@fml-inc/panopticon 0.1.0

package/dist/setup.js

@@ -0,0 +1,19 @@
+import {
+  configureShellEnv,
+  fetchPricing,
+  initDb
+} from "./chunk-L7G27XWF.js";
+import "./chunk-3TZAKV3M.js";
+import "./chunk-ZEC4LRKS.js";
+import "./chunk-QVK6VGCV.js";
+import "./chunk-DZ5HJFB4.js";
+import {
+  config
+} from "./chunk-K7YUPLES.js";
+export {
+  config,
+  configureShellEnv,
+  fetchPricing,
+  initDb
+};
+//# sourceMappingURL=setup.js.map

package/dist/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/sync/index.d.ts

@@ -0,0 +1,29 @@
+import { S as SyncTarget, a as SyncFilter, b as SyncOptions, c as SyncHandle, T as TableSyncDescriptor } from '../types-D-MYCBol.js';
+export { R as RepoConfigSnapshotRecord, d as SessionSyncRecord, U as UserConfigSnapshotRecord } from '../types-D-MYCBol.js';
+
+interface SyncConfig {
+    targets: SyncTarget[];
+    filter?: SyncFilter;
+}
+declare function loadSyncConfig(): SyncConfig;
+declare function saveSyncConfig(syncCfg: SyncConfig): void;
+declare function addTarget(target: SyncTarget): void;
+declare function removeTarget(name: string): boolean;
+declare function listTargets(): SyncTarget[];
+
+declare function createSyncLoop(opts: SyncOptions): SyncHandle;
+
+/**
+ * Ordered list of table sync descriptors. The order matches the
+ * round-robin execution order in the sync loop.
+ *
+ * All tables sync via POST /v1/sync with {table, rows} payload.
+ * Session-linked tables are filtered by repo attribution in the sync loop.
+ */
+declare const TABLE_SYNC_REGISTRY: TableSyncDescriptor<any>[];
+
+declare function watermarkKey(table: string, targetName: string): string;
+declare function readWatermark(key: string): number;
+declare function resetWatermarks(targetName?: string): void;
+
+export { SyncFilter, SyncHandle, SyncOptions, SyncTarget, TABLE_SYNC_REGISTRY, TableSyncDescriptor, addTarget, createSyncLoop, listTargets, loadSyncConfig, readWatermark, removeTarget, resetWatermarks, saveSyncConfig, watermarkKey };

package/dist/sync/index.js

@@ -0,0 +1,32 @@
+import {
+  addTarget,
+  createSyncLoop,
+  listTargets,
+  loadSyncConfig,
+  removeTarget,
+  saveSyncConfig
+} from "../chunk-HQCY722C.js";
+import "../chunk-CF4GPWLI.js";
+import "../chunk-7Q3BJMLG.js";
+import {
+  TABLE_SYNC_REGISTRY,
+  readWatermark,
+  resetWatermarks,
+  watermarkKey
+} from "../chunk-SEXU2WYG.js";
+import "../chunk-QK5442ZP.js";
+import "../chunk-DZ5HJFB4.js";
+import "../chunk-K7YUPLES.js";
+export {
+  TABLE_SYNC_REGISTRY,
+  addTarget,
+  createSyncLoop,
+  listTargets,
+  loadSyncConfig,
+  readWatermark,
+  removeTarget,
+  resetWatermarks,
+  saveSyncConfig,
+  watermarkKey
+};
+//# sourceMappingURL=index.js.map

package/dist/sync/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/targets.d.ts

@@ -0,0 +1,279 @@
+interface HookInput {
+    session_id: string;
+    hook_event_name: string;
+    cwd?: string;
+    repository?: string;
+    tool_name?: string;
+    tool_input?: Record<string, unknown>;
+    source?: string;
+    target?: string;
+    prompt?: string;
+    [key: string]: unknown;
+}
+
+/**
+ * Target adapter types — each supported coding tool declares its specifics
+ * via this interface so consumers can iterate over the registry instead of
+ * hardcoding target-specific branches.
+ */
+
+/**
+ * All hook event names panopticon registers for.
+ *
+ * Claude Code fires these as shell commands via hooks.json — each invocation
+ * pipes a JSON payload to stdin with session_id, hook_event_name, and
+ * event-specific fields. Panopticon's hook-handler POSTs the payload to
+ * the local server, which calls processHookEvent() in ingest.ts.
+ *
+ * Non-Claude targets (Gemini, Codex) map their native event names to these
+ * canonical names via their adapter's eventMap.
+ */
+declare const ALL_EVENTS: readonly ["SessionStart", "SessionEnd", "Setup", "UserPromptSubmit", "PreToolUse", "PostToolUse", "PostToolUseFailure", "PermissionRequest", "PermissionDenied", "Stop", "StopFailure", "SubagentStart", "SubagentStop", "PreCompact", "PostCompact", "Notification", "TeammateIdle", "TaskCreated", "TaskCompleted", "Elicitation", "ElicitationResult", "ConfigChange", "InstructionsLoaded", "CwdChanged", "FileChanged", "WorktreeCreate", "WorktreeRemove"];
+/** Union type of all supported event names. */
+type CanonicalEvent = (typeof ALL_EVENTS)[number];
+interface TargetConfigSpec {
+    /** Directory where this target stores its config, e.g. ~/.claude */
+    dir: string;
+    /** Path to the main config file */
+    configPath: string;
+    /** Format of the config file */
+    configFormat: "json" | "toml";
+}
+interface TargetInstallOpts {
+    pluginRoot: string;
+    port: number;
+    proxy?: boolean;
+}
+interface TargetHookSpec {
+    /** Event names this target uses, in the target's own convention */
+    events: string[];
+    /**
+     * Apply panopticon hook registration (and related config like MCP servers,
+     * telemetry) to this target's existing config. Each target handles its own
+     * deduplication/merge logic. Returns the modified config.
+     */
+    applyInstallConfig(existingConfig: Record<string, unknown>, opts: TargetInstallOpts): Record<string, unknown>;
+    /**
+     * Remove panopticon hook registration (and related config like MCP servers,
+     * telemetry) from this target's existing config. Returns the modified config.
+     */
+    removeInstallConfig(existingConfig: Record<string, unknown>): Record<string, unknown>;
+}
+interface TargetShellEnvSpec {
+    /**
+     * Env vars to export as [varName, value] tuples.
+     * These are target-specific; shared OTEL_* vars are handled separately.
+     */
+    envVars(port: number, proxy: boolean): Array<[string, string]>;
+}
+interface TargetEventSpec {
+    /** Map from target's event name to canonical panopticon event name. */
+    eventMap: Record<string, CanonicalEvent>;
+    /**
+     * Transform the raw hook payload before storage.
+     * Used e.g. by Gemini to extract user_prompt from llm_request.messages.
+     */
+    normalizePayload?(data: HookInput): HookInput;
+    /**
+     * Format a permission response for this target's expected shape.
+     */
+    formatPermissionResponse(decision: {
+        allow: boolean;
+        reason: string;
+    }): Record<string, unknown>;
+}
+interface TargetDetectSpec {
+    /** Human-readable name for display, e.g. "Claude Code" */
+    displayName: string;
+    /** Check whether this target is installed on the system */
+    isInstalled(): boolean;
+    /** Check whether panopticon is configured within this target */
+    isConfigured(): boolean;
+}
+interface MetricSpec {
+    /** OTel metric name(s) this target emits for token usage */
+    metricNames: string[];
+    /** Aggregation function: 'SUM' for per-request deltas, 'MAX' for cumulative counters */
+    aggregation: "SUM" | "MAX";
+    /** JSON paths to extract token type from metric attributes (first non-null wins) */
+    tokenTypeAttrs: string[];
+    /** JSON paths to extract model name from metric attributes (first non-null wins) */
+    modelAttrs: string[];
+    /** Remap token_type values before aggregation, e.g. { cached_input: 'cacheRead' } */
+    tokenTypeMap?: Record<string, string>;
+    /** Token type values to exclude (e.g. 'total' to avoid double-counting) */
+    excludeTokenTypes?: string[];
+}
+interface OtelLogFieldSpec {
+    /** SQL expressions to extract event type from otel_logs (COALESCEd). Default: ['body'] */
+    eventTypeExprs?: string[];
+    /** SQL expressions to extract timestamp in ms from otel_logs. Default: ['CAST(timestamp_ns / 1000000 AS INTEGER)'] */
+    timestampMsExprs?: string[];
+}
+interface TargetOtelSpec {
+    /** OTel service.name this target emits. Used for session inference when metrics lack session_id. */
+    serviceName?: string;
+    /** Token usage metric declaration. Undefined means no token metrics. */
+    metrics?: MetricSpec;
+    /** How to extract event type and timestamp from otel_logs rows. */
+    logFields?: OtelLogFieldSpec;
+}
+interface TargetIdentSpec {
+    /** Model-name regex patterns for last-resort target identification from hook payloads */
+    modelPatterns?: RegExp[];
+}
+interface TargetProxySpec {
+    /**
+     * Upstream host for API proxying.
+     * String for simple mapping; function for dynamic routing (e.g. Codex JWT).
+     */
+    upstreamHost: string | ((headers: Record<string, string>) => string);
+    /** Path rewrite rule, if needed. Default: pass through. */
+    rewritePath?(path: string, headers: Record<string, string>): string;
+    /** Which stream accumulator to use */
+    accumulatorType: "anthropic" | "openai";
+}
+interface DiscoveredFile {
+    filePath: string;
+}
+interface ParsedTurn {
+    sessionId: string;
+    turnIndex: number;
+    timestampMs: number;
+    model?: string;
+    role: "user" | "assistant";
+    contentPreview?: string;
+    inputTokens: number;
+    outputTokens: number;
+    cacheReadTokens: number;
+    cacheCreationTokens: number;
+    reasoningTokens: number;
+}
+type RelationshipType = "subagent" | "continuation" | "fork";
+interface ParsedSession {
+    sessionId: string;
+    parentSessionId?: string;
+    relationshipType?: RelationshipType;
+    model?: string;
+    cwd?: string;
+    cliVersion?: string;
+    startedAtMs?: number;
+    firstPrompt?: string;
+}
+interface ParsedEvent {
+    sessionId: string;
+    eventType: string;
+    timestampMs: number;
+    toolName?: string;
+    toolInput?: string;
+    toolOutput?: string;
+    content?: string;
+    metadata?: Record<string, unknown>;
+}
+interface ParsedToolCall {
+    toolUseId: string;
+    toolName: string;
+    category: string;
+    inputJson?: string;
+    skillName?: string;
+    resultContentLength?: number;
+    resultContent?: string;
+    subagentSessionId?: string;
+    /** Timestamp (ms) when the tool was invoked (from the assistant message). */
+    timestampMs?: number;
+}
+interface ParsedMessage {
+    sessionId: string;
+    ordinal: number;
+    role: "user" | "assistant";
+    content: string;
+    timestampMs?: number;
+    hasThinking: boolean;
+    hasToolUse: boolean;
+    isSystem: boolean;
+    contentLength: number;
+    model?: string;
+    tokenUsage?: string;
+    contextTokens?: number;
+    outputTokens?: number;
+    hasContextTokens: boolean;
+    hasOutputTokens: boolean;
+    /** DAG node UUID from the JSONL line that produced this message. */
+    uuid?: string;
+    /** Parent DAG node UUID (the line this message is a reply to). */
+    parentUuid?: string;
+    toolCalls: ParsedToolCall[];
+    /** tool_use_id → raw result content (from tool_result blocks in user messages) */
+    toolResults: Map<string, {
+        contentLength: number;
+        contentRaw: string;
+        timestampMs?: number;
+    }>;
+}
+interface ParseResult {
+    meta?: ParsedSession;
+    turns: ParsedTurn[];
+    events: ParsedEvent[];
+    messages: ParsedMessage[];
+    newByteOffset: number;
+    /**
+     * When true, turn indices are absolute (0-based from start of session)
+     * and the caller should NOT re-index them. Used by parsers that re-read
+     * the full file (e.g. Gemini JSON) rather than reading incrementally.
+     * INSERT OR IGNORE handles dedup via the UNIQUE constraint.
+     */
+    absoluteIndices?: boolean;
+    /** Additional sessions from DAG fork detection (branched conversations). */
+    forks?: ParseResult[];
+    /**
+     * When true, the parser detected a DAG fork during incremental reading.
+     * The caller should reset the file watermark and reparse from byte 0
+     * so fork detection can run on the full file.
+     */
+    needsFullReparse?: boolean;
+    /**
+     * Tool results from filtered-out messages (e.g. tool-result-only user
+     * messages) that still need to be backfilled into tool_calls.
+     */
+    orphanedToolResults?: Map<string, {
+        contentLength: number;
+        contentRaw: string;
+        timestampMs?: number;
+    }>;
+}
+interface TargetScannerSpec {
+    /** Discover session files on disk for this target. */
+    discover(): DiscoveredFile[];
+    /**
+     * Parse a session file. Receives the file path and current byte offset.
+     * Returns parsed data and new byte offset, or null if no new data.
+     */
+    parseFile(filePath: string, fromByteOffset: number): ParseResult | null;
+    /** Normalize a tool name to a standard category for analytics grouping. */
+    normalizeToolCategory(toolName: string): string;
+}
+interface TargetAdapter {
+    /** Machine identifier: "claude", "gemini", "codex", etc. */
+    id: string;
+    config: TargetConfigSpec;
+    hooks: TargetHookSpec;
+    shellEnv: TargetShellEnvSpec;
+    events: TargetEventSpec;
+    detect: TargetDetectSpec;
+    /** Proxy spec is optional — not every target routes through the proxy */
+    proxy?: TargetProxySpec;
+    /** OTel telemetry schema — how this target emits metrics and logs */
+    otel?: TargetOtelSpec;
+    /** How to identify this target from hook payloads when no explicit source field is present */
+    ident?: TargetIdentSpec;
+    /** Session file scanner — reads local transcript files for token usage */
+    scanner?: TargetScannerSpec;
+}
+
+declare function registerTarget(adapter: TargetAdapter): void;
+declare function getTarget(id: string): TargetAdapter | undefined;
+declare function getTargetOrThrow(id: string): TargetAdapter;
+declare function allTargets(): TargetAdapter[];
+declare function targetIds(): string[];
+
+export { ALL_EVENTS, type CanonicalEvent, type TargetAdapter, type TargetConfigSpec, type TargetDetectSpec, type TargetEventSpec, type TargetHookSpec, type TargetInstallOpts, type TargetProxySpec, type TargetShellEnvSpec, allTargets, getTarget, getTargetOrThrow, registerTarget, targetIds };

package/dist/targets.js

@@ -0,0 +1,20 @@
+import {
+  ALL_EVENTS
+} from "./chunk-ZEC4LRKS.js";
+import {
+  allTargets,
+  getTarget,
+  getTargetOrThrow,
+  registerTarget,
+  targetIds
+} from "./chunk-QVK6VGCV.js";
+import "./chunk-K7YUPLES.js";
+export {
+  ALL_EVENTS,
+  allTargets,
+  getTarget,
+  getTargetOrThrow,
+  registerTarget,
+  targetIds
+};
+//# sourceMappingURL=targets.js.map

package/dist/targets.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/types-D-MYCBol.d.ts

@@ -0,0 +1,128 @@
+interface SyncTarget {
+    /** Unique name for this target, used as watermark namespace */
+    name: string;
+    /** Sync endpoint base URL (e.g. "https://example.com") */
+    url: string;
+    /** Bearer token — sent as Authorization: Bearer <token> */
+    token?: string;
+    /** Shell command that returns a Bearer token on stdout (e.g. "gh auth token"). Cached for 5 minutes. */
+    tokenCommand?: string;
+    /** Additional headers (merged with token auth if both provided) */
+    headers?: Record<string, string>;
+}
+interface SyncFilter {
+    /** Only sync events matching these repo patterns (glob, e.g. "fml-inc/*") */
+    includeRepos?: string[];
+    /** Exclude repos matching these patterns (takes precedence over include) */
+    excludeRepos?: string[];
+    /** Only sync sessions with associated repo attribution (default true) */
+    requireRepo?: boolean;
+}
+interface SyncOptions {
+    targets: SyncTarget[];
+    filter?: SyncFilter;
+    /** Max rows read from SQLite per batch (default 2000) */
+    batchSize?: number;
+    /** Max records per HTTP POST (default 25) */
+    postBatchSize?: number;
+    /** If true, timer keeps Node alive (default false) */
+    keepAlive?: boolean;
+    /** Idle poll interval in ms (default 30000) */
+    idleIntervalMs?: number;
+    /** Catch-up poll interval in ms (default 1000) */
+    catchUpIntervalMs?: number;
+}
+interface SyncHandle {
+    start: () => void;
+    stop: () => void;
+}
+interface UserConfigSnapshotRecord {
+    id: number;
+    deviceName: string;
+    snapshotAtMs: number;
+    contentHash: string;
+    permissions: Record<string, unknown>;
+    enabledPlugins: unknown[];
+    hooks: unknown[];
+    commands: unknown[];
+    rules: unknown[];
+    skills: unknown[];
+}
+interface RepoConfigSnapshotRecord {
+    id: number;
+    repository: string;
+    cwd: string;
+    sessionId: string | null;
+    snapshotAtMs: number;
+    contentHash: string;
+    hooks: unknown[];
+    mcpServers: unknown[];
+    commands: unknown[];
+    agents: unknown[];
+    rules: unknown[];
+    localHooks: unknown[];
+    localMcpServers: unknown[];
+    localPermissions: Record<string, unknown>;
+    localIsGitignored: boolean;
+    instructions: unknown[];
+}
+interface SessionSyncRecord {
+    sessionId: string;
+    target: string | null;
+    startedAtMs: number | null;
+    endedAtMs: number | null;
+    cwd: string | null;
+    firstPrompt: string | null;
+    permissionMode: string | null;
+    agentVersion: string | null;
+    totalInputTokens: number | null;
+    totalOutputTokens: number | null;
+    totalCacheReadTokens: number | null;
+    totalCacheCreationTokens: number | null;
+    totalReasoningTokens: number | null;
+    turnCount: number | null;
+    models: string | null;
+    summary: string | null;
+    toolCounts: Record<string, number>;
+    hookToolCounts: Record<string, number>;
+    eventTypeCounts: Record<string, number>;
+    hookEventTypeCounts: Record<string, number>;
+    project: string | null;
+    machine: string;
+    messageCount: number;
+    userMessageCount: number;
+    parentSessionId: string | null;
+    relationshipType: string;
+    isAutomated: boolean;
+    createdAt: number | null;
+    repositories: Array<{
+        repository: string;
+        firstSeenMs: number;
+        gitUserName: string | null;
+        gitUserEmail: string | null;
+        branch: string | null;
+    }>;
+    cwds: Array<{
+        cwd: string;
+        firstSeenMs: number;
+    }>;
+}
+/**
+ * Descriptor for a single table that participates in the sync loop.
+ * All tables POST to /v1/sync with {table, rows} payload.
+ */
+interface TableSyncDescriptor<TRow = unknown> {
+    /** Table name, used as watermark key and sent in the POST body. */
+    table: string;
+    /** Noun for log messages (e.g. "events", "logs"). */
+    logNoun: string;
+    /** Read rows from SQLite starting after the given watermark. */
+    read: (afterId: number, limit: number) => {
+        rows: TRow[];
+        maxId: number;
+    };
+    /** Whether this table's rows are linked to sessions (filtered by repo). */
+    sessionLinked: boolean;
+}
+
+export type { RepoConfigSnapshotRecord as R, SyncTarget as S, TableSyncDescriptor as T, UserConfigSnapshotRecord as U, SyncFilter as a, SyncOptions as b, SyncHandle as c, SessionSyncRecord as d };

package/dist/types.d.ts

@@ -0,0 +1,164 @@
+/**
+ * Unified response types for panopticon query functions.
+ *
+ * These types define the canonical shapes returned by both local queries
+ * (panopticon SQLite) and remote queries (FML backend). Both sources
+ * populate the same fields — the data originates from panopticon either way.
+ *
+ * Conventions:
+ *   - camelCase field names
+ *   - ISO 8601 strings for timestamps
+ *   - null for genuinely absent data, never for source-dependent gaps
+ */
+interface Repository {
+    name: string;
+    gitUserName: string | null;
+    gitUserEmail: string | null;
+}
+interface Session {
+    sessionId: string;
+    target: string | null;
+    model: string | null;
+    project: string | null;
+    startedAt: string | null;
+    endedAt: string | null;
+    firstPrompt: string | null;
+    turnCount: number;
+    messageCount: number;
+    totalInputTokens: number;
+    totalOutputTokens: number;
+    totalCost: number;
+    repositories: Repository[];
+    parentSessionId: string | null;
+    relationshipType: string | null;
+    summary: string | null;
+}
+interface SessionListResult {
+    sessions: Session[];
+    totalCount: number;
+    source: "local" | "remote";
+}
+interface TimelineToolCall {
+    toolName: string;
+    category: string;
+    toolUseId: string | null;
+    inputJson: string | null;
+    skillName: string | null;
+    resultContentLength: number | null;
+    durationMs: number | null;
+    subagentSessionId: string | null;
+    /** Subagent session metadata, present when subagentSessionId is set */
+    subagent: {
+        sessionId: string;
+        model: string | null;
+        turnCount: number;
+        firstPrompt: string | null;
+    } | null;
+}
+interface TimelineMessage {
+    id: number;
+    ordinal: number;
+    role: string;
+    content: string;
+    timestampMs: number | null;
+    model: string | null;
+    isSystem: boolean;
+    hasThinking: boolean;
+    hasToolUse: boolean;
+    contentLength: number;
+    uuid: string | null;
+    parentUuid: string | null;
+    tokenUsage: string | null;
+    contextTokens: number;
+    outputTokens: number;
+    toolCalls: TimelineToolCall[];
+}
+interface ChildSession {
+    sessionId: string;
+    relationshipType: string;
+    model: string | null;
+    turnCount: number;
+    firstPrompt: string | null;
+    startedAtMs: number | null;
+}
+interface SessionTimelineResult {
+    session: {
+        sessionId: string;
+        target: string | null;
+        model: string | null;
+        project: string | null;
+        parentSessionId: string | null;
+        relationshipType: string | null;
+        repositories: Repository[];
+        childSessions: ChildSession[];
+    } | null;
+    messages: TimelineMessage[];
+    totalMessages: number;
+    hasMore: boolean;
+    source: "local" | "remote";
+}
+interface SpendingGroup {
+    key: string;
+    inputTokens: number;
+    outputTokens: number;
+    totalTokens: number;
+    totalCost: number;
+    sessionCount: number;
+}
+interface SpendingResult {
+    groups: SpendingGroup[];
+    totals: {
+        inputTokens: number;
+        outputTokens: number;
+        totalTokens: number;
+        totalCost: number;
+    };
+    groupBy: "session" | "model" | "day";
+    source: "local" | "remote";
+}
+interface ActivitySessionDetail {
+    sessionId: string;
+    startedAt: string | null;
+    durationMinutes: number;
+    model: string | null;
+    project: string | null;
+    repositories: Repository[];
+    userPrompts: string[];
+    toolsUsed: Array<{
+        tool: string;
+        count: number;
+    }>;
+    filesModified: string[];
+    totalCost: number;
+}
+interface ActivitySummaryResult {
+    period: {
+        since: string;
+        until: string;
+    };
+    totalSessions: number;
+    totalTokens: number;
+    totalCost: number;
+    topTools: Array<{
+        tool: string;
+        count: number;
+    }>;
+    sessions: ActivitySessionDetail[];
+    source: "local" | "remote";
+}
+interface SearchMatch {
+    sessionId: string;
+    timestamp: string;
+    matchType: string;
+    matchSnippet: string;
+    eventType: string | null;
+    toolName: string | null;
+}
+interface SearchResult {
+    results: SearchMatch[];
+    totalMatches: number;
+    query: string;
+    source: "local" | "remote";
+}
+
+export type { ActivitySessionDetail, ActivitySummaryResult, ChildSession, Repository, SearchMatch, SearchResult, Session, SessionListResult, SessionTimelineResult, SpendingGroup, SpendingResult, TimelineMessage, TimelineToolCall };

package/dist/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}