@hasna/logs 0.3.25 → 0.3.27

package/dist/{index-p1vgwwsz.js → index-bnr19y0h.js}

@@ -2,16 +2,25 @@
 import {
   getPage,
   ingestBatch,
+  ingestLog,
   listPages,
+  redactString,
+  redactValue,
   saveSnapshot,
   touchPage
-} from "./index-5cj74qka.js";
+} from "./index-p4dbdzx4.js";
+import {
+  getEventStoreDataDir
+} from "./index-t3x838zw.js";
 import {
   createScanRun,
   finishScanRun,
   listJobs,
   updateJob
-} from "./index-3dr7d80h.js";
+} from "./index-e1930v9b.js";
+import {
+  sqlBindings
+} from "./index-b5c72f1p.js";
 import {
   __commonJS,
   __require,
@@ -894,7 +903,7 @@ var require_scheduled_task = __commonJS((exports, module) => {
 
 // node_modules/node-cron/src/background-scheduled-task/index.js
 var require_background_scheduled_task = __commonJS((exports, module) => {
-  var __dirname = "/tmp/hasna-webhooks-all-1781605110/open-logs/node_modules/node-cron/src/background-scheduled-task";
+  var __dirname = "/home/hasna/Workspace/hasna/opensource/open-logs/node_modules/node-cron/src/background-scheduled-task";
   var EventEmitter = __require("events");
   var path = __require("path");
   var { fork } = __require("child_process");
@@ -1018,23 +1027,23 @@ var TTL_BY_LEVEL = {
   fatal: "error_ttl_hours"
 };
 function runRetentionForProject(db, projectId) {
-  const project = db.prepare("SELECT * FROM projects WHERE id = $id").get({ $id: projectId });
+  const project = db.prepare("SELECT * FROM projects WHERE id = $id").get(sqlBindings({ $id: projectId }));
   if (!project)
     return { deleted: 0 };
   let deleted = 0;
   for (const [level, configKey] of Object.entries(TTL_BY_LEVEL)) {
     const ttlHours = project[configKey];
     const cutoff = new Date(Date.now() - ttlHours * 3600 * 1000).toISOString();
-    const before = db.prepare("SELECT COUNT(*) as c FROM logs WHERE project_id = $p AND level = $level AND timestamp < $cutoff").get({ $p: projectId, $level: level, $cutoff: cutoff }).c;
+    const before = db.prepare("SELECT COUNT(*) as c FROM logs WHERE project_id = $p AND level = $level AND timestamp < $cutoff").get(sqlBindings({ $p: projectId, $level: level, $cutoff: cutoff })).c;
     if (before > 0) {
-      db.prepare("DELETE FROM logs WHERE project_id = $p AND level = $level AND timestamp < $cutoff").run({ $p: projectId, $level: level, $cutoff: cutoff });
+      db.prepare("DELETE FROM logs WHERE project_id = $p AND level = $level AND timestamp < $cutoff").run(sqlBindings({ $p: projectId, $level: level, $cutoff: cutoff }));
       deleted += before;
     }
   }
-  const total = db.prepare("SELECT COUNT(*) as c FROM logs WHERE project_id = $p").get({ $p: projectId }).c;
+  const total = db.prepare("SELECT COUNT(*) as c FROM logs WHERE project_id = $p").get(sqlBindings({ $p: projectId })).c;
   if (total > project.max_rows) {
     const toDelete = total - project.max_rows;
-    db.prepare(`DELETE FROM logs WHERE id IN (SELECT id FROM logs WHERE project_id = $p ORDER BY timestamp ASC LIMIT ${toDelete})`).run({ $p: projectId });
+    db.prepare("DELETE FROM logs WHERE id IN (SELECT id FROM logs WHERE project_id = $p ORDER BY timestamp ASC LIMIT $limit)").run(sqlBindings({ $p: projectId, $limit: toDelete }));
     deleted += toDelete;
   }
   return { deleted };
@@ -1053,44 +1062,128 @@ function setRetentionPolicy(db, projectId, config) {
     return;
   const params = Object.fromEntries(Object.entries(config).map(([k, v]) => [`$${k}`, v]));
   params.$id = projectId;
-  db.prepare(`UPDATE projects SET ${fields} WHERE id = $id`).run(params);
+  db.prepare(`UPDATE projects SET ${fields} WHERE id = $id`).run(sqlBindings(params));
 }
 
 // src/lib/page-auth.ts
-import { createCipheriv, createDecipheriv, randomBytes } from "crypto";
-var SECRET_KEY = Buffer.from((process.env.LOGS_SECRET_KEY ?? "open-logs-default-key-32bytesXXX").padEnd(32).slice(0, 32));
-function encrypt(text) {
-  const iv = randomBytes(16);
-  const cipher = createCipheriv("aes-256-cbc", SECRET_KEY, iv);
-  const encrypted = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
-  return iv.toString("hex") + ":" + encrypted.toString("hex");
+import {
+  createCipheriv,
+  createDecipheriv,
+  createHash,
+  randomBytes
+} from "crypto";
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync
+} from "fs";
+import { join } from "path";
+var LOCAL_PAGE_AUTH_SECRET_FILE = "page-auth.key";
+function encrypt(db, text) {
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", pageAuthSecretKey(db), iv);
+  const encrypted = Buffer.concat([
+    cipher.update(text, "utf8"),
+    cipher.final()
+  ]);
+  return [
+    "v2",
+    iv.toString("hex"),
+    cipher.getAuthTag().toString("hex"),
+    encrypted.toString("hex")
+  ].join(":");
 }
-function decrypt(text) {
-  const [ivHex, encHex] = text.split(":");
+function decrypt(db, text) {
+  const parts = text.split(":");
+  if (parts[0] === "v2") {
+    const [, ivHex2, tagHex, encHex2] = parts;
+    if (!ivHex2 || !tagHex || !encHex2)
+      throw new Error("Invalid page auth secret format");
+    const decipher2 = createDecipheriv("aes-256-gcm", pageAuthSecretKey(db), Buffer.from(ivHex2, "hex"));
+    decipher2.setAuthTag(Buffer.from(tagHex, "hex"));
+    return Buffer.concat([
+      decipher2.update(Buffer.from(encHex2, "hex")),
+      decipher2.final()
+    ]).toString("utf8");
+  }
+  const [ivHex, encHex] = parts;
   if (!ivHex || !encHex)
     return text;
-  const iv = Buffer.from(ivHex, "hex");
-  const enc = Buffer.from(encHex, "hex");
-  const decipher = createDecipheriv("aes-256-cbc", SECRET_KEY, iv);
-  return Buffer.concat([decipher.update(enc), decipher.final()]).toString("utf8");
+  const decipher = createDecipheriv("aes-256-cbc", legacyPageAuthSecretKey(db), Buffer.from(ivHex, "hex"));
+  return Buffer.concat([
+    decipher.update(Buffer.from(encHex, "hex")),
+    decipher.final()
+  ]).toString("utf8");
 }
 function setPageAuth(db, pageId, type, credentials) {
-  const encrypted = encrypt(credentials);
+  const encrypted = encrypt(db, credentials);
   return db.prepare(`
     INSERT INTO page_auth (page_id, type, credentials)
     VALUES ($page_id, $type, $credentials)
     ON CONFLICT(page_id) DO UPDATE SET type = excluded.type, credentials = excluded.credentials
     RETURNING *
-  `).get({ $page_id: pageId, $type: type, $credentials: encrypted });
+  `).get(sqlBindings({
+    $page_id: pageId,
+    $type: type,
+    $credentials: encrypted
+  }));
 }
 function getPageAuth(db, pageId) {
-  const row = db.prepare("SELECT * FROM page_auth WHERE page_id = $id").get({ $id: pageId });
+  const row = db.prepare("SELECT * FROM page_auth WHERE page_id = $id").get(sqlBindings({ $id: pageId }));
   if (!row)
     return null;
-  return { type: row.type, credentials: decrypt(row.credentials) };
+  return { type: row.type, credentials: decrypt(db, row.credentials) };
 }
 function deletePageAuth(db, pageId) {
-  db.run("DELETE FROM page_auth WHERE page_id = $id", { $id: pageId });
+  db.prepare("DELETE FROM page_auth WHERE page_id = $id").run(sqlBindings({ $id: pageId }));
+}
+function pageAuthSecretKey(db) {
+  const secret = pageAuthSecret(db);
+  if (/^[a-f0-9]{64}$/i.test(secret))
+    return Buffer.from(secret, "hex");
+  return createHash("sha256").update(secret).digest();
+}
+function legacyPageAuthSecretKey(db) {
+  return Buffer.from(pageAuthSecret(db).padEnd(32).slice(0, 32));
+}
+function pageAuthSecret(db) {
+  const secret = process.env.HASNA_LOGS_SECRET_KEY?.trim() || process.env.LOGS_SECRET_KEY?.trim();
+  if (!secret)
+    return readOrCreateLocalPageAuthSecret(db);
+  if (secret.length < 32) {
+    throw new Error("Page auth secret must be at least 32 characters. Generate one with: openssl rand -hex 32");
+  }
+  return secret;
+}
+function readOrCreateLocalPageAuthSecret(db) {
+  const dataDir = getEventStoreDataDir(db);
+  const secretPath = join(dataDir, LOCAL_PAGE_AUTH_SECRET_FILE);
+  mkdirSync(dataDir, { recursive: true });
+  if (existsSync(secretPath))
+    return readLocalPageAuthSecret(secretPath);
+  const secret = randomBytes(32).toString("hex");
+  try {
+    writeFileSync(secretPath, `${secret}
+`, {
+      encoding: "utf8",
+      flag: "wx",
+      mode: 384
+    });
+  } catch (error) {
+    if (error.code !== "EEXIST")
+      throw error;
+  }
+  chmodSync(secretPath, 384);
+  return readLocalPageAuthSecret(secretPath);
+}
+function readLocalPageAuthSecret(secretPath) {
+  const secret = readFileSync(secretPath, "utf8").trim();
+  if (secret.length < 32) {
+    throw new Error(`Page auth secret file ${secretPath} must contain at least 32 characters.`);
+  }
+  return secret;
 }
 
 // src/lib/scanner.ts
@@ -1111,12 +1204,20 @@ async function scanPage(db, projectId, pageId, urlOverride) {
     } catch {}
   } else if (auth?.type === "basic") {
     const [username, password] = auth.credentials.split(":");
-    contextOptions.httpCredentials = { username: username ?? "", password: password ?? "" };
+    contextOptions.httpCredentials = {
+      username: username ?? "",
+      password: password ?? ""
+    };
   }
   const context = await browser.newContext(contextOptions);
   if (auth?.type === "bearer") {
     await context.route("**/*", (route) => {
-      route.continue({ headers: { ...route.request().headers(), Authorization: `Bearer ${auth.credentials}` } });
+      route.continue({
+        headers: {
+          ...route.request().headers(),
+          Authorization: `Bearer ${auth.credentials}`
+        }
+      });
     });
   }
   const browserPage = await context.newPage();
@@ -1157,17 +1258,18 @@ async function scanPage(db, projectId, pageId, urlOverride) {
       url
     });
   });
-  let perfScore = null;
+  const perfScore = null;
   try {
     await browserPage.goto(url, { waitUntil: "networkidle", timeout: 30000 });
     try {
       const metrics = await browserPage.evaluate(() => {
-        const nav = performance.getEntriesByType("navigation")[0];
-        const paint = performance.getEntriesByName("first-contentful-paint")[0];
+        const perf = globalThis.performance;
+        const nav = perf.getEntriesByType("navigation")[0];
+        const paint = perf.getEntriesByName("first-contentful-paint")[0];
         return {
-          ttfb: nav ? nav.responseStart - nav.requestStart : null,
+          ttfb: nav?.responseStart !== undefined && nav.requestStart !== undefined ? nav.responseStart - nav.requestStart : null,
           fcp: paint?.startTime ?? null,
-          domLoad: nav ? nav.domContentLoadedEventEnd - nav.startTime : null
+          domLoad: nav?.domContentLoadedEventEnd !== undefined && nav.startTime !== undefined ? nav.domContentLoadedEventEnd - nav.startTime : null
         };
       });
       if (metrics.fcp !== null || metrics.ttfb !== null) {
@@ -1212,7 +1314,7 @@ function startScheduler(db) {
 }
 function scheduleJob(db, jobId, schedule, projectId, pageId) {
   if (tasks.has(jobId))
-    tasks.get(jobId).stop();
+    tasks.get(jobId)?.stop();
   const task = import_node_cron.default.schedule(schedule, async () => {
     await runJob(db, jobId, projectId, pageId);
   });
@@ -1231,11 +1333,468 @@ async function runJob(db, jobId, projectId, pageId) {
         perf_score: result.perfScore ?? undefined
       });
     } catch (err) {
-      finishScanRun(db, run.id, { status: "failed", logs_collected: 0, errors_found: 0 });
+      finishScanRun(db, run.id, {
+        status: "failed",
+        logs_collected: 0,
+        errors_found: 0
+      });
       console.error(`Scan failed for page ${page.id}:`, err);
     }
   }));
   updateJob(db, jobId, { last_run_at: new Date().toISOString() });
 }
 
-export { runRetentionForProject, setRetentionPolicy, setPageAuth, deletePageAuth, startScheduler, runJob };
+// src/lib/structured-logs.ts
+import { createHash as createHash2 } from "crypto";
+var STRUCTURED_LOG_SOURCES = new Set([
+  "sdk",
+  "script",
+  "scanner",
+  "browser",
+  "node",
+  "bun",
+  "next",
+  "vite",
+  "cli",
+  "build",
+  "test",
+  "mcp",
+  "agent",
+  "otel",
+  "system",
+  "pino",
+  "winston",
+  "structured"
+]);
+var PINO_LEVELS = new Map([
+  [10, "debug"],
+  [20, "debug"],
+  [30, "info"],
+  [40, "warn"],
+  [50, "error"],
+  [60, "fatal"]
+]);
+var WINSTON_NUMERIC_LEVELS = new Map([
+  [0, "error"],
+  [1, "warn"],
+  [2, "info"],
+  [3, "info"],
+  [4, "debug"],
+  [5, "debug"],
+  [6, "debug"]
+]);
+var STRING_LEVELS = new Map([
+  ["trace", "debug"],
+  ["debug", "debug"],
+  ["silly", "debug"],
+  ["verbose", "debug"],
+  ["http", "info"],
+  ["info", "info"],
+  ["notice", "info"],
+  ["warn", "warn"],
+  ["warning", "warn"],
+  ["error", "error"],
+  ["err", "error"],
+  ["fatal", "fatal"],
+  ["crit", "fatal"],
+  ["critical", "fatal"],
+  ["panic", "fatal"]
+]);
+function validateStructuredLogReferences(db, entries) {
+  for (let index = 0;index < entries.length; index += 1) {
+    const entry = entries[index];
+    if (!entry)
+      continue;
+    if (entry.project_id && !projectExists(db, entry.project_id)) {
+      throw new Error(`entry[${index}].project_id does not exist`);
+    }
+    if (entry.page_id) {
+      const page = pageProject(db, entry.page_id);
+      if (!page)
+        throw new Error(`entry[${index}].page_id does not exist`);
+      if (entry.project_id && page.project_id !== entry.project_id) {
+        throw new Error(`entry[${index}].page_id does not belong to entry[${index}].project_id`);
+      }
+    }
+  }
+}
+function structuredLogPayloadToEntries(payload, options = {}) {
+  if (Array.isArray(payload)) {
+    return {
+      entries: payload.map((record, index) => structuredLogToEntry(record, options, { index })),
+      batch: true
+    };
+  }
+  if (isRecord(payload) && Array.isArray(payload.logs)) {
+    const envelope = payload;
+    const logs = envelope.logs;
+    const envelopeOptions = optionsFromEnvelope(envelope, options);
+    return {
+      entries: logs.map((record, index) => structuredLogToEntry(record, envelopeOptions, { index })),
+      batch: true
+    };
+  }
+  return {
+    entries: [structuredLogToEntry(payload, options)],
+    batch: false
+  };
+}
+function parseStructuredJsonLines(input, options = {}, source = "jsonl") {
+  const entries = [];
+  const lines = input.split(/\r?\n/);
+  for (let index = 0;index < lines.length; index += 1) {
+    const line = lines[index]?.trim();
+    if (!line)
+      continue;
+    let parsed;
+    try {
+      parsed = JSON.parse(line);
+    } catch (error) {
+      throw new Error(`line ${index + 1}: invalid JSON (${errorMessage(error)})`);
+    }
+    entries.push(structuredLogToEntry(parsed, options, {
+      index: entries.length,
+      line: index + 1,
+      source
+    }));
+  }
+  return entries;
+}
+function ingestStructuredJsonLines(db, input, options = {}, source = "jsonl") {
+  const entries = parseStructuredJsonLines(input, options, source);
+  validateStructuredLogReferences(db, entries);
+  return entries.map((entry) => ingestLog(db, entry));
+}
+function structuredLogToEntry(value, options = {}, position = {}) {
+  if (!isRecord(value)) {
+    throw new Error("structured log record must be an object");
+  }
+  const format = detectFormat(value, normalizeFormat(options.format ?? "auto"));
+  const message = messageFromRecord(value);
+  const level = levelFromRecord(value, format);
+  const eventTime = timestampFromRecord(value);
+  const producerEventId = producerId(value);
+  const idRecord = redactedRecordForId(value);
+  const sourceEventId = structuredSourceEventId(idRecord, format, producerEventId, position, options.source_event_prefix);
+  const source = options.source ?? defaultSource(format);
+  assertSupportedSource(source);
+  const service = firstString([
+    options.service,
+    stringValue(value.service),
+    stringPath(value, ["service", "name"]),
+    stringValue(value.name),
+    stringValue(value.logger),
+    stringPath(value, ["logger", "name"])
+  ]);
+  const traceId = firstString([
+    options.trace_id,
+    stringValue(value.trace_id),
+    stringValue(value.traceId),
+    stringPath(value, ["trace", "id"]),
+    stringPath(value, ["otel", "trace_id"]),
+    stringValue(value["dd.trace_id"])
+  ]);
+  const spanId = firstString([
+    options.span_id,
+    stringValue(value.span_id),
+    stringValue(value.spanId),
+    stringPath(value, ["span", "id"]),
+    stringPath(value, ["otel", "span_id"]),
+    stringValue(value["dd.span_id"])
+  ]);
+  const metadata = compactObject({
+    ...options.metadata ?? {},
+    structured_log: compactObject({
+      format,
+      source,
+      producer_event_id: redactedProducerId(producerEventId),
+      position: compactObject({ ...position }),
+      level_raw: value.level ?? value.severity ?? value.severityText,
+      time_raw: value.time ?? value.timestamp ?? value["@timestamp"] ?? value.datetime ?? value.date,
+      logger: firstString([
+        stringValue(value.name),
+        stringValue(value.logger),
+        stringPath(value, ["logger", "name"])
+      ]),
+      pid: numberOrString(value.pid) ?? numberOrString(isRecord(value.process) ? value.process.pid : undefined),
+      hostname: stringValue(value.hostname) ?? stringPath(value, ["host", "name"]),
+      original: value
+    })
+  });
+  return compactObject({
+    id: sourceEventId ? `log_struct_${stableHash(sourceEventId).slice(0, 32)}` : undefined,
+    timestamp: eventTime,
+    source_event_id: sourceEventId,
+    project_id: options.project_id ?? stringValue(value.project_id),
+    page_id: options.page_id ?? stringValue(value.page_id),
+    level,
+    source,
+    service,
+    message,
+    privacy: options.privacy,
+    machine_id: options.machine_id ?? stringValue(value.machine_id) ?? stringPath(value, ["host", "id"]) ?? stringValue(value.hostname) ?? stringPath(value, ["host", "name"]),
+    repo_id: options.repo_id ?? stringValue(value.repo_id),
+    app_id: options.app_id ?? stringValue(value.app_id) ?? stringPath(value, ["service", "name"]) ?? service,
+    process_id: options.process_id ?? stringValue(value.process_id),
+    run_id: options.run_id ?? stringValue(value.run_id),
+    trace_id: traceId,
+    span_id: spanId,
+    parent_span_id: options.parent_span_id ?? stringValue(value.parent_span_id) ?? stringValue(value.parentSpanId),
+    session_id: options.session_id ?? stringValue(value.session_id) ?? stringValue(value.sessionId),
+    release_id: options.release_id ?? stringValue(value.release_id) ?? stringValue(value.release) ?? stringValue(value.version),
+    environment: options.environment ?? stringValue(value.environment) ?? stringValue(value.env) ?? stringPath(value, ["deployment", "environment"]),
+    agent: options.agent ?? stringValue(value.agent),
+    url: options.url ?? stringValue(value.url) ?? stringPath(value, ["request", "url"]) ?? stringPath(value, ["req", "url"]),
+    stack_trace: stringValue(value.stack) ?? stringPath(value, ["err", "stack"]) ?? stringPath(value, ["error", "stack"]) ?? stringPath(value, ["exception", "stacktrace"]),
+    metadata
+  });
+}
+function optionsFromEnvelope(envelope, defaults) {
+  return compactObject({
+    ...defaults,
+    format: formatValue(envelope.format) ?? defaults.format,
+    source: sourceValue(envelope.source) ?? defaults.source,
+    service: stringValue(envelope.service) ?? defaults.service,
+    project_id: stringValue(envelope.project_id) ?? defaults.project_id,
+    page_id: stringValue(envelope.page_id) ?? defaults.page_id,
+    machine_id: stringValue(envelope.machine_id) ?? defaults.machine_id,
+    repo_id: stringValue(envelope.repo_id) ?? defaults.repo_id,
+    app_id: stringValue(envelope.app_id) ?? defaults.app_id,
+    process_id: stringValue(envelope.process_id) ?? defaults.process_id,
+    run_id: stringValue(envelope.run_id) ?? defaults.run_id,
+    trace_id: stringValue(envelope.trace_id) ?? defaults.trace_id,
+    span_id: stringValue(envelope.span_id) ?? defaults.span_id,
+    parent_span_id: stringValue(envelope.parent_span_id) ?? defaults.parent_span_id,
+    session_id: stringValue(envelope.session_id) ?? defaults.session_id,
+    release_id: stringValue(envelope.release_id) ?? defaults.release_id,
+    environment: stringValue(envelope.environment) ?? defaults.environment,
+    agent: stringValue(envelope.agent) ?? defaults.agent,
+    url: stringValue(envelope.url) ?? defaults.url,
+    source_event_prefix: stringValue(envelope.source_event_prefix) ?? defaults.source_event_prefix,
+    metadata: metadataValue(envelope.metadata) ?? defaults.metadata
+  });
+}
+function detectFormat(value, requested) {
+  if (requested !== "auto")
+    return requested;
+  if (typeof value.level === "number" || "msg" in value)
+    return "pino";
+  if (typeof value.level === "string" && "message" in value)
+    return "winston";
+  return "json";
+}
+function normalizeFormat(value) {
+  if (value === "auto" || value === "pino" || value === "winston" || value === "json") {
+    return value;
+  }
+  throw new Error("format must be auto, pino, winston, or json");
+}
+function defaultSource(format) {
+  if (format === "pino")
+    return "pino";
+  if (format === "winston")
+    return "winston";
+  return "structured";
+}
+function levelFromRecord(value, format) {
+  const raw = value.level ?? value.severity ?? value.severityText;
+  if (raw === undefined || raw === null || raw === "")
+    return "info";
+  if (typeof raw === "number") {
+    const mapped = format === "winston" ? WINSTON_NUMERIC_LEVELS.get(raw) : PINO_LEVELS.get(raw) ?? WINSTON_NUMERIC_LEVELS.get(raw);
+    if (mapped)
+      return mapped;
+    throw new Error(`unsupported numeric log level: ${raw}`);
+  }
+  if (typeof raw === "string") {
+    const numeric = Number(raw);
+    if (Number.isFinite(numeric) && raw.trim() !== "") {
+      return levelFromRecord({ level: numeric }, format);
+    }
+    const mapped = STRING_LEVELS.get(raw.toLowerCase());
+    if (mapped)
+      return mapped;
+  }
+  throw new Error(`unsupported log level: ${String(raw)}`);
+}
+function messageFromRecord(value) {
+  const raw = value.msg ?? value.message ?? value.body ?? stringPath(value, ["err", "message"]) ?? stringPath(value, ["error", "message"]);
+  const message = messageValue(raw);
+  if (!message)
+    throw new Error("structured log record must include msg or message");
+  return message;
+}
+function messageValue(value) {
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? value : null;
+  }
+  if (typeof value === "number" || typeof value === "bigint" || typeof value === "boolean") {
+    return String(value);
+  }
+  if (value && typeof value === "object") {
+    return stableStringify(value);
+  }
+  return null;
+}
+function timestampFromRecord(value) {
+  const raw = value.time ?? value.timestamp ?? value["@timestamp"] ?? value.datetime ?? value.date;
+  if (raw === undefined || raw === null || raw === "")
+    return;
+  const timestamp = timestampValue(raw);
+  if (!timestamp)
+    throw new Error(`unsupported timestamp: ${String(raw)}`);
+  return timestamp;
+}
+function timestampValue(value) {
+  if (typeof value === "number")
+    return epochNumberToIso(value);
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (!trimmed)
+      return null;
+    const numeric = Number(trimmed);
+    if (Number.isFinite(numeric))
+      return epochNumberToIso(numeric);
+    const parsed = new Date(trimmed);
+    if (!Number.isNaN(parsed.getTime()))
+      return parsed.toISOString();
+  }
+  return null;
+}
+function epochNumberToIso(value) {
+  if (!Number.isFinite(value))
+    return null;
+  let milliseconds = value;
+  if (value > 10000000000000000) {
+    milliseconds = value / 1e6;
+  } else if (value > 10000000000000) {
+    milliseconds = value / 1000;
+  } else if (value < 10000000000) {
+    milliseconds = value * 1000;
+  }
+  const date = new Date(milliseconds);
+  return Number.isNaN(date.getTime()) ? null : date.toISOString();
+}
+function producerId(value) {
+  return firstString([
+    stringValue(value.id),
+    stringValue(value.event_id),
+    stringValue(value.eventId),
+    stringValue(value.source_event_id),
+    stringValue(value.log_id),
+    stringValue(value.logId),
+    stringValue(value._open_logs_event_id)
+  ]) ?? null;
+}
+function structuredSourceEventId(value, format, producerEventId, position, prefix = "structured") {
+  if (producerEventId) {
+    const redacted = redactString(producerEventId, "source_event_id");
+    if (!redacted.report.applied) {
+      return `${prefix}:${format}:producer:${stableHash(redacted.value)}`;
+    }
+  }
+  if (!hasPosition(position))
+    return;
+  return `${prefix}:${format}:${stableHash({
+    position,
+    timestamp: value.time ?? value.timestamp ?? value["@timestamp"] ?? value.datetime ?? value.date,
+    level: value.level ?? value.severity ?? value.severityText,
+    message: value.msg ?? value.message ?? value.body,
+    service: value.service ?? value.name ?? value.logger,
+    original: value
+  })}`;
+}
+function redactedProducerId(value) {
+  return value ? redactString(value, "metadata.structured_log.producer_event_id").value : undefined;
+}
+function redactedRecordForId(value) {
+  return redactValue(value, "structured_log_id").value;
+}
+function hasPosition(position) {
+  return position.index !== undefined || position.line !== undefined || position.source !== undefined;
+}
+function assertSupportedSource(source) {
+  if (!STRUCTURED_LOG_SOURCES.has(source)) {
+    throw new Error(`unsupported structured log source: ${source}`);
+  }
+}
+function formatValue(value) {
+  if (value === undefined)
+    return;
+  return normalizeFormat(value);
+}
+function sourceValue(value) {
+  if (value === undefined)
+    return;
+  const source = stringValue(value);
+  if (!source)
+    throw new Error("source must be a string");
+  assertSupportedSource(source);
+  return source;
+}
+function metadataValue(value) {
+  if (value === undefined)
+    return;
+  if (!isRecord(value))
+    throw new Error("metadata must be an object");
+  return value;
+}
+function stringValue(value) {
+  if (typeof value === "string" && value.length > 0)
+    return value;
+  if (typeof value === "number" || typeof value === "bigint")
+    return String(value);
+  return;
+}
+function numberOrString(value) {
+  if (typeof value === "number" && Number.isFinite(value))
+    return value;
+  if (typeof value === "string" && value.length > 0)
+    return value;
+  return;
+}
+function stringPath(value, path) {
+  let current = value;
+  for (const part of path) {
+    if (!isRecord(current))
+      return;
+    current = current[part];
+  }
+  return stringValue(current);
+}
+function firstString(values) {
+  return values.find((value) => typeof value === "string" && value.length > 0);
+}
+function compactObject(value) {
+  return Object.fromEntries(Object.entries(value).filter(([, item]) => item !== undefined));
+}
+function stableHash(value) {
+  return createHash2("sha256").update(stableStringify(value)).digest("hex");
+}
+function stableStringify(value) {
+  if (value === undefined)
+    return "undefined";
+  if (typeof value === "bigint")
+    return JSON.stringify(value.toString());
+  if (value === null || typeof value !== "object")
+    return JSON.stringify(value);
+  if (Array.isArray(value))
+    return `[${value.map(stableStringify).join(",")}]`;
+  return `{${Object.entries(value).sort(([left], [right]) => left.localeCompare(right)).map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`).join(",")}}`;
+}
+function isRecord(value) {
+  return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function projectExists(db, projectId) {
+  const row = db.prepare("SELECT id FROM projects WHERE id = ?").get(projectId);
+  return Boolean(row);
+}
+function pageProject(db, pageId) {
+  return db.prepare("SELECT project_id FROM pages WHERE id = ?").get(pageId);
+}
+
+export { runRetentionForProject, setRetentionPolicy, setPageAuth, deletePageAuth, startScheduler, runJob, validateStructuredLogReferences, structuredLogPayloadToEntries, ingestStructuredJsonLines, structuredLogToEntry };