@ciandt-flow/flow-ai-obs 0.7.1-beta.475 → 0.7.1-beta.518

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -47,6 +47,8 @@ That's it. Every Claude Code session with Skills or Agents now generates traces
47
47
  npm install -g @ciandt-flow/flow-ai-obs
48
48
  ```
49
49
 
50
+ > **Do not use `sudo`.** `flow-ai-obs` is not supported in a sudo context.
51
+
50
52
  The `postinstall` script runs automatically and guides you through authentication and hook registration.
51
53
 
52
54
  ### npx (no install)
package/dist/cli.js CHANGED
@@ -1,190 +1,193 @@
1
1
  #!/usr/bin/env node
2
- 'use strict';var _e=require('readline/promises'),is=require('https'),T=require('fs'),tt=require('os'),At=require('path'),child_process=require('child_process'),As=require('http'),util=require('util'),crypto=require('crypto');function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var _e__namespace=/*#__PURE__*/_interopNamespace(_e);var is__namespace=/*#__PURE__*/_interopNamespace(is);var T__namespace=/*#__PURE__*/_interopNamespace(T);var tt__namespace=/*#__PURE__*/_interopNamespace(tt);var At__namespace=/*#__PURE__*/_interopNamespace(At);var As__namespace=/*#__PURE__*/_interopNamespace(As);var Te=Object.defineProperty;var Qn=Object.getOwnPropertyDescriptor;var ts=Object.getOwnPropertyNames;var es=Object.prototype.hasOwnProperty;var $t=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var m=(t,e,r)=>()=>{if(r)throw r[0];try{return t&&(e=t(t=0)),e}catch(n){throw r=[n],n}};var rs=(t,e)=>()=>{try{return e||t((e={exports:{}}).exports,e),e.exports}catch(r){throw e=0,r}},M=(t,e)=>{for(var r in e)Te(t,r,{get:e[r],enumerable:true});},ns=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of ts(e))!es.call(t,s)&&s!==r&&Te(t,s,{get:()=>e[s],enumerable:!(n=Qn(e,s))||n.enumerable});return t};var L=t=>ns(Te({},"__esModule",{value:true}),t);var re=rs((Jo,ss)=>{ss.exports={name:"@ciandt-flow/flow-ai-obs",version:"0.7.1-beta.475",description:"Claude Code hooks for Langfuse OTLP tracing \u2014 cross-platform",main:"dist/index.js",bin:{"flow-ai-obs":"dist/cli.js","flow-ai-obs-setup":"dist/setup.js"},scripts:{build:"tsup",test:"jest",typecheck:"tsc --noEmit",lint:"eslint src bin scripts",format:'prettier --write "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"format:check":'prettier --check "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"security-scan":"trufflehog filesystem src/ --fail --no-update --exclude-paths .trufflehogignore",postinstall:`node -e "require('fs').existsSync('dist/setup.js') && require('child_process').execFileSync(process.execPath, ['dist/setup.js'], {stdio:'inherit'})"`,prepublishOnly:"npm run security-scan && npm run build","release:npm":"changeset publish",changeset:"changeset","version-packages":"changeset version","install:hooks":"node dist/cli.js install","auth:login":"node dist/cli.js auth login","auth:logout":"node dist/cli.js auth logout","auth:status":"node dist/cli.js auth status",smoke:"bash scripts/smoke-test.sh","smoke:debug":"bash scripts/smoke-test.sh --debug","smoke:send":"bash scripts/smoke-test.sh --send --allow-http --debug"},files:["dist/","README.md","LICENSE.md"],keywords:["claude-code","langfuse","observability","otlp","hooks","flow","ciandt"],author:"CI&T Flow Team",license:"SEE LICENSE IN LICENSE.md",private:!1,dependencies:{},optionalDependencies:{keytar:"7.9.0"},devDependencies:{"@changesets/changelog-github":"^0.6.0","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^25.8.0",jest:"^30.4.2","ts-jest":"^29.4.9",tsup:"^8.5.1","eslint-config-prettier":"^10.1.5",prettier:"^3.5.3",typescript:"^6.0.3","typescript-eslint":"^8.33.0"},engines:{node:">=18.0.0"},overrides:{esbuild:"^0.28.1"},publishConfig:{registry:"https://registry.npmjs.org",access:"public"},repository:{type:"git",url:"git+https://github.com/CI-T-HyperX/flow-codeassistant-observability.git"}};});var ye={};M(ye,{bold:()=>j,cyan:()=>H,dim:()=>w,green:()=>I,red:()=>B,yellow:()=>_});function ft(t,e){return os?r=>`\x1B[${t}m${r}\x1B[${e}m`:r=>r}var os,I,B,_,H,j,w,mt=m(()=>{"use strict";os=!process.env.NO_COLOR&&process.stdout.isTTY;I=ft("32","39"),B=ft("31","39"),_=ft("33","39"),H=ft("36","39"),j=ft("1","22"),w=ft("2","22");});function gt(){return process.stdout.isTTY===true&&process.stdin.isTTY===true&&!process.argv.includes("--no-interactive")}async function Ae(t,e){let r=_e__namespace.createInterface({input:process.stdin,output:process.stdout}),s=`${t} ${e===true?"(Y/n)":e===false?"(y/N)":"(y/n)"}: `;for(let o=1;o<=3;o++)try{let i=(await r.question(s)).trim().toLowerCase();if(i===""&&e!==void 0)return r.close(),e;if(i==="y"||i==="yes")return r.close(),!0;if(i==="n"||i==="no")return r.close(),!1;o<3&&process.stdout.write(` Invalid input. Please answer "y" or "n".
3
- `);}catch(i){throw r.close(),i}if(r.close(),e!==void 0)return e;throw new Error("Too many invalid attempts for yes/no prompt")}async function lr(t,e){let r=_e__namespace.createInterface({input:process.stdin,output:process.stdout});try{let n=(await r.question(`${t}: `)).trim();if(e);return n}catch(n){throw n}finally{r.close();}}var ke=m(()=>{"use strict";});var ht={};M(ht,{checkForUpdate:()=>fs,checkForUpdateInteractive:()=>ms,isNewer:()=>xt,primeUpdateCache:()=>gs});function U(){return Oe||(Oe=re()),Oe}function xt(t,e){let r=o=>{let i=String(o).replace(/^v/,"").match(/^(\d+)\.(\d+)\.(\d+)/);return i?[+i[1],+i[2],+i[3]]:null},n=r(t),s=r(e);return !n||!s?false:s[0]!==n[0]?s[0]>n[0]:s[1]!==n[1]?s[1]>n[1]:s[2]>n[2]}function Ie(){try{let t=JSON.parse(T__namespace.default.readFileSync(pr,"utf8"));return typeof t.latestVersion!="string"||Date.now()-t.checkedAt>=ls?null:t}catch{return null}}function fr(t,e,r=Date.now()){try{T__namespace.default.writeFileSync(pr,JSON.stringify({latestVersion:t,updatePriority:e??null,checkedAt:r}),{mode:384});}catch{}}function mr(t){let e=U().name,r=is__namespace.default.get(`https://registry.npmjs.org/${encodeURIComponent(e)}/latest`,{timeout:us},n=>{if(n.statusCode!==200)return n.resume(),t(new Error(`HTTP ${n.statusCode}`));let s="";n.setEncoding("utf8"),n.on("data",o=>{s+=o;}),n.on("end",()=>{try{let o=JSON.parse(s);if(typeof o.version!="string")throw new Error("no version field");t(null,{version:o.version,updatePriority:typeof o.updatePriority=="string"?o.updatePriority:null});}catch(o){t(o);}});});r.on("error",t),r.on("timeout",()=>{r.destroy(new Error("timeout"));});}function ve(t){let e=U().name,n=` Update available: ${U().version} \u2192 ${t}`,s=` Run: npm install -g ${e}`,o=Math.max(n.length,s.length)+2,i="\u2500".repeat(o);process.stderr.write(`
2
+ 'use strict';var Oe=require('readline/promises'),us=require('https'),y=require('fs'),rt=require('os'),Ot=require('path'),child_process=require('child_process'),vs=require('http'),util=require('util'),crypto=require('crypto');function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var Oe__namespace=/*#__PURE__*/_interopNamespace(Oe);var us__namespace=/*#__PURE__*/_interopNamespace(us);var y__namespace=/*#__PURE__*/_interopNamespace(y);var rt__namespace=/*#__PURE__*/_interopNamespace(rt);var Ot__namespace=/*#__PURE__*/_interopNamespace(Ot);var vs__namespace=/*#__PURE__*/_interopNamespace(vs);var Ae=Object.defineProperty;var ns=Object.getOwnPropertyDescriptor;var ss=Object.getOwnPropertyNames;var os=Object.prototype.hasOwnProperty;var Dt=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var f=(t,e,r)=>()=>{if(r)throw r[0];try{return t&&(e=t(t=0)),e}catch(n){throw r=[n],n}};var is=(t,e)=>()=>{try{return e||t((e={exports:{}}).exports,e),e.exports}catch(r){throw e=0,r}},H=(t,e)=>{for(var r in e)Ae(t,r,{get:e[r],enumerable:true});},as=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of ss(e))!os.call(t,s)&&s!==r&&Ae(t,s,{get:()=>e[s],enumerable:!(n=ns(e,s))||n.enumerable});return t};var L=t=>as(Ae({},"__esModule",{value:true}),t);var se=is((Zo,cs)=>{cs.exports={name:"@ciandt-flow/flow-ai-obs",version:"0.7.1-beta.518",description:"Claude Code hooks for Langfuse OTLP tracing \u2014 cross-platform",main:"dist/index.js",bin:{"flow-ai-obs":"dist/cli.js","flow-ai-obs-setup":"dist/setup.js"},scripts:{build:"tsup",test:"jest",typecheck:"tsc --noEmit",lint:"eslint src bin scripts",format:'prettier --write "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"format:check":'prettier --check "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"security-scan":"trufflehog filesystem src/ --fail --no-update --exclude-paths .trufflehogignore",postinstall:`node -e "require('fs').existsSync('dist/setup.js') && require('child_process').execFileSync(process.execPath, ['dist/setup.js'], {stdio:'inherit'})"`,prepublishOnly:"npm run security-scan && npm run build","release:npm":"changeset publish",changeset:"changeset","version-packages":"changeset version","install:hooks":"node dist/cli.js install","auth:login":"node dist/cli.js auth login","auth:logout":"node dist/cli.js auth logout","auth:status":"node dist/cli.js auth status",smoke:"bash scripts/smoke-test.sh","smoke:debug":"bash scripts/smoke-test.sh --debug","smoke:send":"bash scripts/smoke-test.sh --send --allow-http --debug"},files:["dist/","README.md","LICENSE.md"],keywords:["claude-code","langfuse","observability","otlp","hooks","flow","ciandt"],author:"CI&T Flow Team",license:"SEE LICENSE IN LICENSE.md",private:!1,dependencies:{},optionalDependencies:{keytar:"7.9.0"},devDependencies:{"@changesets/changelog-github":"^0.6.0","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^25.8.0",jest:"^30.4.2","ts-jest":"^29.4.9",tsup:"^8.5.1","eslint-config-prettier":"^10.1.5",prettier:"^3.5.3",typescript:"^6.0.3","typescript-eslint":"^8.33.0"},engines:{node:">=18.0.0"},overrides:{esbuild:"^0.28.1"},publishConfig:{registry:"https://registry.npmjs.org",access:"public"},repository:{type:"git",url:"git+https://github.com/CI-T-HyperX/flow-codeassistant-observability.git"}};});var ke={};H(ke,{bold:()=>j,cyan:()=>R,dim:()=>S,green:()=>I,red:()=>b,yellow:()=>k});function gt(t,e){return ls?r=>`\x1B[${t}m${r}\x1B[${e}m`:r=>r}var ls,I,b,k,R,j,S,tt=f(()=>{"use strict";ls=!process.env.NO_COLOR&&process.stdout.isTTY;I=gt("32","39"),b=gt("31","39"),k=gt("33","39"),R=gt("36","39"),j=gt("1","22"),S=gt("2","22");});function ht(){return process.stdout.isTTY===true&&process.stdin.isTTY===true&&!process.argv.includes("--no-interactive")}async function ve(t,e){let r=Oe__namespace.createInterface({input:process.stdin,output:process.stdout}),s=`${t} ${e===true?"(Y/n)":e===false?"(y/N)":"(y/n)"}: `;for(let o=1;o<=3;o++)try{let i=(await r.question(s)).trim().toLowerCase();if(i===""&&e!==void 0)return r.close(),e;if(i==="y"||i==="yes")return r.close(),!0;if(i==="n"||i==="no")return r.close(),!1;o<3&&process.stdout.write(` Invalid input. Please answer "y" or "n".
3
+ `);}catch(i){throw r.close(),i}if(r.close(),e!==void 0)return e;throw new Error("Too many invalid attempts for yes/no prompt")}async function mr(t,e){let r=Oe__namespace.createInterface({input:process.stdin,output:process.stdout});try{let n=(await r.question(`${t}: `)).trim();if(e);return n}catch(n){throw n}finally{r.close();}}var Le=f(()=>{"use strict";});var Et={};H(Et,{checkForUpdate:()=>ws,checkForUpdateInteractive:()=>Es,fetchLatestVersionAsync:()=>Er,isNewer:()=>wt,primeUpdateCache:()=>Ss});function P(){return Ie||(Ie=se()),Ie}function wt(t,e){let r=o=>{let i=String(o).replace(/^v/,"").match(/^(\d+)\.(\d+)\.(\d+)/);return i?[+i[1],+i[2],+i[3]]:null},n=r(t),s=r(e);return !n||!s?false:s[0]!==n[0]?s[0]>n[0]:s[1]!==n[1]?s[1]>n[1]:s[2]>n[2]}function Pe(){try{let t=JSON.parse(y__namespace.default.readFileSync(wr,"utf8"));return typeof t.latestVersion!="string"||Date.now()-t.checkedAt>=fs?null:t}catch{return null}}function Ne(t,e,r=Date.now()){try{y__namespace.default.writeFileSync(wr,JSON.stringify({latestVersion:t,updatePriority:e??null,checkedAt:r}),{mode:384});}catch{}}function Ce(t){let e=P().name,r=us__namespace.default.get(`https://registry.npmjs.org/${encodeURIComponent(e)}/latest`,{timeout:ms},n=>{if(n.statusCode!==200)return n.resume(),t(new Error(`HTTP ${n.statusCode}`));let s="";n.setEncoding("utf8"),n.on("data",o=>{s+=o;}),n.on("end",()=>{try{let o=JSON.parse(s);if(typeof o.version!="string")throw new Error("no version field");t(null,{version:o.version,updatePriority:typeof o.updatePriority=="string"?o.updatePriority:null});}catch(o){t(o);}});});r.on("error",t),r.on("timeout",()=>{r.destroy(new Error("timeout"));});}function be(t){let e=P().name,n=` Update available: ${P().version} \u2192 ${t}`,s=` Run: npm install -g ${e}`,o=Math.max(n.length,s.length)+2,i="\u2500".repeat(o);process.stderr.write(`
4
4
  \u256D${i}\u256E
5
5
  \u2502${n.padEnd(o)}\u2502
6
6
  \u2502${s.padEnd(o)}\u2502
7
7
  \u2570${i}\u256F
8
8
 
9
- `);}function Le(t){let e=U().name;process.stderr.write(`
9
+ `);}function Re(t){let e=P().name;process.stderr.write(`
10
10
  [${e}] Critical update detected \u2014 auto-updating to ${t}...
11
11
 
12
- `),child_process.spawn("npm",["install","-g",`${e}@${t}`],{detached:true,stdio:"ignore",windowsHide:true}).unref();}async function ds(t,e=1e4){let r=$t("readline"),n=U().name,s=U().version;return process.stderr.write(`
13
- Update available: ${s} \u2192 ${t}
14
- Run: npm install -g ${n}@${t}
15
- Install now? [y/N]: `),new Promise(o=>{let i=r.createInterface({input:process.stdin,output:void 0,terminal:false}),a=false;function c(d){a||(a=true,clearTimeout(l),i.close(),process.stderr.write(`
16
- `),o(d));}let l=setTimeout(()=>c(false),e);i.once("line",d=>c(d.trim().toLowerCase()==="y")),i.once("close",()=>c(false));})}async function ps(t){let e=U().name;return process.stderr.write(` Installing ${e}@${t}...
12
+ `),child_process.spawn("npm",["install","-g",`${e}@${t}`],{detached:true,stdio:"ignore",windowsHide:true}).unref();}async function gs(t,e=1e4){let r=Dt("readline"),n=P().name,o=` Update available: ${P().version} \u2192 ${t}`,i=` Run: npm install -g ${n}`,a=" Install now? [y/N]: ",c=Math.max(o.length,i.length,a.length-2)+2,l="\u2500".repeat(c);return process.stderr.write(`
13
+ \u256D${l}\u256E
14
+ \u2502${o.padEnd(c)}\u2502
15
+ \u2502${i.padEnd(c)}\u2502
16
+ \u2502${a.padEnd(c)}\u2502
17
+ \u2570${l}\u256F
18
+ `),new Promise(p=>{let T=r.createInterface({input:process.stdin,output:void 0,terminal:false}),g=false;function E(_){g||(g=true,clearTimeout(O),T.close(),process.stderr.write(`
19
+ `),p(_));}let O=setTimeout(()=>E(false),e);T.once("line",_=>E(_.trim().toLowerCase()==="y")),T.once("close",()=>E(false));})}async function hs(t){let e=P().name;return process.stderr.write(` Installing ${e}@${t}...
17
20
  `),new Promise(r=>{let n=child_process.spawn("npm",["install","-g",`${e}@${t}`],{stdio:"inherit"});n.on("close",s=>{s!==0?process.stderr.write(` \u2717 Update failed \u2014 continuing with current version.
18
21
 
19
22
  `):process.stderr.write(` \u2713 Updated to ${t}. Please restart the command.
20
23
 
21
24
  `),r();}),n.on("error",()=>{process.stderr.write(` \u2717 Update failed \u2014 continuing with current version.
22
25
 
23
- `),r();});})}function fs(){try{let t=Ie();if(t){xt(U().version,t.latestVersion)&&(t.updatePriority==="auto"?Le(t.latestVersion):ve(t.latestVersion));return}setImmediate(()=>{mr((e,r)=>{e||!r||(fr(r.version,r.updatePriority),xt(U().version,r.version)&&(r.updatePriority==="auto"?Le(r.version):ve(r.version)));});});}catch{}}async function ms(t={}){try{let e=Ie();if(!e||!xt(U().version,e.latestVersion))return;if(e.updatePriority==="auto"){Le(e.latestVersion);return}if(!gt()){ve(e.latestVersion);return}await ds(e.latestVersion,t.timeoutMs)&&await ps(e.latestVersion);}catch{}}function gs(){try{if(Ie())return;setImmediate(()=>{mr((t,e)=>{t||!e||xt(U().version,e.version)&&fr(e.version,e.updatePriority,0);});});}catch{}}var Oe,pr,ls,us,wt=m(()=>{"use strict";ke();pr=At__namespace.default.join(tt__namespace.default.tmpdir(),"flow-obs-update-cache.json"),ls=1440*60*1e3,us=3e3;});function gr(){if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let e=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(e)return {home:e,username:process.env.SUDO_USER}}return {home:tt__namespace.homedir(),username:process.env.SUDO_USER||process.env.USER||tt__namespace.userInfo().username}}function G(){if(process.env.WSL_DISTRO_NAME&&process.platform==="linux"){let t=process.env.USERPROFILE;if(!t){let r=child_process.spawnSync("cmd.exe",["/c","echo","%USERPROFILE%"],{encoding:"utf8",timeout:5e3}).stdout?.trim();r&&/^[A-Za-z]:\\/.test(r)&&(t=r);}if(t){let e=t.replace(/^([A-Za-z]):/,(r,n)=>`/mnt/${n.toLowerCase()}`).replace(/\\/g,"/");return At__namespace.join(e,".claude","settings.json")}return At__namespace.join(tt__namespace.homedir(),".claude","settings.json")}if(process.platform==="win32"){let t=process.env.USERPROFILE||tt__namespace.homedir();return At__namespace.join(t,".claude","settings.json")}if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let e=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(e)return At__namespace.join(e,".claude","settings.json")}return At__namespace.join(tt__namespace.homedir(),".claude","settings.json")}function hr(){return process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER?`Running as root via sudo is not recommended.
24
- Configure npm to install globals without sudo:
25
- npm config set prefix '~/.npm-global'
26
- export PATH=~/.npm-global/bin:$PATH`:null}var ne=m(()=>{"use strict";});function Tr(){if(process.platform==="win32"){let r=process.env.APPDATA||At__namespace.join(tt__namespace.homedir(),"AppData","Roaming");return At__namespace.join(r,wr,Er)}let t=gr(),e=process.env.XDG_CONFIG_HOME||At__namespace.join(t.home,".config");return At__namespace.join(e,wr,Er)}function yr(){try{let t=T__namespace.readFileSync(Tr(),"utf8");return JSON.parse(t)}catch{return {}}}function rt(){let{baseUrl:t}=yr();return typeof t!="string"||t.trim()===""?null:t.trim().replace(/\/$/,"")}function _r(t){let e=Tr();T__namespace.mkdirSync(At__namespace.dirname(e),{recursive:true});let n={...yr(),baseUrl:t};T__namespace.writeFileSync(e,JSON.stringify(n,null,2)+`
27
- `,{encoding:"utf8",mode:384});}var wr,Er,Re=m(()=>{"use strict";ne();wr="flow-ai-obs",Er="config.json";});function nt(){return rt()??process.env.FLOW_BASE_URL??hs}function st(){let t=nt();return {AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${t}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${t}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${t}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${t}/otel`}}function Dt(){let t=nt();return {ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL??`${t}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL??"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL??"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"}}function Ne(){let t=nt();return {API_URL:process.env.FLOW_METRICS_URL||`${t}/metrics-collector-api/log-event`,BOOSTER:"flow-ai-obs"}}var hs,ws,se,oe,ie,Pe,ot,f,ae,Tt,Ar,F,kr,V,A=m(()=>{"use strict";Re();hs="https://flow.ciandt.com";ws=st(),se={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},oe="FLOW-nodejs",ie="config.json",Pe={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"};ot={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:ws.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},f={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP",BUFFER_TTL_DAYS:"FLOW_TELEMETRY_BUFFER_TTL_DAYS",BUFFER_MAX_FILES:"FLOW_TELEMETRY_BUFFER_MAX_FILES"},ae={KEYCHAIN_ENABLED:!1},Tt={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},Ar={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},F={FILE_PREFIX:"flow-obs-buffer-",DEFAULT_TTL_DAYS:4,MIN_TTL_DAYS:1,MAX_TTL_DAYS:30,DEFAULT_MAX_FILES:50,MIN_MAX_FILES:1,MAX_MAX_FILES:500,REPLAY_BATCH_SIZE:10},kr="flow-ai-obs-debug.log",V={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60};});function u(...t){if(process.env[f.FLOW_OBS_DEBUG]!=="1")return;let e=`[${new Date().toISOString()}] ${t.join(" ")}
28
- `;try{T.writeFileSync(ys,e,{flag:"a"});}catch(r){process.stderr.write(`[flow-obs debug ERROR] ${r.message}
29
- `);}}var ys,$=m(()=>{"use strict";A();ys=At.join(tt.tmpdir(),kr);});function Os(t){if(!ks.test(t))throw new Error(`Invalid tenant value: "${t}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}function vs(t,e){let r=e.length>400?e.slice(0,400)+"\u2026":e;u("toAuthError",`status=${t} body=${r}`);try{let n=JSON.parse(e);if(typeof n.error=="string"&&(u("toAuthError",`api_error_code=${n.error}`+(n.message?` api_message=${n.message}`:"")),Or[n.error]))return new it(Or[n.error])}catch{}return t===401||t===403||t===500?new it("Invalid credentials"):t>=400&&t<500?new it("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function x(t){return new Promise((e,r)=>{try{Os(t.tenant);}catch(l){return r(l)}let n=JSON.stringify({clientSecret:t.clientSecret}),s=new URL(st().AUTH_ENGINE),o=s.protocol==="https:",i={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(n),FlowTenant:t.tenant}};u("getToken",`requesting token tenant=${t.tenant} host=${i.hostname} path=${i.path}`);let c=(o?is__namespace.default:As__namespace.default).request(i,l=>{let d=[];l.on("data",y=>d.push(y)),l.on("end",()=>{let y=d.join("");if((l.statusCode??0)>=400)return r(vs(l.statusCode??0,y));let E;try{E=JSON.parse(y);}catch{return r(new Error("Invalid response from auth engine"))}let S=E.expires_at??new Date(Date.now()+(E.expires_in??3600)*1e3).toISOString();e({accessToken:E.access_token??"",expiresAt:S});});});c.on("error",l=>r(new Error(`Network error: ${l.message}`))),c.write(n),c.end();})}var it,ks,Or,yt=m(()=>{"use strict";A();$();it=class extends Error{constructor(e){super(e),this.name="AuthError";}},ks=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;Or={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};});function vr(t){try{let e=T__namespace.statSync(t);Date.now()-e.mtimeMs>bs&&T__namespace.unlinkSync(t);}catch{}try{T__namespace.writeFileSync(t,String(process.pid),{flag:"wx"});}catch(e){throw e.code==="EEXIST"?new Error("Another install is already in progress. If this is stale, remove: "+t):e}}function Lr(t){try{T__namespace.unlinkSync(t);}catch{}}function Rs(t,e){let n=(Array.isArray(t)?t:[]).map(s=>{if(!Array.isArray(s?.hooks))return null;let o=s.hooks.filter(i=>!i.command?.startsWith?.("flow-ai-obs "));return o.length>0?{...s,hooks:o}:null}).filter(s=>s!=null);return [e,...n]}function Ir(){let t=G(),e=t+".lock",r=[];T__namespace.mkdirSync(At__namespace.dirname(t),{recursive:true}),vr(e);try{if(T__namespace.existsSync(t)){T__namespace.copyFileSync(t,t+".bkp");try{T__namespace.chmodSync(t+".bkp",384);}catch{}}let n={};try{n=JSON.parse(T__namespace.readFileSync(t,"utf8"));}catch{}let s=n.env&&typeof n.env=="object"?n.env:{};n.env={...ot,...Dt(),...s},n.otelHeadersHelper="flow-ai-obs otel-headers",(!n.hooks||typeof n.hooks!="object"||Array.isArray(n.hooks))&&(n.hooks={});let o=(c,l)=>({matcher:"",hooks:[{type:"command",command:`flow-ai-obs ${c}`,timeout:l}]}),i=["UserPromptSubmit","PreToolUse","PostToolUse","Stop"],a=n.hooks;for(let c of i){let l=Rs(a[c],o(c,Ar[c]));l.length>1&&r.push(c),a[c]=l;}T__namespace.writeFileSync(t,JSON.stringify(n,null,2)+`
30
- `,{encoding:"utf8",mode:384});try{T__namespace.chmodSync(t,384);}catch{}}finally{Lr(e);}return {settingsPath:t,preserved:r}}async function br(t){let e;try{e=(await x(t)).accessToken;}catch{return false}return e?new Promise(r=>{Ce(`Bearer ${e}`,r,1);}):false}function Ce(t,e,r){let n=new URL(st().GATEWAY_TRACES),s=JSON.stringify({resourceSpans:[],validation_run:true}),o=n.protocol==="https:",i={hostname:n.hostname,port:n.port||(o?443:80),path:n.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:t,"Content-Length":Buffer.byteLength(s)}},c=(o?is__namespace:As__namespace).request(i,l=>{l.resume(),l.statusCode===200||l.statusCode===204?e(true):r<Tt.CONNECTIVITY_MAX_RETRY?setTimeout(()=>Ce(t,e,r+1),Tt.CONNECTIVITY_RETRY_MS):e(false);});c.on("error",()=>{r<Tt.CONNECTIVITY_MAX_RETRY?setTimeout(()=>Ce(t,e,r+1),Tt.CONNECTIVITY_RETRY_MS):e(false);}),c.write(s),c.end();}function _t(t){let e=G(),r=e+".lock";T__namespace.mkdirSync(At__namespace.dirname(e),{recursive:true}),vr(r);try{let n={};try{n=JSON.parse(T__namespace.readFileSync(e,"utf8"));}catch{}(!n.env||typeof n.env!="object")&&(n.env={}),Object.assign(n.env,t),T__namespace.writeFileSync(e,JSON.stringify(n,null,2)+`
31
- `,{encoding:"utf8",mode:384});try{T__namespace.chmodSync(e,384);}catch{}}finally{Lr(r);}}var bs,Mt=m(()=>{"use strict";A();yt();ne();bs=Tt.LOCK_STALE_MS;});function Bt(){let t=tt__namespace.default.homedir();if(process.platform==="darwin")return At__namespace.default.join(t,"Library","Preferences",oe,ie);if(process.platform==="win32"){let r=process.env.APPDATA??At__namespace.default.join(t,"AppData","Roaming");return At__namespace.default.join(r,oe,ie)}let e=process.env.XDG_CONFIG_HOME??At__namespace.default.join(t,".config");return At__namespace.default.join(e,oe,ie)}function $e(){try{let t=T__namespace.default.readFileSync(Bt(),"utf8");return JSON.parse(t)}catch{return {}}}function Rr(t){let e=Bt();T__namespace.default.mkdirSync(At__namespace.default.dirname(e),{recursive:true}),T__namespace.default.writeFileSync(e,JSON.stringify(t,null,2),{encoding:"utf8",mode:384});}var Fe,ce,Pr=m(()=>{"use strict";A();Fe={credentials:"credentials","token-cache":"tokenCache"};ce=class{static isAvailable(){return !0}static hasExistingData(){try{if(!T__namespace.default.existsSync(Bt()))return !1;let e=JSON.parse(T__namespace.default.readFileSync(Bt(),"utf8"));return !!(e&&e.credentials)}catch{return !1}}async getSecret(e,r){let n=$e(),s=Fe[r]??r,o=n[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(e,r,n){let s=$e(),o=Fe[r]??r;if(r==="token-cache")try{s[o]=JSON.parse(n);}catch{s[o]=n;}else s[o]=n;Rr(s);}async deleteSecret(e,r){let n=$e(),s=Fe[r]??r;return s in n?(delete n[s],Rr(n),!0):!1}getStoragePath(){return `config.json (unencrypted) \u2014 ${Bt()}`}};});var Nr={};M(Nr,{MacOsKeyVaultProvider:()=>De});var xe,De,Cr=m(()=>{"use strict";xe=util.promisify(child_process.execFile),De=class{static async isAvailable(){try{return T.accessSync("/usr/bin/security",T.constants.X_OK),!0}catch{return !1}}async getSecret(e,r){try{let{stdout:n}=await xe("security",["find-generic-password","-w","-a",r,"-s",e]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await xe("security",["add-generic-password","-U","-a",r,"-s",e,"-w",n]);}async deleteSecret(e,r){try{return await xe("security",["delete-generic-password","-a",r,"-s",e]),!0}catch{return !1}}getStoragePath(){return "macOS Keychain"}};});var Fr={};M(Fr,{LinuxKeyVaultProvider:()=>Me});var Ur,Me,$r=m(()=>{"use strict";Ur=util.promisify(child_process.execFile),Me=class{static async isAvailable(){let e=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of e)try{return T.accessSync(r,T.constants.X_OK),!0}catch{}return !1}async getSecret(e,r){try{let{stdout:n}=await Ur("secret-tool",["lookup","service",e,"account",r]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await new Promise((s,o)=>{let i=child_process.spawn("secret-tool",["store","--label",e,"service",e,"account",r]);i.on("error",o),i.on("close",a=>{a===0?s():o(new Error(`secret-tool exited with code ${a}`));}),i.stdin.write(n),i.stdin.end();});}async deleteSecret(e,r){try{return await Ur("secret-tool",["clear","service",e,"account",r]),!0}catch{return !1}}getStoragePath(){return "Linux Secret Service (libsecret)"}};});var xr={};M(xr,{WindowsKeyVaultProvider:()=>Be});var Be,Dr=m(()=>{"use strict";Be=class{static async isAvailable(){try{return await $t("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return !1}}async getSecret(e,r){return $t("keytar").getPassword(e,r)}async setSecret(e,r,n){await $t("keytar").setPassword(e,r,n);}async deleteSecret(e,r){return $t("keytar").deletePassword(e,r)}getStoragePath(){return "Windows Credential Manager"}};});async function Mr(){return await Hs()??new ce}async function Hs(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:t}=await Promise.resolve().then(()=>(Cr(),Nr));return await t.isAvailable()?new t:null}case "linux":{let{LinuxKeyVaultProvider:t}=await Promise.resolve().then(()=>($r(),Fr));return await t.isAvailable()?new t:null}case "win32":{let{WindowsKeyVaultProvider:t}=await Promise.resolve().then(()=>(Dr(),xr));return await t.isAvailable()?new t:null}default:return null}}var Br=m(()=>{"use strict";Pr();});function Ot(){return He||(He=Mr()),He}async function O(){let e=await(await Ot()).getSecret(kt,je);if(!e)return null;try{return JSON.parse(e)}catch{return null}}async function Ye(t){if(!t.clientId||!t.clientSecret||!t.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await Ot()).setSecret(kt,je,JSON.stringify(t));}async function Hr(){let t=await Ot();await t.deleteSecret(kt,je),await t.deleteSecret(kt,Ve);}async function jt(t){await(await Ot()).setSecret(kt,Ve,JSON.stringify({accessToken:t.accessToken,expiresAt:t.expiresAt,lastAuthCheckAt:t.lastAuthCheckAt}));}async function vt(){let e=await(await Ot()).getSecret(kt,Ve);if(!e)return null;try{let r=JSON.parse(e);return {accessToken:r.accessToken,expiresAt:r.expiresAt,lastAuthCheckAt:r.lastAuthCheckAt}}catch{return null}}async function le(){let t=await vt();return t?new Date(t.expiresAt)>new Date:false}async function at(){let t=await vt();if(!t||!t.accessToken)return null;try{let e=t.accessToken.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email??r.preferred_username??r.upn??r.sub??null}catch{return null}}async function We(){let t=await Ot();if(typeof t.getStoragePath=="function")return t.getStoragePath();let e=process.platform;return e==="darwin"?"macOS Keychain":e==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function jr(){let t=await O();return !!(t&&t.clientId&&t.clientSecret&&t.tenant)}var kt,je,Ve,He,Lt=m(()=>{"use strict";Br();A();kt=se.SERVICE,je=se.ACCOUNT_CREDS,Ve=se.ACCOUNT_TOKEN,He=null;});function Vs(t){return js.some(e=>e.test(t))}function Ys(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email||r.preferred_username||r.upn||r.sub||null}catch{return null}}function b(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:s,tenant:o}=r;return !n||!s||!o?null:{clientId:n,clientSecret:s,tenant:o}}catch{return null}}function Vr(t){let e=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),r=Buffer.from(JSON.stringify({clientId:t.clientId,clientSecret:t.clientSecret,tenant:t.tenant})).toString("base64url");return `${e}.${r}.`}function It(t){let e;try{e=new URL(t);}catch{throw new Error(`Invalid URL: ${t}`)}let r=process.env[f.FLOW_OBS_ALLOW_HTTP]==="true";if(!r&&e.protocol!=="https:")throw new Error(`URL must use HTTPS: ${t}`);if(e.username||e.password)throw new Error(`URL must not contain embedded credentials: ${t}`);if(!r&&Vs(e.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${e.hostname}`);return t}async function Yr(){let t=b(process.env[f.ANTHROPIC_AUTH_TOKEN]);if(t)return {user:await at().catch(()=>null)??t.clientId,tenant:t.tenant};if(ae.KEYCHAIN_ENABLED)try{let e=await O();if(!e)return {user:"",tenant:""};let r=await at()??e.clientId??"",n=e.tenant??"";return {user:r,tenant:n}}catch{return {user:"",tenant:""}}return {user:"",tenant:""}}function Ws(){return new Date().toISOString().slice(0,10)}async function Gs(t){let e=Ws(),r=await vt();if(r?.lastAuthCheckAt!==e){u("getOrRefreshToken",`daily auth check (last: ${r?.lastAuthCheckAt??"never"})`);try{let o=await x(t);try{await jt({...o,lastAuthCheckAt:e});}catch{}return u("getOrRefreshToken",`daily check passed, expires=${o.expiresAt}`),o.accessToken}catch(o){if(o instanceof it)throw o;u("getOrRefreshToken",`daily check network error \u2014 using cache: ${o.message}`);}}let n=r!=null&&new Date(r.expiresAt)>new Date;if(u("getOrRefreshToken",`cacheValid=${n}`),n)return u("getOrRefreshToken",`using cached token, expires=${r.expiresAt}`),r.accessToken;u("getOrRefreshToken",`token expired \u2014 refreshing via auth-engine (tenant=${t.tenant} clientId=${t.clientId})`);let s=await x(t);try{await jt({...s,lastAuthCheckAt:e});}catch(o){u("getOrRefreshToken",`token cache save failed (non-fatal): ${o.message}`);}return u("getOrRefreshToken",`token refreshed, expires=${s.expiresAt}`),s.accessToken}function Ks(t,e){let r=e&&e.accessToken?e.accessToken:"";return {endpoint:t.replace(/\/$/,"")+"/flow-langfuse-gateway/v1/traces",authHeader:`Bearer ${r}`}}function qs(t,e,r){let n=Buffer.from(`${e}:${r}`).toString("base64");return {endpoint:t.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${n}`}}async function K(){let t=[],e=process.env[f.ANTHROPIC_MODEL]??"",r=b(process.env[f.ANTHROPIC_AUTH_TOKEN]);u("resolveCredentials",r?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),r&&u("resolveCredentials",`clientId=${r.clientId}`,`tenant=${r.tenant}`),!r&&ae.KEYCHAIN_ENABLED&&(r=await O(),r&&u("resolveCredentials","credentials resolved from keychain (FEATURES.KEYCHAIN_ENABLED=true)"));let n=r?r.tenant:"",s=process.env[f.FLOW_TELEMETRY]==="true",o=process.env[f.LANGFUSE_BASE_URL],i=process.env[f.LANGFUSE_PUBLIC_KEY],a=process.env[f.LANGFUSE_SECRET_KEY];if(s&&o&&i&&a){let E="",S=n;if(r)E=await at().catch(()=>null)??r.clientId;else if(ae.KEYCHAIN_ENABLED)try{let k=await O();k&&(E=await at()??k.clientId,S=k.tenant);}catch{}let v={user:E??"",tenant:S??"",team:"",project:"",model:e};t.push({mode:"direct",...qs(It(o),i,a),...v}),u("resolveCredentials","direct mode active",`user=${v.user}`,`tenant=${v.tenant}`);}if(!r){if(t.length===0){let E=[];return E.authError=false,E}return t}let c;try{c=await Gs(r);}catch(E){if(u("resolveCredentials",`token refresh failed: ${E.message}`,`(tenant=${r.tenant} clientId=${r.clientId})`),t.length>0)return t.authError=true,t;let S=[];return S.authError=true,S}let d={user:Ys(c)??r.clientId,tenant:n,team:"",project:"",model:e},y=process.env[f.FLOW_TELEMETRY_GATEWAY]??nt();return t.push({mode:"gateway",...Ks(It(y),{accessToken:c}),...d}),t}async function Wr(){return (await K()).length>0}var js,Y=m(()=>{"use strict";Lt();yt();A();$();js=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];});function Ge(){return At__namespace.default.join(tt__namespace.default.homedir(),".claude","flow-obs",".logged-out")}function Kr(){try{let t=Ge();T__namespace.default.mkdirSync(At__namespace.default.dirname(t),{recursive:!0}),T__namespace.default.writeFileSync(t,"",{mode:384});}catch{}}function qr(){try{T__namespace.default.unlinkSync(Ge());}catch{}}function de(){try{return T__namespace.default.existsSync(Ge())}catch{return false}}var Jr=m(()=>{"use strict";});var Ke={};M(Ke,{runLogin:()=>bt,runLogout:()=>to,runStatus:()=>eo});function q(t){return typeof t=="string"?t.replace(zs,""):t}function Vt(t,e={}){return new Promise((r,n)=>{let{masked:s=false,defaultValue:o=""}=e;process.stdout.write(t+o);let i=o;function a(){try{process.stdin.setRawMode(!1);}catch{}}process.once("uncaughtException",a),process.once("unhandledRejection",a);let c=d=>{if(d===""){l(),n(new Error("SIGINT"));return}if(d==="\r"||d===`
26
+ `),r();});})}function Er(){return new Promise(t=>{Ce((e,r)=>t(e||!r?null:r));})}function ws(){try{let t=Pe();if(t){wt(P().version,t.latestVersion)&&(t.updatePriority==="auto"?Re(t.latestVersion):be(t.latestVersion));return}setImmediate(()=>{Ce((e,r)=>{e||!r||(Ne(r.version,r.updatePriority),wt(P().version,r.version)&&(r.updatePriority==="auto"?Re(r.version):be(r.version)));});});}catch{}}async function Es(t={}){try{let e=Pe();if(e){if(!wt(P().version,e.latestVersion))return}else {let n=await Er();if(!n||(Ne(n.version,n.updatePriority),!wt(P().version,n.version)))return;e={latestVersion:n.version,updatePriority:n.updatePriority,checkedAt:Date.now()};}if(e.updatePriority==="auto"){Re(e.latestVersion);return}if(!ht()){be(e.latestVersion);return}await gs(e.latestVersion,t.timeoutMs)&&await hs(e.latestVersion);}catch{}}function Ss(){try{if(Pe())return;setImmediate(()=>{Ce((t,e)=>{t||!e||wt(P().version,e.version)&&Ne(e.version,e.updatePriority,0);});});}catch{}}var Ie,wr,fs,ms,St=f(()=>{"use strict";Le();wr=Ot__namespace.default.join(rt__namespace.default.tmpdir(),"flow-obs-update-cache.json"),fs=1440*60*1e3,ms=3e3;});function Sr(){return process.platform==="win32"?false:process.getuid?.()===0}function et(){if(Sr())return process.stderr.write(`
27
+ `+b(` \u2717 flow-ai-obs is not supported in a sudo context.
28
+
29
+ `)+R(` npm install -g @ciandt-flow/flow-ai-obs
30
+ `)+`
31
+ `),1}var Mt=f(()=>{"use strict";tt();});function Tr(){if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let e=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(e)return {home:e,username:process.env.SUDO_USER}}return {home:rt__namespace.homedir(),username:process.env.SUDO_USER||process.env.USER||rt__namespace.userInfo().username}}function W(){if(process.env.WSL_DISTRO_NAME&&process.platform==="linux"){let t=process.env.USERPROFILE;if(!t){let r=child_process.spawnSync("cmd.exe",["/c","echo","%USERPROFILE%"],{encoding:"utf8",timeout:5e3}).stdout?.trim();r&&/^[A-Za-z]:\\/.test(r)&&(t=r);}if(t){let e=t.replace(/^([A-Za-z]):/,(r,n)=>`/mnt/${n.toLowerCase()}`).replace(/\\/g,"/");return Ot__namespace.join(e,".claude","settings.json")}return Ot__namespace.join(rt__namespace.homedir(),".claude","settings.json")}if(process.platform==="win32"){let t=process.env.USERPROFILE||rt__namespace.homedir();return Ot__namespace.join(t,".claude","settings.json")}if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let e=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(e)return Ot__namespace.join(e,".claude","settings.json")}return Ot__namespace.join(rt__namespace.homedir(),".claude","settings.json")}var oe=f(()=>{"use strict";Mt();});function kr(){if(process.platform==="win32"){let r=process.env.APPDATA||Ot__namespace.join(rt__namespace.homedir(),"AppData","Roaming");return Ot__namespace.join(r,yr,_r)}let t=Tr(),e=process.env.XDG_CONFIG_HOME||Ot__namespace.join(t.home,".config");return Ot__namespace.join(e,yr,_r)}function Or(){try{let t=y__namespace.readFileSync(kr(),"utf8");return JSON.parse(t)}catch{return {}}}function st(){let{baseUrl:t}=Or();return typeof t!="string"||t.trim()===""?null:t.trim().replace(/\/$/,"")}function vr(t){let e=kr();y__namespace.mkdirSync(Ot__namespace.dirname(e),{recursive:true});let n={...Or(),baseUrl:t};y__namespace.writeFileSync(e,JSON.stringify(n,null,2)+`
32
+ `,{encoding:"utf8",mode:384});}var yr,_r,$e=f(()=>{"use strict";oe();yr="flow-ai-obs",_r="config.json";});function ot(){return st()??process.env.FLOW_BASE_URL??ie}function it(){let t=ot();return {AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${t}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${t}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${t}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${t}/otel`}}function Bt(){let t=ot();return {ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL??`${t}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL??"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL??"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"}}function xe(){let t=ot();return {API_URL:process.env.FLOW_METRICS_URL||`${t}/metrics-collector-api/log-event`,BOOSTER:"flow-ai-obs"}}var ie,Ts,ae,ce,le,Fe,at,m,ue,_t,Lr,x,Ir,V,A=f(()=>{"use strict";$e();ie="https://flow.ciandt.com";Ts=it(),ae={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials",ACCOUNT_TOKEN:"token-cache"},ce="FLOW-nodejs",le="config.json",Fe={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"};at={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:Ts.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},m={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP",BUFFER_TTL_DAYS:"FLOW_TELEMETRY_BUFFER_TTL_DAYS",BUFFER_MAX_FILES:"FLOW_TELEMETRY_BUFFER_MAX_FILES"},ue={KEYCHAIN_ENABLED:!1},_t={LOCK_STALE_MS:3e4,CONNECTIVITY_MAX_RETRY:3,CONNECTIVITY_RETRY_MS:2e3},Lr={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15},x={FILE_PREFIX:"flow-obs-buffer-",DEFAULT_TTL_DAYS:4,MIN_TTL_DAYS:1,MAX_TTL_DAYS:30,DEFAULT_MAX_FILES:50,MIN_MAX_FILES:1,MAX_MAX_FILES:500,REPLAY_BATCH_SIZE:10},Ir="flow-ai-obs-debug.log",V={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4,TOOL_BRIEF:60};});function u(...t){if(process.env[m.FLOW_OBS_DEBUG]!=="1")return;let e=`[${new Date().toISOString()}] ${t.join(" ")}
33
+ `;try{y.writeFileSync(ks,e,{flag:"a"});}catch(r){process.stderr.write(`[flow-obs debug ERROR] ${r.message}
34
+ `);}}var ks,D=f(()=>{"use strict";A();ks=Ot.join(rt.tmpdir(),Ir);});function Is(t){if(!Ls.test(t))throw new Error(`Invalid tenant value: "${t}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}function bs(t,e){let r=e.length>400?e.slice(0,400)+"\u2026":e;u("toAuthError",`status=${t} body=${r}`);try{let n=JSON.parse(e);if(typeof n.error=="string"&&(u("toAuthError",`api_error_code=${n.error}`+(n.message?` api_message=${n.message}`:"")),br[n.error]))return new ct(br[n.error])}catch{}return t===401||t===403||t===500?new ct("Invalid credentials"):t>=400&&t<500?new ct("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function M(t){return new Promise((e,r)=>{try{Is(t.tenant);}catch(l){return r(l)}let n=JSON.stringify({clientSecret:t.clientSecret}),s=new URL(it().AUTH_ENGINE),o=s.protocol==="https:",i={hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(n),FlowTenant:t.tenant}};u("getToken",`requesting token tenant=${t.tenant} host=${i.hostname} path=${i.path}`);let c=(o?us__namespace.default:vs__namespace.default).request(i,l=>{let p=[];l.on("data",T=>p.push(T)),l.on("end",()=>{let T=p.join("");if((l.statusCode??0)>=400)return r(bs(l.statusCode??0,T));let g;try{g=JSON.parse(T);}catch{return r(new Error("Invalid response from auth engine"))}let E=g.expires_at??new Date(Date.now()+(g.expires_in??3600)*1e3).toISOString();e({accessToken:g.access_token??"",expiresAt:E});});});c.on("error",l=>r(new Error(`Network error: ${l.message}`))),c.write(n),c.end();})}var ct,Ls,br,At=f(()=>{"use strict";A();D();ct=class extends Error{constructor(e){super(e),this.name="AuthError";}},Ls=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;br={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};});function Rr(t){try{let e=y__namespace.statSync(t);Date.now()-e.mtimeMs>Ns&&y__namespace.unlinkSync(t);}catch{}try{y__namespace.writeFileSync(t,String(process.pid),{flag:"wx"});}catch(e){throw e.code==="EEXIST"?new Error("Another install is already in progress. If this is stale, remove: "+t):e}}function Pr(t){try{y__namespace.unlinkSync(t);}catch{}}function Cs(t,e){let n=(Array.isArray(t)?t:[]).map(s=>{if(!Array.isArray(s?.hooks))return null;let o=s.hooks.filter(i=>!i.command?.startsWith?.("flow-ai-obs "));return o.length>0?{...s,hooks:o}:null}).filter(s=>s!=null);return [e,...n]}function Nr(){let t=W(),e=t+".lock",r=[];y__namespace.mkdirSync(Ot__namespace.dirname(t),{recursive:true}),Rr(e);try{if(y__namespace.existsSync(t)){y__namespace.copyFileSync(t,t+".bkp");try{y__namespace.chmodSync(t+".bkp",384);}catch{}}let n={};try{n=JSON.parse(y__namespace.readFileSync(t,"utf8"));}catch{}let s=n.env&&typeof n.env=="object"?n.env:{};n.env={...at,...Bt(),...s},n.otelHeadersHelper="flow-ai-obs otel-headers",(!n.hooks||typeof n.hooks!="object"||Array.isArray(n.hooks))&&(n.hooks={});let o=(c,l)=>({matcher:"",hooks:[{type:"command",command:`flow-ai-obs ${c}`,timeout:l}]}),i=["UserPromptSubmit","PreToolUse","PostToolUse","Stop"],a=n.hooks;for(let c of i){let l=Cs(a[c],o(c,Lr[c]));l.length>1&&r.push(c),a[c]=l;}y__namespace.writeFileSync(t,JSON.stringify(n,null,2)+`
35
+ `,{encoding:"utf8",mode:384});try{y__namespace.chmodSync(t,384);}catch{}}finally{Pr(e);}return {settingsPath:t,preserved:r}}async function Cr(t){let e;try{e=(await M(t)).accessToken;}catch{return false}return e?new Promise(r=>{De(`Bearer ${e}`,r,1);}):false}function De(t,e,r){let n=new URL(it().GATEWAY_TRACES),s=JSON.stringify({resourceSpans:[],validation_run:true}),o=n.protocol==="https:",i={hostname:n.hostname,port:n.port||(o?443:80),path:n.pathname,method:"POST",headers:{"Content-Type":"application/json",Authorization:t,"Content-Length":Buffer.byteLength(s)}},c=(o?us__namespace:vs__namespace).request(i,l=>{l.resume(),l.statusCode===200||l.statusCode===204?e(true):r<_t.CONNECTIVITY_MAX_RETRY?setTimeout(()=>De(t,e,r+1),_t.CONNECTIVITY_RETRY_MS):e(false);});c.on("error",()=>{r<_t.CONNECTIVITY_MAX_RETRY?setTimeout(()=>De(t,e,r+1),_t.CONNECTIVITY_RETRY_MS):e(false);}),c.write(s),c.end();}function kt(t){let e=W(),r=e+".lock";y__namespace.mkdirSync(Ot__namespace.dirname(e),{recursive:true}),Rr(r);try{let n={};try{n=JSON.parse(y__namespace.readFileSync(e,"utf8"));}catch{}(!n.env||typeof n.env!="object")&&(n.env={}),Object.assign(n.env,t),y__namespace.writeFileSync(e,JSON.stringify(n,null,2)+`
36
+ `,{encoding:"utf8",mode:384});try{y__namespace.chmodSync(e,384);}catch{}}finally{Pr(r);}}var Ns,Ht=f(()=>{"use strict";A();At();oe();Ns=_t.LOCK_STALE_MS;});function jt(){let t=rt__namespace.default.homedir();if(process.platform==="darwin")return Ot__namespace.default.join(t,"Library","Preferences",ce,le);if(process.platform==="win32"){let r=process.env.APPDATA??Ot__namespace.default.join(t,"AppData","Roaming");return Ot__namespace.default.join(r,ce,le)}let e=process.env.XDG_CONFIG_HOME??Ot__namespace.default.join(t,".config");return Ot__namespace.default.join(e,ce,le)}function He(){try{let t=y__namespace.default.readFileSync(jt(),"utf8");return JSON.parse(t)}catch{return {}}}function Ur(t){let e=jt();y__namespace.default.mkdirSync(Ot__namespace.default.dirname(e),{recursive:true}),y__namespace.default.writeFileSync(e,JSON.stringify(t,null,2),{encoding:"utf8",mode:384});}var Be,de,$r=f(()=>{"use strict";A();Be={credentials:"credentials","token-cache":"tokenCache"};de=class{static isAvailable(){return !0}static hasExistingData(){try{if(!y__namespace.default.existsSync(jt()))return !1;let e=JSON.parse(y__namespace.default.readFileSync(jt(),"utf8"));return !!(e&&e.credentials)}catch{return !1}}async getSecret(e,r){let n=He(),s=Be[r]??r,o=n[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(e,r,n){let s=He(),o=Be[r]??r;if(r==="token-cache")try{s[o]=JSON.parse(n);}catch{s[o]=n;}else s[o]=n;Ur(s);}async deleteSecret(e,r){let n=He(),s=Be[r]??r;return s in n?(delete n[s],Ur(n),!0):!1}getStoragePath(){return `config.json (unencrypted) \u2014 ${jt()}`}};});var Fr={};H(Fr,{MacOsKeyVaultProvider:()=>Ve});var je,Ve,xr=f(()=>{"use strict";je=util.promisify(child_process.execFile),Ve=class{static async isAvailable(){try{return y.accessSync("/usr/bin/security",y.constants.X_OK),!0}catch{return !1}}async getSecret(e,r){try{let{stdout:n}=await je("security",["find-generic-password","-w","-a",r,"-s",e]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await je("security",["add-generic-password","-U","-a",r,"-s",e,"-w",n]);}async deleteSecret(e,r){try{return await je("security",["delete-generic-password","-a",r,"-s",e]),!0}catch{return !1}}getStoragePath(){return "macOS Keychain"}};});var Mr={};H(Mr,{LinuxKeyVaultProvider:()=>Ye});var Dr,Ye,Br=f(()=>{"use strict";Dr=util.promisify(child_process.execFile),Ye=class{static async isAvailable(){let e=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of e)try{return y.accessSync(r,y.constants.X_OK),!0}catch{}return !1}async getSecret(e,r){try{let{stdout:n}=await Dr("secret-tool",["lookup","service",e,"account",r]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await new Promise((s,o)=>{let i=child_process.spawn("secret-tool",["store","--label",e,"service",e,"account",r]);i.on("error",o),i.on("close",a=>{a===0?s():o(new Error(`secret-tool exited with code ${a}`));}),i.stdin.write(n),i.stdin.end();});}async deleteSecret(e,r){try{return await Dr("secret-tool",["clear","service",e,"account",r]),!0}catch{return !1}}getStoragePath(){return "Linux Secret Service (libsecret)"}};});var Hr={};H(Hr,{WindowsKeyVaultProvider:()=>Ge});var Ge,jr=f(()=>{"use strict";Ge=class{static async isAvailable(){try{return await Dt("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return !1}}async getSecret(e,r){return Dt("keytar").getPassword(e,r)}async setSecret(e,r,n){await Dt("keytar").setPassword(e,r,n);}async deleteSecret(e,r){return Dt("keytar").deletePassword(e,r)}getStoragePath(){return "Windows Credential Manager"}};});async function Vr(){return await Ys()??new de}async function Ys(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:t}=await Promise.resolve().then(()=>(xr(),Fr));return await t.isAvailable()?new t:null}case "linux":{let{LinuxKeyVaultProvider:t}=await Promise.resolve().then(()=>(Br(),Mr));return await t.isAvailable()?new t:null}case "win32":{let{WindowsKeyVaultProvider:t}=await Promise.resolve().then(()=>(jr(),Hr));return await t.isAvailable()?new t:null}default:return null}}var Yr=f(()=>{"use strict";$r();});function Lt(){return We||(We=Vr()),We}async function v(){let e=await(await Lt()).getSecret(vt,Ke);if(!e)return null;try{return JSON.parse(e)}catch{return null}}async function Je(t){if(!t.clientId||!t.clientSecret||!t.tenant)throw new Error("clientId, clientSecret and tenant are required");await(await Lt()).setSecret(vt,Ke,JSON.stringify(t));}async function Gr(){let t=await Lt();await t.deleteSecret(vt,Ke),await t.deleteSecret(vt,qe);}async function Yt(t){await(await Lt()).setSecret(vt,qe,JSON.stringify({accessToken:t.accessToken,expiresAt:t.expiresAt,lastAuthCheckAt:t.lastAuthCheckAt}));}async function It(){let e=await(await Lt()).getSecret(vt,qe);if(!e)return null;try{let r=JSON.parse(e);return {accessToken:r.accessToken,expiresAt:r.expiresAt,lastAuthCheckAt:r.lastAuthCheckAt}}catch{return null}}async function pe(){let t=await It();return t?new Date(t.expiresAt)>new Date:false}async function lt(){let t=await It();if(!t||!t.accessToken)return null;try{let e=t.accessToken.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email??r.preferred_username??r.upn??r.sub??null}catch{return null}}async function ze(){let t=await Lt();if(typeof t.getStoragePath=="function")return t.getStoragePath();let e=process.platform;return e==="darwin"?"macOS Keychain":e==="win32"?"Windows Credential Manager":"Linux Secret Service (libsecret)"}async function Wr(){let t=await v();return !!(t&&t.clientId&&t.clientSecret&&t.tenant)}var vt,Ke,qe,We,bt=f(()=>{"use strict";Yr();A();vt=ae.SERVICE,Ke=ae.ACCOUNT_CREDS,qe=ae.ACCOUNT_TOKEN,We=null;});function Ws(t){return Gs.some(e=>e.test(t))}function Ks(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email||r.preferred_username||r.upn||r.sub||null}catch{return null}}function N(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:s,tenant:o}=r;return !n||!s||!o?null:{clientId:n,clientSecret:s,tenant:o}}catch{return null}}function Kr(t){let e=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),r=Buffer.from(JSON.stringify({clientId:t.clientId,clientSecret:t.clientSecret,tenant:t.tenant})).toString("base64url");return `${e}.${r}.`}function Rt(t){let e;try{e=new URL(t);}catch{throw new Error(`Invalid URL: ${t}`)}let r=process.env[m.FLOW_OBS_ALLOW_HTTP]==="true";if(!r&&e.protocol!=="https:")throw new Error(`URL must use HTTPS: ${t}`);if(e.username||e.password)throw new Error(`URL must not contain embedded credentials: ${t}`);if(!r&&Ws(e.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${e.hostname}`);return t}async function qr(){let t=N(process.env[m.ANTHROPIC_AUTH_TOKEN]);if(t)return {user:await lt().catch(()=>null)??t.clientId,tenant:t.tenant};if(ue.KEYCHAIN_ENABLED)try{let e=await v();if(!e)return {user:"",tenant:""};let r=await lt()??e.clientId??"",n=e.tenant??"";return {user:r,tenant:n}}catch{return {user:"",tenant:""}}return {user:"",tenant:""}}function qs(){return new Date().toISOString().slice(0,10)}async function Js(t){let e=qs(),r=await It();if(r?.lastAuthCheckAt!==e){u("getOrRefreshToken",`daily auth check (last: ${r?.lastAuthCheckAt??"never"})`);try{let o=await M(t);try{await Yt({...o,lastAuthCheckAt:e});}catch{}return u("getOrRefreshToken",`daily check passed, expires=${o.expiresAt}`),o.accessToken}catch(o){if(o instanceof ct)throw o;u("getOrRefreshToken",`daily check network error \u2014 using cache: ${o.message}`);}}let n=r!=null&&new Date(r.expiresAt)>new Date;if(u("getOrRefreshToken",`cacheValid=${n}`),n)return u("getOrRefreshToken",`using cached token, expires=${r.expiresAt}`),r.accessToken;u("getOrRefreshToken",`token expired \u2014 refreshing via auth-engine (tenant=${t.tenant} clientId=${t.clientId})`);let s=await M(t);try{await Yt({...s,lastAuthCheckAt:e});}catch(o){u("getOrRefreshToken",`token cache save failed (non-fatal): ${o.message}`);}return u("getOrRefreshToken",`token refreshed, expires=${s.expiresAt}`),s.accessToken}function zs(t,e){let r=e&&e.accessToken?e.accessToken:"";return {endpoint:t.replace(/\/$/,"")+"/flow-langfuse-gateway/v1/traces",authHeader:`Bearer ${r}`}}function Xs(t,e,r){let n=Buffer.from(`${e}:${r}`).toString("base64");return {endpoint:t.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${n}`}}async function K(){let t=[],e=process.env[m.ANTHROPIC_MODEL]??"",r=N(process.env[m.ANTHROPIC_AUTH_TOKEN]);u("resolveCredentials",r?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),r&&u("resolveCredentials",`clientId=${r.clientId}`,`tenant=${r.tenant}`),!r&&ue.KEYCHAIN_ENABLED&&(r=await v(),r&&u("resolveCredentials","credentials resolved from keychain (FEATURES.KEYCHAIN_ENABLED=true)"));let n=r?r.tenant:"",s=process.env[m.FLOW_TELEMETRY]==="true",o=process.env[m.LANGFUSE_BASE_URL],i=process.env[m.LANGFUSE_PUBLIC_KEY],a=process.env[m.LANGFUSE_SECRET_KEY];if(s&&o&&i&&a){let g="",E=n;if(r)g=await lt().catch(()=>null)??r.clientId;else if(ue.KEYCHAIN_ENABLED)try{let _=await v();_&&(g=await lt()??_.clientId,E=_.tenant);}catch{}let O={user:g??"",tenant:E??"",team:"",project:"",model:e};t.push({mode:"direct",...Xs(Rt(o),i,a),...O}),u("resolveCredentials","direct mode active",`user=${O.user}`,`tenant=${O.tenant}`);}if(!r){if(t.length===0){let g=[];return g.authError=false,g}return t}let c;try{c=await Js(r);}catch(g){if(u("resolveCredentials",`token refresh failed: ${g.message}`,`(tenant=${r.tenant} clientId=${r.clientId})`),t.length>0)return t.authError=true,t;let E=[];return E.authError=true,E}let p={user:Ks(c)??r.clientId,tenant:n,team:"",project:"",model:e},T=process.env[m.FLOW_TELEMETRY_GATEWAY]??ot();return t.push({mode:"gateway",...zs(Rt(T),{accessToken:c}),...p}),t}async function Jr(){return (await K()).length>0}var Gs,Y=f(()=>{"use strict";bt();At();A();D();Gs=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];});function Xe(){return Ot__namespace.default.join(rt__namespace.default.homedir(),".claude","flow-obs",".logged-out")}function Xr(){try{let t=Xe();y__namespace.default.mkdirSync(Ot__namespace.default.dirname(t),{recursive:!0}),y__namespace.default.writeFileSync(t,"",{mode:384});}catch{}}function Zr(){try{y__namespace.default.unlinkSync(Xe());}catch{}}function me(){try{return y__namespace.default.existsSync(Xe())}catch{return false}}var Qr=f(()=>{"use strict";});var Ze={};H(Ze,{runLogin:()=>Pt,runLogout:()=>no,runStatus:()=>so});function q(t){return typeof t=="string"?t.replace(Qs,""):t}function Gt(t,e={}){return new Promise((r,n)=>{let{masked:s=false,defaultValue:o=""}=e;process.stdout.write(t+o);let i=o;function a(){try{process.stdin.setRawMode(!1);}catch{}}process.once("uncaughtException",a),process.once("unhandledRejection",a);let c=p=>{if(p===""){l(),n(new Error("SIGINT"));return}if(p==="\r"||p===`
32
37
  `){l(),process.stdout.write(`
33
- `),r(i);return}if(d==="\x7F"){i.length>0&&(i=i.slice(0,-1),process.stdout.write("\b \b"));return}d.startsWith("\x1B")||(i+=d,process.stdout.write(s?"*".repeat(d.length):d));};function l(){process.stdin.setRawMode(false),process.stdin.removeListener("data",c),process.removeListener("uncaughtException",a),process.removeListener("unhandledRejection",a);}process.stdin.setRawMode(true),process.stdin.resume(),process.stdin.setEncoding("utf8"),process.stdin.on("data",c);})}async function zr(t){if(!de())try{await O()||await Ye(t);}catch{}}async function Xr(t){let{accessToken:e,expiresAt:r}=await x(t);await Ye(t),await jt({accessToken:e,expiresAt:r}),qr();try{let n=Vr(t);_t({[f.ANTHROPIC_AUTH_TOKEN]:n});}catch{}}async function Xs(t){try{return await Xr(t),process.stdout.write(I(` \u2713 Setup complete. Tenant: ${q(t.tenant)}
38
+ `),r(i);return}if(p==="\x7F"){i.length>0&&(i=i.slice(0,-1),process.stdout.write("\b \b"));return}p.startsWith("\x1B")||(i+=p,process.stdout.write(s?"*".repeat(p.length):p));};function l(){process.stdin.setRawMode(false),process.stdin.removeListener("data",c),process.removeListener("uncaughtException",a),process.removeListener("unhandledRejection",a);}process.stdin.setRawMode(true),process.stdin.resume(),process.stdin.setEncoding("utf8"),process.stdin.on("data",c);})}async function tn(t){if(!me())try{await v()||await Je(t);}catch{}}async function en(t){let{accessToken:e,expiresAt:r}=await M(t);await Je(t),await Yt({accessToken:e,expiresAt:r}),Zr();try{let n=Kr(t);kt({[m.ANTHROPIC_AUTH_TOKEN]:n});}catch{}}async function to(t){try{return await en(t),process.stdout.write(I(` \u2713 Setup complete. Tenant: ${q(t.tenant)}
34
39
 
35
- `)),0}catch(e){return process.stderr.write(B(` \u2717 Authentication failed: ${q(e.message)}
36
- `)),1}}async function Zs(){try{process.stdout.write(`
37
- `);let t=(await Vt(H(" ? ")+"Client ID: ")).trim(),e=(await Vt(H(" ? ")+"Client Secret: ",{masked:!0})).trim(),r=(await Vt(H(" ? ")+"Tenant: ")).trim();if(!t||!e||!r)return process.stderr.write(B(` \u2717 All fields are required
38
- `)),1;try{await Xr({clientId:t,clientSecret:e,tenant:r});}catch(n){return process.stderr.write(B(` \u2717 Authentication failed: ${q(n.message)}
40
+ `)),0}catch(e){return process.stderr.write(b(` \u2717 Authentication failed: ${q(e.message)}
41
+ `)),1}}async function eo(){try{process.stdout.write(`
42
+ `);let t=(await Gt(R(" ? ")+"Client ID: ")).trim(),e=(await Gt(R(" ? ")+"Client Secret: ",{masked:!0})).trim(),r=(await Gt(R(" ? ")+"Tenant: ")).trim();if(!t||!e||!r)return process.stderr.write(b(` \u2717 All fields are required
43
+ `)),1;try{await en({clientId:t,clientSecret:e,tenant:r});}catch(n){return process.stderr.write(b(` \u2717 Authentication failed: ${q(n.message)}
39
44
  `)),1}return process.stdout.write(I(` \u2713 Setup complete. Tenant: ${q(r)}
40
- `)),process.stdout.write(` Storage: ${await We()}
45
+ `)),process.stdout.write(` Storage: ${await ze()}
41
46
 
42
- `),0}catch(t){if(t.message==="SIGINT")throw t;return process.stderr.write(B(` \u2717 Unexpected error: ${t.message}
43
- `)),1}}async function bt(t={}){if(t.clientId&&t.clientSecret&&t.tenant)return Xs({clientId:t.clientId,clientSecret:t.clientSecret,tenant:t.tenant});let e=de()?null:b(process.env[f.ANTHROPIC_AUTH_TOKEN]);e&&await zr(e);let r=e||await O();if(r){process.stdout.write(`
47
+ `),0}catch(t){if(t.message==="SIGINT")throw t;return process.stderr.write(b(` \u2717 Unexpected error: ${t.message}
48
+ `)),1}}async function Pt(t={}){let e=et();if(e)return e;if(t.clientId&&t.clientSecret&&t.tenant)return to({clientId:t.clientId,clientSecret:t.clientSecret,tenant:t.tenant});let r=me()?null:N(process.env[m.ANTHROPIC_AUTH_TOKEN]);r&&await tn(r);let n=r||await v();if(n){process.stdout.write(`
44
49
  `),process.stdout.write(j(` Already authenticated
45
- `)),process.stdout.write(w(" Tenant: ")+q(r.tenant)+`
46
- `),process.stdout.write(w(" Client ID: ")+q(r.clientId)+`
50
+ `)),process.stdout.write(S(" Tenant: ")+q(n.tenant)+`
51
+ `),process.stdout.write(S(" Client ID: ")+q(n.clientId)+`
47
52
  `),process.stdout.write(`
48
- `);let n;try{n=await Vt(H(" ? ")+"Re-authenticate? (y/N): ");}catch(s){if(s.message==="SIGINT")return process.stdout.write(`
49
- `),130;throw s}if(n.trim().toLowerCase()!=="y")return process.stdout.write(I(` \u2713 Using existing credentials.
53
+ `);let s;try{s=await Gt(R(" ? ")+"Re-authenticate? (y/N): ");}catch(o){if(o.message==="SIGINT")return process.stdout.write(`
54
+ `),130;throw o}if(s.trim().toLowerCase()!=="y")return process.stdout.write(I(` \u2713 Using existing credentials.
50
55
 
51
- `)),0}try{return await Zs()}catch(n){if(n.message==="SIGINT")return process.stdout.write(`
52
- `),130;throw n}}async function Qs(){try{return process.stdout.write(`
53
- `),(await Vt(H(" ? ")+"Are you sure? This will remove your local credentials. (y/N): ")).toLowerCase()!=="y"?(process.stdout.write(_(` \u26A0 Logout cancelled
56
+ `)),0}try{return await eo()}catch(s){if(s.message==="SIGINT")return process.stdout.write(`
57
+ `),130;throw s}}async function ro(){try{return process.stdout.write(`
58
+ `),(await Gt(R(" ? ")+"Are you sure? This will remove your local credentials. (y/N): ")).toLowerCase()!=="y"?(process.stdout.write(k(` \u26A0 Logout cancelled
54
59
  `)),0):null}catch(t){if(t.message==="SIGINT")return process.stdout.write(`
55
- `),130;throw t}}async function to(t=false){if(!await jr())return process.stdout.write(_(` \u26A0 You are not authenticated
56
- `)),0;if(!t){let e=await Qs();if(e!==null)return e}try{return await Hr(),Kr(),process.stdout.write(I(` \u2713 Credentials removed successfully
57
- `)),0}catch{return process.stderr.write(B(` \u2717 Error removing credentials
58
- `)),1}}async function eo(){if(de())return process.stdout.write(_(" \u26A0 Not authenticated. Run `flow-ai-obs auth login` to set up.\n")),0;let t=b(process.env[f.ANTHROPIC_AUTH_TOKEN]);t&&await zr(t);let e=t||await O();if(!e)return process.stdout.write(_(" \u26A0 Not authenticated. Run `flow-ai-obs auth login` to set up.\n")),0;if(!t&&!await le())return process.stdout.write(_(" \u26A0 Session expired. Run `flow-ai-obs auth login` to re-authenticate.\n")),0;let r=e.clientSecret.length>4?"****...****"+e.clientSecret.slice(-4):"****",n=t?"ANTHROPIC_AUTH_TOKEN (settings.json)":await We();return process.stdout.write(`
60
+ `),130;throw t}}async function no(t=false){let e=et();if(e)return e;if(!await Wr())return process.stdout.write(k(` \u26A0 You are not authenticated
61
+ `)),0;if(!t){let r=await ro();if(r!==null)return r}try{return await Gr(),Xr(),process.stdout.write(I(` \u2713 Credentials removed successfully
62
+ `)),0}catch{return process.stderr.write(b(` \u2717 Error removing credentials
63
+ `)),1}}async function so(){if(me())return process.stdout.write(k(" \u26A0 Not authenticated. Run `flow-ai-obs auth login` to set up.\n")),0;let t=N(process.env[m.ANTHROPIC_AUTH_TOKEN]);t&&await tn(t);let e=t||await v();if(!e)return process.stdout.write(k(" \u26A0 Not authenticated. Run `flow-ai-obs auth login` to set up.\n")),0;if(!t&&!await pe())return process.stdout.write(k(" \u26A0 Session expired. Run `flow-ai-obs auth login` to re-authenticate.\n")),0;let r=e.clientSecret.length>4?"****...****"+e.clientSecret.slice(-4):"****",n=t?"ANTHROPIC_AUTH_TOKEN (settings.json)":await ze();return process.stdout.write(`
59
64
  `+j(` Authenticated
60
- `)),process.stdout.write(w(" Tenant: ")+q(e.tenant)+`
61
- `),process.stdout.write(w(" Client ID: ")+q(e.clientId)+`
62
- `),process.stdout.write(w(" Client Secret: ")+r+`
63
- `),process.stdout.write(w(" Storage: ")+n+`
65
+ `)),process.stdout.write(S(" Tenant: ")+q(e.tenant)+`
66
+ `),process.stdout.write(S(" Client ID: ")+q(e.clientId)+`
67
+ `),process.stdout.write(S(" Client Secret: ")+r+`
68
+ `),process.stdout.write(S(" Storage: ")+n+`
64
69
 
65
- `),0}var zs,Yt=m(()=>{"use strict";Lt();Jr();yt();Y();Mt();A();mt();zs=/[\x00-\x08\x0B-\x1F\x7F]|\x1b\[[0-9;]*[a-zA-Z]/g;});var nn={};M(nn,{runInit:()=>qe});function ro(){if(process.env.WSL_DISTRO_NAME&&process.platform==="linux")return child_process.spawnSync("cmd.exe",["/c","where","claude"],{encoding:"utf8",timeout:5e3}).status===0;let t=process.platform==="win32"?"where":"which";return child_process.spawnSync(t,["claude"],{encoding:"utf8",timeout:5e3}).status===0}function no(){try{let t=T__namespace.readFileSync(G(),"utf8"),e=JSON.parse(t);return !!(e.env&&e.env[f.ANTHROPIC_AUTH_TOKEN])}catch{return false}}function rn(t){let e;try{e=new URL(t);}catch{throw new Error(`Invalid URL: ${t}`)}if(e.protocol!=="https:")throw new Error(`Custom URL must use HTTPS: ${t}`);let r=process.env[f.FLOW_OBS_ALLOW_HTTP];try{delete process.env[f.FLOW_OBS_ALLOW_HTTP],It(t);}finally{r!==void 0&&(process.env[f.FLOW_OBS_ALLOW_HTTP]=r);}if(e.pathname!=="/"&&e.pathname!=="")throw new Error(`Custom URL must be a base URL with no path beyond the root.
70
+ `),0}var Qs,Wt=f(()=>{"use strict";bt();Qr();At();Y();Ht();A();tt();Mt();Qs=/[\x00-\x08\x0B-\x1F\x7F]|\x1b\[[0-9;]*[a-zA-Z]/g;});var cn={};H(cn,{runInit:()=>Qe});function oo(){if(process.env.WSL_DISTRO_NAME&&process.platform==="linux")return child_process.spawnSync("cmd.exe",["/c","where","claude"],{encoding:"utf8",timeout:5e3}).status===0;let t=process.platform==="win32"?"where":"which";return child_process.spawnSync(t,["claude"],{encoding:"utf8",timeout:5e3}).status===0}function io(){try{let t=y__namespace.readFileSync(W(),"utf8"),e=JSON.parse(t);return !!(e.env&&e.env[m.ANTHROPIC_AUTH_TOKEN])}catch{return false}}function an(t){let e;try{e=new URL(t);}catch{throw new Error(`Invalid URL: ${t}`)}if(e.protocol!=="https:")throw new Error(`Custom URL must use HTTPS: ${t}`);let r=process.env[m.FLOW_OBS_ALLOW_HTTP];try{delete process.env[m.FLOW_OBS_ALLOW_HTTP],Rt(t);}finally{r!==void 0&&(process.env[m.FLOW_OBS_ALLOW_HTTP]=r);}if(e.pathname!=="/"&&e.pathname!=="")throw new Error(`Custom URL must be a base URL with no path beyond the root.
66
71
  Received: ${t}
67
72
  Expected: https://tenant.example.com`);if(e.search)throw new Error(`Custom URL must not contain query parameters.
68
73
  Received: ${t}
69
74
  Expected: https://tenant.example.com`);if(e.hash)throw new Error(`Custom URL must not contain fragment.
70
75
  Received: ${t}
71
- Expected: https://tenant.example.com`);return t.replace(/\/$/,"")}async function tn(){for(let t=1;t<=3;t++)try{let e=await lr(" Enter your Flow base URL (e.g., https://tenant.ciandt.com)");return rn(e)}catch(e){if(process.stderr.write(_(` \u2717 ${e.message}
76
+ Expected: https://tenant.example.com`);return t.replace(/\/$/,"")}async function sn(){for(let t=1;t<=3;t++)try{let e=await mr(" Enter your Flow base URL (e.g., https://tenant.ciandt.com)");return an(e)}catch(e){if(process.stderr.write(k(` \u2717 ${e.message}
72
77
 
73
- `)),t===3)throw process.stderr.write(B(` Too many invalid attempts.
78
+ `)),t===3)throw process.stderr.write(b(` Too many invalid attempts.
74
79
 
75
- `)),new Error("Too many invalid URL attempts")}throw new Error("Too many invalid URL attempts")}async function qe(t={}){let e=t.url;if(!ro()){let l=Qr[process.platform]||Qr.linux;return process.stderr.write(`
76
- `+B(` \u2717 Claude Code is not installed or not found in PATH.
80
+ `)),new Error("Too many invalid URL attempts")}throw new Error("Too many invalid URL attempts")}async function Qe(t={}){let e=et();if(e)return e;let r=t.url;if(!oo()){let l=nn[process.platform]||nn.linux;return process.stderr.write(`
81
+ `+b(` \u2717 Claude Code is not installed or not found in PATH.
77
82
 
78
83
  `)+` flow-ai-obs requires Claude Code to function.
79
84
  Install it with:
80
85
 
81
- `+H(` ${l}`)+`
86
+ `+R(` ${l}`)+`
82
87
 
83
- `),1}if(process.env.WSL_DISTRO_NAME&&process.platform==="linux"&&process.stdout.write(_(` \u26A0 WSL detected. If Claude Code is installed on Windows, install flow-ai-obs
84
- `)+_(" on Windows too: ")+H(`npm install -g @ciandt-flow/flow-ai-obs
85
- `)+_(` Running Claude (Windows) + flow-ai-obs (WSL) is not a supported configuration.
88
+ `),1}if(process.env.WSL_DISTRO_NAME&&process.platform==="linux"&&process.stdout.write(k(` \u26A0 WSL detected. If Claude Code is installed on Windows, install flow-ai-obs
89
+ `)+k(" on Windows too: ")+R(`npm install -g @ciandt-flow/flow-ai-obs
90
+ `)+k(` Running Claude (Windows) + flow-ai-obs (WSL) is not a supported configuration.
86
91
 
87
- `)),!e&&!t.noInteractive&&gt()){let l=rt();try{l?(process.stdout.write(`
92
+ `)),!r&&!t.noInteractive&&ht()){let l=st();try{l?(process.stdout.write(`
88
93
  Current base URL: ${j(l)}
89
- `),await Ae(" Keep this URL?",!0)||(e=await tn())):(process.stdout.write(`
90
- `),await Ae(" Does your organization use a custom Flow URL?",!1)&&(e=await tn()));}catch{return 1}process.stdout.write(`
91
- `);}if(!e&&!t.noInteractive&&!gt()){let l=rt(),d=process.env.FLOW_BASE_URL,y=l??d??"https://flow.ciandt.com",E=!!(l??d);process.stdout.write(_(` \u26A0 Non-interactive environment detected.
92
- `)+w(` Using URL: ${y}
93
- `)+(E?"":w(` Run with --custom-url to configure a custom domain.
94
+ `),await ve(" Keep this URL?",!0)||(r=await sn())):(process.stdout.write(`
95
+ `),await ve(" Does your organization use a custom Flow URL?",!1)&&(r=await sn()));}catch{return 1}process.stdout.write(`
96
+ `);}if(!r&&!t.noInteractive&&!ht()){let l=st(),p=process.env.FLOW_BASE_URL,T=l??p??ie,g=!!(l??p);process.stdout.write(k(` \u26A0 Non-interactive environment detected.
97
+ `)+S(` Using URL: ${T}
98
+ `)+(g?"":S(` Run with --custom-url to configure a custom domain.
94
99
  `))+`
95
- `);}let r=null,n=null;if(e){let l;try{l=rn(e);}catch(y){return process.stderr.write(`
96
- \u2717 Invalid --custom-url: ${y.message}
100
+ `);}let n=null,s=null;if(r){let l;try{l=an(r);}catch(T){return process.stderr.write(`
101
+ \u2717 Invalid --custom-url: ${T.message}
97
102
 
98
- `),1}let d=rt();try{_r(l);}catch(y){return process.stderr.write(`
99
- \u2717 Failed to persist custom URL: ${y.message}
103
+ `),1}let p=st();try{vr(l);}catch(T){return process.stderr.write(`
104
+ \u2717 Failed to persist custom URL: ${T.message}
100
105
 
101
- `),1}r=l,n={OTEL_EXPORTER_OTLP_ENDPOINT:`${l}/otel`,ANTHROPIC_BASE_URL:`${l}/flow-llm-proxy/`},d&&d!==l?process.stdout.write(_(` \u26A0 Base URL updated.
102
- `)+w(` Previous: ${d}
103
- `)+w(` New: ${l}
106
+ `),1}n=l,s={OTEL_EXPORTER_OTLP_ENDPOINT:`${l}/otel`,ANTHROPIC_BASE_URL:`${l}/flow-llm-proxy/`},p&&p!==l?process.stdout.write(k(` \u26A0 Base URL updated.
107
+ `)+S(` Previous: ${p}
108
+ `)+S(` New: ${l}
104
109
 
105
110
  `)):process.stdout.write(I(` \u2713 Base URL configured: ${l}
106
111
 
107
- `));}if(!no())if(t.noInteractive||!gt())process.stdout.write(_(" \u26A0 No credentials found in settings.json \u2014 run `flow-ai-obs auth login` to authenticate.\n\n"));else {process.stdout.write(_(` \u26A0 No credentials found in settings.json \u2014 authentication required.
112
+ `));}if(!io())if(t.noInteractive||!ht())process.stdout.write(k(" \u26A0 No credentials found in settings.json \u2014 run `flow-ai-obs auth login` to authenticate.\n\n"));else {process.stdout.write(k(` \u26A0 No credentials found in settings.json \u2014 authentication required.
108
113
 
109
- `));let{runLogin:l}=await Promise.resolve().then(()=>(Yt(),Ke)),d=await l();if(d!==0)return d}let s,o;try{(({settingsPath:s,preserved:o}=Ir())),n&&_t(n);}catch(l){return process.stderr.write(` \u2717 Failed to write settings: ${l.message}
114
+ `));let{runLogin:l}=await Promise.resolve().then(()=>(Wt(),Ze)),p=await l();if(p!==0)return p}let o,i;try{(({settingsPath:o,preserved:i}=Nr())),s&&kt(s);}catch(l){return process.stderr.write(` \u2717 Failed to write settings: ${l.message}
110
115
  `),1}process.stdout.write(`
111
116
  `+j(" Native OTEL configured")+` (metrics & logs)
112
- `);let i=n?{...ot,OTEL_EXPORTER_OTLP_ENDPOINT:n.OTEL_EXPORTER_OTLP_ENDPOINT}:ot;for(let[l,d]of Object.entries(i))process.stdout.write(w(` ${l.padEnd(36)}`)+d+`
117
+ `);let a=s?{...at,OTEL_EXPORTER_OTLP_ENDPOINT:s.OTEL_EXPORTER_OTLP_ENDPOINT}:at;for(let[l,p]of Object.entries(a))process.stdout.write(S(` ${l.padEnd(36)}`)+p+`
113
118
  `);process.stdout.write(`
114
119
  `),process.stdout.write(j(" Hooks registered")+` (Langfuse trace capture)
115
- `),process.stdout.write(w(" UserPromptSubmit")+` \u2192 flow-ai-obs UserPromptSubmit (timeout: 5s)
116
- `),process.stdout.write(w(" PreToolUse ")+` \u2192 flow-ai-obs PreToolUse (timeout: 3s)
117
- `),process.stdout.write(w(" PostToolUse ")+` \u2192 flow-ai-obs PostToolUse (timeout: 10s)
118
- `),process.stdout.write(w(" Stop ")+` \u2192 flow-ai-obs Stop (timeout: 15s)
119
- `),o.length>0&&(process.stdout.write(`
120
- `),process.stdout.write(_(` \u26A0 Third-party hooks detected and preserved on: ${o.join(", ")}
121
- `)),process.stdout.write(w(` flow-ai-obs was prepended \u2014 it executes first.
120
+ `),process.stdout.write(S(" UserPromptSubmit")+` \u2192 flow-ai-obs UserPromptSubmit (timeout: 5s)
121
+ `),process.stdout.write(S(" PreToolUse ")+` \u2192 flow-ai-obs PreToolUse (timeout: 3s)
122
+ `),process.stdout.write(S(" PostToolUse ")+` \u2192 flow-ai-obs PostToolUse (timeout: 10s)
123
+ `),process.stdout.write(S(" Stop ")+` \u2192 flow-ai-obs Stop (timeout: 15s)
124
+ `),i.length>0&&(process.stdout.write(`
125
+ `),process.stdout.write(k(` \u26A0 Third-party hooks detected and preserved on: ${i.join(", ")}
126
+ `)),process.stdout.write(S(` flow-ai-obs was prepended \u2014 it executes first.
122
127
  `))),process.stdout.write(`
123
- `),process.stdout.write(w(" Settings: ")+s+`
124
- `),process.stdout.write(w(" Backup: ")+s+`.bkp
125
- `),process.stdout.write(w(" OTEL auth: flow-ai-obs otel-headers")+w(` (reads keychain at runtime)
126
- `));let a=r??rt()??process.env.FLOW_BASE_URL??"https://flow.ciandt.com";process.stdout.write(w(" Base URL: ")+a+`
128
+ `),process.stdout.write(S(" Settings: ")+o+`
129
+ `),process.stdout.write(S(" Backup: ")+o+`.bkp
130
+ `),process.stdout.write(S(" OTEL auth: flow-ai-obs otel-headers")+S(` (reads keychain at runtime)
131
+ `));let c=n??st()??process.env.FLOW_BASE_URL??ie;return process.stdout.write(S(" Base URL: ")+c+`
127
132
  `),process.stdout.write(`
128
133
  `),process.stdout.write(I(` \u2713 Ready. Native OTEL + Langfuse trace capture active.
129
- `)),process.stdout.write(w(" Run `flow-ai-obs setup` to also configure the Flow LLM Proxy.\n\n"));let c=hr();return c&&process.stdout.write(_(` \u26A0 ${c}
130
-
131
- `)),0}var Qr,Je=m(()=>{"use strict";Mt();A();mt();ne();Re();Y();ke();Qr={darwin:`npm install -g @anthropic-ai/claude-code
134
+ `)),process.stdout.write(S(" Run `flow-ai-obs setup` to also configure the Flow LLM Proxy.\n\n")),0}var nn,tr=f(()=>{"use strict";Ht();A();tt();oe();Mt();$e();Y();Le();nn={darwin:`npm install -g @anthropic-ai/claude-code
132
135
  or visit: https://claude.ai/download`,linux:"npm install -g @anthropic-ai/claude-code",win32:`npm install -g @anthropic-ai/claude-code
133
- or visit: https://claude.ai/download`};});var sn={};M(sn,{runSetup:()=>so});async function so(t={}){process.stdout.write(`
136
+ or visit: https://claude.ai/download`};});var ln={};H(ln,{runSetup:()=>ao});async function ao(t={}){let e=et();if(e)return e;process.stdout.write(`
134
137
  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
135
138
  `),process.stdout.write(`\u2551 flow-ai-obs \u2014 setup \u2551
136
139
  `),process.stdout.write(`\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
137
140
 
138
- `);let e=await bt(t);if(e!==0)return process.stderr.write(`
141
+ `);let r=await Pt(t);if(r!==0)return process.stderr.write(`
139
142
  Setup aborted. Run \`flow-ai-obs auth login\` to retry.
140
143
 
141
- `),e;process.stdout.write(`
142
- `);let r=await qe({noInteractive:true});if(r!==0)return r;try{_t(Dt());}catch(s){process.stderr.write(` \u26A0 Could not write LLM Proxy config: ${s.message}
144
+ `),r;process.stdout.write(`
145
+ `);let n=await Qe({noInteractive:true});if(n!==0)return n;try{kt(Bt());}catch(o){process.stderr.write(` \u26A0 Could not write LLM Proxy config: ${o.message}
143
146
  `);}process.stdout.write(j(" Flow LLM Proxy configured")+` (model provider)
144
- `);for(let[s,o]of Object.entries(Dt()))process.stdout.write(w(` ${s.padEnd(36)}`)+o+`
147
+ `);for(let[o,i]of Object.entries(Bt()))process.stdout.write(S(` ${o.padEnd(36)}`)+i+`
145
148
  `);process.stdout.write(`
146
149
  `),process.stdout.write(` Validating connectivity to Flow OTEL endpoint\u2026
147
- `);let n=await O();return n?await br(n)?process.stdout.write(I(` \u2713 Connectivity validated \u2014 telemetry is active.
150
+ `);let s=await v();return s?await Cr(s)?process.stdout.write(I(` \u2713 Connectivity validated \u2014 telemetry is active.
148
151
 
149
- `)):process.stdout.write(_(` \u26A0 Could not reach the OTEL endpoint. Telemetry will activate once connectivity is restored.
152
+ `)):process.stdout.write(k(` \u26A0 Could not reach the OTEL endpoint. Telemetry will activate once connectivity is restored.
150
153
 
151
- `)):process.stdout.write(_(` \u26A0 Could not read stored credentials \u2014 skipping connectivity check.
154
+ `)):process.stdout.write(k(` \u26A0 Could not read stored credentials \u2014 skipping connectivity check.
152
155
 
153
156
  `)),process.stdout.write(I(` \u2713 Setup complete!
154
- `)),process.stdout.write(w(` Settings: ${G()}
157
+ `)),process.stdout.write(S(` Settings: ${W()}
155
158
 
156
- `)),0}var on=m(()=>{"use strict";A();mt();Yt();Je();Mt();Lt();});var an={};M(an,{runOtelHeaders:()=>oo});async function oo(){let t=b(process.env[f.ANTHROPIC_AUTH_TOKEN]);if(!t)try{t=await O();}catch{return process.stderr.write(`[flow-ai-obs otel-headers] Failed to read credentials
159
+ `)),0}var un=f(()=>{"use strict";A();tt();Mt();Wt();tr();Ht();bt();});var dn={};H(dn,{runOtelHeaders:()=>co});async function co(){let t=N(process.env[m.ANTHROPIC_AUTH_TOKEN]);if(!t)try{t=await v();}catch{return process.stderr.write(`[flow-ai-obs otel-headers] Failed to read credentials
157
160
  `),1}if(!t)return process.stderr.write(`[flow-ai-obs otel-headers] Not authenticated \u2014 run: flow-ai-obs auth login
158
- `),1;let e;try{e=(await x(t)).accessToken;}catch(r){return process.stderr.write(`[flow-ai-obs otel-headers] Token fetch failed: ${r.message}
161
+ `),1;let e;try{e=(await M(t)).accessToken;}catch(r){return process.stderr.write(`[flow-ai-obs otel-headers] Token fetch failed: ${r.message}
159
162
  `),1}return e?(process.stdout.write(`{"Authorization": "Bearer ${e}"}
160
163
  `),0):(process.stderr.write(`[flow-ai-obs otel-headers] Empty token received
161
- `),1)}var cn=m(()=>{"use strict";Lt();yt();Y();A();});var un={};M(un,{runCheck:()=>io});function ze(t){return !t||t.length<=8?"****":t.slice(0,4)+"****...****"+t.slice(-4)}function Wt(t){process.stdout.write(` \u2713 ${t}
162
- `);}function pe(t){process.stdout.write(` \u26A0 ${t}
163
- `);}function fe(t){process.stdout.write(` \u2717 ${t}
164
- `);}function R(t){process.stdout.write(` ${t}
165
- `);}function P(){process.stdout.write(`
166
- `);}async function io(){P(),process.stdout.write(` flow-claude-observability \u2014 configuration check
167
- `),P(),process.stdout.write(` Auth
168
- `);let t=b(process.env[f.ANTHROPIC_AUTH_TOKEN]),e=t||await O();if(!e){pe("Not authenticated \u2014 starting setup..."),P();let a=await bt();if(a!==0)return a;if(t=b(process.env[f.ANTHROPIC_AUTH_TOKEN]),e=t||await O(),!e)return fe("Authentication failed"),P(),1;P(),process.stdout.write(` Auth
169
- `);}if(!t&&!await le()){pe("Session expired \u2014 re-authenticating..."),P();let a=await bt();if(a!==0)return a;P(),process.stdout.write(` Auth
170
- `);}let r=await at()||e.clientId;Wt("Authenticated"),R(`Tenant: ${e.tenant}`),R(`User: ${r}`),P(),process.stdout.write(` Native OTEL
171
- `);let n={};try{let a=T__namespace.readFileSync(G(),"utf8");n=JSON.parse(a).env||{};}catch{}let s=Object.keys(ot).filter(a=>!n[a]);if(s.length===0?(Wt("All OTEL env vars present in settings.json"),R(`Endpoint: ${n.OTEL_EXPORTER_OTLP_ENDPOINT}`)):(pe(`${s.length} OTEL var(s) missing from settings.json \u2014 native metrics/logs disabled`),s.forEach(a=>fe(`Missing: ${a}`)),R("Run: flow-ai-obs init (restores missing vars automatically)")),P(),process.stdout.write(` Tracing
172
- `),process.env[f.FLOW_TELEMETRY]==="true"){Wt("FLOW_TELEMETRY=true (direct mode enabled)");let a=[f.LANGFUSE_BASE_URL,f.LANGFUSE_PUBLIC_KEY,f.LANGFUSE_SECRET_KEY].filter(c=>!process.env[c]);a.length>0&&a.forEach(c=>pe(`Missing: ${c}`));}else R("FLOW_TELEMETRY not set \u2014 direct mode inactive (gateway mode may still be active)");let i=await K();if(!i||i.length===0)return i&&i.authError?fe("Token refresh failed \u2014 gateway mode could not activate"):(fe("No active destinations \u2014 no traces will be sent"),R("For direct mode: set FLOW_TELEMETRY=true + LANGFUSE_BASE_URL + LANGFUSE_PUBLIC_KEY + LANGFUSE_SECRET_KEY"),R("For gateway mode: run flow-claude-observability auth login")),P(),1;for(let a of i)if(a.mode==="gateway"){let c=await vt();Wt("Mode: gateway"),R(`Endpoint: ${a.endpoint}`),R(`Token: ${ze(c?.accessToken)}`);}else a.mode==="direct"&&(Wt("Mode: direct"),R(`Endpoint: ${a.endpoint}`),R(`PK: ${ze(process.env[f.LANGFUSE_PUBLIC_KEY])}`),R(`SK: ${ze(process.env[f.LANGFUSE_SECRET_KEY])}`));return P(),process.stdout.write(` All checks passed \u2014 observability is active.
173
- `),P(),0}var dn=m(()=>{"use strict";Lt();Y();Mt();A();Yt();});function W(t,e){let r=typeof t=="object"?JSON.stringify(t):String(t??"");return r.length>e?r.slice(0,e)+" \u2026[truncated]":r}function me(t,e=100){return String(t??"").split(`
174
- `)[0].slice(0,e).trim()}function Xe(){return new Promise(t=>{let e="";process.stdin.setEncoding("utf8"),process.stdin.on("data",r=>{e+=r;}),process.stdin.on("end",()=>{try{t(JSON.parse(e));}catch{t({});}});})}function D(t){process.stdout.write(JSON.stringify(t));}var Rt=m(()=>{"use strict";});function J(){return String(BigInt(Date.now())*1000000n)}var Ze,ct,Gt=m(()=>{"use strict";Ze=()=>crypto.randomBytes(16).toString("hex"),ct=()=>crypto.randomBytes(8).toString("hex");});function Eo(t,e){let r=At.resolve(t);if(!r.startsWith(e))throw new Error(`Path traversal detected: ${t}`);return r}function Qe(t){if(!ho.test(t))throw new Error(`Invalid session ID: ${t}`);return Eo(At.join(tt.tmpdir(),`flow-obs-${t}.json`),wo)}function Pt(t){let e=Qe(t);if(!T.existsSync(e))return null;try{return JSON.parse(T.readFileSync(e,"utf8"))}catch{return null}}function Nt(t,e){T.writeFileSync(Qe(t),JSON.stringify(e),{encoding:"utf8",mode:384});}function tr(t){try{T.unlinkSync(Qe(t));}catch{}}var ho,wo,Kt=m(()=>{"use strict";ho=/^[0-9a-f-]{1,64}$/i,wo=At.normalize(tt.tmpdir())+At.sep;});function hn(t){if(!t||!T.existsSync(t))return null;try{let e=T.readFileSync(t,"utf8").trimEnd().split(`
175
- `);for(let r=e.length-1;r>=0;r--)try{let n=JSON.parse(e[r]);if(n.type==="user"&&n.uuid)return n.uuid}catch{}}catch{}return null}function er(t){if(!t||!T.existsSync(t))return null;try{let e=T.readFileSync(t,"utf8").trimEnd().split(`
176
- `),r=[],n=0,s=0;for(let o=e.length-1;o>=0;o--)try{let i=JSON.parse(e[o]);if(i.type==="user")break;if(i.type==="assistant"){let c=(i.message?.content??[]).filter(d=>d.type==="text").map(d=>d.text??"").join("");c&&r.unshift(c);let l=i.message?.usage??{};n+=(l.input_tokens??0)+(l.cache_read_input_tokens??0)+(l.cache_creation_input_tokens??0),s+=l.output_tokens??0;}}catch{}return !r.length&&n===0?null:{text:r.join(`
177
-
178
- `),inputTokens:n,outputTokens:s}}catch{}return null}var rr=m(()=>{"use strict";});function Sn(t){return t.replace(":","/")}function ge(t,e){if(!t)return null;let r=Sn(t),n=[At.join(tt.homedir(),".claude","skills",r,"SKILL.md"),At.join(e??"",".claude","skills",r,"SKILL.md")];for(let s of n)if(T.existsSync(s))try{return T.readFileSync(s,"utf8")}catch{}return null}function Tn(t){return t.split(`
179
- `)[0].match(/^\/([a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?)(?:\s.*)?$/i)?.[1]??null}function yn(t){return !!t.slashSkill||t.toolCalls.some(n=>n.tool==="Skill")?t.toolCalls.some(n=>n.tool==="Skill"&&!n.synthetic||Oo.has(n.tool))?"complete":"prerequisite_required":null}function he(t,e){if(!t)return null;let r=Sn(t),n=[At.join(tt.homedir(),".claude","skills",r),At.join(e??"",".claude","skills",r)],s=null;for(let a of n)if(T.existsSync(At.join(a,"SKILL.md"))){s=a;break}if(!s)return null;let o=[];function i(a,c){for(let l of T.readdirSync(a,{withFileTypes:true})){if(_o.has(l.name)||ko.has(l.name)||Ao.has(At.extname(l.name)))continue;let d=c?`${c}/${l.name}`:l.name;l.isDirectory()?i(At.join(a,l.name),d):o.push(d);}}return i(s,""),o.length>0?o:null}var _o,Ao,ko,Oo,we=m(()=>{"use strict";_o=new Set([".venv","__pycache__",".git","node_modules"]),Ao=new Set([".pyc",".pyo"]),ko=new Set(["SKILL.md",".DS_Store",".gitignore"]);Oo=new Set(["Read","Write","Edit","MultiEdit","Bash","Glob","Grep","TodoWrite","WebFetch","WebSearch","Agent","Task"]);});function Io(t){try{let e=t.split(".")[1].replace(/-/g,"+").replace(/_/g,"/");return JSON.parse(Buffer.from(e,"base64").toString())}catch{return null}}function bo(t,e,r,n){return new Promise(s=>{let o=new URL(t),i=o.protocol==="https:",a=(i?is__namespace.default:As__namespace.default).request({hostname:o.hostname,port:o.port||(i?443:80),path:o.pathname+o.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(e),Authorization:`Bearer ${String(r).replace(/[\r\n]/g,"")}`,FlowTenant:String(n).replace(/[\r\n]/g,"")}},c=>{c.resume(),s(c.statusCode??0);});a.on("error",()=>s(0)),a.setTimeout(5e3,()=>{a.destroy(),s(0);}),a.write(e),a.end();})}async function lt(t,e={}){try{let r=b(process.env[f.ANTHROPIC_AUTH_TOKEN]);if(!r)return;let n,s=new Promise((y,E)=>{n=setTimeout(()=>E(new Error("getToken timeout")),4e3),n.unref();}),{accessToken:o}=await Promise.race([x(r),s]);clearTimeout(n);let i=Io(o);if(!i)return;let a=i.tenant||r.tenant,c=JSON.stringify({action:t,booster:Ne().BOOSTER,metadata:e,success:!0,tenant:a,timestamp:new Date().toISOString(),os:process.platform,user:{email:i.email||"",id:i.sub||"",name:i.name||i.email||""}}),l=It(Ne().API_URL),d=await bo(l,c,o,a);u("metrics.logEvent",`action=${t} status=${d}`);}catch(r){u("metrics.logEvent",`silenced error: ${r.message}`);}}var Ee=m(()=>{"use strict";A();yt();Y();$();});async function nr(t,e=false){if(e){process.stdout.write(JSON.stringify({decision:"block",reason:Ro})+`
180
- `);return}let n=!!(await K()).authError,s=t.session_id||"unknown",o=t.prompt||"",i=t.cwd||"",a=hn(t.transcript_path)||Ze(),c=Tn(o),l=c?ge(c,i):null,d=c?he(c,i):null;Nt(s,{traceId:Ze(),spanId:ct(),startNs:J(),sessionId:s,prompt:o,cwd:i,traceName:a,transcriptPath:t.transcript_path||"",model:process.env[f.ANTHROPIC_MODEL]||"",toolCalls:[],spans:[],pendingTool:null,slashSkill:c,skillContent:l,skillArtifacts:d}),lt("SESSION_STARTED",{traceType:c?"skill":"prompt",slashSkill:c,clientIdExpired:n}),u("UserPromptSubmit",`sid=${s}`,`traceName=${a}`,`slashSkill=${c}`),D(t);}var Ro,_n=m(()=>{"use strict";Gt();Kt();rr();we();Rt();$();A();Y();Ee();Ro=`\u26D4 Your Flow API key has expired. You no longer have access to Claude Code through the Flow platform. To restore observability and access, visit ${nt()}/settings/api-keys to generate a new API key, then run: flow-ai-obs auth login`;});async function An(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},s=Pt(e);s&&(s.pendingTool={name:r,inputStr:W(n,V.TOOL_INPUT),startNs:J()},Nt(e,s)),u("PreToolUse",`sid=${e}`,`tool=${r}`,`stateFound=${!!s}`),D(t);}var kn=m(()=>{"use strict";Gt();Kt();Rt();$();A();});function p(t,e){return e==null||e===""?null:{key:t,value:{stringValue:String(e)}}}function ut(...t){return t.filter(e=>e!==null)}function On(t,e){return {resourceSpans:[{resource:{attributes:t},scopeSpans:[{scope:Po,spans:Array.isArray(e)?e:[e]}]}]}}var Po,h,vn=m(()=>{"use strict";A();Po={name:Pe.SCOPE_NAME,version:Pe.SCOPE_VERSION},h={TRACE_NAME:"langfuse.trace.name",TRACE_INPUT:"langfuse.trace.input",TRACE_OUTPUT:"langfuse.trace.output",TRACE_METADATA:"langfuse.trace.metadata",TRACE_TAGS:"langfuse.trace.tags",USER_ID:"langfuse.user.id",SESSION_ID:"langfuse.session.id",OBS_NAME:"langfuse.observation.name",OBS_INPUT:"langfuse.observation.input",OBS_OUTPUT:"langfuse.observation.output",OBS_LEVEL:"langfuse.observation.level",OBS_TYPE:"langfuse.observation.type",MODEL:"gen_ai.request.model",INPUT_TOKENS:"gen_ai.usage.input_tokens",OUTPUT_TOKENS:"gen_ai.usage.output_tokens"};});function In(t,e,r,n,s){if(process.env[f.FLOW_OBS_DEBUG]!=="1")return;let o=JSON.stringify({ts:new Date().toISOString(),request:{method:"POST",url:t,headers:e,body:JSON.parse(r)},response:{status:n,body:s}});try{T.writeFileSync(Ln,o+`
181
- `,{flag:"a",encoding:"utf8",mode:384}),u("sendTraces:dump",`request appendada em ${Ln}`);}catch(i){u("sendTraces:dump",`falha ao salvar: ${i.message}`);}}function xo(t){let e=new URL(t),r=new URL(st().GATEWAY_HEALTH);return r.hostname=e.hostname,r.port=e.port,r.protocol=e.protocol,r}function bn(t,e){return new Promise((r,n)=>{let s=t._isSSL?is__namespace.default:As__namespace.default;t.headers=Object.assign({},t.headers,{Connection:"close"});let o=s.request(t,i=>{let a=[];i.on("data",c=>a.push(c)),i.on("end",()=>r({statusCode:i.statusCode??0,body:a.join("")}));});o.setTimeout(1e4,()=>{o.destroy(new Error("Request timeout"));}),o.on("error",i=>n(new Error(`Network error: ${i.message}`))),e&&o.write(e),o.end();})}async function Rn(t,e){let r;try{r=xo(t);}catch{return false}let n=r.protocol==="https:";try{let s={};e&&(s.Authorization=String(e).replace(/[\r\n]/g,""));let o=await bn({hostname:r.hostname,port:r.port||(n?443:80),path:r.pathname,method:"GET",headers:s,_isSSL:n},null);return u("checkHealth",`url=${r.href} status=${o.statusCode}`),o.statusCode>=200&&o.statusCode<300}catch{return false}}async function Se(t,e,r){let n=JSON.stringify(t),s=new URL(e),o=s.protocol==="https:",i=String(r).replace(/[\r\n]/g,""),a={"Content-Type":"application/json",Authorization:i,"Content-Length":Buffer.byteLength(n)};u("sendTraces:request",`POST ${e}`),u("sendTraces:request",`headers=${JSON.stringify({...a,Authorization:i.slice(0,20)+"\u2026"})}`),u("sendTraces:request",`body=${n.slice(0,500)}${n.length>500?"\u2026":""}`);try{let c=await bn({hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname,method:"POST",headers:a,_isSSL:o},n);return u("sendTraces:response",`status=${c.statusCode}`),In(e,a,n,c.statusCode,c.body),c.statusCode}catch(c){return u("sendTraces:error",c.message),In(e,a,n,0,c.message),0}}var Ln,Pn=m(()=>{"use strict";A();$();Ln=At.join(tt.tmpdir(),"flow-obs-requests.ndjson");});function Do(){let t=parseInt(process.env[f.BUFFER_TTL_DAYS]??"",10);return (Number.isFinite(t)?Math.max(F.MIN_TTL_DAYS,Math.min(F.MAX_TTL_DAYS,t)):F.DEFAULT_TTL_DAYS)*24*60*60*1e3}function Mo(){let t=parseInt(process.env[f.BUFFER_MAX_FILES]??"",10);return Number.isFinite(t)?Math.max(F.MIN_MAX_FILES,Math.min(F.MAX_MAX_FILES,t)):F.DEFAULT_MAX_FILES}function Cn(t){if(/[/\\]/.test(t))throw new Error(`Invalid buffer fileId: ${t}`);return At__namespace.default.join(tt__namespace.default.tmpdir(),`${F.FILE_PREFIX}${t}.json`)}function or(){let t=tt__namespace.default.tmpdir(),e;try{e=T__namespace.default.readdirSync(t);}catch{return []}return e.filter(r=>r.startsWith(F.FILE_PREFIX)&&r.endsWith(".json")).map(r=>{let n=At__namespace.default.join(t,r),s=0;try{s=T__namespace.default.statSync(n).mtimeMs;}catch{}return {full:n,mtime:s}}).sort((r,n)=>r.mtime-n.mtime).map(r=>r.full)}function qt(t){try{let e=Mo(),r=or();if(r.length>=e){let o=r.slice(0,r.length-e+1);for(let i of o)try{T__namespace.default.unlinkSync(i);}catch{}}let n=`${Date.now()}-${Math.random().toString(36).slice(2,8)}`,s={fileId:n,bufferedAt:Date.now(),payload:t};return T__namespace.default.writeFileSync(Cn(n),JSON.stringify(s),{encoding:"utf8",mode:384}),u("buffer",`saved fileId=${n}`),n}catch(e){return u("buffer",`saveToBuffer failed: ${e.message}`),null}}function Un(t){let e=or(),r=t!=null&&t>0?t:e.length,n=[];for(let s of e){if(n.length>=r)break;try{let o=T__namespace.default.readFileSync(s,"utf8"),i=JSON.parse(o);i&&i.fileId&&i.payload&&n.push(i);}catch{u("buffer",`skipping malformed file: ${s}`);}}return n}function Fn(t){try{T__namespace.default.unlinkSync(Cn(t)),u("buffer",`deleted fileId=${t}`);}catch{}}function $n(){let t=Date.now()-Do();for(let e of or())try{let{mtimeMs:r}=T__namespace.default.statSync(e);r<t&&(T__namespace.default.unlinkSync(e),u("buffer",`evicted stale: ${At__namespace.default.basename(e)}`));}catch{}}var xn=m(()=>{"use strict";A();$();});async function Bo(t){$n();let e=Un(F.REPLAY_BATCH_SIZE);e.length&&(u("replayBufferedTraces",`replaying ${e.length} buffered trace(s)`),await Promise.allSettled(e.map(async r=>{try{let n=await Se(r.payload,t.endpoint,t.authHeader);n>=200&&n<300?(Fn(r.fileId),u("replayBufferedTraces",`replayed fileId=${r.fileId} status=${n}`)):u("replayBufferedTraces",`replay failed fileId=${r.fileId} status=${n}`);}catch(n){u("replayBufferedTraces",`replay error fileId=${r.fileId}: ${n.message}`);}})));}async function Dn(t){let e=await K();if(!e.length)return e.authError&&(u("postToLangfuse","auth refresh failed \u2014 buffering trace"),qt(t)),0;let r=await Promise.all(e.map(async o=>{if(o.mode!=="gateway")return {creds:o,healthy:true};let i=await Rn(o.endpoint,o.authHeader);return {creds:o,healthy:i}})),n=r.find(o=>o.creds.mode==="gateway"&&o.healthy)?.creds??r.find(o=>o.creds.mode==="direct")?.creds;return n&&await Bo(n),(await Promise.all(r.map(async({creds:o,healthy:i})=>{if(o.mode==="gateway"){if(!i)return u("postToLangfuse","gateway health check failed \u2014 buffering trace"),qt(t),0;let c=await Se(t,o.endpoint,o.authHeader);return (c===0||c>=500)&&(u("postToLangfuse",`gateway send failed (status ${c}) \u2014 buffering trace`),qt(t)),c}let a=await Se(t,o.endpoint,o.authHeader);return (a===0||a>=500)&&(u("postToLangfuse",`direct endpoint unavailable (status ${a}) \u2014 buffering trace`),qt(t)),a}))).find(o=>o!==0)??0}var Mn=m(()=>{"use strict";Y();$();Pn();xn();A();});var ir=m(()=>{"use strict";vn();Mn();});function X(t){if(t==null)return "";let e=typeof t=="string"?t:JSON.stringify(t);return Yo.reduce((r,{re:n,replace:s})=>r.replace(n,s),e)}var N,Ho,jo,Vo,Bn,Yo,ar=m(()=>{"use strict";N="[REDACTED]",Ho="[REDACTED-EMAIL]",jo="[REDACTED-CPF]",Vo="[REDACTED-CNPJ]",Bn="[REDACTED-PHONE]",Yo=[{re:/\b(sk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`sk-${N}`},{re:/\b(pk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`pk-${N}`},{re:/\b(Bearer\s+)[A-Za-z0-9\-._~+/]+=*/gi,replace:(t,e)=>`${e}${N}`},{re:/\b(Basic\s+)[A-Za-z0-9+/]+=*/gi,replace:(t,e)=>`${e}${N}`},{re:/(-----BEGIN [A-Z ]+-----)[^-]*(-----END [A-Z ]+-----)/g,replace:(t,e,r)=>`${e}
182
- ${N}
183
- ${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${N}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(t,e)=>`${e}${N}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${N}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${N}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${N}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(t,e,r)=>`${e}${r}${N}${r}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(t,e)=>`${e}:${N}@`},{re:/[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g,replace:()=>Ho},{re:/\b\d{3}\.\d{3}\.\d{3}-\d{2}\b/g,replace:()=>jo},{re:/\b\d{2}\.\d{3}\.\d{3}\/\d{4}-\d{2}\b/g,replace:()=>Vo},{re:/\(\d{2}\)\s?\d{4,5}[-\s]?\d{4}/g,replace:()=>Bn},{re:/\+55[\s-]?\d{2}[\s-]?\d{4,5}[-\s]?\d{4}/g,replace:()=>Bn}];});async function Hn(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},s=t.tool_response,o=s!==null&&typeof s=="object"?s.output??JSON.stringify(s):s??"",i=Pt(e);if(!i){D(t);return}let a=J(),c=i.pendingTool,l=c?.name===r,d=l?c.startNs:String(BigInt(a)-200000000n),y=l?c.inputStr:W(n,V.TOOL_INPUT),E=y,S=null;if(r==="Skill"){let ee=typeof n=="object"&&n!==null?n.skill||n.name||n.skillName||n.commandName||String(Object.values(n)[0]??""):String(n);S=ee?String(ee).trim():null;let Z=S?ge(S,i.cwd):null;Z&&(E=Z,i.skillContent||(i.skillContent=Z),i.skillArtifacts||(i.skillArtifacts=he(S,i.cwd))),S&&!i.slashSkill&&(i.slashSkill=S),u("PostToolUse","Skill tool detected",`skillName=${S}`,`contentFound=${!!Z}`);}let v=X(W(o,V.TOOL_OUTPUT)),k=/\b(error|exception|failed|failure|traceback|errno)\b/i.test(v.slice(0,500)),zt=k?"ERROR":"DEFAULT",Ut=ct(),Xt=Math.round(Number(BigInt(a)-BigInt(d))/1e6),Qt={Agent:"AGENT",Task:"AGENT"}[r]??"TOOL",te=r==="Skill"&&S?S:me(y,60);i.toolCalls.push({tool:r,brief:te,error:k,durationMs:Xt});let Ft=i.spans;Ft.push({traceId:i.traceId,spanId:Ut,parentSpanId:i.spanId,name:r,kind:3,startTimeUnixNano:d,endTimeUnixNano:a,attributes:ut(p(h.OBS_NAME,r),p(h.OBS_TYPE,Qt),p(h.OBS_LEVEL,zt),p(h.OBS_INPUT,X(E)),p(h.OBS_OUTPUT,v),p("tool.name",r),p("tool.error",String(k)),r==="Skill"&&S?p("skill.name",S):null,r==="Skill"?p("skill.invocation","slash-command"):null),status:{code:k?2:1}}),i.pendingTool=null,Nt(e,i),k&&lt("TOOL_ERROR",{toolName:r}),u("PostToolUse",`sid=${e}`,`tool=${r}`,`error=${k}`,`durationMs=${Xt}`,`totalSpans=${Ft.length}`),D(t);}var jn=m(()=>{"use strict";Gt();Kt();ir();Rt();we();$();A();ar();Ee();});function Yn(t,e,r){let n=Object.keys(Vn).find(i=>(t??"").toLowerCase().includes(i));if(!n)return;let s=Vn[n],o=(e*s.input+r*s.output)/1e6;return Math.round(o*1e6)/1e6}var Vn,Wn=m(()=>{"use strict";Vn={"claude-opus-4-6":{input:15,output:75},"claude-opus-4-5":{input:15,output:75},"claude-sonnet-4-6":{input:3,output:15},"claude-sonnet-4-5":{input:3,output:15},"claude-haiku-4-5":{input:.8,output:4},"claude-4-6-opus":{input:15,output:75},"claude-4-6-sonnet":{input:3,output:15},"claude-4-5-opus":{input:15,output:75},"claude-4-5-sonnet":{input:3,output:15},"claude-4-5-haiku":{input:.8,output:4},"claude-3-5-sonnet-20241022":{input:3,output:15},"claude-3-5-haiku-20241022":{input:.8,output:4},"claude-3-opus-20240229":{input:15,output:75}};});async function Gn(t){let e=t.session_id||"unknown",r=t.stop_reason||"end_turn",n=Pt(e);if(!n){D(t);return}n.slashSkill&&!/^[a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?$/i.test(n.slashSkill)&&(u("Stop",`sid=${e}`,`slashSkill rejected post-disk: "${n.slashSkill}"`),n.slashSkill=null);let s=J(),o=await Yr(),i=n.toolCalls,a=n.spans;if(n.slashSkill&&!i.some(g=>g.tool==="Skill")){let g=ct(),Q=n.skillContent?n.skillContent:JSON.stringify({skill:n.slashSkill});i.push({tool:"Skill",brief:n.slashSkill,error:false,durationMs:0,synthetic:true}),a.push({traceId:n.traceId,spanId:g,parentSpanId:n.spanId,name:"Skill",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:n.startNs,attributes:ut(p(h.OBS_NAME,"Skill"),p(h.OBS_TYPE,"TOOL"),p(h.OBS_LEVEL,"DEFAULT"),p(h.OBS_INPUT,Q),p(h.OBS_OUTPUT,"loaded via slash command"),p("tool.name","Skill"),p("tool.error","false"),p("skill.name",n.slashSkill),p("skill.invocation","slash-command")),status:{code:1}}),u("Stop",`slashSkill=${n.slashSkill}`,"synthetic span injected");}let c=t.transcript_path||n.transcriptPath||"",l=er(c);if(c&&(i.some(g=>g.tool==="Skill"&&!g.synthetic)||!!n.slashSkill)&&!l?.text){await new Promise(Q=>setTimeout(Q,500));let g=er(c);g?.text&&(l=g);}u("Stop",`transcriptPath=${c||"(empty)"}`,`assistantOut=${l?`text=${l.text.length}chars`:"null"}`);let y=i.length,E=i.filter(g=>g.error).length,S=X(l?.text?W(l.text,V.TRACE_OUTPUT):y===0?"No tools used":i.map((g,Q)=>`${Q+1}. ${g.tool}${g.brief?` \u2192 ${g.brief}`:""}${g.error?" [ERROR]":""}`).join(`
184
- `)),v=l?.inputTokens??0,k=l?.outputTokens??0,zt=i.map((g,Q)=>`${Q+1}. ${g.tool}${g.brief?` \u2192 ${g.brief}`:""}${g.error?" [ERROR]":""} (${g.durationMs}ms)`),Ut=!!(n.slashSkill||i.some(g=>g.tool==="Skill")),Xt=i.some(g=>g.tool==="Agent");if(!Ut&&!Xt){u("Stop",`sid=${e}`,"skipping trace \u2014 no Skill or Agent calls found"),lt("TRACE_SKIPPED",{reason:"no_skill_or_agent"}),tr(e),D(t);return}let Zt=Ut?"skill":"agent",Qt=Math.round(Number(BigInt(s)-BigInt(n.startNs))/1e6),te=Yn(n.model,v,k),pt=yn(n);pt==="prerequisite_required"&&l?.text&&(pt="complete"),pt==="prerequisite_required"&&(a.push({traceId:n.traceId,spanId:ct(),parentSpanId:n.spanId,name:"prerequisite-check",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:s,attributes:ut(p(h.OBS_NAME,"prerequisite-check"),p(h.OBS_TYPE,"EVENT"),p(h.OBS_LEVEL,"WARNING"),p(h.OBS_OUTPUT,S),p("skill.name",n.slashSkill||void 0),p("execution_status","prerequisite_required")),status:{code:1}}),u("Stop",`sid=${e}`,"prerequisite-check span injected",`skill=${n.slashSkill}`));let Ft=(()=>{if(!(!Ut||!n.prompt)){if(n.slashSkill){let g=n.prompt.replace(new RegExp(`^\\/${n.slashSkill}\\s*`,"i"),"").trim();return g?W(X(g),V.USER_INSTRUCTION):void 0}return W(X(n.prompt),V.USER_INSTRUCTION)||void 0}})(),ee=JSON.stringify({trace_type:Zt,...pt!==null&&{execution_status:pt},...n.slashSkill?{skill_name:n.slashSkill}:{},...n.skillArtifacts?.length&&{skill_artifacts:n.skillArtifacts},...Ft!==void 0&&{user_instruction:Ft},latency_ms:Qt,...v&&{tokens_input:v},...k&&{tokens_output:k},cost_usd:te,...n.model?{model:n.model}:{},toolCount:y,errorCount:E,stopReason:r,sessionId:n.sessionId,tools:zt.length?zt:void 0}),Z=X(W(n.prompt,V.TRACE_INPUT)),Jn=ut(p(h.TRACE_NAME,n.traceName),p(h.TRACE_INPUT,Z),p(h.TRACE_OUTPUT,S),p(h.OBS_INPUT,Z),p(h.OBS_OUTPUT,S),p(h.TRACE_METADATA,ee),p(h.SESSION_ID,n.sessionId),p(h.USER_ID,o.user),p(h.OBS_TYPE,"GENERATION"),p(h.MODEL,n.model),v?p(h.INPUT_TOKENS,v):null,k?p(h.OUTPUT_TOKENS,k):null,p("claude.stop_reason",r),p("claude.tool_count",String(y)),p("claude.error_count",String(E)),p("claude.session_id",n.sessionId),p("flow.trace_type",Zt),{key:h.TRACE_TAGS,value:{arrayValue:{values:[{stringValue:Zt}]}}}),zn={traceId:n.traceId,spanId:n.spanId,name:n.traceName,kind:1,startTimeUnixNano:n.startNs,endTimeUnixNano:s,attributes:Jn,status:{code:E>0?2:1}},Xn=ut(p("service.name",process.env.LANGFUSE_PROJECT_NAME||"claude-code"),p("deployment.environment",process.env.LANGFUSE_ENVIRONMENT||"default")),cr=[...a,zn];u("Stop",`sid=${e}`,`totalTools=${y}`,`errorTools=${E}`,`spans=${cr.length}`,`inputTokens=${v}`,`outputTokens=${k}`,`traceOutput="${me(S,80)}"`);let Zn=await Dn(On(Xn,cr));u("Stop",`POST status=${Zn}`,`traceId=${n.traceId}`),lt("TRACE_SENT",{latencyMs:Qt,totalTools:y,errorTools:E,inputTokens:v,outputTokens:k,costUsd:te}),tr(e),D(t);}var Kn=m(()=>{"use strict";Gt();Kt();ir();Y();Wn();rr();Rt();$();we();ar();A();Ee();});async function Wo(){let t=process.argv[2];if(t==="UserPromptSubmit"){let r=await Xe(),n;try{n=await K();}catch{process.stdout.write(JSON.stringify(r));return}n.authError?await nr(r,true):n.length>0?await nr(r):process.stdout.write(JSON.stringify(r));return}if(!await Wr()){let r=[];process.stdin.on("data",n=>r.push(n)),process.stdin.on("end",()=>process.stdout.write(r.join("")));return}let e=await Xe();switch(t){case "PreToolUse":await An(e);break;case "PostToolUse":await Hn(e);break;case "Stop":await Gn(e);break;default:process.stderr.write(`[flow-obs] unknown event: ${t}
185
- `),process.stdout.write(JSON.stringify(e));}}var qn=m(()=>{"use strict";Y();Rt();_n();kn();jn();Kn();Wo().catch(t=>{process.stderr.write(`[flow-obs] fatal: ${t.message}
186
- `),process.exit(0);});});var Ko=new Set(["UserPromptSubmit","PreToolUse","PostToolUse","Stop"]),[,,C,Jt]=process.argv;function dt(t,e){let r=t.indexOf(e);return r!==-1?t[r+1]:void 0}if(C==="--version"||C==="-v"){let{version:t}=re();process.stdout.write(t+`
187
- `),process.exit(0);}else if(C==="--help"||C==="-h"){let{bold:t,cyan:e,dim:r}=(mt(),L(ye)),{version:n}=re();process.stdout.write(`
164
+ `),1)}var pn=f(()=>{"use strict";bt();At();Y();A();});var mn={};H(mn,{runCheck:()=>lo});function er(t){return !t||t.length<=8?"****":t.slice(0,4)+"****...****"+t.slice(-4)}function Kt(t){process.stdout.write(` \u2713 ${t}
165
+ `);}function ge(t){process.stdout.write(` \u26A0 ${t}
166
+ `);}function he(t){process.stdout.write(` \u2717 ${t}
167
+ `);}function C(t){process.stdout.write(` ${t}
168
+ `);}function U(){process.stdout.write(`
169
+ `);}async function lo(){U(),process.stdout.write(` flow-claude-observability \u2014 configuration check
170
+ `),U(),process.stdout.write(` Auth
171
+ `);let t=N(process.env[m.ANTHROPIC_AUTH_TOKEN]),e=t||await v();if(!e){ge("Not authenticated \u2014 starting setup..."),U();let a=await Pt();if(a!==0)return a;if(t=N(process.env[m.ANTHROPIC_AUTH_TOKEN]),e=t||await v(),!e)return he("Authentication failed"),U(),1;U(),process.stdout.write(` Auth
172
+ `);}if(!t&&!await pe()){ge("Session expired \u2014 re-authenticating..."),U();let a=await Pt();if(a!==0)return a;U(),process.stdout.write(` Auth
173
+ `);}let r=await lt()||e.clientId;Kt("Authenticated"),C(`Tenant: ${e.tenant}`),C(`User: ${r}`),U(),process.stdout.write(` Native OTEL
174
+ `);let n={};try{let a=y__namespace.readFileSync(W(),"utf8");n=JSON.parse(a).env||{};}catch{}let s=Object.keys(at).filter(a=>!n[a]);if(s.length===0?(Kt("All OTEL env vars present in settings.json"),C(`Endpoint: ${n.OTEL_EXPORTER_OTLP_ENDPOINT}`)):(ge(`${s.length} OTEL var(s) missing from settings.json \u2014 native metrics/logs disabled`),s.forEach(a=>he(`Missing: ${a}`)),C("Run: flow-ai-obs init (restores missing vars automatically)")),U(),process.stdout.write(` Tracing
175
+ `),process.env[m.FLOW_TELEMETRY]==="true"){Kt("FLOW_TELEMETRY=true (direct mode enabled)");let a=[m.LANGFUSE_BASE_URL,m.LANGFUSE_PUBLIC_KEY,m.LANGFUSE_SECRET_KEY].filter(c=>!process.env[c]);a.length>0&&a.forEach(c=>ge(`Missing: ${c}`));}else C("FLOW_TELEMETRY not set \u2014 direct mode inactive (gateway mode may still be active)");let i=await K();if(!i||i.length===0)return i&&i.authError?he("Token refresh failed \u2014 gateway mode could not activate"):(he("No active destinations \u2014 no traces will be sent"),C("For direct mode: set FLOW_TELEMETRY=true + LANGFUSE_BASE_URL + LANGFUSE_PUBLIC_KEY + LANGFUSE_SECRET_KEY"),C("For gateway mode: run flow-claude-observability auth login")),U(),1;for(let a of i)if(a.mode==="gateway"){let c=await It();Kt("Mode: gateway"),C(`Endpoint: ${a.endpoint}`),C(`Token: ${er(c?.accessToken)}`);}else a.mode==="direct"&&(Kt("Mode: direct"),C(`Endpoint: ${a.endpoint}`),C(`PK: ${er(process.env[m.LANGFUSE_PUBLIC_KEY])}`),C(`SK: ${er(process.env[m.LANGFUSE_SECRET_KEY])}`));return U(),process.stdout.write(` All checks passed \u2014 observability is active.
176
+ `),U(),0}var gn=f(()=>{"use strict";bt();Y();Ht();A();Wt();});function G(t,e){let r=typeof t=="object"?JSON.stringify(t):String(t??"");return r.length>e?r.slice(0,e)+" \u2026[truncated]":r}function we(t,e=100){return String(t??"").split(`
177
+ `)[0].slice(0,e).trim()}function rr(){return new Promise(t=>{let e="";process.stdin.setEncoding("utf8"),process.stdin.on("data",r=>{e+=r;}),process.stdin.on("end",()=>{try{t(JSON.parse(e));}catch{t({});}});})}function B(t){process.stdout.write(JSON.stringify(t));}var Nt=f(()=>{"use strict";});function J(){return String(BigInt(Date.now())*1000000n)}var nr,ut,qt=f(()=>{"use strict";nr=()=>crypto.randomBytes(16).toString("hex"),ut=()=>crypto.randomBytes(8).toString("hex");});function yo(t,e){let r=Ot.resolve(t);if(!r.startsWith(e))throw new Error(`Path traversal detected: ${t}`);return r}function sr(t){if(!So.test(t))throw new Error(`Invalid session ID: ${t}`);return yo(Ot.join(rt.tmpdir(),`flow-obs-${t}.json`),To)}function Ct(t){let e=sr(t);if(!y.existsSync(e))return null;try{return JSON.parse(y.readFileSync(e,"utf8"))}catch{return null}}function Ut(t,e){y.writeFileSync(sr(t),JSON.stringify(e),{encoding:"utf8",mode:384});}function or(t){try{y.unlinkSync(sr(t));}catch{}}var So,To,Jt=f(()=>{"use strict";So=/^[0-9a-f-]{1,64}$/i,To=Ot.normalize(rt.tmpdir())+Ot.sep;});function Tn(t){if(!t||!y.existsSync(t))return null;try{let e=y.readFileSync(t,"utf8").trimEnd().split(`
178
+ `);for(let r=e.length-1;r>=0;r--)try{let n=JSON.parse(e[r]);if(n.type==="user"&&n.uuid)return n.uuid}catch{}}catch{}return null}function ir(t){if(!t||!y.existsSync(t))return null;try{let e=y.readFileSync(t,"utf8").trimEnd().split(`
179
+ `),r=[],n=0,s=0;for(let o=e.length-1;o>=0;o--)try{let i=JSON.parse(e[o]);if(i.type==="user")break;if(i.type==="assistant"){let c=(i.message?.content??[]).filter(p=>p.type==="text").map(p=>p.text??"").join("");c&&r.unshift(c);let l=i.message?.usage??{};n+=(l.input_tokens??0)+(l.cache_read_input_tokens??0)+(l.cache_creation_input_tokens??0),s+=l.output_tokens??0;}}catch{}return !r.length&&n===0?null:{text:r.join(`
180
+
181
+ `),inputTokens:n,outputTokens:s}}catch{}return null}var ar=f(()=>{"use strict";});function An(t){return t.replace(":","/")}function Ee(t,e){if(!t)return null;let r=An(t),n=[Ot.join(rt.homedir(),".claude","skills",r,"SKILL.md"),Ot.join(e??"",".claude","skills",r,"SKILL.md")];for(let s of n)if(y.existsSync(s))try{return y.readFileSync(s,"utf8")}catch{}return null}function kn(t){return t.split(`
182
+ `)[0].match(/^\/([a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?)(?:\s.*)?$/i)?.[1]??null}function On(t){return !!t.slashSkill||t.toolCalls.some(n=>n.tool==="Skill")?t.toolCalls.some(n=>n.tool==="Skill"&&!n.synthetic||Io.has(n.tool))?"complete":"prerequisite_required":null}function Se(t,e){if(!t)return null;let r=An(t),n=[Ot.join(rt.homedir(),".claude","skills",r),Ot.join(e??"",".claude","skills",r)],s=null;for(let a of n)if(y.existsSync(Ot.join(a,"SKILL.md"))){s=a;break}if(!s)return null;let o=[];function i(a,c){for(let l of y.readdirSync(a,{withFileTypes:true})){if(Oo.has(l.name)||Lo.has(l.name)||vo.has(Ot.extname(l.name)))continue;let p=c?`${c}/${l.name}`:l.name;l.isDirectory()?i(Ot.join(a,l.name),p):o.push(p);}}return i(s,""),o.length>0?o:null}var Oo,vo,Lo,Io,Te=f(()=>{"use strict";Oo=new Set([".venv","__pycache__",".git","node_modules"]),vo=new Set([".pyc",".pyo"]),Lo=new Set(["SKILL.md",".DS_Store",".gitignore"]);Io=new Set(["Read","Write","Edit","MultiEdit","Bash","Glob","Grep","TodoWrite","WebFetch","WebSearch","Agent","Task"]);});function Po(t){try{let e=t.split(".")[1].replace(/-/g,"+").replace(/_/g,"/");return JSON.parse(Buffer.from(e,"base64").toString())}catch{return null}}function No(t,e,r,n){return new Promise(s=>{let o=new URL(t),i=o.protocol==="https:",a=(i?us__namespace.default:vs__namespace.default).request({hostname:o.hostname,port:o.port||(i?443:80),path:o.pathname+o.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(e),Authorization:`Bearer ${String(r).replace(/[\r\n]/g,"")}`,FlowTenant:String(n).replace(/[\r\n]/g,"")}},c=>{c.resume(),s(c.statusCode??0);});a.on("error",()=>s(0)),a.setTimeout(5e3,()=>{a.destroy(),s(0);}),a.write(e),a.end();})}async function dt(t,e={}){try{let r=N(process.env[m.ANTHROPIC_AUTH_TOKEN]);if(!r)return;let n,s=new Promise((T,g)=>{n=setTimeout(()=>g(new Error("getToken timeout")),4e3),n.unref();}),{accessToken:o}=await Promise.race([M(r),s]);clearTimeout(n);let i=Po(o);if(!i)return;let a=i.tenant||r.tenant,c=JSON.stringify({action:t,booster:xe().BOOSTER,metadata:e,success:!0,tenant:a,timestamp:new Date().toISOString(),os:process.platform,user:{email:i.email||"",id:i.sub||"",name:i.name||i.email||""}}),l=Rt(xe().API_URL),p=await No(l,c,o,a);u("metrics.logEvent",`action=${t} status=${p}`);}catch(r){u("metrics.logEvent",`silenced error: ${r.message}`);}}var ye=f(()=>{"use strict";A();At();Y();D();});async function cr(t,e=false){if(e){process.stdout.write(JSON.stringify({decision:"block",reason:Co})+`
183
+ `);return}let n=!!(await K()).authError,s=t.session_id||"unknown",o=t.prompt||"",i=t.cwd||"",a=Tn(t.transcript_path)||nr(),c=kn(o),l=c?Ee(c,i):null,p=c?Se(c,i):null;Ut(s,{traceId:nr(),spanId:ut(),startNs:J(),sessionId:s,prompt:o,cwd:i,traceName:a,transcriptPath:t.transcript_path||"",model:process.env[m.ANTHROPIC_MODEL]||"",toolCalls:[],spans:[],pendingTool:null,slashSkill:c,skillContent:l,skillArtifacts:p}),dt("SESSION_STARTED",{traceType:c?"skill":"prompt",slashSkill:c,clientIdExpired:n}),u("UserPromptSubmit",`sid=${s}`,`traceName=${a}`,`slashSkill=${c}`),B(t);}var Co,vn=f(()=>{"use strict";qt();Jt();ar();Te();Nt();D();A();Y();ye();Co=`\u26D4 Your Flow API key has expired. You no longer have access to Claude Code through the Flow platform. To restore observability and access, visit ${ot()}/settings/api-keys to generate a new API key, then run: flow-ai-obs auth login`;});async function Ln(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},s=Ct(e);s&&(s.pendingTool={name:r,inputStr:G(n,V.TOOL_INPUT),startNs:J()},Ut(e,s)),u("PreToolUse",`sid=${e}`,`tool=${r}`,`stateFound=${!!s}`),B(t);}var In=f(()=>{"use strict";qt();Jt();Nt();D();A();});function d(t,e){return e==null||e===""?null:{key:t,value:{stringValue:String(e)}}}function pt(...t){return t.filter(e=>e!==null)}function bn(t,e){return {resourceSpans:[{resource:{attributes:t},scopeSpans:[{scope:Uo,spans:Array.isArray(e)?e:[e]}]}]}}var Uo,w,Rn=f(()=>{"use strict";A();Uo={name:Fe.SCOPE_NAME,version:Fe.SCOPE_VERSION},w={TRACE_NAME:"langfuse.trace.name",TRACE_INPUT:"langfuse.trace.input",TRACE_OUTPUT:"langfuse.trace.output",TRACE_METADATA:"langfuse.trace.metadata",TRACE_TAGS:"langfuse.trace.tags",USER_ID:"langfuse.user.id",SESSION_ID:"langfuse.session.id",OBS_NAME:"langfuse.observation.name",OBS_INPUT:"langfuse.observation.input",OBS_OUTPUT:"langfuse.observation.output",OBS_LEVEL:"langfuse.observation.level",OBS_TYPE:"langfuse.observation.type",MODEL:"gen_ai.request.model",INPUT_TOKENS:"gen_ai.usage.input_tokens",OUTPUT_TOKENS:"gen_ai.usage.output_tokens"};});function Nn(t,e,r,n,s){if(process.env[m.FLOW_OBS_DEBUG]!=="1")return;let o=JSON.stringify({ts:new Date().toISOString(),request:{method:"POST",url:t,headers:e,body:JSON.parse(r)},response:{status:n,body:s}});try{y.writeFileSync(Pn,o+`
184
+ `,{flag:"a",encoding:"utf8",mode:384}),u("sendTraces:dump",`request appendada em ${Pn}`);}catch(i){u("sendTraces:dump",`falha ao salvar: ${i.message}`);}}function Bo(t){let e=new URL(t),r=new URL(it().GATEWAY_HEALTH);return r.hostname=e.hostname,r.port=e.port,r.protocol=e.protocol,r}function Cn(t,e){return new Promise((r,n)=>{let s=t._isSSL?us__namespace.default:vs__namespace.default;t.headers=Object.assign({},t.headers,{Connection:"close"});let o=s.request(t,i=>{let a=[];i.on("data",c=>a.push(c)),i.on("end",()=>r({statusCode:i.statusCode??0,body:a.join("")}));});o.setTimeout(1e4,()=>{o.destroy(new Error("Request timeout"));}),o.on("error",i=>n(new Error(`Network error: ${i.message}`))),e&&o.write(e),o.end();})}async function Un(t,e){let r;try{r=Bo(t);}catch{return false}let n=r.protocol==="https:";try{let s={};e&&(s.Authorization=String(e).replace(/[\r\n]/g,""));let o=await Cn({hostname:r.hostname,port:r.port||(n?443:80),path:r.pathname,method:"GET",headers:s,_isSSL:n},null);return u("checkHealth",`url=${r.href} status=${o.statusCode}`),o.statusCode>=200&&o.statusCode<300}catch{return false}}async function _e(t,e,r){let n=JSON.stringify(t),s=new URL(e),o=s.protocol==="https:",i=String(r).replace(/[\r\n]/g,""),a={"Content-Type":"application/json",Authorization:i,"Content-Length":Buffer.byteLength(n)};u("sendTraces:request",`POST ${e}`),u("sendTraces:request",`headers=${JSON.stringify({...a,Authorization:i.slice(0,20)+"\u2026"})}`),u("sendTraces:request",`body=${n.slice(0,500)}${n.length>500?"\u2026":""}`);try{let c=await Cn({hostname:s.hostname,port:s.port||(o?443:80),path:s.pathname,method:"POST",headers:a,_isSSL:o},n);return u("sendTraces:response",`status=${c.statusCode}`),Nn(e,a,n,c.statusCode,c.body),c.statusCode}catch(c){return u("sendTraces:error",c.message),Nn(e,a,n,0,c.message),0}}var Pn,$n=f(()=>{"use strict";A();D();Pn=Ot.join(rt.tmpdir(),"flow-obs-requests.ndjson");});function Ho(){let t=parseInt(process.env[m.BUFFER_TTL_DAYS]??"",10);return (Number.isFinite(t)?Math.max(x.MIN_TTL_DAYS,Math.min(x.MAX_TTL_DAYS,t)):x.DEFAULT_TTL_DAYS)*24*60*60*1e3}function jo(){let t=parseInt(process.env[m.BUFFER_MAX_FILES]??"",10);return Number.isFinite(t)?Math.max(x.MIN_MAX_FILES,Math.min(x.MAX_MAX_FILES,t)):x.DEFAULT_MAX_FILES}function xn(t){if(/[/\\]/.test(t))throw new Error(`Invalid buffer fileId: ${t}`);return Ot__namespace.default.join(rt__namespace.default.tmpdir(),`${x.FILE_PREFIX}${t}.json`)}function ur(){let t=rt__namespace.default.tmpdir(),e;try{e=y__namespace.default.readdirSync(t);}catch{return []}return e.filter(r=>r.startsWith(x.FILE_PREFIX)&&r.endsWith(".json")).map(r=>{let n=Ot__namespace.default.join(t,r),s=0;try{s=y__namespace.default.statSync(n).mtimeMs;}catch{}return {full:n,mtime:s}}).sort((r,n)=>r.mtime-n.mtime).map(r=>r.full)}function zt(t){try{let e=jo(),r=ur();if(r.length>=e){let o=r.slice(0,r.length-e+1);for(let i of o)try{y__namespace.default.unlinkSync(i);}catch{}}let n=`${Date.now()}-${Math.random().toString(36).slice(2,8)}`,s={fileId:n,bufferedAt:Date.now(),payload:t};return y__namespace.default.writeFileSync(xn(n),JSON.stringify(s),{encoding:"utf8",mode:384}),u("buffer",`saved fileId=${n}`),n}catch(e){return u("buffer",`saveToBuffer failed: ${e.message}`),null}}function Dn(t){let e=ur(),r=t!=null&&t>0?t:e.length,n=[];for(let s of e){if(n.length>=r)break;try{let o=y__namespace.default.readFileSync(s,"utf8"),i=JSON.parse(o);i&&i.fileId&&i.payload&&n.push(i);}catch{u("buffer",`skipping malformed file: ${s}`);}}return n}function Mn(t){try{y__namespace.default.unlinkSync(xn(t)),u("buffer",`deleted fileId=${t}`);}catch{}}function Bn(){let t=Date.now()-Ho();for(let e of ur())try{let{mtimeMs:r}=y__namespace.default.statSync(e);r<t&&(y__namespace.default.unlinkSync(e),u("buffer",`evicted stale: ${Ot__namespace.default.basename(e)}`));}catch{}}var Hn=f(()=>{"use strict";A();D();});async function Vo(t){Bn();let e=Dn(x.REPLAY_BATCH_SIZE);e.length&&(u("replayBufferedTraces",`replaying ${e.length} buffered trace(s)`),await Promise.allSettled(e.map(async r=>{try{let n=await _e(r.payload,t.endpoint,t.authHeader);n>=200&&n<300?(Mn(r.fileId),u("replayBufferedTraces",`replayed fileId=${r.fileId} status=${n}`)):u("replayBufferedTraces",`replay failed fileId=${r.fileId} status=${n}`);}catch(n){u("replayBufferedTraces",`replay error fileId=${r.fileId}: ${n.message}`);}})));}async function jn(t){let e=await K();if(!e.length)return e.authError&&(u("postToLangfuse","auth refresh failed \u2014 buffering trace"),zt(t)),0;let r=await Promise.all(e.map(async o=>{if(o.mode!=="gateway")return {creds:o,healthy:true};let i=await Un(o.endpoint,o.authHeader);return {creds:o,healthy:i}})),n=r.find(o=>o.creds.mode==="gateway"&&o.healthy)?.creds??r.find(o=>o.creds.mode==="direct")?.creds;return n&&await Vo(n),(await Promise.all(r.map(async({creds:o,healthy:i})=>{if(o.mode==="gateway"){if(!i)return u("postToLangfuse","gateway health check failed \u2014 buffering trace"),zt(t),0;let c=await _e(t,o.endpoint,o.authHeader);return (c===0||c>=500)&&(u("postToLangfuse",`gateway send failed (status ${c}) \u2014 buffering trace`),zt(t)),c}let a=await _e(t,o.endpoint,o.authHeader);return (a===0||a>=500)&&(u("postToLangfuse",`direct endpoint unavailable (status ${a}) \u2014 buffering trace`),zt(t)),a}))).find(o=>o!==0)??0}var Vn=f(()=>{"use strict";Y();D();$n();Hn();A();});var dr=f(()=>{"use strict";Rn();Vn();});function X(t){if(t==null)return "";let e=typeof t=="string"?t:JSON.stringify(t);return Ko.reduce((r,{re:n,replace:s})=>r.replace(n,s),e)}var $,Yo,Go,Wo,Yn,Ko,pr=f(()=>{"use strict";$="[REDACTED]",Yo="[REDACTED-EMAIL]",Go="[REDACTED-CPF]",Wo="[REDACTED-CNPJ]",Yn="[REDACTED-PHONE]",Ko=[{re:/\b(sk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`sk-${$}`},{re:/\b(pk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`pk-${$}`},{re:/\b(Bearer\s+)[A-Za-z0-9\-._~+/]+=*/gi,replace:(t,e)=>`${e}${$}`},{re:/\b(Basic\s+)[A-Za-z0-9+/]+=*/gi,replace:(t,e)=>`${e}${$}`},{re:/(-----BEGIN [A-Z ]+-----)[^-]*(-----END [A-Z ]+-----)/g,replace:(t,e,r)=>`${e}
185
+ ${$}
186
+ ${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${$}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(t,e)=>`${e}${$}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${$}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${$}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${$}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(t,e,r)=>`${e}${r}${$}${r}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(t,e)=>`${e}:${$}@`},{re:/[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g,replace:()=>Yo},{re:/\b\d{3}\.\d{3}\.\d{3}-\d{2}\b/g,replace:()=>Go},{re:/\b\d{2}\.\d{3}\.\d{3}\/\d{4}-\d{2}\b/g,replace:()=>Wo},{re:/\(\d{2}\)\s?\d{4,5}[-\s]?\d{4}/g,replace:()=>Yn},{re:/\+55[\s-]?\d{2}[\s-]?\d{4,5}[-\s]?\d{4}/g,replace:()=>Yn}];});async function Gn(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},s=t.tool_response,o=s!==null&&typeof s=="object"?s.output??JSON.stringify(s):s??"",i=Ct(e);if(!i){B(t);return}let a=J(),c=i.pendingTool,l=c?.name===r,p=l?c.startNs:String(BigInt(a)-200000000n),T=l?c.inputStr:G(n,V.TOOL_INPUT),g=T,E=null;if(r==="Skill"){let ne=typeof n=="object"&&n!==null?n.skill||n.name||n.skillName||n.commandName||String(Object.values(n)[0]??""):String(n);E=ne?String(ne).trim():null;let Z=E?Ee(E,i.cwd):null;Z&&(g=Z,i.skillContent||(i.skillContent=Z),i.skillArtifacts||(i.skillArtifacts=Se(E,i.cwd))),E&&!i.slashSkill&&(i.slashSkill=E),u("PostToolUse","Skill tool detected",`skillName=${E}`,`contentFound=${!!Z}`);}let O=X(G(o,V.TOOL_OUTPUT)),_=/\b(error|exception|failed|failure|traceback|errno)\b/i.test(O.slice(0,500)),Zt=_?"ERROR":"DEFAULT",Ft=ut(),Qt=Math.round(Number(BigInt(a)-BigInt(p))/1e6),ee={Agent:"AGENT",Task:"AGENT"}[r]??"TOOL",re=r==="Skill"&&E?E:we(T,60);i.toolCalls.push({tool:r,brief:re,error:_,durationMs:Qt});let xt=i.spans;xt.push({traceId:i.traceId,spanId:Ft,parentSpanId:i.spanId,name:r,kind:3,startTimeUnixNano:p,endTimeUnixNano:a,attributes:pt(d(w.OBS_NAME,r),d(w.OBS_TYPE,ee),d(w.OBS_LEVEL,Zt),d(w.OBS_INPUT,X(g)),d(w.OBS_OUTPUT,O),d("tool.name",r),d("tool.error",String(_)),r==="Skill"&&E?d("skill.name",E):null,r==="Skill"?d("skill.invocation","slash-command"):null),status:{code:_?2:1}}),i.pendingTool=null,Ut(e,i),_&&dt("TOOL_ERROR",{toolName:r}),u("PostToolUse",`sid=${e}`,`tool=${r}`,`error=${_}`,`durationMs=${Qt}`,`totalSpans=${xt.length}`),B(t);}var Wn=f(()=>{"use strict";qt();Jt();dr();Nt();Te();D();A();pr();ye();});function qn(t,e,r){let n=Object.keys(Kn).find(i=>(t??"").toLowerCase().includes(i));if(!n)return;let s=Kn[n],o=(e*s.input+r*s.output)/1e6;return Math.round(o*1e6)/1e6}var Kn,Jn=f(()=>{"use strict";Kn={"claude-opus-4-6":{input:15,output:75},"claude-opus-4-5":{input:15,output:75},"claude-sonnet-4-6":{input:3,output:15},"claude-sonnet-4-5":{input:3,output:15},"claude-haiku-4-5":{input:.8,output:4},"claude-4-6-opus":{input:15,output:75},"claude-4-6-sonnet":{input:3,output:15},"claude-4-5-opus":{input:15,output:75},"claude-4-5-sonnet":{input:3,output:15},"claude-4-5-haiku":{input:.8,output:4},"claude-3-5-sonnet-20241022":{input:3,output:15},"claude-3-5-haiku-20241022":{input:.8,output:4},"claude-3-opus-20240229":{input:15,output:75}};});async function zn(t){let e=t.session_id||"unknown",r=t.stop_reason||"end_turn",n=Ct(e);if(!n){B(t);return}n.slashSkill&&!/^[a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?$/i.test(n.slashSkill)&&(u("Stop",`sid=${e}`,`slashSkill rejected post-disk: "${n.slashSkill}"`),n.slashSkill=null);let s=J(),o=await qr(),i=n.toolCalls,a=n.spans;if(n.slashSkill&&!i.some(h=>h.tool==="Skill")){let h=ut(),Q=n.skillContent?n.skillContent:JSON.stringify({skill:n.slashSkill});i.push({tool:"Skill",brief:n.slashSkill,error:false,durationMs:0,synthetic:true}),a.push({traceId:n.traceId,spanId:h,parentSpanId:n.spanId,name:"Skill",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:n.startNs,attributes:pt(d(w.OBS_NAME,"Skill"),d(w.OBS_TYPE,"TOOL"),d(w.OBS_LEVEL,"DEFAULT"),d(w.OBS_INPUT,Q),d(w.OBS_OUTPUT,"loaded via slash command"),d("tool.name","Skill"),d("tool.error","false"),d("skill.name",n.slashSkill),d("skill.invocation","slash-command")),status:{code:1}}),u("Stop",`slashSkill=${n.slashSkill}`,"synthetic span injected");}let c=t.transcript_path||n.transcriptPath||"",l=ir(c);if(c&&(i.some(h=>h.tool==="Skill"&&!h.synthetic)||!!n.slashSkill)&&!l?.text){await new Promise(Q=>setTimeout(Q,500));let h=ir(c);h?.text&&(l=h);}u("Stop",`transcriptPath=${c||"(empty)"}`,`assistantOut=${l?`text=${l.text.length}chars`:"null"}`);let T=i.length,g=i.filter(h=>h.error).length,E=X(l?.text?G(l.text,V.TRACE_OUTPUT):T===0?"No tools used":i.map((h,Q)=>`${Q+1}. ${h.tool}${h.brief?` \u2192 ${h.brief}`:""}${h.error?" [ERROR]":""}`).join(`
187
+ `)),O=l?.inputTokens??0,_=l?.outputTokens??0,Zt=i.map((h,Q)=>`${Q+1}. ${h.tool}${h.brief?` \u2192 ${h.brief}`:""}${h.error?" [ERROR]":""} (${h.durationMs}ms)`),Ft=!!(n.slashSkill||i.some(h=>h.tool==="Skill")),Qt=i.some(h=>h.tool==="Agent");if(!Ft&&!Qt){u("Stop",`sid=${e}`,"skipping trace \u2014 no Skill or Agent calls found"),dt("TRACE_SKIPPED",{reason:"no_skill_or_agent"}),or(e),B(t);return}let te=Ft?"skill":"agent",ee=Math.round(Number(BigInt(s)-BigInt(n.startNs))/1e6),re=qn(n.model,O,_),mt=On(n);mt==="prerequisite_required"&&l?.text&&(mt="complete"),mt==="prerequisite_required"&&(a.push({traceId:n.traceId,spanId:ut(),parentSpanId:n.spanId,name:"prerequisite-check",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:s,attributes:pt(d(w.OBS_NAME,"prerequisite-check"),d(w.OBS_TYPE,"EVENT"),d(w.OBS_LEVEL,"WARNING"),d(w.OBS_OUTPUT,E),d("skill.name",n.slashSkill||void 0),d("execution_status","prerequisite_required")),status:{code:1}}),u("Stop",`sid=${e}`,"prerequisite-check span injected",`skill=${n.slashSkill}`));let xt=(()=>{if(!(!Ft||!n.prompt)){if(n.slashSkill){let h=n.prompt.replace(new RegExp(`^\\/${n.slashSkill}\\s*`,"i"),"").trim();return h?G(X(h),V.USER_INSTRUCTION):void 0}return G(X(n.prompt),V.USER_INSTRUCTION)||void 0}})(),ne=JSON.stringify({trace_type:te,...mt!==null&&{execution_status:mt},...n.slashSkill?{skill_name:n.slashSkill}:{},...n.skillArtifacts?.length&&{skill_artifacts:n.skillArtifacts},...xt!==void 0&&{user_instruction:xt},latency_ms:ee,...O&&{tokens_input:O},..._&&{tokens_output:_},cost_usd:re,...n.model?{model:n.model}:{},toolCount:T,errorCount:g,stopReason:r,sessionId:n.sessionId,tools:Zt.length?Zt:void 0}),Z=X(G(n.prompt,V.TRACE_INPUT)),Qn=pt(d(w.TRACE_NAME,n.traceName),d(w.TRACE_INPUT,Z),d(w.TRACE_OUTPUT,E),d(w.OBS_INPUT,Z),d(w.OBS_OUTPUT,E),d(w.TRACE_METADATA,ne),d(w.SESSION_ID,n.sessionId),d(w.USER_ID,o.user),d(w.OBS_TYPE,"GENERATION"),d(w.MODEL,n.model),O?d(w.INPUT_TOKENS,O):null,_?d(w.OUTPUT_TOKENS,_):null,d("claude.stop_reason",r),d("claude.tool_count",String(T)),d("claude.error_count",String(g)),d("claude.session_id",n.sessionId),d("flow.trace_type",te),{key:w.TRACE_TAGS,value:{arrayValue:{values:[{stringValue:te}]}}}),ts={traceId:n.traceId,spanId:n.spanId,name:n.traceName,kind:1,startTimeUnixNano:n.startNs,endTimeUnixNano:s,attributes:Qn,status:{code:g>0?2:1}},es=pt(d("service.name",process.env.LANGFUSE_PROJECT_NAME||"claude-code"),d("deployment.environment",process.env.LANGFUSE_ENVIRONMENT||"default")),fr=[...a,ts];u("Stop",`sid=${e}`,`totalTools=${T}`,`errorTools=${g}`,`spans=${fr.length}`,`inputTokens=${O}`,`outputTokens=${_}`,`traceOutput="${we(E,80)}"`);let rs=await jn(bn(es,fr));u("Stop",`POST status=${rs}`,`traceId=${n.traceId}`),dt("TRACE_SENT",{latencyMs:ee,totalTools:T,errorTools:g,inputTokens:O,outputTokens:_,costUsd:re}),or(e),B(t);}var Xn=f(()=>{"use strict";qt();Jt();dr();Y();Jn();ar();Nt();D();Te();pr();A();ye();});async function qo(){let t=process.argv[2];if(t==="UserPromptSubmit"){let r=await rr(),n;try{n=await K();}catch{process.stdout.write(JSON.stringify(r));return}n.authError?await cr(r,true):n.length>0?await cr(r):process.stdout.write(JSON.stringify(r));return}if(!await Jr()){let r=[];process.stdin.on("data",n=>r.push(n)),process.stdin.on("end",()=>process.stdout.write(r.join("")));return}let e=await rr();switch(t){case "PreToolUse":await Ln(e);break;case "PostToolUse":await Gn(e);break;case "Stop":await zn(e);break;default:process.stderr.write(`[flow-obs] unknown event: ${t}
188
+ `),process.stdout.write(JSON.stringify(e));}}var Zn=f(()=>{"use strict";Y();Nt();vn();In();Wn();Xn();qo().catch(t=>{process.stderr.write(`[flow-obs] fatal: ${t.message}
189
+ `),process.exit(0);});});var zo=new Set(["UserPromptSubmit","PreToolUse","PostToolUse","Stop"]),[,,F,Xt]=process.argv;function ft(t,e){let r=t.indexOf(e);return r!==-1?t[r+1]:void 0}if(F==="--version"||F==="-v"){let{version:t}=se();process.stdout.write(t+`
190
+ `),process.exit(0);}else if(F==="--help"||F==="-h"){let{bold:t,cyan:e,dim:r}=(tt(),L(ke)),{version:n}=se();process.stdout.write(`
188
191
  `+t(" flow-ai-obs")+r(" v"+n)+`
189
192
 
190
193
  `),process.stdout.write(e(" init")+r(` Auth (if needed) + hooks + native OTEL
@@ -204,13 +207,13 @@ ${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${N}`},{re:/(aws_secret_ac
204
207
 
205
208
  `)),process.stdout.write(r(` (Hook events: UserPromptSubmit | PreToolUse | PostToolUse | Stop)
206
209
 
207
- `)),process.exit(0);}else if(C==="init"||C==="install")(async()=>{C==="install"&&process.stderr.write(`Warning: "install" is deprecated, use "init" instead
208
- `),await(wt(),L(ht)).checkForUpdateInteractive();let{runInit:t}=(Je(),L(nn)),e=process.argv.slice(3);process.exit(await t({url:dt(e,"--custom-url"),noInteractive:e.includes("--no-interactive")}));})().catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
209
- `),process.exit(1);});else if(C==="setup")(async()=>{await(wt(),L(ht)).checkForUpdateInteractive();let{runSetup:t}=(on(),L(sn)),e=process.argv.slice(3);process.exit(await t({clientId:dt(e,"--client-id"),clientSecret:dt(e,"--client-secret"),tenant:dt(e,"--tenant")}));})().catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
210
- `),process.exit(1);});else if(C==="auth")(async()=>{let{runLogin:t,runLogout:e,runStatus:r}=(Yt(),L(Ke)),n=0;if(Jt==="login"||!Jt){await(wt(),L(ht)).checkForUpdateInteractive();let s=process.argv.slice(4);n=await t({clientId:dt(s,"--client-id"),clientSecret:dt(s,"--client-secret"),tenant:dt(s,"--tenant")});}else if(Jt==="logout"){let s=process.argv.includes("--force");n=await e(s);}else Jt==="status"?(await(wt(),L(ht)).checkForUpdateInteractive(),n=await r()):(process.stderr.write(`Unknown auth subcommand: ${Jt}
210
+ `)),process.exit(0);}else if(F==="init"||F==="install")(async()=>{F==="install"&&process.stderr.write(`Warning: "install" is deprecated, use "init" instead
211
+ `),await(St(),L(Et)).checkForUpdateInteractive();let{runInit:t}=(tr(),L(cn)),e=process.argv.slice(3);process.exit(await t({url:ft(e,"--custom-url"),noInteractive:e.includes("--no-interactive")}));})().catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
212
+ `),process.exit(1);});else if(F==="setup")(async()=>{await(St(),L(Et)).checkForUpdateInteractive();let{runSetup:t}=(un(),L(ln)),e=process.argv.slice(3);process.exit(await t({clientId:ft(e,"--client-id"),clientSecret:ft(e,"--client-secret"),tenant:ft(e,"--tenant")}));})().catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
213
+ `),process.exit(1);});else if(F==="auth")(async()=>{let{runLogin:t,runLogout:e,runStatus:r}=(Wt(),L(Ze)),n=0;if(Xt==="login"||!Xt){await(St(),L(Et)).checkForUpdateInteractive();let s=process.argv.slice(4);n=await t({clientId:ft(s,"--client-id"),clientSecret:ft(s,"--client-secret"),tenant:ft(s,"--tenant")});}else if(Xt==="logout"){let s=process.argv.includes("--force");n=await e(s);}else Xt==="status"?(await(St(),L(Et)).checkForUpdateInteractive(),n=await r()):(process.stderr.write(`Unknown auth subcommand: ${Xt}
211
214
  `),process.stderr.write(`Usage: flow-ai-obs auth [login|logout|status]
212
- `),n=1);process.exit(n);})();else if(C==="otel-headers"){let{runOtelHeaders:t}=(cn(),L(an));t().then(e=>process.exit(e)).catch(()=>process.exit(1));}else if(C==="check")(async()=>{await(wt(),L(ht)).checkForUpdateInteractive();let{runCheck:t}=(dn(),L(un));process.exit(await t());})().catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
213
- `),process.exit(1);});else if(Ko.has(C))qn();else {let{bold:t,cyan:e,dim:r}=(mt(),L(ye));process.stdout.write(`
215
+ `),n=1);process.exit(n);})();else if(F==="otel-headers"){let{runOtelHeaders:t}=(pn(),L(dn));t().then(e=>process.exit(e)).catch(()=>process.exit(1));}else if(F==="check")(async()=>{await(St(),L(Et)).checkForUpdateInteractive();let{runCheck:t}=(gn(),L(mn));process.exit(await t());})().catch(t=>{process.stderr.write(`Unexpected error: ${t.message}
216
+ `),process.exit(1);});else if(zo.has(F))Zn();else {let{bold:t,cyan:e,dim:r}=(tt(),L(ke));process.stdout.write(`
214
217
  `+t(" flow-ai-obs")+`
215
218
 
216
219
  `),process.stdout.write(e(" init")+r(` Auth (if needed) + hooks + native OTEL
package/dist/index.js CHANGED
@@ -1,16 +1,16 @@
1
- 'use strict';var child_process=require('child_process'),util=require('util'),L=require('fs'),B=require('path'),st=require('os'),ir=require('https'),ar=require('http'),crypto=require('crypto');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var L__namespace=/*#__PURE__*/_interopNamespace(L);var B__namespace=/*#__PURE__*/_interopNamespace(B);var st__namespace=/*#__PURE__*/_interopNamespace(st);var ir__default=/*#__PURE__*/_interopDefault(ir);var ar__default=/*#__PURE__*/_interopDefault(ar);var xe=Object.defineProperty;var nt=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var Et=(t,e,r)=>()=>{if(r)throw r[0];try{return t&&(e=t(t=0)),e}catch(n){throw r=[n],n}};var Tt=(t,e)=>{for(var r in e)xe(t,r,{get:e[r],enumerable:true});};var qt={};Tt(qt,{MacOsKeyVaultProvider:()=>kt});var wt,kt,zt=Et(()=>{"use strict";wt=util.promisify(child_process.execFile),kt=class{static async isAvailable(){try{return L.accessSync("/usr/bin/security",L.constants.X_OK),!0}catch{return !1}}async getSecret(e,r){try{let{stdout:n}=await wt("security",["find-generic-password","-w","-a",r,"-s",e]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await wt("security",["add-generic-password","-U","-a",r,"-s",e,"-w",n]);}async deleteSecret(e,r){try{return await wt("security",["delete-generic-password","-a",r,"-s",e]),!0}catch{return !1}}getStoragePath(){return "macOS Keychain"}};});var Zt={};Tt(Zt,{LinuxKeyVaultProvider:()=>It});var Xt,It,Qt=Et(()=>{"use strict";Xt=util.promisify(child_process.execFile),It=class{static async isAvailable(){let e=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of e)try{return L.accessSync(r,L.constants.X_OK),!0}catch{}return !1}async getSecret(e,r){try{let{stdout:n}=await Xt("secret-tool",["lookup","service",e,"account",r]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await new Promise((o,s)=>{let i=child_process.spawn("secret-tool",["store","--label",e,"service",e,"account",r]);i.on("error",s),i.on("close",l=>{l===0?o():s(new Error(`secret-tool exited with code ${l}`));}),i.stdin.write(n),i.stdin.end();});}async deleteSecret(e,r){try{return await Xt("secret-tool",["clear","service",e,"account",r]),!0}catch{return !1}}getStoragePath(){return "Linux Secret Service (libsecret)"}};});var te={};Tt(te,{WindowsKeyVaultProvider:()=>Lt});var Lt,ee=Et(()=>{"use strict";Lt=class{static async isAvailable(){try{return await nt("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return !1}}async getSecret(e,r){return nt("keytar").getPassword(e,r)}async setSecret(e,r,n){await nt("keytar").setPassword(e,r,n);}async deleteSecret(e,r){return nt("keytar").deletePassword(e,r)}getStoragePath(){return "Windows Credential Manager"}};});function Yt(){if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let e=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(e)return {home:e,username:process.env.SUDO_USER}}return {home:st__namespace.homedir(),username:process.env.SUDO_USER||process.env.USER||st__namespace.userInfo().username}}var Gt="flow-ai-obs",jt="config.json";function Me(){if(process.platform==="win32"){let r=process.env.APPDATA||B__namespace.join(st__namespace.homedir(),"AppData","Roaming");return B__namespace.join(r,Gt,jt)}let t=Yt(),e=process.env.XDG_CONFIG_HOME||B__namespace.join(t.home,".config");return B__namespace.join(e,Gt,jt)}function He(){try{let t=L__namespace.readFileSync(Me(),"utf8");return JSON.parse(t)}catch{return {}}}function Wt(){let{baseUrl:t}=He();return typeof t!="string"||t.trim()===""?null:t.trim().replace(/\/$/,"")}var Ye="https://flow.ciandt.com";function x(){return Wt()??process.env.FLOW_BASE_URL??Ye}function V(){let t=x();return {AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${t}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${t}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${t}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${t}/otel`}}V();var it={SERVICE:"flow-plugins-cli",ACCOUNT_TOKEN:"token-cache"},at="FLOW-nodejs",ct="config.json",ht={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"};var S={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP",BUFFER_TTL_DAYS:"FLOW_TELEMETRY_BUFFER_TTL_DAYS",BUFFER_MAX_FILES:"FLOW_TELEMETRY_BUFFER_MAX_FILES"};var y={FILE_PREFIX:"flow-obs-buffer-",DEFAULT_TTL_DAYS:4,MIN_TTL_DAYS:1,MAX_TTL_DAYS:30,DEFAULT_MAX_FILES:50,MIN_MAX_FILES:1,MAX_MAX_FILES:500,REPLAY_BATCH_SIZE:10},Jt="flow-ai-obs-debug.log",w={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4};function At(){let t=x();return {API_URL:process.env.FLOW_METRICS_URL||`${t}/metrics-collector-api/log-event`,BOOSTER:"flow-ai-obs"}}var yt={credentials:"credentials","token-cache":"tokenCache"};function W(){let t=st__namespace.default.homedir();if(process.platform==="darwin")return B__namespace.default.join(t,"Library","Preferences",at,ct);if(process.platform==="win32"){let r=process.env.APPDATA??B__namespace.default.join(t,"AppData","Roaming");return B__namespace.default.join(r,at,ct)}let e=process.env.XDG_CONFIG_HOME??B__namespace.default.join(t,".config");return B__namespace.default.join(e,at,ct)}function Ot(){try{let t=L__namespace.default.readFileSync(W(),"utf8");return JSON.parse(t)}catch{return {}}}function Kt(t){let e=W();L__namespace.default.mkdirSync(B__namespace.default.dirname(e),{recursive:true}),L__namespace.default.writeFileSync(e,JSON.stringify(t,null,2),{encoding:"utf8",mode:384});}var ut=class{static isAvailable(){return true}static hasExistingData(){try{if(!L__namespace.default.existsSync(W()))return !1;let e=JSON.parse(L__namespace.default.readFileSync(W(),"utf8"));return !!(e&&e.credentials)}catch{return false}}async getSecret(e,r){let n=Ot(),o=yt[r]??r,s=n[o];return s?typeof s=="string"?s:JSON.stringify(s):null}async setSecret(e,r,n){let o=Ot(),s=yt[r]??r;if(r==="token-cache")try{o[s]=JSON.parse(n);}catch{o[s]=n;}else o[s]=n;Kt(o);}async deleteSecret(e,r){let n=Ot(),o=yt[r]??r;return o in n?(delete n[o],Kt(n),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${W()}`}};async function re(){return await tr()??new ut}async function tr(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:t}=await Promise.resolve().then(()=>(zt(),qt));return await t.isAvailable()?new t:null}case "linux":{let{LinuxKeyVaultProvider:t}=await Promise.resolve().then(()=>(Qt(),Zt));return await t.isAvailable()?new t:null}case "win32":{let{WindowsKeyVaultProvider:t}=await Promise.resolve().then(()=>(ee(),te));return await t.isAvailable()?new t:null}default:return null}}var Nt=it.SERVICE,ne=it.ACCOUNT_TOKEN,Rt=null;function Pt(){return Rt||(Rt=re()),Rt}async function bt(t){await(await Pt()).setSecret(Nt,ne,JSON.stringify({accessToken:t.accessToken,expiresAt:t.expiresAt,lastAuthCheckAt:t.lastAuthCheckAt}));}async function Ut(){let e=await(await Pt()).getSecret(Nt,ne);if(!e)return null;try{let r=JSON.parse(e);return {accessToken:r.accessToken,expiresAt:r.expiresAt,lastAuthCheckAt:r.lastAuthCheckAt}}catch{return null}}async function K(){let t=await Ut();if(!t||!t.accessToken)return null;try{let e=t.accessToken.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email??r.preferred_username??r.upn??r.sub??null}catch{return null}}var or=B.join(st.tmpdir(),Jt);function a(...t){if(process.env[S.FLOW_OBS_DEBUG]!=="1")return;let e=`[${new Date().toISOString()}] ${t.join(" ")}
2
- `;try{L.writeFileSync(or,e,{flag:"a"});}catch(r){process.stderr.write(`[flow-obs debug ERROR] ${r.message}
3
- `);}}var b=class extends Error{constructor(e){super(e),this.name="AuthError";}},cr=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function lr(t){if(!cr.test(t))throw new Error(`Invalid tenant value: "${t}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var se={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function ur(t,e){let r=e.length>400?e.slice(0,400)+"\u2026":e;a("toAuthError",`status=${t} body=${r}`);try{let n=JSON.parse(e);if(typeof n.error=="string"&&(a("toAuthError",`api_error_code=${n.error}`+(n.message?` api_message=${n.message}`:"")),se[n.error]))return new b(se[n.error])}catch{}return t===401||t===403||t===500?new b("Invalid credentials"):t>=400&&t<500?new b("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function q(t){return new Promise((e,r)=>{try{lr(t.tenant);}catch(p){return r(p)}let n=JSON.stringify({clientSecret:t.clientSecret}),o=new URL(V().AUTH_ENGINE),s=o.protocol==="https:",i={hostname:o.hostname,port:o.port||(s?443:80),path:o.pathname+o.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(n),FlowTenant:t.tenant}};a("getToken",`requesting token tenant=${t.tenant} host=${i.hostname} path=${i.path}`);let c=(s?ir__default.default:ar__default.default).request(i,p=>{let _=[];p.on("data",T=>_.push(T)),p.on("end",()=>{let T=_.join("");if((p.statusCode??0)>=400)return r(ur(p.statusCode??0,T));let m;try{m=JSON.parse(T);}catch{return r(new Error("Invalid response from auth engine"))}let g=m.expires_at??new Date(Date.now()+(m.expires_in??3600)*1e3).toISOString();e({accessToken:m.access_token??"",expiresAt:g});});});c.on("error",p=>r(new Error(`Network error: ${p.message}`))),c.write(n),c.end();})}var pr=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];function dr(t){return pr.some(e=>e.test(t))}function fr(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email||r.preferred_username||r.upn||r.sub||null}catch{return null}}function ft(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:o,tenant:s}=r;return !n||!o||!s?null:{clientId:n,clientSecret:o,tenant:s}}catch{return null}}function dt(t){let e;try{e=new URL(t);}catch{throw new Error(`Invalid URL: ${t}`)}let r=process.env[S.FLOW_OBS_ALLOW_HTTP]==="true";if(!r&&e.protocol!=="https:")throw new Error(`URL must use HTTPS: ${t}`);if(e.username||e.password)throw new Error(`URL must not contain embedded credentials: ${t}`);if(!r&&dr(e.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${e.hostname}`);return t}async function oe(){let t=ft(process.env[S.ANTHROPIC_AUTH_TOKEN]);if(t)return {user:await K().catch(()=>null)??t.clientId,tenant:t.tenant};return {user:"",tenant:""}}function mr(){return new Date().toISOString().slice(0,10)}async function gr(t){let e=mr(),r=await Ut();if(r?.lastAuthCheckAt!==e){a("getOrRefreshToken",`daily auth check (last: ${r?.lastAuthCheckAt??"never"})`);try{let s=await q(t);try{await bt({...s,lastAuthCheckAt:e});}catch{}return a("getOrRefreshToken",`daily check passed, expires=${s.expiresAt}`),s.accessToken}catch(s){if(s instanceof b)throw s;a("getOrRefreshToken",`daily check network error \u2014 using cache: ${s.message}`);}}let n=r!=null&&new Date(r.expiresAt)>new Date;if(a("getOrRefreshToken",`cacheValid=${n}`),n)return a("getOrRefreshToken",`using cached token, expires=${r.expiresAt}`),r.accessToken;a("getOrRefreshToken",`token expired \u2014 refreshing via auth-engine (tenant=${t.tenant} clientId=${t.clientId})`);let o=await q(t);try{await bt({...o,lastAuthCheckAt:e});}catch(s){a("getOrRefreshToken",`token cache save failed (non-fatal): ${s.message}`);}return a("getOrRefreshToken",`token refreshed, expires=${o.expiresAt}`),o.accessToken}function Sr(t,e){let r=e&&e.accessToken?e.accessToken:"";return {endpoint:t.replace(/\/$/,"")+"/flow-langfuse-gateway/v1/traces",authHeader:`Bearer ${r}`}}function _r(t,e,r){let n=Buffer.from(`${e}:${r}`).toString("base64");return {endpoint:t.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${n}`}}async function U(){let t=[],e=process.env[S.ANTHROPIC_MODEL]??"",r=ft(process.env[S.ANTHROPIC_AUTH_TOKEN]);a("resolveCredentials",r?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),r&&a("resolveCredentials",`clientId=${r.clientId}`,`tenant=${r.tenant}`);let n=r?r.tenant:"",o=process.env[S.FLOW_TELEMETRY]==="true",s=process.env[S.LANGFUSE_BASE_URL],i=process.env[S.LANGFUSE_PUBLIC_KEY],l=process.env[S.LANGFUSE_SECRET_KEY];if(o&&s&&i&&l){let m="",g=n;if(r)m=await K().catch(()=>null)??r.clientId;let h={user:m??"",tenant:g??"",team:"",project:"",model:e};t.push({mode:"direct",..._r(dt(s),i,l),...h}),a("resolveCredentials","direct mode active",`user=${h.user}`,`tenant=${h.tenant}`);}if(!r){if(t.length===0){let m=[];return m.authError=false,m}return t}let c;try{c=await gr(r);}catch(m){if(a("resolveCredentials",`token refresh failed: ${m.message}`,`(tenant=${r.tenant} clientId=${r.clientId})`),t.length>0)return t.authError=true,t;let g=[];return g.authError=true,g}let _={user:fr(c)??r.clientId,tenant:n,team:"",project:"",model:e},T=process.env[S.FLOW_TELEMETRY_GATEWAY]??x();return t.push({mode:"gateway",...Sr(dt(T),{accessToken:c}),..._}),t}async function ie(){return (await U()).length>0}function k(t,e){let r=typeof t=="object"?JSON.stringify(t):String(t??"");return r.length>e?r.slice(0,e)+" \u2026[truncated]":r}function mt(t,e=100){return String(t??"").split(`
4
- `)[0].slice(0,e).trim()}function Ct(){return new Promise(t=>{let e="";process.stdin.setEncoding("utf8"),process.stdin.on("data",r=>{e+=r;}),process.stdin.on("end",()=>{try{t(JSON.parse(e));}catch{t({});}});})}function O(t){process.stdout.write(JSON.stringify(t));}var vt=()=>crypto.randomBytes(16).toString("hex"),C=()=>crypto.randomBytes(8).toString("hex");function I(){return String(BigInt(Date.now())*1000000n)}var Ir=/^[0-9a-f-]{1,64}$/i,Lr=B.normalize(st.tmpdir())+B.sep;function Rr(t,e){let r=B.resolve(t);if(!r.startsWith(e))throw new Error(`Path traversal detected: ${t}`);return r}function Ft(t){if(!Ir.test(t))throw new Error(`Invalid session ID: ${t}`);return Rr(B.join(st.tmpdir(),`flow-obs-${t}.json`),Lr)}function M(t){let e=Ft(t);if(!L.existsSync(e))return null;try{return JSON.parse(L.readFileSync(e,"utf8"))}catch{return null}}function H(t,e){L.writeFileSync(Ft(t),JSON.stringify(e),{encoding:"utf8",mode:384});}function $t(t){try{L.unlinkSync(Ft(t));}catch{}}function pe(t){if(!t||!L.existsSync(t))return null;try{let e=L.readFileSync(t,"utf8").trimEnd().split(`
5
- `);for(let r=e.length-1;r>=0;r--)try{let n=JSON.parse(e[r]);if(n.type==="user"&&n.uuid)return n.uuid}catch{}}catch{}return null}function Dt(t){if(!t||!L.existsSync(t))return null;try{let e=L.readFileSync(t,"utf8").trimEnd().split(`
6
- `),r=[],n=0,o=0;for(let s=e.length-1;s>=0;s--)try{let i=JSON.parse(e[s]);if(i.type==="user")break;if(i.type==="assistant"){let c=(i.message?.content??[]).filter(_=>_.type==="text").map(_=>_.text??"").join("");c&&r.unshift(c);let p=i.message?.usage??{};n+=(p.input_tokens??0)+(p.cache_read_input_tokens??0)+(p.cache_creation_input_tokens??0),o+=p.output_tokens??0;}}catch{}return !r.length&&n===0?null:{text:r.join(`
1
+ 'use strict';var child_process=require('child_process'),util=require('util'),L=require('fs'),M=require('path'),ot=require('os'),ur=require('https'),pr=require('http'),crypto=require('crypto');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var L__namespace=/*#__PURE__*/_interopNamespace(L);var M__namespace=/*#__PURE__*/_interopNamespace(M);var ot__namespace=/*#__PURE__*/_interopNamespace(ot);var ur__default=/*#__PURE__*/_interopDefault(ur);var pr__default=/*#__PURE__*/_interopDefault(pr);var Be=Object.defineProperty;var st=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var Tt=(t,e,r)=>()=>{if(r)throw r[0];try{return t&&(e=t(t=0)),e}catch(n){throw r=[n],n}};var ht=(t,e)=>{for(var r in e)Be(t,r,{get:e[r],enumerable:true});};var zt={};ht(zt,{MacOsKeyVaultProvider:()=>It});var kt,It,Xt=Tt(()=>{"use strict";kt=util.promisify(child_process.execFile),It=class{static async isAvailable(){try{return L.accessSync("/usr/bin/security",L.constants.X_OK),!0}catch{return !1}}async getSecret(e,r){try{let{stdout:n}=await kt("security",["find-generic-password","-w","-a",r,"-s",e]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await kt("security",["add-generic-password","-U","-a",r,"-s",e,"-w",n]);}async deleteSecret(e,r){try{return await kt("security",["delete-generic-password","-a",r,"-s",e]),!0}catch{return !1}}getStoragePath(){return "macOS Keychain"}};});var Qt={};ht(Qt,{LinuxKeyVaultProvider:()=>Lt});var Zt,Lt,te=Tt(()=>{"use strict";Zt=util.promisify(child_process.execFile),Lt=class{static async isAvailable(){let e=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of e)try{return L.accessSync(r,L.constants.X_OK),!0}catch{}return !1}async getSecret(e,r){try{let{stdout:n}=await Zt("secret-tool",["lookup","service",e,"account",r]);return n.trim()||null}catch{return null}}async setSecret(e,r,n){await new Promise((o,s)=>{let i=child_process.spawn("secret-tool",["store","--label",e,"service",e,"account",r]);i.on("error",s),i.on("close",l=>{l===0?o():s(new Error(`secret-tool exited with code ${l}`));}),i.stdin.write(n),i.stdin.end();});}async deleteSecret(e,r){try{return await Zt("secret-tool",["clear","service",e,"account",r]),!0}catch{return !1}}getStoragePath(){return "Linux Secret Service (libsecret)"}};});var ee={};ht(ee,{WindowsKeyVaultProvider:()=>Rt});var Rt,re=Tt(()=>{"use strict";Rt=class{static async isAvailable(){try{return await st("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return !1}}async getSecret(e,r){return st("keytar").getPassword(e,r)}async setSecret(e,r,n){await st("keytar").setPassword(e,r,n);}async deleteSecret(e,r){return st("keytar").deletePassword(e,r)}getStoragePath(){return "Windows Credential Manager"}};});!process.env.NO_COLOR&&process.stdout.isTTY;function jt(){if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let e=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(e)return {home:e,username:process.env.SUDO_USER}}return {home:ot__namespace.homedir(),username:process.env.SUDO_USER||process.env.USER||ot__namespace.userInfo().username}}var Gt="flow-ai-obs",Vt="config.json";function Ge(){if(process.platform==="win32"){let r=process.env.APPDATA||M__namespace.join(ot__namespace.homedir(),"AppData","Roaming");return M__namespace.join(r,Gt,Vt)}let t=jt(),e=process.env.XDG_CONFIG_HOME||M__namespace.join(t.home,".config");return M__namespace.join(e,Gt,Vt)}function Ve(){try{let t=L__namespace.readFileSync(Ge(),"utf8");return JSON.parse(t)}catch{return {}}}function Jt(){let{baseUrl:t}=Ve();return typeof t!="string"||t.trim()===""?null:t.trim().replace(/\/$/,"")}var We="https://flow.ciandt.com";function B(){return Jt()??process.env.FLOW_BASE_URL??We}function W(){let t=B();return {AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${t}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${t}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${t}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${t}/otel`}}W();var at={SERVICE:"flow-plugins-cli",ACCOUNT_TOKEN:"token-cache"},ct="FLOW-nodejs",lt="config.json",At={SCOPE_NAME:"flow-ai-obs",SCOPE_VERSION:"0.1.0"};var S={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP",BUFFER_TTL_DAYS:"FLOW_TELEMETRY_BUFFER_TTL_DAYS",BUFFER_MAX_FILES:"FLOW_TELEMETRY_BUFFER_MAX_FILES"};var y={FILE_PREFIX:"flow-obs-buffer-",DEFAULT_TTL_DAYS:4,MIN_TTL_DAYS:1,MAX_TTL_DAYS:30,DEFAULT_MAX_FILES:50,MIN_MAX_FILES:1,MAX_MAX_FILES:500,REPLAY_BATCH_SIZE:10},Kt="flow-ai-obs-debug.log",w={TOOL_INPUT:2e4,TOOL_OUTPUT:2e4,TRACE_OUTPUT:2e4,USER_INSTRUCTION:1e4,TRACE_INPUT:5e4};function yt(){let t=B();return {API_URL:process.env.FLOW_METRICS_URL||`${t}/metrics-collector-api/log-event`,BOOSTER:"flow-ai-obs"}}var Ot={credentials:"credentials","token-cache":"tokenCache"};function J(){let t=ot__namespace.default.homedir();if(process.platform==="darwin")return M__namespace.default.join(t,"Library","Preferences",ct,lt);if(process.platform==="win32"){let r=process.env.APPDATA??M__namespace.default.join(t,"AppData","Roaming");return M__namespace.default.join(r,ct,lt)}let e=process.env.XDG_CONFIG_HOME??M__namespace.default.join(t,".config");return M__namespace.default.join(e,ct,lt)}function wt(){try{let t=L__namespace.default.readFileSync(J(),"utf8");return JSON.parse(t)}catch{return {}}}function qt(t){let e=J();L__namespace.default.mkdirSync(M__namespace.default.dirname(e),{recursive:true}),L__namespace.default.writeFileSync(e,JSON.stringify(t,null,2),{encoding:"utf8",mode:384});}var pt=class{static isAvailable(){return true}static hasExistingData(){try{if(!L__namespace.default.existsSync(J()))return !1;let e=JSON.parse(L__namespace.default.readFileSync(J(),"utf8"));return !!(e&&e.credentials)}catch{return false}}async getSecret(e,r){let n=wt(),o=Ot[r]??r,s=n[o];return s?typeof s=="string"?s:JSON.stringify(s):null}async setSecret(e,r,n){let o=wt(),s=Ot[r]??r;if(r==="token-cache")try{o[s]=JSON.parse(n);}catch{o[s]=n;}else o[s]=n;qt(o);}async deleteSecret(e,r){let n=wt(),o=Ot[r]??r;return o in n?(delete n[o],qt(n),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${J()}`}};async function ne(){return await sr()??new pt}async function sr(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:t}=await Promise.resolve().then(()=>(Xt(),zt));return await t.isAvailable()?new t:null}case "linux":{let{LinuxKeyVaultProvider:t}=await Promise.resolve().then(()=>(te(),Qt));return await t.isAvailable()?new t:null}case "win32":{let{WindowsKeyVaultProvider:t}=await Promise.resolve().then(()=>(re(),ee));return await t.isAvailable()?new t:null}default:return null}}var Pt=at.SERVICE,se=at.ACCOUNT_TOKEN,Nt=null;function bt(){return Nt||(Nt=ne()),Nt}async function Ut(t){await(await bt()).setSecret(Pt,se,JSON.stringify({accessToken:t.accessToken,expiresAt:t.expiresAt,lastAuthCheckAt:t.lastAuthCheckAt}));}async function Ct(){let e=await(await bt()).getSecret(Pt,se);if(!e)return null;try{let r=JSON.parse(e);return {accessToken:r.accessToken,expiresAt:r.expiresAt,lastAuthCheckAt:r.lastAuthCheckAt}}catch{return null}}async function q(){let t=await Ct();if(!t||!t.accessToken)return null;try{let e=t.accessToken.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email??r.preferred_username??r.upn??r.sub??null}catch{return null}}var lr=M.join(ot.tmpdir(),Kt);function a(...t){if(process.env[S.FLOW_OBS_DEBUG]!=="1")return;let e=`[${new Date().toISOString()}] ${t.join(" ")}
2
+ `;try{L.writeFileSync(lr,e,{flag:"a"});}catch(r){process.stderr.write(`[flow-obs debug ERROR] ${r.message}
3
+ `);}}var b=class extends Error{constructor(e){super(e),this.name="AuthError";}},dr=/^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$|^[a-z0-9]$/;function fr(t){if(!dr.test(t))throw new Error(`Invalid tenant value: "${t}". Tenant must be lowercase alphanumeric and hyphens (1-64 chars).`)}var oe={INVALID_CLIENT_SECRET:"Invalid Client Secret \u2014 check the value and try again",INVALID_CLIENT_ID:"Invalid Client ID \u2014 check the value and try again",INVALID_TENANT:"Invalid Tenant \u2014 check the value and try again",TENANT_NOT_FOUND:"Tenant not found \u2014 verify the tenant identifier"};function mr(t,e){let r=e.length>400?e.slice(0,400)+"\u2026":e;a("toAuthError",`status=${t} body=${r}`);try{let n=JSON.parse(e);if(typeof n.error=="string"&&(a("toAuthError",`api_error_code=${n.error}`+(n.message?` api_message=${n.message}`:"")),oe[n.error]))return new b(oe[n.error])}catch{}return t===401||t===403||t===500?new b("Invalid credentials"):t>=400&&t<500?new b("Authentication request was rejected"):new Error("Authentication service unavailable, please try again later")}function z(t){return new Promise((e,r)=>{try{fr(t.tenant);}catch(p){return r(p)}let n=JSON.stringify({clientSecret:t.clientSecret}),o=new URL(W().AUTH_ENGINE),s=o.protocol==="https:",i={hostname:o.hostname,port:o.port||(s?443:80),path:o.pathname+o.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(n),FlowTenant:t.tenant}};a("getToken",`requesting token tenant=${t.tenant} host=${i.hostname} path=${i.path}`);let c=(s?ur__default.default:pr__default.default).request(i,p=>{let E=[];p.on("data",T=>E.push(T)),p.on("end",()=>{let T=E.join("");if((p.statusCode??0)>=400)return r(mr(p.statusCode??0,T));let m;try{m=JSON.parse(T);}catch{return r(new Error("Invalid response from auth engine"))}let g=m.expires_at??new Date(Date.now()+(m.expires_in??3600)*1e3).toISOString();e({accessToken:m.access_token??"",expiresAt:g});});});c.on("error",p=>r(new Error(`Network error: ${p.message}`))),c.write(n),c.end();})}var gr=[/^localhost\.?$/i,/^127\./,/^10\./,/^172\.(1[6-9]|2\d|3[01])\./,/^192\.168\./,/^169\.254\./,/^0\.0\.0\.0$/,/^::1$/,/^\[::1\]$/,/^\[::ffff:/i,/^\[f[cd]/i,/^\[fe80:/i,/^metadata\.google\.internal\.?$/i,/^metadata\.azure\.internal\.?$/i,/(?:^|\.)localtest\.me\.?$/i,/(?:^|\.)lvh\.me\.?$/i,/(?:^|\.)vcap\.me\.?$/i];function Sr(t){return gr.some(e=>e.test(t))}function Er(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8"));return r.email||r.preferred_username||r.upn||r.sub||null}catch{return null}}function mt(t){if(!t)return null;try{let e=t.split(".");if(e.length<2)return null;let r=JSON.parse(Buffer.from(e[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:o,tenant:s}=r;return !n||!o||!s?null:{clientId:n,clientSecret:o,tenant:s}}catch{return null}}function ft(t){let e;try{e=new URL(t);}catch{throw new Error(`Invalid URL: ${t}`)}let r=process.env[S.FLOW_OBS_ALLOW_HTTP]==="true";if(!r&&e.protocol!=="https:")throw new Error(`URL must use HTTPS: ${t}`);if(e.username||e.password)throw new Error(`URL must not contain embedded credentials: ${t}`);if(!r&&Sr(e.hostname))throw new Error(`SSRF: private/loopback host not allowed: ${e.hostname}`);return t}async function ie(){let t=mt(process.env[S.ANTHROPIC_AUTH_TOKEN]);if(t)return {user:await q().catch(()=>null)??t.clientId,tenant:t.tenant};return {user:"",tenant:""}}function _r(){return new Date().toISOString().slice(0,10)}async function Tr(t){let e=_r(),r=await Ct();if(r?.lastAuthCheckAt!==e){a("getOrRefreshToken",`daily auth check (last: ${r?.lastAuthCheckAt??"never"})`);try{let s=await z(t);try{await Ut({...s,lastAuthCheckAt:e});}catch{}return a("getOrRefreshToken",`daily check passed, expires=${s.expiresAt}`),s.accessToken}catch(s){if(s instanceof b)throw s;a("getOrRefreshToken",`daily check network error \u2014 using cache: ${s.message}`);}}let n=r!=null&&new Date(r.expiresAt)>new Date;if(a("getOrRefreshToken",`cacheValid=${n}`),n)return a("getOrRefreshToken",`using cached token, expires=${r.expiresAt}`),r.accessToken;a("getOrRefreshToken",`token expired \u2014 refreshing via auth-engine (tenant=${t.tenant} clientId=${t.clientId})`);let o=await z(t);try{await Ut({...o,lastAuthCheckAt:e});}catch(s){a("getOrRefreshToken",`token cache save failed (non-fatal): ${s.message}`);}return a("getOrRefreshToken",`token refreshed, expires=${o.expiresAt}`),o.accessToken}function hr(t,e){let r=e&&e.accessToken?e.accessToken:"";return {endpoint:t.replace(/\/$/,"")+"/flow-langfuse-gateway/v1/traces",authHeader:`Bearer ${r}`}}function Ar(t,e,r){let n=Buffer.from(`${e}:${r}`).toString("base64");return {endpoint:t.replace(/\/$/,"")+"/api/public/otel/v1/traces",authHeader:`Basic ${n}`}}async function U(){let t=[],e=process.env[S.ANTHROPIC_MODEL]??"",r=mt(process.env[S.ANTHROPIC_AUTH_TOKEN]);a("resolveCredentials",r?"credentials resolved from ANTHROPIC_AUTH_TOKEN":"ANTHROPIC_AUTH_TOKEN absent or invalid"),r&&a("resolveCredentials",`clientId=${r.clientId}`,`tenant=${r.tenant}`);let n=r?r.tenant:"",o=process.env[S.FLOW_TELEMETRY]==="true",s=process.env[S.LANGFUSE_BASE_URL],i=process.env[S.LANGFUSE_PUBLIC_KEY],l=process.env[S.LANGFUSE_SECRET_KEY];if(o&&s&&i&&l){let m="",g=n;if(r)m=await q().catch(()=>null)??r.clientId;let h={user:m??"",tenant:g??"",team:"",project:"",model:e};t.push({mode:"direct",...Ar(ft(s),i,l),...h}),a("resolveCredentials","direct mode active",`user=${h.user}`,`tenant=${h.tenant}`);}if(!r){if(t.length===0){let m=[];return m.authError=false,m}return t}let c;try{c=await Tr(r);}catch(m){if(a("resolveCredentials",`token refresh failed: ${m.message}`,`(tenant=${r.tenant} clientId=${r.clientId})`),t.length>0)return t.authError=true,t;let g=[];return g.authError=true,g}let E={user:Er(c)??r.clientId,tenant:n,team:"",project:"",model:e},T=process.env[S.FLOW_TELEMETRY_GATEWAY]??B();return t.push({mode:"gateway",...hr(ft(T),{accessToken:c}),...E}),t}async function ae(){return (await U()).length>0}function k(t,e){let r=typeof t=="object"?JSON.stringify(t):String(t??"");return r.length>e?r.slice(0,e)+" \u2026[truncated]":r}function gt(t,e=100){return String(t??"").split(`
4
+ `)[0].slice(0,e).trim()}function vt(){return new Promise(t=>{let e="";process.stdin.setEncoding("utf8"),process.stdin.on("data",r=>{e+=r;}),process.stdin.on("end",()=>{try{t(JSON.parse(e));}catch{t({});}});})}function O(t){process.stdout.write(JSON.stringify(t));}var $t=()=>crypto.randomBytes(16).toString("hex"),C=()=>crypto.randomBytes(8).toString("hex");function I(){return String(BigInt(Date.now())*1000000n)}var Pr=/^[0-9a-f-]{1,64}$/i,br=M.normalize(ot.tmpdir())+M.sep;function Ur(t,e){let r=M.resolve(t);if(!r.startsWith(e))throw new Error(`Path traversal detected: ${t}`);return r}function Ft(t){if(!Pr.test(t))throw new Error(`Invalid session ID: ${t}`);return Ur(M.join(ot.tmpdir(),`flow-obs-${t}.json`),br)}function H(t){let e=Ft(t);if(!L.existsSync(e))return null;try{return JSON.parse(L.readFileSync(e,"utf8"))}catch{return null}}function Y(t,e){L.writeFileSync(Ft(t),JSON.stringify(e),{encoding:"utf8",mode:384});}function Dt(t){try{L.unlinkSync(Ft(t));}catch{}}function de(t){if(!t||!L.existsSync(t))return null;try{let e=L.readFileSync(t,"utf8").trimEnd().split(`
5
+ `);for(let r=e.length-1;r>=0;r--)try{let n=JSON.parse(e[r]);if(n.type==="user"&&n.uuid)return n.uuid}catch{}}catch{}return null}function xt(t){if(!t||!L.existsSync(t))return null;try{let e=L.readFileSync(t,"utf8").trimEnd().split(`
6
+ `),r=[],n=0,o=0;for(let s=e.length-1;s>=0;s--)try{let i=JSON.parse(e[s]);if(i.type==="user")break;if(i.type==="assistant"){let c=(i.message?.content??[]).filter(E=>E.type==="text").map(E=>E.text??"").join("");c&&r.unshift(c);let p=i.message?.usage??{};n+=(p.input_tokens??0)+(p.cache_read_input_tokens??0)+(p.cache_creation_input_tokens??0),o+=p.output_tokens??0;}}catch{}return !r.length&&n===0?null:{text:r.join(`
7
7
 
8
- `),inputTokens:n,outputTokens:o}}catch{}return null}var Ur=new Set([".venv","__pycache__",".git","node_modules"]),Cr=new Set([".pyc",".pyo"]),vr=new Set(["SKILL.md",".DS_Store",".gitignore"]);function me(t){return t.replace(":","/")}function gt(t,e){if(!t)return null;let r=me(t),n=[B.join(st.homedir(),".claude","skills",r,"SKILL.md"),B.join(e??"",".claude","skills",r,"SKILL.md")];for(let o of n)if(L.existsSync(o))try{return L.readFileSync(o,"utf8")}catch{}return null}function ge(t){return t.split(`
9
- `)[0].match(/^\/([a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?)(?:\s.*)?$/i)?.[1]??null}var Fr=new Set(["Read","Write","Edit","MultiEdit","Bash","Glob","Grep","TodoWrite","WebFetch","WebSearch","Agent","Task"]);function Se(t){return !!t.slashSkill||t.toolCalls.some(n=>n.tool==="Skill")?t.toolCalls.some(n=>n.tool==="Skill"&&!n.synthetic||Fr.has(n.tool))?"complete":"prerequisite_required":null}function St(t,e){if(!t)return null;let r=me(t),n=[B.join(st.homedir(),".claude","skills",r),B.join(e??"",".claude","skills",r)],o=null;for(let l of n)if(L.existsSync(B.join(l,"SKILL.md"))){o=l;break}if(!o)return null;let s=[];function i(l,c){for(let p of L.readdirSync(l,{withFileTypes:true})){if(Ur.has(p.name)||vr.has(p.name)||Cr.has(B.extname(p.name)))continue;let _=c?`${c}/${p.name}`:p.name;p.isDirectory()?i(B.join(l,p.name),_):s.push(_);}}return i(o,""),s.length>0?s:null}function xr(t){try{let e=t.split(".")[1].replace(/-/g,"+").replace(/_/g,"/");return JSON.parse(Buffer.from(e,"base64").toString())}catch{return null}}function Br(t,e,r,n){return new Promise(o=>{let s=new URL(t),i=s.protocol==="https:",l=(i?ir__default.default:ar__default.default).request({hostname:s.hostname,port:s.port||(i?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(e),Authorization:`Bearer ${String(r).replace(/[\r\n]/g,"")}`,FlowTenant:String(n).replace(/[\r\n]/g,"")}},c=>{c.resume(),o(c.statusCode??0);});l.on("error",()=>o(0)),l.setTimeout(5e3,()=>{l.destroy(),o(0);}),l.write(e),l.end();})}async function v(t,e={}){try{let r=ft(process.env[S.ANTHROPIC_AUTH_TOKEN]);if(!r)return;let n,o=new Promise((T,m)=>{n=setTimeout(()=>m(new Error("getToken timeout")),4e3),n.unref();}),{accessToken:s}=await Promise.race([q(r),o]);clearTimeout(n);let i=xr(s);if(!i)return;let l=i.tenant||r.tenant,c=JSON.stringify({action:t,booster:At().BOOSTER,metadata:e,success:!0,tenant:l,timestamp:new Date().toISOString(),os:process.platform,user:{email:i.email||"",id:i.sub||"",name:i.name||i.email||""}}),p=dt(At().API_URL),_=await Br(p,c,s,l);a("metrics.logEvent",`action=${t} status=${_}`);}catch(r){a("metrics.logEvent",`silenced error: ${r.message}`);}}var Mr=`\u26D4 Your Flow API key has expired. You no longer have access to Claude Code through the Flow platform. To restore observability and access, visit ${x()}/settings/api-keys to generate a new API key, then run: flow-ai-obs auth login`;async function xt(t,e=false){if(e){process.stdout.write(JSON.stringify({decision:"block",reason:Mr})+`
10
- `);return}let n=!!(await U()).authError,o=t.session_id||"unknown",s=t.prompt||"",i=t.cwd||"",l=pe(t.transcript_path)||vt(),c=ge(s),p=c?gt(c,i):null,_=c?St(c,i):null;H(o,{traceId:vt(),spanId:C(),startNs:I(),sessionId:o,prompt:s,cwd:i,traceName:l,transcriptPath:t.transcript_path||"",model:process.env[S.ANTHROPIC_MODEL]||"",toolCalls:[],spans:[],pendingTool:null,slashSkill:c,skillContent:p,skillArtifacts:_}),v("SESSION_STARTED",{traceType:c?"skill":"prompt",slashSkill:c,clientIdExpired:n}),a("UserPromptSubmit",`sid=${o}`,`traceName=${l}`,`slashSkill=${c}`),O(t);}async function _e(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},o=M(e);o&&(o.pendingTool={name:r,inputStr:k(n,w.TOOL_INPUT),startNs:I()},H(e,o)),a("PreToolUse",`sid=${e}`,`tool=${r}`,`stateFound=${!!o}`),O(t);}var Hr={name:ht.SCOPE_NAME,version:ht.SCOPE_VERSION},f={TRACE_NAME:"langfuse.trace.name",TRACE_INPUT:"langfuse.trace.input",TRACE_OUTPUT:"langfuse.trace.output",TRACE_METADATA:"langfuse.trace.metadata",TRACE_TAGS:"langfuse.trace.tags",USER_ID:"langfuse.user.id",SESSION_ID:"langfuse.session.id",OBS_NAME:"langfuse.observation.name",OBS_INPUT:"langfuse.observation.input",OBS_OUTPUT:"langfuse.observation.output",OBS_LEVEL:"langfuse.observation.level",OBS_TYPE:"langfuse.observation.type",MODEL:"gen_ai.request.model",INPUT_TOKENS:"gen_ai.usage.input_tokens",OUTPUT_TOKENS:"gen_ai.usage.output_tokens"};function u(t,e){return e==null||e===""?null:{key:t,value:{stringValue:String(e)}}}function F(...t){return t.filter(e=>e!==null)}function Ee(t,e){return {resourceSpans:[{resource:{attributes:t},scopeSpans:[{scope:Hr,spans:Array.isArray(e)?e:[e]}]}]}}var Te=B.join(st.tmpdir(),"flow-obs-requests.ndjson");function he(t,e,r,n,o){if(process.env[S.FLOW_OBS_DEBUG]!=="1")return;let s=JSON.stringify({ts:new Date().toISOString(),request:{method:"POST",url:t,headers:e,body:JSON.parse(r)},response:{status:n,body:o}});try{L.writeFileSync(Te,s+`
11
- `,{flag:"a",encoding:"utf8",mode:384}),a("sendTraces:dump",`request appendada em ${Te}`);}catch(i){a("sendTraces:dump",`falha ao salvar: ${i.message}`);}}function Jr(t){let e=new URL(t),r=new URL(V().GATEWAY_HEALTH);return r.hostname=e.hostname,r.port=e.port,r.protocol=e.protocol,r}function Ae(t,e){return new Promise((r,n)=>{let o=t._isSSL?ir__default.default:ar__default.default;t.headers=Object.assign({},t.headers,{Connection:"close"});let s=o.request(t,i=>{let l=[];i.on("data",c=>l.push(c)),i.on("end",()=>r({statusCode:i.statusCode??0,body:l.join("")}));});s.setTimeout(1e4,()=>{s.destroy(new Error("Request timeout"));}),s.on("error",i=>n(new Error(`Network error: ${i.message}`))),e&&s.write(e),s.end();})}async function ye(t,e){let r;try{r=Jr(t);}catch{return false}let n=r.protocol==="https:";try{let o={};e&&(o.Authorization=String(e).replace(/[\r\n]/g,""));let s=await Ae({hostname:r.hostname,port:r.port||(n?443:80),path:r.pathname,method:"GET",headers:o,_isSSL:n},null);return a("checkHealth",`url=${r.href} status=${s.statusCode}`),s.statusCode>=200&&s.statusCode<300}catch{return false}}async function _t(t,e,r){let n=JSON.stringify(t),o=new URL(e),s=o.protocol==="https:",i=String(r).replace(/[\r\n]/g,""),l={"Content-Type":"application/json",Authorization:i,"Content-Length":Buffer.byteLength(n)};a("sendTraces:request",`POST ${e}`),a("sendTraces:request",`headers=${JSON.stringify({...l,Authorization:i.slice(0,20)+"\u2026"})}`),a("sendTraces:request",`body=${n.slice(0,500)}${n.length>500?"\u2026":""}`);try{let c=await Ae({hostname:o.hostname,port:o.port||(s?443:80),path:o.pathname,method:"POST",headers:l,_isSSL:s},n);return a("sendTraces:response",`status=${c.statusCode}`),he(e,l,n,c.statusCode,c.body),c.statusCode}catch(c){return a("sendTraces:error",c.message),he(e,l,n,0,c.message),0}}function Kr(){let t=parseInt(process.env[S.BUFFER_TTL_DAYS]??"",10);return (Number.isFinite(t)?Math.max(y.MIN_TTL_DAYS,Math.min(y.MAX_TTL_DAYS,t)):y.DEFAULT_TTL_DAYS)*24*60*60*1e3}function qr(){let t=parseInt(process.env[S.BUFFER_MAX_FILES]??"",10);return Number.isFinite(t)?Math.max(y.MIN_MAX_FILES,Math.min(y.MAX_MAX_FILES,t)):y.DEFAULT_MAX_FILES}function we(t){if(/[/\\]/.test(t))throw new Error(`Invalid buffer fileId: ${t}`);return B__namespace.default.join(st__namespace.default.tmpdir(),`${y.FILE_PREFIX}${t}.json`)}function Mt(){let t=st__namespace.default.tmpdir(),e;try{e=L__namespace.default.readdirSync(t);}catch{return []}return e.filter(r=>r.startsWith(y.FILE_PREFIX)&&r.endsWith(".json")).map(r=>{let n=B__namespace.default.join(t,r),o=0;try{o=L__namespace.default.statSync(n).mtimeMs;}catch{}return {full:n,mtime:o}}).sort((r,n)=>r.mtime-n.mtime).map(r=>r.full)}function z(t){try{let e=qr(),r=Mt();if(r.length>=e){let s=r.slice(0,r.length-e+1);for(let i of s)try{L__namespace.default.unlinkSync(i);}catch{}}let n=`${Date.now()}-${Math.random().toString(36).slice(2,8)}`,o={fileId:n,bufferedAt:Date.now(),payload:t};return L__namespace.default.writeFileSync(we(n),JSON.stringify(o),{encoding:"utf8",mode:384}),a("buffer",`saved fileId=${n}`),n}catch(e){return a("buffer",`saveToBuffer failed: ${e.message}`),null}}function ke(t){let e=Mt(),r=t,n=[];for(let o of e){if(n.length>=r)break;try{let s=L__namespace.default.readFileSync(o,"utf8"),i=JSON.parse(s);i&&i.fileId&&i.payload&&n.push(i);}catch{a("buffer",`skipping malformed file: ${o}`);}}return n}function Ie(t){try{L__namespace.default.unlinkSync(we(t)),a("buffer",`deleted fileId=${t}`);}catch{}}function Le(){let t=Date.now()-Kr();for(let e of Mt())try{let{mtimeMs:r}=L__namespace.default.statSync(e);r<t&&(L__namespace.default.unlinkSync(e),a("buffer",`evicted stale: ${B__namespace.default.basename(e)}`));}catch{}}async function zr(t){Le();let e=ke(y.REPLAY_BATCH_SIZE);e.length&&(a("replayBufferedTraces",`replaying ${e.length} buffered trace(s)`),await Promise.allSettled(e.map(async r=>{try{let n=await _t(r.payload,t.endpoint,t.authHeader);n>=200&&n<300?(Ie(r.fileId),a("replayBufferedTraces",`replayed fileId=${r.fileId} status=${n}`)):a("replayBufferedTraces",`replay failed fileId=${r.fileId} status=${n}`);}catch(n){a("replayBufferedTraces",`replay error fileId=${r.fileId}: ${n.message}`);}})));}async function Re(t){let e=await U();if(!e.length)return e.authError&&(a("postToLangfuse","auth refresh failed \u2014 buffering trace"),z(t)),0;let r=await Promise.all(e.map(async s=>{if(s.mode!=="gateway")return {creds:s,healthy:true};let i=await ye(s.endpoint,s.authHeader);return {creds:s,healthy:i}})),n=r.find(s=>s.creds.mode==="gateway"&&s.healthy)?.creds??r.find(s=>s.creds.mode==="direct")?.creds;return n&&await zr(n),(await Promise.all(r.map(async({creds:s,healthy:i})=>{if(s.mode==="gateway"){if(!i)return a("postToLangfuse","gateway health check failed \u2014 buffering trace"),z(t),0;let c=await _t(t,s.endpoint,s.authHeader);return (c===0||c>=500)&&(a("postToLangfuse",`gateway send failed (status ${c}) \u2014 buffering trace`),z(t)),c}let l=await _t(t,s.endpoint,s.authHeader);return (l===0||l>=500)&&(a("postToLangfuse",`direct endpoint unavailable (status ${l}) \u2014 buffering trace`),z(t)),l}))).find(s=>s!==0)??0}var A="[REDACTED]",Xr="[REDACTED-EMAIL]",Zr="[REDACTED-CPF]",Qr="[REDACTED-CNPJ]",Ne="[REDACTED-PHONE]",tn=[{re:/\b(sk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`sk-${A}`},{re:/\b(pk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`pk-${A}`},{re:/\b(Bearer\s+)[A-Za-z0-9\-._~+/]+=*/gi,replace:(t,e)=>`${e}${A}`},{re:/\b(Basic\s+)[A-Za-z0-9+/]+=*/gi,replace:(t,e)=>`${e}${A}`},{re:/(-----BEGIN [A-Z ]+-----)[^-]*(-----END [A-Z ]+-----)/g,replace:(t,e,r)=>`${e}
8
+ `),inputTokens:n,outputTokens:o}}catch{}return null}var Fr=new Set([".venv","__pycache__",".git","node_modules"]),Dr=new Set([".pyc",".pyo"]),xr=new Set(["SKILL.md",".DS_Store",".gitignore"]);function ge(t){return t.replace(":","/")}function St(t,e){if(!t)return null;let r=ge(t),n=[M.join(ot.homedir(),".claude","skills",r,"SKILL.md"),M.join(e??"",".claude","skills",r,"SKILL.md")];for(let o of n)if(L.existsSync(o))try{return L.readFileSync(o,"utf8")}catch{}return null}function Se(t){return t.split(`
9
+ `)[0].match(/^\/([a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?)(?:\s.*)?$/i)?.[1]??null}var Br=new Set(["Read","Write","Edit","MultiEdit","Bash","Glob","Grep","TodoWrite","WebFetch","WebSearch","Agent","Task"]);function Ee(t){return !!t.slashSkill||t.toolCalls.some(n=>n.tool==="Skill")?t.toolCalls.some(n=>n.tool==="Skill"&&!n.synthetic||Br.has(n.tool))?"complete":"prerequisite_required":null}function Et(t,e){if(!t)return null;let r=ge(t),n=[M.join(ot.homedir(),".claude","skills",r),M.join(e??"",".claude","skills",r)],o=null;for(let l of n)if(L.existsSync(M.join(l,"SKILL.md"))){o=l;break}if(!o)return null;let s=[];function i(l,c){for(let p of L.readdirSync(l,{withFileTypes:true})){if(Fr.has(p.name)||xr.has(p.name)||Dr.has(M.extname(p.name)))continue;let E=c?`${c}/${p.name}`:p.name;p.isDirectory()?i(M.join(l,p.name),E):s.push(E);}}return i(o,""),s.length>0?s:null}function Yr(t){try{let e=t.split(".")[1].replace(/-/g,"+").replace(/_/g,"/");return JSON.parse(Buffer.from(e,"base64").toString())}catch{return null}}function jr(t,e,r,n){return new Promise(o=>{let s=new URL(t),i=s.protocol==="https:",l=(i?ur__default.default:pr__default.default).request({hostname:s.hostname,port:s.port||(i?443:80),path:s.pathname+s.search,method:"POST",headers:{"Content-Type":"application/json","Content-Length":Buffer.byteLength(e),Authorization:`Bearer ${String(r).replace(/[\r\n]/g,"")}`,FlowTenant:String(n).replace(/[\r\n]/g,"")}},c=>{c.resume(),o(c.statusCode??0);});l.on("error",()=>o(0)),l.setTimeout(5e3,()=>{l.destroy(),o(0);}),l.write(e),l.end();})}async function v(t,e={}){try{let r=mt(process.env[S.ANTHROPIC_AUTH_TOKEN]);if(!r)return;let n,o=new Promise((T,m)=>{n=setTimeout(()=>m(new Error("getToken timeout")),4e3),n.unref();}),{accessToken:s}=await Promise.race([z(r),o]);clearTimeout(n);let i=Yr(s);if(!i)return;let l=i.tenant||r.tenant,c=JSON.stringify({action:t,booster:yt().BOOSTER,metadata:e,success:!0,tenant:l,timestamp:new Date().toISOString(),os:process.platform,user:{email:i.email||"",id:i.sub||"",name:i.name||i.email||""}}),p=ft(yt().API_URL),E=await jr(p,c,s,l);a("metrics.logEvent",`action=${t} status=${E}`);}catch(r){a("metrics.logEvent",`silenced error: ${r.message}`);}}var Gr=`\u26D4 Your Flow API key has expired. You no longer have access to Claude Code through the Flow platform. To restore observability and access, visit ${B()}/settings/api-keys to generate a new API key, then run: flow-ai-obs auth login`;async function Bt(t,e=false){if(e){process.stdout.write(JSON.stringify({decision:"block",reason:Gr})+`
10
+ `);return}let n=!!(await U()).authError,o=t.session_id||"unknown",s=t.prompt||"",i=t.cwd||"",l=de(t.transcript_path)||$t(),c=Se(s),p=c?St(c,i):null,E=c?Et(c,i):null;Y(o,{traceId:$t(),spanId:C(),startNs:I(),sessionId:o,prompt:s,cwd:i,traceName:l,transcriptPath:t.transcript_path||"",model:process.env[S.ANTHROPIC_MODEL]||"",toolCalls:[],spans:[],pendingTool:null,slashSkill:c,skillContent:p,skillArtifacts:E}),v("SESSION_STARTED",{traceType:c?"skill":"prompt",slashSkill:c,clientIdExpired:n}),a("UserPromptSubmit",`sid=${o}`,`traceName=${l}`,`slashSkill=${c}`),O(t);}async function _e(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},o=H(e);o&&(o.pendingTool={name:r,inputStr:k(n,w.TOOL_INPUT),startNs:I()},Y(e,o)),a("PreToolUse",`sid=${e}`,`tool=${r}`,`stateFound=${!!o}`),O(t);}var Vr={name:At.SCOPE_NAME,version:At.SCOPE_VERSION},f={TRACE_NAME:"langfuse.trace.name",TRACE_INPUT:"langfuse.trace.input",TRACE_OUTPUT:"langfuse.trace.output",TRACE_METADATA:"langfuse.trace.metadata",TRACE_TAGS:"langfuse.trace.tags",USER_ID:"langfuse.user.id",SESSION_ID:"langfuse.session.id",OBS_NAME:"langfuse.observation.name",OBS_INPUT:"langfuse.observation.input",OBS_OUTPUT:"langfuse.observation.output",OBS_LEVEL:"langfuse.observation.level",OBS_TYPE:"langfuse.observation.type",MODEL:"gen_ai.request.model",INPUT_TOKENS:"gen_ai.usage.input_tokens",OUTPUT_TOKENS:"gen_ai.usage.output_tokens"};function u(t,e){return e==null||e===""?null:{key:t,value:{stringValue:String(e)}}}function $(...t){return t.filter(e=>e!==null)}function Te(t,e){return {resourceSpans:[{resource:{attributes:t},scopeSpans:[{scope:Vr,spans:Array.isArray(e)?e:[e]}]}]}}var he=M.join(ot.tmpdir(),"flow-obs-requests.ndjson");function Ae(t,e,r,n,o){if(process.env[S.FLOW_OBS_DEBUG]!=="1")return;let s=JSON.stringify({ts:new Date().toISOString(),request:{method:"POST",url:t,headers:e,body:JSON.parse(r)},response:{status:n,body:o}});try{L.writeFileSync(he,s+`
11
+ `,{flag:"a",encoding:"utf8",mode:384}),a("sendTraces:dump",`request appendada em ${he}`);}catch(i){a("sendTraces:dump",`falha ao salvar: ${i.message}`);}}function Xr(t){let e=new URL(t),r=new URL(W().GATEWAY_HEALTH);return r.hostname=e.hostname,r.port=e.port,r.protocol=e.protocol,r}function ye(t,e){return new Promise((r,n)=>{let o=t._isSSL?ur__default.default:pr__default.default;t.headers=Object.assign({},t.headers,{Connection:"close"});let s=o.request(t,i=>{let l=[];i.on("data",c=>l.push(c)),i.on("end",()=>r({statusCode:i.statusCode??0,body:l.join("")}));});s.setTimeout(1e4,()=>{s.destroy(new Error("Request timeout"));}),s.on("error",i=>n(new Error(`Network error: ${i.message}`))),e&&s.write(e),s.end();})}async function Oe(t,e){let r;try{r=Xr(t);}catch{return false}let n=r.protocol==="https:";try{let o={};e&&(o.Authorization=String(e).replace(/[\r\n]/g,""));let s=await ye({hostname:r.hostname,port:r.port||(n?443:80),path:r.pathname,method:"GET",headers:o,_isSSL:n},null);return a("checkHealth",`url=${r.href} status=${s.statusCode}`),s.statusCode>=200&&s.statusCode<300}catch{return false}}async function _t(t,e,r){let n=JSON.stringify(t),o=new URL(e),s=o.protocol==="https:",i=String(r).replace(/[\r\n]/g,""),l={"Content-Type":"application/json",Authorization:i,"Content-Length":Buffer.byteLength(n)};a("sendTraces:request",`POST ${e}`),a("sendTraces:request",`headers=${JSON.stringify({...l,Authorization:i.slice(0,20)+"\u2026"})}`),a("sendTraces:request",`body=${n.slice(0,500)}${n.length>500?"\u2026":""}`);try{let c=await ye({hostname:o.hostname,port:o.port||(s?443:80),path:o.pathname,method:"POST",headers:l,_isSSL:s},n);return a("sendTraces:response",`status=${c.statusCode}`),Ae(e,l,n,c.statusCode,c.body),c.statusCode}catch(c){return a("sendTraces:error",c.message),Ae(e,l,n,0,c.message),0}}function Zr(){let t=parseInt(process.env[S.BUFFER_TTL_DAYS]??"",10);return (Number.isFinite(t)?Math.max(y.MIN_TTL_DAYS,Math.min(y.MAX_TTL_DAYS,t)):y.DEFAULT_TTL_DAYS)*24*60*60*1e3}function Qr(){let t=parseInt(process.env[S.BUFFER_MAX_FILES]??"",10);return Number.isFinite(t)?Math.max(y.MIN_MAX_FILES,Math.min(y.MAX_MAX_FILES,t)):y.DEFAULT_MAX_FILES}function ke(t){if(/[/\\]/.test(t))throw new Error(`Invalid buffer fileId: ${t}`);return M__namespace.default.join(ot__namespace.default.tmpdir(),`${y.FILE_PREFIX}${t}.json`)}function Ht(){let t=ot__namespace.default.tmpdir(),e;try{e=L__namespace.default.readdirSync(t);}catch{return []}return e.filter(r=>r.startsWith(y.FILE_PREFIX)&&r.endsWith(".json")).map(r=>{let n=M__namespace.default.join(t,r),o=0;try{o=L__namespace.default.statSync(n).mtimeMs;}catch{}return {full:n,mtime:o}}).sort((r,n)=>r.mtime-n.mtime).map(r=>r.full)}function X(t){try{let e=Qr(),r=Ht();if(r.length>=e){let s=r.slice(0,r.length-e+1);for(let i of s)try{L__namespace.default.unlinkSync(i);}catch{}}let n=`${Date.now()}-${Math.random().toString(36).slice(2,8)}`,o={fileId:n,bufferedAt:Date.now(),payload:t};return L__namespace.default.writeFileSync(ke(n),JSON.stringify(o),{encoding:"utf8",mode:384}),a("buffer",`saved fileId=${n}`),n}catch(e){return a("buffer",`saveToBuffer failed: ${e.message}`),null}}function Ie(t){let e=Ht(),r=t,n=[];for(let o of e){if(n.length>=r)break;try{let s=L__namespace.default.readFileSync(o,"utf8"),i=JSON.parse(s);i&&i.fileId&&i.payload&&n.push(i);}catch{a("buffer",`skipping malformed file: ${o}`);}}return n}function Le(t){try{L__namespace.default.unlinkSync(ke(t)),a("buffer",`deleted fileId=${t}`);}catch{}}function Re(){let t=Date.now()-Zr();for(let e of Ht())try{let{mtimeMs:r}=L__namespace.default.statSync(e);r<t&&(L__namespace.default.unlinkSync(e),a("buffer",`evicted stale: ${M__namespace.default.basename(e)}`));}catch{}}async function tn(t){Re();let e=Ie(y.REPLAY_BATCH_SIZE);e.length&&(a("replayBufferedTraces",`replaying ${e.length} buffered trace(s)`),await Promise.allSettled(e.map(async r=>{try{let n=await _t(r.payload,t.endpoint,t.authHeader);n>=200&&n<300?(Le(r.fileId),a("replayBufferedTraces",`replayed fileId=${r.fileId} status=${n}`)):a("replayBufferedTraces",`replay failed fileId=${r.fileId} status=${n}`);}catch(n){a("replayBufferedTraces",`replay error fileId=${r.fileId}: ${n.message}`);}})));}async function Ne(t){let e=await U();if(!e.length)return e.authError&&(a("postToLangfuse","auth refresh failed \u2014 buffering trace"),X(t)),0;let r=await Promise.all(e.map(async s=>{if(s.mode!=="gateway")return {creds:s,healthy:true};let i=await Oe(s.endpoint,s.authHeader);return {creds:s,healthy:i}})),n=r.find(s=>s.creds.mode==="gateway"&&s.healthy)?.creds??r.find(s=>s.creds.mode==="direct")?.creds;return n&&await tn(n),(await Promise.all(r.map(async({creds:s,healthy:i})=>{if(s.mode==="gateway"){if(!i)return a("postToLangfuse","gateway health check failed \u2014 buffering trace"),X(t),0;let c=await _t(t,s.endpoint,s.authHeader);return (c===0||c>=500)&&(a("postToLangfuse",`gateway send failed (status ${c}) \u2014 buffering trace`),X(t)),c}let l=await _t(t,s.endpoint,s.authHeader);return (l===0||l>=500)&&(a("postToLangfuse",`direct endpoint unavailable (status ${l}) \u2014 buffering trace`),X(t)),l}))).find(s=>s!==0)??0}var A="[REDACTED]",en="[REDACTED-EMAIL]",rn="[REDACTED-CPF]",nn="[REDACTED-CNPJ]",Pe="[REDACTED-PHONE]",sn=[{re:/\b(sk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`sk-${A}`},{re:/\b(pk-[A-Za-z0-9_\-]{20,})/g,replace:()=>`pk-${A}`},{re:/\b(Bearer\s+)[A-Za-z0-9\-._~+/]+=*/gi,replace:(t,e)=>`${e}${A}`},{re:/\b(Basic\s+)[A-Za-z0-9+/]+=*/gi,replace:(t,e)=>`${e}${A}`},{re:/(-----BEGIN [A-Z ]+-----)[^-]*(-----END [A-Z ]+-----)/g,replace:(t,e,r)=>`${e}
12
12
  ${A}
13
- ${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${A}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(t,e)=>`${e}${A}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${A}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${A}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${A}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(t,e,r)=>`${e}${r}${A}${r}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(t,e)=>`${e}:${A}@`},{re:/[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g,replace:()=>Xr},{re:/\b\d{3}\.\d{3}\.\d{3}-\d{2}\b/g,replace:()=>Zr},{re:/\b\d{2}\.\d{3}\.\d{3}\/\d{4}-\d{2}\b/g,replace:()=>Qr},{re:/\(\d{2}\)\s?\d{4,5}[-\s]?\d{4}/g,replace:()=>Ne},{re:/\+55[\s-]?\d{2}[\s-]?\d{4,5}[-\s]?\d{4}/g,replace:()=>Ne}];function R(t){if(t==null)return "";let e=typeof t=="string"?t:JSON.stringify(t);return tn.reduce((r,{re:n,replace:o})=>r.replace(n,o),e)}async function Pe(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},o=t.tool_response,s=o!==null&&typeof o=="object"?o.output??JSON.stringify(o):o??"",i=M(e);if(!i){O(t);return}let l=I(),c=i.pendingTool,p=c?.name===r,_=p?c.startNs:String(BigInt(l)-200000000n),T=p?c.inputStr:k(n,w.TOOL_INPUT),m=T,g=null;if(r==="Skill"){let rt=typeof n=="object"&&n!==null?n.skill||n.name||n.skillName||n.commandName||String(Object.values(n)[0]??""):String(n);g=rt?String(rt).trim():null;let N=g?gt(g,i.cwd):null;N&&(m=N,i.skillContent||(i.skillContent=N),i.skillArtifacts||(i.skillArtifacts=St(g,i.cwd))),g&&!i.slashSkill&&(i.slashSkill=g),a("PostToolUse","Skill tool detected",`skillName=${g}`,`contentFound=${!!N}`);}let h=R(k(s,w.TOOL_OUTPUT)),E=/\b(error|exception|failed|failure|traceback|errno)\b/i.test(h.slice(0,500)),X=E?"ERROR":"DEFAULT",G=C(),Z=Math.round(Number(BigInt(l)-BigInt(_))/1e6),tt={Agent:"AGENT",Task:"AGENT"}[r]??"TOOL",et=r==="Skill"&&g?g:mt(T,60);i.toolCalls.push({tool:r,brief:et,error:E,durationMs:Z});let j=i.spans;j.push({traceId:i.traceId,spanId:G,parentSpanId:i.spanId,name:r,kind:3,startTimeUnixNano:_,endTimeUnixNano:l,attributes:F(u(f.OBS_NAME,r),u(f.OBS_TYPE,tt),u(f.OBS_LEVEL,X),u(f.OBS_INPUT,R(m)),u(f.OBS_OUTPUT,h),u("tool.name",r),u("tool.error",String(E)),r==="Skill"&&g?u("skill.name",g):null,r==="Skill"?u("skill.invocation","slash-command"):null),status:{code:E?2:1}}),i.pendingTool=null,H(e,i),E&&v("TOOL_ERROR",{toolName:r}),a("PostToolUse",`sid=${e}`,`tool=${r}`,`error=${E}`,`durationMs=${Z}`,`totalSpans=${j.length}`),O(t);}var be={"claude-opus-4-6":{input:15,output:75},"claude-opus-4-5":{input:15,output:75},"claude-sonnet-4-6":{input:3,output:15},"claude-sonnet-4-5":{input:3,output:15},"claude-haiku-4-5":{input:.8,output:4},"claude-4-6-opus":{input:15,output:75},"claude-4-6-sonnet":{input:3,output:15},"claude-4-5-opus":{input:15,output:75},"claude-4-5-sonnet":{input:3,output:15},"claude-4-5-haiku":{input:.8,output:4},"claude-3-5-sonnet-20241022":{input:3,output:15},"claude-3-5-haiku-20241022":{input:.8,output:4},"claude-3-opus-20240229":{input:15,output:75}};function Ue(t,e,r){let n=Object.keys(be).find(i=>(t??"").toLowerCase().includes(i));if(!n)return;let o=be[n],s=(e*o.input+r*o.output)/1e6;return Math.round(s*1e6)/1e6}async function Ce(t){let e=t.session_id||"unknown",r=t.stop_reason||"end_turn",n=M(e);if(!n){O(t);return}n.slashSkill&&!/^[a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?$/i.test(n.slashSkill)&&(a("Stop",`sid=${e}`,`slashSkill rejected post-disk: "${n.slashSkill}"`),n.slashSkill=null);let o=I(),s=await oe(),i=n.toolCalls,l=n.spans;if(n.slashSkill&&!i.some(d=>d.tool==="Skill")){let d=C(),P=n.skillContent?n.skillContent:JSON.stringify({skill:n.slashSkill});i.push({tool:"Skill",brief:n.slashSkill,error:false,durationMs:0,synthetic:true}),l.push({traceId:n.traceId,spanId:d,parentSpanId:n.spanId,name:"Skill",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:n.startNs,attributes:F(u(f.OBS_NAME,"Skill"),u(f.OBS_TYPE,"TOOL"),u(f.OBS_LEVEL,"DEFAULT"),u(f.OBS_INPUT,P),u(f.OBS_OUTPUT,"loaded via slash command"),u("tool.name","Skill"),u("tool.error","false"),u("skill.name",n.slashSkill),u("skill.invocation","slash-command")),status:{code:1}}),a("Stop",`slashSkill=${n.slashSkill}`,"synthetic span injected");}let c=t.transcript_path||n.transcriptPath||"",p=Dt(c);if(c&&(i.some(d=>d.tool==="Skill"&&!d.synthetic)||!!n.slashSkill)&&!p?.text){await new Promise(P=>setTimeout(P,500));let d=Dt(c);d?.text&&(p=d);}a("Stop",`transcriptPath=${c||"(empty)"}`,`assistantOut=${p?`text=${p.text.length}chars`:"null"}`);let T=i.length,m=i.filter(d=>d.error).length,g=R(p?.text?k(p.text,w.TRACE_OUTPUT):T===0?"No tools used":i.map((d,P)=>`${P+1}. ${d.tool}${d.brief?` \u2192 ${d.brief}`:""}${d.error?" [ERROR]":""}`).join(`
14
- `)),h=p?.inputTokens??0,E=p?.outputTokens??0,X=i.map((d,P)=>`${P+1}. ${d.tool}${d.brief?` \u2192 ${d.brief}`:""}${d.error?" [ERROR]":""} (${d.durationMs}ms)`),G=!!(n.slashSkill||i.some(d=>d.tool==="Skill")),Z=i.some(d=>d.tool==="Agent");if(!G&&!Z){a("Stop",`sid=${e}`,"skipping trace \u2014 no Skill or Agent calls found"),v("TRACE_SKIPPED",{reason:"no_skill_or_agent"}),$t(e),O(t);return}let Q=G?"skill":"agent",tt=Math.round(Number(BigInt(o)-BigInt(n.startNs))/1e6),et=Ue(n.model,h,E),$=Se(n);$==="prerequisite_required"&&p?.text&&($="complete"),$==="prerequisite_required"&&(l.push({traceId:n.traceId,spanId:C(),parentSpanId:n.spanId,name:"prerequisite-check",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:o,attributes:F(u(f.OBS_NAME,"prerequisite-check"),u(f.OBS_TYPE,"EVENT"),u(f.OBS_LEVEL,"WARNING"),u(f.OBS_OUTPUT,g),u("skill.name",n.slashSkill||void 0),u("execution_status","prerequisite_required")),status:{code:1}}),a("Stop",`sid=${e}`,"prerequisite-check span injected",`skill=${n.slashSkill}`));let j=(()=>{if(!(!G||!n.prompt)){if(n.slashSkill){let d=n.prompt.replace(new RegExp(`^\\/${n.slashSkill}\\s*`,"i"),"").trim();return d?k(R(d),w.USER_INSTRUCTION):void 0}return k(R(n.prompt),w.USER_INSTRUCTION)||void 0}})(),rt=JSON.stringify({trace_type:Q,...$!==null&&{execution_status:$},...n.slashSkill?{skill_name:n.slashSkill}:{},...n.skillArtifacts?.length&&{skill_artifacts:n.skillArtifacts},...j!==void 0&&{user_instruction:j},latency_ms:tt,...h&&{tokens_input:h},...E&&{tokens_output:E},cost_usd:et,...n.model?{model:n.model}:{},toolCount:T,errorCount:m,stopReason:r,sessionId:n.sessionId,tools:X.length?X:void 0}),N=R(k(n.prompt,w.TRACE_INPUT)),ve=F(u(f.TRACE_NAME,n.traceName),u(f.TRACE_INPUT,N),u(f.TRACE_OUTPUT,g),u(f.OBS_INPUT,N),u(f.OBS_OUTPUT,g),u(f.TRACE_METADATA,rt),u(f.SESSION_ID,n.sessionId),u(f.USER_ID,s.user),u(f.OBS_TYPE,"GENERATION"),u(f.MODEL,n.model),h?u(f.INPUT_TOKENS,h):null,E?u(f.OUTPUT_TOKENS,E):null,u("claude.stop_reason",r),u("claude.tool_count",String(T)),u("claude.error_count",String(m)),u("claude.session_id",n.sessionId),u("flow.trace_type",Q),{key:f.TRACE_TAGS,value:{arrayValue:{values:[{stringValue:Q}]}}}),Fe={traceId:n.traceId,spanId:n.spanId,name:n.traceName,kind:1,startTimeUnixNano:n.startNs,endTimeUnixNano:o,attributes:ve,status:{code:m>0?2:1}},$e=F(u("service.name",process.env.LANGFUSE_PROJECT_NAME||"claude-code"),u("deployment.environment",process.env.LANGFUSE_ENVIRONMENT||"default")),Ht=[...l,Fe];a("Stop",`sid=${e}`,`totalTools=${T}`,`errorTools=${m}`,`spans=${Ht.length}`,`inputTokens=${h}`,`outputTokens=${E}`,`traceOutput="${mt(g,80)}"`);let De=await Re(Ee($e,Ht));a("Stop",`POST status=${De}`,`traceId=${n.traceId}`),v("TRACE_SENT",{latencyMs:tt,totalTools:T,errorTools:m,inputTokens:h,outputTokens:E,costUsd:et}),$t(e),O(t);}async function en(){let t=process.argv[2];if(t==="UserPromptSubmit"){let r=await Ct(),n;try{n=await U();}catch{process.stdout.write(JSON.stringify(r));return}n.authError?await xt(r,true):n.length>0?await xt(r):process.stdout.write(JSON.stringify(r));return}if(!await ie()){let r=[];process.stdin.on("data",n=>r.push(n)),process.stdin.on("end",()=>process.stdout.write(r.join("")));return}let e=await Ct();switch(t){case "PreToolUse":await _e(e);break;case "PostToolUse":await Pe(e);break;case "Stop":await Ce(e);break;default:process.stderr.write(`[flow-obs] unknown event: ${t}
15
- `),process.stdout.write(JSON.stringify(e));}}en().catch(t=>{process.stderr.write(`[flow-obs] fatal: ${t.message}
13
+ ${r}`},{re:/\b(AKIA[0-9A-Z]{16})\b/g,replace:()=>`AKIA${A}`},{re:/(aws_secret_access_key\s*[=:]\s*)([A-Za-z0-9/+]{40})/gi,replace:(t,e)=>`${e}${A}`},{re:/\b(ghp_[A-Za-z0-9]{36,})/g,replace:()=>`ghp_${A}`},{re:/\b(github_pat_[A-Za-z0-9_]{36,})/gi,replace:()=>`github_pat_${A}`},{re:/\b(eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/g,replace:()=>`eyJ.${A}`},{re:/\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|PASSWD|PWD|CREDENTIAL|API)[A-Z0-9_]*\s*=\s*)(['"]?)([^\s'"#\n]+)\2/gi,replace:(t,e,r)=>`${e}${r}${A}${r}`},{re:/([a-z][a-z0-9+\-.]*:\/\/[^:/?#\s]*):([^@\s]+)@/gi,replace:(t,e)=>`${e}:${A}@`},{re:/[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g,replace:()=>en},{re:/\b\d{3}\.\d{3}\.\d{3}-\d{2}\b/g,replace:()=>rn},{re:/\b\d{2}\.\d{3}\.\d{3}\/\d{4}-\d{2}\b/g,replace:()=>nn},{re:/\(\d{2}\)\s?\d{4,5}[-\s]?\d{4}/g,replace:()=>Pe},{re:/\+55[\s-]?\d{2}[\s-]?\d{4,5}[-\s]?\d{4}/g,replace:()=>Pe}];function R(t){if(t==null)return "";let e=typeof t=="string"?t:JSON.stringify(t);return sn.reduce((r,{re:n,replace:o})=>r.replace(n,o),e)}async function be(t){let e=t.session_id||"unknown",r=t.tool_name||"unknown",n=t.tool_input||{},o=t.tool_response,s=o!==null&&typeof o=="object"?o.output??JSON.stringify(o):o??"",i=H(e);if(!i){O(t);return}let l=I(),c=i.pendingTool,p=c?.name===r,E=p?c.startNs:String(BigInt(l)-200000000n),T=p?c.inputStr:k(n,w.TOOL_INPUT),m=T,g=null;if(r==="Skill"){let nt=typeof n=="object"&&n!==null?n.skill||n.name||n.skillName||n.commandName||String(Object.values(n)[0]??""):String(n);g=nt?String(nt).trim():null;let N=g?St(g,i.cwd):null;N&&(m=N,i.skillContent||(i.skillContent=N),i.skillArtifacts||(i.skillArtifacts=Et(g,i.cwd))),g&&!i.slashSkill&&(i.slashSkill=g),a("PostToolUse","Skill tool detected",`skillName=${g}`,`contentFound=${!!N}`);}let h=R(k(s,w.TOOL_OUTPUT)),_=/\b(error|exception|failed|failure|traceback|errno)\b/i.test(h.slice(0,500)),Z=_?"ERROR":"DEFAULT",G=C(),Q=Math.round(Number(BigInt(l)-BigInt(E))/1e6),et={Agent:"AGENT",Task:"AGENT"}[r]??"TOOL",rt=r==="Skill"&&g?g:gt(T,60);i.toolCalls.push({tool:r,brief:rt,error:_,durationMs:Q});let V=i.spans;V.push({traceId:i.traceId,spanId:G,parentSpanId:i.spanId,name:r,kind:3,startTimeUnixNano:E,endTimeUnixNano:l,attributes:$(u(f.OBS_NAME,r),u(f.OBS_TYPE,et),u(f.OBS_LEVEL,Z),u(f.OBS_INPUT,R(m)),u(f.OBS_OUTPUT,h),u("tool.name",r),u("tool.error",String(_)),r==="Skill"&&g?u("skill.name",g):null,r==="Skill"?u("skill.invocation","slash-command"):null),status:{code:_?2:1}}),i.pendingTool=null,Y(e,i),_&&v("TOOL_ERROR",{toolName:r}),a("PostToolUse",`sid=${e}`,`tool=${r}`,`error=${_}`,`durationMs=${Q}`,`totalSpans=${V.length}`),O(t);}var Ue={"claude-opus-4-6":{input:15,output:75},"claude-opus-4-5":{input:15,output:75},"claude-sonnet-4-6":{input:3,output:15},"claude-sonnet-4-5":{input:3,output:15},"claude-haiku-4-5":{input:.8,output:4},"claude-4-6-opus":{input:15,output:75},"claude-4-6-sonnet":{input:3,output:15},"claude-4-5-opus":{input:15,output:75},"claude-4-5-sonnet":{input:3,output:15},"claude-4-5-haiku":{input:.8,output:4},"claude-3-5-sonnet-20241022":{input:3,output:15},"claude-3-5-haiku-20241022":{input:.8,output:4},"claude-3-opus-20240229":{input:15,output:75}};function Ce(t,e,r){let n=Object.keys(Ue).find(i=>(t??"").toLowerCase().includes(i));if(!n)return;let o=Ue[n],s=(e*o.input+r*o.output)/1e6;return Math.round(s*1e6)/1e6}async function ve(t){let e=t.session_id||"unknown",r=t.stop_reason||"end_turn",n=H(e);if(!n){O(t);return}n.slashSkill&&!/^[a-z][a-z0-9-]*(?::[a-z][a-z0-9-]*)?$/i.test(n.slashSkill)&&(a("Stop",`sid=${e}`,`slashSkill rejected post-disk: "${n.slashSkill}"`),n.slashSkill=null);let o=I(),s=await ie(),i=n.toolCalls,l=n.spans;if(n.slashSkill&&!i.some(d=>d.tool==="Skill")){let d=C(),P=n.skillContent?n.skillContent:JSON.stringify({skill:n.slashSkill});i.push({tool:"Skill",brief:n.slashSkill,error:false,durationMs:0,synthetic:true}),l.push({traceId:n.traceId,spanId:d,parentSpanId:n.spanId,name:"Skill",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:n.startNs,attributes:$(u(f.OBS_NAME,"Skill"),u(f.OBS_TYPE,"TOOL"),u(f.OBS_LEVEL,"DEFAULT"),u(f.OBS_INPUT,P),u(f.OBS_OUTPUT,"loaded via slash command"),u("tool.name","Skill"),u("tool.error","false"),u("skill.name",n.slashSkill),u("skill.invocation","slash-command")),status:{code:1}}),a("Stop",`slashSkill=${n.slashSkill}`,"synthetic span injected");}let c=t.transcript_path||n.transcriptPath||"",p=xt(c);if(c&&(i.some(d=>d.tool==="Skill"&&!d.synthetic)||!!n.slashSkill)&&!p?.text){await new Promise(P=>setTimeout(P,500));let d=xt(c);d?.text&&(p=d);}a("Stop",`transcriptPath=${c||"(empty)"}`,`assistantOut=${p?`text=${p.text.length}chars`:"null"}`);let T=i.length,m=i.filter(d=>d.error).length,g=R(p?.text?k(p.text,w.TRACE_OUTPUT):T===0?"No tools used":i.map((d,P)=>`${P+1}. ${d.tool}${d.brief?` \u2192 ${d.brief}`:""}${d.error?" [ERROR]":""}`).join(`
14
+ `)),h=p?.inputTokens??0,_=p?.outputTokens??0,Z=i.map((d,P)=>`${P+1}. ${d.tool}${d.brief?` \u2192 ${d.brief}`:""}${d.error?" [ERROR]":""} (${d.durationMs}ms)`),G=!!(n.slashSkill||i.some(d=>d.tool==="Skill")),Q=i.some(d=>d.tool==="Agent");if(!G&&!Q){a("Stop",`sid=${e}`,"skipping trace \u2014 no Skill or Agent calls found"),v("TRACE_SKIPPED",{reason:"no_skill_or_agent"}),Dt(e),O(t);return}let tt=G?"skill":"agent",et=Math.round(Number(BigInt(o)-BigInt(n.startNs))/1e6),rt=Ce(n.model,h,_),F=Ee(n);F==="prerequisite_required"&&p?.text&&(F="complete"),F==="prerequisite_required"&&(l.push({traceId:n.traceId,spanId:C(),parentSpanId:n.spanId,name:"prerequisite-check",kind:3,startTimeUnixNano:n.startNs,endTimeUnixNano:o,attributes:$(u(f.OBS_NAME,"prerequisite-check"),u(f.OBS_TYPE,"EVENT"),u(f.OBS_LEVEL,"WARNING"),u(f.OBS_OUTPUT,g),u("skill.name",n.slashSkill||void 0),u("execution_status","prerequisite_required")),status:{code:1}}),a("Stop",`sid=${e}`,"prerequisite-check span injected",`skill=${n.slashSkill}`));let V=(()=>{if(!(!G||!n.prompt)){if(n.slashSkill){let d=n.prompt.replace(new RegExp(`^\\/${n.slashSkill}\\s*`,"i"),"").trim();return d?k(R(d),w.USER_INSTRUCTION):void 0}return k(R(n.prompt),w.USER_INSTRUCTION)||void 0}})(),nt=JSON.stringify({trace_type:tt,...F!==null&&{execution_status:F},...n.slashSkill?{skill_name:n.slashSkill}:{},...n.skillArtifacts?.length&&{skill_artifacts:n.skillArtifacts},...V!==void 0&&{user_instruction:V},latency_ms:et,...h&&{tokens_input:h},..._&&{tokens_output:_},cost_usd:rt,...n.model?{model:n.model}:{},toolCount:T,errorCount:m,stopReason:r,sessionId:n.sessionId,tools:Z.length?Z:void 0}),N=R(k(n.prompt,w.TRACE_INPUT)),$e=$(u(f.TRACE_NAME,n.traceName),u(f.TRACE_INPUT,N),u(f.TRACE_OUTPUT,g),u(f.OBS_INPUT,N),u(f.OBS_OUTPUT,g),u(f.TRACE_METADATA,nt),u(f.SESSION_ID,n.sessionId),u(f.USER_ID,s.user),u(f.OBS_TYPE,"GENERATION"),u(f.MODEL,n.model),h?u(f.INPUT_TOKENS,h):null,_?u(f.OUTPUT_TOKENS,_):null,u("claude.stop_reason",r),u("claude.tool_count",String(T)),u("claude.error_count",String(m)),u("claude.session_id",n.sessionId),u("flow.trace_type",tt),{key:f.TRACE_TAGS,value:{arrayValue:{values:[{stringValue:tt}]}}}),Fe={traceId:n.traceId,spanId:n.spanId,name:n.traceName,kind:1,startTimeUnixNano:n.startNs,endTimeUnixNano:o,attributes:$e,status:{code:m>0?2:1}},De=$(u("service.name",process.env.LANGFUSE_PROJECT_NAME||"claude-code"),u("deployment.environment",process.env.LANGFUSE_ENVIRONMENT||"default")),Yt=[...l,Fe];a("Stop",`sid=${e}`,`totalTools=${T}`,`errorTools=${m}`,`spans=${Yt.length}`,`inputTokens=${h}`,`outputTokens=${_}`,`traceOutput="${gt(g,80)}"`);let xe=await Ne(Te(De,Yt));a("Stop",`POST status=${xe}`,`traceId=${n.traceId}`),v("TRACE_SENT",{latencyMs:et,totalTools:T,errorTools:m,inputTokens:h,outputTokens:_,costUsd:rt}),Dt(e),O(t);}async function on(){let t=process.argv[2];if(t==="UserPromptSubmit"){let r=await vt(),n;try{n=await U();}catch{process.stdout.write(JSON.stringify(r));return}n.authError?await Bt(r,true):n.length>0?await Bt(r):process.stdout.write(JSON.stringify(r));return}if(!await ae()){let r=[];process.stdin.on("data",n=>r.push(n)),process.stdin.on("end",()=>process.stdout.write(r.join("")));return}let e=await vt();switch(t){case "PreToolUse":await _e(e);break;case "PostToolUse":await be(e);break;case "Stop":await ve(e);break;default:process.stderr.write(`[flow-obs] unknown event: ${t}
15
+ `),process.stdout.write(JSON.stringify(e));}}on().catch(t=>{process.stderr.write(`[flow-obs] fatal: ${t.message}
16
16
  `),process.exit(0);});
package/dist/setup.js CHANGED
@@ -1,8 +1,12 @@
1
1
  #!/usr/bin/env node
2
- 'use strict';var child_process=require('child_process'),util=require('util'),i=require('fs'),d=require('path'),l=require('os'),Be=require('https');require('readline/promises');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var i__namespace=/*#__PURE__*/_interopNamespace(i);var d__namespace=/*#__PURE__*/_interopNamespace(d);var l__namespace=/*#__PURE__*/_interopNamespace(l);var Be__default=/*#__PURE__*/_interopDefault(Be);var Ee=Object.defineProperty;var y=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var v=(e,t,r)=>()=>{if(r)throw r[0];try{return e&&(t=e(e=0)),t}catch(n){throw r=[n],n}};var ye=(e,t)=>()=>{try{return t||e((t={exports:{}}).exports,t),t.exports}catch(r){throw t=0,r}},O=(e,t)=>{for(var r in t)Ee(e,r,{get:t[r],enumerable:true});};var z={};O(z,{MacOsKeyVaultProvider:()=>U});var N,U,Z=v(()=>{"use strict";N=util.promisify(child_process.execFile),U=class{static async isAvailable(){try{return i.accessSync("/usr/bin/security",i.constants.X_OK),!0}catch{return !1}}async getSecret(t,r){try{let{stdout:n}=await N("security",["find-generic-password","-w","-a",r,"-s",t]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await N("security",["add-generic-password","-U","-a",r,"-s",t,"-w",n]);}async deleteSecret(t,r){try{return await N("security",["delete-generic-password","-a",r,"-s",t]),!0}catch{return !1}}getStoragePath(){return "macOS Keychain"}};});var ee={};O(ee,{LinuxKeyVaultProvider:()=>b});var Q,b,te=v(()=>{"use strict";Q=util.promisify(child_process.execFile),b=class{static async isAvailable(){let t=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of t)try{return i.accessSync(r,i.constants.X_OK),!0}catch{}return !1}async getSecret(t,r){try{let{stdout:n}=await Q("secret-tool",["lookup","service",t,"account",r]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await new Promise((s,o)=>{let a=child_process.spawn("secret-tool",["store","--label",t,"service",t,"account",r]);a.on("error",o),a.on("close",f=>{f===0?s():o(new Error(`secret-tool exited with code ${f}`));}),a.stdin.write(n),a.stdin.end();});}async deleteSecret(t,r){try{return await Q("secret-tool",["clear","service",t,"account",r]),!0}catch{return !1}}getStoragePath(){return "Linux Secret Service (libsecret)"}};});var re={};O(re,{WindowsKeyVaultProvider:()=>F});var F,ne=v(()=>{"use strict";F=class{static async isAvailable(){try{return await y("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return !1}}async getSecret(t,r){return y("keytar").getPassword(t,r)}async setSecret(t,r,n){await y("keytar").setPassword(t,r,n);}async deleteSecret(t,r){return y("keytar").deletePassword(t,r)}getStoragePath(){return "Windows Credential Manager"}};});var pe=ye((qt,Ge)=>{Ge.exports={name:"@ciandt-flow/flow-ai-obs",version:"0.7.1-beta.475",description:"Claude Code hooks for Langfuse OTLP tracing \u2014 cross-platform",main:"dist/index.js",bin:{"flow-ai-obs":"dist/cli.js","flow-ai-obs-setup":"dist/setup.js"},scripts:{build:"tsup",test:"jest",typecheck:"tsc --noEmit",lint:"eslint src bin scripts",format:'prettier --write "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"format:check":'prettier --check "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"security-scan":"trufflehog filesystem src/ --fail --no-update --exclude-paths .trufflehogignore",postinstall:`node -e "require('fs').existsSync('dist/setup.js') && require('child_process').execFileSync(process.execPath, ['dist/setup.js'], {stdio:'inherit'})"`,prepublishOnly:"npm run security-scan && npm run build","release:npm":"changeset publish",changeset:"changeset","version-packages":"changeset version","install:hooks":"node dist/cli.js install","auth:login":"node dist/cli.js auth login","auth:logout":"node dist/cli.js auth logout","auth:status":"node dist/cli.js auth status",smoke:"bash scripts/smoke-test.sh","smoke:debug":"bash scripts/smoke-test.sh --debug","smoke:send":"bash scripts/smoke-test.sh --send --allow-http --debug"},files:["dist/","README.md","LICENSE.md"],keywords:["claude-code","langfuse","observability","otlp","hooks","flow","ciandt"],author:"CI&T Flow Team",license:"SEE LICENSE IN LICENSE.md",private:!1,dependencies:{},optionalDependencies:{keytar:"7.9.0"},devDependencies:{"@changesets/changelog-github":"^0.6.0","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^25.8.0",jest:"^30.4.2","ts-jest":"^29.4.9",tsup:"^8.5.1","eslint-config-prettier":"^10.1.5",prettier:"^3.5.3",typescript:"^6.0.3","typescript-eslint":"^8.33.0"},engines:{node:">=18.0.0"},overrides:{esbuild:"^0.28.1"},publishConfig:{registry:"https://registry.npmjs.org",access:"public"},repository:{type:"git",url:"git+https://github.com/CI-T-HyperX/flow-codeassistant-observability.git"}};});function x(){if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let t=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(t)return {home:t,username:process.env.SUDO_USER}}return {home:l__namespace.homedir(),username:process.env.SUDO_USER||process.env.USER||l__namespace.userInfo().username}}function R(){if(process.env.WSL_DISTRO_NAME&&process.platform==="linux"){let e=process.env.USERPROFILE;if(!e){let r=child_process.spawnSync("cmd.exe",["/c","echo","%USERPROFILE%"],{encoding:"utf8",timeout:5e3}).stdout?.trim();r&&/^[A-Za-z]:\\/.test(r)&&(e=r);}if(e){let t=e.replace(/^([A-Za-z]):/,(r,n)=>`/mnt/${n.toLowerCase()}`).replace(/\\/g,"/");return d__namespace.join(t,".claude","settings.json")}return d__namespace.join(l__namespace.homedir(),".claude","settings.json")}if(process.platform==="win32"){let e=process.env.USERPROFILE||l__namespace.homedir();return d__namespace.join(e,".claude","settings.json")}if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let t=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(t)return d__namespace.join(t,".claude","settings.json")}return d__namespace.join(l__namespace.homedir(),".claude","settings.json")}var V="flow-ai-obs",Y="config.json";function Te(){if(process.platform==="win32"){let r=process.env.APPDATA||d__namespace.join(l__namespace.homedir(),"AppData","Roaming");return d__namespace.join(r,V,Y)}let e=x(),t=process.env.XDG_CONFIG_HOME||d__namespace.join(e.home,".config");return d__namespace.join(t,V,Y)}function _e(){try{let e=i__namespace.readFileSync(Te(),"utf8");return JSON.parse(e)}catch{return {}}}function G(){let{baseUrl:e}=_e();return typeof e!="string"||e.trim()===""?null:e.trim().replace(/\/$/,"")}var Se="https://flow.ciandt.com";function I(){return G()??process.env.FLOW_BASE_URL??Se}function P(){let e=I();return {AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${e}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${e}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${e}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${e}/otel`}}var we=P(),_={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials"},S="FLOW-nodejs",w="config.json";function B(){let e=I();return {ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL??`${e}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL??"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL??"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"}}var W={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:we.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},m={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP",BUFFER_TTL_DAYS:"FLOW_TELEMETRY_BUFFER_TTL_DAYS",BUFFER_MAX_FILES:"FLOW_TELEMETRY_BUFFER_MAX_FILES"};var K={LOCK_STALE_MS:3e4},J={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15};var X="flow-ai-obs-debug.log";var C={credentials:"credentials","token-cache":"tokenCache"};function g(){let e=l__namespace.default.homedir();if(process.platform==="darwin")return d__namespace.default.join(e,"Library","Preferences",S,w);if(process.platform==="win32"){let r=process.env.APPDATA??d__namespace.default.join(e,"AppData","Roaming");return d__namespace.default.join(r,S,w)}let t=process.env.XDG_CONFIG_HOME??d__namespace.default.join(e,".config");return d__namespace.default.join(t,S,w)}function k(){try{let e=i__namespace.default.readFileSync(g(),"utf8");return JSON.parse(e)}catch{return {}}}function q(e){let t=g();i__namespace.default.mkdirSync(d__namespace.default.dirname(t),{recursive:true}),i__namespace.default.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var A=class{static isAvailable(){return true}static hasExistingData(){try{if(!i__namespace.default.existsSync(g()))return !1;let t=JSON.parse(i__namespace.default.readFileSync(g(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,r){let n=k(),s=C[r]??r,o=n[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,r,n){let s=k(),o=C[r]??r;if(r==="token-cache")try{s[o]=JSON.parse(n);}catch{s[o]=n;}else s[o]=n;q(s);}async deleteSecret(t,r){let n=k(),s=C[r]??r;return s in n?(delete n[s],q(n),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${g()}`}};async function se(){return await Ue()??new A}async function Ue(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=await Promise.resolve().then(()=>(Z(),z));return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=await Promise.resolve().then(()=>(te(),ee));return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=await Promise.resolve().then(()=>(ne(),re));return await e.isAvailable()?new e:null}default:return null}}var be=_.SERVICE,Fe=_.ACCOUNT_CREDS,D=null;function De(){return D||(D=se()),D}async function $(){let t=await(await De()).getSecret(be,Fe);if(!t)return null;try{return JSON.parse(t)}catch{return null}}d.join(l.tmpdir(),X);var Ve=K.LOCK_STALE_MS;function oe(e){try{let t=i__namespace.statSync(e);Date.now()-t.mtimeMs>Ve&&i__namespace.unlinkSync(e);}catch{}try{i__namespace.writeFileSync(e,String(process.pid),{flag:"wx"});}catch(t){throw t.code==="EEXIST"?new Error("Another install is already in progress. If this is stale, remove: "+e):t}}function ie(e){try{i__namespace.unlinkSync(e);}catch{}}function Ye(e,t){let n=(Array.isArray(e)?e:[]).map(s=>{if(!Array.isArray(s?.hooks))return null;let o=s.hooks.filter(a=>!a.command?.startsWith?.("flow-ai-obs "));return o.length>0?{...s,hooks:o}:null}).filter(s=>s!=null);return [t,...n]}function ae(){let e=R(),t=e+".lock",r=[];i__namespace.mkdirSync(d__namespace.dirname(e),{recursive:true}),oe(t);try{if(i__namespace.existsSync(e)){i__namespace.copyFileSync(e,e+".bkp");try{i__namespace.chmodSync(e+".bkp",384);}catch{}}let n={};try{n=JSON.parse(i__namespace.readFileSync(e,"utf8"));}catch{}let s=n.env&&typeof n.env=="object"?n.env:{};n.env={...W,...B(),...s},n.otelHeadersHelper="flow-ai-obs otel-headers",(!n.hooks||typeof n.hooks!="object"||Array.isArray(n.hooks))&&(n.hooks={});let o=(c,E)=>({matcher:"",hooks:[{type:"command",command:`flow-ai-obs ${c}`,timeout:E}]}),a=["UserPromptSubmit","PreToolUse","PostToolUse","Stop"],f=n.hooks;for(let c of a){let E=Ye(f[c],o(c,J[c]));E.length>1&&r.push(c),f[c]=E;}i__namespace.writeFileSync(e,JSON.stringify(n,null,2)+`
3
- `,{encoding:"utf8",mode:384});try{i__namespace.chmodSync(e,384);}catch{}}finally{ie(t);}return {settingsPath:e,preserved:r}}function ce(e){let t=R(),r=t+".lock";i__namespace.mkdirSync(d__namespace.dirname(t),{recursive:true}),oe(r);try{let n={};try{n=JSON.parse(i__namespace.readFileSync(t,"utf8"));}catch{}(!n.env||typeof n.env!="object")&&(n.env={}),Object.assign(n.env,e),i__namespace.writeFileSync(t,JSON.stringify(n,null,2)+`
4
- `,{encoding:"utf8",mode:384});try{i__namespace.chmodSync(t,384);}catch{}}finally{ie(r);}}function le(e){if(!e)return null;try{let t=e.split(".");if(t.length<2)return null;let r=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:s,tenant:o}=r;return !n||!s||!o?null:{clientId:n,clientSecret:s,tenant:o}}catch{return null}}function ue(e){let t=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),r=Buffer.from(JSON.stringify({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant})).toString("base64url");return `${t}.${r}.`}var M;function fe(){return M||(M=pe()),M}var me=d__namespace.default.join(l__namespace.default.tmpdir(),"flow-obs-update-cache.json"),Je=1440*60*1e3,Xe=3e3;function qe(e,t){let r=o=>{let a=String(o).replace(/^v/,"").match(/^(\d+)\.(\d+)\.(\d+)/);return a?[+a[1],+a[2],+a[3]]:null},n=r(e),s=r(t);return !n||!s?false:s[0]!==n[0]?s[0]>n[0]:s[1]!==n[1]?s[1]>n[1]:s[2]>n[2]}function ze(){try{let e=JSON.parse(i__namespace.default.readFileSync(me,"utf8"));return typeof e.latestVersion!="string"||Date.now()-e.checkedAt>=Je?null:e}catch{return null}}function Ze(e,t,r=Date.now()){try{i__namespace.default.writeFileSync(me,JSON.stringify({latestVersion:e,updatePriority:t??null,checkedAt:r}),{mode:384});}catch{}}function Qe(e){let t=fe().name,r=Be__default.default.get(`https://registry.npmjs.org/${encodeURIComponent(t)}/latest`,{timeout:Xe},n=>{if(n.statusCode!==200)return n.resume(),e(new Error(`HTTP ${n.statusCode}`));let s="";n.setEncoding("utf8"),n.on("data",o=>{s+=o;}),n.on("end",()=>{try{let o=JSON.parse(s);if(typeof o.version!="string")throw new Error("no version field");e(null,{version:o.version,updatePriority:typeof o.updatePriority=="string"?o.updatePriority:null});}catch(o){e(o);}});});r.on("error",e),r.on("timeout",()=>{r.destroy(new Error("timeout"));});}function ge(){try{if(ze())return;setImmediate(()=>{Qe((e,t)=>{e||!t||qe(fe().version,t.version)&&Ze(t.version,t.updatePriority,0);});});}catch{}}var et=d__namespace.default.resolve(__dirname,".."),tt=process.env.INIT_CWD?d__namespace.default.resolve(process.env.INIT_CWD):null;tt===et&&process.exit(0);async function rt(){try{ae();}catch{}let e=await $();if(!e){process.stderr.write(`
2
+ 'use strict';var child_process=require('child_process'),util=require('util'),i=require('fs'),f=require('path'),l=require('os'),qe=require('https');require('readline/promises');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var i__namespace=/*#__PURE__*/_interopNamespace(i);var f__namespace=/*#__PURE__*/_interopNamespace(f);var l__namespace=/*#__PURE__*/_interopNamespace(l);var qe__default=/*#__PURE__*/_interopDefault(qe);var Te=Object.defineProperty;var T=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});var O=(e,t,r)=>()=>{if(r)throw r[0];try{return e&&(t=e(e=0)),t}catch(n){throw r=[n],n}};var _e=(e,t)=>()=>{try{return t||e((t={exports:{}}).exports,t),t.exports}catch(r){throw t=0,r}},L=(e,t)=>{for(var r in t)Te(e,r,{get:t[r],enumerable:true});};var Q={};L(Q,{MacOsKeyVaultProvider:()=>F});var U,F,ee=O(()=>{"use strict";U=util.promisify(child_process.execFile),F=class{static async isAvailable(){try{return i.accessSync("/usr/bin/security",i.constants.X_OK),!0}catch{return !1}}async getSecret(t,r){try{let{stdout:n}=await U("security",["find-generic-password","-w","-a",r,"-s",t]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await U("security",["add-generic-password","-U","-a",r,"-s",t,"-w",n]);}async deleteSecret(t,r){try{return await U("security",["delete-generic-password","-a",r,"-s",t]),!0}catch{return !1}}getStoragePath(){return "macOS Keychain"}};});var re={};L(re,{LinuxKeyVaultProvider:()=>$});var te,$,ne=O(()=>{"use strict";te=util.promisify(child_process.execFile),$=class{static async isAvailable(){let t=["/usr/bin/secret-tool","/bin/secret-tool","/usr/local/bin/secret-tool"];for(let r of t)try{return i.accessSync(r,i.constants.X_OK),!0}catch{}return !1}async getSecret(t,r){try{let{stdout:n}=await te("secret-tool",["lookup","service",t,"account",r]);return n.trim()||null}catch{return null}}async setSecret(t,r,n){await new Promise((s,o)=>{let a=child_process.spawn("secret-tool",["store","--label",t,"service",t,"account",r]);a.on("error",o),a.on("close",m=>{m===0?s():o(new Error(`secret-tool exited with code ${m}`));}),a.stdin.write(n),a.stdin.end();});}async deleteSecret(t,r){try{return await te("secret-tool",["clear","service",t,"account",r]),!0}catch{return !1}}getStoragePath(){return "Linux Secret Service (libsecret)"}};});var se={};L(se,{WindowsKeyVaultProvider:()=>D});var D,oe=O(()=>{"use strict";D=class{static async isAvailable(){try{return await T("keytar").getPassword("__flow_probe__","__flow_probe__"),!0}catch{return !1}}async getSecret(t,r){return T("keytar").getPassword(t,r)}async setSecret(t,r,n){await T("keytar").setPassword(t,r,n);}async deleteSecret(t,r){return T("keytar").deletePassword(t,r)}getStoragePath(){return "Windows Credential Manager"}};});var fe=_e((lr,Xe)=>{Xe.exports={name:"@ciandt-flow/flow-ai-obs",version:"0.7.1-beta.518",description:"Claude Code hooks for Langfuse OTLP tracing \u2014 cross-platform",main:"dist/index.js",bin:{"flow-ai-obs":"dist/cli.js","flow-ai-obs-setup":"dist/setup.js"},scripts:{build:"tsup",test:"jest",typecheck:"tsc --noEmit",lint:"eslint src bin scripts",format:'prettier --write "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"format:check":'prettier --check "src/**/*.ts" "bin/**/*.ts" "scripts/**/*.ts"',"security-scan":"trufflehog filesystem src/ --fail --no-update --exclude-paths .trufflehogignore",postinstall:`node -e "require('fs').existsSync('dist/setup.js') && require('child_process').execFileSync(process.execPath, ['dist/setup.js'], {stdio:'inherit'})"`,prepublishOnly:"npm run security-scan && npm run build","release:npm":"changeset publish",changeset:"changeset","version-packages":"changeset version","install:hooks":"node dist/cli.js install","auth:login":"node dist/cli.js auth login","auth:logout":"node dist/cli.js auth logout","auth:status":"node dist/cli.js auth status",smoke:"bash scripts/smoke-test.sh","smoke:debug":"bash scripts/smoke-test.sh --debug","smoke:send":"bash scripts/smoke-test.sh --send --allow-http --debug"},files:["dist/","README.md","LICENSE.md"],keywords:["claude-code","langfuse","observability","otlp","hooks","flow","ciandt"],author:"CI&T Flow Team",license:"SEE LICENSE IN LICENSE.md",private:!1,dependencies:{},optionalDependencies:{keytar:"7.9.0"},devDependencies:{"@changesets/changelog-github":"^0.6.0","@changesets/cli":"^2.30.0","@types/jest":"^30.0.0","@types/node":"^25.8.0",jest:"^30.4.2","ts-jest":"^29.4.9",tsup:"^8.5.1","eslint-config-prettier":"^10.1.5",prettier:"^3.5.3",typescript:"^6.0.3","typescript-eslint":"^8.33.0"},engines:{node:">=18.0.0"},overrides:{esbuild:"^0.28.1"},publishConfig:{registry:"https://registry.npmjs.org",access:"public"},repository:{type:"git",url:"git+https://github.com/CI-T-HyperX/flow-codeassistant-observability.git"}};});!process.env.NO_COLOR&&process.stdout.isTTY;function R(){return process.platform==="win32"?false:process.getuid?.()===0}function Y(){if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let t=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(t)return {home:t,username:process.env.SUDO_USER}}return {home:l__namespace.homedir(),username:process.env.SUDO_USER||process.env.USER||l__namespace.userInfo().username}}function I(){if(process.env.WSL_DISTRO_NAME&&process.platform==="linux"){let e=process.env.USERPROFILE;if(!e){let r=child_process.spawnSync("cmd.exe",["/c","echo","%USERPROFILE%"],{encoding:"utf8",timeout:5e3}).stdout?.trim();r&&/^[A-Za-z]:\\/.test(r)&&(e=r);}if(e){let t=e.replace(/^([A-Za-z]):/,(r,n)=>`/mnt/${n.toLowerCase()}`).replace(/\\/g,"/");return f__namespace.join(t,".claude","settings.json")}return f__namespace.join(l__namespace.homedir(),".claude","settings.json")}if(process.platform==="win32"){let e=process.env.USERPROFILE||l__namespace.homedir();return f__namespace.join(e,".claude","settings.json")}if(process.platform==="linux"&&process.getuid?.()===0&&process.env.SUDO_USER){let t=child_process.spawnSync("getent",["passwd",process.env.SUDO_USER],{encoding:"utf8",timeout:5e3}).stdout?.split(":")[5]?.trim();if(t)return f__namespace.join(t,".claude","settings.json")}return f__namespace.join(l__namespace.homedir(),".claude","settings.json")}var j="flow-ai-obs",G="config.json";function ve(){if(process.platform==="win32"){let r=process.env.APPDATA||f__namespace.join(l__namespace.homedir(),"AppData","Roaming");return f__namespace.join(r,j,G)}let e=Y(),t=process.env.XDG_CONFIG_HOME||f__namespace.join(e.home,".config");return f__namespace.join(t,j,G)}function Oe(){try{let e=i__namespace.readFileSync(ve(),"utf8");return JSON.parse(e)}catch{return {}}}function W(){let{baseUrl:e}=Oe();return typeof e!="string"||e.trim()===""?null:e.trim().replace(/\/$/,"")}var Le="https://flow.ciandt.com";function C(){return W()??process.env.FLOW_BASE_URL??Le}function k(){let e=C();return {AUTH_ENGINE:process.env.FLOW_AUTH_ENGINE_URL||`${e}/auth-engine-api/v2/api-key/token`,GATEWAY_TRACES:process.env.FLOW_GATEWAY_TRACES_URL||`${e}/flow-langfuse-gateway/v1/traces`,GATEWAY_HEALTH:process.env.FLOW_GATEWAY_HEALTH_URL||`${e}/flow-langfuse-gateway/v1/health`,OTEL_ENDPOINT:process.env.FLOW_OTEL_ENDPOINT_URL||`${e}/otel`}}var Re=k(),S={SERVICE:"flow-plugins-cli",ACCOUNT_CREDS:"credentials"},w="FLOW-nodejs",A="config.json";function K(){let e=C();return {ANTHROPIC_BASE_URL:process.env.FLOW_LLM_PROXY_URL??`${e}/flow-llm-proxy/`,ANTHROPIC_MODEL:process.env.FLOW_LLM_PROXY_MODEL??"anthropic.claude-4-6-sonnet",ANTHROPIC_SMALL_FAST_MODEL:process.env.FLOW_LLM_PROXY_SMALL_MODEL??"anthropic.claude-4-6-sonnet",CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS:"1"}}var J={CLAUDE_CODE_ENABLE_TELEMETRY:"1",OTEL_EXPORTER_OTLP_ENDPOINT:Re.OTEL_ENDPOINT,OTEL_EXPORTER_OTLP_PROTOCOL:"http/json",OTEL_METRICS_EXPORTER:"otlp",OTEL_LOGS_EXPORTER:"otlp",OTEL_LOG_TOOL_DETAILS:"1",OTEL_LOG_USER_PROMPTS:"1"},g={FLOW_TELEMETRY:"FLOW_TELEMETRY",FLOW_TELEMETRY_GATEWAY:"FLOW_TELEMETRY_GATEWAY_URL",LANGFUSE_BASE_URL:"LANGFUSE_BASE_URL",LANGFUSE_PUBLIC_KEY:"LANGFUSE_PUBLIC_KEY",LANGFUSE_SECRET_KEY:"LANGFUSE_SECRET_KEY",ANTHROPIC_MODEL:"ANTHROPIC_MODEL",ANTHROPIC_AUTH_TOKEN:"ANTHROPIC_AUTH_TOKEN",FLOW_OBS_DEBUG:"FLOW_TELEMETRY_DEBUG",FLOW_OBS_ALLOW_HTTP:"FLOW_TELEMETRY_ALLOW_HTTP",BUFFER_TTL_DAYS:"FLOW_TELEMETRY_BUFFER_TTL_DAYS",BUFFER_MAX_FILES:"FLOW_TELEMETRY_BUFFER_MAX_FILES"};var X={LOCK_STALE_MS:3e4},q={UserPromptSubmit:5,PreToolUse:3,PostToolUse:10,Stop:15};var z="flow-ai-obs-debug.log";var N={credentials:"credentials","token-cache":"tokenCache"};function h(){let e=l__namespace.default.homedir();if(process.platform==="darwin")return f__namespace.default.join(e,"Library","Preferences",w,A);if(process.platform==="win32"){let r=process.env.APPDATA??f__namespace.default.join(e,"AppData","Roaming");return f__namespace.default.join(r,w,A)}let t=process.env.XDG_CONFIG_HOME??f__namespace.default.join(e,".config");return f__namespace.default.join(t,w,A)}function b(){try{let e=i__namespace.default.readFileSync(h(),"utf8");return JSON.parse(e)}catch{return {}}}function Z(e){let t=h();i__namespace.default.mkdirSync(f__namespace.default.dirname(t),{recursive:true}),i__namespace.default.writeFileSync(t,JSON.stringify(e,null,2),{encoding:"utf8",mode:384});}var v=class{static isAvailable(){return true}static hasExistingData(){try{if(!i__namespace.default.existsSync(h()))return !1;let t=JSON.parse(i__namespace.default.readFileSync(h(),"utf8"));return !!(t&&t.credentials)}catch{return false}}async getSecret(t,r){let n=b(),s=N[r]??r,o=n[s];return o?typeof o=="string"?o:JSON.stringify(o):null}async setSecret(t,r,n){let s=b(),o=N[r]??r;if(r==="token-cache")try{s[o]=JSON.parse(n);}catch{s[o]=n;}else s[o]=n;Z(s);}async deleteSecret(t,r){let n=b(),s=N[r]??r;return s in n?(delete n[s],Z(n),true):false}getStoragePath(){return `config.json (unencrypted) \u2014 ${h()}`}};async function ie(){return await xe()??new v}async function xe(){switch(process.platform){case "darwin":{let{MacOsKeyVaultProvider:e}=await Promise.resolve().then(()=>(ee(),Q));return await e.isAvailable()?new e:null}case "linux":{let{LinuxKeyVaultProvider:e}=await Promise.resolve().then(()=>(ne(),re));return await e.isAvailable()?new e:null}case "win32":{let{WindowsKeyVaultProvider:e}=await Promise.resolve().then(()=>(oe(),se));return await e.isAvailable()?new e:null}default:return null}}var Me=S.SERVICE,He=S.ACCOUNT_CREDS,x=null;function Ve(){return x||(x=ie()),x}async function M(){let t=await(await Ve()).getSecret(Me,He);if(!t)return null;try{return JSON.parse(t)}catch{return null}}f.join(l.tmpdir(),z);var We=X.LOCK_STALE_MS;function ae(e){try{let t=i__namespace.statSync(e);Date.now()-t.mtimeMs>We&&i__namespace.unlinkSync(e);}catch{}try{i__namespace.writeFileSync(e,String(process.pid),{flag:"wx"});}catch(t){throw t.code==="EEXIST"?new Error("Another install is already in progress. If this is stale, remove: "+e):t}}function ce(e){try{i__namespace.unlinkSync(e);}catch{}}function Ke(e,t){let n=(Array.isArray(e)?e:[]).map(s=>{if(!Array.isArray(s?.hooks))return null;let o=s.hooks.filter(a=>!a.command?.startsWith?.("flow-ai-obs "));return o.length>0?{...s,hooks:o}:null}).filter(s=>s!=null);return [t,...n]}function le(){let e=I(),t=e+".lock",r=[];i__namespace.mkdirSync(f__namespace.dirname(e),{recursive:true}),ae(t);try{if(i__namespace.existsSync(e)){i__namespace.copyFileSync(e,e+".bkp");try{i__namespace.chmodSync(e+".bkp",384);}catch{}}let n={};try{n=JSON.parse(i__namespace.readFileSync(e,"utf8"));}catch{}let s=n.env&&typeof n.env=="object"?n.env:{};n.env={...J,...K(),...s},n.otelHeadersHelper="flow-ai-obs otel-headers",(!n.hooks||typeof n.hooks!="object"||Array.isArray(n.hooks))&&(n.hooks={});let o=(c,y)=>({matcher:"",hooks:[{type:"command",command:`flow-ai-obs ${c}`,timeout:y}]}),a=["UserPromptSubmit","PreToolUse","PostToolUse","Stop"],m=n.hooks;for(let c of a){let y=Ke(m[c],o(c,q[c]));y.length>1&&r.push(c),m[c]=y;}i__namespace.writeFileSync(e,JSON.stringify(n,null,2)+`
3
+ `,{encoding:"utf8",mode:384});try{i__namespace.chmodSync(e,384);}catch{}}finally{ce(t);}return {settingsPath:e,preserved:r}}function ue(e){let t=I(),r=t+".lock";i__namespace.mkdirSync(f__namespace.dirname(t),{recursive:true}),ae(r);try{let n={};try{n=JSON.parse(i__namespace.readFileSync(t,"utf8"));}catch{}(!n.env||typeof n.env!="object")&&(n.env={}),Object.assign(n.env,e),i__namespace.writeFileSync(t,JSON.stringify(n,null,2)+`
4
+ `,{encoding:"utf8",mode:384});try{i__namespace.chmodSync(t,384);}catch{}}finally{ce(r);}}function pe(e){if(!e)return null;try{let t=e.split(".");if(t.length<2)return null;let r=JSON.parse(Buffer.from(t[1].replace(/-/g,"+").replace(/_/g,"/"),"base64").toString("utf8")),{clientId:n,clientSecret:s,tenant:o}=r;return !n||!s||!o?null:{clientId:n,clientSecret:s,tenant:o}}catch{return null}}function de(e){let t=Buffer.from(JSON.stringify({alg:"none",typ:"JWT"})).toString("base64url"),r=Buffer.from(JSON.stringify({clientId:e.clientId,clientSecret:e.clientSecret,tenant:e.tenant})).toString("base64url");return `${t}.${r}.`}var V;function ge(){return V||(V=fe()),V}var he=f__namespace.default.join(l__namespace.default.tmpdir(),"flow-obs-update-cache.json"),Qe=1440*60*1e3,et=3e3;function tt(e,t){let r=o=>{let a=String(o).replace(/^v/,"").match(/^(\d+)\.(\d+)\.(\d+)/);return a?[+a[1],+a[2],+a[3]]:null},n=r(e),s=r(t);return !n||!s?false:s[0]!==n[0]?s[0]>n[0]:s[1]!==n[1]?s[1]>n[1]:s[2]>n[2]}function rt(){try{let e=JSON.parse(i__namespace.default.readFileSync(he,"utf8"));return typeof e.latestVersion!="string"||Date.now()-e.checkedAt>=Qe?null:e}catch{return null}}function nt(e,t,r=Date.now()){try{i__namespace.default.writeFileSync(he,JSON.stringify({latestVersion:e,updatePriority:t??null,checkedAt:r}),{mode:384});}catch{}}function st(e){let t=ge().name,r=qe__default.default.get(`https://registry.npmjs.org/${encodeURIComponent(t)}/latest`,{timeout:et},n=>{if(n.statusCode!==200)return n.resume(),e(new Error(`HTTP ${n.statusCode}`));let s="";n.setEncoding("utf8"),n.on("data",o=>{s+=o;}),n.on("end",()=>{try{let o=JSON.parse(s);if(typeof o.version!="string")throw new Error("no version field");e(null,{version:o.version,updatePriority:typeof o.updatePriority=="string"?o.updatePriority:null});}catch(o){e(o);}});});r.on("error",e),r.on("timeout",()=>{r.destroy(new Error("timeout"));});}function Ee(){try{if(rt())return;setImmediate(()=>{st((e,t)=>{e||!t||tt(ge().version,t.version)&&nt(t.version,t.updatePriority,0);});});}catch{}}var ot=f__namespace.default.resolve(__dirname,".."),it=process.env.INIT_CWD?f__namespace.default.resolve(process.env.INIT_CWD):null;it===ot&&process.exit(0);R()&&(process.stderr.write(`
5
+ [flow-ai-obs] \u2717 Do not install with sudo.
6
+ Run without sudo: npm install -g @ciandt-flow/flow-ai-obs
7
+
8
+ `),process.exit(1));async function at(){try{le();}catch{}let e=await M();if(!e){process.stderr.write(`
5
9
  [flow-ai-obs] No credentials found.
6
10
  Run \`flow-ai-obs auth login\` to authenticate and enable telemetry.
7
11
 
8
- `);return}let t=le(process.env[m.ANTHROPIC_AUTH_TOKEN]);if(!t||t.clientId!==e.clientId||t.clientSecret!==e.clientSecret||t.tenant!==e.tenant)try{let n=ue(e);ce({[m.ANTHROPIC_AUTH_TOKEN]:n});}catch{}}rt().catch(()=>{}).finally(()=>ge());
12
+ `);return}let t=pe(process.env[g.ANTHROPIC_AUTH_TOKEN]);if(!t||t.clientId!==e.clientId||t.clientSecret!==e.clientSecret||t.tenant!==e.tenant)try{let n=de(e);ue({[g.ANTHROPIC_AUTH_TOKEN]:n});}catch{}}at().catch(()=>{}).finally(()=>Ee());
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ciandt-flow/flow-ai-obs",
3
- "version": "0.7.1-beta.475",
3
+ "version": "0.7.1-beta.518",
4
4
  "description": "Claude Code hooks for Langfuse OTLP tracing — cross-platform",
5
5
  "main": "dist/index.js",
6
6
  "bin": {