autotel-devtools 8.1.1 → 9.0.0

package/dist/http-BkkKa9C_.js

@@ -0,0 +1,1128 @@
+import { t as getResourceName } from "./resource-utils-B4UVvfnH.js";
+import { createServer } from "node:http";
+import { WebSocket, WebSocketServer } from "ws";
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import protobuf from "protobufjs";
+
+//#region src/server/error-aggregator.ts
+var ErrorAggregator = class {
+	errorGroups = /* @__PURE__ */ new Map();
+	options;
+	constructor(options = {}) {
+		this.options = {
+			maxGroups: options.maxGroups ?? 100,
+			maxAffectedTraces: options.maxAffectedTraces ?? 10,
+			maxAffectedSpans: options.maxAffectedSpans ?? 5,
+			stackFramesForFingerprint: options.stackFramesForFingerprint ?? 5
+		};
+	}
+	/**
+	* Add an error occurrence to the aggregator
+	*/
+	addError(occurrence) {
+		const fingerprint = this.generateFingerprint(occurrence);
+		const existing = this.errorGroups.get(fingerprint);
+		if (existing) {
+			existing.count++;
+			existing.lastSeen = occurrence.timestamp;
+			if (!existing.affectedTraces.includes(occurrence.traceId)) {
+				existing.affectedTraces.push(occurrence.traceId);
+				if (existing.affectedTraces.length > this.options.maxAffectedTraces) existing.affectedTraces.shift();
+			}
+			if (!existing.affectedSpans.includes(occurrence.spanName)) {
+				existing.affectedSpans.push(occurrence.spanName);
+				if (existing.affectedSpans.length > this.options.maxAffectedSpans) existing.affectedSpans.shift();
+			}
+			return existing;
+		}
+		const newGroup = {
+			fingerprint,
+			type: occurrence.error.type,
+			message: occurrence.error.message,
+			stackTrace: this.normalizeStackTrace(occurrence.error.stackTrace),
+			count: 1,
+			firstSeen: occurrence.timestamp,
+			lastSeen: occurrence.timestamp,
+			affectedTraces: [occurrence.traceId],
+			affectedSpans: [occurrence.spanName],
+			service: occurrence.service,
+			attributes: occurrence.attributes
+		};
+		if (this.errorGroups.size >= this.options.maxGroups) this.evictOldestGroup();
+		this.errorGroups.set(fingerprint, newGroup);
+		return newGroup;
+	}
+	/**
+	* Extract errors from a trace and add them to the aggregator
+	*/
+	addErrorsFromTrace(trace) {
+		const addedGroups = [];
+		for (const span of trace.spans) if (span.status.code === "ERROR") {
+			const occurrence = this.extractErrorFromSpan(span, trace);
+			if (occurrence) {
+				const group = this.addError(occurrence);
+				addedGroups.push(group);
+			}
+		}
+		return addedGroups;
+	}
+	/**
+	* Extract error occurrence from a span
+	*/
+	extractErrorFromSpan(span, trace) {
+		const exceptionEvent = span.events?.find((e) => e.name === "exception");
+		const errorType = span.attributes["exception.type"] || span.attributes["error.type"] || exceptionEvent?.attributes?.["exception.type"] || "Error";
+		const errorMessage = span.status.message || span.attributes["exception.message"] || span.attributes["error.message"] || "Unknown error";
+		const stackTrace = span.attributes["exception.stacktrace"] || span.attributes["exception.stack"] || this.extractStackFromEvents(span);
+		return {
+			traceId: trace.traceId,
+			spanId: span.spanId,
+			spanName: span.name,
+			service: trace.service,
+			timestamp: span.endTime,
+			error: {
+				type: errorType,
+				message: errorMessage,
+				stackTrace
+			},
+			attributes: this.extractRelevantAttributes(span.attributes)
+		};
+	}
+	/**
+	* Extract stack trace from span events (exception events)
+	*/
+	extractStackFromEvents(span) {
+		if (!span.events) return void 0;
+		const exceptionEvent = span.events.find((e) => e.name === "exception");
+		if (exceptionEvent?.attributes) return exceptionEvent.attributes["exception.stacktrace"] || exceptionEvent.attributes["exception.stack"];
+	}
+	/**
+	* Extract relevant attributes for error context
+	*/
+	extractRelevantAttributes(attributes) {
+		const relevant = {};
+		for (const key of [
+			"http.method",
+			"http.url",
+			"http.route",
+			"http.status_code",
+			"db.system",
+			"db.operation",
+			"rpc.method",
+			"rpc.service",
+			"code.function",
+			"code.filepath",
+			"user.id",
+			"operation.name"
+		]) if (key in attributes) relevant[key] = attributes[key];
+		return relevant;
+	}
+	/**
+	* Generate a fingerprint for error grouping
+	*
+	* Uses error type + first N stack frames (normalized)
+	*/
+	generateFingerprint(occurrence) {
+		const parts = [occurrence.error.type];
+		if (occurrence.error.stackTrace) {
+			const frames = this.extractStackFrames(occurrence.error.stackTrace, this.options.stackFramesForFingerprint);
+			parts.push(...frames);
+		} else parts.push(this.normalizeMessage(occurrence.error.message));
+		return this.simpleHash(parts.join("|"));
+	}
+	/**
+	* Extract and normalize stack frames from a stack trace
+	*/
+	extractStackFrames(stackTrace, count) {
+		const lines = stackTrace.split("\n");
+		const frames = [];
+		for (const line of lines) {
+			if (frames.length >= count) break;
+			const trimmed = line.trim();
+			const nodeMatch = trimmed.match(/^at\s+(.+?)\s+\((.+?):(\d+):\d+\)$/);
+			if (nodeMatch) {
+				frames.push(`${nodeMatch[1]}@${this.normalizeFilePath(nodeMatch[2])}`);
+				continue;
+			}
+			const anonMatch = trimmed.match(/^at\s+(.+?):(\d+):\d+$/);
+			if (anonMatch) {
+				frames.push(`anonymous@${this.normalizeFilePath(anonMatch[1])}`);
+				continue;
+			}
+			const browserMatch = trimmed.match(/^(.+?)@(.+?):(\d+):\d+$/);
+			if (browserMatch) {
+				frames.push(`${browserMatch[1]}@${this.normalizeFilePath(browserMatch[2])}`);
+				continue;
+			}
+		}
+		return frames;
+	}
+	/**
+	* Normalize file path by removing absolute path prefixes and node_modules paths
+	*/
+	normalizeFilePath(filePath) {
+		const nodeModulesMatch = filePath.match(/node_modules\/(@[^/]+\/[^/]+|[^/]+)/);
+		if (nodeModulesMatch) return `[npm]/${nodeModulesMatch[1]}`;
+		return filePath.replace(/^.*?\/src\//, "src/").replace(/^.*?\/dist\//, "dist/").replace(/^.*?\/lib\//, "lib/").replace(/^file:\/\//, "");
+	}
+	/**
+	* Normalize error message by removing dynamic parts
+	*/
+	normalizeMessage(message) {
+		return message.replaceAll(/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/gi, "[UUID]").replaceAll(/\b[0-9a-f]{16,}\b/gi, "[ID]").replaceAll(/\b\d+\b/g, "[N]").replaceAll(/"[^"]*"/g, "\"[STR]\"").replaceAll(/'[^']*'/g, "'[STR]'").slice(0, 200);
+	}
+	/**
+	* Normalize stack trace for display
+	*/
+	normalizeStackTrace(stackTrace) {
+		if (!stackTrace) return void 0;
+		return stackTrace.split("\n").slice(0, 10).join("\n");
+	}
+	/**
+	* Simple hash function for fingerprinting
+	*/
+	simpleHash(str) {
+		let hash = 0;
+		for (let i = 0; i < str.length; i++) {
+			const char = str.charCodeAt(i);
+			hash = (hash << 5) - hash + char;
+			hash = hash & hash;
+		}
+		return Math.abs(hash).toString(16).padStart(8, "0");
+	}
+	/**
+	* Evict the oldest error group
+	*/
+	evictOldestGroup() {
+		let oldest = null;
+		for (const [fingerprint, group] of this.errorGroups) if (!oldest || group.lastSeen < oldest.lastSeen) oldest = {
+			fingerprint,
+			lastSeen: group.lastSeen
+		};
+		if (oldest) this.errorGroups.delete(oldest.fingerprint);
+	}
+	/**
+	* Get all error groups, sorted by most recent
+	*/
+	getErrorGroups() {
+		return [...this.errorGroups.values()].sort((a, b) => b.lastSeen - a.lastSeen);
+	}
+	/**
+	* Get error groups sorted by count (most frequent first)
+	*/
+	getErrorGroupsByFrequency() {
+		return [...this.errorGroups.values()].sort((a, b) => b.count - a.count);
+	}
+	/**
+	* Get a specific error group by fingerprint
+	*/
+	getErrorGroup(fingerprint) {
+		return this.errorGroups.get(fingerprint);
+	}
+	/**
+	* Get error groups for a specific service
+	*/
+	getErrorGroupsByService(service) {
+		return this.getErrorGroups().filter((g) => g.service === service);
+	}
+	/**
+	* Get total error count across all groups
+	*/
+	getTotalErrorCount() {
+		let total = 0;
+		for (const group of this.errorGroups.values()) total += group.count;
+		return total;
+	}
+	/**
+	* Get error statistics
+	*/
+	getStats() {
+		const oneHourAgo = Date.now() - 3600 * 1e3;
+		let recentErrors = 0;
+		const typeCount = /* @__PURE__ */ new Map();
+		for (const group of this.errorGroups.values()) {
+			if (group.lastSeen > oneHourAgo) recentErrors += group.count;
+			typeCount.set(group.type, (typeCount.get(group.type) || 0) + group.count);
+		}
+		const topErrorTypes = [...typeCount.entries()].map(([type, count]) => ({
+			type,
+			count
+		})).sort((a, b) => b.count - a.count).slice(0, 5);
+		return {
+			totalGroups: this.errorGroups.size,
+			totalErrors: this.getTotalErrorCount(),
+			recentErrors,
+			topErrorTypes
+		};
+	}
+	/**
+	* Clear all error groups
+	*/
+	clear() {
+		this.errorGroups.clear();
+	}
+	/**
+	* Clear old error groups (not seen in given time window)
+	*/
+	clearOlderThan(maxAgeMs) {
+		const cutoff = Date.now() - maxAgeMs;
+		let cleared = 0;
+		for (const [fingerprint, group] of this.errorGroups) if (group.lastSeen < cutoff) {
+			this.errorGroups.delete(fingerprint);
+			cleared++;
+		}
+		return cleared;
+	}
+};
+
+//#endregion
+//#region src/server/telemetry-limits.ts
+const defaultLimit = 100;
+function parseLimit(value) {
+	if (!value) return void 0;
+	const parsed = Number.parseInt(value, 10);
+	return Number.isFinite(parsed) && parsed > 0 ? parsed : void 0;
+}
+function resolveTelemetryLimits(args = {}) {
+	const env = args.env ?? process.env;
+	const fallback = args.maxHistory ?? defaultLimit;
+	return {
+		maxTraceCount: args.maxTraceCount ?? parseLimit(env.AUTOTEL_MAX_TRACE_COUNT) ?? fallback,
+		maxLogCount: args.maxLogCount ?? parseLimit(env.AUTOTEL_MAX_LOG_COUNT) ?? fallback,
+		maxMetricCount: args.maxMetricCount ?? parseLimit(env.AUTOTEL_MAX_METRIC_COUNT) ?? fallback
+	};
+}
+function appendWithLimit(items, item, limit) {
+	if (limit <= 0) return [];
+	const next = [...items, item];
+	return next.length > limit ? next.slice(next.length - limit) : next;
+}
+function appendManyWithLimit(items, incoming, limit) {
+	if (limit <= 0 || incoming.length === 0) return limit <= 0 ? [] : items;
+	const next = [...items, ...incoming];
+	return next.length > limit ? next.slice(next.length - limit) : next;
+}
+function applyTelemetryLimits(data, limits) {
+	return {
+		...data,
+		traces: data.traces.slice(-limits.maxTraceCount),
+		logs: data.logs.slice(-limits.maxLogCount),
+		metrics: data.metrics.slice(-limits.maxMetricCount)
+	};
+}
+
+//#endregion
+//#region src/server/origin-guard.ts
+const LOOPBACK_IPV6 = new Set(["::1", "0:0:0:0:0:0:0:1"]);
+/** True for `localhost`, any `127.x.x.x`, and IPv6 loopback. Case-insensitive. */
+function isLoopbackHostname(hostname) {
+	const h = hostname.toLowerCase().replace(/^\[|\]$/g, "");
+	return h === "localhost" || /^127\./.test(h) || LOOPBACK_IPV6.has(h);
+}
+/** Hostname from a `Host` header (`host`, `host:port`, `[::1]:port`). */
+function hostnameFromHostHeader(host) {
+	const h = host.trim();
+	if (h.startsWith("[")) {
+		const end = h.indexOf("]");
+		return end > 0 ? h.slice(1, end) : h;
+	}
+	const colon = h.indexOf(":");
+	return colon === -1 ? h : h.slice(0, colon);
+}
+/** True when the `Host` header names a loopback host. */
+function hostHeaderIsLoopback(host) {
+	return isLoopbackHostname(hostnameFromHostHeader(host));
+}
+/** True when an `Origin` header names a loopback origin. A malformed or opaque
+*  origin (e.g. the literal `null` from a sandboxed iframe) is treated as
+*  non-loopback. */
+function originIsLoopback(origin) {
+	try {
+		return isLoopbackHostname(new URL(origin).hostname);
+	} catch {
+		return false;
+	}
+}
+/**
+* Decide whether a request to a sensitive (read/mutate) endpoint is allowed.
+* - A present, non-loopback `Origin` is always rejected (cross-origin read).
+* - When `loopbackOnly`, a present, non-loopback `Host` is rejected (DNS
+*   rebinding). Skipped when the receiver is bound to a non-loopback host.
+*/
+function allowSensitiveRequest(headers, loopbackOnly) {
+	const { origin, host } = headers;
+	if (origin && origin.length > 0 && !originIsLoopback(origin)) return false;
+	if (loopbackOnly && host && host.length > 0 && !hostHeaderIsLoopback(host)) return false;
+	return true;
+}
+
+//#endregion
+//#region src/server/server.ts
+var DevtoolsServer = class {
+	wss;
+	clients = /* @__PURE__ */ new Set();
+	httpServer;
+	traces = [];
+	logs = [];
+	metrics = [];
+	errorAggregator = new ErrorAggregator();
+	limits;
+	verbose;
+	_port;
+	onData;
+	constructor(options = {}) {
+		this.limits = resolveTelemetryLimits(options);
+		this.verbose = options.verbose ?? false;
+		this._port = options.port ?? 4318;
+		this.onData = options.onData;
+		this.httpServer = options.server ?? createServer();
+		const loopbackOnly = options.host == null || hostHeaderIsLoopback(options.host);
+		this.wss = new WebSocketServer({
+			server: this.httpServer,
+			path: options.path ?? "/ws",
+			verifyClient: ({ origin, req }) => allowSensitiveRequest({
+				origin,
+				host: req.headers.host
+			}, loopbackOnly)
+		});
+		this.wss.on("error", (err) => {
+			if (this.httpServer.listening) throw err;
+		});
+		this.wss.on("connection", (ws) => {
+			this.clients.add(ws);
+			this.log(`Client connected (${this.clients.size} total)`);
+			const data = this.getCurrentData();
+			if (data.traces.length > 0 || data.logs.length > 0 || data.errors.length > 0) ws.send(JSON.stringify(data));
+			ws.on("close", () => {
+				this.clients.delete(ws);
+				this.log(`Client disconnected (${this.clients.size} total)`);
+			});
+		});
+		if (!options.server) this.httpServer.listen(this._port, () => {
+			const addr = this.httpServer.address();
+			if (addr && typeof addr === "object") this._port = addr.port;
+			this.log(`WebSocket server listening on port ${this._port}`);
+		});
+	}
+	get port() {
+		const addr = this.httpServer.address();
+		if (addr && typeof addr === "object") return addr.port;
+		return this._port;
+	}
+	get clientCount() {
+		return this.clients.size;
+	}
+	addTrace(trace) {
+		const existing = this.traces.find((t) => t.traceId === trace.traceId);
+		const merged = existing ?? trace;
+		if (existing) {
+			const existingSpanIds = new Set(existing.spans.map((s) => s.spanId));
+			for (const span of trace.spans) if (!existingSpanIds.has(span.spanId)) existing.spans.push(span);
+			existing.startTime = Math.min(existing.startTime, trace.startTime);
+			existing.endTime = Math.max(existing.endTime, trace.endTime);
+			existing.duration = existing.endTime - existing.startTime;
+			if (trace.status === "ERROR") existing.status = "ERROR";
+			const root = existing.spans.find((s) => !s.parentSpanId);
+			if (root) {
+				existing.rootSpan = root;
+				const rootService = root.attributes?.["service.name"];
+				if (typeof rootService === "string" && rootService.length > 0) existing.service = rootService;
+			}
+		} else this.traces = appendWithLimit(this.traces, trace, this.limits.maxTraceCount);
+		this.errorAggregator.addErrorsFromTrace(trace);
+		this.broadcast({
+			traces: [merged],
+			metrics: [],
+			logs: [],
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	addTraces(traces) {
+		for (const trace of traces) this.addTrace(trace);
+	}
+	addLog(log) {
+		this.logs = appendWithLimit(this.logs, log, this.limits.maxLogCount);
+		this.broadcast({
+			traces: [],
+			metrics: [],
+			logs: [log],
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	addLogs(logs) {
+		this.logs = appendManyWithLimit(this.logs, logs, this.limits.maxLogCount);
+		this.broadcast({
+			traces: [],
+			metrics: [],
+			logs,
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	addMetric(metric) {
+		this.metrics = appendWithLimit(this.metrics, metric, this.limits.maxMetricCount);
+		this.broadcast({
+			traces: [],
+			metrics: [metric],
+			logs: [],
+			errors: this.errorAggregator.getErrorGroups()
+		});
+	}
+	getCurrentData() {
+		return {
+			traces: this.traces,
+			metrics: this.metrics,
+			logs: this.logs,
+			errors: this.errorAggregator.getErrorGroups()
+		};
+	}
+	clearData() {
+		this.traces = [];
+		this.logs = [];
+		this.metrics = [];
+		this.errorAggregator.clear();
+	}
+	broadcast(data) {
+		const msg = JSON.stringify(data);
+		for (const client of this.clients) if (client.readyState === WebSocket.OPEN) client.send(msg);
+		if (this.onData) try {
+			this.onData(data);
+		} catch {}
+	}
+	log(message) {
+		if (this.verbose) console.log(`[autotel-devtools] ${message}`);
+	}
+	async close() {
+		for (const client of this.clients) client.close();
+		this.clients.clear();
+		this.wss.close();
+		await new Promise((resolve) => this.httpServer.close(() => resolve()));
+	}
+};
+
+//#endregion
+//#region src/server/otlp.ts
+function resolveOtlpValue(v) {
+	if (!v) return void 0;
+	if (v.stringValue !== void 0) return v.stringValue;
+	if (v.boolValue !== void 0) return v.boolValue;
+	if (v.intValue !== void 0) return typeof v.intValue === "string" ? Number(v.intValue) : v.intValue;
+	if (v.doubleValue !== void 0) return v.doubleValue;
+	if (v.bytesValue !== void 0) return v.bytesValue;
+	if (v.arrayValue?.values) return v.arrayValue.values.map(resolveOtlpValue);
+	if (v.kvlistValue?.values) return flattenAttributes(v.kvlistValue.values);
+}
+function flattenAttributes(attrs) {
+	const out = {};
+	if (!attrs) return out;
+	for (const { key, value } of attrs) out[key] = resolveOtlpValue(value);
+	return out;
+}
+function nanoToMs(nano) {
+	if (!nano) return 0;
+	const ns = BigInt(nano);
+	const ms = ns / 1000000n;
+	const remNs = ns % 1000000n;
+	return Number(ms) + Number(remNs) / 1e6;
+}
+const SPAN_KIND_MAP = {
+	0: "INTERNAL",
+	1: "INTERNAL",
+	2: "SERVER",
+	3: "CLIENT",
+	4: "PRODUCER",
+	5: "CONSUMER",
+	SPAN_KIND_INTERNAL: "INTERNAL",
+	SPAN_KIND_SERVER: "SERVER",
+	SPAN_KIND_CLIENT: "CLIENT",
+	SPAN_KIND_PRODUCER: "PRODUCER",
+	SPAN_KIND_CONSUMER: "CONSUMER"
+};
+function normalizeHexId(id) {
+	if (!id) return "";
+	if (/^[A-Za-z0-9+/=]+$/.test(id) && !/^[0-9a-f]+$/i.test(id) && (id.length === 12 || id.length === 24 || id.length === 28 || id.length === 44 || id.length === 48)) try {
+		return Buffer.from(id, "base64").toString("hex");
+	} catch {}
+	return id;
+}
+function parseOtlpTraces(payload) {
+	if (!payload || typeof payload !== "object") return [];
+	const { resourceSpans } = payload;
+	if (!Array.isArray(resourceSpans) || resourceSpans.length === 0) return [];
+	const traceMap = /* @__PURE__ */ new Map();
+	for (const rs of resourceSpans) {
+		const resourceAttrs = flattenAttributes(rs.resource?.attributes);
+		const service = String(resourceAttrs["service.name"] || "unknown");
+		const scopeSpans = rs.scopeSpans || [];
+		for (const ss of scopeSpans) {
+			const scope = ss.scope?.name ? {
+				name: ss.scope.name,
+				version: ss.scope.version || void 0
+			} : void 0;
+			for (const span of ss.spans || []) {
+				const traceId = normalizeHexId(span.traceId);
+				if (!traceId) continue;
+				const startMs = nanoToMs(span.startTimeUnixNano);
+				const endMs = nanoToMs(span.endTimeUnixNano);
+				const statusCode = span.status?.code;
+				let status = "UNSET";
+				if (statusCode === 1 || statusCode === "STATUS_CODE_OK") status = "OK";
+				if (statusCode === 2 || statusCode === "STATUS_CODE_ERROR") status = "ERROR";
+				const spanData = {
+					traceId,
+					spanId: normalizeHexId(span.spanId),
+					parentSpanId: normalizeHexId(span.parentSpanId) || void 0,
+					name: span.name || "unknown",
+					kind: SPAN_KIND_MAP[span.kind ?? 0] || "INTERNAL",
+					startTime: startMs,
+					endTime: endMs,
+					duration: endMs - startMs,
+					attributes: {
+						...resourceAttrs,
+						...flattenAttributes(span.attributes)
+					},
+					status: {
+						code: status,
+						message: span.status?.message
+					},
+					events: (span.events || []).map((e) => ({
+						name: e.name || "",
+						timestamp: nanoToMs(e.timeUnixNano),
+						attributes: flattenAttributes(e.attributes)
+					})),
+					links: (span.links || []).map((l) => ({
+						traceId: normalizeHexId(l.traceId),
+						spanId: normalizeHexId(l.spanId),
+						attributes: flattenAttributes(l.attributes)
+					})),
+					scope
+				};
+				const existing = traceMap.get(traceId);
+				if (existing) existing.spans.push(spanData);
+				else traceMap.set(traceId, {
+					spans: [spanData],
+					service
+				});
+			}
+		}
+	}
+	const traces = [];
+	for (const [traceId, { spans, service }] of traceMap) {
+		const sorted = spans.sort((a, b) => a.startTime - b.startTime);
+		const rootSpan = sorted.find((s) => !s.parentSpanId) || sorted[0];
+		const startTime = Math.min(...sorted.map((s) => s.startTime));
+		const endTime = Math.max(...sorted.map((s) => s.endTime));
+		const hasError = sorted.some((s) => s.status.code === "ERROR");
+		traces.push({
+			traceId,
+			correlationId: traceId.slice(0, 16),
+			rootSpan,
+			spans: sorted,
+			startTime,
+			endTime,
+			duration: endTime - startTime,
+			status: hasError ? "ERROR" : "OK",
+			service
+		});
+	}
+	return traces;
+}
+function parseOtlpLogs(payload) {
+	if (!payload || typeof payload !== "object") return [];
+	const { resourceLogs } = payload;
+	if (!Array.isArray(resourceLogs)) return [];
+	const logs = [];
+	for (const rl of resourceLogs) {
+		const resourceAttrs = flattenAttributes(rl.resource?.attributes);
+		for (const sl of rl.scopeLogs || []) for (const rec of sl.logRecords || []) {
+			const timestamp = nanoToMs(rec.timeUnixNano || rec.observedTimeUnixNano);
+			const traceId = normalizeHexId(rec.traceId) || void 0;
+			const spanId = normalizeHexId(rec.spanId) || void 0;
+			const body = rec.body ? resolveOtlpValue(rec.body) : "";
+			logs.push({
+				id: `${traceId || "no-trace"}:${spanId || "no-span"}:${timestamp}:${rec.severityNumber || 0}`,
+				traceId,
+				spanId,
+				resourceName: getResourceName(resourceAttrs),
+				severityText: rec.severityText,
+				severityNumber: rec.severityNumber,
+				body: typeof body === "string" ? body : body,
+				timestamp,
+				attributes: flattenAttributes(rec.attributes),
+				resource: resourceAttrs
+			});
+		}
+	}
+	return logs;
+}
+function countOtlpMetrics(payload) {
+	if (!payload || typeof payload !== "object") return 0;
+	const { resourceMetrics } = payload;
+	if (!Array.isArray(resourceMetrics)) return 0;
+	let count = 0;
+	for (const rm of resourceMetrics) for (const sm of rm.scopeMetrics || []) count += (sm.metrics || []).length;
+	return count;
+}
+async function readJsonBody(req) {
+	return new Promise((resolve, reject) => {
+		const chunks = [];
+		req.on("data", (chunk) => chunks.push(chunk));
+		req.on("end", () => {
+			try {
+				resolve(JSON.parse(Buffer.concat(chunks).toString()));
+			} catch {
+				reject(/* @__PURE__ */ new Error("Invalid JSON"));
+			}
+		});
+		req.on("error", reject);
+	});
+}
+async function readRawBody(req) {
+	return new Promise((resolve, reject) => {
+		const chunks = [];
+		req.on("data", (chunk) => chunks.push(chunk));
+		req.on("end", () => resolve(Buffer.concat(chunks)));
+		req.on("error", reject);
+	});
+}
+/**
+* True for OTLP/protobuf bodies. The OpenTelemetry Python/Java/Go SDKs default to
+* `http/protobuf` over OTLP HTTP, sending `application/x-protobuf`; some clients use
+* `application/protobuf`. Anything else (JSON, unset) is treated as OTLP/JSON.
+*/
+function isProtobufContentType(contentType) {
+	if (!contentType) return false;
+	const value = contentType.toLowerCase();
+	return value.includes("application/x-protobuf") || value.includes("application/protobuf");
+}
+function sendJson(res, status, data) {
+	const body = JSON.stringify(data);
+	res.writeHead(status, {
+		"Content-Type": "application/json",
+		"Content-Length": Buffer.byteLength(body)
+	});
+	res.end(body);
+}
+
+//#endregion
+//#region src/server/otlp-proto.ts
+const COMMON_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.common.v1;
+
+message AnyValue {
+  oneof value {
+    string string_value = 1;
+    bool bool_value = 2;
+    int64 int_value = 3;
+    double double_value = 4;
+    ArrayValue array_value = 5;
+    KeyValueList kvlist_value = 6;
+    bytes bytes_value = 7;
+  }
+}
+message ArrayValue { repeated AnyValue values = 1; }
+message KeyValueList { repeated KeyValue values = 1; }
+message KeyValue {
+  string key = 1;
+  AnyValue value = 2;
+}
+message InstrumentationScope {
+  string name = 1;
+  string version = 2;
+  repeated KeyValue attributes = 3;
+  uint32 dropped_attributes_count = 4;
+}
+`;
+const RESOURCE_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.resource.v1;
+
+message Resource {
+  repeated opentelemetry.proto.common.v1.KeyValue attributes = 1;
+  uint32 dropped_attributes_count = 2;
+}
+`;
+const TRACE_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.trace.v1;
+
+message ResourceSpans {
+  opentelemetry.proto.resource.v1.Resource resource = 1;
+  repeated ScopeSpans scope_spans = 2;
+  string schema_url = 3;
+}
+message ScopeSpans {
+  opentelemetry.proto.common.v1.InstrumentationScope scope = 1;
+  repeated Span spans = 2;
+  string schema_url = 3;
+}
+message Span {
+  bytes trace_id = 1;
+  bytes span_id = 2;
+  string trace_state = 3;
+  bytes parent_span_id = 4;
+  fixed32 flags = 16;
+  string name = 5;
+  SpanKind kind = 6;
+  fixed64 start_time_unix_nano = 7;
+  fixed64 end_time_unix_nano = 8;
+  repeated opentelemetry.proto.common.v1.KeyValue attributes = 9;
+  uint32 dropped_attributes_count = 10;
+  repeated Event events = 11;
+  uint32 dropped_events_count = 12;
+  repeated Link links = 13;
+  uint32 dropped_links_count = 14;
+  Status status = 15;
+
+  enum SpanKind {
+    SPAN_KIND_UNSPECIFIED = 0;
+    SPAN_KIND_INTERNAL = 1;
+    SPAN_KIND_SERVER = 2;
+    SPAN_KIND_CLIENT = 3;
+    SPAN_KIND_PRODUCER = 4;
+    SPAN_KIND_CONSUMER = 5;
+  }
+  message Event {
+    fixed64 time_unix_nano = 1;
+    string name = 2;
+    repeated opentelemetry.proto.common.v1.KeyValue attributes = 3;
+    uint32 dropped_attributes_count = 4;
+  }
+  message Link {
+    bytes trace_id = 1;
+    bytes span_id = 2;
+    string trace_state = 3;
+    repeated opentelemetry.proto.common.v1.KeyValue attributes = 4;
+    uint32 dropped_attributes_count = 5;
+    fixed32 flags = 6;
+  }
+}
+message Status {
+  reserved 1;
+  string message = 2;
+  StatusCode code = 3;
+
+  enum StatusCode {
+    STATUS_CODE_UNSET = 0;
+    STATUS_CODE_OK = 1;
+    STATUS_CODE_ERROR = 2;
+  }
+}
+message ExportTraceServiceRequest {
+  repeated ResourceSpans resource_spans = 1;
+}
+`;
+const LOGS_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.logs.v1;
+
+enum SeverityNumber {
+  SEVERITY_NUMBER_UNSPECIFIED = 0;
+  SEVERITY_NUMBER_TRACE = 1;
+  SEVERITY_NUMBER_TRACE2 = 2;
+  SEVERITY_NUMBER_TRACE3 = 3;
+  SEVERITY_NUMBER_TRACE4 = 4;
+  SEVERITY_NUMBER_DEBUG = 5;
+  SEVERITY_NUMBER_DEBUG2 = 6;
+  SEVERITY_NUMBER_DEBUG3 = 7;
+  SEVERITY_NUMBER_DEBUG4 = 8;
+  SEVERITY_NUMBER_INFO = 9;
+  SEVERITY_NUMBER_INFO2 = 10;
+  SEVERITY_NUMBER_INFO3 = 11;
+  SEVERITY_NUMBER_INFO4 = 12;
+  SEVERITY_NUMBER_WARN = 13;
+  SEVERITY_NUMBER_WARN2 = 14;
+  SEVERITY_NUMBER_WARN3 = 15;
+  SEVERITY_NUMBER_WARN4 = 16;
+  SEVERITY_NUMBER_ERROR = 17;
+  SEVERITY_NUMBER_ERROR2 = 18;
+  SEVERITY_NUMBER_ERROR3 = 19;
+  SEVERITY_NUMBER_ERROR4 = 20;
+  SEVERITY_NUMBER_FATAL = 21;
+  SEVERITY_NUMBER_FATAL2 = 22;
+  SEVERITY_NUMBER_FATAL3 = 23;
+  SEVERITY_NUMBER_FATAL4 = 24;
+}
+message ResourceLogs {
+  opentelemetry.proto.resource.v1.Resource resource = 1;
+  repeated ScopeLogs scope_logs = 2;
+  string schema_url = 3;
+}
+message ScopeLogs {
+  opentelemetry.proto.common.v1.InstrumentationScope scope = 1;
+  repeated LogRecord log_records = 2;
+  string schema_url = 3;
+}
+message LogRecord {
+  reserved 4;
+  fixed64 time_unix_nano = 1;
+  fixed64 observed_time_unix_nano = 11;
+  SeverityNumber severity_number = 2;
+  string severity_text = 3;
+  opentelemetry.proto.common.v1.AnyValue body = 5;
+  repeated opentelemetry.proto.common.v1.KeyValue attributes = 6;
+  uint32 dropped_attributes_count = 7;
+  fixed32 flags = 8;
+  bytes trace_id = 9;
+  bytes span_id = 10;
+}
+message ExportLogsServiceRequest {
+  repeated ResourceLogs resource_logs = 1;
+}
+`;
+const METRICS_PROTO = `
+syntax = "proto3";
+package opentelemetry.proto.metrics.v1;
+
+message ResourceMetrics {
+  opentelemetry.proto.resource.v1.Resource resource = 1;
+  repeated ScopeMetrics scope_metrics = 2;
+  string schema_url = 3;
+}
+message ScopeMetrics {
+  opentelemetry.proto.common.v1.InstrumentationScope scope = 1;
+  repeated Metric metrics = 2;
+  string schema_url = 3;
+}
+message Metric {
+  string name = 1;
+  string description = 2;
+  string unit = 3;
+}
+message ExportMetricsServiceRequest {
+  repeated ResourceMetrics resource_metrics = 1;
+}
+`;
+const TO_OBJECT_OPTIONS = {
+	longs: String,
+	bytes: String,
+	defaults: false
+};
+let cachedRoot = null;
+function getRoot() {
+	if (cachedRoot) return cachedRoot;
+	const root = new protobuf.Root();
+	for (const source of [
+		COMMON_PROTO,
+		RESOURCE_PROTO,
+		TRACE_PROTO,
+		LOGS_PROTO,
+		METRICS_PROTO
+	]) protobuf.parse(source, root, { keepCase: false });
+	root.resolveAll();
+	cachedRoot = root;
+	return root;
+}
+function decodeRequest(typeName, body) {
+	const messageType = getRoot().lookupType(typeName);
+	const message = messageType.decode(body);
+	return messageType.toObject(message, TO_OBJECT_OPTIONS);
+}
+/** Decode an OTLP/protobuf `ExportTraceServiceRequest` into the OTLP/JSON object shape. */
+function decodeOtlpTraceRequest(body) {
+	return decodeRequest("opentelemetry.proto.trace.v1.ExportTraceServiceRequest", body);
+}
+/** Decode an OTLP/protobuf `ExportLogsServiceRequest` into the OTLP/JSON object shape. */
+function decodeOtlpLogsRequest(body) {
+	return decodeRequest("opentelemetry.proto.logs.v1.ExportLogsServiceRequest", body);
+}
+/** Decode an OTLP/protobuf `ExportMetricsServiceRequest` into the OTLP/JSON object shape. */
+function decodeOtlpMetricsRequest(body) {
+	return decodeRequest("opentelemetry.proto.metrics.v1.ExportMetricsServiceRequest", body);
+}
+
+//#endregion
+//#region src/server/identity.ts
+/** Value of the `x-autotel-devtools` response header and the /healthz `service` field. */
+const DEVTOOLS_IDENTITY = "autotel-devtools";
+/**
+* Probe `host:port` over HTTP and classify what is listening. Used when our
+* requested port is busy: it lets us tell "a stale autotel-devtools is still
+* up" (benign) apart from "a foreign collector owns this port" — the latter is
+* the silent footgun where apps keep exporting OTLP to the busy port and reach
+* the wrong process, so the devtools UI stays empty and the app sees errors.
+*/
+async function probePortHolder(host, port, timeoutMs = 500) {
+	const authority = host.includes(":") ? `[${host}]` : host;
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), timeoutMs);
+	try {
+		const res = await fetch(`http://${authority}:${port}/healthz`, { signal: controller.signal });
+		if (res.headers.get("x-autotel-devtools")) return "autotel-devtools";
+		try {
+			const body = await res.json();
+			if (body && body.service === "autotel-devtools") return "autotel-devtools";
+		} catch {}
+		return "foreign";
+	} catch {
+		return "none";
+	} finally {
+		clearTimeout(timer);
+	}
+}
+
+//#endregion
+//#region src/server/http.ts
+function sendOtlpError(res, req, e) {
+	sendJson(res, 400, {
+		error: "Invalid OTLP payload",
+		message: e instanceof Error ? e.message : String(e),
+		contentType: req.headers["content-type"] ?? null
+	});
+}
+const PROTOBUF_DECODERS = {
+	traces: decodeOtlpTraceRequest,
+	logs: decodeOtlpLogsRequest,
+	metrics: decodeOtlpMetricsRequest
+};
+async function readOtlpPayload(req, signal) {
+	if (isProtobufContentType(req.headers["content-type"])) return PROTOBUF_DECODERS[signal](await readRawBody(req));
+	return readJsonBody(req);
+}
+function findPackageRoot() {
+	let dir = dirname(fileURLToPath(import.meta.url));
+	for (let i = 0; i < 5; i++) {
+		if (existsSync(resolve(dir, "package.json"))) return dir;
+		dir = dirname(dir);
+	}
+	return dir;
+}
+const DEVTOOLS_FAVICON_SVG = "<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 64 64\"><rect width=\"64\" height=\"64\" rx=\"14\" fill=\"#0f172a\"/><text x=\"32\" y=\"41\" text-anchor=\"middle\" font-size=\"32\">🛰️</text></svg>";
+const FULLPAGE_HTML = `<!DOCTYPE html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>autotel-devtools</title><link rel="icon" href="/favicon.svg" type="image/svg+xml"><style>*{margin:0;padding:0;box-sizing:border-box}html,body{height:100%;width:100%;overflow:hidden}</style></head><body><script src="/widget.js?mode=fullpage"><\/script></body></html>`;
+let cachedVersion = null;
+function getVersion() {
+	if (cachedVersion !== null) return cachedVersion;
+	let version = "unknown";
+	try {
+		const pkg = JSON.parse(readFileSync(resolve(findPackageRoot(), "package.json"), "utf8"));
+		if (typeof pkg.version === "string") version = pkg.version;
+	} catch {}
+	cachedVersion = version;
+	return version;
+}
+let cachedWidgetJs = null;
+function getWidgetJs() {
+	if (!cachedWidgetJs) {
+		const pkgRoot = findPackageRoot();
+		const candidates = [resolve(pkgRoot, "dist", "widget.global.js"), resolve(pkgRoot, "widget.global.js")];
+		for (const candidate of candidates) try {
+			cachedWidgetJs = readFileSync(candidate, "utf8");
+			break;
+		} catch {}
+		if (!cachedWidgetJs) cachedWidgetJs = "// widget bundle not found - run pnpm build first";
+	}
+	return cachedWidgetJs;
+}
+function attachDevtoolsRoutes(httpServer, devtools, options = {}) {
+	const loopbackOnly = options.loopbackOnly ?? true;
+	httpServer.on("request", async (req, res) => {
+		if (req.headers.upgrade?.toLowerCase() === "websocket") return;
+		res.setHeader("Access-Control-Allow-Origin", "*");
+		res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+		res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+		res.setHeader("x-autotel-devtools", getVersion());
+		res.setHeader("Access-Control-Expose-Headers", "x-autotel-devtools");
+		if (req.method === "OPTIONS") {
+			res.writeHead(204);
+			res.end();
+			return;
+		}
+		const url = req.url || "/";
+		if (req.method === "GET" && url === "/") {
+			res.writeHead(200, {
+				"Content-Type": "text/html; charset=utf-8",
+				"Content-Length": Buffer.byteLength(FULLPAGE_HTML)
+			});
+			res.end(FULLPAGE_HTML);
+			return;
+		}
+		if (req.method === "GET" && url.startsWith("/widget.js")) {
+			const js = getWidgetJs();
+			res.writeHead(200, {
+				"Content-Type": "application/javascript; charset=utf-8",
+				"Content-Length": Buffer.byteLength(js)
+			});
+			res.end(js);
+			return;
+		}
+		if (req.method === "GET" && (url === "/favicon.svg" || url === "/favicon.ico")) {
+			res.writeHead(200, {
+				"Content-Type": "image/svg+xml; charset=utf-8",
+				"Cache-Control": "public, max-age=86400",
+				"Content-Length": Buffer.byteLength(DEVTOOLS_FAVICON_SVG)
+			});
+			res.end(DEVTOOLS_FAVICON_SVG);
+			return;
+		}
+		if (req.method === "GET" && url === "/healthz") {
+			sendJson(res, 200, {
+				ok: true,
+				service: DEVTOOLS_IDENTITY,
+				version: getVersion(),
+				clients: devtools.clientCount
+			});
+			return;
+		}
+		if (req.method === "GET" && url === "/v1/traces") {
+			if (!allowSensitiveRequest(req.headers, loopbackOnly)) {
+				sendJson(res, 403, { error: "Forbidden" });
+				return;
+			}
+			const data = devtools.getCurrentData();
+			sendJson(res, 200, {
+				traces: data.traces,
+				count: data.traces.length
+			});
+			return;
+		}
+		if (req.method === "DELETE" && url === "/v1/traces") {
+			if (!allowSensitiveRequest(req.headers, loopbackOnly)) {
+				sendJson(res, 403, { error: "Forbidden" });
+				return;
+			}
+			devtools.clearData();
+			sendJson(res, 200, { cleared: true });
+			return;
+		}
+		if (req.method === "POST" && url === "/v1/traces") {
+			try {
+				const traces = parseOtlpTraces(await readOtlpPayload(req, "traces"));
+				devtools.addTraces(traces);
+				sendJson(res, 200, { acceptedTraces: traces.length });
+			} catch (e) {
+				sendOtlpError(res, req, e);
+			}
+			return;
+		}
+		if (req.method === "POST" && url === "/v1/logs") {
+			try {
+				const logs = parseOtlpLogs(await readOtlpPayload(req, "logs"));
+				devtools.addLogs(logs);
+				sendJson(res, 200, { acceptedLogs: logs.length });
+			} catch (e) {
+				sendOtlpError(res, req, e);
+			}
+			return;
+		}
+		if (req.method === "POST" && url === "/v1/metrics") {
+			try {
+				sendJson(res, 200, { acceptedMetrics: countOtlpMetrics(await readOtlpPayload(req, "metrics")) });
+			} catch (e) {
+				sendOtlpError(res, req, e);
+			}
+			return;
+		}
+		sendJson(res, 404, { error: "Not found" });
+	});
+}
+function createDevtoolsHttpServer(devtools, _options = {}) {
+	const server = createServer();
+	attachDevtoolsRoutes(server, devtools);
+	return server;
+}
+
+//#endregion
+export { appendWithLimit as _, decodeOtlpLogsRequest as a, ErrorAggregator as b, isProtobufContentType as c, DevtoolsServer as d, allowSensitiveRequest as f, appendManyWithLimit as g, originIsLoopback as h, probePortHolder as i, parseOtlpLogs as l, isLoopbackHostname as m, createDevtoolsHttpServer as n, decodeOtlpMetricsRequest as o, hostHeaderIsLoopback as p, DEVTOOLS_IDENTITY as r, decodeOtlpTraceRequest as s, attachDevtoolsRoutes as t, parseOtlpTraces as u, applyTelemetryLimits as v, resolveTelemetryLimits as y };
+//# sourceMappingURL=http-BkkKa9C_.js.map