npm - @llmtap/collector - Versions diffs - 0.1.0 - Mend

@llmtap/collector 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,1709 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  closeDb: () => closeDb,
+  createServer: () => createServer,
+  enforceRetention: () => enforceRetention,
+  getDb: () => getDb,
+  getOtlpEndpoint: () => getOtlpEndpoint,
+  resetDb: () => resetDb,
+  seedDemoData: () => seedDemoData,
+  startRetentionSchedule: () => startRetentionSchedule,
+  startServer: () => startServer
+});
+module.exports = __toCommonJS(index_exports);
+// src/server.ts
+var import_fastify = __toESM(require("fastify"));
+var import_cors = __toESM(require("@fastify/cors"));
+var import_static = __toESM(require("@fastify/static"));
+var import_zod4 = require("zod");
+var import_shared10 = require("@llmtap/shared");
+// src/db.ts
+var import_better_sqlite3 = __toESM(require("better-sqlite3"));
+var import_node_path = __toESM(require("path"));
+var import_node_os = __toESM(require("os"));
+var import_node_fs = __toESM(require("fs"));
+var import_shared = require("@llmtap/shared");
+var db = null;
+var retentionCheckInterval = null;
+var migrations = [
+  {
+    version: 1,
+    description: "Initial schema \u2014 spans table and indexes",
+    up(db2) {
+      db2.exec(`
+        CREATE TABLE IF NOT EXISTS spans (
+          spanId TEXT PRIMARY KEY,
+          traceId TEXT NOT NULL,
+          parentSpanId TEXT,
+          name TEXT NOT NULL,
+          operationName TEXT NOT NULL,
+          providerName TEXT NOT NULL,
+          startTime INTEGER NOT NULL,
+          endTime INTEGER,
+          duration INTEGER,
+          requestModel TEXT NOT NULL,
+          responseModel TEXT,
+          inputTokens INTEGER DEFAULT 0,
+          outputTokens INTEGER DEFAULT 0,
+          totalTokens INTEGER DEFAULT 0,
+          inputCost REAL DEFAULT 0,
+          outputCost REAL DEFAULT 0,
+          totalCost REAL DEFAULT 0,
+          temperature REAL,
+          maxTokens INTEGER,
+          topP REAL,
+          inputMessages TEXT,
+          outputMessages TEXT,
+          toolCalls TEXT,
+          status TEXT NOT NULL DEFAULT 'ok',
+          errorType TEXT,
+          errorMessage TEXT,
+          tags TEXT,
+          sessionId TEXT,
+          userId TEXT,
+          createdAt INTEGER DEFAULT (strftime('%s','now') * 1000)
+        );
+        CREATE INDEX IF NOT EXISTS idx_spans_traceId ON spans(traceId);
+        CREATE INDEX IF NOT EXISTS idx_spans_startTime ON spans(startTime);
+        CREATE INDEX IF NOT EXISTS idx_spans_providerName ON spans(providerName);
+        CREATE INDEX IF NOT EXISTS idx_spans_requestModel ON spans(requestModel);
+        CREATE INDEX IF NOT EXISTS idx_spans_status ON spans(status);
+      `);
+    }
+  },
+  {
+    version: 2,
+    description: "Add sessionId index for session queries",
+    up(db2) {
+      db2.exec(
+        `CREATE INDEX IF NOT EXISTS idx_spans_sessionId ON spans(sessionId);`
+      );
+    }
+  }
+];
+function ensureMigrationsTable(db2) {
+  db2.exec(`
+    CREATE TABLE IF NOT EXISTS _migrations (
+      version INTEGER PRIMARY KEY,
+      description TEXT NOT NULL,
+      appliedAt INTEGER NOT NULL DEFAULT (strftime('%s','now') * 1000)
+    );
+  `);
+}
+function getAppliedVersion(db2) {
+  const row = db2.prepare("SELECT MAX(version) as maxVer FROM _migrations").get();
+  return row.maxVer ?? 0;
+}
+function runMigrations(db2) {
+  ensureMigrationsTable(db2);
+  const currentVersion = getAppliedVersion(db2);
+  const insertMigration = db2.prepare(
+    "INSERT INTO _migrations (version, description) VALUES (@version, @description)"
+  );
+  const applyPending = db2.transaction(() => {
+    for (const migration of migrations) {
+      if (migration.version <= currentVersion) continue;
+      migration.up(db2);
+      insertMigration.run({
+        version: migration.version,
+        description: migration.description
+      });
+    }
+  });
+  applyPending();
+}
+function getDb() {
+  if (db) return db;
+  const dbDir = process.env.LLMTAP_DB_DIR ? import_node_path.default.resolve(process.env.LLMTAP_DB_DIR) : import_node_path.default.join(import_node_os.default.homedir(), import_shared.DB_DIR_NAME);
+  if (!import_node_fs.default.existsSync(dbDir)) {
+    import_node_fs.default.mkdirSync(dbDir, { recursive: true });
+  }
+  const dbPath = process.env.LLMTAP_DB_PATH ? import_node_path.default.resolve(process.env.LLMTAP_DB_PATH) : import_node_path.default.join(dbDir, import_shared.DB_FILE_NAME);
+  db = new import_better_sqlite3.default(dbPath);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  db.pragma("busy_timeout = 5000");
+  runMigrations(db);
+  return db;
+}
+function closeDb() {
+  if (retentionCheckInterval) {
+    clearInterval(retentionCheckInterval);
+    retentionCheckInterval = null;
+  }
+  if (db) {
+    try {
+      db.pragma("wal_checkpoint(TRUNCATE)");
+    } catch {
+    }
+    db.close();
+    db = null;
+  }
+}
+function resetDb() {
+  const d = getDb();
+  d.exec("DELETE FROM spans");
+  d.exec("VACUUM");
+}
+function enforceRetention(retentionDays) {
+  if (retentionDays <= 0) return 0;
+  const d = getDb();
+  const cutoff = Date.now() - retentionDays * 24 * 60 * 60 * 1e3;
+  const result = d.prepare("DELETE FROM spans WHERE startTime < @cutoff").run({ cutoff });
+  if (result.changes > 0) {
+    d.exec("VACUUM");
+  }
+  return result.changes;
+}
+function startRetentionSchedule(retentionDays) {
+  if (retentionDays <= 0) return;
+  enforceRetention(retentionDays);
+  retentionCheckInterval = setInterval(
+    () => enforceRetention(retentionDays),
+    60 * 60 * 1e3
+  );
+  if (retentionCheckInterval.unref) {
+    retentionCheckInterval.unref();
+  }
+}
+// src/seed.ts
+function seedDemoData() {
+  const db2 = getDb();
+  const count = db2.prepare("SELECT COUNT(*) as c FROM spans").get();
+  if (count.c > 0) return;
+  const now = Date.now();
+  const hour = 36e5;
+  const traces = [
+    {
+      traceId: "tr_demo_chatbot_session_001",
+      name: "customer-support-chat",
+      spans: [
+        {
+          spanId: "sp_demo_001a",
+          name: "classify-intent",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o-mini",
+          responseModel: "gpt-4o-mini-2024-07-18",
+          inputTokens: 245,
+          outputTokens: 32,
+          totalTokens: 277,
+          inputCost: 368e-7,
+          outputCost: 192e-7,
+          totalCost: 56e-6,
+          status: "ok",
+          startOffset: -22 * hour,
+          duration: 420,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are an intent classifier. Classify the user message into: billing, technical, general, urgent." },
+            { role: "user", content: "I can't access my account and I have a deadline in 2 hours!" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "urgent" }
+          ]),
+          temperature: 0
+        },
+        {
+          spanId: "sp_demo_001b",
+          parentSpanId: "sp_demo_001a",
+          name: "generate-response",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o",
+          responseModel: "gpt-4o-2024-08-06",
+          inputTokens: 580,
+          outputTokens: 245,
+          totalTokens: 825,
+          inputCost: 145e-5,
+          outputCost: 245e-5,
+          totalCost: 39e-4,
+          status: "ok",
+          startOffset: -22 * hour + 450,
+          duration: 1800,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are a helpful customer support agent. The user has an urgent account access issue." },
+            { role: "user", content: "I can't access my account and I have a deadline in 2 hours!" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "I understand the urgency. Let me help you regain access to your account right away.\n\n1. First, try resetting your password at our recovery page\n2. If that doesn't work, I can verify your identity and unlock your account manually\n3. For your deadline, I can also temporarily extend any submission windows\n\nWhich would you like to try first?" }
+          ]),
+          temperature: 0.7
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_code_review_002",
+      name: "ai-code-review",
+      spans: [
+        {
+          spanId: "sp_demo_002a",
+          name: "analyze-diff",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 1850,
+          outputTokens: 620,
+          totalTokens: 2470,
+          inputCost: 555e-5,
+          outputCost: 93e-4,
+          totalCost: 0.01485,
+          status: "ok",
+          startOffset: -18 * hour,
+          duration: 3200,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are a senior code reviewer. Analyze pull requests for bugs, security issues, and best practices." },
+            { role: "user", content: "Review this PR diff:\n```diff\n+async function getUserData(userId) {\n+  const query = `SELECT * FROM users WHERE id = '${userId}'`;\n+  return db.query(query);\n+}\n```" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "**Critical: SQL Injection Vulnerability**\n\nThe code directly interpolates `userId` into the SQL query string, creating a SQL injection attack vector.\n\n**Fix:** Use parameterized queries:\n```javascript\nasync function getUserData(userId) {\n  return db.query('SELECT * FROM users WHERE id = $1', [userId]);\n}\n```\n\n**Additional recommendations:**\n- Add input validation for userId format\n- Consider selecting specific columns instead of `SELECT *`\n- Add TypeScript types for the return value" }
+          ]),
+          temperature: 0.3
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_rag_pipeline_003",
+      name: "rag-document-qa",
+      spans: [
+        {
+          spanId: "sp_demo_003a",
+          name: "embed-query",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o-mini",
+          responseModel: "gpt-4o-mini-2024-07-18",
+          inputTokens: 45,
+          outputTokens: 12,
+          totalTokens: 57,
+          inputCost: 68e-7,
+          outputCost: 72e-7,
+          totalCost: 14e-6,
+          status: "ok",
+          startOffset: -12 * hour,
+          duration: 180,
+          inputMessages: JSON.stringify([
+            { role: "user", content: "Rewrite as a search query: What are the company's Q3 revenue numbers?" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Q3 quarterly revenue financial results earnings" }
+          ]),
+          temperature: 0
+        },
+        {
+          spanId: "sp_demo_003b",
+          parentSpanId: "sp_demo_003a",
+          name: "synthesize-answer",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o",
+          responseModel: "gpt-4o-2024-08-06",
+          inputTokens: 2100,
+          outputTokens: 380,
+          totalTokens: 2480,
+          inputCost: 525e-5,
+          outputCost: 38e-4,
+          totalCost: 905e-5,
+          status: "ok",
+          startOffset: -12 * hour + 500,
+          duration: 2800,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Answer the user's question using only the provided context. Cite sources." },
+            { role: "user", content: "What are the company's Q3 revenue numbers?\n\nContext:\n[Doc 1] Q3 2024 Earnings Report: Total revenue reached $4.2B, up 32% YoY...\n[Doc 2] Segment breakdown: Cloud services $2.1B, Enterprise $1.4B, Consumer $0.7B..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Based on the Q3 2024 Earnings Report, the company's Q3 revenue numbers are:\n\n- **Total Revenue:** $4.2 billion (up 32% year-over-year) [Doc 1]\n- **Cloud Services:** $2.1 billion [Doc 2]\n- **Enterprise:** $1.4 billion [Doc 2]\n- **Consumer:** $0.7 billion [Doc 2]\n\nCloud services represents the largest segment at 50% of total revenue." }
+          ]),
+          temperature: 0.2
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_agent_tools_004",
+      name: "multi-step-agent",
+      spans: [
+        {
+          spanId: "sp_demo_004a",
+          name: "agent-planning",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o",
+          responseModel: "gpt-4o-2024-08-06",
+          inputTokens: 890,
+          outputTokens: 156,
+          totalTokens: 1046,
+          inputCost: 2225e-6,
+          outputCost: 156e-5,
+          totalCost: 3785e-6,
+          status: "ok",
+          startOffset: -8 * hour,
+          duration: 1200,
+          toolCalls: JSON.stringify([
+            { id: "call_abc123", name: "get_weather", arguments: '{"location": "San Francisco, CA"}', result: '{"temp": 62, "condition": "foggy", "humidity": 78}' },
+            { id: "call_def456", name: "get_calendar", arguments: '{"date": "today"}', result: '{"events": [{"time": "2pm", "title": "Team standup"}, {"time": "4pm", "title": "Design review"}]}' }
+          ]),
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are a personal assistant with access to weather and calendar tools." },
+            { role: "user", content: "What's my afternoon looking like? Should I bring an umbrella?" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Here's your afternoon:\n\n**Schedule:**\n- 2:00 PM - Team standup\n- 4:00 PM - Design review\n\n**Weather:** 62\xB0F and foggy with 78% humidity. No rain expected, but a light jacket would be smart. No umbrella needed!" }
+          ]),
+          temperature: 0.5
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_error_005",
+      name: "content-moderation",
+      spans: [
+        {
+          spanId: "sp_demo_005a",
+          name: "moderate-content",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 320,
+          outputTokens: 0,
+          totalTokens: 320,
+          inputCost: 96e-5,
+          outputCost: 0,
+          totalCost: 96e-5,
+          status: "error",
+          errorType: "RateLimitError",
+          errorMessage: "Rate limit exceeded: Too many requests. Please retry after 30 seconds.",
+          startOffset: -4 * hour,
+          duration: 250,
+          inputMessages: JSON.stringify([
+            { role: "user", content: "Check this user-generated content for policy violations..." }
+          ]),
+          temperature: 0
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_summarize_006",
+      name: "document-summarizer",
+      spans: [
+        {
+          spanId: "sp_demo_006a",
+          name: "chunk-summarize-1",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 3200,
+          outputTokens: 450,
+          totalTokens: 3650,
+          inputCost: 96e-4,
+          outputCost: 675e-5,
+          totalCost: 0.01635,
+          status: "ok",
+          startOffset: -2 * hour,
+          duration: 2400,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Summarize the following document chunk concisely." },
+            { role: "user", content: "Chapter 1: The integration of large language models into enterprise workflows has fundamentally changed how organizations approach knowledge management..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "This chapter discusses how LLM adoption in enterprises has transformed knowledge management, shifting from static document repositories to dynamic, queryable knowledge systems. Key themes: reduced onboarding time (40% avg), improved cross-team knowledge sharing, and new challenges around data privacy and model governance." }
+          ]),
+          temperature: 0.3
+        },
+        {
+          spanId: "sp_demo_006b",
+          parentSpanId: "sp_demo_006a",
+          name: "chunk-summarize-2",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 2800,
+          outputTokens: 380,
+          totalTokens: 3180,
+          inputCost: 84e-4,
+          outputCost: 57e-4,
+          totalCost: 0.0141,
+          status: "ok",
+          startOffset: -2 * hour + 2500,
+          duration: 2100,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Summarize the following document chunk concisely." },
+            { role: "user", content: "Chapter 2: Implementation best practices for LLM-powered systems require careful consideration of prompt engineering, evaluation frameworks, and cost optimization strategies..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Chapter 2 covers LLM implementation best practices: structured prompt templates, A/B evaluation frameworks comparing model outputs, and cost optimization through model routing (using smaller models for simple tasks). Recommends starting with a pilot program before enterprise-wide rollout." }
+          ]),
+          temperature: 0.3
+        },
+        {
+          spanId: "sp_demo_006c",
+          parentSpanId: "sp_demo_006a",
+          name: "final-synthesis",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 950,
+          outputTokens: 280,
+          totalTokens: 1230,
+          inputCost: 285e-5,
+          outputCost: 42e-4,
+          totalCost: 705e-5,
+          status: "ok",
+          startOffset: -2 * hour + 5e3,
+          duration: 1500,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Combine these chapter summaries into a cohesive executive summary." },
+            { role: "user", content: "[Summary 1] LLM adoption transforms enterprise knowledge management...\n[Summary 2] Implementation requires prompt engineering, evaluation, cost optimization..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "**Executive Summary**\n\nEnterprise LLM adoption is transforming knowledge management from static repositories to dynamic, queryable systems, yielding 40% faster onboarding and improved cross-team collaboration. Successful implementation requires structured prompt templates, rigorous A/B evaluation, and intelligent cost optimization through model routing. Organizations should begin with pilot programs, prioritizing data privacy and model governance frameworks before scaling enterprise-wide." }
+          ]),
+          temperature: 0.4
+        }
+      ]
+    }
+  ];
+  const insertStmt = db2.prepare(`
+    INSERT INTO spans (
+      spanId, traceId, parentSpanId, name, operationName, providerName,
+      startTime, endTime, duration, requestModel, responseModel,
+      inputTokens, outputTokens, totalTokens, inputCost, outputCost, totalCost,
+      temperature, inputMessages, outputMessages, toolCalls,
+      status, errorType, errorMessage
+    ) VALUES (
+      @spanId, @traceId, @parentSpanId, @name, @operationName, @providerName,
+      @startTime, @endTime, @duration, @requestModel, @responseModel,
+      @inputTokens, @outputTokens, @totalTokens, @inputCost, @outputCost, @totalCost,
+      @temperature, @inputMessages, @outputMessages, @toolCalls,
+      @status, @errorType, @errorMessage
+    )
+  `);
+  const insertAll = db2.transaction(() => {
+    for (const trace of traces) {
+      for (const span of trace.spans) {
+        const startTime = now + span.startOffset;
+        const endTime = startTime + span.duration;
+        insertStmt.run({
+          spanId: span.spanId,
+          traceId: trace.traceId,
+          parentSpanId: span.parentSpanId ?? null,
+          name: span.name,
+          operationName: span.operationName,
+          providerName: span.providerName,
+          startTime,
+          endTime,
+          duration: span.duration,
+          requestModel: span.requestModel,
+          responseModel: span.responseModel,
+          inputTokens: span.inputTokens,
+          outputTokens: span.outputTokens,
+          totalTokens: span.totalTokens,
+          inputCost: span.inputCost,
+          outputCost: span.outputCost,
+          totalCost: span.totalCost,
+          temperature: span.temperature ?? null,
+          inputMessages: span.inputMessages ?? null,
+          outputMessages: span.outputMessages ?? null,
+          toolCalls: span.toolCalls ?? null,
+          status: span.status,
+          errorType: span.errorType ?? null,
+          errorMessage: span.errorMessage ?? null
+        });
+      }
+    }
+  });
+  insertAll();
+}
+// src/schemas.ts
+var import_zod = require("zod");
+var MAX_ID_LEN = 256;
+var MAX_SHORT_STRING = 512;
+var MAX_CONTENT_STRING = 1e5;
+var MAX_ERROR_MESSAGE = 1e4;
+var MAX_TOOL_ARGS = 2e5;
+var MessageSchema = import_zod.z.object({
+  role: import_zod.z.enum(["system", "user", "assistant", "tool"]),
+  content: import_zod.z.string().max(MAX_CONTENT_STRING).nullable(),
+  name: import_zod.z.string().max(MAX_SHORT_STRING).optional(),
+  toolCallId: import_zod.z.string().max(MAX_ID_LEN).optional()
+});
+var ToolCallSchema = import_zod.z.object({
+  id: import_zod.z.string().max(MAX_ID_LEN),
+  name: import_zod.z.string().max(MAX_SHORT_STRING),
+  arguments: import_zod.z.string().max(MAX_TOOL_ARGS),
+  result: import_zod.z.string().max(MAX_TOOL_ARGS).optional(),
+  duration: import_zod.z.number().nonnegative().optional()
+});
+var SpanInputSchema = import_zod.z.object({
+  spanId: import_zod.z.string().min(1).max(MAX_ID_LEN),
+  traceId: import_zod.z.string().min(1).max(MAX_ID_LEN),
+  parentSpanId: import_zod.z.string().min(1).max(MAX_ID_LEN).optional(),
+  name: import_zod.z.string().min(1).max(MAX_SHORT_STRING),
+  operationName: import_zod.z.string().min(1).max(MAX_SHORT_STRING),
+  providerName: import_zod.z.string().min(1).max(MAX_SHORT_STRING),
+  startTime: import_zod.z.number().nonnegative(),
+  endTime: import_zod.z.number().nonnegative().optional(),
+  duration: import_zod.z.number().nonnegative().optional(),
+  requestModel: import_zod.z.string().min(1).max(MAX_SHORT_STRING),
+  responseModel: import_zod.z.string().max(MAX_SHORT_STRING).optional(),
+  inputTokens: import_zod.z.number().int().nonnegative().optional(),
+  outputTokens: import_zod.z.number().int().nonnegative().optional(),
+  totalTokens: import_zod.z.number().int().nonnegative().optional(),
+  inputCost: import_zod.z.number().nonnegative().optional(),
+  outputCost: import_zod.z.number().nonnegative().optional(),
+  totalCost: import_zod.z.number().nonnegative().optional(),
+  temperature: import_zod.z.number().min(0).max(10).optional(),
+  maxTokens: import_zod.z.number().int().nonnegative().optional(),
+  topP: import_zod.z.number().min(0).max(1).optional(),
+  inputMessages: import_zod.z.array(MessageSchema).max(500).optional(),
+  outputMessages: import_zod.z.array(MessageSchema).max(500).optional(),
+  toolCalls: import_zod.z.array(ToolCallSchema).max(200).optional(),
+  status: import_zod.z.enum(["ok", "error"]),
+  errorType: import_zod.z.string().max(MAX_SHORT_STRING).optional(),
+  errorMessage: import_zod.z.string().max(MAX_ERROR_MESSAGE).optional(),
+  tags: import_zod.z.record(import_zod.z.string().max(MAX_SHORT_STRING)).optional(),
+  sessionId: import_zod.z.string().max(MAX_ID_LEN).optional(),
+  userId: import_zod.z.string().max(MAX_ID_LEN).optional()
+});
+var IngestRequestSchema = import_zod.z.object({
+  spans: import_zod.z.array(SpanInputSchema).min(1).max(500)
+});
+var TracesQuerySchema = import_zod.z.object({
+  limit: import_zod.z.coerce.number().int().min(1).max(200).default(50),
+  offset: import_zod.z.coerce.number().int().min(0).default(0),
+  status: import_zod.z.enum(["ok", "error"]).optional(),
+  provider: import_zod.z.string().max(MAX_SHORT_STRING).optional(),
+  q: import_zod.z.string().max(MAX_SHORT_STRING).optional(),
+  periodHours: import_zod.z.coerce.number().int().min(1).max(8760).optional()
+  // max 1 year
+});
+var StatsQuerySchema = import_zod.z.object({
+  period: import_zod.z.coerce.number().int().min(1).max(8760).default(24)
+});
+var SessionsQuerySchema = import_zod.z.object({
+  periodHours: import_zod.z.coerce.number().int().min(1).max(8760).default(168),
+  limit: import_zod.z.coerce.number().int().min(1).max(200).default(50),
+  offset: import_zod.z.coerce.number().int().min(0).default(0)
+});
+// src/events.ts
+var import_node_events = require("events");
+var eventBus = new import_node_events.EventEmitter();
+eventBus.setMaxListeners(100);
+function emitSpanEvent(data) {
+  eventBus.emit("span", { type: "span", data });
+}
+function onSpanEvent(handler) {
+  eventBus.on("span", handler);
+  return () => eventBus.off("span", handler);
+}
+// src/otlp-forwarder.ts
+var import_shared2 = require("@llmtap/shared");
+var endpoint = null;
+var headers = {};
+var serviceName = "llmtap";
+var buffer = [];
+var flushTimer = null;
+var FLUSH_INTERVAL_MS = 2e3;
+var MAX_BATCH = 100;
+function initOtlpForwarder() {
+  const rawEndpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
+  if (!rawEndpoint) return false;
+  endpoint = rawEndpoint.replace(/\/+$/, "");
+  if (!endpoint.endsWith("/v1/traces")) {
+    endpoint += "/v1/traces";
+  }
+  const rawHeaders = process.env.OTEL_EXPORTER_OTLP_HEADERS;
+  if (rawHeaders) {
+    for (const pair of rawHeaders.split(",")) {
+      const eq = pair.indexOf("=");
+      if (eq > 0) {
+        headers[pair.slice(0, eq).trim()] = pair.slice(eq + 1).trim();
+      }
+    }
+  }
+  serviceName = process.env.OTEL_SERVICE_NAME ?? "llmtap";
+  return true;
+}
+function forwardSpans(spans) {
+  if (!endpoint) return;
+  buffer.push(...spans);
+  if (buffer.length >= MAX_BATCH) {
+    flushOtlpBuffer();
+    return;
+  }
+  if (!flushTimer) {
+    flushTimer = setTimeout(flushOtlpBuffer, FLUSH_INTERVAL_MS);
+  }
+}
+function flushOtlpBuffer() {
+  if (flushTimer) {
+    clearTimeout(flushTimer);
+    flushTimer = null;
+  }
+  if (!endpoint || buffer.length === 0) return;
+  const batch = buffer.splice(0, MAX_BATCH);
+  const otlp = (0, import_shared2.spansToOtlp)(batch, serviceName);
+  fetch(endpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...headers
+    },
+    body: JSON.stringify(otlp),
+    signal: AbortSignal.timeout(1e4)
+  }).catch(() => {
+  });
+  if (buffer.length > 0) {
+    flushTimer = setTimeout(flushOtlpBuffer, FLUSH_INTERVAL_MS);
+  }
+}
+function getOtlpEndpoint() {
+  return endpoint;
+}
+// src/routes/ingest.ts
+var import_shared3 = require("@llmtap/shared");
+async function registerIngestRoute(app) {
+  app.post(import_shared3.ROUTES.INGEST_SPANS, async (request, reply) => {
+    const parsed = IngestRequestSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({
+        error: "Validation failed",
+        details: parsed.error.issues
+      });
+    }
+    const db2 = getDb();
+    const insert = db2.prepare(`
+      INSERT OR REPLACE INTO spans (
+        spanId, traceId, parentSpanId, name, operationName, providerName,
+        startTime, endTime, duration, requestModel, responseModel,
+        inputTokens, outputTokens, totalTokens,
+        inputCost, outputCost, totalCost,
+        temperature, maxTokens, topP,
+        inputMessages, outputMessages, toolCalls,
+        status, errorType, errorMessage,
+        tags, sessionId, userId
+      ) VALUES (
+        @spanId, @traceId, @parentSpanId, @name, @operationName, @providerName,
+        @startTime, @endTime, @duration, @requestModel, @responseModel,
+        @inputTokens, @outputTokens, @totalTokens,
+        @inputCost, @outputCost, @totalCost,
+        @temperature, @maxTokens, @topP,
+        @inputMessages, @outputMessages, @toolCalls,
+        @status, @errorType, @errorMessage,
+        @tags, @sessionId, @userId
+      )
+    `);
+    const insertMany = db2.transaction((spans) => {
+      for (const span of spans) {
+        insert.run({
+          spanId: span.spanId,
+          traceId: span.traceId,
+          parentSpanId: span.parentSpanId ?? null,
+          name: span.name,
+          operationName: span.operationName,
+          providerName: span.providerName,
+          startTime: span.startTime,
+          endTime: span.endTime ?? null,
+          duration: span.duration ?? null,
+          requestModel: span.requestModel,
+          responseModel: span.responseModel ?? null,
+          inputTokens: span.inputTokens ?? 0,
+          outputTokens: span.outputTokens ?? 0,
+          totalTokens: span.totalTokens ?? 0,
+          inputCost: span.inputCost ?? 0,
+          outputCost: span.outputCost ?? 0,
+          totalCost: span.totalCost ?? 0,
+          temperature: span.temperature ?? null,
+          maxTokens: span.maxTokens ?? null,
+          topP: span.topP ?? null,
+          inputMessages: span.inputMessages ? JSON.stringify(span.inputMessages) : null,
+          outputMessages: span.outputMessages ? JSON.stringify(span.outputMessages) : null,
+          toolCalls: span.toolCalls ? JSON.stringify(span.toolCalls) : null,
+          status: span.status,
+          errorType: span.errorType ?? null,
+          errorMessage: span.errorMessage ?? null,
+          tags: span.tags ? JSON.stringify(span.tags) : null,
+          sessionId: span.sessionId ?? null,
+          userId: span.userId ?? null
+        });
+      }
+    });
+    insertMany(parsed.data.spans);
+    for (const span of parsed.data.spans) {
+      emitSpanEvent(span);
+    }
+    forwardSpans(parsed.data.spans);
+    return reply.status(200).send({
+      accepted: parsed.data.spans.length
+    });
+  });
+}
+// src/routes/traces.ts
+var import_shared4 = require("@llmtap/shared");
+function safeJsonParse(val) {
+  if (!val) return void 0;
+  try {
+    return JSON.parse(val);
+  } catch {
+    return void 0;
+  }
+}
+function parseSpanRow(row) {
+  return {
+    ...row,
+    inputMessages: safeJsonParse(row.inputMessages),
+    outputMessages: safeJsonParse(row.outputMessages),
+    toolCalls: safeJsonParse(row.toolCalls),
+    tags: safeJsonParse(row.tags),
+    parentSpanId: row.parentSpanId ?? void 0,
+    responseModel: row.responseModel ?? void 0,
+    endTime: row.endTime ?? void 0,
+    duration: row.duration ?? void 0,
+    temperature: row.temperature ?? void 0,
+    maxTokens: row.maxTokens ?? void 0,
+    topP: row.topP ?? void 0,
+    errorType: row.errorType ?? void 0,
+    errorMessage: row.errorMessage ?? void 0,
+    sessionId: row.sessionId ?? void 0,
+    userId: row.userId ?? void 0
+  };
+}
+async function registerTraceRoutes(app) {
+  app.get(import_shared4.ROUTES.LIST_TRACES, async (request, reply) => {
+    const parsed = TracesQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Invalid query parameters", details: parsed.error.flatten() });
+    }
+    const { limit, offset, status, provider, q, periodHours } = parsed.data;
+    const db2 = getDb();
+    const whereConditions = [];
+    const havingConditions = [];
+    const params = { limit, offset };
+    if (status) {
+      havingConditions.push("status = @status");
+      params.status = status;
+    }
+    if (provider) {
+      whereConditions.push("providerName = @provider");
+      params.provider = provider;
+    }
+    if (q) {
+      const escaped = q.replace(/[%_]/g, "\\$&");
+      whereConditions.push(`
+        (
+          name LIKE @search ESCAPE '\\' OR
+          providerName LIKE @search ESCAPE '\\' OR
+          requestModel LIKE @search ESCAPE '\\' OR
+          COALESCE(responseModel, '') LIKE @search ESCAPE '\\' OR
+          COALESCE(errorMessage, '') LIKE @search ESCAPE '\\' OR
+          COALESCE(inputMessages, '') LIKE @search ESCAPE '\\' OR
+          COALESCE(outputMessages, '') LIKE @search ESCAPE '\\'
+        )
+      `);
+      params.search = `%${escaped}%`;
+    }
+    if (periodHours) {
+      whereConditions.push("startTime >= @since");
+      params.since = Date.now() - periodHours * 60 * 60 * 1e3;
+    }
+    const whereClause = whereConditions.length > 0 ? `WHERE ${whereConditions.join(" AND ")}` : "";
+    const havingClause = havingConditions.length > 0 ? `HAVING ${havingConditions.join(" AND ")}` : "";
+    const rows = db2.prepare(
+      `
+      SELECT
+        traceId,
+        MIN(name) as name,
+        MIN(startTime) as startTime,
+        MAX(endTime) as endTime,
+        CASE WHEN SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) > 0
+             THEN 'error' ELSE 'ok' END as status,
+        COUNT(*) as spanCount,
+        SUM(totalTokens) as totalTokens,
+        SUM(totalCost) as totalCost,
+        MAX(endTime) - MIN(startTime) as totalDuration
+      FROM spans
+      ${whereClause}
+      GROUP BY traceId
+      ${havingClause}
+      ORDER BY startTime DESC
+      LIMIT @limit OFFSET @offset
+    `
+    ).all(params);
+    const totalRow = db2.prepare(
+      `
+      SELECT COUNT(*) as total
+      FROM (
+        SELECT traceId
+        FROM spans
+        ${whereClause}
+        GROUP BY traceId
+        ${havingClause}
+      ) grouped_traces
+    `
+    ).get(params);
+    return reply.send({
+      traces: rows.map((r) => ({
+        ...r,
+        endTime: r.endTime ?? void 0,
+        totalDuration: r.totalDuration ?? void 0
+      })),
+      total: totalRow.total
+    });
+  });
+  app.get("/v1/traces/:traceId/spans", async (request, reply) => {
+    const { traceId } = request.params;
+    const db2 = getDb();
+    const rows = db2.prepare(
+      `SELECT * FROM spans WHERE traceId = @traceId ORDER BY startTime ASC`
+    ).all({ traceId });
+    return reply.send({
+      spans: rows.map(parseSpanRow)
+    });
+  });
+}
+// src/routes/stats.ts
+var import_shared5 = require("@llmtap/shared");
+async function registerStatsRoute(app) {
+  app.get(import_shared5.ROUTES.GET_STATS, async (request, reply) => {
+    const parsed = StatsQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Invalid query parameters", details: parsed.error.flatten() });
+    }
+    const periodHours = parsed.data.period;
+    const since = Date.now() - periodHours * 60 * 60 * 1e3;
+    const db2 = getDb();
+    const stats = db2.prepare(
+      `
+      SELECT
+        COUNT(DISTINCT traceId) as totalTraces,
+        COUNT(*) as totalSpans,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        COALESCE(AVG(duration), 0) as avgDuration,
+        SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) as errorCount
+      FROM spans
+      WHERE startTime >= @since
+    `
+    ).get({ since });
+    const byProvider = db2.prepare(
+      `
+      SELECT
+        providerName as provider,
+        COUNT(*) as spanCount,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        COALESCE(AVG(duration), 0) as avgDuration
+      FROM spans
+      WHERE startTime >= @since
+      GROUP BY providerName
+      ORDER BY totalCost DESC
+    `
+    ).all({ since });
+    const byModel = db2.prepare(
+      `
+      SELECT
+        requestModel as model,
+        providerName as provider,
+        COUNT(*) as spanCount,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        COALESCE(AVG(duration), 0) as avgDuration
+      FROM spans
+      WHERE startTime >= @since
+      GROUP BY requestModel, providerName
+      ORDER BY totalCost DESC
+    `
+    ).all({ since });
+    const costOverTime = db2.prepare(
+      `
+      SELECT
+        (startTime / 3600000) * 3600000 as bucket,
+        COALESCE(SUM(totalCost), 0) as cost,
+        COALESCE(SUM(totalTokens), 0) as tokens,
+        COUNT(*) as spans
+      FROM spans
+      WHERE startTime >= @since
+      GROUP BY bucket
+      ORDER BY bucket ASC
+    `
+    ).all({ since });
+    return reply.send({
+      period: `${periodHours}h`,
+      ...stats,
+      errorRate: stats.totalSpans > 0 ? stats.errorCount / stats.totalSpans : 0,
+      byProvider,
+      byModel,
+      costOverTime: costOverTime.map((r) => ({
+        timestamp: r.bucket,
+        cost: r.cost,
+        tokens: r.tokens,
+        spans: r.spans
+      }))
+    });
+  });
+}
+// src/routes/sse.ts
+var import_shared6 = require("@llmtap/shared");
+var MAX_SSE_CONNECTIONS = 50;
+var sseConnectionCount = 0;
+async function registerSSERoute(app) {
+  app.get(import_shared6.ROUTES.SSE_STREAM, async (request, reply) => {
+    if (sseConnectionCount >= MAX_SSE_CONNECTIONS) {
+      return reply.status(503).send({ error: "Too many SSE connections" });
+    }
+    sseConnectionCount++;
+    reply.raw.writeHead(200, {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      Connection: "keep-alive"
+    });
+    reply.raw.write("event: connected\ndata: {}\n\n");
+    const heartbeat = setInterval(() => {
+      reply.raw.write(":heartbeat\n\n");
+    }, 15e3);
+    const unsubscribe = onSpanEvent((event) => {
+      reply.raw.write(
+        `event: ${event.type}
+data: ${JSON.stringify(event.data)}
+`
+      );
+    });
+    request.raw.on("close", () => {
+      sseConnectionCount--;
+      clearInterval(heartbeat);
+      unsubscribe();
+    });
+  });
+}
+// src/routes/sessions.ts
+var import_shared7 = require("@llmtap/shared");
+async function registerSessionsRoute(app) {
+  app.get(import_shared7.ROUTES.GET_SESSIONS, async (request, reply) => {
+    const parsed = SessionsQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Invalid query parameters", details: parsed.error.flatten() });
+    }
+    const { periodHours, limit, offset } = parsed.data;
+    const since = Date.now() - periodHours * 60 * 60 * 1e3;
+    const db2 = getDb();
+    const rows = db2.prepare(
+      `
+      SELECT
+        sessionId,
+        COUNT(DISTINCT traceId) as traceCount,
+        COUNT(*) as spanCount,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        MIN(startTime) as firstSeen,
+        MAX(startTime) as lastSeen,
+        SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) as errorCount
+      FROM spans
+      WHERE sessionId IS NOT NULL AND sessionId != '' AND startTime >= @since
+      GROUP BY sessionId
+      ORDER BY lastSeen DESC
+      LIMIT @limit OFFSET @offset
+    `
+    ).all({ since, limit, offset });
+    const totalRow = db2.prepare(
+      `
+      SELECT COUNT(DISTINCT sessionId) as total
+      FROM spans
+      WHERE sessionId IS NOT NULL AND sessionId != '' AND startTime >= @since
+    `
+    ).get({ since });
+    return reply.send({ sessions: rows, total: totalRow.total });
+  });
+}
+// src/routes/db-info.ts
+var import_node_path2 = __toESM(require("path"));
+var import_node_fs2 = __toESM(require("fs"));
+var import_node_os2 = __toESM(require("os"));
+var import_shared8 = require("@llmtap/shared");
+async function registerDbInfoRoute(app) {
+  app.get(import_shared8.ROUTES.GET_DB_INFO, async (_request, reply) => {
+    const db2 = getDb();
+    const dbDir = process.env.LLMTAP_DB_DIR ? import_node_path2.default.resolve(process.env.LLMTAP_DB_DIR) : import_node_path2.default.join(import_node_os2.default.homedir(), import_shared8.DB_DIR_NAME);
+    const dbPath = process.env.LLMTAP_DB_PATH ? import_node_path2.default.resolve(process.env.LLMTAP_DB_PATH) : import_node_path2.default.join(dbDir, import_shared8.DB_FILE_NAME);
+    let sizeBytes = 0;
+    try {
+      const stat = import_node_fs2.default.statSync(dbPath);
+      sizeBytes = stat.size;
+    } catch {
+    }
+    const spanCount = db2.prepare("SELECT COUNT(*) as count FROM spans").get().count;
+    const traceCount = db2.prepare("SELECT COUNT(DISTINCT traceId) as count FROM spans").get().count;
+    const oldestSpan = db2.prepare("SELECT MIN(startTime) as oldest FROM spans").get().oldest;
+    const newestSpan = db2.prepare("SELECT MAX(startTime) as newest FROM spans").get().newest;
+    return reply.send({
+      path: dbPath,
+      sizeBytes,
+      spanCount,
+      traceCount,
+      oldestSpan,
+      newestSpan,
+      walMode: db2.pragma("journal_mode")[0]?.journal_mode
+    });
+  });
+}
+// src/routes/insights.ts
+var insightsCache = null;
+var INSIGHTS_CACHE_TTL_MS = 3e4;
+async function registerInsightsRoute(app) {
+  app.get("/v1/insights", async (_request, reply) => {
+    const now = Date.now();
+    if (insightsCache && now - insightsCache.timestamp < INSIGHTS_CACHE_TTL_MS) {
+      return reply.send(insightsCache.data);
+    }
+    const db2 = getDb();
+    const insights = [];
+    const since24h = Date.now() - 24 * 60 * 60 * 1e3;
+    const since7d = Date.now() - 7 * 24 * 60 * 60 * 1e3;
+    try {
+      const anomalies = db2.prepare(
+        `
+          WITH avg_cost AS (
+            SELECT AVG(trace_cost) as avgCost
+            FROM (
+              SELECT traceId, SUM(totalCost) as trace_cost
+              FROM spans
+              WHERE startTime >= @since
+              GROUP BY traceId
+            )
+          )
+          SELECT
+            s.traceId,
+            MIN(s.name) as name,
+            SUM(s.totalCost) as totalCost,
+            (SELECT avgCost FROM avg_cost) as avgCost
+          FROM spans s
+          WHERE s.startTime >= @since
+          GROUP BY s.traceId
+          HAVING totalCost > (SELECT avgCost FROM avg_cost) * 5 AND totalCost > 0.01
+          ORDER BY totalCost DESC
+          LIMIT 3
+        `
+      ).all({ since: since24h });
+      for (const a of anomalies) {
+        const multiplier = a.avgCost > 0 ? Math.round(a.totalCost / a.avgCost) : 0;
+        insights.push({
+          id: `cost_anomaly_${a.traceId}`,
+          type: "cost_anomaly",
+          severity: multiplier > 20 ? "critical" : "warning",
+          title: `High cost trace detected`,
+          description: `"${a.name}" cost $${a.totalCost.toFixed(4)} \u2014 ${multiplier}x your average trace cost of $${a.avgCost.toFixed(4)}.`,
+          metric: `${multiplier}x avg`
+        });
+      }
+    } catch {
+    }
+    try {
+      const errors = db2.prepare(
+        `
+          SELECT
+            COALESCE(errorType, 'Unknown') as errorType,
+            COUNT(*) as errorCount,
+            MAX(startTime) as latestTime
+          FROM spans
+          WHERE status = 'error' AND startTime >= @since
+          GROUP BY errorType
+          HAVING errorCount >= 3
+          ORDER BY errorCount DESC
+          LIMIT 3
+        `
+      ).all({ since: since7d });
+      for (const e of errors) {
+        insights.push({
+          id: `error_pattern_${e.errorType}`,
+          type: "error_pattern",
+          severity: e.errorCount > 20 ? "critical" : "warning",
+          title: `Recurring errors: ${e.errorType}`,
+          description: `${e.errorCount} "${e.errorType}" errors in the last 7 days.`,
+          metric: `${e.errorCount} errors`
+        });
+      }
+    } catch {
+    }
+    try {
+      const usage = db2.prepare(
+        `
+          SELECT
+            requestModel as model,
+            providerName as provider,
+            COUNT(*) as spanCount,
+            AVG(totalTokens) as avgTokens,
+            SUM(totalCost) as totalCost,
+            AVG(totalCost) as avgCost
+          FROM spans
+          WHERE startTime >= @since AND status = 'ok'
+          GROUP BY requestModel, providerName
+          ORDER BY totalCost DESC
+        `
+      ).all({ since: since7d });
+      for (const u of usage) {
+        const isExpensive = u.model.includes("gpt-4o") && !u.model.includes("mini") || u.model.includes("gpt-4-") || u.model.includes("claude-3-opus") || u.model.includes("claude-opus") || u.model.includes("claude-4") && !u.model.includes("haiku");
+        const isLowToken = u.avgTokens < 500;
+        if (isExpensive && isLowToken && u.spanCount >= 5 && u.totalCost > 0.05) {
+          insights.push({
+            id: `model_rec_${u.model}`,
+            type: "model_recommendation",
+            severity: "info",
+            title: `Consider a lighter model for "${u.model}"`,
+            description: `${u.spanCount} calls averaging ${Math.round(u.avgTokens)} tokens \u2014 a smaller model could save ~$${(u.totalCost * 0.7).toFixed(2)}.`,
+            metric: `$${u.totalCost.toFixed(2)} spent`
+          });
+        }
+      }
+    } catch {
+    }
+    try {
+      const wasteRows = db2.prepare(
+        `
+          SELECT
+            name,
+            requestModel as model,
+            AVG(inputTokens) as avgInputTokens,
+            AVG(outputTokens) as avgOutputTokens,
+            COUNT(*) as spanCount,
+            CASE WHEN AVG(outputTokens) > 0
+              THEN CAST(AVG(inputTokens) AS REAL) / AVG(outputTokens)
+              ELSE 0
+            END as inputRatio
+          FROM spans
+          WHERE startTime >= @since AND status = 'ok' AND inputTokens > 0
+          GROUP BY name, requestModel
+          HAVING inputRatio > 10 AND avgInputTokens > 1000 AND spanCount >= 3
+          ORDER BY inputRatio DESC
+          LIMIT 3
+        `
+      ).all({ since: since7d });
+      for (const w of wasteRows) {
+        insights.push({
+          id: `token_waste_${w.name}_${w.model}`,
+          type: "token_waste",
+          severity: "info",
+          title: `High input-to-output token ratio`,
+          description: `"${w.name}" uses ~${Math.round(w.avgInputTokens)} input tokens to generate ~${Math.round(w.avgOutputTokens)} output tokens (${Math.round(w.inputRatio)}:1 ratio). Consider compressing the system prompt.`,
+          metric: `${Math.round(w.inputRatio)}:1 ratio`
+        });
+      }
+    } catch {
+    }
+    const result = { insights };
+    insightsCache = { data: result, timestamp: Date.now() };
+    return reply.send(result);
+  });
+}
+// src/routes/replay.ts
+var import_zod2 = require("zod");
+var ReplaySchema = import_zod2.z.object({
+  spanId: import_zod2.z.string().min(1).max(256),
+  apiKey: import_zod2.z.string().min(1).max(512)
+});
+async function registerReplayRoute(app) {
+  app.post("/v1/replay", async (request, reply) => {
+    const parsed = ReplaySchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({
+        error: "Validation failed",
+        details: parsed.error.issues
+      });
+    }
+    const { spanId, apiKey } = parsed.data;
+    const db2 = getDb();
+    const span = db2.prepare(
+      `SELECT providerName, requestModel, inputMessages, temperature, maxTokens, topP
+         FROM spans WHERE spanId = ?`
+    ).get(spanId);
+    if (!span) {
+      return reply.status(404).send({ error: "Span not found" });
+    }
+    if (!span.inputMessages) {
+      return reply.status(400).send({
+        error: "Span has no input messages to replay"
+      });
+    }
+    let messages;
+    try {
+      messages = JSON.parse(span.inputMessages);
+    } catch {
+      return reply.status(400).send({ error: "Failed to parse input messages" });
+    }
+    const startTime = Date.now();
+    try {
+      if (span.providerName === "anthropic") {
+        const result2 = await replayAnthropic(
+          apiKey,
+          span.requestModel,
+          messages,
+          span.temperature,
+          span.maxTokens
+        );
+        return reply.send({
+          ...result2,
+          duration: Date.now() - startTime,
+          provider: "anthropic",
+          model: span.requestModel
+        });
+      }
+      const result = await replayOpenAI(
+        apiKey,
+        span.requestModel,
+        messages,
+        span.temperature,
+        span.maxTokens,
+        span.topP,
+        span.providerName
+      );
+      return reply.send({
+        ...result,
+        duration: Date.now() - startTime,
+        provider: span.providerName,
+        model: span.requestModel
+      });
+    } catch (err) {
+      return reply.status(502).send({
+        error: "Replay failed",
+        message: err instanceof Error ? err.message : String(err),
+        duration: Date.now() - startTime
+      });
+    }
+  });
+}
+async function replayOpenAI(apiKey, model, messages, temperature, maxTokens, topP, provider) {
+  const baseUrls = {
+    openai: "https://api.openai.com/v1",
+    deepseek: "https://api.deepseek.com/v1",
+    groq: "https://api.groq.com/openai/v1",
+    together: "https://api.together.xyz/v1",
+    fireworks: "https://api.fireworks.ai/inference/v1",
+    openrouter: "https://openrouter.ai/api/v1",
+    xai: "https://api.x.ai/v1"
+  };
+  const baseUrl = baseUrls[provider] ?? baseUrls.openai;
+  const reqBody = { model, messages };
+  if (temperature !== null) reqBody.temperature = temperature;
+  if (maxTokens !== null) reqBody.max_tokens = maxTokens;
+  if (topP !== null) reqBody.top_p = topP;
+  const res = await fetch(`${baseUrl}/chat/completions`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${apiKey}`
+    },
+    body: JSON.stringify(reqBody),
+    signal: AbortSignal.timeout(6e4)
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`API returned HTTP ${res.status}: ${text.slice(0, 500)}`);
+  }
+  const data = await res.json();
+  const choice = data.choices?.[0];
+  return {
+    content: choice?.message?.content ?? "",
+    inputTokens: data.usage?.prompt_tokens ?? 0,
+    outputTokens: data.usage?.completion_tokens ?? 0,
+    totalTokens: data.usage?.total_tokens ?? 0,
+    responseModel: data.model ?? model
+  };
+}
+async function replayAnthropic(apiKey, model, rawMessages, temperature, maxTokens) {
+  const messages = rawMessages;
+  const systemMsg = messages.find((m) => m.role === "system");
+  const nonSystemMessages = messages.filter((m) => m.role !== "system");
+  const reqBody = {
+    model,
+    messages: nonSystemMessages,
+    max_tokens: maxTokens ?? 4096
+  };
+  if (systemMsg) reqBody.system = systemMsg.content;
+  if (temperature !== null) reqBody.temperature = temperature;
+  const res = await fetch("https://api.anthropic.com/v1/messages", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": apiKey,
+      "anthropic-version": "2023-06-01"
+    },
+    body: JSON.stringify(reqBody),
+    signal: AbortSignal.timeout(6e4)
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`API returned HTTP ${res.status}: ${text.slice(0, 500)}`);
+  }
+  const data = await res.json();
+  const textContent = data.content?.filter((c) => c.type === "text").map((c) => c.text).join("") ?? "";
+  const inputTokens = data.usage?.input_tokens ?? 0;
+  const outputTokens = data.usage?.output_tokens ?? 0;
+  return {
+    content: textContent,
+    inputTokens,
+    outputTokens,
+    totalTokens: inputTokens + outputTokens,
+    responseModel: data.model ?? model
+  };
+}
+// src/routes/otlp.ts
+var import_zod3 = require("zod");
+var import_shared9 = require("@llmtap/shared");
+function safeParse(val) {
+  if (!val) return void 0;
+  try {
+    return JSON.parse(val);
+  } catch {
+    return void 0;
+  }
+}
+function rowToSpan(row) {
+  return {
+    spanId: row.spanId,
+    traceId: row.traceId,
+    parentSpanId: row.parentSpanId ?? void 0,
+    name: row.name,
+    operationName: row.operationName,
+    providerName: row.providerName,
+    startTime: row.startTime,
+    endTime: row.endTime ?? void 0,
+    duration: row.duration ?? void 0,
+    requestModel: row.requestModel,
+    responseModel: row.responseModel ?? void 0,
+    inputTokens: row.inputTokens,
+    outputTokens: row.outputTokens,
+    totalTokens: row.totalTokens,
+    inputCost: row.inputCost,
+    outputCost: row.outputCost,
+    totalCost: row.totalCost,
+    temperature: row.temperature ?? void 0,
+    maxTokens: row.maxTokens ?? void 0,
+    topP: row.topP ?? void 0,
+    inputMessages: safeParse(row.inputMessages),
+    outputMessages: safeParse(row.outputMessages),
+    toolCalls: safeParse(row.toolCalls),
+    status: row.status,
+    errorType: row.errorType ?? void 0,
+    errorMessage: row.errorMessage ?? void 0,
+    tags: safeParse(row.tags),
+    sessionId: row.sessionId ?? void 0,
+    userId: row.userId ?? void 0
+  };
+}
+var BLOCKED_HEADERS = /* @__PURE__ */ new Set([
+  "host",
+  "content-length",
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "proxy-authorization",
+  "te",
+  "trailer"
+]);
+function sanitizeHeaders(userHeaders) {
+  const result = { "Content-Type": "application/json" };
+  if (!userHeaders) return result;
+  for (const [key, value] of Object.entries(userHeaders)) {
+    if (typeof key === "string" && typeof value === "string" && !BLOCKED_HEADERS.has(key.toLowerCase())) {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+var OtlpExportQuerySchema = import_zod3.z.object({
+  limit: import_zod3.z.coerce.number().int().min(1).max(5e3).default(1e3),
+  periodHours: import_zod3.z.coerce.number().int().min(0).max(8760).default(0),
+  traceId: import_zod3.z.string().max(256).optional(),
+  service: import_zod3.z.string().max(256).default("llmtap")
+});
+var OtlpForwardSchema = import_zod3.z.object({
+  endpoint: import_zod3.z.string().min(1).max(2048).url().refine(
+    (url) => {
+      try {
+        const parsed = new URL(url);
+        return parsed.protocol === "http:" || parsed.protocol === "https:";
+      } catch {
+        return false;
+      }
+    },
+    { message: "endpoint must use http or https protocol" }
+  ),
+  headers: import_zod3.z.record(import_zod3.z.string().max(4096)).optional(),
+  limit: import_zod3.z.number().int().min(1).max(5e3).optional(),
+  periodHours: import_zod3.z.number().int().min(0).max(8760).optional(),
+  service: import_zod3.z.string().max(256).optional()
+});
+async function registerOtlpExportRoute(app) {
+  app.get("/v1/export/otlp", async (request, reply) => {
+    const parsed = OtlpExportQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Validation failed", details: parsed.error.issues });
+    }
+    const { limit, periodHours, traceId, service: serviceName2 } = parsed.data;
+    const db2 = getDb();
+    const conditions = [];
+    const params = [];
+    if (periodHours > 0) {
+      conditions.push("startTime >= ?");
+      params.push(Date.now() - periodHours * 36e5);
+    }
+    if (traceId) {
+      conditions.push("traceId = ?");
+      params.push(traceId);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    params.push(limit);
+    const rows = db2.prepare(`SELECT * FROM spans ${where} ORDER BY startTime DESC LIMIT ?`).all(...params);
+    const spans = rows.map(rowToSpan);
+    const otlp = (0, import_shared9.spansToOtlp)(spans, serviceName2);
+    return reply.header("Content-Type", "application/json").send(otlp);
+  });
+  app.post("/v1/export/otlp/forward", async (request, reply) => {
+    const parsed = OtlpForwardSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Validation failed", details: parsed.error.issues });
+    }
+    const body = parsed.data;
+    const limit = body.limit ?? 1e3;
+    const periodHours = body.periodHours ?? 0;
+    const serviceName2 = body.service ?? "llmtap";
+    const db2 = getDb();
+    const conditions = [];
+    const params = [];
+    if (periodHours > 0) {
+      conditions.push("startTime >= ?");
+      params.push(Date.now() - periodHours * 36e5);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    params.push(limit);
+    const rows = db2.prepare(`SELECT * FROM spans ${where} ORDER BY startTime DESC LIMIT ?`).all(...params);
+    const spans = rows.map(rowToSpan);
+    const otlp = (0, import_shared9.spansToOtlp)(spans, serviceName2);
+    try {
+      const res = await fetch(body.endpoint, {
+        method: "POST",
+        headers: sanitizeHeaders(body.headers),
+        body: JSON.stringify(otlp),
+        signal: AbortSignal.timeout(3e4)
+      });
+      if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        return reply.status(502).send({
+          error: "OTLP endpoint returned error",
+          status: res.status,
+          body: text.slice(0, 500)
+        });
+      }
+      return reply.send({
+        status: "ok",
+        spanCount: spans.length,
+        endpoint: body.endpoint
+      });
+    } catch (err) {
+      return reply.status(502).send({
+        error: "Failed to reach OTLP endpoint",
+        message: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+}
+// src/server.ts
+var rateLimitConfigs = {
+  "POST:/v1/spans": { max: 300, windowMs: 6e4 },
+  "POST:/v1/reset": { max: 5, windowMs: 6e4 },
+  "POST:/v1/replay": { max: 30, windowMs: 6e4 },
+  "POST:/v1/retention": { max: 10, windowMs: 6e4 },
+  "POST:/v1/export/otlp/forward": { max: 20, windowMs: 6e4 },
+  "GET:/v1/insights": { max: 60, windowMs: 6e4 },
+  "GET:/v1/export/otlp": { max: 30, windowMs: 6e4 }
+};
+var rateLimitByIP = /* @__PURE__ */ new Map();
+var RetentionSchema = import_zod4.z.object({
+  retentionDays: import_zod4.z.number().min(0).max(3650)
+});
+var ResetSchema = import_zod4.z.object({
+  confirm: import_zod4.z.literal(true)
+});
+async function createServer(options = {}) {
+  const port = options.port ?? import_shared10.DEFAULT_COLLECTOR_PORT;
+  const host = options.host ?? "127.0.0.1";
+  const app = (0, import_fastify.default)({
+    logger: !options.quiet ? {
+      transport: {
+        target: "pino-pretty",
+        options: { translateTime: "HH:MM:ss", ignore: "pid,hostname" }
+      }
+    } : false,
+    // Limit request body to 2MB to prevent abuse
+    bodyLimit: 2 * 1024 * 1024
+  });
+  await app.register(import_cors.default, {
+    origin: (origin, cb) => {
+      if (!origin || /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/.test(origin)) {
+        cb(null, true);
+      } else {
+        cb(new Error("Not allowed by CORS"), false);
+      }
+    },
+    methods: ["GET", "POST", "OPTIONS"]
+  });
+  app.addHook("onRequest", async (request, reply) => {
+    const pathname = request.url.split("?")[0].replace(/\/+$/, "");
+    const key = `${request.method}:${pathname}`;
+    const cfg = rateLimitConfigs[key];
+    if (!cfg) return;
+    const ip = request.ip;
+    const ipKey = `${ip}:${key}`;
+    const now = Date.now();
+    let state = rateLimitByIP.get(ipKey);
+    if (!state || now - state.windowStart > cfg.windowMs) {
+      state = { count: 0, windowStart: now };
+      rateLimitByIP.set(ipKey, state);
+    }
+    state.count++;
+    if (state.count > cfg.max) {
+      return reply.status(429).send({
+        error: "Rate limit exceeded",
+        retryAfterMs: cfg.windowMs - (now - state.windowStart)
+      });
+    }
+  });
+  const rateLimitCleanup = setInterval(() => {
+    const now = Date.now();
+    for (const [k, v] of rateLimitByIP) {
+      if (now - v.windowStart > 12e4) rateLimitByIP.delete(k);
+    }
+  }, 6e4);
+  rateLimitCleanup.unref();
+  if (options.dashboardPath) {
+    await app.register(import_static.default, {
+      root: options.dashboardPath,
+      prefix: "/",
+      wildcard: true
+    });
+    app.setNotFoundHandler(async (_request, reply) => {
+      return reply.sendFile("index.html");
+    });
+  }
+  getDb();
+  if (options.demo) {
+    seedDemoData();
+  }
+  if (options.retentionDays && options.retentionDays > 0) {
+    startRetentionSchedule(options.retentionDays);
+  }
+  initOtlpForwarder();
+  await registerIngestRoute(app);
+  await registerTraceRoutes(app);
+  await registerStatsRoute(app);
+  await registerSSERoute(app);
+  await registerSessionsRoute(app);
+  await registerDbInfoRoute(app);
+  await registerInsightsRoute(app);
+  await registerReplayRoute(app);
+  await registerOtlpExportRoute(app);
+  app.get("/health", async () => ({ status: "ok" }));
+  app.post("/v1/reset", async (request, reply) => {
+    const parsed = ResetSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Must send { confirm: true } to reset database" });
+    }
+    resetDb();
+    return reply.send({ status: "ok", message: "Data cleared" });
+  });
+  app.post("/v1/retention", async (request, reply) => {
+    const parsed = RetentionSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Validation failed", details: parsed.error.issues });
+    }
+    const deleted = enforceRetention(parsed.data.retentionDays);
+    return reply.send({
+      status: "ok",
+      retentionDays: parsed.data.retentionDays,
+      deletedSpans: deleted
+    });
+  });
+  let isShuttingDown = false;
+  const shutdown = async () => {
+    if (isShuttingDown) return;
+    isShuttingDown = true;
+    clearInterval(rateLimitCleanup);
+    await app.close();
+    closeDb();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  app.addHook("onClose", async () => {
+    process.off("SIGINT", shutdown);
+    process.off("SIGTERM", shutdown);
+  });
+  return { app, port, host };
+}
+async function startServer(options = {}) {
+  const { app, port, host } = await createServer(options);
+  const address = await app.listen({ port, host });
+  return address;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  closeDb,
+  createServer,
+  enforceRetention,
+  getDb,
+  getOtlpEndpoint,
+  resetDb,
+  seedDemoData,
+  startRetentionSchedule,
+  startServer
+});
+//# sourceMappingURL=index.js.map