brakit 0.10.0 → 0.10.2

package/dist/bin/brakit.js

@@ -10,7 +10,7 @@ var __export = (target, all) => {
 };
 
 // src/constants/config.ts
-var PROJECT_HASH_LENGTH, SECRET_SCAN_ARRAY_LIMIT, PII_SCAN_ARRAY_LIMIT, MIN_SECRET_VALUE_LENGTH, FULL_RECORD_MIN_FIELDS, LIST_PII_MIN_ITEMS, MAX_OBJECT_SCAN_DEPTH, ISSUE_PRUNE_TTL_MS, OVERFETCH_UNWRAP_MIN_SIZE, STALE_ISSUE_TTL_MS, METRICS_DIR, PORT_FILE, VALID_ISSUE_STATES, VALID_AI_FIX_STATUSES, VALID_SECURITY_SEVERITIES, TELEMETRY_EVENT_CLI_INVOKED, TELEMETRY_EVENT_CLI_UNINSTALL, DETAIL_PREVIEW_LENGTH;
+var PROJECT_HASH_LENGTH, SECRET_SCAN_ARRAY_LIMIT, PII_SCAN_ARRAY_LIMIT, MIN_SECRET_VALUE_LENGTH, FULL_RECORD_MIN_FIELDS, LIST_PII_MIN_ITEMS, MAX_OBJECT_SCAN_DEPTH, ISSUE_PRUNE_TTL_MS, OVERFETCH_UNWRAP_MIN_SIZE, STALE_ISSUE_TTL_MS, METRICS_DIR, PORT_FILE, VALID_ISSUE_STATES, VALID_AI_FIX_STATUSES, VALID_SECURITY_SEVERITIES, DETAIL_PREVIEW_LENGTH;
 var init_config = __esm({
   "src/constants/config.ts"() {
     "use strict";
@@ -29,8 +29,6 @@ var init_config = __esm({
     VALID_ISSUE_STATES = /* @__PURE__ */ new Set(["open", "fixing", "resolved", "stale", "regressed"]);
     VALID_AI_FIX_STATUSES = /* @__PURE__ */ new Set(["fixed", "wont_fix"]);
     VALID_SECURITY_SEVERITIES = /* @__PURE__ */ new Set(["critical", "warning"]);
-    TELEMETRY_EVENT_CLI_INVOKED = "cli_invoked";
-    TELEMETRY_EVENT_CLI_UNINSTALL = "cli_uninstall";
     DETAIL_PREVIEW_LENGTH = 120;
   }
 });
@@ -72,8 +70,91 @@ var init_type_guards = __esm({
   }
 });
 
+// src/constants/detection.ts
+var KNOWN_DEPENDENCY_NAMES, KNOWN_DEPENDENCY_SET;
+var init_detection = __esm({
+  "src/constants/detection.ts"() {
+    "use strict";
+    KNOWN_DEPENDENCY_NAMES = [
+      // -- Frameworks (meta) --
+      "next",
+      "@remix-run/dev",
+      "nuxt",
+      "astro",
+      // -- Frameworks (backend) --
+      "@nestjs/core",
+      "@adonisjs/core",
+      "sails",
+      "express",
+      "fastify",
+      "hono",
+      "koa",
+      "@hapi/hapi",
+      "elysia",
+      "h3",
+      "nitro",
+      "@trpc/server",
+      // -- Bundlers --
+      "vite",
+      // -- ORM / query builders --
+      "prisma",
+      "@prisma/client",
+      "drizzle-orm",
+      "typeorm",
+      "sequelize",
+      "mongoose",
+      "kysely",
+      "knex",
+      "@mikro-orm/core",
+      "objection",
+      // -- DB drivers --
+      "pg",
+      "mysql2",
+      "mongodb",
+      "better-sqlite3",
+      "@libsql/client",
+      "@planetscale/database",
+      "ioredis",
+      "redis",
+      // -- Auth --
+      "lucia",
+      "next-auth",
+      "@auth/core",
+      "passport",
+      // -- Queues / messaging --
+      "bullmq",
+      "amqplib",
+      "kafkajs",
+      // -- Validation --
+      "zod",
+      "joi",
+      "yup",
+      "arktype",
+      "valibot",
+      // -- HTTP clients --
+      "axios",
+      "got",
+      "ky",
+      "undici",
+      // -- Realtime --
+      "socket.io",
+      "ws",
+      // -- CSS / styling --
+      "tailwindcss",
+      // -- Testing --
+      "vitest",
+      "jest",
+      "mocha",
+      // -- Runtime indicators --
+      "bun-types",
+      "@types/bun"
+    ];
+    KNOWN_DEPENDENCY_SET = new Set(KNOWN_DEPENDENCY_NAMES);
+  }
+});
+
 // src/constants/labels.ts
-var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS, DASHBOARD_API_FINDINGS_REPORT, DASHBOARD_API_GRAPH, VALID_TABS_TUPLE, VALID_TABS, POSTHOG_HOST, POSTHOG_CAPTURE_PATH, POSTHOG_REQUEST_TIMEOUT_MS;
+var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS, DASHBOARD_API_FINDINGS_REPORT, DASHBOARD_API_GRAPH, VALID_TABS_TUPLE, VALID_TABS;
 var init_labels = __esm({
   "src/constants/labels.ts"() {
     "use strict";
@@ -99,19 +180,12 @@ var init_labels = __esm({
     VALID_TABS_TUPLE = [
       "overview",
       "actions",
-      "requests",
-      "fetches",
-      "queries",
-      "errors",
-      "logs",
+      "insights",
       "performance",
-      "security",
-      "graph"
+      "graph",
+      "explorer"
     ];
     VALID_TABS = new Set(VALID_TABS_TUPLE);
-    POSTHOG_HOST = "https://us.i.posthog.com";
-    POSTHOG_CAPTURE_PATH = "/i/v0/e/";
-    POSTHOG_REQUEST_TIMEOUT_MS = 3e3;
   }
 });
 
@@ -140,7 +214,7 @@ var init_features = __esm({
     MAX_TIMELINE_EVENTS = 20;
     MAX_RESOLVED_DISPLAY = 5;
     ENRICHMENT_SEVERITY_FILTER = ["critical", "warning"];
-    MCP_SERVER_VERSION = "0.10.0";
+    MCP_SERVER_VERSION = "0.10.2";
     RECOVERY_WINDOW_MS = 5 * 60 * 1e3;
     PORT_MIN = 1;
     PORT_MAX = 65535;
@@ -149,13 +223,32 @@ var init_features = __esm({
   }
 });
 
+// src/constants/telemetry.ts
+var POSTHOG_HOST, POSTHOG_CAPTURE_PATH, POSTHOG_REQUEST_TIMEOUT_MS, TELEMETRY_EVENT_CLI_INVOKED, TELEMETRY_EVENT_CLI_UNINSTALL, TELEMETRY_EVENT_DASHBOARD_VIEWED, TELEMETRY_EVENT_SESSION, TELEMETRY_SDK_NAME, SPEED_BUCKET_THRESHOLDS;
+var init_telemetry = __esm({
+  "src/constants/telemetry.ts"() {
+    "use strict";
+    POSTHOG_HOST = "https://us.i.posthog.com";
+    POSTHOG_CAPTURE_PATH = "/i/v0/e/";
+    POSTHOG_REQUEST_TIMEOUT_MS = 3e3;
+    TELEMETRY_EVENT_CLI_INVOKED = "cli_invoked";
+    TELEMETRY_EVENT_CLI_UNINSTALL = "cli_uninstall";
+    TELEMETRY_EVENT_DASHBOARD_VIEWED = "dashboard_viewed";
+    TELEMETRY_EVENT_SESSION = "session";
+    TELEMETRY_SDK_NAME = "node";
+    SPEED_BUCKET_THRESHOLDS = [200, 500, 1e3, 2e3, 5e3];
+  }
+});
+
 // src/constants/index.ts
 var init_constants = __esm({
   "src/constants/index.ts"() {
     "use strict";
     init_config();
+    init_detection();
     init_labels();
     init_features();
+    init_telemetry();
   }
 });
 
@@ -366,10 +459,27 @@ async function enrichFindings(client) {
         if (reqData.requests.length > 0) {
           const req = reqData.requests[0];
           if (req.id) {
-            const activity = await client.getActivity(req.id);
-            const queryCount = activity.counts?.queries ?? 0;
-            const fetchCount = activity.counts?.fetches ?? 0;
-            return `Request took ${req.durationMs}ms. ${queryCount} DB queries, ${fetchCount} fetches.`;
+            const [activity, queries, fetches] = await Promise.all([
+              client.getActivity(req.id),
+              client.getQueries(req.id),
+              client.getFetches(req.id)
+            ]);
+            const lines = [`Request took ${req.durationMs}ms.`];
+            if (queries.entries.length > 0) {
+              lines.push(`DB Queries (${queries.entries.length}):`);
+              for (const q of queries.entries.slice(0, 5)) {
+                const sql = q.sql ?? `${q.operation ?? ""} ${q.table ?? q.model ?? ""}`;
+                lines.push(`  [${q.durationMs}ms] ${sql}`);
+              }
+              if (queries.entries.length > 5) lines.push(`  ... and ${queries.entries.length - 5} more`);
+            }
+            if (fetches.entries.length > 0) {
+              lines.push(`Fetches (${fetches.entries.length}):`);
+              for (const f of fetches.entries.slice(0, 3)) {
+                lines.push(`  [${f.durationMs}ms] ${f.method} ${f.url} \u2192 ${f.statusCode}`);
+              }
+            }
+            return lines.join("\n");
           }
         }
       } catch {
@@ -488,6 +598,9 @@ var init_get_findings = __esm({
           return { content: [{ type: "text", text: `Invalid state "${state}". Use: open, fixing, resolved, stale, regressed.` }], isError: true };
         }
         let findings = await enrichFindings(client);
+        if (!state) {
+          findings = findings.filter((f) => f.aiStatus !== "wont_fix");
+        }
         if (severity) {
           findings = findings.filter((f) => f.severity === severity);
         }
@@ -499,21 +612,25 @@ var init_get_findings = __esm({
         if (findings.length === 0) {
           return { content: [{ type: "text", text: "No findings detected. The application looks healthy." }] };
         }
-        const lines = [`Found ${findings.length} issue(s):
-`];
+        const lines = [
+          `Found ${findings.length} issue(s). Full context included below \u2014 no need to call get_request_detail separately.`,
+          `After fixing, call report_fixes ONCE with all results.
+`
+        ];
         for (const f of findings) {
           lines.push(`[${f.severity.toUpperCase()}] ${f.title}`);
           lines.push(`  ID: ${f.findingId}`);
           lines.push(`  Endpoint: ${f.endpoint}`);
           lines.push(`  Issue: ${f.description}`);
-          if (f.context) lines.push(`  Context: ${f.context}`);
+          if (f.context) {
+            for (const ctxLine of f.context.split("\n")) {
+              lines.push(`  ${ctxLine}`);
+            }
+          }
           lines.push(`  Fix: ${f.hint}`);
           if (f.aiStatus === "fixed") {
             lines.push(`  AI Status: fixed (awaiting verification)`);
             if (f.aiNotes) lines.push(`  AI Notes: ${f.aiNotes}`);
-          } else if (f.aiStatus === "wont_fix") {
-            lines.push(`  AI Status: won't fix`);
-            if (f.aiNotes) lines.push(`  AI Notes: ${f.aiNotes}`);
           }
           lines.push("");
         }
@@ -901,6 +1018,69 @@ var init_report_fix = __esm({
   }
 });
 
+// src/mcp/tools/report-fixes.ts
+var reportFixes;
+var init_report_fixes = __esm({
+  "src/mcp/tools/report-fixes.ts"() {
+    "use strict";
+    init_type_guards();
+    reportFixes = {
+      name: "report_fixes",
+      description: "Report results for multiple findings in a single call. Use this instead of calling report_fix repeatedly \u2014 it's faster and requires only one confirmation. Pass a JSON array string where each item has finding_id, status ('fixed' or 'wont_fix'), and summary.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          fixes: {
+            type: "string",
+            description: 'JSON array of fix reports. Example: [{"finding_id":"abc123","status":"fixed","summary":"Added input validation"}]'
+          }
+        },
+        required: ["fixes"]
+      },
+      async handler(client, args) {
+        let fixes;
+        try {
+          const raw = typeof args.fixes === "string" ? JSON.parse(args.fixes) : args.fixes;
+          if (!Array.isArray(raw) || raw.length === 0) {
+            return { content: [{ type: "text", text: "fixes must be a non-empty JSON array." }], isError: true };
+          }
+          fixes = raw.filter(
+            (item) => typeof item === "object" && item !== null && typeof item.finding_id === "string" && typeof item.status === "string" && typeof item.summary === "string"
+          );
+          if (fixes.length === 0) {
+            return { content: [{ type: "text", text: "No valid fix entries found. Each entry needs finding_id, status, and summary." }], isError: true };
+          }
+        } catch {
+          return { content: [{ type: "text", text: "fixes must be valid JSON." }], isError: true };
+        }
+        const results = [];
+        let errors = 0;
+        for (const fix of fixes) {
+          if (!fix.finding_id || !isValidAiFixStatus(fix.status) || !fix.summary) {
+            results.push(`\u2717 Invalid entry: ${fix.finding_id || "missing ID"}`);
+            errors++;
+            continue;
+          }
+          const ok = await client.reportFix(fix.finding_id, fix.status, fix.summary);
+          if (ok) {
+            const label = fix.status === "fixed" ? "fixed" : "won't fix";
+            results.push(`\u2713 ${fix.finding_id} \u2192 ${label}`);
+          } else {
+            results.push(`\u2717 ${fix.finding_id} \u2192 not found`);
+            errors++;
+          }
+        }
+        const errorSuffix = errors > 0 ? ` (${errors} error${errors !== 1 ? "s" : ""})` : "";
+        const summary = `Processed ${fixes.length} finding(s)${errorSuffix}. Dashboard updated.`;
+        return {
+          content: [{ type: "text", text: summary + "\n\n" + results.join("\n") }],
+          ...errors > 0 ? { isError: true } : {}
+        };
+      }
+    };
+  }
+});
+
 // src/mcp/tools/index.ts
 function getToolDefinitions() {
   return [...TOOL_MAP.values()].map((t) => ({
@@ -930,8 +1110,9 @@ var init_tools = __esm({
     init_get_report();
     init_clear_findings();
     init_report_fix();
+    init_report_fixes();
     TOOL_MAP = new Map(
-      [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings, reportFix].map((t) => [t.name, t])
+      [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings, reportFix, reportFixes].map((t) => [t.name, t])
     );
   }
 });
@@ -941,7 +1122,7 @@ var SERVER_INSTRUCTIONS, PROMPTS, PROMPT_MESSAGES;
 var init_prompts = __esm({
   "src/mcp/prompts.ts"() {
     "use strict";
-    SERVER_INSTRUCTIONS = "Brakit is a dev tool that monitors your running app for security vulnerabilities, performance issues, and query problems. IMPORTANT: After fixing any brakit finding, always call the report_fix tool with the finding_id, status ('fixed' or 'wont_fix'), and a brief summary of what you did. This updates the dashboard in real-time so the developer can track AI-driven fixes.";
+    SERVER_INSTRUCTIONS = "Brakit is a dev tool that monitors your running app for security vulnerabilities, performance issues, and query problems. IMPORTANT: After fixing brakit findings, call report_fixes (batch) with all results at once instead of calling report_fix individually. This is faster and requires only one confirmation.";
     PROMPTS = [
       {
         name: "check-app",
@@ -953,8 +1134,8 @@ var init_prompts = __esm({
       }
     ];
     PROMPT_MESSAGES = {
-      "check-app": "Check my running app for security and performance issues using brakit. First get all findings, then get the endpoint summary. For any critical or warning findings, get the request detail to understand the root cause. Give me a clear report of what's wrong and offer to fix each issue. After fixing any issue, call report_fix with the finding_id, status, and summary.",
-      "fix-findings": "Get all open brakit findings. For each finding:\n1. Get the request detail to understand the exact issue\n2. Find the source code responsible and fix it\n3. Call report_fix with the finding_id, status ('fixed' or 'wont_fix'), and a brief summary of what you did\n4. Move to the next finding\n\nAfter all findings are processed, ask me to re-trigger the endpoints so brakit can verify the fixes."
+      "check-app": "Check my running app for security and performance issues using brakit. First get all findings, then get the endpoint summary. For any critical or warning findings, get the request detail to understand the root cause. Give me a clear report of what's wrong and offer to fix each issue. After fixing issues, call report_fixes once with all results.",
+      "fix-findings": "Get all open brakit findings. For each finding:\n1. Get the request detail to understand the exact issue\n2. Find the source code responsible and fix it\n3. Track the finding_id, status ('fixed' or 'wont_fix'), and a brief summary\n\nAfter processing ALL findings, call report_fixes ONCE with the full array of results. Do not call report_fix individually for each finding.\n\nAfter reporting, ask me to re-trigger the endpoints so brakit can verify the fixes."
     };
   }
 });
@@ -1122,12 +1303,24 @@ import { createHash as createHash2 } from "crypto";
 import { readFile as readFile3, readdir } from "fs/promises";
 import { existsSync as existsSync4 } from "fs";
 import { join as join2, relative } from "path";
+init_detection();
 var FRAMEWORKS = [
+  // Meta-frameworks first (they bundle Express/Vite internally)
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
   { name: "nuxt", dep: "nuxt", devCmd: "nuxt dev", bin: "nuxt", defaultPort: 3e3, devArgs: ["dev", "--port"] },
-  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] },
-  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] }
+  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] },
+  { name: "nestjs", dep: "@nestjs/core", devCmd: "nest start", bin: "nest", defaultPort: 3e3, devArgs: ["--watch"] },
+  { name: "adonis", dep: "@adonisjs/core", devCmd: "node ace serve", bin: "ace", defaultPort: 3333, devArgs: ["serve", "--watch"] },
+  { name: "sails", dep: "sails", devCmd: "sails lift", bin: "sails", defaultPort: 1337, devArgs: ["lift"] },
+  // Server frameworks
+  { name: "hono", dep: "hono", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "fastify", dep: "fastify", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "koa", dep: "koa", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "hapi", dep: "@hapi/hapi", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "express", dep: "express", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  // Bundlers (last — likely used alongside a framework above)
+  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] }
 ];
 async function detectProject(rootDir) {
   const pkgPath = join2(rootDir, "package.json");
@@ -1139,23 +1332,22 @@ async function detectProject(rootDir) {
   const devCommand = matched?.devCmd ?? "";
   const devBin = matched ? join2(rootDir, "node_modules", ".bin", matched.bin) : "";
   const defaultPort = matched?.defaultPort ?? 3e3;
-  const packageManager = await detectPackageManager(rootDir);
+  const packageManager = detectPackageManager(rootDir);
   return { framework, devCommand, devBin, defaultPort, packageManager };
 }
-async function detectPackageManager(rootDir) {
-  if (await fileExists(join2(rootDir, "bun.lockb"))) return "bun";
-  if (await fileExists(join2(rootDir, "bun.lock"))) return "bun";
-  if (await fileExists(join2(rootDir, "pnpm-lock.yaml"))) return "pnpm";
-  if (await fileExists(join2(rootDir, "yarn.lock"))) return "yarn";
-  if (await fileExists(join2(rootDir, "package-lock.json"))) return "npm";
-  return "unknown";
-}
 function detectFrameworkFromDeps(allDeps) {
   for (const f of FRAMEWORKS) {
     if (allDeps[f.dep]) return f.name;
   }
   return "unknown";
 }
+function detectPackageManager(rootDir) {
+  if (existsSync4(join2(rootDir, "bun.lockb")) || existsSync4(join2(rootDir, "bun.lock"))) return "bun";
+  if (existsSync4(join2(rootDir, "pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync4(join2(rootDir, "yarn.lock"))) return "yarn";
+  if (existsSync4(join2(rootDir, "package-lock.json"))) return "npm";
+  return "unknown";
+}
 var PYTHON_ENTRY_CANDIDATES = [
   "app.py",
   "main.py",
@@ -1910,7 +2102,7 @@ init_constants();
 init_endpoint();
 
 // src/index.ts
-var VERSION = "0.10.0";
+var VERSION = "0.10.2";
 
 // src/cli/commands/install.ts
 init_constants();
@@ -2251,10 +2443,6 @@ init_constants();
 init_log();
 init_type_guards();
 
-// src/telemetry/index.ts
-import { platform as platform2, release, arch } from "os";
-import { spawn } from "child_process";
-
 // src/telemetry/config.ts
 init_features();
 import { homedir as homedir2, platform } from "os";
@@ -2264,10 +2452,14 @@ import { randomUUID as randomUUID2 } from "crypto";
 var IS_WINDOWS = platform() === "win32";
 var CONFIG_DIR = join4(homedir2(), ".brakit");
 var CONFIG_PATH = join4(CONFIG_DIR, "config.json");
+function isValidTelemetryConfig(value) {
+  return typeof value === "object" && value !== null && typeof value.telemetry === "boolean" && typeof value.anonymousId === "string" && value.anonymousId.length > 0;
+}
 function readConfig() {
   try {
     if (!existsSync6(CONFIG_PATH)) return null;
-    return JSON.parse(readFileSync4(CONFIG_PATH, "utf-8"));
+    const parsed = JSON.parse(readFileSync4(CONFIG_PATH, "utf-8"));
+    return isValidTelemetryConfig(parsed) ? parsed : null;
   } catch {
     return null;
   }
@@ -2290,9 +2482,7 @@ function writeConfig(config) {
 }
 function getOrCreateConfig() {
   const existing = readConfig();
-  if (existing && typeof existing.telemetry === "boolean" && existing.anonymousId) {
-    return existing;
-  }
+  if (existing) return existing;
   const config = { telemetry: true, anonymousId: randomUUID2() };
   writeConfig(config);
   return config;
@@ -2302,16 +2492,19 @@ function isTelemetryEnabled() {
   if (cachedEnabled !== null) return cachedEnabled;
   const env = process.env.BRAKIT_TELEMETRY;
   if (env !== void 0) {
-    cachedEnabled = env !== "false" && env !== "0" && env !== "off";
+    const normalized = env.toLowerCase().trim();
+    cachedEnabled = normalized !== "false" && normalized !== "0" && normalized !== "off";
     return cachedEnabled;
   }
   cachedEnabled = readConfig()?.telemetry ?? true;
   return cachedEnabled;
 }
 
-// src/telemetry/index.ts
-init_labels();
-init_config();
+// src/telemetry/transport.ts
+import { platform as platform2, release, arch } from "os";
+import { spawn } from "child_process";
+init_telemetry();
+init_log();
 var POSTHOG_KEY = "phc_E9TwydCGnSfPLIUhNxChpeg32TSowjk31KiPhnLPP0x";
 function commonProperties() {
   return {
@@ -2325,7 +2518,7 @@ function commonProperties() {
   };
 }
 function sendToPosthog(event, properties) {
-  if (!isTelemetryEnabled()) return;
+  if (!isTelemetryEnabled() || !POSTHOG_KEY) return;
   const config = getOrCreateConfig();
   const payload = {
     api_key: POSTHOG_KEY,
@@ -2335,26 +2528,198 @@ function sendToPosthog(event, properties) {
     properties: { ...commonProperties(), ...properties }
   };
   try {
-    const body = JSON.stringify(payload);
+    const serializedPayload = JSON.stringify(payload);
     const url = `${POSTHOG_HOST}${POSTHOG_CAPTURE_PATH}`;
     const child = spawn(
       process.execPath,
       [
         "-e",
-        `fetch(${JSON.stringify(url)},{method:"POST",headers:{"content-type":"application/json"},body:${JSON.stringify(body)},signal:AbortSignal.timeout(${POSTHOG_REQUEST_TIMEOUT_MS})}).catch(()=>{})`
+        `fetch(${JSON.stringify(url)},{method:"POST",headers:{"content-type":"application/json"},body:${JSON.stringify(serializedPayload)},signal:AbortSignal.timeout(${POSTHOG_REQUEST_TIMEOUT_MS})}).catch(()=>{})`
       ],
       { detached: true, stdio: "ignore" }
     );
     child.unref();
-  } catch {
+  } catch (err) {
+    brakitDebug(`telemetry send failed: ${err}`);
   }
 }
 function trackEvent(event, properties) {
-  sendToPosthog(event, { sdk: "node", ...properties });
+  sendToPosthog(event, { sdk: TELEMETRY_SDK_NAME, ...properties });
+}
+
+// src/telemetry/session.ts
+init_telemetry();
+var defaultTransport = { send: sendToPosthog, track: trackEvent };
+var Session = class {
+  constructor(transport = defaultTransport) {
+    // ── Setup phase ──
+    this.startTime = 0;
+    this.framework = "unknown";
+    this.packageManager = "";
+    this.isCustomCommand = false;
+    this.adapters = [];
+    this.setupDurationMs = 0;
+    this.setupSucceeded = false;
+    // ── Detection ──
+    this.detectedDependencies = [];
+    this.adaptersFailed = [];
+    this.configFilesDetected = [];
+    this.jsRuntime = "node";
+    this.loadedPackages = [];
+    // ── Python SDK ──
+    this.pythonConnected = false;
+    this.pythonFramework = "unknown";
+    this.pythonAdapters = [];
+    this.pythonVersion = "";
+    // ── Runtime accumulation ──
+    this.requestCount = 0;
+    this.insightTypes = /* @__PURE__ */ new Set();
+    this.rulesTriggered = /* @__PURE__ */ new Set();
+    this.tabsViewed = /* @__PURE__ */ new Set();
+    this.dashboardOpened = false;
+    this.explainUsed = false;
+    this.firstRequestAt = 0;
+    this.dashboardOpenedAt = 0;
+    this.exitReason = "unknown";
+    this.transport = transport;
+  }
+  // ── Setup phase ──
+  init(framework, packageManager, isCustomCommand, adapters) {
+    getOrCreateConfig();
+    this.startTime = Date.now();
+    this.framework = framework;
+    this.packageManager = packageManager;
+    this.isCustomCommand = isCustomCommand;
+    this.adapters = adapters;
+  }
+  recordSetup(detection, durationMs) {
+    this.detectedDependencies = detection.detectedDependencies;
+    this.adaptersFailed = detection.adaptersFailed;
+    this.configFilesDetected = detection.configFilesDetected;
+    this.jsRuntime = detection.jsRuntime;
+    this.setupDurationMs = durationMs;
+    this.setupSucceeded = true;
+  }
+  // ── Runtime events ──
+  recordFirstRequest(loadedPackages) {
+    if (!this.firstRequestAt) this.firstRequestAt = Date.now();
+    this.loadedPackages = loadedPackages;
+  }
+  recordPythonStack(info) {
+    this.pythonConnected = true;
+    this.pythonFramework = info.framework;
+    this.pythonAdapters = info.adapters;
+    this.pythonVersion = info.pythonVersion;
+  }
+  recordDashboardOpened() {
+    if (this.dashboardOpened) return;
+    this.dashboardOpened = true;
+    this.dashboardOpenedAt = Date.now();
+    this.transport.track(TELEMETRY_EVENT_DASHBOARD_VIEWED, {
+      time_to_dashboard_ms: this.startTime > 0 ? Date.now() - this.startTime : null,
+      request_count_at_open: this.requestCount
+    });
+  }
+  recordTabViewed(tab) {
+    this.tabsViewed.add(tab);
+  }
+  recordExplainUsed() {
+    this.explainUsed = true;
+  }
+  recordExitReason(reason) {
+    if (this.exitReason === "unknown") this.exitReason = reason;
+  }
+  // ── Pre-flush snapshot from services ──
+  recordCounts(requestCount, insightTypes, rulesTriggered) {
+    this.requestCount = requestCount;
+    for (const t of insightTypes) this.insightTypes.add(t);
+    for (const r of rulesTriggered) this.rulesTriggered.add(r);
+  }
+  // ── Serialization ──
+  /** Build the full PostHog session payload. Single source of truth for all fields. */
+  toPostHogPayload(services) {
+    const metricsStore = services.metricsStore;
+    const analysisEngine = services.analysisEngine;
+    const live = metricsStore.getLiveEndpoints();
+    const insights = analysisEngine.getInsights();
+    const findings = analysisEngine.getFindings();
+    let totalRequests = 0;
+    let totalDuration = 0;
+    let slowestP95 = 0;
+    for (const ep of live) {
+      totalRequests += ep.summary.totalRequests;
+      totalDuration += ep.summary.p95Ms * ep.summary.totalRequests;
+      if (ep.summary.p95Ms > slowestP95) slowestP95 = ep.summary.p95Ms;
+    }
+    const now = Date.now();
+    return {
+      sdk: TELEMETRY_SDK_NAME,
+      // Stack detection
+      framework: this.framework,
+      package_manager: this.packageManager,
+      js_runtime: this.jsRuntime,
+      framework_detection_candidates: this.detectedDependencies,
+      config_files_detected: this.configFilesDetected,
+      loaded_packages: this.loadedPackages,
+      loaded_package_count: this.loadedPackages.length,
+      adapters_detected: this.adapters,
+      adapters_failed: this.adaptersFailed,
+      // Python SDK
+      python_connected: this.pythonConnected,
+      python_framework: this.pythonFramework,
+      python_adapters: this.pythonAdapters,
+      python_version: this.pythonVersion,
+      // Session metadata
+      is_custom_command: this.isCustomCommand,
+      first_session: readConfig() === null,
+      setup_succeeded: this.setupSucceeded,
+      setup_duration_ms: this.setupDurationMs,
+      session_duration_s: Math.ceil((now - this.startTime) / 1e3),
+      session_duration_ms: now - this.startTime,
+      exit_reason: this.exitReason,
+      // Usage
+      request_count: this.requestCount,
+      error_count: services.errorStore.getAll().length,
+      query_count: services.queryStore.getAll().length,
+      fetch_count: services.fetchStore.getAll().length,
+      endpoint_count: live.length,
+      avg_duration_ms: totalRequests > 0 ? Math.round(totalDuration / totalRequests) : 0,
+      slowest_endpoint_bucket: speedBucket(slowestP95),
+      // Analysis
+      insight_count: insights.length,
+      finding_count: findings.length,
+      insight_types: [...this.insightTypes],
+      rules_triggered: [...this.rulesTriggered],
+      // Dashboard engagement
+      tabs_viewed: [...this.tabsViewed],
+      dashboard_opened: this.dashboardOpened,
+      explain_used: this.explainUsed,
+      // Timing
+      time_to_first_request_ms: this.firstRequestAt ? this.firstRequestAt - this.startTime : null,
+      time_to_dashboard_ms: this.dashboardOpenedAt ? this.dashboardOpenedAt - this.startTime : null
+    };
+  }
+  flush(services) {
+    this.transport.send(TELEMETRY_EVENT_SESSION, this.toPostHogPayload(services));
+    getOrCreateConfig();
+  }
+};
+function speedBucket(ms) {
+  if (ms === 0) return "none";
+  const t = SPEED_BUCKET_THRESHOLDS;
+  if (ms < t[0]) return `<${t[0]}ms`;
+  for (let i = 1; i < t.length; i++) {
+    if (ms < t[i]) return `${t[i - 1]}-${t[i]}ms`;
+  }
+  return `>${t[t.length - 1]}ms`;
 }
 
+// src/telemetry/index.ts
+init_telemetry();
+var session = new Session();
+
 // src/cli/commands/uninstall.ts
-init_config();
+init_telemetry();
 var PREPENDED_FILES = [
   "app/entry.server.tsx",
   "app/entry.server.ts",
@@ -2613,7 +2978,7 @@ async function clearBuildCaches(rootDir) {
 }
 
 // bin/brakit.ts
-init_config();
+init_telemetry();
 var sub = process.argv[2];
 var command = sub === "uninstall" ? "uninstall" : sub === "mcp" ? "mcp" : "install";
 var cwd = process.cwd();