ai-otel-setup 1.0.2

package/LICENSE

@@ -0,0 +1,20 @@
+Proprietary License - iFlyTek BG Internal
+
+Copyright (c) 2026 iFlyTek BG Productivity. All rights reserved.
+
+The source code in this repository is visible publicly to enable installation
+via `npx github:decent-yu/cc-otel-setup` from corporate machines. Visibility
+does NOT grant any license to use, modify, distribute, or sublicense the code
+outside of authorized iFlyTek internal contexts.
+
+Permitted use:
+  - Running the installer (`npx -y github:decent-yu/cc-otel-setup ...`)
+    on machines authorized to send observability data to iFlyTek-internal
+    OTel collectors.
+
+Prohibited without prior written permission:
+  - Copying, forking, vendoring the source for non-iFlyTek deployments
+  - Republishing under a different name or marketplace
+  - Embedding the code in third-party products
+
+For licensing questions: productivity@iflytek.example

package/README.md

@@ -0,0 +1,55 @@
+# AI CLI 上报工具
+
+一键开通团队的 Claude Code / Codex CLI / Gemini CLI 使用数据上报。
+
+## 安装
+
+```bash
+npx -y ai-otel-setup url=你的服务器地址
+```
+
+> 国内网络慢可以临时切到淘宝镜像：`npm config set registry https://registry.npmmirror.com`，再执行上面的命令。
+>
+> 兼容旧命令：`npx -y cc-otel-installer url=...` 仍然可用，行为完全一致。
+
+把 `你的服务器地址` 替换成团队提供的实际地址（例如 `url=10.20.30.40`）。具体地址请向团队负责人索取。
+
+装好后直接运行 `claude` / `codex` / `gemini`，上报会自动开始，无需任何额外配置。
+
+## 参数
+
+| 参数 | 说明 |
+|---|---|
+| `url`（必填） | 服务器地址。可填 IP / 域名（会自动补端口 `4317`），或完整地址（如 `https://otel.company.io:4317`）。不能包含空格或逗号。 |
+
+## 装好后会做什么
+
+- 在 `~/.claude/cc-otel/` 放一个启动脚本
+- 备份你原来的 `~/.claude/settings.json`（带时间戳，可随时还原）
+- 把上报相关配置写进 `~/.claude/settings.json`
+
+你原本的其他设置都会保留；重复运行不会产生重复条目，可以放心重装。
+
+## 采集了哪些数据
+
+|  | 内容 |
+|---|---|
+| ✅ 会采集 | 调用了哪些工具、每次耗时、是否成功、token 用量、当前目录、Git 信息 |
+| ❌ 不采集 | 你输入的提示词、代码正文、工具入参、API 原始内容 |
+
+## 卸载
+
+还原安装前的备份即可：
+
+```bash
+ls ~/.claude/settings.json.bak.* | tail -1 | xargs -I{} cp {} ~/.claude/settings.json
+rm -rf ~/.claude/cc-otel
+```
+
+## 排查
+
+| 现象 | 怎么办 |
+|---|---|
+| 启动 `claude` 没看到上报动作 | 打开 `~/.claude/settings.json`，确认里面有一项 `id: team:session-start` |
+| 服务器一直收不到数据 | 跑一下 `nc -zv 你的服务器地址 4317`，看端口是否通 |
+| 想换服务器地址 | 直接重跑安装命令即可，会自动覆盖旧配置 |

package/cli.js

@@ -0,0 +1,503 @@
+#!/usr/bin/env node
+/**
+ * ai-otel-setup
+ *
+ * 一行命令配置 Claude Code OTel 上报：
+ *   npx -y ai-otel-setup url=COLLECTOR_HOST
+ *
+ * 兼容写法：参数也可以全部塞在一个 argv 里，用逗号分隔：
+ *   npx -y cc-otel-installer url=COLLECTOR_HOST
+ *
+ * 该 installer **不走 CC plugin 机制**：直接把 hook 脚本铺到
+ * ~/.claude/cc-otel/，并把 12 个 OTel env + SessionStart hook 注入
+ * 用户的 ~/.claude/settings.json。安装后 `claude` 立即生效，无需 /plugin install。
+ *
+ * 关键约束：
+ *   - 失败时尽量给出可操作信息，不静默
+ *   - settings.json 写之前会备份到 settings.json.bak（每次覆盖，仅保留上一份）
+ *   - 多次运行幂等（按 hook id=team:session-start 去重）
+ *   - 不依赖任何运行时第三方包，只用 Node 标准库
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+
+const REQUIRED_KEYS = ["url"];
+const HOOK_ID = "team:session-start";
+// UserPromptSubmit 兜底 hook：复用同一脚本，靠 stdin.hook_event_name 分流；
+// 单独 id 是为了让 settings.json 的 SessionStart / UserPromptSubmit 数组各自能按 id 去重
+const PROMPT_HOOK_ID = "team:user-prompt-submit";
+const OTEL_KEYS = [
+  "CLAUDE_CODE_ENABLE_TELEMETRY",
+  "OTEL_METRICS_EXPORTER",
+  "OTEL_LOGS_EXPORTER",
+  "OTEL_EXPORTER_OTLP_PROTOCOL",
+  "OTEL_EXPORTER_OTLP_ENDPOINT",
+  "OTEL_LOGS_EXPORT_INTERVAL",
+  "OTEL_METRIC_EXPORT_INTERVAL",
+  "OTEL_METRICS_INCLUDE_VERSION",
+  "OTEL_LOG_USER_PROMPTS",
+  "OTEL_LOG_TOOL_DETAILS",
+  "OTEL_LOG_TOOL_CONTENT",
+  "OTEL_LOG_RAW_API_BODIES",
+];
+
+// ---------- argv 解析 ----------
+
+function parseArgs(argv) {
+  const out = {};
+  const flat = [];
+  for (const a of argv) {
+    // 兼容 url=x 单 argv 与 url=x 多 argv（保留逗号分隔，便于未来扩展）
+    for (const part of a.split(",")) {
+      if (part.trim()) flat.push(part.trim());
+    }
+  }
+  for (const part of flat) {
+    const idx = part.indexOf("=");
+    if (idx <= 0) continue;
+    const k = part.slice(0, idx).trim().toLowerCase();
+    const v = part.slice(idx + 1).trim();
+    if (k) out[k] = v;
+  }
+  return out;
+}
+
+function validateArgs(args) {
+  const errs = [];
+  for (const k of REQUIRED_KEYS) {
+    if (!args[k]) {
+      errs.push(`missing required: ${k}`);
+      continue;
+    }
+    if (/\s/.test(args[k])) errs.push(`${k} 不允许包含空格: "${args[k]}"`);
+    if (args[k].includes(",")) errs.push(`${k} 不允许包含逗号: "${args[k]}"`);
+  }
+  return errs;
+}
+
+// ---------- url → endpoint ----------
+
+function resolveEndpoint(rawUrl) {
+  // 用户传裸 IP 或 host：自动补 http:// 和 :4317（gRPC 默认端口）
+  // 用户传完整 URL：直接采用
+  if (/^https?:\/\//i.test(rawUrl)) return rawUrl;
+  // 如果用户已带端口（如 "1.2.3.4:4317"），保留；否则补默认 4317
+  const hasPort = /:\d+$/.test(rawUrl);
+  return `http://${rawUrl}${hasPort ? "" : ":4317"}`;
+}
+
+function extractHost(endpoint) {
+  // 从已 resolve 的 endpoint 取 host（不带端口），用于 NO_PROXY
+  try {
+    return new URL(endpoint).hostname;
+  } catch (_) {
+    return endpoint.replace(/^https?:\/\//i, "").split("/")[0].split(":")[0];
+  }
+}
+
+function mergeNoProxy(existing, host) {
+  // 合并保留用户已有 NO_PROXY 值，仅追加 collector host，去重保序
+  const list = (existing || "")
+    .split(",")
+    .map((s) => s.trim())
+    .filter(Boolean);
+  if (host && !list.includes(host)) list.push(host);
+  return list.join(",");
+}
+
+// ---------- 文件操作 ----------
+
+function readJSONSafe(p) {
+  try {
+    if (!fs.existsSync(p)) return {};
+    const txt = fs.readFileSync(p, "utf8");
+    if (!txt.trim()) return {};
+    return JSON.parse(txt);
+  } catch (e) {
+    throw new Error(`读取 ${p} 失败：${e.message}`);
+  }
+}
+
+function writeJSONAtomic(p, obj) {
+  const dir = path.dirname(p);
+  fs.mkdirSync(dir, { recursive: true });
+  const tmp = `${p}.tmp.${process.pid}`;
+  fs.writeFileSync(tmp, JSON.stringify(obj, null, 2) + "\n", "utf8");
+  fs.renameSync(tmp, p);
+}
+
+function backup(p) {
+  if (!fs.existsSync(p)) return null;
+  const bak = `${p}.bak`;
+  fs.copyFileSync(p, bak);
+  return bak;
+}
+
+// ---------- 合并逻辑 ----------
+
+function buildEnv(template, args, endpoint) {
+  const env = { ...template.env };
+  env.OTEL_EXPORTER_OTLP_ENDPOINT = endpoint;
+  // OTEL_RESOURCE_ATTRIBUTES 已废弃：bg/dept/team 不再上报
+  delete env.OTEL_RESOURCE_ATTRIBUTES;
+  return env;
+}
+
+function mergeSettings(existing, newEnv, hookEntry, promptHookEntry, collectorHost) {
+  const merged = { ...existing };
+
+  // env：plugin 优先（组织规范不允许个人改红线），但保留用户独有的 env
+  merged.env = { ...(existing.env || {}) };
+  for (const k of OTEL_KEYS) {
+    merged.env[k] = newEnv[k];
+  }
+  // 清理历史遗留：旧版本 installer 写过 OTEL_RESOURCE_ATTRIBUTES，删掉
+  delete merged.env.OTEL_RESOURCE_ATTRIBUTES;
+
+  // 兜底用户写坏的 HTTP(S)_PROXY：把 collector host 加进 NO_PROXY，让 OTel gRPC 绕过代理
+  // 仅追加，不动用户原有的 NO_PROXY 值，也不动 HTTP_PROXY / HTTPS_PROXY
+  if (collectorHost) {
+    merged.env.NO_PROXY = mergeNoProxy(merged.env.NO_PROXY, collectorHost);
+    merged.env.no_proxy = mergeNoProxy(merged.env.no_proxy, collectorHost);
+  }
+
+  merged.hooks = { ...(existing.hooks || {}) };
+
+  // hooks.SessionStart：按 id 去重，存在则覆盖，不存在则追加
+  const sessionStart = Array.isArray(merged.hooks.SessionStart)
+    ? [...merged.hooks.SessionStart]
+    : [];
+  const idx = sessionStart.findIndex((h) => h && h.id === HOOK_ID);
+  if (idx >= 0) sessionStart[idx] = hookEntry;
+  else sessionStart.push(hookEntry);
+  merged.hooks.SessionStart = sessionStart;
+
+  // hooks.UserPromptSubmit：兜底 hook，按 PROMPT_HOOK_ID 去重，规则同上
+  if (promptHookEntry) {
+    const userPromptSubmit = Array.isArray(merged.hooks.UserPromptSubmit)
+      ? [...merged.hooks.UserPromptSubmit]
+      : [];
+    const pidx = userPromptSubmit.findIndex((h) => h && h.id === PROMPT_HOOK_ID);
+    if (pidx >= 0) userPromptSubmit[pidx] = promptHookEntry;
+    else userPromptSubmit.push(promptHookEntry);
+    merged.hooks.UserPromptSubmit = userPromptSubmit;
+  }
+
+  return merged;
+}
+
+function logsEndpointFromGrpc(endpoint) {
+  try {
+    const url = new URL(endpoint);
+    if (url.port === "4317") url.port = "4318";
+    if (!url.pathname || url.pathname === "/") url.pathname = "/v1/logs";
+    return url.toString();
+  } catch (_) {
+    return "http://localhost:4318/v1/logs";
+  }
+}
+
+// ---------- Codex config.toml 处理 ----------
+//
+// 真实 schema（参见 https://developers.openai.com/codex/config-reference 与 /codex/hooks）：
+//
+//   [features]
+//   codex_hooks = true                          ← 没这个 flag，整段 hooks 被忽略
+//
+//   [otel]
+//   exporter = "otlp-grpc"                      ← 用 exporter 选 transport，不是 enabled / protocol
+//   metrics_exporter = "otlp-grpc"
+//   trace_exporter = "otlp-grpc"
+//
+//   [otel.exporter.otlp-grpc]                   ← 端点写在嵌套子表里
+//   endpoint = "http://host:4317"
+//
+//   [[hooks.SessionStart]]                      ← codex 真的有 SessionStart
+//   matcher = "startup|resume"
+//   [[hooks.SessionStart.hooks]]                ← 真正的 command 嵌一层
+//   type = "command"
+//   command = "..."
+//
+// 嵌套子表 + 嵌套数组用 hand-rolled 正则维护太脆，改成"managed 块"风格：
+// 用 BEGIN/END 标记夹住整段我们写的内容，重跑 installer 时整块剥离再追加。
+
+const CODEX_MANAGED_BEGIN = "# >>> ai-otel-setup managed >>>";
+const CODEX_MANAGED_END = "# <<< ai-otel-setup managed <<<";
+
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+function stripCodexManagedBlock(text) {
+  const re = new RegExp(
+    `\\n?${escapeRegex(CODEX_MANAGED_BEGIN)}[\\s\\S]*?${escapeRegex(CODEX_MANAGED_END)}\\n?`,
+    "g"
+  );
+  return text.replace(re, "\n");
+}
+
+function stripLegacyCodexOtel(text) {
+  // 旧 installer 写的 [otel]（含非法 key enabled = true）整段删除，避免与新 [otel] 冲突
+  return text.replace(
+    /(?:\n|^)\[otel\][\s\S]*?(?=\n\[|\n\[\[|$)/g,
+    (m) => (/enabled\s*=\s*true/.test(m) ? "" : m)
+  );
+}
+
+function stripLegacyCodexHook(text) {
+  // 旧 installer 写的 [[hooks.UserPromptSubmit]] + id = "team:session-start" 整块删除
+  return text.replace(
+    /(?:\n|^)\[\[hooks\.UserPromptSubmit\]\][\s\S]*?(?=\n\[\[|\n\[|$)/g,
+    (m) => (/id\s*=\s*["']team:session-start["']/.test(m) ? "" : m)
+  );
+}
+
+function buildCodexManagedBlock(endpoint, hookDest, logsEndpoint) {
+  // exporter / trace_exporter / metrics_exporter 是 externally-tagged enum：
+  //   - 写 scalar `exporter = "otlp-grpc"`：codex 解析为 unit variant，因为
+  //     OtlpGrpc 是 struct variant（带 endpoint 等字段），报
+  //     "invalid type: unit variant, expected struct variant"。
+  //   - 同时写 scalar 和 table：报 "cannot extend value of type string"。
+  //   - 只写 table `[otel.exporter."otlp-grpc"]`：✓ codex 把它解析为
+  //     OtlpGrpc { endpoint }，tag 来自 key 名。
+  // 官方 sample 之所以能 `exporter = "none"`，是因为 None 本身就是 unit variant。
+  return [
+    CODEX_MANAGED_BEGIN,
+    "[features]",
+    "codex_hooks = true",
+    "",
+    "[otel]",
+    'environment = "prod"',
+    "log_user_prompt = false",
+    "",
+    '[otel.exporter."otlp-grpc"]',
+    `endpoint = ${JSON.stringify(endpoint)}`,
+    "",
+    '[otel.trace_exporter."otlp-grpc"]',
+    `endpoint = ${JSON.stringify(endpoint)}`,
+    "",
+    '[otel.metrics_exporter."otlp-grpc"]',
+    `endpoint = ${JSON.stringify(endpoint)}`,
+    "",
+    "[[hooks.SessionStart]]",
+    'matcher = "startup|resume"',
+    "",
+    "[[hooks.SessionStart.hooks]]",
+    'type = "command"',
+    `command = ${JSON.stringify(`AI_OTEL_LOGS_ENDPOINT=${logsEndpoint} node "${hookDest}"`)}`,
+    CODEX_MANAGED_END,
+  ].join("\n");
+}
+
+function installCodex(home, endpoint) {
+  const codexDir = path.join(home, ".codex");
+  if (!fs.existsSync(codexDir)) {
+    return { tool: "codex", status: "skipped", reason: "未检测到 ~/.codex" };
+  }
+  const installDir = path.join(codexDir, "ai-otel");
+  const configPath = path.join(codexDir, "config.toml");
+  const hookDest = path.join(installDir, "on-session-start.js");
+  fs.mkdirSync(installDir, { recursive: true });
+  fs.copyFileSync(path.join(__dirname, "templates", "codex", "on-session-start.js"), hookDest);
+  fs.chmodSync(hookDest, 0o755);
+  const bak = backup(configPath);
+  let existing = fs.existsSync(configPath) ? fs.readFileSync(configPath, "utf8") : "";
+
+  // 三步去重：先剥离上一次的 managed 块，再清掉旧 schema 残留
+  existing = stripCodexManagedBlock(existing);
+  existing = stripLegacyCodexOtel(existing);
+  existing = stripLegacyCodexHook(existing);
+
+  const logsEndpoint = logsEndpointFromGrpc(endpoint);
+  const managed = buildCodexManagedBlock(endpoint, hookDest, logsEndpoint);
+  const merged = (existing.trimEnd() + "\n\n" + managed + "\n").replace(/\n{3,}/g, "\n\n");
+  fs.writeFileSync(configPath, merged, "utf8");
+  return { tool: "codex", status: "installed", path: configPath, backup: bak };
+}
+
+function installGemini(home, endpoint) {
+  const geminiDir = path.join(home, ".gemini");
+  if (!fs.existsSync(geminiDir)) {
+    return { tool: "gemini", status: "skipped", reason: "未检测到 ~/.gemini" };
+  }
+  const installDir = path.join(geminiDir, "ai-otel");
+  const settingsPath = path.join(geminiDir, "settings.json");
+  const hookDest = path.join(installDir, "on-session-start.js");
+  fs.mkdirSync(installDir, { recursive: true });
+  fs.copyFileSync(path.join(__dirname, "templates", "gemini", "on-session-start.js"), hookDest);
+  fs.chmodSync(hookDest, 0o755);
+  const existing = readJSONSafe(settingsPath);
+  const bak = backup(settingsPath);
+  const merged = { ...existing };
+  // ⚠️ Gemini telemetry.target 只支持 "local" 与 "gcp"，没有 "otlp" 枚举值。
+  //    指向自建 OTLP 接收端的标准用法是 target=local + otlpEndpoint=<url>。
+  //    见调研：docs/superpowers/specs/2026-04-29-multi-cli-otel-research.md §2.2
+  merged.telemetry = {
+    ...(existing.telemetry || {}),
+    enabled: true,
+    target: "local",
+    otlpEndpoint: endpoint,
+    otlpProtocol: "grpc",
+    logPrompts: false,
+  };
+  merged.hooks = { ...(existing.hooks || {}) };
+  const sessionStart = Array.isArray(merged.hooks.SessionStart)
+    ? [...merged.hooks.SessionStart]
+    : [];
+  const hookEntry = {
+    id: HOOK_ID,
+    command: `node "${hookDest}"`,
+  };
+  const idx = sessionStart.findIndex((h) => h && h.id === HOOK_ID);
+  if (idx >= 0) sessionStart[idx] = hookEntry;
+  else sessionStart.push(hookEntry);
+  merged.hooks.SessionStart = sessionStart;
+  writeJSONAtomic(settingsPath, merged);
+  return { tool: "gemini", status: "installed", path: settingsPath, backup: bak };
+}
+
+// ---------- 主流程 ----------
+
+function main() {
+  const args = parseArgs(process.argv.slice(2));
+
+  if (args.help || args.h || process.argv.includes("--help")) {
+    printUsage();
+    return;
+  }
+
+  const errs = validateArgs(args);
+  if (errs.length) {
+    console.error("[ai-otel-setup] 参数错误：");
+    for (const e of errs) console.error("  - " + e);
+    console.error("");
+    printUsage();
+    process.exit(2);
+  }
+
+  const home = os.homedir();
+  const claudeDir = path.join(home, ".claude");
+  const installDir = path.join(claudeDir, "cc-otel");
+  const settingsPath = path.join(claudeDir, "settings.json");
+  const hookScriptDest = path.join(installDir, "on-session-start.js");
+
+  const templateDir = path.join(__dirname, "templates");
+  const settingsTemplate = readJSONSafe(path.join(templateDir, "settings.template.json"));
+  const hookScriptSrc = path.join(templateDir, "on-session-start.js");
+
+  if (!fs.existsSync(hookScriptSrc)) {
+    console.error(`[ai-otel-setup] 找不到 hook 模板：${hookScriptSrc}`);
+    process.exit(1);
+  }
+
+  const endpoint = resolveEndpoint(args.url);
+  const newEnv = buildEnv(settingsTemplate, args, endpoint);
+
+  const hookEntry = {
+    matcher: "*",
+    hooks: [
+      {
+        type: "command",
+        command: `node "${hookScriptDest}"`,
+        timeout: 3,
+      },
+    ],
+    description:
+      "ai-otel-setup 注入：补采项目/git/hostname 维度，POST 到 OTLP/HTTP 4318",
+    id: HOOK_ID,
+  };
+
+  // UserPromptSubmit 兜底 hook：复用同一脚本，由 stdin.hook_event_name 在脚本内部
+  // 分流。客户端做 5 分钟节流，服务端见 entry 已存在则仅补空。用于救 SessionStart
+  // 因网络/超时丢失的场景（线上观测约 60% 事件因此空 git/hostname）。
+  const promptHookEntry = {
+    matcher: "*",
+    hooks: [
+      {
+        type: "command",
+        command: `node "${hookScriptDest}"`,
+        timeout: 3,
+      },
+    ],
+    description:
+      "ai-otel-setup 注入：UserPromptSubmit 兜底，救 SessionStart 漏发场景",
+    id: PROMPT_HOOK_ID,
+  };
+
+  fs.mkdirSync(installDir, { recursive: true });
+  fs.copyFileSync(hookScriptSrc, hookScriptDest);
+  fs.chmodSync(hookScriptDest, 0o755);
+
+  const existing = readJSONSafe(settingsPath);
+  const bak = backup(settingsPath);
+  const merged = mergeSettings(
+    existing,
+    newEnv,
+    hookEntry,
+    promptHookEntry,
+    extractHost(endpoint)
+  );
+  writeJSONAtomic(settingsPath, merged);
+
+  const results = [];
+  try {
+    results.push(installCodex(home, endpoint));
+  } catch (e) {
+    results.push({ tool: "codex", status: "failed", reason: e.message });
+  }
+  try {
+    results.push(installGemini(home, endpoint));
+  } catch (e) {
+    results.push({ tool: "gemini", status: "failed", reason: e.message });
+  }
+
+  const debug = !!args.debug || process.argv.includes("--debug") || process.argv.includes("-d");
+  const allResults = [{ tool: "claude", status: "installed" }, ...results];
+
+  console.log("[ai-otel-setup] 安装完成。");
+  console.log("");
+  console.log(`  ${"endpoint".padEnd(12)}: ${endpoint}`);
+  for (const r of allResults) {
+    console.log(`  ${r.tool.padEnd(12)}: ${r.status}${r.reason ? " (" + r.reason + ")" : ""}`);
+  }
+  if (debug) {
+    console.log(`  ${"hook script".padEnd(12)}: ${hookScriptDest}`);
+    console.log(`  ${"settings".padEnd(12)}: ${settingsPath}`);
+    if (bak) console.log(`  ${"backup".padEnd(12)}: ${bak}`);
+  }
+  console.log("");
+  console.log("接下来：直接运行 `claude` / `codex` / `gemini`，下次会话启动即自动上报。");
+  if (debug) {
+    console.log(
+      "卸载：删除 " +
+        installDir +
+        " 与 " +
+        path.join(claudeDir, "cc-otel-state") +
+        "（marker 目录），并从 settings.json 移除 12 个 OTEL_* env、" +
+        "SessionStart 中 id=" + HOOK_ID + " 与 UserPromptSubmit 中 id=" + PROMPT_HOOK_ID + " 的条目。"
+    );
+  }
+}
+
+function printUsage() {
+  console.log(`Usage:
+  npx -y ai-otel-setup url=COLLECTOR_HOST
+
+参数（必填）：
+  url    Collector host（裸 IP/域名，自动补 http://...:4317；也可传完整 URL）
+
+可选：
+  debug=1 | --debug   显示安装路径、备份路径与卸载提示
+`);
+}
+
+try {
+  main();
+} catch (e) {
+  console.error("[ai-otel-setup] 失败：" + (e && e.message ? e.message : e));
+  process.exit(1);
+}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "ai-otel-setup",
+  "version": "1.0.2",
+  "description": "One-shot installer for AI CLI OpenTelemetry forwarding. Writes Claude Code, Codex CLI, and Gemini CLI telemetry config in a single npx command.",
+  "bin": {
+    "ai-otel-setup": "cli.js",
+    "cc-otel-installer": "cli.js"
+  },
+  "main": "./cli.js",
+  "preferGlobal": true,
+  "engines": {
+    "node": ">=14"
+  },
+  "files": [
+    "cli.js",
+    "templates/",
+    "README.md",
+    "LICENSE"
+  ],
+  "license": "MIT",
+  "author": "iFlyTek BG Productivity <productivity@iflytek.example>",
+  "keywords": [
+    "ai-cli",
+    "claude-code",
+    "codex",
+    "gemini",
+    "claude",
+    "observability",
+    "opentelemetry",
+    "otel",
+    "telemetry",
+    "installer",
+    "cli"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/decent-yu/ai-otel-setup.git"
+  },
+  "bugs": {
+    "url": "https://github.com/decent-yu/ai-otel-setup/issues"
+  },
+  "homepage": "https://github.com/decent-yu/ai-otel-setup#readme",
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/templates/codex/on-session-start.js

@@ -0,0 +1,78 @@
+#!/usr/bin/env node
+"use strict";
+
+const { execFileSync } = require("child_process");
+const os = require("os");
+const path = require("path");
+const fs = require("fs");
+const http = require("http");
+const https = require("https");
+const { URL } = require("url");
+
+function readStdin() {
+  return new Promise((resolve) => {
+    let data = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (c) => (data += c));
+    process.stdin.on("end", () => resolve(data));
+    setTimeout(() => resolve(data), 2000);
+  });
+}
+
+function safeGit(args) {
+  try {
+    return execFileSync("git", args, { stdio: ["ignore", "pipe", "ignore"], timeout: 1000 }).toString().trim();
+  } catch (_) {
+    return "";
+  }
+}
+
+function endpoint() {
+  return process.env.AI_OTEL_LOGS_ENDPOINT || "http://localhost:4318/v1/logs";
+}
+
+(async () => {
+  try {
+    const raw = await readStdin();
+    let input = {};
+    try { input = JSON.parse(raw || "{}"); } catch (_) {}
+    const conversation = input.conversation || {};
+    const sid = conversation.id || input.conversation_id || input.session_id || "";
+    const seen = path.join(os.homedir(), ".codex", "ai-otel", `.session-seen.${sid || "unknown"}`);
+    if (sid && fs.existsSync(seen)) process.exit(0);
+    // 注意：seen 文件必须在 OTLP 发送成功后才写——见下方 res.on("end")。
+    // 之前在此处直接写盘，会导致 collector 暂时不可用时第一次失败也被记为
+    // "已上报"，从此 codex resume 同一 conversation 永远跳过 hook_session_start。
+
+    const cwd = input.cwd || process.cwd();
+    const event = {
+      "tool_kind": "codex",
+      "event.name": "hook_session_start",
+      "session.id": sid,
+      "cwd": cwd,
+      "project.name": path.basename(cwd),
+      "git.remote": safeGit(["-C", cwd, "config", "--get", "remote.origin.url"]),
+      "git.user.email": safeGit(["-C", cwd, "config", "user.email"]),
+      "git.user.name": safeGit(["-C", cwd, "config", "user.name"]),
+      "hostname": os.hostname() || "",
+      "data_source": "hook",
+    };
+    const payload = JSON.stringify({ resourceLogs: [{ resource: { attributes: [] }, scopeLogs: [{ logRecords: [{ timeUnixNano: `${Date.now()}000000`, body: { stringValue: "hook_session_start" }, attributes: Object.entries(event).map(([key, value]) => ({ key, value: { stringValue: String(value ?? "") } })) }] }] }] });
+    const url = new URL(endpoint());
+    const markSeen = () => { if (sid) { try { fs.writeFileSync(seen, String(Date.now())); } catch (_) {} } };
+    const req = (url.protocol === "https:" ? https : http).request(url, { method: "POST", headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(payload) }, timeout: 2000 }, (res) => {
+      res.resume();
+      res.on("end", () => {
+        // 仅 2xx 才视为成功——4xx/5xx 留给下次启动重试，避免静默丢失
+        if (res.statusCode >= 200 && res.statusCode < 300) markSeen();
+        process.exit(0);
+      });
+    });
+    req.on("error", () => process.exit(0));
+    req.on("timeout", () => { req.destroy(); process.exit(0); });
+    req.end(payload);
+    setTimeout(() => process.exit(0), 2500).unref();
+  } catch (_) {
+    process.exit(0);
+  }
+})();

package/templates/gemini/on-session-start.js

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+"use strict";
+
+const { execFileSync } = require("child_process");
+const os = require("os");
+const path = require("path");
+const http = require("http");
+const https = require("https");
+const { URL } = require("url");
+
+function safeGit(args) {
+  try {
+    return execFileSync("git", args, { stdio: ["ignore", "pipe", "ignore"], timeout: 1000 }).toString().trim();
+  } catch (_) {
+    return "";
+  }
+}
+
+function endpoint() {
+  const base = process.env.GEMINI_TELEMETRY_OTLP_ENDPOINT || "http://localhost:4317";
+  const url = new URL(base);
+  if (url.port === "4317") url.port = "4318";
+  if (!url.pathname || url.pathname === "/") url.pathname = "/v1/logs";
+  return url.toString();
+}
+
+try {
+  const cwd = process.cwd();
+  const event = {
+    "tool_kind": "gemini",
+    "event.name": "hook_session_start",
+    "session.id": process.env.GEMINI_SESSION_ID || "",
+    "cwd": cwd,
+    "project.name": path.basename(cwd),
+    "git.remote": safeGit(["-C", cwd, "config", "--get", "remote.origin.url"]),
+    "git.user.email": safeGit(["-C", cwd, "config", "user.email"]),
+    "git.user.name": safeGit(["-C", cwd, "config", "user.name"]),
+    "hostname": os.hostname() || "",
+    "data_source": "hook",
+  };
+  const payload = JSON.stringify({ resourceLogs: [{ resource: { attributes: [] }, scopeLogs: [{ logRecords: [{ timeUnixNano: `${Date.now()}000000`, body: { stringValue: "hook_session_start" }, attributes: Object.entries(event).map(([key, value]) => ({ key, value: { stringValue: String(value ?? "") } })) }] }] }] });
+  const url = new URL(endpoint());
+  const req = (url.protocol === "https:" ? https : http).request(url, { method: "POST", headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(payload) }, timeout: 2000 }, (res) => { res.resume(); res.on("end", () => process.exit(0)); });
+  req.on("error", () => process.exit(0));
+  req.on("timeout", () => { req.destroy(); process.exit(0); });
+  req.end(payload);
+  setTimeout(() => process.exit(0), 2500).unref();
+} catch (_) {
+  process.exit(0);
+}

package/templates/on-session-start.js

@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+/**
+ * SessionStart / UserPromptSubmit 兜底 hook
+ *
+ * 职责：
+ *   采集 CC 原生 OTel 不覆盖的 5 个字段（cwd / git_remote / git_user_email /
+ *   git_user_name / hostname），通过 OTLP/HTTP 4318 发给 Collector，
+ *   与 OTel 主流合流。
+ *
+ * 双 hook 复用同一脚本：
+ *   - SessionStart 触发：每次 claude 启动；生成 hook_kind="session_start"
+ *   - UserPromptSubmit 触发：每次用户输入 prompt；生成 hook_kind="user_prompt_fallback"
+ *     用于救回 SessionStart 因网络/超时丢失的 session（服务端见 entry 已存在则忽略）
+ *
+ * 关键约束：
+ *   - 不读源代码，只读 git 元信息
+ *   - 总耗时 < 3s（hooks 已设 timeout=3）
+ *   - 失败静默，绝不阻塞 CC
+ *   - session.id 从 stdin 读
+ *
+ * 节流（仅对 UserPromptSubmit）：
+ *   - 在 ~/.claude/cc-otel-state/sent-<sid>.flag 写 marker
+ *   - 5 分钟内同 sid 跳过 OTLP 上报，避免高频敲键狂发
+ *   - 5 分钟后过期允许重试，给丢包/瞬时故障留救命窗口
+ */
+
+"use strict";
+
+const { execFileSync } = require("child_process");
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+const http = require("http");
+const https = require("https");
+const { URL } = require("url");
+
+// UserPromptSubmit 节流窗口：5 分钟
+const PROMPT_THROTTLE_MS = 5 * 60 * 1000;
+
+// -------- 环境变量读取 ----------
+
+/**
+ * 推导 OTel Collector 的 OTLP/HTTP logs endpoint。
+ * 优先级：
+ *   1. 显式 OTEL_EXPORTER_OTLP_LOGS_ENDPOINT（用户指定 logs 端点）
+ *   2. OTEL_EXPORTER_OTLP_ENDPOINT（通用端点，自动补 /v1/logs，把 4317 换成 4318）
+ *   3. fallback http://localhost:4318/v1/logs
+ */
+function resolveLogsEndpoint() {
+  const logsEndpoint = process.env.OTEL_EXPORTER_OTLP_LOGS_ENDPOINT;
+  if (logsEndpoint) return logsEndpoint;
+
+  const base = process.env.OTEL_EXPORTER_OTLP_ENDPOINT || "http://localhost:4317";
+  const url = new URL(base);
+  // gRPC 默认 4317 → OTLP/HTTP 默认 4318
+  if (url.port === "4317") url.port = "4318";
+  if (!url.pathname || url.pathname === "/") url.pathname = "/v1/logs";
+  return url.toString();
+}
+
+// -------- 工具函数 ----------
+
+function readStdin() {
+  return new Promise((resolve) => {
+    let data = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (c) => (data += c));
+    process.stdin.on("end", () => resolve(data));
+    // 防挂死：2s 读不到 stdin 就放弃
+    setTimeout(() => resolve(data), 2000);
+  });
+}
+
+// 安全执行 git 命令：execFileSync 不走 shell，cwd 字符串不会被 /bin/sh 解释，
+// 杜绝 cwd 含 `"` / `$(...)` / 反引号 时的命令注入（C-2 修复）
+function safeGit(args) {
+  try {
+    return execFileSync("git", args, {
+      stdio: ["ignore", "pipe", "ignore"],
+      timeout: 1000,
+    })
+      .toString()
+      .trim();
+  } catch (_) {
+    return null;
+  }
+}
+
+// -------- 主流程 ----------
+
+(async () => {
+  try {
+    const raw = await readStdin();
+    let input = {};
+    try {
+      input = JSON.parse(raw || "{}");
+    } catch (_) {
+      input = {};
+    }
+
+    const cwd = input.cwd || process.cwd();
+    const sessionId = input.session_id || input.sessionId || ""; // MVP 实证：stdin.session_id = OTel session.id
+    // CC 在 stdin 里告诉脚本是哪个 hook 触发的；UserPromptSubmit 走"兜底"分支
+    const isPromptFallback = input.hook_event_name === "UserPromptSubmit";
+
+    // 兜底路径节流：sid 维度 5 分钟最多一次（marker 文件 mtime 判断）。
+    // 失败重试窗口同时由此控制：marker 过期后允许下次 prompt 再发一次。
+    const stateDir = path.join(os.homedir(), ".claude", "cc-otel-state");
+    const markerPath = sessionId ? path.join(stateDir, `sent-${sessionId}.flag`) : null;
+    if (isPromptFallback && markerPath && fs.existsSync(markerPath)) {
+      try {
+        const mtime = fs.statSync(markerPath).mtimeMs;
+        if (Date.now() - mtime < PROMPT_THROTTLE_MS) {
+          process.exit(0);
+        }
+      } catch (_) {
+        // marker 状态读不到就当作过期，继续走上报
+      }
+    }
+
+    const event = {
+      "tool_kind": "cc",
+      "event.name": "hook_session_start",
+      "event.timestamp": new Date().toISOString(),
+      "session.id": sessionId,
+      // 服务端按此字段分流：session_start 走原 new/resume 逻辑；
+      // user_prompt_fallback 走"entry 已存在则仅补空字段"逻辑
+      "hook_kind": isPromptFallback ? "user_prompt_fallback" : "session_start",
+      "cwd": cwd,
+      "project.name": path.basename(cwd),
+      "git.remote": safeGit(["-C", cwd, "config", "--get", "remote.origin.url"]) || "",
+      "git.user.email": safeGit(["-C", cwd, "config", "user.email"]) || "",
+      "git.user.name": safeGit(["-C", cwd, "config", "user.name"]) || "",
+      "hostname": os.hostname() || "",
+      "data_source": "hook", // Collector 端用 insert 而非 upsert 以保留本标签
+    };
+
+    const logsEndpoint = resolveLogsEndpoint();
+    const payload = JSON.stringify({
+      resourceLogs: [
+        {
+          resource: {
+            attributes: [],
+          },
+          scopeLogs: [
+            {
+              logRecords: [
+                {
+                  timeUnixNano: `${Date.now()}000000`,
+                  body: { stringValue: "hook_session_start" },
+                  attributes: Object.entries(event).map(([k, v]) => ({
+                    key: k,
+                    value: { stringValue: String(v ?? "") },
+                  })),
+                },
+              ],
+            },
+          ],
+        },
+      ],
+    });
+
+    const url = new URL(logsEndpoint);
+    const lib = url.protocol === "https:" ? https : http;
+
+    // 关键：必须等 HTTP request 真的发出并收到响应（或短时间超时）才退出，
+    // 不能 req.end() 之后立刻 process.exit(0) —— 那样 TCP handshake 都
+    // 还没做完进程就没了，Collector 永远收不到。
+    // Hook timeout 是 3s，这里给自己 2.5s 上限。
+    const done = (() => {
+      let called = false;
+      return () => {
+        if (called) return;
+        called = true;
+        process.exit(0);
+      };
+    })();
+
+    const req = lib.request(
+      url,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(payload),
+          ...(process.env.OTEL_EXPORTER_OTLP_HEADERS
+            ? parseHeaders(process.env.OTEL_EXPORTER_OTLP_HEADERS)
+            : {}),
+        },
+        timeout: 2000,
+      },
+      (res) => {
+        res.resume();
+        res.on("end", done);
+        res.on("error", done);
+      }
+    );
+
+    req.on("error", done);     // 失败静默退出
+    req.on("timeout", () => { req.destroy(); done(); });
+
+    // 在真正发包前 touch marker 文件——把"已尝试上报"持久化下来，
+    // 让后续 5 分钟内的 UserPromptSubmit 跳过重复 POST。失败也照写，
+    // 因为 5 分钟后 marker 会过期允许重试，不会永久卡住。
+    if (markerPath) {
+      try {
+        fs.mkdirSync(stateDir, { recursive: true });
+        fs.writeFileSync(markerPath, "");
+      } catch (_) {
+        // marker 写入失败不阻塞上报
+      }
+    }
+
+    req.write(payload);
+    req.end();
+
+    // 兜底：2.5s 强制退出（CC hook timeout 3s 前先自己结束）
+    setTimeout(done, 2500).unref();
+  } catch (_) {
+    // 兜底：任何异常都不阻塞 CC
+    process.exit(0);
+  }
+})();
+
+function parseHeaders(headerStr) {
+  // "Authorization=Bearer xxx,X-Trace=yyy" -> { Authorization: "Bearer xxx", "X-Trace": "yyy" }
+  const out = {};
+  for (const pair of headerStr.split(",")) {
+    const idx = pair.indexOf("=");
+    if (idx <= 0) continue;
+    const k = pair.slice(0, idx).trim();
+    const v = pair.slice(idx + 1).trim();
+    if (k) out[k] = v;
+  }
+  return out;
+}

package/templates/settings.template.json

@@ -0,0 +1,17 @@
+{
+  "env": {
+    "CLAUDE_CODE_ENABLE_TELEMETRY": "1",
+    "OTEL_METRICS_EXPORTER": "otlp",
+    "OTEL_LOGS_EXPORTER": "otlp",
+    "OTEL_EXPORTER_OTLP_PROTOCOL": "grpc",
+    "OTEL_EXPORTER_OTLP_ENDPOINT": "PLACEHOLDER_ENDPOINT",
+    "OTEL_LOGS_EXPORT_INTERVAL": "300000",
+    "OTEL_METRIC_EXPORT_INTERVAL": "600000",
+    "OTEL_METRICS_INCLUDE_VERSION": "true",
+    "OTEL_LOG_USER_PROMPTS": "0",
+    "OTEL_LOG_TOOL_DETAILS": "1",
+    "OTEL_LOG_TOOL_CONTENT": "0",
+    "OTEL_LOG_RAW_API_BODIES": "0"
+  },
+  "_comment": "Installer 会替换 OTEL_EXPORTER_OTLP_ENDPOINT (PLACEHOLDER_ENDPOINT)。TOOL_DETAILS=1 是为了采到 skill/plugin 真名，Collector 侧会硬删敏感 JSON blob，详见 v1.2 §3.3。"
+}