@glasstrace/sdk 0.20.0 → 0.20.1

package/dist/chunk-Z2EGETTT.js

@@ -0,0 +1,204 @@
+import {
+  trace
+} from "./chunk-DQ25VOKK.js";
+import {
+  GLASSTRACE_ATTRIBUTE_NAMES
+} from "./chunk-TQ54WLCZ.js";
+
+// src/errors.ts
+var SdkError = class extends Error {
+  code;
+  constructor(code, message, cause) {
+    super(message, { cause });
+    this.name = "SdkError";
+    this.code = code;
+  }
+};
+
+// src/span-processor.ts
+var GlasstraceSpanProcessor = class {
+  wrappedProcessor;
+  /* eslint-disable @typescript-eslint/no-unused-vars -- backward compat signature */
+  constructor(wrappedProcessor, _sessionManager, _apiKey, _getConfig, _environment) {
+    this.wrappedProcessor = wrappedProcessor;
+  }
+  onStart(span, parentContext) {
+    this.wrappedProcessor.onStart(span, parentContext);
+  }
+  onEnd(readableSpan) {
+    this.wrappedProcessor.onEnd(readableSpan);
+  }
+  async shutdown() {
+    return this.wrappedProcessor.shutdown();
+  }
+  async forceFlush() {
+    return this.wrappedProcessor.forceFlush();
+  }
+};
+
+// src/discovery-endpoint.ts
+var runtimeHandlerDeprecationWarned = false;
+function warnRuntimeHandlerDeprecatedOnce() {
+  if (runtimeHandlerDeprecationWarned) return;
+  runtimeHandlerDeprecationWarned = true;
+  console.warn(
+    "[glasstrace] createDiscoveryHandler is deprecated. Run `npx glasstrace init` to generate a static file at public/.well-known/glasstrace.json (or static/.well-known/glasstrace.json on SvelteKit). The runtime handler will be removed in v1.0.0."
+  );
+}
+function isAllowedOrigin(origin) {
+  if (origin === null) return true;
+  if (origin.startsWith("chrome-extension://")) return true;
+  if (origin.startsWith("moz-extension://")) return true;
+  if (origin.startsWith("safari-web-extension://")) return true;
+  return false;
+}
+function buildCorsHeaders(origin) {
+  const headers = {
+    "Content-Type": "application/json",
+    Vary: "Origin"
+  };
+  if (origin && isAllowedOrigin(origin)) {
+    headers["Access-Control-Allow-Origin"] = origin;
+  }
+  return headers;
+}
+function createDiscoveryHandler(getAnonKey, getSessionId, getClaimState) {
+  return async (request) => {
+    let url;
+    try {
+      url = new URL(request.url);
+    } catch {
+      return null;
+    }
+    if (url.pathname !== "/__glasstrace/config") {
+      return null;
+    }
+    warnRuntimeHandlerDeprecatedOnce();
+    const origin = request.headers.get("Origin");
+    const corsHeaders = buildCorsHeaders(origin);
+    if (request.method === "OPTIONS") {
+      return new Response(null, {
+        status: 204,
+        headers: {
+          ...corsHeaders,
+          "Access-Control-Allow-Methods": "GET, OPTIONS",
+          "Access-Control-Allow-Headers": "Content-Type"
+        }
+      });
+    }
+    if (request.method !== "GET") {
+      return new Response(
+        JSON.stringify({ error: "method_not_allowed" }),
+        {
+          status: 405,
+          headers: corsHeaders
+        }
+      );
+    }
+    try {
+      const anonKey = await getAnonKey();
+      if (anonKey === null) {
+        return new Response(
+          JSON.stringify({ error: "not_ready" }),
+          {
+            status: 503,
+            headers: corsHeaders
+          }
+        );
+      }
+      const sessionId = getSessionId();
+      const responseBody = { key: anonKey, sessionId };
+      const claimState = getClaimState?.();
+      if (claimState?.claimed) {
+        responseBody.claimed = true;
+        if (claimState.accountHint) {
+          responseBody.accountHint = claimState.accountHint;
+        }
+      }
+      return new Response(
+        JSON.stringify(responseBody),
+        {
+          status: 200,
+          headers: corsHeaders
+        }
+      );
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "internal_error" }),
+        {
+          status: 500,
+          headers: corsHeaders
+        }
+      );
+    }
+  };
+}
+
+// src/correlation-id.ts
+var ATTR = GLASSTRACE_ATTRIBUTE_NAMES;
+var HEADER_NAME = "x-gt-cid";
+var MAX_CID_LENGTH = 128;
+function captureCorrelationId(req) {
+  try {
+    if (!req || !req.headers) {
+      return;
+    }
+    const value = readHeader(req.headers);
+    if (!value) {
+      return;
+    }
+    const span = trace.getActiveSpan();
+    if (!span) {
+      return;
+    }
+    span.setAttribute(ATTR.CORRELATION_ID, value);
+  } catch {
+  }
+}
+function readHeader(headers) {
+  const asFetch = headers;
+  if (typeof asFetch.get === "function") {
+    const raw = asFetch.get(HEADER_NAME);
+    return firstToken(raw);
+  }
+  const dict = headers;
+  const direct = dict[HEADER_NAME];
+  if (direct !== void 0) {
+    return firstValue(direct);
+  }
+  for (const key of Object.keys(dict)) {
+    if (key.toLowerCase() === HEADER_NAME) {
+      return firstValue(dict[key]);
+    }
+  }
+  return void 0;
+}
+function firstValue(value) {
+  if (Array.isArray(value)) {
+    for (const entry of value) {
+      const token = firstToken(entry);
+      if (token) return token;
+    }
+    return void 0;
+  }
+  return firstToken(value);
+}
+function firstToken(value) {
+  if (typeof value !== "string") return void 0;
+  const parts = value.split(",");
+  for (const part of parts) {
+    const trimmed = part.trim();
+    if (trimmed.length === 0) continue;
+    if (trimmed.length > MAX_CID_LENGTH) return void 0;
+    return trimmed;
+  }
+  return void 0;
+}
+
+export {
+  SdkError,
+  GlasstraceSpanProcessor,
+  createDiscoveryHandler,
+  captureCorrelationId
+};
+//# sourceMappingURL=chunk-Z2EGETTT.js.map

package/dist/chunk-Z2EGETTT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/errors.ts","../src/span-processor.ts","../src/discovery-endpoint.ts","../src/correlation-id.ts"],"sourcesContent":["import type { SdkDiagnosticCode } from \"@glasstrace/protocol\";\n\n/**\n * Internal SDK error class with a typed diagnostic code.\n * Caught at the boundary and converted to a log message + diagnostic entry.\n * Never thrown to the developer.\n */\nexport class SdkError extends Error {\n  readonly code: SdkDiagnosticCode;\n\n  constructor(code: SdkDiagnosticCode, message: string, cause?: Error) {\n    super(message, { cause });\n    this.name = \"SdkError\";\n    this.code = code;\n  }\n}\n","import type { SpanProcessor, ReadableSpan } from \"@opentelemetry/sdk-trace-base\";\nimport type { Span } from \"@opentelemetry/sdk-trace-base\";\nimport type { CaptureConfig } from \"@glasstrace/protocol\";\nimport type { SessionManager } from \"./session.js\";\n\n/**\n * Lightweight SpanProcessor that delegates to a wrapped processor.\n *\n * All glasstrace.* attribute enrichment has been moved to {@link GlasstraceExporter}\n * (see enriching-exporter.ts), which enriches spans at export time. This resolves:\n * - Cold-start spans are buffered in the exporter, not dropped\n * - Vercel's CompositeSpanProcessor skips onEnding(); the exporter doesn't need it\n * - Session ID is computed at export time with the resolved API key\n *\n * This class is retained for backward compatibility. New code should use\n * GlasstraceExporter directly.\n *\n * @deprecated Use GlasstraceExporter for span enrichment. This processor is now a pass-through.\n */\nexport class GlasstraceSpanProcessor implements SpanProcessor {\n  private readonly wrappedProcessor: SpanProcessor;\n\n  /* eslint-disable @typescript-eslint/no-unused-vars -- backward compat signature */\n  constructor(\n    wrappedProcessor: SpanProcessor,\n    _sessionManager?: SessionManager,\n    _apiKey?: string | (() => string),\n    _getConfig?: () => CaptureConfig,\n    _environment?: string,\n  ) {\n    /* eslint-enable @typescript-eslint/no-unused-vars */\n    this.wrappedProcessor = wrappedProcessor;\n  }\n\n  onStart(span: Span, parentContext: Parameters<SpanProcessor[\"onStart\"]>[1]): void {\n    this.wrappedProcessor.onStart(span, parentContext);\n  }\n\n  onEnd(readableSpan: ReadableSpan): void {\n    this.wrappedProcessor.onEnd(readableSpan);\n  }\n\n  async shutdown(): Promise<void> {\n    return this.wrappedProcessor.shutdown();\n  }\n\n  async forceFlush(): Promise<void> {\n    return this.wrappedProcessor.forceFlush();\n  }\n}\n","import type { AnonApiKey, SessionId } from \"@glasstrace/protocol\";\n\n/**\n * Tracks whether the runtime-handler deprecation warning has already been\n * emitted for this process. The warning is noisy by design (we want users\n * to migrate) but should fire exactly once per process — repeated logs on\n * every request would drown out real warnings and spam CI output.\n */\nlet runtimeHandlerDeprecationWarned = false;\n\n/**\n * @internal Reset the deprecation-warning flag. Test-only.\n */\nexport function _resetDiscoveryDeprecationWarningForTesting(): void {\n  runtimeHandlerDeprecationWarned = false;\n}\n\n/**\n * Emits a one-time `console.warn` explaining that the runtime discovery\n * handler has been superseded by the static file written by `sdk init`.\n *\n * Scheduled for removal in v1.0.0 per the deprecation timeline documented\n * in the \"SDK Discovery Endpoint / Static File\" design doc. Kept out of\n * the module top level so bundlers can tree-shake the warning path when\n * the handler itself is not imported.\n *\n * The `[glasstrace]` prefix matches the SDK-internal log convention so\n * console capture (see `console-capture.ts`) skips the warning rather\n * than recording it as a user-facing span event.\n */\nfunction warnRuntimeHandlerDeprecatedOnce(): void {\n  if (runtimeHandlerDeprecationWarned) return;\n  runtimeHandlerDeprecationWarned = true;\n  console.warn(\n    \"[glasstrace] createDiscoveryHandler is deprecated. \" +\n      \"Run `npx glasstrace init` to generate a static file at \" +\n      \"public/.well-known/glasstrace.json (or static/.well-known/glasstrace.json \" +\n      \"on SvelteKit). The runtime handler will be removed in v1.0.0.\",\n  );\n}\n\n/**\n * Checks whether the given Origin header is allowed for CORS access.\n *\n * Allowed origins:\n * - `chrome-extension://*` — any Chrome extension\n * - `moz-extension://*` — any Firefox extension\n * - `safari-web-extension://*` — any Safari extension\n * - Absent origin (same-origin / non-browser request)\n *\n * Replaced wildcard `*` to prevent arbitrary websites from\n * reading the anonymous API key from localhost.\n */\nfunction isAllowedOrigin(origin: string | null): boolean {\n  if (origin === null) return true;\n  if (origin.startsWith(\"chrome-extension://\")) return true;\n  if (origin.startsWith(\"moz-extension://\")) return true;\n  if (origin.startsWith(\"safari-web-extension://\")) return true;\n  return false;\n}\n\n/**\n * Builds CORS headers for a given request origin.\n * Returns headers with `Access-Control-Allow-Origin` set to the origin\n * if allowed, otherwise omits that header entirely.\n */\nfunction buildCorsHeaders(origin: string | null): Record<string, string> {\n  const headers: Record<string, string> = {\n    \"Content-Type\": \"application/json\",\n    Vary: \"Origin\",\n  };\n\n  if (origin && isAllowedOrigin(origin)) {\n    headers[\"Access-Control-Allow-Origin\"] = origin;\n  }\n\n  return headers;\n}\n\n/**\n * Claim state returned by the `getClaimState` callback.\n *\n * - `claimed` — `true` when the anonymous key has been linked to an account.\n * - `accountHint` — optional masked identifier (e.g. `\"er***@example.com\"`)\n *   for the browser extension to display to the user.\n */\nexport interface ClaimState {\n  claimed: boolean;\n  accountHint?: string;\n}\n\n/**\n * Creates a request handler for the `/__glasstrace/config` discovery endpoint.\n *\n * The returned handler checks if the request URL path is `/__glasstrace/config`.\n * If not, returns `null` (pass-through). If it matches, returns a `DiscoveryResponse`\n * with the anonymous key and current session ID.\n *\n * When `getClaimState` returns a non-null value with `claimed: true`, the\n * response includes `claimed` and (optionally) `accountHint` so the browser\n * extension can prompt the user to sign in.\n *\n * The triple guard (anonymous + dev + active) is enforced by the caller,\n * not by this module. If the handler is registered, it serves.\n */\nexport function createDiscoveryHandler(\n  getAnonKey: () => Promise<AnonApiKey | null>,\n  getSessionId: () => SessionId,\n  getClaimState?: () => ClaimState | null,\n): (request: Request) => Promise<Response | null> {\n  return async (request: Request): Promise<Response | null> => {\n    // Check path match\n    let url: URL;\n    try {\n      url = new URL(request.url);\n    } catch {\n      return null;\n    }\n\n    if (url.pathname !== \"/__glasstrace/config\") {\n      return null;\n    }\n\n    // Fire the deprecation notice only when the handler actually serves a\n    // Glasstrace-discovery request — non-matching paths pass through, so\n    // warning there would spam users who never invoked the handler.\n    warnRuntimeHandlerDeprecatedOnce();\n\n    // Restrict CORS to known extension origins instead of wildcard\n    const origin = request.headers.get(\"Origin\");\n    const corsHeaders = buildCorsHeaders(origin);\n\n    // Handle CORS preflight\n    if (request.method === \"OPTIONS\") {\n      return new Response(null, {\n        status: 204,\n        headers: {\n          ...corsHeaders,\n          \"Access-Control-Allow-Methods\": \"GET, OPTIONS\",\n          \"Access-Control-Allow-Headers\": \"Content-Type\",\n        },\n      });\n    }\n\n    // Only allow GET requests\n    if (request.method !== \"GET\") {\n      return new Response(\n        JSON.stringify({ error: \"method_not_allowed\" }),\n        {\n          status: 405,\n          headers: corsHeaders,\n        },\n      );\n    }\n\n    try {\n      // Get the anonymous key\n      const anonKey = await getAnonKey();\n\n      if (anonKey === null) {\n        return new Response(\n          JSON.stringify({ error: \"not_ready\" }),\n          {\n            status: 503,\n            headers: corsHeaders,\n          },\n        );\n      }\n\n      // Get the current session ID\n      const sessionId = getSessionId();\n\n      // Build response body, conditionally including claim fields\n      const responseBody: Record<string, unknown> = { key: anonKey, sessionId };\n      const claimState = getClaimState?.();\n      if (claimState?.claimed) {\n        responseBody.claimed = true;\n        if (claimState.accountHint) {\n          responseBody.accountHint = claimState.accountHint;\n        }\n      }\n\n      return new Response(\n        JSON.stringify(responseBody),\n        {\n          status: 200,\n          headers: corsHeaders,\n        },\n      );\n    } catch {\n      return new Response(\n        JSON.stringify({ error: \"internal_error\" }),\n        {\n          status: 500,\n          headers: corsHeaders,\n        },\n      );\n    }\n  };\n}\n\n// Exported for testing\nexport { isAllowedOrigin, buildCorsHeaders };\n","import { trace } from \"@opentelemetry/api\";\nimport { GLASSTRACE_ATTRIBUTE_NAMES } from \"@glasstrace/protocol\";\n\nconst ATTR = GLASSTRACE_ATTRIBUTE_NAMES;\nconst HEADER_NAME = \"x-gt-cid\";\n\n/**\n * Hard cap on the correlation ID length we accept from the wire. Our\n * own extension emits ULIDs (26 characters); 128 is a generous ceiling\n * that still prevents a hostile client from ballooning span payloads.\n */\nconst MAX_CID_LENGTH = 128;\n\n/**\n * Minimal Fetch-API `Headers`-like interface supporting case-insensitive\n * single-value lookup. Matches `Headers` from `undici` / the Web Fetch API.\n */\ninterface FetchHeadersLike {\n  get(name: string): string | null;\n}\n\n/**\n * Minimal Node `IncomingMessage.headers`-like shape: a dictionary mapping\n * (typically lower-cased) header names to a value, a list of values, or\n * `undefined`.\n */\ntype NodeHeadersLike = Record<\n  string,\n  string | string[] | undefined\n>;\n\n/**\n * Accepted request shape for {@link captureCorrelationId}. Intentionally\n * loose so callers can pass either a Fetch `Request` (or `NextRequest`)\n * or a Node `IncomingMessage` without adapting the type.\n */\nexport interface CorrelationIdRequest {\n  headers: FetchHeadersLike | NodeHeadersLike | undefined;\n}\n\n/**\n * Captures the Glasstrace correlation ID header (`x-gt-cid`) from an\n * incoming request and materializes it as the\n * `glasstrace.correlation.id` attribute on the currently active OTel span\n * (DISC-1253).\n *\n * The SDK does not own any HTTP instrumentation, so it cannot read this\n * header itself. Users opt in by calling this helper from a hook that\n * runs inside the request's OTel context — typically a Next.js\n * `middleware.ts` or a custom server request handler.\n *\n * The function is intentionally forgiving:\n * - No active span → no-op.\n * - Missing / empty header → no-op.\n * - Array header values (Node IncomingMessage) → the first non-empty\n *   value is used; subsequent values are ignored because a correlation\n *   ID is a single logical value.\n * - Malformed or unexpected `headers` shapes → caught and ignored; the\n *   helper never throws.\n *\n * @example\n * ```ts\n * // Next.js middleware.ts\n * import { captureCorrelationId } from \"@glasstrace/sdk\";\n *\n * export function middleware(req: Request) {\n *   captureCorrelationId(req);\n *   return NextResponse.next();\n * }\n * ```\n */\nexport function captureCorrelationId(req: CorrelationIdRequest | null | undefined): void {\n  try {\n    if (!req || !req.headers) {\n      return;\n    }\n\n    const value = readHeader(req.headers);\n    if (!value) {\n      return;\n    }\n\n    const span = trace.getActiveSpan();\n    if (!span) {\n      return;\n    }\n\n    span.setAttribute(ATTR.CORRELATION_ID, value);\n  } catch {\n    // Never throw from a request hook — correlation is a best-effort\n    // enrichment and must not break the user's request pipeline.\n  }\n}\n\n/**\n * Reads the `x-gt-cid` header from either a Fetch-API `Headers` object\n * or a Node-style dictionary. Returns a trimmed single value, or\n * `undefined` if the header is missing or empty.\n */\nfunction readHeader(\n  headers: FetchHeadersLike | NodeHeadersLike,\n): string | undefined {\n  // Fetch-API Headers: duck-type on `.get(name)` being a function.\n  const asFetch = headers as FetchHeadersLike;\n  if (typeof asFetch.get === \"function\") {\n    const raw = asFetch.get(HEADER_NAME);\n    return firstToken(raw);\n  }\n\n  // Node IncomingMessage headers: case-insensitive dictionary lookup.\n  // Node normalizes to lower-case but some frameworks preserve case, so\n  // scan keys defensively.\n  const dict = headers as NodeHeadersLike;\n  const direct = dict[HEADER_NAME];\n  if (direct !== undefined) {\n    return firstValue(direct);\n  }\n\n  for (const key of Object.keys(dict)) {\n    if (key.toLowerCase() === HEADER_NAME) {\n      return firstValue(dict[key]);\n    }\n  }\n\n  return undefined;\n}\n\n/**\n * Picks the first value from a possibly-array header and trims it.\n * Correlation IDs are logically single-valued; when duplicated we keep\n * the first occurrence and drop the rest.\n *\n * Also handles the comma-joined form that intermediaries (and some\n * Node.js HTTP stacks) produce when the same header is sent multiple\n * times — `x-gt-cid: cid1, x-gt-cid: cid2` may surface as the single\n * string `\"cid1, cid2\"` via `Headers.get()` or `IncomingMessage.headers`.\n * Storing that raw merged value would both fail correlation and\n * silently suppress the DISC-1253 Server Action nudge (which only\n * checks attribute presence, not validity). We split on commas and\n * keep the first non-empty token.\n */\nfunction firstValue(value: string | string[] | undefined): string | undefined {\n  if (Array.isArray(value)) {\n    for (const entry of value) {\n      const token = firstToken(entry);\n      if (token) return token;\n    }\n    return undefined;\n  }\n  return firstToken(value);\n}\n\n/**\n * Extracts the first comma-separated token from a header-like string\n * and normalizes it. Returns undefined when no non-empty token exists\n * within the length bound.\n */\nfunction firstToken(value: string | null | undefined): string | undefined {\n  if (typeof value !== \"string\") return undefined;\n  // Split on commas (HTTP list-header separator). Trim each token and\n  // return the first non-empty one that fits within MAX_CID_LENGTH.\n  // A single un-merged header has no commas and this reduces to the\n  // previous normalize() behavior.\n  const parts = value.split(\",\");\n  for (const part of parts) {\n    const trimmed = part.trim();\n    if (trimmed.length === 0) continue;\n    if (trimmed.length > MAX_CID_LENGTH) return undefined;\n    return trimmed;\n  }\n  return undefined;\n}\n"],"mappings":";;;;;;;;AAOO,IAAM,WAAN,cAAuB,MAAM;AAAA,EACzB;AAAA,EAET,YAAY,MAAyB,SAAiB,OAAe;AACnE,UAAM,SAAS,EAAE,MAAM,CAAC;AACxB,SAAK,OAAO;AACZ,SAAK,OAAO;AAAA,EACd;AACF;;;ACIO,IAAM,0BAAN,MAAuD;AAAA,EAC3C;AAAA;AAAA,EAGjB,YACE,kBACA,iBACA,SACA,YACA,cACA;AAEA,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEA,QAAQ,MAAY,eAA8D;AAChF,SAAK,iBAAiB,QAAQ,MAAM,aAAa;AAAA,EACnD;AAAA,EAEA,MAAM,cAAkC;AACtC,SAAK,iBAAiB,MAAM,YAAY;AAAA,EAC1C;AAAA,EAEA,MAAM,WAA0B;AAC9B,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA,EAEA,MAAM,aAA4B;AAChC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AACF;;;ACzCA,IAAI,kCAAkC;AAsBtC,SAAS,mCAAyC;AAChD,MAAI,gCAAiC;AACrC,oCAAkC;AAClC,UAAQ;AAAA,IACN;AAAA,EAIF;AACF;AAcA,SAAS,gBAAgB,QAAgC;AACvD,MAAI,WAAW,KAAM,QAAO;AAC5B,MAAI,OAAO,WAAW,qBAAqB,EAAG,QAAO;AACrD,MAAI,OAAO,WAAW,kBAAkB,EAAG,QAAO;AAClD,MAAI,OAAO,WAAW,yBAAyB,EAAG,QAAO;AACzD,SAAO;AACT;AAOA,SAAS,iBAAiB,QAA+C;AACvE,QAAM,UAAkC;AAAA,IACtC,gBAAgB;AAAA,IAChB,MAAM;AAAA,EACR;AAEA,MAAI,UAAU,gBAAgB,MAAM,GAAG;AACrC,YAAQ,6BAA6B,IAAI;AAAA,EAC3C;AAEA,SAAO;AACT;AA4BO,SAAS,uBACd,YACA,cACA,eACgD;AAChD,SAAO,OAAO,YAA+C;AAE3D,QAAI;AACJ,QAAI;AACF,YAAM,IAAI,IAAI,QAAQ,GAAG;AAAA,IAC3B,QAAQ;AACN,aAAO;AAAA,IACT;AAEA,QAAI,IAAI,aAAa,wBAAwB;AAC3C,aAAO;AAAA,IACT;AAKA,qCAAiC;AAGjC,UAAM,SAAS,QAAQ,QAAQ,IAAI,QAAQ;AAC3C,UAAM,cAAc,iBAAiB,MAAM;AAG3C,QAAI,QAAQ,WAAW,WAAW;AAChC,aAAO,IAAI,SAAS,MAAM;AAAA,QACxB,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,GAAG;AAAA,UACH,gCAAgC;AAAA,UAChC,gCAAgC;AAAA,QAClC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,WAAW,OAAO;AAC5B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,qBAAqB,CAAC;AAAA,QAC9C;AAAA,UACE,QAAQ;AAAA,UACR,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AAEF,YAAM,UAAU,MAAM,WAAW;AAEjC,UAAI,YAAY,MAAM;AACpB,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,YAAY,CAAC;AAAA,UACrC;AAAA,YACE,QAAQ;AAAA,YACR,SAAS;AAAA,UACX;AAAA,QACF;AAAA,MACF;AAGA,YAAM,YAAY,aAAa;AAG/B,YAAM,eAAwC,EAAE,KAAK,SAAS,UAAU;AACxE,YAAM,aAAa,gBAAgB;AACnC,UAAI,YAAY,SAAS;AACvB,qBAAa,UAAU;AACvB,YAAI,WAAW,aAAa;AAC1B,uBAAa,cAAc,WAAW;AAAA,QACxC;AAAA,MACF;AAEA,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,YAAY;AAAA,QAC3B;AAAA,UACE,QAAQ;AAAA,UACR,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF,QAAQ;AACN,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC;AAAA,QAC1C;AAAA,UACE,QAAQ;AAAA,UACR,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpMA,IAAM,OAAO;AACb,IAAM,cAAc;AAOpB,IAAM,iBAAiB;AA4DhB,SAAS,qBAAqB,KAAoD;AACvF,MAAI;AACF,QAAI,CAAC,OAAO,CAAC,IAAI,SAAS;AACxB;AAAA,IACF;AAEA,UAAM,QAAQ,WAAW,IAAI,OAAO;AACpC,QAAI,CAAC,OAAO;AACV;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,cAAc;AACjC,QAAI,CAAC,MAAM;AACT;AAAA,IACF;AAEA,SAAK,aAAa,KAAK,gBAAgB,KAAK;AAAA,EAC9C,QAAQ;AAAA,EAGR;AACF;AAOA,SAAS,WACP,SACoB;AAEpB,QAAM,UAAU;AAChB,MAAI,OAAO,QAAQ,QAAQ,YAAY;AACrC,UAAM,MAAM,QAAQ,IAAI,WAAW;AACnC,WAAO,WAAW,GAAG;AAAA,EACvB;AAKA,QAAM,OAAO;AACb,QAAM,SAAS,KAAK,WAAW;AAC/B,MAAI,WAAW,QAAW;AACxB,WAAO,WAAW,MAAM;AAAA,EAC1B;AAEA,aAAW,OAAO,OAAO,KAAK,IAAI,GAAG;AACnC,QAAI,IAAI,YAAY,MAAM,aAAa;AACrC,aAAO,WAAW,KAAK,GAAG,CAAC;AAAA,IAC7B;AAAA,EACF;AAEA,SAAO;AACT;AAgBA,SAAS,WAAW,OAA0D;AAC5E,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAW,SAAS,OAAO;AACzB,YAAM,QAAQ,WAAW,KAAK;AAC9B,UAAI,MAAO,QAAO;AAAA,IACpB;AACA,WAAO;AAAA,EACT;AACA,SAAO,WAAW,KAAK;AACzB;AAOA,SAAS,WAAW,OAAsD;AACxE,MAAI,OAAO,UAAU,SAAU,QAAO;AAKtC,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,aAAW,QAAQ,OAAO;AACxB,UAAM,UAAU,KAAK,KAAK;AAC1B,QAAI,QAAQ,WAAW,EAAG;AAC1B,QAAI,QAAQ,SAAS,eAAgB,QAAO;AAC5C,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":[]}

package/dist/cli/init.cjs

@@ -15985,7 +15985,8 @@ function isSvelteKitProject(projectRoot) {
   return fs4.existsSync(svelteConfigJs) || fs4.existsSync(svelteConfigTs) || fs4.existsSync(appHtml);
 }
 function relativeDiscoveryPath(layout) {
-  return layout === "static" ? "static/.well-known/glasstrace.json" : "public/.well-known/glasstrace.json";
+  const rootDir = layout === "static" ? "static" : "public";
+  return `${rootDir}/${WELL_KNOWN_GLASSTRACE_PATH}`;
 }
 function readExistingDiscoveryFile(filePath) {
   let raw;
@@ -16145,13 +16146,14 @@ function removeDiscoveryFile(projectRoot) {
     directoryRemoved: chosen.directoryRemoved || anyDirectoryRemoved
   };
 }
-var fs4, path4, DISCOVERY_FILE_VERSION;
+var fs4, path4, WELL_KNOWN_GLASSTRACE_PATH, DISCOVERY_FILE_VERSION;
 var init_discovery_file = __esm({
   "src/cli/discovery-file.ts"() {
     "use strict";
     fs4 = __toESM(require("node:fs"), 1);
     path4 = __toESM(require("node:path"), 1);
     init_dist();
+    WELL_KNOWN_GLASSTRACE_PATH = ".well-known/glasstrace.json";
     DISCOVERY_FILE_VERSION = 1;
   }
 });
@@ -18490,7 +18492,7 @@ async function verifyAnonKeyRegistration(projectRoot) {
   }
   const baseConfig = resolveConfig({ apiKey: devKey });
   const config2 = { ...baseConfig, apiKey: devKey };
-  const sdkVersion = true ? "0.20.0" : "0.0.0-dev";
+  const sdkVersion = true ? "0.20.1" : "0.0.0-dev";
   const result = await verifyInitReachable(config2, anonKey, sdkVersion);
   if (result.ok) {
     return { outcome: "verified" };