@glasstrace/sdk 1.1.3 → 1.2.1

package/README.md

@@ -280,7 +280,7 @@ file directly and no longer needs the runtime handler.
 
 ## Subpath exports
 
-`@glasstrace/sdk` ships three public entries:
+`@glasstrace/sdk` ships four public entries:
 
 - **`@glasstrace/sdk`** — primary import site. Use from
   `instrumentation.ts` (runtime instrumentation) and `next.config.ts`
@@ -298,6 +298,8 @@ file directly and no longer needs the runtime handler.
   condition; non-Node runtimes (workerd, edge-light) fail cleanly at
   module resolution rather than at evaluation.
 - **`@glasstrace/sdk/drizzle`** — Drizzle ORM adapter.
+- **`@glasstrace/sdk/trpc`** — tRPC middleware-chain instrumentation.
+  See "tRPC middleware instrumentation" below.
 
 The source-map and import-graph helpers previously reachable from the
 `@glasstrace/sdk` root specifier have moved to `@glasstrace/sdk/node`
@@ -383,6 +385,57 @@ on the Node-only side to become edge-safe, the right move is to remove
 the `process` and Node built-in reaches from the symbol's transitive
 closure, not to add a runtime guard.
 
+## tRPC middleware instrumentation
+
+The `@glasstrace/sdk/trpc` subpath exposes `tracedMiddleware`, a thin
+wrapper that turns a user-supplied tRPC middleware function into a
+span-emitting middleware function. Each invocation opens a child span
+named `options.name` under the active OTel context (typically the HTTP
+server span), so middleware steps land as children of the HTTP span
+without manual context plumbing. Errors thrown from the middleware
+body are recorded via `span.recordException` and propagate unchanged;
+short-circuit `{ ok: false, error }` results mark the span `ERROR`
+without recording an exception.
+
+`@trpc/server` is declared as an optional peer dependency
+(`^10.0.0 || ^11.0.0`); projects that do not use tRPC pay no runtime
+cost because the subpath is excluded from the root barrel and is
+tree-shakeable.
+
+```ts
+// trpc.ts — your project
+import { initTRPC, TRPCError } from "@trpc/server";
+import { tracedMiddleware } from "@glasstrace/sdk/trpc";
+
+interface MyContext { session?: { userId: string }; tier?: string }
+const t = initTRPC.context<MyContext>().create();
+
+const isAuthed = t.middleware(
+  tracedMiddleware({ name: "isAuthed" }, async ({ ctx, next }) => {
+    if (!ctx.session) throw new TRPCError({ code: "UNAUTHORIZED" });
+    return next({ ctx: { ...ctx, session: ctx.session } });
+  }),
+);
+
+const isPro = t.middleware(
+  tracedMiddleware({ name: "isPro" }, async ({ ctx, next }) => {
+    if (ctx.tier !== "pro") throw new TRPCError({ code: "FORBIDDEN" });
+    return next();
+  }),
+);
+
+export const proProcedure = t.procedure.use(isAuthed).use(isPro);
+```
+
+The wrapped function preserves the original middleware's call-site type,
+so tRPC's procedure-builder context narrowing flows through unchanged.
+The existing `glasstrace.trpc.procedure` attribute (set on the parent
+HTTP span) is not duplicated on the middleware child spans — middleware
+spans carry only `trpc.path`, `trpc.type`, and any caller-supplied
+`options.attributes`. Caller-supplied attributes are forwarded as-is;
+the SDK does not redact them, so callers must avoid placing tokens or
+credentials in `options.attributes`.
+
 ## Security
 
 The SDK transmits your API key exclusively via the `Authorization: Bearer`

package/dist/{chunk-6RNBUUBR.js → chunk-2GCN27SI.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-DQ25VOKK.js";
 import {
   GLASSTRACE_ATTRIBUTE_NAMES
-} from "./chunk-X5MAXP5T.js";
+} from "./chunk-EBYISKQP.js";
 
 // src/errors.ts
 var SdkError = class extends Error {
@@ -102,4 +102,4 @@ export {
   GlasstraceSpanProcessor,
   captureCorrelationId
 };
-//# sourceMappingURL=chunk-6RNBUUBR.js.map
+//# sourceMappingURL=chunk-2GCN27SI.js.map

package/dist/{chunk-4EZ6JTDG.js → chunk-47B2G3FE.js}

@@ -5,7 +5,7 @@ import {
   PresignedUploadResponseSchema,
   SourceMapManifestResponseSchema,
   SourceMapUploadResponseSchema
-} from "./chunk-X5MAXP5T.js";
+} from "./chunk-EBYISKQP.js";
 
 // src/source-map-uploader.ts
 import * as fs from "node:fs/promises";
@@ -331,4 +331,4 @@ export {
   uploadSourceMapsPresigned,
   uploadSourceMapsAuto
 };
-//# sourceMappingURL=chunk-4EZ6JTDG.js.map
+//# sourceMappingURL=chunk-47B2G3FE.js.map

package/dist/{chunk-FGDS33I2.js → chunk-CTJO7PUZ.js}

@@ -33,7 +33,7 @@ import {
   performInit,
   recordSpansDropped,
   recordSpansExported
-} from "./chunk-JKI4OCFV.js";
+} from "./chunk-HV5ID2WJ.js";
 import {
   isAnonymousMode,
   isProductionDisabled,
@@ -43,11 +43,11 @@ import {
   atomicWriteFileSync,
   getOrCreateAnonKey,
   readAnonKey
-} from "./chunk-TWTWRJ25.js";
+} from "./chunk-MD5XPCTQ.js";
 import {
   GLASSTRACE_ATTRIBUTE_NAMES,
   deriveSessionId
-} from "./chunk-X5MAXP5T.js";
+} from "./chunk-EBYISKQP.js";
 import {
   __require
 } from "./chunk-NSBPE2FW.js";
@@ -144,16 +144,22 @@ var ERROR_RESPONSE_BODY_TRUNCATION_MARKER = "...[truncated]";
 var REDACTED = "[REDACTED]";
 var ERROR_STATUS_MIN = 400;
 var ERROR_STATUS_MAX = 599;
-function isHttpErrorStatus(status) {
+function coerceHttpStatus(value) {
   let numeric;
-  if (typeof status === "number") {
-    numeric = status;
-  } else if (typeof status === "string" && status.length > 0) {
-    numeric = Number(status);
+  if (typeof value === "number") {
+    numeric = value;
+  } else if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (trimmed.length === 0) return void 0;
+    numeric = Number(trimmed);
   } else {
-    return false;
+    return void 0;
   }
-  if (!Number.isFinite(numeric)) return false;
+  return Number.isFinite(numeric) ? numeric : void 0;
+}
+function isHttpErrorStatus(status) {
+  const numeric = coerceHttpStatus(status);
+  if (numeric === void 0) return false;
   return numeric >= ERROR_STATUS_MIN && numeric <= ERROR_STATUS_MAX;
 }
 var REDACTION_PATTERNS = [
@@ -413,7 +419,7 @@ var GlasstraceExporter = class {
           }
         }
       }
-      const statusCode = attrs["http.status_code"] ?? attrs["http.response.status_code"];
+      const statusCode = coerceHttpStatus(attrs["http.status_code"]) ?? coerceHttpStatus(attrs["http.response.status_code"]);
       if (statusCode !== void 0) {
         extra[ATTR.HTTP_STATUS_CODE] = statusCode;
       }
@@ -3906,8 +3912,51 @@ function createDiscoveryHandler(getAnonKey, getSessionId, getClaimState) {
 
 // src/context-manager.ts
 import { AsyncLocalStorage } from "node:async_hooks";
+var GLASSTRACE_BRAND = 1;
+var GUARD = /* @__PURE__ */ Symbol.for("glasstrace.context-manager.installed");
+var OTEL_API_KEY = /* @__PURE__ */ Symbol.for("opentelemetry.js.api.1");
+function isOtelContextManager(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const candidate = value;
+  return typeof candidate.active === "function" && typeof candidate.with === "function" && typeof candidate.bind === "function" && typeof candidate.enable === "function" && typeof candidate.disable === "function";
+}
+function isInstallationRecord(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const candidate = value;
+  if (candidate.glasstraceContextManagerBrand !== GLASSTRACE_BRAND) return false;
+  return candidate.manager === null || isOtelContextManager(candidate.manager);
+}
+function getOtelRegisteredContextManager() {
+  const otelSlot = globalThis[OTEL_API_KEY];
+  if (typeof otelSlot !== "object" || otelSlot === null) return void 0;
+  const ctx = otelSlot.context;
+  return isOtelContextManager(ctx) ? ctx : void 0;
+}
 function installContextManager() {
   try {
+    const slot = globalThis;
+    const existing = slot[GUARD];
+    const otelCurrent = getOtelRegisteredContextManager();
+    if (isInstallationRecord(existing) && existing.manager !== null && existing.manager === otelCurrent) {
+      return true;
+    }
+    if (isInstallationRecord(existing) && existing.manager === null && otelCurrent !== void 0) {
+      return false;
+    }
+    if (isInstallationRecord(existing) && existing.manager !== null) {
+      const reSuccess = context.setGlobalContextManager(existing.manager);
+      if (!reSuccess) {
+        console.warn(
+          "[glasstrace] Another context manager is already registered. Trace context propagation may not work as expected."
+        );
+      }
+      const reRecord = {
+        glasstraceContextManagerBrand: GLASSTRACE_BRAND,
+        manager: reSuccess ? existing.manager : null
+      };
+      slot[GUARD] = reRecord;
+      return reSuccess;
+    }
     const als = new AsyncLocalStorage();
     const contextManager = {
       active: () => als.getStore() ?? ROOT_CONTEXT,
@@ -3928,6 +3977,11 @@ function installContextManager() {
         "[glasstrace] Another context manager is already registered. Trace context propagation may not work as expected."
       );
     }
+    const record = {
+      glasstraceContextManagerBrand: GLASSTRACE_BRAND,
+      manager: success ? contextManager : null
+    };
+    slot[GUARD] = record;
     return success;
   } catch {
     return false;
@@ -4153,7 +4207,7 @@ function registerGlasstrace(options) {
     setCoreState(CoreState.REGISTERING);
     startRuntimeStateWriter({
       projectRoot: process.cwd(),
-      sdkVersion: "1.1.3"
+      sdkVersion: "1.2.1"
     });
     const config = resolveConfig(options);
     if (config.verbose) {
@@ -4319,8 +4373,8 @@ async function backgroundInit(config, anonKeyForInit, generation) {
   if (config.verbose) {
     console.info("[glasstrace] Background init firing.");
   }
-  const healthReport = collectHealthReport("1.1.3");
-  const initResult = await performInit(config, anonKeyForInit, "1.1.3", healthReport);
+  const healthReport = collectHealthReport("1.2.1");
+  const initResult = await performInit(config, anonKeyForInit, "1.2.1", healthReport);
   if (generation !== registrationGeneration) return;
   const currentState = getCoreState();
   if (currentState === CoreState.SHUTTING_DOWN || currentState === CoreState.SHUTDOWN) {
@@ -4343,7 +4397,7 @@ async function backgroundInit(config, anonKeyForInit, generation) {
   }
   maybeInstallConsoleCapture();
   if (didLastInitSucceed()) {
-    startHeartbeat(config, anonKeyForInit, "1.1.3", generation, (newApiKey, accountId) => {
+    startHeartbeat(config, anonKeyForInit, "1.2.1", generation, (newApiKey, accountId) => {
       setAuthState(AuthState.CLAIMING);
       emitLifecycleEvent("auth:claim_started", { accountId });
       setResolvedApiKey(newApiKey);
@@ -4638,7 +4692,7 @@ async function handleSourceMapUpload(distDir) {
       );
       return;
     }
-    const { discoverSourceMapFiles, computeBuildHash, uploadSourceMaps } = await import("./source-map-uploader-DPUUCLNW.js");
+    const { discoverSourceMapFiles, computeBuildHash, uploadSourceMaps } = await import("./source-map-uploader-RA4Z7TWA.js");
     const files = await discoverSourceMapFiles(distDir);
     if (files.length === 0) {
       console.info("[glasstrace] No source map files found. Skipping upload.");
@@ -4692,4 +4746,4 @@ export {
   withGlasstraceConfig,
   captureError
 };
-//# sourceMappingURL=chunk-FGDS33I2.js.map
+//# sourceMappingURL=chunk-CTJO7PUZ.js.map