@fml-inc/panopticon 0.1.0

package/dist/chunk-RX2RXHBH.js

@@ -0,0 +1,1699 @@
+import {
+  incrementEventTypeCount,
+  incrementToolCount,
+  insertHookEvent,
+  insertOtelLogs,
+  insertOtelMetrics,
+  insertRepoConfigSnapshot,
+  insertUserConfigSnapshot,
+  upsertSession,
+  upsertSessionCwd,
+  upsertSessionRepository
+} from "./chunk-BVOE7A2Z.js";
+import {
+  resolveRepoFromCwd
+} from "./chunk-YVRWVDIA.js";
+import {
+  isGitignored,
+  readConfig,
+  resolveGitRoot
+} from "./chunk-3BUJ7URA.js";
+import {
+  addBreadcrumb,
+  captureException
+} from "./chunk-CF4GPWLI.js";
+import {
+  log
+} from "./chunk-7Q3BJMLG.js";
+import {
+  ALL_EVENTS
+} from "./chunk-ZEC4LRKS.js";
+import {
+  allTargets,
+  getTarget
+} from "./chunk-QVK6VGCV.js";
+import {
+  config
+} from "./chunk-K7YUPLES.js";
+
+// src/proxy/server.ts
+import http from "http";
+import https from "https";
+
+// src/hooks/ingest.ts
+import { execFileSync } from "child_process";
+import fs2 from "fs";
+import os from "os";
+import path2 from "path";
+
+// src/eventConfig.ts
+import fs from "fs";
+import path from "path";
+var EVENT_CONFIG_PATH = path.join(config.dataDir, "event-config.json");
+var cachedEventConfig = null;
+function defaultEventConfig() {
+  const cfg = {};
+  for (const e of ALL_EVENTS) cfg[e] = true;
+  return cfg;
+}
+function loadEventConfig() {
+  if (cachedEventConfig) return cachedEventConfig;
+  const defaults = defaultEventConfig();
+  try {
+    const raw = JSON.parse(fs.readFileSync(EVENT_CONFIG_PATH, "utf-8"));
+    if (raw && typeof raw === "object" && !Array.isArray(raw)) {
+      for (const key of Object.keys(raw)) {
+        if (key in defaults && typeof raw[key] === "boolean") {
+          defaults[key] = raw[key];
+        }
+      }
+    }
+  } catch {
+  }
+  cachedEventConfig = defaults;
+  return cachedEventConfig;
+}
+function isEventEnabled(eventType) {
+  const cfg = loadEventConfig();
+  if (!(eventType in cfg)) return true;
+  return cfg[eventType];
+}
+
+// src/hooks/permissions.ts
+function splitChainComponents(cmd) {
+  return cmd.split(/\s*(?:&&|\|\||;|\|)\s*/).map((s) => s.trim()).filter(Boolean);
+}
+function extractBaseCommands(component) {
+  let cmd = component.replace(/^(?:[A-Z_][A-Z0-9_]*=[^\s]*\s+)+/, "");
+  cmd = cmd.replace(/\s*\d*>[>&]?\s*\S+/g, " ").trim();
+  cmd = cmd.replace(/\s*\d*<\s*\S+/g, " ").trim();
+  const tokens = cmd.split(/\s+/).filter(Boolean);
+  if (tokens.length === 0) return [];
+  if ((tokens[0] === "bash" || tokens[0] === "sh") && tokens.includes("-c")) {
+    return [tokens[0]];
+  }
+  const COMPOUND_TOOLS = {
+    git: /* @__PURE__ */ new Set(["-C", "-c", "--git-dir", "--work-tree", "--namespace"]),
+    gh: /* @__PURE__ */ new Set(["-R", "--repo"]),
+    npx: /* @__PURE__ */ new Set(["-p", "--package"]),
+    pnpm: /* @__PURE__ */ new Set(["--filter", "-C", "--dir"]),
+    xargs: /* @__PURE__ */ new Set([
+      "-I",
+      "-L",
+      "-n",
+      "-P",
+      "-s",
+      "--max-args",
+      "--max-procs",
+      "--replace"
+    ]),
+    env: /* @__PURE__ */ new Set([]),
+    nice: /* @__PURE__ */ new Set(["-n", "--adjustment"]),
+    timeout: /* @__PURE__ */ new Set(["-k", "--kill-after", "-s", "--signal"]),
+    watch: /* @__PURE__ */ new Set(["-n", "-d", "--interval"])
+  };
+  const flagsWithArg = COMPOUND_TOOLS[tokens[0]];
+  if (flagsWithArg && tokens.length > 1) {
+    for (let i = 1; i < tokens.length; i++) {
+      const t = tokens[i];
+      if (t.startsWith("-")) {
+        if (flagsWithArg.has(t) && !t.includes("=")) i++;
+        continue;
+      }
+      if (t.includes("=") && tokens[0] === "env") continue;
+      if (tokens[0] === "timeout" && /^\d/.test(t)) continue;
+      return [`${tokens[0]} ${t}`];
+    }
+    return [tokens[0]];
+  }
+  const baseCmd = tokens[0];
+  const results = [baseCmd];
+  if (baseCmd === "find") {
+    for (let i = 1; i < tokens.length; i++) {
+      if (tokens[i] === "-exec" || tokens[i] === "-execdir") {
+        const delegated = tokens[i + 1];
+        if (delegated && delegated !== "{}" && delegated !== ";") {
+          const binName = delegated.split("/").pop();
+          results.push(binName);
+        }
+      }
+    }
+  }
+  return results;
+}
+function checkBashPermission(command, allowedCommands) {
+  if (!allowedCommands.length) return null;
+  const components = splitChainComponents(command);
+  if (components.length === 0) return null;
+  const bases = components.flatMap(extractBaseCommands);
+  const unapproved = bases.filter((b) => !allowedCommands.includes(b));
+  if (unapproved.length === 0) {
+    return {
+      allow: true,
+      reason: `All ${bases.length} component(s) approved: ${bases.join(", ")}`
+    };
+  }
+  return null;
+}
+
+// src/hooks/ingest.ts
+var gitIdentityCache = /* @__PURE__ */ new Map();
+function resolveGitIdentity(cwd) {
+  const cached = gitIdentityCache.get(cwd);
+  if (cached) return cached;
+  const result = { name: null, email: null };
+  try {
+    result.name = execFileSync("git", ["-C", cwd, "config", "user.name"], {
+      encoding: "utf-8",
+      timeout: 3e3,
+      stdio: ["ignore", "pipe", "ignore"]
+    }).trim() || null;
+  } catch {
+  }
+  try {
+    result.email = execFileSync("git", ["-C", cwd, "config", "user.email"], {
+      encoding: "utf-8",
+      timeout: 3e3,
+      stdio: ["ignore", "pipe", "ignore"]
+    }).trim() || null;
+  } catch {
+  }
+  gitIdentityCache.set(cwd, result);
+  return result;
+}
+var lastSessionRepo = /* @__PURE__ */ new Map();
+var userConfigCaptured = /* @__PURE__ */ new Set();
+var seenSessionRepos = /* @__PURE__ */ new Set();
+var ALLOWED_PATH = path2.join(config.dataDir, "permissions", "allowed.json");
+function loadAllowed() {
+  try {
+    return JSON.parse(fs2.readFileSync(ALLOWED_PATH, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function isPanopticonMcpTool(toolName) {
+  return toolName.startsWith("mcp__plugin_panopticon_panopticon__") || toolName.startsWith("mcp__panopticon__");
+}
+function extractShellPwd(data) {
+  if (typeof data.shell_pwd === "string") return data.shell_pwd;
+  if (typeof data.tool_input?.shell_pwd === "string")
+    return data.tool_input.shell_pwd;
+  return null;
+}
+function extractEventPaths(data) {
+  const paths = [];
+  const seen = /* @__PURE__ */ new Set();
+  const add = (dir, source) => {
+    if (!seen.has(dir)) {
+      seen.add(dir);
+      paths.push({ dir, source });
+    }
+  };
+  const shellPwd = extractShellPwd(data);
+  if (shellPwd) add(shellPwd, "shell_pwd");
+  const toolInput = data.tool_input;
+  if (toolInput && typeof toolInput === "object") {
+    const fp = toolInput.file_path;
+    if (typeof fp === "string" && path2.isAbsolute(fp)) {
+      add(path2.dirname(fp), "tool_input.file_path");
+    }
+    const p = toolInput.path;
+    if (typeof p === "string" && path2.isAbsolute(p)) {
+      add(path2.dirname(p), "tool_input.path");
+    }
+  }
+  if (typeof data.cwd === "string") add(data.cwd, "cwd");
+  return paths;
+}
+function normalizeResolveFn(resolveFn) {
+  return (dir) => {
+    const result = resolveFn(dir);
+    if (!result) return null;
+    if (typeof result === "string") return { repo: result };
+    return result;
+  };
+}
+function resolveEventRepo(data, resolveFn = resolveRepoFromCwd) {
+  const sessionId = data.session_id ?? "unknown";
+  let repo = data.repository ?? null;
+  if (!repo) {
+    const resolve = normalizeResolveFn(resolveFn);
+    for (const { dir } of extractEventPaths(data)) {
+      const info = resolve(dir);
+      if (info) {
+        repo = info.repo;
+        break;
+      }
+    }
+  }
+  if (!repo) {
+    repo = lastSessionRepo.get(sessionId) ?? null;
+  }
+  if (repo) {
+    lastSessionRepo.set(sessionId, repo);
+  }
+  return repo;
+}
+function resolveAllEventRepos(data, resolveFn = resolveRepoFromCwd) {
+  const results = [];
+  const seen = /* @__PURE__ */ new Set();
+  const resolve = normalizeResolveFn(resolveFn);
+  if (data.repository) {
+    seen.add(data.repository);
+    const shellPwd = extractShellPwd(data);
+    results.push({
+      repo: data.repository,
+      dir: shellPwd ?? data.cwd ?? "."
+    });
+  }
+  for (const { dir } of extractEventPaths(data)) {
+    const info = resolve(dir);
+    if (info && !seen.has(info.repo)) {
+      seen.add(info.repo);
+      results.push({ repo: info.repo, dir, branch: info.branch });
+    }
+  }
+  return results;
+}
+var sessionTargetCache = /* @__PURE__ */ new Map();
+function resolveTarget(data) {
+  const targets = allTargets();
+  const sessionId = data.session_id;
+  const source = data.source ?? data.target;
+  if (source) {
+    for (const v of targets) {
+      if (v.id === source) {
+        if (sessionId) sessionTargetCache.set(sessionId, v.id);
+        return v;
+      }
+    }
+  }
+  if (sessionId) {
+    const cached = sessionTargetCache.get(sessionId);
+    if (cached) {
+      return targets.find((v) => v.id === cached);
+    }
+  }
+  const rawEvent = data.hook_event_name;
+  if (rawEvent) {
+    let matched;
+    for (const v of targets) {
+      if (rawEvent in v.events.eventMap) {
+        if (matched) {
+          log.hooks.warn(
+            `Event "${rawEvent}" claimed by both "${matched.id}" and "${v.id}" \u2014 using "${matched.id}"`
+          );
+          break;
+        }
+        matched = v;
+      }
+    }
+    if (matched) {
+      if (sessionId) sessionTargetCache.set(sessionId, matched.id);
+      return matched;
+    }
+  }
+  const model = typeof data.model === "string" ? data.model : null;
+  if (model) {
+    let matched;
+    for (const v of targets) {
+      if (v.ident?.modelPatterns?.some((re) => re.test(model))) {
+        matched = v;
+        break;
+      }
+    }
+    if (matched) {
+      log.hooks.warn(
+        `Target resolved via model-name heuristic: model="${model}" \u2192 "${matched.id}". Set an explicit source/target field to avoid ambiguous detection.`
+      );
+      if (sessionId) sessionTargetCache.set(sessionId, matched.id);
+      return matched;
+    }
+  }
+  return void 0;
+}
+function processHookEvent(data) {
+  const sessionId = data.session_id ?? "unknown";
+  const rawEventType = data.hook_event_name ?? "Unknown";
+  let eventType = rawEventType;
+  const toolName = data.tool_name ?? null;
+  const timestampMs = Date.now();
+  const target = resolveTarget(data);
+  if (target) {
+    const mapped = target.events.eventMap[eventType];
+    if (mapped) eventType = mapped;
+    if (target.events.normalizePayload) {
+      data = target.events.normalizePayload(data);
+    }
+  }
+  const repo = resolveEventRepo(data);
+  const targetId = target?.id ?? "unknown";
+  if (!isEventEnabled(eventType)) {
+    if (eventType === "PreToolUse" && toolName) {
+      return buildPermissionResponse(toolName, data, target);
+    }
+    return {};
+  }
+  insertHookEvent({
+    session_id: sessionId,
+    event_type: eventType,
+    timestamp_ms: timestampMs,
+    cwd: data.cwd,
+    repository: repo ?? void 0,
+    tool_name: toolName ?? void 0,
+    target: targetId,
+    payload: data
+  });
+  const sessionFields = {
+    session_id: sessionId,
+    target: targetId,
+    has_hooks: 1
+  };
+  if (eventType === "SessionStart") {
+    sessionFields.started_at_ms = timestampMs;
+    sessionFields.created_at = timestampMs;
+    sessionFields.permission_mode = typeof data.permission_mode === "string" ? data.permission_mode : void 0;
+    sessionFields.agent_version = typeof data.agent_version === "string" ? data.agent_version : void 0;
+    const cwd = data.cwd;
+    if (cwd) {
+      const repoInfo = resolveRepoFromCwd(cwd);
+      sessionFields.project = repoInfo?.repo ?? path2.basename(cwd);
+    }
+  }
+  if (eventType === "UserPromptSubmit") {
+    const prompt = typeof data.prompt === "string" ? data.prompt : typeof data.user_prompt === "string" ? data.user_prompt : void 0;
+    if (prompt) sessionFields.first_prompt = prompt;
+  }
+  if (eventType === "Stop" || eventType === "SessionEnd") {
+    sessionFields.ended_at_ms = timestampMs;
+  }
+  upsertSession(sessionFields);
+  if (eventType === "SubagentStart" || eventType === "SubagentStop") {
+    const agentId = data.agent_id;
+    if (agentId) {
+      const subagentSessionId = `agent-${agentId}`;
+      const subagentFields = {
+        session_id: subagentSessionId,
+        target: targetId,
+        parent_session_id: sessionId,
+        relationship_type: "subagent",
+        is_automated: 1
+      };
+      if (eventType === "SubagentStart") {
+        subagentFields.started_at_ms = timestampMs;
+        subagentFields.created_at = timestampMs;
+      } else {
+        subagentFields.ended_at_ms = timestampMs;
+      }
+      upsertSession(subagentFields);
+    }
+  }
+  incrementEventTypeCount(sessionId, eventType);
+  if (eventType === "PreToolUse" && toolName) {
+    incrementToolCount(sessionId, toolName);
+  }
+  const allRepos = resolveAllEventRepos(data);
+  for (const { repo: r, dir, branch } of allRepos) {
+    const gitId = resolveGitIdentity(dir);
+    upsertSessionRepository(sessionId, r, timestampMs, gitId, branch);
+    const repoKey = `${sessionId}:${r}`;
+    if (!seenSessionRepos.has(repoKey)) {
+      seenSessionRepos.add(repoKey);
+      try {
+        const cfg = readConfig(dir);
+        const gitRoot = resolveGitRoot(dir);
+        const localSettingsPath = path2.join(
+          gitRoot ?? dir,
+          ".claude",
+          "settings.local.json"
+        );
+        insertRepoConfigSnapshot({
+          repository: r,
+          cwd: dir,
+          sessionId,
+          hooks: cfg.project?.hooks ?? [],
+          mcpServers: cfg.project?.mcpServers ?? [],
+          commands: cfg.project?.commands ?? [],
+          agents: cfg.project?.agents ?? [],
+          rules: cfg.project?.rules ?? [],
+          localHooks: cfg.projectLocal?.hooks ?? [],
+          localMcpServers: cfg.projectLocal?.mcpServers ?? [],
+          localPermissions: cfg.projectLocal?.permissions ?? {
+            allow: [],
+            ask: [],
+            deny: []
+          },
+          localIsGitignored: isGitignored(localSettingsPath, gitRoot ?? dir),
+          instructions: cfg.instructions
+        });
+      } catch {
+      }
+    }
+  }
+  if (data.cwd) {
+    upsertSessionCwd(sessionId, data.cwd, timestampMs);
+  }
+  if (eventType === "SessionStart" && !userConfigCaptured.has(sessionId)) {
+    userConfigCaptured.add(sessionId);
+    try {
+      const config2 = readConfig(data.cwd);
+      insertUserConfigSnapshot({
+        deviceName: os.hostname(),
+        permissions: config2.user.permissions,
+        enabledPlugins: config2.enabledPlugins,
+        hooks: config2.user.hooks,
+        commands: config2.user.commands,
+        rules: config2.user.rules,
+        skills: config2.user.skills
+      });
+    } catch {
+    }
+  }
+  if (eventType === "PreToolUse" && toolName) {
+    return buildPermissionResponse(toolName, data, target);
+  }
+  return {};
+}
+function buildPermissionResponse(toolName, data, target) {
+  let decision = null;
+  if (isPanopticonMcpTool(toolName)) {
+    decision = { allow: true, reason: "Panopticon tool (always allowed)" };
+  } else {
+    const allowed = loadAllowed();
+    if (allowed) {
+      if (toolName === "Bash") {
+        const command = data.tool_input?.command;
+        if (typeof command === "string" && allowed.bash_commands?.length) {
+          decision = checkBashPermission(command, allowed.bash_commands);
+        }
+      } else if (allowed.tools?.includes(toolName)) {
+        decision = { allow: true, reason: `Tool "${toolName}" is allowed` };
+      }
+    }
+  }
+  if (decision) {
+    if (target) {
+      return target.events.formatPermissionResponse(decision);
+    }
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "allow",
+        permissionDecisionReason: decision.reason
+      }
+    };
+  }
+  return {};
+}
+
+// src/proxy/emit.ts
+function emitHookEventAsync(event) {
+  try {
+    processHookEvent(event);
+  } catch (err) {
+    if (process.env.PANOPTICON_DEBUG) {
+      log.proxy.error("hook emit error:", err);
+    }
+  }
+}
+function emitOtelMetrics(metrics) {
+  if (metrics.length === 0) return;
+  const now = Date.now() * 1e6;
+  try {
+    const rows = metrics.map((m) => ({
+      timestamp_ns: now,
+      name: m.name,
+      value: m.value,
+      metric_type: "gauge",
+      unit: m.unit,
+      attributes: m.attributes,
+      resource_attributes: m.sessionId ? { "session.id": m.sessionId } : void 0,
+      session_id: m.sessionId
+    }));
+    insertOtelMetrics(rows);
+  } catch (err) {
+    if (process.env.PANOPTICON_DEBUG) {
+      log.proxy.error("OTel metric emit error:", err);
+    }
+  }
+}
+function emitOtelLogs(logs) {
+  if (logs.length === 0) return;
+  const now = Date.now() * 1e6;
+  try {
+    const rows = logs.map((l) => ({
+      timestamp_ns: now,
+      severity_text: l.severityText ?? "INFO",
+      body: l.body,
+      attributes: l.attributes,
+      resource_attributes: l.sessionId ? { "session.id": l.sessionId } : void 0,
+      session_id: l.sessionId
+    }));
+    insertOtelLogs(rows);
+  } catch (err) {
+    if (process.env.PANOPTICON_DEBUG) {
+      log.proxy.error("OTel log emit error:", err);
+    }
+  }
+}
+
+// src/proxy/formats/anthropic.ts
+var anthropicParser = {
+  matches(path3) {
+    return path3.includes("/v1/messages");
+  },
+  extractEvents(capture) {
+    const events = [];
+    const { request, response, sessionId } = capture;
+    const reqBody = request.body;
+    const resBody = response.body;
+    if (!reqBody) return events;
+    const messages = reqBody.messages;
+    if (messages) {
+      const lastUser = [...messages].reverse().find((m) => m.role === "user");
+      if (lastUser) {
+        const prompt = extractTextContent(lastUser.content);
+        if (prompt) {
+          events.push({
+            session_id: sessionId,
+            hook_event_name: "UserPromptSubmit",
+            prompt
+          });
+        }
+      }
+      for (const msg of messages) {
+        if (msg.role === "tool" || msg.role === "tool_result") {
+          const toolMsg = msg;
+          events.push({
+            session_id: sessionId,
+            hook_event_name: "PostToolUse",
+            tool_name: toolMsg.tool_use_id ?? "unknown",
+            tool_input: {
+              tool_use_id: toolMsg.tool_use_id,
+              content: extractTextContent(toolMsg.content)
+            }
+          });
+        }
+      }
+    }
+    if (resBody && Array.isArray(resBody.content)) {
+      for (const block of resBody.content) {
+        if (block.type === "tool_use") {
+          events.push({
+            session_id: sessionId,
+            hook_event_name: "PreToolUse",
+            tool_name: block.name ?? "unknown",
+            tool_input: block.input ?? {}
+          });
+        }
+      }
+    }
+    return events;
+  },
+  extractMetrics(capture) {
+    const metrics = [];
+    const resBody = capture.response.body;
+    if (!resBody) return metrics;
+    const usage = resBody.usage;
+    const model = resBody.model ?? "unknown";
+    if (usage) {
+      if (usage.input_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.input_tokens,
+          attributes: {
+            model,
+            token_type: "input",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+      if (usage.output_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.output_tokens,
+          attributes: {
+            model,
+            token_type: "output",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+      if (usage.cache_read_input_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.cache_read_input_tokens,
+          attributes: {
+            model,
+            token_type: "cacheRead",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+      if (usage.cache_creation_input_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.cache_creation_input_tokens,
+          attributes: {
+            model,
+            token_type: "cacheWrite",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+    }
+    return metrics;
+  },
+  extractLogs(capture) {
+    const resBody = capture.response.body;
+    const reqBody = capture.request.body;
+    const model = resBody?.model ?? reqBody?.model ?? "unknown";
+    const usage = resBody?.usage;
+    return [
+      {
+        body: "api_request",
+        sessionId: capture.sessionId,
+        attributes: {
+          model,
+          target: capture.target,
+          duration_ms: capture.duration_ms,
+          status: capture.response.status,
+          stop_reason: resBody?.stop_reason,
+          input_tokens: usage?.input_tokens,
+          output_tokens: usage?.output_tokens
+        }
+      }
+    ];
+  }
+};
+function extractTextContent(content) {
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    return content.filter((c) => c.type === "text").map((c) => c.text).join("\n") || void 0;
+  }
+  return void 0;
+}
+
+// src/proxy/formats/openai.ts
+var openaiParser = {
+  matches(path3) {
+    return path3.includes("/v1/chat/completions");
+  },
+  extractEvents(capture) {
+    const events = [];
+    const { request, response, sessionId } = capture;
+    const reqBody = request.body;
+    const resBody = response.body;
+    if (!reqBody) return events;
+    const messages = reqBody.messages;
+    if (messages) {
+      const lastUser = [...messages].reverse().find((m) => m.role === "user");
+      if (lastUser) {
+        const prompt = extractTextContent2(lastUser.content);
+        if (prompt) {
+          events.push({
+            session_id: sessionId,
+            hook_event_name: "UserPromptSubmit",
+            prompt
+          });
+        }
+      }
+      for (const msg of messages) {
+        if (msg.role === "tool") {
+          events.push({
+            session_id: sessionId,
+            hook_event_name: "PostToolUse",
+            tool_name: msg.tool_call_id ?? "unknown",
+            tool_input: {
+              tool_call_id: msg.tool_call_id,
+              content: extractTextContent2(msg.content)
+            }
+          });
+        }
+      }
+    }
+    if (resBody) {
+      const choices = resBody.choices;
+      if (choices) {
+        for (const choice of choices) {
+          const toolCalls = choice.message?.tool_calls;
+          if (toolCalls) {
+            for (const tc of toolCalls) {
+              const fn = tc.function;
+              let parsedArgs = {};
+              if (fn?.arguments) {
+                try {
+                  parsedArgs = JSON.parse(fn.arguments);
+                } catch {
+                  parsedArgs = { raw: fn.arguments };
+                }
+              }
+              events.push({
+                session_id: sessionId,
+                hook_event_name: "PreToolUse",
+                tool_name: fn?.name ?? "unknown",
+                tool_input: parsedArgs
+              });
+            }
+          }
+        }
+      }
+    }
+    return events;
+  },
+  extractMetrics(capture) {
+    const metrics = [];
+    const resBody = capture.response.body;
+    const reqBody = capture.request.body;
+    if (!resBody) return metrics;
+    const usage = resBody.usage;
+    const model = resBody.model ?? reqBody?.model ?? "unknown";
+    if (usage) {
+      if (usage.prompt_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.prompt_tokens,
+          attributes: {
+            model,
+            token_type: "input",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+      if (usage.completion_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.completion_tokens,
+          attributes: {
+            model,
+            token_type: "output",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+    }
+    return metrics;
+  },
+  extractLogs(capture) {
+    const resBody = capture.response.body;
+    const reqBody = capture.request.body;
+    const model = resBody?.model ?? reqBody?.model ?? "unknown";
+    const usage = resBody?.usage;
+    const choices = resBody?.choices;
+    return [
+      {
+        body: "api_request",
+        sessionId: capture.sessionId,
+        attributes: {
+          model,
+          target: capture.target,
+          duration_ms: capture.duration_ms,
+          status: capture.response.status,
+          stop_reason: choices?.[0]?.finish_reason,
+          input_tokens: usage?.prompt_tokens,
+          output_tokens: usage?.completion_tokens
+        }
+      }
+    ];
+  }
+};
+function extractTextContent2(content) {
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    return content.filter((c) => c.type === "text").map((c) => c.text).join("\n") || void 0;
+  }
+  return void 0;
+}
+
+// src/proxy/formats/openai-responses.ts
+var openaiResponsesParser = {
+  matches(path3) {
+    return path3.endsWith("/responses") || path3.includes("/responses?");
+  },
+  extractEvents(capture) {
+    const events = [];
+    const { request, response, sessionId } = capture;
+    const reqBody = request.body;
+    const resBody = response.body;
+    if (!reqBody) return events;
+    const input = reqBody.input;
+    const prompt = extractInputText(input);
+    if (prompt) {
+      events.push({
+        session_id: sessionId,
+        hook_event_name: "UserPromptSubmit",
+        prompt
+      });
+    }
+    if (Array.isArray(input)) {
+      for (const item of input) {
+        const it = item;
+        if (it.type === "function_call_output") {
+          events.push({
+            session_id: sessionId,
+            hook_event_name: "PostToolUse",
+            tool_name: it.call_id ?? "unknown",
+            tool_input: {
+              call_id: it.call_id,
+              content: it.output
+            }
+          });
+        }
+      }
+    }
+    if (resBody) {
+      const output = resBody.output;
+      if (output) {
+        for (const item of output) {
+          if (item.type === "function_call") {
+            let parsedArgs = {};
+            if (typeof item.arguments === "string") {
+              try {
+                parsedArgs = JSON.parse(item.arguments);
+              } catch {
+                parsedArgs = { raw: item.arguments };
+              }
+            }
+            events.push({
+              session_id: sessionId,
+              hook_event_name: "PreToolUse",
+              tool_name: item.name ?? "unknown",
+              tool_input: parsedArgs
+            });
+          }
+        }
+      }
+    }
+    return events;
+  },
+  extractMetrics(capture) {
+    const metrics = [];
+    const resBody = capture.response.body;
+    const reqBody = capture.request.body;
+    if (!resBody) return metrics;
+    const usage = resBody.usage;
+    const model = resBody.model ?? reqBody?.model ?? "unknown";
+    if (usage) {
+      if (usage.input_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.input_tokens,
+          attributes: {
+            model,
+            token_type: "input",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+      if (usage.output_tokens) {
+        metrics.push({
+          name: "token.usage",
+          value: usage.output_tokens,
+          attributes: {
+            model,
+            token_type: "output",
+            target: capture.target
+          },
+          sessionId: capture.sessionId
+        });
+      }
+    }
+    return metrics;
+  },
+  extractLogs(capture) {
+    const resBody = capture.response.body;
+    const reqBody = capture.request.body;
+    const model = resBody?.model ?? reqBody?.model ?? "unknown";
+    const usage = resBody?.usage;
+    return [
+      {
+        body: "api_request",
+        sessionId: capture.sessionId,
+        attributes: {
+          model,
+          target: capture.target,
+          duration_ms: capture.duration_ms,
+          status: capture.response.status,
+          stop_reason: resBody?.status,
+          input_tokens: usage?.input_tokens,
+          output_tokens: usage?.output_tokens
+        }
+      }
+    ];
+  }
+};
+function extractInputText(input) {
+  if (typeof input === "string") return input;
+  if (!Array.isArray(input)) return void 0;
+  const texts = [];
+  for (let i = input.length - 1; i >= 0; i--) {
+    const item = input[i];
+    if (item.role === "user") {
+      const text = extractContentField(item.content);
+      if (text) return text;
+    }
+    if (item.type === "message" && item.role === "user") {
+      const text = extractContentField(item.content);
+      if (text) return text;
+    }
+    if (item.type === "input_text" && typeof item.text === "string") {
+      texts.unshift(item.text);
+    }
+  }
+  return texts.length > 0 ? texts.join("\n") : void 0;
+}
+function extractContentField(content) {
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    return content.filter(
+      (c) => c.type === "input_text" || c.type === "text"
+    ).map((c) => c.text).join("\n") || void 0;
+  }
+  return void 0;
+}
+
+// src/proxy/sessions.ts
+var SessionTracker = class {
+  sessions = /* @__PURE__ */ new Map();
+  getOrCreateSession(target, requestBody) {
+    const now = Date.now();
+    const existing = this.sessions.get(target);
+    const messageCount = countMessages(requestBody);
+    if (existing) {
+      const isReset = this.isConversationReset(existing, messageCount, now);
+      if (!isReset) {
+        existing.lastRequestMs = now;
+        if (messageCount > 0) existing.lastMessageCount = messageCount;
+        return { sessionId: existing.id, isNew: false };
+      }
+    }
+    const seq = existing ? existing.seq + 1 : 1;
+    const date = new Date(now).toISOString().slice(0, 10).replace(/-/g, "");
+    const sessionId = `${target}-${date}-${String(seq).padStart(3, "0")}`;
+    this.sessions.set(target, {
+      id: sessionId,
+      lastRequestMs: now,
+      lastMessageCount: messageCount,
+      seq
+    });
+    return { sessionId, isNew: true };
+  }
+  isConversationReset(state, messageCount, now) {
+    if (messageCount > 0 && state.lastMessageCount > 3 && messageCount <= 2) {
+      return true;
+    }
+    if (messageCount > 0 && state.lastMessageCount > 0 && messageCount < state.lastMessageCount / 2 && state.lastMessageCount - messageCount >= 3) {
+      return true;
+    }
+    if (now - state.lastRequestMs >= config.proxyIdleSessionMs) {
+      return true;
+    }
+    return false;
+  }
+};
+function countMessages(body) {
+  if (typeof body !== "object" || body === null) return 0;
+  const messages = body.messages;
+  if (!Array.isArray(messages)) return 0;
+  return messages.filter((m) => m.role !== "system").length;
+}
+
+// src/proxy/streaming.ts
+function createAnthropicAccumulator() {
+  let message = {};
+  let usage = {};
+  const contentBlocks = [];
+  let currentBlockIndex = -1;
+  const textParts = /* @__PURE__ */ new Map();
+  return {
+    push(chunk) {
+      const text = chunk.toString("utf-8");
+      for (const line of text.split("\n")) {
+        if (!line.startsWith("data: ")) continue;
+        const data = line.slice(6).trim();
+        if (data === "[DONE]") continue;
+        try {
+          const event = JSON.parse(data);
+          switch (event.type) {
+            case "message_start":
+              message = event.message ?? {};
+              usage = event.message?.usage ?? {};
+              break;
+            case "content_block_start":
+              currentBlockIndex = event.index ?? contentBlocks.length;
+              contentBlocks[currentBlockIndex] = event.content_block ?? {};
+              break;
+            case "content_block_delta":
+              if (event.delta?.type === "text_delta" && event.delta.text) {
+                const idx = event.index ?? currentBlockIndex;
+                textParts.set(
+                  idx,
+                  (textParts.get(idx) ?? "") + event.delta.text
+                );
+              } else if (event.delta?.type === "input_json_delta" && event.delta.partial_json) {
+                const idx = event.index ?? currentBlockIndex;
+                textParts.set(
+                  idx,
+                  (textParts.get(idx) ?? "") + event.delta.partial_json
+                );
+              }
+              break;
+            case "message_delta":
+              if (event.delta) {
+                Object.assign(message, event.delta);
+              }
+              if (event.usage) {
+                Object.assign(usage, event.usage);
+              }
+              break;
+          }
+        } catch {
+        }
+      }
+      return chunk;
+    },
+    finish() {
+      const content = contentBlocks.map((block, i) => {
+        if (block.type === "text") {
+          return { ...block, text: textParts.get(i) ?? block.text ?? "" };
+        }
+        if (block.type === "tool_use") {
+          const raw = textParts.get(i);
+          let input = block.input;
+          if (raw) {
+            try {
+              input = JSON.parse(raw);
+            } catch {
+              input = { raw };
+            }
+          }
+          return { ...block, input };
+        }
+        return block;
+      });
+      return {
+        ...message,
+        content,
+        usage
+      };
+    }
+  };
+}
+function createOpenaiAccumulator() {
+  let model = "";
+  let finishReason = null;
+  let role = "";
+  let contentParts = "";
+  const toolCalls = /* @__PURE__ */ new Map();
+  let usage = {};
+  return {
+    push(chunk) {
+      const text = chunk.toString("utf-8");
+      for (const line of text.split("\n")) {
+        if (!line.startsWith("data: ")) continue;
+        const data = line.slice(6).trim();
+        if (data === "[DONE]") continue;
+        try {
+          const event = JSON.parse(data);
+          if (event.model) model = event.model;
+          if (event.usage) usage = event.usage;
+          const choice = event.choices?.[0];
+          if (!choice) continue;
+          if (choice.finish_reason) finishReason = choice.finish_reason;
+          const delta = choice.delta;
+          if (!delta) continue;
+          if (delta.role) role = delta.role;
+          if (delta.content) contentParts += delta.content;
+          if (delta.tool_calls) {
+            for (const tc of delta.tool_calls) {
+              const idx = tc.index ?? 0;
+              const existing = toolCalls.get(idx);
+              if (existing) {
+                if (tc.function?.arguments) {
+                  existing.function.arguments += tc.function.arguments;
+                }
+              } else {
+                toolCalls.set(idx, {
+                  id: tc.id ?? "",
+                  type: tc.type ?? "function",
+                  function: {
+                    name: tc.function?.name ?? "",
+                    arguments: tc.function?.arguments ?? ""
+                  }
+                });
+              }
+            }
+          }
+        } catch {
+        }
+      }
+      return chunk;
+    },
+    finish() {
+      const message = {
+        role: role || "assistant",
+        content: contentParts || null
+      };
+      if (toolCalls.size > 0) {
+        message.tool_calls = [...toolCalls.entries()].sort(([a], [b]) => a - b).map(([, tc]) => tc);
+      }
+      return {
+        model,
+        choices: [
+          {
+            index: 0,
+            message,
+            finish_reason: finishReason
+          }
+        ],
+        usage
+      };
+    }
+  };
+}
+function isStreamingRequest(body) {
+  if (typeof body === "object" && body !== null) {
+    return body.stream === true;
+  }
+  return false;
+}
+
+// src/proxy/ws-capture.ts
+var WebSocketMessageExtractor = class {
+  buffer = Buffer.alloc(0);
+  fragments = [];
+  currentOpcode = 0;
+  onMessage;
+  push(data) {
+    this.buffer = Buffer.concat([this.buffer, data]);
+    this.drain();
+  }
+  drain() {
+    while (this.buffer.length >= 2) {
+      const byte0 = this.buffer[0];
+      const byte1 = this.buffer[1];
+      const fin = (byte0 & 128) !== 0;
+      const opcode = byte0 & 15;
+      const masked = (byte1 & 128) !== 0;
+      let payloadLen = byte1 & 127;
+      let headerLen = 2;
+      if (payloadLen === 126) {
+        if (this.buffer.length < 4) return;
+        payloadLen = this.buffer.readUInt16BE(2);
+        headerLen = 4;
+      } else if (payloadLen === 127) {
+        if (this.buffer.length < 10) return;
+        payloadLen = Number(this.buffer.readBigUInt64BE(2));
+        headerLen = 10;
+      }
+      if (masked) headerLen += 4;
+      const totalLen = headerLen + payloadLen;
+      if (this.buffer.length < totalLen) return;
+      let payload = this.buffer.subarray(headerLen, totalLen);
+      if (masked) {
+        const maskKey = this.buffer.subarray(headerLen - 4, headerLen);
+        payload = Buffer.from(payload);
+        for (let i = 0; i < payload.length; i++) {
+          payload[i] ^= maskKey[i % 4];
+        }
+      }
+      if (opcode === 1 || opcode === 2) {
+        this.currentOpcode = opcode;
+        this.fragments = [payload];
+      } else if (opcode === 0) {
+        this.fragments.push(payload);
+      }
+      if (fin && this.fragments.length > 0 && opcode <= 2) {
+        if (this.currentOpcode === 1) {
+          try {
+            const msg = Buffer.concat(this.fragments).toString("utf-8");
+            this.onMessage?.(msg);
+          } catch {
+          }
+        }
+        this.fragments = [];
+      }
+      this.buffer = this.buffer.subarray(totalLen);
+    }
+  }
+};
+
+// src/proxy/server.ts
+function buildUpstreamRoutes() {
+  const routes = {};
+  for (const v of allTargets()) {
+    if (v.proxy && typeof v.proxy.upstreamHost === "string") {
+      routes[v.id] = v.proxy.upstreamHost;
+    }
+  }
+  if (!routes.openai) routes.openai = "api.openai.com";
+  if (!routes.google) routes.google = "generativelanguage.googleapis.com";
+  if (!routes.anthropic) routes.anthropic = "api.anthropic.com";
+  return routes;
+}
+var UPSTREAM_ROUTES = buildUpstreamRoutes();
+var KNOWN_ROUTES_MSG = [
+  ...Object.keys(UPSTREAM_ROUTES),
+  ...allTargets().filter((v) => v.proxy && typeof v.proxy.upstreamHost === "function").map((v) => v.id)
+].filter((v, i, a) => a.indexOf(v) === i).map((v) => `/${v}/*`).join(", ");
+var FORMAT_PARSERS = [
+  anthropicParser,
+  openaiParser,
+  openaiResponsesParser
+];
+var sessions = new SessionTracker();
+function parseRoute(url, headers) {
+  const match = url.match(/^\/([^/]+)(\/.*)?$/);
+  if (!match) return null;
+  const targetId = match[1];
+  const requestPath = match[2] ?? "/";
+  const targetAdapter = getTarget(targetId);
+  if (targetAdapter?.proxy) {
+    const { proxy } = targetAdapter;
+    const flatHeaders = flattenHeaders(headers ?? {});
+    const upstream2 = typeof proxy.upstreamHost === "function" ? proxy.upstreamHost(flatHeaders) : proxy.upstreamHost;
+    const finalPath = proxy.rewritePath ? proxy.rewritePath(requestPath, flatHeaders) : requestPath;
+    return { target: targetId, upstream: upstream2, path: finalPath };
+  }
+  const upstream = UPSTREAM_ROUTES[targetId];
+  if (!upstream) return null;
+  return { target: targetId, upstream, path: requestPath };
+}
+function collectBody(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    req.on("data", (chunk) => chunks.push(chunk));
+    req.on("end", () => resolve(Buffer.concat(chunks)));
+    req.on("error", reject);
+  });
+}
+function processCapture(capture) {
+  for (const parser of FORMAT_PARSERS) {
+    if (!parser.matches(capture.request.path)) continue;
+    const hookEvents = parser.extractEvents(capture);
+    for (const event of hookEvents) {
+      event.source = "proxy";
+      event.target = capture.target;
+      emitHookEventAsync(event);
+    }
+    const metrics = parser.extractMetrics(capture);
+    for (const metric of metrics) {
+      metric.attributes = { ...metric.attributes, source: "proxy" };
+    }
+    if (metrics.length > 0) {
+      emitOtelMetrics(metrics);
+    }
+    const logs = parser.extractLogs(capture);
+    for (const log2 of logs) {
+      log2.attributes = { ...log2.attributes, source: "proxy" };
+    }
+    if (logs.length > 0) {
+      emitOtelLogs(logs);
+    }
+    return;
+  }
+}
+function forwardNonStreaming(route, clientReq, clientRes, requestBody, parsedReqBody) {
+  const startMs = Date.now();
+  const { sessionId, isNew } = sessions.getOrCreateSession(
+    route.target,
+    parsedReqBody
+  );
+  if (isNew) {
+    emitHookEventAsync({
+      session_id: sessionId,
+      hook_event_name: "SessionStart",
+      source: "proxy",
+      target: route.target
+    });
+  }
+  const headers = {};
+  for (const [key, value] of Object.entries(clientReq.headers)) {
+    if (value !== void 0 && key !== "host") {
+      headers[key] = value;
+    }
+  }
+  const upstreamReq = https.request(
+    {
+      hostname: route.upstream,
+      port: 443,
+      path: route.path,
+      method: clientReq.method,
+      headers
+    },
+    (upstreamRes) => {
+      const chunks = [];
+      upstreamRes.on("data", (chunk) => chunks.push(chunk));
+      upstreamRes.on("end", () => {
+        const responseBody = Buffer.concat(chunks);
+        const duration_ms = Date.now() - startMs;
+        clientRes.writeHead(upstreamRes.statusCode ?? 200, upstreamRes.headers);
+        clientRes.end(responseBody);
+        let parsedResBody;
+        try {
+          parsedResBody = JSON.parse(responseBody.toString("utf-8"));
+        } catch {
+          parsedResBody = {};
+        }
+        const capture = {
+          target: route.target,
+          sessionId,
+          timestamp_ms: startMs,
+          request: {
+            path: route.path,
+            headers: flattenHeaders(clientReq.headers),
+            body: parsedReqBody
+          },
+          response: {
+            status: upstreamRes.statusCode ?? 0,
+            body: parsedResBody
+          },
+          duration_ms
+        };
+        processCapture(capture);
+      });
+    }
+  );
+  upstreamReq.on("error", (err) => {
+    log.proxy.error(`Upstream error (${route.target}):`, err.message);
+    addBreadcrumb(
+      "proxy",
+      `Upstream error: ${route.target}`,
+      { target: route.target, upstream: route.upstream, error: err.message },
+      "error"
+    );
+    if (!clientRes.headersSent) {
+      clientRes.writeHead(502);
+      clientRes.end(
+        JSON.stringify({ error: "upstream_error", message: err.message })
+      );
+    }
+  });
+  upstreamReq.write(requestBody);
+  upstreamReq.end();
+}
+function forwardStreaming(route, clientReq, clientRes, requestBody, parsedReqBody) {
+  const startMs = Date.now();
+  const { sessionId, isNew } = sessions.getOrCreateSession(
+    route.target,
+    parsedReqBody
+  );
+  if (isNew) {
+    emitHookEventAsync({
+      session_id: sessionId,
+      hook_event_name: "SessionStart",
+      source: "proxy",
+      target: route.target
+    });
+  }
+  const targetSpec = getTarget(route.target);
+  const accumulator = targetSpec?.proxy?.accumulatorType === "anthropic" ? createAnthropicAccumulator() : createOpenaiAccumulator();
+  const headers = {};
+  for (const [key, value] of Object.entries(clientReq.headers)) {
+    if (value !== void 0 && key !== "host") {
+      headers[key] = value;
+    }
+  }
+  const upstreamReq = https.request(
+    {
+      hostname: route.upstream,
+      port: 443,
+      path: route.path,
+      method: clientReq.method,
+      headers
+    },
+    (upstreamRes) => {
+      clientRes.writeHead(upstreamRes.statusCode ?? 200, upstreamRes.headers);
+      upstreamRes.on("data", (chunk) => {
+        accumulator.push(chunk);
+        clientRes.write(chunk);
+      });
+      upstreamRes.on("end", () => {
+        clientRes.end();
+        const duration_ms = Date.now() - startMs;
+        const reconstructed = accumulator.finish();
+        const capture = {
+          target: route.target,
+          sessionId,
+          timestamp_ms: startMs,
+          request: {
+            path: route.path,
+            headers: flattenHeaders(clientReq.headers),
+            body: parsedReqBody
+          },
+          response: {
+            status: upstreamRes.statusCode ?? 0,
+            body: reconstructed
+          },
+          duration_ms
+        };
+        processCapture(capture);
+      });
+    }
+  );
+  upstreamReq.on("error", (err) => {
+    log.proxy.error(`Upstream error (${route.target}):`, err.message);
+    addBreadcrumb(
+      "proxy",
+      `Upstream error: ${route.target}`,
+      { target: route.target, upstream: route.upstream, error: err.message },
+      "error"
+    );
+    if (!clientRes.headersSent) {
+      clientRes.writeHead(502);
+      clientRes.end(
+        JSON.stringify({ error: "upstream_error", message: err.message })
+      );
+    }
+  });
+  upstreamReq.write(requestBody);
+  upstreamReq.end();
+}
+function flattenHeaders(headers) {
+  const flat = {};
+  for (const [key, value] of Object.entries(headers)) {
+    if (value !== void 0) {
+      flat[key] = Array.isArray(value) ? value.join(", ") : value;
+    }
+  }
+  return flat;
+}
+function tunnelWebSocket(req, clientSocket, head) {
+  const url = req.url ?? "";
+  const route = parseRoute(url, req.headers);
+  if (!route) {
+    clientSocket.end("HTTP/1.1 404 Not Found\r\n\r\n");
+    return;
+  }
+  const { sessionId, isNew } = sessions.getOrCreateSession(route.target, {});
+  if (isNew) {
+    emitHookEventAsync({
+      session_id: sessionId,
+      hook_event_name: "SessionStart",
+      source: "proxy",
+      target: route.target
+    });
+  }
+  clientSocket.on("error", (err) => {
+    log.proxy.error(`WebSocket client error (${route.target}):`, err.message);
+  });
+  const proxyHeaders = {};
+  for (const [key, value] of Object.entries(req.headers)) {
+    if (key !== "host" && key !== "sec-websocket-extensions" && value !== void 0) {
+      proxyHeaders[key] = value;
+    }
+  }
+  proxyHeaders.host = route.upstream;
+  const proxyReq = https.request({
+    hostname: route.upstream,
+    port: 443,
+    path: route.path,
+    method: req.method,
+    headers: proxyHeaders
+  });
+  proxyReq.on("upgrade", (proxyRes, proxySocket, proxyHead) => {
+    let response = `HTTP/${proxyRes.httpVersion} ${proxyRes.statusCode} ${proxyRes.statusMessage}\r
+`;
+    for (let i = 0; i < proxyRes.rawHeaders.length; i += 2) {
+      response += `${proxyRes.rawHeaders[i]}: ${proxyRes.rawHeaders[i + 1]}\r
+`;
+    }
+    response += "\r\n";
+    clientSocket.write(response);
+    if (proxyHead.length > 0) clientSocket.write(proxyHead);
+    if (head.length > 0) proxySocket.write(head);
+    const clientExtractor = new WebSocketMessageExtractor();
+    const serverExtractor = new WebSocketMessageExtractor();
+    let pendingRequest;
+    let requestTimestamp = Date.now();
+    clientExtractor.onMessage = (msg) => {
+      try {
+        pendingRequest = JSON.parse(msg);
+        requestTimestamp = Date.now();
+      } catch (err) {
+        log.proxy.error("Failed to parse client WebSocket message:", err);
+        captureException(err, { component: "proxy", phase: "ws-client-parse" });
+      }
+    };
+    serverExtractor.onMessage = (msg) => {
+      try {
+        const event = JSON.parse(msg);
+        if (event.type === "response.completed" && pendingRequest) {
+          const capture = {
+            target: route.target,
+            sessionId,
+            timestamp_ms: requestTimestamp,
+            request: {
+              path: route.path,
+              headers: flattenHeaders(req.headers),
+              body: pendingRequest
+            },
+            response: {
+              status: 200,
+              body: event.response
+            },
+            duration_ms: Date.now() - requestTimestamp
+          };
+          processCapture(capture);
+          pendingRequest = void 0;
+        }
+      } catch (err) {
+        log.proxy.error("Failed to parse server WebSocket message:", err);
+        captureException(err, { component: "proxy", phase: "ws-server-parse" });
+      }
+    };
+    proxySocket.on("data", (chunk) => {
+      serverExtractor.push(chunk);
+      clientSocket.write(chunk);
+    });
+    clientSocket.on("data", (chunk) => {
+      clientExtractor.push(chunk);
+      proxySocket.write(chunk);
+    });
+    proxySocket.on("error", () => clientSocket.destroy());
+    proxySocket.on("close", () => clientSocket.destroy());
+    clientSocket.on("close", () => proxySocket.destroy());
+  });
+  proxyReq.on("error", (err) => {
+    log.proxy.error(`WebSocket upstream error (${route.target}):`, err.message);
+    clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
+  });
+  proxyReq.on("response", (res) => {
+    let response = `HTTP/${res.httpVersion} ${res.statusCode} ${res.statusMessage}\r
+`;
+    for (let i = 0; i < res.rawHeaders.length; i += 2) {
+      response += `${res.rawHeaders[i]}: ${res.rawHeaders[i + 1]}\r
+`;
+    }
+    response += "\r\n";
+    clientSocket.write(response);
+    res.pipe(clientSocket);
+  });
+  proxyReq.end();
+}
+async function handleProxyRequest(req, res) {
+  const url = req.url ?? "";
+  const route = parseRoute(url, req.headers);
+  if (!route) {
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        error: "unknown_route",
+        message: `Unknown target prefix. Known: ${KNOWN_ROUTES_MSG}`
+      })
+    );
+    return;
+  }
+  try {
+    const requestBody = await collectBody(req);
+    let parsedReqBody;
+    let streaming = false;
+    try {
+      parsedReqBody = JSON.parse(requestBody.toString("utf-8"));
+      streaming = isStreamingRequest(parsedReqBody);
+    } catch {
+      parsedReqBody = {};
+    }
+    if (streaming) {
+      forwardStreaming(route, req, res, requestBody, parsedReqBody);
+    } else {
+      forwardNonStreaming(route, req, res, requestBody, parsedReqBody);
+    }
+  } catch (err) {
+    log.proxy.error("Proxy error:", err);
+    captureException(err, { component: "proxy", path: url });
+    if (!res.headersSent) {
+      res.writeHead(500);
+      res.end();
+    }
+  }
+}
+function createProxyServer() {
+  const server = http.createServer(async (req, res) => {
+    const url = req.url ?? "";
+    const method = req.method ?? "";
+    if (url === "/health" && method === "GET") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ status: "ok", port: config.proxyPort }));
+      return;
+    }
+    if (method !== "POST") {
+      res.writeHead(405);
+      res.end();
+      return;
+    }
+    await handleProxyRequest(req, res);
+  });
+  server.on("upgrade", (req, socket, head) => {
+    tunnelWebSocket(req, socket, head);
+  });
+  return server;
+}
+var entryScript = process.argv[1]?.replaceAll("\\", "/") ?? "";
+if (entryScript.endsWith("/proxy/server.js") || entryScript.endsWith("/proxy/server.ts")) {
+  const server = createProxyServer();
+  server.on("error", (err) => {
+    if (err.code === "EADDRINUSE") {
+      log.proxy.warn(
+        `Already running on ${config.proxyHost}:${config.proxyPort}`
+      );
+      process.exit(0);
+    }
+    throw err;
+  });
+  server.listen(config.proxyPort, config.proxyHost, () => {
+    log.proxy.info(`Listening on ${config.proxyHost}:${config.proxyPort}`);
+    log.proxy.info("Routes:");
+    for (const [prefix, host] of Object.entries(UPSTREAM_ROUTES)) {
+      log.proxy.info(`  /${prefix}/* \u2192 https://${host}/*`);
+    }
+    for (const v of allTargets()) {
+      if (v.proxy && typeof v.proxy.upstreamHost === "function" && !UPSTREAM_ROUTES[v.id]) {
+        log.proxy.info(`  /${v.id}/* \u2192 (dynamic)`);
+      }
+    }
+  });
+  const shutdown = () => {
+    server.close();
+    process.exit(0);
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+  process.on("SIGHUP", shutdown);
+}
+
+export {
+  processHookEvent,
+  tunnelWebSocket,
+  handleProxyRequest,
+  createProxyServer
+};
+//# sourceMappingURL=chunk-RX2RXHBH.js.map