npm - @glasstrace/sdk - Versions diffs - 0.17.3 → 0.19.0 - Mend

@glasstrace/sdk 0.17.3 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/dist/{chunk-GSGX76Q5.js → chunk-5N2IR4EO.js} +146 -3
package/dist/chunk-5N2IR4EO.js.map +1 -0
package/dist/{chunk-IOPCSX6C.js → chunk-F2TZRBEH.js} +2 -2
package/dist/{chunk-E33Y7BQH.js → chunk-VN3GZDV6.js} +2 -2
package/dist/{chunk-J5BW7V2D.js → chunk-YPXW2TN3.js} +2 -2
package/dist/cli/init.cjs +68 -2
package/dist/cli/init.cjs.map +1 -1
package/dist/cli/init.js +4 -4
package/dist/cli/mcp-add.cjs +66 -0
package/dist/cli/mcp-add.cjs.map +1 -1
package/dist/cli/mcp-add.js +2 -2
package/dist/index.cjs +148 -34
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +43 -12
package/dist/index.d.ts +43 -12
package/dist/index.js +10 -39
package/dist/index.js.map +1 -1
package/dist/{source-map-uploader-26QPRSCG.js → source-map-uploader-VPDZWWM2.js} +3 -3
package/package.json +1 -1
package/dist/chunk-GSGX76Q5.js.map +0 -1
/package/dist/{chunk-IOPCSX6C.js.map → chunk-F2TZRBEH.js.map} +0 -0
/package/dist/{chunk-E33Y7BQH.js.map → chunk-VN3GZDV6.js.map} +0 -0
/package/dist/{chunk-J5BW7V2D.js.map → chunk-YPXW2TN3.js.map} +0 -0
/package/dist/{source-map-uploader-26QPRSCG.js.map → source-map-uploader-VPDZWWM2.js.map} +0 -0

package/dist/index.d.cts CHANGED Viewed

@@ -140,6 +140,49 @@ declare const SourceMapManifestResponseSchema: z.ZodObject<{
 }, z.core.$strip>;
 type SourceMapManifestResponse = z.infer<typeof SourceMapManifestResponseSchema>;
+/**
+ * Session ID derivation — part of the public Glasstrace wire contract.
+ *
+ * Deriving the session ID is deterministic: given the same inputs,
+ * every runtime that implements this module produces the same
+ * 16-character hex identifier. That determinism is the contract — it
+ * lets independent clients (SDK, browser extension, server tooling)
+ * agree on the same session without coordination.
+ *
+ * This module is pure: it has no module-level state and no
+ * runtime-dependent branches. It is safe to import from Node 20+,
+ * modern browsers, Vercel Edge, and Cloudflare Workers. The SHA-256
+ * implementation is pure JavaScript; no `node:crypto`, no Web Crypto,
+ * no bundler-specific shims.
+ */
+/**
+ * Derives a deterministic session ID from the inputs that define a
+ * Glasstrace session. The output is a 16-character lowercase hex
+ * string validated through {@link SessionIdSchema}.
+ *
+ * This function is part of the Glasstrace wire contract: any consumer
+ * (SDK, browser extension, server tooling) that calls it with the same
+ * arguments receives the same `SessionId`. That property is what lets
+ * independent clients agree on a session without coordination.
+ *
+ * Uses a pure-JavaScript SHA-256 so the output is identical across
+ * every runtime this package supports (Node 20+, modern browsers,
+ * Vercel Edge, Cloudflare Workers).
+ *
+ * Security note: the session ID is an **identifier**, not a secret or
+ * an authentication token. It is never used for authorization.
+ *
+ * @param apiKey - The project's API key (or anonymous placeholder).
+ * @param origin - The origin string identifying the deployment
+ *   environment (for example `localhost:3000` or `production`).
+ * @param date - UTC date as `YYYY-MM-DD`.
+ * @param windowIndex - Zero-based index of the 4-hour activity window
+ *   within the day.
+ * @returns A 16-character hex {@link SessionId}.
+ */
+declare function deriveSessionId(apiKey: string, origin: string, date: string, windowIndex: number): SessionId;
 /**
  * Internal SDK error class with a typed diagnostic code.
  * Caught at the boundary and converted to a log message + diagnostic entry.
@@ -188,18 +231,6 @@ declare function isProductionDisabled(config: ResolvedConfig): boolean;
  */
 declare function isAnonymousMode(config: ResolvedConfig): boolean;
-/**
- * Derives a deterministic session ID from the given inputs.
- * Uses SHA-256 (truncated to 16 hex chars) when `node:crypto` is available,
- * or a deterministic FNV-1a hash as a fallback in non-Node environments.
- *
- * @param apiKey - The project's API key (or anonymous placeholder).
- * @param origin - The origin string identifying the deployment environment.
- * @param date - UTC date as YYYY-MM-DD.
- * @param windowIndex - Zero-based index of the 4-hour activity window within the day.
- * @returns A 16-character hex SessionId.
- */
-declare function deriveSessionId(apiKey: string, origin: string, date: string, windowIndex: number): SessionId;
 /**
  * Returns the origin string for the current process.
  * If GLASSTRACE_ENV is set, returns that value.

package/dist/index.d.ts CHANGED Viewed

@@ -140,6 +140,49 @@ declare const SourceMapManifestResponseSchema: z.ZodObject<{
 }, z.core.$strip>;
 type SourceMapManifestResponse = z.infer<typeof SourceMapManifestResponseSchema>;
+/**
+ * Session ID derivation — part of the public Glasstrace wire contract.
+ *
+ * Deriving the session ID is deterministic: given the same inputs,
+ * every runtime that implements this module produces the same
+ * 16-character hex identifier. That determinism is the contract — it
+ * lets independent clients (SDK, browser extension, server tooling)
+ * agree on the same session without coordination.
+ *
+ * This module is pure: it has no module-level state and no
+ * runtime-dependent branches. It is safe to import from Node 20+,
+ * modern browsers, Vercel Edge, and Cloudflare Workers. The SHA-256
+ * implementation is pure JavaScript; no `node:crypto`, no Web Crypto,
+ * no bundler-specific shims.
+ */
+/**
+ * Derives a deterministic session ID from the inputs that define a
+ * Glasstrace session. The output is a 16-character lowercase hex
+ * string validated through {@link SessionIdSchema}.
+ *
+ * This function is part of the Glasstrace wire contract: any consumer
+ * (SDK, browser extension, server tooling) that calls it with the same
+ * arguments receives the same `SessionId`. That property is what lets
+ * independent clients agree on a session without coordination.
+ *
+ * Uses a pure-JavaScript SHA-256 so the output is identical across
+ * every runtime this package supports (Node 20+, modern browsers,
+ * Vercel Edge, Cloudflare Workers).
+ *
+ * Security note: the session ID is an **identifier**, not a secret or
+ * an authentication token. It is never used for authorization.
+ *
+ * @param apiKey - The project's API key (or anonymous placeholder).
+ * @param origin - The origin string identifying the deployment
+ *   environment (for example `localhost:3000` or `production`).
+ * @param date - UTC date as `YYYY-MM-DD`.
+ * @param windowIndex - Zero-based index of the 4-hour activity window
+ *   within the day.
+ * @returns A 16-character hex {@link SessionId}.
+ */
+declare function deriveSessionId(apiKey: string, origin: string, date: string, windowIndex: number): SessionId;
 /**
  * Internal SDK error class with a typed diagnostic code.
  * Caught at the boundary and converted to a log message + diagnostic entry.
@@ -188,18 +231,6 @@ declare function isProductionDisabled(config: ResolvedConfig): boolean;
  */
 declare function isAnonymousMode(config: ResolvedConfig): boolean;
-/**
- * Derives a deterministic session ID from the given inputs.
- * Uses SHA-256 (truncated to 16 hex chars) when `node:crypto` is available,
- * or a deterministic FNV-1a hash as a fallback in non-Node environments.
- *
- * @param apiKey - The project's API key (or anonymous placeholder).
- * @param origin - The origin string identifying the deployment environment.
- * @param date - UTC date as YYYY-MM-DD.
- * @param windowIndex - Zero-based index of the 4-hour activity window within the day.
- * @returns A 16-character hex SessionId.
- */
-declare function deriveSessionId(apiKey: string, origin: string, date: string, windowIndex: number): SessionId;
 /**
  * Returns the origin string for the current process.
  * If GLASSTRACE_ENV is set, returns that value.

package/dist/index.js CHANGED Viewed

@@ -10,7 +10,7 @@ import {
   uploadSourceMaps,
   uploadSourceMapsAuto,
   uploadSourceMapsPresigned
-} from "./chunk-E33Y7BQH.js";
+} from "./chunk-VN3GZDV6.js";
 import {
   _setCurrentConfig,
   buildImportGraph,
@@ -28,7 +28,7 @@ import {
   recordSpansExported,
   saveCachedConfig,
   sendInitRequest
-} from "./chunk-IOPCSX6C.js";
+} from "./chunk-F2TZRBEH.js";
 import {
   isAnonymousMode,
   isProductionDisabled,
@@ -38,11 +38,11 @@ import {
 import {
   getOrCreateAnonKey,
   readAnonKey
-} from "./chunk-J5BW7V2D.js";
+} from "./chunk-YPXW2TN3.js";
 import {
   GLASSTRACE_ATTRIBUTE_NAMES,
-  SessionIdSchema
-} from "./chunk-GSGX76Q5.js";
+  deriveSessionId
+} from "./chunk-5N2IR4EO.js";
 import {
   DiagLogLevel,
   INVALID_SPAN_CONTEXT,
@@ -76,37 +76,8 @@ var SdkError = class extends Error {
 // src/session.ts
 var FOUR_HOURS_MS = 4 * 60 * 60 * 1e3;
-var hashFn = null;
-function fnv1aHash(input) {
-  let hash = 2166136261;
-  for (let i = 0; i < input.length; i++) {
-    hash ^= input.charCodeAt(i);
-    hash = Math.imul(hash, 16777619);
-    hash >>>= 0;
-  }
-  return hash.toString(16).padStart(8, "0");
-}
-function getHashFn() {
-  if (hashFn) return hashFn;
-  try {
-    const { createHash } = __require("node:crypto");
-    hashFn = (input) => createHash("sha256").update(input).digest("hex").slice(0, 16);
-  } catch {
-    hashFn = (input) => {
-      const h1 = fnv1aHash(input);
-      const h2 = fnv1aHash(input + "\0");
-      return (h1 + h2).slice(0, 16);
-    };
-  }
-  return hashFn;
-}
 var cachedGlasstraceEnv = process.env.GLASSTRACE_ENV;
 var cachedPort = process.env.PORT ?? "3000";
-function deriveSessionId(apiKey, origin, date, windowIndex) {
-  const input = JSON.stringify([apiKey, origin, date, windowIndex]);
-  const hash = getHashFn()(input);
-  return SessionIdSchema.parse(hash);
-}
 function getOrigin() {
   if (cachedGlasstraceEnv) {
     return cachedGlasstraceEnv;
@@ -4236,7 +4207,7 @@ function registerGlasstrace(options) {
     setCoreState(CoreState.REGISTERING);
     startRuntimeStateWriter({
       projectRoot: process.cwd(),
-      sdkVersion: "0.17.3"
+      sdkVersion: "0.19.0"
     });
     const config = resolveConfig(options);
     if (config.verbose) {
@@ -4402,8 +4373,8 @@ async function backgroundInit(config, anonKeyForInit, generation) {
   if (config.verbose) {
     console.info("[glasstrace] Background init firing.");
   }
-  const healthReport = collectHealthReport("0.17.3");
-  const initResult = await performInit(config, anonKeyForInit, "0.17.3", healthReport);
+  const healthReport = collectHealthReport("0.19.0");
+  const initResult = await performInit(config, anonKeyForInit, "0.19.0", healthReport);
   if (generation !== registrationGeneration) return;
   const currentState = getCoreState();
   if (currentState === CoreState.SHUTTING_DOWN || currentState === CoreState.SHUTDOWN) {
@@ -4426,7 +4397,7 @@ async function backgroundInit(config, anonKeyForInit, generation) {
   }
   maybeInstallConsoleCapture();
   if (didLastInitSucceed()) {
-    startHeartbeat(config, anonKeyForInit, "0.17.3", generation, (newApiKey, accountId) => {
+    startHeartbeat(config, anonKeyForInit, "0.19.0", generation, (newApiKey, accountId) => {
       setAuthState(AuthState.CLAIMING);
       emitLifecycleEvent("auth:claim_started", { accountId });
       setResolvedApiKey(newApiKey);
@@ -4563,7 +4534,7 @@ async function handleSourceMapUpload(distDir) {
       );
       return;
     }
-    const { discoverSourceMapFiles: discoverSourceMapFiles2, computeBuildHash: computeBuildHash2, uploadSourceMaps: uploadSourceMaps2 } = await import("./source-map-uploader-26QPRSCG.js");
+    const { discoverSourceMapFiles: discoverSourceMapFiles2, computeBuildHash: computeBuildHash2, uploadSourceMaps: uploadSourceMaps2 } = await import("./source-map-uploader-VPDZWWM2.js");
     const files = await discoverSourceMapFiles2(distDir);
     if (files.length === 0) {
       console.info("[glasstrace] No source map files found. Skipping upload.");