brakit 0.6.0

package/dist/index.js

@@ -0,0 +1,1603 @@
+// src/proxy/server.ts
+import { createServer } from "http";
+
+// src/proxy/handler.ts
+import {
+  request as httpRequest
+} from "http";
+import { randomUUID } from "crypto";
+
+// src/constants/routes.ts
+var DASHBOARD_PREFIX = "/__brakit";
+
+// src/constants/limits.ts
+var MAX_REQUEST_ENTRIES = 1e3;
+var MAX_TELEMETRY_ENTRIES = 1e3;
+
+// src/constants/thresholds.ts
+var FLOW_GAP_MS = 5e3;
+var SLOW_REQUEST_THRESHOLD_MS = 2e3;
+var MIN_POLLING_SEQUENCE = 3;
+var ENDPOINT_TRUNCATE_LENGTH = 12;
+var N1_QUERY_THRESHOLD = 5;
+var ERROR_RATE_THRESHOLD_PCT = 20;
+var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
+var MIN_REQUESTS_FOR_INSIGHT = 2;
+var HIGH_QUERY_COUNT_PER_REQ = 5;
+var AUTH_OVERHEAD_PCT = 30;
+var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
+var CROSS_ENDPOINT_PCT = 50;
+var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
+var REDUNDANT_QUERY_MIN_COUNT = 2;
+var LARGE_RESPONSE_BYTES = 51200;
+var HIGH_ROW_COUNT = 100;
+var OVERFETCH_MIN_REQUESTS = 2;
+
+// src/constants/headers.ts
+var BRAKIT_REQUEST_ID_HEADER = "x-brakit-request-id";
+
+// src/proxy/static-patterns.ts
+var STATIC_PATTERNS = [
+  /^\/_next\//,
+  /\.(?:js|css|map|ico|png|jpg|jpeg|gif|svg|webp|woff2?|ttf|eot)$/,
+  /^\/favicon/,
+  /^\/__nextjs/
+];
+function isStaticPath(urlPath) {
+  return STATIC_PATTERNS.some((p) => p.test(urlPath));
+}
+
+// src/store/request-store.ts
+function flattenHeaders(headers) {
+  const flat = {};
+  for (const [key, value] of Object.entries(headers)) {
+    if (value === void 0) continue;
+    flat[key] = Array.isArray(value) ? value.join(", ") : value;
+  }
+  return flat;
+}
+var RequestStore = class {
+  constructor(maxEntries = MAX_REQUEST_ENTRIES) {
+    this.maxEntries = maxEntries;
+  }
+  requests = [];
+  listeners = [];
+  capture(input) {
+    const url = input.url;
+    const path = url.split("?")[0];
+    let requestBodyStr = null;
+    if (input.requestBody && input.requestBody.length > 0) {
+      requestBodyStr = input.requestBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
+    }
+    let responseBodyStr = null;
+    if (input.responseBody && input.responseBody.length > 0) {
+      const ct = input.responseContentType;
+      if (ct.includes("json") || ct.includes("text") || ct.includes("html")) {
+        responseBodyStr = input.responseBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
+      }
+    }
+    const entry = {
+      id: input.requestId,
+      method: input.method,
+      url,
+      path,
+      headers: flattenHeaders(input.requestHeaders),
+      requestBody: requestBodyStr,
+      statusCode: input.statusCode,
+      responseHeaders: flattenHeaders(input.responseHeaders),
+      responseBody: responseBodyStr,
+      startedAt: input.startTime,
+      durationMs: Math.round(performance.now() - input.startTime),
+      responseSize: input.responseBody?.length ?? 0,
+      isStatic: isStaticPath(path)
+    };
+    this.requests.push(entry);
+    if (this.requests.length > this.maxEntries) {
+      this.requests.shift();
+    }
+    for (const fn of this.listeners) {
+      fn(entry);
+    }
+    return entry;
+  }
+  getAll() {
+    return this.requests;
+  }
+  clear() {
+    this.requests.length = 0;
+  }
+  onRequest(fn) {
+    this.listeners.push(fn);
+  }
+  offRequest(fn) {
+    const idx = this.listeners.indexOf(fn);
+    if (idx !== -1) this.listeners.splice(idx, 1);
+  }
+};
+
+// src/proxy/request-log.ts
+var defaultStore = new RequestStore();
+var captureRequest = (input) => defaultStore.capture(input);
+var getRequests = () => defaultStore.getAll();
+var onRequest = (fn) => defaultStore.onRequest(fn);
+var offRequest = (fn) => defaultStore.offRequest(fn);
+
+// src/proxy/handler.ts
+function proxyRequest(clientReq, clientRes, config) {
+  const startTime = performance.now();
+  const method = clientReq.method ?? "GET";
+  const requestId = randomUUID();
+  const shouldCaptureBody = method !== "GET" && method !== "HEAD";
+  const bodyChunks = [];
+  let bodySize = 0;
+  if (shouldCaptureBody) {
+    clientReq.on("data", (chunk) => {
+      if (bodySize < config.maxBodyCapture) {
+        bodyChunks.push(chunk);
+        bodySize += chunk.length;
+      }
+    });
+  }
+  const proxyHeaders = { ...clientReq.headers };
+  proxyHeaders["accept-encoding"] = "identity";
+  proxyHeaders[BRAKIT_REQUEST_ID_HEADER] = requestId;
+  const proxyReq = httpRequest(
+    {
+      hostname: "127.0.0.1",
+      port: config.targetPort,
+      path: clientReq.url,
+      method,
+      headers: proxyHeaders
+    },
+    (proxyRes) => {
+      handleProxyResponse(
+        clientReq,
+        clientRes,
+        proxyRes,
+        startTime,
+        shouldCaptureBody ? bodyChunks : [],
+        config,
+        requestId
+      );
+    }
+  );
+  proxyReq.on("error", (err) => {
+    if (clientRes.headersSent) return;
+    const code = err.code;
+    if (code === "ECONNREFUSED" || code === "ECONNRESET") {
+      clientRes.writeHead(502, { "content-type": "text/html" });
+      clientRes.end(
+        `<html><body style="font-family:system-ui;padding:40px;text-align:center"><h2>brakit</h2><p>Waiting for dev server on port ${config.targetPort}...</p><script>setTimeout(()=>location.reload(),2000)</script></body></html>`
+      );
+    } else {
+      clientRes.writeHead(502, { "content-type": "text/plain" });
+      clientRes.end(`brakit proxy error: ${err.message}
+`);
+    }
+  });
+  clientReq.pipe(proxyReq);
+}
+function handleProxyResponse(clientReq, clientRes, proxyRes, startTime, bodyChunks, config, requestId) {
+  const responseChunks = [];
+  let responseSize = 0;
+  clientRes.writeHead(proxyRes.statusCode ?? 502, proxyRes.headers);
+  proxyRes.on("data", (chunk) => {
+    clientRes.write(chunk);
+    if (responseSize < config.maxBodyCapture) {
+      responseChunks.push(chunk);
+      responseSize += chunk.length;
+    }
+  });
+  proxyRes.on("end", () => {
+    clientRes.end();
+    const requestBody = bodyChunks.length > 0 ? Buffer.concat(bodyChunks) : null;
+    const responseBody = responseChunks.length > 0 ? Buffer.concat(responseChunks) : null;
+    captureRequest({
+      requestId,
+      method: clientReq.method ?? "GET",
+      url: clientReq.url ?? "/",
+      requestHeaders: clientReq.headers,
+      requestBody,
+      statusCode: proxyRes.statusCode ?? 0,
+      responseHeaders: proxyRes.headers,
+      responseBody,
+      responseContentType: proxyRes.headers["content-type"] ?? "",
+      startTime,
+      config
+    });
+  });
+  proxyRes.on("error", () => {
+    clientRes.end();
+  });
+}
+
+// src/proxy/websocket.ts
+import {
+  request as httpRequest2
+} from "http";
+function handleUpgrade(req, clientSocket, head, targetPort) {
+  const targetReq = httpRequest2({
+    hostname: "127.0.0.1",
+    port: targetPort,
+    path: req.url,
+    method: req.method,
+    headers: req.headers
+  });
+  targetReq.on("upgrade", (_targetRes, targetSocket, targetHead) => {
+    const statusLine = `HTTP/1.1 101 Switching Protocols`;
+    const headerLines = [statusLine];
+    if (_targetRes.headers) {
+      for (const [key, value] of Object.entries(_targetRes.headers)) {
+        if (value === void 0) continue;
+        const vals = Array.isArray(value) ? value : [value];
+        for (const v of vals) {
+          headerLines.push(`${key}: ${v}`);
+        }
+      }
+    }
+    headerLines.push("", "");
+    clientSocket.write(headerLines.join("\r\n"));
+    if (targetHead.length > 0) {
+      clientSocket.write(targetHead);
+    }
+    targetSocket.pipe(clientSocket);
+    clientSocket.pipe(targetSocket);
+    targetSocket.on("error", () => clientSocket.destroy());
+    clientSocket.on("error", () => targetSocket.destroy());
+  });
+  targetReq.on("error", () => {
+    clientSocket.destroy();
+  });
+  targetReq.write(head);
+  targetReq.end();
+}
+
+// src/analysis/group.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/analysis/categorize.ts
+function detectCategory(req) {
+  const { method, url, statusCode, responseHeaders } = req;
+  if (req.isStatic) return "static";
+  if (statusCode === 307 && (url.includes("__clerk_handshake") || url.includes("__clerk_db_jwt"))) {
+    return "auth-handshake";
+  }
+  const effectivePath = getEffectivePath(req);
+  if (/^\/api\/auth/i.test(effectivePath) || /^\/(api\/)?clerk/i.test(effectivePath)) {
+    return "auth-check";
+  }
+  if (method === "POST" && !effectivePath.startsWith("/api/")) {
+    return "server-action";
+  }
+  if (effectivePath.startsWith("/api/") && method !== "GET" && method !== "HEAD") {
+    return "api-call";
+  }
+  if (effectivePath.startsWith("/api/") && method === "GET") {
+    return "data-fetch";
+  }
+  if (url.includes("_rsc=")) {
+    return "navigation";
+  }
+  if (responseHeaders["x-middleware-rewrite"]) {
+    return "middleware";
+  }
+  if (method === "GET") {
+    const ct = responseHeaders["content-type"] ?? "";
+    if (ct.includes("text/html")) return "page-load";
+  }
+  return "unknown";
+}
+function getEffectivePath(req) {
+  const rewrite = req.responseHeaders["x-middleware-rewrite"];
+  if (!rewrite) return req.path;
+  try {
+    const url = new URL(rewrite, "http://localhost");
+    return url.pathname;
+  } catch {
+    return rewrite.startsWith("/") ? rewrite : req.path;
+  }
+}
+
+// src/analysis/label.ts
+function extractSourcePage(req) {
+  const referer = req.headers["referer"] ?? req.headers["Referer"];
+  if (!referer) return void 0;
+  try {
+    const url = new URL(referer);
+    return url.pathname;
+  } catch {
+    return void 0;
+  }
+}
+function labelRequest(req) {
+  const category = detectCategory(req);
+  const label = generateHumanLabel(req, category);
+  const sourcePage = extractSourcePage(req);
+  return { ...req, category, label, sourcePage };
+}
+function generateHumanLabel(req, category) {
+  const effectivePath = getEffectivePath(req);
+  const endpointName = getEndpointName(effectivePath);
+  const failed = req.statusCode >= 400;
+  switch (category) {
+    case "auth-handshake":
+      return "Auth handshake";
+    case "auth-check":
+      return failed ? "Auth check failed" : "Checked auth";
+    case "middleware": {
+      const rewritePath = effectivePath !== req.path ? effectivePath : "";
+      return rewritePath ? `Redirected to ${rewritePath}` : "Middleware";
+    }
+    case "server-action": {
+      const name = prettifyEndpoint(req.path);
+      return failed ? `${name} failed` : name;
+    }
+    case "api-call": {
+      const action = deriveActionVerb(req.method, endpointName);
+      const name = prettifyEndpoint(endpointName);
+      if (failed) return `${action} ${name} failed`;
+      return `${action} ${name}`;
+    }
+    case "data-fetch": {
+      const name = prettifyEndpoint(endpointName);
+      if (failed) return `Failed to load ${name}`;
+      return `Loaded ${name}`;
+    }
+    case "page-load":
+      return failed ? "Page error" : "Loaded page";
+    case "navigation":
+      return "Navigated";
+    case "static":
+      return `Static: ${req.path.split("/").pop() ?? req.path}`;
+    default:
+      return failed ? `${req.method} ${req.path} failed` : `${req.method} ${req.path}`;
+  }
+}
+function prettifyEndpoint(name) {
+  const cleaned = name.replace(/^\/api\//, "").replace(/\//g, " ").replace(/\.\.\./g, "").trim();
+  if (!cleaned) return "data";
+  return cleaned.split(" ").map((word) => {
+    if (word.endsWith("ses") || word.endsWith("us") || word.endsWith("ss"))
+      return word;
+    if (word.endsWith("ies")) return word.slice(0, -3) + "y";
+    if (word.endsWith("s") && word.length > 3) return word.slice(0, -1);
+    return word;
+  }).join(" ");
+}
+function deriveActionVerb(method, endpointName) {
+  const lower = endpointName.toLowerCase();
+  const VERB_PATTERNS = [
+    [/enhance/, "Enhanced"],
+    [/generate/, "Generated"],
+    [/create/, "Created"],
+    [/update/, "Updated"],
+    [/delete|remove/, "Deleted"],
+    [/send/, "Sent"],
+    [/upload/, "Uploaded"],
+    [/save/, "Saved"],
+    [/submit/, "Submitted"],
+    [/login|signin/, "Logged in"],
+    [/logout|signout/, "Logged out"],
+    [/register|signup/, "Registered"]
+  ];
+  for (const [pattern, verb] of VERB_PATTERNS) {
+    if (pattern.test(lower)) return verb;
+  }
+  switch (method) {
+    case "POST":
+      return "Created";
+    case "PUT":
+    case "PATCH":
+      return "Updated";
+    case "DELETE":
+      return "Deleted";
+    default:
+      return "Called";
+  }
+}
+function getEndpointName(path) {
+  const parts = path.replace(/^\/api\//, "").split("/");
+  if (parts.length <= 2) return parts.join("/");
+  return parts.map((p) => p.length > ENDPOINT_TRUNCATE_LENGTH ? "..." : p).join("/");
+}
+function prettifyPageName(path) {
+  const clean = path.replace(/^\//, "").replace(/\/$/, "");
+  if (!clean) return "Home";
+  return clean.split("/").map((s) => capitalize(s.replace(/[-_]/g, " "))).join(" ");
+}
+function capitalize(s) {
+  return s.charAt(0).toUpperCase() + s.slice(1);
+}
+
+// src/analysis/transforms.ts
+function markDuplicates(requests) {
+  const counts = /* @__PURE__ */ new Map();
+  for (const req of requests) {
+    if (req.category !== "data-fetch" && req.category !== "auth-check")
+      continue;
+    const key = `${req.method} ${getEffectivePath(req).split("?")[0]}`;
+    counts.set(key, (counts.get(key) ?? 0) + 1);
+  }
+  const isStrictMode = counts.size > 0 && [...counts.values()].every((c) => c === 2);
+  const seen = /* @__PURE__ */ new Set();
+  for (const req of requests) {
+    if (req.category !== "data-fetch" && req.category !== "auth-check")
+      continue;
+    const key = `${req.method} ${getEffectivePath(req).split("?")[0]}`;
+    if (seen.has(key)) {
+      if (isStrictMode) {
+        req.isStrictModeDupe = true;
+      } else {
+        req.isDuplicate = true;
+      }
+    } else {
+      seen.add(key);
+    }
+  }
+}
+function collapsePolling(requests) {
+  const result = [];
+  let i = 0;
+  while (i < requests.length) {
+    const current = requests[i];
+    const currentEffective = getEffectivePath(current).split("?")[0];
+    if (current.method === "GET" && current.category === "data-fetch") {
+      let j = i + 1;
+      while (j < requests.length && requests[j].method === "GET" && getEffectivePath(requests[j]).split("?")[0] === currentEffective) {
+        j++;
+      }
+      const count = j - i;
+      if (count >= MIN_POLLING_SEQUENCE) {
+        const last = requests[j - 1];
+        const pollingDuration = last.startedAt + last.durationMs - current.startedAt;
+        const endpointName = prettifyEndpoint(currentEffective);
+        result.push({
+          ...current,
+          category: "polling",
+          label: `Polling ${endpointName} (${count}x, ${formatDurationLabel(pollingDuration)})`,
+          pollingCount: count,
+          pollingDurationMs: pollingDuration,
+          isDuplicate: false
+        });
+        i = j;
+        continue;
+      }
+    }
+    result.push(current);
+    i++;
+  }
+  return result;
+}
+function formatDurationLabel(ms) {
+  if (ms < 1e3) return `${ms}ms`;
+  return `${(ms / 1e3).toFixed(1)}s`;
+}
+function detectWarnings(requests) {
+  const warnings = [];
+  const duplicateCount = requests.filter((r) => r.isDuplicate).length;
+  if (duplicateCount > 0) {
+    const unique = new Set(
+      requests.filter((r) => r.isDuplicate).map((r) => `${r.method} ${getEffectivePath(r).split("?")[0]}`)
+    );
+    const endpoints = unique.size;
+    const sameData = requests.filter((r) => r.isDuplicate).every((r) => {
+      const key = `${r.method} ${getEffectivePath(r).split("?")[0]}`;
+      const first = requests.find(
+        (o) => !o.isDuplicate && `${o.method} ${getEffectivePath(o).split("?")[0]}` === key
+      );
+      return first && first.responseBody === r.responseBody;
+    });
+    const suffix = sameData ? " \u2014 same data loaded twice" : "";
+    warnings.push(
+      `${duplicateCount} request${duplicateCount > 1 ? "s" : ""} duplicated across ${endpoints} endpoint${endpoints > 1 ? "s" : ""}${suffix}`
+    );
+  }
+  const slowRequests = requests.filter(
+    (r) => r.durationMs > SLOW_REQUEST_THRESHOLD_MS && r.category !== "polling"
+  );
+  for (const req of slowRequests) {
+    warnings.push(`${req.label} took ${(req.durationMs / 1e3).toFixed(1)}s`);
+  }
+  const errors = requests.filter((r) => r.statusCode >= 500);
+  for (const req of errors) {
+    warnings.push(`${req.label} \u2014 server error (${req.statusCode})`);
+  }
+  return warnings;
+}
+
+// src/analysis/group.ts
+function groupRequestsIntoFlows(requests) {
+  if (requests.length === 0) return [];
+  const flows = [];
+  let currentRequests = [];
+  let currentSourcePage;
+  let lastEndTime = 0;
+  for (const req of requests) {
+    if (req.path.startsWith(DASHBOARD_PREFIX)) continue;
+    const labeled = labelRequest(req);
+    if (labeled.category === "static") continue;
+    const sourcePage = labeled.sourcePage;
+    const gap = currentRequests.length > 0 ? req.startedAt - lastEndTime : 0;
+    const isNewPage = currentRequests.length > 0 && sourcePage !== void 0 && currentSourcePage !== void 0 && sourcePage !== currentSourcePage;
+    const isPageLoad = labeled.category === "page-load" || labeled.category === "navigation";
+    const isTimeGap = currentRequests.length > 0 && gap > FLOW_GAP_MS;
+    if (currentRequests.length > 0 && (isNewPage || isTimeGap || isPageLoad)) {
+      flows.push(buildFlow(currentRequests));
+      currentRequests = [];
+    }
+    currentRequests.push(labeled);
+    currentSourcePage = sourcePage ?? currentSourcePage;
+    lastEndTime = Math.max(lastEndTime, req.startedAt + req.durationMs);
+  }
+  if (currentRequests.length > 0) {
+    flows.push(buildFlow(currentRequests));
+  }
+  return flows;
+}
+function buildFlow(rawRequests) {
+  markDuplicates(rawRequests);
+  const requests = collapsePolling(rawRequests);
+  const first = requests[0];
+  const startTime = first.startedAt;
+  const endTime = Math.max(
+    ...requests.map(
+      (r) => r.pollingDurationMs ? r.startedAt + r.pollingDurationMs : r.startedAt + r.durationMs
+    )
+  );
+  const duplicateCount = rawRequests.filter((r) => r.isDuplicate).length;
+  const nonStaticCount = rawRequests.length;
+  const redundancyPct = nonStaticCount > 0 ? Math.round(duplicateCount / nonStaticCount * 100) : 0;
+  const sourcePage = getDominantSourcePage(rawRequests);
+  return {
+    id: randomUUID2(),
+    label: deriveFlowLabel(requests, sourcePage),
+    requests,
+    startTime,
+    totalDurationMs: Math.round(endTime - startTime),
+    hasErrors: requests.some((r) => r.statusCode >= 400),
+    warnings: detectWarnings(rawRequests),
+    sourcePage,
+    redundancyPct
+  };
+}
+function getDominantSourcePage(requests) {
+  const counts = /* @__PURE__ */ new Map();
+  for (const req of requests) {
+    if (req.sourcePage) {
+      counts.set(req.sourcePage, (counts.get(req.sourcePage) ?? 0) + 1);
+    }
+  }
+  let best = "";
+  let bestCount = 0;
+  for (const [page, count] of counts) {
+    if (count > bestCount) {
+      best = page;
+      bestCount = count;
+    }
+  }
+  return best || requests[0]?.path?.split("?")[0] || "/";
+}
+function deriveFlowLabel(requests, sourcePage) {
+  const trigger = requests.find((r) => r.category === "api-call") ?? requests.find((r) => r.category === "server-action") ?? requests.find((r) => r.category === "page-load") ?? requests.find((r) => r.category === "navigation") ?? requests.find((r) => r.category === "data-fetch") ?? requests[0];
+  if (trigger.category === "page-load" || trigger.category === "navigation") {
+    const pageName = prettifyPageName(trigger.path.split("?")[0]);
+    return `${pageName} Page`;
+  }
+  if (trigger.category === "api-call") {
+    const effectivePath = getEffectivePath(trigger);
+    const parts = effectivePath.replace(/^\/api\//, "").split("/");
+    const endpointName = parts.length <= 2 ? parts.join("/") : parts.map((p) => p.length > 12 ? "..." : p).join("/");
+    const action = deriveActionVerb(trigger.method, endpointName);
+    const name = prettifyEndpoint(endpointName);
+    return `${action} ${capitalize(name)}`;
+  }
+  if (trigger.category === "server-action") {
+    const name = prettifyEndpoint(trigger.path);
+    return capitalize(name);
+  }
+  if (trigger.category === "data-fetch" || trigger.category === "polling") {
+    if (sourcePage && sourcePage !== "/") {
+      const pageName = prettifyPageName(sourcePage);
+      return `${pageName} Page`;
+    }
+    return trigger.label;
+  }
+  return trigger.label;
+}
+
+// src/store/telemetry-store.ts
+import { randomUUID as randomUUID3 } from "crypto";
+var TelemetryStore = class {
+  constructor(maxEntries = MAX_TELEMETRY_ENTRIES) {
+    this.maxEntries = maxEntries;
+  }
+  entries = [];
+  listeners = [];
+  add(data) {
+    const entry = { id: randomUUID3(), ...data };
+    this.entries.push(entry);
+    if (this.entries.length > this.maxEntries) this.entries.shift();
+    for (const fn of this.listeners) fn(entry);
+    return entry;
+  }
+  getAll() {
+    return this.entries;
+  }
+  getByRequest(requestId) {
+    return this.entries.filter((e) => e.parentRequestId === requestId);
+  }
+  clear() {
+    this.entries.length = 0;
+  }
+  onEntry(fn) {
+    this.listeners.push(fn);
+  }
+  offEntry(fn) {
+    const idx = this.listeners.indexOf(fn);
+    if (idx !== -1) this.listeners.splice(idx, 1);
+  }
+};
+
+// src/store/fetch-store.ts
+var FetchStore = class extends TelemetryStore {
+};
+var defaultFetchStore = new FetchStore();
+
+// src/store/log-store.ts
+var LogStore = class extends TelemetryStore {
+};
+var defaultLogStore = new LogStore();
+
+// src/store/error-store.ts
+var ErrorStore = class extends TelemetryStore {
+};
+var defaultErrorStore = new ErrorStore();
+
+// src/store/query-store.ts
+var QueryStore = class extends TelemetryStore {
+};
+var defaultQueryStore = new QueryStore();
+
+// src/store/metrics/metrics-store.ts
+import { randomUUID as randomUUID4 } from "crypto";
+
+// src/store/metrics/persistence.ts
+import {
+  readFileSync as readFileSync2,
+  writeFileSync as writeFileSync2,
+  mkdirSync as mkdirSync2,
+  existsSync as existsSync2,
+  unlinkSync
+} from "fs";
+import { resolve as resolve2 } from "path";
+
+// src/utils/fs.ts
+import { access } from "fs/promises";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { resolve } from "path";
+async function fileExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/dashboard/client/constants/thresholds.ts
+var HEALTH_FAST_MS = 100;
+var HEALTH_GOOD_MS = 300;
+var HEALTH_OK_MS = 800;
+var HEALTH_SLOW_MS = 2e3;
+
+// src/dashboard/client/constants/display.ts
+var HEALTH_GRADES = `[
+  { max: ${HEALTH_FAST_MS}, label: 'Fast', color: 'var(--green)', bg: 'rgba(22,163,74,0.08)', border: 'rgba(22,163,74,0.2)' },
+  { max: ${HEALTH_GOOD_MS}, label: 'Good', color: 'var(--green)', bg: 'rgba(22,163,74,0.06)', border: 'rgba(22,163,74,0.15)' },
+  { max: ${HEALTH_OK_MS}, label: 'OK', color: 'var(--amber)', bg: 'rgba(217,119,6,0.06)', border: 'rgba(217,119,6,0.15)' },
+  { max: ${HEALTH_SLOW_MS}, label: 'Slow', color: 'var(--red)', bg: 'rgba(220,38,38,0.06)', border: 'rgba(220,38,38,0.15)' },
+  { max: Infinity, label: 'Critical', color: 'var(--red)', bg: 'rgba(220,38,38,0.08)', border: 'rgba(220,38,38,0.2)' }
+]`;
+
+// src/dashboard/router.ts
+function isDashboardRequest(url) {
+  return url === DASHBOARD_PREFIX || url.startsWith(DASHBOARD_PREFIX + "/");
+}
+
+// src/proxy/server.ts
+function createProxyServer(config, handleDashboard) {
+  const server = createServer((clientReq, clientRes) => {
+    if (isDashboardRequest(clientReq.url ?? "")) {
+      handleDashboard(clientReq, clientRes, config);
+      return;
+    }
+    proxyRequest(clientReq, clientRes, config);
+  });
+  server.on("upgrade", (req, socket, head) => {
+    handleUpgrade(req, socket, head, config.targetPort);
+  });
+  return server;
+}
+
+// src/detect/project.ts
+import { readFile as readFile2 } from "fs/promises";
+import { join } from "path";
+var FRAMEWORKS = [
+  { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
+  { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
+  { name: "nuxt", dep: "nuxt", devCmd: "nuxt dev", bin: "nuxt", defaultPort: 3e3, devArgs: ["dev", "--port"] },
+  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] },
+  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] }
+];
+async function detectProject(rootDir) {
+  const pkgPath = join(rootDir, "package.json");
+  const raw = await readFile2(pkgPath, "utf-8");
+  const pkg = JSON.parse(raw);
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+  let framework = "unknown";
+  let devCommand = "";
+  let devBin = "";
+  let defaultPort = 3e3;
+  for (const f of FRAMEWORKS) {
+    if (allDeps[f.dep]) {
+      framework = f.name;
+      devCommand = f.devCmd;
+      devBin = join(rootDir, "node_modules", ".bin", f.bin);
+      defaultPort = f.defaultPort;
+      break;
+    }
+  }
+  const packageManager = await detectPackageManager(rootDir);
+  return { framework, devCommand, devBin, defaultPort, packageManager };
+}
+async function detectPackageManager(rootDir) {
+  if (await fileExists(join(rootDir, "bun.lockb"))) return "bun";
+  if (await fileExists(join(rootDir, "bun.lock"))) return "bun";
+  if (await fileExists(join(rootDir, "pnpm-lock.yaml"))) return "pnpm";
+  if (await fileExists(join(rootDir, "yarn.lock"))) return "yarn";
+  if (await fileExists(join(rootDir, "package-lock.json"))) return "npm";
+  return "unknown";
+}
+
+// src/instrument/adapter-registry.ts
+var AdapterRegistry = class {
+  adapters = [];
+  active = [];
+  register(adapter) {
+    this.adapters.push(adapter);
+  }
+  patchAll(emit) {
+    for (const adapter of this.adapters) {
+      try {
+        if (adapter.detect()) {
+          adapter.patch(emit);
+          this.active.push(adapter);
+        }
+      } catch {
+      }
+    }
+  }
+  unpatchAll() {
+    for (const adapter of this.active) {
+      try {
+        adapter.unpatch?.();
+      } catch {
+      }
+    }
+    this.active = [];
+  }
+  getActive() {
+    return this.active;
+  }
+};
+
+// src/analysis/rules/patterns.ts
+var SECRET_KEYS = /^(password|passwd|secret|api_key|apiKey|api_secret|apiSecret|private_key|privateKey|client_secret|clientSecret)$/;
+var TOKEN_PARAMS = /^(token|api_key|apiKey|secret|password|access_token|session_id|sessionId)$/;
+var SAFE_PARAMS = /^(_rsc|__clerk_handshake|__clerk_db_jwt|callback|code|state|nonce|redirect_uri|utm_|fbclid|gclid)$/;
+var STACK_TRACE_RE = /at\s+.+\(.+:\d+:\d+\)|at\s+Module\._compile|at\s+Object\.<anonymous>|at\s+processTicksAndRejections/;
+var DB_CONN_RE = /(postgres|mysql|mongodb|redis):\/\//;
+var SQL_FRAGMENT_RE = /\b(SELECT\s+[\w.*]+\s+FROM|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)\b/i;
+var SECRET_VAL_RE = /(api_key|apiKey|secret|token)\s*[:=]\s*["']?[A-Za-z0-9_\-\.+\/]{8,}/;
+var LOG_SECRET_RE = /(password|secret|token|api_key|apiKey)\s*[:=]\s*["']?[A-Za-z0-9_\-\.+\/]{8,}/i;
+var MASKED_RE = /^\*+$|\[REDACTED\]|\[FILTERED\]|CHANGE_ME|^x{3,}$/i;
+var RULE_HINTS = {
+  "exposed-secret": "Never include secret fields in API responses. Strip sensitive fields before returning.",
+  "token-in-url": "Pass tokens in the Authorization header, not URL query parameters.",
+  "stack-trace-leak": "Use a custom error handler that returns generic messages in production.",
+  "error-info-leak": "Sanitize error responses. Return generic messages instead of internal details.",
+  "sensitive-logs": "Redact PII before logging. Never log passwords or tokens.",
+  "cors-credentials": "Cannot use credentials:true with origin:*. Specify explicit origins.",
+  "insecure-cookie": "Set HttpOnly and SameSite flags on all cookies."
+};
+
+// src/analysis/rules/exposed-secret.ts
+function tryParseJson(body) {
+  if (!body) return null;
+  try {
+    return JSON.parse(body);
+  } catch {
+    return null;
+  }
+}
+function findSecretKeys(obj, prefix) {
+  const found = [];
+  if (!obj || typeof obj !== "object") return found;
+  if (Array.isArray(obj)) {
+    for (let i = 0; i < Math.min(obj.length, 5); i++) {
+      found.push(...findSecretKeys(obj[i], prefix));
+    }
+    return found;
+  }
+  for (const k of Object.keys(obj)) {
+    const val = obj[k];
+    if (SECRET_KEYS.test(k) && typeof val === "string" && val.length >= 8 && !MASKED_RE.test(val)) {
+      found.push(k);
+    }
+    if (typeof val === "object" && val !== null) {
+      found.push(...findSecretKeys(val, prefix + k + "."));
+    }
+  }
+  return found;
+}
+var exposedSecretRule = {
+  id: "exposed-secret",
+  severity: "critical",
+  name: "Exposed Secret in Response",
+  hint: RULE_HINTS["exposed-secret"],
+  check(ctx) {
+    const findings = [];
+    const seen = /* @__PURE__ */ new Map();
+    for (const r of ctx.requests) {
+      if (r.statusCode >= 400) continue;
+      const parsed = tryParseJson(r.responseBody);
+      if (!parsed) continue;
+      const keys = findSecretKeys(parsed, "");
+      if (keys.length === 0) continue;
+      const ep = `${r.method} ${r.path}`;
+      const dedupKey = `${ep}:${keys.sort().join(",")}`;
+      const existing = seen.get(dedupKey);
+      if (existing) {
+        existing.count++;
+        continue;
+      }
+      const finding = {
+        severity: "critical",
+        rule: "exposed-secret",
+        title: "Exposed Secret in Response",
+        desc: `${ep} \u2014 response contains ${keys.join(", ")} field${keys.length > 1 ? "s" : ""}`,
+        hint: this.hint,
+        endpoint: ep,
+        count: 1
+      };
+      seen.set(dedupKey, finding);
+      findings.push(finding);
+    }
+    return findings;
+  }
+};
+
+// src/analysis/rules/token-in-url.ts
+var tokenInUrlRule = {
+  id: "token-in-url",
+  severity: "critical",
+  name: "Auth Token in URL",
+  hint: RULE_HINTS["token-in-url"],
+  check(ctx) {
+    const findings = [];
+    const seen = /* @__PURE__ */ new Map();
+    for (const r of ctx.requests) {
+      const qIdx = r.url.indexOf("?");
+      if (qIdx === -1) continue;
+      const params = r.url.substring(qIdx + 1).split("&");
+      const flagged = [];
+      for (const param of params) {
+        const [name, ...rest] = param.split("=");
+        const val = rest.join("=");
+        if (SAFE_PARAMS.test(name)) continue;
+        if (TOKEN_PARAMS.test(name) && val && val.length > 0) {
+          flagged.push(name);
+        }
+      }
+      if (flagged.length === 0) continue;
+      const ep = `${r.method} ${r.path}`;
+      const dedupKey = `${ep}:${flagged.sort().join(",")}`;
+      const existing = seen.get(dedupKey);
+      if (existing) {
+        existing.count++;
+        continue;
+      }
+      const finding = {
+        severity: "critical",
+        rule: "token-in-url",
+        title: "Auth Token in URL",
+        desc: `${ep} \u2014 ${flagged.join(", ")} exposed in query string`,
+        hint: this.hint,
+        endpoint: ep,
+        count: 1
+      };
+      seen.set(dedupKey, finding);
+      findings.push(finding);
+    }
+    return findings;
+  }
+};
+
+// src/analysis/rules/stack-trace-leak.ts
+var stackTraceLeakRule = {
+  id: "stack-trace-leak",
+  severity: "critical",
+  name: "Stack Trace Leaked to Client",
+  hint: RULE_HINTS["stack-trace-leak"],
+  check(ctx) {
+    const findings = [];
+    const seen = /* @__PURE__ */ new Map();
+    for (const r of ctx.requests) {
+      if (!r.responseBody) continue;
+      if (!STACK_TRACE_RE.test(r.responseBody)) continue;
+      const ep = `${r.method} ${r.path}`;
+      const existing = seen.get(ep);
+      if (existing) {
+        existing.count++;
+        continue;
+      }
+      const finding = {
+        severity: "critical",
+        rule: "stack-trace-leak",
+        title: "Stack Trace Leaked to Client",
+        desc: `${ep} \u2014 response exposes internal stack trace`,
+        hint: this.hint,
+        endpoint: ep,
+        count: 1
+      };
+      seen.set(ep, finding);
+      findings.push(finding);
+    }
+    return findings;
+  }
+};
+
+// src/analysis/rules/error-info-leak.ts
+var CRITICAL_PATTERNS = [
+  { re: DB_CONN_RE, label: "database connection string" },
+  { re: SQL_FRAGMENT_RE, label: "SQL query fragment" },
+  { re: SECRET_VAL_RE, label: "secret value" }
+];
+var errorInfoLeakRule = {
+  id: "error-info-leak",
+  severity: "critical",
+  name: "Sensitive Data in Error Response",
+  hint: RULE_HINTS["error-info-leak"],
+  check(ctx) {
+    const findings = [];
+    const seen = /* @__PURE__ */ new Map();
+    for (const r of ctx.requests) {
+      if (r.statusCode < 400) continue;
+      if (!r.responseBody) continue;
+      if (r.responseHeaders["x-nextjs-error"] || r.responseHeaders["x-nextjs-matched-path"]) continue;
+      const ep = `${r.method} ${r.path}`;
+      for (const p of CRITICAL_PATTERNS) {
+        if (!p.re.test(r.responseBody)) continue;
+        const dedupKey = `${ep}:${p.label}`;
+        const existing = seen.get(dedupKey);
+        if (existing) {
+          existing.count++;
+          continue;
+        }
+        const finding = {
+          severity: "critical",
+          rule: "error-info-leak",
+          title: "Sensitive Data in Error Response",
+          desc: `${ep} \u2014 error response exposes ${p.label}`,
+          hint: this.hint,
+          endpoint: ep,
+          count: 1
+        };
+        seen.set(dedupKey, finding);
+        findings.push(finding);
+      }
+    }
+    return findings;
+  }
+};
+
+// src/analysis/rules/insecure-cookie.ts
+var insecureCookieRule = {
+  id: "insecure-cookie",
+  severity: "warning",
+  name: "Insecure Cookie",
+  hint: RULE_HINTS["insecure-cookie"],
+  check(ctx) {
+    const findings = [];
+    const seen = /* @__PURE__ */ new Map();
+    for (const r of ctx.requests) {
+      if (!r.responseHeaders) continue;
+      const setCookie = r.responseHeaders["set-cookie"];
+      if (!setCookie) continue;
+      const cookies = setCookie.split(/,(?=\s*[A-Za-z0-9_\-]+=)/);
+      for (const cookie of cookies) {
+        const cookieName = cookie.trim().split("=")[0].trim();
+        const lower = cookie.toLowerCase();
+        const issues = [];
+        if (!lower.includes("httponly")) issues.push("HttpOnly");
+        if (!lower.includes("samesite")) issues.push("SameSite");
+        if (issues.length === 0) continue;
+        const dedupKey = `${cookieName}:${issues.join(",")}`;
+        const existing = seen.get(dedupKey);
+        if (existing) {
+          existing.count++;
+          continue;
+        }
+        const finding = {
+          severity: "warning",
+          rule: "insecure-cookie",
+          title: "Insecure Cookie",
+          desc: `${cookieName} \u2014 missing ${issues.join(", ")} flag${issues.length > 1 ? "s" : ""}`,
+          hint: this.hint,
+          endpoint: cookieName,
+          count: 1
+        };
+        seen.set(dedupKey, finding);
+        findings.push(finding);
+      }
+    }
+    return findings;
+  }
+};
+
+// src/analysis/rules/sensitive-logs.ts
+var sensitiveLogsRule = {
+  id: "sensitive-logs",
+  severity: "warning",
+  name: "Sensitive Data in Logs",
+  hint: RULE_HINTS["sensitive-logs"],
+  check(ctx) {
+    let count = 0;
+    for (const log of ctx.logs) {
+      if (!log.message) continue;
+      if (log.message.startsWith("[brakit]")) continue;
+      if (LOG_SECRET_RE.test(log.message)) count++;
+    }
+    if (count === 0) return [];
+    return [{
+      severity: "warning",
+      rule: "sensitive-logs",
+      title: "Sensitive Data in Logs",
+      desc: `Console output contains secret/token values \u2014 ${count} occurrence${count !== 1 ? "s" : ""}`,
+      hint: this.hint,
+      endpoint: "console",
+      count
+    }];
+  }
+};
+
+// src/analysis/rules/cors-credentials.ts
+var corsCredentialsRule = {
+  id: "cors-credentials",
+  severity: "warning",
+  name: "CORS Credentials with Wildcard",
+  hint: RULE_HINTS["cors-credentials"],
+  check(ctx) {
+    const findings = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const r of ctx.requests) {
+      if (!r.responseHeaders) continue;
+      const origin = r.responseHeaders["access-control-allow-origin"];
+      const creds = r.responseHeaders["access-control-allow-credentials"];
+      if (origin !== "*" || creds !== "true") continue;
+      const ep = `${r.method} ${r.path}`;
+      if (seen.has(ep)) continue;
+      seen.add(ep);
+      findings.push({
+        severity: "warning",
+        rule: "cors-credentials",
+        title: "CORS Credentials with Wildcard",
+        desc: `${ep} \u2014 credentials:true with origin:* (browser will reject)`,
+        hint: this.hint,
+        endpoint: ep,
+        count: 1
+      });
+    }
+    return findings;
+  }
+};
+
+// src/analysis/rules/scanner.ts
+var SecurityScanner = class {
+  rules = [];
+  register(rule) {
+    this.rules.push(rule);
+  }
+  scan(ctx) {
+    const findings = [];
+    for (const rule of this.rules) {
+      try {
+        findings.push(...rule.check(ctx));
+      } catch {
+      }
+    }
+    return findings;
+  }
+  getRules() {
+    return this.rules;
+  }
+};
+function createDefaultScanner() {
+  const scanner = new SecurityScanner();
+  scanner.register(exposedSecretRule);
+  scanner.register(tokenInUrlRule);
+  scanner.register(stackTraceLeakRule);
+  scanner.register(errorInfoLeakRule);
+  scanner.register(insecureCookieRule);
+  scanner.register(sensitiveLogsRule);
+  scanner.register(corsCredentialsRule);
+  return scanner;
+}
+
+// src/instrument/adapters/normalize.ts
+function normalizeSQL(sql) {
+  if (!sql) return { op: "OTHER", table: "" };
+  const trimmed = sql.trim();
+  const op = trimmed.split(/\s+/)[0].toUpperCase();
+  if (/SELECT\s+COUNT/i.test(trimmed)) {
+    const match = trimmed.match(/FROM\s+"?\w+"?\."?(\w+)"?/i);
+    return { op: "SELECT", table: match?.[1] ?? "" };
+  }
+  const tableMatch = trimmed.match(/(?:FROM|INTO|UPDATE)\s+"?\w+"?\."?(\w+)"?/i);
+  const table = tableMatch?.[1] ?? "";
+  switch (op) {
+    case "SELECT":
+      return { op: "SELECT", table };
+    case "INSERT":
+      return { op: "INSERT", table };
+    case "UPDATE":
+      return { op: "UPDATE", table };
+    case "DELETE":
+      return { op: "DELETE", table };
+    default:
+      return { op: "OTHER", table };
+  }
+}
+function normalizeQueryParams(sql) {
+  if (!sql) return null;
+  let n = sql.replace(/'[^']*'/g, "?");
+  n = n.replace(/\b\d+(\.\d+)?\b/g, "?");
+  n = n.replace(/\$\d+/g, "?");
+  return n;
+}
+
+// src/analysis/insights.ts
+var AUTH_CATEGORIES = /* @__PURE__ */ new Set(["auth-handshake", "auth-check", "middleware"]);
+function getQueryShape(q) {
+  if (q.sql) return normalizeQueryParams(q.sql) ?? "";
+  return `${q.operation ?? q.normalizedOp ?? "?"}:${q.model ?? q.table ?? ""}`;
+}
+function getQueryInfo(q) {
+  if (q.sql) return normalizeSQL(q.sql);
+  return {
+    op: q.normalizedOp ?? q.operation ?? "?",
+    table: q.table ?? q.model ?? ""
+  };
+}
+function formatDuration(ms) {
+  if (ms < 1e3) return `${ms}ms`;
+  return `${(ms / 1e3).toFixed(1)}s`;
+}
+function formatSize(bytes) {
+  if (bytes < 1024) return `${bytes}B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+}
+function computeInsights(ctx) {
+  const insights = [];
+  const nonStatic = ctx.requests.filter(
+    (r) => !r.isStatic && (!r.path || !r.path.startsWith(DASHBOARD_PREFIX))
+  );
+  const queriesByReq = /* @__PURE__ */ new Map();
+  for (const q of ctx.queries) {
+    if (!q.parentRequestId) continue;
+    let arr = queriesByReq.get(q.parentRequestId);
+    if (!arr) {
+      arr = [];
+      queriesByReq.set(q.parentRequestId, arr);
+    }
+    arr.push(q);
+  }
+  const reqById = /* @__PURE__ */ new Map();
+  for (const r of nonStatic) reqById.set(r.id, r);
+  const n1Seen = /* @__PURE__ */ new Set();
+  for (const [reqId, reqQueries] of queriesByReq) {
+    const req = reqById.get(reqId);
+    if (!req) continue;
+    const endpoint = `${req.method} ${req.path}`;
+    const shapeGroups = /* @__PURE__ */ new Map();
+    for (const q of reqQueries) {
+      const shape = getQueryShape(q);
+      let group = shapeGroups.get(shape);
+      if (!group) {
+        group = { count: 0, distinctSql: /* @__PURE__ */ new Set(), first: q };
+        shapeGroups.set(shape, group);
+      }
+      group.count++;
+      group.distinctSql.add(q.sql ?? shape);
+    }
+    for (const [, sg] of shapeGroups) {
+      if (sg.count <= N1_QUERY_THRESHOLD || sg.distinctSql.size <= 1) continue;
+      const info = getQueryInfo(sg.first);
+      const key = `${endpoint}:${info.op}:${info.table || "unknown"}`;
+      if (n1Seen.has(key)) continue;
+      n1Seen.add(key);
+      insights.push({
+        severity: "critical",
+        type: "n1",
+        title: "N+1 Query Pattern",
+        desc: `${endpoint} runs ${sg.count}x ${info.op} ${info.table} with different params in a single request`,
+        hint: "This typically happens when fetching related data in a loop. Use a batch query, JOIN, or include/eager-load to fetch all records at once.",
+        nav: "queries"
+      });
+    }
+  }
+  const ceQueryMap = /* @__PURE__ */ new Map();
+  const ceAllEndpoints = /* @__PURE__ */ new Set();
+  for (const [reqId, reqQueries] of queriesByReq) {
+    const req = reqById.get(reqId);
+    if (!req) continue;
+    const endpoint = `${req.method} ${req.path}`;
+    ceAllEndpoints.add(endpoint);
+    const seenInReq = /* @__PURE__ */ new Set();
+    for (const q of reqQueries) {
+      const shape = getQueryShape(q);
+      let entry = ceQueryMap.get(shape);
+      if (!entry) {
+        entry = { endpoints: /* @__PURE__ */ new Set(), count: 0, first: q };
+        ceQueryMap.set(shape, entry);
+      }
+      entry.count++;
+      if (!seenInReq.has(shape)) {
+        seenInReq.add(shape);
+        entry.endpoints.add(endpoint);
+      }
+    }
+  }
+  if (ceAllEndpoints.size >= CROSS_ENDPOINT_MIN_ENDPOINTS) {
+    for (const [, cem] of ceQueryMap) {
+      if (cem.count < CROSS_ENDPOINT_MIN_OCCURRENCES) continue;
+      if (cem.endpoints.size < CROSS_ENDPOINT_MIN_ENDPOINTS) continue;
+      const pct = Math.round(cem.endpoints.size / ceAllEndpoints.size * 100);
+      if (pct < CROSS_ENDPOINT_PCT) continue;
+      const info = getQueryInfo(cem.first);
+      const label = info.op + (info.table ? ` ${info.table}` : "");
+      insights.push({
+        severity: "warning",
+        type: "cross-endpoint",
+        title: "Repeated Query Across Endpoints",
+        desc: `${label} runs on ${cem.endpoints.size} of ${ceAllEndpoints.size} endpoints (${pct}%).`,
+        hint: "This query runs on most of your endpoints. Load it once in middleware or cache the result to avoid redundant database calls.",
+        nav: "queries"
+      });
+    }
+  }
+  const rqSeen = /* @__PURE__ */ new Set();
+  for (const [reqId, reqQueries] of queriesByReq) {
+    const req = reqById.get(reqId);
+    if (!req) continue;
+    const endpoint = `${req.method} ${req.path}`;
+    const exact = /* @__PURE__ */ new Map();
+    for (const q of reqQueries) {
+      if (!q.sql) continue;
+      let entry = exact.get(q.sql);
+      if (!entry) {
+        entry = { count: 0, first: q };
+        exact.set(q.sql, entry);
+      }
+      entry.count++;
+    }
+    for (const [, e] of exact) {
+      if (e.count < REDUNDANT_QUERY_MIN_COUNT) continue;
+      const info = getQueryInfo(e.first);
+      const label = info.op + (info.table ? ` ${info.table}` : "");
+      const dedupKey = `${endpoint}:${label}`;
+      if (rqSeen.has(dedupKey)) continue;
+      rqSeen.add(dedupKey);
+      insights.push({
+        severity: "warning",
+        type: "redundant-query",
+        title: "Redundant Query",
+        desc: `${label} runs ${e.count}x with identical params in ${endpoint}.`,
+        hint: "The exact same query with identical parameters runs multiple times in one request. Cache the first result or lift the query to a shared function.",
+        nav: "queries"
+      });
+    }
+  }
+  if (ctx.errors.length > 0) {
+    const errGroups = /* @__PURE__ */ new Map();
+    for (const e of ctx.errors) {
+      const name = e.name || "Error";
+      errGroups.set(name, (errGroups.get(name) ?? 0) + 1);
+    }
+    for (const [name, cnt] of errGroups) {
+      insights.push({
+        severity: "critical",
+        type: "error",
+        title: "Unhandled Error",
+        desc: `${name} \u2014 occurred ${cnt} time${cnt !== 1 ? "s" : ""}`,
+        hint: "Unhandled errors crash request handlers. Wrap async code in try/catch or add error-handling middleware.",
+        nav: "errors"
+      });
+    }
+  }
+  const endpointGroups = /* @__PURE__ */ new Map();
+  for (const r of nonStatic) {
+    const ep = `${r.method} ${r.path}`;
+    let g = endpointGroups.get(ep);
+    if (!g) {
+      g = { total: 0, errors: 0, totalDuration: 0, queryCount: 0, totalSize: 0 };
+      endpointGroups.set(ep, g);
+    }
+    g.total++;
+    if (r.statusCode >= 400) g.errors++;
+    g.totalDuration += r.durationMs;
+    g.queryCount += (queriesByReq.get(r.id) ?? []).length;
+    g.totalSize += r.responseSize ?? 0;
+  }
+  for (const [ep, g] of endpointGroups) {
+    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+    const errorRate = Math.round(g.errors / g.total * 100);
+    if (errorRate >= ERROR_RATE_THRESHOLD_PCT) {
+      insights.push({
+        severity: "critical",
+        type: "error-hotspot",
+        title: "Error Hotspot",
+        desc: `${ep} \u2014 ${errorRate}% error rate (${g.errors}/${g.total} requests)`,
+        hint: "This endpoint frequently returns errors. Check the response bodies for error details and stack traces.",
+        nav: "requests"
+      });
+    }
+  }
+  const dupCounts = /* @__PURE__ */ new Map();
+  const flowCount = /* @__PURE__ */ new Map();
+  for (const flow of ctx.flows) {
+    if (!flow.requests) continue;
+    const seenInFlow = /* @__PURE__ */ new Set();
+    for (const fr of flow.requests) {
+      if (!fr.isDuplicate) continue;
+      const dupKey = `${fr.method} ${fr.label ?? fr.path ?? fr.url}`;
+      dupCounts.set(dupKey, (dupCounts.get(dupKey) ?? 0) + 1);
+      if (!seenInFlow.has(dupKey)) {
+        seenInFlow.add(dupKey);
+        flowCount.set(dupKey, (flowCount.get(dupKey) ?? 0) + 1);
+      }
+    }
+  }
+  const dupEntries = [...dupCounts.entries()].map(([key, count]) => ({ key, count, flows: flowCount.get(key) ?? 0 })).sort((a, b) => b.count - a.count);
+  for (let i = 0; i < Math.min(dupEntries.length, 3); i++) {
+    const d = dupEntries[i];
+    insights.push({
+      severity: "warning",
+      type: "duplicate",
+      title: "Duplicate API Call",
+      desc: `${d.key} loaded ${d.count}x as duplicate across ${d.flows} action${d.flows !== 1 ? "s" : ""}`,
+      hint: "Multiple components independently fetch the same endpoint. Lift the fetch to a parent component, use a data cache, or deduplicate with React Query / SWR.",
+      nav: "actions"
+    });
+  }
+  for (const [ep, g] of endpointGroups) {
+    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+    const avgMs = Math.round(g.totalDuration / g.total);
+    if (avgMs >= SLOW_ENDPOINT_THRESHOLD_MS) {
+      insights.push({
+        severity: "warning",
+        type: "slow",
+        title: "Slow Endpoint",
+        desc: `${ep} \u2014 avg ${formatDuration(avgMs)} across ${g.total} request${g.total !== 1 ? "s" : ""}`,
+        hint: "Consistently slow responses hurt user experience. Check the Queries tab to see if database queries are the bottleneck.",
+        nav: "requests"
+      });
+    }
+  }
+  for (const [ep, g] of endpointGroups) {
+    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+    const avgQueries = Math.round(g.queryCount / g.total);
+    if (avgQueries > HIGH_QUERY_COUNT_PER_REQ) {
+      insights.push({
+        severity: "warning",
+        type: "query-heavy",
+        title: "Query-Heavy Endpoint",
+        desc: `${ep} \u2014 avg ${avgQueries} queries/request`,
+        hint: "Too many queries per request increases latency. Combine queries with JOINs, use batch operations, or reduce the number of data fetches.",
+        nav: "queries"
+      });
+    }
+  }
+  for (const flow of ctx.flows) {
+    if (!flow.requests || flow.requests.length < 2) continue;
+    let authMs = 0;
+    let totalMs = 0;
+    for (const r of flow.requests) {
+      const dur = r.pollingDurationMs ?? r.durationMs;
+      totalMs += dur;
+      if (AUTH_CATEGORIES.has(r.category ?? "")) authMs += dur;
+    }
+    if (totalMs > 0 && authMs > 0) {
+      const pct = Math.round(authMs / totalMs * 100);
+      if (pct >= AUTH_OVERHEAD_PCT) {
+        insights.push({
+          severity: "warning",
+          type: "auth-overhead",
+          title: "Auth Overhead",
+          desc: `${flow.label} \u2014 ${pct}% of time (${formatDuration(authMs)}) spent in auth/middleware`,
+          hint: "Auth checks consume a significant portion of this action. If using a third-party auth provider, check if session caching can reduce roundtrips.",
+          nav: "actions"
+        });
+      }
+    }
+  }
+  const selectStarSeen = /* @__PURE__ */ new Map();
+  for (const [, reqQueries] of queriesByReq) {
+    for (const q of reqQueries) {
+      if (!q.sql) continue;
+      const isSelectStar = /^SELECT\s+\*/i.test(q.sql.trim()) || /\.\*\s+FROM/i.test(q.sql);
+      if (!isSelectStar) continue;
+      const info = getQueryInfo(q);
+      const key = info.table || "unknown";
+      selectStarSeen.set(key, (selectStarSeen.get(key) ?? 0) + 1);
+    }
+  }
+  for (const [table, count] of selectStarSeen) {
+    if (count < OVERFETCH_MIN_REQUESTS) continue;
+    insights.push({
+      severity: "warning",
+      type: "select-star",
+      title: "SELECT * Query",
+      desc: `SELECT * on ${table} \u2014 ${count} occurrence${count !== 1 ? "s" : ""}`,
+      hint: "SELECT * fetches all columns including ones you don\u2019t need. Specify only required columns to reduce data transfer and memory usage.",
+      nav: "queries"
+    });
+  }
+  const highRowSeen = /* @__PURE__ */ new Map();
+  for (const [, reqQueries] of queriesByReq) {
+    for (const q of reqQueries) {
+      if (!q.rowCount || q.rowCount <= HIGH_ROW_COUNT) continue;
+      const info = getQueryInfo(q);
+      const key = `${info.op} ${info.table || "unknown"}`;
+      let entry = highRowSeen.get(key);
+      if (!entry) {
+        entry = { max: 0, count: 0 };
+        highRowSeen.set(key, entry);
+      }
+      entry.count++;
+      if (q.rowCount > entry.max) entry.max = q.rowCount;
+    }
+  }
+  for (const [key, hrs] of highRowSeen) {
+    if (hrs.count < OVERFETCH_MIN_REQUESTS) continue;
+    insights.push({
+      severity: "warning",
+      type: "high-rows",
+      title: "Large Result Set",
+      desc: `${key} returns ${hrs.max}+ rows (${hrs.count}x)`,
+      hint: "Fetching many rows slows responses and wastes memory. Add a LIMIT clause, implement pagination, or filter with a WHERE condition.",
+      nav: "queries"
+    });
+  }
+  for (const [ep, g] of endpointGroups) {
+    if (g.total < OVERFETCH_MIN_REQUESTS) continue;
+    const avgSize = Math.round(g.totalSize / g.total);
+    if (avgSize > LARGE_RESPONSE_BYTES) {
+      insights.push({
+        severity: "info",
+        type: "large-response",
+        title: "Large Response",
+        desc: `${ep} \u2014 avg ${formatSize(avgSize)} response`,
+        hint: "Large API responses increase network transfer time. Implement pagination, field filtering, or response compression.",
+        nav: "requests"
+      });
+    }
+  }
+  if (ctx.securityFindings) {
+    for (const f of ctx.securityFindings) {
+      insights.push({
+        severity: f.severity,
+        type: "security",
+        title: f.title,
+        desc: f.desc,
+        hint: f.hint,
+        nav: "security"
+      });
+    }
+  }
+  const severityOrder = { critical: 0, warning: 1, info: 2 };
+  insights.sort((a, b) => (severityOrder[a.severity] ?? 2) - (severityOrder[b.severity] ?? 2));
+  return insights;
+}
+
+// src/analysis/engine.ts
+var AnalysisEngine = class {
+  constructor(debounceMs = 300) {
+    this.debounceMs = debounceMs;
+    this.scanner = createDefaultScanner();
+    this.boundRequestListener = () => this.scheduleRecompute();
+    this.boundQueryListener = () => this.scheduleRecompute();
+    this.boundErrorListener = () => this.scheduleRecompute();
+    this.boundLogListener = () => this.scheduleRecompute();
+  }
+  scanner;
+  cachedInsights = [];
+  cachedFindings = [];
+  debounceTimer = null;
+  listeners = [];
+  boundRequestListener;
+  boundQueryListener;
+  boundErrorListener;
+  boundLogListener;
+  start() {
+    onRequest(this.boundRequestListener);
+    defaultQueryStore.onEntry(this.boundQueryListener);
+    defaultErrorStore.onEntry(this.boundErrorListener);
+    defaultLogStore.onEntry(this.boundLogListener);
+  }
+  stop() {
+    offRequest(this.boundRequestListener);
+    defaultQueryStore.offEntry(this.boundQueryListener);
+    defaultErrorStore.offEntry(this.boundErrorListener);
+    defaultLogStore.offEntry(this.boundLogListener);
+    if (this.debounceTimer) {
+      clearTimeout(this.debounceTimer);
+      this.debounceTimer = null;
+    }
+  }
+  onUpdate(fn) {
+    this.listeners.push(fn);
+  }
+  offUpdate(fn) {
+    const idx = this.listeners.indexOf(fn);
+    if (idx !== -1) this.listeners.splice(idx, 1);
+  }
+  getInsights() {
+    return this.cachedInsights;
+  }
+  getFindings() {
+    return this.cachedFindings;
+  }
+  scheduleRecompute() {
+    if (this.debounceTimer) return;
+    this.debounceTimer = setTimeout(() => {
+      this.debounceTimer = null;
+      this.recompute();
+    }, this.debounceMs);
+  }
+  recompute() {
+    const requests = getRequests();
+    const queries = defaultQueryStore.getAll();
+    const errors = defaultErrorStore.getAll();
+    const logs = defaultLogStore.getAll();
+    const flows = groupRequestsIntoFlows(requests);
+    this.cachedFindings = this.scanner.scan({ requests, logs });
+    this.cachedInsights = computeInsights({
+      requests,
+      queries,
+      errors,
+      flows,
+      securityFindings: this.cachedFindings
+    });
+    for (const fn of this.listeners) {
+      try {
+        fn(this.cachedInsights, this.cachedFindings);
+      } catch {
+      }
+    }
+  }
+};
+
+// src/index.ts
+var VERSION = "0.6.0";
+export {
+  AdapterRegistry,
+  AnalysisEngine,
+  SecurityScanner,
+  VERSION,
+  computeInsights,
+  createDefaultScanner,
+  createProxyServer,
+  detectProject
+};