@llmtap/collector 0.1.0

package/dist/index.mjs

@@ -0,0 +1,1664 @@
+// src/server.ts
+import Fastify from "fastify";
+import cors from "@fastify/cors";
+import fastifyStatic from "@fastify/static";
+import { z as z4 } from "zod";
+import { DEFAULT_COLLECTOR_PORT } from "@llmtap/shared";
+
+// src/db.ts
+import Database from "better-sqlite3";
+import path from "path";
+import os from "os";
+import fs from "fs";
+import { DB_DIR_NAME, DB_FILE_NAME } from "@llmtap/shared";
+var db = null;
+var retentionCheckInterval = null;
+var migrations = [
+  {
+    version: 1,
+    description: "Initial schema \u2014 spans table and indexes",
+    up(db2) {
+      db2.exec(`
+        CREATE TABLE IF NOT EXISTS spans (
+          spanId TEXT PRIMARY KEY,
+          traceId TEXT NOT NULL,
+          parentSpanId TEXT,
+          name TEXT NOT NULL,
+          operationName TEXT NOT NULL,
+          providerName TEXT NOT NULL,
+          startTime INTEGER NOT NULL,
+          endTime INTEGER,
+          duration INTEGER,
+          requestModel TEXT NOT NULL,
+          responseModel TEXT,
+          inputTokens INTEGER DEFAULT 0,
+          outputTokens INTEGER DEFAULT 0,
+          totalTokens INTEGER DEFAULT 0,
+          inputCost REAL DEFAULT 0,
+          outputCost REAL DEFAULT 0,
+          totalCost REAL DEFAULT 0,
+          temperature REAL,
+          maxTokens INTEGER,
+          topP REAL,
+          inputMessages TEXT,
+          outputMessages TEXT,
+          toolCalls TEXT,
+          status TEXT NOT NULL DEFAULT 'ok',
+          errorType TEXT,
+          errorMessage TEXT,
+          tags TEXT,
+          sessionId TEXT,
+          userId TEXT,
+          createdAt INTEGER DEFAULT (strftime('%s','now') * 1000)
+        );
+
+        CREATE INDEX IF NOT EXISTS idx_spans_traceId ON spans(traceId);
+        CREATE INDEX IF NOT EXISTS idx_spans_startTime ON spans(startTime);
+        CREATE INDEX IF NOT EXISTS idx_spans_providerName ON spans(providerName);
+        CREATE INDEX IF NOT EXISTS idx_spans_requestModel ON spans(requestModel);
+        CREATE INDEX IF NOT EXISTS idx_spans_status ON spans(status);
+      `);
+    }
+  },
+  {
+    version: 2,
+    description: "Add sessionId index for session queries",
+    up(db2) {
+      db2.exec(
+        `CREATE INDEX IF NOT EXISTS idx_spans_sessionId ON spans(sessionId);`
+      );
+    }
+  }
+];
+function ensureMigrationsTable(db2) {
+  db2.exec(`
+    CREATE TABLE IF NOT EXISTS _migrations (
+      version INTEGER PRIMARY KEY,
+      description TEXT NOT NULL,
+      appliedAt INTEGER NOT NULL DEFAULT (strftime('%s','now') * 1000)
+    );
+  `);
+}
+function getAppliedVersion(db2) {
+  const row = db2.prepare("SELECT MAX(version) as maxVer FROM _migrations").get();
+  return row.maxVer ?? 0;
+}
+function runMigrations(db2) {
+  ensureMigrationsTable(db2);
+  const currentVersion = getAppliedVersion(db2);
+  const insertMigration = db2.prepare(
+    "INSERT INTO _migrations (version, description) VALUES (@version, @description)"
+  );
+  const applyPending = db2.transaction(() => {
+    for (const migration of migrations) {
+      if (migration.version <= currentVersion) continue;
+      migration.up(db2);
+      insertMigration.run({
+        version: migration.version,
+        description: migration.description
+      });
+    }
+  });
+  applyPending();
+}
+function getDb() {
+  if (db) return db;
+  const dbDir = process.env.LLMTAP_DB_DIR ? path.resolve(process.env.LLMTAP_DB_DIR) : path.join(os.homedir(), DB_DIR_NAME);
+  if (!fs.existsSync(dbDir)) {
+    fs.mkdirSync(dbDir, { recursive: true });
+  }
+  const dbPath = process.env.LLMTAP_DB_PATH ? path.resolve(process.env.LLMTAP_DB_PATH) : path.join(dbDir, DB_FILE_NAME);
+  db = new Database(dbPath);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  db.pragma("busy_timeout = 5000");
+  runMigrations(db);
+  return db;
+}
+function closeDb() {
+  if (retentionCheckInterval) {
+    clearInterval(retentionCheckInterval);
+    retentionCheckInterval = null;
+  }
+  if (db) {
+    try {
+      db.pragma("wal_checkpoint(TRUNCATE)");
+    } catch {
+    }
+    db.close();
+    db = null;
+  }
+}
+function resetDb() {
+  const d = getDb();
+  d.exec("DELETE FROM spans");
+  d.exec("VACUUM");
+}
+function enforceRetention(retentionDays) {
+  if (retentionDays <= 0) return 0;
+  const d = getDb();
+  const cutoff = Date.now() - retentionDays * 24 * 60 * 60 * 1e3;
+  const result = d.prepare("DELETE FROM spans WHERE startTime < @cutoff").run({ cutoff });
+  if (result.changes > 0) {
+    d.exec("VACUUM");
+  }
+  return result.changes;
+}
+function startRetentionSchedule(retentionDays) {
+  if (retentionDays <= 0) return;
+  enforceRetention(retentionDays);
+  retentionCheckInterval = setInterval(
+    () => enforceRetention(retentionDays),
+    60 * 60 * 1e3
+  );
+  if (retentionCheckInterval.unref) {
+    retentionCheckInterval.unref();
+  }
+}
+
+// src/seed.ts
+function seedDemoData() {
+  const db2 = getDb();
+  const count = db2.prepare("SELECT COUNT(*) as c FROM spans").get();
+  if (count.c > 0) return;
+  const now = Date.now();
+  const hour = 36e5;
+  const traces = [
+    {
+      traceId: "tr_demo_chatbot_session_001",
+      name: "customer-support-chat",
+      spans: [
+        {
+          spanId: "sp_demo_001a",
+          name: "classify-intent",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o-mini",
+          responseModel: "gpt-4o-mini-2024-07-18",
+          inputTokens: 245,
+          outputTokens: 32,
+          totalTokens: 277,
+          inputCost: 368e-7,
+          outputCost: 192e-7,
+          totalCost: 56e-6,
+          status: "ok",
+          startOffset: -22 * hour,
+          duration: 420,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are an intent classifier. Classify the user message into: billing, technical, general, urgent." },
+            { role: "user", content: "I can't access my account and I have a deadline in 2 hours!" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "urgent" }
+          ]),
+          temperature: 0
+        },
+        {
+          spanId: "sp_demo_001b",
+          parentSpanId: "sp_demo_001a",
+          name: "generate-response",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o",
+          responseModel: "gpt-4o-2024-08-06",
+          inputTokens: 580,
+          outputTokens: 245,
+          totalTokens: 825,
+          inputCost: 145e-5,
+          outputCost: 245e-5,
+          totalCost: 39e-4,
+          status: "ok",
+          startOffset: -22 * hour + 450,
+          duration: 1800,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are a helpful customer support agent. The user has an urgent account access issue." },
+            { role: "user", content: "I can't access my account and I have a deadline in 2 hours!" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "I understand the urgency. Let me help you regain access to your account right away.\n\n1. First, try resetting your password at our recovery page\n2. If that doesn't work, I can verify your identity and unlock your account manually\n3. For your deadline, I can also temporarily extend any submission windows\n\nWhich would you like to try first?" }
+          ]),
+          temperature: 0.7
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_code_review_002",
+      name: "ai-code-review",
+      spans: [
+        {
+          spanId: "sp_demo_002a",
+          name: "analyze-diff",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 1850,
+          outputTokens: 620,
+          totalTokens: 2470,
+          inputCost: 555e-5,
+          outputCost: 93e-4,
+          totalCost: 0.01485,
+          status: "ok",
+          startOffset: -18 * hour,
+          duration: 3200,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are a senior code reviewer. Analyze pull requests for bugs, security issues, and best practices." },
+            { role: "user", content: "Review this PR diff:\n```diff\n+async function getUserData(userId) {\n+  const query = `SELECT * FROM users WHERE id = '${userId}'`;\n+  return db.query(query);\n+}\n```" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "**Critical: SQL Injection Vulnerability**\n\nThe code directly interpolates `userId` into the SQL query string, creating a SQL injection attack vector.\n\n**Fix:** Use parameterized queries:\n```javascript\nasync function getUserData(userId) {\n  return db.query('SELECT * FROM users WHERE id = $1', [userId]);\n}\n```\n\n**Additional recommendations:**\n- Add input validation for userId format\n- Consider selecting specific columns instead of `SELECT *`\n- Add TypeScript types for the return value" }
+          ]),
+          temperature: 0.3
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_rag_pipeline_003",
+      name: "rag-document-qa",
+      spans: [
+        {
+          spanId: "sp_demo_003a",
+          name: "embed-query",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o-mini",
+          responseModel: "gpt-4o-mini-2024-07-18",
+          inputTokens: 45,
+          outputTokens: 12,
+          totalTokens: 57,
+          inputCost: 68e-7,
+          outputCost: 72e-7,
+          totalCost: 14e-6,
+          status: "ok",
+          startOffset: -12 * hour,
+          duration: 180,
+          inputMessages: JSON.stringify([
+            { role: "user", content: "Rewrite as a search query: What are the company's Q3 revenue numbers?" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Q3 quarterly revenue financial results earnings" }
+          ]),
+          temperature: 0
+        },
+        {
+          spanId: "sp_demo_003b",
+          parentSpanId: "sp_demo_003a",
+          name: "synthesize-answer",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o",
+          responseModel: "gpt-4o-2024-08-06",
+          inputTokens: 2100,
+          outputTokens: 380,
+          totalTokens: 2480,
+          inputCost: 525e-5,
+          outputCost: 38e-4,
+          totalCost: 905e-5,
+          status: "ok",
+          startOffset: -12 * hour + 500,
+          duration: 2800,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Answer the user's question using only the provided context. Cite sources." },
+            { role: "user", content: "What are the company's Q3 revenue numbers?\n\nContext:\n[Doc 1] Q3 2024 Earnings Report: Total revenue reached $4.2B, up 32% YoY...\n[Doc 2] Segment breakdown: Cloud services $2.1B, Enterprise $1.4B, Consumer $0.7B..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Based on the Q3 2024 Earnings Report, the company's Q3 revenue numbers are:\n\n- **Total Revenue:** $4.2 billion (up 32% year-over-year) [Doc 1]\n- **Cloud Services:** $2.1 billion [Doc 2]\n- **Enterprise:** $1.4 billion [Doc 2]\n- **Consumer:** $0.7 billion [Doc 2]\n\nCloud services represents the largest segment at 50% of total revenue." }
+          ]),
+          temperature: 0.2
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_agent_tools_004",
+      name: "multi-step-agent",
+      spans: [
+        {
+          spanId: "sp_demo_004a",
+          name: "agent-planning",
+          operationName: "chat.completions.create",
+          providerName: "openai",
+          requestModel: "gpt-4o",
+          responseModel: "gpt-4o-2024-08-06",
+          inputTokens: 890,
+          outputTokens: 156,
+          totalTokens: 1046,
+          inputCost: 2225e-6,
+          outputCost: 156e-5,
+          totalCost: 3785e-6,
+          status: "ok",
+          startOffset: -8 * hour,
+          duration: 1200,
+          toolCalls: JSON.stringify([
+            { id: "call_abc123", name: "get_weather", arguments: '{"location": "San Francisco, CA"}', result: '{"temp": 62, "condition": "foggy", "humidity": 78}' },
+            { id: "call_def456", name: "get_calendar", arguments: '{"date": "today"}', result: '{"events": [{"time": "2pm", "title": "Team standup"}, {"time": "4pm", "title": "Design review"}]}' }
+          ]),
+          inputMessages: JSON.stringify([
+            { role: "system", content: "You are a personal assistant with access to weather and calendar tools." },
+            { role: "user", content: "What's my afternoon looking like? Should I bring an umbrella?" }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Here's your afternoon:\n\n**Schedule:**\n- 2:00 PM - Team standup\n- 4:00 PM - Design review\n\n**Weather:** 62\xB0F and foggy with 78% humidity. No rain expected, but a light jacket would be smart. No umbrella needed!" }
+          ]),
+          temperature: 0.5
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_error_005",
+      name: "content-moderation",
+      spans: [
+        {
+          spanId: "sp_demo_005a",
+          name: "moderate-content",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 320,
+          outputTokens: 0,
+          totalTokens: 320,
+          inputCost: 96e-5,
+          outputCost: 0,
+          totalCost: 96e-5,
+          status: "error",
+          errorType: "RateLimitError",
+          errorMessage: "Rate limit exceeded: Too many requests. Please retry after 30 seconds.",
+          startOffset: -4 * hour,
+          duration: 250,
+          inputMessages: JSON.stringify([
+            { role: "user", content: "Check this user-generated content for policy violations..." }
+          ]),
+          temperature: 0
+        }
+      ]
+    },
+    {
+      traceId: "tr_demo_summarize_006",
+      name: "document-summarizer",
+      spans: [
+        {
+          spanId: "sp_demo_006a",
+          name: "chunk-summarize-1",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 3200,
+          outputTokens: 450,
+          totalTokens: 3650,
+          inputCost: 96e-4,
+          outputCost: 675e-5,
+          totalCost: 0.01635,
+          status: "ok",
+          startOffset: -2 * hour,
+          duration: 2400,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Summarize the following document chunk concisely." },
+            { role: "user", content: "Chapter 1: The integration of large language models into enterprise workflows has fundamentally changed how organizations approach knowledge management..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "This chapter discusses how LLM adoption in enterprises has transformed knowledge management, shifting from static document repositories to dynamic, queryable knowledge systems. Key themes: reduced onboarding time (40% avg), improved cross-team knowledge sharing, and new challenges around data privacy and model governance." }
+          ]),
+          temperature: 0.3
+        },
+        {
+          spanId: "sp_demo_006b",
+          parentSpanId: "sp_demo_006a",
+          name: "chunk-summarize-2",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 2800,
+          outputTokens: 380,
+          totalTokens: 3180,
+          inputCost: 84e-4,
+          outputCost: 57e-4,
+          totalCost: 0.0141,
+          status: "ok",
+          startOffset: -2 * hour + 2500,
+          duration: 2100,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Summarize the following document chunk concisely." },
+            { role: "user", content: "Chapter 2: Implementation best practices for LLM-powered systems require careful consideration of prompt engineering, evaluation frameworks, and cost optimization strategies..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "Chapter 2 covers LLM implementation best practices: structured prompt templates, A/B evaluation frameworks comparing model outputs, and cost optimization through model routing (using smaller models for simple tasks). Recommends starting with a pilot program before enterprise-wide rollout." }
+          ]),
+          temperature: 0.3
+        },
+        {
+          spanId: "sp_demo_006c",
+          parentSpanId: "sp_demo_006a",
+          name: "final-synthesis",
+          operationName: "messages.create",
+          providerName: "anthropic",
+          requestModel: "claude-sonnet-4-20250514",
+          responseModel: "claude-sonnet-4-20250514",
+          inputTokens: 950,
+          outputTokens: 280,
+          totalTokens: 1230,
+          inputCost: 285e-5,
+          outputCost: 42e-4,
+          totalCost: 705e-5,
+          status: "ok",
+          startOffset: -2 * hour + 5e3,
+          duration: 1500,
+          inputMessages: JSON.stringify([
+            { role: "system", content: "Combine these chapter summaries into a cohesive executive summary." },
+            { role: "user", content: "[Summary 1] LLM adoption transforms enterprise knowledge management...\n[Summary 2] Implementation requires prompt engineering, evaluation, cost optimization..." }
+          ]),
+          outputMessages: JSON.stringify([
+            { role: "assistant", content: "**Executive Summary**\n\nEnterprise LLM adoption is transforming knowledge management from static repositories to dynamic, queryable systems, yielding 40% faster onboarding and improved cross-team collaboration. Successful implementation requires structured prompt templates, rigorous A/B evaluation, and intelligent cost optimization through model routing. Organizations should begin with pilot programs, prioritizing data privacy and model governance frameworks before scaling enterprise-wide." }
+          ]),
+          temperature: 0.4
+        }
+      ]
+    }
+  ];
+  const insertStmt = db2.prepare(`
+    INSERT INTO spans (
+      spanId, traceId, parentSpanId, name, operationName, providerName,
+      startTime, endTime, duration, requestModel, responseModel,
+      inputTokens, outputTokens, totalTokens, inputCost, outputCost, totalCost,
+      temperature, inputMessages, outputMessages, toolCalls,
+      status, errorType, errorMessage
+    ) VALUES (
+      @spanId, @traceId, @parentSpanId, @name, @operationName, @providerName,
+      @startTime, @endTime, @duration, @requestModel, @responseModel,
+      @inputTokens, @outputTokens, @totalTokens, @inputCost, @outputCost, @totalCost,
+      @temperature, @inputMessages, @outputMessages, @toolCalls,
+      @status, @errorType, @errorMessage
+    )
+  `);
+  const insertAll = db2.transaction(() => {
+    for (const trace of traces) {
+      for (const span of trace.spans) {
+        const startTime = now + span.startOffset;
+        const endTime = startTime + span.duration;
+        insertStmt.run({
+          spanId: span.spanId,
+          traceId: trace.traceId,
+          parentSpanId: span.parentSpanId ?? null,
+          name: span.name,
+          operationName: span.operationName,
+          providerName: span.providerName,
+          startTime,
+          endTime,
+          duration: span.duration,
+          requestModel: span.requestModel,
+          responseModel: span.responseModel,
+          inputTokens: span.inputTokens,
+          outputTokens: span.outputTokens,
+          totalTokens: span.totalTokens,
+          inputCost: span.inputCost,
+          outputCost: span.outputCost,
+          totalCost: span.totalCost,
+          temperature: span.temperature ?? null,
+          inputMessages: span.inputMessages ?? null,
+          outputMessages: span.outputMessages ?? null,
+          toolCalls: span.toolCalls ?? null,
+          status: span.status,
+          errorType: span.errorType ?? null,
+          errorMessage: span.errorMessage ?? null
+        });
+      }
+    }
+  });
+  insertAll();
+}
+
+// src/schemas.ts
+import { z } from "zod";
+var MAX_ID_LEN = 256;
+var MAX_SHORT_STRING = 512;
+var MAX_CONTENT_STRING = 1e5;
+var MAX_ERROR_MESSAGE = 1e4;
+var MAX_TOOL_ARGS = 2e5;
+var MessageSchema = z.object({
+  role: z.enum(["system", "user", "assistant", "tool"]),
+  content: z.string().max(MAX_CONTENT_STRING).nullable(),
+  name: z.string().max(MAX_SHORT_STRING).optional(),
+  toolCallId: z.string().max(MAX_ID_LEN).optional()
+});
+var ToolCallSchema = z.object({
+  id: z.string().max(MAX_ID_LEN),
+  name: z.string().max(MAX_SHORT_STRING),
+  arguments: z.string().max(MAX_TOOL_ARGS),
+  result: z.string().max(MAX_TOOL_ARGS).optional(),
+  duration: z.number().nonnegative().optional()
+});
+var SpanInputSchema = z.object({
+  spanId: z.string().min(1).max(MAX_ID_LEN),
+  traceId: z.string().min(1).max(MAX_ID_LEN),
+  parentSpanId: z.string().min(1).max(MAX_ID_LEN).optional(),
+  name: z.string().min(1).max(MAX_SHORT_STRING),
+  operationName: z.string().min(1).max(MAX_SHORT_STRING),
+  providerName: z.string().min(1).max(MAX_SHORT_STRING),
+  startTime: z.number().nonnegative(),
+  endTime: z.number().nonnegative().optional(),
+  duration: z.number().nonnegative().optional(),
+  requestModel: z.string().min(1).max(MAX_SHORT_STRING),
+  responseModel: z.string().max(MAX_SHORT_STRING).optional(),
+  inputTokens: z.number().int().nonnegative().optional(),
+  outputTokens: z.number().int().nonnegative().optional(),
+  totalTokens: z.number().int().nonnegative().optional(),
+  inputCost: z.number().nonnegative().optional(),
+  outputCost: z.number().nonnegative().optional(),
+  totalCost: z.number().nonnegative().optional(),
+  temperature: z.number().min(0).max(10).optional(),
+  maxTokens: z.number().int().nonnegative().optional(),
+  topP: z.number().min(0).max(1).optional(),
+  inputMessages: z.array(MessageSchema).max(500).optional(),
+  outputMessages: z.array(MessageSchema).max(500).optional(),
+  toolCalls: z.array(ToolCallSchema).max(200).optional(),
+  status: z.enum(["ok", "error"]),
+  errorType: z.string().max(MAX_SHORT_STRING).optional(),
+  errorMessage: z.string().max(MAX_ERROR_MESSAGE).optional(),
+  tags: z.record(z.string().max(MAX_SHORT_STRING)).optional(),
+  sessionId: z.string().max(MAX_ID_LEN).optional(),
+  userId: z.string().max(MAX_ID_LEN).optional()
+});
+var IngestRequestSchema = z.object({
+  spans: z.array(SpanInputSchema).min(1).max(500)
+});
+var TracesQuerySchema = z.object({
+  limit: z.coerce.number().int().min(1).max(200).default(50),
+  offset: z.coerce.number().int().min(0).default(0),
+  status: z.enum(["ok", "error"]).optional(),
+  provider: z.string().max(MAX_SHORT_STRING).optional(),
+  q: z.string().max(MAX_SHORT_STRING).optional(),
+  periodHours: z.coerce.number().int().min(1).max(8760).optional()
+  // max 1 year
+});
+var StatsQuerySchema = z.object({
+  period: z.coerce.number().int().min(1).max(8760).default(24)
+});
+var SessionsQuerySchema = z.object({
+  periodHours: z.coerce.number().int().min(1).max(8760).default(168),
+  limit: z.coerce.number().int().min(1).max(200).default(50),
+  offset: z.coerce.number().int().min(0).default(0)
+});
+
+// src/events.ts
+import { EventEmitter } from "events";
+var eventBus = new EventEmitter();
+eventBus.setMaxListeners(100);
+function emitSpanEvent(data) {
+  eventBus.emit("span", { type: "span", data });
+}
+function onSpanEvent(handler) {
+  eventBus.on("span", handler);
+  return () => eventBus.off("span", handler);
+}
+
+// src/otlp-forwarder.ts
+import { spansToOtlp } from "@llmtap/shared";
+var endpoint = null;
+var headers = {};
+var serviceName = "llmtap";
+var buffer = [];
+var flushTimer = null;
+var FLUSH_INTERVAL_MS = 2e3;
+var MAX_BATCH = 100;
+function initOtlpForwarder() {
+  const rawEndpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
+  if (!rawEndpoint) return false;
+  endpoint = rawEndpoint.replace(/\/+$/, "");
+  if (!endpoint.endsWith("/v1/traces")) {
+    endpoint += "/v1/traces";
+  }
+  const rawHeaders = process.env.OTEL_EXPORTER_OTLP_HEADERS;
+  if (rawHeaders) {
+    for (const pair of rawHeaders.split(",")) {
+      const eq = pair.indexOf("=");
+      if (eq > 0) {
+        headers[pair.slice(0, eq).trim()] = pair.slice(eq + 1).trim();
+      }
+    }
+  }
+  serviceName = process.env.OTEL_SERVICE_NAME ?? "llmtap";
+  return true;
+}
+function forwardSpans(spans) {
+  if (!endpoint) return;
+  buffer.push(...spans);
+  if (buffer.length >= MAX_BATCH) {
+    flushOtlpBuffer();
+    return;
+  }
+  if (!flushTimer) {
+    flushTimer = setTimeout(flushOtlpBuffer, FLUSH_INTERVAL_MS);
+  }
+}
+function flushOtlpBuffer() {
+  if (flushTimer) {
+    clearTimeout(flushTimer);
+    flushTimer = null;
+  }
+  if (!endpoint || buffer.length === 0) return;
+  const batch = buffer.splice(0, MAX_BATCH);
+  const otlp = spansToOtlp(batch, serviceName);
+  fetch(endpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...headers
+    },
+    body: JSON.stringify(otlp),
+    signal: AbortSignal.timeout(1e4)
+  }).catch(() => {
+  });
+  if (buffer.length > 0) {
+    flushTimer = setTimeout(flushOtlpBuffer, FLUSH_INTERVAL_MS);
+  }
+}
+function getOtlpEndpoint() {
+  return endpoint;
+}
+
+// src/routes/ingest.ts
+import { ROUTES } from "@llmtap/shared";
+async function registerIngestRoute(app) {
+  app.post(ROUTES.INGEST_SPANS, async (request, reply) => {
+    const parsed = IngestRequestSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({
+        error: "Validation failed",
+        details: parsed.error.issues
+      });
+    }
+    const db2 = getDb();
+    const insert = db2.prepare(`
+      INSERT OR REPLACE INTO spans (
+        spanId, traceId, parentSpanId, name, operationName, providerName,
+        startTime, endTime, duration, requestModel, responseModel,
+        inputTokens, outputTokens, totalTokens,
+        inputCost, outputCost, totalCost,
+        temperature, maxTokens, topP,
+        inputMessages, outputMessages, toolCalls,
+        status, errorType, errorMessage,
+        tags, sessionId, userId
+      ) VALUES (
+        @spanId, @traceId, @parentSpanId, @name, @operationName, @providerName,
+        @startTime, @endTime, @duration, @requestModel, @responseModel,
+        @inputTokens, @outputTokens, @totalTokens,
+        @inputCost, @outputCost, @totalCost,
+        @temperature, @maxTokens, @topP,
+        @inputMessages, @outputMessages, @toolCalls,
+        @status, @errorType, @errorMessage,
+        @tags, @sessionId, @userId
+      )
+    `);
+    const insertMany = db2.transaction((spans) => {
+      for (const span of spans) {
+        insert.run({
+          spanId: span.spanId,
+          traceId: span.traceId,
+          parentSpanId: span.parentSpanId ?? null,
+          name: span.name,
+          operationName: span.operationName,
+          providerName: span.providerName,
+          startTime: span.startTime,
+          endTime: span.endTime ?? null,
+          duration: span.duration ?? null,
+          requestModel: span.requestModel,
+          responseModel: span.responseModel ?? null,
+          inputTokens: span.inputTokens ?? 0,
+          outputTokens: span.outputTokens ?? 0,
+          totalTokens: span.totalTokens ?? 0,
+          inputCost: span.inputCost ?? 0,
+          outputCost: span.outputCost ?? 0,
+          totalCost: span.totalCost ?? 0,
+          temperature: span.temperature ?? null,
+          maxTokens: span.maxTokens ?? null,
+          topP: span.topP ?? null,
+          inputMessages: span.inputMessages ? JSON.stringify(span.inputMessages) : null,
+          outputMessages: span.outputMessages ? JSON.stringify(span.outputMessages) : null,
+          toolCalls: span.toolCalls ? JSON.stringify(span.toolCalls) : null,
+          status: span.status,
+          errorType: span.errorType ?? null,
+          errorMessage: span.errorMessage ?? null,
+          tags: span.tags ? JSON.stringify(span.tags) : null,
+          sessionId: span.sessionId ?? null,
+          userId: span.userId ?? null
+        });
+      }
+    });
+    insertMany(parsed.data.spans);
+    for (const span of parsed.data.spans) {
+      emitSpanEvent(span);
+    }
+    forwardSpans(parsed.data.spans);
+    return reply.status(200).send({
+      accepted: parsed.data.spans.length
+    });
+  });
+}
+
+// src/routes/traces.ts
+import { ROUTES as ROUTES2 } from "@llmtap/shared";
+function safeJsonParse(val) {
+  if (!val) return void 0;
+  try {
+    return JSON.parse(val);
+  } catch {
+    return void 0;
+  }
+}
+function parseSpanRow(row) {
+  return {
+    ...row,
+    inputMessages: safeJsonParse(row.inputMessages),
+    outputMessages: safeJsonParse(row.outputMessages),
+    toolCalls: safeJsonParse(row.toolCalls),
+    tags: safeJsonParse(row.tags),
+    parentSpanId: row.parentSpanId ?? void 0,
+    responseModel: row.responseModel ?? void 0,
+    endTime: row.endTime ?? void 0,
+    duration: row.duration ?? void 0,
+    temperature: row.temperature ?? void 0,
+    maxTokens: row.maxTokens ?? void 0,
+    topP: row.topP ?? void 0,
+    errorType: row.errorType ?? void 0,
+    errorMessage: row.errorMessage ?? void 0,
+    sessionId: row.sessionId ?? void 0,
+    userId: row.userId ?? void 0
+  };
+}
+async function registerTraceRoutes(app) {
+  app.get(ROUTES2.LIST_TRACES, async (request, reply) => {
+    const parsed = TracesQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Invalid query parameters", details: parsed.error.flatten() });
+    }
+    const { limit, offset, status, provider, q, periodHours } = parsed.data;
+    const db2 = getDb();
+    const whereConditions = [];
+    const havingConditions = [];
+    const params = { limit, offset };
+    if (status) {
+      havingConditions.push("status = @status");
+      params.status = status;
+    }
+    if (provider) {
+      whereConditions.push("providerName = @provider");
+      params.provider = provider;
+    }
+    if (q) {
+      const escaped = q.replace(/[%_]/g, "\\$&");
+      whereConditions.push(`
+        (
+          name LIKE @search ESCAPE '\\' OR
+          providerName LIKE @search ESCAPE '\\' OR
+          requestModel LIKE @search ESCAPE '\\' OR
+          COALESCE(responseModel, '') LIKE @search ESCAPE '\\' OR
+          COALESCE(errorMessage, '') LIKE @search ESCAPE '\\' OR
+          COALESCE(inputMessages, '') LIKE @search ESCAPE '\\' OR
+          COALESCE(outputMessages, '') LIKE @search ESCAPE '\\'
+        )
+      `);
+      params.search = `%${escaped}%`;
+    }
+    if (periodHours) {
+      whereConditions.push("startTime >= @since");
+      params.since = Date.now() - periodHours * 60 * 60 * 1e3;
+    }
+    const whereClause = whereConditions.length > 0 ? `WHERE ${whereConditions.join(" AND ")}` : "";
+    const havingClause = havingConditions.length > 0 ? `HAVING ${havingConditions.join(" AND ")}` : "";
+    const rows = db2.prepare(
+      `
+      SELECT
+        traceId,
+        MIN(name) as name,
+        MIN(startTime) as startTime,
+        MAX(endTime) as endTime,
+        CASE WHEN SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) > 0
+             THEN 'error' ELSE 'ok' END as status,
+        COUNT(*) as spanCount,
+        SUM(totalTokens) as totalTokens,
+        SUM(totalCost) as totalCost,
+        MAX(endTime) - MIN(startTime) as totalDuration
+      FROM spans
+      ${whereClause}
+      GROUP BY traceId
+      ${havingClause}
+      ORDER BY startTime DESC
+      LIMIT @limit OFFSET @offset
+    `
+    ).all(params);
+    const totalRow = db2.prepare(
+      `
+      SELECT COUNT(*) as total
+      FROM (
+        SELECT traceId
+        FROM spans
+        ${whereClause}
+        GROUP BY traceId
+        ${havingClause}
+      ) grouped_traces
+    `
+    ).get(params);
+    return reply.send({
+      traces: rows.map((r) => ({
+        ...r,
+        endTime: r.endTime ?? void 0,
+        totalDuration: r.totalDuration ?? void 0
+      })),
+      total: totalRow.total
+    });
+  });
+  app.get("/v1/traces/:traceId/spans", async (request, reply) => {
+    const { traceId } = request.params;
+    const db2 = getDb();
+    const rows = db2.prepare(
+      `SELECT * FROM spans WHERE traceId = @traceId ORDER BY startTime ASC`
+    ).all({ traceId });
+    return reply.send({
+      spans: rows.map(parseSpanRow)
+    });
+  });
+}
+
+// src/routes/stats.ts
+import { ROUTES as ROUTES3 } from "@llmtap/shared";
+async function registerStatsRoute(app) {
+  app.get(ROUTES3.GET_STATS, async (request, reply) => {
+    const parsed = StatsQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Invalid query parameters", details: parsed.error.flatten() });
+    }
+    const periodHours = parsed.data.period;
+    const since = Date.now() - periodHours * 60 * 60 * 1e3;
+    const db2 = getDb();
+    const stats = db2.prepare(
+      `
+      SELECT
+        COUNT(DISTINCT traceId) as totalTraces,
+        COUNT(*) as totalSpans,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        COALESCE(AVG(duration), 0) as avgDuration,
+        SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) as errorCount
+      FROM spans
+      WHERE startTime >= @since
+    `
+    ).get({ since });
+    const byProvider = db2.prepare(
+      `
+      SELECT
+        providerName as provider,
+        COUNT(*) as spanCount,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        COALESCE(AVG(duration), 0) as avgDuration
+      FROM spans
+      WHERE startTime >= @since
+      GROUP BY providerName
+      ORDER BY totalCost DESC
+    `
+    ).all({ since });
+    const byModel = db2.prepare(
+      `
+      SELECT
+        requestModel as model,
+        providerName as provider,
+        COUNT(*) as spanCount,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        COALESCE(AVG(duration), 0) as avgDuration
+      FROM spans
+      WHERE startTime >= @since
+      GROUP BY requestModel, providerName
+      ORDER BY totalCost DESC
+    `
+    ).all({ since });
+    const costOverTime = db2.prepare(
+      `
+      SELECT
+        (startTime / 3600000) * 3600000 as bucket,
+        COALESCE(SUM(totalCost), 0) as cost,
+        COALESCE(SUM(totalTokens), 0) as tokens,
+        COUNT(*) as spans
+      FROM spans
+      WHERE startTime >= @since
+      GROUP BY bucket
+      ORDER BY bucket ASC
+    `
+    ).all({ since });
+    return reply.send({
+      period: `${periodHours}h`,
+      ...stats,
+      errorRate: stats.totalSpans > 0 ? stats.errorCount / stats.totalSpans : 0,
+      byProvider,
+      byModel,
+      costOverTime: costOverTime.map((r) => ({
+        timestamp: r.bucket,
+        cost: r.cost,
+        tokens: r.tokens,
+        spans: r.spans
+      }))
+    });
+  });
+}
+
+// src/routes/sse.ts
+import { ROUTES as ROUTES4 } from "@llmtap/shared";
+var MAX_SSE_CONNECTIONS = 50;
+var sseConnectionCount = 0;
+async function registerSSERoute(app) {
+  app.get(ROUTES4.SSE_STREAM, async (request, reply) => {
+    if (sseConnectionCount >= MAX_SSE_CONNECTIONS) {
+      return reply.status(503).send({ error: "Too many SSE connections" });
+    }
+    sseConnectionCount++;
+    reply.raw.writeHead(200, {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      Connection: "keep-alive"
+    });
+    reply.raw.write("event: connected\ndata: {}\n\n");
+    const heartbeat = setInterval(() => {
+      reply.raw.write(":heartbeat\n\n");
+    }, 15e3);
+    const unsubscribe = onSpanEvent((event) => {
+      reply.raw.write(
+        `event: ${event.type}
+data: ${JSON.stringify(event.data)}
+
+`
+      );
+    });
+    request.raw.on("close", () => {
+      sseConnectionCount--;
+      clearInterval(heartbeat);
+      unsubscribe();
+    });
+  });
+}
+
+// src/routes/sessions.ts
+import { ROUTES as ROUTES5 } from "@llmtap/shared";
+async function registerSessionsRoute(app) {
+  app.get(ROUTES5.GET_SESSIONS, async (request, reply) => {
+    const parsed = SessionsQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Invalid query parameters", details: parsed.error.flatten() });
+    }
+    const { periodHours, limit, offset } = parsed.data;
+    const since = Date.now() - periodHours * 60 * 60 * 1e3;
+    const db2 = getDb();
+    const rows = db2.prepare(
+      `
+      SELECT
+        sessionId,
+        COUNT(DISTINCT traceId) as traceCount,
+        COUNT(*) as spanCount,
+        COALESCE(SUM(totalTokens), 0) as totalTokens,
+        COALESCE(SUM(totalCost), 0) as totalCost,
+        MIN(startTime) as firstSeen,
+        MAX(startTime) as lastSeen,
+        SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) as errorCount
+      FROM spans
+      WHERE sessionId IS NOT NULL AND sessionId != '' AND startTime >= @since
+      GROUP BY sessionId
+      ORDER BY lastSeen DESC
+      LIMIT @limit OFFSET @offset
+    `
+    ).all({ since, limit, offset });
+    const totalRow = db2.prepare(
+      `
+      SELECT COUNT(DISTINCT sessionId) as total
+      FROM spans
+      WHERE sessionId IS NOT NULL AND sessionId != '' AND startTime >= @since
+    `
+    ).get({ since });
+    return reply.send({ sessions: rows, total: totalRow.total });
+  });
+}
+
+// src/routes/db-info.ts
+import path2 from "path";
+import fs2 from "fs";
+import os2 from "os";
+import { DB_DIR_NAME as DB_DIR_NAME2, DB_FILE_NAME as DB_FILE_NAME2, ROUTES as ROUTES6 } from "@llmtap/shared";
+async function registerDbInfoRoute(app) {
+  app.get(ROUTES6.GET_DB_INFO, async (_request, reply) => {
+    const db2 = getDb();
+    const dbDir = process.env.LLMTAP_DB_DIR ? path2.resolve(process.env.LLMTAP_DB_DIR) : path2.join(os2.homedir(), DB_DIR_NAME2);
+    const dbPath = process.env.LLMTAP_DB_PATH ? path2.resolve(process.env.LLMTAP_DB_PATH) : path2.join(dbDir, DB_FILE_NAME2);
+    let sizeBytes = 0;
+    try {
+      const stat = fs2.statSync(dbPath);
+      sizeBytes = stat.size;
+    } catch {
+    }
+    const spanCount = db2.prepare("SELECT COUNT(*) as count FROM spans").get().count;
+    const traceCount = db2.prepare("SELECT COUNT(DISTINCT traceId) as count FROM spans").get().count;
+    const oldestSpan = db2.prepare("SELECT MIN(startTime) as oldest FROM spans").get().oldest;
+    const newestSpan = db2.prepare("SELECT MAX(startTime) as newest FROM spans").get().newest;
+    return reply.send({
+      path: dbPath,
+      sizeBytes,
+      spanCount,
+      traceCount,
+      oldestSpan,
+      newestSpan,
+      walMode: db2.pragma("journal_mode")[0]?.journal_mode
+    });
+  });
+}
+
+// src/routes/insights.ts
+var insightsCache = null;
+var INSIGHTS_CACHE_TTL_MS = 3e4;
+async function registerInsightsRoute(app) {
+  app.get("/v1/insights", async (_request, reply) => {
+    const now = Date.now();
+    if (insightsCache && now - insightsCache.timestamp < INSIGHTS_CACHE_TTL_MS) {
+      return reply.send(insightsCache.data);
+    }
+    const db2 = getDb();
+    const insights = [];
+    const since24h = Date.now() - 24 * 60 * 60 * 1e3;
+    const since7d = Date.now() - 7 * 24 * 60 * 60 * 1e3;
+    try {
+      const anomalies = db2.prepare(
+        `
+          WITH avg_cost AS (
+            SELECT AVG(trace_cost) as avgCost
+            FROM (
+              SELECT traceId, SUM(totalCost) as trace_cost
+              FROM spans
+              WHERE startTime >= @since
+              GROUP BY traceId
+            )
+          )
+          SELECT
+            s.traceId,
+            MIN(s.name) as name,
+            SUM(s.totalCost) as totalCost,
+            (SELECT avgCost FROM avg_cost) as avgCost
+          FROM spans s
+          WHERE s.startTime >= @since
+          GROUP BY s.traceId
+          HAVING totalCost > (SELECT avgCost FROM avg_cost) * 5 AND totalCost > 0.01
+          ORDER BY totalCost DESC
+          LIMIT 3
+        `
+      ).all({ since: since24h });
+      for (const a of anomalies) {
+        const multiplier = a.avgCost > 0 ? Math.round(a.totalCost / a.avgCost) : 0;
+        insights.push({
+          id: `cost_anomaly_${a.traceId}`,
+          type: "cost_anomaly",
+          severity: multiplier > 20 ? "critical" : "warning",
+          title: `High cost trace detected`,
+          description: `"${a.name}" cost $${a.totalCost.toFixed(4)} \u2014 ${multiplier}x your average trace cost of $${a.avgCost.toFixed(4)}.`,
+          metric: `${multiplier}x avg`
+        });
+      }
+    } catch {
+    }
+    try {
+      const errors = db2.prepare(
+        `
+          SELECT
+            COALESCE(errorType, 'Unknown') as errorType,
+            COUNT(*) as errorCount,
+            MAX(startTime) as latestTime
+          FROM spans
+          WHERE status = 'error' AND startTime >= @since
+          GROUP BY errorType
+          HAVING errorCount >= 3
+          ORDER BY errorCount DESC
+          LIMIT 3
+        `
+      ).all({ since: since7d });
+      for (const e of errors) {
+        insights.push({
+          id: `error_pattern_${e.errorType}`,
+          type: "error_pattern",
+          severity: e.errorCount > 20 ? "critical" : "warning",
+          title: `Recurring errors: ${e.errorType}`,
+          description: `${e.errorCount} "${e.errorType}" errors in the last 7 days.`,
+          metric: `${e.errorCount} errors`
+        });
+      }
+    } catch {
+    }
+    try {
+      const usage = db2.prepare(
+        `
+          SELECT
+            requestModel as model,
+            providerName as provider,
+            COUNT(*) as spanCount,
+            AVG(totalTokens) as avgTokens,
+            SUM(totalCost) as totalCost,
+            AVG(totalCost) as avgCost
+          FROM spans
+          WHERE startTime >= @since AND status = 'ok'
+          GROUP BY requestModel, providerName
+          ORDER BY totalCost DESC
+        `
+      ).all({ since: since7d });
+      for (const u of usage) {
+        const isExpensive = u.model.includes("gpt-4o") && !u.model.includes("mini") || u.model.includes("gpt-4-") || u.model.includes("claude-3-opus") || u.model.includes("claude-opus") || u.model.includes("claude-4") && !u.model.includes("haiku");
+        const isLowToken = u.avgTokens < 500;
+        if (isExpensive && isLowToken && u.spanCount >= 5 && u.totalCost > 0.05) {
+          insights.push({
+            id: `model_rec_${u.model}`,
+            type: "model_recommendation",
+            severity: "info",
+            title: `Consider a lighter model for "${u.model}"`,
+            description: `${u.spanCount} calls averaging ${Math.round(u.avgTokens)} tokens \u2014 a smaller model could save ~$${(u.totalCost * 0.7).toFixed(2)}.`,
+            metric: `$${u.totalCost.toFixed(2)} spent`
+          });
+        }
+      }
+    } catch {
+    }
+    try {
+      const wasteRows = db2.prepare(
+        `
+          SELECT
+            name,
+            requestModel as model,
+            AVG(inputTokens) as avgInputTokens,
+            AVG(outputTokens) as avgOutputTokens,
+            COUNT(*) as spanCount,
+            CASE WHEN AVG(outputTokens) > 0
+              THEN CAST(AVG(inputTokens) AS REAL) / AVG(outputTokens)
+              ELSE 0
+            END as inputRatio
+          FROM spans
+          WHERE startTime >= @since AND status = 'ok' AND inputTokens > 0
+          GROUP BY name, requestModel
+          HAVING inputRatio > 10 AND avgInputTokens > 1000 AND spanCount >= 3
+          ORDER BY inputRatio DESC
+          LIMIT 3
+        `
+      ).all({ since: since7d });
+      for (const w of wasteRows) {
+        insights.push({
+          id: `token_waste_${w.name}_${w.model}`,
+          type: "token_waste",
+          severity: "info",
+          title: `High input-to-output token ratio`,
+          description: `"${w.name}" uses ~${Math.round(w.avgInputTokens)} input tokens to generate ~${Math.round(w.avgOutputTokens)} output tokens (${Math.round(w.inputRatio)}:1 ratio). Consider compressing the system prompt.`,
+          metric: `${Math.round(w.inputRatio)}:1 ratio`
+        });
+      }
+    } catch {
+    }
+    const result = { insights };
+    insightsCache = { data: result, timestamp: Date.now() };
+    return reply.send(result);
+  });
+}
+
+// src/routes/replay.ts
+import { z as z2 } from "zod";
+var ReplaySchema = z2.object({
+  spanId: z2.string().min(1).max(256),
+  apiKey: z2.string().min(1).max(512)
+});
+async function registerReplayRoute(app) {
+  app.post("/v1/replay", async (request, reply) => {
+    const parsed = ReplaySchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({
+        error: "Validation failed",
+        details: parsed.error.issues
+      });
+    }
+    const { spanId, apiKey } = parsed.data;
+    const db2 = getDb();
+    const span = db2.prepare(
+      `SELECT providerName, requestModel, inputMessages, temperature, maxTokens, topP
+         FROM spans WHERE spanId = ?`
+    ).get(spanId);
+    if (!span) {
+      return reply.status(404).send({ error: "Span not found" });
+    }
+    if (!span.inputMessages) {
+      return reply.status(400).send({
+        error: "Span has no input messages to replay"
+      });
+    }
+    let messages;
+    try {
+      messages = JSON.parse(span.inputMessages);
+    } catch {
+      return reply.status(400).send({ error: "Failed to parse input messages" });
+    }
+    const startTime = Date.now();
+    try {
+      if (span.providerName === "anthropic") {
+        const result2 = await replayAnthropic(
+          apiKey,
+          span.requestModel,
+          messages,
+          span.temperature,
+          span.maxTokens
+        );
+        return reply.send({
+          ...result2,
+          duration: Date.now() - startTime,
+          provider: "anthropic",
+          model: span.requestModel
+        });
+      }
+      const result = await replayOpenAI(
+        apiKey,
+        span.requestModel,
+        messages,
+        span.temperature,
+        span.maxTokens,
+        span.topP,
+        span.providerName
+      );
+      return reply.send({
+        ...result,
+        duration: Date.now() - startTime,
+        provider: span.providerName,
+        model: span.requestModel
+      });
+    } catch (err) {
+      return reply.status(502).send({
+        error: "Replay failed",
+        message: err instanceof Error ? err.message : String(err),
+        duration: Date.now() - startTime
+      });
+    }
+  });
+}
+async function replayOpenAI(apiKey, model, messages, temperature, maxTokens, topP, provider) {
+  const baseUrls = {
+    openai: "https://api.openai.com/v1",
+    deepseek: "https://api.deepseek.com/v1",
+    groq: "https://api.groq.com/openai/v1",
+    together: "https://api.together.xyz/v1",
+    fireworks: "https://api.fireworks.ai/inference/v1",
+    openrouter: "https://openrouter.ai/api/v1",
+    xai: "https://api.x.ai/v1"
+  };
+  const baseUrl = baseUrls[provider] ?? baseUrls.openai;
+  const reqBody = { model, messages };
+  if (temperature !== null) reqBody.temperature = temperature;
+  if (maxTokens !== null) reqBody.max_tokens = maxTokens;
+  if (topP !== null) reqBody.top_p = topP;
+  const res = await fetch(`${baseUrl}/chat/completions`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${apiKey}`
+    },
+    body: JSON.stringify(reqBody),
+    signal: AbortSignal.timeout(6e4)
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`API returned HTTP ${res.status}: ${text.slice(0, 500)}`);
+  }
+  const data = await res.json();
+  const choice = data.choices?.[0];
+  return {
+    content: choice?.message?.content ?? "",
+    inputTokens: data.usage?.prompt_tokens ?? 0,
+    outputTokens: data.usage?.completion_tokens ?? 0,
+    totalTokens: data.usage?.total_tokens ?? 0,
+    responseModel: data.model ?? model
+  };
+}
+async function replayAnthropic(apiKey, model, rawMessages, temperature, maxTokens) {
+  const messages = rawMessages;
+  const systemMsg = messages.find((m) => m.role === "system");
+  const nonSystemMessages = messages.filter((m) => m.role !== "system");
+  const reqBody = {
+    model,
+    messages: nonSystemMessages,
+    max_tokens: maxTokens ?? 4096
+  };
+  if (systemMsg) reqBody.system = systemMsg.content;
+  if (temperature !== null) reqBody.temperature = temperature;
+  const res = await fetch("https://api.anthropic.com/v1/messages", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": apiKey,
+      "anthropic-version": "2023-06-01"
+    },
+    body: JSON.stringify(reqBody),
+    signal: AbortSignal.timeout(6e4)
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`API returned HTTP ${res.status}: ${text.slice(0, 500)}`);
+  }
+  const data = await res.json();
+  const textContent = data.content?.filter((c) => c.type === "text").map((c) => c.text).join("") ?? "";
+  const inputTokens = data.usage?.input_tokens ?? 0;
+  const outputTokens = data.usage?.output_tokens ?? 0;
+  return {
+    content: textContent,
+    inputTokens,
+    outputTokens,
+    totalTokens: inputTokens + outputTokens,
+    responseModel: data.model ?? model
+  };
+}
+
+// src/routes/otlp.ts
+import { z as z3 } from "zod";
+import { spansToOtlp as spansToOtlp2 } from "@llmtap/shared";
+function safeParse(val) {
+  if (!val) return void 0;
+  try {
+    return JSON.parse(val);
+  } catch {
+    return void 0;
+  }
+}
+function rowToSpan(row) {
+  return {
+    spanId: row.spanId,
+    traceId: row.traceId,
+    parentSpanId: row.parentSpanId ?? void 0,
+    name: row.name,
+    operationName: row.operationName,
+    providerName: row.providerName,
+    startTime: row.startTime,
+    endTime: row.endTime ?? void 0,
+    duration: row.duration ?? void 0,
+    requestModel: row.requestModel,
+    responseModel: row.responseModel ?? void 0,
+    inputTokens: row.inputTokens,
+    outputTokens: row.outputTokens,
+    totalTokens: row.totalTokens,
+    inputCost: row.inputCost,
+    outputCost: row.outputCost,
+    totalCost: row.totalCost,
+    temperature: row.temperature ?? void 0,
+    maxTokens: row.maxTokens ?? void 0,
+    topP: row.topP ?? void 0,
+    inputMessages: safeParse(row.inputMessages),
+    outputMessages: safeParse(row.outputMessages),
+    toolCalls: safeParse(row.toolCalls),
+    status: row.status,
+    errorType: row.errorType ?? void 0,
+    errorMessage: row.errorMessage ?? void 0,
+    tags: safeParse(row.tags),
+    sessionId: row.sessionId ?? void 0,
+    userId: row.userId ?? void 0
+  };
+}
+var BLOCKED_HEADERS = /* @__PURE__ */ new Set([
+  "host",
+  "content-length",
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "proxy-authorization",
+  "te",
+  "trailer"
+]);
+function sanitizeHeaders(userHeaders) {
+  const result = { "Content-Type": "application/json" };
+  if (!userHeaders) return result;
+  for (const [key, value] of Object.entries(userHeaders)) {
+    if (typeof key === "string" && typeof value === "string" && !BLOCKED_HEADERS.has(key.toLowerCase())) {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+var OtlpExportQuerySchema = z3.object({
+  limit: z3.coerce.number().int().min(1).max(5e3).default(1e3),
+  periodHours: z3.coerce.number().int().min(0).max(8760).default(0),
+  traceId: z3.string().max(256).optional(),
+  service: z3.string().max(256).default("llmtap")
+});
+var OtlpForwardSchema = z3.object({
+  endpoint: z3.string().min(1).max(2048).url().refine(
+    (url) => {
+      try {
+        const parsed = new URL(url);
+        return parsed.protocol === "http:" || parsed.protocol === "https:";
+      } catch {
+        return false;
+      }
+    },
+    { message: "endpoint must use http or https protocol" }
+  ),
+  headers: z3.record(z3.string().max(4096)).optional(),
+  limit: z3.number().int().min(1).max(5e3).optional(),
+  periodHours: z3.number().int().min(0).max(8760).optional(),
+  service: z3.string().max(256).optional()
+});
+async function registerOtlpExportRoute(app) {
+  app.get("/v1/export/otlp", async (request, reply) => {
+    const parsed = OtlpExportQuerySchema.safeParse(request.query);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Validation failed", details: parsed.error.issues });
+    }
+    const { limit, periodHours, traceId, service: serviceName2 } = parsed.data;
+    const db2 = getDb();
+    const conditions = [];
+    const params = [];
+    if (periodHours > 0) {
+      conditions.push("startTime >= ?");
+      params.push(Date.now() - periodHours * 36e5);
+    }
+    if (traceId) {
+      conditions.push("traceId = ?");
+      params.push(traceId);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    params.push(limit);
+    const rows = db2.prepare(`SELECT * FROM spans ${where} ORDER BY startTime DESC LIMIT ?`).all(...params);
+    const spans = rows.map(rowToSpan);
+    const otlp = spansToOtlp2(spans, serviceName2);
+    return reply.header("Content-Type", "application/json").send(otlp);
+  });
+  app.post("/v1/export/otlp/forward", async (request, reply) => {
+    const parsed = OtlpForwardSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Validation failed", details: parsed.error.issues });
+    }
+    const body = parsed.data;
+    const limit = body.limit ?? 1e3;
+    const periodHours = body.periodHours ?? 0;
+    const serviceName2 = body.service ?? "llmtap";
+    const db2 = getDb();
+    const conditions = [];
+    const params = [];
+    if (periodHours > 0) {
+      conditions.push("startTime >= ?");
+      params.push(Date.now() - periodHours * 36e5);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    params.push(limit);
+    const rows = db2.prepare(`SELECT * FROM spans ${where} ORDER BY startTime DESC LIMIT ?`).all(...params);
+    const spans = rows.map(rowToSpan);
+    const otlp = spansToOtlp2(spans, serviceName2);
+    try {
+      const res = await fetch(body.endpoint, {
+        method: "POST",
+        headers: sanitizeHeaders(body.headers),
+        body: JSON.stringify(otlp),
+        signal: AbortSignal.timeout(3e4)
+      });
+      if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        return reply.status(502).send({
+          error: "OTLP endpoint returned error",
+          status: res.status,
+          body: text.slice(0, 500)
+        });
+      }
+      return reply.send({
+        status: "ok",
+        spanCount: spans.length,
+        endpoint: body.endpoint
+      });
+    } catch (err) {
+      return reply.status(502).send({
+        error: "Failed to reach OTLP endpoint",
+        message: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+}
+
+// src/server.ts
+var rateLimitConfigs = {
+  "POST:/v1/spans": { max: 300, windowMs: 6e4 },
+  "POST:/v1/reset": { max: 5, windowMs: 6e4 },
+  "POST:/v1/replay": { max: 30, windowMs: 6e4 },
+  "POST:/v1/retention": { max: 10, windowMs: 6e4 },
+  "POST:/v1/export/otlp/forward": { max: 20, windowMs: 6e4 },
+  "GET:/v1/insights": { max: 60, windowMs: 6e4 },
+  "GET:/v1/export/otlp": { max: 30, windowMs: 6e4 }
+};
+var rateLimitByIP = /* @__PURE__ */ new Map();
+var RetentionSchema = z4.object({
+  retentionDays: z4.number().min(0).max(3650)
+});
+var ResetSchema = z4.object({
+  confirm: z4.literal(true)
+});
+async function createServer(options = {}) {
+  const port = options.port ?? DEFAULT_COLLECTOR_PORT;
+  const host = options.host ?? "127.0.0.1";
+  const app = Fastify({
+    logger: !options.quiet ? {
+      transport: {
+        target: "pino-pretty",
+        options: { translateTime: "HH:MM:ss", ignore: "pid,hostname" }
+      }
+    } : false,
+    // Limit request body to 2MB to prevent abuse
+    bodyLimit: 2 * 1024 * 1024
+  });
+  await app.register(cors, {
+    origin: (origin, cb) => {
+      if (!origin || /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/.test(origin)) {
+        cb(null, true);
+      } else {
+        cb(new Error("Not allowed by CORS"), false);
+      }
+    },
+    methods: ["GET", "POST", "OPTIONS"]
+  });
+  app.addHook("onRequest", async (request, reply) => {
+    const pathname = request.url.split("?")[0].replace(/\/+$/, "");
+    const key = `${request.method}:${pathname}`;
+    const cfg = rateLimitConfigs[key];
+    if (!cfg) return;
+    const ip = request.ip;
+    const ipKey = `${ip}:${key}`;
+    const now = Date.now();
+    let state = rateLimitByIP.get(ipKey);
+    if (!state || now - state.windowStart > cfg.windowMs) {
+      state = { count: 0, windowStart: now };
+      rateLimitByIP.set(ipKey, state);
+    }
+    state.count++;
+    if (state.count > cfg.max) {
+      return reply.status(429).send({
+        error: "Rate limit exceeded",
+        retryAfterMs: cfg.windowMs - (now - state.windowStart)
+      });
+    }
+  });
+  const rateLimitCleanup = setInterval(() => {
+    const now = Date.now();
+    for (const [k, v] of rateLimitByIP) {
+      if (now - v.windowStart > 12e4) rateLimitByIP.delete(k);
+    }
+  }, 6e4);
+  rateLimitCleanup.unref();
+  if (options.dashboardPath) {
+    await app.register(fastifyStatic, {
+      root: options.dashboardPath,
+      prefix: "/",
+      wildcard: true
+    });
+    app.setNotFoundHandler(async (_request, reply) => {
+      return reply.sendFile("index.html");
+    });
+  }
+  getDb();
+  if (options.demo) {
+    seedDemoData();
+  }
+  if (options.retentionDays && options.retentionDays > 0) {
+    startRetentionSchedule(options.retentionDays);
+  }
+  initOtlpForwarder();
+  await registerIngestRoute(app);
+  await registerTraceRoutes(app);
+  await registerStatsRoute(app);
+  await registerSSERoute(app);
+  await registerSessionsRoute(app);
+  await registerDbInfoRoute(app);
+  await registerInsightsRoute(app);
+  await registerReplayRoute(app);
+  await registerOtlpExportRoute(app);
+  app.get("/health", async () => ({ status: "ok" }));
+  app.post("/v1/reset", async (request, reply) => {
+    const parsed = ResetSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Must send { confirm: true } to reset database" });
+    }
+    resetDb();
+    return reply.send({ status: "ok", message: "Data cleared" });
+  });
+  app.post("/v1/retention", async (request, reply) => {
+    const parsed = RetentionSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: "Validation failed", details: parsed.error.issues });
+    }
+    const deleted = enforceRetention(parsed.data.retentionDays);
+    return reply.send({
+      status: "ok",
+      retentionDays: parsed.data.retentionDays,
+      deletedSpans: deleted
+    });
+  });
+  let isShuttingDown = false;
+  const shutdown = async () => {
+    if (isShuttingDown) return;
+    isShuttingDown = true;
+    clearInterval(rateLimitCleanup);
+    await app.close();
+    closeDb();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  app.addHook("onClose", async () => {
+    process.off("SIGINT", shutdown);
+    process.off("SIGTERM", shutdown);
+  });
+  return { app, port, host };
+}
+async function startServer(options = {}) {
+  const { app, port, host } = await createServer(options);
+  const address = await app.listen({ port, host });
+  return address;
+}
+export {
+  closeDb,
+  createServer,
+  enforceRetention,
+  getDb,
+  getOtlpEndpoint,
+  resetDb,
+  seedDemoData,
+  startRetentionSchedule,
+  startServer
+};
+//# sourceMappingURL=index.mjs.map