npm - @newrelic/preflight - Versions diffs - 0.0.1-pre.1 → 1.0.1 - Mend

@newrelic/preflight 0.0.1-pre.1 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (578) hide show

package/LICENSE +183 -0
package/README.md +498 -0
package/dist/alerts/alert-log.d.ts +24 -0
package/dist/alerts/alert-log.d.ts.map +1 -0
package/dist/alerts/alert-log.js +159 -0
package/dist/alerts/alert-log.js.map +1 -0
package/dist/alerts/alert-snapshot-collector.d.ts +168 -0
package/dist/alerts/alert-snapshot-collector.d.ts.map +1 -0
package/dist/alerts/alert-snapshot-collector.js +243 -0
package/dist/alerts/alert-snapshot-collector.js.map +1 -0
package/dist/alerts/local-alert-engine.d.ts +86 -0
package/dist/alerts/local-alert-engine.d.ts.map +1 -0
package/dist/alerts/local-alert-engine.js +466 -0
package/dist/alerts/local-alert-engine.js.map +1 -0
package/dist/alerts/local-alert-rule.d.ts +439 -0
package/dist/alerts/local-alert-rule.d.ts.map +1 -0
package/dist/alerts/local-alert-rule.js +139 -0
package/dist/alerts/local-alert-rule.js.map +1 -0
package/dist/alerts/os-notifier.d.ts +39 -0
package/dist/alerts/os-notifier.d.ts.map +1 -0
package/dist/alerts/os-notifier.js +170 -0
package/dist/alerts/os-notifier.js.map +1 -0
package/dist/alerts/types.d.ts +35 -0
package/dist/alerts/types.d.ts.map +1 -0
package/dist/alerts/types.js +8 -0
package/dist/alerts/types.js.map +1 -0
package/dist/config.d.ts +169 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +868 -0
package/dist/config.js.map +1 -0
package/dist/dashboard/dashboard-server.d.ts +38 -0
package/dist/dashboard/dashboard-server.d.ts.map +1 -0
package/dist/dashboard/dashboard-server.js +207 -0
package/dist/dashboard/dashboard-server.js.map +1 -0
package/dist/dashboard/index.d.ts +3 -0
package/dist/dashboard/index.d.ts.map +1 -0
package/dist/dashboard/index.js +2 -0
package/dist/dashboard/index.js.map +1 -0
package/dist/dashboard/live-event-bus.d.ts +99 -0
package/dist/dashboard/live-event-bus.d.ts.map +1 -0
package/dist/dashboard/live-event-bus.js +56 -0
package/dist/dashboard/live-event-bus.js.map +1 -0
package/dist/dashboard/routes/api-handler.d.ts +122 -0
package/dist/dashboard/routes/api-handler.d.ts.map +1 -0
package/dist/dashboard/routes/api-handler.js +1414 -0
package/dist/dashboard/routes/api-handler.js.map +1 -0
package/dist/dashboard/routes/replay-analyzer.d.ts +15 -0
package/dist/dashboard/routes/replay-analyzer.d.ts.map +1 -0
package/dist/dashboard/routes/replay-analyzer.js +227 -0
package/dist/dashboard/routes/replay-analyzer.js.map +1 -0
package/dist/dashboard/routes/sse-handler.d.ts +4 -0
package/dist/dashboard/routes/sse-handler.d.ts.map +1 -0
package/dist/dashboard/routes/sse-handler.js +122 -0
package/dist/dashboard/routes/sse-handler.js.map +1 -0
package/dist/dashboard/routes/static-handler.d.ts +3 -0
package/dist/dashboard/routes/static-handler.d.ts.map +1 -0
package/dist/dashboard/routes/static-handler.js +123 -0
package/dist/dashboard/routes/static-handler.js.map +1 -0
package/dist/data/alerts/conditions/01-daily-cost-spike.json +16 -0
package/dist/data/alerts/conditions/02-low-efficiency-score.json +16 -0
package/dist/data/alerts/conditions/03-stuck-loop-rate.json +16 -0
package/dist/data/alerts/conditions/04-anti-pattern-rate.json +16 -0
package/dist/data/alerts/conditions/05-session-cost-budget.json +16 -0
package/dist/data/alerts/conditions-personal/01-personal-daily-cost.json +16 -0
package/dist/data/alerts/conditions-personal/02-personal-session-cost.json +16 -0
package/dist/data/alerts/conditions-personal/03-personal-low-efficiency.json +16 -0
package/dist/data/alerts/conditions-personal/04-personal-anti-pattern-rate.json +16 -0
package/dist/data/alerts/conditions-personal/05-personal-stuck-loop.json +16 -0
package/dist/data/alerts/policy.json +4 -0
package/dist/data/dashboards/ai-coding-assistant-manager-view.json +103 -0
package/dist/data/dashboards/ai-coding-assistant-overview.json +239 -0
package/dist/data/dashboards/ai-coding-assistant-personal.json +442 -0
package/dist/data/dashboards/ai-coding-assistant-platform-comparison.json +320 -0
package/dist/data/dashboards/ai-coding-assistant-security.json +275 -0
package/dist/data/dashboards/ai-coding-assistant-session-detail.json +296 -0
package/dist/data/dashboards/ai-coding-assistant-team-view.json +345 -0
package/dist/deploy/data-paths.d.ts +22 -0
package/dist/deploy/data-paths.d.ts.map +1 -0
package/dist/deploy/data-paths.js +69 -0
package/dist/deploy/data-paths.js.map +1 -0
package/dist/deploy/deploy-alerts.d.ts +58 -0
package/dist/deploy/deploy-alerts.d.ts.map +1 -0
package/dist/deploy/deploy-alerts.js +371 -0
package/dist/deploy/deploy-alerts.js.map +1 -0
package/dist/deploy/deploy-dashboards.d.ts +92 -0
package/dist/deploy/deploy-dashboards.d.ts.map +1 -0
package/dist/deploy/deploy-dashboards.js +282 -0
package/dist/deploy/deploy-dashboards.js.map +1 -0
package/dist/digest/digest-formatter.d.ts +3 -0
package/dist/digest/digest-formatter.d.ts.map +1 -0
package/dist/digest/digest-formatter.js +37 -0
package/dist/digest/digest-formatter.js.map +1 -0
package/dist/digest/digest-sender.d.ts +2 -0
package/dist/digest/digest-sender.d.ts.map +1 -0
package/dist/digest/digest-sender.js +29 -0
package/dist/digest/digest-sender.js.map +1 -0
package/dist/hooks/bash-classifier.d.ts +26 -0
package/dist/hooks/bash-classifier.d.ts.map +1 -0
package/dist/hooks/bash-classifier.js +409 -0
package/dist/hooks/bash-classifier.js.map +1 -0
package/dist/hooks/collector-script.d.ts +47 -0
package/dist/hooks/collector-script.d.ts.map +1 -0
package/dist/hooks/collector-script.js +662 -0
package/dist/hooks/collector-script.js.map +1 -0
package/dist/hooks/event-processor.d.ts +65 -0
package/dist/hooks/event-processor.d.ts.map +1 -0
package/dist/hooks/event-processor.js +342 -0
package/dist/hooks/event-processor.js.map +1 -0
package/dist/hooks/index.d.ts +7 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +5 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/session-resolver.d.ts +66 -0
package/dist/hooks/session-resolver.d.ts.map +1 -0
package/dist/hooks/session-resolver.js +196 -0
package/dist/hooks/session-resolver.js.map +1 -0
package/dist/hooks/tool-parsers.d.ts +19 -0
package/dist/hooks/tool-parsers.d.ts.map +1 -0
package/dist/hooks/tool-parsers.js +260 -0
package/dist/hooks/tool-parsers.js.map +1 -0
package/dist/index.d.ts +107 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +1505 -0
package/dist/index.js.map +1 -0
package/dist/install/cli.d.ts +11 -0
package/dist/install/cli.d.ts.map +1 -0
package/dist/install/cli.js +365 -0
package/dist/install/cli.js.map +1 -0
package/dist/install/index.d.ts +4 -0
package/dist/install/index.d.ts.map +1 -0
package/dist/install/index.js +3 -0
package/dist/install/index.js.map +1 -0
package/dist/install/install-helper.d.ts +35 -0
package/dist/install/install-helper.d.ts.map +1 -0
package/dist/install/install-helper.js +227 -0
package/dist/install/install-helper.js.map +1 -0
package/dist/install/key-validator.d.ts +19 -0
package/dist/install/key-validator.d.ts.map +1 -0
package/dist/install/key-validator.js +122 -0
package/dist/install/key-validator.js.map +1 -0
package/dist/install/migrate.d.ts +12 -0
package/dist/install/migrate.d.ts.map +1 -0
package/dist/install/migrate.js +115 -0
package/dist/install/migrate.js.map +1 -0
package/dist/install/schedule.d.ts +11 -0
package/dist/install/schedule.d.ts.map +1 -0
package/dist/install/schedule.js +114 -0
package/dist/install/schedule.js.map +1 -0
package/dist/install/setup-wizard.d.ts +40 -0
package/dist/install/setup-wizard.d.ts.map +1 -0
package/dist/install/setup-wizard.js +489 -0
package/dist/install/setup-wizard.js.map +1 -0
package/dist/lib/date.d.ts +54 -0
package/dist/lib/date.d.ts.map +1 -0
package/dist/lib/date.js +85 -0
package/dist/lib/date.js.map +1 -0
package/dist/metrics/anti-patterns.d.ts +62 -0
package/dist/metrics/anti-patterns.d.ts.map +1 -0
package/dist/metrics/anti-patterns.js +301 -0
package/dist/metrics/anti-patterns.js.map +1 -0
package/dist/metrics/api-failure-tracker.d.ts +82 -0
package/dist/metrics/api-failure-tracker.d.ts.map +1 -0
package/dist/metrics/api-failure-tracker.js +202 -0
package/dist/metrics/api-failure-tracker.js.map +1 -0
package/dist/metrics/budget-tracker.d.ts +60 -0
package/dist/metrics/budget-tracker.d.ts.map +1 -0
package/dist/metrics/budget-tracker.js +130 -0
package/dist/metrics/budget-tracker.js.map +1 -0
package/dist/metrics/claudemd-tracker.d.ts +108 -0
package/dist/metrics/claudemd-tracker.d.ts.map +1 -0
package/dist/metrics/claudemd-tracker.js +337 -0
package/dist/metrics/claudemd-tracker.js.map +1 -0
package/dist/metrics/collaboration-profile.d.ts +65 -0
package/dist/metrics/collaboration-profile.d.ts.map +1 -0
package/dist/metrics/collaboration-profile.js +231 -0
package/dist/metrics/collaboration-profile.js.map +1 -0
package/dist/metrics/context-composition-tracker.d.ts +74 -0
package/dist/metrics/context-composition-tracker.d.ts.map +1 -0
package/dist/metrics/context-composition-tracker.js +202 -0
package/dist/metrics/context-composition-tracker.js.map +1 -0
package/dist/metrics/context-tracker.d.ts +78 -0
package/dist/metrics/context-tracker.d.ts.map +1 -0
package/dist/metrics/context-tracker.js +222 -0
package/dist/metrics/context-tracker.js.map +1 -0
package/dist/metrics/context-window-tracker.d.ts +18 -0
package/dist/metrics/context-window-tracker.d.ts.map +1 -0
package/dist/metrics/context-window-tracker.js +35 -0
package/dist/metrics/context-window-tracker.js.map +1 -0
package/dist/metrics/cost-forecast.d.ts +36 -0
package/dist/metrics/cost-forecast.d.ts.map +1 -0
package/dist/metrics/cost-forecast.js +91 -0
package/dist/metrics/cost-forecast.js.map +1 -0
package/dist/metrics/cost-per-outcome.d.ts +102 -0
package/dist/metrics/cost-per-outcome.d.ts.map +1 -0
package/dist/metrics/cost-per-outcome.js +266 -0
package/dist/metrics/cost-per-outcome.js.map +1 -0
package/dist/metrics/cost-tracker.d.ts +78 -0
package/dist/metrics/cost-tracker.d.ts.map +1 -0
package/dist/metrics/cost-tracker.js +169 -0
package/dist/metrics/cost-tracker.js.map +1 -0
package/dist/metrics/decision-tracker.d.ts +49 -0
package/dist/metrics/decision-tracker.d.ts.map +1 -0
package/dist/metrics/decision-tracker.js +161 -0
package/dist/metrics/decision-tracker.js.map +1 -0
package/dist/metrics/efficiency-score.d.ts +80 -0
package/dist/metrics/efficiency-score.d.ts.map +1 -0
package/dist/metrics/efficiency-score.js +219 -0
package/dist/metrics/efficiency-score.js.map +1 -0
package/dist/metrics/git-efficiency-tracker.d.ts +165 -0
package/dist/metrics/git-efficiency-tracker.d.ts.map +1 -0
package/dist/metrics/git-efficiency-tracker.js +1056 -0
package/dist/metrics/git-efficiency-tracker.js.map +1 -0
package/dist/metrics/index.d.ts +26 -0
package/dist/metrics/index.d.ts.map +1 -0
package/dist/metrics/index.js +14 -0
package/dist/metrics/index.js.map +1 -0
package/dist/metrics/instruction-drift-tracker.d.ts +69 -0
package/dist/metrics/instruction-drift-tracker.d.ts.map +1 -0
package/dist/metrics/instruction-drift-tracker.js +213 -0
package/dist/metrics/instruction-drift-tracker.js.map +1 -0
package/dist/metrics/latency-decomposition.d.ts +50 -0
package/dist/metrics/latency-decomposition.d.ts.map +1 -0
package/dist/metrics/latency-decomposition.js +112 -0
package/dist/metrics/latency-decomposition.js.map +1 -0
package/dist/metrics/latency-tracker.d.ts +33 -0
package/dist/metrics/latency-tracker.d.ts.map +1 -0
package/dist/metrics/latency-tracker.js +93 -0
package/dist/metrics/latency-tracker.js.map +1 -0
package/dist/metrics/live-session-registry.d.ts +29 -0
package/dist/metrics/live-session-registry.d.ts.map +1 -0
package/dist/metrics/live-session-registry.js +103 -0
package/dist/metrics/live-session-registry.js.map +1 -0
package/dist/metrics/model-usage-tracker.d.ts +21 -0
package/dist/metrics/model-usage-tracker.d.ts.map +1 -0
package/dist/metrics/model-usage-tracker.js +53 -0
package/dist/metrics/model-usage-tracker.js.map +1 -0
package/dist/metrics/percentile.d.ts +5 -0
package/dist/metrics/percentile.d.ts.map +1 -0
package/dist/metrics/percentile.js +10 -0
package/dist/metrics/percentile.js.map +1 -0
package/dist/metrics/personal-coach.d.ts +47 -0
package/dist/metrics/personal-coach.d.ts.map +1 -0
package/dist/metrics/personal-coach.js +241 -0
package/dist/metrics/personal-coach.js.map +1 -0
package/dist/metrics/prompt-feedback.d.ts +75 -0
package/dist/metrics/prompt-feedback.d.ts.map +1 -0
package/dist/metrics/prompt-feedback.js +286 -0
package/dist/metrics/prompt-feedback.js.map +1 -0
package/dist/metrics/proxy-metrics.d.ts +54 -0
package/dist/metrics/proxy-metrics.d.ts.map +1 -0
package/dist/metrics/proxy-metrics.js +228 -0
package/dist/metrics/proxy-metrics.js.map +1 -0
package/dist/metrics/quality-proxy-tracker.d.ts +51 -0
package/dist/metrics/quality-proxy-tracker.d.ts.map +1 -0
package/dist/metrics/quality-proxy-tracker.js +162 -0
package/dist/metrics/quality-proxy-tracker.js.map +1 -0
package/dist/metrics/recommendation-engine.d.ts +72 -0
package/dist/metrics/recommendation-engine.d.ts.map +1 -0
package/dist/metrics/recommendation-engine.js +207 -0
package/dist/metrics/recommendation-engine.js.map +1 -0
package/dist/metrics/retry-detector.d.ts +43 -0
package/dist/metrics/retry-detector.d.ts.map +1 -0
package/dist/metrics/retry-detector.js +179 -0
package/dist/metrics/retry-detector.js.map +1 -0
package/dist/metrics/session-tracker.d.ts +75 -0
package/dist/metrics/session-tracker.d.ts.map +1 -0
package/dist/metrics/session-tracker.js +249 -0
package/dist/metrics/session-tracker.js.map +1 -0
package/dist/metrics/task-completion-tracker.d.ts +15 -0
package/dist/metrics/task-completion-tracker.d.ts.map +1 -0
package/dist/metrics/task-completion-tracker.js +27 -0
package/dist/metrics/task-completion-tracker.js.map +1 -0
package/dist/metrics/task-detector.d.ts +84 -0
package/dist/metrics/task-detector.d.ts.map +1 -0
package/dist/metrics/task-detector.js +302 -0
package/dist/metrics/task-detector.js.map +1 -0
package/dist/metrics/tool-selection-scorer.d.ts +39 -0
package/dist/metrics/tool-selection-scorer.d.ts.map +1 -0
package/dist/metrics/tool-selection-scorer.js +193 -0
package/dist/metrics/tool-selection-scorer.js.map +1 -0
package/dist/metrics/trend-analyzer.d.ts +92 -0
package/dist/metrics/trend-analyzer.d.ts.map +1 -0
package/dist/metrics/trend-analyzer.js +293 -0
package/dist/metrics/trend-analyzer.js.map +1 -0
package/dist/metrics/turn-cost-attributor.d.ts +41 -0
package/dist/metrics/turn-cost-attributor.d.ts.map +1 -0
package/dist/metrics/turn-cost-attributor.js +118 -0
package/dist/metrics/turn-cost-attributor.js.map +1 -0
package/dist/metrics/turn-tracker.d.ts +49 -0
package/dist/metrics/turn-tracker.d.ts.map +1 -0
package/dist/metrics/turn-tracker.js +192 -0
package/dist/metrics/turn-tracker.js.map +1 -0
package/dist/platforms/amazon-q-adapter.d.ts +10 -0
package/dist/platforms/amazon-q-adapter.d.ts.map +1 -0
package/dist/platforms/amazon-q-adapter.js +75 -0
package/dist/platforms/amazon-q-adapter.js.map +1 -0
package/dist/platforms/claude-code-adapter.d.ts +10 -0
package/dist/platforms/claude-code-adapter.d.ts.map +1 -0
package/dist/platforms/claude-code-adapter.js +48 -0
package/dist/platforms/claude-code-adapter.js.map +1 -0
package/dist/platforms/continue-adapter.d.ts +10 -0
package/dist/platforms/continue-adapter.d.ts.map +1 -0
package/dist/platforms/continue-adapter.js +73 -0
package/dist/platforms/continue-adapter.js.map +1 -0
package/dist/platforms/copilot-adapter.d.ts +37 -0
package/dist/platforms/copilot-adapter.d.ts.map +1 -0
package/dist/platforms/copilot-adapter.js +66 -0
package/dist/platforms/copilot-adapter.js.map +1 -0
package/dist/platforms/cursor-adapter.d.ts +10 -0
package/dist/platforms/cursor-adapter.d.ts.map +1 -0
package/dist/platforms/cursor-adapter.js +60 -0
package/dist/platforms/cursor-adapter.js.map +1 -0
package/dist/platforms/generic-mcp-adapter.d.ts +113 -0
package/dist/platforms/generic-mcp-adapter.d.ts.map +1 -0
package/dist/platforms/generic-mcp-adapter.js +139 -0
package/dist/platforms/generic-mcp-adapter.js.map +1 -0
package/dist/platforms/index.d.ts +15 -0
package/dist/platforms/index.d.ts.map +1 -0
package/dist/platforms/index.js +12 -0
package/dist/platforms/index.js.map +1 -0
package/dist/platforms/platform-registry.d.ts +11 -0
package/dist/platforms/platform-registry.d.ts.map +1 -0
package/dist/platforms/platform-registry.js +54 -0
package/dist/platforms/platform-registry.js.map +1 -0
package/dist/platforms/types.d.ts +36 -0
package/dist/platforms/types.d.ts.map +1 -0
package/dist/platforms/types.js +2 -0
package/dist/platforms/types.js.map +1 -0
package/dist/platforms/windsurf-adapter.d.ts +10 -0
package/dist/platforms/windsurf-adapter.d.ts.map +1 -0
package/dist/platforms/windsurf-adapter.js +63 -0
package/dist/platforms/windsurf-adapter.js.map +1 -0
package/dist/platforms/zed-adapter.d.ts +10 -0
package/dist/platforms/zed-adapter.d.ts.map +1 -0
package/dist/platforms/zed-adapter.js +72 -0
package/dist/platforms/zed-adapter.js.map +1 -0
package/dist/proxy/index.d.ts +7 -0
package/dist/proxy/index.d.ts.map +1 -0
package/dist/proxy/index.js +5 -0
package/dist/proxy/index.js.map +1 -0
package/dist/proxy/otlp-receiver.d.ts +28 -0
package/dist/proxy/otlp-receiver.d.ts.map +1 -0
package/dist/proxy/otlp-receiver.js +319 -0
package/dist/proxy/otlp-receiver.js.map +1 -0
package/dist/proxy/proxy-manager.d.ts +47 -0
package/dist/proxy/proxy-manager.d.ts.map +1 -0
package/dist/proxy/proxy-manager.js +338 -0
package/dist/proxy/proxy-manager.js.map +1 -0
package/dist/proxy/types.d.ts +72 -0
package/dist/proxy/types.d.ts.map +1 -0
package/dist/proxy/types.js +33 -0
package/dist/proxy/types.js.map +1 -0
package/dist/proxy/upstream-http.d.ts +26 -0
package/dist/proxy/upstream-http.d.ts.map +1 -0
package/dist/proxy/upstream-http.js +209 -0
package/dist/proxy/upstream-http.js.map +1 -0
package/dist/proxy/upstream-stdio.d.ts +25 -0
package/dist/proxy/upstream-stdio.d.ts.map +1 -0
package/dist/proxy/upstream-stdio.js +256 -0
package/dist/proxy/upstream-stdio.js.map +1 -0
package/dist/security/audit-trail.d.ts +74 -0
package/dist/security/audit-trail.d.ts.map +1 -0
package/dist/security/audit-trail.js +338 -0
package/dist/security/audit-trail.js.map +1 -0
package/dist/security/index.d.ts +5 -0
package/dist/security/index.d.ts.map +1 -0
package/dist/security/index.js +4 -0
package/dist/security/index.js.map +1 -0
package/dist/security/ssrf.d.ts +2 -0
package/dist/security/ssrf.d.ts.map +1 -0
package/dist/security/ssrf.js +126 -0
package/dist/security/ssrf.js.map +1 -0
package/dist/server.d.ts +14 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +117 -0
package/dist/server.js.map +1 -0
package/dist/shared/__test-utils__/log-output.d.ts +49 -0
package/dist/shared/__test-utils__/log-output.d.ts.map +1 -0
package/dist/shared/__test-utils__/log-output.js +38 -0
package/dist/shared/__test-utils__/log-output.js.map +1 -0
package/dist/shared/config.d.ts +56 -0
package/dist/shared/config.d.ts.map +1 -0
package/dist/shared/config.js +290 -0
package/dist/shared/config.js.map +1 -0
package/dist/shared/errors.d.ts +139 -0
package/dist/shared/errors.d.ts.map +1 -0
package/dist/shared/errors.js +406 -0
package/dist/shared/errors.js.map +1 -0
package/dist/shared/events/factory.d.ts +143 -0
package/dist/shared/events/factory.d.ts.map +1 -0
package/dist/shared/events/factory.js +351 -0
package/dist/shared/events/factory.js.map +1 -0
package/dist/shared/events/index.d.ts +6 -0
package/dist/shared/events/index.d.ts.map +1 -0
package/dist/shared/events/index.js +3 -0
package/dist/shared/events/index.js.map +1 -0
package/dist/shared/events/serialize.d.ts +87 -0
package/dist/shared/events/serialize.d.ts.map +1 -0
package/dist/shared/events/serialize.js +510 -0
package/dist/shared/events/serialize.js.map +1 -0
package/dist/shared/events/types.d.ts +139 -0
package/dist/shared/events/types.d.ts.map +1 -0
package/dist/shared/events/types.js +2 -0
package/dist/shared/events/types.js.map +1 -0
package/dist/shared/harvest/event-buffer.d.ts +59 -0
package/dist/shared/harvest/event-buffer.d.ts.map +1 -0
package/dist/shared/harvest/event-buffer.js +100 -0
package/dist/shared/harvest/event-buffer.js.map +1 -0
package/dist/shared/harvest/harvest-scheduler.d.ts +200 -0
package/dist/shared/harvest/harvest-scheduler.d.ts.map +1 -0
package/dist/shared/harvest/harvest-scheduler.js +647 -0
package/dist/shared/harvest/harvest-scheduler.js.map +1 -0
package/dist/shared/harvest/index.d.ts +7 -0
package/dist/shared/harvest/index.d.ts.map +1 -0
package/dist/shared/harvest/index.js +4 -0
package/dist/shared/harvest/index.js.map +1 -0
package/dist/shared/harvest/metric-aggregator.d.ts +115 -0
package/dist/shared/harvest/metric-aggregator.d.ts.map +1 -0
package/dist/shared/harvest/metric-aggregator.js +247 -0
package/dist/shared/harvest/metric-aggregator.js.map +1 -0
package/dist/shared/index.d.ts +22 -0
package/dist/shared/index.d.ts.map +1 -0
package/dist/shared/index.js +13 -0
package/dist/shared/index.js.map +1 -0
package/dist/shared/logger.d.ts +57 -0
package/dist/shared/logger.d.ts.map +1 -0
package/dist/shared/logger.js +166 -0
package/dist/shared/logger.js.map +1 -0
package/dist/shared/pricing-data.d.ts +4 -0
package/dist/shared/pricing-data.d.ts.map +1 -0
package/dist/shared/pricing-data.js +473 -0
package/dist/shared/pricing-data.js.map +1 -0
package/dist/shared/pricing.d.ts +148 -0
package/dist/shared/pricing.d.ts.map +1 -0
package/dist/shared/pricing.js +528 -0
package/dist/shared/pricing.js.map +1 -0
package/dist/shared/redact.d.ts +33 -0
package/dist/shared/redact.d.ts.map +1 -0
package/dist/shared/redact.js +110 -0
package/dist/shared/redact.js.map +1 -0
package/dist/shared/timing.d.ts +96 -0
package/dist/shared/timing.d.ts.map +1 -0
package/dist/shared/timing.js +173 -0
package/dist/shared/timing.js.map +1 -0
package/dist/shared/tokens.d.ts +145 -0
package/dist/shared/tokens.d.ts.map +1 -0
package/dist/shared/tokens.js +492 -0
package/dist/shared/tokens.js.map +1 -0
package/dist/shared/transport/events-api.d.ts +14 -0
package/dist/shared/transport/events-api.d.ts.map +1 -0
package/dist/shared/transport/events-api.js +29 -0
package/dist/shared/transport/events-api.js.map +1 -0
package/dist/shared/transport/http-client.d.ts +49 -0
package/dist/shared/transport/http-client.d.ts.map +1 -0
package/dist/shared/transport/http-client.js +381 -0
package/dist/shared/transport/http-client.js.map +1 -0
package/dist/shared/transport/index.d.ts +10 -0
package/dist/shared/transport/index.d.ts.map +1 -0
package/dist/shared/transport/index.js +6 -0
package/dist/shared/transport/index.js.map +1 -0
package/dist/shared/transport/logs-api.d.ts +29 -0
package/dist/shared/transport/logs-api.d.ts.map +1 -0
package/dist/shared/transport/logs-api.js +40 -0
package/dist/shared/transport/logs-api.js.map +1 -0
package/dist/shared/transport/metric-api.d.ts +9 -0
package/dist/shared/transport/metric-api.d.ts.map +1 -0
package/dist/shared/transport/metric-api.js +39 -0
package/dist/shared/transport/metric-api.js.map +1 -0
package/dist/shared/transport/otlp-event-bridge.d.ts +22 -0
package/dist/shared/transport/otlp-event-bridge.d.ts.map +1 -0
package/dist/shared/transport/otlp-event-bridge.js +50 -0
package/dist/shared/transport/otlp-event-bridge.js.map +1 -0
package/dist/shared/transport/otlp-shared.d.ts +14 -0
package/dist/shared/transport/otlp-shared.d.ts.map +1 -0
package/dist/shared/transport/otlp-shared.js +49 -0
package/dist/shared/transport/otlp-shared.js.map +1 -0
package/dist/shared/transport/otlp-transport.d.ts +58 -0
package/dist/shared/transport/otlp-transport.d.ts.map +1 -0
package/dist/shared/transport/otlp-transport.js +236 -0
package/dist/shared/transport/otlp-transport.js.map +1 -0
package/dist/shared/transport/types.d.ts +129 -0
package/dist/shared/transport/types.d.ts.map +1 -0
package/dist/shared/transport/types.js +2 -0
package/dist/shared/transport/types.js.map +1 -0
package/dist/shared/version.d.ts +2 -0
package/dist/shared/version.d.ts.map +1 -0
package/dist/shared/version.js +2 -0
package/dist/shared/version.js.map +1 -0
package/dist/storage/index.d.ts +7 -0
package/dist/storage/index.d.ts.map +1 -0
package/dist/storage/index.js +4 -0
package/dist/storage/index.js.map +1 -0
package/dist/storage/local-store.d.ts +153 -0
package/dist/storage/local-store.d.ts.map +1 -0
package/dist/storage/local-store.js +719 -0
package/dist/storage/local-store.js.map +1 -0
package/dist/storage/retention.d.ts +2 -0
package/dist/storage/retention.d.ts.map +1 -0
package/dist/storage/retention.js +53 -0
package/dist/storage/retention.js.map +1 -0
package/dist/storage/session-store.d.ts +97 -0
package/dist/storage/session-store.d.ts.map +1 -0
package/dist/storage/session-store.js +391 -0
package/dist/storage/session-store.js.map +1 -0
package/dist/storage/types.d.ts +64 -0
package/dist/storage/types.d.ts.map +1 -0
package/dist/storage/types.js +2 -0
package/dist/storage/types.js.map +1 -0
package/dist/storage/weekly-summary.d.ts +61 -0
package/dist/storage/weekly-summary.d.ts.map +1 -0
package/dist/storage/weekly-summary.js +243 -0
package/dist/storage/weekly-summary.js.map +1 -0
package/dist/tools/analytics-tools.d.ts +101 -0
package/dist/tools/analytics-tools.d.ts.map +1 -0
package/dist/tools/analytics-tools.js +71 -0
package/dist/tools/analytics-tools.js.map +1 -0
package/dist/tools/cost-tools.d.ts +121 -0
package/dist/tools/cost-tools.d.ts.map +1 -0
package/dist/tools/cost-tools.js +174 -0
package/dist/tools/cost-tools.js.map +1 -0
package/dist/tools/cross-session-tools.d.ts +376 -0
package/dist/tools/cross-session-tools.d.ts.map +1 -0
package/dist/tools/cross-session-tools.js +820 -0
package/dist/tools/cross-session-tools.js.map +1 -0
package/dist/tools/extended-analytics-tools.d.ts +164 -0
package/dist/tools/extended-analytics-tools.d.ts.map +1 -0
package/dist/tools/extended-analytics-tools.js +121 -0
package/dist/tools/extended-analytics-tools.js.map +1 -0
package/dist/tools/index.d.ts +7 -0
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/index.js +4 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/session-stats.d.ts +162 -0
package/dist/tools/session-stats.d.ts.map +1 -0
package/dist/tools/session-stats.js +1054 -0
package/dist/tools/session-stats.js.map +1 -0
package/dist/tools/workflow-tools.d.ts +126 -0
package/dist/tools/workflow-tools.d.ts.map +1 -0
package/dist/tools/workflow-tools.js +274 -0
package/dist/tools/workflow-tools.js.map +1 -0
package/dist/tracing/mcp-tracer.d.ts +4 -0
package/dist/tracing/mcp-tracer.d.ts.map +1 -0
package/dist/tracing/mcp-tracer.js +14 -0
package/dist/tracing/mcp-tracer.js.map +1 -0
package/dist/tracing/session-span.d.ts +14 -0
package/dist/tracing/session-span.d.ts.map +1 -0
package/dist/tracing/session-span.js +53 -0
package/dist/tracing/session-span.js.map +1 -0
package/dist/tracing/task-span-tracker.d.ts +11 -0
package/dist/tracing/task-span-tracker.d.ts.map +1 -0
package/dist/tracing/task-span-tracker.js +59 -0
package/dist/tracing/task-span-tracker.js.map +1 -0
package/dist/tracing/tool-call-span.d.ts +4 -0
package/dist/tracing/tool-call-span.d.ts.map +1 -0
package/dist/tracing/tool-call-span.js +60 -0
package/dist/tracing/tool-call-span.js.map +1 -0
package/dist/transport/index.d.ts +3 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +2 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/log-ingest.d.ts +42 -0
package/dist/transport/log-ingest.d.ts.map +1 -0
package/dist/transport/log-ingest.js +151 -0
package/dist/transport/log-ingest.js.map +1 -0
package/dist/transport/nr-ingest.d.ts +171 -0
package/dist/transport/nr-ingest.d.ts.map +1 -0
package/dist/transport/nr-ingest.js +659 -0
package/dist/transport/nr-ingest.js.map +1 -0
package/dist/types.d.ts +45 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +2 -0
package/dist/types.js.map +1 -0
package/dist/web/assets/index-BrL281N-.css +2 -0
package/dist/web/assets/index-CcaYZzXm.js +42 -0
package/dist/web/favicon.svg +15 -0
package/dist/web/index.html +15 -0
package/examples/local-alert-rules.json +106 -0
package/package.json +129 -1

package/dist/config.js ADDED Viewed

@@ -0,0 +1,868 @@
+import { readFileSync, existsSync } from 'node:fs';
+import { execSync } from 'node:child_process';
+import { resolve } from 'node:path';
+import { homedir } from 'node:os';
+import { z } from 'zod';
+import { createLogger } from './shared/index.js';
+import { DEFAULT_PERSONAL_THRESHOLDS } from './alerts/types.js';
+const logger = createLogger('mcp-config');
+export const DEFAULT_STORAGE_PATH = resolve(homedir(), '.newrelic-preflight');
+const DEFAULT_REDACTION_PATTERNS = [
+    /(?<![a-zA-Z])(?:API_KEY|SECRET|TOKEN|PASSWORD|PASSPHRASE|PRIVATE_KEY)(?![a-zA-Z])[\s]*[=:]\s*\S+/gi,
+    /(?:sk-|ghp_|gho_|ghs_|github_pat_|xoxb-|xoxp-|Bearer\s+)[A-Za-z0-9_-]{20,200}/g,
+    /-----BEGIN[^-\n]{0,100}-----[A-Za-z0-9+/=\r\n. ]{0,65536}-----END[^-\n]{0,100}-----/g,
+    /\bAKIA[0-9A-Z]{16}\b/g,
+    /\bAIzaSy[0-9A-Za-z_-]{33}\b/g,
+    /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+    /\bnpm_[A-Za-z0-9]{36}\b/g,
+    /\bxox[a-z]-[0-9A-Za-z-]+/g,
+    /\b(?:sk|rk)_(?:live|test)_[A-Za-z0-9]{24,}\b/g,
+    /\bpypi-[A-Za-z0-9_-]{20,}\b/g,
+    /\bhf_[A-Za-z0-9]{30,}\b/g,
+    /(?:mongodb(?:\+srv)?|postgres(?:ql)?|mysql|redis):\/\/[^:\/\s]+:[^\@\/\s]+@[^\s\/]+/gi,
+    /https?:\/\/[^\s:\/]+:[^\s@\/]+@[^\s\/]+/gi,
+    /\b(?:AC|SK)[a-f0-9]{32}\b/g,
+    /(?:[?&])(?:sig|se|sp|srt|ss|sv|st)=[A-Za-z0-9%_-]+/gi,
+    /\b(?:vercel_|heroku_|dd_|pk_)[A-Za-z0-9_-]{20,}\b/gi,
+];
+export const ConfigFileSchema = z
+    .object({
+    licenseKey: z.string().optional(),
+    accountId: z.string().optional(),
+    appName: z.string().optional(),
+    developer: z.string().optional(),
+    teamId: z.string().nullable().optional(),
+    projectId: z.string().nullable().optional(),
+    orgId: z.string().nullable().optional(),
+    model: z.string().optional(),
+    enabled: z.boolean().optional(),
+    highSecurity: z.boolean().optional(),
+    recordContent: z.boolean().optional(),
+    storagePath: z.string().optional(),
+    hookBufferPath: z.string().optional(),
+    harvestEventsMs: z.number().optional(),
+    harvestMetricsMs: z.number().optional(),
+    sessionBudgetUsd: z.number().nullable().optional(),
+    dailyBudgetUsd: z.number().nullable().optional(),
+    weeklyBudgetUsd: z.number().nullable().optional(),
+    port: z.number().optional(),
+    logLevel: z.enum(['debug', 'info', 'warn', 'error']).optional(),
+    collectorHost: z.string().nullable().optional(),
+    proxyUpstreams: z.array(z.unknown()).optional(),
+    nrApiKey: z.string().nullable().optional(),
+    digestWebhookUrl: z.string().nullable().optional(),
+    digestSchedule: z.string().optional(),
+    retainSessionsDays: z.number().nullable().optional(),
+    otlpEndpoint: z.string().nullable().optional(),
+    otlpHeaders: z.record(z.string(), z.string()).optional(),
+    transport: z.enum(['nr-events-api', 'otlp', 'both']).optional(),
+    mode: z.enum(['cloud', 'local', 'both']).optional(),
+    otlpReceiverEnabled: z.boolean().optional(),
+    otlpReceiverPort: z.number().optional(),
+    otlpReceiverBindAddress: z.string().optional(),
+    otlpForwardEndpoint: z.string().nullable().optional(),
+    otlpForwardHeaders: z.record(z.string(), z.string()).optional(),
+    alerts: z
+        .object({
+        personal: z
+            .object({
+            dailyCostUsd: z.number().optional(),
+            sessionCostUsd: z.number().optional(),
+            efficiencyScoreMin: z.number().optional(),
+            stuckLoopCountMax: z.number().optional(),
+            antiPatternCountMax: z.number().optional(),
+        })
+            .passthrough()
+            .optional(),
+        enabled: z.boolean().optional(),
+        evaluationIntervalSeconds: z.number().int().min(5).max(300).optional(),
+        osNotifications: z.boolean().optional(),
+        logRetentionMb: z.number().min(1).max(1024).optional(),
+        rulesPath: z.string().nullable().optional(),
+    })
+        .passthrough()
+        .optional(),
+    dashboard: z
+        .object({
+        port: z.number().int().min(1).max(65535).optional(),
+        host: z.string().optional(),
+        openOnStart: z.boolean().optional(),
+    })
+        .passthrough()
+        .optional(),
+})
+    // Pre-launch we want graceful tolerance of unknown keys so that an older
+    // ~/.newrelic-preflight/config.json doesn't brick the server on upgrade. Unknown
+    // keys at every level (top-level, alerts, dashboard) are reported via
+    // logger.warn at load time (see loadMcpConfig) so users still get a hint
+    // without a fatal crash. Nested objects also use .passthrough() so the
+    // warn block can see typos like `dashboard.openOnStarrt`.
+    .passthrough();
+// N-07: strip control chars and truncate before the value reaches any NR event field or log
+export function sanitizeDeveloper(raw) {
+    return (raw
+        .replace(/[\x00-\x1f\x7f]/g, '')
+        .trim()
+        .slice(0, 128) || 'unknown');
+}
+/**
+ * Produces a lowercase, NRQL-safe identifier from a raw developer name.
+ * "John Doe" → "john_doe", "my.user@host" → "my_user_host"
+ */
+export function normalizeDeveloperName(raw) {
+    const normalized = raw
+        .replace(/[\x00-\x1f\x7f]/g, '') // strip control chars
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9-]+/g, '_'); // collapse non-alphanumeric runs to _
+    // Trim leading/trailing underscores with an index walk instead of
+    // anchored-quantifier regexes (/^_+/ and /_+$/) — the latter causes
+    // O(n²) backtracking on underscore-heavy strings (CodeQL js/polynomial-redos).
+    let start = 0;
+    let end = normalized.length;
+    while (start < end && normalized[start] === '_')
+        start++;
+    while (end > start && normalized[end - 1] === '_')
+        end--;
+    return (normalized.slice(start, end) || 'unknown').slice(0, 64);
+}
+function sanitizeOrgField(value) {
+    if (!value)
+        return null;
+    const sanitized = value
+        .replace(/[\x00-\x1f\x7f]/g, '')
+        .trim()
+        .slice(0, 128);
+    return sanitized || null;
+}
+function inferDeveloper() {
+    if (process.env.USER)
+        return sanitizeDeveloper(process.env.USER);
+    if (process.env.USERNAME)
+        return sanitizeDeveloper(process.env.USERNAME);
+    try {
+        return sanitizeDeveloper(execSync('git config user.name', {
+            encoding: 'utf-8',
+            timeout: 2000,
+            env: { ...process.env },
+        }).trim());
+    }
+    catch {
+        return 'unknown';
+    }
+}
+function inferProjectId() {
+    try {
+        const remote = execSync('git remote get-url origin', {
+            encoding: 'utf-8',
+            timeout: 2000,
+            env: { ...process.env },
+        }).trim();
+        // Extract "org/repo" from HTTPS or SSH remotes:
+        // https://github.com/org/repo.git  → org/repo
+        // git@github.com:org/repo.git      → org/repo
+        const match = remote.match(/[/:]([\w.-]+\/[\w.-]+?)(?:\.git)?$/);
+        return match ? match[1] : null;
+    }
+    catch {
+        return null;
+    }
+}
+function envBool(key, defaultValue) {
+    const val = process.env[key]?.trim().toLowerCase();
+    if (val === 'true' || val === '1' || val === 'yes' || val === 'y' || val === 'on')
+        return true;
+    if (val === 'false' || val === '0' || val === 'no' || val === 'n' || val === 'off')
+        return false;
+    return defaultValue;
+}
+function envInt(key, defaultValue, bounds) {
+    const val = process.env[key];
+    if (val === undefined)
+        return defaultValue;
+    const parsed = parseInt(val, 10);
+    if (Number.isNaN(parsed))
+        return defaultValue;
+    if (bounds?.min !== undefined && parsed < bounds.min)
+        return bounds.min;
+    if (bounds?.max !== undefined && parsed > bounds.max)
+        return bounds.max;
+    return parsed;
+}
+function envLogLevel(key, defaultValue) {
+    const val = process.env[key]?.toLowerCase();
+    if (val === 'debug' || val === 'info' || val === 'warn' || val === 'error')
+        return val;
+    return defaultValue;
+}
+function loadConfigFile(filePath) {
+    let raw;
+    try {
+        raw = readFileSync(filePath, 'utf-8');
+    }
+    catch {
+        return {};
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        const errorMsg = err instanceof Error ? err.message : String(err);
+        logger.error('Invalid JSON in config file', {
+            filePath,
+            error: errorMsg,
+        });
+        throw new Error(`Config file parsing failed at ${filePath}: ${errorMsg}`);
+    }
+    const validation = ConfigFileSchema.safeParse(parsed);
+    if (!validation.success) {
+        const issues = validation.error.issues
+            .map((issue) => {
+            const path = issue.path.join('.');
+            return `${path || 'root'}: ${issue.message}`;
+        })
+            .join('; ');
+        logger.error('Config file validation failed', {
+            filePath,
+            issues,
+        });
+        throw new Error(`Config file validation failed at ${filePath}: ${issues}`);
+    }
+    return validation.data;
+}
+function resolveCollectorHost(licenseKey, explicit) {
+    if (explicit)
+        return explicit;
+    if (licenseKey?.toLowerCase().startsWith('eu01')) {
+        return 'eu';
+    }
+    return null;
+}
+function isValidUpstream(u) {
+    if (typeof u !== 'object' || u === null)
+        return false;
+    const obj = u;
+    if (typeof obj.name !== 'string')
+        return false;
+    if (obj.transportType !== 'http' && obj.transportType !== 'stdio')
+        return false;
+    if (obj.transportType === 'http' && typeof obj.url !== 'string')
+        return false;
+    if (obj.transportType === 'stdio' && typeof obj.command !== 'string')
+        return false;
+    return true;
+}
+function parseOtlpHeaders(headerString) {
+    if (!headerString)
+        return {};
+    const result = {};
+    const pairs = headerString.split(',');
+    for (const pair of pairs) {
+        const eqIdx = pair.indexOf('=');
+        if (eqIdx < 1)
+            continue;
+        const key = pair.slice(0, eqIdx).trim();
+        const value = pair.slice(eqIdx + 1).trim();
+        if (key && value) {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+/**
+ * Validate the alerts.rulesPath value. The path is read from the user's
+ * config file or NR_AI_ALERTS_RULES_PATH env var; both are user-controlled
+ * but worth a defensive guard to keep an accidental misconfiguration from
+ * pointing fs.watch at /etc/hosts or similar. Rules:
+ *
+ *   1. Must end in `.json` (case-insensitive).
+ *   2. Must resolve under `storagePath` (the configured storage root).
+ *
+ * The default rules path is `${storagePath}/alerts/rules.json`, which
+ * always passes both checks. A bad path falls back to the default with a
+ * logged warning rather than throwing — one bad config field shouldn't
+ * brick the whole server.
+ */
+function validateRulesPath(rawPath, storagePath) {
+    const fallback = resolve(storagePath, 'alerts', 'rules.json');
+    if (!rawPath.toLowerCase().endsWith('.json')) {
+        logger.warn('alerts.rulesPath does not end in .json — falling back to default', {
+            rawPath,
+            fallback,
+        });
+        return fallback;
+    }
+    const resolved = resolve(rawPath);
+    const storageResolved = resolve(storagePath);
+    // Match prefix only on full path segments to avoid `/foo/bar` matching
+    // `/foo/barbaz`.
+    const prefix = storageResolved.endsWith('/') ? storageResolved : storageResolved + '/';
+    if (resolved !== storageResolved && !resolved.startsWith(prefix)) {
+        logger.warn('alerts.rulesPath resolves outside storagePath — falling back to default', {
+            rawPath,
+            resolved,
+            storagePath: storageResolved,
+            fallback,
+        });
+        return fallback;
+    }
+    return resolved;
+}
+function parseProxyUpstreams(envValue, fileValue) {
+    // Env var takes precedence (JSON string)
+    if (envValue) {
+        try {
+            const parsed = JSON.parse(envValue);
+            if (!Array.isArray(parsed)) {
+                logger.warn('NEW_RELIC_AI_MCP_PROXY_UPSTREAMS must be a JSON array — ignoring env var value');
+            }
+            else {
+                const valid = parsed.filter((u) => {
+                    if (isValidUpstream(u))
+                        return true;
+                    logger.warn('Skipping invalid proxy upstream entry (missing name, transportType, or url/command)', { entry: u });
+                    return false;
+                });
+                return valid;
+            }
+        }
+        catch {
+            logger.warn('Invalid JSON in NEW_RELIC_AI_MCP_PROXY_UPSTREAMS env var');
+        }
+    }
+    // Config file
+    if (Array.isArray(fileValue)) {
+        const valid = fileValue.filter((u) => {
+            if (isValidUpstream(u))
+                return true;
+            logger.warn('Skipping invalid proxy upstream entry (missing name, transportType, or url/command)', { entry: u });
+            return false;
+        });
+        return valid;
+    }
+    return [];
+}
+export function loadMcpConfig(cliOptions) {
+    const configFilePath = cliOptions?.config ?? resolve(DEFAULT_STORAGE_PATH, 'config.json');
+    const file = loadConfigFile(configFilePath);
+    // Warn (don't crash) when the user's config file contains keys we don't
+    // recognize. Schema is `.passthrough()` at every level so unknown keys come
+    // through intact — surface them in logs so a typo or stale field is visible
+    // to the user without bricking the server on upgrade.
+    const knownTopKeys = new Set(Object.keys(ConfigFileSchema.shape));
+    const unknownTopKeys = Object.keys(file).filter((k) => !knownTopKeys.has(k));
+    if (unknownTopKeys.length > 0) {
+        logger.warn('Unknown keys in config file (ignored)', {
+            unknownKeys: unknownTopKeys,
+            path: configFilePath,
+        });
+    }
+    // Nested objects: alerts, dashboard. Hardcoded known-key sets keep this
+    // simple and avoid Zod schema introspection (the typed shape requires
+    // unwrapping .optional() and .passthrough()). If you add a new field to
+    // these schemas, add it here too.
+    const knownAlertsKeys = new Set([
+        'personal',
+        'enabled',
+        'evaluationIntervalSeconds',
+        'osNotifications',
+        'logRetentionMb',
+        'rulesPath',
+    ]);
+    const knownAlertsPersonalKeys = new Set([
+        'dailyCostUsd',
+        'sessionCostUsd',
+        'efficiencyScoreMin',
+        'stuckLoopCountMax',
+        'antiPatternCountMax',
+    ]);
+    const knownDashboardKeys = new Set(['port', 'host', 'openOnStart']);
+    if (file.alerts && typeof file.alerts === 'object') {
+        const alerts = file.alerts;
+        const unknownAlertsKeys = Object.keys(alerts).filter((k) => !knownAlertsKeys.has(k));
+        if (unknownAlertsKeys.length > 0) {
+            logger.warn('Unknown keys in alerts config (ignored)', {
+                unknownKeys: unknownAlertsKeys,
+                path: configFilePath,
+            });
+        }
+        if (alerts.personal && typeof alerts.personal === 'object') {
+            const personal = alerts.personal;
+            const unknownAlertsPersonalKeys = Object.keys(personal).filter((k) => !knownAlertsPersonalKeys.has(k));
+            if (unknownAlertsPersonalKeys.length > 0) {
+                logger.warn('Unknown keys in alerts.personal config (ignored)', {
+                    unknownKeys: unknownAlertsPersonalKeys,
+                    path: configFilePath,
+                });
+            }
+        }
+    }
+    if (file.dashboard && typeof file.dashboard === 'object') {
+        const dashboard = file.dashboard;
+        const unknownDashboardKeys = Object.keys(dashboard).filter((k) => !knownDashboardKeys.has(k));
+        if (unknownDashboardKeys.length > 0) {
+            logger.warn('Unknown keys in dashboard config (ignored)', {
+                unknownKeys: unknownDashboardKeys,
+                path: configFilePath,
+            });
+        }
+    }
+    // --- Resolve mode early so we can gate licenseKey/accountId requirements ---
+    // File mode is already validated by the zod schema in loadConfigFile.
+    const VALID_MODES = ['cloud', 'local', 'both'];
+    const isValidMode = (v) => typeof v === 'string' && VALID_MODES.includes(v);
+    const envMode = process.env.NR_AI_MODE;
+    if (envMode !== undefined && envMode !== '' && !isValidMode(envMode)) {
+        throw new Error(`Invalid NR_AI_MODE='${envMode}'. Must be one of: ${VALID_MODES.join(', ')}.`);
+    }
+    const mode = (isValidMode(envMode) ? envMode : undefined) ?? file.mode ?? 'cloud';
+    // --- licenseKey: CLI has no flag for this, so env > file ---
+    const licenseKeyRaw = process.env.NEW_RELIC_LICENSE_KEY ??
+        (typeof file.licenseKey === 'string' ? file.licenseKey : undefined);
+    if (mode !== 'local' && !licenseKeyRaw) {
+        throw new Error(`Missing required configuration: licenseKey (mode='${mode}'). ` +
+            'Set the NEW_RELIC_LICENSE_KEY environment variable or add "licenseKey" to ' +
+            configFilePath +
+            ", or switch to mode='local' to skip cloud transport.");
+    }
+    // Reject the literal string "null" — it's truthy but not a valid key
+    // and would cause silent auth failures at transport time.
+    if (licenseKeyRaw === 'null') {
+        throw new Error('Invalid licenseKey: the string "null" is not a valid New Relic license key. ' +
+            'Remove it from the config file or set the correct key in NEW_RELIC_LICENSE_KEY.');
+    }
+    // In local mode, undefined if licenseKey is missing (NR transport won't be used)
+    const licenseKey = licenseKeyRaw;
+    // --- accountId: env > file ---
+    const accountIdRaw = process.env.NEW_RELIC_ACCOUNT_ID ??
+        (typeof file.accountId === 'string' ? file.accountId : undefined);
+    if (mode !== 'local' && !accountIdRaw) {
+        throw new Error(`Missing required configuration: accountId (mode='${mode}'). ` +
+            'Set the NEW_RELIC_ACCOUNT_ID environment variable or add "accountId" to ' +
+            configFilePath +
+            ", or switch to mode='local' to skip cloud transport.");
+    }
+    if (accountIdRaw && !/^\d{1,12}$/.test(accountIdRaw)) {
+        throw new Error('Invalid configuration: accountId must be 1–12 decimal digits. ' +
+            `Received: "${accountIdRaw}"`);
+    }
+    // In local mode, undefined if accountId is missing (NR transport won't be used)
+    const accountId = accountIdRaw;
+    // --- Build config with priority: CLI > env > file > defaults ---
+    const storagePath = process.env.NEW_RELIC_AI_MCP_STORAGE_PATH ??
+        (typeof file.storagePath === 'string' ? file.storagePath : DEFAULT_STORAGE_PATH);
+    // N-10: highSecurity must be resolved before recordContent so it can override it
+    const highSecurity = envBool('NEW_RELIC_AI_HIGH_SECURITY', typeof file.highSecurity === 'boolean' ? file.highSecurity : false);
+    const config = {
+        licenseKey,
+        accountId,
+        appName: process.env.NEW_RELIC_AI_MCP_APP_NAME ??
+            (typeof file.appName === 'string' ? file.appName : 'preflight'),
+        model: process.env.NEW_RELIC_AI_MODEL ??
+            (typeof file.model === 'string' ? file.model : 'claude-sonnet-4-6'),
+        developer: normalizeDeveloperName(process.env.NEW_RELIC_AI_MCP_DEVELOPER ??
+            (typeof file.developer === 'string' ? file.developer : inferDeveloper())),
+        teamId: sanitizeOrgField(process.env.NEW_RELIC_AI_TEAM_ID ?? (typeof file.teamId === 'string' ? file.teamId : null)),
+        projectId: sanitizeOrgField(process.env.NEW_RELIC_AI_PROJECT_ID ??
+            (typeof file.projectId === 'string' ? file.projectId : inferProjectId())),
+        orgId: sanitizeOrgField(process.env.NEW_RELIC_AI_ORG_ID ?? (typeof file.orgId === 'string' ? file.orgId : null)),
+        enabled: envBool('NEW_RELIC_AI_MCP_ENABLED', typeof file.enabled === 'boolean' ? file.enabled : true),
+        highSecurity,
+        // N-10: highSecurity forces recordContent off regardless of other settings
+        recordContent: highSecurity
+            ? false
+            : envBool('NEW_RELIC_AI_MCP_RECORD_CONTENT', typeof file.recordContent === 'boolean' ? file.recordContent : false),
+        redactionPatterns: DEFAULT_REDACTION_PATTERNS,
+        hookBufferPath: process.env.NEW_RELIC_AI_MCP_BUFFER_PATH ??
+            (typeof file.hookBufferPath === 'string'
+                ? file.hookBufferPath
+                : resolve(storagePath, 'buffer.jsonl')),
+        storagePath,
+        harvestIntervalMs: {
+            events: envInt('NEW_RELIC_AI_MCP_HARVEST_EVENTS_MS', typeof file.harvestEventsMs === 'number' ? file.harvestEventsMs : 5000, { min: 100, max: 3_600_000 }),
+            metrics: envInt('NEW_RELIC_AI_MCP_HARVEST_METRICS_MS', typeof file.harvestMetricsMs === 'number' ? file.harvestMetricsMs : 60000, { min: 100, max: 3_600_000 }),
+        },
+        sessionBudgetUsd: (() => {
+            const raw = process.env.NEW_RELIC_AI_SESSION_BUDGET_USD;
+            if (raw !== undefined && raw !== '') {
+                const v = parseFloat(raw);
+                if (Number.isFinite(v) && v > 0)
+                    return v;
+            }
+            return typeof file.sessionBudgetUsd === 'number' ? file.sessionBudgetUsd : null;
+        })(),
+        dailyBudgetUsd: (() => {
+            const raw = process.env.NEW_RELIC_AI_DAILY_BUDGET_USD;
+            if (raw !== undefined && raw !== '') {
+                const v = parseFloat(raw);
+                if (Number.isFinite(v) && v > 0)
+                    return v;
+            }
+            return typeof file.dailyBudgetUsd === 'number' ? file.dailyBudgetUsd : null;
+        })(),
+        weeklyBudgetUsd: (() => {
+            const raw = process.env.NEW_RELIC_AI_WEEKLY_BUDGET_USD;
+            if (raw !== undefined && raw !== '') {
+                const v = parseFloat(raw);
+                if (Number.isFinite(v) && v > 0)
+                    return v;
+            }
+            return typeof file.weeklyBudgetUsd === 'number' ? file.weeklyBudgetUsd : null;
+        })(),
+        port: cliOptions?.port ??
+            envInt('NEW_RELIC_AI_MCP_PORT', typeof file.port === 'number' ? file.port : 9847, {
+                min: 1,
+                max: 65535,
+            }),
+        logLevel: cliOptions?.logLevel ??
+            envLogLevel('NEW_RELIC_AI_MCP_LOG_LEVEL', typeof file.logLevel === 'string' &&
+                ['debug', 'info', 'warn', 'error'].includes(file.logLevel)
+                ? file.logLevel
+                : 'info'),
+        collectorHost: resolveCollectorHost(licenseKey, process.env.NEW_RELIC_HOST ??
+            (typeof file.collectorHost === 'string' ? file.collectorHost : null)),
+        proxyUpstreams: parseProxyUpstreams(process.env.NEW_RELIC_AI_MCP_PROXY_UPSTREAMS, file.proxyUpstreams),
+        nrApiKey: process.env.NEW_RELIC_API_KEY ?? (typeof file.nrApiKey === 'string' ? file.nrApiKey : null),
+        digestWebhookUrl: process.env.NEW_RELIC_AI_DIGEST_WEBHOOK_URL ??
+            (typeof file.digestWebhookUrl === 'string' ? file.digestWebhookUrl : null),
+        digestSchedule: process.env.NEW_RELIC_AI_DIGEST_SCHEDULE ??
+            (typeof file.digestSchedule === 'string' ? file.digestSchedule : '0 9 * * 1'),
+        retainSessionsDays: (() => {
+            const raw = process.env.NEW_RELIC_AI_RETAIN_SESSIONS_DAYS;
+            if (raw !== undefined && raw !== '') {
+                const v = parseInt(raw, 10);
+                if (Number.isFinite(v) && v > 0)
+                    return v;
+            }
+            return typeof file.retainSessionsDays === 'number' ? file.retainSessionsDays : null;
+        })(),
+        otlpEndpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT ??
+            (typeof file.otlpEndpoint === 'string' ? file.otlpEndpoint : null),
+        otlpHeaders: (() => {
+            const envValue = process.env.OTEL_EXPORTER_OTLP_HEADERS;
+            if (envValue)
+                return parseOtlpHeaders(envValue);
+            return typeof file.otlpHeaders === 'object' && file.otlpHeaders !== null
+                ? file.otlpHeaders
+                : {};
+        })(),
+        transport: process.env.NEW_RELIC_AI_TRANSPORT === 'otlp'
+            ? 'otlp'
+            : process.env.NEW_RELIC_AI_TRANSPORT === 'both'
+                ? 'both'
+                : typeof file.transport === 'string' &&
+                    (file.transport === 'otlp' || file.transport === 'both')
+                    ? file.transport
+                    : 'nr-events-api',
+        mode,
+        otlpReceiverEnabled: envBool('NR_AI_OTLP_RECEIVER_ENABLED', typeof file.otlpReceiverEnabled === 'boolean' ? file.otlpReceiverEnabled : false),
+        otlpReceiverPort: envInt('NR_AI_OTLP_RECEIVER_PORT', typeof file.otlpReceiverPort === 'number' ? file.otlpReceiverPort : 4318, { min: 1, max: 65535 }),
+        otlpReceiverBindAddress: (() => {
+            const envVal = process.env.NR_AI_OTLP_RECEIVER_BIND_ADDRESS;
+            if (envVal !== undefined && envVal !== '')
+                return envVal;
+            if (typeof file.otlpReceiverBindAddress === 'string' && file.otlpReceiverBindAddress !== '') {
+                return file.otlpReceiverBindAddress;
+            }
+            return '127.0.0.1';
+        })(),
+        otlpForwardEndpoint: (() => {
+            const envVal = process.env.NR_AI_OTLP_FORWARD_ENDPOINT;
+            // Default to the NR OTLP endpoint only when not in local mode. Local users
+            // may still set the value explicitly via env or config file (e.g. to point
+            // at a self-hosted collector); we just don't synthesize a NR default for them.
+            const defaultEndpoint = mode !== 'local' && licenseKey !== undefined ? 'https://otlp.nr-data.net' : null;
+            const endpoint = envVal !== undefined
+                ? envVal || null
+                : typeof file.otlpForwardEndpoint === 'string'
+                    ? file.otlpForwardEndpoint || null
+                    : defaultEndpoint;
+            if (endpoint === null)
+                return null;
+            try {
+                const url = new URL(endpoint);
+                if (url.protocol === 'https:')
+                    return endpoint;
+                if (url.protocol === 'http:') {
+                    logger.warn('OTLP forward endpoint uses http:// instead of https:// — TLS not enabled', {
+                        endpoint,
+                    });
+                    return endpoint;
+                }
+                logger.warn('OTLP forward endpoint has unexpected protocol', {
+                    endpoint,
+                    protocol: url.protocol,
+                });
+                return endpoint;
+            }
+            catch (_err) {
+                logger.error('OTLP forward endpoint is not a valid URL', { endpoint });
+                return null;
+            }
+        })(),
+        otlpForwardHeaders: (() => {
+            const envValue = process.env.NR_AI_OTLP_FORWARD_HEADERS;
+            if (envValue !== undefined)
+                return parseOtlpHeaders(envValue);
+            if (typeof file.otlpForwardHeaders === 'object' && file.otlpForwardHeaders !== null) {
+                return file.otlpForwardHeaders;
+            }
+            // Don't synthesize a NR api-key header default in local mode — the licenseKey
+            // may be present in the env from another tool, and we must not leak it to a
+            // forward target the user didn't explicitly configure.
+            return mode !== 'local' && licenseKey !== undefined ? { 'api-key': licenseKey } : {};
+        })(),
+        personalAlertThresholds: (() => {
+            const fileThresholds = typeof file.alerts === 'object' && file.alerts !== null
+                ? file.alerts.personal
+                : undefined;
+            if (typeof fileThresholds !== 'object' || fileThresholds === null) {
+                return DEFAULT_PERSONAL_THRESHOLDS;
+            }
+            const t = fileThresholds;
+            return {
+                dailyCostUsd: typeof t.dailyCostUsd === 'number'
+                    ? t.dailyCostUsd
+                    : DEFAULT_PERSONAL_THRESHOLDS.dailyCostUsd,
+                sessionCostUsd: typeof t.sessionCostUsd === 'number'
+                    ? t.sessionCostUsd
+                    : DEFAULT_PERSONAL_THRESHOLDS.sessionCostUsd,
+                efficiencyScoreMin: typeof t.efficiencyScoreMin === 'number'
+                    ? t.efficiencyScoreMin
+                    : DEFAULT_PERSONAL_THRESHOLDS.efficiencyScoreMin,
+                stuckLoopCountMax: typeof t.stuckLoopCountMax === 'number'
+                    ? t.stuckLoopCountMax
+                    : DEFAULT_PERSONAL_THRESHOLDS.stuckLoopCountMax,
+                antiPatternCountMax: typeof t.antiPatternCountMax === 'number'
+                    ? t.antiPatternCountMax
+                    : DEFAULT_PERSONAL_THRESHOLDS.antiPatternCountMax,
+            };
+        })(),
+        dashboard: (() => {
+            const dashboardFile = (file.dashboard ?? {});
+            const dashboardPortRaw = process.env.NR_AI_DASHBOARD_PORT
+                ? parseInt(process.env.NR_AI_DASHBOARD_PORT, 10)
+                : dashboardFile.port;
+            // Allow port 0 — Node's server.listen(0) assigns an OS-ephemeral port,
+            // which is essential for parallel test runs and useful when the user
+            // wants to avoid hard-coding a port. Negative or out-of-range values
+            // still fall back to the default 7777.
+            const dashboardPort = Number.isFinite(dashboardPortRaw) && dashboardPortRaw >= 0 && dashboardPortRaw <= 65535
+                ? dashboardPortRaw
+                : 7777;
+            const requestedHost = process.env.NR_AI_DASHBOARD_HOST ?? dashboardFile.host ?? '127.0.0.1';
+            let dashboardHost = '127.0.0.1';
+            if (requestedHost !== '127.0.0.1' && requestedHost !== 'localhost') {
+                logger.warn(`dashboard.host '${requestedHost}' is non-loopback; v1 only supports loopback. Forcing 127.0.0.1.`);
+            }
+            else {
+                dashboardHost = requestedHost === 'localhost' ? '127.0.0.1' : requestedHost;
+            }
+            const dashboardOpenOnStart = envBool('NR_AI_DASHBOARD_OPEN', dashboardFile.openOnStart === true);
+            return {
+                port: dashboardPort,
+                host: dashboardHost,
+                openOnStart: dashboardOpenOnStart,
+            };
+        })(),
+        alerts: (() => {
+            // The alerts config is a separate top-level block from
+            // `personalAlertThresholds` (above) — they share the `alerts` key in
+            // the file schema for backwards compatibility, but expose different
+            // fields. `enabled` defaults to true outside of cloud-only mode.
+            const alertsFile = typeof file.alerts === 'object' && file.alerts !== null
+                ? file.alerts
+                : {};
+            const fileEnabled = typeof alertsFile.enabled === 'boolean' ? alertsFile.enabled : undefined;
+            const fileInterval = typeof alertsFile.evaluationIntervalSeconds === 'number'
+                ? alertsFile.evaluationIntervalSeconds
+                : undefined;
+            const fileOsNotifications = typeof alertsFile.osNotifications === 'boolean' ? alertsFile.osNotifications : undefined;
+            const fileLogRetention = typeof alertsFile.logRetentionMb === 'number' ? alertsFile.logRetentionMb : undefined;
+            const fileRulesPath = typeof alertsFile.rulesPath === 'string' ? alertsFile.rulesPath : undefined;
+            const enabledDefault = mode !== 'cloud';
+            const enabled = envBool('NR_AI_ALERTS_ENABLED', fileEnabled ?? enabledDefault);
+            const intervalSeconds = envInt('NR_AI_ALERTS_INTERVAL_SECONDS', fileInterval ?? 30, {
+                min: 5,
+                max: 300,
+            });
+            const osNotifications = envBool('NR_AI_ALERTS_OS_NOTIFICATIONS', fileOsNotifications ?? false);
+            const logRetentionMb = envInt('NR_AI_ALERTS_LOG_RETENTION_MB', fileLogRetention ?? 10, {
+                min: 1,
+                max: 1024,
+            });
+            const envRulesPath = process.env.NR_AI_ALERTS_RULES_PATH;
+            const rawRulesPath = envRulesPath !== undefined && envRulesPath !== ''
+                ? envRulesPath
+                : (fileRulesPath ?? resolve(storagePath, 'alerts', 'rules.json'));
+            // Defensive validation: rulesPath is read from user config, so reject
+            // values that don't end in .json or that resolve outside storagePath.
+            // Prevents accidental fs.watch handles on system files like /etc/hosts
+            // or path-traversal probes via env-var injection. The default path is
+            // always permitted.
+            const rulesPath = validateRulesPath(rawRulesPath, storagePath);
+            return {
+                enabled,
+                evaluationIntervalSeconds: intervalSeconds,
+                osNotifications,
+                logRetentionMb,
+                rulesPath,
+            };
+        })(),
+    };
+    logger.debug('Configuration loaded', {
+        appName: config.appName,
+        developer: config.developer,
+        teamId: config.teamId,
+        projectId: config.projectId,
+        orgId: config.orgId,
+        enabled: config.enabled,
+        highSecurity: config.highSecurity,
+        recordContent: config.recordContent,
+        storagePath: config.storagePath,
+        port: config.port,
+        collectorHost: config.collectorHost ?? 'us (default)',
+        sessionBudgetUsd: config.sessionBudgetUsd,
+        dailyBudgetUsd: config.dailyBudgetUsd,
+        weeklyBudgetUsd: config.weeklyBudgetUsd,
+    });
+    return Object.freeze(config);
+}
+/**
+ * Validate a config file and return structured results — no throws, no logging.
+ * The CLI `validate` command uses this to surface issues in human-readable form
+ * before the user attempts to start the MCP server.
+ */
+export function validateConfigFile(filePath) {
+    const errors = [];
+    const warnings = [];
+    if (!existsSync(filePath)) {
+        return { filePath, fileExists: false, errors, warnings };
+    }
+    // Read and parse the file
+    let raw;
+    try {
+        raw = readFileSync(filePath, 'utf-8');
+    }
+    catch (err) {
+        errors.push(`Could not read file: ${err instanceof Error ? err.message : String(err)}`);
+        return { filePath, fileExists: true, errors, warnings };
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        errors.push(`Invalid JSON: ${err instanceof Error ? err.message : String(err)}`);
+        return { filePath, fileExists: true, errors, warnings };
+    }
+    if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+        errors.push('Config must be a JSON object, not an array or primitive value');
+        return { filePath, fileExists: true, errors, warnings };
+    }
+    // Zod type/value errors
+    const validation = ConfigFileSchema.safeParse(parsed);
+    if (!validation.success) {
+        for (const issue of validation.error.issues) {
+            const path = issue.path.length > 0 ? issue.path.join('.') : 'root';
+            errors.push(`${path}: ${issue.message}`);
+        }
+    }
+    // Unknown key detection with "did you mean" suggestions
+    const file = parsed;
+    const knownTopKeys = new Set(Object.keys(ConfigFileSchema.shape));
+    for (const key of Object.keys(file)) {
+        if (!knownTopKeys.has(key)) {
+            const suggestion = findSuggestion(key, knownTopKeys);
+            warnings.push(`Unknown key "${key}"${suggestion ? ` — did you mean "${suggestion}"?` : ' — not a recognized config field'}`);
+        }
+    }
+    const knownAlertsKeys = new Set([
+        'personal',
+        'enabled',
+        'evaluationIntervalSeconds',
+        'osNotifications',
+        'logRetentionMb',
+        'rulesPath',
+    ]);
+    const knownAlertsPersonalKeys = new Set([
+        'dailyCostUsd',
+        'sessionCostUsd',
+        'efficiencyScoreMin',
+        'stuckLoopCountMax',
+        'antiPatternCountMax',
+    ]);
+    const knownDashboardKeys = new Set(['port', 'host', 'openOnStart']);
+    if (file.alerts && typeof file.alerts === 'object' && !Array.isArray(file.alerts)) {
+        const alerts = file.alerts;
+        for (const key of Object.keys(alerts)) {
+            if (!knownAlertsKeys.has(key)) {
+                const suggestion = findSuggestion(key, knownAlertsKeys);
+                warnings.push(`Unknown key "alerts.${key}"${suggestion ? ` — did you mean "alerts.${suggestion}"?` : ''}`);
+            }
+        }
+        if (alerts.personal && typeof alerts.personal === 'object' && !Array.isArray(alerts.personal)) {
+            const personal = alerts.personal;
+            for (const key of Object.keys(personal)) {
+                if (!knownAlertsPersonalKeys.has(key)) {
+                    const suggestion = findSuggestion(key, knownAlertsPersonalKeys);
+                    warnings.push(`Unknown key "alerts.personal.${key}"${suggestion ? ` — did you mean "alerts.personal.${suggestion}"?` : ''}`);
+                }
+            }
+        }
+    }
+    if (file.dashboard && typeof file.dashboard === 'object' && !Array.isArray(file.dashboard)) {
+        const dashboard = file.dashboard;
+        for (const key of Object.keys(dashboard)) {
+            if (!knownDashboardKeys.has(key)) {
+                const suggestion = findSuggestion(key, knownDashboardKeys);
+                warnings.push(`Unknown key "dashboard.${key}"${suggestion ? ` — did you mean "dashboard.${suggestion}"?` : ''}`);
+            }
+        }
+    }
+    return { filePath, fileExists: true, errors, warnings };
+}
+/** Return a suggestion from known keys if the unknown key is a case-insensitive
+ *  match or a single-character edit away (insertion, deletion, or substitution). */
+function findSuggestion(unknown, knownKeys) {
+    const lower = unknown.toLowerCase();
+    // Exact case-insensitive match — covers the most common typo (e.g. licensekey → licenseKey)
+    for (const k of knownKeys) {
+        if (k.toLowerCase() === lower)
+            return k;
+    }
+    // Single-character difference (insertion, deletion, or substitution)
+    for (const k of knownKeys) {
+        if (editDistance(unknown, k) <= 1)
+            return k;
+    }
+    return null;
+}
+function editDistance(a, b) {
+    const m = a.length;
+    const n = b.length;
+    const dp = Array.from({ length: m + 1 }, (_, i) => Array.from({ length: n + 1 }, (_, j) => (i === 0 ? j : j === 0 ? i : 0)));
+    for (let i = 1; i <= m; i++) {
+        for (let j = 1; j <= n; j++) {
+            dp[i][j] =
+                a[i - 1] === b[j - 1]
+                    ? dp[i - 1][j - 1]
+                    : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+        }
+    }
+    return dp[m][n];
+}
+const MAX_REDACT_LEN = 1_048_576; // 1 MB
+export function redactSensitive(value, patterns) {
+    if (typeof value !== 'string')
+        return String(value ?? '');
+    const pats = patterns ?? DEFAULT_REDACTION_PATTERNS;
+    let result = value.length > MAX_REDACT_LEN ? value.slice(0, MAX_REDACT_LEN) : value;
+    for (const pattern of pats) {
+        pattern.lastIndex = 0;
+        result = result.replace(pattern, '[REDACTED]');
+    }
+    return result;
+}
+//# sourceMappingURL=config.js.map