@dexcost/sdk 0.2.0

package/dist/adapters/http.js

@@ -0,0 +1,769 @@
+/**
+ * HTTP fetch adapter — automatic cost tracking for globalThis.fetch.
+ *
+ * Patches `globalThis.fetch` to intercept HTTP calls and auto-record
+ * `external_cost` events using the service catalog for cost extraction,
+ * with user-registered domain rates taking precedence.
+ *
+ * V2: integrates service catalog, session auto-grouping, and response
+ * body/header cost extraction.
+ *
+ * Implements US-035 (TypeScript counterpart to the Python HTTP adapter).
+ */
+import { randomUUID } from "node:crypto";
+import { createRequire } from "node:module";
+import { getCurrentTask, isNetworkEventSuppressed } from "../core/context.js";
+import { classifyDestination, measureBytesFromHeaders, } from "./_netbytes.js";
+import { getAccountant, } from "./network-accountant.js";
+import { createCostEvent, } from "../core/models.js";
+import { createAutoTask } from "../core/auto-task.js";
+import { ServiceCatalog } from "../pricing/service-catalog.js";
+import { SessionManager } from "../core/session.js";
+import { scrubUrl } from "../security/redaction.js";
+// ---------------------------------------------------------------------------
+// Module-level state
+// ---------------------------------------------------------------------------
+/** Map of domain → { costUsd, per } registered rates (user overrides). */
+const _domainRates = new Map();
+/** Events recorded by the adapter.
+ *
+ * Sprint 4 §5.2 (A3) — hard FIFO cap matching Python (commit c1d87a7).
+ * Pre-fix this array grew unbounded across the process lifetime,
+ * leaking memory on long-running services with many HTTP-tracked
+ * tasks. Capped at 10 000 entries; oldest 10% dropped in one batch
+ * when over to avoid O(n) `shift()` per recording.
+ */
+const _RECORDED_EVENTS_CAP = 10_000;
+const _recordedEvents = [];
+function _pushRecordedEvent(event) {
+    _recordedEvents.push(event);
+    if (_recordedEvents.length > _RECORDED_EVENTS_CAP) {
+        _recordedEvents.splice(0, _RECORDED_EVENTS_CAP / 10);
+    }
+}
+/**
+ * Combined request + response bytes above which an un-cataloged call
+ * emits a `network` event. Mirrors python config
+ * `network_event_threshold_bytes = 102_400` (100 KiB).
+ */
+const NETWORK_EVENT_THRESHOLD_BYTES = 102_400;
+/** Original fetch reference before patching. */
+let _originalFetch = null;
+/** Whether fetch is currently patched. */
+let _patched = false;
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/** Original `http.request` / `https.request` references before patching. */
+let _originalHttpRequest = null;
+let _originalHttpsRequest = null;
+let _originalHttpGet = null;
+let _originalHttpsGet = null;
+/* eslint-enable @typescript-eslint/no-explicit-any */
+/** Lazily-loaded service catalog. */
+let _catalog = null;
+/** Session manager for auto-grouping. */
+let _sessionManager = null;
+/** Event buffer reference (set via trackHttp). */
+let _buffer = null;
+/** Max response body size to parse (1 MB). */
+const MAX_BODY_SIZE = 1_048_576;
+// ---------------------------------------------------------------------------
+// Domain rate registration
+// ---------------------------------------------------------------------------
+/**
+ * Register a cost rate for HTTP calls to the given domain.
+ *
+ * User-registered rates take precedence over catalog entries.
+ *
+ * @param domain  Hostname to match, e.g. `"api.example.com"` (no port).
+ * @param costUsd Cost per call in USD.
+ * @param per     Unit label (default `"request"`).
+ */
+export function registerDomainRate(domain, costUsd, per = "request") {
+    _domainRates.set(domain, { costUsd, per });
+}
+/**
+ * Return a snapshot of all registered domain rates.
+ */
+export function getDomainRates() {
+    const result = {};
+    for (const [domain, rate] of _domainRates.entries()) {
+        result[domain] = { ...rate };
+    }
+    return result;
+}
+/**
+ * Remove all registered domain rates.
+ */
+export function clearDomainRates() {
+    _domainRates.clear();
+}
+// ---------------------------------------------------------------------------
+// Fetch patching
+// ---------------------------------------------------------------------------
+/**
+ * Patch `globalThis.fetch` to intercept HTTP calls and auto-record
+ * `external_cost` events.
+ *
+ * Loads the service catalog on first call. If an EventBuffer is provided,
+ * events are also persisted and session auto-grouping is enabled.
+ *
+ * Idempotent — calling multiple times without `untrackHttp()` in between is
+ * safe; the second call is a no-op.
+ */
+/**
+ * Symbol used to tag dexcost's wrapped fetch. Sprint 3 Theme E / §4.2.1.
+ * `Symbol.for(...)` returns the same symbol across realms / module
+ * instances, so two copies of the dexcost SDK (e.g. in a Yarn PnP
+ * setup where multiple versions are deduped poorly) will recognise
+ * each other's patches and refuse to double-wrap.
+ *
+ * Detect another patcher (Sentry, OpenTelemetry, Datadog) by reading
+ * their own marker properties; if found, store both pointers and
+ * chain through them so neither tool's interception is lost.
+ */
+const DEXCOST_PATCHED = Symbol.for("dexcost.patched");
+export function trackHttp(buffer) {
+    if (_patched)
+        return;
+    // §4.2.1: refuse to wrap an already-dexcost-wrapped fetch.
+    const current = globalThis.fetch;
+    if (current && current[DEXCOST_PATCHED] === true) {
+        // Already patched — likely a duplicate SDK install. No-op + warn.
+        console.warn("dexcost: globalThis.fetch is already wrapped by dexcost. " +
+            "trackHttp() called twice (or two SDK copies). Skipping.");
+        _patched = true;
+        return;
+    }
+    _originalFetch = globalThis.fetch;
+    _patched = true;
+    // Lazily initialise the service catalog
+    if (_catalog === null) {
+        try {
+            _catalog = new ServiceCatalog();
+        }
+        catch {
+            // If catalog fails to load, continue without it
+            _catalog = null;
+        }
+    }
+    if (buffer) {
+        _buffer = buffer;
+        _sessionManager = new SessionManager();
+    }
+    // Replace globalThis.fetch with wrapper
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    globalThis.fetch = async function wrappedFetch(input, init) {
+        // ── v1 byte measurement — request side (known before fetch) ─────────
+        // Scrub once at extraction so every downstream use (events, hostname
+        // parse, placeholder equality-lookup at the streamed-body re-type
+        // site) sees the same safe value. Critical for B11: re-type at
+        // _finaliseHttpCall must match on the same string that was stored.
+        const urlStr = scrubUrl(_resolveUrlStr(input));
+        const method = _resolveMethod(input, init);
+        const requestHeaders = _resolveRequestHeaders(input, init);
+        const requestBodyLen = _resolveRequestBodyLen(input, init);
+        const requestBytes = measureBytesFromHeaders(method, urlStr, requestHeaders, requestBodyLen);
+        const response = await _originalFetch(input, init);
+        // ── v1 destination classification + byte details ─────────────────────
+        let hostname = "";
+        let protocol = "https";
+        try {
+            const parsed = new URL(urlStr);
+            hostname = parsed.hostname;
+            protocol = (parsed.protocol || "https:").replace(":", "") || "https";
+        }
+        catch {
+            // Unparseable URL — fall through with empty host; classifyDestination
+            // returns null for empty input.
+        }
+        const isInternal = classifyDestination(hostname);
+        const suppressed = isNetworkEventSuppressed();
+        // Resolve accountant from registry via the active task. The task's id
+        // is looked up via the existing context — see _resolveHttpTask below.
+        // Direct reference here would create a cycle; lookup is done inside
+        // the byte-recording callback when the task_id is known.
+        const callContext = {
+            urlStr,
+            method,
+            hostname,
+            protocol,
+            requestBytes,
+            isInternal,
+            suppressed,
+            responseHeaderBytes: _measureResponseHeaderBytes(response),
+        };
+        // Wrap the response body in a TransformStream that counts bytes as
+        // they flow through to the caller, then records into the accountant
+        // + (for un-cataloged calls) emits a `network` event at stream end.
+        // For zero-body responses (HEAD, 204) we fall back to immediate
+        // finalisation.
+        const wrappedResponse = _wrapResponseForByteCounting(response, callContext);
+        // The cost-extraction path (catalog / domain-rate / un-cataloged
+        // external_cost-zero) still runs immediately — it works off the
+        // RESPONSE HEADERS for catalog lookup and may consume a JSON body
+        // independently. v1 §4.3 byte_details are stamped on every event
+        // (request side is known; response side is added later via the
+        // recording stream — for v1, only request-side byte_details land on
+        // catalog/domain-rate events. Response-side flows into the task
+        // aggregate via the accountant. v2 finalize back-fills network event
+        // costs after the snapshot.)
+        await _maybeRecordCost(urlStr, wrappedResponse, callContext);
+        return wrappedResponse;
+    };
+    // §4.2.1: tag our wrapper so a second `trackHttp()` (or a duplicate
+    // SDK install across realms) doesn't double-wrap.
+    Object.defineProperty(globalThis.fetch, DEXCOST_PATCHED, {
+        value: true,
+        enumerable: false,
+        configurable: false,
+        writable: false,
+    });
+    // Also patch Node's low-level http/https transports — many SDKs
+    // (AWS SDK v2, older clients, agents) use these directly rather than
+    // the global fetch. Mirrors the Python adapter patching multiple
+    // transports (requests/httpx/aiohttp/botocore/urllib3).
+    _patchNodeHttp();
+}
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/** Build a URL string from the args passed to http(s).request / .get. */
+function _urlFromRequestArgs(isHttps, args) {
+    const first = args[0];
+    if (typeof first === "string") {
+        return first;
+    }
+    if (first instanceof URL) {
+        return first.toString();
+    }
+    if (first && typeof first === "object") {
+        // RequestOptions object
+        const protocol = first.protocol ?? (isHttps ? "https:" : "http:");
+        const host = first.hostname ?? first.host ?? "localhost";
+        const port = first.port ? `:${first.port}` : "";
+        const path = first.path ?? "/";
+        return `${protocol}//${host}${port}${path}`;
+    }
+    return null;
+}
+/** CommonJS require, used to obtain the mutable http/https module objects. */
+const _require = createRequire(import.meta.url);
+/** Patch http.request/get and https.request/get to record external costs. */
+function _patchNodeHttp() {
+    if (_originalHttpRequest !== null)
+        return; // already patched
+    let nodeHttp;
+    let nodeHttps;
+    try {
+        nodeHttp = _require("node:http");
+        nodeHttps = _require("node:https");
+    }
+    catch {
+        return; // http/https unavailable — skip
+    }
+    _originalHttpRequest = nodeHttp.request;
+    _originalHttpsRequest = nodeHttps.request;
+    _originalHttpGet = nodeHttp.get;
+    _originalHttpsGet = nodeHttps.get;
+    const makeWrapper = (original, isHttps) => function wrappedRequest(...args) {
+        const req = original.apply(this, args);
+        try {
+            const raw = _urlFromRequestArgs(isHttps, args);
+            const urlStr = raw ? scrubUrl(raw) : raw;
+            if (urlStr) {
+                // Record on response — body is not parsed for Node-level
+                // requests (matches the Python urllib3 wrapper's behaviour).
+                if (req && typeof req.on === "function") {
+                    req.on("response", () => {
+                        void _maybeRecordCost(urlStr);
+                    });
+                }
+                else {
+                    void _maybeRecordCost(urlStr);
+                }
+            }
+        }
+        catch {
+            // never crash user code
+        }
+        return req;
+    };
+    // Sprint 3 Theme E / §4.2.2 — atomic patch. If `Object.freeze` has
+    // been applied to one of the modules (some serverless runtimes do
+    // this), a partial patch leaves the SDK in a half-installed state
+    // where request is wrapped but get is unrestored — and the originals
+    // are forgotten so untrackHttp() can't roll back. Try all 4
+    // assignments and on ANY failure restore everything we already
+    // wrote.
+    const wrappers = {
+        httpRequest: makeWrapper(_originalHttpRequest, false),
+        httpsRequest: makeWrapper(_originalHttpsRequest, true),
+        httpGet: makeWrapper(_originalHttpGet, false),
+        httpsGet: makeWrapper(_originalHttpsGet, true),
+    };
+    const installed = [];
+    try {
+        nodeHttp.request = wrappers.httpRequest;
+        installed.push(() => { nodeHttp.request = _originalHttpRequest; });
+        nodeHttps.request = wrappers.httpsRequest;
+        installed.push(() => { nodeHttps.request = _originalHttpsRequest; });
+        nodeHttp.get = wrappers.httpGet;
+        installed.push(() => { nodeHttp.get = _originalHttpGet; });
+        nodeHttps.get = wrappers.httpsGet;
+        installed.push(() => { nodeHttps.get = _originalHttpsGet; });
+    }
+    catch {
+        // Roll back every wrapper we successfully installed BEFORE the
+        // failure, so the customer's http stack is exactly where it
+        // started. Best-effort: each restore may itself throw if the
+        // module is fully frozen — we swallow that.
+        for (const restore of installed) {
+            try {
+                restore();
+            }
+            catch { /* frozen, leave as-is */ }
+        }
+        _originalHttpRequest = null;
+        _originalHttpsRequest = null;
+        _originalHttpGet = null;
+        _originalHttpsGet = null;
+    }
+}
+/** Restore the original http/https transports. */
+function _unpatchNodeHttp() {
+    if (_originalHttpRequest === null)
+        return;
+    try {
+        const nodeHttp = _require("node:http");
+        const nodeHttps = _require("node:https");
+        nodeHttp.request = _originalHttpRequest;
+        nodeHttps.request = _originalHttpsRequest;
+        nodeHttp.get = _originalHttpGet;
+        nodeHttps.get = _originalHttpsGet;
+    }
+    catch {
+        // best-effort
+    }
+    _originalHttpRequest = null;
+    _originalHttpsRequest = null;
+    _originalHttpGet = null;
+    _originalHttpsGet = null;
+}
+/* eslint-enable @typescript-eslint/no-explicit-any */
+/**
+ * Restore `globalThis.fetch` to its original value.
+ */
+export function untrackHttp() {
+    if (!_patched || _originalFetch === null)
+        return;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    globalThis.fetch = _originalFetch;
+    _originalFetch = null;
+    _patched = false;
+    _sessionManager = null;
+    _buffer = null;
+    _unpatchNodeHttp();
+}
+// ---------------------------------------------------------------------------
+// Catalog / session accessors (for testing)
+// ---------------------------------------------------------------------------
+/** Get the loaded service catalog instance (may be null). */
+export function getServiceCatalog() {
+    return _catalog;
+}
+/** Reset the service catalog (for testing). */
+export function resetServiceCatalog() {
+    _catalog = null;
+}
+/** Get the session manager (for testing). */
+export function getSessionManager() {
+    return _sessionManager;
+}
+// ---------------------------------------------------------------------------
+// Recorded events accessors
+// ---------------------------------------------------------------------------
+/**
+ * Return all cost events recorded by the adapter since the last
+ * `clearRecordedEvents()` call.
+ */
+export function getRecordedEvents() {
+    return [..._recordedEvents];
+}
+/**
+ * Clear the adapter's recorded events list.
+ */
+export function clearRecordedEvents() {
+    _recordedEvents.length = 0;
+}
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+/**
+ * Resolve the task an HTTP cost should be attributed to.
+ *
+ * Order: active task → session task → freshly-created auto-task. An
+ * auto-task is always returned, so HTTP costs are never silently lost.
+ */
+function _resolveHttpTask() {
+    const current = getCurrentTask();
+    if (current !== undefined) {
+        return current;
+    }
+    if (_sessionManager && _buffer) {
+        const sessionTask = _sessionManager.runInSession("http", _buffer, () => getCurrentTask());
+        if (sessionTask !== undefined) {
+            return sessionTask;
+        }
+    }
+    // No task and no session — create an auto-task (mirrors Python).
+    const autoTask = createAutoTask("http_call");
+    if (_buffer) {
+        _buffer.upsertTask(autoTask);
+    }
+    return autoTask;
+}
+/**
+ * Extract cost from a fetch `Response` for a matched catalog entry.
+ *
+ * Clones the response, parses a JSON body when small enough, and falls
+ * back to header-only extraction on any failure. Returns `null` if
+ * extraction is impossible.
+ */
+async function _extractFromResponse(catalog, entry, response) {
+    if (!entry)
+        return null;
+    try {
+        const cloned = response.clone();
+        const headers = cloned.headers;
+        let body = null;
+        const contentType = headers.get("content-type") ?? "";
+        const contentLength = headers.get("content-length");
+        const cl = Number.parseInt(contentLength ?? "", 10);
+        const bodyTooLarge = contentLength !== null && !Number.isNaN(cl) && cl > MAX_BODY_SIZE;
+        if (contentType.includes("application/json") && !bodyTooLarge) {
+            try {
+                body = await cloned.json();
+            }
+            catch {
+                // Body not parseable — continue with null
+            }
+        }
+        return catalog.extractCost(entry, headers, body);
+    }
+    catch {
+        // Failed to read response — try header-only extraction
+        try {
+            return catalog.extractCost(entry, response.headers, null);
+        }
+        catch {
+            return null;
+        }
+    }
+}
+function _resolveUrlStr(input) {
+    if (typeof input === "string")
+        return input;
+    if (input instanceof URL)
+        return input.toString();
+    return input.url;
+}
+function _resolveMethod(input, init) {
+    if (init?.method)
+        return init.method.toUpperCase();
+    if (input instanceof Request)
+        return input.method.toUpperCase();
+    return "GET";
+}
+function _resolveRequestHeaders(input, init) {
+    const headers = {};
+    const src = init?.headers ?? (input instanceof Request ? input.headers : undefined);
+    if (!src)
+        return headers;
+    if (src instanceof Headers) {
+        src.forEach((value, key) => {
+            headers[key] = value;
+        });
+    }
+    else if (Array.isArray(src)) {
+        for (const [k, v] of src)
+            headers[k] = v;
+    }
+    else {
+        for (const [k, v] of Object.entries(src))
+            headers[k] = String(v);
+    }
+    return headers;
+}
+function _resolveRequestBodyLen(input, init) {
+    const body = init?.body ?? (input instanceof Request ? null : undefined);
+    if (!body)
+        return 0;
+    if (typeof body === "string")
+        return Buffer.byteLength(body, "utf-8");
+    if (body instanceof URLSearchParams)
+        return Buffer.byteLength(body.toString(), "utf-8");
+    if (body instanceof ArrayBuffer)
+        return body.byteLength;
+    if (ArrayBuffer.isView(body))
+        return body.byteLength;
+    if (body instanceof Blob)
+        return body.size;
+    // FormData / ReadableStream — size unknown without consuming.
+    return 0;
+}
+function _measureResponseHeaderBytes(response) {
+    const headers = {};
+    response.headers.forEach((value, key) => {
+        headers[key] = value;
+    });
+    // Pass empty method/url so the request-line formula contributes only the
+    // constant 12-byte " HTTP/1.1\r\n" overhead (mirrors Python).
+    return measureBytesFromHeaders("", "", headers, 0);
+}
+function _isInternalToValue(p) {
+    return p;
+}
+/**
+ * Wrap a Response in a new Response whose body is piped through a
+ * counting TransformStream. The counter is held in the closure; when the
+ * stream's flush fires (source ended) — or when the caller drops the
+ * response (Drop/cancel) — the byte total is recorded into the active
+ * task's accountant and, for un-cataloged calls that aren't suppressed,
+ * a `network` event is emitted with `cost_pending=true`.
+ *
+ * Zero-body responses (status 204, HEAD requests, no `body` stream)
+ * finalise immediately so the accountant still sees the call.
+ */
+function _wrapResponseForByteCounting(response, ctx) {
+    let bytesRead = 0;
+    let finalised = false;
+    const finalise = () => {
+        if (finalised)
+            return;
+        finalised = true;
+        _finaliseHttpCall(ctx, bytesRead);
+    };
+    if (!response.body) {
+        finalise();
+        return response;
+    }
+    // TransformStream's Transformer interface has transform + flush; cancel
+    // isn't a member. To catch early-abort (caller cancels the stream), we
+    // wrap the readable side in a separate ReadableStream that listens for
+    // .cancel() and calls finalise. The TransformStream's flush() handles
+    // the natural end-of-stream case.
+    const counting = new TransformStream({
+        transform(chunk, controller) {
+            bytesRead += chunk.byteLength;
+            controller.enqueue(chunk);
+        },
+        flush() {
+            finalise();
+        },
+    });
+    const piped = response.body.pipeThrough(counting);
+    // Add an early-abort hook by wrapping `piped` in a ReadableStream that
+    // forwards reads from `piped`'s reader and triggers finalise on cancel.
+    const reader = piped.getReader();
+    const earlyAbortWrapper = new ReadableStream({
+        async pull(controller) {
+            try {
+                const { value, done } = await reader.read();
+                if (done) {
+                    controller.close();
+                    return;
+                }
+                controller.enqueue(value);
+            }
+            catch (err) {
+                controller.error(err);
+                finalise();
+            }
+        },
+        cancel(reason) {
+            finalise(); // v1 §5.5 early-abort: bytes-actually-received.
+            return reader.cancel(reason);
+        },
+    });
+    return new Response(earlyAbortWrapper, {
+        status: response.status,
+        statusText: response.statusText,
+        headers: response.headers,
+    });
+}
+/**
+ * Called once the response body has been fully drained, cancelled, or
+ * was empty. Records the byte totals into the task's accountant and, if
+ * the call was un-cataloged AND not suppressed AND notable
+ * (combined_bytes > threshold OR status >= 400), emits a `network`
+ * event with `cost_pending=true`.
+ */
+function _finaliseHttpCall(ctx, responseBodyBytes) {
+    const responseBytes = ctx.responseHeaderBytes + responseBodyBytes;
+    const task = _resolveHttpTask();
+    const accountant = getAccountant(task.taskId);
+    if (accountant) {
+        accountant.record(ctx.hostname, responseBytes, ctx.requestBytes, ctx.isInternal);
+    }
+    // Network-event emission is the un-cataloged path's responsibility.
+    // _maybeRecordCost decides which path was taken — for catalog /
+    // domain-rate calls it sets a "matched" flag we check here. Stored on
+    // the ctx so a single-call closure threads it.
+    if (ctx._matchedCatalog || ctx.suppressed)
+        return;
+    const combined = ctx.requestBytes + responseBytes;
+    // Find the most recent un-cataloged external_cost-zero event for this
+    // URL — that's the one we want to REPLACE with a network event (the
+    // current behaviour records an external_cost-zero; v1 §4.4 wants a
+    // network event instead). Match by url to avoid race with concurrent
+    // calls.
+    for (let i = _recordedEvents.length - 1; i >= 0; i--) {
+        const ev = _recordedEvents[i];
+        if (ev.eventType === "external_cost" &&
+            ev.costUsd === 0 &&
+            ev.costConfidence === "unknown" &&
+            ev.details?.url === ctx.urlStr &&
+            !ev.details?._reTyped) {
+            // Mark and re-type or drop based on threshold.
+            if (combined > NETWORK_EVENT_THRESHOLD_BYTES) {
+                ev.eventType = "network";
+                ev.serviceName = ctx.hostname;
+                ev.details = {
+                    ...ev.details,
+                    method: ctx.method,
+                    cost_pending: true,
+                    protocol: ctx.protocol,
+                    request_bytes: ctx.requestBytes,
+                    response_bytes: responseBytes,
+                    is_internal_traffic: _isInternalToValue(ctx.isInternal),
+                    _reTyped: true,
+                };
+            }
+            else {
+                // Below threshold and no error → counters-only. Drop the
+                // placeholder external_cost-zero event from the in-memory list.
+                // The durable EventBuffer doesn't expose removeEvent today, so a
+                // placeholder may still be persisted there; this matches Python's
+                // behaviour where the placeholder pattern was removed by re-typing
+                // un-cataloged calls instead of by deletion. For tests reading
+                // _recordedEvents directly this is the visible behaviour.
+                _recordedEvents.splice(i, 1);
+            }
+            break;
+        }
+    }
+}
+async function _maybeRecordCost(urlStr, response, ctx) {
+    let hostname;
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(urlStr);
+        hostname = parsedUrl.hostname;
+    }
+    catch {
+        return;
+    }
+    const domain = hostname.includes(":") ? hostname.split(":")[0] : hostname;
+    // Resolve the task to attribute this cost to. An auto-task is created
+    // when none is active so HTTP costs are never silently lost (mirrors
+    // the Python adapter's session auto-creation).
+    const task = _resolveHttpTask();
+    // v1 §4.3 byte_details — stamped into every event below. Response_bytes
+    // are deferred to the TransformStream finalisation; for now only the
+    // request side is known on catalog/domain-rate events.
+    const byteDetailsRequestOnly = ctx
+        ? {
+            protocol: ctx.protocol,
+            request_bytes: ctx.requestBytes,
+            is_internal_traffic: _isInternalToValue(ctx.isInternal),
+        }
+        : {};
+    // 1. Check user-registered domain rate first (highest precedence)
+    const rate = _domainRates.get(domain);
+    if (rate !== undefined) {
+        const event = createCostEvent({
+            eventId: randomUUID(),
+            taskId: task.taskId,
+            eventType: "external_cost",
+            costUsd: rate.costUsd,
+            costConfidence: "exact",
+            pricingSource: "rate_registry",
+            serviceName: domain,
+            details: { url: urlStr, per: rate.per, ...byteDetailsRequestOnly },
+        });
+        _pushRecordedEvent(event);
+        if (_buffer) {
+            _buffer.addEvent(event);
+        }
+        if (ctx)
+            ctx._matchedCatalog = true;
+        return;
+    }
+    // 2. Check service catalog
+    if (_catalog) {
+        const entry = _catalog.lookup(urlStr);
+        if (entry) {
+            // Extract cost from response
+            let extractionResult = null;
+            if (!response) {
+                // No response body available (Node-level request) — extract
+                // from the catalog entry alone.
+                try {
+                    extractionResult = _catalog.extractCost(entry, new Headers(), null);
+                }
+                catch {
+                    // Give up on extraction
+                }
+            }
+            else {
+                extractionResult = await _extractFromResponse(_catalog, entry, response);
+            }
+            if (extractionResult) {
+                const event = createCostEvent({
+                    eventId: randomUUID(),
+                    taskId: task.taskId,
+                    eventType: "external_cost",
+                    costUsd: extractionResult.costUsd,
+                    costConfidence: extractionResult.confidence,
+                    pricingSource: "rate_registry",
+                    serviceName: extractionResult.serviceName,
+                    details: {
+                        url: urlStr,
+                        pricingSource: extractionResult.pricingSource,
+                        catalogService: entry.display_name,
+                        ...byteDetailsRequestOnly,
+                    },
+                });
+                _pushRecordedEvent(event);
+                if (_buffer) {
+                    _buffer.addEvent(event);
+                }
+                if (ctx)
+                    ctx._matchedCatalog = true;
+                return;
+            }
+        }
+    }
+    // 3. Un-cataloged — emit a placeholder external_cost-zero event that
+    // _finaliseHttpCall will RE-TYPE to a `network` event with
+    // cost_pending=true once the response body has been fully drained
+    // (and byte counts are known). If combined bytes stay below
+    // threshold and there's no error, the placeholder is dropped instead
+    // — counters-only path (v1 §4.4). If suppressed (LLM-host call),
+    // no event is emitted at all.
+    if (ctx?.suppressed) {
+        return; // bytes still flow into the accountant via finalise
+    }
+    const event = createCostEvent({
+        eventId: randomUUID(),
+        taskId: task.taskId,
+        eventType: "external_cost",
+        costUsd: 0,
+        costConfidence: "unknown",
+        serviceName: domain,
+        details: { url: urlStr, ...byteDetailsRequestOnly },
+    });
+    _pushRecordedEvent(event);
+    if (_buffer) {
+        _buffer.addEvent(event);
+    }
+}
+//# sourceMappingURL=http.js.map