@pinta-ai/pinta-copilot 0.1.0

package/dist/core/otlp.js

@@ -0,0 +1,184 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ulidToTraceId = ulidToTraceId;
+exports.newSpanId = newSpanId;
+exports.buildOtlpPayload = buildOtlpPayload;
+exports.mergeBatch = mergeBatch;
+const crypto_1 = __importDefault(require("crypto"));
+const os_1 = __importDefault(require("os"));
+const redact_js_1 = require("./redact.js");
+const types_js_1 = require("./types.js");
+const SDK_VERSION = "0.1.0"; // keep in sync with package.json
+/**
+ * Copilot CLI/ext version isn't reliably discoverable from the hook process
+ * env. Read an optional `COPILOT_CLI_VERSION` override, else "unknown" — a
+ * missing version must never fail the hook.
+ */
+function getCopilotVersion() {
+    return process.env.COPILOT_CLI_VERSION || "unknown";
+}
+const CROCKFORD = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+/**
+ * Convert a 26-char Crockford ULID into 32 lowercase hex chars (16 bytes)
+ * suitable for an OTLP traceId.
+ */
+function ulidToTraceId(ulid) {
+    if (ulid.length !== 26) {
+        throw new Error(`ulidToTraceId: expected 26 chars, got ${ulid.length}`);
+    }
+    let n = 0n;
+    for (const ch of ulid) {
+        const idx = CROCKFORD.indexOf(ch);
+        if (idx < 0)
+            throw new Error(`ulidToTraceId: invalid Crockford char "${ch}"`);
+        n = (n << 5n) | BigInt(idx);
+    }
+    const mask = (1n << 128n) - 1n;
+    n &= mask;
+    return n.toString(16).padStart(32, "0");
+}
+/** Generate a fresh 16-hex-char (8-byte) span ID. */
+function newSpanId() {
+    return crypto_1.default.randomBytes(8).toString("hex");
+}
+/**
+ * Identifier/enum keys for which redaction (Tier 1) is skipped (truncation
+ * still applies). Both snake (CLI/ext) and camel (permissionRequest) casings
+ * are listed since Bronze flattening preserves the incoming key name.
+ */
+const SKIP_REDACT_KEYS = new Set([
+    "copilot.hook",
+    "copilot.tool_name", "copilot.toolName",
+    "copilot.tool_use_id", "copilot.toolUseId",
+    "copilot.session_id", "copilot.sessionId",
+    "copilot.transcript_path", "copilot.transcriptPath",
+    "copilot.cwd",
+    "copilot.permission_mode",
+    "copilot.surface",
+    "copilot.agent_id", "copilot.agent_type",
+    "copilot.agent_name", "copilot.agent_display_name",
+    "copilot.stop_reason", "copilot.notification_type",
+]);
+/** Keys that may carry shell command / tool payload text → bash redaction context. */
+const BASH_CONTEXT_KEYS = new Set([
+    "copilot.tool_input", "copilot.toolInput",
+    "copilot.tool_response", "copilot.tool_result",
+]);
+function maybeRedactString(key, raw) {
+    const truncated = (0, redact_js_1.truncate)(raw);
+    if (SKIP_REDACT_KEYS.has(key))
+        return truncated;
+    const context = BASH_CONTEXT_KEYS.has(key) ? "bash" : undefined;
+    return (0, redact_js_1.redact)(truncated, { context });
+}
+/** Convert a JS value into an OTLP attribute value. Returns null to omit. */
+function toOtlpValue(key, v) {
+    if (v === null || v === undefined)
+        return null;
+    switch (typeof v) {
+        case "string":
+            return { stringValue: maybeRedactString(key, v) };
+        case "boolean":
+            return { boolValue: v };
+        case "number":
+            if (Number.isInteger(v))
+                return { intValue: v };
+            return { doubleValue: v };
+        case "object":
+            try {
+                return { stringValue: maybeRedactString(key, JSON.stringify(v)) };
+            }
+            catch {
+                return { stringValue: maybeRedactString(key, String(v)) };
+            }
+        default:
+            return { stringValue: maybeRedactString(key, String(v)) };
+    }
+}
+function snakeCase(name) {
+    return name
+        .replace(/([a-z0-9])([A-Z])/g, "$1_$2")
+        .replace(/([A-Z])([A-Z][a-z])/g, "$1_$2")
+        .toLowerCase();
+}
+// Discriminator keys covered by `copilot.hook` — don't re-emit them raw.
+const DISCRIMINATOR_KEYS = new Set(["hook_event_name", "hookEventName", "hookName"]);
+function flattenEvent(event, surface) {
+    const out = [];
+    // Discriminator first so aware-backend's detectIngestType hits it cheaply.
+    out.push({ key: "ingest.type", value: { stringValue: "copilot" } });
+    // Canonical hook name regardless of incoming discriminator key (snake/camel/hookName).
+    out.push({ key: "copilot.hook", value: { stringValue: (0, types_js_1.eventName)(event) ?? "unknown" } });
+    // Runtime surface label (cli | ext | cloud).
+    out.push({ key: "copilot.surface", value: { stringValue: surface } });
+    for (const [k, v] of Object.entries(event)) {
+        if (DISCRIMINATOR_KEYS.has(k))
+            continue; // covered by copilot.hook
+        const key = `copilot.${k}`;
+        const value = toOtlpValue(key, v);
+        if (value === null)
+            continue;
+        out.push({ key, value });
+    }
+    return out;
+}
+function resourceAttrs() {
+    return [
+        { key: "service.name", value: { stringValue: "copilot" } },
+        { key: "service.version", value: { stringValue: getCopilotVersion() } },
+        { key: "telemetry.sdk.name", value: { stringValue: "pinta-copilot" } },
+        { key: "telemetry.sdk.language", value: { stringValue: "nodejs" } },
+        { key: "telemetry.sdk.version", value: { stringValue: SDK_VERSION } },
+        { key: "process.pid", value: { intValue: process.pid } },
+        { key: "process.owner", value: { stringValue: os_1.default.userInfo().username } },
+        { key: "host.name", value: { stringValue: os_1.default.hostname() } },
+        { key: "host.arch", value: { stringValue: os_1.default.arch() } },
+    ];
+}
+function buildOtlpPayload(args) {
+    const ts = args.now ?? Date.now();
+    const tsNano = (BigInt(ts) * 1000000n).toString();
+    const attrs = flattenEvent(args.event, args.surface);
+    if (args.guard) {
+        attrs.push({ key: "pinta.guard.decision", value: { stringValue: args.guard.decision.toLowerCase() } }, { key: "pinta.guard.duration_ms", value: { intValue: args.guard.durationMs } });
+        if (args.guard.reason) {
+            attrs.push({ key: "pinta.guard.matched_rule", value: { stringValue: args.guard.reason } });
+        }
+        if (args.guard.failOpenReason) {
+            attrs.push({ key: "pinta.guard.fail_open_reason", value: { stringValue: args.guard.failOpenReason } });
+        }
+    }
+    const span = {
+        traceId: ulidToTraceId(args.traceId),
+        spanId: newSpanId(),
+        name: `copilot.${snakeCase((0, types_js_1.eventName)(args.event) ?? "unknown")}`,
+        kind: 1, // SPAN_KIND_INTERNAL
+        startTimeUnixNano: tsNano,
+        endTimeUnixNano: tsNano,
+        attributes: attrs,
+    };
+    return {
+        resourceSpans: [
+            {
+                resource: { attributes: resourceAttrs() },
+                scopeSpans: [
+                    {
+                        scope: { name: "pinta-copilot", version: SDK_VERSION },
+                        spans: [span],
+                    },
+                ],
+            },
+        ],
+    };
+}
+/** Concatenate per-hook payloads' resourceSpans into one OTLP payload. */
+function mergeBatch(payloads) {
+    const out = [];
+    for (const p of payloads)
+        out.push(...p.resourceSpans);
+    return { resourceSpans: out };
+}
+//# sourceMappingURL=otlp.js.map

package/dist/core/otlp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"otlp.js","sourceRoot":"","sources":["../../src/core/otlp.ts"],"names":[],"mappings":";;;;;AAuDA,sCAaC;AAGD,8BAEC;AAkGD,4CA4CC;AAGD,gCAIC;AA9ND,oDAA4B;AAC5B,4CAAoB;AACpB,2CAA+C;AAE/C,yCAAsD;AAGtD,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,iCAAiC;AAE9D;;;;GAIG;AACH,SAAS,iBAAiB;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS,CAAC;AACtD,CAAC;AAiCD,MAAM,SAAS,GAAG,kCAAkC,CAAC;AAErD;;;GAGG;AACH,SAAgB,aAAa,CAAC,IAAY;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,yCAAyC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC;QAC9E,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,IAAI,IAAI,CAAC;IACV,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,qDAAqD;AACrD,SAAgB,SAAS;IACvB,OAAO,gBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED;;;;GAIG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;IACpD,cAAc;IACd,mBAAmB,EAAE,kBAAkB;IACvC,qBAAqB,EAAE,mBAAmB;IAC1C,oBAAoB,EAAE,mBAAmB;IACzC,yBAAyB,EAAE,wBAAwB;IACnD,aAAa;IACb,yBAAyB;IACzB,iBAAiB;IACjB,kBAAkB,EAAE,oBAAoB;IACxC,oBAAoB,EAAE,4BAA4B;IAClD,qBAAqB,EAAE,2BAA2B;CACnD,CAAC,CAAC;AAEH,sFAAsF;AACtF,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IACrD,oBAAoB,EAAE,mBAAmB;IACzC,uBAAuB,EAAE,qBAAqB;CAC/C,CAAC,CAAC;AAEH,SAAS,iBAAiB,CAAC,GAAW,EAAE,GAAW;IACjD,MAAM,SAAS,GAAG,IAAA,oBAAQ,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAChD,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,MAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3E,OAAO,IAAA,kBAAM,EAAC,SAAS,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,6EAA6E;AAC7E,SAAS,WAAW,CAAC,GAAW,EAAE,CAAU;IAC1C,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC/C,QAAQ,OAAO,CAAC,EAAE,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;QACpD,KAAK,SAAS;YACZ,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;QAC1B,KAAK,QAAQ;YACX,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;gBAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;YAChD,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;QAC5B,KAAK,QAAQ;YACX,IAAI,CAAC;gBACH,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,CAAC;QACH;YACE,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,IAAI;SACR,OAAO,CAAC,oBAAoB,EAAE,OAAO,CAAC;SACtC,OAAO,CAAC,sBAAsB,EAAE,OAAO,CAAC;SACxC,WAAW,EAAE,CAAC;AACnB,CAAC;AAED,yEAAyE;AACzE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC;AAErF,SAAS,YAAY,CAAC,KAAe,EAAE,OAAgB;IACrD,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,2EAA2E;IAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpE,uFAAuF;IACvF,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,IAAA,oBAAS,EAAC,KAAK,CAAC,IAAI,SAAS,EAAE,EAAE,CAAC,CAAC;IACzF,6CAA6C;IAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACtE,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3C,IAAI,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS,CAAC,0BAA0B;QACnE,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAClC,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa;IACpB,OAAO;QACL,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE;QAC1D,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE,EAAE,EAAE;QACvE,EAAE,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,EAAE;QACtE,EAAE,GAAG,EAAE,wBAAwB,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE;QACnE,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE;QACrE,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE;QACxD,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,YAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,EAAE;QACxE,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,YAAE,CAAC,QAAQ,EAAE,EAAE,EAAE;QAC3D,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,YAAE,CAAC,IAAI,EAAE,EAAE,EAAE;KACxD,CAAC;AACJ,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAMhC;IACC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,QAAU,CAAC,CAAC,QAAQ,EAAE,CAAC;IACpD,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IACrD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CACR,EAAE,GAAG,EAAE,sBAAsB,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,EAAE,EAC1F,EAAE,GAAG,EAAE,yBAAyB,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,CAC/E,CAAC;QACF,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,0BAA0B,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,8BAA8B,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAa;QACrB,OAAO,EAAE,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QACpC,MAAM,EAAE,SAAS,EAAE;QACnB,IAAI,EAAE,WAAW,SAAS,CAAC,IAAA,oBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,EAAE;QAChE,IAAI,EAAE,CAAC,EAAE,qBAAqB;QAC9B,iBAAiB,EAAE,MAAM;QACzB,eAAe,EAAE,MAAM;QACvB,UAAU,EAAE,KAAK;KAClB,CAAC;IACF,OAAO;QACL,aAAa,EAAE;YACb;gBACE,QAAQ,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE;gBACzC,UAAU,EAAE;oBACV;wBACE,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE;wBACtD,KAAK,EAAE,CAAC,IAAI,CAAC;qBACd;iBACF;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,0EAA0E;AAC1E,SAAgB,UAAU,CAAC,QAAuB;IAChD,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC;IACvD,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;AAChC,CAAC"}

package/dist/core/redact.d.ts

@@ -0,0 +1,57 @@
+export interface RedactOptions {
+    /**
+     * Optional context hint that enables context-gated patterns. Currently
+     * only "bash" enables `cli_password_short` (-p<pass>) since matching it
+     * outside Bash command text is too noisy.
+     */
+    context?: "bash";
+}
+/** Tier 3 cap: per-string byte limit before truncation. */
+export declare const MAX_BYTES = 102400;
+/**
+ * Truncate input by UTF-8 byte length. Appends `…[TRUNCATED:<origByteLen>]`
+ * to indicate elision. Returns input unchanged when within cap.
+ *
+ * Uses Buffer for accurate byte counting; slices on byte boundary then
+ * decodes — may produce a U+FFFD if the boundary lands mid-codepoint, which
+ * is acceptable for telemetry.
+ */
+export declare function truncate(input: string): string;
+export interface Pattern {
+    /** Token type printed inside `[REDACTED:<type>]`. */
+    type: string;
+    /** Regex with global flag (`g`). Multiline (`m`) for line-anchored ones. */
+    regex: RegExp;
+    /**
+     * Capture group index whose substring is replaced. 0 (default) = whole match.
+     * Use a positive group when the pattern brackets context that should be
+     * preserved (e.g. `postgres://user:<pwd>@` keeps the URL shape intact).
+     */
+    captureGroup?: number;
+    /**
+     * If set, this pattern only applies when `RedactOptions.context` equals
+     * the listed value. Used for false-positive-prone shapes.
+     */
+    requireContext?: "bash";
+}
+export declare const PATTERNS: ReadonlyArray<Pattern>;
+interface Match {
+    start: number;
+    end: number;
+    replaceStart: number;
+    replaceEnd: number;
+    type: string;
+}
+export declare function collectMatches(input: string, opts: RedactOptions): Match[];
+export declare function resolveOverlaps(matches: Match[]): Match[];
+export declare function applyMatches(input: string, matches: Match[]): string;
+/**
+ * Mask high-confidence secret patterns in `input`. Returns a new string with
+ * matched substrings replaced by `[REDACTED:<type>]`.
+ *
+ * - `opts.context = "bash"` enables context-gated patterns.
+ * - Truncation is NOT applied here — see `truncate()`. The caller decides
+ *   the order (spec §3 Tier 3: truncate first, then redact).
+ */
+export declare function redact(input: string, opts?: RedactOptions): string;
+export {};

package/dist/core/redact.js

@@ -0,0 +1,149 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PATTERNS = exports.MAX_BYTES = void 0;
+exports.truncate = truncate;
+exports.collectMatches = collectMatches;
+exports.resolveOverlaps = resolveOverlaps;
+exports.applyMatches = applyMatches;
+exports.redact = redact;
+/** Tier 3 cap: per-string byte limit before truncation. */
+exports.MAX_BYTES = 102400;
+/**
+ * Truncate input by UTF-8 byte length. Appends `…[TRUNCATED:<origByteLen>]`
+ * to indicate elision. Returns input unchanged when within cap.
+ *
+ * Uses Buffer for accurate byte counting; slices on byte boundary then
+ * decodes — may produce a U+FFFD if the boundary lands mid-codepoint, which
+ * is acceptable for telemetry.
+ */
+function truncate(input) {
+    const buf = Buffer.from(input, "utf-8");
+    if (buf.length <= exports.MAX_BYTES)
+        return input;
+    const head = buf.subarray(0, exports.MAX_BYTES).toString("utf-8");
+    return `${head}…[TRUNCATED:${buf.length}]`;
+}
+exports.PATTERNS = [
+    { type: "aws_access_key", regex: /AKIA[0-9A-Z]{16}/g },
+    {
+        type: "aws_secret_key",
+        // Context word `aws_secret`/`AWS_SECRET` (with optional separator) followed
+        // by an assignment-ish character then a 40-char base64-ish blob.
+        regex: /(?:aws[_-]?secret(?:[_-]?(?:access)?[_-]?key)?)\s*[:=]\s*["']?([A-Za-z0-9/+=]{40})(?![A-Za-z0-9/+=])/gi,
+        captureGroup: 1,
+    },
+    {
+        type: "gcp_service_account",
+        // Whole JSON blob starting with the service-account discriminator.
+        regex: /\{[\s\S]{0,200}?"type"\s*:\s*"service_account"[\s\S]*?\}/g,
+    },
+    { type: "github_token", regex: /gh[pousr]_[A-Za-z0-9]{36,}/g },
+    { type: "gitlab_token", regex: /glpat-[A-Za-z0-9_-]{20}/g },
+    { type: "slack_token", regex: /xox[abrsp]-[0-9A-Za-z-]{10,}/g },
+    { type: "openai_key", regex: /sk-(?:proj-)?[A-Za-z0-9_-]{40,}/g },
+    { type: "anthropic_key", regex: /sk-ant-[A-Za-z0-9_-]{50,}/g },
+    { type: "stripe_key", regex: /(?:sk|rk|pk)_(?:live|test)_[A-Za-z0-9]{20,}/g },
+    {
+        type: "jwt",
+        regex: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+    },
+    {
+        type: "private_key_block",
+        regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g,
+    },
+    { type: "bearer_token", regex: /bearer\s+([A-Za-z0-9._~+/=-]{12,})/gi, captureGroup: 1 },
+    { type: "basic_auth", regex: /basic\s+([A-Za-z0-9+/=]{12,})/gi, captureGroup: 1 },
+    {
+        type: "db_url_password",
+        regex: /\b(?:postgres|postgresql|mysql|mariadb|mongodb(?:\+srv)?|redis):\/\/[^:\s/]+:([^@\s]+)@/gi,
+        captureGroup: 1,
+    },
+    {
+        type: "cli_password_flag",
+        regex: /(?:--password|--pass|--pwd)[=\s]([^\s'"]+)/g,
+        captureGroup: 1,
+    },
+    {
+        type: "cli_password_short",
+        // mysql -p<pass>; only on bash context.
+        regex: /\s-p([^\s'"]+)/g,
+        captureGroup: 1,
+        requireContext: "bash",
+    },
+    {
+        type: "env_var_secret",
+        // Known false positive: trailing `[A-Z0-9_]*` is greedy, so names like
+        // `OPENAI_API_KEY_DESCRIPTION=Used` still match. Acceptable for Bronze.
+        regex: /^(?:export\s+)?([A-Z][A-Z0-9_]*(?:KEY|SECRET|TOKEN|PASSWORD|PASSWD|PWD|API_KEY)[A-Z0-9_]*)\s*=\s*["']?([^\s"'\n]+)/gm,
+        captureGroup: 2,
+    },
+];
+function collectMatches(input, opts) {
+    const out = [];
+    for (const pattern of exports.PATTERNS) {
+        if (pattern.requireContext && pattern.requireContext !== opts.context)
+            continue;
+        const re = new RegExp(pattern.regex.source, pattern.regex.flags);
+        let m;
+        while ((m = re.exec(input)) !== null) {
+            const cg = pattern.captureGroup ?? 0;
+            const captured = m[cg];
+            if (captured === undefined) {
+                if (m.index === re.lastIndex)
+                    re.lastIndex++;
+                continue;
+            }
+            const start = m.index;
+            const end = m.index + m[0].length;
+            const replaceStart = start + m[0].indexOf(captured);
+            const replaceEnd = replaceStart + captured.length;
+            out.push({ start, end, replaceStart, replaceEnd, type: pattern.type });
+            if (m.index === re.lastIndex)
+                re.lastIndex++; // guard against zero-length
+        }
+    }
+    return out;
+}
+function resolveOverlaps(matches) {
+    const sorted = [...matches].sort((a, b) => {
+        if (a.start !== b.start)
+            return a.start - b.start;
+        return (b.end - b.start) - (a.end - a.start); // longer whole-match wins on tie
+    });
+    const kept = [];
+    let lastEnd = -1;
+    for (const m of sorted) {
+        if (m.start < lastEnd)
+            continue; // overlapping later match dropped
+        kept.push(m);
+        lastEnd = m.end;
+    }
+    return kept;
+}
+function applyMatches(input, matches) {
+    // Apply right-to-left so earlier indices remain valid.
+    const sorted = [...matches].sort((a, b) => b.replaceStart - a.replaceStart);
+    let out = input;
+    for (const m of sorted) {
+        out = out.slice(0, m.replaceStart) + `[REDACTED:${m.type}]` + out.slice(m.replaceEnd);
+    }
+    return out;
+}
+/**
+ * Mask high-confidence secret patterns in `input`. Returns a new string with
+ * matched substrings replaced by `[REDACTED:<type>]`.
+ *
+ * - `opts.context = "bash"` enables context-gated patterns.
+ * - Truncation is NOT applied here — see `truncate()`. The caller decides
+ *   the order (spec §3 Tier 3: truncate first, then redact).
+ */
+function redact(input, opts = {}) {
+    if (input.length === 0)
+        return input;
+    const all = collectMatches(input, opts);
+    if (all.length === 0)
+        return input;
+    const kept = resolveOverlaps(all);
+    return applyMatches(input, kept);
+}
+//# sourceMappingURL=redact.js.map

package/dist/core/redact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.js","sourceRoot":"","sources":["../../src/core/redact.ts"],"names":[],"mappings":";;;AAoBA,4BAKC;AAoFD,wCAsBC;AAED,0CAaC;AAED,oCAQC;AAUD,wBAMC;AAnKD,2DAA2D;AAC9C,QAAA,SAAS,GAAG,MAAM,CAAC;AAEhC;;;;;;;GAOG;AACH,SAAgB,QAAQ,CAAC,KAAa;IACpC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,IAAI,iBAAS;QAAE,OAAO,KAAK,CAAC;IAC1C,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,iBAAS,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,GAAG,IAAI,eAAe,GAAG,CAAC,MAAM,GAAG,CAAC;AAC7C,CAAC;AAoBY,QAAA,QAAQ,GAA2B;IAC9C,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,mBAAmB,EAAE;IACtD;QACE,IAAI,EAAE,gBAAgB;QACtB,4EAA4E;QAC5E,iEAAiE;QACjE,KAAK,EAAE,wGAAwG;QAC/G,YAAY,EAAE,CAAC;KAChB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,mEAAmE;QACnE,KAAK,EAAE,2DAA2D;KACnE;IACD,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,6BAA6B,EAAE;IAC9D,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,0BAA0B,EAAE;IAC3D,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,+BAA+B,EAAE;IAC/D,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,kCAAkC,EAAE;IACjE,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,4BAA4B,EAAE;IAC9D,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,8CAA8C,EAAE;IAC7E;QACE,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,mEAAmE;KAC3E;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,6EAA6E;KACrF;IACD,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,sCAAsC,EAAE,YAAY,EAAE,CAAC,EAAE;IACxF,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iCAAiC,EAAE,YAAY,EAAE,CAAC,EAAE;IACjF;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,2FAA2F;QAClG,YAAY,EAAE,CAAC;KAChB;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,6CAA6C;QACpD,YAAY,EAAE,CAAC;KAChB;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,wCAAwC;QACxC,KAAK,EAAE,iBAAiB;QACxB,YAAY,EAAE,CAAC;QACf,cAAc,EAAE,MAAM;KACvB;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,uEAAuE;QACvE,wEAAwE;QACxE,KAAK,EAAE,sHAAsH;QAC7H,YAAY,EAAE,CAAC;KAChB;CACF,CAAC;AAUF,SAAgB,cAAc,CAAC,KAAa,EAAE,IAAmB;IAC/D,MAAM,GAAG,GAAY,EAAE,CAAC;IACxB,KAAK,MAAM,OAAO,IAAI,gBAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,KAAK,IAAI,CAAC,OAAO;YAAE,SAAS;QAChF,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACjE,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACrC,MAAM,EAAE,GAAG,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC;YACrC,MAAM,QAAQ,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;YACvB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC,SAAS;oBAAE,EAAE,CAAC,SAAS,EAAE,CAAC;gBAC7C,SAAS;YACX,CAAC;YACD,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;YACtB,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAClC,MAAM,YAAY,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC;YAClD,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YACvE,IAAI,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC,SAAS;gBAAE,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,4BAA4B;QAC5E,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,eAAe,CAAC,OAAgB;IAC9C,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACxC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QAClD,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,iCAAiC;IACjF,CAAC,CAAC,CAAC;IACH,MAAM,IAAI,GAAY,EAAE,CAAC;IACzB,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC;IACjB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,KAAK,GAAG,OAAO;YAAE,SAAS,CAAC,kCAAkC;QACnE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,YAAY,CAAC,KAAa,EAAE,OAAgB;IAC1D,uDAAuD;IACvD,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC;IAC5E,IAAI,GAAG,GAAG,KAAK,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,aAAa,CAAC,CAAC,IAAI,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,MAAM,CAAC,KAAa,EAAE,OAAsB,EAAE;IAC5D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC"}

package/dist/core/retry-queue.d.ts

@@ -0,0 +1,26 @@
+import type { OtlpPayload } from "./otlp.js";
+export interface QueueEntry {
+    savedAt: string;
+    payload: OtlpPayload;
+}
+export declare class RetryQueue {
+    private filePath;
+    private lockPath;
+    constructor(pluginData: string);
+    /** Append a single payload. Best-effort: any IO error is swallowed (logged to stderr). */
+    enqueue(payload: OtlpPayload): void;
+    /**
+     * Read all entries oldest-first. Returns [] if the file does not exist or is unreadable.
+     * Does NOT delete the file — callers handle persistence via `rewrite`.
+     */
+    readAll(): QueueEntry[];
+    /** Replace the queue with the given entries (or delete the file when empty). */
+    rewrite(entries: QueueEntry[]): void;
+    /**
+     * Try to acquire the lock for ~LOCK_TIMEOUT_MS. Returns true on success.
+     * Caller MUST call `release()` if true is returned.
+     */
+    tryAcquireLock(): boolean;
+    release(): void;
+    private trim;
+}

package/dist/core/retry-queue.js

@@ -0,0 +1,127 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RetryQueue = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const MAX_ENTRIES = 1000;
+const LOCK_TIMEOUT_MS = 50;
+const LOCK_POLL_MS = 5;
+class RetryQueue {
+    filePath;
+    lockPath;
+    constructor(pluginData) {
+        this.filePath = path_1.default.join(pluginData, "failed-spans.jsonl");
+        this.lockPath = this.filePath + ".lock";
+    }
+    /** Append a single payload. Best-effort: any IO error is swallowed (logged to stderr). */
+    enqueue(payload) {
+        try {
+            fs_1.default.mkdirSync(path_1.default.dirname(this.filePath), { recursive: true });
+            const line = JSON.stringify({ savedAt: new Date().toISOString(), payload }) + "\n";
+            fs_1.default.appendFileSync(this.filePath, line);
+            this.trim();
+        }
+        catch (err) {
+            process.stderr.write(`[pinta-copilot] retry-queue enqueue failed: ${err}\n`);
+        }
+    }
+    /**
+     * Read all entries oldest-first. Returns [] if the file does not exist or is unreadable.
+     * Does NOT delete the file — callers handle persistence via `rewrite`.
+     */
+    readAll() {
+        try {
+            const raw = fs_1.default.readFileSync(this.filePath, "utf-8");
+            const out = [];
+            for (const line of raw.split("\n")) {
+                if (!line.trim())
+                    continue;
+                try {
+                    out.push(JSON.parse(line));
+                }
+                catch {
+                    // skip malformed line
+                }
+            }
+            return out;
+        }
+        catch {
+            return [];
+        }
+    }
+    /** Replace the queue with the given entries (or delete the file when empty). */
+    rewrite(entries) {
+        try {
+            if (entries.length === 0) {
+                if (fs_1.default.existsSync(this.filePath))
+                    fs_1.default.unlinkSync(this.filePath);
+                return;
+            }
+            fs_1.default.mkdirSync(path_1.default.dirname(this.filePath), { recursive: true });
+            fs_1.default.writeFileSync(this.filePath, entries.map((e) => JSON.stringify(e)).join("\n") + "\n");
+        }
+        catch (err) {
+            process.stderr.write(`[pinta-copilot] retry-queue rewrite failed: ${err}\n`);
+        }
+    }
+    /**
+     * Try to acquire the lock for ~LOCK_TIMEOUT_MS. Returns true on success.
+     * Caller MUST call `release()` if true is returned.
+     */
+    tryAcquireLock() {
+        const start = Date.now();
+        fs_1.default.mkdirSync(path_1.default.dirname(this.lockPath), { recursive: true });
+        while (Date.now() - start < LOCK_TIMEOUT_MS) {
+            try {
+                const fd = fs_1.default.openSync(this.lockPath, "wx");
+                fs_1.default.writeSync(fd, String(process.pid));
+                fs_1.default.closeSync(fd);
+                return true;
+            }
+            catch (err) {
+                if (err?.code !== "EEXIST") {
+                    process.stderr.write(`[pinta-copilot] retry-queue lock open failed: ${err}\n`);
+                    return false;
+                }
+                // Stale lock detection: if mtime is older than 30s, drop it.
+                try {
+                    const st = fs_1.default.statSync(this.lockPath);
+                    if (Date.now() - st.mtimeMs > 30_000) {
+                        fs_1.default.unlinkSync(this.lockPath);
+                        continue;
+                    }
+                }
+                catch {
+                    /* ignore */
+                }
+                const wait = LOCK_POLL_MS;
+                const end = Date.now() + wait;
+                while (Date.now() < end) {
+                    /* spin briefly; sync only because hooks are short-lived */
+                }
+            }
+        }
+        return false;
+    }
+    release() {
+        try {
+            fs_1.default.unlinkSync(this.lockPath);
+        }
+        catch {
+            /* already gone */
+        }
+    }
+    trim() {
+        const entries = this.readAll();
+        if (entries.length <= MAX_ENTRIES)
+            return;
+        const drop = entries.length - MAX_ENTRIES;
+        process.stderr.write(`[pinta-copilot] retry-queue full, dropping ${drop} oldest entries\n`);
+        this.rewrite(entries.slice(drop));
+    }
+}
+exports.RetryQueue = RetryQueue;
+//# sourceMappingURL=retry-queue.js.map

package/dist/core/retry-queue.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry-queue.js","sourceRoot":"","sources":["../../src/core/retry-queue.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AAGxB,MAAM,WAAW,GAAG,IAAI,CAAC;AACzB,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,YAAY,GAAG,CAAC,CAAC;AAOvB,MAAa,UAAU;IACb,QAAQ,CAAS;IACjB,QAAQ,CAAS;IAEzB,YAAY,UAAkB;QAC5B,IAAI,CAAC,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;QAC5D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1C,CAAC;IAED,0FAA0F;IAC1F,OAAO,CAAC,OAAoB;QAC1B,IAAI,CAAC;YACH,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC;YACnF,YAAE,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACvC,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,GAAG,IAAI,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,GAAG,GAAiB,EAAE,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;oBAAE,SAAS;gBAC3B,IAAI,CAAC;oBACH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC7B,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;gBACxB,CAAC;YACH,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,OAAO,CAAC,OAAqB;QAC3B,IAAI,CAAC;YACH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,IAAI,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAAE,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YACD,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,YAAE,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,GAAG,IAAI,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,cAAc;QACZ,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,eAAe,EAAE,CAAC;YAC5C,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,YAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAC5C,YAAE,CAAC,SAAS,CAAC,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;gBACtC,YAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,GAAG,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,GAAG,IAAI,CAAC,CAAC;oBAC/E,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,6DAA6D;gBAC7D,IAAI,CAAC;oBACH,MAAM,EAAE,GAAG,YAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACtC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,OAAO,GAAG,MAAM,EAAE,CAAC;wBACrC,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBAC7B,SAAS;oBACX,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,YAAY;gBACd,CAAC;gBACD,MAAM,IAAI,GAAG,YAAY,CAAC;gBAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBAC9B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;oBACxB,2DAA2D;gBAC7D,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO;QACL,IAAI,CAAC;YACH,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IAEO,IAAI;QACV,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,MAAM,IAAI,WAAW;YAAE,OAAO;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8CAA8C,IAAI,mBAAmB,CAAC,CAAC;QAC5F,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,CAAC;CACF;AA9GD,gCA8GC"}

package/dist/core/surface.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Runtime surface detection — which GitHub Copilot host spawned this hook.
+ *
+ * A single `pinta-copilot` adapter / a single `~/.copilot/hooks/` file fires
+ * across three surfaces (BACKGROUND_RESEARCH §9, D11/D14). We label every span
+ * with `copilot.surface` so the backend can distinguish them. The hook is a
+ * spawned child process, so we read the inherited `process.env`.
+ *
+ * Detection is empirically validated (2026-06-08, KU9):
+ *  - cloud: Copilot cloud agent injects `COPILOT_AGENT_*`.
+ *  - ext  : the VS Code extension host sets `ELECTRON_RUN_AS_NODE` /
+ *           `VSCODE_PID` / `VSCODE_IPC_HOOK` on its node children.
+ *  - cli  : neither.
+ *
+ * ⚠️ `TERM_PROGRAM` is deliberately NOT used: VS Code's *integrated terminal*
+ * sets `TERM_PROGRAM=vscode` for a standalone CLI run (would misclassify as
+ * ext), and a real ext host inherits whatever launched VS Code (e.g. ghostty)
+ * — unreliable in both directions. `ELECTRON_RUN_AS_NODE` is the robust signal.
+ */
+export type Surface = "cli" | "cloud" | "ext";
+export declare function detectSurface(env?: NodeJS.ProcessEnv): Surface;

package/dist/core/surface.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectSurface = detectSurface;
+function detectSurface(env = process.env) {
+    if (env.COPILOT_AGENT_JOB_ID || env.COPILOT_AGENT_SESSION_ID || env.COPILOT_AGENT_PROMPT) {
+        return "cloud";
+    }
+    if (env.ELECTRON_RUN_AS_NODE || env.VSCODE_IPC_HOOK || env.VSCODE_PID) {
+        return "ext";
+    }
+    return "cli";
+}
+//# sourceMappingURL=surface.js.map

package/dist/core/surface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"surface.js","sourceRoot":"","sources":["../../src/core/surface.ts"],"names":[],"mappings":";;AAqBA,sCAQC;AARD,SAAgB,aAAa,CAAC,MAAyB,OAAO,CAAC,GAAG;IAChE,IAAI,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC,wBAAwB,IAAI,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACzF,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;QACtE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/core/trace.d.ts

@@ -0,0 +1,20 @@
+import type { PintaConfig } from "./config.js";
+/**
+ * Per-turn trace correlation, keyed by `session_id`.
+ *
+ * `UserPromptSubmit` starts a new ULID trace for its session; subsequent hooks
+ * in the same turn reuse it. Keying by session_id (not a single global file)
+ * is required because CLI and the VS Code extension can run concurrently and
+ * each emits its own session — verified that `session_id` is stable across a
+ * turn on both surfaces (H10). The store is a `{ [sessionId]: traceId }` map.
+ */
+export declare class TraceManager {
+    private tracePath;
+    constructor(config: PintaConfig);
+    private readMap;
+    private writeMap;
+    /** Start (and persist) a new trace for this session. */
+    newTrace(sessionId?: string): string;
+    /** Current trace for this session; create one if none exists yet. */
+    currentTrace(sessionId?: string): string;
+}