@devicecloud.dev/dcd 4.4.8 → 5.0.0-beta.0

package/dist/services/report-download.service.js

@@ -13,12 +13,12 @@ class ReportDownloadService {
      * @returns Promise that resolves when download is complete
      */
     async downloadArtifacts(options) {
-        const { apiUrl, apiKey, uploadId, downloadType, artifactsPath = './artifacts.zip', debug = false, logger, warnLogger, } = options;
+        const { apiUrl, auth, uploadId, downloadType, artifactsPath = './artifacts.zip', debug = false, logger, warnLogger, } = options;
         try {
             if (debug && logger) {
                 logger(`[DEBUG] Downloading artifacts: ${downloadType}`);
             }
-            await api_gateway_1.ApiGateway.downloadArtifactsZip(apiUrl, apiKey, uploadId, downloadType, artifactsPath);
+            await api_gateway_1.ApiGateway.downloadArtifactsZip(apiUrl, auth, uploadId, downloadType, artifactsPath);
             if (logger) {
                 logger('\n');
                 logger(`Test artifacts have been downloaded to ${artifactsPath}`);
@@ -28,9 +28,7 @@ class ReportDownloadService {
             if (debug && logger) {
                 logger(`[DEBUG] Error downloading artifacts: ${error}`);
             }
-            if (warnLogger) {
-                warnLogger('Failed to download artifacts');
-            }
+            this.warnDownloadFailure(warnLogger, 'artifacts', 'No artifacts found for this upload. Make sure your tests generated results.', error);
         }
     }
     /**
@@ -81,12 +79,12 @@ class ReportDownloadService {
      * @returns Promise that resolves when download is complete
      */
     async downloadReport(type, filePath, options) {
-        const { apiUrl, apiKey, uploadId, debug = false, logger, warnLogger } = options;
+        const { apiUrl, auth, uploadId, debug = false, logger, warnLogger } = options;
         try {
             if (debug && logger) {
                 logger(`[DEBUG] Downloading ${type.toUpperCase()} report`);
             }
-            await api_gateway_1.ApiGateway.downloadReportGeneric(apiUrl, apiKey, uploadId, type, filePath);
+            await api_gateway_1.ApiGateway.downloadReportGeneric(apiUrl, auth, uploadId, type, filePath);
             if (logger) {
                 logger(`${type.toUpperCase()} test report has been downloaded to ${filePath}`);
             }
@@ -95,19 +93,32 @@ class ReportDownloadService {
             if (debug && logger) {
                 logger(`[DEBUG] Error downloading ${type.toUpperCase()} report: ${error}`);
             }
-            const errorMessage = error instanceof Error ? error.message : String(error);
-            if (warnLogger) {
-                warnLogger(`Failed to download ${type.toUpperCase()} report: ${errorMessage}`);
-                if (errorMessage.includes('404')) {
-                    warnLogger(`No ${type.toUpperCase()} reports found for this upload. Make sure your tests generated results.`);
-                }
-                else if (errorMessage.includes('EACCES') || errorMessage.includes('EPERM')) {
-                    warnLogger('Permission denied. Check write permissions for the current directory.');
-                }
-                else if (errorMessage.includes('ENOENT')) {
-                    warnLogger('Directory does not exist. Make sure you have write access to the current directory.');
-                }
-            }
+            this.warnDownloadFailure(warnLogger, `${type.toUpperCase()} report`, `No ${type.toUpperCase()} reports found for this upload. Make sure your tests generated results.`, error);
+        }
+    }
+    /**
+     * Warn about a failed download with the underlying cause plus hints for
+     * common error classes (missing results, permissions, bad paths)
+     * @param warnLogger Warning logger, if configured
+     * @param subject What was being downloaded, e.g. 'artifacts' or 'JUNIT report'
+     * @param notFoundHint Message to show when the error looks like a 404
+     * @param error The error that occurred
+     * @returns void
+     */
+    warnDownloadFailure(warnLogger, subject, notFoundHint, error) {
+        if (!warnLogger) {
+            return;
+        }
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        warnLogger(`Failed to download ${subject}: ${errorMessage}`);
+        if (errorMessage.includes('404')) {
+            warnLogger(notFoundHint);
+        }
+        else if (errorMessage.includes('EACCES') || errorMessage.includes('EPERM')) {
+            warnLogger('Permission denied. Check write permissions for the current directory.');
+        }
+        else if (errorMessage.includes('ENOENT')) {
+            warnLogger('Directory does not exist. Make sure you have write access to the current directory.');
         }
     }
 }

package/dist/services/results-polling.service.d.ts

@@ -1,5 +1,4 @@
-import { paths } from '../types/generated/schema.types';
-type TestResult = paths['/results/{uploadId}']['get']['responses']['200']['content']['application/json']['results'][number];
+import type { AuthContext } from '../types/domain/auth.types';
 /**
  * Custom error for run failures that includes the polling result
  */
@@ -8,7 +7,7 @@ export declare class RunFailedError extends Error {
     constructor(result: PollingResult);
 }
 export interface PollingOptions {
-    apiKey: string;
+    auth: AuthContext;
     apiUrl: string;
     consoleUrl: string;
     debug?: boolean;
@@ -48,21 +47,22 @@ export interface PollingResult {
 export declare class ResultsPollingService {
     private readonly MAX_SEQUENTIAL_FAILURES;
     private readonly POLL_INTERVAL_MS;
+    private readonly MAX_ERROR_BACKOFF_MS;
     /**
      * Poll for test results until all tests complete
-     * @param results Initial test results from submission
      * @param options Polling configuration
      * @param testMetadata Optional metadata map for each test (flowName, tags)
      * @returns Promise that resolves with final test results or rejects if tests fail
      */
-    pollUntilComplete(results: TestResult[], options: PollingOptions, testMetadata?: Record<string, TestMetadata>): Promise<PollingResult>;
+    pollUntilComplete(options: PollingOptions, testMetadata?: Record<string, TestMetadata>): Promise<PollingResult>;
+    private pollLoop;
     private buildPollingResult;
     private calculateStatusSummary;
     private displayFinalResults;
     /**
      * Fetch results from API and log debug information
      * @param apiUrl API base URL
-     * @param apiKey API authentication key
+     * @param auth AuthContext carrying request headers
      * @param uploadId Upload ID to fetch results for
      * @param debug Whether debug logging is enabled
      * @param logger Optional logger function
@@ -93,4 +93,3 @@ export declare class ResultsPollingService {
     private sleep;
     private updateDisplayStatus;
 }
-export {};

package/dist/services/results-polling.service.js

@@ -1,12 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ResultsPollingService = exports.RunFailedError = void 0;
-const core_1 = require("@oclif/core");
-const cli_ux_1 = require("@oclif/core/lib/cli-ux");
 const path = require("node:path");
 const api_gateway_1 = require("../gateways/api-gateway");
 const methods_1 = require("../methods");
 const connectivity_1 = require("../utils/connectivity");
+const progress_1 = require("../utils/progress");
 const styling_1 = require("../utils/styling");
 /**
  * Custom error for run failures that includes the polling result
@@ -24,17 +23,36 @@ exports.RunFailedError = RunFailedError;
  * Service for polling test results from the API
  */
 class ResultsPollingService {
-    MAX_SEQUENTIAL_FAILURES = 10;
+    // The run keeps executing in the cloud regardless of whether the CLI can
+    // poll, so tolerate a long stretch of transient API/network blips (~5 min at
+    // the 10s base interval) before giving up. Losing a run to a brief hiccup is
+    // far more costly than waiting a bit longer.
+    MAX_SEQUENTIAL_FAILURES = 30;
     POLL_INTERVAL_MS = 10_000;
+    // Cap for the backoff applied between failed polls.
+    MAX_ERROR_BACKOFF_MS = 30_000;
     /**
      * Poll for test results until all tests complete
-     * @param results Initial test results from submission
      * @param options Polling configuration
      * @param testMetadata Optional metadata map for each test (flowName, tags)
      * @returns Promise that resolves with final test results or rejects if tests fail
      */
-    async pollUntilComplete(results, options, testMetadata) {
-        const { apiUrl, apiKey, uploadId, consoleUrl, quiet = false, json = false, debug = false, logger } = options;
+    async pollUntilComplete(options, testMetadata) {
+        try {
+            return await this.pollLoop(options, testMetadata);
+        }
+        catch (error) {
+            // RunFailedError is a completed run — the spinner was already stopped by
+            // displayFinalResults. Anything else aborts mid-poll with the spinner
+            // still live, which would corrupt the terminal under the error output.
+            if (!options.json && !(error instanceof RunFailedError)) {
+                progress_1.ux.action.stop(styling_1.colors.error('failed'));
+            }
+            throw error;
+        }
+    }
+    async pollLoop(options, testMetadata) {
+        const { apiUrl, auth, uploadId, consoleUrl, quiet = false, json = false, debug = false, logger } = options;
         this.initializePollingDisplay(json, logger);
         let sequentialPollFailures = 0;
         let previousSummary = '';
@@ -45,7 +63,7 @@ class ResultsPollingService {
         // eslint-disable-next-line no-constant-condition
         while (true) {
             try {
-                const updatedResults = await this.fetchAndLogResults(apiUrl, apiKey, uploadId, debug, logger);
+                const updatedResults = await this.fetchAndLogResults(apiUrl, auth, uploadId, debug, logger);
                 const { summary } = this.calculateStatusSummary(updatedResults);
                 previousSummary = this.updateDisplayStatus(updatedResults, quiet, json, summary, previousSummary);
                 const allComplete = updatedResults.every((result) => !['PENDING', 'QUEUED', 'RUNNING'].includes(result.status));
@@ -71,9 +89,10 @@ class ResultsPollingService {
                 }
                 sequentialPollFailures++;
                 // Handle polling errors (network issues, etc.)
-                await this.handlePollingError(error, sequentialPollFailures, debug, logger);
-                // Wait before retrying after an error
-                await this.sleep(this.POLL_INTERVAL_MS);
+                await this.handlePollingError(error, sequentialPollFailures, debug, logger, uploadId);
+                // Back off (capped) before retrying so a flaky API gets some breathing
+                // room instead of being hammered every 10s.
+                await this.sleep(Math.min(this.POLL_INTERVAL_MS * sequentialPollFailures, this.MAX_ERROR_BACKOFF_MS));
             }
         }
     }
@@ -81,11 +100,13 @@ class ResultsPollingService {
         const resultsWithoutEarlierTries = this.filterLatestResults(results);
         return {
             consoleUrl,
-            status: resultsWithoutEarlierTries.some((result) => result.status === 'FAILED')
-                ? 'FAILED'
-                : 'PASSED',
+            // Anything other than an explicit pass (CANCELLED, ERROR, a status we
+            // don't know about yet) must fail the run — this gates CI exit codes.
+            status: resultsWithoutEarlierTries.every((result) => result.status === 'PASSED')
+                ? 'PASSED'
+                : 'FAILED',
             tests: resultsWithoutEarlierTries.map((r) => ({
-                durationSeconds: r.duration_seconds,
+                durationSeconds: r.duration_seconds ?? null,
                 failReason: r.status === 'FAILED' ? r.fail_reason || 'No reason provided' : undefined,
                 fileName: r.test_file_name,
                 flowName: testMetadata?.[r.test_file_name]?.flowName || path.parse(r.test_file_name).name,
@@ -123,12 +144,12 @@ class ResultsPollingService {
         if (json) {
             return;
         }
-        core_1.ux.action.stop(styling_1.colors.success('completed'));
+        progress_1.ux.action.stop(styling_1.colors.success('completed'));
         if (logger) {
             logger('\n');
         }
         const hasFailedTests = results.some((result) => result.status === 'FAILED');
-        (0, cli_ux_1.table)(results, {
+        (0, styling_1.table)(results, {
             duration: {
                 get(row) {
                     return row.duration_seconds
@@ -189,18 +210,19 @@ class ResultsPollingService {
     /**
      * Fetch results from API and log debug information
      * @param apiUrl API base URL
-     * @param apiKey API authentication key
+     * @param auth AuthContext carrying request headers
      * @param uploadId Upload ID to fetch results for
      * @param debug Whether debug logging is enabled
      * @param logger Optional logger function
      * @returns Promise resolving to test results
      */
-    async fetchAndLogResults(apiUrl, apiKey, uploadId, debug, logger) {
+    async fetchAndLogResults(apiUrl, auth, uploadId, debug, logger) {
         if (debug && logger) {
             logger(`[DEBUG] Polling for results: ${uploadId}`);
         }
-        const { results: updatedResults } = await api_gateway_1.ApiGateway.getResultsForUpload(apiUrl, apiKey, uploadId);
-        if (!updatedResults) {
+        const { results: updatedResults } = await api_gateway_1.ApiGateway.getResultsForUpload(apiUrl, auth, uploadId);
+        // An empty array would otherwise read as "all complete, all passed".
+        if (!updatedResults || updatedResults.length === 0) {
             throw new Error('no results');
         }
         if (debug && logger) {
@@ -212,11 +234,31 @@ class ResultsPollingService {
         return updatedResults;
     }
     filterLatestResults(results) {
-        return results.filter((result) => {
-            const originalTryId = result.retry_of || result.id;
-            const tries = results.filter((r) => r.retry_of === originalTryId || r.id === originalTryId);
-            return result.id === Math.max(...tries.map((t) => t.id));
-        });
+        // Resolve each row to the root of its retry chain (a retry's `retry_of`
+        // may point at the previous retry rather than the original attempt), then
+        // keep only the newest row per root.
+        const byId = new Map(results.map((result) => [result.id, result]));
+        const rootIdOf = (result) => {
+            let current = result;
+            const seen = new Set([current.id]);
+            while (current.retry_of) {
+                const parent = byId.get(current.retry_of);
+                if (!parent || seen.has(parent.id))
+                    return current.retry_of;
+                seen.add(parent.id);
+                current = parent;
+            }
+            return current.id;
+        };
+        const latestByRoot = new Map();
+        for (const result of results) {
+            const rootId = rootIdOf(result);
+            const existing = latestByRoot.get(rootId);
+            if (!existing || result.id > existing.id) {
+                latestByRoot.set(rootId, result);
+            }
+        }
+        return results.filter((result) => latestByRoot.get(rootIdOf(result)) === result);
     }
     /**
      * Handle completed tests and return final result
@@ -242,12 +284,17 @@ class ResultsPollingService {
         }
         return output;
     }
-    async handlePollingError(error, sequentialPollFailures, debug, logger) {
+    async handlePollingError(error, sequentialPollFailures, debug, logger, uploadId) {
+        // The run is unaffected by our inability to poll — always point the user at
+        // how to reconnect to it rather than leaving them thinking it died.
+        const resumeHint = uploadId
+            ? `\n\nThe test is still running in the cloud. Reconnect with:\n  dcd status --upload-id ${uploadId}`
+            : '';
         if (debug && logger) {
             logger(`[DEBUG] Error polling for results: ${error}`);
             logger(`[DEBUG] Sequential poll failures: ${sequentialPollFailures}`);
         }
-        if (sequentialPollFailures > this.MAX_SEQUENTIAL_FAILURES) {
+        if (sequentialPollFailures >= this.MAX_SEQUENTIAL_FAILURES) {
             if (debug && logger) {
                 logger('[DEBUG] Checking internet connectivity...');
             }
@@ -267,9 +314,9 @@ class ResultsPollingService {
                 const endpointDetails = connectivityCheck.endpointResults
                     .map((r) => `  - ${r.endpoint}: ${r.error} (${r.latencyMs}ms)`)
                     .join('\n');
-                throw new Error(`Unable to fetch results after ${this.MAX_SEQUENTIAL_FAILURES} attempts.\n\nInternet connectivity check failed - all test endpoints unreachable:\n${endpointDetails}\n\nPlease verify your network connection and DNS resolution.`);
+                throw new Error(`Unable to fetch results after ${this.MAX_SEQUENTIAL_FAILURES} attempts.\n\nInternet connectivity check failed - all test endpoints unreachable:\n${endpointDetails}\n\nPlease verify your network connection and DNS resolution.${resumeHint}`);
             }
-            throw new Error(`unable to fetch results after ${this.MAX_SEQUENTIAL_FAILURES} attempts`);
+            throw new Error(`unable to fetch results after ${this.MAX_SEQUENTIAL_FAILURES} attempts${resumeHint}`);
         }
         if (logger) {
             logger('unable to fetch results, trying again...');
@@ -283,7 +330,7 @@ class ResultsPollingService {
      */
     initializePollingDisplay(json, logger) {
         if (!json) {
-            core_1.ux.action.start(styling_1.colors.bold('Waiting for results'), styling_1.colors.dim('Initializing'), {
+            progress_1.ux.action.start(styling_1.colors.bold('Waiting for results'), styling_1.colors.dim('Initializing'), {
                 stdout: true,
             });
             if (logger) {
@@ -307,12 +354,12 @@ class ResultsPollingService {
         }
         if (quiet) {
             if (summary !== previousSummary) {
-                core_1.ux.action.status = summary;
+                progress_1.ux.action.status = summary;
                 return summary;
             }
         }
         else {
-            core_1.ux.action.status = styling_1.colors.dim('\nStatus      Test\n─────────── ───────────────');
+            progress_1.ux.action.status = styling_1.colors.dim('\nStatus      Test\n─────────── ───────────────');
             for (const { retry_of: isRetry, status, test_file_name: test, } of results) {
                 const statusFormatted = status.toUpperCase() === 'PASSED'
                     ? styling_1.colors.success(status.padEnd(10, ' '))
@@ -324,7 +371,7 @@ class ResultsPollingService {
                                 ? styling_1.colors.dim(status.padEnd(10, ' '))
                                 : styling_1.colors.warning(status.padEnd(10, ' '));
                 const retryText = isRetry ? styling_1.colors.dim(' (retry)') : '';
-                core_1.ux.action.status += `\n${statusFormatted}  ${test}${retryText}`;
+                progress_1.ux.action.status += `\n${statusFormatted}  ${test}${retryText}`;
             }
         }
         return previousSummary;

package/dist/services/telemetry.service.d.ts

@@ -0,0 +1,40 @@
+import type { AuthContext } from '../types/domain/auth.types';
+export type TelemetryLevel = 'log' | 'info' | 'warn' | 'error';
+declare class Telemetry {
+    private buffer;
+    private config;
+    private command;
+    private sessionId;
+    private startedAt;
+    private readonly disabled;
+    private readonly release;
+    /**
+     * Called once per invocation by `resolveAuth` after the credential check
+     * succeeds. Before this is called, lifecycle events are buffered but cannot
+     * be sent. Commands that never reach `resolveAuth` (`--help`, `--version`,
+     * `dcd login` before sign-in completes) will skip telemetry entirely — by
+     * design, since those flows have no identity to attach.
+     */
+    configure(opts: {
+        auth: AuthContext;
+        apiUrl?: string;
+    }): void;
+    recordCommandStart(): void;
+    recordCommandSuccess(): void;
+    recordCommandFailure(opts: {
+        error: Error | string;
+        exitCode: number;
+    }): void;
+    private enqueue;
+    flush(): Promise<void>;
+    /**
+     * Synchronous flush via `curl`. Used right before `process.exit` (which
+     * bypasses `beforeExit`, so async `fetch` would be killed mid-flight).
+     * Node has no built-in sync HTTP and `curl` ships with macOS, Linux, and
+     * Windows ≥ 1803 — that's the supported surface for the CLI.
+     */
+    flushSync(): void;
+    private buildMeta;
+}
+export declare const telemetry: Telemetry;
+export {};

package/dist/services/telemetry.service.js

@@ -0,0 +1,230 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.telemetry = void 0;
+/**
+ * Ships CLI lifecycle + error events to Axiom via the API's `/cli/logs`
+ * proxy (forwards to `cli-dev` / `cli-prod`). The proxy authenticates with
+ * the same `auth.headers` every other gateway uses (`x-app-api-key` or
+ * `Authorization: Bearer ...` + `x-dcd-org`), so we never need the Axiom
+ * token client-side.
+ *
+ * Two flush paths:
+ * - `flush()` — async, used after `runMain` returns naturally
+ * - `flushSync()` — sync via `curl`, used inside `logger.error` right before
+ *   `process.exit` (no other way to send HTTP after exit is called)
+ *
+ * Opt out: `DCD_TELEMETRY_DISABLED=1` in the environment.
+ */
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+const cli_1 = require("../utils/cli");
+const DEFAULT_API_URL = 'https://api.devicecloud.dev';
+class Telemetry {
+    buffer = [];
+    config = null;
+    command = inferCommandFromArgv();
+    sessionId = (0, node_crypto_1.randomUUID)();
+    startedAt = Date.now();
+    disabled = !!process.env.DCD_TELEMETRY_DISABLED;
+    release = (0, cli_1.getCliVersion)();
+    /**
+     * Called once per invocation by `resolveAuth` after the credential check
+     * succeeds. Before this is called, lifecycle events are buffered but cannot
+     * be sent. Commands that never reach `resolveAuth` (`--help`, `--version`,
+     * `dcd login` before sign-in completes) will skip telemetry entirely — by
+     * design, since those flows have no identity to attach.
+     */
+    configure(opts) {
+        if (this.disabled)
+            return;
+        this.config = {
+            apiUrl: opts.apiUrl ?? inferApiUrlFromArgv(),
+            auth: opts.auth,
+            command: this.command,
+        };
+    }
+    recordCommandStart() {
+        this.startedAt = Date.now();
+        this.enqueue('info', 'cli.lifecycle', 'command started', {
+            argv: scrubArgv(process.argv.slice(2)),
+        });
+    }
+    recordCommandSuccess() {
+        this.enqueue('info', 'cli.lifecycle', 'command completed', {
+            duration_ms: Date.now() - this.startedAt,
+            exit_code: 0,
+        });
+    }
+    recordCommandFailure(opts) {
+        const message = opts.error instanceof Error ? opts.error.message : String(opts.error);
+        this.enqueue('error', 'cli.lifecycle', 'command failed', {
+            duration_ms: Date.now() - this.startedAt,
+            exit_code: opts.exitCode,
+            error_message: message,
+            error_name: opts.error instanceof Error ? opts.error.name : 'CliError',
+            error_stack: opts.error instanceof Error ? opts.error.stack : undefined,
+        });
+    }
+    enqueue(level, context, message, extra) {
+        if (this.disabled)
+            return;
+        this.buffer.push({
+            timestamp: new Date().toISOString(),
+            level,
+            context,
+            message,
+            extra,
+        });
+    }
+    async flush() {
+        if (this.disabled || !this.config || this.buffer.length === 0)
+            return;
+        const events = this.buffer.splice(0, this.buffer.length);
+        const body = JSON.stringify({ events, meta: this.buildMeta() });
+        try {
+            await fetch(`${this.config.apiUrl}/cli/logs`, {
+                method: 'POST',
+                headers: {
+                    'content-type': 'application/json',
+                    ...this.config.auth.headers,
+                },
+                body,
+            });
+        }
+        catch {
+            // Telemetry failures must never surface — silently drop.
+        }
+    }
+    /**
+     * Synchronous flush via `curl`. Used right before `process.exit` (which
+     * bypasses `beforeExit`, so async `fetch` would be killed mid-flight).
+     * Node has no built-in sync HTTP and `curl` ships with macOS, Linux, and
+     * Windows ≥ 1803 — that's the supported surface for the CLI.
+     */
+    flushSync() {
+        if (this.disabled || !this.config || this.buffer.length === 0)
+            return;
+        const events = this.buffer.splice(0, this.buffer.length);
+        const body = JSON.stringify({ events, meta: this.buildMeta() });
+        // Headers carry the API key / Bearer token, so they must not appear in
+        // curl's argv (world-readable via ps//proc while curl runs). They go in a
+        // 0600 config file inside a fresh 0700 temp dir instead; stdin carries the
+        // body, so it can't double as the config channel.
+        let configDir;
+        try {
+            configDir = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'dcd-telemetry-'));
+            const configPath = (0, node_path_1.join)(configDir, 'curl.cfg');
+            const headerLines = ['header = "content-type: application/json"'];
+            for (const [k, v] of Object.entries(this.config.auth.headers)) {
+                headerLines.push(`header = "${k}: ${v}"`);
+            }
+            (0, node_fs_1.writeFileSync)(configPath, headerLines.join('\n'), { mode: 0o600 });
+            (0, node_child_process_1.execFileSync)('curl', [
+                '-sS',
+                '-m',
+                '3',
+                '-X',
+                'POST',
+                '-K',
+                configPath,
+                '--data-binary',
+                '@-',
+                `${this.config.apiUrl}/cli/logs`,
+            ], { input: body, stdio: ['pipe', 'ignore', 'ignore'] });
+        }
+        catch {
+            // Telemetry failures must never surface — silently drop.
+        }
+        finally {
+            if (configDir)
+                (0, node_fs_1.rmSync)(configDir, { recursive: true, force: true });
+        }
+    }
+    buildMeta() {
+        if (!this.config) {
+            throw new Error('telemetry not configured');
+        }
+        return {
+            release: this.release,
+            command: this.command,
+            sessionId: this.sessionId,
+            authMode: this.config.auth.mode,
+            installMethod: (0, cli_1.getInstallMethod)(),
+            nodeVersion: process.versions.node,
+            platform: process.platform,
+            arch: process.arch,
+            userEmail: this.config.auth.userEmail,
+            orgId: this.config.auth.orgId,
+        };
+    }
+}
+// Flags whose values are credential material (API keys, signed URLs) or
+// user-provided env pairs that routinely carry test-account secrets. Their
+// values must never reach the telemetry backend.
+const SENSITIVE_FLAG_NAMES = new Set([
+    '--api-key',
+    '--apiKey',
+    '--moropo-v1-api-key',
+    '--app-url',
+    '--appUrl',
+    '-e',
+    '--env',
+]);
+function scrubArgv(args) {
+    const scrubbed = [];
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        const eqIndex = arg.indexOf('=');
+        const flagName = eqIndex === -1 ? arg : arg.slice(0, eqIndex);
+        if (arg.startsWith('-') && SENSITIVE_FLAG_NAMES.has(flagName)) {
+            if (eqIndex === -1) {
+                scrubbed.push(arg);
+                if (i + 1 < args.length) {
+                    scrubbed.push('<redacted>');
+                    i++;
+                }
+            }
+            else {
+                scrubbed.push(`${flagName}=<redacted>`);
+            }
+        }
+        else {
+            scrubbed.push(arg);
+        }
+    }
+    return scrubbed;
+}
+// argv layout: node|tsx, script, command, ...flags. The first non-flag after
+// the script is the subcommand. Falls back to 'help' for `--help`/`--version`
+// invocations and to 'unknown' if we can't decide.
+function inferCommandFromArgv() {
+    const args = process.argv.slice(2);
+    for (const arg of args) {
+        if (arg.startsWith('-'))
+            continue;
+        return arg;
+    }
+    if (args.some((a) => a === '--help' || a === '-h'))
+        return 'help';
+    if (args.some((a) => a === '--version' || a === '-v'))
+        return 'version';
+    return 'unknown';
+}
+const API_URL_FLAGS = ['--api-url', '--apiURL', '--apiUrl'];
+function inferApiUrlFromArgv() {
+    const args = process.argv.slice(2);
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        for (const flag of API_URL_FLAGS) {
+            if (arg === flag && args[i + 1])
+                return args[i + 1];
+            if (arg.startsWith(`${flag}=`))
+                return arg.slice(flag.length + 1);
+        }
+    }
+    return DEFAULT_API_URL;
+}
+exports.telemetry = new Telemetry();

package/dist/services/test-submission.service.js

@@ -4,6 +4,7 @@ exports.TestSubmissionService = void 0;
 const node_crypto_1 = require("node:crypto");
 const path = require("node:path");
 const methods_1 = require("../methods");
+const paths_1 = require("../utils/paths");
 const mimeTypeLookupByExtension = {
     zip: 'application/zip',
 };
@@ -116,7 +117,7 @@ class TestSubmissionService {
         }
     }
     normalizeFilePath(filePath, commonRoot) {
-        return filePath.replaceAll(commonRoot, '.').split(path.sep).join('/');
+        return (0, paths_1.toPortableRelativePath)(filePath, commonRoot);
     }
     normalizePathMap(map, commonRoot) {
         return Object.fromEntries(Object.entries(map).map(([key, value]) => [