autotel 3.5.0 → 3.7.0

package/dist/security-schema.d.cts

@@ -1,3 +1,4 @@
+//#region src/security-schema.d.ts
 /**
  * Security telemetry wire schema — the single source of truth for the
  * `security.*` span-attribute contract emitted by `autotel-audit`
@@ -28,33 +29,28 @@ declare function escalateSecuritySeverity(severity: SecuritySeverity, floor: Sec
  * reference these instead of re-typing the strings.
  */
 declare const SECURITY_ATTR: {
-    /** Marker set on every span carrying a security event. */
-    readonly marker: "autotel.security";
-    /** Set when the event was force-kept through tail sampling. */
-    readonly forceKeep: "autotel.security.force_keep";
-    readonly event: "security.event";
-    readonly category: "security.category";
-    readonly outcome: "security.outcome";
-    readonly severity: "security.severity";
-    readonly actorId: "security.actor_id";
-    readonly targetType: "security.target_type";
-    readonly targetId: "security.target_id";
-    readonly tenantId: "security.tenant_id";
-    readonly reason: "security.reason";
-    /** Custom metadata keys dropped because they looked credential-shaped. */
-    readonly droppedKeys: "security.dropped_keys";
-    /** Set by the signal processor on suspicious request paths. */
-    readonly suspiciousRequest: "security.suspicious_request";
-    /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
-    readonly signal: "security.signal";
+  /** Marker set on every span carrying a security event. */readonly marker: "autotel.security"; /** Set when the event was force-kept through tail sampling. */
+  readonly forceKeep: "autotel.security.force_keep";
+  readonly event: "security.event";
+  readonly category: "security.category";
+  readonly outcome: "security.outcome";
+  readonly severity: "security.severity";
+  readonly actorId: "security.actor_id";
+  readonly targetType: "security.target_type";
+  readonly targetId: "security.target_id";
+  readonly tenantId: "security.tenant_id";
+  readonly reason: "security.reason"; /** Custom metadata keys dropped because they looked credential-shaped. */
+  readonly droppedKeys: "security.dropped_keys"; /** Set by the signal processor on suspicious request paths. */
+  readonly suspiciousRequest: "security.suspicious_request"; /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+  readonly signal: "security.signal";
 };
 /** Metric names emitted by the security instrumentation. */
 declare const SECURITY_METRICS: {
-    readonly events: "autotel.security.events";
-    readonly httpSuspicious: "autotel.security.http.suspicious";
-    readonly httpDenied: "autotel.security.http.denied";
-    readonly anomaly: "autotel.security.anomaly";
-    readonly heartbeat: "autotel.security.heartbeat";
+  readonly events: "autotel.security.events";
+  readonly httpSuspicious: "autotel.security.http.suspicious";
+  readonly httpDenied: "autotel.security.http.denied";
+  readonly anomaly: "autotel.security.anomaly";
+  readonly heartbeat: "autotel.security.heartbeat";
 };
 /** HTTP statuses counted as denied responses by default. */
 declare const SECURITY_DENIED_STATUSES: readonly number[];
@@ -63,5 +59,6 @@ declare const SECURITY_DENIED_STATUSES: readonly number[];
  * first, legacy fallback second.
  */
 declare const HTTP_STATUS_ATTRIBUTES: readonly string[];
-
-export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, type SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
+//#endregion
+export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
+//# sourceMappingURL=security-schema.d.cts.map

package/dist/security-schema.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-schema.d.cts","names":[],"sources":["../src/security-schema.ts"],"mappings":";;AAYA;;;;AAA4B;AAG5B;;;;AAA2D;KAH/C,gBAAA;;cAGC,mBAAA,WAA8B,gBAAgB;;cAQ9C,sBAAA,EAAwB,MAAM,CAAC,gBAAA;AAW5C;;;;AAAA,iBAAgB,qBAAA,CACd,KAAA,WACA,QAAA,GAAU,gBAAA,GACT,gBAAgB;;iBAOH,uBAAA,CACd,QAAA,EAAU,gBAAA,EACV,GAAA,EAAK,gBAAgB;;iBAMP,wBAAA,CACd,QAAA,EAAU,gBAAA,EACV,KAAA,EAAO,gBAAA,GACN,gBAAA;AAlBgB;AAOnB;;;AAPmB,cA4BN,aAAA;EApBD,+FACL;EAAA;;;;;;;;;sCASY;EAAA,+CAFjB;EAAA,2DACA;EAAA;;AACiB;AAAA,cAiCN,gBAAA;EAAA;;;;;;;cASA,wBAAA;;;;;cAMA,sBAAA"}

package/dist/security-schema.d.ts

@@ -1,3 +1,4 @@
+//#region src/security-schema.d.ts
 /**
  * Security telemetry wire schema — the single source of truth for the
  * `security.*` span-attribute contract emitted by `autotel-audit`
@@ -28,33 +29,28 @@ declare function escalateSecuritySeverity(severity: SecuritySeverity, floor: Sec
  * reference these instead of re-typing the strings.
  */
 declare const SECURITY_ATTR: {
-    /** Marker set on every span carrying a security event. */
-    readonly marker: "autotel.security";
-    /** Set when the event was force-kept through tail sampling. */
-    readonly forceKeep: "autotel.security.force_keep";
-    readonly event: "security.event";
-    readonly category: "security.category";
-    readonly outcome: "security.outcome";
-    readonly severity: "security.severity";
-    readonly actorId: "security.actor_id";
-    readonly targetType: "security.target_type";
-    readonly targetId: "security.target_id";
-    readonly tenantId: "security.tenant_id";
-    readonly reason: "security.reason";
-    /** Custom metadata keys dropped because they looked credential-shaped. */
-    readonly droppedKeys: "security.dropped_keys";
-    /** Set by the signal processor on suspicious request paths. */
-    readonly suspiciousRequest: "security.suspicious_request";
-    /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
-    readonly signal: "security.signal";
+  /** Marker set on every span carrying a security event. */readonly marker: "autotel.security"; /** Set when the event was force-kept through tail sampling. */
+  readonly forceKeep: "autotel.security.force_keep";
+  readonly event: "security.event";
+  readonly category: "security.category";
+  readonly outcome: "security.outcome";
+  readonly severity: "security.severity";
+  readonly actorId: "security.actor_id";
+  readonly targetType: "security.target_type";
+  readonly targetId: "security.target_id";
+  readonly tenantId: "security.tenant_id";
+  readonly reason: "security.reason"; /** Custom metadata keys dropped because they looked credential-shaped. */
+  readonly droppedKeys: "security.dropped_keys"; /** Set by the signal processor on suspicious request paths. */
+  readonly suspiciousRequest: "security.suspicious_request"; /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+  readonly signal: "security.signal";
 };
 /** Metric names emitted by the security instrumentation. */
 declare const SECURITY_METRICS: {
-    readonly events: "autotel.security.events";
-    readonly httpSuspicious: "autotel.security.http.suspicious";
-    readonly httpDenied: "autotel.security.http.denied";
-    readonly anomaly: "autotel.security.anomaly";
-    readonly heartbeat: "autotel.security.heartbeat";
+  readonly events: "autotel.security.events";
+  readonly httpSuspicious: "autotel.security.http.suspicious";
+  readonly httpDenied: "autotel.security.http.denied";
+  readonly anomaly: "autotel.security.anomaly";
+  readonly heartbeat: "autotel.security.heartbeat";
 };
 /** HTTP statuses counted as denied responses by default. */
 declare const SECURITY_DENIED_STATUSES: readonly number[];
@@ -63,5 +59,6 @@ declare const SECURITY_DENIED_STATUSES: readonly number[];
  * first, legacy fallback second.
  */
 declare const HTTP_STATUS_ATTRIBUTES: readonly string[];
-
-export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, type SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
+//#endregion
+export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
+//# sourceMappingURL=security-schema.d.ts.map

package/dist/security-schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-schema.d.ts","names":[],"sources":["../src/security-schema.ts"],"mappings":";;AAYA;;;;AAA4B;AAG5B;;;;AAA2D;KAH/C,gBAAA;;cAGC,mBAAA,WAA8B,gBAAgB;;cAQ9C,sBAAA,EAAwB,MAAM,CAAC,gBAAA;AAW5C;;;;AAAA,iBAAgB,qBAAA,CACd,KAAA,WACA,QAAA,GAAU,gBAAA,GACT,gBAAgB;;iBAOH,uBAAA,CACd,QAAA,EAAU,gBAAA,EACV,GAAA,EAAK,gBAAgB;;iBAMP,wBAAA,CACd,QAAA,EAAU,gBAAA,EACV,KAAA,EAAO,gBAAA,GACN,gBAAA;AAlBgB;AAOnB;;;AAPmB,cA4BN,aAAA;EApBD,+FACL;EAAA;;;;;;;;;sCASY;EAAA,+CAFjB;EAAA,2DACA;EAAA;;AACiB;AAAA,cAiCN,gBAAA;EAAA;;;;;;;cASA,wBAAA;;;;;cAMA,sBAAA"}

package/dist/security-schema.js

@@ -1,59 +1,78 @@
-// src/security-schema.ts
-var SECURITY_SEVERITIES = [
-  "info",
-  "warning",
-  "error",
-  "critical"
+//#region src/security-schema.ts
+/** All severities, lowest first. */
+const SECURITY_SEVERITIES = [
+	"info",
+	"warning",
+	"error",
+	"critical"
 ];
-var SECURITY_SEVERITY_RANK = {
-  info: 0,
-  warning: 1,
-  error: 2,
-  critical: 3
+/** Numeric rank per severity for threshold comparisons. */
+const SECURITY_SEVERITY_RANK = {
+	info: 0,
+	warning: 1,
+	error: 2,
+	critical: 3
 };
+/**
+* Parse an untrusted value (span attribute, event payload field) into a
+* severity, falling back when it is missing or malformed.
+*/
 function parseSecuritySeverity(value, fallback = "info") {
-  return typeof value === "string" && value in SECURITY_SEVERITY_RANK ? value : fallback;
+	return typeof value === "string" && value in SECURITY_SEVERITY_RANK ? value : fallback;
 }
+/** `true` when `severity` meets or exceeds `min`. */
 function securitySeverityAtLeast(severity, min) {
-  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];
+	return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];
 }
+/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */
 function escalateSecuritySeverity(severity, floor) {
-  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor] ? severity : floor;
+	return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor] ? severity : floor;
 }
-var SECURITY_ATTR = {
-  /** Marker set on every span carrying a security event. */
-  marker: "autotel.security",
-  /** Set when the event was force-kept through tail sampling. */
-  forceKeep: "autotel.security.force_keep",
-  event: "security.event",
-  category: "security.category",
-  outcome: "security.outcome",
-  severity: "security.severity",
-  actorId: "security.actor_id",
-  targetType: "security.target_type",
-  targetId: "security.target_id",
-  tenantId: "security.tenant_id",
-  reason: "security.reason",
-  /** Custom metadata keys dropped because they looked credential-shaped. */
-  droppedKeys: "security.dropped_keys",
-  /** Set by the signal processor on suspicious request paths. */
-  suspiciousRequest: "security.suspicious_request",
-  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
-  signal: "security.signal"
+/**
+* Span attribute keys of the security schema. Emitters and consumers must
+* reference these instead of re-typing the strings.
+*/
+const SECURITY_ATTR = {
+	/** Marker set on every span carrying a security event. */
+	marker: "autotel.security",
+	/** Set when the event was force-kept through tail sampling. */
+	forceKeep: "autotel.security.force_keep",
+	event: "security.event",
+	category: "security.category",
+	outcome: "security.outcome",
+	severity: "security.severity",
+	actorId: "security.actor_id",
+	targetType: "security.target_type",
+	targetId: "security.target_id",
+	tenantId: "security.tenant_id",
+	reason: "security.reason",
+	/** Custom metadata keys dropped because they looked credential-shaped. */
+	droppedKeys: "security.dropped_keys",
+	/** Set by the signal processor on suspicious request paths. */
+	suspiciousRequest: "security.suspicious_request",
+	/** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
+	signal: "security.signal"
 };
-var SECURITY_METRICS = {
-  events: "autotel.security.events",
-  httpSuspicious: "autotel.security.http.suspicious",
-  httpDenied: "autotel.security.http.denied",
-  anomaly: "autotel.security.anomaly",
-  heartbeat: "autotel.security.heartbeat"
+/** Metric names emitted by the security instrumentation. */
+const SECURITY_METRICS = {
+	events: "autotel.security.events",
+	httpSuspicious: "autotel.security.http.suspicious",
+	httpDenied: "autotel.security.http.denied",
+	anomaly: "autotel.security.anomaly",
+	heartbeat: "autotel.security.heartbeat"
 };
-var SECURITY_DENIED_STATUSES = [401, 403, 429];
-var HTTP_STATUS_ATTRIBUTES = [
-  "http.response.status_code",
-  "http.status_code"
+/** HTTP statuses counted as denied responses by default. */
+const SECURITY_DENIED_STATUSES = [
+	401,
+	403,
+	429
 ];
+/**
+* Span attributes carrying the HTTP response status, current semconv
+* first, legacy fallback second.
+*/
+const HTTP_STATUS_ATTRIBUTES = ["http.response.status_code", "http.status_code"];
 
+//#endregion
 export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast };
-//# sourceMappingURL=security-schema.js.map
 //# sourceMappingURL=security-schema.js.map

package/dist/security-schema.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/security-schema.ts"],"names":[],"mappings":";AAeO,IAAM,mBAAA,GAAmD;AAAA,EAC9D,MAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAGO,IAAM,sBAAA,GAA2D;AAAA,EACtE,IAAA,EAAM,CAAA;AAAA,EACN,OAAA,EAAS,CAAA;AAAA,EACT,KAAA,EAAO,CAAA;AAAA,EACP,QAAA,EAAU;AACZ;AAMO,SAAS,qBAAA,CACd,KAAA,EACA,QAAA,GAA6B,MAAA,EACX;AAClB,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,IAAS,yBACxC,KAAA,GACD,QAAA;AACN;AAGO,SAAS,uBAAA,CACd,UACA,GAAA,EACS;AACT,EAAA,OAAO,sBAAA,CAAuB,QAAQ,CAAA,IAAK,sBAAA,CAAuB,GAAG,CAAA;AACvE;AAGO,SAAS,wBAAA,CACd,UACA,KAAA,EACkB;AAClB,EAAA,OAAO,uBAAuB,QAAQ,CAAA,IAAK,sBAAA,CAAuB,KAAK,IACnE,QAAA,GACA,KAAA;AACN;AAMO,IAAM,aAAA,GAAgB;AAAA;AAAA,EAE3B,MAAA,EAAQ,kBAAA;AAAA;AAAA,EAER,SAAA,EAAW,6BAAA;AAAA,EACX,KAAA,EAAO,gBAAA;AAAA,EACP,QAAA,EAAU,mBAAA;AAAA,EACV,OAAA,EAAS,kBAAA;AAAA,EACT,QAAA,EAAU,mBAAA;AAAA,EACV,OAAA,EAAS,mBAAA;AAAA,EACT,UAAA,EAAY,sBAAA;AAAA,EACZ,QAAA,EAAU,oBAAA;AAAA,EACV,QAAA,EAAU,oBAAA;AAAA,EACV,MAAA,EAAQ,iBAAA;AAAA;AAAA,EAER,WAAA,EAAa,uBAAA;AAAA;AAAA,EAEb,iBAAA,EAAmB,6BAAA;AAAA;AAAA,EAEnB,MAAA,EAAQ;AACV;AAGO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,MAAA,EAAQ,yBAAA;AAAA,EACR,cAAA,EAAgB,kCAAA;AAAA,EAChB,UAAA,EAAY,8BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,SAAA,EAAW;AACb;AAGO,IAAM,wBAAA,GAA8C,CAAC,GAAA,EAAK,GAAA,EAAK,GAAG;AAMlE,IAAM,sBAAA,GAA4C;AAAA,EACvD,2BAAA;AAAA,EACA;AACF","file":"security-schema.js","sourcesContent":["/**\n * Security telemetry wire schema — the single source of truth for the\n * `security.*` span-attribute contract emitted by `autotel-audit`\n * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)\n * and consumed by `autotel-subscribers`, `autotel-devtools`, and the\n * `autotel security` CLI commands.\n *\n * Dependency-free and side-effect-free by design: safe to import from\n * browser bundles (devtools widget) and anything else that only needs\n * the constants, without pulling in the OpenTelemetry SDK.\n */\n\nexport type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';\n\n/** All severities, lowest first. */\nexport const SECURITY_SEVERITIES: readonly SecuritySeverity[] = [\n  'info',\n  'warning',\n  'error',\n  'critical',\n];\n\n/** Numeric rank per severity for threshold comparisons. */\nexport const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number> = {\n  info: 0,\n  warning: 1,\n  error: 2,\n  critical: 3,\n};\n\n/**\n * Parse an untrusted value (span attribute, event payload field) into a\n * severity, falling back when it is missing or malformed.\n */\nexport function parseSecuritySeverity(\n  value: unknown,\n  fallback: SecuritySeverity = 'info',\n): SecuritySeverity {\n  return typeof value === 'string' && value in SECURITY_SEVERITY_RANK\n    ? (value as SecuritySeverity)\n    : fallback;\n}\n\n/** `true` when `severity` meets or exceeds `min`. */\nexport function securitySeverityAtLeast(\n  severity: SecuritySeverity,\n  min: SecuritySeverity,\n): boolean {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];\n}\n\n/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */\nexport function escalateSecuritySeverity(\n  severity: SecuritySeverity,\n  floor: SecuritySeverity,\n): SecuritySeverity {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor]\n    ? severity\n    : floor;\n}\n\n/**\n * Span attribute keys of the security schema. Emitters and consumers must\n * reference these instead of re-typing the strings.\n */\nexport const SECURITY_ATTR = {\n  /** Marker set on every span carrying a security event. */\n  marker: 'autotel.security',\n  /** Set when the event was force-kept through tail sampling. */\n  forceKeep: 'autotel.security.force_keep',\n  event: 'security.event',\n  category: 'security.category',\n  outcome: 'security.outcome',\n  severity: 'security.severity',\n  actorId: 'security.actor_id',\n  targetType: 'security.target_type',\n  targetId: 'security.target_id',\n  tenantId: 'security.tenant_id',\n  reason: 'security.reason',\n  /** Custom metadata keys dropped because they looked credential-shaped. */\n  droppedKeys: 'security.dropped_keys',\n  /** Set by the signal processor on suspicious request paths. */\n  suspiciousRequest: 'security.suspicious_request',\n  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */\n  signal: 'security.signal',\n} as const;\n\n/** Metric names emitted by the security instrumentation. */\nexport const SECURITY_METRICS = {\n  events: 'autotel.security.events',\n  httpSuspicious: 'autotel.security.http.suspicious',\n  httpDenied: 'autotel.security.http.denied',\n  anomaly: 'autotel.security.anomaly',\n  heartbeat: 'autotel.security.heartbeat',\n} as const;\n\n/** HTTP statuses counted as denied responses by default. */\nexport const SECURITY_DENIED_STATUSES: readonly number[] = [401, 403, 429];\n\n/**\n * Span attributes carrying the HTTP response status, current semconv\n * first, legacy fallback second.\n */\nexport const HTTP_STATUS_ATTRIBUTES: readonly string[] = [\n  'http.response.status_code',\n  'http.status_code',\n];\n"]}
+{"version":3,"file":"security-schema.js","names":[],"sources":["../src/security-schema.ts"],"sourcesContent":["/**\n * Security telemetry wire schema — the single source of truth for the\n * `security.*` span-attribute contract emitted by `autotel-audit`\n * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)\n * and consumed by `autotel-subscribers`, `autotel-devtools`, and the\n * `autotel security` CLI commands.\n *\n * Dependency-free and side-effect-free by design: safe to import from\n * browser bundles (devtools widget) and anything else that only needs\n * the constants, without pulling in the OpenTelemetry SDK.\n */\n\nexport type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';\n\n/** All severities, lowest first. */\nexport const SECURITY_SEVERITIES: readonly SecuritySeverity[] = [\n  'info',\n  'warning',\n  'error',\n  'critical',\n];\n\n/** Numeric rank per severity for threshold comparisons. */\nexport const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number> = {\n  info: 0,\n  warning: 1,\n  error: 2,\n  critical: 3,\n};\n\n/**\n * Parse an untrusted value (span attribute, event payload field) into a\n * severity, falling back when it is missing or malformed.\n */\nexport function parseSecuritySeverity(\n  value: unknown,\n  fallback: SecuritySeverity = 'info',\n): SecuritySeverity {\n  return typeof value === 'string' && value in SECURITY_SEVERITY_RANK\n    ? (value as SecuritySeverity)\n    : fallback;\n}\n\n/** `true` when `severity` meets or exceeds `min`. */\nexport function securitySeverityAtLeast(\n  severity: SecuritySeverity,\n  min: SecuritySeverity,\n): boolean {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];\n}\n\n/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */\nexport function escalateSecuritySeverity(\n  severity: SecuritySeverity,\n  floor: SecuritySeverity,\n): SecuritySeverity {\n  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor]\n    ? severity\n    : floor;\n}\n\n/**\n * Span attribute keys of the security schema. Emitters and consumers must\n * reference these instead of re-typing the strings.\n */\nexport const SECURITY_ATTR = {\n  /** Marker set on every span carrying a security event. */\n  marker: 'autotel.security',\n  /** Set when the event was force-kept through tail sampling. */\n  forceKeep: 'autotel.security.force_keep',\n  event: 'security.event',\n  category: 'security.category',\n  outcome: 'security.outcome',\n  severity: 'security.severity',\n  actorId: 'security.actor_id',\n  targetType: 'security.target_type',\n  targetId: 'security.target_id',\n  tenantId: 'security.tenant_id',\n  reason: 'security.reason',\n  /** Custom metadata keys dropped because they looked credential-shaped. */\n  droppedKeys: 'security.dropped_keys',\n  /** Set by the signal processor on suspicious request paths. */\n  suspiciousRequest: 'security.suspicious_request',\n  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */\n  signal: 'security.signal',\n} as const;\n\n/** Metric names emitted by the security instrumentation. */\nexport const SECURITY_METRICS = {\n  events: 'autotel.security.events',\n  httpSuspicious: 'autotel.security.http.suspicious',\n  httpDenied: 'autotel.security.http.denied',\n  anomaly: 'autotel.security.anomaly',\n  heartbeat: 'autotel.security.heartbeat',\n} as const;\n\n/** HTTP statuses counted as denied responses by default. */\nexport const SECURITY_DENIED_STATUSES: readonly number[] = [401, 403, 429];\n\n/**\n * Span attributes carrying the HTTP response status, current semconv\n * first, legacy fallback second.\n */\nexport const HTTP_STATUS_ATTRIBUTES: readonly string[] = [\n  'http.response.status_code',\n  'http.status_code',\n];\n"],"mappings":";;AAeA,MAAa,sBAAmD;CAC9D;CACA;CACA;CACA;AACF;;AAGA,MAAa,yBAA2D;CACtE,MAAM;CACN,SAAS;CACT,OAAO;CACP,UAAU;AACZ;;;;;AAMA,SAAgB,sBACd,OACA,WAA6B,QACX;CAClB,OAAO,OAAO,UAAU,YAAY,SAAS,yBACxC,QACD;AACN;;AAGA,SAAgB,wBACd,UACA,KACS;CACT,OAAO,uBAAuB,aAAa,uBAAuB;AACpE;;AAGA,SAAgB,yBACd,UACA,OACkB;CAClB,OAAO,uBAAuB,aAAa,uBAAuB,SAC9D,WACA;AACN;;;;;AAMA,MAAa,gBAAgB;;CAE3B,QAAQ;;CAER,WAAW;CACX,OAAO;CACP,UAAU;CACV,SAAS;CACT,UAAU;CACV,SAAS;CACT,YAAY;CACZ,UAAU;CACV,UAAU;CACV,QAAQ;;CAER,aAAa;;CAEb,mBAAmB;;CAEnB,QAAQ;AACV;;AAGA,MAAa,mBAAmB;CAC9B,QAAQ;CACR,gBAAgB;CAChB,YAAY;CACZ,SAAS;CACT,WAAW;AACb;;AAGA,MAAa,2BAA8C;CAAC;CAAK;CAAK;AAAG;;;;;AAMzE,MAAa,yBAA4C,CACvD,6BACA,kBACF"}

package/dist/semantic-conventions-FhSxv-bK.d.cts

@@ -0,0 +1,32 @@
+//#region src/attributes/registry.d.ts
+declare const HTTPAttributes: {
+  readonly connectionState: "http.connection.state";
+  readonly requestMethod: "http.request.method";
+  readonly requestMethodOriginal: "http.request.method_original";
+  readonly requestResendCount: "http.request.resend_count";
+  readonly requestSize: "http.request.size";
+  readonly requestBodySize: "http.request.body.size";
+  readonly responseSize: "http.response.size";
+  readonly responseBodySize: "http.response.body.size";
+  readonly responseStatusCode: "http.response.status_code";
+  readonly route: "http.route";
+};
+declare const ServiceAttributes: {
+  readonly name: "service.name";
+  readonly instance: "service.instance.id";
+  readonly version: "service.version";
+};
+declare const URLAttributes: {
+  readonly scheme: "url.scheme";
+  readonly full: "url.full";
+  readonly path: "url.path";
+  readonly query: "url.query";
+  readonly fragment: "url.fragment";
+};
+//#endregion
+//#region src/semantic-conventions.d.ts
+declare function httpRequestHeaderAttribute(name: string): string;
+declare function httpResponseHeaderAttribute(name: string): string;
+//#endregion
+export { URLAttributes as a, ServiceAttributes as i, httpResponseHeaderAttribute as n, HTTPAttributes as r, httpRequestHeaderAttribute as t };
+//# sourceMappingURL=semantic-conventions-FhSxv-bK.d.cts.map

package/dist/semantic-conventions-FhSxv-bK.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semantic-conventions-FhSxv-bK.d.cts","names":[],"sources":["../src/attributes/registry.ts","../src/semantic-conventions.ts"],"mappings":";cA0Ba,cAAA;EAAA;;;;;;;;;;;cA4BA,iBAAA;EAAA;;;;cAqBA,aAAA;EAAA;;;;;;;;iBCnEG,0BAAA,CAA2B,IAAY;AAAA,iBAIvC,2BAAA,CAA4B,IAAY"}

package/dist/semantic-conventions-FhSxv-bK.d.ts

@@ -0,0 +1,32 @@
+//#region src/attributes/registry.d.ts
+declare const HTTPAttributes: {
+  readonly connectionState: "http.connection.state";
+  readonly requestMethod: "http.request.method";
+  readonly requestMethodOriginal: "http.request.method_original";
+  readonly requestResendCount: "http.request.resend_count";
+  readonly requestSize: "http.request.size";
+  readonly requestBodySize: "http.request.body.size";
+  readonly responseSize: "http.response.size";
+  readonly responseBodySize: "http.response.body.size";
+  readonly responseStatusCode: "http.response.status_code";
+  readonly route: "http.route";
+};
+declare const ServiceAttributes: {
+  readonly name: "service.name";
+  readonly instance: "service.instance.id";
+  readonly version: "service.version";
+};
+declare const URLAttributes: {
+  readonly scheme: "url.scheme";
+  readonly full: "url.full";
+  readonly path: "url.path";
+  readonly query: "url.query";
+  readonly fragment: "url.fragment";
+};
+//#endregion
+//#region src/semantic-conventions.d.ts
+declare function httpRequestHeaderAttribute(name: string): string;
+declare function httpResponseHeaderAttribute(name: string): string;
+//#endregion
+export { URLAttributes as a, ServiceAttributes as i, httpResponseHeaderAttribute as n, HTTPAttributes as r, httpRequestHeaderAttribute as t };
+//# sourceMappingURL=semantic-conventions-FhSxv-bK.d.ts.map

package/dist/semantic-conventions-FhSxv-bK.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semantic-conventions-FhSxv-bK.d.ts","names":[],"sources":["../src/attributes/registry.ts","../src/semantic-conventions.ts"],"mappings":";cA0Ba,cAAA;EAAA;;;;;;;;;;;cA4BA,iBAAA;EAAA;;;;cAqBA,aAAA;EAAA;;;;;;;;iBCnEG,0BAAA,CAA2B,IAAY;AAAA,iBAIvC,2BAAA,CAA4B,IAAY"}

package/dist/semantic-conventions.cjs

@@ -1,29 +1,18 @@
-'use strict';
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_registry = require('./registry-JZg2J3RZ.cjs');
 
-var chunk2ZKEORFN_cjs = require('./chunk-2ZKEORFN.cjs');
-var chunkESMHTKLJ_cjs = require('./chunk-ESMHTKLJ.cjs');
+//#region src/semantic-conventions.ts
+function httpRequestHeaderAttribute(name) {
+	return `http.request.header.${name.toLowerCase()}`;
+}
+function httpResponseHeaderAttribute(name) {
+	return `http.response.header.${name.toLowerCase()}`;
+}
 
-
-
-Object.defineProperty(exports, "httpRequestHeaderAttribute", {
-  enumerable: true,
-  get: function () { return chunk2ZKEORFN_cjs.httpRequestHeaderAttribute; }
-});
-Object.defineProperty(exports, "httpResponseHeaderAttribute", {
-  enumerable: true,
-  get: function () { return chunk2ZKEORFN_cjs.httpResponseHeaderAttribute; }
-});
-Object.defineProperty(exports, "HTTPAttributes", {
-  enumerable: true,
-  get: function () { return chunkESMHTKLJ_cjs.HTTPAttributes; }
-});
-Object.defineProperty(exports, "ServiceAttributes", {
-  enumerable: true,
-  get: function () { return chunkESMHTKLJ_cjs.ServiceAttributes; }
-});
-Object.defineProperty(exports, "URLAttributes", {
-  enumerable: true,
-  get: function () { return chunkESMHTKLJ_cjs.URLAttributes; }
-});
-//# sourceMappingURL=semantic-conventions.cjs.map
+//#endregion
+exports.HTTPAttributes = require_registry.HTTPAttributes;
+exports.ServiceAttributes = require_registry.ServiceAttributes;
+exports.URLAttributes = require_registry.URLAttributes;
+exports.httpRequestHeaderAttribute = httpRequestHeaderAttribute;
+exports.httpResponseHeaderAttribute = httpResponseHeaderAttribute;
 //# sourceMappingURL=semantic-conventions.cjs.map

package/dist/semantic-conventions.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"semantic-conventions.cjs"}
+{"version":3,"file":"semantic-conventions.cjs","names":[],"sources":["../src/semantic-conventions.ts"],"sourcesContent":["import {\n  HTTPAttributes,\n  ServiceAttributes,\n  URLAttributes,\n} from './attributes/registry';\n\nexport { HTTPAttributes, ServiceAttributes, URLAttributes };\n\nexport function httpRequestHeaderAttribute(name: string): string {\n  return `http.request.header.${name.toLowerCase()}`;\n}\n\nexport function httpResponseHeaderAttribute(name: string): string {\n  return `http.response.header.${name.toLowerCase()}`;\n}\n"],"mappings":";;;;AAQA,SAAgB,2BAA2B,MAAsB;CAC/D,OAAO,uBAAuB,KAAK,YAAY;AACjD;AAEA,SAAgB,4BAA4B,MAAsB;CAChE,OAAO,wBAAwB,KAAK,YAAY;AAClD"}

package/dist/semantic-conventions.d.cts

@@ -1,29 +1,2 @@
-declare const HTTPAttributes: {
-    readonly connectionState: "http.connection.state";
-    readonly requestMethod: "http.request.method";
-    readonly requestMethodOriginal: "http.request.method_original";
-    readonly requestResendCount: "http.request.resend_count";
-    readonly requestSize: "http.request.size";
-    readonly requestBodySize: "http.request.body.size";
-    readonly responseSize: "http.response.size";
-    readonly responseBodySize: "http.response.body.size";
-    readonly responseStatusCode: "http.response.status_code";
-    readonly route: "http.route";
-};
-declare const ServiceAttributes: {
-    readonly name: "service.name";
-    readonly instance: "service.instance.id";
-    readonly version: "service.version";
-};
-declare const URLAttributes: {
-    readonly scheme: "url.scheme";
-    readonly full: "url.full";
-    readonly path: "url.path";
-    readonly query: "url.query";
-    readonly fragment: "url.fragment";
-};
-
-declare function httpRequestHeaderAttribute(name: string): string;
-declare function httpResponseHeaderAttribute(name: string): string;
-
-export { HTTPAttributes, ServiceAttributes, URLAttributes, httpRequestHeaderAttribute, httpResponseHeaderAttribute };
+import { a as URLAttributes, i as ServiceAttributes, n as httpResponseHeaderAttribute, r as HTTPAttributes, t as httpRequestHeaderAttribute } from "./semantic-conventions-FhSxv-bK.cjs";
+export { HTTPAttributes, ServiceAttributes, URLAttributes, httpRequestHeaderAttribute, httpResponseHeaderAttribute };

package/dist/semantic-conventions.d.ts

@@ -1,29 +1,2 @@
-declare const HTTPAttributes: {
-    readonly connectionState: "http.connection.state";
-    readonly requestMethod: "http.request.method";
-    readonly requestMethodOriginal: "http.request.method_original";
-    readonly requestResendCount: "http.request.resend_count";
-    readonly requestSize: "http.request.size";
-    readonly requestBodySize: "http.request.body.size";
-    readonly responseSize: "http.response.size";
-    readonly responseBodySize: "http.response.body.size";
-    readonly responseStatusCode: "http.response.status_code";
-    readonly route: "http.route";
-};
-declare const ServiceAttributes: {
-    readonly name: "service.name";
-    readonly instance: "service.instance.id";
-    readonly version: "service.version";
-};
-declare const URLAttributes: {
-    readonly scheme: "url.scheme";
-    readonly full: "url.full";
-    readonly path: "url.path";
-    readonly query: "url.query";
-    readonly fragment: "url.fragment";
-};
-
-declare function httpRequestHeaderAttribute(name: string): string;
-declare function httpResponseHeaderAttribute(name: string): string;
-
-export { HTTPAttributes, ServiceAttributes, URLAttributes, httpRequestHeaderAttribute, httpResponseHeaderAttribute };
+import { a as URLAttributes, i as ServiceAttributes, n as httpResponseHeaderAttribute, r as HTTPAttributes, t as httpRequestHeaderAttribute } from "./semantic-conventions-FhSxv-bK.js";
+export { HTTPAttributes, ServiceAttributes, URLAttributes, httpRequestHeaderAttribute, httpResponseHeaderAttribute };

package/dist/semantic-conventions.js

@@ -1,4 +1,13 @@
-export { httpRequestHeaderAttribute, httpResponseHeaderAttribute } from './chunk-7552UTQW.js';
-export { HTTPAttributes, ServiceAttributes, URLAttributes } from './chunk-4A53YIAX.js';
-//# sourceMappingURL=semantic-conventions.js.map
+import { b as ServiceAttributes, f as HTTPAttributes, w as URLAttributes } from "./registry-DfXA3R1L.js";
+
+//#region src/semantic-conventions.ts
+function httpRequestHeaderAttribute(name) {
+	return `http.request.header.${name.toLowerCase()}`;
+}
+function httpResponseHeaderAttribute(name) {
+	return `http.response.header.${name.toLowerCase()}`;
+}
+
+//#endregion
+export { HTTPAttributes, ServiceAttributes, URLAttributes, httpRequestHeaderAttribute, httpResponseHeaderAttribute };
 //# sourceMappingURL=semantic-conventions.js.map

package/dist/semantic-conventions.js.map

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"semantic-conventions.js"}
+{"version":3,"file":"semantic-conventions.js","names":[],"sources":["../src/semantic-conventions.ts"],"sourcesContent":["import {\n  HTTPAttributes,\n  ServiceAttributes,\n  URLAttributes,\n} from './attributes/registry';\n\nexport { HTTPAttributes, ServiceAttributes, URLAttributes };\n\nexport function httpRequestHeaderAttribute(name: string): string {\n  return `http.request.header.${name.toLowerCase()}`;\n}\n\nexport function httpResponseHeaderAttribute(name: string): string {\n  return `http.response.header.${name.toLowerCase()}`;\n}\n"],"mappings":";;;AAQA,SAAgB,2BAA2B,MAAsB;CAC/D,OAAO,uBAAuB,KAAK,YAAY;AACjD;AAEA,SAAgB,4BAA4B,MAAsB;CAChE,OAAO,wBAAwB,KAAK,YAAY;AAClD"}