@posthog/ai 6.0.1 → 6.1.1

package/dist/index.cjs

@@ -370,6 +370,204 @@ const sendEventToPosthog = async ({
   }
 };
 
+// Type guards for safer type checking
+const isString = value => {
+  return typeof value === 'string';
+};
+const isObject = value => {
+  return value !== null && typeof value === 'object' && !Array.isArray(value);
+};
+
+const REDACTED_IMAGE_PLACEHOLDER = '[base64 image redacted]';
+// ============================================
+// Base64 Detection Helpers
+// ============================================
+const isBase64DataUrl = str => {
+  return /^data:([^;]+);base64,/.test(str);
+};
+const isValidUrl = str => {
+  try {
+    new URL(str);
+    return true;
+  } catch {
+    // Not an absolute URL, check if it's a relative URL or path
+    return str.startsWith('/') || str.startsWith('./') || str.startsWith('../');
+  }
+};
+const isRawBase64 = str => {
+  // Skip if it's a valid URL or path
+  if (isValidUrl(str)) {
+    return false;
+  }
+  // Check if it's a valid base64 string
+  // Base64 images are typically at least a few hundred chars, but we'll be conservative
+  return str.length > 20 && /^[A-Za-z0-9+/]+=*$/.test(str);
+};
+function redactBase64DataUrl(str) {
+  if (!isString(str)) return str;
+  // Check for data URL format
+  if (isBase64DataUrl(str)) {
+    return REDACTED_IMAGE_PLACEHOLDER;
+  }
+  // Check for raw base64 (Vercel sends raw base64 for inline images)
+  if (isRawBase64(str)) {
+    return REDACTED_IMAGE_PLACEHOLDER;
+  }
+  return str;
+}
+const processMessages = (messages, transformContent) => {
+  if (!messages) return messages;
+  const processContent = content => {
+    if (typeof content === 'string') return content;
+    if (!content) return content;
+    if (Array.isArray(content)) {
+      return content.map(transformContent);
+    }
+    // Handle single object content
+    return transformContent(content);
+  };
+  const processMessage = msg => {
+    if (!isObject(msg) || !('content' in msg)) return msg;
+    return {
+      ...msg,
+      content: processContent(msg.content)
+    };
+  };
+  // Handle both arrays and single messages
+  if (Array.isArray(messages)) {
+    return messages.map(processMessage);
+  }
+  return processMessage(messages);
+};
+// ============================================
+// Provider-Specific Image Sanitizers
+// ============================================
+const sanitizeOpenAIImage = item => {
+  if (!isObject(item)) return item;
+  // Handle image_url format
+  if (item.type === 'image_url' && 'image_url' in item && isObject(item.image_url) && 'url' in item.image_url) {
+    return {
+      ...item,
+      image_url: {
+        ...item.image_url,
+        url: redactBase64DataUrl(item.image_url.url)
+      }
+    };
+  }
+  return item;
+};
+const sanitizeOpenAIResponseImage = item => {
+  if (!isObject(item)) return item;
+  // Handle input_image format
+  if (item.type === 'input_image' && 'image_url' in item) {
+    return {
+      ...item,
+      image_url: redactBase64DataUrl(item.image_url)
+    };
+  }
+  return item;
+};
+const sanitizeAnthropicImage = item => {
+  if (!isObject(item)) return item;
+  // Handle Anthropic's image format
+  if (item.type === 'image' && 'source' in item && isObject(item.source) && item.source.type === 'base64' && 'data' in item.source) {
+    return {
+      ...item,
+      source: {
+        ...item.source,
+        data: REDACTED_IMAGE_PLACEHOLDER
+      }
+    };
+  }
+  return item;
+};
+const sanitizeGeminiPart = part => {
+  if (!isObject(part)) return part;
+  // Handle Gemini's inline data format
+  if ('inlineData' in part && isObject(part.inlineData) && 'data' in part.inlineData) {
+    return {
+      ...part,
+      inlineData: {
+        ...part.inlineData,
+        data: REDACTED_IMAGE_PLACEHOLDER
+      }
+    };
+  }
+  return part;
+};
+const processGeminiItem = item => {
+  if (!isObject(item)) return item;
+  // If it has parts, process them
+  if ('parts' in item && item.parts) {
+    const parts = Array.isArray(item.parts) ? item.parts.map(sanitizeGeminiPart) : sanitizeGeminiPart(item.parts);
+    return {
+      ...item,
+      parts
+    };
+  }
+  return item;
+};
+const sanitizeLangChainImage = item => {
+  if (!isObject(item)) return item;
+  // OpenAI style
+  if (item.type === 'image_url' && 'image_url' in item && isObject(item.image_url) && 'url' in item.image_url) {
+    return {
+      ...item,
+      image_url: {
+        ...item.image_url,
+        url: redactBase64DataUrl(item.image_url.url)
+      }
+    };
+  }
+  // Direct image with data field
+  if (item.type === 'image' && 'data' in item) {
+    return {
+      ...item,
+      data: redactBase64DataUrl(item.data)
+    };
+  }
+  // Anthropic style
+  if (item.type === 'image' && 'source' in item && isObject(item.source) && 'data' in item.source) {
+    return {
+      ...item,
+      source: {
+        ...item.source,
+        data: redactBase64DataUrl(item.source.data)
+      }
+    };
+  }
+  // Google style
+  if (item.type === 'media' && 'data' in item) {
+    return {
+      ...item,
+      data: redactBase64DataUrl(item.data)
+    };
+  }
+  return item;
+};
+// Export individual sanitizers for tree-shaking
+const sanitizeOpenAI = data => {
+  return processMessages(data, sanitizeOpenAIImage);
+};
+const sanitizeOpenAIResponse = data => {
+  return processMessages(data, sanitizeOpenAIResponseImage);
+};
+const sanitizeAnthropic = data => {
+  return processMessages(data, sanitizeAnthropicImage);
+};
+const sanitizeGemini = data => {
+  // Gemini has a different structure with 'parts' directly on items instead of 'content'
+  // So we need custom processing instead of using processMessages
+  if (!data) return data;
+  if (Array.isArray(data)) {
+    return data.map(processGeminiItem);
+  }
+  return processGeminiItem(data);
+};
+const sanitizeLangChain = data => {
+  return processMessages(data, sanitizeLangChainImage);
+};
+
 const Chat = openai.OpenAI.Chat;
 const Completions = Chat.Completions;
 const Responses = openai.OpenAI.Responses;
@@ -442,7 +640,7 @@ let WrappedCompletions$1 = class WrappedCompletions extends Completions {
                 traceId,
                 model: openAIParams.model,
                 provider: 'openai',
-                input: openAIParams.messages,
+                input: sanitizeOpenAI(openAIParams.messages),
                 output: [{
                   content: accumulatedContent,
                   role: 'assistant'
@@ -462,7 +660,7 @@ let WrappedCompletions$1 = class WrappedCompletions extends Completions {
                 traceId,
                 model: openAIParams.model,
                 provider: 'openai',
-                input: openAIParams.messages,
+                input: sanitizeOpenAI(openAIParams.messages),
                 output: [],
                 latency: 0,
                 baseURL: this.baseURL ?? '',
@@ -494,7 +692,7 @@ let WrappedCompletions$1 = class WrappedCompletions extends Completions {
             traceId,
             model: openAIParams.model,
             provider: 'openai',
-            input: openAIParams.messages,
+            input: sanitizeOpenAI(openAIParams.messages),
             output: formatResponseOpenAI(result),
             latency,
             baseURL: this.baseURL ?? '',
@@ -518,7 +716,7 @@ let WrappedCompletions$1 = class WrappedCompletions extends Completions {
           traceId,
           model: openAIParams.model,
           provider: 'openai',
-          input: openAIParams.messages,
+          input: sanitizeOpenAI(openAIParams.messages),
           output: [],
           latency: 0,
           baseURL: this.baseURL ?? '',
@@ -591,7 +789,7 @@ let WrappedResponses$1 = class WrappedResponses extends Responses {
                 //@ts-expect-error
                 model: openAIParams.model,
                 provider: 'openai',
-                input: openAIParams.input,
+                input: sanitizeOpenAIResponse(openAIParams.input),
                 output: finalContent,
                 latency,
                 baseURL: this.baseURL ?? '',
@@ -609,7 +807,7 @@ let WrappedResponses$1 = class WrappedResponses extends Responses {
                 //@ts-expect-error
                 model: openAIParams.model,
                 provider: 'openai',
-                input: openAIParams.input,
+                input: sanitizeOpenAIResponse(openAIParams.input),
                 output: [],
                 latency: 0,
                 baseURL: this.baseURL ?? '',
@@ -641,7 +839,7 @@ let WrappedResponses$1 = class WrappedResponses extends Responses {
             //@ts-expect-error
             model: openAIParams.model,
             provider: 'openai',
-            input: openAIParams.input,
+            input: sanitizeOpenAIResponse(openAIParams.input),
             output: formatResponseOpenAI({
               output: result.output
             }),
@@ -668,7 +866,7 @@ let WrappedResponses$1 = class WrappedResponses extends Responses {
           //@ts-expect-error
           model: openAIParams.model,
           provider: 'openai',
-          input: openAIParams.input,
+          input: sanitizeOpenAIResponse(openAIParams.input),
           output: [],
           latency: 0,
           baseURL: this.baseURL ?? '',
@@ -716,7 +914,7 @@ let WrappedResponses$1 = class WrappedResponses extends Responses {
           //@ts-expect-error
           model: openAIParams.model,
           provider: 'openai',
-          input: openAIParams.input,
+          input: sanitizeOpenAIResponse(openAIParams.input),
           output: result.output,
           latency,
           baseURL: this.baseURL ?? '',
@@ -739,7 +937,7 @@ let WrappedResponses$1 = class WrappedResponses extends Responses {
           //@ts-expect-error
           model: openAIParams.model,
           provider: 'openai',
-          input: openAIParams.input,
+          input: sanitizeOpenAIResponse(openAIParams.input),
           output: [],
           latency: 0,
           baseURL: this.baseURL ?? '',
@@ -1163,9 +1361,20 @@ const mapVercelPrompt = messages => {
               text: truncate(c.text)
             };
           } else if (c.type === 'file') {
+            // For file type, check if it's a data URL and redact if needed
+            let fileData;
+            const contentData = c.data;
+            if (contentData instanceof URL) {
+              fileData = contentData.toString();
+            } else if (isString(contentData)) {
+              // Redact base64 data URLs and raw base64 to prevent oversized events
+              fileData = redactBase64DataUrl(contentData);
+            } else {
+              fileData = 'raw files not supported';
+            }
             return {
               type: 'file',
-              file: c.data instanceof URL ? c.data.toString() : 'raw files not supported',
+              file: fileData,
               mediaType: c.mediaType
             };
           } else if (c.type === 'reasoning') {
@@ -1264,11 +1473,10 @@ const mapVercelOutput = result => {
       if (item.data instanceof URL) {
         fileData = item.data.toString();
       } else if (typeof item.data === 'string') {
-        // Check if it's base64 data and potentially large
-        if (item.data.startsWith('data:') || item.data.length > 1000) {
+        fileData = redactBase64DataUrl(item.data);
+        // If not redacted and still large, replace with size indicator
+        if (fileData === item.data && item.data.length > 1000) {
           fileData = `[${item.mediaType} file - ${item.data.length} bytes]`;
-        } else {
-          fileData = item.data;
         }
       } else {
         fileData = `[binary ${item.mediaType} file]`;
@@ -1339,17 +1547,17 @@ const createInstrumentationMiddleware = (phClient, model, options) => {
         const latency = (Date.now() - startTime) / 1000;
         const providerMetadata = result.providerMetadata;
         const additionalTokenValues = {
-          ...(providerMetadata?.openai?.reasoningTokens ? {
-            reasoningTokens: providerMetadata.openai.reasoningTokens
-          } : {}),
-          ...(providerMetadata?.openai?.cachedPromptTokens ? {
-            cacheReadInputTokens: providerMetadata.openai.cachedPromptTokens
-          } : {}),
           ...(providerMetadata?.anthropic ? {
-            cacheReadInputTokens: providerMetadata.anthropic.cacheReadInputTokens,
             cacheCreationInputTokens: providerMetadata.anthropic.cacheCreationInputTokens
           } : {})
         };
+        const usage = {
+          inputTokens: result.usage.inputTokens,
+          outputTokens: result.usage.outputTokens,
+          reasoningTokens: result.usage.reasoningTokens,
+          cacheReadInputTokens: result.usage.cachedInputTokens,
+          ...additionalTokenValues
+        };
         await sendEventToPosthog({
           client: phClient,
           distinctId: options.posthogDistinctId,
@@ -1362,11 +1570,7 @@ const createInstrumentationMiddleware = (phClient, model, options) => {
           baseURL,
           params: mergedParams,
           httpStatus: 200,
-          usage: {
-            inputTokens: result.usage.inputTokens,
-            outputTokens: result.usage.outputTokens,
-            ...additionalTokenValues
-          },
+          usage,
           tools: availableTools,
           captureImmediate: options.posthogCaptureImmediate
         });
@@ -1428,22 +1632,19 @@ const createInstrumentationMiddleware = (phClient, model, options) => {
               reasoningText += chunk.delta; // New in v5
             }
             if (chunk.type === 'finish') {
+              const providerMetadata = chunk.providerMetadata;
+              const additionalTokenValues = {
+                ...(providerMetadata?.anthropic ? {
+                  cacheCreationInputTokens: providerMetadata.anthropic.cacheCreationInputTokens
+                } : {})
+              };
               usage = {
                 inputTokens: chunk.usage?.inputTokens,
-                outputTokens: chunk.usage?.outputTokens
+                outputTokens: chunk.usage?.outputTokens,
+                reasoningTokens: chunk.usage?.reasoningTokens,
+                cacheReadInputTokens: chunk.usage?.cachedInputTokens,
+                ...additionalTokenValues
               };
-              if (chunk.providerMetadata?.openai?.reasoningTokens) {
-                usage.reasoningTokens = chunk.providerMetadata.openai.reasoningTokens;
-              }
-              if (chunk.providerMetadata?.openai?.cachedPromptTokens) {
-                usage.cacheReadInputTokens = chunk.providerMetadata.openai.cachedPromptTokens;
-              }
-              if (chunk.providerMetadata?.anthropic?.cacheReadInputTokens) {
-                usage.cacheReadInputTokens = chunk.providerMetadata.anthropic.cacheReadInputTokens;
-              }
-              if (chunk.providerMetadata?.anthropic?.cacheCreationInputTokens) {
-                usage.cacheCreationInputTokens = chunk.providerMetadata.anthropic.cacheCreationInputTokens;
-              }
             }
             controller.enqueue(chunk);
           },
@@ -1599,7 +1800,7 @@ class WrappedMessages extends AnthropicOriginal.Messages {
                 traceId,
                 model: anthropicParams.model,
                 provider: 'anthropic',
-                input: mergeSystemPrompt(anthropicParams, 'anthropic'),
+                input: sanitizeAnthropic(mergeSystemPrompt(anthropicParams, 'anthropic')),
                 output: [{
                   content: accumulatedContent,
                   role: 'assistant'
@@ -1620,7 +1821,7 @@ class WrappedMessages extends AnthropicOriginal.Messages {
                 traceId,
                 model: anthropicParams.model,
                 provider: 'anthropic',
-                input: mergeSystemPrompt(anthropicParams),
+                input: sanitizeAnthropic(mergeSystemPrompt(anthropicParams)),
                 output: [],
                 latency: 0,
                 baseURL: this.baseURL ?? '',
@@ -1652,7 +1853,7 @@ class WrappedMessages extends AnthropicOriginal.Messages {
             traceId,
             model: anthropicParams.model,
             provider: 'anthropic',
-            input: mergeSystemPrompt(anthropicParams),
+            input: sanitizeAnthropic(mergeSystemPrompt(anthropicParams)),
             output: formatResponseAnthropic(result),
             latency,
             baseURL: this.baseURL ?? '',
@@ -1676,7 +1877,7 @@ class WrappedMessages extends AnthropicOriginal.Messages {
           traceId,
           model: anthropicParams.model,
           provider: 'anthropic',
-          input: mergeSystemPrompt(anthropicParams),
+          input: sanitizeAnthropic(mergeSystemPrompt(anthropicParams)),
           output: [],
           latency: 0,
           baseURL: this.baseURL ?? '',
@@ -1734,7 +1935,7 @@ class WrappedModels {
         traceId,
         model: geminiParams.model,
         provider: 'gemini',
-        input: this.formatInput(geminiParams.contents),
+        input: this.formatInputForPostHog(geminiParams.contents),
         output: formatResponseGemini(response),
         latency,
         baseURL: 'https://generativelanguage.googleapis.com',
@@ -1742,7 +1943,9 @@ class WrappedModels {
         httpStatus: 200,
         usage: {
           inputTokens: response.usageMetadata?.promptTokenCount ?? 0,
-          outputTokens: response.usageMetadata?.candidatesTokenCount ?? 0
+          outputTokens: response.usageMetadata?.candidatesTokenCount ?? 0,
+          reasoningTokens: response.usageMetadata?.thoughtsTokenCount ?? 0,
+          cacheReadInputTokens: response.usageMetadata?.cachedContentTokenCount ?? 0
         },
         tools: availableTools,
         captureImmediate: posthogCaptureImmediate
@@ -1756,7 +1959,7 @@ class WrappedModels {
         traceId,
         model: geminiParams.model,
         provider: 'gemini',
-        input: this.formatInput(geminiParams.contents),
+        input: this.formatInputForPostHog(geminiParams.contents),
         output: [],
         latency,
         baseURL: 'https://generativelanguage.googleapis.com',
@@ -1798,7 +2001,9 @@ class WrappedModels {
         if (chunk.usageMetadata) {
           usage = {
             inputTokens: chunk.usageMetadata.promptTokenCount ?? 0,
-            outputTokens: chunk.usageMetadata.candidatesTokenCount ?? 0
+            outputTokens: chunk.usageMetadata.candidatesTokenCount ?? 0,
+            reasoningTokens: chunk.usageMetadata.thoughtsTokenCount ?? 0,
+            cacheReadInputTokens: chunk.usageMetadata.cachedContentTokenCount ?? 0
           };
         }
         yield chunk;
@@ -1811,7 +2016,7 @@ class WrappedModels {
         traceId,
         model: geminiParams.model,
         provider: 'gemini',
-        input: this.formatInput(geminiParams.contents),
+        input: this.formatInputForPostHog(geminiParams.contents),
         output: [{
           content: accumulatedContent,
           role: 'assistant'
@@ -1832,7 +2037,7 @@ class WrappedModels {
         traceId,
         model: geminiParams.model,
         provider: 'gemini',
-        input: this.formatInput(geminiParams.contents),
+        input: this.formatInputForPostHog(geminiParams.contents),
         output: [],
         latency,
         baseURL: 'https://generativelanguage.googleapis.com',
@@ -1877,6 +2082,12 @@ class WrappedModels {
               content: item.content
             };
           }
+          if (item.parts) {
+            return {
+              role: item.role || 'user',
+              content: item.parts.map(part => part.text ? part.text : part)
+            };
+          }
         }
         return {
           role: 'user',
@@ -1903,6 +2114,10 @@ class WrappedModels {
       content: String(contents)
     }];
   }
+  formatInputForPostHog(contents) {
+    const sanitized = sanitizeGemini(contents);
+    return this.formatInput(sanitized);
+  }
 }
 
 function getDefaultExportFromCjs (x) {
@@ -2594,7 +2809,7 @@ class LangChainCallbackHandler extends BaseCallbackHandler {
     }) || 'generation';
     const generation = {
       name: runNameFound,
-      input: messages,
+      input: sanitizeLangChain(messages),
       startTime: Date.now()
     };
     if (extraParams) {
@@ -2857,7 +3072,8 @@ class LangChainCallbackHandler extends BaseCallbackHandler {
         ...message.additional_kwargs
       };
     }
-    return messageDict;
+    // Sanitize the message content to redact base64 images
+    return sanitizeLangChain(messageDict);
   }
   _parseUsageModel(usage) {
     const conversionList = [['promptTokens', 'input'], ['completionTokens', 'output'], ['input_tokens', 'input'], ['output_tokens', 'output'], ['prompt_token_count', 'input'], ['candidates_token_count', 'output'], ['inputTokenCount', 'input'], ['outputTokenCount', 'output'], ['input_token_count', 'input'], ['generated_token_count', 'output']];