@glasstrace/sdk 0.15.1 → 0.16.0

package/dist/cli/init.d.cts

@@ -61,6 +61,15 @@ type CompletedStep = "instrumentation" | "next-config" | "env-local" | "gitignor
  */
 interface RollbackState {
     steps: CompletedStep[];
+    /**
+     * Absolute path of the instrumentation file that the scaffolder
+     * wrote to. May be either `{root}/instrumentation.ts` or
+     * `{root}/src/instrumentation.ts` depending on the project layout
+     * (DISC-493 Issue 1). When absent, rollback falls back to the
+     * root path for backward compatibility with callers that do not
+     * populate this field.
+     */
+    instrumentationPath?: string;
     /** Original instrumentation.ts content saved before injection.
      *  When present, rollback restores this instead of using removeRegisterGlasstrace. */
     originalInstrumentationContent?: string;
@@ -78,5 +87,49 @@ declare function rollbackSteps(steps: CompletedStep[], projectRoot: string, stat
  * bottom calls this function and translates the result to process.exit().
  */
 declare function runInit(options: InitOptions): Promise<InitResult>;
+/**
+ * Outcome of {@link verifyAnonKeyRegistration}:
+ *
+ * - `"verified"` — the server registered the anon key (HTTP 2xx with a
+ *   schema-valid response body).
+ * - `"skipped"` — no anon key was on disk, so no verification request
+ *   was sent. Typically means MCP auto-configuration failed earlier
+ *   (warnings were already emitted) — distinct from a verification
+ *   success.
+ * - `"failed"` — the verification request was sent and failed.
+ *   `error` is a user-facing message distinguishing the failure class
+ *   (`fetch failed: ...`, `server rejected the key ...`, or
+ *   `server returned malformed response ...`) with no anon key bytes.
+ */
+type VerifyAnonKeyOutcome = {
+    outcome: "verified";
+} | {
+    outcome: "skipped";
+} | {
+    outcome: "failed";
+    error: string;
+};
+/**
+ * Verifies that the anonymous key written by init is registered
+ * server-side. Called at the end of the scaffold flow so that when it
+ * fails, the user sees an actionable error rather than a misleading
+ * "initialized successfully" followed by silent MCP authentication
+ * failures (DISC-494).
+ *
+ * Returns a discriminated outcome so the CLI can distinguish a genuine
+ * verification pass from the "no anon key on disk" skip case. On
+ * failure the error message distinguishes three classes:
+ *   - "fetch failed" — transport error (DNS, TCP, TLS, timeout)
+ *   - "server rejected the key" — HTTP 4xx/5xx
+ *   - "server returned malformed response" — HTTP 2xx with unparseable
+ *     body
+ *
+ * The anon key is NEVER included in the returned message. Callers
+ * (the CLI entry point) render it verbatim to stderr via the errors
+ * array and exit non-zero.
+ *
+ * @internal Exported for testability.
+ */
+declare function verifyAnonKeyRegistration(projectRoot: string): Promise<VerifyAnonKeyOutcome>;
 
-export { type InitOptions, type InitResult, decideMcpConfigAction, meetsNodeVersion, rollbackSteps, runInit };
+export { type InitOptions, type InitResult, type VerifyAnonKeyOutcome, decideMcpConfigAction, meetsNodeVersion, rollbackSteps, runInit, verifyAnonKeyRegistration };

package/dist/cli/init.d.ts

@@ -61,6 +61,15 @@ type CompletedStep = "instrumentation" | "next-config" | "env-local" | "gitignor
  */
 interface RollbackState {
     steps: CompletedStep[];
+    /**
+     * Absolute path of the instrumentation file that the scaffolder
+     * wrote to. May be either `{root}/instrumentation.ts` or
+     * `{root}/src/instrumentation.ts` depending on the project layout
+     * (DISC-493 Issue 1). When absent, rollback falls back to the
+     * root path for backward compatibility with callers that do not
+     * populate this field.
+     */
+    instrumentationPath?: string;
     /** Original instrumentation.ts content saved before injection.
      *  When present, rollback restores this instead of using removeRegisterGlasstrace. */
     originalInstrumentationContent?: string;
@@ -78,5 +87,49 @@ declare function rollbackSteps(steps: CompletedStep[], projectRoot: string, stat
  * bottom calls this function and translates the result to process.exit().
  */
 declare function runInit(options: InitOptions): Promise<InitResult>;
+/**
+ * Outcome of {@link verifyAnonKeyRegistration}:
+ *
+ * - `"verified"` — the server registered the anon key (HTTP 2xx with a
+ *   schema-valid response body).
+ * - `"skipped"` — no anon key was on disk, so no verification request
+ *   was sent. Typically means MCP auto-configuration failed earlier
+ *   (warnings were already emitted) — distinct from a verification
+ *   success.
+ * - `"failed"` — the verification request was sent and failed.
+ *   `error` is a user-facing message distinguishing the failure class
+ *   (`fetch failed: ...`, `server rejected the key ...`, or
+ *   `server returned malformed response ...`) with no anon key bytes.
+ */
+type VerifyAnonKeyOutcome = {
+    outcome: "verified";
+} | {
+    outcome: "skipped";
+} | {
+    outcome: "failed";
+    error: string;
+};
+/**
+ * Verifies that the anonymous key written by init is registered
+ * server-side. Called at the end of the scaffold flow so that when it
+ * fails, the user sees an actionable error rather than a misleading
+ * "initialized successfully" followed by silent MCP authentication
+ * failures (DISC-494).
+ *
+ * Returns a discriminated outcome so the CLI can distinguish a genuine
+ * verification pass from the "no anon key on disk" skip case. On
+ * failure the error message distinguishes three classes:
+ *   - "fetch failed" — transport error (DNS, TCP, TLS, timeout)
+ *   - "server rejected the key" — HTTP 4xx/5xx
+ *   - "server returned malformed response" — HTTP 2xx with unparseable
+ *     body
+ *
+ * The anon key is NEVER included in the returned message. Callers
+ * (the CLI entry point) render it verbatim to stderr via the errors
+ * array and exit non-zero.
+ *
+ * @internal Exported for testability.
+ */
+declare function verifyAnonKeyRegistration(projectRoot: string): Promise<VerifyAnonKeyOutcome>;
 
-export { type InitOptions, type InitResult, decideMcpConfigAction, meetsNodeVersion, rollbackSteps, runInit };
+export { type InitOptions, type InitResult, type VerifyAnonKeyOutcome, decideMcpConfigAction, meetsNodeVersion, rollbackSteps, runInit, verifyAnonKeyRegistration };

package/dist/cli/init.js

@@ -1,17 +1,21 @@
 #!/usr/bin/env node
 import {
   resolveProjectRoot
-} from "../chunk-PD2SKFQQ.js";
+} from "../chunk-55FBXXER.js";
 import {
-  buildImportGraph
-} from "../chunk-UPS5BGER.js";
+  buildImportGraph,
+  verifyInitReachable
+} from "../chunk-5C2TJFLB.js";
+import {
+  resolveConfig
+} from "../chunk-VUZCLMIX.js";
 import {
   isInitCreatedInstrumentation,
   removeGlasstraceConfigImport,
   removeRegisterGlasstrace,
   unwrapCJSExport,
   unwrapExport
-} from "../chunk-ROFOJQWN.js";
+} from "../chunk-XNDHQN4S.js";
 import {
   detectAgents,
   generateInfoSection,
@@ -19,37 +23,35 @@ import {
   injectInfoSection,
   updateGitignore,
   writeMcpConfig
-} from "../chunk-ZNOD6FC7.js";
+} from "../chunk-CTJI2YKA.js";
 import {
   getOrCreateAnonKey,
   readAnonKey
-} from "../chunk-ECEN724Y.js";
-import "../chunk-YMEXDDTA.js";
+} from "../chunk-TM5NKZTO.js";
+import "../chunk-7JBKXSBU.js";
 import {
   addCoverageMapEnv,
   isDevApiKey,
   mcpConfigMatches,
   readEnvLocalApiKey,
+  resolveInstrumentationTarget,
   scaffoldEnvLocal,
   scaffoldGitignore,
   scaffoldInstrumentation,
   scaffoldMcpMarker,
   scaffoldNextConfig
-} from "../chunk-A2AZL6MZ.js";
+} from "../chunk-O63DJKIJ.js";
 import {
   MCP_ENDPOINT,
   NEXT_CONFIG_NAMES,
   formatAgentName
-} from "../chunk-BL3YDC6V.js";
-import {
-  init_esm_shims
-} from "../chunk-BGZ7J74D.js";
+} from "../chunk-DXRZKKSO.js";
+import "../chunk-NSBPE2FW.js";
 
 // src/cli/init.ts
-init_esm_shims();
-import * as fs from "fs";
-import * as path from "path";
-import * as readline from "readline";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as readline from "node:readline";
 function meetsNodeVersion(minMajor) {
   const [major] = process.versions.node.split(".").map(Number);
   return major >= minMajor;
@@ -108,7 +110,7 @@ async function rollbackSteps(steps, projectRoot, state) {
     try {
       switch (step) {
         case "instrumentation": {
-          const instrPath = path.join(projectRoot, "instrumentation.ts");
+          const instrPath = state?.instrumentationPath ?? path.join(projectRoot, "instrumentation.ts");
           if (fs.existsSync(instrPath)) {
             const content = fs.readFileSync(instrPath, "utf-8");
             if (isInitCreatedInstrumentation(content)) {
@@ -211,32 +213,76 @@ async function runInit(options) {
   }
   const rollbackState = { steps: [] };
   try {
-    const instrPath = path.join(projectRoot, "instrumentation.ts");
-    if (fs.existsSync(instrPath)) {
-      rollbackState.originalInstrumentationContent = fs.readFileSync(instrPath, "utf-8");
+    const preResolved = resolveInstrumentationTarget(projectRoot);
+    if (!preResolved.conflict && preResolved.target !== null) {
+      rollbackState.instrumentationPath = preResolved.target;
+      if (fs.existsSync(preResolved.target)) {
+        rollbackState.originalInstrumentationContent = fs.readFileSync(
+          preResolved.target,
+          "utf-8"
+        );
+      }
+    }
+    const instrResult = await scaffoldInstrumentation(projectRoot, {
+      // `--yes` implies non-interactive automation and must not hang on a
+      // merge confirmation prompt. `--force` skips the prompt explicitly
+      // (DISC-1247 Scenario 2c parity).
+      force: options.force === true || options.yes
+    });
+    if (instrResult.filePath !== void 0) {
+      rollbackState.instrumentationPath = instrResult.filePath;
     }
-    const instrResult = await scaffoldInstrumentation(projectRoot);
+    const relativePath = instrResult.filePath !== void 0 ? path.relative(projectRoot, instrResult.filePath) : "instrumentation.ts";
     switch (instrResult.action) {
       case "created":
-        summary.push("Created instrumentation.ts");
+        summary.push(`Created ${relativePath}`);
         rollbackState.steps.push("instrumentation");
         break;
       case "injected":
-        summary.push("Added registerGlasstrace() to existing instrumentation.ts");
+        summary.push(`Added registerGlasstrace() to existing ${relativePath}`);
+        rollbackState.steps.push("instrumentation");
+        break;
+      case "appended":
+        summary.push(
+          `Appended register() with registerGlasstrace() to ${relativePath}`
+        );
         rollbackState.steps.push("instrumentation");
         break;
       case "already-registered":
-        summary.push("Skipped instrumentation.ts (registerGlasstrace already present)");
+        summary.push(`Skipped ${relativePath} (registerGlasstrace already present)`);
+        break;
+      case "skipped":
+        warnings.push(
+          `Preserved ${relativePath} (merge declined; re-run with --force to apply the merge without prompting)`
+        );
         break;
+      case "conflict": {
+        const primary = instrResult.filePath !== void 0 ? path.relative(projectRoot, instrResult.filePath) : "src/instrumentation.ts";
+        const competing = instrResult.conflictingPath !== void 0 ? path.relative(projectRoot, instrResult.conflictingPath) : "instrumentation.ts";
+        await rollbackSteps(rollbackState.steps, projectRoot, rollbackState);
+        errors.push(
+          `Both ${primary} and ${competing} exist. Next.js's loader behavior is undefined when both are present.
+Merge your instrumentation into ${primary} and remove ${competing}, then re-run init.`
+        );
+        return { exitCode: 1, summary, warnings, errors };
+      }
       case "unrecognized":
         warnings.push(
-          'instrumentation.ts exists but has no recognizable register() function.\nAdd this import at the top of your file:\n\n  import { registerGlasstrace } from "@glasstrace/sdk";\n\nThen add this as the first statement in your register() function:\n\n  registerGlasstrace();\n'
+          `${relativePath} exists but has no recognizable register() function.
+Add this import at the top of your file:
+
+  import { registerGlasstrace } from "@glasstrace/sdk";
+
+Then add this as the first statement in your register() function:
+
+  registerGlasstrace();
+`
         );
         break;
     }
   } catch (err) {
     await rollbackSteps(rollbackState.steps, projectRoot, rollbackState);
-    errors.push(`Failed to write instrumentation.ts: ${err instanceof Error ? err.message : String(err)}`);
+    errors.push(`Failed to write instrumentation file: ${err instanceof Error ? err.message : String(err)}`);
     return { exitCode: 1, summary, warnings, errors };
   }
   try {
@@ -429,8 +475,64 @@ async function runInit(options) {
       warnings.push(`Import graph scan failed: ${err instanceof Error ? err.message : String(err)}. You can run it later.`);
     }
   }
+  const skipVerify = process.env["GLASSTRACE_SKIP_INIT_VERIFY"] === "1" || process.env["GLASSTRACE_SKIP_INIT_VERIFY"] === "true" || process.env["VITEST"] === "true";
+  if (!skipVerify && !isCI) {
+    const verifyResult = await verifyAnonKeyRegistration(projectRoot);
+    if (verifyResult.outcome === "failed") {
+      errors.push(verifyResult.error);
+      return { exitCode: 2, summary, warnings, errors };
+    }
+    if (verifyResult.outcome === "verified") {
+      summary.push("Verified anon key registration with Glasstrace API");
+    } else {
+      summary.push("Skipped anon key verification (no anon key on disk)");
+    }
+  }
   return { exitCode: 0, summary, warnings, errors };
 }
+async function verifyAnonKeyRegistration(projectRoot) {
+  const anonKey = await readAnonKey(projectRoot);
+  if (anonKey === null) {
+    return { outcome: "skipped" };
+  }
+  let devKey;
+  try {
+    const envPath = path.join(projectRoot, ".env.local");
+    if (fs.existsSync(envPath)) {
+      const envContent = fs.readFileSync(envPath, "utf-8");
+      const effective = readEnvLocalApiKey(envContent);
+      if (effective !== null && isDevApiKey(effective)) {
+        devKey = effective;
+      }
+    }
+  } catch {
+  }
+  const baseConfig = resolveConfig({ apiKey: devKey });
+  const config = { ...baseConfig, apiKey: devKey };
+  const sdkVersion = true ? "0.16.0" : "0.0.0-dev";
+  const result = await verifyInitReachable(config, anonKey, sdkVersion);
+  if (result.ok) {
+    return { outcome: "verified" };
+  }
+  const hint = "Run 'npx glasstrace status' or 'npx glasstrace doctor' to diagnose.";
+  switch (result.reason) {
+    case "transport":
+      return {
+        outcome: "failed",
+        error: `Glasstrace init verification failed: fetch failed: ${result.detail}. ${hint}`
+      };
+    case "rejected":
+      return {
+        outcome: "failed",
+        error: `Glasstrace init verification failed: server rejected the key (HTTP ${result.status}). ${hint}`
+      };
+    case "malformed":
+      return {
+        outcome: "failed",
+        error: `Glasstrace init verification failed: server returned malformed response. ${hint}`
+      };
+  }
+}
 function parseArgs(argv) {
   const args = argv.slice(2);
   let yes = false;
@@ -538,19 +640,25 @@ Usage: glasstrace mcp add [--force] [--dry-run]
           }
         }
         if (result.summary.length > 0) {
-          process.stderr.write("\nGlasstrace initialized successfully!\n\n");
+          if (result.exitCode === 0) {
+            process.stderr.write("\nGlasstrace initialized successfully!\n\n");
+          } else {
+            process.stderr.write("\nGlasstrace init completed with errors.\n\n");
+          }
           for (const line of result.summary) {
             process.stderr.write(`  - ${line}
 `);
           }
-          process.stderr.write("\nNext steps:\n");
-          process.stderr.write("  1. Start your Next.js dev server\n");
-          process.stderr.write(
-            "  2. Glasstrace works immediately in anonymous mode\n"
-          );
-          process.stderr.write(
-            "  3. To link to your account, set GLASSTRACE_API_KEY in .env.local\n\n"
-          );
+          if (result.exitCode === 0) {
+            process.stderr.write("\nNext steps:\n");
+            process.stderr.write("  1. Start your Next.js dev server\n");
+            process.stderr.write(
+              "  2. Glasstrace works immediately in anonymous mode\n"
+            );
+            process.stderr.write(
+              "  3. To link to your account, set GLASSTRACE_API_KEY in .env.local\n\n"
+            );
+          }
         }
         process.exit(result.exitCode);
       }).catch((err) => {
@@ -597,7 +705,7 @@ Usage: glasstrace mcp add [--force] [--dry-run]
   } else if (subcommand === "status") {
     const remainingArgs = process.argv.slice(3);
     const json = remainingArgs.includes("--json");
-    Promise.all([import("./status.js"), import("../monorepo-YILKGQXQ.js")]).then(([{ runStatus }, { resolveProjectRoot: resolve }]) => {
+    Promise.all([import("./status.js"), import("../monorepo-N5Z63XP7.js")]).then(([{ runStatus }, { resolveProjectRoot: resolve }]) => {
       let projectRoot = process.cwd();
       try {
         projectRoot = resolve(projectRoot).projectRoot;
@@ -652,6 +760,7 @@ export {
   decideMcpConfigAction,
   meetsNodeVersion,
   rollbackSteps,
-  runInit
+  runInit,
+  verifyAnonKeyRegistration
 };
 //# sourceMappingURL=init.js.map