autotel-devtools 8.1.1 → 10.0.0

package/dist/http-Yj6iSrMX.cjs

@@ -0,0 +1,1275 @@
+//#region \0rolldown/runtime.js
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+
+//#endregion
+const require_resource_utils = require('./resource-utils-DjHJB6uc.cjs');
+let node_http = require("node:http");
+let ws = require("ws");
+let node_fs = require("node:fs");
+let node_path = require("node:path");
+let node_url = require("node:url");
+let protobufjs = require("protobufjs");
+protobufjs = __toESM(protobufjs, 1);
+
+//#region src/server/error-aggregator.ts
+var ErrorAggregator = class {
+	errorGroups = /* @__PURE__ */ new Map();
+	options;
+	constructor(options = {}) {
+		this.options = {
+			maxGroups: options.maxGroups ?? 100,
+			maxAffectedTraces: options.maxAffectedTraces ?? 10,
+			maxAffectedSpans: options.maxAffectedSpans ?? 5,
+			stackFramesForFingerprint: options.stackFramesForFingerprint ?? 5
+		};
+	}
+	/**
+	* Add an error occurrence to the aggregator
+	*/
+	addError(occurrence) {
+		const fingerprint = this.generateFingerprint(occurrence);
+		const existing = this.errorGroups.get(fingerprint);
+		if (existing) {
+			existing.count++;
+			existing.lastSeen = occurrence.timestamp;
+			if (!existing.affectedTraces.includes(occurrence.traceId)) {
+				existing.affectedTraces.push(occurrence.traceId);
+				if (existing.affectedTraces.length > this.options.maxAffectedTraces) existing.affectedTraces.shift();
+			}
+			if (!existing.affectedSpans.includes(occurrence.spanName)) {
+				existing.affectedSpans.push(occurrence.spanName);
+				if (existing.affectedSpans.length > this.options.maxAffectedSpans) existing.affectedSpans.shift();
+			}
+			return existing;
+		}
+		const newGroup = {
+			fingerprint,
+			type: occurrence.error.type,
+			message: occurrence.error.message,
+			stackTrace: this.normalizeStackTrace(occurrence.error.stackTrace),
+			count: 1,
+			firstSeen: occurrence.timestamp,
+			lastSeen: occurrence.timestamp,
+			affectedTraces: [occurrence.traceId],
+			affectedSpans: [occurrence.spanName],
+			service: occurrence.service,
+			attributes: occurrence.attributes
+		};
+		if (this.errorGroups.size >= this.options.maxGroups) this.evictOldestGroup();
+		this.errorGroups.set(fingerprint, newGroup);
+		return newGroup;
+	}
+	/**
+	* Extract errors from a trace and add them to the aggregator
+	*/
+	addErrorsFromTrace(trace) {
+		const addedGroups = [];
+		for (const span of trace.spans) if (span.status.code === "ERROR") {
+			const occurrence = this.extractErrorFromSpan(span, trace);
+			if (occurrence) {
+				const group = this.addError(occurrence);
+				addedGroups.push(group);
+			}
+		}
+		return addedGroups;
+	}
+	/**
+	* Extract error occurrence from a span
+	*/
+	extractErrorFromSpan(span, trace) {
+		const exceptionEvent = span.events?.find((e) => e.name === "exception");
+		const errorType = span.attributes["exception.type"] || span.attributes["error.type"] || exceptionEvent?.attributes?.["exception.type"] || "Error";
+		const errorMessage = span.status.message || span.attributes["exception.message"] || span.attributes["error.message"] || "Unknown error";
+		const stackTrace = span.attributes["exception.stacktrace"] || span.attributes["exception.stack"] || this.extractStackFromEvents(span);
+		return {
+			traceId: trace.traceId,
+			spanId: span.spanId,
+			spanName: span.name,
+			service: trace.service,
+			timestamp: span.endTime,
+			error: {
+				type: errorType,
+				message: errorMessage,
+				stackTrace
+			},
+			attributes: this.extractRelevantAttributes(span.attributes)
+		};
+	}
+	/**
+	* Extract stack trace from span events (exception events)
+	*/
+	extractStackFromEvents(span) {
+		if (!span.events) return void 0;
+		const exceptionEvent = span.events.find((e) => e.name === "exception");
+		if (exceptionEvent?.attributes) return exceptionEvent.attributes["exception.stacktrace"] || exceptionEvent.attributes["exception.stack"];
+	}
+	/**
+	* Extract relevant attributes for error context
+	*/
+	extractRelevantAttributes(attributes) {
+		const relevant = {};
+		for (const key of [
+			"http.method",
+			"http.url",
+			"http.route",
+			"http.status_code",
+			"db.system",
+			"db.operation",
+			"rpc.method",
+			"rpc.service",
+			"code.function",
+			"code.filepath",
+			"user.id",
+			"operation.name"
+		]) if (key in attributes) relevant[key] = attributes[key];
+		return relevant;
+	}
+	/**
+	* Generate a fingerprint for error grouping
+	*
+	* Uses error type + first N stack frames (normalized)
+	*/
+	generateFingerprint(occurrence) {
+		const parts = [occurrence.error.type];
+		if (occurrence.error.stackTrace) {
+			const frames = this.extractStackFrames(occurrence.error.stackTrace, this.options.stackFramesForFingerprint);
+			parts.push(...frames);
+		} else parts.push(this.normalizeMessage(occurrence.error.message));
+		return this.simpleHash(parts.join("|"));
+	}
+	/**
+	* Extract and normalize stack frames from a stack trace
+	*/
+	extractStackFrames(stackTrace, count) {
+		const lines = stackTrace.split("\n");
+		const frames = [];
+		for (const line of lines) {
+			if (frames.length >= count) break;
+			const trimmed = line.trim();
+			const nodeMatch = trimmed.match(/^at\s+(.+?)\s+\((.+?):(\d+):\d+\)$/);
+			if (nodeMatch) {
+				frames.push(`${nodeMatch[1]}@${this.normalizeFilePath(nodeMatch[2])}`);
+				continue;
+			}
+			const anonMatch = trimmed.match(/^at\s+(.+?):(\d+):\d+$/);
+			if (anonMatch) {
+				frames.push(`anonymous@${this.normalizeFilePath(anonMatch[1])}`);
+				continue;
+			}
+			const browserMatch = trimmed.match(/^(.+?)@(.+?):(\d+):\d+$/);
+			if (browserMatch) {
+				frames.push(`${browserMatch[1]}@${this.normalizeFilePath(browserMatch[2])}`);
+				continue;
+			}
+		}
+		return frames;
+	}
+	/**
+	* Normalize file path by removing absolute path prefixes and node_modules paths
+	*/
+	normalizeFilePath(filePath) {
+		const nodeModulesMatch = filePath.match(/node_modules\/(@[^/]+\/[^/]+|[^/]+)/);
+		if (nodeModulesMatch) return `[npm]/${nodeModulesMatch[1]}`;
+		return filePath.replace(/^.*?\/src\//, "src/").replace(/^.*?\/dist\//, "dist/").replace(/^.*?\/lib\//, "lib/").replace(/^file:\/\//, "");
+	}
+	/**
+	* Normalize error message by removing dynamic parts
+	*/
+	normalizeMessage(message) {
+		return message.replaceAll(/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/gi, "[UUID]").replaceAll(/\b[0-9a-f]{16,}\b/gi, "[ID]").replaceAll(/\b\d+\b/g, "[N]").replaceAll(/"[^"]*"/g, "\"[STR]\"").replaceAll(/'[^']*'/g, "'[STR]'").slice(0, 200);
+	}
+	/**
+	* Normalize stack trace for display
+	*/
+	normalizeStackTrace(stackTrace) {
+		if (!stackTrace) return void 0;
+		return stackTrace.split("\n").slice(0, 10).join("\n");
+	}
+	/**
+	* Simple hash function for fingerprinting
+	*/
+	simpleHash(str) {
+		let hash = 0;
+		for (let i = 0; i < str.length; i++) {
+			const char = str.charCodeAt(i);
+			hash = (hash << 5) - hash + char;
+			hash = hash & hash;
+		}
+		return Math.abs(hash).toString(16).padStart(8, "0");
+	}
+	/**
+	* Evict the oldest error group
+	*/
+	evictOldestGroup() {
+		let oldest = null;
+		for (const [fingerprint, group] of this.errorGroups) if (!oldest || group.lastSeen < oldest.lastSeen) oldest = {
+			fingerprint,
+			lastSeen: group.lastSeen
+		};
+		if (oldest) this.errorGroups.delete(oldest.fingerprint);
+	}
+	/**
+	* Get all error groups, sorted by most recent
+	*/
+	getErrorGroups() {
+		return [...this.errorGroups.values()].sort((a, b) => b.lastSeen - a.lastSeen);
+	}
+	/**
+	* Get error groups sorted by count (most frequent first)
+	*/
+	getErrorGroupsByFrequency() {
+		return [...this.errorGroups.values()].sort((a, b) => b.count - a.count);
+	}
+	/**
+	* Get a specific error group by fingerprint
+	*/
+	getErrorGroup(fingerprint) {
+		return this.errorGroups.get(fingerprint);
+	}
+	/**
+	* Get error groups for a specific service
+	*/
+	getErrorGroupsByService(service) {
+		return this.getErrorGroups().filter((g) => g.service === service);
+	}
+	/**
+	* Get total error count across all groups
+	*/
+	getTotalErrorCount() {
+		let total = 0;
+		for (const group of this.errorGroups.values()) total += group.count;
+		return total;
+	}
+	/**
+	* Get error statistics
+	*/
+	getStats() {
+		const oneHourAgo = Date.now() - 3600 * 1e3;
+		let recentErrors = 0;
+		const typeCount = /* @__PURE__ */ new Map();
+		for (const group of this.errorGroups.values()) {
+			if (group.lastSeen > oneHourAgo) recentErrors += group.count;
+			typeCount.set(group.type, (typeCount.get(group.type) || 0) + group.count);
+		}
+		const topErrorTypes = [...typeCount.entries()].map(([type, count]) => ({
+			type,
+			count
+		})).sort((a, b) => b.count - a.count).slice(0, 5);
+		return {
+			totalGroups: this.errorGroups.size,
+			totalErrors: this.getTotalErrorCount(),
+			recentErrors,
+			topErrorTypes
+		};
+	}
+	/**
+	* Clear all error groups
+	*/
+	clear() {
+		this.errorGroups.clear();
+	}
+	/**
+	* Clear old error groups (not seen in given time window)
+	*/
+	clearOlderThan(maxAgeMs) {
+		const cutoff = Date.now() - maxAgeMs;
+		let cleared = 0;
+		for (const [fingerprint, group] of this.errorGroups) if (group.lastSeen < cutoff) {
+			this.errorGroups.delete(fingerprint);
+			cleared++;
+		}
+		return cleared;
+	}
+};
+
+//#endregion
+//#region src/server/telemetry-limits.ts
+const defaultLimit = 100;
+function parseLimit(value) {
+	if (!value) return void 0;
+	const parsed = Number.parseInt(value, 10);
+	return Number.isFinite(parsed) && parsed > 0 ? parsed : void 0;
+}
+function resolveTelemetryLimits(args = {}) {
+	const env = args.env ?? process.env;
+	const fallback = args.maxHistory ?? defaultLimit;
+	return {
+		maxTraceCount: args.maxTraceCount ?? parseLimit(env.AUTOTEL_MAX_TRACE_COUNT) ?? fallback,
+		maxLogCount: args.maxLogCount ?? parseLimit(env.AUTOTEL_MAX_LOG_COUNT) ?? fallback,
+		maxMetricCount: args.maxMetricCount ?? parseLimit(env.AUTOTEL_MAX_METRIC_COUNT) ?? fallback
+	};
+}
+function appendWithLimit(items, item, limit) {
+	if (limit <= 0) return [];
+	const next = [...items, item];
+	return next.length > limit ? next.slice(next.length - limit) : next;
+}
+function appendManyWithLimit(items, incoming, limit) {
+	if (limit <= 0 || incoming.length === 0) return limit <= 0 ? [] : items;
+	const next = [...items, ...incoming];
+	return next.length > limit ? next.slice(next.length - limit) : next;
+}
+function applyTelemetryLimits(data, limits) {
+	return {
+		...data,
+		traces: data.traces.slice(-limits.maxTraceCount),
+		logs: data.logs.slice(-limits.maxLogCount),
+		metrics: data.metrics.slice(-limits.maxMetricCount)
+	};
+}
+
+//#endregion
+//#region src/server/origin-guard.ts
+const LOOPBACK_IPV6 = new Set(["::1", "0:0:0:0:0:0:0:1"]);
+/** True for `localhost`, any `127.x.x.x`, and IPv6 loopback. Case-insensitive. */
+function isLoopbackHostname(hostname) {
+	const h = hostname.toLowerCase().replace(/^\[|\]$/g, "");
+	return h === "localhost" || /^127\./.test(h) || LOOPBACK_IPV6.has(h);
+}
+/** Hostname from a `Host` header (`host`, `host:port`, `[::1]:port`). */
+function hostnameFromHostHeader(host) {
+	const h = host.trim();
+	if (h.startsWith("[")) {
+		const end = h.indexOf("]");
+		return end > 0 ? h.slice(1, end) : h;
+	}
+	const colon = h.indexOf(":");
+	return colon === -1 ? h : h.slice(0, colon);
+}
+/** True when the `Host` header names a loopback host. */
+function hostHeaderIsLoopback(host) {
+	return isLoopbackHostname(hostnameFromHostHeader(host));
+}
+/** True when an `Origin` header names a loopback origin. A malformed or opaque
+*  origin (e.g. the literal `null` from a sandboxed iframe) is treated as
+*  non-loopback. */
+function originIsLoopback(origin) {
+	try {
+		return isLoopbackHostname(new URL(origin).hostname);
+	} catch {
+		return false;
+	}
+}
+/**
+* Decide whether a request to a sensitive (read/mutate) endpoint is allowed.
+* - A present, non-loopback `Origin` is always rejected (cross-origin read).
+* - When `loopbackOnly`, a present, non-loopback `Host` is rejected (DNS
+*   rebinding). Skipped when the receiver is bound to a non-loopback host.
+*/
+function allowSensitiveRequest(headers, loopbackOnly) {
+	const { origin, host } = headers;
+	if (origin && origin.length > 0 && !originIsLoopback(origin)) return false;
+	if (loopbackOnly && host && host.length > 0 && !hostHeaderIsLoopback(host)) return false;
+	return true;
+}
+
+//#endregion
+//#region src/server/server.ts
+var DevtoolsServer = class {
+	wss;
+	clients = /* @__PURE__ */ new Set();
+	httpServer;
+	traces = [];
+	logs = [];
+	metrics = [];
+	errorAggregator = new ErrorAggregator();
+	limits;
+	verbose;
+	_port;
+	onData;
+	constructor(options = {}) {
+		this.limits = resolveTelemetryLimits(options);
+		this.verbose = options.verbose ?? false;
+		this._port = options.port ?? 4318;
+		this.onData = options.onData;
+		this.httpServer = options.server ?? (0, node_http.createServer)();
+		const loopbackOnly = options.host == null || hostHeaderIsLoopback(options.host);
+		this.wss = new ws.WebSocketServer({
+			server: this.httpServer,
+			path: options.path ?? "/ws",
+			verifyClient: ({ origin, req }) => allowSensitiveRequest({
+				origin,
+				host: req.headers.host
+			}, loopbackOnly)
+		});
+		this.wss.on("error", (err) => {
+			if (this.httpServer.listening) throw err;
+		});
+		this.wss.on("connection", (ws$1) => {
+			this.clients.add(ws$1);
+			this.log(`Client connected (${this.clients.size} total)`);
+			const data = this.getCurrentData();
+			if (data.traces.length > 0 || data.logs.length > 0 || data.errors.length > 0) ws$1.send(JSON.stringify(data));
+			ws$1.on("close", () => {
+				this.clients.delete(ws$1);
+				this.log(`Client disconnected (${this.clients.size} total)`);
+			});
+		});
+		if (!options.server) this.httpServer.listen(this._port, () => {
+			const addr = this.httpServer.address();
+			if (addr && typeof addr === "object") this._port = addr.port;
+			this.log(`WebSocket server listening on port ${this._port}`);
+		});
+	}
+	get port() {
+		const addr = this.httpServer.address();
+		if (addr && typeof addr === "object") return addr.port;
+		return this._port;
+	}
+	get clientCount() {
+		return this.clients.size;
+	}
+	addTrace(trace) {
+		const existing = this.traces.find((t) => t.traceId === trace.traceId);
+		const merged = existing ?? trace;
+		if (existing) {
+			const existingSpanIds = new Set(existing.spans.map((s) => s.spanId));
+			for (const span of trace.spans) if (!existingSpanIds.has(span.spanId)) existing.spans.push(span);
+			existing.startTime = Math.min(existing.startTime, trace.startTime);
+			existing.endTime = Math.max(existing.endTime, trace.endTime);
+			existing.duration = existing.endTime - existing.startTime;
+			if (trace.status === "ERROR") existing.status = "ERROR";
+			const root = existing.spans.find((s) => !s.parentSpanId);
+			if (root) {
+				existing.rootSpan = root;
+				const rootService = root.attributes?.["service.name"];
+				if (typeof rootService === "string" && rootService.length > 0) existing.service = rootService;
+			}
+		} else this.traces = appendWithLimit(this.traces, trace, this.limits.maxTraceCount);
+		this.errorAggregator.addErrorsFromTrace(trace);
+		this.broadcast({
+			traces: [merged],
+			metrics: [],
+			logs: [],
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	addTraces(traces) {
+		for (const trace of traces) this.addTrace(trace);
+	}
+	addLog(log) {
+		this.logs = appendWithLimit(this.logs, log, this.limits.maxLogCount);
+		this.broadcast({
+			traces: [],
+			metrics: [],
+			logs: [log],
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	addLogs(logs) {
+		this.logs = appendManyWithLimit(this.logs, logs, this.limits.maxLogCount);
+		this.broadcast({
+			traces: [],
+			metrics: [],
+			logs,
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	addMetric(metric) {
+		this.metrics = appendWithLimit(this.metrics, metric, this.limits.maxMetricCount);
+		this.broadcast({
+			traces: [],
+			metrics: [metric],
+			logs: [],
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	getCurrentData() {
+		return {
+			traces: this.traces,
+			metrics: this.metrics,
+			logs: this.logs,
+			errors: this.errorAggregator.getErrorGroups()
+		};
+	}
+	clearData() {
+		this.traces = [];
+		this.logs = [];
+		this.metrics = [];
+		this.errorAggregator.clear();
+	}
+	broadcast(data) {
+		const msg = JSON.stringify(data);
+		for (const client of this.clients) if (client.readyState === ws.WebSocket.OPEN) client.send(msg);
+		if (this.onData) try {
+			this.onData(data);
+		} catch {}
+	}
+	log(message) {
+		if (this.verbose) console.log(`[autotel-devtools] ${message}`);
+	}
+	async close() {
+		for (const client of this.clients) client.close();
+		this.clients.clear();
+		this.wss.close();
+		await new Promise((resolve) => this.httpServer.close(() => resolve()));
+	}
+};
+
+//#endregion
+//#region src/server/otlp.ts
+function resolveOtlpValue(v) {
+	if (!v) return void 0;
+	if (v.stringValue !== void 0) return v.stringValue;
+	if (v.boolValue !== void 0) return v.boolValue;
+	if (v.intValue !== void 0) return typeof v.intValue === "string" ? Number(v.intValue) : v.intValue;
+	if (v.doubleValue !== void 0) return v.doubleValue;
+	if (v.bytesValue !== void 0) return v.bytesValue;
+	if (v.arrayValue?.values) return v.arrayValue.values.map(resolveOtlpValue);
+	if (v.kvlistValue?.values) return flattenAttributes(v.kvlistValue.values);
+}
+function flattenAttributes(attrs) {
+	const out = {};
+	if (!attrs) return out;
+	for (const { key, value } of attrs) out[key] = resolveOtlpValue(value);
+	return out;
+}
+function nanoToMs(nano) {
+	if (!nano) return 0;
+	const ns = BigInt(nano);
+	const ms = ns / 1000000n;
+	const remNs = ns % 1000000n;
+	return Number(ms) + Number(remNs) / 1e6;
+}
+const SPAN_KIND_MAP = {
+	0: "INTERNAL",
+	1: "INTERNAL",
+	2: "SERVER",
+	3: "CLIENT",
+	4: "PRODUCER",
+	5: "CONSUMER",
+	SPAN_KIND_INTERNAL: "INTERNAL",
+	SPAN_KIND_SERVER: "SERVER",
+	SPAN_KIND_CLIENT: "CLIENT",
+	SPAN_KIND_PRODUCER: "PRODUCER",
+	SPAN_KIND_CONSUMER: "CONSUMER"
+};
+function normalizeHexId(id) {
+	if (!id) return "";
+	if (/^[A-Za-z0-9+/=]+$/.test(id) && !/^[0-9a-f]+$/i.test(id) && (id.length === 12 || id.length === 24 || id.length === 28 || id.length === 44 || id.length === 48)) try {
+		return Buffer.from(id, "base64").toString("hex");
+	} catch {}
+	return id;
+}
+function parseOtlpTraces(payload) {
+	if (!payload || typeof payload !== "object") return [];
+	const { resourceSpans } = payload;
+	if (!Array.isArray(resourceSpans) || resourceSpans.length === 0) return [];
+	const traceMap = /* @__PURE__ */ new Map();
+	for (const rs of resourceSpans) {
+		const resourceAttrs = flattenAttributes(rs.resource?.attributes);
+		const service = String(resourceAttrs["service.name"] || "unknown");
+		const scopeSpans = rs.scopeSpans || [];
+		for (const ss of scopeSpans) {
+			const scope = ss.scope?.name ? {
+				name: ss.scope.name,
+				version: ss.scope.version || void 0
+			} : void 0;
+			for (const span of ss.spans || []) {
+				const traceId = normalizeHexId(span.traceId);
+				if (!traceId) continue;
+				const startMs = nanoToMs(span.startTimeUnixNano);
+				const endMs = nanoToMs(span.endTimeUnixNano);
+				const statusCode = span.status?.code;
+				let status = "UNSET";
+				if (statusCode === 1 || statusCode === "STATUS_CODE_OK") status = "OK";
+				if (statusCode === 2 || statusCode === "STATUS_CODE_ERROR") status = "ERROR";
+				const spanData = {
+					traceId,
+					spanId: normalizeHexId(span.spanId),
+					parentSpanId: normalizeHexId(span.parentSpanId) || void 0,
+					name: span.name || "unknown",
+					kind: SPAN_KIND_MAP[span.kind ?? 0] || "INTERNAL",
+					startTime: startMs,
+					endTime: endMs,
+					duration: endMs - startMs,
+					attributes: {
+						...resourceAttrs,
+						...flattenAttributes(span.attributes)
+					},
+					status: {
+						code: status,
+						message: span.status?.message
+					},
+					events: (span.events || []).map((e) => ({
+						name: e.name || "",
+						timestamp: nanoToMs(e.timeUnixNano),
+						attributes: flattenAttributes(e.attributes)
+					})),
+					links: (span.links || []).map((l) => ({
+						traceId: normalizeHexId(l.traceId),
+						spanId: normalizeHexId(l.spanId),
+						attributes: flattenAttributes(l.attributes)
+					})),
+					scope
+				};
+				const existing = traceMap.get(traceId);
+				if (existing) existing.spans.push(spanData);
+				else traceMap.set(traceId, {
+					spans: [spanData],
+					service
+				});
+			}
+		}
+	}
+	const traces = [];
+	for (const [traceId, { spans, service }] of traceMap) {
+		const sorted = spans.sort((a, b) => a.startTime - b.startTime);
+		const rootSpan = sorted.find((s) => !s.parentSpanId) || sorted[0];
+		const startTime = Math.min(...sorted.map((s) => s.startTime));
+		const endTime = Math.max(...sorted.map((s) => s.endTime));
+		const hasError = sorted.some((s) => s.status.code === "ERROR");
+		traces.push({
+			traceId,
+			correlationId: traceId.slice(0, 16),
+			rootSpan,
+			spans: sorted,
+			startTime,
+			endTime,
+			duration: endTime - startTime,
+			status: hasError ? "ERROR" : "OK",
+			service
+		});
+	}
+	return traces;
+}
+function parseOtlpLogs(payload) {
+	if (!payload || typeof payload !== "object") return [];
+	const { resourceLogs } = payload;
+	if (!Array.isArray(resourceLogs)) return [];
+	const logs = [];
+	for (const rl of resourceLogs) {
+		const resourceAttrs = flattenAttributes(rl.resource?.attributes);
+		for (const sl of rl.scopeLogs || []) for (const rec of sl.logRecords || []) {
+			const timestamp = nanoToMs(rec.timeUnixNano || rec.observedTimeUnixNano);
+			const traceId = normalizeHexId(rec.traceId) || void 0;
+			const spanId = normalizeHexId(rec.spanId) || void 0;
+			const body = rec.body ? resolveOtlpValue(rec.body) : "";
+			logs.push({
+				id: `${traceId || "no-trace"}:${spanId || "no-span"}:${timestamp}:${rec.severityNumber || 0}`,
+				traceId,
+				spanId,
+				resourceName: require_resource_utils.getResourceName(resourceAttrs),
+				severityText: rec.severityText,
+				severityNumber: rec.severityNumber,
+				body: typeof body === "string" ? body : body,
+				timestamp,
+				attributes: flattenAttributes(rec.attributes),
+				resource: resourceAttrs
+			});
+		}
+	}
+	return logs;
+}
+function countOtlpMetrics(payload) {
+	if (!payload || typeof payload !== "object") return 0;
+	const { resourceMetrics } = payload;
+	if (!Array.isArray(resourceMetrics)) return 0;
+	let count = 0;
+	for (const rm of resourceMetrics) for (const sm of rm.scopeMetrics || []) count += (sm.metrics || []).length;
+	return count;
+}
+async function readJsonBody(req) {
+	return new Promise((resolve, reject) => {
+		const chunks = [];
+		req.on("data", (chunk) => chunks.push(chunk));
+		req.on("end", () => {
+			try {
+				resolve(JSON.parse(Buffer.concat(chunks).toString()));
+			} catch {
+				reject(/* @__PURE__ */ new Error("Invalid JSON"));
+			}
+		});
+		req.on("error", reject);
+	});
+}
+async function readRawBody(req) {
+	return new Promise((resolve, reject) => {
+		const chunks = [];
+		req.on("data", (chunk) => chunks.push(chunk));
+		req.on("end", () => resolve(Buffer.concat(chunks)));
+		req.on("error", reject);
+	});
+}
+/**
+* True for OTLP/protobuf bodies. The OpenTelemetry Python/Java/Go SDKs default to
+* `http/protobuf` over OTLP HTTP, sending `application/x-protobuf`; some clients use
+* `application/protobuf`. Anything else (JSON, unset) is treated as OTLP/JSON.
+*/
+function isProtobufContentType(contentType) {
+	if (!contentType) return false;
+	const value = contentType.toLowerCase();
+	return value.includes("application/x-protobuf") || value.includes("application/protobuf");
+}
+function sendJson(res, status, data) {
+	const body = JSON.stringify(data);
+	res.writeHead(status, {
+		"Content-Type": "application/json",
+		"Content-Length": Buffer.byteLength(body)
+	});
+	res.end(body);
+}
+
+//#endregion
+//#region src/server/otlp-proto.ts
+const COMMON_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.common.v1;
+
+message AnyValue {
+  oneof value {
+    string string_value = 1;
+    bool bool_value = 2;
+    int64 int_value = 3;
+    double double_value = 4;
+    ArrayValue array_value = 5;
+    KeyValueList kvlist_value = 6;
+    bytes bytes_value = 7;
+  }
+}
+message ArrayValue { repeated AnyValue values = 1; }
+message KeyValueList { repeated KeyValue values = 1; }
+message KeyValue {
+  string key = 1;
+  AnyValue value = 2;
+}
+message InstrumentationScope {
+  string name = 1;
+  string version = 2;
+  repeated KeyValue attributes = 3;
+  uint32 dropped_attributes_count = 4;
+}
+`;
+const RESOURCE_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.resource.v1;
+
+message Resource {
+  repeated opentelemetry.proto.common.v1.KeyValue attributes = 1;
+  uint32 dropped_attributes_count = 2;
+}
+`;
+const TRACE_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.trace.v1;
+
+message ResourceSpans {
+  opentelemetry.proto.resource.v1.Resource resource = 1;
+  repeated ScopeSpans scope_spans = 2;
+  string schema_url = 3;
+}
+message ScopeSpans {
+  opentelemetry.proto.common.v1.InstrumentationScope scope = 1;
+  repeated Span spans = 2;
+  string schema_url = 3;
+}
+message Span {
+  bytes trace_id = 1;
+  bytes span_id = 2;
+  string trace_state = 3;
+  bytes parent_span_id = 4;
+  fixed32 flags = 16;
+  string name = 5;
+  SpanKind kind = 6;
+  fixed64 start_time_unix_nano = 7;
+  fixed64 end_time_unix_nano = 8;
+  repeated opentelemetry.proto.common.v1.KeyValue attributes = 9;
+  uint32 dropped_attributes_count = 10;
+  repeated Event events = 11;
+  uint32 dropped_events_count = 12;
+  repeated Link links = 13;
+  uint32 dropped_links_count = 14;
+  Status status = 15;
+
+  enum SpanKind {
+    SPAN_KIND_UNSPECIFIED = 0;
+    SPAN_KIND_INTERNAL = 1;
+    SPAN_KIND_SERVER = 2;
+    SPAN_KIND_CLIENT = 3;
+    SPAN_KIND_PRODUCER = 4;
+    SPAN_KIND_CONSUMER = 5;
+  }
+  message Event {
+    fixed64 time_unix_nano = 1;
+    string name = 2;
+    repeated opentelemetry.proto.common.v1.KeyValue attributes = 3;
+    uint32 dropped_attributes_count = 4;
+  }
+  message Link {
+    bytes trace_id = 1;
+    bytes span_id = 2;
+    string trace_state = 3;
+    repeated opentelemetry.proto.common.v1.KeyValue attributes = 4;
+    uint32 dropped_attributes_count = 5;
+    fixed32 flags = 6;
+  }
+}
+message Status {
+  reserved 1;
+  string message = 2;
+  StatusCode code = 3;
+
+  enum StatusCode {
+    STATUS_CODE_UNSET = 0;
+    STATUS_CODE_OK = 1;
+    STATUS_CODE_ERROR = 2;
+  }
+}
+message ExportTraceServiceRequest {
+  repeated ResourceSpans resource_spans = 1;
+}
+`;
+const LOGS_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.logs.v1;
+
+enum SeverityNumber {
+  SEVERITY_NUMBER_UNSPECIFIED = 0;
+  SEVERITY_NUMBER_TRACE = 1;
+  SEVERITY_NUMBER_TRACE2 = 2;
+  SEVERITY_NUMBER_TRACE3 = 3;
+  SEVERITY_NUMBER_TRACE4 = 4;
+  SEVERITY_NUMBER_DEBUG = 5;
+  SEVERITY_NUMBER_DEBUG2 = 6;
+  SEVERITY_NUMBER_DEBUG3 = 7;
+  SEVERITY_NUMBER_DEBUG4 = 8;
+  SEVERITY_NUMBER_INFO = 9;
+  SEVERITY_NUMBER_INFO2 = 10;
+  SEVERITY_NUMBER_INFO3 = 11;
+  SEVERITY_NUMBER_INFO4 = 12;
+  SEVERITY_NUMBER_WARN = 13;
+  SEVERITY_NUMBER_WARN2 = 14;
+  SEVERITY_NUMBER_WARN3 = 15;
+  SEVERITY_NUMBER_WARN4 = 16;
+  SEVERITY_NUMBER_ERROR = 17;
+  SEVERITY_NUMBER_ERROR2 = 18;
+  SEVERITY_NUMBER_ERROR3 = 19;
+  SEVERITY_NUMBER_ERROR4 = 20;
+  SEVERITY_NUMBER_FATAL = 21;
+  SEVERITY_NUMBER_FATAL2 = 22;
+  SEVERITY_NUMBER_FATAL3 = 23;
+  SEVERITY_NUMBER_FATAL4 = 24;
+}
+message ResourceLogs {
+  opentelemetry.proto.resource.v1.Resource resource = 1;
+  repeated ScopeLogs scope_logs = 2;
+  string schema_url = 3;
+}
+message ScopeLogs {
+  opentelemetry.proto.common.v1.InstrumentationScope scope = 1;
+  repeated LogRecord log_records = 2;
+  string schema_url = 3;
+}
+message LogRecord {
+  reserved 4;
+  fixed64 time_unix_nano = 1;
+  fixed64 observed_time_unix_nano = 11;
+  SeverityNumber severity_number = 2;
+  string severity_text = 3;
+  opentelemetry.proto.common.v1.AnyValue body = 5;
+  repeated opentelemetry.proto.common.v1.KeyValue attributes = 6;
+  uint32 dropped_attributes_count = 7;
+  fixed32 flags = 8;
+  bytes trace_id = 9;
+  bytes span_id = 10;
+}
+message ExportLogsServiceRequest {
+  repeated ResourceLogs resource_logs = 1;
+}
+`;
+const METRICS_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.metrics.v1;
+
+message ResourceMetrics {
+  opentelemetry.proto.resource.v1.Resource resource = 1;
+  repeated ScopeMetrics scope_metrics = 2;
+  string schema_url = 3;
+}
+message ScopeMetrics {
+  opentelemetry.proto.common.v1.InstrumentationScope scope = 1;
+  repeated Metric metrics = 2;
+  string schema_url = 3;
+}
+message Metric {
+  string name = 1;
+  string description = 2;
+  string unit = 3;
+}
+message ExportMetricsServiceRequest {
+  repeated ResourceMetrics resource_metrics = 1;
+}
+`;
+const TO_OBJECT_OPTIONS = {
+	longs: String,
+	bytes: String,
+	defaults: false
+};
+let cachedRoot = null;
+function getRoot() {
+	if (cachedRoot) return cachedRoot;
+	const root = new protobufjs.default.Root();
+	for (const source of [
+		COMMON_PROTO,
+		RESOURCE_PROTO,
+		TRACE_PROTO,
+		LOGS_PROTO,
+		METRICS_PROTO
+	]) protobufjs.default.parse(source, root, { keepCase: false });
+	root.resolveAll();
+	cachedRoot = root;
+	return root;
+}
+function decodeRequest(typeName, body) {
+	const messageType = getRoot().lookupType(typeName);
+	const message = messageType.decode(body);
+	return messageType.toObject(message, TO_OBJECT_OPTIONS);
+}
+/** Decode an OTLP/protobuf `ExportTraceServiceRequest` into the OTLP/JSON object shape. */
+function decodeOtlpTraceRequest(body) {
+	return decodeRequest("opentelemetry.proto.trace.v1.ExportTraceServiceRequest", body);
+}
+/** Decode an OTLP/protobuf `ExportLogsServiceRequest` into the OTLP/JSON object shape. */
+function decodeOtlpLogsRequest(body) {
+	return decodeRequest("opentelemetry.proto.logs.v1.ExportLogsServiceRequest", body);
+}
+/** Decode an OTLP/protobuf `ExportMetricsServiceRequest` into the OTLP/JSON object shape. */
+function decodeOtlpMetricsRequest(body) {
+	return decodeRequest("opentelemetry.proto.metrics.v1.ExportMetricsServiceRequest", body);
+}
+
+//#endregion
+//#region src/server/identity.ts
+/** Value of the `x-autotel-devtools` response header and the /healthz `service` field. */
+const DEVTOOLS_IDENTITY = "autotel-devtools";
+/**
+* Probe `host:port` over HTTP and classify what is listening. Used when our
+* requested port is busy: it lets us tell "a stale autotel-devtools is still
+* up" (benign) apart from "a foreign collector owns this port" — the latter is
+* the silent footgun where apps keep exporting OTLP to the busy port and reach
+* the wrong process, so the devtools UI stays empty and the app sees errors.
+*/
+async function probePortHolder(host, port, timeoutMs = 500) {
+	const authority = host.includes(":") ? `[${host}]` : host;
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), timeoutMs);
+	try {
+		const res = await fetch(`http://${authority}:${port}/healthz`, { signal: controller.signal });
+		if (res.headers.get("x-autotel-devtools")) return "autotel-devtools";
+		try {
+			const body = await res.json();
+			if (body && body.service === "autotel-devtools") return "autotel-devtools";
+		} catch {}
+		return "foreign";
+	} catch {
+		return "none";
+	} finally {
+		clearTimeout(timer);
+	}
+}
+
+//#endregion
+//#region src/server/http.ts
+function sendOtlpError(res, req, e) {
+	sendJson(res, 400, {
+		error: "Invalid OTLP payload",
+		message: e instanceof Error ? e.message : String(e),
+		contentType: req.headers["content-type"] ?? null
+	});
+}
+const PROTOBUF_DECODERS = {
+	traces: decodeOtlpTraceRequest,
+	logs: decodeOtlpLogsRequest,
+	metrics: decodeOtlpMetricsRequest
+};
+async function readOtlpPayload(req, signal) {
+	if (isProtobufContentType(req.headers["content-type"])) return PROTOBUF_DECODERS[signal](await readRawBody(req));
+	return readJsonBody(req);
+}
+function findPackageRoot() {
+	let dir = (0, node_path.dirname)((0, node_url.fileURLToPath)(require("url").pathToFileURL(__filename).href));
+	for (let i = 0; i < 5; i++) {
+		if ((0, node_fs.existsSync)((0, node_path.resolve)(dir, "package.json"))) return dir;
+		dir = (0, node_path.dirname)(dir);
+	}
+	return dir;
+}
+const DEVTOOLS_FAVICON_SVG = "<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 64 64\"><rect width=\"64\" height=\"64\" rx=\"14\" fill=\"#0f172a\"/><text x=\"32\" y=\"41\" text-anchor=\"middle\" font-size=\"32\">🛰️</text></svg>";
+const FULLPAGE_HTML = `<!DOCTYPE html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>autotel-devtools</title><link rel="icon" href="/favicon.svg" type="image/svg+xml"><style>*{margin:0;padding:0;box-sizing:border-box}html,body{height:100%;width:100%;overflow:hidden}</style></head><body><script src="/widget.js?mode=fullpage"><\/script></body></html>`;
+let cachedVersion = null;
+function getVersion() {
+	if (cachedVersion !== null) return cachedVersion;
+	let version = "unknown";
+	try {
+		const pkg = JSON.parse((0, node_fs.readFileSync)((0, node_path.resolve)(findPackageRoot(), "package.json"), "utf8"));
+		if (typeof pkg.version === "string") version = pkg.version;
+	} catch {}
+	cachedVersion = version;
+	return version;
+}
+let cachedWidgetJs = null;
+function getWidgetJs() {
+	if (!cachedWidgetJs) {
+		const pkgRoot = findPackageRoot();
+		const candidates = [(0, node_path.resolve)(pkgRoot, "dist", "widget.global.js"), (0, node_path.resolve)(pkgRoot, "widget.global.js")];
+		for (const candidate of candidates) try {
+			cachedWidgetJs = (0, node_fs.readFileSync)(candidate, "utf8");
+			break;
+		} catch {}
+		if (!cachedWidgetJs) cachedWidgetJs = "// widget bundle not found - run pnpm build first";
+	}
+	return cachedWidgetJs;
+}
+function attachDevtoolsRoutes(httpServer, devtools, options = {}) {
+	const loopbackOnly = options.loopbackOnly ?? true;
+	httpServer.on("request", async (req, res) => {
+		if (req.headers.upgrade?.toLowerCase() === "websocket") return;
+		res.setHeader("Access-Control-Allow-Origin", "*");
+		res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+		res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+		res.setHeader("x-autotel-devtools", getVersion());
+		res.setHeader("Access-Control-Expose-Headers", "x-autotel-devtools");
+		if (req.method === "OPTIONS") {
+			res.writeHead(204);
+			res.end();
+			return;
+		}
+		const url = req.url || "/";
+		if (req.method === "GET" && url === "/") {
+			res.writeHead(200, {
+				"Content-Type": "text/html; charset=utf-8",
+				"Content-Length": Buffer.byteLength(FULLPAGE_HTML)
+			});
+			res.end(FULLPAGE_HTML);
+			return;
+		}
+		if (req.method === "GET" && url.startsWith("/widget.js")) {
+			const js = getWidgetJs();
+			res.writeHead(200, {
+				"Content-Type": "application/javascript; charset=utf-8",
+				"Content-Length": Buffer.byteLength(js)
+			});
+			res.end(js);
+			return;
+		}
+		if (req.method === "GET" && (url === "/favicon.svg" || url === "/favicon.ico")) {
+			res.writeHead(200, {
+				"Content-Type": "image/svg+xml; charset=utf-8",
+				"Cache-Control": "public, max-age=86400",
+				"Content-Length": Buffer.byteLength(DEVTOOLS_FAVICON_SVG)
+			});
+			res.end(DEVTOOLS_FAVICON_SVG);
+			return;
+		}
+		if (req.method === "GET" && url === "/healthz") {
+			sendJson(res, 200, {
+				ok: true,
+				service: DEVTOOLS_IDENTITY,
+				version: getVersion(),
+				clients: devtools.clientCount
+			});
+			return;
+		}
+		if (req.method === "GET" && url === "/v1/traces") {
+			if (!allowSensitiveRequest(req.headers, loopbackOnly)) {
+				sendJson(res, 403, { error: "Forbidden" });
+				return;
+			}
+			const data = devtools.getCurrentData();
+			sendJson(res, 200, {
+				traces: data.traces,
+				count: data.traces.length
+			});
+			return;
+		}
+		if (req.method === "DELETE" && url === "/v1/traces") {
+			if (!allowSensitiveRequest(req.headers, loopbackOnly)) {
+				sendJson(res, 403, { error: "Forbidden" });
+				return;
+			}
+			devtools.clearData();
+			sendJson(res, 200, { cleared: true });
+			return;
+		}
+		if (req.method === "POST" && url === "/v1/traces") {
+			try {
+				const traces = parseOtlpTraces(await readOtlpPayload(req, "traces"));
+				devtools.addTraces(traces);
+				sendJson(res, 200, { acceptedTraces: traces.length });
+			} catch (e) {
+				sendOtlpError(res, req, e);
+			}
+			return;
+		}
+		if (req.method === "POST" && url === "/v1/logs") {
+			try {
+				const logs = parseOtlpLogs(await readOtlpPayload(req, "logs"));
+				devtools.addLogs(logs);
+				sendJson(res, 200, { acceptedLogs: logs.length });
+			} catch (e) {
+				sendOtlpError(res, req, e);
+			}
+			return;
+		}
+		if (req.method === "POST" && url === "/v1/metrics") {
+			try {
+				sendJson(res, 200, { acceptedMetrics: countOtlpMetrics(await readOtlpPayload(req, "metrics")) });
+			} catch (e) {
+				sendOtlpError(res, req, e);
+			}
+			return;
+		}
+		sendJson(res, 404, { error: "Not found" });
+	});
+}
+function createDevtoolsHttpServer(devtools, _options = {}) {
+	const server = (0, node_http.createServer)();
+	attachDevtoolsRoutes(server, devtools);
+	return server;
+}
+
+//#endregion
+Object.defineProperty(exports, 'DEVTOOLS_IDENTITY', {
+  enumerable: true,
+  get: function () {
+    return DEVTOOLS_IDENTITY;
+  }
+});
+Object.defineProperty(exports, 'DevtoolsServer', {
+  enumerable: true,
+  get: function () {
+    return DevtoolsServer;
+  }
+});
+Object.defineProperty(exports, 'ErrorAggregator', {
+  enumerable: true,
+  get: function () {
+    return ErrorAggregator;
+  }
+});
+Object.defineProperty(exports, 'allowSensitiveRequest', {
+  enumerable: true,
+  get: function () {
+    return allowSensitiveRequest;
+  }
+});
+Object.defineProperty(exports, 'appendManyWithLimit', {
+  enumerable: true,
+  get: function () {
+    return appendManyWithLimit;
+  }
+});
+Object.defineProperty(exports, 'appendWithLimit', {
+  enumerable: true,
+  get: function () {
+    return appendWithLimit;
+  }
+});
+Object.defineProperty(exports, 'applyTelemetryLimits', {
+  enumerable: true,
+  get: function () {
+    return applyTelemetryLimits;
+  }
+});
+Object.defineProperty(exports, 'attachDevtoolsRoutes', {
+  enumerable: true,
+  get: function () {
+    return attachDevtoolsRoutes;
+  }
+});
+Object.defineProperty(exports, 'createDevtoolsHttpServer', {
+  enumerable: true,
+  get: function () {
+    return createDevtoolsHttpServer;
+  }
+});
+Object.defineProperty(exports, 'decodeOtlpLogsRequest', {
+  enumerable: true,
+  get: function () {
+    return decodeOtlpLogsRequest;
+  }
+});
+Object.defineProperty(exports, 'decodeOtlpMetricsRequest', {
+  enumerable: true,
+  get: function () {
+    return decodeOtlpMetricsRequest;
+  }
+});
+Object.defineProperty(exports, 'decodeOtlpTraceRequest', {
+  enumerable: true,
+  get: function () {
+    return decodeOtlpTraceRequest;
+  }
+});
+Object.defineProperty(exports, 'hostHeaderIsLoopback', {
+  enumerable: true,
+  get: function () {
+    return hostHeaderIsLoopback;
+  }
+});
+Object.defineProperty(exports, 'isLoopbackHostname', {
+  enumerable: true,
+  get: function () {
+    return isLoopbackHostname;
+  }
+});
+Object.defineProperty(exports, 'isProtobufContentType', {
+  enumerable: true,
+  get: function () {
+    return isProtobufContentType;
+  }
+});
+Object.defineProperty(exports, 'originIsLoopback', {
+  enumerable: true,
+  get: function () {
+    return originIsLoopback;
+  }
+});
+Object.defineProperty(exports, 'parseOtlpLogs', {
+  enumerable: true,
+  get: function () {
+    return parseOtlpLogs;
+  }
+});
+Object.defineProperty(exports, 'parseOtlpTraces', {
+  enumerable: true,
+  get: function () {
+    return parseOtlpTraces;
+  }
+});
+Object.defineProperty(exports, 'probePortHolder', {
+  enumerable: true,
+  get: function () {
+    return probePortHolder;
+  }
+});
+Object.defineProperty(exports, 'resolveTelemetryLimits', {
+  enumerable: true,
+  get: function () {
+    return resolveTelemetryLimits;
+  }
+});
+//# sourceMappingURL=http-Yj6iSrMX.cjs.map