS)!==null)return t}return new e}return await Ye()??new e}async function Ye(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=Be();return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=He();return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=We();return await e.isAvailable()?new e:null}default:return null}}var Nn=Ke;Ve.exports={createSecretVaultProvider:Ke,createKeyVaultProvider:Nn};});var Xe=_((po,ze)=>{var{createSecretVaultProvider:In}=Je(),{VAULT:pe}=h(),R=pe.SERVICE,fe=pe.ACCOUNT_CREDS,_e=pe.ACCOUNT_TOKEN,de=null;function U(){return de||(de=In()),de}async function je(){let t=await(await U()).getSecret(R,fe);if(!t)return null;try{return JSON.parse(t)}catch{return null}}async function kn(e){if(!e.clientId||!e.clientSecret||!e.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await U()).setSecret(R,fe,JSON.stringify(e));}async function Cn(){let e=await U();await e.deleteSecret(R,fe),await e.deleteSecret(R,_e);}async function Rn(e){await(await U()).setSecret(R,_e,JSON.stringify({accessToken:e.accessToken,expiresAt:e.expiresAt}));}async function Se(){let t=await(await U()).getSecret(R,_e);if(!t)return null;try{let r=JSON.parse(t);return {accessToken:r.accessToken,expiresAt:r.expiresAt}}catch{return null}}async function Un(){let e=await Se();return e?new Date(e.expiresAt)>new Date:false}async function Pn(){let e=await Se();if(!e||!e.accessToken)return null;try{let t=e.accessToken.split(".");if(t.length<2)return null;let r=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email||r.preferred_username||r.upn||r.sub||null}catch{return null}}async function bn(){let e=await U();if(typeof e.getStoragePath=="function")return e.getStoragePath();let t=process.platform;return t==="darwin"?"macOS Keychain":t==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function vn(){let e=await je();return !!(e&&e.clientId&&e.clientSecret&&e.tenant)}ze.exports={getFlowCredentials:je,saveFlowCredentials:kn,clearFlowCredentials:Cn,saveTokenCache:Rn,getTokenCache:Se,isTokenValid:Un,getEmailFromToken:Pn,getConfigPath:bn,hasCredentials:vn};});var et=_((fo,Qe)=>{var $n=c("https"),Fn=c("http"),{FLOW_URLS:qn}=h(),Bn=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function Dn(e){if(!Bn.test(e))throw new Error(`Invalid tenant value: "${e}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var Ze={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function xn(e,t){try{let r=JSON.parse(t);if(typeof r.error=="string"&&Ze[r.error])return new Error(Ze[r.error])}catch{}return e===401||e===403||e===500?new Error("Invalid credentials"):e>=400&&e<500?new Error("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function Mn(e){return new Promise((t,r)=>{try{Dn(e.tenant);}catch(u){return r(u)}let n=JSON.stringify({clientSecret:e.clientSecret}),s=new URL(qn.AUTH_ENGINE),o=s.protocol==="https:",a={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(n),FlowTenant:e.tenant}},p=(o?$n:Fn).request(a,u=>{let d=[];u.on("data",f=>d.push(f)),u.on("end",()=>{let f=d.join("");if(u.statusCode>=400)return r(xn(u.statusCode,f));let E;try{E=JSON.parse(f);}catch{return r(new Error("Invalid response from auth engine"))}let O=E.expires_at??new Date(Date.now()+(E.expires_in??3600)*1e3).toISOString();t({accessToken:E.access_token,expiresAt:O});});});p.on("error",u=>r(new Error(`Network error: ${u.message}`))),p.write(n),p.end();})}Qe.exports={getToken:Mn};});var L=_((_o,nt)=>{var{writeFileSync:Hn}=c("fs"),{tmpdir:Gn}=c("os"),{join:Wn}=c("path"),{DEBUG_LOG_FILENAME:Yn,ENV:Kn}=h(),tt=Wn(Gn(),Yn);function Vn(...e){if(process.env[Kn.FLOW_OBS_DEBUG]!=="1")return;let t=`[${new Date().toISOString()}] ${e.join(" ")}
|
|
2
|
-
`;try{
|
|
3
|
-
`);}}
|
|
4
|
-
`)[0].slice(0,t).trim()}function
|
|
5
|
-
`);for(let r=t.length-1;r>=0;r--)try{let n=JSON.parse(t[r]);if(n.type==="user"&&n.uuid)return n.uuid}catch{}}catch{}return null}function
|
|
1
|
+
'use strict';var i=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var _=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var h=_((to,Re)=>{var k=process.env.FLOW_BASE_URL||"https://flow.ciandt.com",ke={AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${k}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${k}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${k}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${k}/otel`},jt={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},zt="FLOW-nodejs",Xt="config.json",Zt={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"},Qt={ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL||`${k}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL||"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL||"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"},en={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:ke.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},tn={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP"},nn={KEYCHAIN_ENABLED:false},rn={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},sn={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},on={FILE_PREFIX:"flow-obs-buffer-",MAX_AGE_MS:5760*60*1e3,MAX_FILES:50},an="flow-ai-obs-debug.log",cn={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60},ln="flow-obs-";Re.exports={FLOW_BASE_URL:k,FLOW_URLS:ke,VAULT:jt,CONFIG_DIR_NAME:zt,CONFIG_FILE_NAME:Xt,OTLP:Zt,LLM_PROXY:Qt,NATIVE_OTEL:en,ENV:tn,FEATURES:nn,INSTALLER:rn,HOOK_TIMEOUTS:sn,BUFFER:on,DEBUG_LOG_FILENAME:an,STATE_FILE_PREFIX:ln,TRACE_LIMITS:cn};});var Pe=_((no,Ue)=>{var D=i("fs"),R=i("path"),un=i("os"),{CONFIG_DIR_NAME:ne,CONFIG_FILE_NAME:re}=h(),se={credentials:"credentials","token-cache":"tokenCache"};function B(){let e=un.homedir();if(process.platform==="darwin")return R.join(e,"Library","Preferences",ne,re);if(process.platform==="win32"){let r=process.env.APPDATA||R.join(e,"AppData","Roaming");return R.join(r,ne,re)}let t=process.env.XDG_CONFIG_HOME||R.join(e,".config");return R.join(t,ne,re)}function oe(){try{let e=D.readFileSync(B(),"utf8");return JSON.parse(e)}catch{return {}}}function Ce(e){let t=B();D.mkdirSync(R.dirname(t),{recursive:true}),D.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var j=class{static isAvailable(){return true}static hasExistingData(){try{if(!D.existsSync(B()))return !1;let t=JSON.parse(D.readFileSync(B(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,r){let n=oe(),s=se[r]||r,o=n[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,r,n){let s=oe(),o=se[r]||r;if(r==="token-cache")try{s[o]=JSON.parse(n);}catch{s[o]=n;}else s[o]=n;Ce(s);}async deleteSecret(t,r){let n=oe(),s=se[r]||r;return s in n?(delete n[s],Ce(n),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${B()}`}};function dn(){}var pn=j;Ue.exports={JsonFallbackProvider:j,ScryptFallbackProvider:pn,_resetWarningState:dn};});var $e=_((ro,be)=>{var{execFile:fn}=i("child_process"),{promisify:_n}=i("util"),{accessSync:Sn,constants:En}=i("fs"),ae=_n(fn),ie=class{static async isAvailable(){try{return Sn("/usr/bin/security",En.X_OK),!0}catch{return false}}async getSecret(t,r){try{let{stdout:n}=await ae("security",["find-generic-password","-w","-a",r,"-s",t]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await ae("security",["add-generic-password","-U","-a",r,"-s",t,"-w",n]);}async deleteSecret(t,r){try{return await ae("security",["delete-generic-password","-a",r,"-s",t]),!0}catch{return false}}getStoragePath(){return "macOS Keychain"}};be.exports={MacOsKeyVaultProvider:ie};});var Fe=_((so,qe)=>{var{execFile:Tn,spawn:hn}=i("child_process"),{promisify:On}=i("util"),{accessSync:gn,constants:An}=i("fs"),ve=On(Tn),ce=class{static async isAvailable(){let t=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of t)try{return gn(r,An.X_OK),!0}catch{}return false}async getSecret(t,r){try{let{stdout:n}=await ve("secret-tool",["lookup","service",t,"account",r]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await new Promise((s,o)=>{let a=hn("secret-tool",["store","--label",t,"service",t,"account",r]);a.on("error",o),a.on("close",l=>{l===0?s():o(new Error(`secret-tool exited with code ${l}`));}),a.stdin.write(n),a.stdin.end();});}async deleteSecret(t,r){try{return await ve("secret-tool",["clear","service",t,"account",r]),!0}catch{return false}}getStoragePath(){return "Linux Secret Service (libsecret)"}};qe.exports={LinuxKeyVaultProvider:ce};});var De=_((oo,Be)=>{var le=class{static async isAvailable(){try{return await i("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return false}}async getSecret(t,r){return i("keytar").getPassword(t,r)}async setSecret(t,r,n){await i("keytar").setPassword(t,r,n);}async deleteSecret(t,r){return i("keytar").deletePassword(t,r)}getStoragePath(){return "Windows Credential Manager"}};Be.exports={WindowsKeyVaultProvider:le};});var He=_((ao,xe)=>{async function Me(){let{JsonFallbackProvider:e}=Pe();return await yn()??new e}async function yn(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=$e();return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=Fe();return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=De();return await e.isAvailable()?new e:null}default:return null}}var Ln=Me;xe.exports={createSecretVaultProvider:Me,createKeyVaultProvider:Ln};});var Ye=_((io,We)=>{var{createSecretVaultProvider:mn}=He(),{VAULT:de}=h(),C=de.SERVICE,pe=de.ACCOUNT_CREDS,fe=de.ACCOUNT_TOKEN,ue=null;function U(){return ue||(ue=mn()),ue}async function Ge(){let t=await(await U()).getSecret(C,pe);if(!t)return null;try{return JSON.parse(t)}catch{return null}}async function Nn(e){if(!e.clientId||!e.clientSecret||!e.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await U()).setSecret(C,pe,JSON.stringify(e));}async function In(){let e=await U();await e.deleteSecret(C,pe),await e.deleteSecret(C,fe);}async function wn(e){await(await U()).setSecret(C,fe,JSON.stringify({accessToken:e.accessToken,expiresAt:e.expiresAt}));}async function _e(){let t=await(await U()).getSecret(C,fe);if(!t)return null;try{let r=JSON.parse(t);return {accessToken:r.accessToken,expiresAt:r.expiresAt}}catch{return null}}async function kn(){let e=await _e();return e?new Date(e.expiresAt)>new Date:false}async function Rn(){let e=await _e();if(!e||!e.accessToken)return null;try{let t=e.accessToken.split(".");if(t.length<2)return null;let r=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email||r.preferred_username||r.upn||r.sub||null}catch{return null}}async function Cn(){let e=await U();if(typeof e.getStoragePath=="function")return e.getStoragePath();let t=process.platform;return t==="darwin"?"macOS Keychain":t==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function Un(){let e=await Ge();return !!(e&&e.clientId&&e.clientSecret&&e.tenant)}We.exports={getFlowCredentials:Ge,saveFlowCredentials:Nn,clearFlowCredentials:In,saveTokenCache:wn,getTokenCache:_e,isTokenValid:kn,getEmailFromToken:Rn,getConfigPath:Cn,hasCredentials:Un};});var Ve=_((co,Je)=>{var Pn=i("https"),bn=i("http"),{FLOW_URLS:$n}=h(),vn=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function qn(e){if(!vn.test(e))throw new Error(`Invalid tenant value: "${e}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var Ke={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function Fn(e,t){try{let r=JSON.parse(t);if(typeof r.error=="string"&&Ke[r.error])return new Error(Ke[r.error])}catch{}return e===401||e===403||e===500?new Error("Invalid credentials"):e>=400&&e<500?new Error("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function Bn(e){return new Promise((t,r)=>{try{qn(e.tenant);}catch(u){return r(u)}let n=JSON.stringify({clientSecret:e.clientSecret}),s=new URL($n.AUTH_ENGINE),o=s.protocol==="https:",a={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(n),FlowTenant:e.tenant}},p=(o?Pn:bn).request(a,u=>{let d=[];u.on("data",f=>d.push(f)),u.on("end",()=>{let f=d.join("");if(u.statusCode>=400)return r(Fn(u.statusCode,f));let E;try{E=JSON.parse(f);}catch{return r(new Error("Invalid response from auth engine"))}let g=E.expires_at??new Date(Date.now()+(E.expires_in??3600)*1e3).toISOString();t({accessToken:E.access_token,expiresAt:g});});});p.on("error",u=>r(new Error(`Network error: ${u.message}`))),p.write(n),p.end();})}Je.exports={getToken:Bn};});var m=_((lo,ze)=>{var{writeFileSync:Dn}=i("fs"),{tmpdir:Mn}=i("os"),{join:xn}=i("path"),{DEBUG_LOG_FILENAME:Hn,ENV:Gn}=h(),je=xn(Mn(),Hn);function Wn(...e){if(process.env[Gn.FLOW_OBS_DEBUG]!=="1")return;let t=`[${new Date().toISOString()}] ${e.join(" ")}
|
|
2
|
+
`;try{Dn(je,t,{flag:"a"});}catch(r){process.stderr.write(`[flow-obs debug ERROR] ${r.message}
|
|
3
|
+
`);}}ze.exports={dbg:Wn,DEBUG_LOG:je};});var x=_((uo,Ze)=>{var{getFlowCredentials:Se,isTokenValid:Yn,getEmailFromToken:M,getTokenCache:Kn,saveTokenCache:Jn}=Ye(),{getToken:Vn}=Ve(),{FLOW_BASE_URL:jn,ENV:A,FEATURES:Ee}=h(),{dbg:P}=m(),zn=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];function Xn(e){return zn.some(t=>t.test(e))}function z(e){if(!e)return null;try{let t=e.split(".");if(t.length<2)return null;let r=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:s,tenant:o}=r;return !n||!s||!o?null:{clientId:n,clientSecret:s,tenant:o}}catch{return null}}function Zn(e){let t=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),r=Buffer.from(JSON.stringify({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant})).toString("base64url");return `${t}.${r}.`}function Te(e){let t;try{t=new URL(e);}catch{throw new Error(`Invalid URL: ${e}`)}if(!(process.env[A.FLOW_OBS_ALLOW_HTTP]==="true")&&t.protocol!=="https:")throw new Error(`URL must use HTTPS: ${e}`);if(t.username||t.password)throw new Error(`URL must not contain embedded credentials: ${e}`);if(Xn(t.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${t.hostname}`);return e}async function Qn(){let e=z(process.env[A.ANTHROPIC_AUTH_TOKEN]);if(e)return {user:await M().catch(()=>null)||e.clientId,tenant:e.tenant};if(Ee.KEYCHAIN_ENABLED)try{let t=await Se();if(!t)return {user:"",tenant:""};let r=await M()||t.clientId||"",n=t.tenant||"";return {user:r,tenant:n}}catch{return {user:"",tenant:""}}return {user:"",tenant:""}}async function er(e){if(await Yn())return (await Kn()).accessToken;P("getOrRefreshToken","token expired \u2014 refreshing via auth-engine");let t=await Vn(e);return await Jn(t),P("getOrRefreshToken",`token refreshed, expires=${t.expiresAt}`),t.accessToken}function tr(e,t){let r=t&&t.accessToken?t.accessToken:"";return {endpoint:e.replace(/\/$/,"")+"/langfuse/traces",authHeader:`Bearer ${r}`}}function nr(e,t,r){let n=Buffer.from(`${t}:${r}`).toString("base64");return {endpoint:e.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${n}`}}async function Xe(){let e=[],t=process.env[A.ANTHROPIC_MODEL]||"",r=process.env[A.FLOW_TELEMETRY]==="true",n=process.env[A.LANGFUSE_BASE_URL],s=process.env[A.LANGFUSE_PUBLIC_KEY],o=process.env[A.LANGFUSE_SECRET_KEY];if(r&&n&&s&&o){let d="",f="",E=z(process.env[A.ANTHROPIC_AUTH_TOKEN]);if(E)d=await M().catch(()=>null)||E.clientId,f=E.tenant;else if(Ee.KEYCHAIN_ENABLED)try{let y=await Se();y&&(d=await M()||y.clientId,f=y.tenant);}catch{}let g={user:d||"",tenant:f||"",team:"",project:"",model:t};e.push({mode:"direct",...nr(Te(n),s,o),...g}),P("resolveCredentials","direct mode active",`user=${g.user}`,`tenant=${g.tenant}`);}let a=z(process.env[A.ANTHROPIC_AUTH_TOKEN]);if(P("resolveCredentials",a?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),!a&&Ee.KEYCHAIN_ENABLED&&(a=await Se(),a&&P("resolveCredentials","credentials resolved from keychain (FEATURES.KEYCHAIN_ENABLED=true)")),!a){if(e.length===0){let d=[];return d.authError=false,d}return e}let l;try{l=await er(a);}catch(d){if(P("resolveCredentials",`token refresh failed: ${d.message}`),e.length>0)return e;let f=[];return f.authError=true,f}let p={user:await M()||a.clientId,tenant:a.tenant,team:"",project:"",model:t},u=process.env[A.FLOW_TELEMETRY_GATEWAY]||jn;return e.push({mode:"gateway",...tr(Te(u),{accessToken:l}),...p}),e}async function rr(){return (await Xe()).length>0}Ze.exports={credentialsAvailable:rr,getIdentityFromToken:Qn,resolveCredentials:Xe,validateUrl:Te,parseCredsFromAnthropicToken:z,buildAnthropicAuthToken:Zn};});var b=_((po,Qe)=>{function sr(e,t){let r=typeof e=="object"?JSON.stringify(e):String(e??"");return r.length>t?r.slice(0,t)+" \u2026[truncated]":r}function or(e,t=100){return String(e??"").split(`
|
|
4
|
+
`)[0].slice(0,t).trim()}function ar(){return new Promise(e=>{let t="";process.stdin.setEncoding("utf8"),process.stdin.on("data",r=>t+=r),process.stdin.on("end",()=>{try{e(JSON.parse(t));}catch{e({});}});})}function ir(e){process.stdout.write(JSON.stringify(e));}Qe.exports={truncate:sr,firstLine:or,readInput:ar,passthrough:ir};});var H=_((fo,tt)=>{var{randomBytes:et}=i("crypto"),cr=()=>et(16).toString("hex"),lr=()=>et(8).toString("hex");function ur(){return String(BigInt(Date.now())*1000000n)}tt.exports={generateTraceId:cr,generateSpanId:lr,nowNs:ur};});var G=_((So,rt)=>{var{readFileSync:dr,writeFileSync:pr,unlinkSync:fr,existsSync:_r,realpathSync:_o}=i("fs"),{tmpdir:nt}=i("os"),{join:Sr,resolve:Er,normalize:Tr,sep:hr}=i("path"),Or=/^[0-9a-f-]{1,64}$/i,gr=Tr(nt())+hr;function Ar(e,t){let r=Er(e);if(!r.startsWith(t))throw new Error(`Path traversal detected: ${e}`);return r}function he(e){if(!Or.test(e))throw new Error(`Invalid session ID: ${e}`);return Ar(Sr(nt(),`flow-obs-${e}.json`),gr)}function yr(e){let t=he(e);if(!_r(t))return null;try{return JSON.parse(dr(t,"utf8"))}catch{return null}}function Lr(e,t){pr(he(e),JSON.stringify(t),{encoding:"utf8",mode:384});}function mr(e){try{fr(he(e));}catch{}}rt.exports={loadState:yr,saveState:Lr,deleteState:mr};});var Oe=_((Eo,at)=>{var{readFileSync:st,existsSync:ot}=i("fs");function Nr(e){if(!e||!ot(e))return null;try{let t=st(e,"utf8").trimEnd().split(`
|
|
5
|
+
`);for(let r=t.length-1;r>=0;r--)try{let n=JSON.parse(t[r]);if(n.type==="user"&&n.uuid)return n.uuid}catch{}}catch{}return null}function Ir(e){if(!e||!ot(e))return null;try{let t=st(e,"utf8").trimEnd().split(`
|
|
6
6
|
`),r=[],n=0,s=0,o=!1;for(let a=t.length-1;a>=0;a--)try{let l=JSON.parse(t[a]);if(l.type==="user"){if(o)break;continue}if(l.type==="assistant"){o=!0;let u=(l.message?.content??[]).filter(f=>f.type==="text").map(f=>f.text).join("");u&&r.unshift(u);let d=l.message?.usage??{};n+=(d.input_tokens??0)+(d.cache_read_input_tokens??0)+(d.cache_creation_input_tokens??0),s+=d.output_tokens??0;}}catch{}return !r.length&&n===0?null:{text:r.join(`
|
|
7
7
|
|
|
8
|
-
`),inputTokens:n,outputTokens:s}}catch{}return null}
|
|
8
|
+
`),inputTokens:n,outputTokens:s}}catch{}return null}at.exports={readPromptUuid:Nr,readLastAssistantOutput:Ir};});var X=_((To,ut)=>{var{readFileSync:wr,existsSync:it,readdirSync:kr}=i("fs"),{homedir:ct}=i("os"),{join:$,extname:Rr}=i("path"),Cr=new Set([".venv","__pycache__",".git","node_modules"]),Ur=new Set([".pyc",".pyo"]),Pr=new Set(["SKILL.md",".DS_Store",".gitignore"]);function br(e,t){if(!e)return null;let r=[$(ct(),".claude","skills",e,"SKILL.md"),$(t||"",".claude","skills",e,"SKILL.md")];for(let n of r)if(it(n))try{return wr(n,"utf8")}catch{}return null}function $r(e){return e.match(/^\/([a-z][a-z0-9-]*)(?:\s.*)?$/i)?.[1]||null}var lt=new Set(["Read","Write","Edit","MultiEdit","Bash","Glob","Grep","TodoWrite","WebFetch","WebSearch","Agent","Task"]);function vr(e){return !!e.slashSkill||e.toolCalls.some(n=>n.tool==="Skill")?e.toolCalls.some(n=>lt.has(n.tool))?"complete":"prerequisite_required":null}function qr(e,t){if(!e)return null;let r=[$(ct(),".claude","skills",e),$(t||"",".claude","skills",e)],n=null;for(let a of r)if(it($(a,"SKILL.md"))){n=a;break}if(!n)return null;let s=[];function o(a,l){for(let p of kr(a,{withFileTypes:true})){if(Cr.has(p.name)||Pr.has(p.name)||Ur.has(Rr(p.name)))continue;let u=l?`${l}/${p.name}`:p.name;p.isDirectory()?o($(a,p.name),u):s.push(u);}}return o(n,""),s.length>0?s:null}ut.exports={readSkillContent:br,readSkillArtifacts:qr,detectSlashSkill:$r,EXECUTION_TOOLS:lt,detectExecutionStatus:vr};});var _t=_((ho,ft)=>{var{generateTraceId:dt,generateSpanId:Fr,nowNs:Br}=H(),{saveState:Dr}=G(),{readPromptUuid:Mr}=Oe(),{detectSlashSkill:xr,readSkillContent:Hr,readSkillArtifacts:Gr}=X(),{passthrough:Wr}=b(),{dbg:pt}=m(),{ENV:Yr}=h(),{resolveCredentials:Kr}=x();async function Jr(e){let t=e.session_id||"unknown",r=e.prompt||"",n=e.cwd||"";try{(await Kr()).authError===!0&&(process.stderr.write(`
|
|
9
9
|
\u26A0 flow-ai-obs: Your Flow credentials have expired.
|
|
10
10
|
Traces will not be captured until you re-authenticate.
|
|
11
11
|
Run: flow-ai-obs auth login
|
|
12
12
|
|
|
13
|
-
`),
|
|
14
|
-
${
|
|
15
|
-
${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${
|
|
16
|
-
`)),f=l?.inputTokens??0,E=l?.outputTokens??0,
|
|
17
|
-
`),process.stdout.write(JSON.stringify(t));}}
|
|
13
|
+
`),pt("UserPromptSubmit","auth expired \u2014 warning emitted to stderr"));}catch{}let s=Mr(e.transcript_path)||dt(),o=xr(r),a=o?Hr(o,n):null,l=o?Gr(o,n):null;Dr(t,{traceId:dt(),spanId:Fr(),startNs:Br(),sessionId:t,prompt:r,cwd:n,traceName:s,transcriptPath:e.transcript_path||"",model:process.env[Yr.ANTHROPIC_MODEL]||"",toolCalls:[],spans:[],pendingTool:null,slashSkill:o,skillContent:a,skillArtifacts:l}),pt("UserPromptSubmit",`sid=${t}`,`traceName=${s}`,`slashSkill=${o}`),Wr(e);}ft.exports={onUserPromptSubmit:Jr};});var Et=_((Oo,St)=>{var{nowNs:Vr}=H(),{loadState:jr,saveState:zr}=G(),{truncate:Xr,passthrough:Zr}=b(),{dbg:Qr}=m(),{TRACE_LIMITS:es}=h();async function ts(e){let t=e.session_id||"unknown",r=e.tool_name||"unknown",n=e.tool_input||{},s=jr(t);s&&(s.pendingTool={name:r,inputStr:Xr(n,es.TOOL_INPUT),startNs:Vr()},zr(t,s)),Qr("PreToolUse",`sid=${t}`,`tool=${r}`,`stateFound=${!!s}`),Zr(e);}St.exports={onPreToolUse:ts};});var Ot=_((go,ht)=>{var ns=i("https"),rs=i("http"),{FLOW_URLS:ss}=h();function os(e){let t=new URL(e),r=new URL(ss.GATEWAY_HEALTH);return r.hostname=t.hostname,r.port=t.port,r.protocol=t.protocol,r}function Tt(e,t){return new Promise((r,n)=>{let o=(e._isSSL?ns:rs).request(e,a=>{let l=[];a.on("data",p=>l.push(p)),a.on("end",()=>r({statusCode:a.statusCode,body:l.join("")}));});o.on("error",a=>n(new Error(`Network error: ${a.message}`))),t&&o.write(t),o.end();})}async function as(e){let t;try{t=os(e);}catch{return false}let r=t.protocol==="https:";try{let n=await Tt({hostname:t.hostname,port:t.port||(r?443:80),path:t.pathname,method:"GET",_isSSL:r},null);return n.statusCode>=200&&n.statusCode<300}catch{return false}}async function is(e,t,r){let n=JSON.stringify(e),s=new URL(t),o=s.protocol==="https:",a=String(r).replace(/[\r\n]/g,"");try{return (await Tt({hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:a,"Content-Length":Buffer.byteLength(n)},_isSSL:o},n)).statusCode}catch{return 0}}ht.exports={checkHealth:as,sendTraces:is};});var Lt=_((Ao,yt)=>{var N=i("fs"),ge=i("path"),gt=i("os"),{BUFFER:W}=h(),{dbg:Y}=m();function At(e){if(/[/\\]/.test(e))throw new Error(`Invalid buffer fileId: ${e}`);return ge.join(gt.tmpdir(),`${W.FILE_PREFIX}${e}.json`)}function Ae(){let e=gt.tmpdir(),t;try{t=N.readdirSync(e);}catch{return []}return t.filter(r=>r.startsWith(W.FILE_PREFIX)&&r.endsWith(".json")).map(r=>{let n=ge.join(e,r),s=0;try{s=N.statSync(n).mtimeMs;}catch{}return {full:n,mtime:s}}).sort((r,n)=>r.mtime-n.mtime).map(r=>r.full)}function cs(e){try{let t=Ae();if(t.length>=W.MAX_FILES){let s=t.slice(0,t.length-W.MAX_FILES+1);for(let o of s)try{N.unlinkSync(o);}catch{}}let r=`${Date.now()}-${Math.random().toString(36).slice(2,8)}`,n={fileId:r,bufferedAt:Date.now(),payload:e};return N.writeFileSync(At(r),JSON.stringify(n),{encoding:"utf8",mode:384}),Y("buffer",`saved fileId=${r}`),r}catch(t){return Y("buffer",`saveToBuffer failed: ${t.message}`),null}}function ls(){let e=Ae(),t=[];for(let r of e)try{let n=N.readFileSync(r,"utf8"),s=JSON.parse(n);s&&s.fileId&&s.payload&&t.push(s);}catch{Y("buffer",`skipping malformed file: ${r}`);}return t}function us(e){try{N.unlinkSync(At(e)),Y("buffer",`deleted fileId=${e}`);}catch{}}function ds(){let e=Ae(),t=Date.now()-W.MAX_AGE_MS;for(let r of e)try{let{mtimeMs:n}=N.statSync(r);n<t&&(N.unlinkSync(r),Y("buffer",`evicted stale: ${ge.basename(r)}`));}catch{}}yt.exports={saveToBuffer:cs,loadBuffer:ls,deleteBuffer:us,cleanStaleBuffers:ds};});var ye=_((yo,wt)=>{var{resolveCredentials:ps}=x(),{OTLP:mt}=h(),{dbg:v}=m(),{checkHealth:fs,sendTraces:It}=Ot(),{saveToBuffer:Nt,loadBuffer:_s,deleteBuffer:Ss,cleanStaleBuffers:Es}=Lt(),Ts={name:mt.SCOPE_NAME,version:mt.SCOPE_VERSION},hs={TRACE_NAME:"langfuse.trace.name",TRACE_INPUT:"langfuse.trace.input",TRACE_OUTPUT:"langfuse.trace.output",TRACE_METADATA:"langfuse.trace.metadata",TRACE_TAGS:"langfuse.trace.tags",USER_ID:"langfuse.user.id",SESSION_ID:"langfuse.session.id",OBS_NAME:"langfuse.observation.name",OBS_INPUT:"langfuse.observation.input",OBS_OUTPUT:"langfuse.observation.output",OBS_LEVEL:"langfuse.observation.level",OBS_TYPE:"langfuse.observation.type",MODEL:"gen_ai.request.model",INPUT_TOKENS:"gen_ai.usage.input_tokens",OUTPUT_TOKENS:"gen_ai.usage.output_tokens"};function Os(e,t){return t==null||t===""?null:{key:e,value:{stringValue:String(t)}}}function gs(...e){return e.filter(Boolean)}function As(e,t){return {resourceSpans:[{resource:{attributes:e},scopeSpans:[{scope:Ts,spans:Array.isArray(t)?t:[t]}]}]}}function ys(e,t){return new Promise(r=>{let n=JSON.stringify(e),s=new URL(t.endpoint),o=s.protocol==="https:",a=d=>String(d).replace(/[\r\n]/g,""),l={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:a(t.authHeader),"Content-Length":Buffer.byteLength(n)}},u=(o?i("https"):i("http")).request(l,d=>{d.resume(),r(d.statusCode);});u.on("error",()=>r(0)),u.write(n),u.end();})}async function Ls(e){Es();let t=_s();if(t.length){v("replayBufferedTraces",`replaying ${t.length} buffered trace(s)`);for(let r of t)try{let n=await It(r.payload,e.endpoint,e.authHeader);n>=200&&n<300?(Ss(r.fileId),v("replayBufferedTraces",`replayed fileId=${r.fileId} status=${n}`)):v("replayBufferedTraces",`replay failed fileId=${r.fileId} status=${n}`);}catch(n){v("replayBufferedTraces",`replay error fileId=${r.fileId}: ${n.message}`);}}}async function ms(e){let t=await ps();return t.length?(await Promise.all(t.map(async n=>n.mode==="gateway"?await fs(n.endpoint)?(await Ls(n),It(e,n.endpoint,n.authHeader)):(v("postToLangfuse","gateway health check failed \u2014 buffering trace"),Nt(e),0):ys(e,n)))).find(n=>n!==0)||0:(t.authError&&(v("postToLangfuse","auth refresh failed \u2014 buffering trace"),Nt(e)),0)}wt.exports={LF:hs,a:Os,attrs:gs,buildPayload:As,postToLangfuse:ms};});var Le=_((Lo,kt)=>{var O="[REDACTED]",Ns=[{re:/\b(sk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`sk-${O}`},{re:/\b(pk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`pk-${O}`},{re:/\b(Bearer\s+)[A-Za-z0-9\-._~+/]+=*/gi,replace:(e,t)=>`${t}${O}`},{re:/\b(Basic\s+)[A-Za-z0-9+/]+=*/gi,replace:(e,t)=>`${t}${O}`},{re:/(-----BEGIN [A-Z ]+-----)[^-]*(-----END [A-Z ]+-----)/g,replace:(e,t,r)=>`${t}
|
|
14
|
+
${O}
|
|
15
|
+
${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${O}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(e,t)=>`${t}${O}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${O}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${O}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${O}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(e,t,r)=>`${t}${r}${O}${r}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(e,t)=>`${t}:${O}@`}];function Is(e){if(e==null)return "";let t=typeof e=="string"?e:JSON.stringify(e);return Ns.reduce((r,{re:n,replace:s})=>r.replace(n,s),t)}kt.exports={sanitize:Is,REDACTED:O};});var vt=_((mo,$t)=>{var{generateSpanId:ws,nowNs:ks}=H(),{loadState:Rs,saveState:Cs}=G(),{LF:K,a:w,attrs:Us}=ye(),{truncate:Rt,firstLine:Ps,passthrough:Ct}=b(),{readSkillContent:bs,readSkillArtifacts:$s}=X(),{dbg:Ut}=m(),{TRACE_LIMITS:Pt}=h(),{sanitize:bt}=Le();async function vs(e){let t=e.session_id||"unknown",r=e.tool_name||"unknown",n=e.tool_input||{},s=e.tool_response||"",o=Rs(t);if(!o){Ct(e);return}let a=ks(),l=o.pendingTool?.name===r,p=l?o.pendingTool.startNs:String(BigInt(a)-200000000n),u=l?o.pendingTool.inputStr:Rt(n,Pt.TOOL_INPUT),d=u;if(r==="Skill"){let I=typeof n=="object"&&n!==null?n.skill||n.name||n.skillName||String(Object.values(n)[0]??""):String(n),L=I?bs(I.trim(),o.cwd):null;L&&(d=L,o.skillContent||(o.skillContent=L),o.slashSkill||(o.slashSkill=I.trim()),o.skillArtifacts||(o.skillArtifacts=$s(I.trim(),o.cwd))),Ut("PostToolUse","Skill tool detected",`skillName=${I}`,`contentFound=${!!L}`);}let f=bt(Rt(s,Pt.TOOL_OUTPUT)),E=/\b(error|exception|failed|failure|traceback|errno)\b/i.test(f.slice(0,500)),g=E?"ERROR":"DEFAULT",y=ws(),J=Math.round(Number(BigInt(a)-BigInt(p))/1e6),te={Agent:"AGENT",Task:"AGENT"}[r]??"TOOL";o.toolCalls.push({tool:r,brief:Ps(u,60),error:E,durationMs:J}),o.spans.push({traceId:o.traceId,spanId:y,parentSpanId:o.spanId,name:r,kind:3,startTimeUnixNano:p,endTimeUnixNano:a,attributes:Us(w(K.OBS_NAME,r),w(K.OBS_TYPE,te),w(K.OBS_LEVEL,g),w(K.OBS_INPUT,bt(d)),w(K.OBS_OUTPUT,f),w("tool.name",r),w("tool.error",String(E))),status:{code:E?2:1}}),o.pendingTool=null,Cs(t,o),Ut("PostToolUse",`sid=${t}`,`tool=${r}`,`error=${E}`,`durationMs=${J}`,`totalSpans=${o.spans.length}`),Ct(e);}$t.exports={onPostToolUse:vs};});var Ft=_((No,qt)=>{var me={"claude-opus-4-6":{input:15,output:75},"claude-opus-4-5":{input:15,output:75},"claude-sonnet-4-6":{input:3,output:15},"claude-sonnet-4-5":{input:3,output:15},"claude-haiku-4-5":{input:.8,output:4},"claude-4-6-opus":{input:15,output:75},"claude-4-6-sonnet":{input:3,output:15},"claude-4-5-opus":{input:15,output:75},"claude-4-5-sonnet":{input:3,output:15},"claude-4-5-haiku":{input:.8,output:4},"claude-3-5-sonnet-20241022":{input:3,output:15},"claude-3-5-haiku-20241022":{input:.8,output:4},"claude-3-opus-20240229":{input:15,output:75}};function qs(e,t,r){let n=Object.keys(me).find(a=>(e||"").toLowerCase().includes(a));if(!n)return;let s=me[n],o=(t*s.input+r*s.output)/1e6;return Math.round(o*1e6)/1e6}qt.exports={MODEL_PRICING:me,calcCostUsd:qs};});var Ht=_((Io,xt)=>{var{generateSpanId:Bt,nowNs:Fs}=H(),{loadState:Bs,deleteState:Dt}=G(),{LF:T,a:c,attrs:Z,buildPayload:Ds,postToLangfuse:Ms}=ye(),{getIdentityFromToken:xs}=x(),{calcCostUsd:Hs}=Ft(),{readLastAssistantOutput:Gs}=Oe(),{truncate:Q,firstLine:Ws,passthrough:Ne}=b(),{dbg:q}=m(),{detectExecutionStatus:Ys}=X(),{sanitize:Mt}=Le(),{TRACE_LIMITS:ee}=h();async function Ks(e){let t=e.session_id||"unknown",r=e.stop_reason||"end_turn",n=Bs(t);if(!n){Ne(e);return}n.slashSkill&&!/^[a-z][a-z0-9-]*$/i.test(n.slashSkill)&&(q("Stop",`sid=${t}`,`slashSkill rejected post-disk: "${n.slashSkill}"`),n.slashSkill=null);let s=Fs(),o=await xs();if(n.slashSkill&&!n.toolCalls.some(S=>S.tool==="Skill")){let S=Bt(),F=n.skillContent?n.skillContent:JSON.stringify({skill:n.slashSkill});n.toolCalls.push({tool:"Skill",brief:n.slashSkill,error:false,durationMs:0,synthetic:true}),n.spans.push({traceId:n.traceId,spanId:S,parentSpanId:n.spanId,name:"Skill",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:n.startNs,attributes:Z(c(T.OBS_NAME,"Skill"),c(T.OBS_TYPE,"TOOL"),c(T.OBS_LEVEL,"DEFAULT"),c(T.OBS_INPUT,F),c(T.OBS_OUTPUT,"loaded via slash command"),c("tool.name","Skill"),c("tool.error","false"),c("skill.name",n.slashSkill),c("skill.invocation","slash-command")),status:{code:1}}),q("Stop",`slashSkill=${n.slashSkill}`,"synthetic span injected");}let a=e.transcript_path||n.transcriptPath||"",l=Gs(a),p=n.toolCalls.length,u=n.toolCalls.filter(S=>S.error).length,d=Mt(l?.text?Q(l.text,ee.TRACE_OUTPUT):p===0?"No tools used":n.toolCalls.map((S,F)=>`${F+1}. ${S.tool}${S.brief?` \u2192 ${S.brief}`:""}${S.error?" [ERROR]":""}`).join(`
|
|
16
|
+
`)),f=l?.inputTokens??0,E=l?.outputTokens??0,g=n.toolCalls.map((S,F)=>`${F+1}. ${S.tool}${S.brief?` \u2192 ${S.brief}`:""}${S.error?" [ERROR]":""} (${S.durationMs}ms)`),y=!!(n.slashSkill||n.toolCalls.some(S=>S.tool==="Skill")),J=n.toolCalls.some(S=>S.tool==="Agent");if(!y&&!J){q("Stop",`sid=${t}`,"skipping trace \u2014 no Skill or Agent calls found"),Dt(t),Ne(e);return}let V=y?"skill":"agent",te=Math.round(Number(BigInt(s)-BigInt(n.startNs))/1e6),I=Hs(n.model,f,E),L=Ys(n);L==="prerequisite_required"&&(n.spans.push({traceId:n.traceId,spanId:Bt(),parentSpanId:n.spanId,name:"prerequisite-check",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:s,attributes:Z(c(T.OBS_NAME,"prerequisite-check"),c(T.OBS_TYPE,"EVENT"),c(T.OBS_LEVEL,"WARNING"),c(T.OBS_OUTPUT,d),c("skill.name",n.slashSkill||void 0),c("execution_status","prerequisite_required")),status:{code:1}}),q("Stop",`sid=${t}`,"prerequisite-check span injected",`skill=${n.slashSkill}`));let Ie=(()=>{if(!(!y||!n.prompt)){if(n.slashSkill){let S=n.prompt.replace(new RegExp(`^\\/${n.slashSkill}\\s*`,"i"),"").trim();return S?Q(S,ee.USER_INSTRUCTION):void 0}return Q(n.prompt,ee.USER_INSTRUCTION)||void 0}})(),Gt=JSON.stringify({trace_type:V,...L!==null&&{execution_status:L},...n.slashSkill&&{skill_name:n.slashSkill},...n.skillArtifacts?.length&&{skill_artifacts:n.skillArtifacts},...Ie!==void 0&&{user_instruction:Ie},latency_ms:te,...f&&{tokens_input:f},...E&&{tokens_output:E},cost_usd:I,...n.model&&{model:n.model},toolCount:p,errorCount:u,stopReason:r,sessionId:n.sessionId,tools:g.length?g:void 0}),Wt=Mt(Q(n.prompt,ee.TRACE_INPUT)),Yt=Z(c(T.TRACE_NAME,n.traceName),c(T.TRACE_INPUT,Wt),c(T.TRACE_OUTPUT,d),c(T.TRACE_METADATA,Gt),c(T.SESSION_ID,n.sessionId),c(T.USER_ID,o.user),c(T.OBS_TYPE,"GENERATION"),c(T.MODEL,n.model),f?c(T.INPUT_TOKENS,f):null,E?c(T.OUTPUT_TOKENS,E):null,c("claude.stop_reason",r),c("claude.tool_count",String(p)),c("claude.error_count",String(u)),c("claude.session_id",n.sessionId),c("flow.trace_type",V),{key:T.TRACE_TAGS,value:{arrayValue:{values:[{stringValue:V}]}}}),Kt={traceId:n.traceId,spanId:n.spanId,name:n.traceName,kind:1,startTimeUnixNano:n.startNs,endTimeUnixNano:s,attributes:Yt,status:{code:u>0?2:1}},Jt=Z(c("service.name",process.env.LANGFUSE_PROJECT_NAME||"claude-code"),c("deployment.environment",process.env.LANGFUSE_ENVIRONMENT||"default")),we=[...n.spans||[],Kt];q("Stop",`sid=${t}`,`totalTools=${p}`,`errorTools=${u}`,`spans=${we.length}`,`inputTokens=${f}`,`outputTokens=${E}`,`traceOutput="${Ws(d,80)}"`);let Vt=await Ms(Ds(Jt,we));q("Stop",`POST status=${Vt}`,`traceId=${n.traceId}`),Dt(t),Ne(e);}xt.exports={onStop:Ks};});var{credentialsAvailable:Js}=x(),{readInput:Vs}=b(),{onUserPromptSubmit:js}=_t(),{onPreToolUse:zs}=Et(),{onPostToolUse:Xs}=vt(),{onStop:Zs}=Ht();async function Qs(){let e=process.argv[2];if(!await Js()){let r=[];process.stdin.on("data",n=>r.push(n)),process.stdin.on("end",()=>process.stdout.write(r.join("")));return}let t=await Vs();switch(e){case "UserPromptSubmit":await js(t);break;case "PreToolUse":await zs(t);break;case "PostToolUse":await Xs(t);break;case "Stop":await Zs(t);break;default:process.stderr.write(`[flow-obs] unknown event: ${e}
|
|
17
|
+
`),process.stdout.write(JSON.stringify(t));}}Qs().catch(e=>{process.stderr.write(`[flow-obs] fatal: ${e.message}
|
|
18
18
|
`),process.exit(0);});
|
package/dist/setup.js
CHANGED
|
@@ -1,55 +1,10 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
'use strict';var i=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,n)=>(typeof require<"u"?require:t)[n]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var l=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var p=l((zn,pe)=>{var h=process.env.FLOW_BASE_URL||"https://flow.ciandt.com",fe={AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${h}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${h}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${h}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${h}/otel`},ut={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},lt="FLOW-nodejs",dt="config.json",Tt={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"},Et={ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL||`${h}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL||"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL||"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"},ft={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:fe.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},pt={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP"},_t={KEYCHAIN_ENABLED:false},wt={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},St={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},ht={FILE_PREFIX:"flow-obs-buffer-",MAX_AGE_MS:5760*60*1e3,MAX_FILES:50},At="flow-ai-obs-debug.log",yt={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60},Ot="flow-obs-";pe.exports={FLOW_BASE_URL:h,FLOW_URLS:fe,VAULT:ut,CONFIG_DIR_NAME:lt,CONFIG_FILE_NAME:dt,OTLP:Tt,LLM_PROXY:Et,NATIVE_OTEL:ft,ENV:pt,FEATURES:_t,INSTALLER:wt,HOOK_TIMEOUTS:St,BUFFER:ht,DEBUG_LOG_FILENAME:At,STATE_FILE_PREFIX:Ot,TRACE_LIMITS:yt};});var Se=l((Zn,we)=>{var R=i("fs"),A=i("path"),gt=i("os"),{CONFIG_DIR_NAME:B,CONFIG_FILE_NAME:W}=p(),K={credentials:"credentials","token-cache":"tokenCache"};function I(){let e=gt.homedir();if(process.platform==="darwin")return A.join(e,"Library","Preferences",B,W);if(process.platform==="win32"){let n=process.env.APPDATA||A.join(e,"AppData","Roaming");return A.join(n,B,W)}let t=process.env.XDG_CONFIG_HOME||A.join(e,".config");return A.join(t,B,W)}function V(){try{let e=R.readFileSync(I(),"utf8");return JSON.parse(e)}catch{return {}}}function _e(e){let t=I();R.mkdirSync(A.dirname(t),{recursive:true}),R.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var j=class{static isAvailable(){return true}static hasExistingData(){try{if(!R.existsSync(I()))return !1;let t=JSON.parse(R.readFileSync(I(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,n){let r=V(),s=K[n]||n,o=r[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,n,r){let s=V(),o=K[n]||n;if(n==="token-cache")try{s[o]=JSON.parse(r);}catch{s[o]=r;}else s[o]=r;_e(s);}async deleteSecret(t,n){let r=V(),s=K[n]||n;return s in r?(delete r[s],_e(r),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${I()}`}};function Lt(){}we.exports={ScryptFallbackProvider:j,_resetWarningState:Lt};});var Ae=l((Qn,he)=>{var{VAULT:m}=p();async function Nt(e,t){let n=[m.ACCOUNT_CREDS,m.ACCOUNT_TOKEN];for(let r of n)try{if(await t.getSecret(m.SERVICE,r)!==null)continue;let o=await e.getSecret(m.SERVICE,r);o!==null&&await t.setSecret(m.SERVICE,r,o);}catch{}}he.exports={migrateFromJsonFallback:Nt};});var ge=l((er,Oe)=>{var{execFile:Ct,exec:It}=i("child_process"),{promisify:ye}=i("util"),J=ye(Ct),Rt=ye(It),X=class{static async isAvailable(){try{return await Rt("command -v security"),!0}catch{return false}}async getSecret(t,n){try{let{stdout:r}=await J("security",["find-generic-password","-w","-a",n,"-s",t]);return r.trim()||null}catch{return null}}async setSecret(t,n,r){await J("security",["add-generic-password","-U","-a",n,"-s",t,"-w",r]);}async deleteSecret(t,n){try{return await J("security",["delete-generic-password","-a",n,"-s",t]),!0}catch{return false}}getStoragePath(){return "macOS Keychain"}};Oe.exports={MacOsKeyVaultProvider:X};});var Ie=l((tr,Ce)=>{var{execFile:mt,exec:vt,spawn:Ut}=i("child_process"),{promisify:Ne}=i("util"),Le=Ne(mt),Pt=Ne(vt),z=class{static async isAvailable(){try{return await Pt("command -v secret-tool"),!0}catch{return false}}async getSecret(t,n){try{let{stdout:r}=await Le("secret-tool",["lookup","service",t,"account",n]);return r.trim()||null}catch{return null}}async setSecret(t,n,r){await new Promise((s,o)=>{let c=Ut("secret-tool",["store","--label",t,"service",t,"account",n]);c.on("error",o),c.on("close",d=>{d===0?s():o(new Error(`secret-tool exited with code ${d}`));}),c.stdin.write(r),c.stdin.end();});}async deleteSecret(t,n){try{return await Le("secret-tool",["clear","service",t,"account",n]),!0}catch{return false}}getStoragePath(){return "Linux Secret Service (libsecret)"}};Ce.exports={LinuxKeyVaultProvider:z};});var me=l((nr,Re)=>{var Z=class{static async isAvailable(){try{return await i("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return false}}async getSecret(t,n){return i("keytar").getPassword(t,n)}async setSecret(t,n,r){await i("keytar").setPassword(t,n,r);}async deleteSecret(t,n){return i("keytar").deletePassword(t,n)}getStoragePath(){return "Windows Credential Manager"}};Re.exports={WindowsKeyVaultProvider:Z};});var Fe=l((rr,Pe)=>{async function Ue(){let{ScryptFallbackProvider:e}=Se();if(e.hasExistingData()){let t=await ve();if(t){let{migrateFromJsonFallback:n}=Ae(),{VAULT:r}=p();if(await n(new e,t),await t.getSecret(r.SERVICE,r.ACCOUNT_CREDS)!==null)return t}return new e}return await ve()??new e}async function ve(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=ge();return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=Ie();return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=me();return await e.isAvailable()?new e:null}default:return null}}var Ft=Ue;Pe.exports={createSecretVaultProvider:Ue,createKeyVaultProvider:Ft};});var D=l((sr,be)=>{var{createSecretVaultProvider:kt}=Fe(),{VAULT:ee}=p(),y=ee.SERVICE,te=ee.ACCOUNT_CREDS,ne=ee.ACCOUNT_TOKEN,Q=null;function O(){return Q||(Q=kt()),Q}async function ke(){let t=await(await O()).getSecret(y,te);if(!t)return null;try{return JSON.parse(t)}catch{return null}}async function bt(e){if(!e.clientId||!e.clientSecret||!e.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await O()).setSecret(y,te,JSON.stringify(e));}async function Dt(){let e=await O();await e.deleteSecret(y,te),await e.deleteSecret(y,ne);}async function Ht(e){await(await O()).setSecret(y,ne,JSON.stringify({accessToken:e.accessToken,expiresAt:e.expiresAt}));}async function re(){let t=await(await O()).getSecret(y,ne);if(!t)return null;try{let n=JSON.parse(t);return {accessToken:n.accessToken,expiresAt:n.expiresAt}}catch{return null}}async function xt(){let e=await re();return e?new Date(e.expiresAt)>new Date:false}async function Mt(){let e=await re();if(!e||!e.accessToken)return null;try{let t=e.accessToken.split(".");if(t.length<2)return null;let n=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return n.email||n.preferred_username||n.upn||n.sub||null}catch{return null}}async function qt(){let e=await O();if(typeof e.getStoragePath=="function")return e.getStoragePath();let t=process.platform;return t==="darwin"?"macOS Keychain":t==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function $t(){let e=await ke();return !!(e&&e.clientId&&e.clientSecret&&e.tenant)}be.exports={getFlowCredentials:ke,saveFlowCredentials:bt,clearFlowCredentials:Dt,saveTokenCache:Ht,getTokenCache:re,isTokenValid:xt,getEmailFromToken:Mt,getConfigPath:qt,hasCredentials:$t};});var H=l((or,He)=>{var Yt=i("https"),Gt=i("http"),{FLOW_URLS:Bt}=p(),Wt=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function Kt(e){if(!Wt.test(e))throw new Error(`Invalid tenant value: "${e}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var De={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function Vt(e,t){try{let n=JSON.parse(t);if(typeof n.error=="string"&&De[n.error])return new Error(De[n.error])}catch{}return e===401||e===403||e===500?new Error("Invalid credentials"):e>=400&&e<500?new Error("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function jt(e){return new Promise((t,n)=>{try{Kt(e.tenant);}catch(u){return n(u)}let r=JSON.stringify({clientSecret:e.clientSecret}),s=new URL(Bt.AUTH_ENGINE),o=s.protocol==="https:",c={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(r),FlowTenant:e.tenant}},T=(o?Yt:Gt).request(c,u=>{let a=[];u.on("data",f=>a.push(f)),u.on("end",()=>{let f=a.join("");if(u.statusCode>=400)return n(Vt(u.statusCode,f));let w;try{w=JSON.parse(f);}catch{return n(new Error("Invalid response from auth engine"))}let C=w.expires_at??new Date(Date.now()+(w.expires_in??3600)*1e3).toISOString();t({accessToken:w.access_token,expiresAt:C});});});T.on("error",u=>n(new Error(`Network error: ${u.message}`))),T.write(r),T.end();})}He.exports={getToken:jt};});var qe=l((cr,Me)=>{var{writeFileSync:Jt}=i("fs"),{tmpdir:Xt}=i("os"),{join:zt}=i("path"),{DEBUG_LOG_FILENAME:Zt,ENV:Qt}=p(),xe=zt(Xt(),Zt);function en(...e){if(process.env[Qt.FLOW_OBS_DEBUG]!=="1")return;let t=`[${new Date().toISOString()}] ${e.join(" ")}
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
`)
|
|
11
|
-
`)),1}}async function Mn(){try{process.stdout.write(`
|
|
12
|
-
`);let e=(await b(k(" ? ")+"Client ID: ")).trim(),t=(await b(k(" ? ")+"Client Secret: ",{masked:!0})).trim(),n=(await b(k(" ? ")+"Tenant: ")).trim();if(!e||!t||!n)return process.stderr.write(F(` \u2717 All fields are required
|
|
13
|
-
`)),1;try{await et({clientId:e,clientSecret:t,tenant:n});}catch(r){return process.stderr.write(F(` \u2717 Authentication failed: ${S(r.message)}
|
|
14
|
-
`)),1}return process.stdout.write($(` \u2713 Setup complete. Tenant: ${S(n)}
|
|
15
|
-
`)),process.stdout.write(` Storage: ${await Xe()}
|
|
16
|
-
|
|
17
|
-
`),0}catch(e){if(e.message==="SIGINT")throw e;return process.stderr.write(F(` \u2717 Unexpected error: ${e.message}
|
|
18
|
-
`)),1}}async function qn(e={}){if(e.clientId&&e.clientSecret&&e.tenant)return xn({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant});let t=ze(process.env[Te.ANTHROPIC_AUTH_TOKEN]);t&&await Qe(t);let n=t||await de();if(n){process.stdout.write(`
|
|
19
|
-
`),process.stdout.write(Ze(` Already authenticated
|
|
20
|
-
`)),process.stdout.write(N(" Tenant: ")+S(n.tenant)+`
|
|
21
|
-
`),process.stdout.write(N(" Client ID: ")+S(n.clientId)+`
|
|
22
|
-
`),process.stdout.write(`
|
|
23
|
-
`);let r;try{r=await b(k(" ? ")+"Re-authenticate? (y/N): ");}catch(s){if(s.message==="SIGINT")return process.stdout.write(`
|
|
24
|
-
`),130;throw s}if(r.trim().toLowerCase()!=="y")return process.stdout.write($(` \u2713 Using existing credentials.
|
|
25
|
-
|
|
26
|
-
`)),0}try{return await Mn()}catch(r){if(r.message==="SIGINT")return process.stdout.write(`
|
|
27
|
-
`),130;throw r}}async function $n(){try{return process.stdout.write(`
|
|
28
|
-
`),(await b(k(" ? ")+"Are you sure? This will remove your local credentials. (y/N): ")).toLowerCase()!=="y"?(process.stdout.write(q(` \u26A0 Logout cancelled
|
|
29
|
-
`)),0):null}catch(e){if(e.message==="SIGINT")return process.stdout.write(`
|
|
30
|
-
`),130;throw e}}async function Yn(e=false){if(!await Fn())return process.stdout.write(q(` \u26A0 You are not authenticated
|
|
31
|
-
`)),0;if(!e){let t=await $n();if(t!==null)return t}try{return await vn(),process.stdout.write($(` \u2713 Credentials removed successfully
|
|
32
|
-
`)),0}catch{return process.stderr.write(F(` \u2717 Error removing credentials
|
|
33
|
-
`)),1}}async function Gn(){let e=ze(process.env[Te.ANTHROPIC_AUTH_TOKEN]);e&&await Qe(e);let t=e||await de();if(!t)return process.stdout.write(q(" \u26A0 Not authenticated. Run `flow-ai-obs auth login` to set up.\n")),0;if(!e&&!await Pn())return process.stdout.write(q(" \u26A0 Session expired. Run `flow-ai-obs auth login` to re-authenticate.\n")),0;let n=t.clientSecret.length>4?"****...****"+t.clientSecret.slice(-4):"****",r=e?"ANTHROPIC_AUTH_TOKEN (settings.json)":await Xe();return process.stdout.write(`
|
|
34
|
-
`+Ze(` Authenticated
|
|
35
|
-
`)),process.stdout.write(N(" Tenant: ")+S(t.tenant)+`
|
|
36
|
-
`),process.stdout.write(N(" Client ID: ")+S(t.clientId)+`
|
|
37
|
-
`),process.stdout.write(N(" Client Secret: ")+n+`
|
|
38
|
-
`),process.stdout.write(N(" Storage: ")+r+`
|
|
39
|
-
|
|
40
|
-
`),0}tt.exports={runLogin:qn,runLogout:Yn,runStatus:Gn};});var rt=i("path"),{hasCredentials:Bn,getConfigPath:st,isTokenValid:Wn,getFlowCredentials:Ee}=D(),{runLogin:Kn}=nt(),{writeClaudeSettings:ot,addEnvToClaudeSettings:ct,validateConnectivity:Vn}=le(),{buildAnthropicAuthToken:it,parseCredsFromAnthropicToken:at}=ie(),{ENV:Y}=p();function jn(){let e=rt.resolve(__dirname,".."),n=(process.env.INIT_CWD?rt.resolve(process.env.INIT_CWD):null)===e;return !process.stdin.isTTY||n||process.env.CI==="true"||process.env.CI==="1"||process.env.npm_config_yes==="true"||process.env.DEBIAN_FRONTEND==="noninteractive"}async function Jn(){if(jn()){try{ot();}catch{}let n=await Ee();if(n){let r=at(process.env[Y.ANTHROPIC_AUTH_TOKEN]);if(!r||r.clientId!==n.clientId||r.clientSecret!==n.clientSecret||r.tenant!==n.tenant)try{let o=it(n);ct({[Y.ANTHROPIC_AUTH_TOKEN]:o});}catch{}}return}if(console.log(`
|
|
41
|
-
\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557`),console.log("\u2551 flow-ai-obs \u2014 setup wizard \u2551"),console.log(`\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
|
|
42
|
-
`),await Bn()&&await Wn()){console.log(` \u2713 Already authenticated. Config: ${await st()}`),console.log(" Run `flow-ai-obs auth status` to inspect."),console.log(" Run `flow-ai-obs auth login` to re-authenticate.\n");let n=await Ee(),r=at(process.env[Y.ANTHROPIC_AUTH_TOKEN]);if(n&&(!r||r.clientId!==n.clientId||r.clientSecret!==n.clientSecret||r.tenant!==n.tenant))try{let o=it(n);ct({[Y.ANTHROPIC_AUTH_TOKEN]:o}),console.log(` \u2713 ANTHROPIC_AUTH_TOKEN refreshed in settings.json
|
|
43
|
-
`);}catch(o){console.log(` \u26A0 Could not refresh ANTHROPIC_AUTH_TOKEN: ${o.message}
|
|
44
|
-
`);}}else {console.log(` Authenticate with your Flow credentials (clientId / clientSecret / tenant).
|
|
45
|
-
`),console.log(" Credentials will be stored in:"),console.log(` ${await st()}
|
|
46
|
-
`);let n=await Kn();n!==0&&(console.error("\n Setup aborted. Run `flow-ai-obs auth login` to retry.\n"),process.exit(n));}try{let n=ot();console.log(` \u2713 Claude settings updated at ${n}`);}catch(n){console.error(`
|
|
47
|
-
[warn] Could not update Claude settings: ${n.message}`);}console.log(`
|
|
48
|
-
Validating connectivity to Flow OTEL endpoint\u2026`);let e=await Ee();e||(console.error(`
|
|
49
|
-
[error] Could not read stored credentials.
|
|
50
|
-
`),process.exit(1));let t=await Vn(e);console.log(t?` \u2713 Connectivity validated \u2014 telemetry is active.
|
|
51
|
-
`:` \u26A0 Could not reach the OTEL endpoint. Telemetry will activate once connectivity is restored.
|
|
52
|
-
`),console.log(` [done] Setup complete!
|
|
53
|
-
`);}Jn().catch(e=>{console.error(`
|
|
54
|
-
[error] ${e.message}
|
|
55
|
-
`),process.exit(1);});
|
|
2
|
+
'use strict';var c=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,n)=>(typeof require<"u"?require:t)[n]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var _=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var p=_((nn,ee)=>{var O=process.env.FLOW_BASE_URL||"https://flow.ciandt.com",Z={AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${O}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${O}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${O}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${O}/otel`},Ue={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},Pe="FLOW-nodejs",Fe="config.json",ke={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"},be={ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL||`${O}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL||"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL||"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"},De={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:Z.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},Me={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP"},He={KEYCHAIN_ENABLED:false},qe={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},Ye={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},We={FILE_PREFIX:"flow-obs-buffer-",MAX_AGE_MS:5760*60*1e3,MAX_FILES:50},Ge="flow-ai-obs-debug.log",$e={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60},Be="flow-obs-";ee.exports={FLOW_BASE_URL:O,FLOW_URLS:Z,VAULT:Ue,CONFIG_DIR_NAME:Pe,CONFIG_FILE_NAME:Fe,OTLP:ke,LLM_PROXY:be,NATIVE_OTEL:De,ENV:Me,FEATURES:He,INSTALLER:qe,HOOK_TIMEOUTS:Ye,BUFFER:We,DEBUG_LOG_FILENAME:Ge,STATE_FILE_PREFIX:Be,TRACE_LIMITS:$e};});var re=_((rn,ne)=>{var g=c("fs"),h=c("path"),xe=c("os"),{CONFIG_DIR_NAME:F,CONFIG_FILE_NAME:k}=p(),b={credentials:"credentials","token-cache":"tokenCache"};function N(){let e=xe.homedir();if(process.platform==="darwin")return h.join(e,"Library","Preferences",F,k);if(process.platform==="win32"){let n=process.env.APPDATA||h.join(e,"AppData","Roaming");return h.join(n,F,k)}let t=process.env.XDG_CONFIG_HOME||h.join(e,".config");return h.join(t,F,k)}function D(){try{let e=g.readFileSync(N(),"utf8");return JSON.parse(e)}catch{return {}}}function te(e){let t=N();g.mkdirSync(h.dirname(t),{recursive:true}),g.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var v=class{static isAvailable(){return true}static hasExistingData(){try{if(!g.existsSync(N()))return !1;let t=JSON.parse(g.readFileSync(N(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,n){let r=D(),s=b[n]||n,o=r[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,n,r){let s=D(),o=b[n]||n;if(n==="token-cache")try{s[o]=JSON.parse(r);}catch{s[o]=r;}else s[o]=r;te(s);}async deleteSecret(t,n){let r=D(),s=b[n]||n;return s in r?(delete r[s],te(r),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${N()}`}};function Ke(){}var Ve=v;ne.exports={JsonFallbackProvider:v,ScryptFallbackProvider:Ve,_resetWarningState:Ke};});var oe=_((sn,se)=>{var{execFile:je}=c("child_process"),{promisify:Je}=c("util"),{accessSync:Xe,constants:ze}=c("fs"),M=Je(je),H=class{static async isAvailable(){try{return Xe("/usr/bin/security",ze.X_OK),!0}catch{return false}}async getSecret(t,n){try{let{stdout:r}=await M("security",["find-generic-password","-w","-a",n,"-s",t]);return r.trim()||null}catch{return null}}async setSecret(t,n,r){await M("security",["add-generic-password","-U","-a",n,"-s",t,"-w",r]);}async deleteSecret(t,n){try{return await M("security",["delete-generic-password","-a",n,"-s",t]),!0}catch{return false}}getStoragePath(){return "macOS Keychain"}};se.exports={MacOsKeyVaultProvider:H};});var ie=_((on,ae)=>{var{execFile:Qe,spawn:Ze}=c("child_process"),{promisify:et}=c("util"),{accessSync:tt,constants:nt}=c("fs"),ce=et(Qe),q=class{static async isAvailable(){let t=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let n of t)try{return tt(n,nt.X_OK),!0}catch{}return false}async getSecret(t,n){try{let{stdout:r}=await ce("secret-tool",["lookup","service",t,"account",n]);return r.trim()||null}catch{return null}}async setSecret(t,n,r){await new Promise((s,o)=>{let a=Ze("secret-tool",["store","--label",t,"service",t,"account",n]);a.on("error",o),a.on("close",S=>{S===0?s():o(new Error(`secret-tool exited with code ${S}`));}),a.stdin.write(r),a.stdin.end();});}async deleteSecret(t,n){try{return await ce("secret-tool",["clear","service",t,"account",n]),!0}catch{return false}}getStoragePath(){return "Linux Secret Service (libsecret)"}};ae.exports={LinuxKeyVaultProvider:q};});var ue=_((cn,le)=>{var Y=class{static async isAvailable(){try{return await c("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return false}}async getSecret(t,n){return c("keytar").getPassword(t,n)}async setSecret(t,n,r){await c("keytar").setPassword(t,n,r);}async deleteSecret(t,n){return c("keytar").deletePassword(t,n)}getStoragePath(){return "Windows Credential Manager"}};le.exports={WindowsKeyVaultProvider:Y};});var Te=_((an,_e)=>{async function Ee(){let{JsonFallbackProvider:e}=re();return await rt()??new e}async function rt(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=oe();return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=ie();return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=ue();return await e.isAvailable()?new e:null}default:return null}}var st=Ee;_e.exports={createSecretVaultProvider:Ee,createKeyVaultProvider:st};});var K=_((ln,de)=>{var{createSecretVaultProvider:ot}=Te(),{VAULT:G}=p(),A=G.SERVICE,$=G.ACCOUNT_CREDS,B=G.ACCOUNT_TOKEN,W=null;function L(){return W||(W=ot()),W}async function fe(){let t=await(await L()).getSecret(A,$);if(!t)return null;try{return JSON.parse(t)}catch{return null}}async function ct(e){if(!e.clientId||!e.clientSecret||!e.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await L()).setSecret(A,$,JSON.stringify(e));}async function at(){let e=await L();await e.deleteSecret(A,$),await e.deleteSecret(A,B);}async function it(e){await(await L()).setSecret(A,B,JSON.stringify({accessToken:e.accessToken,expiresAt:e.expiresAt}));}async function x(){let t=await(await L()).getSecret(A,B);if(!t)return null;try{let n=JSON.parse(t);return {accessToken:n.accessToken,expiresAt:n.expiresAt}}catch{return null}}async function lt(){let e=await x();return e?new Date(e.expiresAt)>new Date:false}async function ut(){let e=await x();if(!e||!e.accessToken)return null;try{let t=e.accessToken.split(".");if(t.length<2)return null;let n=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return n.email||n.preferred_username||n.upn||n.sub||null}catch{return null}}async function Et(){let e=await L();if(typeof e.getStoragePath=="function")return e.getStoragePath();let t=process.platform;return t==="darwin"?"macOS Keychain":t==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function _t(){let e=await fe();return !!(e&&e.clientId&&e.clientSecret&&e.tenant)}de.exports={getFlowCredentials:fe,saveFlowCredentials:ct,clearFlowCredentials:at,saveTokenCache:it,getTokenCache:x,isTokenValid:lt,getEmailFromToken:ut,getConfigPath:Et,hasCredentials:_t};});var V=_((un,Se)=>{var Tt=c("https"),ft=c("http"),{FLOW_URLS:dt}=p(),pt=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function St(e){if(!pt.test(e))throw new Error(`Invalid tenant value: "${e}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var pe={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function Ot(e,t){try{let n=JSON.parse(t);if(typeof n.error=="string"&&pe[n.error])return new Error(pe[n.error])}catch{}return e===401||e===403||e===500?new Error("Invalid credentials"):e>=400&&e<500?new Error("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function ht(e){return new Promise((t,n)=>{try{St(e.tenant);}catch(l){return n(l)}let r=JSON.stringify({clientSecret:e.clientSecret}),s=new URL(dt.AUTH_ENGINE),o=s.protocol==="https:",a={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(r),FlowTenant:e.tenant}},f=(o?Tt:ft).request(a,l=>{let u=[];l.on("data",E=>u.push(E)),l.on("end",()=>{let E=u.join("");if(l.statusCode>=400)return n(Ot(l.statusCode,E));let d;try{d=JSON.parse(E);}catch{return n(new Error("Invalid response from auth engine"))}let w=d.expires_at??new Date(Date.now()+(d.expires_in??3600)*1e3).toISOString();t({accessToken:d.access_token,expiresAt:w});});});f.on("error",l=>n(new Error(`Network error: ${l.message}`))),f.write(r),f.end();})}Se.exports={getToken:ht};});var ye=_((En,Le)=>{var i=c("fs"),C=c("path"),Oe=c("os"),{FLOW_URLS:At,INSTALLER:R,HOOK_TIMEOUTS:m,NATIVE_OTEL:Lt,LLM_PROXY:yt}=p(),{getToken:wt}=V();function J(){return process.platform==="win32"?C.join(process.env.APPDATA||C.join(Oe.homedir(),"AppData","Roaming"),"Claude","settings.json"):C.join(Oe.homedir(),".claude","settings.json")}var Nt=R.LOCK_STALE_MS;function he(e){try{let t=i.statSync(e);Date.now()-t.mtimeMs>Nt&&i.unlinkSync(e);}catch{}try{i.writeFileSync(e,String(process.pid),{flag:"wx"});}catch(t){throw t.code==="EEXIST"?new Error("Another install is already in progress. If this is stale, remove: "+e):t}}function Ae(e){try{i.unlinkSync(e);}catch{}}function gt(){let e=J(),t=e+".lock";i.mkdirSync(C.dirname(e),{recursive:true}),he(t);try{if(i.existsSync(e)){i.copyFileSync(e,e+".bkp");try{i.chmodSync(e+".bkp",384);}catch{}}let n={};try{n=JSON.parse(i.readFileSync(e,"utf8"));}catch{}(!n.env||typeof n.env!="object")&&(n.env={}),Object.assign(n.env,Lt),Object.assign(n.env,yt),n.otelHeadersHelper="flow-ai-obs otel-headers",(!n.hooks||typeof n.hooks!="object")&&(n.hooks={});let r=(s,o)=>({matcher:"",hooks:[{type:"command",command:`flow-ai-obs ${s}`,timeout:o}]});n.hooks.UserPromptSubmit=[r("UserPromptSubmit",m.UserPromptSubmit)],n.hooks.PreToolUse=[r("PreToolUse",m.PreToolUse)],n.hooks.PostToolUse=[r("PostToolUse",m.PostToolUse)],n.hooks.Stop=[r("Stop",m.Stop)],i.writeFileSync(e,JSON.stringify(n,null,2)+`
|
|
3
|
+
`,{encoding:"utf8",mode:384});try{i.chmodSync(e,384);}catch{}}finally{Ae(t);}return e}async function Rt(e){let t;try{t=(await wt(e)).accessToken;}catch{return false}return t?new Promise(n=>{j(`Bearer ${t}`,n,1);}):false}function j(e,t,n){let r=new URL(At.GATEWAY_TRACES),s=JSON.stringify({resourceSpans:[],validation_run:true}),o=r.protocol==="https:",a={hostname:r.hostname,port:r.port||(o?443:80),path:r.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:e,"Content-Length":Buffer.byteLength(s)}},f=(o?c("https"):c("http")).request(a,l=>{l.resume(),l.statusCode===200||l.statusCode===204?t(true):n<R.CONNECTIVITY_MAX_RETRY?setTimeout(()=>j(e,t,n+1),R.CONNECTIVITY_RETRY_MS):t(false);});f.on("error",()=>{n<R.CONNECTIVITY_MAX_RETRY?setTimeout(()=>j(e,t,n+1),R.CONNECTIVITY_RETRY_MS):t(false);}),f.write(s),f.end();}function Ct(e){let t=J(),n=t+".lock";i.mkdirSync(C.dirname(t),{recursive:true}),he(n);try{let r={};try{r=JSON.parse(i.readFileSync(t,"utf8"));}catch{}(!r.env||typeof r.env!="object")&&(r.env={}),Object.assign(r.env,e),i.writeFileSync(t,JSON.stringify(r,null,2)+`
|
|
4
|
+
`,{encoding:"utf8",mode:384});try{i.chmodSync(t,384);}catch{}}finally{Ae(n);}}Le.exports={getClaudeSettingsPath:J,writeClaudeSettings:gt,addEnvToClaudeSettings:Ct,validateConnectivity:Rt};});var ge=_((_n,Ne)=>{var{writeFileSync:It}=c("fs"),{tmpdir:vt}=c("os"),{join:mt}=c("path"),{DEBUG_LOG_FILENAME:Ut,ENV:Pt}=p(),we=mt(vt(),Ut);function Ft(...e){if(process.env[Pt.FLOW_OBS_DEBUG]!=="1")return;let t=`[${new Date().toISOString()}] ${e.join(" ")}
|
|
5
|
+
`;try{It(we,t,{flag:"a"});}catch(n){process.stderr.write(`[flow-obs debug ERROR] ${n.message}
|
|
6
|
+
`);}}Ne.exports={dbg:Ft,DEBUG_LOG:we};});var Ie=_((Tn,Ce)=>{var{getFlowCredentials:X,isTokenValid:kt,getEmailFromToken:I,getTokenCache:bt,saveTokenCache:Dt}=K(),{getToken:Mt}=V(),{FLOW_BASE_URL:Ht,ENV:T,FEATURES:z}=p(),{dbg:y}=ge(),qt=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];function Yt(e){return qt.some(t=>t.test(e))}function U(e){if(!e)return null;try{let t=e.split(".");if(t.length<2)return null;let n=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:r,clientSecret:s,tenant:o}=n;return !r||!s||!o?null:{clientId:r,clientSecret:s,tenant:o}}catch{return null}}function Wt(e){let t=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),n=Buffer.from(JSON.stringify({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant})).toString("base64url");return `${t}.${n}.`}function Q(e){let t;try{t=new URL(e);}catch{throw new Error(`Invalid URL: ${e}`)}if(!(process.env[T.FLOW_OBS_ALLOW_HTTP]==="true")&&t.protocol!=="https:")throw new Error(`URL must use HTTPS: ${e}`);if(t.username||t.password)throw new Error(`URL must not contain embedded credentials: ${e}`);if(Yt(t.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${t.hostname}`);return e}async function Gt(){let e=U(process.env[T.ANTHROPIC_AUTH_TOKEN]);if(e)return {user:await I().catch(()=>null)||e.clientId,tenant:e.tenant};if(z.KEYCHAIN_ENABLED)try{let t=await X();if(!t)return {user:"",tenant:""};let n=await I()||t.clientId||"",r=t.tenant||"";return {user:n,tenant:r}}catch{return {user:"",tenant:""}}return {user:"",tenant:""}}async function $t(e){if(await kt())return (await bt()).accessToken;y("getOrRefreshToken","token expired \u2014 refreshing via auth-engine");let t=await Mt(e);return await Dt(t),y("getOrRefreshToken",`token refreshed, expires=${t.expiresAt}`),t.accessToken}function Bt(e,t){let n=t&&t.accessToken?t.accessToken:"";return {endpoint:e.replace(/\/$/,"")+"/langfuse/traces",authHeader:`Bearer ${n}`}}function xt(e,t,n){let r=Buffer.from(`${t}:${n}`).toString("base64");return {endpoint:e.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${r}`}}async function Re(){let e=[],t=process.env[T.ANTHROPIC_MODEL]||"",n=process.env[T.FLOW_TELEMETRY]==="true",r=process.env[T.LANGFUSE_BASE_URL],s=process.env[T.LANGFUSE_PUBLIC_KEY],o=process.env[T.LANGFUSE_SECRET_KEY];if(n&&r&&s&&o){let u="",E="",d=U(process.env[T.ANTHROPIC_AUTH_TOKEN]);if(d)u=await I().catch(()=>null)||d.clientId,E=d.tenant;else if(z.KEYCHAIN_ENABLED)try{let P=await X();P&&(u=await I()||P.clientId,E=P.tenant);}catch{}let w={user:u||"",tenant:E||"",team:"",project:"",model:t};e.push({mode:"direct",...xt(Q(r),s,o),...w}),y("resolveCredentials","direct mode active",`user=${w.user}`,`tenant=${w.tenant}`);}let a=U(process.env[T.ANTHROPIC_AUTH_TOKEN]);if(y("resolveCredentials",a?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),!a&&z.KEYCHAIN_ENABLED&&(a=await X(),a&&y("resolveCredentials","credentials resolved from keychain (FEATURES.KEYCHAIN_ENABLED=true)")),!a){if(e.length===0){let u=[];return u.authError=false,u}return e}let S;try{S=await $t(a);}catch(u){if(y("resolveCredentials",`token refresh failed: ${u.message}`),e.length>0)return e;let E=[];return E.authError=true,E}let f={user:await I()||a.clientId,tenant:a.tenant,team:"",project:"",model:t},l=process.env[T.FLOW_TELEMETRY_GATEWAY]||Ht;return e.push({mode:"gateway",...Bt(Q(l),{accessToken:S}),...f}),e}async function Kt(){return (await Re()).length>0}Ce.exports={credentialsAvailable:Kt,getIdentityFromToken:Gt,resolveCredentials:Re,validateUrl:Q,parseCredsFromAnthropicToken:U,buildAnthropicAuthToken:Wt};});var me=c("path"),{getFlowCredentials:Vt}=K(),{writeClaudeSettings:jt,addEnvToClaudeSettings:Jt}=ye(),{buildAnthropicAuthToken:Xt,parseCredsFromAnthropicToken:zt}=Ie(),{ENV:ve}=p(),Qt=me.resolve(__dirname,".."),Zt=process.env.INIT_CWD?me.resolve(process.env.INIT_CWD):null;Zt===Qt&&process.exit(0);async function en(){try{jt();}catch{}let e=await Vt();if(!e){process.stderr.write(`
|
|
7
|
+
[flow-ai-obs] No credentials found.
|
|
8
|
+
Run \`flow-ai-obs auth login\` to authenticate and enable telemetry.
|
|
9
|
+
|
|
10
|
+
`);return}let t=zt(process.env[ve.ANTHROPIC_AUTH_TOKEN]);if(!t||t.clientId!==e.clientId||t.clientSecret!==e.clientSecret||t.tenant!==e.tenant)try{let r=Xt(e);Jt({[ve.ANTHROPIC_AUTH_TOKEN]:r});}catch{}}en().catch(()=>{});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ciandt-flow/flow-ai-obs",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.1-beta.67",
|
|
4
4
|
"description": "Claude Code hooks for Langfuse OTLP tracing — cross-platform",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -63,4 +63,4 @@
|
|
|
63
63
|
"type": "git",
|
|
64
64
|
"url": "git+https://github.com/CI-T-HyperX/flow-codeassistant-observability.git"
|
|
65
65
|
}
|
|
66
|
-
}
|
|
66
|
+
}
|