autotel 4.0.0 → 4.2.0

package/src/security-schema.test.ts

@@ -1,45 +0,0 @@
-import { describe, expect, it } from 'vitest';
-import {
-  SECURITY_ATTR,
-  SECURITY_DENIED_STATUSES,
-  SECURITY_SEVERITIES,
-  SECURITY_SEVERITY_RANK,
-  escalateSecuritySeverity,
-  parseSecuritySeverity,
-  securitySeverityAtLeast,
-} from './security-schema';
-
-describe('security-schema', () => {
-  it('ranks severities in declaration order', () => {
-    const ranks = SECURITY_SEVERITIES.map((s) => SECURITY_SEVERITY_RANK[s]);
-    expect(ranks).toEqual([0, 1, 2, 3]);
-  });
-
-  it('parses valid severities and falls back on garbage', () => {
-    expect(parseSecuritySeverity('critical')).toBe('critical');
-    expect(parseSecuritySeverity('warning')).toBe('warning');
-    expect(parseSecuritySeverity('CRITICAL')).toBe('info');
-    expect(parseSecuritySeverity(42)).toBe('info');
-    expect(parseSecuritySeverity(undefined)).toBe('info');
-    expect(parseSecuritySeverity(undefined, 'warning')).toBe('warning');
-  });
-
-  it('compares severities against a threshold', () => {
-    expect(securitySeverityAtLeast('error', 'warning')).toBe(true);
-    expect(securitySeverityAtLeast('warning', 'warning')).toBe(true);
-    expect(securitySeverityAtLeast('info', 'warning')).toBe(false);
-  });
-
-  it('escalates to the floor but never downgrades', () => {
-    expect(escalateSecuritySeverity('info', 'error')).toBe('error');
-    expect(escalateSecuritySeverity('error', 'error')).toBe('error');
-    expect(escalateSecuritySeverity('critical', 'error')).toBe('critical');
-  });
-
-  it('keeps the attribute contract stable', () => {
-    expect(SECURITY_ATTR.event).toBe('security.event');
-    expect(SECURITY_ATTR.severity).toBe('security.severity');
-    expect(SECURITY_ATTR.suspiciousRequest).toBe('security.suspicious_request');
-    expect(SECURITY_DENIED_STATUSES).toEqual([401, 403, 429]);
-  });
-});

package/src/security-schema.ts

@@ -1,107 +0,0 @@
-/**
- * Security telemetry wire schema — the single source of truth for the
- * `security.*` span-attribute contract emitted by `autotel-audit`
- * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`)
- * and consumed by `autotel-subscribers`, `autotel-devtools`, and the
- * `autotel security` CLI commands.
- *
- * Dependency-free and side-effect-free by design: safe to import from
- * browser bundles (devtools widget) and anything else that only needs
- * the constants, without pulling in the OpenTelemetry SDK.
- */
-
-export type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';
-
-/** All severities, lowest first. */
-export const SECURITY_SEVERITIES: readonly SecuritySeverity[] = [
-  'info',
-  'warning',
-  'error',
-  'critical',
-];
-
-/** Numeric rank per severity for threshold comparisons. */
-export const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number> = {
-  info: 0,
-  warning: 1,
-  error: 2,
-  critical: 3,
-};
-
-/**
- * Parse an untrusted value (span attribute, event payload field) into a
- * severity, falling back when it is missing or malformed.
- */
-export function parseSecuritySeverity(
-  value: unknown,
-  fallback: SecuritySeverity = 'info',
-): SecuritySeverity {
-  return typeof value === 'string' && value in SECURITY_SEVERITY_RANK
-    ? (value as SecuritySeverity)
-    : fallback;
-}
-
-/** `true` when `severity` meets or exceeds `min`. */
-export function securitySeverityAtLeast(
-  severity: SecuritySeverity,
-  min: SecuritySeverity,
-): boolean {
-  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min];
-}
-
-/** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */
-export function escalateSecuritySeverity(
-  severity: SecuritySeverity,
-  floor: SecuritySeverity,
-): SecuritySeverity {
-  return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor]
-    ? severity
-    : floor;
-}
-
-/**
- * Span attribute keys of the security schema. Emitters and consumers must
- * reference these instead of re-typing the strings.
- */
-export const SECURITY_ATTR = {
-  /** Marker set on every span carrying a security event. */
-  marker: 'autotel.security',
-  /** Set when the event was force-kept through tail sampling. */
-  forceKeep: 'autotel.security.force_keep',
-  event: 'security.event',
-  category: 'security.category',
-  outcome: 'security.outcome',
-  severity: 'security.severity',
-  actorId: 'security.actor_id',
-  targetType: 'security.target_type',
-  targetId: 'security.target_id',
-  tenantId: 'security.tenant_id',
-  reason: 'security.reason',
-  /** Custom metadata keys dropped because they looked credential-shaped. */
-  droppedKeys: 'security.dropped_keys',
-  /** Set by the signal processor on suspicious request paths. */
-  suspiciousRequest: 'security.suspicious_request',
-  /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */
-  signal: 'security.signal',
-} as const;
-
-/** Metric names emitted by the security instrumentation. */
-export const SECURITY_METRICS = {
-  events: 'autotel.security.events',
-  httpSuspicious: 'autotel.security.http.suspicious',
-  httpDenied: 'autotel.security.http.denied',
-  anomaly: 'autotel.security.anomaly',
-  heartbeat: 'autotel.security.heartbeat',
-} as const;
-
-/** HTTP statuses counted as denied responses by default. */
-export const SECURITY_DENIED_STATUSES: readonly number[] = [401, 403, 429];
-
-/**
- * Span attributes carrying the HTTP response status, current semconv
- * first, legacy fallback second.
- */
-export const HTTP_STATUS_ATTRIBUTES: readonly string[] = [
-  'http.response.status_code',
-  'http.status_code',
-];

package/src/semantic-conventions.ts

@@ -1,15 +0,0 @@
-import {
-  HTTPAttributes,
-  ServiceAttributes,
-  URLAttributes,
-} from './attributes/registry';
-
-export { HTTPAttributes, ServiceAttributes, URLAttributes };
-
-export function httpRequestHeaderAttribute(name: string): string {
-  return `http.request.header.${name.toLowerCase()}`;
-}
-
-export function httpResponseHeaderAttribute(name: string): string {
-  return `http.response.header.${name.toLowerCase()}`;
-}

package/src/semantic-helpers.test.ts

@@ -1,226 +0,0 @@
-/**
- * Tests for semantic convention helpers
- */
-
-import { describe, it, expect, beforeEach } from 'vitest';
-import { traceDB, traceHTTP, traceMessaging } from './semantic-helpers';
-import { createTraceCollector } from './testing';
-
-describe('Semantic Helpers', () => {
-  let collector: ReturnType<typeof createTraceCollector>;
-
-  beforeEach(() => {
-    collector = createTraceCollector();
-  });
-
-  // GenAI/LLM helpers (`traceLLM`) moved to the `autotel-genai` package.
-
-  describe('traceDB', () => {
-    it('should add DB semantic convention attributes', async () => {
-      const getUser = traceDB({
-        system: 'postgresql',
-        operation: 'SELECT',
-        database: 'app_db',
-        collection: 'users',
-      })((_ctx) => async (userId: string) => {
-        return { id: userId, name: 'John' };
-      });
-
-      await getUser('123');
-
-      const spans = collector.getSpans();
-      expect(spans).toHaveLength(1);
-
-      const span = spans[0];
-      expect(span.attributes['db.system']).toBe('postgresql');
-      expect(span.attributes['db.operation']).toBe('SELECT');
-      expect(span.attributes['db.name']).toBe('app_db');
-      expect(span.attributes['db.collection.name']).toBe('users');
-    });
-
-    it('should work without optional attributes', async () => {
-      const query = traceDB({
-        system: 'mongodb',
-      })((_ctx) => async () => ({ results: [] }));
-
-      await query();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['db.system']).toBe('mongodb');
-      expect(span.attributes['db.operation']).toBeUndefined();
-      expect(span.attributes['db.name']).toBeUndefined();
-    });
-
-    it('should support custom attributes', async () => {
-      const query = traceDB({
-        system: 'redis',
-        operation: 'GET',
-        attributes: {
-          'db.redis.ttl': 3600,
-        },
-      })((_ctx) => async (key: string) => `value-${key}`);
-
-      await query('test-key');
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['db.system']).toBe('redis');
-      expect(span.attributes['db.redis.ttl']).toBe(3600);
-    });
-  });
-
-  describe('traceHTTP', () => {
-    it('should add HTTP semantic convention attributes', async () => {
-      const fetchUser = traceHTTP({
-        method: 'GET',
-        url: 'https://api.example.com/users/:id',
-      })((_ctx) => async (userId: string) => {
-        return { id: userId };
-      });
-
-      await fetchUser('123');
-
-      const spans = collector.getSpans();
-      expect(spans).toHaveLength(1);
-
-      const span = spans[0];
-      expect(span.attributes['http.request.method']).toBe('GET');
-      expect(span.attributes['url.full']).toBe(
-        'https://api.example.com/users/:id',
-      );
-    });
-
-    it('should work with only method', async () => {
-      const request = traceHTTP({
-        method: 'POST',
-      })((_ctx) => async (_data: object) => ({ success: true }));
-
-      await request({ test: 'data' });
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['http.request.method']).toBe('POST');
-      expect(span.attributes['url.full']).toBeUndefined();
-    });
-
-    it('should work with only URL', async () => {
-      const request = traceHTTP({
-        url: 'https://api.example.com',
-      })((_ctx) => async () => ({ success: true }));
-
-      await request();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['url.full']).toBe('https://api.example.com');
-      expect(span.attributes['http.request.method']).toBeUndefined();
-    });
-
-    it('should support custom attributes', async () => {
-      const request = traceHTTP({
-        method: 'POST',
-        url: 'https://webhook.example.com',
-        attributes: {
-          'http.request.retry_count': 3,
-          'http.request.timeout': 5000,
-        },
-      })((_ctx) => async () => ({ success: true }));
-
-      await request();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['http.request.retry_count']).toBe(3);
-      expect(span.attributes['http.request.timeout']).toBe(5000);
-    });
-  });
-
-  describe('traceMessaging', () => {
-    it('should add Messaging semantic convention attributes', async () => {
-      const publishEvent = traceMessaging({
-        system: 'kafka',
-        operation: 'publish',
-        destination: 'user-events',
-      })((_ctx) => async (_event: object) => {
-        return { messageId: '123' };
-      });
-
-      await publishEvent({ type: 'user.created' });
-
-      const spans = collector.getSpans();
-      expect(spans).toHaveLength(1);
-
-      const span = spans[0];
-      expect(span.attributes['messaging.system']).toBe('kafka');
-      expect(span.attributes['messaging.operation']).toBe('publish');
-      expect(span.attributes['messaging.destination.name']).toBe('user-events');
-    });
-
-    it('should work with minimal config', async () => {
-      const sendMessage = traceMessaging({
-        system: 'rabbitmq',
-      })((_ctx) => async () => ({ sent: true }));
-
-      await sendMessage();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['messaging.system']).toBe('rabbitmq');
-      expect(span.attributes['messaging.operation']).toBeUndefined();
-      expect(span.attributes['messaging.destination.name']).toBeUndefined();
-    });
-
-    it('should support receive operation', async () => {
-      const consumeMessage = traceMessaging({
-        system: 'sqs',
-        operation: 'receive',
-        destination: 'notifications',
-      })((_ctx) => async () => ({ messages: [] }));
-
-      await consumeMessage();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['messaging.operation']).toBe('receive');
-    });
-
-    it('should support custom attributes', async () => {
-      const publishBatch = traceMessaging({
-        system: 'aws_sqs',
-        operation: 'publish',
-        destination: 'orders',
-        attributes: {
-          'messaging.batch.message_count': 10,
-          'messaging.kafka.partition': 0,
-        },
-      })((_ctx) => async () => ({ success: true }));
-
-      await publishBatch();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      expect(span.attributes['messaging.batch.message_count']).toBe(10);
-      expect(span.attributes['messaging.kafka.partition']).toBe(0);
-    });
-  });
-
-  describe('Attribute merging', () => {
-    it('should allow custom attributes to override semantic defaults', async () => {
-      const fn = traceDB({
-        system: 'postgresql',
-        operation: 'SELECT',
-        attributes: {
-          'db.operation': 'CUSTOM_OPERATION', // Override default
-        },
-      })((_ctx) => async () => ({ rows: [] }));
-
-      await fn();
-
-      const spans = collector.getSpans();
-      const span = spans[0];
-      // Custom attribute should win
-      expect(span.attributes['db.operation']).toBe('CUSTOM_OPERATION');
-    });
-  });
-});