@glasstrace/sdk 1.3.8 → 1.4.0

package/dist/capture-error-CTgSYxek.d.ts

@@ -0,0 +1,455 @@
+import { G as GlasstraceEnvVars, f as GlasstraceOptions, A as AnonApiKey, g as SdkInitResponse, C as CaptureConfig, h as SdkHealthReport, I as ImportGraphPayload, i as SdkDiagnosticCode } from './index.d-Dq33YwFT.js';
+import { ReadableSpan } from './export/ReadableSpan';
+import { SpanExporter } from './export/SpanExporter';
+import { ExportResult } from './ExportResult';
+import { a as SessionManager } from './edge-entry-AWO70gje.js';
+import { SpanProcessor } from './SpanProcessor';
+
+/**
+ * Resolved configuration after merging explicit options with environment variables.
+ */
+interface ResolvedConfig {
+    apiKey: string | undefined;
+    endpoint: string;
+    forceEnable: boolean;
+    verbose: boolean;
+    environment: string | undefined;
+    coverageMapEnabled: boolean;
+    nodeEnv: string | undefined;
+    vercelEnv: string | undefined;
+}
+/**
+ * Reads all recognized Glasstrace environment variables from process.env.
+ * Returns undefined for any variable not set. Never throws.
+ */
+declare function readEnvVars(): GlasstraceEnvVars;
+/**
+ * Merges explicit GlasstraceOptions with environment variables.
+ * Explicit options take precedence over environment variables.
+ */
+declare function resolveConfig(options?: GlasstraceOptions): ResolvedConfig;
+/**
+ * Returns true when the SDK should be inactive (production detected without force-enable).
+ * Logic order:
+ *   1. forceEnable === true → return false (override)
+ *   2. NODE_ENV === 'production' → return true
+ *   3. VERCEL_ENV === 'production' → return true
+ *   4. Otherwise → return false
+ */
+declare function isProductionDisabled(config: ResolvedConfig): boolean;
+/**
+ * Returns true when no API key is configured (anonymous mode).
+ * Treats undefined, empty string, whitespace-only, and gt_anon_* keys as anonymous.
+ */
+declare function isAnonymousMode(config: ResolvedConfig): boolean;
+
+/**
+ * The set of recognized fetch target categories.
+ */
+type FetchTarget = "supabase" | "stripe" | "internal" | "unknown";
+/**
+ * Classifies an outbound fetch target URL into a known category.
+ * Classification is case-insensitive and based on the URL hostname.
+ * Uses dot-boundary matching to avoid false positives (e.g. evilstripe.com).
+ *
+ * Returns one of: 'supabase', 'stripe', 'internal', or 'unknown'.
+ */
+declare function classifyFetchTarget(url: string): FetchTarget;
+
+/**
+ * Reads an existing anonymous key from the filesystem.
+ * Returns the key if valid, or null if:
+ * - The file does not exist
+ * - The file content is invalid
+ * - An I/O error occurs
+ * - `node:fs` is unavailable (non-Node environment)
+ */
+declare function readAnonKey(projectRoot?: string): Promise<AnonApiKey | null>;
+/**
+ * Gets an existing anonymous key from the filesystem, or creates a new one.
+ *
+ * - If file exists and contains a valid key, returns it
+ * - If file does not exist or content is invalid, generates a new key via createAnonApiKey()
+ * - Writes the new key to `.glasstrace/anon_key`, creating the directory if needed
+ * - On file write failure: logs a warning, caches an ephemeral in-memory key so
+ *   repeated calls in the same process return the same key
+ * - In non-Node environments: returns an ephemeral in-memory key
+ */
+declare function getOrCreateAnonKey(projectRoot?: string): Promise<AnonApiKey>;
+
+/**
+ * Reads and validates a cached config file from `.glasstrace/config`.
+ * Returns the parsed `SdkInitResponse` or `null` on any failure,
+ * including when `node:fs` is unavailable (non-Node environments).
+ */
+declare function loadCachedConfig(projectRoot?: string): SdkInitResponse | null;
+/**
+ * Persists the init response to `.glasstrace/config` using the SDK 2.0
+ * atomic-write protocol (`tmp + fsync(tmp) + rename + fsync(parent)`).
+ * Silently skipped when `node:fs` is unavailable (non-Node environments).
+ * On I/O failure, logs a warning.
+ *
+ * Atomicity: the payload is written to `.glasstrace/config.tmp`, fsynced
+ * to durable storage, then renamed into place; the parent directory is
+ * fsynced last so the rename survives an immediate crash. `rename` is
+ * atomic on POSIX filesystems, so readers either see the previous valid
+ * config or the new valid config — never a truncated or partially-written
+ * file (DISC-1247 Scenario 5). If any step fails, the temp file is
+ * cleaned up on a best-effort basis.
+ */
+declare function saveCachedConfig(response: SdkInitResponse, projectRoot?: string): Promise<void>;
+/**
+ * Sends a POST request to `/v1/sdk/init`.
+ * Validates the response against `SdkInitResponseSchema`.
+ *
+ * Uses `node:https` via {@link httpsPostJson} rather than the global
+ * `fetch` because Next.js 16 patches `fetch` for caching/revalidation
+ * and can cause the init request to silently hang (DISC-493 Issue 3).
+ * Retries transport-level failures (DNS, TCP, TLS) twice with 500ms +
+ * 1500ms backoff, capped at a 20-second total deadline. Server responses
+ * (HTTP 4xx/5xx) are never retried and are surfaced immediately.
+ */
+declare function sendInitRequest(config: ResolvedConfig, anonKey: AnonApiKey | null, sdkVersion: string, importGraph?: ImportGraphPayload, healthReport?: SdkHealthReport, diagnostics?: Array<{
+    code: SdkDiagnosticCode;
+    message: string;
+    timestamp: number;
+}>, signal?: AbortSignal): Promise<SdkInitResponse>;
+/**
+ * Result returned by {@link performInit} when the backend reports an
+ * account claim transition. `null` means no claim was present.
+ */
+interface InitClaimResult {
+    claimResult: NonNullable<SdkInitResponse["claimResult"]>;
+}
+/**
+ * Orchestrates the full init flow: send request, update config, cache result.
+ * This function MUST NOT throw.
+ *
+ * Returns the claim result when the backend reports an account claim
+ * transition, or `null` when no claim result is available (including
+ * when init is skipped due to rate-limit backoff, missing API key,
+ * or request failure). Callers that do not need claim information
+ * can safely ignore the return value.
+ */
+declare function performInit(config: ResolvedConfig, anonKey: AnonApiKey | null, sdkVersion: string, healthReport?: SdkHealthReport | null): Promise<InitClaimResult | null>;
+/**
+ * Returns the current capture config from the three-tier fallback chain:
+ * 1. In-memory config from latest init response
+ * 2. File cache (read at most once per process lifetime)
+ * 3. DEFAULT_CAPTURE_CONFIG
+ *
+ * The disk read is cached via `configCacheChecked` to avoid repeated
+ * synchronous I/O on the hot path (called by GlasstraceExporter on
+ * every span export batch).
+ */
+declare function getActiveConfig(): CaptureConfig;
+/**
+ * Returns the `linkedAccountId` from the current in-memory init response,
+ * or `undefined` if no init response is available or no account is linked.
+ *
+ * Used by the discovery endpoint to determine whether `claimed: true`
+ * should be included in the response.
+ */
+declare function getLinkedAccountId(): string | undefined;
+
+/**
+ * Options for constructing a {@link GlasstraceExporter}.
+ */
+interface GlasstraceExporterOptions {
+    getApiKey: () => string;
+    sessionManager: SessionManager;
+    getConfig: () => CaptureConfig;
+    environment: string | undefined;
+    endpointUrl: string;
+    createDelegate: ((url: string, headers: Record<string, string>) => SpanExporter) | null;
+    /** When true, logs diagnostic details about enrichment decisions via sdkLog. */
+    verbose?: boolean;
+}
+/**
+ * A SpanExporter that enriches spans with glasstrace.* attributes at export
+ * time, then delegates to a real OTLP exporter.
+ *
+ * This design resolves three issues:
+ * - Spans emitted before the API key resolves are buffered (not dropped)
+ *   and flushed once the key is available.
+ * - Enrichment happens in the exporter (not onEnding), so it works
+ *   on Vercel where CompositeSpanProcessor does not forward onEnding().
+ * - Session ID is computed at export time using the resolved API key,
+ *   not the "pending" placeholder.
+ */
+declare class GlasstraceExporter implements SpanExporter {
+    private readonly getApiKey;
+    private readonly sessionManager;
+    private readonly getConfig;
+    private readonly environment;
+    private readonly endpointUrl;
+    private readonly createDelegateFn;
+    private readonly verbose;
+    private delegate;
+    private delegateKey;
+    private pendingBatches;
+    private pendingSpanCount;
+    private overflowLogged;
+    constructor(options: GlasstraceExporterOptions);
+    export(spans: ReadableSpan[], resultCallback: (result: ExportResult) => void): void;
+    /**
+     * Called when the API key transitions from "pending" to a resolved value.
+     * Creates the delegate exporter and flushes all buffered spans.
+     */
+    notifyKeyResolved(): void;
+    shutdown(): Promise<void>;
+    /**
+     * Flushes any pending buffered spans (if the API key has resolved) and
+     * delegates to the underlying exporter's forceFlush to drain its queue.
+     */
+    forceFlush(): Promise<void>;
+    /**
+     * Enriches a ReadableSpan with all glasstrace.* attributes.
+     * Returns a new ReadableSpan wrapper; the original span is not mutated.
+     *
+     * Only {@link SessionManager.getSessionId} is individually guarded because
+     * it calls into crypto and schema validation — a session ID failure should
+     * not prevent the rest of enrichment. The other helper calls
+     * ({@link deriveErrorCategory}, {@link deriveOrmProvider},
+     * {@link classifyFetchTarget}) are pure functions on typed string inputs
+     * and rely on the outer catch for any unexpected failure.
+     *
+     * On total failure, returns the original span unchanged.
+     */
+    private enrichSpan;
+    /**
+     * Lazily creates the delegate OTLP exporter once the API key is resolved.
+     * Recreates the delegate if the key has changed (e.g., after key rotation)
+     * so the Authorization header stays current.
+     */
+    private ensureDelegate;
+    /**
+     * Buffers raw (unenriched) spans while the API key is pending.
+     * Evicts oldest batches if the buffer exceeds MAX_PENDING_SPANS.
+     * Re-checks the key after buffering to close the race window where
+     * the key resolves between the caller's check and this buffer call.
+     */
+    private bufferSpans;
+    /**
+     * Flushes all buffered spans through the delegate exporter.
+     * Enriches spans at flush time (not buffer time) so that session IDs
+     * are computed with the resolved API key instead of the "pending" sentinel.
+     */
+    private flushPending;
+}
+
+/**
+ * The primary SDK entry point called by developers in their `instrumentation.ts`.
+ * Orchestrates OTel setup, span processor, init client, anon key, and discovery endpoint.
+ *
+ * This function is synchronous and MUST NOT throw. The developer's server is never blocked.
+ * Background work (key resolution, init call) happens via fire-and-forget promises.
+ *
+ * @param options - Optional SDK configuration. Environment variables are used as fallbacks.
+ *
+ * @example
+ * ```ts
+ * // instrumentation.ts
+ * import { registerGlasstrace } from "@glasstrace/sdk";
+ * registerGlasstrace(); // uses env vars
+ * ```
+ */
+declare function registerGlasstrace(options?: GlasstraceOptions): void;
+/**
+ * Returns the registered discovery handler, or null if not registered.
+ */
+declare function getDiscoveryHandler(): ((request: Request) => Promise<Response | null>) | null;
+
+/**
+ * Structural view of Next.js's `NextConfig`. The SDK does not import Next's
+ * type directly because Next is not a peer dependency — this wrapper must
+ * type-check regardless of which Next.js version the consumer has installed.
+ *
+ * The constraint is `object` rather than `Record<string, unknown>` because
+ * Next's actual `NextConfig` is an interface *without* a string index
+ * signature. Requiring `[key: string]: unknown` would fail the assignability
+ * check that caused DISC-1256, reported by Next 16 consumers as:
+ *   > Argument of type 'NextConfig' is not assignable to parameter of type
+ *   > 'NextConfig'. Index signature for type 'string' is missing in type
+ *   > 'NextConfig'.
+ *
+ * `object` accepts every non-primitive value, which is what the wrapper
+ * actually handles at runtime (it shallow-copies the input and reads a few
+ * known properties defensively). Combined with the generic signature on
+ * `withGlasstraceConfig`, callers preserve their exact config subtype.
+ */
+type NextConfig = object;
+/**
+ * Wraps the developer's Next.js config to enable source map generation
+ * and upload .map files to the ingestion API at build time.
+ *
+ * The build NEVER fails because of Glasstrace — all errors are caught
+ * and logged as warnings.
+ *
+ * ## What the wrapper configures for you
+ *
+ * - `experimental.serverSourceMaps: true` — enables server-side source maps
+ *   so Glasstrace can resolve stack traces back to your source.
+ * - `serverExternalPackages: ["@glasstrace/sdk"]` — tells Next to load the
+ *   SDK via Node's `require()` at runtime instead of bundling it through
+ *   webpack or Turbopack on the RSC / Route Handler paths. This is the same
+ *   pattern Prisma, `@vercel/otel`, Sentry, `sharp`, and `bcrypt` ship with.
+ * - A webpack `externals` entry that marks every Node.js built-in import
+ *   (both `node:*` and bare forms like `zlib` or `stream`) as a runtime
+ *   `commonjs` require. `serverExternalPackages` does not apply to the
+ *   instrumentation path under `next dev --webpack`
+ *   (vercel/next.js#58003, #28774), so any bundled SDK chunk that imports
+ *   `node:child_process` or the bare `zlib` specifier used by
+ *   `@opentelemetry/otlp-exporter-base` would otherwise crash with
+ *   `UnhandledSchemeError` or `Can't resolve 'zlib'`. This entry is the
+ *   actual DISC-1257 fix for the dev-webpack path. Turbopack is
+ *   unaffected — it ignores `config.webpack` and resolves Node built-ins
+ *   natively.
+ * - An empty `turbopack: {}` when none is set, so Next 16 does not reject
+ *   the config for setting `webpack` without a companion `turbopack` key
+ *   (DISC-1256).
+ * - A `webpack` hook that collects and uploads `.map` files on client-side
+ *   production builds.
+ *
+ * ## Turbopack
+ *
+ * Next.js 16 made Turbopack the default bundler for `next build`, and Next
+ * rejects configs that set `webpack` without also setting `turbopack`. This
+ * wrapper therefore seeds an empty `turbopack: {}` when the user has not set
+ * one themselves, preserving existing behaviour for explicit Turbopack configs.
+ *
+ * **Source-map upload is currently webpack-only.** Under Turbopack the build
+ * succeeds, but the afterEmit hook that collects and uploads `.map` files does
+ * not fire. Run `next build --webpack` to get source-map uploads, or wait for
+ * a follow-up release that ports the plugin to Turbopack.
+ *
+ * @param nextConfig - The developer's existing Next.js configuration object.
+ * @returns A new config object with source map generation and upload enabled.
+ *   The return type mirrors the input type so that caller-side config
+ *   properties are preserved. The `object` constraint (rather than
+ *   `Record<string, unknown>`) is what makes the wrapper accept Next's
+ *   real `NextConfig` interface (DISC-1256).
+ */
+declare function withGlasstraceConfig<T extends NextConfig>(nextConfig: T): T;
+
+/**
+ * Returns true when the SDK is in ACTIVE or ACTIVE_DEGRADED state.
+ */
+declare function isReady(): boolean;
+/**
+ * Resolves when the SDK reaches ACTIVE or ACTIVE_DEGRADED.
+ * Rejects on PRODUCTION_DISABLED, REGISTRATION_FAILED, or timeout.
+ *
+ * Checks current state synchronously first — resolves/rejects immediately
+ * if the SDK has already reached a terminal or ready state.
+ */
+declare function waitForReady(timeoutMs?: number): Promise<void>;
+/**
+ * Simplified public state query for external consumers.
+ * Hides implementation details like coexistence scenarios.
+ *
+ * The returned `tracing` field is the canonical user-observable signal
+ * for OTel coexistence outcomes:
+ *
+ * - `"active"` — the SDK owns the OTel provider and is exporting spans.
+ * - `"coexistence"` — another OTel provider was detected and the SDK
+ *   either auto-attached its span processor or found one already
+ *   present. Spans are exported through the existing pipeline.
+ * - `"degraded"` — the SDK is exporting but the core lifecycle entered
+ *   `ACTIVE_DEGRADED` (e.g., a non-fatal export failure).
+ * - `"not-configured"` — the SDK could not configure tracing. Covers
+ *   `OtelState.UNCONFIGURED`, `OtelState.CONFIGURING`, and
+ *   `OtelState.COEXISTENCE_FAILED` (the DISC-1556 Next 16 production
+ *   "auto-attach returned null" path). When the value is
+ *   `"not-configured"` after `registerGlasstrace()` has resolved,
+ *   spans are NOT reaching the Glasstrace exporter and the manual
+ *   `createGlasstraceSpanProcessor()` workaround should be applied.
+ *   See `runtime-state.json`'s `lastError` field for the structured
+ *   failure record.
+ */
+declare function getStatus(): {
+    ready: boolean;
+    mode: "anonymous" | "authenticated" | "claiming" | "disabled";
+    tracing: "active" | "degraded" | "not-configured" | "coexistence";
+};
+
+/**
+ * OTel Coexistence Public API
+ *
+ * Provides createGlasstraceSpanProcessor() for developers who want to
+ * manually integrate Glasstrace with their existing OTel provider
+ * (e.g., Sentry's openTelemetrySpanProcessors config option).
+ *
+ * Also provides the auto-attach path (tryAutoAttachGlasstraceProcessor)
+ * that configureOtel() uses when it detects a pre-registered provider
+ * at runtime (Next.js 16 production, Sentry, Datadog, New Relic). Both
+ * entry points reuse the same span-processor factory so the manual and
+ * automatic paths stay in lockstep.
+ *
+ * Design: sdk-otel-coexistence.md Sections 3, 4, 5, 6
+ */
+
+/**
+ * Creates a Glasstrace span processor for manual integration with an
+ * existing OTel provider.
+ *
+ * Use this when another tool (e.g., Sentry) owns the OTel provider and
+ * you want to add Glasstrace to their processor list:
+ *
+ * @example
+ * ```ts
+ * import * as Sentry from "@sentry/nextjs";
+ * import { createGlasstraceSpanProcessor } from "@glasstrace/sdk";
+ *
+ * Sentry.init({
+ *   dsn: "...",
+ *   openTelemetrySpanProcessors: [createGlasstraceSpanProcessor()],
+ * });
+ * ```
+ *
+ * **Important:** `registerGlasstrace()` is still required even when using
+ * this function. The processor handles span transport (enrichment and
+ * export). `registerGlasstrace()` handles everything else: init calls,
+ * config sync, session management, anonymous key generation, discovery
+ * endpoint, and health reporting.
+ *
+ * @param options - Optional SDK configuration. If omitted, uses the same
+ *   config as registerGlasstrace() (environment variables).
+ * @returns A BatchSpanProcessor wrapping a GlasstraceExporter with the
+ *   branded Symbol.for('glasstrace.exporter') for coexistence detection.
+ */
+declare function createGlasstraceSpanProcessor(options?: GlasstraceOptions): SpanProcessor;
+
+/**
+ * Manual error capture API.
+ *
+ * Provides a simple function for developers to manually record errors
+ * as span events, independent of the `consoleErrors` config flag.
+ */
+/**
+ * Records an error as a span event on the currently active OTel span.
+ *
+ * Works regardless of the `consoleErrors` configuration — this is an
+ * explicit, opt-in API for manual error reporting. If no span is active
+ * or OTel is not available, the call is silently ignored.
+ *
+ * On the first captured error, may display a one-time diagnostic nudge
+ * to stderr if the MCP connection marker is absent (dev environments only).
+ *
+ * @param error - The error to capture. Accepts `Error` objects, strings, or any value.
+ *
+ * @example
+ * ```ts
+ * import { captureError } from "@glasstrace/sdk";
+ *
+ * try {
+ *   await riskyOperation();
+ * } catch (err) {
+ *   captureError(err);
+ *   // handle error normally...
+ * }
+ * ```
+ */
+declare function captureError(error: unknown): void;
+
+export { type FetchTarget as F, GlasstraceExporter as G, type InitClaimResult as I, type ResolvedConfig as R, type GlasstraceExporterOptions as a, classifyFetchTarget as b, captureError as c, createGlasstraceSpanProcessor as d, getDiscoveryHandler as e, getLinkedAccountId as f, getActiveConfig as g, getOrCreateAnonKey as h, getStatus as i, isAnonymousMode as j, isProductionDisabled as k, isReady as l, loadCachedConfig as m, readEnvVars as n, registerGlasstrace as o, performInit as p, resolveConfig as q, readAnonKey as r, saveCachedConfig as s, sendInitRequest as t, withGlasstraceConfig as u, waitForReady as w };

package/dist/{chunk-XS5W3SPL.js → chunk-4WI7B5FQ.js}

@@ -13802,7 +13802,18 @@ var CaptureConfigSchema = external_exports.object({
   fullConsoleOutput: external_exports.boolean(),
   importGraph: external_exports.boolean(),
   consoleErrors: external_exports.boolean().optional().default(false),
-  errorResponseBodies: external_exports.boolean().optional().default(false)
+  errorResponseBodies: external_exports.boolean().optional().default(false),
+  /**
+   * Account opt-in for side-effect evidence emission (SDK-049).
+   *
+   * When `false` (default), `recordSideEffect()` is a silent no-op:
+   * no allowlist evaluation runs and no `glasstrace.side_effect.*`
+   * attribute reaches the wire. When `true`, allowlisted side-effect
+   * metadata is attached to the active OTel span subject to the
+   * client-side allowlist enforcement layered with the product's
+   * storage-time filter as defense-in-depth.
+   */
+  sideEffectEvidence: external_exports.boolean().optional().default(false)
 });
 var SdkCachedConfigSchema = external_exports.object({
   response: external_exports.record(external_exports.string(), external_exports.unknown()),
@@ -13862,7 +13873,37 @@ var GLASSTRACE_ATTRIBUTE_NAMES = {
   TRIGGER_TYPE: "glasstrace.trigger.type",
   ELEMENT_FINGERPRINT: "glasstrace.element.fingerprint",
   ELEMENT_CONFIDENCE: "glasstrace.element.confidence",
-  TAB_ID: "glasstrace.tab.id"
+  TAB_ID: "glasstrace.tab.id",
+  // Side-effect evidence (SDK-049 / SCHEMA-036).
+  // Top-level operation attributes attached to the active span when a
+  // side-effect is recorded via `recordSideEffect()`. The wire-string
+  // set aligns verbatim with the product-side filter in
+  // `packages/ingestion/src/services/trace-writer.ts`.
+  SIDE_EFFECT_KIND: "glasstrace.side_effect.kind",
+  SIDE_EFFECT_OPERATION: "glasstrace.side_effect.operation",
+  SIDE_EFFECT_STATUS: "glasstrace.side_effect.status",
+  SIDE_EFFECT_PHASE: "glasstrace.side_effect.phase",
+  // Allowlisted semantic field attributes — one per allowlisted key.
+  // Wire keys are camelCase to match the SCHEMA-036 enum members
+  // exactly; the SDK constant names are SCREAMING_SNAKE per the rest
+  // of GLASSTRACE_ATTRIBUTE_NAMES.
+  SIDE_EFFECT_FIELD_TEMPLATE_KEY: "glasstrace.side_effect.field.templateKey",
+  SIDE_EFFECT_FIELD_PROVIDER_OPERATION: "glasstrace.side_effect.field.providerOperation",
+  SIDE_EFFECT_FIELD_ROLE: "glasstrace.side_effect.field.role",
+  SIDE_EFFECT_FIELD_LOCALE: "glasstrace.side_effect.field.locale",
+  SIDE_EFFECT_FIELD_TIMEZONE: "glasstrace.side_effect.field.timezone",
+  SIDE_EFFECT_FIELD_STATUS: "glasstrace.side_effect.field.status",
+  SIDE_EFFECT_FIELD_PHASE: "glasstrace.side_effect.field.phase",
+  // Omission reason attributes — one per allowlisted reason. The
+  // attribute value carries an integer count; the rejected value is
+  // never echoed.
+  SIDE_EFFECT_OMITTED_PII: "glasstrace.side_effect.omitted.pii",
+  SIDE_EFFECT_OMITTED_SECRET: "glasstrace.side_effect.omitted.secret",
+  SIDE_EFFECT_OMITTED_RAW_PAYLOAD: "glasstrace.side_effect.omitted.raw_payload",
+  SIDE_EFFECT_OMITTED_UNSUPPORTED_KEY: "glasstrace.side_effect.omitted.unsupported_key",
+  SIDE_EFFECT_OMITTED_VALUE_TOO_LONG: "glasstrace.side_effect.omitted.value_too_long",
+  SIDE_EFFECT_OMITTED_NOT_EMITTED: "glasstrace.side_effect.omitted.not_emitted",
+  SIDE_EFFECT_OMITTED_CAPTURE_DISABLED: "glasstrace.side_effect.omitted.capture_disabled"
 };
 var DEFAULT_CAPTURE_CONFIG = {
   requestBodies: false,
@@ -13871,7 +13912,8 @@ var DEFAULT_CAPTURE_CONFIG = {
   fullConsoleOutput: false,
   importGraph: false,
   consoleErrors: false,
-  errorResponseBodies: false
+  errorResponseBodies: false,
+  sideEffectEvidence: false
 };
 var MAX_SOURCE_MAP_FILE_PATH_LENGTH = 512;
 var MAX_SOURCE_MAP_FILE_SIZE = 50 * 1024 * 1024;
@@ -14137,6 +14179,45 @@ function deriveSessionId(apiKey, origin, date5, windowIndex) {
   const digest = sha256Hex(input).slice(0, 16);
   return SessionIdSchema.parse(digest);
 }
+var SIDE_EFFECT_OPERATION_KINDS = [
+  "email",
+  "calendar_link",
+  "webhook",
+  "external_api",
+  "queue",
+  "after_callback"
+];
+var SIDE_EFFECT_SEMANTIC_FIELD_KEYS = [
+  "templateKey",
+  "providerOperation",
+  "role",
+  "locale",
+  "timezone",
+  "status",
+  "phase"
+];
+var SIDE_EFFECT_OMISSION_REASONS = [
+  "pii",
+  "secret",
+  "raw_payload",
+  "unsupported_key",
+  "value_too_long",
+  "not_emitted",
+  "capture_disabled"
+];
+var SIDE_EFFECT_OPERATION_STATUSES = [
+  "scheduled",
+  "started",
+  "succeeded",
+  "failed",
+  "unknown"
+];
+var SIDE_EFFECT_OPERATION_PHASES = [
+  "request",
+  "post_response",
+  "background",
+  "unknown"
+];
 
 export {
   DevApiKeySchema,
@@ -14150,6 +14231,11 @@ export {
   SourceMapUploadResponseSchema,
   PresignedUploadResponseSchema,
   SourceMapManifestResponseSchema,
-  deriveSessionId
+  deriveSessionId,
+  SIDE_EFFECT_OPERATION_KINDS,
+  SIDE_EFFECT_SEMANTIC_FIELD_KEYS,
+  SIDE_EFFECT_OMISSION_REASONS,
+  SIDE_EFFECT_OPERATION_STATUSES,
+  SIDE_EFFECT_OPERATION_PHASES
 };
-//# sourceMappingURL=chunk-XS5W3SPL.js.map
+//# sourceMappingURL=chunk-4WI7B5FQ.js.map