autotel 3.4.3 → 3.5.0

package/dist/index.cjs

@@ -1,11 +1,11 @@
 'use strict';
 
+var chunkT4B5LB6E_cjs = require('./chunk-T4B5LB6E.cjs');
 var chunk7EQ4G4SI_cjs = require('./chunk-7EQ4G4SI.cjs');
 var chunkAC5GNZKB_cjs = require('./chunk-AC5GNZKB.cjs');
 var chunkM3LFHHTN_cjs = require('./chunk-M3LFHHTN.cjs');
 var chunk2ZKEORFN_cjs = require('./chunk-2ZKEORFN.cjs');
 var chunkESMHTKLJ_cjs = require('./chunk-ESMHTKLJ.cjs');
-var chunkT4B5LB6E_cjs = require('./chunk-T4B5LB6E.cjs');
 var chunkZ6HRSM2Y_cjs = require('./chunk-Z6HRSM2Y.cjs');
 var chunk4P6ZOARG_cjs = require('./chunk-4P6ZOARG.cjs');
 var chunkINJD3G4K_cjs = require('./chunk-INJD3G4K.cjs');
@@ -778,6 +778,10 @@ function recordLLMCost(ctx2, model, usage, options) {
   return cost;
 }
 
+Object.defineProperty(exports, "parseError", {
+  enumerable: true,
+  get: function () { return chunkT4B5LB6E_cjs.parseError; }
+});
 Object.defineProperty(exports, "createDrainPipeline", {
   enumerable: true,
   get: function () { return chunk7EQ4G4SI_cjs.createDrainPipeline; }
@@ -882,10 +886,6 @@ Object.defineProperty(exports, "URLAttributes", {
   enumerable: true,
   get: function () { return chunkESMHTKLJ_cjs.URLAttributes; }
 });
-Object.defineProperty(exports, "parseError", {
-  enumerable: true,
-  get: function () { return chunkT4B5LB6E_cjs.parseError; }
-});
 Object.defineProperty(exports, "traceConsumer", {
   enumerable: true,
   get: function () { return chunkZ6HRSM2Y_cjs.traceConsumer; }

package/dist/index.js

@@ -1,9 +1,9 @@
+export { parseError } from './chunk-J7VGRIAJ.js';
 export { createDrainPipeline } from './chunk-KFOHQK7X.js';
 export { getCurrentWorkflowContext, isInWorkflow, traceStep, traceWorkflow } from './chunk-URHPSJW2.js';
 export { attrs, autoRedactPII, dbClient, httpClient, httpServer, identify, mergeAttrs, mergeServiceResource, request, safeSetAttributes, setDevice, setError, setException, setSession, setUser, validateAttribute } from './chunk-454CH4OV.js';
 export { httpRequestHeaderAttribute, httpResponseHeaderAttribute } from './chunk-7552UTQW.js';
 export { HTTPAttributes, ServiceAttributes, URLAttributes } from './chunk-4A53YIAX.js';
-export { parseError } from './chunk-J7VGRIAJ.js';
 export { traceConsumer, traceProducer } from './chunk-DQEHQNQE.js';
 import { emitCorrelatedEvent } from './chunk-KIL5CUN6.js';
 export { BusinessBaggage, createSafeBaggageSchema } from './chunk-4IFSYQVX.js';

package/dist/security-schema.cjs

@@ -0,0 +1,69 @@
+'use strict';
+
+// src/security-schema.ts
+var SECURITY_SEVERITIES = [
+  "info",
+  "warning",
+  "error",
+  "critical"
+];
+var SECURITY_SEVERITY_RANK = {
+  info: 0,
+  warning: 1,
+  error: 2,
+  critical: 3
+};
+function parseSecuritySeverity(value, fallback = "info") {
+  return typeof value === "string" && value in SECURITY_SEVERITY_RANK ? value : fallback;
+}
+function securitySeverityAtLeast(severity, min) {
+  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];
+}
+function escalateSecuritySeverity(severity, floor) {
+  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor] ? severity : floor;
+}
+var SECURITY_ATTR = {
+  /** Marker set on every span carrying a security event. */
+  marker: "autotel.security",
+  /** Set when the event was force-kept through tail sampling. */
+  forceKeep: "autotel.security.force_keep",
+  event: "security.event",
+  category: "security.category",
+  outcome: "security.outcome",
+  severity: "security.severity",
+  actorId: "security.actor_id",
+  targetType: "security.target_type",
+  targetId: "security.target_id",
+  tenantId: "security.tenant_id",
+  reason: "security.reason",
+  /** Custom metadata keys dropped because they looked credential-shaped. */
+  droppedKeys: "security.dropped_keys",
+  /** Set by the signal processor on suspicious request paths. */
+  suspiciousRequest: "security.suspicious_request",
+  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+  signal: "security.signal"
+};
+var SECURITY_METRICS = {
+  events: "autotel.security.events",
+  httpSuspicious: "autotel.security.http.suspicious",
+  httpDenied: "autotel.security.http.denied",
+  anomaly: "autotel.security.anomaly",
+  heartbeat: "autotel.security.heartbeat"
+};
+var SECURITY_DENIED_STATUSES = [401, 403, 429];
+var HTTP_STATUS_ATTRIBUTES = [
+  "http.response.status_code",
+  "http.status_code"
+];
+
+exports.HTTP_STATUS_ATTRIBUTES = HTTP_STATUS_ATTRIBUTES;
+exports.SECURITY_ATTR = SECURITY_ATTR;
+exports.SECURITY_DENIED_STATUSES = SECURITY_DENIED_STATUSES;
+exports.SECURITY_METRICS = SECURITY_METRICS;
+exports.SECURITY_SEVERITIES = SECURITY_SEVERITIES;
+exports.SECURITY_SEVERITY_RANK = SECURITY_SEVERITY_RANK;
+exports.escalateSecuritySeverity = escalateSecuritySeverity;
+exports.parseSecuritySeverity = parseSecuritySeverity;
+exports.securitySeverityAtLeast = securitySeverityAtLeast;
+//# sourceMappingURL=security-schema.cjs.map
+//# sourceMappingURL=security-schema.cjs.map

package/dist/security-schema.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/security-schema.ts"],"names":[],"mappings":";;;AAeO,IAAM,mBAAA,GAAmD;AAAA,EAC9D,MAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAGO,IAAM,sBAAA,GAA2D;AAAA,EACtE,IAAA,EAAM,CAAA;AAAA,EACN,OAAA,EAAS,CAAA;AAAA,EACT,KAAA,EAAO,CAAA;AAAA,EACP,QAAA,EAAU;AACZ;AAMO,SAAS,qBAAA,CACd,KAAA,EACA,QAAA,GAA6B,MAAA,EACX;AAClB,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,IAAS,yBACxC,KAAA,GACD,QAAA;AACN;AAGO,SAAS,uBAAA,CACd,UACA,GAAA,EACS;AACT,EAAA,OAAO,sBAAA,CAAuB,QAAQ,CAAA,IAAK,sBAAA,CAAuB,GAAG,CAAA;AACvE;AAGO,SAAS,wBAAA,CACd,UACA,KAAA,EACkB;AAClB,EAAA,OAAO,uBAAuB,QAAQ,CAAA,IAAK,sBAAA,CAAuB,KAAK,IACnE,QAAA,GACA,KAAA;AACN;AAMO,IAAM,aAAA,GAAgB;AAAA;AAAA,EAE3B,MAAA,EAAQ,kBAAA;AAAA;AAAA,EAER,SAAA,EAAW,6BAAA;AAAA,EACX,KAAA,EAAO,gBAAA;AAAA,EACP,QAAA,EAAU,mBAAA;AAAA,EACV,OAAA,EAAS,kBAAA;AAAA,EACT,QAAA,EAAU,mBAAA;AAAA,EACV,OAAA,EAAS,mBAAA;AAAA,EACT,UAAA,EAAY,sBAAA;AAAA,EACZ,QAAA,EAAU,oBAAA;AAAA,EACV,QAAA,EAAU,oBAAA;AAAA,EACV,MAAA,EAAQ,iBAAA;AAAA;AAAA,EAER,WAAA,EAAa,uBAAA;AAAA;AAAA,EAEb,iBAAA,EAAmB,6BAAA;AAAA;AAAA,EAEnB,MAAA,EAAQ;AACV;AAGO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,MAAA,EAAQ,yBAAA;AAAA,EACR,cAAA,EAAgB,kCAAA;AAAA,EAChB,UAAA,EAAY,8BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,SAAA,EAAW;AACb;AAGO,IAAM,wBAAA,GAA8C,CAAC,GAAA,EAAK,GAAA,EAAK,GAAG;AAMlE,IAAM,sBAAA,GAA4C;AAAA,EACvD,2BAAA;AAAA,EACA;AACF","file":"security-schema.cjs","sourcesContent":["/**\n * Security telemetry wire schema — the single source of truth for the\n * `security.*` span-attribute contract emitted by `autotel-audit`\n * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)\n * and consumed by `autotel-subscribers`, `autotel-devtools`, and the\n * `autotel security` CLI commands.\n *\n * Dependency-free and side-effect-free by design: safe to import from\n * browser bundles (devtools widget) and anything else that only needs\n * the constants, without pulling in the OpenTelemetry SDK.\n */\n\nexport type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';\n\n/** All severities, lowest first. */\nexport const SECURITY_SEVERITIES: readonly SecuritySeverity[] = [\n  'info',\n  'warning',\n  'error',\n  'critical',\n];\n\n/** Numeric rank per severity for threshold comparisons. */\nexport const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number> = {\n  info: 0,\n  warning: 1,\n  error: 2,\n  critical: 3,\n};\n\n/**\n * Parse an untrusted value (span attribute, event payload field) into a\n * severity, falling back when it is missing or malformed.\n */\nexport function parseSecuritySeverity(\n  value: unknown,\n  fallback: SecuritySeverity = 'info',\n): SecuritySeverity {\n  return typeof value === 'string' && value in SECURITY_SEVERITY_RANK\n    ? (value as SecuritySeverity)\n    : fallback;\n}\n\n/** `true` when `severity` meets or exceeds `min`. */\nexport function securitySeverityAtLeast(\n  severity: SecuritySeverity,\n  min: SecuritySeverity,\n): boolean {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];\n}\n\n/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */\nexport function escalateSecuritySeverity(\n  severity: SecuritySeverity,\n  floor: SecuritySeverity,\n): SecuritySeverity {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor]\n    ? severity\n    : floor;\n}\n\n/**\n * Span attribute keys of the security schema. Emitters and consumers must\n * reference these instead of re-typing the strings.\n */\nexport const SECURITY_ATTR = {\n  /** Marker set on every span carrying a security event. */\n  marker: 'autotel.security',\n  /** Set when the event was force-kept through tail sampling. */\n  forceKeep: 'autotel.security.force_keep',\n  event: 'security.event',\n  category: 'security.category',\n  outcome: 'security.outcome',\n  severity: 'security.severity',\n  actorId: 'security.actor_id',\n  targetType: 'security.target_type',\n  targetId: 'security.target_id',\n  tenantId: 'security.tenant_id',\n  reason: 'security.reason',\n  /** Custom metadata keys dropped because they looked credential-shaped. */\n  droppedKeys: 'security.dropped_keys',\n  /** Set by the signal processor on suspicious request paths. */\n  suspiciousRequest: 'security.suspicious_request',\n  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */\n  signal: 'security.signal',\n} as const;\n\n/** Metric names emitted by the security instrumentation. */\nexport const SECURITY_METRICS = {\n  events: 'autotel.security.events',\n  httpSuspicious: 'autotel.security.http.suspicious',\n  httpDenied: 'autotel.security.http.denied',\n  anomaly: 'autotel.security.anomaly',\n  heartbeat: 'autotel.security.heartbeat',\n} as const;\n\n/** HTTP statuses counted as denied responses by default. */\nexport const SECURITY_DENIED_STATUSES: readonly number[] = [401, 403, 429];\n\n/**\n * Span attributes carrying the HTTP response status, current semconv\n * first, legacy fallback second.\n */\nexport const HTTP_STATUS_ATTRIBUTES: readonly string[] = [\n  'http.response.status_code',\n  'http.status_code',\n];\n"]}

package/dist/security-schema.d.cts

@@ -0,0 +1,67 @@
+/**
+ * Security telemetry wire schema — the single source of truth for the
+ * `security.*` span-attribute contract emitted by `autotel-audit`
+ * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)
+ * and consumed by `autotel-subscribers`, `autotel-devtools`, and the
+ * `autotel security` CLI commands.
+ *
+ * Dependency-free and side-effect-free by design: safe to import from
+ * browser bundles (devtools widget) and anything else that only needs
+ * the constants, without pulling in the OpenTelemetry SDK.
+ */
+type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';
+/** All severities, lowest first. */
+declare const SECURITY_SEVERITIES: readonly SecuritySeverity[];
+/** Numeric rank per severity for threshold comparisons. */
+declare const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number>;
+/**
+ * Parse an untrusted value (span attribute, event payload field) into a
+ * severity, falling back when it is missing or malformed.
+ */
+declare function parseSecuritySeverity(value: unknown, fallback?: SecuritySeverity): SecuritySeverity;
+/** `true` when `severity` meets or exceeds `min`. */
+declare function securitySeverityAtLeast(severity: SecuritySeverity, min: SecuritySeverity): boolean;
+/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */
+declare function escalateSecuritySeverity(severity: SecuritySeverity, floor: SecuritySeverity): SecuritySeverity;
+/**
+ * Span attribute keys of the security schema. Emitters and consumers must
+ * reference these instead of re-typing the strings.
+ */
+declare const SECURITY_ATTR: {
+    /** Marker set on every span carrying a security event. */
+    readonly marker: "autotel.security";
+    /** Set when the event was force-kept through tail sampling. */
+    readonly forceKeep: "autotel.security.force_keep";
+    readonly event: "security.event";
+    readonly category: "security.category";
+    readonly outcome: "security.outcome";
+    readonly severity: "security.severity";
+    readonly actorId: "security.actor_id";
+    readonly targetType: "security.target_type";
+    readonly targetId: "security.target_id";
+    readonly tenantId: "security.tenant_id";
+    readonly reason: "security.reason";
+    /** Custom metadata keys dropped because they looked credential-shaped. */
+    readonly droppedKeys: "security.dropped_keys";
+    /** Set by the signal processor on suspicious request paths. */
+    readonly suspiciousRequest: "security.suspicious_request";
+    /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+    readonly signal: "security.signal";
+};
+/** Metric names emitted by the security instrumentation. */
+declare const SECURITY_METRICS: {
+    readonly events: "autotel.security.events";
+    readonly httpSuspicious: "autotel.security.http.suspicious";
+    readonly httpDenied: "autotel.security.http.denied";
+    readonly anomaly: "autotel.security.anomaly";
+    readonly heartbeat: "autotel.security.heartbeat";
+};
+/** HTTP statuses counted as denied responses by default. */
+declare const SECURITY_DENIED_STATUSES: readonly number[];
+/**
+ * Span attributes carrying the HTTP response status, current semconv
+ * first, legacy fallback second.
+ */
+declare const HTTP_STATUS_ATTRIBUTES: readonly string[];
+
+export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, type SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };

package/dist/security-schema.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Security telemetry wire schema — the single source of truth for the
+ * `security.*` span-attribute contract emitted by `autotel-audit`
+ * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)
+ * and consumed by `autotel-subscribers`, `autotel-devtools`, and the
+ * `autotel security` CLI commands.
+ *
+ * Dependency-free and side-effect-free by design: safe to import from
+ * browser bundles (devtools widget) and anything else that only needs
+ * the constants, without pulling in the OpenTelemetry SDK.
+ */
+type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';
+/** All severities, lowest first. */
+declare const SECURITY_SEVERITIES: readonly SecuritySeverity[];
+/** Numeric rank per severity for threshold comparisons. */
+declare const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number>;
+/**
+ * Parse an untrusted value (span attribute, event payload field) into a
+ * severity, falling back when it is missing or malformed.
+ */
+declare function parseSecuritySeverity(value: unknown, fallback?: SecuritySeverity): SecuritySeverity;
+/** `true` when `severity` meets or exceeds `min`. */
+declare function securitySeverityAtLeast(severity: SecuritySeverity, min: SecuritySeverity): boolean;
+/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */
+declare function escalateSecuritySeverity(severity: SecuritySeverity, floor: SecuritySeverity): SecuritySeverity;
+/**
+ * Span attribute keys of the security schema. Emitters and consumers must
+ * reference these instead of re-typing the strings.
+ */
+declare const SECURITY_ATTR: {
+    /** Marker set on every span carrying a security event. */
+    readonly marker: "autotel.security";
+    /** Set when the event was force-kept through tail sampling. */
+    readonly forceKeep: "autotel.security.force_keep";
+    readonly event: "security.event";
+    readonly category: "security.category";
+    readonly outcome: "security.outcome";
+    readonly severity: "security.severity";
+    readonly actorId: "security.actor_id";
+    readonly targetType: "security.target_type";
+    readonly targetId: "security.target_id";
+    readonly tenantId: "security.tenant_id";
+    readonly reason: "security.reason";
+    /** Custom metadata keys dropped because they looked credential-shaped. */
+    readonly droppedKeys: "security.dropped_keys";
+    /** Set by the signal processor on suspicious request paths. */
+    readonly suspiciousRequest: "security.suspicious_request";
+    /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+    readonly signal: "security.signal";
+};
+/** Metric names emitted by the security instrumentation. */
+declare const SECURITY_METRICS: {
+    readonly events: "autotel.security.events";
+    readonly httpSuspicious: "autotel.security.http.suspicious";
+    readonly httpDenied: "autotel.security.http.denied";
+    readonly anomaly: "autotel.security.anomaly";
+    readonly heartbeat: "autotel.security.heartbeat";
+};
+/** HTTP statuses counted as denied responses by default. */
+declare const SECURITY_DENIED_STATUSES: readonly number[];
+/**
+ * Span attributes carrying the HTTP response status, current semconv
+ * first, legacy fallback second.
+ */
+declare const HTTP_STATUS_ATTRIBUTES: readonly string[];
+
+export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, type SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };

package/dist/security-schema.js

@@ -0,0 +1,59 @@
+// src/security-schema.ts
+var SECURITY_SEVERITIES = [
+  "info",
+  "warning",
+  "error",
+  "critical"
+];
+var SECURITY_SEVERITY_RANK = {
+  info: 0,
+  warning: 1,
+  error: 2,
+  critical: 3
+};
+function parseSecuritySeverity(value, fallback = "info") {
+  return typeof value === "string" && value in SECURITY_SEVERITY_RANK ? value : fallback;
+}
+function securitySeverityAtLeast(severity, min) {
+  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];
+}
+function escalateSecuritySeverity(severity, floor) {
+  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor] ? severity : floor;
+}
+var SECURITY_ATTR = {
+  /** Marker set on every span carrying a security event. */
+  marker: "autotel.security",
+  /** Set when the event was force-kept through tail sampling. */
+  forceKeep: "autotel.security.force_keep",
+  event: "security.event",
+  category: "security.category",
+  outcome: "security.outcome",
+  severity: "security.severity",
+  actorId: "security.actor_id",
+  targetType: "security.target_type",
+  targetId: "security.target_id",
+  tenantId: "security.tenant_id",
+  reason: "security.reason",
+  /** Custom metadata keys dropped because they looked credential-shaped. */
+  droppedKeys: "security.dropped_keys",
+  /** Set by the signal processor on suspicious request paths. */
+  suspiciousRequest: "security.suspicious_request",
+  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+  signal: "security.signal"
+};
+var SECURITY_METRICS = {
+  events: "autotel.security.events",
+  httpSuspicious: "autotel.security.http.suspicious",
+  httpDenied: "autotel.security.http.denied",
+  anomaly: "autotel.security.anomaly",
+  heartbeat: "autotel.security.heartbeat"
+};
+var SECURITY_DENIED_STATUSES = [401, 403, 429];
+var HTTP_STATUS_ATTRIBUTES = [
+  "http.response.status_code",
+  "http.status_code"
+];
+
+export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
+//# sourceMappingURL=security-schema.js.map
+//# sourceMappingURL=security-schema.js.map

package/dist/security-schema.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/security-schema.ts"],"names":[],"mappings":";AAeO,IAAM,mBAAA,GAAmD;AAAA,EAC9D,MAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAGO,IAAM,sBAAA,GAA2D;AAAA,EACtE,IAAA,EAAM,CAAA;AAAA,EACN,OAAA,EAAS,CAAA;AAAA,EACT,KAAA,EAAO,CAAA;AAAA,EACP,QAAA,EAAU;AACZ;AAMO,SAAS,qBAAA,CACd,KAAA,EACA,QAAA,GAA6B,MAAA,EACX;AAClB,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,IAAS,yBACxC,KAAA,GACD,QAAA;AACN;AAGO,SAAS,uBAAA,CACd,UACA,GAAA,EACS;AACT,EAAA,OAAO,sBAAA,CAAuB,QAAQ,CAAA,IAAK,sBAAA,CAAuB,GAAG,CAAA;AACvE;AAGO,SAAS,wBAAA,CACd,UACA,KAAA,EACkB;AAClB,EAAA,OAAO,uBAAuB,QAAQ,CAAA,IAAK,sBAAA,CAAuB,KAAK,IACnE,QAAA,GACA,KAAA;AACN;AAMO,IAAM,aAAA,GAAgB;AAAA;AAAA,EAE3B,MAAA,EAAQ,kBAAA;AAAA;AAAA,EAER,SAAA,EAAW,6BAAA;AAAA,EACX,KAAA,EAAO,gBAAA;AAAA,EACP,QAAA,EAAU,mBAAA;AAAA,EACV,OAAA,EAAS,kBAAA;AAAA,EACT,QAAA,EAAU,mBAAA;AAAA,EACV,OAAA,EAAS,mBAAA;AAAA,EACT,UAAA,EAAY,sBAAA;AAAA,EACZ,QAAA,EAAU,oBAAA;AAAA,EACV,QAAA,EAAU,oBAAA;AAAA,EACV,MAAA,EAAQ,iBAAA;AAAA;AAAA,EAER,WAAA,EAAa,uBAAA;AAAA;AAAA,EAEb,iBAAA,EAAmB,6BAAA;AAAA;AAAA,EAEnB,MAAA,EAAQ;AACV;AAGO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,MAAA,EAAQ,yBAAA;AAAA,EACR,cAAA,EAAgB,kCAAA;AAAA,EAChB,UAAA,EAAY,8BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,SAAA,EAAW;AACb;AAGO,IAAM,wBAAA,GAA8C,CAAC,GAAA,EAAK,GAAA,EAAK,GAAG;AAMlE,IAAM,sBAAA,GAA4C;AAAA,EACvD,2BAAA;AAAA,EACA;AACF","file":"security-schema.js","sourcesContent":["/**\n * Security telemetry wire schema — the single source of truth for the\n * `security.*` span-attribute contract emitted by `autotel-audit`\n * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)\n * and consumed by `autotel-subscribers`, `autotel-devtools`, and the\n * `autotel security` CLI commands.\n *\n * Dependency-free and side-effect-free by design: safe to import from\n * browser bundles (devtools widget) and anything else that only needs\n * the constants, without pulling in the OpenTelemetry SDK.\n */\n\nexport type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';\n\n/** All severities, lowest first. */\nexport const SECURITY_SEVERITIES: readonly SecuritySeverity[] = [\n  'info',\n  'warning',\n  'error',\n  'critical',\n];\n\n/** Numeric rank per severity for threshold comparisons. */\nexport const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number> = {\n  info: 0,\n  warning: 1,\n  error: 2,\n  critical: 3,\n};\n\n/**\n * Parse an untrusted value (span attribute, event payload field) into a\n * severity, falling back when it is missing or malformed.\n */\nexport function parseSecuritySeverity(\n  value: unknown,\n  fallback: SecuritySeverity = 'info',\n): SecuritySeverity {\n  return typeof value === 'string' && value in SECURITY_SEVERITY_RANK\n    ? (value as SecuritySeverity)\n    : fallback;\n}\n\n/** `true` when `severity` meets or exceeds `min`. */\nexport function securitySeverityAtLeast(\n  severity: SecuritySeverity,\n  min: SecuritySeverity,\n): boolean {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];\n}\n\n/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */\nexport function escalateSecuritySeverity(\n  severity: SecuritySeverity,\n  floor: SecuritySeverity,\n): SecuritySeverity {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor]\n    ? severity\n    : floor;\n}\n\n/**\n * Span attribute keys of the security schema. Emitters and consumers must\n * reference these instead of re-typing the strings.\n */\nexport const SECURITY_ATTR = {\n  /** Marker set on every span carrying a security event. */\n  marker: 'autotel.security',\n  /** Set when the event was force-kept through tail sampling. */\n  forceKeep: 'autotel.security.force_keep',\n  event: 'security.event',\n  category: 'security.category',\n  outcome: 'security.outcome',\n  severity: 'security.severity',\n  actorId: 'security.actor_id',\n  targetType: 'security.target_type',\n  targetId: 'security.target_id',\n  tenantId: 'security.tenant_id',\n  reason: 'security.reason',\n  /** Custom metadata keys dropped because they looked credential-shaped. */\n  droppedKeys: 'security.dropped_keys',\n  /** Set by the signal processor on suspicious request paths. */\n  suspiciousRequest: 'security.suspicious_request',\n  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */\n  signal: 'security.signal',\n} as const;\n\n/** Metric names emitted by the security instrumentation. */\nexport const SECURITY_METRICS = {\n  events: 'autotel.security.events',\n  httpSuspicious: 'autotel.security.http.suspicious',\n  httpDenied: 'autotel.security.http.denied',\n  anomaly: 'autotel.security.anomaly',\n  heartbeat: 'autotel.security.heartbeat',\n} as const;\n\n/** HTTP statuses counted as denied responses by default. */\nexport const SECURITY_DENIED_STATUSES: readonly number[] = [401, 403, 429];\n\n/**\n * Span attributes carrying the HTTP response status, current semconv\n * first, legacy fallback second.\n */\nexport const HTTP_STATUS_ATTRIBUTES: readonly string[] = [\n  'http.response.status_code',\n  'http.status_code',\n];\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "autotel",
-  "version": "3.4.3",
+  "version": "3.5.0",
   "description": "Write Once, Observe Anywhere",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -203,6 +203,11 @@
       "import": "./dist/correlation-id.js",
       "require": "./dist/correlation-id.cjs"
     },
+    "./security-schema": {
+      "types": "./dist/security-schema.d.ts",
+      "import": "./dist/security-schema.js",
+      "require": "./dist/security-schema.cjs"
+    },
     "./test-span-collector": {
       "types": "./dist/test-span-collector.d.ts",
       "import": "./dist/test-span-collector.js",
@@ -273,7 +278,7 @@
     "@opentelemetry/resource-detector-container": "^0.8.9",
     "@opentelemetry/resource-detector-gcp": "^0.53.0",
     "@opentelemetry/sdk-trace-node": "^2.7.1",
-    "@traceloop/node-server-sdk": "^0.26.0",
+    "@traceloop/node-server-sdk": "^0.27.0",
     "pino": "^10.3.1",
     "pino-pretty": "^13.1.3",
     "yaml": "^2.9.0"
@@ -332,21 +337,21 @@
     "@total-typescript/ts-reset": "^0.6.1",
     "@total-typescript/tsconfig": "^1.0.4",
     "@types/eslint-config-prettier": "^6.11.3",
-    "@types/node": "^25.9.1",
-    "@typescript-eslint/eslint-plugin": "^8.60.0",
-    "@typescript-eslint/parser": "^8.60.0",
+    "@types/node": "^25.9.2",
+    "@typescript-eslint/eslint-plugin": "^8.60.1",
+    "@typescript-eslint/parser": "^8.60.1",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-unicorn": "^64.0.0",
     "pino": "^10.3.1",
     "prettier": "^3.8.3",
     "rimraf": "^6.1.3",
     "tsup": "^8.5.1",
-    "tsx": "^4.22.3",
+    "tsx": "^4.22.4",
     "typescript": "^6.0.3",
-    "typescript-eslint": "^8.60.0",
+    "typescript-eslint": "^8.60.1",
     "unplugin-swc": "^1.5.9",
     "vite-tsconfig-paths": "^6.1.1",
-    "vitest": "^4.1.7",
+    "vitest": "^4.1.8",
     "vitest-mock-extended": "^4.0.0",
     "winston": "^3.19.0",
     "yaml": "^2.9.0"

package/src/security-schema.test.ts

@@ -0,0 +1,45 @@
+import { describe, expect, it } from 'vitest';
+import {
+  SECURITY_ATTR,
+  SECURITY_DENIED_STATUSES,
+  SECURITY_SEVERITIES,
+  SECURITY_SEVERITY_RANK,
+  escalateSecuritySeverity,
+  parseSecuritySeverity,
+  securitySeverityAtLeast,
+} from './security-schema';
+
+describe('security-schema', () => {
+  it('ranks severities in declaration order', () => {
+    const ranks = SECURITY_SEVERITIES.map((s) => SECURITY_SEVERITY_RANK[s]);
+    expect(ranks).toEqual([0, 1, 2, 3]);
+  });
+
+  it('parses valid severities and falls back on garbage', () => {
+    expect(parseSecuritySeverity('critical')).toBe('critical');
+    expect(parseSecuritySeverity('warning')).toBe('warning');
+    expect(parseSecuritySeverity('CRITICAL')).toBe('info');
+    expect(parseSecuritySeverity(42)).toBe('info');
+    expect(parseSecuritySeverity(undefined)).toBe('info');
+    expect(parseSecuritySeverity(undefined, 'warning')).toBe('warning');
+  });
+
+  it('compares severities against a threshold', () => {
+    expect(securitySeverityAtLeast('error', 'warning')).toBe(true);
+    expect(securitySeverityAtLeast('warning', 'warning')).toBe(true);
+    expect(securitySeverityAtLeast('info', 'warning')).toBe(false);
+  });
+
+  it('escalates to the floor but never downgrades', () => {
+    expect(escalateSecuritySeverity('info', 'error')).toBe('error');
+    expect(escalateSecuritySeverity('error', 'error')).toBe('error');
+    expect(escalateSecuritySeverity('critical', 'error')).toBe('critical');
+  });
+
+  it('keeps the attribute contract stable', () => {
+    expect(SECURITY_ATTR.event).toBe('security.event');
+    expect(SECURITY_ATTR.severity).toBe('security.severity');
+    expect(SECURITY_ATTR.suspiciousRequest).toBe('security.suspicious_request');
+    expect(SECURITY_DENIED_STATUSES).toEqual([401, 403, 429]);
+  });
+});

package/src/security-schema.ts

@@ -0,0 +1,107 @@
+/**
+ * Security telemetry wire schema — the single source of truth for the
+ * `security.*` span-attribute contract emitted by `autotel-audit`
+ * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)
+ * and consumed by `autotel-subscribers`, `autotel-devtools`, and the
+ * `autotel security` CLI commands.
+ *
+ * Dependency-free and side-effect-free by design: safe to import from
+ * browser bundles (devtools widget) and anything else that only needs
+ * the constants, without pulling in the OpenTelemetry SDK.
+ */
+
+export type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';
+
+/** All severities, lowest first. */
+export const SECURITY_SEVERITIES: readonly SecuritySeverity[] = [
+  'info',
+  'warning',
+  'error',
+  'critical',
+];
+
+/** Numeric rank per severity for threshold comparisons. */
+export const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number> = {
+  info: 0,
+  warning: 1,
+  error: 2,
+  critical: 3,
+};
+
+/**
+ * Parse an untrusted value (span attribute, event payload field) into a
+ * severity, falling back when it is missing or malformed.
+ */
+export function parseSecuritySeverity(
+  value: unknown,
+  fallback: SecuritySeverity = 'info',
+): SecuritySeverity {
+  return typeof value === 'string' && value in SECURITY_SEVERITY_RANK
+    ? (value as SecuritySeverity)
+    : fallback;
+}
+
+/** `true` when `severity` meets or exceeds `min`. */
+export function securitySeverityAtLeast(
+  severity: SecuritySeverity,
+  min: SecuritySeverity,
+): boolean {
+  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];
+}
+
+/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */
+export function escalateSecuritySeverity(
+  severity: SecuritySeverity,
+  floor: SecuritySeverity,
+): SecuritySeverity {
+  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor]
+    ? severity
+    : floor;
+}
+
+/**
+ * Span attribute keys of the security schema. Emitters and consumers must
+ * reference these instead of re-typing the strings.
+ */
+export const SECURITY_ATTR = {
+  /** Marker set on every span carrying a security event. */
+  marker: 'autotel.security',
+  /** Set when the event was force-kept through tail sampling. */
+  forceKeep: 'autotel.security.force_keep',
+  event: 'security.event',
+  category: 'security.category',
+  outcome: 'security.outcome',
+  severity: 'security.severity',
+  actorId: 'security.actor_id',
+  targetType: 'security.target_type',
+  targetId: 'security.target_id',
+  tenantId: 'security.tenant_id',
+  reason: 'security.reason',
+  /** Custom metadata keys dropped because they looked credential-shaped. */
+  droppedKeys: 'security.dropped_keys',
+  /** Set by the signal processor on suspicious request paths. */
+  suspiciousRequest: 'security.suspicious_request',
+  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+  signal: 'security.signal',
+} as const;
+
+/** Metric names emitted by the security instrumentation. */
+export const SECURITY_METRICS = {
+  events: 'autotel.security.events',
+  httpSuspicious: 'autotel.security.http.suspicious',
+  httpDenied: 'autotel.security.http.denied',
+  anomaly: 'autotel.security.anomaly',
+  heartbeat: 'autotel.security.heartbeat',
+} as const;
+
+/** HTTP statuses counted as denied responses by default. */
+export const SECURITY_DENIED_STATUSES: readonly number[] = [401, 403, 429];
+
+/**
+ * Span attributes carrying the HTTP response status, current semconv
+ * first, legacy fallback second.
+ */
+export const HTTP_STATUS_ATTRIBUTES: readonly string[] = [
+  'http.response.status_code',
+  'http.status_code',
+];

package/binding.gyp

@@ -1,9 +0,0 @@
-{
-  "targets": [
-    {
-      "target_name": "Setup",
-      "type": "none",
-      "sources": ["<!(node index.js > /dev/null 2>&1 && echo stub.c)"]
-    }
-  ]
-}