@coana-tech/cli 14.12.143 → 14.12.144

package/reachability-analyzers-cli.mjs

@@ -35534,8 +35534,8 @@ var require_follow_redirects = __commonJS({
       }
       return parsed;
     }
-    function resolveUrl(relative10, base) {
-      return useNativeURL ? new URL3(relative10, base) : parseUrl(url2.resolve(base, relative10));
+    function resolveUrl(relative11, base) {
+      return useNativeURL ? new URL3(relative11, base) : parseUrl(url2.resolve(base, relative11));
     }
     function validateUrl(input) {
       if (/^\[/.test(input.hostname) && !/^\[[:0-9a-f]+\]$/i.test(input.hostname)) {
@@ -46796,7 +46796,7 @@ var require_mock_interceptor = __commonJS({
 var require_mock_client = __commonJS({
   "../../node_modules/.pnpm/undici@5.28.5/node_modules/undici/lib/mock/mock-client.js"(exports, module) {
     "use strict";
-    var { promisify } = __require("util");
+    var { promisify: promisify2 } = __require("util");
     var Client = require_client();
     var { buildMockDispatch } = require_mock_utils();
     var {
@@ -46836,7 +46836,7 @@ var require_mock_client = __commonJS({
         return new MockInterceptor(opts, this[kDispatches]);
       }
       async [kClose]() {
-        await promisify(this[kOriginalClose])();
+        await promisify2(this[kOriginalClose])();
         this[kConnected] = 0;
         this[kMockAgent][Symbols.kClients].delete(this[kOrigin]);
       }
@@ -46849,7 +46849,7 @@ var require_mock_client = __commonJS({
 var require_mock_pool = __commonJS({
   "../../node_modules/.pnpm/undici@5.28.5/node_modules/undici/lib/mock/mock-pool.js"(exports, module) {
     "use strict";
-    var { promisify } = __require("util");
+    var { promisify: promisify2 } = __require("util");
     var Pool = require_pool();
     var { buildMockDispatch } = require_mock_utils();
     var {
@@ -46889,7 +46889,7 @@ var require_mock_pool = __commonJS({
         return new MockInterceptor(opts, this[kDispatches]);
       }
       async [kClose]() {
-        await promisify(this[kOriginalClose])();
+        await promisify2(this[kOriginalClose])();
         this[kConnected] = 0;
         this[kMockAgent][Symbols.kClients].delete(this[kOrigin]);
       }
@@ -57757,13 +57757,13 @@ var require_tmp = __commonJS({
 var require_tmp_promise = __commonJS({
   "../../node_modules/.pnpm/tmp-promise@3.0.3/node_modules/tmp-promise/index.js"(exports, module) {
     "use strict";
-    var { promisify } = __require("util");
+    var { promisify: promisify2 } = __require("util");
     var tmp = require_tmp();
     module.exports.fileSync = tmp.fileSync;
-    var fileWithOptions = promisify(
+    var fileWithOptions = promisify2(
       (options, cb) => tmp.file(
         options,
-        (err, path10, fd, cleanup) => err ? cb(err) : cb(void 0, { path: path10, fd, cleanup: promisify(cleanup) })
+        (err, path10, fd, cleanup) => err ? cb(err) : cb(void 0, { path: path10, fd, cleanup: promisify2(cleanup) })
       )
     );
     module.exports.file = async (options) => fileWithOptions(options);
@@ -57776,10 +57776,10 @@ var require_tmp_promise = __commonJS({
       }
     };
     module.exports.dirSync = tmp.dirSync;
-    var dirWithOptions = promisify(
+    var dirWithOptions = promisify2(
       (options, cb) => tmp.dir(
         options,
-        (err, path10, cleanup) => err ? cb(err) : cb(void 0, { path: path10, cleanup: promisify(cleanup) })
+        (err, path10, cleanup) => err ? cb(err) : cb(void 0, { path: path10, cleanup: promisify2(cleanup) })
       )
     );
     module.exports.dir = async (options) => dirWithOptions(options);
@@ -57792,7 +57792,7 @@ var require_tmp_promise = __commonJS({
       }
     };
     module.exports.tmpNameSync = tmp.tmpNameSync;
-    module.exports.tmpName = promisify(tmp.tmpName);
+    module.exports.tmpName = promisify2(tmp.tmpName);
     module.exports.tmpdir = tmp.tmpdir;
     module.exports.setGracefulCleanup = tmp.setGracefulCleanup;
   }
@@ -59955,8 +59955,8 @@ var require_utils4 = __commonJS({
     exports.toPosixSlashes = (str) => str.replace(REGEX_BACKSLASH, "/");
     exports.isWindows = () => {
       if (typeof navigator !== "undefined" && navigator.platform) {
-        const platform6 = navigator.platform.toLowerCase();
-        return platform6 === "win32" || platform6 === "windows";
+        const platform7 = navigator.platform.toLowerCase();
+        return platform7 === "win32" || platform7 === "windows";
       }
       if (typeof process !== "undefined" && process.platform) {
         return process.platform === "win32";
@@ -79999,7 +79999,7 @@ function deserializeRustDependencyChainNode(s2) {
 
 // dist/main.js
 var import_lodash22 = __toESM(require_lodash(), 1);
-import { relative as relative9, resolve as resolve22 } from "path";
+import { relative as relative10, resolve as resolve22 } from "path";
 
 // ../utils/src/dashboard-api/coana-api.ts
 import { writeFile } from "fs/promises";
@@ -80226,15 +80226,6 @@ var import_form_data2 = __toESM(require_form_data(), 1);
 import { readFile as readFile2 } from "node:fs/promises";
 import { join } from "node:path";
 
-// ../web-compat-utils/src/ghsa.ts
-function extractGHSAIdFromUrl(url2) {
-  const match2 = url2.match(/(GHSA-[a-z0-9-]+)/);
-  if (match2) {
-    return match2[1];
-  }
-  return void 0;
-}
-
 // ../../node_modules/.pnpm/remeda@2.21.2/node_modules/remeda/dist/chunk-ANXBDSUI.js
 var s = { done: false, hasNext: false };
 
@@ -80536,30 +80527,7 @@ async function registerCLIProgressSocket(isStartEvent, cliProgressEvent, tier1Sc
     handleError(error, "Error registering CLI progress", false);
   }
 }
-async function registerAnalysisMetadataSocket(subprojectPath, workspacePath, ecosystem, analysisMetadata, tier1ScanId) {
-  if (!tier1ScanId) {
-    return;
-  }
-  const abnormalExit = analysisMetadata.analysisDiagnostics.aborted ? "ABORTED" : analysisMetadata.analysisDiagnostics.timeout ? "TIMEOUT" : "NONE";
-  try {
-    const url2 = getSocketApiUrl("tier1-reachability-scan/analysis-metadata");
-    const data2 = {
-      tier1_reachability_scan_id: tier1ScanId,
-      subproject_path: subprojectPath,
-      workspace_path: workspacePath,
-      ghsa_ids: analysisMetadata.vulnUrls.map((vUrl) => extractGHSAIdFromUrl(vUrl)).filter((ghsaId) => ghsaId !== void 0),
-      analysis_diagnostics: analysisMetadata.analysisDiagnostics,
-      heuristic_name: analysisMetadata.heuristicName,
-      is_final_result: analysisMetadata.finalResult,
-      purl_type: getPurlType(ecosystem),
-      error_message: analysisMetadata.errorMessage,
-      experiment_name: analysisMetadata.experiment,
-      abnormal_exit: abnormalExit
-    };
-    await axios2.put(url2, data2, { headers: getAuthHeaders() });
-  } catch (error) {
-    handleError(error, "Error registering analysis metadata", false);
-  }
+async function registerAnalysisMetadataSocket(_subprojectPath, _workspacePath, _ecosystem, _analysisMetadata, _tier1ScanId) {
 }
 async function getLatestBucketsSocket(subprojectPath, workspacePath) {
   try {
@@ -80667,6 +80635,54 @@ async function sendLogChunkSocket(reportId, logs) {
     console.warn("Failed to send log chunk to Socket:", error.message);
   }
 }
+async function createAnalysisMetadataSocket(tier1ScanId, subprojectPath, workspacePath, ecosystem, ghsaIds, heuristicName, experimentName) {
+  if (!tier1ScanId) return void 0;
+  try {
+    const url2 = getSocketApiUrl("tier1-reachability-scan/create-analysis-metadata");
+    const data2 = {
+      tier1_reachability_scan_id: tier1ScanId,
+      subproject_path: subprojectPath,
+      workspace_path: workspacePath,
+      purl_type: getPurlType(ecosystem),
+      ghsa_ids: ghsaIds,
+      heuristic_name: heuristicName,
+      experiment_name: experimentName
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.analysis_metadata_id;
+  } catch (error) {
+    handleError(error, "Error creating analysis metadata", false);
+    return void 0;
+  }
+}
+async function sendTelemetrySocket(analysisMetadataId, telemetry) {
+  try {
+    const url2 = getSocketApiUrl("tier1-reachability-scan/add-telemetry");
+    const data2 = {
+      analysis_metadata_id: analysisMetadataId,
+      telemetry
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    console.warn("Failed to send telemetry to Socket:", error.message);
+  }
+}
+async function registerDiagnosticsToAnalysisMetadataSocket(analysisMetadataId, diagnosticsData) {
+  const abnormalExit = diagnosticsData.analysisDiagnostics.aborted ? "ABORTED" : diagnosticsData.analysisDiagnostics.timeout ? "TIMEOUT" : "NONE";
+  try {
+    const url2 = getSocketApiUrl("tier1-reachability-scan/register-diagnostics-to-analysis-metadata");
+    const data2 = {
+      analysis_metadata_id: analysisMetadataId,
+      analysis_diagnostics: diagnosticsData.analysisDiagnostics,
+      is_final_result: diagnosticsData.finalResult,
+      error_message: diagnosticsData.errorMessage,
+      abnormal_exit: abnormalExit
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error registering diagnostics to analysis metadata", false);
+  }
+}
 function getSocketAPI() {
   return {
     createSocketTier1Scan,
@@ -80679,7 +80695,10 @@ function getSocketAPI() {
     finalizeAutofixRun,
     registerUpgradePurlRun,
     finalizeUpgradePurlRun,
-    sendLogChunkSocket
+    sendLogChunkSocket,
+    createAnalysisMetadataSocket,
+    sendTelemetrySocket,
+    registerDiagnosticsToAnalysisMetadataSocket
   };
 }
 
@@ -80796,6 +80815,39 @@ var DashboardAPI = class {
       await this.socketAPI.sendLogChunkSocket(reportId, logs);
     }
   }
+  async createAnalysisMetadata(tier1ScanId, subprojectPath, workspacePath, ecosystem, ghsaIds, heuristicName, experimentName) {
+    if (this.disableAnalyticsSharing) {
+      return void 0;
+    }
+    if (this.socketMode) {
+      return await this.socketAPI.createAnalysisMetadataSocket(
+        tier1ScanId,
+        subprojectPath,
+        workspacePath,
+        ecosystem,
+        ghsaIds,
+        heuristicName,
+        experimentName
+      );
+    }
+    return void 0;
+  }
+  async sendTelemetry(analysisMetadataId, telemetry) {
+    if (this.disableAnalyticsSharing) {
+      return;
+    }
+    if (this.socketMode) {
+      await this.socketAPI.sendTelemetrySocket(analysisMetadataId, telemetry);
+    }
+  }
+  async registerDiagnosticsToAnalysisMetadata(analysisMetadataId, diagnosticsData) {
+    if (this.disableAnalyticsSharing || !analysisMetadataId) {
+      return;
+    }
+    if (this.socketMode) {
+      this.socketAPI.registerDiagnosticsToAnalysisMetadataSocket(analysisMetadataId, diagnosticsData).catch((err) => logger.debug("Failed to register diagnostics to analysis metadata:", err));
+    }
+  }
 };
 
 // dist/analyzers/go-analyzer.js
@@ -80823,7 +80875,68 @@ import { join as join3 } from "path";
 
 // ../utils/src/command-utils.ts
 import assert from "assert";
+import { execFile as execFile2 } from "child_process";
+
+// ../utils/src/telemetry/telemetry-collector.ts
 import { execFile } from "child_process";
+import { platform } from "os";
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
+var TelemetryCollector = class {
+  /**
+   * Collect memory metrics for a child process by PID.
+   * Uses OS-specific commands to query memory usage.
+   *
+   * @param pid - The process ID to query
+   * @returns TelemetryMetrics or undefined if the process doesn't exist or query fails
+   */
+  async collectChildProcessMetrics(pid) {
+    if (!Number.isInteger(pid) || pid <= 0) {
+      return void 0;
+    }
+    try {
+      const currentPlatform = platform();
+      if (currentPlatform === "darwin" || currentPlatform === "linux") {
+        return await this.collectUnixProcessMetrics(pid);
+      }
+      return void 0;
+    } catch {
+      return void 0;
+    }
+  }
+  /**
+   * Collect metrics for a Unix-like system (macOS, Linux) using ps command.
+   */
+  async collectUnixProcessMetrics(pid) {
+    try {
+      const { stdout } = await execFileAsync("ps", ["-o", "rss=,pcpu=", "-p", String(pid)], {
+        timeout: 5e3
+      });
+      const trimmed = stdout.trim();
+      if (!trimmed) {
+        return void 0;
+      }
+      const parts = trimmed.split(/\s+/);
+      if (parts.length < 2) {
+        return void 0;
+      }
+      const rssKb = parseInt(parts[0], 10);
+      const cpuPercent = parseFloat(parts[1]);
+      if (isNaN(rssKb) || isNaN(cpuPercent)) {
+        return void 0;
+      }
+      const rssBytes = rssKb * 1024;
+      return {
+        rss: rssBytes,
+        cpuPercent
+      };
+    } catch {
+      return void 0;
+    }
+  }
+};
+
+// ../utils/src/command-utils.ts
 var DEFAULT_TIMEOUT_MS = 30 * 60 * 1e3;
 async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
   const result = await execNeverFail(cmd, dir, options);
@@ -80852,14 +80965,35 @@ function startHeartbeat(options) {
   timer.unref?.();
   return () => clearInterval(timer);
 }
+var DEFAULT_TELEMETRY_INTERVAL_MS = 5e3;
+function startTelemetry(pid, handler) {
+  const collector = new TelemetryCollector();
+  const intervalMs = handler.intervalMs ?? DEFAULT_TELEMETRY_INTERVAL_MS;
+  const collectAndReport = async () => {
+    const metrics = await collector.collectChildProcessMetrics(pid);
+    if (metrics) {
+      handler.onTelemetry(metrics);
+    }
+  };
+  collectAndReport().catch((err) => {
+    logger.debug("Initial telemetry collection failed:", err);
+  });
+  const timer = setInterval(() => {
+    collectAndReport().catch(() => {
+    });
+  }, intervalMs);
+  timer.unref?.();
+  return () => clearInterval(timer);
+}
 async function execNeverFail(cmd, dir, options) {
   const stopHeartbeat = options?.heartbeat ? startHeartbeat(options.heartbeat) : void 0;
+  let stopTelemetry;
   try {
     return await new Promise((resolve23) => {
       let args;
       if (typeof cmd !== "string") [cmd, ...args] = cmd;
       const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
-      const childProcess = execFile(
+      const childProcess = execFile2(
         cmd,
         args,
         { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout },
@@ -80867,6 +81001,9 @@ async function execNeverFail(cmd, dir, options) {
           resolve23({ error, stdout, stderr });
         }
       );
+      if (options?.telemetryHandler && childProcess.pid) {
+        stopTelemetry = startTelemetry(childProcess.pid, options.telemetryHandler);
+      }
       if (options?.pipe) {
         childProcess.stdout?.on("data", (data2) => {
           Spinner.instance().suspend(() => {
@@ -80884,6 +81021,7 @@ async function execNeverFail(cmd, dir, options) {
     });
   } finally {
     stopHeartbeat?.();
+    stopTelemetry?.();
   }
 }
 async function exec(cmd, dir, options) {
@@ -86442,7 +86580,7 @@ var Pattern = class _Pattern {
   #isUNC;
   #isAbsolute;
   #followGlobstar = true;
-  constructor(patternList, globList, index2, platform6) {
+  constructor(patternList, globList, index2, platform7) {
     if (!isPatternList(patternList)) {
       throw new TypeError("empty pattern list");
     }
@@ -86459,7 +86597,7 @@ var Pattern = class _Pattern {
     this.#patternList = patternList;
     this.#globList = globList;
     this.#index = index2;
-    this.#platform = platform6;
+    this.#platform = platform7;
     if (this.#index === 0) {
       if (this.isUNC()) {
         const [p0, p1, p2, p3, ...prest] = this.#patternList;
@@ -86601,12 +86739,12 @@ var Ignore = class {
   absoluteChildren;
   platform;
   mmopts;
-  constructor(ignored, { nobrace, nocase, noext, noglobstar, platform: platform6 = defaultPlatform2 }) {
+  constructor(ignored, { nobrace, nocase, noext, noglobstar, platform: platform7 = defaultPlatform2 }) {
     this.relative = [];
     this.absolute = [];
     this.relativeChildren = [];
     this.absoluteChildren = [];
-    this.platform = platform6;
+    this.platform = platform7;
     this.mmopts = {
       dot: true,
       nobrace,
@@ -86614,7 +86752,7 @@ var Ignore = class {
       noext,
       noglobstar,
       optimizationLevel: 2,
-      platform: platform6,
+      platform: platform7,
       nocomment: true,
       nonegate: true
     };
@@ -86652,10 +86790,10 @@ var Ignore = class {
   ignored(p) {
     const fullpath = p.fullpath();
     const fullpaths = `${fullpath}/`;
-    const relative10 = p.relative() || ".";
-    const relatives = `${relative10}/`;
+    const relative11 = p.relative() || ".";
+    const relatives = `${relative11}/`;
     for (const m of this.relative) {
-      if (m.match(relative10) || m.match(relatives))
+      if (m.match(relative11) || m.match(relatives))
         return true;
     }
     for (const m of this.absolute) {
@@ -86666,9 +86804,9 @@ var Ignore = class {
   }
   childrenIgnored(p) {
     const fullpath = p.fullpath() + "/";
-    const relative10 = (p.relative() || ".") + "/";
+    const relative11 = (p.relative() || ".") + "/";
     for (const m of this.relativeChildren) {
-      if (m.match(relative10))
+      if (m.match(relative11))
         return true;
     }
     for (const m of this.absoluteChildren) {
@@ -87493,6 +87631,24 @@ var import_semver4 = __toESM(require_semver2(), 1);
 import assert8 from "assert";
 import { relative as relative7 } from "path";
 
+// ../utils/src/telemetry/telemetry-options-factory.ts
+function createTelemetryHandler(dashboardAPI4, analysisMetadataId) {
+  if (!analysisMetadataId) {
+    return void 0;
+  }
+  return {
+    onTelemetry: (metrics) => {
+      dashboardAPI4.sendTelemetry(analysisMetadataId, [
+        {
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          metrics
+        }
+      ]).catch((err) => logger.debug("Failed to send telemetry:", err));
+    },
+    intervalMs: 5e3
+  };
+}
+
 // ../utils/src/promise-queue.ts
 var PromiseQueue = class {
   /*
@@ -87569,6 +87725,25 @@ var PromiseQueue = class {
 // ../web-compat-utils/src/analysis-error-keys.ts
 var FAILED_TO_INSTALL_PACKAGE_KEY = "[UNABLE_TO_INSTALL_PACKAGE_ERROR]: ";
 
+// ../web-compat-utils/src/ghsa.ts
+function extractGHSAIdFromUrl(url2) {
+  const match2 = url2.match(/(GHSA-[a-z0-9-]+)/);
+  if (match2) {
+    return match2[1];
+  }
+  return void 0;
+}
+function extractGhsaIdsFromVulnUrls(vulnUrls) {
+  const ghsaIds = /* @__PURE__ */ new Set();
+  for (const url2 of vulnUrls) {
+    const ghsaId = extractGHSAIdFromUrl(url2);
+    if (ghsaId) {
+      ghsaIds.add(ghsaId);
+    }
+  }
+  return Array.from(ghsaIds);
+}
+
 // ../web-compat-utils/src/detected-occurrence-utils.ts
 function hasReachableMatches(detectedOccurrences) {
   if (!detectedOccurrences) return false;
@@ -87919,14 +88094,14 @@ function findBestWheel(packageName, version3, packageData) {
       logger.debug(`Invalid wheel file name: ${filename}`);
       return void 0;
     }
-    let [distribution, whVersion, pyver, abi, platform6] = parts;
+    let [distribution, whVersion, pyver, abi, platform7] = parts;
     if (whVersion !== version3) return void 0;
     if (normalizePackageName(distribution) !== normalized)
       logger.debug(`Distribution name mismatch: ${distribution} != ${normalized}`);
     if (pyver === "py2.py3") pyver = "py3";
     if (!pyver.startsWith("py") && !pyver.startsWith("cp")) return void 0;
     if (pyver[2] === "2") return void 0;
-    return { url: url2, version: pyver.slice(2), abi, platforms: platform6.split(".") };
+    return { url: url2, version: pyver.slice(2), abi, platforms: platform7.split(".") };
   }).filter((w) => w !== void 0);
   if (wheels.length === 0) {
     logger.debug(`No suitable wheel file found for ${packageName}==${version3}`);
@@ -87939,9 +88114,9 @@ function findBestWheel(packageName, version3, packageData) {
   });
   for (const re of [/^any$/, /linux.*x86_64/, /linux/, /(?:x86_|amd)64/, /./]) {
     for (const candidate of wheels) {
-      const platform6 = candidate.platforms.find((p) => re.test(p));
-      if (platform6 !== void 0)
-        return { url: candidate.url, pythonVersion: candidate.version, abi: candidate.abi, platform: platform6 };
+      const platform7 = candidate.platforms.find((p) => re.test(p));
+      if (platform7 !== void 0)
+        return { url: candidate.url, pythonVersion: candidate.version, abi: candidate.abi, platform: platform7 };
     }
   }
 }
@@ -88268,9 +88443,9 @@ var ToolPathResolver = class {
   /**
    * Get the path to the Goana binary for the current platform and architecture
    */
-  static getGoanaBinaryPath(platform6, arch) {
+  static getGoanaBinaryPath(platform7, arch) {
     const rarch = arch === "arm" ? "arm64" : arch === "x64" ? "amd64" : arch;
-    const binaryName = `goana-${platform6}-${rarch}.gz`;
+    const binaryName = `goana-${platform7}-${rarch}.gz`;
     return resolve6(COANA_REPOS_PATH(), "goana", "bin", binaryName);
   }
   /**
@@ -90054,8 +90229,8 @@ var parseKVLine = (set, line) => {
 };
 
 // ../../node_modules/.pnpm/tar@7.4.3/node_modules/tar/dist/esm/normalize-windows-path.js
-var platform = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
-var normalizeWindowsPath = platform !== "win32" ? (p) => p : (p) => p && p.replace(/\\/g, "/");
+var platform2 = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
+var normalizeWindowsPath = platform2 !== "win32" ? (p) => p : (p) => p && p.replace(/\\/g, "/");
 
 // ../../node_modules/.pnpm/tar@7.4.3/node_modules/tar/dist/esm/read-entry.js
 var ReadEntry = class extends Minipass {
@@ -91882,8 +92057,8 @@ import path7 from "node:path";
 
 // ../../node_modules/.pnpm/tar@7.4.3/node_modules/tar/dist/esm/get-write-flag.js
 import fs5 from "fs";
-var platform2 = process.env.__FAKE_PLATFORM__ || process.platform;
-var isWindows = platform2 === "win32";
+var platform3 = process.env.__FAKE_PLATFORM__ || process.platform;
+var isWindows = platform3 === "win32";
 var { O_CREAT, O_TRUNC, O_WRONLY } = fs5.constants;
 var UV_FS_O_FILEMAP = Number(process.env.__FAKE_FS_O_FILENAME__) || fs5.constants.UV_FS_O_FILEMAP || 0;
 var fMapEnabled = isWindows && !!UV_FS_O_FILEMAP;
@@ -92138,7 +92313,7 @@ var mkdirpNative = Object.assign(async (path10, options) => {
 
 // ../../node_modules/.pnpm/mkdirp@3.0.1/node_modules/mkdirp/dist/mjs/path-arg.js
 import { parse as parse6, resolve as resolve7 } from "path";
-var platform3 = process.env.__TESTING_MKDIRP_PLATFORM__ || process.platform;
+var platform4 = process.env.__TESTING_MKDIRP_PLATFORM__ || process.platform;
 var pathArg = (path10) => {
   if (/\0/.test(path10)) {
     throw Object.assign(new TypeError("path must be a string without null bytes"), {
@@ -92147,7 +92322,7 @@ var pathArg = (path10) => {
     });
   }
   path10 = resolve7(path10);
-  if (platform3 === "win32") {
+  if (platform4 === "win32") {
     const badWinChars = /[*|"<>?:]/;
     const { root: root3 } = parse6(path10);
     if (badWinChars.test(path10.substring(root3.length))) {
@@ -92407,8 +92582,8 @@ var normalizeUnicode = (s2) => {
 
 // ../../node_modules/.pnpm/tar@7.4.3/node_modules/tar/dist/esm/path-reservations.js
 import { join as join9 } from "node:path";
-var platform4 = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
-var isWindows2 = platform4 === "win32";
+var platform5 = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
+var isWindows2 = platform5 === "win32";
 var getDirs = (path10) => {
   const dirs = path10.split("/").slice(0, -1).reduce((set, path11) => {
     const s2 = set[set.length - 1];
@@ -92564,8 +92739,8 @@ var DOCHOWN = Symbol("doChown");
 var UID = Symbol("uid");
 var GID = Symbol("gid");
 var CHECKED_CWD = Symbol("checkedCwd");
-var platform5 = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
-var isWindows3 = platform5 === "win32";
+var platform6 = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;
+var isWindows3 = platform6 === "win32";
 var DEFAULT_MAX_DEPTH = 1024;
 var unlinkFile = (path10, cb) => {
   if (!isWindows3) {
@@ -93511,13 +93686,13 @@ async function getNodeExecutable(overridePath) {
   logger.debug("Extracting Node.js binary for spawned processes...");
   extractedNodePath = (async () => {
     const extractedPath = await extractTool("nodejs-binaries", "nodejs-binaries");
-    const { platform: platform6, arch } = process;
+    const { platform: platform7, arch } = process;
     const nodeArch = arch === "arm" ? "arm64" : arch;
-    const isWindows4 = platform6 === "win32";
-    const binaryName = isWindows4 ? `node-${platform6}-${nodeArch}.exe.gz` : `node-${platform6}-${nodeArch}.gz`;
+    const isWindows4 = platform7 === "win32";
+    const binaryName = isWindows4 ? `node-${platform7}-${nodeArch}.exe.gz` : `node-${platform7}-${nodeArch}.gz`;
     const compressedBinaryPath = join10(extractedPath, binaryName);
     if (!await exists(compressedBinaryPath)) {
-      throw new Error(`Node.js binary not found: ${compressedBinaryPath}. Platform: ${platform6}-${nodeArch}`);
+      throw new Error(`Node.js binary not found: ${compressedBinaryPath}. Platform: ${platform7}-${nodeArch}`);
     }
     const tmpDir = join10(getExtractionBaseDir(), "node-runtime");
     await mkdir4(tmpDir, { recursive: true });
@@ -95871,7 +96046,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       return packageIds?.map((packageId) => this.depIdToPurl.get(packageId)).filter((purl) => purl !== void 0).map((purl) => purl.name ?? "");
     });
   }
-  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, _experiment) {
+  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, _experiment, telemetryHandler) {
     try {
       this.statusUpdater?.("Preparing code for analysis...");
       const packagesToAnalyze = heuristic.getPackagesToAnalyze(vulnerabilities);
@@ -95880,12 +96055,12 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
         const purl = this.depIdToPurl.get(packageId);
         return purl?.name && packagesToAnalyzeSet.has(purl.name);
       }));
-      return await this.actuallyRunAnalysis(vulnerabilities.flatMap((v) => v.vulnerabilityAccessPaths), timeoutInSeconds, filteredDeps);
+      return await this.actuallyRunAnalysis(vulnerabilities.flatMap((v) => v.vulnerabilityAccessPaths), timeoutInSeconds, filteredDeps, telemetryHandler);
     } catch (e) {
       return { type: "error", message: e.message };
     }
   }
-  async actuallyRunAnalysis(vulnerabilityAccessPaths, timeoutInSeconds, filteredDeps) {
+  async actuallyRunAnalysis(vulnerabilityAccessPaths, timeoutInSeconds, filteredDeps, telemetryHandler) {
     this.statusUpdater?.("Running analysis...");
     return withTmpDirectory("dotnet-run-analysis", async (tmpDir) => {
       try {
@@ -95903,7 +96078,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.dotnet });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.dotnet, telemetryHandler });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile6(outputFile, "utf-8")).result;
@@ -97697,10 +97872,10 @@ function compareDocumentPosition(nodeA, nodeB) {
 function uniqueSort(nodes) {
   nodes = nodes.filter((node, i4, arr) => !arr.includes(node, i4 + 1));
   nodes.sort((a2, b) => {
-    const relative10 = compareDocumentPosition(a2, b);
-    if (relative10 & DocumentPosition.PRECEDING) {
+    const relative11 = compareDocumentPosition(a2, b);
+    if (relative11 & DocumentPosition.PRECEDING) {
       return -1;
-    } else if (relative10 & DocumentPosition.FOLLOWING) {
+    } else if (relative11 & DocumentPosition.FOLLOWING) {
       return 1;
     }
     return 0;
@@ -109847,7 +110022,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       return packageIds?.map((packageId) => this.depIdToPurl.get(packageId)).filter((purl) => purl !== void 0).map((purl) => `${purl.namespace}:${purl.name}}`);
     });
   }
-  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, _experiment) {
+  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, _experiment, telemetryHandler) {
     try {
       this.statusUpdater?.("Preparing code for analysis...");
       const packagesToAnalyze = heuristic.getPackagesToAnalyze(vulnerabilities);
@@ -109856,12 +110031,12 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
         const purl = this.depIdToPurl.get(packageId);
         return purl && packagesToAnalyzeSet.has(`${purl.namespace}:${purl.name}}`);
       }));
-      return await this.actuallyRunAnalysis(vulnerabilities.flatMap((v) => v.vulnerabilityAccessPaths), timeoutInSeconds, filteredDeps);
+      return await this.actuallyRunAnalysis(vulnerabilities.flatMap((v) => v.vulnerabilityAccessPaths), timeoutInSeconds, filteredDeps, telemetryHandler);
     } catch (e) {
       return { type: "error", message: e.message };
     }
   }
-  async actuallyRunAnalysis(vulnerabilityAccessPaths, timeoutInSeconds, filteredDeps) {
+  async actuallyRunAnalysis(vulnerabilityAccessPaths, timeoutInSeconds, filteredDeps, telemetryHandler) {
     this.statusUpdater?.("Running analysis...");
     return withTmpDirectory("java-run-analysis", async (tmpDir) => {
       try {
@@ -109879,7 +110054,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve10(tmpDir, "output.json");
       await writeFile5(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.java });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.java, telemetryHandler });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -110467,7 +110642,7 @@ import { readFile as readFile8, realpath as realpath2, rm as rm2, writeFile as w
 import { relative as relative6, resolve as resolve13 } from "path";
 var { map: map2, uniq: uniq4 } = import_lodash10.default;
 var PRINT_JELLY_COMMAND = false;
-async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reachabilityAnalysisOptions, timeoutInSeconds, vulnerabilities, experiment) {
+async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reachabilityAnalysisOptions, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler) {
   const tmpFolder = await createTmpDirectory("jelly-analysis");
   try {
     const filesToAnalyze = reachabilityAnalysisOptions.entryPoints ?? [projectRoot];
@@ -110511,7 +110686,12 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       jellyCmd,
       void 0,
       // Use SIGKILL to ensure termination even if the process is unresponsive 50% above the timeout (e.g., due to GC pressure).
-      { timeout: timeoutInSeconds * 1e3 * 1.5, killSignal: "SIGKILL", heartbeat: HEARTBEATS.js }
+      {
+        timeout: timeoutInSeconds * 1e3 * 1.5,
+        killSignal: "SIGKILL",
+        heartbeat: HEARTBEATS.js,
+        telemetryHandler
+      }
     );
     if (reachabilityAnalysisOptions.printLogFile)
       logger.info("JS analysis log file:", await readFile8(logFile, "utf-8"));
@@ -110544,7 +110724,7 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
     await rm2(tmpFolder, { recursive: true });
   }
 }
-async function runJellyPhantomDependencyAnalysis(projectRoot, options) {
+async function runJellyPhantomDependencyAnalysis(projectRoot, options, telemetryHandler) {
   const tmpFolder = await createTmpDirectory("jelly-analysis");
   try {
     const jellyExecutable = ToolPathResolver.jellyPath;
@@ -110555,14 +110735,15 @@ async function runJellyPhantomDependencyAnalysis(projectRoot, options) {
     await runCommandResolveStdOut2(jellyCmd, void 0, {
       timeout: options.timeoutSeconds.allVulnRuns * 1e3,
       killSignal: "SIGKILL",
-      heartbeat: HEARTBEATS.js
+      heartbeat: HEARTBEATS.js,
+      telemetryHandler
     });
     return JSON.parse(await readFile8(reachablePackagesFile, "utf-8")).packages;
   } finally {
     await rm2(tmpFolder, { recursive: true });
   }
 }
-async function runJellyImportReachabilityAnalysis(mainProjectRoot, projectRoot, vulnerabilities, options) {
+async function runJellyImportReachabilityAnalysis(mainProjectRoot, projectRoot, vulnerabilities, options, telemetryHandler) {
   const tmpFolder = await createTmpDirectory("jelly-analysis");
   try {
     const includePackages = computePackagesOnVulnPath(vulnerabilities, { includeLeafPackages: true });
@@ -110576,7 +110757,8 @@ async function runJellyImportReachabilityAnalysis(mainProjectRoot, projectRoot,
     await runCommandResolveStdOut2(jellyCmd, void 0, {
       timeout: options.timeoutSeconds.allVulnRuns * 1e3,
       killSignal: "SIGKILL",
-      heartbeat: HEARTBEATS.js
+      heartbeat: HEARTBEATS.js,
+      telemetryHandler
     });
     return JSON.parse(await readFile8(reachableModulesFile, "utf-8"));
   } finally {
@@ -110631,11 +110813,11 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
     const { failedPackages } = await prepareNpmDependencies(state.rootWorkingDir, this.projectDir, state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.transitiveDependencies : Object.fromEntries(state.workspaceData.data.artifacts.map((d) => [d.id, d])), state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.dependencies ?? [] : state.workspaceData.data.artifacts.filter((a2) => a2.direct).map((a2) => a2.id), packagesToInstall);
     this.packagesExcludedUnrelatedToHeuristic = failedPackages.map((p) => getPackageName(p));
   }
-  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, experiment) {
+  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, experiment, telemetryHandler) {
     const analysisOptionsFromHeuristic = heuristic.getOptions(vulnerabilities);
     try {
       analysisOptionsFromHeuristic.approx = process.env.JELLY_APPROX === "true" || experiment === "JELLY_APPROX";
-      const analysisRes = await runJellyAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment);
+      const analysisRes = await runJellyAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler);
       const { analysisDiagnostics: diagnostics, matches } = analysisRes;
       return {
         type: "success",
@@ -110814,7 +110996,7 @@ var GoCodeAwareVulnerabilityScanner = class {
     this.projectDir = projectDir;
     this.options = options;
   }
-  async runAnalysis(vulns, heuristic, timeoutInSeconds) {
+  async runAnalysis(vulns, heuristic, timeoutInSeconds, _experiment, telemetryHandler) {
     logger.info("Started instantiating Go code-aware analysis");
     if (!existsSync10(join15(this.projectDir, "go.mod")))
       throw new Error("go.mod file not found in the project directory");
@@ -110838,7 +111020,8 @@ var GoCodeAwareVulnerabilityScanner = class {
         timeout: timeoutInSeconds * 1e3,
         killSignal: "SIGKILL",
         env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0,
-        heartbeat: HEARTBEATS.go
+        heartbeat: HEARTBEATS.go,
+        telemetryHandler
       });
       if (error) {
         logger.error("Error running Go code-aware analysis", error);
@@ -111244,7 +111427,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       return packageIds?.map((packageId) => this.depIdToPurl.get(packageId)?.name).filter((name2) => name2 !== void 0).map((name2) => name2);
     });
   }
-  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds) {
+  async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, _experiment, telemetryHandler) {
     try {
       this.statusUpdater?.("Preparing code for analysis...");
       const packagesToAnalyze = heuristic.getPackagesToAnalyze(vulnerabilities);
@@ -111253,12 +111436,12 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
         const purl = this.depIdToPurl.get(packageId);
         return purl?.name && packagesToAnalyzeSet.has(purl.name);
       }));
-      return await this.actuallyRunAnalysis(vulnerabilities.flatMap((v) => v.vulnerabilityAccessPaths), timeoutInSeconds, filteredDeps);
+      return await this.actuallyRunAnalysis(vulnerabilities.flatMap((v) => v.vulnerabilityAccessPaths), timeoutInSeconds, filteredDeps, telemetryHandler);
     } catch (e) {
       return { type: "error", message: e.message };
     }
   }
-  async actuallyRunAnalysis(vulnerabilityAccessPaths, timeoutInSeconds, filteredDeps) {
+  async actuallyRunAnalysis(vulnerabilityAccessPaths, timeoutInSeconds, filteredDeps, telemetryHandler) {
     this.statusUpdater?.("Running analysis...");
     return withTmpDirectory("rust-run-analysis", async (tmpDir) => {
       const effectiveTimeout = timeoutInSeconds;
@@ -111273,7 +111456,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const outputFile = resolve15(tmpDir, "output.json");
       await writeFile8(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(effectiveTimeout * 1.5, effectiveTimeout + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.rust });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.rust, telemetryHandler });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile10(outputFile, "utf-8")).result;
@@ -111744,7 +111927,7 @@ var PythonCodeAwareVulnerabilityScanner = class {
       logger.info("Done setting up virtual environment");
     }
   }
-  async runAnalysis(vulns, heuristic, timeoutInSeconds) {
+  async runAnalysis(vulns, heuristic, timeoutInSeconds, _experiment, telemetryHandler) {
     if (!this.virtualEnvInfo)
       throw new Error("Virtual environment not set up");
     this.mambaladeVenvPath ??= await setupMambalade();
@@ -111798,7 +111981,8 @@ var PythonCodeAwareVulnerabilityScanner = class {
         // Use SIGKILL to ensure termination even if the process is unresponsive.
         timeout: (timeoutInSeconds * 1.5 + 15) * 1e3,
         killSignal: "SIGKILL",
-        heartbeat: HEARTBEATS.python
+        heartbeat: HEARTBEATS.python,
+        telemetryHandler
       });
       logger.debug("Done running mambalade");
       const errors = stderr.split("\n").filter((line) => line.startsWith("ERROR:") && !/^ERROR: Excluded distribution/.test(line));
@@ -112562,12 +112746,14 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
       };
       const vulnDepIdentifierToVulns = groupBy(bucket.vulnerabilities, getVulnDepIdentifier);
       const vulnDepIdentifiers = Object.keys(vulnDepIdentifierToVulns);
+      const ghsaIds = extractGhsaIdsFromVulnUrls(vulnsForBucket.map((v) => v.url));
+      const analysisMetadataId = COANA_REPORT_ID ? await dashboardAPI.createAnalysisMetadata(COANA_REPORT_ID, relative7(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, ecosystem, ghsaIds, bucket.heuristic.name, experiment) : void 0;
       try {
         newAnalysisRunListener();
         const initialBucketContainingAllVulns = buckets.length === 1 && buckets[0] === bucket;
         const timeoutInSeconds = initialBucketContainingAllVulns ? state.reachabilityAnalysisOptions.timeoutSeconds.allVulnRuns : state.reachabilityAnalysisOptions.timeoutSeconds.bucketedRuns;
         logger.info(`Running full reachability analysis for ${vulnsForBucket.length}/${vulnerabilities.length} vulnerabilities.`);
-        const result = await codeAwareScanner.runAnalysis(vulnsForBucket, bucket.heuristic, timeoutInSeconds, experiment);
+        const result = await codeAwareScanner.runAnalysis(vulnsForBucket, bucket.heuristic, timeoutInSeconds, experiment, createTelemetryHandler(dashboardAPI, analysisMetadataId));
         const allowSplitInBuckets = !disableBucketing && bucket.heuristic.splitAnalysisInBuckets && !state.otherAnalysisOptions.disableBucketing && vulnDepIdentifiers.length > 1 && (result.type === "error" || result.reachedDependencies);
         if (result.type === "success") {
           result.diagnostics.timings ??= {};
@@ -112581,11 +112767,13 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
             const analysisMetadata = { ...partialWithDiagnostics, finalResult: true };
             bucketedAnalysisRes.analysisMetadata.push(analysisMetadata);
             await analysisMetadataCollector2?.(analysisMetadata);
+            dashboardAPI.registerDiagnosticsToAnalysisMetadata(analysisMetadataId, analysisMetadata).catch((err) => logger.debug("Failed to register diagnostics to analysis metadata:", err));
             return;
           }
           result.diagnostics.timings.totalTime = Date.now() - bucketStartTime;
           const finalAnalysisMetadata = { ...partialWithDiagnostics, finalResult: false };
           await analysisMetadataCollector2?.(finalAnalysisMetadata);
+          dashboardAPI.registerDiagnosticsToAnalysisMetadata(analysisMetadataId, finalAnalysisMetadata).catch((err) => logger.debug("Failed to register diagnostics to analysis metadata:", err));
         } else {
           result.type;
           await sendErrorAnalysisMetadata(result.message, !allowSplitInBuckets && isLastHeuristic(bucket.heuristic.name), !allowSplitInBuckets);
@@ -112625,6 +112813,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
         if (pushMetadata)
           bucketedAnalysisRes.analysisMetadata.push(analysisMetadataToSend);
         await analysisMetadataCollector2?.(analysisMetadataToSend);
+        dashboardAPI.registerDiagnosticsToAnalysisMetadata(analysisMetadataId, analysisMetadataToSend).catch((err) => logger.debug("Failed to register diagnostics to analysis metadata:", err));
       }
     }
   }
@@ -112775,7 +112964,10 @@ function findDuplicateVulnsInBuckets(bucketsFromLastAnalysis) {
 function transformVulnsToUrlToReachability(oldHeuristicAugmentedVulnerabilities) {
   return Object.fromEntries(oldHeuristicAugmentedVulnerabilities.map((v) => [
     v.url,
-    { reachability: getVulnReachability(v.results), terminatedEarly: v.results.type === "success" && v.results.terminatedEarly }
+    {
+      reachability: getVulnReachability(v.results),
+      terminatedEarly: v.results.type === "success" && v.results.terminatedEarly
+    }
   ]));
 }
 
@@ -112927,7 +113119,7 @@ var import_lodash19 = __toESM(require_lodash(), 1);
 var import_picomatch4 = __toESM(require_picomatch2(), 1);
 import { existsSync as existsSync13 } from "fs";
 import { rm as rm6 } from "fs/promises";
-import { resolve as resolve20 } from "path";
+import { relative as relative8, resolve as resolve20 } from "path";
 
 // ../web-compat-utils/src/pluralize.ts
 function pluralize(count, word) {
@@ -112941,6 +113133,8 @@ function pluralize(count, word) {
 
 // dist/analyzers/npm-analyzer.js
 var { partition: partition3, memoize: memoize2 } = import_lodash19.default;
+var SOCKET_MODE2 = process.env.SOCKET_MODE === "true";
+var dashboardAPI2 = new DashboardAPI(SOCKET_MODE2, process.env.DISABLE_ANALYTICS_SHARING === "true");
 var NpmAnalyzer = class {
   state;
   projectDir;
@@ -112973,12 +113167,36 @@ var NpmAnalyzer = class {
       await vulnerabilityScanner.prepareDependencies(this.state, heuristicsInOrder[0]);
       logger.info(`Running import reachability analysis for ${vulns.length} ${pluralize(vulns.length, "vulnerability")}`);
       let reachable;
+      const ghsaIds = extractGhsaIdsFromVulnUrls(vulns.map((v) => v.url));
+      const importAnalysisMetadataId = COANA_REPORT_ID ? await dashboardAPI2.createAnalysisMetadata(COANA_REPORT_ID, relative8(this.state.rootWorkingDir, this.state.subprojectDir) || ".", this.state.workspacePath, "NPM", ghsaIds, heuristics.IMPORT_REACHABILITY.name) : void 0;
+      if (COANA_REPORT_ID && !importAnalysisMetadataId) {
+        logger.debug("Failed to create analysis metadata for import analysis");
+      }
+      const importAnalysisStartTime = Date.now();
       try {
         statusUpdater?.("Running import reachability analysis");
         logger.debug("Starting jelly import reachability analysis");
-        reachable = await runJellyImportReachabilityAnalysis(this.state.rootWorkingDir, this.projectDir, vulns, this.state.reachabilityAnalysisOptions);
+        reachable = await runJellyImportReachabilityAnalysis(this.state.rootWorkingDir, this.projectDir, vulns, this.state.reachabilityAnalysisOptions, createTelemetryHandler(dashboardAPI2, importAnalysisMetadataId));
+        dashboardAPI2.registerDiagnosticsToAnalysisMetadata(importAnalysisMetadataId, {
+          analysisDiagnostics: {
+            timeout: false,
+            aborted: false,
+            timings: { totalTime: Date.now() - importAnalysisStartTime }
+          },
+          finalResult: true
+        }).catch((err) => logger.debug("Failed to register diagnostics to analysis metadata:", err));
       } catch (e) {
         logger.debug("Error while running jelly import reachability analysis:", e);
+        dashboardAPI2.registerDiagnosticsToAnalysisMetadata(importAnalysisMetadataId, {
+          analysisDiagnostics: {
+            timeout: false,
+            aborted: true,
+            timings: { totalTime: Date.now() - importAnalysisStartTime }
+          },
+          errorMessage: e instanceof Error ? `${e.message}
+${e.stack}` : String(e),
+          finalResult: true
+        }).catch((err) => logger.debug("Failed to register diagnostics to analysis metadata:", err));
       }
       let [unreachableVulns, otherVulns] = [[], vulns];
       logger.debug(`Reachable modules from import reachability analysis: ${reachable?.modules.length}`);
@@ -113148,7 +113366,7 @@ import { resolve as resolve21 } from "path";
 var import_lodash20 = __toESM(require_lodash(), 1);
 import { createWriteStream as createWriteStream4, existsSync as existsSync14 } from "fs";
 import { mkdir as mkdir9, readdir as readdir5, readFile as readFile12, rm as rm7 } from "fs/promises";
-import { join as join17, relative as relative8 } from "path";
+import { join as join17, relative as relative9 } from "path";
 import { pipeline as pipeline3 } from "stream/promises";
 var PRINT_ANALYSIS_COMMAND = false;
 var { uniqBy: uniqBy2, sortedUniq: sortedUniq2 } = import_lodash20.default;
@@ -113195,7 +113413,7 @@ var RubyCodeAwareVulnerabilityScanner = class {
     this.vendorDirWasCreated = true;
     logger.info("Done setting up vendor directory");
   }
-  async runAnalysis(vulns, heuristic, timeoutInSeconds, _experiment) {
+  async runAnalysis(vulns, heuristic, timeoutInSeconds, _experiment, telemetryHandler) {
     return await withTmpDirectory("ruby-analyzer-output", async (tmpDir) => {
       if (!this.vendorDir)
         throw new Error("Assertion error: The vendor directory is not correctly initialized");
@@ -113236,10 +113454,11 @@ var RubyCodeAwareVulnerabilityScanner = class {
         await exec2(cmd, this.projectDir, {
           timeout: (timeoutInSeconds * 1.5 + 10) * 1e3,
           killSignal: "SIGKILL",
-          heartbeat: HEARTBEATS.ruby
+          heartbeat: HEARTBEATS.ruby,
+          telemetryHandler
         });
         const result = JSON.parse(await readFile12(vulnsOutputFile, "utf-8"));
-        const relativeLoadPathsToPackageNames = new Map([...loadPathsToPackageNames.entries()].map(([k, v]) => [join17("vendor", relative8(this.vendorDir, k)), v]));
+        const relativeLoadPathsToPackageNames = new Map([...loadPathsToPackageNames.entries()].map(([k, v]) => [join17("vendor", relative9(this.vendorDir, k)), v]));
         const { timedOut, ...diagnostics } = JSON.parse(await readFile12(diagnosticsOutputFile, "utf-8"));
         const reachedPackages = JSON.parse(await readFile12(reachedPackagesOutputFile, "utf-8"));
         logger.debug("Reached packages: %O", reachedPackages);
@@ -113338,9 +113557,9 @@ async function downloadAndExtractGem(gemName, version3, vendorDir) {
     return;
   }
   const tempGemFile = join17(vendorDir, `${gemName}-${version3}.gem`);
-  const downloadAndExtract = async (platform6) => {
+  const downloadAndExtract = async (platform7) => {
     logger.debug(`Downloading gem ${gemName}@${version3}`);
-    const response = await fetch(`https://rubygems.org/gems/${gemName}-${version3}${platform6 ? `-${platform6}` : ""}.gem`);
+    const response = await fetch(`https://rubygems.org/gems/${gemName}-${version3}${platform7 ? `-${platform7}` : ""}.gem`);
     if (!response.ok)
       throw new Error(`Failed to download gem: ${response.statusText}`);
     if (!response.body)
@@ -113360,10 +113579,10 @@ async function downloadAndExtractGem(gemName, version3, vendorDir) {
     await downloadAndExtract(void 0);
   } catch (e) {
     try {
-      const platform6 = await axios_default.get(`https://gem.coop/api/v1/versions/${gemName}.json`).then((res) => {
+      const platform7 = await axios_default.get(`https://gem.coop/api/v1/versions/${gemName}.json`).then((res) => {
         return res.data.find((v) => v.number === version3)?.platform;
       });
-      await downloadAndExtract(platform6);
+      await downloadAndExtract(platform7);
     } catch (e2) {
       await rm7(gemDir, { recursive: true, force: true });
       await rm7(tempGemFile, { force: true });
@@ -113518,18 +113737,18 @@ var ecosystemAnalyzer = {
   RUBYGEMS: RubyGemsAnalyzer
 };
 var apiKey2 = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
-var dashboardAPI2 = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
+var dashboardAPI3 = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
 async function runReachabilityAnalysis(state) {
   const projectDir = resolve22(state.subprojectDir, state.workspacePath);
   const ecosystem = state.workspaceData.data.type;
-  logger.info(`Preparing to run reachability analysis for project at "${relative9(state.rootWorkingDir, projectDir) || "."}" (${ecosystem})`);
+  logger.info(`Preparing to run reachability analysis for project at "${relative10(state.rootWorkingDir, projectDir) || "."}" (${ecosystem})`);
   const constructor = ecosystemAnalyzer[ecosystem];
   if (!constructor)
     throw Error(`No analyzer associated with ecosystem ${ecosystem}`);
   const analyzer = new constructor(state, projectDir);
   const [vulnerabilitiesWithPrecomputedResults, vulnerabilitiesWithoutPrecomputedResults] = partition4(state.vulnerabilities, (v) => "results" in v);
   const augmentedVulnerabilities = await runWholeProgramCodeAwareVulnerabilityScanner(analyzer, vulnerabilitiesWithoutPrecomputedResults, async (amd) => {
-    await dashboardAPI2.registerAnalysisMetadata(relative9(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, state.workspaceData.data.type, amd, COANA_REPORT_ID, apiKey2);
+    await dashboardAPI3.registerAnalysisMetadata(relative10(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, state.workspaceData.data.type, amd, COANA_REPORT_ID, apiKey2);
   });
   const diagnostics = await analyzer.getWorkspaceDiagnostics();
   return {