@hasna/logs 0.3.26 → 0.3.27

package/dist/index-p4dbdzx4.js

@@ -0,0 +1,1849 @@
+// @bun
+import {
+  appendRawEvent,
+  getEventRecord,
+  indexRawEvent,
+  readRawEvent,
+  sanitizeSourceMapArtifactRecord,
+  sanitizeSourceMapContextRecord,
+  sanitizeSourceMapIdentifierValue,
+  sanitizeSourceMapTelemetry,
+  sanitizedTestReportMetadata,
+  sourceMapFallbackIdentifier,
+  upsertIssue,
+  upsertSourceMapProjection,
+  upsertTestReportProjection,
+  withEventStoreLock
+} from "./index-t3x838zw.js";
+import {
+  sqlBindings
+} from "./index-b5c72f1p.js";
+import {
+  parseTime
+} from "./index-hq6kzaah.js";
+
+// src/lib/events.ts
+function searchEvents(db, query = {}) {
+  const { where, params } = buildEventWhere(query);
+  const limit = clampPositiveInt(query.limit, 100, query.max_limit ?? 1000);
+  const offset = clampNonNegativeInt(query.offset, 0);
+  const rows = db.query(`
+    SELECT *
+    FROM event_records
+    ${where}
+    ORDER BY event_time DESC, event_id DESC
+    LIMIT ? OFFSET ?
+  `).all(...params, limit, offset);
+  return rows.map((row) => materializeEvent(db, row, query.include_raw === true));
+}
+function getEvent(db, eventId, includeRaw = true) {
+  const record = getEventRecord(db, eventId);
+  return record ? materializeEvent(db, record, includeRaw) : null;
+}
+function exportEventsToJson(db, query, writeLine) {
+  writeLine("[");
+  let count = 0;
+  for (const event of searchEvents(db, {
+    ...query,
+    limit: query.limit ?? 1e5,
+    max_limit: 1e5
+  })) {
+    writeLine((count > 0 ? "," : "") + JSON.stringify(event));
+    count += 1;
+  }
+  writeLine("]");
+  return count;
+}
+function materializeEvent(db, record, includeRaw) {
+  const { metadata, ...rest } = record;
+  return {
+    ...rest,
+    metadata: parseMetadata(metadata),
+    raw: includeRaw ? readRawEvent(db, record) : undefined
+  };
+}
+function buildEventWhere(query) {
+  const conditions = [];
+  const params = [];
+  addScalar(conditions, params, "event_id", query.event_id);
+  addList(conditions, params, "event_type", query.event_type);
+  addList(conditions, params, "source", query.source);
+  addList(conditions, params, "severity", query.severity);
+  addScalar(conditions, params, "project_id", query.project_id);
+  addScalar(conditions, params, "page_id", query.page_id);
+  addScalar(conditions, params, "machine_id", query.machine_id);
+  addScalar(conditions, params, "repo_id", query.repo_id);
+  addScalar(conditions, params, "app_id", query.app_id);
+  addScalar(conditions, params, "process_id", query.process_id);
+  addScalar(conditions, params, "run_id", query.run_id);
+  addScalar(conditions, params, "trace_id", query.trace_id);
+  addScalar(conditions, params, "span_id", query.span_id);
+  addScalar(conditions, params, "session_id", query.session_id);
+  addScalar(conditions, params, "release_id", query.release_id);
+  addScalar(conditions, params, "environment", query.environment);
+  if (query.since) {
+    conditions.push("event_time >= ?");
+    params.push(parseTime(query.since) ?? query.since);
+  }
+  if (query.until) {
+    conditions.push("event_time <= ?");
+    params.push(parseTime(query.until) ?? query.until);
+  }
+  if (query.text) {
+    const needle = `%${escapeLike(query.text)}%`;
+    conditions.push("(event_id LIKE ? ESCAPE '\\' OR source_event_id LIKE ? ESCAPE '\\' OR message LIKE ? ESCAPE '\\' OR metadata LIKE ? ESCAPE '\\')");
+    params.push(needle, needle, needle, needle);
+  }
+  if (query.exclude_mcp_tool_telemetry) {
+    conditions.push("NOT (event_type = 'agent' AND source = 'mcp' AND metadata LIKE ?)");
+    params.push('%"category":"mcp_tool_call"%');
+  }
+  return {
+    where: conditions.length ? `WHERE ${conditions.join(" AND ")}` : "",
+    params
+  };
+}
+function addScalar(conditions, params, column, value) {
+  if (!value)
+    return;
+  conditions.push(`${column} = ?`);
+  params.push(value);
+}
+function addList(conditions, params, column, value) {
+  if (!value)
+    return;
+  const values = (Array.isArray(value) ? value : value.split(",")).map((item) => item.trim()).filter(Boolean);
+  if (values.length === 0)
+    return;
+  conditions.push(`${column} IN (${values.map(() => "?").join(",")})`);
+  params.push(...values);
+}
+function parseMetadata(value) {
+  if (!value)
+    return null;
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+function escapeLike(value) {
+  return value.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_");
+}
+function clampPositiveInt(value, fallback, max) {
+  if (!Number.isFinite(value) || value === undefined)
+    return fallback;
+  return Math.min(Math.max(1, Math.floor(value)), max);
+}
+function clampNonNegativeInt(value, fallback) {
+  if (!Number.isFinite(value) || value === undefined)
+    return fallback;
+  return Math.max(0, Math.floor(value));
+}
+
+// src/lib/alerts.ts
+function createAlertRule(db, data) {
+  return db.prepare(`
+    INSERT INTO alert_rules (project_id, name, service, level, threshold_count, window_seconds, action, webhook_url)
+    VALUES ($project_id, $name, $service, $level, $threshold_count, $window_seconds, $action, $webhook_url)
+    RETURNING *
+  `).get({
+    $project_id: data.project_id,
+    $name: data.name,
+    $service: data.service ?? null,
+    $level: data.level ?? "error",
+    $threshold_count: data.threshold_count ?? 10,
+    $window_seconds: data.window_seconds ?? 60,
+    $action: data.action ?? "webhook",
+    $webhook_url: data.webhook_url ?? null
+  });
+}
+function listAlertRules(db, projectId) {
+  if (projectId) {
+    return db.prepare("SELECT * FROM alert_rules WHERE project_id = $p ORDER BY created_at DESC").all(sqlBindings({ $p: projectId }));
+  }
+  return db.prepare("SELECT * FROM alert_rules ORDER BY created_at DESC").all();
+}
+function updateAlertRule(db, id, data) {
+  const fields = Object.keys(data).map((k) => `${k} = $${k}`).join(", ");
+  if (!fields)
+    return db.prepare("SELECT * FROM alert_rules WHERE id = $id").get(sqlBindings({ $id: id }));
+  const params = Object.fromEntries(Object.entries(data).map(([k, v]) => [`$${k}`, v]));
+  params.$id = id;
+  return db.prepare(`UPDATE alert_rules SET ${fields} WHERE id = $id RETURNING *`).get(sqlBindings(params));
+}
+function deleteAlertRule(db, id) {
+  db.prepare("DELETE FROM alert_rules WHERE id = $id").run(sqlBindings({ $id: id }));
+}
+async function evaluateAlerts(db, projectId, service, level) {
+  const rules = db.prepare(`
+    SELECT * FROM alert_rules
+    WHERE project_id = $p AND level = $level AND enabled = 1
+    AND ($service IS NULL OR service IS NULL OR service = $service)
+  `).all(sqlBindings({ $p: projectId, $level: level, $service: service }));
+  for (const rule of rules) {
+    const since = new Date(Date.now() - rule.window_seconds * 1000).toISOString();
+    const conditions = [
+      "project_id = $p",
+      "level = $level",
+      "timestamp >= $since"
+    ];
+    const params = {
+      $p: projectId,
+      $level: rule.level,
+      $since: since
+    };
+    if (rule.service) {
+      conditions.push("service = $service");
+      params.$service = rule.service;
+    }
+    const { count } = db.prepare(`SELECT COUNT(*) as count FROM logs WHERE ${conditions.join(" AND ")}`).get(sqlBindings(params));
+    if (count >= rule.threshold_count) {
+      await fireAlert(db, rule, count);
+    }
+  }
+}
+async function fireAlert(db, rule, count) {
+  if (rule.last_fired_at) {
+    const lastFired = new Date(rule.last_fired_at).getTime();
+    if (Date.now() - lastFired < rule.window_seconds * 1000)
+      return;
+  }
+  db.prepare("UPDATE alert_rules SET last_fired_at = strftime('%Y-%m-%dT%H:%M:%fZ','now') WHERE id = $id").run(sqlBindings({ $id: rule.id }));
+  const payload = {
+    alert: rule.name,
+    project_id: rule.project_id,
+    level: rule.level,
+    service: rule.service,
+    count,
+    threshold: rule.threshold_count,
+    window_seconds: rule.window_seconds,
+    fired_at: new Date().toISOString()
+  };
+  if (rule.action === "webhook" && rule.webhook_url) {
+    try {
+      await fetch(rule.webhook_url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(payload)
+      });
+    } catch (err) {
+      console.error(`Alert webhook failed for rule ${rule.id}:`, err);
+    }
+  } else {
+    console.warn(`[ALERT] ${rule.name}:`, JSON.stringify(payload));
+  }
+}
+
+// src/lib/ingest.ts
+import { randomBytes } from "crypto";
+
+// src/lib/event-bus.ts
+class LogEventBus {
+  bufferSize;
+  buffer = [];
+  subscribers = new Set;
+  sequence = 0;
+  constructor(bufferSize = readPositiveInt("HASNA_LOGS_STREAM_BUFFER_SIZE", 1000)) {
+    this.bufferSize = bufferSize;
+  }
+  publish(row) {
+    const event = {
+      kind: "log",
+      sequence: ++this.sequence,
+      id: row.id,
+      row,
+      created_at: new Date().toISOString()
+    };
+    this.buffer.push(event);
+    while (this.buffer.length > this.bufferSize)
+      this.buffer.shift();
+    for (const subscriber of this.subscribers) {
+      if (matchesLogFilter(row, subscriber.filter))
+        this.enqueue(subscriber, event);
+    }
+    return event;
+  }
+  subscribe(filter = {}, opts = {}) {
+    const subscriber = {
+      filter,
+      maxQueue: opts.maxQueue ?? readPositiveInt("HASNA_LOGS_STREAM_SUBSCRIBER_QUEUE", 500),
+      queue: [],
+      closed: false
+    };
+    this.subscribers.add(subscriber);
+    return {
+      [Symbol.asyncIterator]() {
+        return this;
+      },
+      next: () => this.next(subscriber),
+      return: async () => {
+        this.close(subscriber);
+        return { done: true, value: undefined };
+      }
+    };
+  }
+  hasBufferedLog(id) {
+    return this.buffer.some((event) => event.kind === "log" && event.id === id);
+  }
+  clearForTests() {
+    for (const subscriber of this.subscribers)
+      this.close(subscriber);
+    this.buffer = [];
+    this.sequence = 0;
+  }
+  enqueue(subscriber, event) {
+    if (subscriber.closed)
+      return;
+    if (subscriber.queue.length >= subscriber.maxQueue) {
+      const dropped = subscriber.queue.length;
+      subscriber.queue = [
+        {
+          kind: "overflow",
+          sequence: ++this.sequence,
+          dropped,
+          reason: "subscriber_queue_overflow",
+          created_at: new Date().toISOString()
+        }
+      ];
+    }
+    subscriber.queue.push(event);
+    if (subscriber.resolve) {
+      const resolve = subscriber.resolve;
+      subscriber.resolve = undefined;
+      const next = subscriber.queue.shift();
+      if (next)
+        resolve({ done: false, value: next });
+    }
+  }
+  next(subscriber) {
+    if (subscriber.closed)
+      return Promise.resolve({ done: true, value: undefined });
+    const next = subscriber.queue.shift();
+    if (next)
+      return Promise.resolve({ done: false, value: next });
+    return new Promise((resolve) => {
+      subscriber.resolve = resolve;
+    });
+  }
+  close(subscriber) {
+    if (subscriber.closed)
+      return;
+    subscriber.closed = true;
+    this.subscribers.delete(subscriber);
+    if (subscriber.resolve) {
+      const resolve = subscriber.resolve;
+      subscriber.resolve = undefined;
+      resolve({ done: true, value: undefined });
+    }
+  }
+}
+
+class EventCatalogBus {
+  bufferSize;
+  buffer = [];
+  subscribers = new Set;
+  sequence = 0;
+  constructor(bufferSize = readPositiveInt("HASNA_LOGS_STREAM_BUFFER_SIZE", 1000)) {
+    this.bufferSize = bufferSize;
+  }
+  publish(entry) {
+    const event = {
+      kind: "event",
+      sequence: ++this.sequence,
+      id: entry.event_id,
+      entry,
+      created_at: new Date().toISOString()
+    };
+    this.buffer.push(event);
+    while (this.buffer.length > this.bufferSize)
+      this.buffer.shift();
+    for (const subscriber of this.subscribers) {
+      if (matchesEventCatalogFilter(entry, subscriber.filter))
+        this.enqueue(subscriber, event);
+    }
+    return event;
+  }
+  subscribe(filter = {}, opts = {}) {
+    const subscriber = {
+      filter,
+      maxQueue: opts.maxQueue ?? readPositiveInt("HASNA_LOGS_STREAM_SUBSCRIBER_QUEUE", 500),
+      queue: [],
+      closed: false
+    };
+    this.subscribers.add(subscriber);
+    return {
+      [Symbol.asyncIterator]() {
+        return this;
+      },
+      next: () => this.next(subscriber),
+      return: async () => {
+        this.close(subscriber);
+        return { done: true, value: undefined };
+      }
+    };
+  }
+  hasBufferedEvent(id) {
+    return this.buffer.some((event) => event.kind === "event" && event.id === id);
+  }
+  clearForTests() {
+    for (const subscriber of this.subscribers)
+      this.close(subscriber);
+    this.buffer = [];
+    this.sequence = 0;
+  }
+  enqueue(subscriber, event) {
+    if (subscriber.closed)
+      return;
+    if (subscriber.queue.length >= subscriber.maxQueue) {
+      const dropped = subscriber.queue.length;
+      subscriber.queue = [
+        {
+          kind: "overflow",
+          sequence: ++this.sequence,
+          dropped,
+          reason: "subscriber_queue_overflow",
+          created_at: new Date().toISOString()
+        }
+      ];
+    }
+    subscriber.queue.push(event);
+    if (subscriber.resolve) {
+      const resolve = subscriber.resolve;
+      subscriber.resolve = undefined;
+      const next = subscriber.queue.shift();
+      if (next)
+        resolve({ done: false, value: next });
+    }
+  }
+  next(subscriber) {
+    if (subscriber.closed)
+      return Promise.resolve({ done: true, value: undefined });
+    const next = subscriber.queue.shift();
+    if (next)
+      return Promise.resolve({ done: false, value: next });
+    return new Promise((resolve) => {
+      subscriber.resolve = resolve;
+    });
+  }
+  close(subscriber) {
+    if (subscriber.closed)
+      return;
+    subscriber.closed = true;
+    this.subscribers.delete(subscriber);
+    if (subscriber.resolve) {
+      const resolve = subscriber.resolve;
+      subscriber.resolve = undefined;
+      resolve({ done: true, value: undefined });
+    }
+  }
+}
+var logEventBus = new LogEventBus;
+var eventCatalogBus = new EventCatalogBus;
+function publishLogEvent(row) {
+  return logEventBus.publish(row);
+}
+function publishEventCatalogEvent(entry) {
+  return eventCatalogBus.publish(entry);
+}
+function subscribeLogEvents(filter, opts) {
+  return logEventBus.subscribe(filter, opts);
+}
+function subscribeEventCatalogEvents(filter, opts) {
+  return eventCatalogBus.subscribe(filter, opts);
+}
+function hasBufferedLogEvent(id) {
+  return logEventBus.hasBufferedLog(id);
+}
+function hasBufferedEventCatalogEvent(id) {
+  return eventCatalogBus.hasBufferedEvent(id);
+}
+function matchesLogFilter(row, filter) {
+  if (filter.project_id && row.project_id !== filter.project_id)
+    return false;
+  if (filter.service && row.service !== filter.service)
+    return false;
+  if (filter.levels && filter.levels.length > 0 && !filter.levels.includes(row.level))
+    return false;
+  return true;
+}
+function matchesEventCatalogFilter(entry, filter) {
+  if (filter.event_type && filter.event_type.length > 0 && !filter.event_type.includes(entry.event_type))
+    return false;
+  if (filter.source && filter.source.length > 0 && !filter.source.includes(entry.source))
+    return false;
+  if (filter.severity && filter.severity.length > 0 && (!entry.severity || !filter.severity.includes(entry.severity)))
+    return false;
+  if (filter.project_id && entry.project_id !== filter.project_id)
+    return false;
+  if (filter.page_id && entry.page_id !== filter.page_id)
+    return false;
+  if (filter.machine_id && entry.machine_id !== filter.machine_id)
+    return false;
+  if (filter.repo_id && entry.repo_id !== filter.repo_id)
+    return false;
+  if (filter.app_id && entry.app_id !== filter.app_id)
+    return false;
+  if (filter.process_id && entry.process_id !== filter.process_id)
+    return false;
+  if (filter.run_id && entry.run_id !== filter.run_id)
+    return false;
+  if (filter.trace_id && entry.trace_id !== filter.trace_id)
+    return false;
+  if (filter.span_id && entry.span_id !== filter.span_id)
+    return false;
+  if (filter.session_id && entry.session_id !== filter.session_id)
+    return false;
+  if (filter.release_id && entry.release_id !== filter.release_id)
+    return false;
+  if (filter.environment && entry.environment !== filter.environment)
+    return false;
+  return true;
+}
+function readPositiveInt(name, fallback) {
+  const parsed = Number.parseInt(process.env[name] ?? "", 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+
+// src/lib/redaction.ts
+var REDACTED = "[REDACTED]";
+var SENSITIVE_KEY = /(?:authorization|cookie|set-cookie|api[_-]?key|token|secret|password|passwd|pwd|private[_-]?key|access[_-]?token|refresh[_-]?token|session[_-]?secret|client[_-]?secret)/i;
+var SENSITIVE_FLAG = /^(?:authorization|auth|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?secret)$/i;
+var SENSITIVE_FLAG_NAME = /(?:authorization|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?secret)/i;
+var STRING_PATTERNS = [
+  {
+    label: "openlogs_canary",
+    pattern: /\b(?:OPENLOGS|LOGS)[_-]?SECRET[_-]?CANARY[_-]?[A-Za-z0-9._-]*/gi,
+    replacement: REDACTED
+  },
+  {
+    label: "bearer_token",
+    pattern: /\bBearer\s+[A-Za-z0-9._~+/=-]+/gi,
+    replacement: `Bearer ${REDACTED}`
+  },
+  {
+    label: "github_token",
+    pattern: /\b(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{20,}\b/g,
+    replacement: REDACTED
+  },
+  {
+    label: "github_pat",
+    pattern: /\bgithub_pat_[A-Za-z0-9_]{20,}\b/g,
+    replacement: REDACTED
+  },
+  {
+    label: "openai_key",
+    pattern: /\bsk-[A-Za-z0-9_-]{20,}\b/g,
+    replacement: REDACTED
+  },
+  {
+    label: "aws_access_key",
+    pattern: /\b(?:AKIA|ASIA)[0-9A-Z]{16}\b/g,
+    replacement: REDACTED
+  },
+  {
+    label: "jwt",
+    pattern: /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
+    replacement: REDACTED
+  },
+  {
+    label: "email",
+    pattern: /\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi,
+    replacement: REDACTED
+  },
+  {
+    label: "secret_assignment",
+    pattern: /\b(api[_-]?key|token|secret|password|passwd|pwd|access[_-]?token|refresh[_-]?token|client[_-]?secret)\s*[:=]\s*("[^"]*"|'[^']*'|[^\s,;&}]+)/gi,
+    replacement: (_match, key) => `${key}=${REDACTED}`
+  },
+  {
+    label: "secret_flag_argument",
+    pattern: /(--[A-Za-z0-9._-]*(?:authorization|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?secret)[A-Za-z0-9._-]*\s+)(?:"[^"]*"|'[^']*'|[^\s,;&}]+)/gi,
+    replacement: (_match, prefix) => `${prefix}${REDACTED}`
+  },
+  {
+    label: "auth_flag_argument",
+    pattern: /(--auth\s+)(?:"[^"]*"|'[^']*'|[^\s,;&}]+)/gi,
+    replacement: (_match, prefix) => `${prefix}${REDACTED}`
+  },
+  {
+    label: "secret_query_param",
+    pattern: /([?&](?:api[_-]?key|token|secret|password|passwd|pwd|access[_-]?token|refresh[_-]?token|auth|code)=)[^&#\s]+/gi,
+    replacement: (_match, prefix) => `${prefix}${REDACTED}`
+  }
+];
+function redactLogEntry(entry) {
+  const reports = [];
+  const next = { ...entry };
+  if (typeof entry.message === "string") {
+    const result = redactString(entry.message, "message");
+    next.message = result.value;
+    reports.push(result.report);
+  }
+  if (typeof entry.url === "string") {
+    const result = redactString(entry.url, "url");
+    next.url = result.value;
+    reports.push(result.report);
+  }
+  if (typeof entry.stack_trace === "string") {
+    const result = redactString(entry.stack_trace, "stack_trace");
+    next.stack_trace = result.value;
+    reports.push(result.report);
+  }
+  if (entry.metadata) {
+    const result = redactValue(entry.metadata, "metadata");
+    next.metadata = result.value;
+    reports.push(result.report);
+  }
+  const report = mergeRedactionReports(...reports);
+  if (report.applied) {
+    next.metadata = {
+      ...next.metadata ?? {},
+      redaction: redactionMetadata(report)
+    };
+  }
+  return { value: next, report };
+}
+function redactString(input, path = "$") {
+  let output = input;
+  const fields = [];
+  let replacements = 0;
+  for (const { label, pattern, replacement } of STRING_PATTERNS) {
+    let matched = false;
+    output = output.replace(pattern, (...args) => {
+      matched = true;
+      replacements += 1;
+      if (typeof replacement === "function")
+        return replacement(args[0] ?? "", ...args.slice(1));
+      return replacement;
+    });
+    if (matched)
+      fields.push(`${path}:${label}`);
+  }
+  return {
+    value: output,
+    report: { applied: replacements > 0, fields, replacements }
+  };
+}
+function redactValue(input, path = "$", depth = 0) {
+  if (input === null || input === undefined) {
+    return { value: input, report: emptyReport() };
+  }
+  if (typeof input === "string") {
+    return redactString(input, path);
+  }
+  if (typeof input !== "object" || depth >= 12) {
+    return { value: input, report: emptyReport() };
+  }
+  if (Array.isArray(input)) {
+    const values2 = [];
+    const reports2 = [];
+    let previousWasSensitiveFlag = false;
+    input.forEach((item, index) => {
+      const itemPath = `${path}[${index}]`;
+      if (previousWasSensitiveFlag && typeof item === "string") {
+        values2.push(REDACTED);
+        reports2.push({ applied: true, fields: [itemPath], replacements: 1 });
+        previousWasSensitiveFlag = false;
+        return;
+      }
+      const result = redactValue(item, `${path}[${index}]`, depth + 1);
+      values2.push(result.value);
+      reports2.push(result.report);
+      previousWasSensitiveFlag = typeof result.value === "string" && isSensitiveFlag(result.value);
+    });
+    return { value: values2, report: mergeRedactionReports(...reports2) };
+  }
+  const values = {};
+  const reports = [];
+  for (const [key, value] of Object.entries(input)) {
+    const childPath = `${path}.${key}`;
+    if (SENSITIVE_KEY.test(key) && value !== null && value !== undefined) {
+      values[key] = REDACTED;
+      reports.push({ applied: true, fields: [childPath], replacements: 1 });
+      continue;
+    }
+    const result = redactValue(value, childPath, depth + 1);
+    values[key] = result.value;
+    reports.push(result.report);
+  }
+  return { value: values, report: mergeRedactionReports(...reports) };
+}
+function mergeRedactionReports(...reports) {
+  const fields = [...new Set(reports.flatMap((report) => report.fields))];
+  const replacements = reports.reduce((sum, report) => sum + report.replacements, 0);
+  return {
+    applied: replacements > 0,
+    fields,
+    replacements
+  };
+}
+function redactionMetadata(report) {
+  return {
+    applied: report.applied,
+    fields: report.fields,
+    replacements: report.replacements
+  };
+}
+function emptyReport() {
+  return { applied: false, fields: [], replacements: 0 };
+}
+function isSensitiveFlag(value) {
+  const normalized = value.trim().replace(/^-+/, "");
+  if (!normalized || normalized.includes("="))
+    return false;
+  return SENSITIVE_FLAG.test(normalized) || SENSITIVE_FLAG_NAME.test(normalized) || SENSITIVE_KEY.test(normalized.replace(/-/g, "_"));
+}
+
+// src/lib/ingest.ts
+var ERROR_LEVELS = new Set(["warn", "error", "fatal"]);
+function ingestLog(db, entry) {
+  return withEventStoreLock(db, () => ingestLogLocked(db, entry));
+}
+function ingestLogLocked(db, entry) {
+  const eventId = entry.id ?? createEventId();
+  const existing = db.prepare("SELECT * FROM logs WHERE id = ?").get(eventId);
+  if (existing)
+    return existing;
+  const eventTime = entry.timestamp ?? new Date().toISOString();
+  const ingestTime = new Date().toISOString();
+  const source = entry.source ?? "sdk";
+  const sourceEventId = entry.source_event_id ?? entry.id ?? null;
+  const normalized = {
+    ...entry,
+    id: eventId,
+    timestamp: eventTime,
+    source,
+    source_event_id: sourceEventId ?? undefined,
+    privacy: entry.privacy ?? "internal"
+  };
+  const redacted = redactLogEntry(normalized);
+  const safeEntry = redacted.value;
+  const identity = extractIdentity(safeEntry);
+  const envelope = createLogEnvelope(safeEntry, eventId, eventTime, ingestTime, identity);
+  const write = appendRawEvent(db, envelope);
+  const stmt = db.prepare(`
+    INSERT INTO logs (id, timestamp, project_id, page_id, level, source, service, message, trace_id, session_id, agent, url, stack_trace, metadata)
+    VALUES ($id, $timestamp, $project_id, $page_id, $level, $source, $service, $message, $trace_id, $session_id, $agent, $url, $stack_trace, $metadata)
+    RETURNING *
+  `);
+  const row = db.transaction(() => {
+    const inserted = stmt.get({
+      $id: eventId,
+      $timestamp: eventTime,
+      $project_id: safeEntry.project_id ?? null,
+      $page_id: safeEntry.page_id ?? null,
+      $level: safeEntry.level,
+      $source: source,
+      $service: safeEntry.service ?? null,
+      $message: safeEntry.message,
+      $trace_id: safeEntry.trace_id ?? null,
+      $session_id: safeEntry.session_id ?? null,
+      $agent: safeEntry.agent ?? null,
+      $url: safeEntry.url ?? null,
+      $stack_trace: safeEntry.stack_trace ?? null,
+      $metadata: safeEntry.metadata ? JSON.stringify(safeEntry.metadata) : null
+    });
+    indexRawEvent(db, {
+      event_id: eventId,
+      schema_version: envelope.schema_version,
+      source_event_id: sourceEventId,
+      event_type: envelope.type,
+      event_time: eventTime,
+      ingest_time: ingestTime,
+      severity: safeEntry.level,
+      source,
+      project_id: safeEntry.project_id ?? null,
+      page_id: safeEntry.page_id ?? null,
+      log_id: inserted.id,
+      machine_id: identity.machine_id,
+      repo_id: identity.repo_id,
+      app_id: identity.app_id,
+      process_id: identity.process_id,
+      run_id: identity.run_id,
+      trace_id: safeEntry.trace_id ?? null,
+      span_id: identity.span_id,
+      parent_span_id: identity.parent_span_id,
+      session_id: safeEntry.session_id ?? null,
+      release_id: identity.release_id,
+      environment: identity.environment,
+      artifact_id: identity.artifact_id,
+      privacy_tier: identity.privacy_tier,
+      message: safeEntry.message,
+      metadata: safeEntry.metadata ?? null
+    }, write);
+    return inserted;
+  })();
+  if (ERROR_LEVELS.has(safeEntry.level)) {
+    if (safeEntry.project_id) {
+      upsertIssue(db, {
+        project_id: safeEntry.project_id,
+        level: safeEntry.level,
+        service: safeEntry.service,
+        message: safeEntry.message,
+        stack_trace: safeEntry.stack_trace
+      });
+      evaluateAlerts(db, safeEntry.project_id, safeEntry.service ?? null, safeEntry.level).catch(() => {});
+    }
+  }
+  publishLogEvent(row);
+  const catalogEvent = getEvent(db, eventId, false);
+  if (catalogEvent)
+    publishEventCatalogEvent(catalogEvent);
+  return row;
+}
+function ingestBatch(db, entries, sharedTraceId) {
+  const mappedEntries = sharedTraceId ? entries.map((e) => e.trace_id ? e : { ...e, trace_id: sharedTraceId }) : entries;
+  return mappedEntries.map((entry) => ingestLog(db, entry));
+}
+function createLogEnvelope(entry, eventId, eventTime, ingestTime, identity) {
+  return {
+    schema_version: 1,
+    event_id: eventId,
+    source_event_id: entry.source_event_id ?? null,
+    event_time: eventTime,
+    ingest_time: ingestTime,
+    type: "log",
+    source: entry.source ?? "sdk",
+    severity: entry.level,
+    privacy: identity.privacy_tier,
+    machine_id: identity.machine_id,
+    repo_id: identity.repo_id,
+    app_id: identity.app_id,
+    process_id: identity.process_id,
+    run_id: identity.run_id,
+    trace_id: entry.trace_id ?? null,
+    span_id: identity.span_id,
+    parent_span_id: identity.parent_span_id,
+    session_id: entry.session_id ?? null,
+    release_id: identity.release_id,
+    environment: identity.environment,
+    message: entry.message,
+    body: {
+      log: {
+        id: eventId,
+        timestamp: eventTime,
+        source_event_id: entry.source_event_id ?? null,
+        project_id: entry.project_id ?? null,
+        page_id: entry.page_id ?? null,
+        level: entry.level,
+        source: entry.source ?? "sdk",
+        service: entry.service ?? null,
+        message: entry.message,
+        privacy: identity.privacy_tier,
+        machine_id: identity.machine_id,
+        repo_id: identity.repo_id,
+        app_id: identity.app_id,
+        process_id: identity.process_id,
+        run_id: identity.run_id,
+        trace_id: entry.trace_id ?? null,
+        span_id: identity.span_id,
+        parent_span_id: identity.parent_span_id,
+        session_id: entry.session_id ?? null,
+        release_id: identity.release_id,
+        environment: identity.environment,
+        agent: entry.agent ?? null,
+        url: entry.url ?? null,
+        stack_trace: entry.stack_trace ?? null,
+        metadata: entry.metadata ?? null
+      }
+    },
+    attributes: {
+      project_id: entry.project_id ?? null,
+      page_id: entry.page_id ?? null,
+      service: entry.service ?? null,
+      trace_id: entry.trace_id ?? null,
+      session_id: entry.session_id ?? null,
+      agent: entry.agent ?? null,
+      url: entry.url ?? null,
+      ...identity
+    }
+  };
+}
+function extractIdentity(entry) {
+  const metadata = entry.metadata;
+  return {
+    machine_id: entry.machine_id ?? stringMetadata(metadata, "machine_id"),
+    repo_id: entry.repo_id ?? stringMetadata(metadata, "repo_id"),
+    app_id: entry.app_id ?? stringMetadata(metadata, "app_id"),
+    process_id: entry.process_id ?? stringMetadata(metadata, "process_id"),
+    run_id: entry.run_id ?? stringMetadata(metadata, "run_id"),
+    span_id: entry.span_id ?? stringMetadata(metadata, "span_id"),
+    parent_span_id: entry.parent_span_id ?? stringMetadata(metadata, "parent_span_id"),
+    release_id: entry.release_id ?? stringMetadata(metadata, "release_id"),
+    environment: entry.environment ?? stringMetadata(metadata, "environment"),
+    artifact_id: stringMetadata(metadata, "artifact_id"),
+    privacy_tier: entry.privacy ?? stringMetadata(metadata, "privacy_tier") ?? stringMetadata(metadata, "privacy") ?? "internal"
+  };
+}
+function stringMetadata(metadata, key) {
+  const value = metadata?.[key];
+  if (typeof value === "string")
+    return value;
+  if (typeof value === "number" || typeof value === "bigint")
+    return String(value);
+  return null;
+}
+function createEventId() {
+  return randomBytes(16).toString("hex");
+}
+
+// src/lib/package-meta.ts
+import { existsSync, readFileSync } from "fs";
+var PACKAGE_JSON_CANDIDATES = [
+  "../../package.json",
+  "../package.json",
+  "./package.json"
+];
+function readPackageJson(baseUrl = import.meta.url) {
+  for (const relativePath of PACKAGE_JSON_CANDIDATES) {
+    const candidate = new URL(relativePath, baseUrl);
+    if (!existsSync(candidate))
+      continue;
+    return JSON.parse(readFileSync(candidate, "utf8"));
+  }
+  throw new Error(`Unable to locate package.json from ${String(baseUrl)}`);
+}
+function readPackageVersion(baseUrl = import.meta.url) {
+  return readPackageJson(baseUrl).version ?? "0.0.0";
+}
+var PACKAGE_VERSION = readPackageVersion();
+function exitIfMetadataRequest(spec, argv = process.argv.slice(2)) {
+  if (argv.includes("--version") || argv.includes("-V")) {
+    console.log(PACKAGE_VERSION);
+    process.exit(0);
+  }
+  if (argv.includes("--help") || argv.includes("-h")) {
+    const options = spec.options ?? [];
+    const renderedOptions = [
+      "  -V, --version  output the version number",
+      "  -h, --help     display help for command",
+      ...options
+    ];
+    console.log([
+      `Usage: ${spec.name} [options]`,
+      "",
+      spec.description,
+      "",
+      "Options:",
+      ...renderedOptions
+    ].join(`
+`));
+    process.exit(0);
+  }
+}
+function readOptionValue(names, argv = process.argv.slice(2)) {
+  for (let index = 0;index < argv.length; index += 1) {
+    const arg = argv[index];
+    if (!arg)
+      continue;
+    const inline = names.find((name) => arg.startsWith(`${name}=`));
+    if (inline)
+      return arg.slice(inline.length + 1);
+    if (names.includes(arg)) {
+      const next = argv[index + 1];
+      if (next && !next.startsWith("-"))
+        return next;
+    }
+  }
+  return;
+}
+function hasOption(names, argv = process.argv.slice(2)) {
+  return argv.some((arg) => names.includes(arg));
+}
+
+// src/lib/projects.ts
+function createProject(db, data) {
+  return db.prepare(`
+    INSERT INTO projects (name, github_repo, base_url, description)
+    VALUES ($name, $github_repo, $base_url, $description)
+    RETURNING *
+  `).get(sqlBindings({
+    $name: data.name,
+    $github_repo: data.github_repo ?? null,
+    $base_url: data.base_url ?? null,
+    $description: data.description ?? null
+  }));
+}
+function listProjects(db) {
+  return db.prepare("SELECT * FROM projects ORDER BY created_at DESC").all();
+}
+function getProject(db, id) {
+  return db.prepare("SELECT * FROM projects WHERE id = $id").get(sqlBindings({ $id: id }));
+}
+function updateProject(db, id, data) {
+  const fields = Object.keys(data).map((k) => `${k} = $${k}`).join(", ");
+  if (!fields)
+    return getProject(db, id);
+  const params = Object.fromEntries(Object.entries(data).map(([k, v]) => [`$${k}`, v]));
+  params.$id = id;
+  return db.prepare(`UPDATE projects SET ${fields} WHERE id = $id RETURNING *`).get(sqlBindings(params));
+}
+function createPage(db, data) {
+  return db.prepare(`
+    INSERT INTO pages (project_id, url, path, name)
+    VALUES ($project_id, $url, $path, $name)
+    ON CONFLICT(project_id, url) DO UPDATE SET name = excluded.name
+    RETURNING *
+  `).get(sqlBindings({
+    $project_id: data.project_id,
+    $url: data.url,
+    $path: data.path ?? new URL(data.url).pathname,
+    $name: data.name ?? null
+  }));
+}
+function listPages(db, projectId) {
+  return db.prepare("SELECT * FROM pages WHERE project_id = $p ORDER BY created_at ASC").all(sqlBindings({ $p: projectId }));
+}
+function getPage(db, id) {
+  return db.prepare("SELECT * FROM pages WHERE id = $id").get(sqlBindings({ $id: id }));
+}
+function resolveProjectId(db, idOrName) {
+  if (!idOrName)
+    return null;
+  if (/^[0-9a-f]{8,}$/i.test(idOrName))
+    return idOrName;
+  const p = db.prepare("SELECT id FROM projects WHERE LOWER(name) = LOWER($n)").get(sqlBindings({ $n: idOrName }));
+  return p?.id ?? null;
+}
+function touchPage(db, id) {
+  db.prepare("UPDATE pages SET last_scanned_at = strftime('%Y-%m-%dT%H:%M:%fZ','now') WHERE id = $id").run(sqlBindings({ $id: id }));
+}
+
+// src/lib/perf.ts
+function saveSnapshot(db, data) {
+  return db.prepare(`
+    INSERT INTO performance_snapshots (project_id, page_id, url, lcp, fcp, cls, tti, ttfb, score, raw_audit)
+    VALUES ($project_id, $page_id, $url, $lcp, $fcp, $cls, $tti, $ttfb, $score, $raw_audit)
+    RETURNING *
+  `).get(sqlBindings({
+    $project_id: data.project_id,
+    $page_id: data.page_id ?? null,
+    $url: data.url,
+    $lcp: data.lcp ?? null,
+    $fcp: data.fcp ?? null,
+    $cls: data.cls ?? null,
+    $tti: data.tti ?? null,
+    $ttfb: data.ttfb ?? null,
+    $score: data.score ?? null,
+    $raw_audit: data.raw_audit ?? null
+  }));
+}
+function getLatestSnapshot(db, projectId, pageId) {
+  if (pageId) {
+    return db.prepare("SELECT * FROM performance_snapshots WHERE project_id = $p AND page_id = $pg ORDER BY timestamp DESC LIMIT 1").get(sqlBindings({ $p: projectId, $pg: pageId }));
+  }
+  return db.prepare("SELECT * FROM performance_snapshots WHERE project_id = $p ORDER BY timestamp DESC LIMIT 1").get(sqlBindings({ $p: projectId }));
+}
+function getPerfTrend(db, projectId, pageId, since, limit = 50) {
+  const conditions = ["project_id = $p"];
+  const params = { $p: projectId, $limit: limit };
+  if (pageId) {
+    conditions.push("page_id = $pg");
+    params.$pg = pageId;
+  }
+  if (since) {
+    conditions.push("timestamp >= $since");
+    params.$since = since;
+  }
+  return db.prepare(`SELECT * FROM performance_snapshots WHERE ${conditions.join(" AND ")} ORDER BY timestamp DESC LIMIT $limit`).all(sqlBindings(params));
+}
+function scoreLabel(score) {
+  if (score === null)
+    return "unknown";
+  if (score >= 90)
+    return "green";
+  if (score >= 50)
+    return "yellow";
+  return "red";
+}
+
+// src/lib/summarize.ts
+function summarizeLogs(db, projectId, since, until) {
+  const conditions = ["level IN ('warn','error','fatal')"];
+  const params = {};
+  if (projectId) {
+    conditions.push("project_id = $project_id");
+    params.$project_id = projectId;
+  }
+  if (since) {
+    conditions.push("timestamp >= $since");
+    params.$since = parseTime(since) ?? since;
+  }
+  if (until) {
+    conditions.push("timestamp <= $until");
+    params.$until = parseTime(until) ?? until;
+  }
+  const where = `WHERE ${conditions.join(" AND ")}`;
+  const sql = `
+    SELECT project_id, service, page_id, level,
+           COUNT(*) as count,
+           MAX(timestamp) as latest
+    FROM logs ${where}
+    GROUP BY project_id, service, page_id, level
+    ORDER BY count DESC
+  `;
+  return db.prepare(sql).all(sqlBindings(params));
+}
+
+// src/lib/test-reports.ts
+function searchTestReports(db, query = {}) {
+  const { where, params } = buildReportWhere(query);
+  const limit = clampPositiveInt2(query.limit, 100, query.max_limit ?? 1000);
+  const offset = clampNonNegativeInt2(query.offset, 0);
+  const rows = db.query(`
+      SELECT *
+      FROM test_reports
+      ${where}
+      ORDER BY event_time DESC, id DESC
+      LIMIT ? OFFSET ?
+    `).all(...params, limit, offset);
+  const reports = rows.map(materializeReport);
+  if (query.include_cases === true) {
+    const casesByReport = loadCasesForReports(db, reports.map((report) => report.id));
+    for (const report of reports)
+      report.cases = casesByReport.get(report.id) ?? [];
+  }
+  return reports;
+}
+function getTestReport(db, reportId, includeCases = true) {
+  const row = db.query("SELECT * FROM test_reports WHERE id = ?").get(reportId);
+  if (!row)
+    return null;
+  const report = materializeReport(row);
+  if (includeCases) {
+    report.cases = loadCasesForReport(db, report.id);
+  }
+  return report;
+}
+function buildReportWhere(query) {
+  const conditions = [];
+  const params = [];
+  addScalar2(conditions, params, "id", query.report_id);
+  addScalar2(conditions, params, "event_id", query.event_id);
+  addScalar2(conditions, params, "project_id", query.project_id ?? undefined);
+  addScalar2(conditions, params, "machine_id", query.machine_id);
+  addScalar2(conditions, params, "repo_id", query.repo_id);
+  addScalar2(conditions, params, "app_id", query.app_id);
+  addScalar2(conditions, params, "process_id", query.process_id);
+  addScalar2(conditions, params, "run_id", query.run_id);
+  addScalar2(conditions, params, "environment", query.environment);
+  addScalar2(conditions, params, "source", query.source);
+  addScalar2(conditions, params, "parser", query.parser);
+  addScalar2(conditions, params, "parse_status", query.parse_status);
+  addScalar2(conditions, params, "path", query.path);
+  if (query.case_status) {
+    conditions.push("EXISTS (SELECT 1 FROM test_cases WHERE test_cases.report_id = test_reports.id AND test_cases.status = ?)");
+    params.push(query.case_status);
+  }
+  addOutcomeFilter(conditions, query.outcome);
+  addMinimum(conditions, params, "failures", query.min_failures);
+  addMinimum(conditions, params, "errors", query.min_errors);
+  addMinimum(conditions, params, "skipped", query.min_skipped);
+  if (query.since) {
+    conditions.push("event_time >= ?");
+    params.push(parseTime(query.since) ?? query.since);
+  }
+  if (query.until) {
+    conditions.push("event_time <= ?");
+    params.push(parseTime(query.until) ?? query.until);
+  }
+  if (query.text) {
+    const needle = `%${escapeLike2(query.text)}%`;
+    conditions.push(`(
+      id LIKE ? ESCAPE '\\'
+      OR event_id LIKE ? ESCAPE '\\'
+      OR source_event_id LIKE ? ESCAPE '\\'
+      OR path LIKE ? ESCAPE '\\'
+      OR parser LIKE ? ESCAPE '\\'
+      OR parse_status LIKE ? ESCAPE '\\'
+      OR metadata LIKE ? ESCAPE '\\'
+      OR EXISTS (
+        SELECT 1 FROM test_cases
+        WHERE test_cases.report_id = test_reports.id
+          AND (
+            test_cases.name LIKE ? ESCAPE '\\'
+            OR test_cases.classname LIKE ? ESCAPE '\\'
+            OR test_cases.file LIKE ? ESCAPE '\\'
+            OR test_cases.status LIKE ? ESCAPE '\\'
+          )
+      )
+    )`);
+    params.push(needle, needle, needle, needle, needle, needle, needle, needle, needle, needle, needle);
+  }
+  return {
+    where: conditions.length ? `WHERE ${conditions.join(" AND ")}` : "",
+    params
+  };
+}
+function addOutcomeFilter(conditions, outcome) {
+  if (!outcome)
+    return;
+  if (outcome === "failed") {
+    conditions.push("COALESCE(failures, 0) > 0");
+  } else if (outcome === "error") {
+    conditions.push("COALESCE(errors, 0) > 0");
+  } else if (outcome === "nonpassing") {
+    conditions.push("(COALESCE(failures, 0) > 0 OR COALESCE(errors, 0) > 0)");
+  } else if (outcome === "skipped") {
+    conditions.push("COALESCE(skipped, 0) > 0");
+  } else if (outcome === "passed") {
+    conditions.push("parse_status = 'parsed' AND COALESCE(failures, 0) = 0 AND COALESCE(errors, 0) = 0");
+  } else if (outcome === "parse_problem") {
+    conditions.push("(parse_status IS NULL OR parse_status != 'parsed')");
+  }
+}
+function loadCasesForReports(db, reportIds) {
+  const result = new Map;
+  for (const reportId of reportIds)
+    result.set(reportId, []);
+  if (reportIds.length === 0)
+    return result;
+  const placeholders = reportIds.map(() => "?").join(",");
+  const rows = db.query(`
+      SELECT *
+      FROM test_cases
+      WHERE report_id IN (${placeholders})
+      ORDER BY report_id ASC, suite_index ASC, case_index ASC, id ASC
+    `).all(...reportIds);
+  for (const row of rows) {
+    const cases = result.get(row.report_id);
+    if (cases)
+      cases.push(materializeCase(row));
+  }
+  return result;
+}
+function loadCasesForReport(db, reportId) {
+  return db.query(`
+        SELECT *
+        FROM test_cases
+        WHERE report_id = ?
+        ORDER BY suite_index ASC, case_index ASC, id ASC
+      `).all(reportId).map(materializeCase);
+}
+function materializeReport(row) {
+  return {
+    ...row,
+    truncated: Boolean(row.truncated),
+    metadata: parseMetadata2(row.metadata)
+  };
+}
+function materializeCase(row) {
+  return {
+    ...row,
+    metadata: parseMetadata2(row.metadata)
+  };
+}
+function addScalar2(conditions, params, column, value) {
+  if (!value)
+    return;
+  conditions.push(`${column} = ?`);
+  params.push(value);
+}
+function addMinimum(conditions, params, column, value) {
+  if (!Number.isFinite(value) || value === undefined)
+    return;
+  conditions.push(`COALESCE(${column}, 0) >= ?`);
+  params.push(Math.max(0, Math.floor(value)));
+}
+function parseMetadata2(value) {
+  if (!value)
+    return null;
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+function escapeLike2(value) {
+  return value.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_");
+}
+function clampPositiveInt2(value, fallback, max) {
+  if (!Number.isFinite(value) || value === undefined)
+    return fallback;
+  return Math.min(Math.max(1, Math.floor(value)), max);
+}
+function clampNonNegativeInt2(value, fallback) {
+  if (!Number.isFinite(value) || value === undefined)
+    return fallback;
+  return Math.max(0, Math.floor(value));
+}
+
+// src/lib/universal-ingest.ts
+import { createHash, randomBytes as randomBytes2 } from "crypto";
+var UNIVERSAL_EVENT_TYPES = [
+  "log",
+  "exception",
+  "span",
+  "metric",
+  "profile",
+  "replay",
+  "monitor",
+  "release",
+  "build",
+  "process",
+  "agent",
+  "artifact",
+  "network",
+  "filesystem",
+  "session"
+];
+var SEVERITIES = new Set(["debug", "info", "warn", "error", "fatal"]);
+var PRIVACY_TIERS = new Set([
+  "public",
+  "internal",
+  "sensitive",
+  "secret",
+  "pii"
+]);
+var REDACTABLE_TOP_LEVEL_FIELDS = [
+  "source_event_id",
+  "source",
+  "machine_id",
+  "repo_id",
+  "app_id",
+  "process_id",
+  "run_id",
+  "trace_id",
+  "span_id",
+  "parent_span_id",
+  "session_id",
+  "release_id",
+  "environment"
+];
+var UNIVERSAL_EVENT_KEYS = new Set([
+  "schema_version",
+  "event_id",
+  "id",
+  "source_event_id",
+  "event_time",
+  "timestamp",
+  "type",
+  "source",
+  "severity",
+  "level",
+  "privacy",
+  "project_id",
+  "page_id",
+  "machine_id",
+  "repo_id",
+  "app_id",
+  "process_id",
+  "run_id",
+  "trace_id",
+  "span_id",
+  "parent_span_id",
+  "session_id",
+  "release_id",
+  "environment",
+  "artifact_id",
+  "message",
+  "body",
+  "attributes",
+  "metadata"
+]);
+function validateUniversalEventInput(value, path = "event") {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new Error(`${path} must be an object`);
+  }
+  const input = value;
+  for (const key of Object.keys(input)) {
+    if (!UNIVERSAL_EVENT_KEYS.has(key)) {
+      throw new Error(`${path}.${key} is not a supported event field`);
+    }
+  }
+  if (typeof input.type !== "string" || !UNIVERSAL_EVENT_TYPES.includes(input.type)) {
+    throw new Error(`${path}.type must be one of ${UNIVERSAL_EVENT_TYPES.join(", ")}`);
+  }
+  if (input.schema_version !== undefined && (!Number.isInteger(input.schema_version) || Number(input.schema_version) < 1)) {
+    throw new Error(`${path}.schema_version must be a positive integer`);
+  }
+  const severity = input.severity ?? input.level;
+  if (severity !== undefined && severity !== null && !SEVERITIES.has(String(severity))) {
+    throw new Error(`${path}.severity must be one of debug, info, warn, error, fatal`);
+  }
+  if (input.privacy !== undefined && input.privacy !== null && !PRIVACY_TIERS.has(String(input.privacy))) {
+    throw new Error(`${path}.privacy must be one of public, internal, sensitive, secret, pii`);
+  }
+  for (const key of ["event_time", "timestamp"]) {
+    const item = input[key];
+    if (typeof item === "string" && item.length > 0 && Number.isNaN(new Date(item).getTime())) {
+      throw new Error(`${path}.${key} must be an ISO timestamp`);
+    }
+  }
+  for (const key of [
+    "event_id",
+    "id",
+    "source_event_id",
+    "event_time",
+    "timestamp",
+    "source",
+    "severity",
+    "level",
+    "privacy",
+    "project_id",
+    "page_id",
+    "machine_id",
+    "repo_id",
+    "app_id",
+    "process_id",
+    "run_id",
+    "trace_id",
+    "span_id",
+    "parent_span_id",
+    "session_id",
+    "release_id",
+    "environment",
+    "artifact_id",
+    "message"
+  ]) {
+    const item = input[key];
+    if (item !== undefined && item !== null && typeof item !== "string") {
+      throw new Error(`${path}.${key} must be a string`);
+    }
+  }
+  for (const key of ["body", "attributes", "metadata"]) {
+    const item = input[key];
+    if (item !== undefined && (!item || typeof item !== "object" || Array.isArray(item))) {
+      throw new Error(`${path}.${key} must be an object`);
+    }
+  }
+  return input;
+}
+function ingestUniversalEvent(db, input) {
+  const envelope = normalizeUniversalEvent(validateUniversalEventInput(input));
+  return withEventStoreLock(db, () => {
+    const existing = getEventRecord(db, envelope.event_id);
+    if (existing) {
+      const event2 = getEvent(db, existing.event_id, false);
+      if (!event2)
+        throw new Error(`Event index exists but cannot be read: ${existing.event_id}`);
+      return { inserted: false, event: event2 };
+    }
+    const redacted = redactEnvelope(envelope);
+    const safeEnvelope = redacted.envelope;
+    const write = appendRawEvent(db, safeEnvelope);
+    db.transaction(() => {
+      const index = indexFromEnvelope(db, safeEnvelope, redacted.metadata);
+      indexRawEvent(db, index, write);
+      applyCompatibilityProjections(db, safeEnvelope, index);
+    })();
+    const event = getEvent(db, safeEnvelope.event_id, false);
+    if (!event)
+      throw new Error(`Event was written but cannot be read: ${safeEnvelope.event_id}`);
+    publishEventCatalogEvent(event);
+    return { inserted: true, event };
+  });
+}
+function normalizeUniversalEvent(input) {
+  const now = new Date().toISOString();
+  const source = sanitizeOptionalString(input.source) ?? "sdk";
+  const sourceEventId = sanitizeOptionalString(input.source_event_id);
+  const eventId = sanitizeOptionalString(input.event_id ?? input.id) ?? deterministicSourceEventId(source, sourceEventId) ?? `evt_${randomBytes2(16).toString("hex")}`;
+  const eventTime = normalizeIsoTime(input.event_time ?? input.timestamp, "event_time");
+  const severity = sanitizeOptionalString(input.severity ?? input.level);
+  const privacy = sanitizeOptionalString(input.privacy) ?? "internal";
+  if (!UNIVERSAL_EVENT_TYPES.includes(input.type)) {
+    throw new Error(`type must be one of ${UNIVERSAL_EVENT_TYPES.join(", ")}`);
+  }
+  if (severity && !SEVERITIES.has(severity)) {
+    throw new Error("severity must be one of debug, info, warn, error, fatal");
+  }
+  if (!PRIVACY_TIERS.has(privacy)) {
+    throw new Error("privacy must be one of public, internal, sensitive, secret, pii");
+  }
+  const attributes = compactObject({
+    ...input.metadata ?? {},
+    ...input.attributes ?? {},
+    project_id: input.project_id ?? input.attributes?.project_id ?? input.metadata?.project_id,
+    page_id: input.page_id ?? input.attributes?.page_id ?? input.metadata?.page_id,
+    artifact_id: input.artifact_id ?? input.attributes?.artifact_id ?? input.metadata?.artifact_id
+  });
+  return {
+    schema_version: input.schema_version ?? 1,
+    event_id: eventId,
+    source_event_id: sourceEventId ?? null,
+    event_time: eventTime ?? now,
+    ingest_time: now,
+    type: input.type,
+    source,
+    severity: severity ?? null,
+    privacy,
+    machine_id: sanitizeNullableString(input.machine_id),
+    repo_id: sanitizeNullableString(input.repo_id),
+    app_id: sanitizeNullableString(input.app_id),
+    process_id: sanitizeNullableString(input.process_id),
+    run_id: sanitizeNullableString(input.run_id),
+    trace_id: sanitizeNullableString(input.trace_id),
+    span_id: sanitizeNullableString(input.span_id),
+    parent_span_id: sanitizeNullableString(input.parent_span_id),
+    session_id: sanitizeNullableString(input.session_id),
+    release_id: sanitizeNullableString(input.release_id),
+    environment: sanitizeNullableString(input.environment),
+    message: sanitizeNullableString(input.message),
+    body: input.body ?? {},
+    attributes
+  };
+}
+function redactEnvelope(envelope) {
+  const topLevelResults = REDACTABLE_TOP_LEVEL_FIELDS.map((field) => [field, redactNullableString(envelope[field], field)]);
+  const message = envelope.message ? redactString(envelope.message, "message") : null;
+  const body = redactValue(envelope.body ?? {}, "body");
+  const attributes = redactValue(envelope.attributes ?? {}, "attributes");
+  const report = mergeRedactionReports(...topLevelResults.map(([, result]) => result.report), message?.report ?? emptyRedactionReport(), body.report, attributes.report);
+  const safeAttributes = attributes.value;
+  if (report.applied) {
+    safeAttributes.redaction = redactionMetadata(report);
+  }
+  const safeEnvelope = sanitizeUniversalSourceMapPayloads({
+    ...envelope,
+    ...Object.fromEntries(topLevelResults.map(([field, result]) => [field, result.value])),
+    message: message ? message.value : envelope.message,
+    body: body.value,
+    attributes: safeAttributes
+  });
+  return { envelope: safeEnvelope, metadata: safeEnvelope.attributes ?? {} };
+}
+function sanitizeUniversalSourceMapPayloads(envelope) {
+  const body = sanitizeSourceMapContainers(envelope.body ?? {});
+  const sanitizedAttributes = sanitizeSourceMapContainers(envelope.attributes ?? {});
+  const attributes = hasSourceMapContainer(body) || hasSourceMapContainer(sanitizedAttributes) ? sanitizeSourceMapContextRecord(sanitizedAttributes) : sanitizedAttributes;
+  return {
+    ...envelope,
+    body,
+    attributes
+  };
+}
+function sanitizeSourceMapContainers(record) {
+  const output = { ...record };
+  if ("source_map" in output) {
+    const sourceMap = sanitizeSourceMapTelemetry(output.source_map);
+    if (sourceMap)
+      output.source_map = sourceMap;
+    else
+      output.source_map = undefined;
+  }
+  const artifact = objectRecord(output.artifact);
+  if (Object.keys(artifact).length > 0) {
+    output.artifact = sanitizeSourceMapArtifactRecord(artifact);
+  }
+  return shouldSanitizeRootSourceMapArtifact(output) ? sanitizeSourceMapArtifactRecord(output) : output;
+}
+function shouldSanitizeRootSourceMapArtifact(record) {
+  const artifactType = stringAttr(record, "artifact_type") ?? stringAttr(record, "type");
+  const path = stringAttr(record, "path");
+  const hasSourceArrayShape = "sources" in record && (("version" in record) || ("mappings" in record) || ("sourcesContent" in record) || ("source_map_path" in record) || ("file" in record) || ("sourceRoot" in record) || ("source_root" in record));
+  return artifactType === "source_map" || artifactType === "source-map" || artifactType === "sourcemap" || Boolean(path?.endsWith(".map")) || hasSourceArrayShape || [
+    "source_map_id",
+    "source_map_artifact_id",
+    "source_map_path",
+    "javascript_artifact_id",
+    "javascript_path",
+    "linked_by",
+    "file",
+    "sourceRoot",
+    "source_root",
+    "validation_status",
+    "validation_error",
+    "source_count",
+    "section_count",
+    "names_count",
+    "has_sources_content",
+    "sources",
+    "sections",
+    "sourcesContent",
+    "names",
+    "mappings",
+    "mappings_length",
+    "raw_json"
+  ].some((key) => hasSourceMapRootValue(record[key]));
+}
+function hasSourceMapRootValue(value) {
+  if (value === null || value === undefined)
+    return false;
+  if (Array.isArray(value))
+    return value.length > 0;
+  if (typeof value === "string")
+    return value.length > 0;
+  if (typeof value === "boolean")
+    return value;
+  return true;
+}
+function hasSourceMapContainer(record) {
+  if (Object.keys(objectRecord(record.source_map)).length > 0)
+    return true;
+  const artifact = objectRecord(record.artifact);
+  if (Object.keys(objectRecord(artifact.source_map)).length > 0)
+    return true;
+  const artifactType = stringAttr(record, "artifact_type") ?? stringAttr(record, "type") ?? stringAttr(artifact, "artifact_type") ?? stringAttr(artifact, "type");
+  const path = stringAttr(record, "path") ?? stringAttr(artifact, "path");
+  return artifactType === "source_map" || artifactType === "source-map" || artifactType === "sourcemap" || Boolean(path?.endsWith(".map"));
+}
+function indexFromEnvelope(db, envelope, metadata) {
+  const rawAttrs = envelope.attributes ?? {};
+  const rawBody = envelope.body ?? {};
+  const rawArtifact = objectRecord(rawBody.artifact);
+  const body = envelope.type === "artifact" ? sanitizeSourceMapArtifactRecord(rawBody) : rawBody;
+  const artifact = sanitizeSourceMapArtifactRecord(rawArtifact);
+  const isSourceMapArtifact = envelope.type === "artifact" && (hasSourceMapContainer(body) || hasSourceMapContainer(artifact) || hasSourceMapContainer(rawAttrs));
+  const attrs = isSourceMapArtifact ? sanitizeSourceMapContextRecord(rawAttrs) : rawAttrs;
+  const testReport = objectRecord(body.test_report);
+  const projectId = stringAttr(attrs, "project_id");
+  const pageId = stringAttr(attrs, "page_id");
+  const rootArtifact = { ...body };
+  rootArtifact.artifact = undefined;
+  const artifactContext = isSourceMapArtifact ? compactObject({ ...rootArtifact, ...artifact }) : artifact;
+  const attributeMetadata = compactObject(metadata);
+  const metadataForIndex = envelope.type === "artifact" ? compactObject({ ...artifactContext, ...attributeMetadata }) : stringAttr(attrs, "category") === "test_report" ? sanitizedTestReportMetadata(testReport, metadata, attrs) : metadata;
+  return {
+    event_id: envelope.event_id,
+    schema_version: envelope.schema_version,
+    source_event_id: envelope.source_event_id ?? null,
+    event_type: envelope.type,
+    event_time: envelope.event_time,
+    ingest_time: envelope.ingest_time,
+    severity: envelope.severity ?? null,
+    source: envelope.source,
+    project_id: projectId && rowExists(db, "projects", projectId) ? projectId : null,
+    page_id: pageId && rowExists(db, "pages", pageId) ? pageId : null,
+    machine_id: envelope.machine_id ?? stringAttr(attrs, "machine_id"),
+    repo_id: envelope.repo_id ?? stringAttr(attrs, "repo_id"),
+    app_id: envelope.app_id ?? stringAttr(attrs, "app_id"),
+    process_id: envelope.process_id ?? stringAttr(attrs, "process_id"),
+    run_id: envelope.run_id ?? stringAttr(attrs, "run_id"),
+    trace_id: envelope.trace_id ?? stringAttr(attrs, "trace_id"),
+    span_id: envelope.span_id ?? stringAttr(attrs, "span_id"),
+    parent_span_id: envelope.parent_span_id ?? stringAttr(attrs, "parent_span_id"),
+    session_id: envelope.session_id ?? stringAttr(attrs, "session_id"),
+    release_id: envelope.release_id ?? stringAttr(attrs, "release_id"),
+    environment: envelope.environment ?? stringAttr(attrs, "environment"),
+    artifact_id: stringAttr(attrs, "artifact_id") ?? stringAttr(body, "artifact_id") ?? stringAttr(artifact, "artifact_id"),
+    privacy_tier: envelope.privacy ?? stringAttr(attrs, "privacy_tier") ?? stringAttr(attrs, "privacy"),
+    message: envelope.message ?? null,
+    metadata: metadataForIndex
+  };
+}
+function applyCompatibilityProjections(db, envelope, index) {
+  const skipProcessRunProjection = isTestReportBuildEvent(envelope);
+  if (index.trace_id)
+    upsertTraceProjection(db, envelope, index);
+  if (envelope.type === "span")
+    upsertSpanProjection(db, envelope, index);
+  if (index.session_id || envelope.type === "session")
+    upsertSessionProjection(db, envelope, index);
+  if (index.release_id || envelope.type === "release")
+    upsertReleaseProjection(db, envelope, index);
+  if (index.artifact_id || envelope.type === "artifact") {
+    upsertArtifactProjection(db, envelope, index);
+    upsertSourceMapProjection(db, envelope, index);
+  }
+  if (skipProcessRunProjection)
+    upsertTestReportProjection(db, envelope, index);
+  if (!skipProcessRunProjection && (index.process_id || index.run_id || envelope.type === "process" || envelope.type === "build"))
+    upsertProcessRunProjection(db, envelope, index);
+  if (envelope.type === "exception" && envelope.message) {
+    upsertIssue(db, {
+      project_id: index.project_id ?? undefined,
+      level: envelope.severity ?? "error",
+      service: stringAttr(envelope.attributes, "service"),
+      message: envelope.message,
+      stack_trace: stringAttr(envelope.attributes, "stack_trace") ?? stringAttr(envelope.body, "stack_trace")
+    });
+  }
+}
+function isTestReportBuildEvent(envelope) {
+  return envelope.type === "build" && stringAttr(envelope.attributes, "category") === "test_report";
+}
+function upsertTraceProjection(db, envelope, index) {
+  if (!index.trace_id)
+    return;
+  db.prepare(`
+    INSERT INTO traces (id, project_id, app_id, root_span_id, started_at, ended_at, status, metadata)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      project_id = COALESCE(traces.project_id, excluded.project_id),
+      app_id = COALESCE(traces.app_id, excluded.app_id),
+      root_span_id = COALESCE(traces.root_span_id, excluded.root_span_id),
+      started_at = CASE
+        WHEN excluded.started_at IS NOT NULL
+          AND (traces.started_at IS NULL OR excluded.started_at < traces.started_at)
+        THEN excluded.started_at
+        ELSE traces.started_at
+      END,
+      ended_at = COALESCE(excluded.ended_at, traces.ended_at),
+      status = COALESCE(excluded.status, traces.status),
+      metadata = excluded.metadata
+  `).run(index.trace_id, index.project_id ?? null, index.app_id ?? null, index.span_id ?? null, stringAttr(envelope.attributes, "started_at") ?? envelope.event_time, stringAttr(envelope.attributes, "ended_at"), stringAttr(envelope.attributes, "status"), JSON.stringify(index.metadata ?? {}));
+}
+function upsertSpanProjection(db, envelope, index) {
+  const spanId = index.span_id ?? envelope.event_id;
+  db.prepare(`
+    INSERT INTO spans (id, trace_id, parent_span_id, app_id, process_id, name, operation, status, started_at, ended_at, duration_ms, metadata)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      trace_id = COALESCE(spans.trace_id, excluded.trace_id),
+      parent_span_id = COALESCE(spans.parent_span_id, excluded.parent_span_id),
+      app_id = COALESCE(spans.app_id, excluded.app_id),
+      process_id = COALESCE(spans.process_id, excluded.process_id),
+      name = COALESCE(spans.name, excluded.name),
+      operation = COALESCE(spans.operation, excluded.operation),
+      ended_at = COALESCE(excluded.ended_at, spans.ended_at),
+      duration_ms = COALESCE(excluded.duration_ms, spans.duration_ms),
+      status = COALESCE(excluded.status, spans.status),
+      metadata = excluded.metadata
+  `).run(...sqlArgs(spanId, index.trace_id ?? null, index.parent_span_id ?? null, index.app_id ?? null, index.process_id ?? null, stringAttr(envelope.attributes, "name") ?? stringAttr(envelope.body, "name") ?? envelope.message ?? null, stringAttr(envelope.attributes, "operation") ?? stringAttr(envelope.body, "operation"), stringAttr(envelope.attributes, "status") ?? envelope.severity ?? null, stringAttr(envelope.attributes, "started_at") ?? envelope.event_time, stringAttr(envelope.attributes, "ended_at"), numberAttr(envelope.attributes, "duration_ms") ?? numberAttr(envelope.body, "duration_ms"), JSON.stringify(index.metadata ?? {})));
+}
+function upsertSessionProjection(db, envelope, index) {
+  const sessionId = index.session_id ?? envelope.event_id;
+  db.prepare(`
+    INSERT INTO sessions (id, project_id, app_id, user_hash, started_at, ended_at, status, metadata)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      project_id = COALESCE(sessions.project_id, excluded.project_id),
+      app_id = COALESCE(sessions.app_id, excluded.app_id),
+      user_hash = COALESCE(sessions.user_hash, excluded.user_hash),
+      started_at = CASE
+        WHEN excluded.started_at IS NOT NULL
+          AND (sessions.started_at IS NULL OR excluded.started_at < sessions.started_at)
+        THEN excluded.started_at
+        ELSE sessions.started_at
+      END,
+      ended_at = COALESCE(excluded.ended_at, sessions.ended_at),
+      status = COALESCE(excluded.status, sessions.status),
+      metadata = excluded.metadata
+  `).run(sessionId, index.project_id ?? null, index.app_id ?? null, stringAttr(envelope.attributes, "user_hash"), stringAttr(envelope.attributes, "started_at") ?? envelope.event_time, stringAttr(envelope.attributes, "ended_at"), stringAttr(envelope.attributes, "status"), JSON.stringify(index.metadata ?? {}));
+}
+function upsertReleaseProjection(db, envelope, index) {
+  const releaseId = index.release_id ?? envelope.event_id;
+  db.prepare(`
+    INSERT INTO releases (id, project_id, app_id, version, commit_sha, build_id, deployed_at, metadata)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      project_id = COALESCE(releases.project_id, excluded.project_id),
+      app_id = COALESCE(releases.app_id, excluded.app_id),
+      version = COALESCE(releases.version, excluded.version),
+      commit_sha = COALESCE(releases.commit_sha, excluded.commit_sha),
+      build_id = COALESCE(releases.build_id, excluded.build_id),
+      deployed_at = COALESCE(excluded.deployed_at, releases.deployed_at),
+      metadata = excluded.metadata
+  `).run(...sqlArgs(releaseId, index.project_id ?? null, index.app_id ?? null, stringAttr(envelope.attributes, "version") ?? envelope.message ?? null, stringAttr(envelope.attributes, "commit_sha"), stringAttr(envelope.attributes, "build_id"), stringAttr(envelope.attributes, "deployed_at") ?? envelope.event_time, JSON.stringify(index.metadata ?? {})));
+}
+function upsertArtifactProjection(db, envelope, index) {
+  const body = envelope.body ?? {};
+  const artifact = objectRecord(body.artifact);
+  const isSourceMapArtifact = hasSourceMapContainer(body) || hasSourceMapContainer(artifact) || hasSourceMapContainer(envelope.attributes ?? {});
+  const artifactIdCandidate = index.artifact_id ?? stringAttr(envelope.attributes, "artifact_id") ?? stringAttr(body, "artifact_id") ?? stringAttr(artifact, "artifact_id");
+  const artifactId = isSourceMapArtifact ? sanitizeSourceMapIdentifierValue(artifactIdCandidate) ?? sourceMapFallbackIdentifier(envelope.event_id) : artifactIdCandidate ?? envelope.event_id;
+  db.prepare(`
+    INSERT INTO artifacts (id, release_id, artifact_type, path, content_hash, size_bytes, metadata)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      release_id = COALESCE(artifacts.release_id, excluded.release_id),
+      artifact_type = COALESCE(artifacts.artifact_type, excluded.artifact_type),
+      path = COALESCE(excluded.path, artifacts.path),
+      content_hash = COALESCE(excluded.content_hash, artifacts.content_hash),
+      size_bytes = COALESCE(excluded.size_bytes, artifacts.size_bytes),
+      metadata = excluded.metadata
+  `).run(artifactId, index.release_id ?? null, stringAttr(envelope.attributes, "artifact_type") ?? stringAttr(envelope.attributes, "type") ?? stringAttr(artifact, "artifact_type") ?? stringAttr(artifact, "type") ?? envelope.type, stringAttr(envelope.attributes, "path") ?? stringAttr(body, "path") ?? stringAttr(artifact, "path"), stringAttr(envelope.attributes, "content_hash") ?? stringAttr(body, "content_hash") ?? stringAttr(artifact, "content_hash"), numberAttr(envelope.attributes, "size_bytes") ?? numberAttr(body, "size_bytes") ?? numberAttr(artifact, "size_bytes"), JSON.stringify(index.metadata ?? {}));
+}
+function upsertProcessRunProjection(db, envelope, index) {
+  if (index.process_id) {
+    db.prepare(`
+      INSERT INTO processes (id, machine_id, repo_id, app_id, pid, ppid, command, cwd, started_at, ended_at, exit_code, metadata)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        machine_id = COALESCE(processes.machine_id, excluded.machine_id),
+        repo_id = COALESCE(processes.repo_id, excluded.repo_id),
+        app_id = COALESCE(processes.app_id, excluded.app_id),
+        pid = COALESCE(processes.pid, excluded.pid),
+        ppid = COALESCE(processes.ppid, excluded.ppid),
+        command = COALESCE(processes.command, excluded.command),
+        cwd = COALESCE(processes.cwd, excluded.cwd),
+        ended_at = COALESCE(excluded.ended_at, processes.ended_at),
+        exit_code = COALESCE(excluded.exit_code, processes.exit_code),
+        metadata = excluded.metadata
+    `).run(index.process_id, index.machine_id ?? null, index.repo_id ?? null, index.app_id ?? null, numberAttr(envelope.attributes, "pid"), numberAttr(envelope.attributes, "ppid"), stringAttr(envelope.attributes, "command"), stringAttr(envelope.attributes, "cwd"), stringAttr(envelope.attributes, "started_at") ?? envelope.event_time, stringAttr(envelope.attributes, "ended_at"), numberAttr(envelope.attributes, "exit_code"), JSON.stringify(index.metadata ?? {}));
+  }
+  if (index.run_id) {
+    db.prepare(`
+      INSERT INTO runs (id, process_id, run_type, name, status, started_at, ended_at, exit_code, metadata)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        process_id = COALESCE(runs.process_id, excluded.process_id),
+        run_type = COALESCE(runs.run_type, excluded.run_type),
+        name = COALESCE(runs.name, excluded.name),
+        ended_at = COALESCE(excluded.ended_at, runs.ended_at),
+        exit_code = COALESCE(excluded.exit_code, runs.exit_code),
+        status = COALESCE(excluded.status, runs.status),
+        metadata = excluded.metadata
+    `).run(...sqlArgs(index.run_id, index.process_id ?? null, stringAttr(envelope.attributes, "run_type") ?? envelope.type, stringAttr(envelope.attributes, "name") ?? envelope.message ?? null, stringAttr(envelope.attributes, "status"), stringAttr(envelope.attributes, "started_at") ?? envelope.event_time, stringAttr(envelope.attributes, "ended_at"), numberAttr(envelope.attributes, "exit_code"), JSON.stringify(index.metadata ?? {})));
+  }
+}
+function normalizeIsoTime(value, field) {
+  if (value === undefined || value.length === 0)
+    return null;
+  const date = new Date(value);
+  if (Number.isNaN(date.getTime()))
+    throw new Error(`${field} must be an ISO timestamp`);
+  return date.toISOString();
+}
+function deterministicSourceEventId(source, sourceEventId) {
+  if (!sourceEventId)
+    return;
+  const digest = createHash("sha256").update(source).update("\x00").update(sourceEventId).digest("hex").slice(0, 32);
+  return `evt_src_${digest}`;
+}
+function compactObject(value) {
+  return Object.fromEntries(Object.entries(value).filter(([, item]) => item !== undefined && item !== null));
+}
+function sanitizeOptionalString(value) {
+  if (value === undefined || value === null)
+    return;
+  if (typeof value !== "string")
+    throw new Error("expected string field");
+  return value;
+}
+function sanitizeNullableString(value) {
+  return sanitizeOptionalString(value) ?? null;
+}
+function redactNullableString(value, path) {
+  if (value === null || value === undefined)
+    return { value: value ?? null, report: emptyRedactionReport() };
+  return redactString(value, path);
+}
+function objectRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : {};
+}
+function stringAttr(record, key) {
+  const value = record?.[key];
+  if (typeof value === "string")
+    return value;
+  if (typeof value === "number" || typeof value === "bigint")
+    return String(value);
+  return null;
+}
+function numberAttr(record, key) {
+  const value = record?.[key];
+  if (typeof value === "number" && Number.isFinite(value))
+    return value;
+  if (typeof value === "string" && value.trim().length > 0) {
+    const parsed = Number(value);
+    if (Number.isFinite(parsed))
+      return parsed;
+  }
+  return null;
+}
+function rowExists(db, table, id) {
+  const row = db.prepare(`SELECT 1 AS found FROM ${table} WHERE id = ? LIMIT 1`).get(id);
+  return Boolean(row);
+}
+function emptyRedactionReport() {
+  return { applied: false, fields: [], replacements: 0 };
+}
+function sqlArgs(...values) {
+  return values;
+}
+
+export { publishEventCatalogEvent, subscribeLogEvents, subscribeEventCatalogEvents, hasBufferedLogEvent, hasBufferedEventCatalogEvent, searchEvents, getEvent, exportEventsToJson, createAlertRule, listAlertRules, updateAlertRule, deleteAlertRule, redactString, redactValue, mergeRedactionReports, redactionMetadata, ingestLog, ingestBatch, PACKAGE_VERSION, exitIfMetadataRequest, readOptionValue, hasOption, createProject, listProjects, getProject, updateProject, createPage, listPages, getPage, resolveProjectId, touchPage, saveSnapshot, getLatestSnapshot, getPerfTrend, scoreLabel, summarizeLogs, searchTestReports, getTestReport, UNIVERSAL_EVENT_TYPES, validateUniversalEventInput, ingestUniversalEvent };