@sanity/ailf 3.8.1 → 4.0.0

package/dist/_vendor/ailf-shared/canary-drift.js

@@ -0,0 +1,86 @@
+/**
+ * canary/drift.ts — Pure drift-statistic computation for the Tier 3
+ * framework-tests-framework loop.
+ *
+ * Consumes the projection shape returned by Studio's `latestReportsQuery`
+ * (we accept a slim subset so the function stays a pure-domain dependency
+ * with no Studio-package import). Computes per-area Δscore between the
+ * most-recent canary run and the trailing-N median, plus an overall
+ * Δscore for the run as a whole. Output classifies each delta as `ok`,
+ * `warn`, or `regression` against caller-provided thresholds.
+ *
+ * The function is total — it never throws. Edge cases (empty trailing
+ * window, missing scores) surface as `verdict: "no-baseline"` so the
+ * caller can decide whether to treat the missing baseline as a fail.
+ *
+ * @see docs/design-docs/testing-strategy.md — "Tier 3 — Live LLMs"
+ * @see packages/studio/src/queries.ts — `latestReportsQuery`
+ */
+/**
+ * Compute per-area + overall drift for a sequence of canary runs.
+ *
+ * `reports` must be ordered **newest-first** (matching `latestReportsQuery`'s
+ * `order(completedAt desc)`). The most-recent run is `reports[0]`; the
+ * trailing window is `reports.slice(1, 1 + trailingN)`.
+ *
+ * @throws never — all error states surface as `no-baseline` verdicts.
+ */
+export function computeCanaryDrift(reports, thresholds) {
+    if (reports.length === 0)
+        return null;
+    const minBaseline = thresholds.minBaselineRuns ?? 1;
+    const current = reports[0];
+    const trailing = reports.slice(1, 1 + thresholds.trailingN);
+    const overall = scoreDrift("overall", current.overall, trailing.map((r) => r.overall), thresholds, minBaseline);
+    const byArea = [];
+    for (const score of current.scores) {
+        const trailingArea = [];
+        for (const t of trailing) {
+            const match = t.scores.find((s) => s.feature === score.feature);
+            if (match)
+                trailingArea.push(match.totalScore);
+        }
+        byArea.push(scoreDrift(score.feature, score.totalScore, trailingArea, thresholds, minBaseline));
+    }
+    const hasRegression = overall.verdict === "regression" ||
+        byArea.some((e) => e.verdict === "regression");
+    const hasMovement = hasRegression ||
+        overall.verdict === "warn" ||
+        byArea.some((e) => e.verdict === "warn");
+    return {
+        reportId: current.reportId,
+        completedAt: current.completedAt,
+        overall,
+        byArea,
+        hasRegression,
+        hasMovement,
+    };
+}
+function scoreDrift(feature, current, trailing, thresholds, minBaseline) {
+    if (trailing.length < minBaseline) {
+        return {
+            feature,
+            current,
+            trailingMedian: null,
+            delta: null,
+            verdict: "no-baseline",
+        };
+    }
+    const trailingMedian = median(trailing);
+    const delta = current - trailingMedian;
+    const drop = -delta;
+    let verdict = "ok";
+    if (drop >= thresholds.failDelta)
+        verdict = "regression";
+    else if (drop >= thresholds.warnDelta)
+        verdict = "warn";
+    return { feature, current, trailingMedian, delta, verdict };
+}
+function median(values) {
+    const sorted = [...values].sort((a, b) => a - b);
+    const mid = Math.floor(sorted.length / 2);
+    if (sorted.length % 2 === 0) {
+        return (sorted[mid - 1] + sorted[mid]) / 2;
+    }
+    return sorted[mid];
+}

package/dist/_vendor/ailf-shared/index.d.ts

@@ -8,13 +8,20 @@
  * Design rule: this package has ZERO runtime dependencies and ZERO imports
  * from @sanity/ailf-core, @sanity/ailf, or
  * @sanity/ailf-studio. It is the leaf of the dependency graph.
+ *
+ * Re-exports are explicit (named) rather than `export *` so that the studio
+ * tsup DTS bundle can statically resolve each symbol's canonical owner —
+ * `export *` chains across many modules trip rollup-plugin-dts's "Ambiguous
+ * external namespace resolution" warning even when no symbol actually
+ * collides. See W0124.
  */
-export * from "./document-ref.js";
-export * from "./feature-flags.js";
-export * from "./score-grades.js";
-export * from "./noise-threshold.js";
-export * from "./eval-modes.js";
-export * from "./owner-teams.js";
-export * from "./run-classification.js";
-export * from "./run-trigger.js";
-export * from "./run-context.js";
+export { computeCanaryDrift, type CanaryDriftReport, type CanaryReportSlim, type DriftEntry, type DriftThresholds, type DriftVerdict, } from "./canary-drift.js";
+export { type DocumentRef } from "./document-ref.js";
+export { FEATURE_FLAGS, type FeatureFlag, type FeatureFlagKey, } from "./feature-flags.js";
+export { GRADE_BOUNDARIES, scoreGrade, type ScoreGrade, } from "./score-grades.js";
+export { NOISE_THRESHOLD } from "./noise-threshold.js";
+export { CANONICAL_EVAL_MODES, LEGACY_EVAL_MODE_ALIASES, LITERACY_VARIANTS, RAW_EVAL_MODES, type EvalMode, type LiteracyVariant, type RawEvalMode, } from "./eval-modes.js";
+export { isKnownOwnerTeam, KNOWN_OWNER_TEAMS, normalizeOwnerTeam, } from "./owner-teams.js";
+export { isRunClassification, RUN_CLASSIFICATIONS, RUN_EXECUTOR_SURFACES, type RunClassification, type RunExecutor, type RunExecutorSurface, type RunExecutorSystem, type RunExecutorUser, type RunHost, type RunLineage, type RunOwner, type RunTool, } from "./run-classification.js";
+export { type RunTrigger } from "./run-trigger.js";
+export { type RunContext } from "./run-context.js";

package/dist/_vendor/ailf-shared/index.js

@@ -8,13 +8,17 @@
  * Design rule: this package has ZERO runtime dependencies and ZERO imports
  * from @sanity/ailf-core, @sanity/ailf, or
  * @sanity/ailf-studio. It is the leaf of the dependency graph.
+ *
+ * Re-exports are explicit (named) rather than `export *` so that the studio
+ * tsup DTS bundle can statically resolve each symbol's canonical owner —
+ * `export *` chains across many modules trip rollup-plugin-dts's "Ambiguous
+ * external namespace resolution" warning even when no symbol actually
+ * collides. See W0124.
  */
-export * from "./document-ref.js";
-export * from "./feature-flags.js";
-export * from "./score-grades.js";
-export * from "./noise-threshold.js";
-export * from "./eval-modes.js";
-export * from "./owner-teams.js";
-export * from "./run-classification.js";
-export * from "./run-trigger.js";
-export * from "./run-context.js";
+export { computeCanaryDrift, } from "./canary-drift.js";
+export { FEATURE_FLAGS, } from "./feature-flags.js";
+export { GRADE_BOUNDARIES, scoreGrade, } from "./score-grades.js";
+export { NOISE_THRESHOLD } from "./noise-threshold.js";
+export { CANONICAL_EVAL_MODES, LEGACY_EVAL_MODE_ALIASES, LITERACY_VARIANTS, RAW_EVAL_MODES, } from "./eval-modes.js";
+export { isKnownOwnerTeam, KNOWN_OWNER_TEAMS, normalizeOwnerTeam, } from "./owner-teams.js";
+export { isRunClassification, RUN_CLASSIFICATIONS, RUN_EXECUTOR_SURFACES, } from "./run-classification.js";

package/dist/adapters/task-sources/repo-schemas.d.ts

@@ -147,8 +147,8 @@ export declare const CanonicalTaskSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     baseline: z.ZodOptional<z.ZodObject<{
         enabled: z.ZodOptional<z.ZodBoolean>;
         rubric: z.ZodOptional<z.ZodEnum<{
-            abbreviated: "abbreviated";
             full: "full";
+            abbreviated: "abbreviated";
             none: "none";
         }>>;
     }, z.core.$strip>>;
@@ -773,8 +773,8 @@ export declare const ContentLakeAuthorableTaskSchema: z.ZodObject<{
     baseline: z.ZodOptional<z.ZodObject<{
         enabled: z.ZodOptional<z.ZodBoolean>;
         rubric: z.ZodOptional<z.ZodEnum<{
-            abbreviated: "abbreviated";
             full: "full";
+            abbreviated: "abbreviated";
             none: "none";
         }>>;
     }, z.core.$strip>>;
@@ -893,8 +893,8 @@ export declare const CanonicalTaskFileSchema: z.ZodArray<z.ZodDiscriminatedUnion
     baseline: z.ZodOptional<z.ZodObject<{
         enabled: z.ZodOptional<z.ZodBoolean>;
         rubric: z.ZodOptional<z.ZodEnum<{
-            abbreviated: "abbreviated";
             full: "full";
+            abbreviated: "abbreviated";
             none: "none";
         }>>;
     }, z.core.$strip>>;

package/dist/agent-observer/agentic-provider.js

@@ -479,20 +479,18 @@ export default class AgenticProvider {
                 // Jina search unavailable
             }
         }
-        // Final fallback: construct likely Sanity doc URLs from the query
+        // Final fallback: search returned nothing usable. Point the agent at
+        // llms.txt (a real, fetchable doc index) instead of fabricating a URL
+        // from the query slug — fabricated URLs 404 and mislead the agent into
+        // thinking the doc system is unreachable. See W0129.
         if (results.length === 0) {
-            const sanitized = query
-                .toLowerCase()
-                .replace(/sanity\.?(io)?/gi, "")
-                .trim();
-            const slugGuess = sanitized
-                .replace(/\s+/g, "-")
-                .replace(/[^a-z0-9-]/g, "");
             results = [
                 {
-                    snippet: `Try the documentation page for: ${sanitized}`,
-                    title: `Documentation: ${query}`,
-                    url: `${this.docBaseUrl}/${slugGuess}`,
+                    snippet: `No direct search results. The documentation index is available at ` +
+                        `${this.llmsTxtUrl} — fetch it to discover real doc URLs, ` +
+                        `then fetch_page specific topics.`,
+                    title: `No results — try fetching ${this.llmsTxtUrl} for the doc index`,
+                    url: this.llmsTxtUrl,
                 },
             ];
         }
@@ -806,12 +804,14 @@ export default class AgenticProvider {
         const maxToolRounds = this.config.maxToolRounds || 5;
         const apiKey = this.config.apiKey || process.env.OPENAI_API_KEY;
         // Newer OpenAI models (gpt-5.x, o-series) use max_completion_tokens
-        // instead of max_tokens. Detect from config or model name.
-        const useMaxCompletionTokens = this.config.max_output_tokens != null ||
-            this.config.max_completion_tokens != null ||
-            model.startsWith("gpt-5") ||
+        // instead of max_tokens, and reject custom temperature values. Detect
+        // from config or model name. See W0131.
+        const isReasoningModel = model.startsWith("gpt-5") ||
             model.startsWith("o3") ||
             model.startsWith("o4");
+        const useMaxCompletionTokens = this.config.max_output_tokens != null ||
+            this.config.max_completion_tokens != null ||
+            isReasoningModel;
         const maxTokensValue = this.config.max_output_tokens ??
             this.config.max_completion_tokens ??
             this.config.max_tokens ??
@@ -840,15 +840,20 @@ export default class AgenticProvider {
         const startTime = Date.now();
         for (let round = 0; round <= maxToolRounds; round++) {
             const isLastRound = round === maxToolRounds;
+            const requestBody = {
+                ...tokenLimitParam,
+                messages,
+                model,
+                tool_choice: isLastRound ? "none" : "auto",
+                tools,
+            };
+            // gpt-5.x and o-series reject custom temperature; chat-completions
+            // models continue to receive the configured value. See W0131.
+            if (!isReasoningModel) {
+                requestBody.temperature = temperature;
+            }
             const response = await fetchFn("https://api.openai.com/v1/chat/completions", {
-                body: JSON.stringify({
-                    ...tokenLimitParam,
-                    messages,
-                    model,
-                    temperature,
-                    tool_choice: isLastRound ? "none" : "auto",
-                    tools,
-                }),
+                body: JSON.stringify(requestBody),
                 headers: {
                     Authorization: `Bearer ${apiKey}`,
                     "Content-Type": "application/json",

package/dist/agent-observer/classifier.js

@@ -65,6 +65,11 @@ export function classifyRequests(requests) {
         // Skip failed requests (no response)
         if (req.statusCode === 0)
             continue;
+        // Status-only entries (W0132) carry no body, so we can't infer search
+        // queries or doc-page metadata reliably. They still count as API calls
+        // (Sanity API) or external requests (everything else) so the run shape
+        // shows that the call happened, but we skip the body-dependent buckets.
+        const isStatusOnly = req.capture === "status-only";
         // Order matters: API calls first (they may have ?query= params that look like searches),
         // then searches, then doc pages, then external
         if (isSanityApiRequest(req)) {
@@ -75,14 +80,14 @@ export function classifyRequests(requests) {
                 url: req.url,
             });
         }
-        else if (isSearchRequest(req)) {
+        else if (!isStatusOnly && isSearchRequest(req)) {
             result.searchQueries.push({
                 query: extractSearchQuery(req),
                 timestamp: req.timestamp,
                 url: req.url,
             });
         }
-        else if (isDocPageRequest(req)) {
+        else if (!isStatusOnly && isDocPageRequest(req)) {
             const slug = extractDocSlug(req.url);
             result.docPageVisits.push({
                 contentSize: req.responseSize,

package/dist/agent-observer/proxy.d.ts

@@ -21,6 +21,25 @@
  *
  *   const log = recorder.stop()
  *   // → AgentBehaviorLog with all requests classified
+ *
+ * W0133 — per-class preview byte caps
+ *
+ * `responsePreview` is capped at `previewLimits.default` (4 KB) for most
+ * responses, with per-class overrides for two payloads whose contents are
+ * the ground truth for trace audits:
+ *
+ *   - `previewLimits.search` (16 KB) — Jina-wrapped DuckDuckGo, Google CSE,
+ *     bing.com/search, duckduckgo.com, google.com/search responses. Captures
+ *     the full result list (typical 8–10 KB) so trace audits can resolve
+ *     which result the model fetched next.
+ *   - `previewLimits.llmsTxt` (128 KB) — `/llms.txt` responses. The Sanity
+ *     index is ~110 KB. Capturing the full body lets trace audits
+ *     distinguish "model fetched a path that wasn't in the index" from
+ *     "model fetched a path that was in the index but the page is missing".
+ *
+ * The slim Content Lake report (W0051) does not inline previews — they
+ * live in the GCS `traces` NDJSON artifact only, so bumping these caps
+ * has no effect on the 10 MB Sanity document budget.
  */
 import type { ObservedRequest, AgentBehaviorLog } from "./types.js";
 export interface RecorderOptions {
@@ -31,13 +50,50 @@ export interface RecorderOptions {
     /** Filter: skip requests matching these URL patterns. Default: skip none.
      *  Accepts RegExp or string (strings are auto-converted to case-insensitive RegExp). */
     excludePatterns?: (RegExp | string)[];
-    /** Filter: only record requests matching these URL patterns. Default: record all.
-     *  Accepts RegExp or string (strings are auto-converted to case-insensitive RegExp). */
+    /** Filter: only fully record requests matching these URL patterns. Default: record all fully.
+     *  When `statusOnlyForUnmatched` is true (default), unmatched URLs still emit a slim
+     *  status-only observation. Accepts RegExp or string (strings are auto-converted to
+     *  case-insensitive RegExp). */
     includePatterns?: (RegExp | string)[];
     /** Maximum request body bytes to capture. Default: 4096 */
     maxBodyBytes?: number;
-    /** Maximum response body bytes to capture in preview. Default: 2048 */
+    /**
+     * Default response preview byte cap. Default: 4096.
+     *
+     * Per-class overrides in `previewLimits` may extend this for specific
+     * URL patterns. If `previewLimits` is set, `previewLimits.default` wins
+     * over `maxPreviewBytes`.
+     */
     maxPreviewBytes?: number;
+    /**
+     * Per-class response preview byte caps (W0133). Lets the recorder
+     * capture larger previews for response classes whose contents are the
+     * ground truth for trace audits, without inflating preview size for
+     * generic responses.
+     *
+     * - `default` — used when no other class matches. Falls back to
+     *   `maxPreviewBytes` when omitted (defaults to 4 KB).
+     * - `search` — Jina-wrapped DuckDuckGo, Google CSE, bing/duckduckgo,
+     *   google.com/search responses. Default: 16 KB.
+     * - `llmsTxt` — `/llms.txt` responses. Default: 128 KB.
+     */
+    previewLimits?: {
+        default?: number;
+        llmsTxt?: number;
+        search?: number;
+    };
+    /**
+     * When a URL fails `includePatterns` but passes `excludePatterns`, emit a
+     * slim observation (url/method/statusCode/latencyMs/timestamp/seq, with
+     * `capture: "status-only"`) instead of dropping it entirely. Default: true.
+     *
+     * Setting to `false` restores strict-allowlist behavior — unmatched URLs
+     * are dropped, leaving no record of the call. The default exists so
+     * model-side traffic to api.openai.com / api.anthropic.com /
+     * googleapis.com is visible in run artifacts without recording prompts,
+     * completions, or API keys. See W0132.
+     */
+    statusOnlyForUnmatched?: boolean;
 }
 export declare class RequestRecorder {
     private observations;
@@ -69,8 +125,37 @@ export declare class RequestRecorder {
      *
      * Use this when you can't wrap `fetch` directly but can observe traffic
      * (e.g., via browser DevTools Protocol, mitmproxy logs, etc.).
+     *
+     * Filter behavior (W0132):
+     * - `excludePatterns` always drops the observation entirely.
+     * - `includePatterns` mismatch produces a slim `capture: "status-only"`
+     *   record when `statusOnlyForUnmatched` is true (default), or drops it
+     *   when false.
+     * - The discriminator on the input is honored: callers that already
+     *   know they're emitting a slim record (e.g., the fetch wrapper) can
+     *   set `capture: "status-only"` themselves.
      */
     record(observation: Omit<ObservedRequest, "seq">): void;
+    /**
+     * Resolve the preview byte cap for a given URL using per-class overrides
+     * (W0133). Order of preference:
+     *   1. `previewLimits.llmsTxt` for `/llms.txt` URLs.
+     *   2. `previewLimits.search` for known search providers.
+     *   3. `previewLimits.default`.
+     */
+    private resolvePreviewBytes;
+    /**
+     * Decide how to record a URL given the current filter configuration.
+     *
+     * - `"drop"` — `excludePatterns` matched, or `includePatterns` failed
+     *   and `statusOnlyForUnmatched` is false.
+     * - `"status-only"` — `includePatterns` failed but
+     *   `statusOnlyForUnmatched` is true (default). Skip body/headers.
+     * - `"full"` — record everything.
+     *
+     * See W0132.
+     */
+    private classifyCaptureMode;
     /**
      * Reset the recorder for reuse without creating a new instance.
      */

package/dist/agent-observer/proxy.js

@@ -21,8 +21,49 @@
  *
  *   const log = recorder.stop()
  *   // → AgentBehaviorLog with all requests classified
+ *
+ * W0133 — per-class preview byte caps
+ *
+ * `responsePreview` is capped at `previewLimits.default` (4 KB) for most
+ * responses, with per-class overrides for two payloads whose contents are
+ * the ground truth for trace audits:
+ *
+ *   - `previewLimits.search` (16 KB) — Jina-wrapped DuckDuckGo, Google CSE,
+ *     bing.com/search, duckduckgo.com, google.com/search responses. Captures
+ *     the full result list (typical 8–10 KB) so trace audits can resolve
+ *     which result the model fetched next.
+ *   - `previewLimits.llmsTxt` (128 KB) — `/llms.txt` responses. The Sanity
+ *     index is ~110 KB. Capturing the full body lets trace audits
+ *     distinguish "model fetched a path that wasn't in the index" from
+ *     "model fetched a path that was in the index but the page is missing".
+ *
+ * The slim Content Lake report (W0051) does not inline previews — they
+ * live in the GCS `traces` NDJSON artifact only, so bumping these caps
+ * has no effect on the 10 MB Sanity document budget.
  */
 import { classifyRequests } from "./classifier.js";
+/** Per-class preview-byte defaults (W0133). */
+const DEFAULT_PREVIEW_LIMITS = {
+    default: 4096,
+    llmsTxt: 131072, // ~128 KB — covers Sanity's ~110 KB llms.txt
+    search: 16384, // ~16 KB — Jina/Google CSE/duckduckgo result lists
+};
+/**
+ * URL patterns for the `search` response class (W0133). These cover the
+ * search providers the agentic loop actually hits; new providers can be
+ * added here without changing the recorder API surface.
+ */
+const SEARCH_URL_PATTERNS = [
+    /r\.jina\.ai\/https?:\/\/(www\.)?duckduckgo\.com/i,
+    /r\.jina\.ai\/https?:\/\/(www\.)?google\.com\/search/i,
+    /r\.jina\.ai\/https?:\/\/(www\.)?bing\.com\/search/i,
+    /^https?:\/\/(www\.)?googleapis\.com\/customsearch/i,
+    /^https?:\/\/(www\.)?google\.com\/search/i,
+    /^https?:\/\/(www\.)?bing\.com\/search/i,
+    /^https?:\/\/(www\.)?duckduckgo\.com/i,
+];
+/** URL pattern for the `llmsTxt` response class (W0133). */
+const LLMS_TXT_PATTERN = /\/llms\.txt(\?|$|\/)/i;
 const DEFAULT_OPTIONS = {
     captureHeaders: [
         "accept",
@@ -40,7 +81,9 @@ const DEFAULT_OPTIONS = {
     ],
     includePatterns: [],
     maxBodyBytes: 4096,
-    maxPreviewBytes: 2048,
+    maxPreviewBytes: DEFAULT_PREVIEW_LIMITS.default,
+    previewLimits: { ...DEFAULT_PREVIEW_LIMITS },
+    statusOnlyForUnmatched: true,
 };
 // ---------------------------------------------------------------------------
 // RequestRecorder
@@ -63,6 +106,19 @@ export class RequestRecorder {
         if (merged.excludePatterns) {
             merged.excludePatterns = merged.excludePatterns.map(toRegExp);
         }
+        // Resolve per-class preview caps. `previewLimits.default` wins over
+        // `maxPreviewBytes`; missing entries fall through to module defaults
+        // (W0133).
+        const userLimits = options?.previewLimits ?? {};
+        const resolvedDefault = userLimits.default ??
+            options?.maxPreviewBytes ??
+            DEFAULT_PREVIEW_LIMITS.default;
+        merged.previewLimits = {
+            default: resolvedDefault,
+            llmsTxt: userLimits.llmsTxt ?? DEFAULT_PREVIEW_LIMITS.llmsTxt,
+            search: userLimits.search ?? DEFAULT_PREVIEW_LIMITS.search,
+        };
+        merged.maxPreviewBytes = resolvedDefault;
         this.options = merged;
     }
     /**
@@ -83,6 +139,7 @@ export class RequestRecorder {
                 ? input.method
                 : "GET") ??
             "GET";
+        const captureMode = this.classifyCaptureMode(url);
         let response;
         let error = null;
         try {
@@ -90,31 +147,64 @@ export class RequestRecorder {
         }
         catch (err) {
             error = err;
-            // Record the failed request
+            if (captureMode === "drop")
+                throw error;
+            // Record the failed request — status-only captures skip body/headers
+            // entirely (W0132).
+            this.record(captureMode === "full"
+                ? {
+                    body: await this.extractBody(init?.body),
+                    capture: "full",
+                    contentType: undefined,
+                    headers: this.extractHeaders(init?.headers),
+                    latencyMs: Date.now() - reqStart,
+                    method: method.toUpperCase(),
+                    responsePreview: `Error: ${error.message}`,
+                    responseSize: 0,
+                    statusCode: 0,
+                    timestamp: new Date(reqStart).toISOString(),
+                    url,
+                }
+                : {
+                    capture: "status-only",
+                    headers: {},
+                    latencyMs: Date.now() - reqStart,
+                    method: method.toUpperCase(),
+                    responseSize: 0,
+                    statusCode: 0,
+                    timestamp: new Date(reqStart).toISOString(),
+                    url,
+                });
+            throw error;
+        }
+        const latencyMs = Date.now() - reqStart;
+        if (captureMode === "drop")
+            return response;
+        if (captureMode === "status-only") {
+            // No body read, no header capture, no preview — only the metadata
+            // needed to know the call happened (W0132).
             this.record({
-                body: await this.extractBody(init?.body),
-                contentType: undefined,
-                headers: this.extractHeaders(init?.headers),
-                latencyMs: Date.now() - reqStart,
+                capture: "status-only",
+                headers: {},
+                latencyMs,
                 method: method.toUpperCase(),
-                responsePreview: `Error: ${error.message}`,
                 responseSize: 0,
-                statusCode: 0,
+                statusCode: response.status,
                 timestamp: new Date(reqStart).toISOString(),
                 url,
             });
-            throw error;
+            return response;
         }
-        const latencyMs = Date.now() - reqStart;
         // Clone the response so we can read the body without consuming it
         const clone = response.clone();
         let responseSize = 0;
         let responsePreview;
         if (this.options.captureResponsePreview) {
+            const previewBytes = this.resolvePreviewBytes(url);
             try {
                 const text = await clone.text();
                 responseSize = new TextEncoder().encode(text).length;
-                responsePreview = text.slice(0, this.options.maxPreviewBytes);
+                responsePreview = text.slice(0, previewBytes);
             }
             catch {
                 // Body might not be text — that's fine
@@ -123,6 +213,7 @@ export class RequestRecorder {
         }
         this.record({
             body: await this.extractBody(init?.body),
+            capture: "full",
             contentType: response.headers.get("content-type") ?? undefined,
             headers: this.extractHeaders(init?.headers),
             latencyMs,
@@ -152,26 +243,93 @@ export class RequestRecorder {
      *
      * Use this when you can't wrap `fetch` directly but can observe traffic
      * (e.g., via browser DevTools Protocol, mitmproxy logs, etc.).
+     *
+     * Filter behavior (W0132):
+     * - `excludePatterns` always drops the observation entirely.
+     * - `includePatterns` mismatch produces a slim `capture: "status-only"`
+     *   record when `statusOnlyForUnmatched` is true (default), or drops it
+     *   when false.
+     * - The discriminator on the input is honored: callers that already
+     *   know they're emitting a slim record (e.g., the fetch wrapper) can
+     *   set `capture: "status-only"` themselves.
      */
     record(observation) {
         if (!this.running)
             return;
         const url = observation.url;
-        // Apply filters
+        if (this.options.excludePatterns.some((p) => p.test(url)))
+            return;
+        let capture = observation.capture ?? "full";
         if (this.options.includePatterns.length > 0) {
-            if (!this.options.includePatterns.some((p) => p.test(url)))
-                return;
+            const matchesIncludes = this.options.includePatterns.some((p) => p.test(url));
+            if (!matchesIncludes) {
+                if (!this.options.statusOnlyForUnmatched)
+                    return;
+                capture = "status-only";
+            }
         }
-        if (this.options.excludePatterns.some((p) => p.test(url)))
+        if (capture === "status-only") {
+            // Slim shape — strip body/headers/contentType/responsePreview so a
+            // caller that passed full data still produces a sanitized record.
+            this.observations.push({
+                capture: "status-only",
+                headers: {},
+                latencyMs: observation.latencyMs,
+                method: observation.method,
+                responseSize: 0,
+                seq: this.seq++,
+                statusCode: observation.statusCode,
+                timestamp: observation.timestamp,
+                url,
+            });
             return;
+        }
+        const previewBytes = this.resolvePreviewBytes(url);
         this.observations.push({
             ...observation,
+            capture: "full",
             // Truncate body if needed
             body: observation.body?.slice(0, this.options.maxBodyBytes),
-            responsePreview: observation.responsePreview?.slice(0, this.options.maxPreviewBytes),
+            responsePreview: observation.responsePreview?.slice(0, previewBytes),
             seq: this.seq++,
         });
     }
+    /**
+     * Resolve the preview byte cap for a given URL using per-class overrides
+     * (W0133). Order of preference:
+     *   1. `previewLimits.llmsTxt` for `/llms.txt` URLs.
+     *   2. `previewLimits.search` for known search providers.
+     *   3. `previewLimits.default`.
+     */
+    resolvePreviewBytes(url) {
+        if (LLMS_TXT_PATTERN.test(url))
+            return this.options.previewLimits.llmsTxt;
+        if (SEARCH_URL_PATTERNS.some((p) => p.test(url))) {
+            return this.options.previewLimits.search;
+        }
+        return this.options.previewLimits.default;
+    }
+    /**
+     * Decide how to record a URL given the current filter configuration.
+     *
+     * - `"drop"` — `excludePatterns` matched, or `includePatterns` failed
+     *   and `statusOnlyForUnmatched` is false.
+     * - `"status-only"` — `includePatterns` failed but
+     *   `statusOnlyForUnmatched` is true (default). Skip body/headers.
+     * - `"full"` — record everything.
+     *
+     * See W0132.
+     */
+    classifyCaptureMode(url) {
+        if (this.options.excludePatterns.some((p) => p.test(url)))
+            return "drop";
+        if (this.options.includePatterns.length === 0)
+            return "full";
+        const matchesIncludes = this.options.includePatterns.some((p) => p.test(url));
+        if (matchesIncludes)
+            return "full";
+        return this.options.statusOnlyForUnmatched ? "status-only" : "drop";
+    }
     /**
      * Reset the recorder for reuse without creating a new instance.
      */