npm - brakit - Versions diffs - 0.8.1 → 0.8.3 - Mend

brakit 0.8.1 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +5 -5
package/dist/api.d.ts +103 -44
package/dist/api.js +153 -266
package/dist/bin/brakit.js +130 -219
package/dist/mcp/server.js +65 -23
package/dist/runtime/index.js +1623 -1539
package/package.json +1 -1

package/dist/runtime/index.js CHANGED Viewed

@@ -9,7 +9,7 @@ var __export = (target, all) => {
 };
 // src/constants/routes.ts
-var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS;
+var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS, VALID_TABS;
 var init_routes = __esm({
   "src/constants/routes.ts"() {
     "use strict";
@@ -30,6 +30,17 @@ var init_routes = __esm({
     DASHBOARD_API_SECURITY = "/__brakit/api/security";
     DASHBOARD_API_TAB = "/__brakit/api/tab";
     DASHBOARD_API_FINDINGS = "/__brakit/api/findings";
+    VALID_TABS = /* @__PURE__ */ new Set([
+      "overview",
+      "actions",
+      "requests",
+      "fetches",
+      "queries",
+      "errors",
+      "logs",
+      "performance",
+      "security"
+    ]);
   }
 });
@@ -88,14 +99,20 @@ var init_thresholds = __esm({
 });
 // src/constants/transport.ts
-var SSE_HEARTBEAT_INTERVAL_MS, NOISE_HOSTS;
+var SSE_HEARTBEAT_INTERVAL_MS, NOISE_HOSTS, NOISE_PATH_PATTERNS;
 var init_transport = __esm({
   "src/constants/transport.ts"() {
     "use strict";
     SSE_HEARTBEAT_INTERVAL_MS = 3e4;
     NOISE_HOSTS = [
       "registry.npmjs.org",
-      "telemetry.nextjs.org"
+      "telemetry.nextjs.org",
+      "vitejs.dev"
+    ];
+    NOISE_PATH_PATTERNS = [
+      ".hot-update.",
+      "__webpack",
+      "__vite"
     ];
   }
 });
@@ -175,6 +192,38 @@ var init_mcp = __esm({
   }
 });
+// src/constants/encoding.ts
+var CONTENT_ENCODING_GZIP, CONTENT_ENCODING_BR, CONTENT_ENCODING_DEFLATE;
+var init_encoding = __esm({
+  "src/constants/encoding.ts"() {
+    "use strict";
+    CONTENT_ENCODING_GZIP = "gzip";
+    CONTENT_ENCODING_BR = "br";
+    CONTENT_ENCODING_DEFLATE = "deflate";
+  }
+});
+// src/constants/severity.ts
+var SEVERITY_ICON, SEVERITY_CRITICAL, SEVERITY_WARNING, SEVERITY_INFO, SEVERITY_ICON_MAP;
+var init_severity = __esm({
+  "src/constants/severity.ts"() {
+    "use strict";
+    SEVERITY_ICON = {
+      critical: "\u2717",
+      warning: "\u26A0",
+      info: "\u2139"
+    };
+    SEVERITY_CRITICAL = "critical";
+    SEVERITY_WARNING = "warning";
+    SEVERITY_INFO = "info";
+    SEVERITY_ICON_MAP = {
+      [SEVERITY_CRITICAL]: { icon: "\u2717", cls: "critical" },
+      [SEVERITY_WARNING]: { icon: "\u26A0", cls: "warning" },
+      [SEVERITY_INFO]: { icon: "\u2139", cls: "info" }
+    };
+  }
+});
 // src/constants/index.ts
 var init_constants = __esm({
   "src/constants/index.ts"() {
@@ -187,21 +236,8 @@ var init_constants = __esm({
     init_headers();
     init_network();
     init_mcp();
-  }
-});
-// src/instrument/transport.ts
-function setEmitter(fn) {
-  emitter = fn;
-}
-function send(event) {
-  emitter?.(event);
-}
-var emitter;
-var init_transport2 = __esm({
-  "src/instrument/transport.ts"() {
-    "use strict";
-    emitter = null;
+    init_encoding();
+    init_severity();
   }
 });
@@ -221,7 +257,11 @@ var init_context = __esm({
 // src/instrument/hooks/fetch.ts
 import { subscribe } from "diagnostics_channel";
-function isNoise(origin) {
+function setBrakitPort(port) {
+  brakitPort = port;
+}
+function isNoise(origin, path) {
+  if (NOISE_PATH_PATTERNS.some((p) => path.includes(p))) return true;
   try {
     const host = new URL(origin).hostname;
     return NOISE_HOSTS.some((h) => host === h || host.endsWith("." + h));
@@ -229,19 +269,22 @@ function isNoise(origin) {
     return false;
   }
 }
-function setupFetchHook() {
+function setupFetchHook(emit) {
   subscribe("undici:request:create", (message) => {
     const msg = message;
     const req = msg.request;
     const origin = req.origin ?? "";
-    if (isNoise(origin)) return;
+    const path = req.path ?? "/";
+    if (isNoise(origin, path)) return;
+    if (brakitPort && origin.includes(`localhost:${brakitPort}`)) return;
     const ctx = getRequestContext();
+    if (!ctx) return;
     pending.set(msg.request, {
       origin,
       method: req.method ?? "GET",
-      path: req.path ?? "/",
+      path,
       startTime: performance.now(),
-      parentRequestId: ctx?.requestId ?? null
+      parentRequestId: ctx.requestId
     });
   });
   subscribe("undici:request:headers", (message) => {
@@ -249,7 +292,7 @@ function setupFetchHook() {
     const info = pending.get(msg.request);
     if (!info) return;
     pending.delete(msg.request);
-    send({
+    emit({
       type: "fetch",
       data: {
         url: info.origin + info.path,
@@ -266,32 +309,33 @@ function setupFetchHook() {
     pending.delete(msg.request);
   });
 }
-var pending;
+var brakitPort, pending;
 var init_fetch = __esm({
   "src/instrument/hooks/fetch.ts"() {
     "use strict";
-    init_transport2();
     init_context();
     init_constants();
+    brakitPort = 0;
     pending = /* @__PURE__ */ new WeakMap();
   }
 });
 // src/instrument/hooks/console.ts
 import { format } from "util";
-function setupConsoleHook() {
+function setupConsoleHook(emit) {
   for (const level of LEVELS) {
     const original = originals[level];
     console[level] = (...args) => {
       original.apply(console, args);
       const ctx = getRequestContext();
+      if (!ctx) return;
       const message = format(...args);
       const timestamp = Date.now();
-      const parentRequestId = ctx?.requestId ?? null;
+      const parentRequestId = ctx.requestId;
       if (level === "error") {
         const errorArg = args.find((a) => a instanceof Error);
         if (errorArg) {
-          send({
+          emit({
             type: "error",
             data: {
               name: errorArg.name,
@@ -305,7 +349,7 @@ function setupConsoleHook() {
         }
         const match = message.match(/(\w*Error):\s+(.+)/s);
         if (match) {
-          send({
+          emit({
             type: "error",
             data: {
               name: match[1],
@@ -318,7 +362,7 @@ function setupConsoleHook() {
           return;
         }
       }
-      send({
+      emit({
         type: "log",
         data: { level, message, parentRequestId, timestamp }
       });
@@ -329,7 +373,6 @@ var LEVELS, originals;
 var init_console = __esm({
   "src/instrument/hooks/console.ts"() {
     "use strict";
-    init_transport2();
     init_context();
     LEVELS = ["log", "warn", "error", "info", "debug"];
     originals = {
@@ -343,21 +386,24 @@ var init_console = __esm({
 });
 // src/instrument/hooks/errors.ts
-function captureError(err) {
-  const error = err instanceof Error ? err : new Error(String(err));
-  const ctx = getRequestContext();
-  send({
-    type: "error",
-    data: {
-      name: error.name,
-      message: error.message,
-      stack: error.stack ?? "",
-      parentRequestId: ctx?.requestId ?? null,
-      timestamp: Date.now()
-    }
-  });
+function createCaptureError(emit) {
+  return (err) => {
+    const error = err instanceof Error ? err : new Error(String(err));
+    const ctx = getRequestContext();
+    emit({
+      type: "error",
+      data: {
+        name: error.name,
+        message: error.message,
+        stack: error.stack ?? "",
+        parentRequestId: ctx?.requestId ?? null,
+        timestamp: Date.now()
+      }
+    });
+  };
 }
-function setupErrorHook() {
+function setupErrorHook(emit) {
+  const captureError = createCaptureError(emit);
   process.on("uncaughtException", (err) => {
     captureError(err);
     process.removeAllListeners("uncaughtException");
@@ -370,7 +416,6 @@ function setupErrorHook() {
 var init_errors = __esm({
   "src/instrument/hooks/errors.ts"() {
     "use strict";
-    init_transport2();
     init_context();
   }
 });
@@ -743,115 +788,6 @@ var init_adapters = __esm({
   }
 });
-// src/utils/static-patterns.ts
-function isStaticPath(urlPath) {
-  return STATIC_PATTERNS.some((p) => p.test(urlPath));
-}
-var STATIC_PATTERNS;
-var init_static_patterns = __esm({
-  "src/utils/static-patterns.ts"() {
-    "use strict";
-    STATIC_PATTERNS = [
-      /^\/_next\//,
-      /\.(?:js|css|map|ico|png|jpg|jpeg|gif|svg|webp|woff2?|ttf|eot)$/,
-      /^\/favicon/,
-      /^\/__nextjs/
-    ];
-  }
-});
-// src/store/request-store.ts
-function flattenHeaders(headers) {
-  const flat = {};
-  for (const [key, value] of Object.entries(headers)) {
-    if (value === void 0) continue;
-    flat[key] = Array.isArray(value) ? value.join(", ") : value;
-  }
-  return flat;
-}
-var RequestStore;
-var init_request_store = __esm({
-  "src/store/request-store.ts"() {
-    "use strict";
-    init_constants();
-    init_static_patterns();
-    RequestStore = class {
-      constructor(maxEntries = MAX_REQUEST_ENTRIES) {
-        this.maxEntries = maxEntries;
-      }
-      requests = [];
-      listeners = [];
-      capture(input) {
-        const url = input.url;
-        const path = url.split("?")[0];
-        let requestBodyStr = null;
-        if (input.requestBody && input.requestBody.length > 0) {
-          requestBodyStr = input.requestBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
-        }
-        let responseBodyStr = null;
-        if (input.responseBody && input.responseBody.length > 0) {
-          const ct = input.responseContentType;
-          if (ct.includes("json") || ct.includes("text") || ct.includes("html")) {
-            responseBodyStr = input.responseBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
-          }
-        }
-        const entry = {
-          id: input.requestId,
-          method: input.method,
-          url,
-          path,
-          headers: flattenHeaders(input.requestHeaders),
-          requestBody: requestBodyStr,
-          statusCode: input.statusCode,
-          responseHeaders: flattenHeaders(input.responseHeaders),
-          responseBody: responseBodyStr,
-          startedAt: input.startTime,
-          durationMs: Math.round((input.endTime ?? performance.now()) - input.startTime),
-          responseSize: input.responseBody?.length ?? 0,
-          isStatic: isStaticPath(path)
-        };
-        this.requests.push(entry);
-        if (this.requests.length > this.maxEntries) {
-          this.requests.shift();
-        }
-        for (const fn of this.listeners) {
-          fn(entry);
-        }
-        return entry;
-      }
-      getAll() {
-        return this.requests;
-      }
-      clear() {
-        this.requests.length = 0;
-      }
-      onRequest(fn) {
-        this.listeners.push(fn);
-      }
-      offRequest(fn) {
-        const idx = this.listeners.indexOf(fn);
-        if (idx !== -1) this.listeners.splice(idx, 1);
-      }
-    };
-  }
-});
-// src/store/request-log.ts
-var defaultStore, getRequests, clearRequests, onRequest, offRequest;
-var init_request_log = __esm({
-  "src/store/request-log.ts"() {
-    "use strict";
-    init_request_store();
-    init_static_patterns();
-    init_request_store();
-    defaultStore = new RequestStore();
-    getRequests = () => defaultStore.getAll();
-    clearRequests = () => defaultStore.clear();
-    onRequest = (fn) => defaultStore.onRequest(fn);
-    offRequest = (fn) => defaultStore.offRequest(fn);
-  }
-});
 // src/analysis/categorize.ts
 function detectCategory(req) {
   const { method, url, statusCode, responseHeaders } = req;
@@ -1232,884 +1168,458 @@ var init_group = __esm({
   }
 });
-// src/store/telemetry-store.ts
-import { randomUUID as randomUUID3 } from "crypto";
-var TelemetryStore;
-var init_telemetry_store = __esm({
-  "src/store/telemetry-store.ts"() {
-    "use strict";
-    init_constants();
-    TelemetryStore = class {
-      constructor(maxEntries = MAX_TELEMETRY_ENTRIES) {
-        this.maxEntries = maxEntries;
-      }
-      entries = [];
-      listeners = [];
-      add(data) {
-        const entry = { id: randomUUID3(), ...data };
-        this.entries.push(entry);
-        if (this.entries.length > this.maxEntries) this.entries.shift();
-        for (const fn of this.listeners) fn(entry);
-        return entry;
-      }
-      getAll() {
-        return this.entries;
-      }
-      getByRequest(requestId) {
-        return this.entries.filter((e) => e.parentRequestId === requestId);
-      }
-      clear() {
-        this.entries.length = 0;
-      }
-      onEntry(fn) {
-        this.listeners.push(fn);
-      }
-      offEntry(fn) {
-        const idx = this.listeners.indexOf(fn);
-        if (idx !== -1) this.listeners.splice(idx, 1);
-      }
-    };
+// src/dashboard/api/shared.ts
+function maskSensitiveHeaders(headers) {
+  const masked = {};
+  for (const [key, value] of Object.entries(headers)) {
+    if (SENSITIVE_HEADER_NAMES.has(key.toLowerCase())) {
+      const s = String(value);
+      masked[key] = s.length <= SENSITIVE_MASK_MIN_LENGTH ? "****" : s.slice(0, SENSITIVE_MASK_VISIBLE_CHARS) + "..." + s.slice(-SENSITIVE_MASK_VISIBLE_CHARS);
+    } else {
+      masked[key] = value;
+    }
   }
-});
-// src/store/fetch-store.ts
-var FetchStore, defaultFetchStore;
-var init_fetch_store = __esm({
-  "src/store/fetch-store.ts"() {
-    "use strict";
-    init_telemetry_store();
-    FetchStore = class extends TelemetryStore {
-    };
-    defaultFetchStore = new FetchStore();
+  return masked;
+}
+function getCorsOrigin(req) {
+  const origin = req.headers.origin ?? "";
+  try {
+    const url = new URL(origin);
+    if (LOCALHOST_HOSTNAMES.has(url.hostname)) {
+      return origin;
+    }
+  } catch {
   }
-});
-// src/store/log-store.ts
-var LogStore, defaultLogStore;
-var init_log_store = __esm({
-  "src/store/log-store.ts"() {
+  return "";
+}
+function getJsonHeaders(req) {
+  const corsOrigin = getCorsOrigin(req);
+  const headers = {
+    "content-type": "application/json",
+    "cache-control": "no-cache"
+  };
+  if (corsOrigin) {
+    headers["access-control-allow-origin"] = corsOrigin;
+  }
+  return headers;
+}
+function sendJson(req, res, status, data) {
+  res.writeHead(status, getJsonHeaders(req));
+  res.end(JSON.stringify(data));
+}
+function requireGet(req, res) {
+  if (req.method !== "GET") {
+    sendJson(req, res, 405, { error: "Method not allowed" });
+    return false;
+  }
+  return true;
+}
+function handleTelemetryGet(req, res, store) {
+  if (!requireGet(req, res)) return;
+  const url = new URL(req.url ?? "/", "http://localhost");
+  const requestId = url.searchParams.get("requestId");
+  const entries = requestId ? store.getByRequest(requestId) : [...store.getAll()];
+  sendJson(req, res, 200, { total: entries.length, entries: entries.reverse() });
+}
+var init_shared2 = __esm({
+  "src/dashboard/api/shared.ts"() {
     "use strict";
-    init_telemetry_store();
-    LogStore = class extends TelemetryStore {
-    };
-    defaultLogStore = new LogStore();
+    init_constants();
+    init_limits();
   }
 });
-// src/store/error-store.ts
-var ErrorStore, defaultErrorStore;
-var init_error_store = __esm({
-  "src/store/error-store.ts"() {
-    "use strict";
-    init_telemetry_store();
-    ErrorStore = class extends TelemetryStore {
-    };
-    defaultErrorStore = new ErrorStore();
+// src/dashboard/api/handlers.ts
+function sanitizeRequest(r) {
+  return {
+    ...r,
+    headers: maskSensitiveHeaders(r.headers),
+    responseHeaders: maskSensitiveHeaders(r.responseHeaders)
+  };
+}
+function createRequestsHandler(registry) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const method = url.searchParams.get("method");
+    const status = url.searchParams.get("status");
+    const search = url.searchParams.get("search");
+    const limit = parseInt(
+      url.searchParams.get("limit") ?? String(DEFAULT_API_LIMIT),
+      10
+    );
+    const offset = parseInt(url.searchParams.get("offset") ?? "0", 10);
+    let results = [...registry.get("request-store").getAll()].reverse();
+    if (method) {
+      results = results.filter((r) => r.method === method.toUpperCase());
+    }
+    if (status) {
+      if (status.endsWith("xx")) {
+        const prefix = parseInt(status[0], 10);
+        results = results.filter(
+          (r) => Math.floor(r.statusCode / 100) === prefix
+        );
+      } else {
+        const code = parseInt(status, 10);
+        results = results.filter((r) => r.statusCode === code);
+      }
+    }
+    if (search) {
+      const lower = search.toLowerCase();
+      results = results.filter(
+        (r) => r.url.toLowerCase().includes(lower) || r.requestBody?.toLowerCase().includes(lower) || r.responseBody?.toLowerCase().includes(lower)
+      );
+    }
+    const total = results.length;
+    results = results.slice(offset, offset + limit);
+    const sanitized = results.map(sanitizeRequest);
+    sendJson(req, res, 200, { total, requests: sanitized });
+  };
+}
+function createFlowsHandler(registry) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    const flows = groupRequestsIntoFlows(registry.get("request-store").getAll()).reverse().map((flow) => ({
+      ...flow,
+      requests: flow.requests.map(sanitizeRequest)
+    }));
+    sendJson(req, res, 200, { total: flows.length, flows });
+  };
+}
+function createClearHandler(registry) {
+  return (req, res) => {
+    if (req.method !== "POST") {
+      sendJson(req, res, 405, { error: "Method not allowed" });
+      return;
+    }
+    registry.get("request-store").clear();
+    registry.get("fetch-store").clear();
+    registry.get("log-store").clear();
+    registry.get("error-store").clear();
+    registry.get("query-store").clear();
+    registry.get("metrics-store").reset();
+    if (registry.has("finding-store")) registry.get("finding-store").clear();
+    registry.get("event-bus").emit("store:cleared", void 0);
+    sendJson(req, res, 200, { cleared: true });
+  };
+}
+function createFetchesHandler(registry) {
+  return (req, res) => handleTelemetryGet(req, res, registry.get("fetch-store"));
+}
+function createLogsHandler(registry) {
+  return (req, res) => handleTelemetryGet(req, res, registry.get("log-store"));
+}
+function createErrorsHandler(registry) {
+  return (req, res) => handleTelemetryGet(req, res, registry.get("error-store"));
+}
+function createQueriesHandler(registry) {
+  return (req, res) => handleTelemetryGet(req, res, registry.get("query-store"));
+}
+var init_handlers = __esm({
+  "src/dashboard/api/handlers.ts"() {
+    "use strict";
+    init_group();
+    init_constants();
+    init_shared2();
   }
 });
-// src/store/query-store.ts
-var QueryStore, defaultQueryStore;
-var init_query_store = __esm({
-  "src/store/query-store.ts"() {
+// src/dashboard/api/ingest.ts
+function isBrakitBatch(msg) {
+  return typeof msg === "object" && msg !== null && "_brakit" in msg && msg._brakit === true && !("version" in msg);
+}
+function isSDKPayload(msg) {
+  return typeof msg === "object" && msg !== null && "_brakit" in msg && "version" in msg && typeof msg.version === "number";
+}
+function createIngestHandler(registry) {
+  const routeEvent = (event) => {
+    switch (event.type) {
+      case "fetch":
+        registry.get("fetch-store").add(event.data);
+        break;
+      case "log":
+        registry.get("log-store").add(event.data);
+        break;
+      case "error":
+        registry.get("error-store").add(event.data);
+        break;
+      case "query":
+        registry.get("query-store").add(event.data);
+        break;
+    }
+  };
+  const routeSDKEvent = (event) => {
+    const ts = event.timestamp || Date.now();
+    const parentRequestId = event.requestId ?? null;
+    switch (event.type) {
+      case "db.query":
+        registry.get("query-store").add({
+          driver: event.data.source ?? "sdk",
+          source: event.data.source ?? "sdk",
+          sql: event.data.sql,
+          model: event.data.model,
+          operation: event.data.operation,
+          normalizedOp: event.data.normalizedOp ?? event.data.operation ?? "OTHER",
+          table: event.data.table ?? "",
+          durationMs: event.data.duration ?? event.data.durationMs ?? 0,
+          rowCount: event.data.rowCount,
+          parentRequestId,
+          timestamp: ts
+        });
+        break;
+      case "fetch":
+        registry.get("fetch-store").add({
+          url: event.data.url ?? "",
+          method: event.data.method ?? "GET",
+          statusCode: event.data.statusCode ?? 0,
+          durationMs: event.data.duration ?? event.data.durationMs ?? 0,
+          parentRequestId,
+          timestamp: ts
+        });
+        break;
+      case "log":
+        registry.get("log-store").add({
+          level: event.data.level ?? "log",
+          message: event.data.message ?? "",
+          parentRequestId,
+          timestamp: ts
+        });
+        break;
+      case "error":
+        registry.get("error-store").add({
+          name: event.data.name ?? "Error",
+          message: event.data.message ?? "",
+          stack: event.data.stack ?? "",
+          parentRequestId,
+          timestamp: ts
+        });
+        break;
+      case "auth.check":
+        registry.get("log-store").add({
+          level: "info",
+          message: `[auth] ${event.data.provider ?? "unknown"}: ${event.data.result ?? "check"}`,
+          parentRequestId,
+          timestamp: ts
+        });
+        break;
+    }
+  };
+  return (req, res) => {
+    if (req.method !== "POST") {
+      sendJson(req, res, 405, { error: "Method not allowed" });
+      return;
+    }
+    const chunks = [];
+    let totalSize = 0;
+    req.on("data", (chunk) => {
+      totalSize += chunk.length;
+      if (totalSize > MAX_INGEST_BYTES) {
+        sendJson(req, res, 413, { error: "Payload too large" });
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      if (totalSize > MAX_INGEST_BYTES) return;
+      try {
+        const body = JSON.parse(Buffer.concat(chunks).toString());
+        if (isSDKPayload(body)) {
+          for (const event of body.events) {
+            routeSDKEvent(event);
+          }
+          res.writeHead(204);
+          res.end();
+          return;
+        }
+        if (isBrakitBatch(body)) {
+          for (const event of body.events) {
+            routeEvent(event);
+          }
+          res.writeHead(204);
+          res.end();
+          return;
+        }
+        sendJson(req, res, 400, { error: "Invalid batch" });
+      } catch {
+        sendJson(req, res, 400, { error: "Invalid JSON" });
+      }
+    });
+  };
+}
+var init_ingest = __esm({
+  "src/dashboard/api/ingest.ts"() {
     "use strict";
-    init_telemetry_store();
-    QueryStore = class extends TelemetryStore {
-    };
-    defaultQueryStore = new QueryStore();
+    init_limits();
+    init_shared2();
   }
 });
-// src/utils/math.ts
-function percentile(values, p) {
-  if (values.length === 0) return 0;
-  const sorted = [...values].sort((a, b) => a - b);
-  const idx = Math.ceil(p * sorted.length) - 1;
-  return Math.round(sorted[Math.max(0, idx)]);
+// src/dashboard/api/metrics.ts
+function createMetricsHandler(metricsStore) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const endpoint = url.searchParams.get("endpoint");
+    if (endpoint) {
+      const ep = metricsStore.getEndpoint(endpoint);
+      sendJson(req, res, 200, { endpoints: ep ? [ep] : [] });
+      return;
+    }
+    sendJson(req, res, 200, { endpoints: metricsStore.getAll() });
+  };
 }
-var init_math = __esm({
-  "src/utils/math.ts"() {
+var init_metrics2 = __esm({
+  "src/dashboard/api/metrics.ts"() {
     "use strict";
+    init_shared2();
   }
 });
-// src/utils/endpoint.ts
-function getEndpointKey(method, path) {
-  return `${method} ${path}`;
+// src/dashboard/api/metrics-live.ts
+function createLiveMetricsHandler(metricsStore) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    sendJson(req, res, 200, { endpoints: metricsStore.getLiveEndpoints() });
+  };
 }
-function extractEndpointFromDesc(desc) {
-  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+var init_metrics_live = __esm({
+  "src/dashboard/api/metrics-live.ts"() {
+    "use strict";
+    init_shared2();
+  }
+});
+// src/dashboard/api/activity.ts
+function createActivityHandler(registry) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    try {
+      const url = new URL(req.url ?? "/", "http://localhost");
+      const requestId = url.searchParams.get("requestId");
+      if (!requestId) {
+        sendJson(req, res, 400, { error: "requestId parameter required" });
+        return;
+      }
+      const fetches = registry.get("fetch-store").getByRequest(requestId);
+      const logs = registry.get("log-store").getByRequest(requestId);
+      const errors = registry.get("error-store").getByRequest(requestId);
+      const queries = registry.get("query-store").getByRequest(requestId);
+      const timeline = [];
+      for (const f of fetches)
+        timeline.push({ type: "fetch", timestamp: f.timestamp, data: { ...f } });
+      for (const l of logs)
+        timeline.push({ type: "log", timestamp: l.timestamp, data: { ...l } });
+      for (const e of errors)
+        timeline.push({ type: "error", timestamp: e.timestamp, data: { ...e } });
+      for (const q of queries)
+        timeline.push({ type: "query", timestamp: q.timestamp, data: { ...q } });
+      timeline.sort((a, b) => a.timestamp - b.timestamp);
+      sendJson(req, res, 200, {
+        requestId,
+        total: timeline.length,
+        timeline,
+        counts: {
+          fetches: fetches.length,
+          logs: logs.length,
+          errors: errors.length,
+          queries: queries.length
+        }
+      });
+    } catch (err) {
+      console.error("[brakit] activity handler error:", err);
+      if (!res.headersSent) {
+        sendJson(req, res, 500, { error: "Internal error" });
+      }
+    }
+  };
 }
-var ENDPOINT_PREFIX_RE;
-var init_endpoint = __esm({
-  "src/utils/endpoint.ts"() {
+var init_activity = __esm({
+  "src/dashboard/api/activity.ts"() {
     "use strict";
-    ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
+    init_shared2();
   }
 });
-// src/store/metrics/metrics-store.ts
-import { randomUUID as randomUUID4 } from "crypto";
-function createAccumulator() {
-  return {
-    durations: [],
-    queryCounts: [],
-    errorCount: 0,
-    totalDurationSum: 0,
-    totalRequestCount: 0,
-    totalErrorCount: 0,
-    totalQuerySum: 0,
-    totalQueryTimeMs: 0,
-    totalFetchTimeMs: 0
+// src/dashboard/api/index.ts
+var init_api = __esm({
+  "src/dashboard/api/index.ts"() {
+    "use strict";
+    init_handlers();
+    init_ingest();
+    init_metrics2();
+    init_metrics_live();
+    init_activity();
+  }
+});
+// src/dashboard/api/insights.ts
+function createInsightsHandler(engine) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    sendJson(req, res, 200, { insights: engine.getStatefulInsights() });
   };
 }
-var MetricsStore;
-var init_metrics_store = __esm({
-  "src/store/metrics/metrics-store.ts"() {
+function createSecurityHandler(engine) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    sendJson(req, res, 200, { findings: engine.getStatefulFindings() });
+  };
+}
+var init_insights = __esm({
+  "src/dashboard/api/insights.ts"() {
     "use strict";
-    init_constants();
-    init_math();
-    init_endpoint();
-    MetricsStore = class {
-      constructor(persistence) {
-        this.persistence = persistence;
-        this.data = persistence.load();
-        for (const ep of this.data.endpoints) {
-          this.endpointIndex.set(ep.endpoint, ep);
-        }
-      }
-      data;
-      endpointIndex = /* @__PURE__ */ new Map();
-      sessionId = randomUUID4();
-      sessionStart = Date.now();
-      flushTimer = null;
-      accumulators = /* @__PURE__ */ new Map();
-      pendingPoints = /* @__PURE__ */ new Map();
-      start() {
-        this.flushTimer = setInterval(
-          () => this.flush(),
-          METRICS_FLUSH_INTERVAL_MS
-        );
-        this.flushTimer.unref();
+    init_shared2();
+  }
+});
+// src/dashboard/api/findings.ts
+function createFindingsHandler(findingStore) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const stateParam = url.searchParams.get("state");
+    let findings;
+    if (stateParam && VALID_STATES.has(stateParam)) {
+      findings = findingStore.getByState(stateParam);
+    } else {
+      findings = findingStore.getAll();
+    }
+    sendJson(req, res, 200, {
+      total: findings.length,
+      findings
+    });
+  };
+}
+var VALID_STATES;
+var init_findings = __esm({
+  "src/dashboard/api/findings.ts"() {
+    "use strict";
+    init_shared2();
+    VALID_STATES = /* @__PURE__ */ new Set(["open", "fixing", "resolved"]);
+  }
+});
+// src/core/disposable.ts
+var SubscriptionBag;
+var init_disposable = __esm({
+  "src/core/disposable.ts"() {
+    "use strict";
+    SubscriptionBag = class {
+      items = [];
+      add(teardown) {
+        this.items.push(typeof teardown === "function" ? { dispose: teardown } : teardown);
       }
-      stop() {
-        if (this.flushTimer) {
-          clearInterval(this.flushTimer);
-          this.flushTimer = null;
-        }
-        this.flush(true);
+      dispose() {
+        for (const d of this.items) d.dispose();
+        this.items.length = 0;
       }
-      recordRequest(req, metrics) {
-        if (req.isStatic) return;
-        const key = getEndpointKey(req.method, req.path);
-        let acc = this.accumulators.get(key);
-        if (!acc) {
-          acc = createAccumulator();
-          this.accumulators.set(key, acc);
-        }
-        acc.durations.push(req.durationMs);
-        acc.queryCounts.push(metrics.queryCount);
-        if (req.statusCode >= 400) acc.errorCount++;
-        acc.totalDurationSum += req.durationMs;
-        acc.totalRequestCount++;
-        acc.totalQuerySum += metrics.queryCount;
-        acc.totalQueryTimeMs += metrics.queryTimeMs;
-        acc.totalFetchTimeMs += metrics.fetchTimeMs;
-        if (req.statusCode >= 400) acc.totalErrorCount++;
-        const timestamp = Math.round(
-          Date.now() - (performance.now() - req.startedAt)
-        );
-        const point = {
-          timestamp,
-          durationMs: req.durationMs,
-          statusCode: req.statusCode,
-          queryCount: metrics.queryCount,
-          queryTimeMs: metrics.queryTimeMs,
-          fetchTimeMs: metrics.fetchTimeMs
-        };
-        let pending2 = this.pendingPoints.get(key);
-        if (!pending2) {
-          pending2 = [];
-          this.pendingPoints.set(key, pending2);
-        }
-        pending2.push(point);
-      }
-      getAll() {
-        return this.data.endpoints;
-      }
-      getEndpoint(endpoint) {
-        return this.endpointIndex.get(endpoint);
-      }
-      getLiveEndpoints() {
-        const merged = /* @__PURE__ */ new Map();
-        for (const ep of this.data.endpoints) {
-          if (ep.dataPoints && ep.dataPoints.length > 0) {
-            merged.set(ep.endpoint, ep.dataPoints);
-          }
-        }
-        for (const [endpoint, points] of this.pendingPoints) {
-          const existing = merged.get(endpoint);
-          merged.set(endpoint, existing ? existing.concat(points) : points);
-        }
-        const endpoints = [];
-        for (const [endpoint, requests] of merged) {
-          if (requests.length === 0) continue;
-          const durations = requests.map((r) => r.durationMs);
-          const errors = requests.filter((r) => r.statusCode >= 400).length;
-          const totalQueries = requests.reduce((s, r) => s + r.queryCount, 0);
-          const totalQueryTime = requests.reduce((s, r) => s + (r.queryTimeMs ?? 0), 0);
-          const totalFetchTime = requests.reduce((s, r) => s + (r.fetchTimeMs ?? 0), 0);
-          const n = requests.length;
-          const avgDurationMs = Math.round(durations.reduce((s, d) => s + d, 0) / n);
-          const avgQueryTimeMs = Math.round(totalQueryTime / n);
-          const avgFetchTimeMs = Math.round(totalFetchTime / n);
-          endpoints.push({
-            endpoint,
-            requests,
-            summary: {
-              p95Ms: percentile(durations, 0.95),
-              errorRate: errors / n,
-              avgQueryCount: Math.round(totalQueries / n),
-              totalRequests: n,
-              avgQueryTimeMs,
-              avgFetchTimeMs,
-              avgAppTimeMs: Math.max(0, avgDurationMs - avgQueryTimeMs - avgFetchTimeMs)
-            }
-          });
-        }
-        endpoints.sort((a, b) => b.summary.p95Ms - a.summary.p95Ms);
-        return endpoints;
-      }
-      reset() {
-        this.data = { version: 1, endpoints: [] };
-        this.endpointIndex.clear();
-        this.accumulators.clear();
-        this.pendingPoints.clear();
-        this.persistence.remove();
-      }
-      flush(sync = false) {
-        for (const [endpoint, acc] of this.accumulators) {
-          if (acc.durations.length === 0) continue;
-          const n = acc.totalRequestCount;
-          const session = {
-            sessionId: this.sessionId,
-            startedAt: this.sessionStart,
-            avgDurationMs: Math.round(acc.totalDurationSum / n),
-            p95DurationMs: percentile(acc.durations, 0.95),
-            requestCount: n,
-            errorCount: acc.totalErrorCount,
-            avgQueryCount: n > 0 ? Math.round(acc.totalQuerySum / n) : 0,
-            avgQueryTimeMs: n > 0 ? Math.round(acc.totalQueryTimeMs / n) : 0,
-            avgFetchTimeMs: n > 0 ? Math.round(acc.totalFetchTimeMs / n) : 0
-          };
-          const epMetrics = this.getOrCreateEndpoint(endpoint);
-          const existingIdx = epMetrics.sessions.findIndex(
-            (s) => s.sessionId === this.sessionId
-          );
-          if (existingIdx !== -1) {
-            epMetrics.sessions[existingIdx] = session;
-          } else {
-            epMetrics.sessions.push(session);
-          }
-          if (epMetrics.sessions.length > METRICS_MAX_SESSIONS) {
-            epMetrics.sessions = epMetrics.sessions.slice(-METRICS_MAX_SESSIONS);
-          }
-          acc.durations.length = 0;
-          acc.queryCounts.length = 0;
-          acc.errorCount = 0;
-        }
-        for (const [endpoint, points] of this.pendingPoints) {
-          if (points.length === 0) continue;
-          const epMetrics = this.getOrCreateEndpoint(endpoint);
-          const existing = epMetrics.dataPoints ?? [];
-          epMetrics.dataPoints = existing.concat(points).slice(-METRICS_MAX_DATA_POINTS);
-        }
-        this.pendingPoints.clear();
-        if (sync) {
-          this.persistence.saveSync(this.data);
-        } else {
-          this.persistence.save(this.data);
-        }
-      }
-      getOrCreateEndpoint(endpoint) {
-        let ep = this.endpointIndex.get(endpoint);
-        if (!ep) {
-          ep = { endpoint, sessions: [] };
-          this.data.endpoints.push(ep);
-          this.endpointIndex.set(endpoint, ep);
-        }
-        return ep;
-      }
-    };
-  }
-});
-// src/utils/fs.ts
-import { access } from "fs/promises";
-import { existsSync, readFileSync, writeFileSync } from "fs";
-import { resolve } from "path";
-function ensureGitignore(dir, entry) {
-  try {
-    const gitignorePath = resolve(dir, "../.gitignore");
-    if (existsSync(gitignorePath)) {
-      const content = readFileSync(gitignorePath, "utf-8");
-      if (content.split("\n").some((l) => l.trim() === entry)) return;
-      writeFileSync(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
-    } else {
-      writeFileSync(gitignorePath, entry + "\n");
-    }
-  } catch {
-  }
-}
-var init_fs = __esm({
-  "src/utils/fs.ts"() {
-    "use strict";
-  }
-});
-// src/store/metrics/persistence.ts
-import {
-  readFileSync as readFileSync2,
-  writeFileSync as writeFileSync2,
-  mkdirSync as mkdirSync2,
-  existsSync as existsSync2,
-  unlinkSync,
-  renameSync
-} from "fs";
-import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
-import { resolve as resolve2 } from "path";
-var FileMetricsPersistence;
-var init_persistence = __esm({
-  "src/store/metrics/persistence.ts"() {
-    "use strict";
-    init_constants();
-    init_fs();
-    FileMetricsPersistence = class {
-      metricsDir;
-      metricsPath;
-      tmpPath;
-      writing = false;
-      pendingData = null;
-      constructor(rootDir) {
-        this.metricsDir = resolve2(rootDir, METRICS_DIR);
-        this.metricsPath = resolve2(rootDir, METRICS_FILE);
-        this.tmpPath = this.metricsPath + ".tmp";
-      }
-      load() {
-        try {
-          if (existsSync2(this.metricsPath)) {
-            const raw = readFileSync2(this.metricsPath, "utf-8");
-            const parsed = JSON.parse(raw);
-            if (parsed?.version === 1 && Array.isArray(parsed.endpoints)) {
-              return parsed;
-            }
-          }
-        } catch (err) {
-          process.stderr.write(`[brakit] failed to load metrics: ${err.message}
-`);
-        }
-        return { version: 1, endpoints: [] };
-      }
-      save(data) {
-        if (this.writing) {
-          this.pendingData = data;
-          return;
-        }
-        this.writeAsync(data);
-      }
-      saveSync(data) {
-        try {
-          this.ensureDir();
-          writeFileSync2(this.tmpPath, JSON.stringify(data));
-          renameSync(this.tmpPath, this.metricsPath);
-        } catch (err) {
-          process.stderr.write(`[brakit] failed to save metrics: ${err.message}
-`);
-        }
-      }
-      remove() {
-        try {
-          if (existsSync2(this.metricsPath)) {
-            unlinkSync(this.metricsPath);
-          }
-        } catch {
-        }
-      }
-      async writeAsync(data) {
-        this.writing = true;
-        try {
-          if (!existsSync2(this.metricsDir)) {
-            await mkdir(this.metricsDir, { recursive: true });
-            ensureGitignore(this.metricsDir, METRICS_DIR);
-          }
-          await writeFile2(this.tmpPath, JSON.stringify(data));
-          await rename(this.tmpPath, this.metricsPath);
-        } catch (err) {
-          process.stderr.write(`[brakit] failed to save metrics: ${err.message}
-`);
-        } finally {
-          this.writing = false;
-          if (this.pendingData) {
-            const next = this.pendingData;
-            this.pendingData = null;
-            this.writeAsync(next);
-          }
-        }
-      }
-      ensureDir() {
-        if (!existsSync2(this.metricsDir)) {
-          mkdirSync2(this.metricsDir, { recursive: true });
-          ensureGitignore(this.metricsDir, METRICS_DIR);
-        }
-      }
-    };
-  }
-});
-// src/store/index.ts
-var init_store = __esm({
-  "src/store/index.ts"() {
-    "use strict";
-    init_request_store();
-    init_telemetry_store();
-    init_fetch_store();
-    init_log_store();
-    init_error_store();
-    init_query_store();
-    init_metrics_store();
-    init_persistence();
-  }
-});
-// src/dashboard/api/shared.ts
-function maskSensitiveHeaders(headers) {
-  const masked = {};
-  for (const [key, value] of Object.entries(headers)) {
-    if (SENSITIVE_HEADER_NAMES.has(key.toLowerCase())) {
-      const s = String(value);
-      masked[key] = s.length <= SENSITIVE_MASK_MIN_LENGTH ? "****" : s.slice(0, SENSITIVE_MASK_VISIBLE_CHARS) + "..." + s.slice(-SENSITIVE_MASK_VISIBLE_CHARS);
-    } else {
-      masked[key] = value;
-    }
-  }
-  return masked;
-}
-function getCorsOrigin(req) {
-  const origin = req.headers.origin ?? "";
-  try {
-    const url = new URL(origin);
-    if (LOCALHOST_HOSTNAMES.has(url.hostname)) {
-      return origin;
-    }
-  } catch {
-  }
-  return "";
-}
-function getJsonHeaders(req) {
-  const corsOrigin = getCorsOrigin(req);
-  const headers = {
-    "content-type": "application/json",
-    "cache-control": "no-cache"
-  };
-  if (corsOrigin) {
-    headers["access-control-allow-origin"] = corsOrigin;
-  }
-  return headers;
-}
-function sendJson(req, res, status, data) {
-  res.writeHead(status, getJsonHeaders(req));
-  res.end(JSON.stringify(data));
-}
-function requireGet(req, res) {
-  if (req.method !== "GET") {
-    sendJson(req, res, 405, { error: "Method not allowed" });
-    return false;
-  }
-  return true;
-}
-function handleTelemetryGet(req, res, store) {
-  if (!requireGet(req, res)) return;
-  const url = new URL(req.url ?? "/", "http://localhost");
-  const requestId = url.searchParams.get("requestId");
-  const entries = requestId ? store.getByRequest(requestId) : [...store.getAll()];
-  sendJson(req, res, 200, { total: entries.length, entries: entries.reverse() });
-}
-var init_shared2 = __esm({
-  "src/dashboard/api/shared.ts"() {
-    "use strict";
-    init_constants();
-    init_limits();
-  }
-});
-// src/dashboard/api/handlers.ts
-function handleApiRequests(req, res) {
-  if (!requireGet(req, res)) return;
-  const url = new URL(req.url ?? "/", "http://localhost");
-  const method = url.searchParams.get("method");
-  const status = url.searchParams.get("status");
-  const search = url.searchParams.get("search");
-  const limit = parseInt(
-    url.searchParams.get("limit") ?? String(DEFAULT_API_LIMIT),
-    10
-  );
-  const offset = parseInt(url.searchParams.get("offset") ?? "0", 10);
-  let results = [...getRequests()].reverse();
-  if (method) {
-    results = results.filter((r) => r.method === method.toUpperCase());
-  }
-  if (status) {
-    if (status.endsWith("xx")) {
-      const prefix = parseInt(status[0], 10);
-      results = results.filter(
-        (r) => Math.floor(r.statusCode / 100) === prefix
-      );
-    } else {
-      const code = parseInt(status, 10);
-      results = results.filter((r) => r.statusCode === code);
-    }
-  }
-  if (search) {
-    const lower = search.toLowerCase();
-    results = results.filter(
-      (r) => r.url.toLowerCase().includes(lower) || r.requestBody?.toLowerCase().includes(lower) || r.responseBody?.toLowerCase().includes(lower)
-    );
-  }
-  const total = results.length;
-  results = results.slice(offset, offset + limit);
-  const sanitized = results.map(sanitizeRequest);
-  sendJson(req, res, 200, { total, requests: sanitized });
-}
-function sanitizeRequest(r) {
-  return {
-    ...r,
-    headers: maskSensitiveHeaders(r.headers),
-    responseHeaders: maskSensitiveHeaders(r.responseHeaders)
-  };
-}
-function handleApiFlows(req, res) {
-  if (!requireGet(req, res)) return;
-  const flows = groupRequestsIntoFlows(getRequests()).reverse().map((flow) => ({
-    ...flow,
-    requests: flow.requests.map(sanitizeRequest)
-  }));
-  sendJson(req, res, 200, { total: flows.length, flows });
-}
-function createClearHandler(metricsStore, findingStore) {
-  return (req, res) => {
-    if (req.method !== "POST") {
-      sendJson(req, res, 405, { error: "Method not allowed" });
-      return;
-    }
-    clearRequests();
-    defaultFetchStore.clear();
-    defaultLogStore.clear();
-    defaultErrorStore.clear();
-    defaultQueryStore.clear();
-    metricsStore.reset();
-    findingStore?.clear();
-    sendJson(req, res, 200, { cleared: true });
-  };
-}
-function handleApiFetches(req, res) {
-  handleTelemetryGet(req, res, defaultFetchStore);
-}
-function handleApiLogs(req, res) {
-  handleTelemetryGet(req, res, defaultLogStore);
-}
-function handleApiErrors(req, res) {
-  handleTelemetryGet(req, res, defaultErrorStore);
-}
-function handleApiQueries(req, res) {
-  handleTelemetryGet(req, res, defaultQueryStore);
-}
-var init_handlers = __esm({
-  "src/dashboard/api/handlers.ts"() {
-    "use strict";
-    init_request_log();
-    init_group();
-    init_store();
-    init_constants();
-    init_shared2();
-  }
-});
-// src/dashboard/api/ingest.ts
-function isBrakitBatch(msg) {
-  return typeof msg === "object" && msg !== null && "_brakit" in msg && msg._brakit === true && !("version" in msg);
-}
-function routeEvent(event) {
-  switch (event.type) {
-    case "fetch":
-      defaultFetchStore.add(event.data);
-      break;
-    case "log":
-      defaultLogStore.add(event.data);
-      break;
-    case "error":
-      defaultErrorStore.add(event.data);
-      break;
-    case "query":
-      defaultQueryStore.add(event.data);
-      break;
-  }
-}
-function isSDKPayload(msg) {
-  return typeof msg === "object" && msg !== null && "_brakit" in msg && "version" in msg && typeof msg.version === "number";
-}
-function routeSDKEvent(event) {
-  const ts = event.timestamp || Date.now();
-  const parentRequestId = event.requestId ?? null;
-  switch (event.type) {
-    case "db.query":
-      defaultQueryStore.add({
-        driver: event.data.source ?? "sdk",
-        source: event.data.source ?? "sdk",
-        sql: event.data.sql,
-        model: event.data.model,
-        operation: event.data.operation,
-        normalizedOp: event.data.normalizedOp ?? event.data.operation ?? "OTHER",
-        table: event.data.table ?? "",
-        durationMs: event.data.duration ?? event.data.durationMs ?? 0,
-        rowCount: event.data.rowCount,
-        parentRequestId,
-        timestamp: ts
-      });
-      break;
-    case "fetch":
-      defaultFetchStore.add({
-        url: event.data.url ?? "",
-        method: event.data.method ?? "GET",
-        statusCode: event.data.statusCode ?? 0,
-        durationMs: event.data.duration ?? event.data.durationMs ?? 0,
-        parentRequestId,
-        timestamp: ts
-      });
-      break;
-    case "log":
-      defaultLogStore.add({
-        level: event.data.level ?? "log",
-        message: event.data.message ?? "",
-        parentRequestId,
-        timestamp: ts
-      });
-      break;
-    case "error":
-      defaultErrorStore.add({
-        name: event.data.name ?? "Error",
-        message: event.data.message ?? "",
-        stack: event.data.stack ?? "",
-        parentRequestId,
-        timestamp: ts
-      });
-      break;
-    case "auth.check":
-      defaultLogStore.add({
-        level: "info",
-        message: `[auth] ${event.data.provider ?? "unknown"}: ${event.data.result ?? "check"}`,
-        parentRequestId,
-        timestamp: ts
-      });
-      break;
-  }
-}
-function handleApiIngest(req, res) {
-  if (req.method !== "POST") {
-    sendJson(req, res, 405, { error: "Method not allowed" });
-    return;
-  }
-  const chunks = [];
-  let totalSize = 0;
-  req.on("data", (chunk) => {
-    totalSize += chunk.length;
-    if (totalSize > MAX_INGEST_BYTES) {
-      sendJson(req, res, 413, { error: "Payload too large" });
-      req.destroy();
-      return;
-    }
-    chunks.push(chunk);
-  });
-  req.on("end", () => {
-    if (totalSize > MAX_INGEST_BYTES) return;
-    try {
-      const body = JSON.parse(Buffer.concat(chunks).toString());
-      if (isSDKPayload(body)) {
-        for (const event of body.events) {
-          routeSDKEvent(event);
-        }
-        res.writeHead(204);
-        res.end();
-        return;
-      }
-      if (isBrakitBatch(body)) {
-        for (const event of body.events) {
-          routeEvent(event);
-        }
-        res.writeHead(204);
-        res.end();
-        return;
-      }
-      sendJson(req, res, 400, { error: "Invalid batch" });
-    } catch {
-      sendJson(req, res, 400, { error: "Invalid JSON" });
-    }
-  });
-}
-var init_ingest = __esm({
-  "src/dashboard/api/ingest.ts"() {
-    "use strict";
-    init_store();
-    init_limits();
-    init_shared2();
-  }
-});
-// src/dashboard/api/metrics.ts
-function createMetricsHandler(metricsStore) {
-  return (req, res) => {
-    if (!requireGet(req, res)) return;
-    const url = new URL(req.url ?? "/", "http://localhost");
-    const endpoint = url.searchParams.get("endpoint");
-    if (endpoint) {
-      const ep = metricsStore.getEndpoint(endpoint);
-      sendJson(req, res, 200, { endpoints: ep ? [ep] : [] });
-      return;
-    }
-    sendJson(req, res, 200, { endpoints: metricsStore.getAll() });
-  };
-}
-var init_metrics2 = __esm({
-  "src/dashboard/api/metrics.ts"() {
-    "use strict";
-    init_shared2();
-  }
-});
-// src/dashboard/api/metrics-live.ts
-function createLiveMetricsHandler(metricsStore) {
-  return (req, res) => {
-    if (!requireGet(req, res)) return;
-    sendJson(req, res, 200, { endpoints: metricsStore.getLiveEndpoints() });
-  };
-}
-var init_metrics_live = __esm({
-  "src/dashboard/api/metrics-live.ts"() {
-    "use strict";
-    init_shared2();
-  }
-});
-// src/dashboard/api/activity.ts
-function handleApiActivity(req, res) {
-  if (!requireGet(req, res)) return;
-  try {
-    const url = new URL(req.url ?? "/", "http://localhost");
-    const requestId = url.searchParams.get("requestId");
-    if (!requestId) {
-      sendJson(req, res, 400, { error: "requestId parameter required" });
-      return;
-    }
-    const fetches = defaultFetchStore.getByRequest(requestId);
-    const logs = defaultLogStore.getByRequest(requestId);
-    const errors = defaultErrorStore.getByRequest(requestId);
-    const queries = defaultQueryStore.getByRequest(requestId);
-    const timeline = [];
-    for (const f of fetches)
-      timeline.push({ type: "fetch", timestamp: f.timestamp, data: { ...f } });
-    for (const l of logs)
-      timeline.push({ type: "log", timestamp: l.timestamp, data: { ...l } });
-    for (const e of errors)
-      timeline.push({ type: "error", timestamp: e.timestamp, data: { ...e } });
-    for (const q of queries)
-      timeline.push({ type: "query", timestamp: q.timestamp, data: { ...q } });
-    timeline.sort((a, b) => a.timestamp - b.timestamp);
-    sendJson(req, res, 200, {
-      requestId,
-      total: timeline.length,
-      timeline,
-      counts: {
-        fetches: fetches.length,
-        logs: logs.length,
-        errors: errors.length,
-        queries: queries.length
-      }
-    });
-  } catch (err) {
-    console.error("[brakit] activity handler error:", err);
-    if (!res.headersSent) {
-      sendJson(req, res, 500, { error: "Internal error" });
-    }
-  }
-}
-var init_activity = __esm({
-  "src/dashboard/api/activity.ts"() {
-    "use strict";
-    init_store();
-    init_shared2();
-  }
-});
-// src/dashboard/api/index.ts
-var init_api = __esm({
-  "src/dashboard/api/index.ts"() {
-    "use strict";
-    init_handlers();
-    init_ingest();
-    init_metrics2();
-    init_metrics_live();
-    init_activity();
-  }
-});
-// src/dashboard/api/insights.ts
-function createInsightsHandler(engine) {
-  return (req, res) => {
-    if (!requireGet(req, res)) return;
-    sendJson(req, res, 200, { insights: engine.getStatefulInsights() });
-  };
-}
-function createSecurityHandler(engine) {
-  return (req, res) => {
-    if (!requireGet(req, res)) return;
-    sendJson(req, res, 200, { findings: engine.getStatefulFindings() });
-  };
-}
-var init_insights = __esm({
-  "src/dashboard/api/insights.ts"() {
-    "use strict";
-    init_shared2();
-  }
-});
-// src/dashboard/api/findings.ts
-function createFindingsHandler(findingStore) {
-  return (req, res) => {
-    if (!requireGet(req, res)) return;
-    const url = new URL(req.url ?? "/", "http://localhost");
-    const stateParam = url.searchParams.get("state");
-    let findings;
-    if (stateParam && VALID_STATES.has(stateParam)) {
-      findings = findingStore.getByState(stateParam);
-    } else {
-      findings = findingStore.getAll();
-    }
-    sendJson(req, res, 200, {
-      total: findings.length,
-      findings
-    });
-  };
-}
-var VALID_STATES;
-var init_findings = __esm({
-  "src/dashboard/api/findings.ts"() {
-    "use strict";
-    init_shared2();
-    VALID_STATES = /* @__PURE__ */ new Set(["open", "fixing", "resolved"]);
+    };
   }
 });
 // src/dashboard/sse.ts
-function createSSEHandler(engine) {
+function createSSEHandler(registry) {
   return (req, res) => {
     res.writeHead(200, {
       "content-type": "text/event-stream",
@@ -2131,31 +1641,17 @@ data: ${data}
 `);
       }
     };
-    const requestListener = (traced) => {
-      writeEvent(null, JSON.stringify(traced));
-    };
-    const fetchListener = (entry) => {
-      writeEvent("fetch", JSON.stringify(entry));
-    };
-    const logListener = (entry) => {
-      writeEvent("log", JSON.stringify(entry));
-    };
-    const errorListener = (entry) => {
-      writeEvent("error_event", JSON.stringify(entry));
-    };
-    const queryListener = (entry) => {
-      writeEvent("query", JSON.stringify(entry));
-    };
-    const analysisListener = engine ? ({ statefulInsights, statefulFindings }) => {
+    const bus = registry.get("event-bus");
+    const subs = new SubscriptionBag();
+    subs.add(bus.on("request:completed", (r) => writeEvent(null, JSON.stringify(r))));
+    subs.add(bus.on("telemetry:fetch", (e) => writeEvent("fetch", JSON.stringify(e))));
+    subs.add(bus.on("telemetry:log", (e) => writeEvent("log", JSON.stringify(e))));
+    subs.add(bus.on("telemetry:error", (e) => writeEvent("error_event", JSON.stringify(e))));
+    subs.add(bus.on("telemetry:query", (e) => writeEvent("query", JSON.stringify(e))));
+    subs.add(bus.on("analysis:updated", ({ statefulInsights, statefulFindings }) => {
       writeEvent("insights", JSON.stringify(statefulInsights));
       writeEvent("security", JSON.stringify(statefulFindings));
-    } : void 0;
-    onRequest(requestListener);
-    defaultFetchStore.onEntry(fetchListener);
-    defaultLogStore.onEntry(logListener);
-    defaultErrorStore.onEntry(errorListener);
-    defaultQueryStore.onEntry(queryListener);
-    if (engine && analysisListener) engine.onUpdate(analysisListener);
+    }));
     const heartbeat = setInterval(() => {
       if (res.destroyed) {
         clearInterval(heartbeat);
@@ -2165,20 +1661,14 @@ data: ${data}
     }, SSE_HEARTBEAT_INTERVAL_MS);
     req.on("close", () => {
       clearInterval(heartbeat);
-      offRequest(requestListener);
-      defaultFetchStore.offEntry(fetchListener);
-      defaultLogStore.offEntry(logListener);
-      defaultErrorStore.offEntry(errorListener);
-      defaultQueryStore.offEntry(queryListener);
-      if (engine && analysisListener) engine.offUpdate(analysisListener);
+      subs.dispose();
     });
   };
 }
 var init_sse = __esm({
   "src/dashboard/sse.ts"() {
     "use strict";
-    init_request_log();
-    init_store();
+    init_disposable();
     init_constants();
   }
 });
@@ -2760,6 +2250,120 @@ var init_styles = __esm({
   }
 });
+// src/utils/fs.ts
+import { access } from "fs/promises";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { resolve } from "path";
+function ensureGitignore(dir, entry) {
+  try {
+    const gitignorePath = resolve(dir, "../.gitignore");
+    if (existsSync(gitignorePath)) {
+      const content = readFileSync(gitignorePath, "utf-8");
+      if (content.split("\n").some((l) => l.trim() === entry)) return;
+      writeFileSync(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
+    } else {
+      writeFileSync(gitignorePath, entry + "\n");
+    }
+  } catch {
+  }
+}
+var init_fs = __esm({
+  "src/utils/fs.ts"() {
+    "use strict";
+  }
+});
+// src/utils/log.ts
+function brakitWarn(message) {
+  process.stderr.write(`${PREFIX} ${message}
+`);
+}
+function brakitDebug(message) {
+  if (process.env.DEBUG_BRAKIT) {
+    process.stderr.write(`${PREFIX}:debug ${message}
+`);
+  }
+}
+var PREFIX;
+var init_log = __esm({
+  "src/utils/log.ts"() {
+    "use strict";
+    PREFIX = "[brakit]";
+  }
+});
+// src/utils/atomic-writer.ts
+import {
+  writeFileSync as writeFileSync2,
+  existsSync as existsSync2,
+  mkdirSync as mkdirSync2,
+  renameSync
+} from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
+var AtomicWriter;
+var init_atomic_writer = __esm({
+  "src/utils/atomic-writer.ts"() {
+    "use strict";
+    init_fs();
+    init_log();
+    AtomicWriter = class {
+      constructor(opts) {
+        this.opts = opts;
+        this.tmpPath = opts.filePath + ".tmp";
+      }
+      tmpPath;
+      writing = false;
+      pendingContent = null;
+      writeSync(content) {
+        try {
+          this.ensureDir();
+          writeFileSync2(this.tmpPath, content);
+          renameSync(this.tmpPath, this.opts.filePath);
+        } catch (err) {
+          brakitWarn(`failed to save ${this.opts.label}: ${err.message}`);
+        }
+      }
+      async writeAsync(content) {
+        if (this.writing) {
+          this.pendingContent = content;
+          return;
+        }
+        this.writing = true;
+        try {
+          await this.ensureDirAsync();
+          await writeFile2(this.tmpPath, content);
+          await rename(this.tmpPath, this.opts.filePath);
+        } catch (err) {
+          brakitWarn(`failed to save ${this.opts.label}: ${err.message}`);
+        } finally {
+          this.writing = false;
+          if (this.pendingContent !== null) {
+            const next = this.pendingContent;
+            this.pendingContent = null;
+            this.writeAsync(next);
+          }
+        }
+      }
+      ensureDir() {
+        if (!existsSync2(this.opts.dir)) {
+          mkdirSync2(this.opts.dir, { recursive: true });
+          if (this.opts.gitignoreEntry) {
+            ensureGitignore(this.opts.dir, this.opts.gitignoreEntry);
+          }
+        }
+      }
+      async ensureDirAsync() {
+        if (!existsSync2(this.opts.dir)) {
+          await mkdir(this.opts.dir, { recursive: true });
+          if (this.opts.gitignoreEntry) {
+            ensureGitignore(this.opts.dir, this.opts.gitignoreEntry);
+          }
+        }
+      }
+    };
+  }
+});
 // src/store/finding-id.ts
 import { createHash } from "crypto";
 function computeFindingId(finding) {
@@ -2773,37 +2377,33 @@ var init_finding_id = __esm({
 });
 // src/store/finding-store.ts
-import {
-  readFileSync as readFileSync3,
-  writeFileSync as writeFileSync3,
-  existsSync as existsSync3,
-  mkdirSync as mkdirSync3,
-  renameSync as renameSync2
-} from "fs";
-import { writeFile as writeFile3, mkdir as mkdir2, rename as rename2 } from "fs/promises";
-import { resolve as resolve3 } from "path";
+import { readFileSync as readFileSync2, existsSync as existsSync3 } from "fs";
+import { resolve as resolve2 } from "path";
 var FindingStore;
 var init_finding_store = __esm({
   "src/store/finding-store.ts"() {
     "use strict";
     init_constants();
-    init_fs();
+    init_atomic_writer();
     init_finding_id();
     FindingStore = class {
       constructor(rootDir) {
         this.rootDir = rootDir;
-        this.metricsDir = resolve3(rootDir, METRICS_DIR);
-        this.findingsPath = resolve3(rootDir, FINDINGS_FILE);
-        this.tmpPath = this.findingsPath + ".tmp";
+        const metricsDir = resolve2(rootDir, METRICS_DIR);
+        this.findingsPath = resolve2(rootDir, FINDINGS_FILE);
+        this.writer = new AtomicWriter({
+          dir: metricsDir,
+          filePath: this.findingsPath,
+          gitignoreEntry: METRICS_DIR,
+          label: "findings"
+        });
         this.load();
       }
       findings = /* @__PURE__ */ new Map();
       flushTimer = null;
       dirty = false;
-      writing = false;
+      writer;
       findingsPath;
-      tmpPath;
-      metricsDir;
       start() {
         this.flushTimer = setInterval(
           () => this.flush(),
@@ -2857,6 +2457,15 @@ var init_finding_store = __esm({
         this.dirty = true;
         return true;
       }
+      /**
+       * Reconcile passive findings against the current analysis results.
+       *
+       * Passive findings are detected by continuous scanning (not user-triggered).
+       * When a previously-seen finding is absent from the current results, it means
+       * the issue has been fixed — transition it to "resolved" automatically.
+       * Active findings (from MCP verify-fix) are not auto-resolved because they
+       * require explicit verification.
+       */
       reconcilePassive(currentFindings) {
         const currentIds = new Set(currentFindings.map(computeFindingId));
         for (const [id, stateful] of this.findings) {
@@ -2883,7 +2492,7 @@ var init_finding_store = __esm({
       load() {
         try {
           if (existsSync3(this.findingsPath)) {
-            const raw = readFileSync3(this.findingsPath, "utf-8");
+            const raw = readFileSync2(this.findingsPath, "utf-8");
             const parsed = JSON.parse(raw);
             if (parsed?.version === 1 && Array.isArray(parsed.findings)) {
               for (const f of parsed.findings) {
@@ -2896,56 +2505,20 @@ var init_finding_store = __esm({
       }
       flush() {
         if (!this.dirty) return;
-        this.writeAsync();
+        this.writer.writeAsync(this.serialize());
+        this.dirty = false;
       }
       flushSync() {
         if (!this.dirty) return;
-        try {
-          this.ensureDir();
-          const data = {
-            version: 1,
-            findings: [...this.findings.values()]
-          };
-          writeFileSync3(this.tmpPath, JSON.stringify(data));
-          renameSync2(this.tmpPath, this.findingsPath);
-          this.dirty = false;
-        } catch (err) {
-          process.stderr.write(
-            `[brakit] failed to save findings: ${err.message}
-`
-          );
-        }
-      }
-      async writeAsync() {
-        if (this.writing) return;
-        this.writing = true;
-        try {
-          if (!existsSync3(this.metricsDir)) {
-            await mkdir2(this.metricsDir, { recursive: true });
-            ensureGitignore(this.metricsDir, METRICS_DIR);
-          }
-          const data = {
-            version: 1,
-            findings: [...this.findings.values()]
-          };
-          await writeFile3(this.tmpPath, JSON.stringify(data));
-          await rename2(this.tmpPath, this.findingsPath);
-          this.dirty = false;
-        } catch (err) {
-          process.stderr.write(
-            `[brakit] failed to save findings: ${err.message}
-`
-          );
-        } finally {
-          this.writing = false;
-          if (this.dirty) this.writeAsync();
-        }
+        this.writer.writeSync(this.serialize());
+        this.dirty = false;
       }
-      ensureDir() {
-        if (!existsSync3(this.metricsDir)) {
-          mkdirSync3(this.metricsDir, { recursive: true });
-          ensureGitignore(this.metricsDir, METRICS_DIR);
-        }
+      serialize() {
+        const data = {
+          version: 1,
+          findings: [...this.findings.values()]
+        };
+        return JSON.stringify(data);
       }
     };
   }
@@ -3591,6 +3164,21 @@ var init_collections = __esm({
   }
 });
+// src/utils/endpoint.ts
+function getEndpointKey(method, path) {
+  return `${method} ${path}`;
+}
+function extractEndpointFromDesc(desc) {
+  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+}
+var ENDPOINT_PREFIX_RE;
+var init_endpoint = __esm({
+  "src/utils/endpoint.ts"() {
+    "use strict";
+    ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
+  }
+});
 // src/analysis/insights/query-helpers.ts
 function getQueryShape(q) {
   if (q.sql) return normalizeQueryParams(q.sql) ?? "";
@@ -3736,7 +3324,7 @@ var init_n1 = __esm({
     "use strict";
     init_query_helpers();
     init_endpoint();
-    init_thresholds();
+    init_constants();
     n1Rule = {
       id: "n1",
       check(ctx) {
@@ -3786,7 +3374,7 @@ var init_cross_endpoint = __esm({
     "use strict";
     init_query_helpers();
     init_endpoint();
-    init_thresholds();
+    init_constants();
     crossEndpointRule = {
       id: "cross-endpoint",
       check(ctx) {
@@ -3844,7 +3432,7 @@ var init_redundant_query = __esm({
     "use strict";
     init_query_helpers();
     init_endpoint();
-    init_thresholds();
+    init_constants();
     redundantQueryRule = {
       id: "redundant-query",
       check(ctx) {
@@ -3923,7 +3511,7 @@ var errorHotspotRule;
 var init_error_hotspot = __esm({
   "src/analysis/insights/rules/error-hotspot.ts"() {
     "use strict";
-    init_thresholds();
+    init_constants();
     errorHotspotRule = {
       id: "error-hotspot",
       check(ctx) {
@@ -3953,7 +3541,7 @@ var duplicateRule;
 var init_duplicate = __esm({
   "src/analysis/insights/rules/duplicate.ts"() {
     "use strict";
-    init_thresholds();
+    init_constants();
     duplicateRule = {
       id: "duplicate",
       check(ctx) {
@@ -4016,7 +3604,7 @@ var init_slow = __esm({
   "src/analysis/insights/rules/slow.ts"() {
     "use strict";
     init_format();
-    init_thresholds();
+    init_constants();
     slowRule = {
       id: "slow",
       check(ctx) {
@@ -4063,7 +3651,7 @@ var queryHeavyRule;
 var init_query_heavy = __esm({
   "src/analysis/insights/rules/query-heavy.ts"() {
     "use strict";
-    init_thresholds();
+    init_constants();
     queryHeavyRule = {
       id: "query-heavy",
       check(ctx) {
@@ -4094,7 +3682,7 @@ var init_select_star = __esm({
   "src/analysis/insights/rules/select-star.ts"() {
     "use strict";
     init_query_helpers();
-    init_thresholds();
+    init_constants();
     init_patterns();
     selectStarRule = {
       id: "select-star",
@@ -4134,7 +3722,7 @@ var init_high_rows = __esm({
   "src/analysis/insights/rules/high-rows.ts"() {
     "use strict";
     init_query_helpers();
-    init_thresholds();
+    init_constants();
     highRowsRule = {
       id: "high-rows",
       check(ctx) {
@@ -4179,7 +3767,7 @@ var init_response_overfetch = __esm({
     init_endpoint();
     init_response();
     init_patterns();
-    init_thresholds();
+    init_constants();
     responseOverfetchRule = {
       id: "response-overfetch",
       check(ctx) {
@@ -4238,7 +3826,7 @@ var init_large_response = __esm({
   "src/analysis/insights/rules/large-response.ts"() {
     "use strict";
     init_format();
-    init_thresholds();
+    init_constants();
     largeResponseRule = {
       id: "large-response",
       check(ctx) {
@@ -4269,7 +3857,7 @@ var init_regression = __esm({
   "src/analysis/insights/rules/regression.ts"() {
     "use strict";
     init_format();
-    init_thresholds();
+    init_constants();
     regressionRule = {
       id: "regression",
       check(ctx) {
@@ -4331,6 +3919,27 @@ var init_security2 = __esm({
   }
 });
+// src/analysis/insights/rules/index.ts
+var init_rules2 = __esm({
+  "src/analysis/insights/rules/index.ts"() {
+    "use strict";
+    init_n1();
+    init_cross_endpoint();
+    init_redundant_query();
+    init_error();
+    init_error_hotspot();
+    init_duplicate();
+    init_slow();
+    init_query_heavy();
+    init_select_star();
+    init_high_rows();
+    init_response_overfetch();
+    init_large_response();
+    init_regression();
+    init_security2();
+  }
+});
 // src/analysis/insights/index.ts
 function createDefaultInsightRunner() {
   const runner = new InsightRunner();
@@ -4358,20 +3967,7 @@ var init_insights2 = __esm({
     "use strict";
     init_runner();
     init_runner();
-    init_n1();
-    init_cross_endpoint();
-    init_redundant_query();
-    init_error();
-    init_error_hotspot();
-    init_duplicate();
-    init_slow();
-    init_query_heavy();
-    init_select_star();
-    init_high_rows();
-    init_response_overfetch();
-    init_large_response();
-    init_regression();
-    init_security2();
+    init_rules2();
   }
 });
@@ -4451,23 +4047,16 @@ var AnalysisEngine;
 var init_engine = __esm({
   "src/analysis/engine.ts"() {
     "use strict";
-    init_request_log();
-    init_store();
-    init_request_log();
+    init_disposable();
     init_group();
     init_rules();
     init_insights3();
     init_insight_tracker();
     AnalysisEngine = class {
-      constructor(metricsStore, findingStore, debounceMs = 300) {
-        this.metricsStore = metricsStore;
-        this.findingStore = findingStore;
+      constructor(registry, debounceMs = 300) {
+        this.registry = registry;
         this.debounceMs = debounceMs;
         this.scanner = createDefaultScanner();
-        this.boundRequestListener = () => this.scheduleRecompute();
-        this.boundQueryListener = () => this.scheduleRecompute();
-        this.boundErrorListener = () => this.scheduleRecompute();
-        this.boundLogListener = () => this.scheduleRecompute();
       }
       scanner;
       insightTracker = new InsightTracker();
@@ -4475,34 +4064,21 @@ var init_engine = __esm({
       cachedFindings = [];
       cachedStatefulInsights = [];
       debounceTimer = null;
-      listeners = [];
-      boundRequestListener;
-      boundQueryListener;
-      boundErrorListener;
-      boundLogListener;
+      subs = new SubscriptionBag();
       start() {
-        onRequest(this.boundRequestListener);
-        defaultQueryStore.onEntry(this.boundQueryListener);
-        defaultErrorStore.onEntry(this.boundErrorListener);
-        defaultLogStore.onEntry(this.boundLogListener);
+        const bus = this.registry.get("event-bus");
+        this.subs.add(bus.on("request:completed", () => this.scheduleRecompute()));
+        this.subs.add(bus.on("telemetry:query", () => this.scheduleRecompute()));
+        this.subs.add(bus.on("telemetry:error", () => this.scheduleRecompute()));
+        this.subs.add(bus.on("telemetry:log", () => this.scheduleRecompute()));
       }
       stop() {
-        offRequest(this.boundRequestListener);
-        defaultQueryStore.offEntry(this.boundQueryListener);
-        defaultErrorStore.offEntry(this.boundErrorListener);
-        defaultLogStore.offEntry(this.boundLogListener);
+        this.subs.dispose();
         if (this.debounceTimer) {
           clearTimeout(this.debounceTimer);
           this.debounceTimer = null;
         }
       }
-      onUpdate(fn) {
-        this.listeners.push(fn);
-      }
-      offUpdate(fn) {
-        const idx = this.listeners.indexOf(fn);
-        if (idx !== -1) this.listeners.splice(idx, 1);
-      }
       getInsights() {
         return this.cachedInsights;
       }
@@ -4510,7 +4086,7 @@ var init_engine = __esm({
         return this.cachedFindings;
       }
       getStatefulFindings() {
-        return this.findingStore?.getAll() ?? [];
+        return this.registry.has("finding-store") ? this.registry.get("finding-store").getAll() : [];
       }
       getStatefulInsights() {
         return this.cachedStatefulInsights;
@@ -4523,18 +4099,19 @@ var init_engine = __esm({
         }, this.debounceMs);
       }
       recompute() {
-        const requests = getRequests();
-        const queries = defaultQueryStore.getAll();
-        const errors = defaultErrorStore.getAll();
-        const logs = defaultLogStore.getAll();
-        const fetches = defaultFetchStore.getAll();
+        const requests = this.registry.get("request-store").getAll();
+        const queries = this.registry.get("query-store").getAll();
+        const errors = this.registry.get("error-store").getAll();
+        const logs = this.registry.get("log-store").getAll();
+        const fetches = this.registry.get("fetch-store").getAll();
         const flows = groupRequestsIntoFlows(requests);
         this.cachedFindings = this.scanner.scan({ requests, logs });
-        if (this.findingStore) {
+        if (this.registry.has("finding-store")) {
+          const findingStore = this.registry.get("finding-store");
           for (const finding of this.cachedFindings) {
-            this.findingStore.upsert(finding, "passive");
+            findingStore.upsert(finding, "passive");
           }
-          this.findingStore.reconcilePassive(this.cachedFindings);
+          findingStore.reconcilePassive(this.cachedFindings);
         }
         this.cachedInsights = computeInsights({
           requests,
@@ -4542,7 +4119,7 @@ var init_engine = __esm({
           errors,
           flows,
           fetches,
-          previousMetrics: this.metricsStore.getAll(),
+          previousMetrics: this.registry.get("metrics-store").getAll(),
           securityFindings: this.cachedFindings
         });
         this.cachedStatefulInsights = this.insightTracker.reconcile(this.cachedInsights);
@@ -4552,12 +4129,7 @@ var init_engine = __esm({
           statefulFindings: this.getStatefulFindings(),
           statefulInsights: this.cachedStatefulInsights
         };
-        for (const fn of this.listeners) {
-          try {
-            fn(update);
-          } catch {
-          }
-        }
+        this.registry.get("event-bus").emit("analysis:updated", update);
       }
     };
   }
@@ -4575,7 +4147,7 @@ var init_src = __esm({
     init_engine();
     init_insights3();
     init_insights2();
-    VERSION = "0.8.1";
+    VERSION = "0.8.3";
   }
 });
@@ -6053,7 +5625,7 @@ function getGraphDetail() {
   function renderEndpointDetail(container) {
     var ep = graphData.find(function(e) { return e.endpoint === selectedEndpoint; });
     if (!ep || !ep.requests || ep.requests.length === 0) {
-      container.innerHTML += '<div class="empty" style="height:300px"><span class="empty-sub">No data for this endpoint</span></div>';
+      container.innerHTML += '<div class="empty"><span class="empty-sub">No data for this endpoint</span></div>';
       return;
     }
@@ -6501,7 +6073,7 @@ function getOverviewRender() {
     var hasData = nonStatic.length > 0 || state.queries.length > 0 || state.errors.length > 0;
     if (!hasData) {
-      container.innerHTML = '<div class="empty" style="height:400px"><span class="empty-title">Waiting for requests...</span><span class="empty-sub">Start using your app to see insights here</span></div>';
+      container.innerHTML = '<div class="empty"><span class="empty-title">Waiting for requests...</span><span class="empty-sub">Start using your app to see insights here</span></div>';
       return;
     }
@@ -6669,7 +6241,7 @@ function getSecurityView() {
     if (open.length === 0 && resolved.length === 0) {
       var hasData = state.requests.length > 0 || state.logs.length > 0 || state.queries.length > 0;
       if (!hasData) {
-        container.innerHTML = '<div class="empty" style="height:400px"><span class="empty-title">Waiting for requests...</span><span class="empty-sub">Start using your app to see security findings here</span></div>';
+        container.innerHTML = '<div class="empty"><span class="empty-title">Waiting for requests...</span><span class="empty-sub">Start using your app to see security findings here</span></div>';
       } else {
         container.innerHTML = '<div class="sec-clear"><span class="sec-clear-icon">\\u2713</span><div class="sec-clear-text"><div class="sec-clear-title">All clear</div><div class="sec-clear-sub">No security or quality issues detected this session</div></div></div>';
       }
@@ -6756,7 +6328,7 @@ function getSecurityView() {
           var row = document.createElement('div');
           row.className = 'sec-item';
           row.innerHTML =
-            '<div class="sec-item-desc">' + item.desc + '</div>' +
+            '<div class="sec-item-desc">' + escHtml(item.desc) + '</div>' +
             (item.count > 1 ? '<span class="sec-item-count">' + item.count + 'x</span>' : '');
           list.appendChild(row);
         }
@@ -6854,377 +6426,854 @@ function getApp() {
       }
     };
-    events.addEventListener('fetch', function(e) {
-      var f = JSON.parse(e.data);
-      state.fetches.unshift(f);
-      if (state.fetches.length > ${MAX_TELEMETRY_ENTRIES}) state.fetches.pop();
-      prependFetchRow(f);
-      updateStats();
-      if (f.parentRequestId) { invalidateTimelineCache(f.parentRequestId); refreshVisibleTimeline(f.parentRequestId); }
-    });
+    function registerTelemetryListener(eventName, stateKey, prependFn) {
+      events.addEventListener(eventName, function(e) {
+        var item = JSON.parse(e.data);
+        state[stateKey].unshift(item);
+        if (state[stateKey].length > ${MAX_TELEMETRY_ENTRIES}) state[stateKey].pop();
+        prependFn(item);
+        updateStats();
+        if (item.parentRequestId) { invalidateTimelineCache(item.parentRequestId); refreshVisibleTimeline(item.parentRequestId); }
+      });
+    }
+    registerTelemetryListener('fetch', 'fetches', prependFetchRow);
+    registerTelemetryListener('log', 'logs', prependLogRow);
+    registerTelemetryListener('error_event', 'errors', prependErrorRow);
+    registerTelemetryListener('query', 'queries', prependQueryRow);
-    events.addEventListener('log', function(e) {
-      var l = JSON.parse(e.data);
-      state.logs.unshift(l);
-      if (state.logs.length > ${MAX_TELEMETRY_ENTRIES}) state.logs.pop();
-      prependLogRow(l);
+    events.addEventListener('insights', function(e) {
+      state.insights = JSON.parse(e.data);
+      if (state.activeView === 'overview') renderOverview();
       updateStats();
-      if (l.parentRequestId) { invalidateTimelineCache(l.parentRequestId); refreshVisibleTimeline(l.parentRequestId); }
     });
-    events.addEventListener('error_event', function(e) {
-      var err = JSON.parse(e.data);
-      state.errors.unshift(err);
-      if (state.errors.length > ${MAX_TELEMETRY_ENTRIES}) state.errors.pop();
-      prependErrorRow(err);
+    events.addEventListener('security', function(e) {
+      state.findings = JSON.parse(e.data);
+      if (state.activeView === 'security') renderSecurity();
       updateStats();
-      if (err.parentRequestId) { invalidateTimelineCache(err.parentRequestId); refreshVisibleTimeline(err.parentRequestId); }
     });
-    events.addEventListener('query', function(e) {
-      var q = JSON.parse(e.data);
-      state.queries.unshift(q);
-      if (state.queries.length > ${MAX_TELEMETRY_ENTRIES}) state.queries.pop();
-      prependQueryRow(q);
-      updateStats();
-      if (q.parentRequestId) { invalidateTimelineCache(q.parentRequestId); refreshVisibleTimeline(q.parentRequestId); }
+    window.addEventListener('beforeunload', function() {
+      events.close();
+      clearTimeout(reloadTimer);
+      clearTimeout(perfReloadTimer);
     });
+  }
-    events.addEventListener('insights', function(e) {
-      state.insights = JSON.parse(e.data);
-      if (state.activeView === 'overview') renderOverview();
+  async function reloadFlows() {
+    try {
+      var res = await fetch('${DASHBOARD_API_FLOWS}');
+      var data = await res.json();
+      state.flows = data.flows;
+      renderFlows();
       updateStats();
+    } catch(e) { console.warn('[brakit]', e); }
+  }
+  function switchView(view) {
+    Object.keys(VIEW_CONTAINERS).forEach(function(v) {
+      var el = document.getElementById(VIEW_CONTAINERS[v]);
+      if (el) el.style.display = v === view ? 'block' : 'none';
     });
+  }
-    events.addEventListener('security', function(e) {
-      state.findings = JSON.parse(e.data);
-      if (state.activeView === 'security') renderSecurity();
-      updateStats();
+  var sidebarItems = document.querySelectorAll('.sidebar-item:not(.disabled)');
+  sidebarItems.forEach(function(item) {
+    item.addEventListener('click', function() {
+      var view = item.getAttribute('data-view');
+      if (!view || view === state.activeView) return;
+      sidebarItems.forEach(function(i) { i.classList.remove('active'); });
+      item.classList.add('active');
+      state.activeView = view;
+      fetch('${DASHBOARD_API_TAB}?tab=' + encodeURIComponent(view)).catch(function(){});
+      document.getElementById('header-title').textContent = VIEW_TITLES[view] || view;
+      document.getElementById('header-sub').textContent = VIEW_SUBTITLES[view] || '';
+      document.getElementById('mode-toggle').style.display = view === 'actions' ? 'flex' : 'none';
+      if (view === 'overview') renderOverview();
+      if (view === 'security') renderSecurity();
+      if (view === 'performance') loadMetrics();
+      switchView(view);
     });
+  });
+  document.getElementById('mode-simple').addEventListener('click', function() {
+    state.viewMode = 'simple';
+    document.getElementById('mode-simple').classList.add('active');
+    document.getElementById('mode-detailed').classList.remove('active');
+    collapseAll('.flow-row', '.flow-expand');
+  });
+  document.getElementById('mode-detailed').addEventListener('click', function() {
+    state.viewMode = 'detailed';
+    document.getElementById('mode-detailed').classList.add('active');
+    document.getElementById('mode-simple').classList.remove('active');
+    collapseAll('.flow-row', '.flow-expand');
+  });
+  function updateStats() {
+    var reqs = state.requests.filter(function(r) { return !r.path || !r.path.startsWith('${DASHBOARD_PREFIX}'); });
+    var errors = reqs.filter(function(r) { return r.statusCode >= 400; }).length;
+    var avg = reqs.length > 0 ? Math.round(reqs.reduce(function(s,r) { return s + r.durationMs; }, 0) / reqs.length) : 0;
+    document.getElementById('stat-total').textContent = reqs.length + ' request' + (reqs.length !== 1 ? 's' : '');
+    document.getElementById('stat-flows').textContent = state.flows.length + ' action' + (state.flows.length !== 1 ? 's' : '');
+    document.getElementById('stat-errors').textContent = errors + ' error' + (errors !== 1 ? 's' : '');
+    document.getElementById('stat-avg').textContent = 'Avg: ' + avg + 'ms';
+    var actionCount = document.getElementById('sidebar-count-actions');
+    var requestCount = document.getElementById('sidebar-count-requests');
+    var fetchCount = document.getElementById('sidebar-count-fetches');
+    var errorCount = document.getElementById('sidebar-count-errors');
+    var logCount = document.getElementById('sidebar-count-logs');
+    var queryCount = document.getElementById('sidebar-count-queries');
+    if (actionCount) actionCount.textContent = state.flows.length;
+    if (requestCount) requestCount.textContent = reqs.length;
+    if (fetchCount) fetchCount.textContent = state.fetches.length;
+    if (errorCount) errorCount.textContent = state.errors.length;
+    if (logCount) logCount.textContent = state.logs.length;
+    if (queryCount) queryCount.textContent = state.queries.length;
+    var secCount = document.getElementById('sidebar-count-security');
+    if (secCount) {
+      var numFindings = (state.findings || []).filter(function(f) { return f.state !== 'resolved'; }).length;
+      secCount.textContent = numFindings;
+      secCount.style.display = numFindings > 0 ? '' : 'none';
+    }
+  }
+  function copyAsCurl(req) {
+    var headers = Object.entries(req.headers || {})
+      .filter(function(e) { return ${CURL_SKIP_HEADERS}.indexOf(e[0]) === -1; })
+      .map(function(e) { return "-H '" + e[0] + ": " + e[1] + "'"; })
+      .join(' ');
+    var body = req.requestBody ? " -d '" + req.requestBody.replace(/'/g, "'\\\\''") + "'" : '';
+    var curl = "curl -X " + req.method + " " + headers + body + " 'http://localhost:" + PORT + req.url + "'";
+    navigator.clipboard.writeText(curl).then(function() { showToast('Copied cURL command'); });
+  }
+  document.getElementById('clear-btn').addEventListener('click', async function() {
+    if (!confirm('This will clear all data including performance metrics history. Continue?')) return;
+    await fetch('${DASHBOARD_API_CLEAR}', {method: 'POST'});
+    state.flows = []; state.requests = []; state.fetches = []; state.errors = []; state.logs = []; state.queries = [];
+    state.insights = []; state.findings = [];
+    graphData = []; selectedEndpoint = ${ALL_ENDPOINTS_SELECTOR}; timelineCache = {};
+    renderFlows(); renderRequests(); renderFetches(); renderErrors(); renderLogs(); renderQueries(); renderGraph(); renderOverview(); renderSecurity(); updateStats();
+    showToast('Cleared');
+  });
+  init();
+  `;
+}
+var init_app2 = __esm({
+  "src/dashboard/client/app.ts"() {
+    "use strict";
+    init_constants();
+    init_constants2();
+  }
+});
+// src/dashboard/client/index.ts
+function getClientScript(config) {
+  return `
+(function(){
+  var PORT = ${config.proxyPort};
+  var state = { flows: [], requests: [], fetches: [], errors: [], logs: [], queries: [], insights: [], findings: [], viewMode: 'simple', activeView: 'overview' };
+  var appEl = document.getElementById('app');
+  var flowListEl = document.getElementById('flow-list');
+  var reqListEl = document.getElementById('request-list');
+  var emptyFlows = document.getElementById('empty-flows');
+  var toastEl = document.getElementById('toast');
+  ${getHelpers()}
+  ${getTelemetryViewHelpers()}
+  ${getSqlUtils()}
+  ${getFlowsView()}
+  ${getRequestsView()}
+  ${getFetchesView()}
+  ${getErrorsView()}
+  ${getLogsView()}
+  ${getQueriesView()}
+  ${getTimelineView()}
+  ${getGraphView()}
+  ${getOverviewView()}
+  ${getSecurityView()}
+  ${getApp()}
+})();
+`;
+}
+var init_client = __esm({
+  "src/dashboard/client/index.ts"() {
+    "use strict";
+    init_helpers();
+    init_view_helpers();
+    init_sql_utils();
+    init_flows2();
+    init_requests2();
+    init_fetches();
+    init_errors2();
+    init_logs();
+    init_queries();
+    init_timeline2();
+    init_graph2();
+    init_overview3();
+    init_security3();
+    init_app2();
+  }
+});
+// src/dashboard/page.ts
+function getDashboardHtml(config) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>brakit</title>
+<style>${getStyles()}</style>
+</head>
+<body>
+${getLayoutHtml(config)}
+<script>${getClientScript(config)}</script>
+</body>
+</html>`;
+}
+var init_page = __esm({
+  "src/dashboard/page.ts"() {
+    "use strict";
+    init_styles();
+    init_layout2();
+    init_client();
+  }
+});
+// src/telemetry/config.ts
+import { homedir } from "os";
+import { join as join2 } from "path";
+import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3 } from "fs";
+import { randomUUID as randomUUID3 } from "crypto";
+function readConfig() {
+  try {
+    if (!existsSync4(CONFIG_PATH)) return null;
+    return JSON.parse(readFileSync3(CONFIG_PATH, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function isTelemetryEnabled() {
+  const env = process.env.BRAKIT_TELEMETRY;
+  if (env !== void 0) return env !== "false" && env !== "0" && env !== "off";
+  return readConfig()?.telemetry ?? true;
+}
+var CONFIG_DIR, CONFIG_PATH;
+var init_config = __esm({
+  "src/telemetry/config.ts"() {
+    "use strict";
+    CONFIG_DIR = join2(homedir(), ".brakit");
+    CONFIG_PATH = join2(CONFIG_DIR, "config.json");
   }
+});
-  async function reloadFlows() {
-    try {
-      var res = await fetch('${DASHBOARD_API_FLOWS}');
-      var data = await res.json();
-      state.flows = data.flows;
-      renderFlows();
-      updateStats();
-    } catch(e) { console.warn('[brakit]', e); }
+// src/telemetry/index.ts
+import { platform, release, arch } from "os";
+function recordTabViewed(tab) {
+  tabsViewed.add(tab);
+}
+function recordDashboardOpened() {
+  dashboardOpened = true;
+}
+var tabsViewed, dashboardOpened;
+var init_telemetry = __esm({
+  "src/telemetry/index.ts"() {
+    "use strict";
+    init_src();
+    init_config();
+    init_config();
+    tabsViewed = /* @__PURE__ */ new Set();
+    dashboardOpened = false;
   }
+});
-  function switchView(view) {
-    Object.keys(VIEW_CONTAINERS).forEach(function(v) {
-      var el = document.getElementById(VIEW_CONTAINERS[v]);
-      if (el) el.style.display = v === view ? 'block' : 'none';
-    });
+// src/dashboard/router.ts
+function isDashboardRequest(url) {
+  return url === DASHBOARD_PREFIX || url.startsWith(DASHBOARD_PREFIX + "/");
+}
+function createDashboardHandler(registry) {
+  const metricsStore = registry.get("metrics-store");
+  const analysisEngine = registry.has("analysis-engine") ? registry.get("analysis-engine") : void 0;
+  const routes = {
+    [DASHBOARD_API_REQUESTS]: createRequestsHandler(registry),
+    [DASHBOARD_API_EVENTS]: createSSEHandler(registry),
+    [DASHBOARD_API_FLOWS]: createFlowsHandler(registry),
+    [DASHBOARD_API_CLEAR]: createClearHandler(registry),
+    [DASHBOARD_API_LOGS]: createLogsHandler(registry),
+    [DASHBOARD_API_FETCHES]: createFetchesHandler(registry),
+    [DASHBOARD_API_ERRORS]: createErrorsHandler(registry),
+    [DASHBOARD_API_QUERIES]: createQueriesHandler(registry),
+    [DASHBOARD_API_METRICS]: createMetricsHandler(metricsStore),
+    [DASHBOARD_API_METRICS_LIVE]: createLiveMetricsHandler(metricsStore),
+    [DASHBOARD_API_INGEST]: createIngestHandler(registry),
+    [DASHBOARD_API_ACTIVITY]: createActivityHandler(registry)
+  };
+  if (analysisEngine) {
+    routes[DASHBOARD_API_INSIGHTS] = createInsightsHandler(analysisEngine);
+    routes[DASHBOARD_API_SECURITY] = createSecurityHandler(analysisEngine);
   }
-  var sidebarItems = document.querySelectorAll('.sidebar-item:not(.disabled)');
-  sidebarItems.forEach(function(item) {
-    item.addEventListener('click', function() {
-      var view = item.getAttribute('data-view');
-      if (!view || view === state.activeView) return;
-      sidebarItems.forEach(function(i) { i.classList.remove('active'); });
-      item.classList.add('active');
-      state.activeView = view;
-      fetch('${DASHBOARD_API_TAB}?tab=' + encodeURIComponent(view)).catch(function(){});
-      document.getElementById('header-title').textContent = VIEW_TITLES[view] || view;
-      document.getElementById('header-sub').textContent = VIEW_SUBTITLES[view] || '';
-      document.getElementById('mode-toggle').style.display = view === 'actions' ? 'flex' : 'none';
-      if (view === 'overview') renderOverview();
-      if (view === 'security') renderSecurity();
-      if (view === 'performance') loadMetrics();
-      switchView(view);
+  if (registry.has("finding-store")) {
+    routes[DASHBOARD_API_FINDINGS] = createFindingsHandler(registry.get("finding-store"));
+  }
+  routes[DASHBOARD_API_TAB] = (req, res) => {
+    const raw = (req.url ?? "").split("tab=")[1];
+    if (raw) {
+      const tab = decodeURIComponent(raw).slice(0, MAX_TAB_NAME_LENGTH);
+      if (VALID_TABS.has(tab) && isTelemetryEnabled()) recordTabViewed(tab);
+    }
+    res.writeHead(204);
+    res.end();
+  };
+  return (req, res, config) => {
+    const path = (req.url ?? "/").split("?")[0];
+    const handler = routes[path];
+    if (handler) {
+      handler(req, res);
+      return;
+    }
+    if (isTelemetryEnabled()) recordDashboardOpened();
+    res.writeHead(200, {
+      "content-type": "text/html; charset=utf-8",
+      "cache-control": "no-cache",
+      ...SECURITY_HEADERS
     });
-  });
+    res.end(getDashboardHtml(config));
+  };
+}
+var SECURITY_HEADERS;
+var init_router = __esm({
+  "src/dashboard/router.ts"() {
+    "use strict";
+    init_constants();
+    init_api();
+    init_insights();
+    init_findings();
+    init_sse();
+    init_page();
+    init_telemetry();
+    SECURITY_HEADERS = {
+      "x-content-type-options": "nosniff",
+      "x-frame-options": "DENY",
+      "referrer-policy": "no-referrer",
+      "content-security-policy": "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; connect-src 'self'; img-src data:"
+    };
+  }
+});
-  document.getElementById('mode-simple').addEventListener('click', function() {
-    state.viewMode = 'simple';
-    document.getElementById('mode-simple').classList.add('active');
-    document.getElementById('mode-detailed').classList.remove('active');
-    collapseAll('.flow-row', '.flow-expand');
-  });
-  document.getElementById('mode-detailed').addEventListener('click', function() {
-    state.viewMode = 'detailed';
-    document.getElementById('mode-detailed').classList.add('active');
-    document.getElementById('mode-simple').classList.remove('active');
-    collapseAll('.flow-row', '.flow-expand');
-  });
+// src/core/event-bus.ts
+var EventBus;
+var init_event_bus = __esm({
+  "src/core/event-bus.ts"() {
+    "use strict";
+    EventBus = class {
+      listeners = /* @__PURE__ */ new Map();
+      emit(channel, data) {
+        const set = this.listeners.get(channel);
+        if (!set) return;
+        for (const fn of set) {
+          try {
+            fn(data);
+          } catch {
+          }
+        }
+      }
+      on(channel, fn) {
+        let set = this.listeners.get(channel);
+        if (!set) {
+          set = /* @__PURE__ */ new Set();
+          this.listeners.set(channel, set);
+        }
+        set.add(fn);
+        return () => set.delete(fn);
+      }
+      off(channel, fn) {
+        this.listeners.get(channel)?.delete(fn);
+      }
+    };
+  }
+});
-  function updateStats() {
-    var reqs = state.requests.filter(function(r) { return !r.path || !r.path.startsWith('${DASHBOARD_PREFIX}'); });
-    var errors = reqs.filter(function(r) { return r.statusCode >= 400; }).length;
-    var avg = reqs.length > 0 ? Math.round(reqs.reduce(function(s,r) { return s + r.durationMs; }, 0) / reqs.length) : 0;
-    document.getElementById('stat-total').textContent = reqs.length + ' request' + (reqs.length !== 1 ? 's' : '');
-    document.getElementById('stat-flows').textContent = state.flows.length + ' action' + (state.flows.length !== 1 ? 's' : '');
-    document.getElementById('stat-errors').textContent = errors + ' error' + (errors !== 1 ? 's' : '');
-    document.getElementById('stat-avg').textContent = 'Avg: ' + avg + 'ms';
-    var actionCount = document.getElementById('sidebar-count-actions');
-    var requestCount = document.getElementById('sidebar-count-requests');
-    var fetchCount = document.getElementById('sidebar-count-fetches');
-    var errorCount = document.getElementById('sidebar-count-errors');
-    var logCount = document.getElementById('sidebar-count-logs');
-    var queryCount = document.getElementById('sidebar-count-queries');
-    if (actionCount) actionCount.textContent = state.flows.length;
-    if (requestCount) requestCount.textContent = reqs.length;
-    if (fetchCount) fetchCount.textContent = state.fetches.length;
-    if (errorCount) errorCount.textContent = state.errors.length;
-    if (logCount) logCount.textContent = state.logs.length;
-    if (queryCount) queryCount.textContent = state.queries.length;
-    var secCount = document.getElementById('sidebar-count-security');
-    if (secCount) {
-      var numFindings = (state.findings || []).filter(function(f) { return f.state !== 'resolved'; }).length;
-      secCount.textContent = numFindings;
-      secCount.style.display = numFindings > 0 ? '' : 'none';
-    }
+// src/core/service-registry.ts
+var ServiceRegistry;
+var init_service_registry = __esm({
+  "src/core/service-registry.ts"() {
+    "use strict";
+    ServiceRegistry = class {
+      services = /* @__PURE__ */ new Map();
+      register(name, service) {
+        this.services.set(name, service);
+      }
+      get(name) {
+        const service = this.services.get(name);
+        if (!service) throw new Error(`Service "${name}" not registered`);
+        return service;
+      }
+      has(name) {
+        return this.services.has(name);
+      }
+    };
   }
+});
-  function copyAsCurl(req) {
-    var headers = Object.entries(req.headers || {})
-      .filter(function(e) { return ${CURL_SKIP_HEADERS}.indexOf(e[0]) === -1; })
-      .map(function(e) { return "-H '" + e[0] + ": " + e[1] + "'"; })
-      .join(' ');
-    var body = req.requestBody ? " -d '" + req.requestBody.replace(/'/g, "'\\\\''") + "'" : '';
-    var curl = "curl -X " + req.method + " " + headers + body + " 'http://localhost:" + PORT + req.url + "'";
-    navigator.clipboard.writeText(curl).then(function() { showToast('Copied cURL command'); });
+// src/utils/static-patterns.ts
+function isStaticPath(urlPath) {
+  return STATIC_PATTERNS.some((p) => p.test(urlPath));
+}
+var STATIC_PATTERNS;
+var init_static_patterns = __esm({
+  "src/utils/static-patterns.ts"() {
+    "use strict";
+    STATIC_PATTERNS = [
+      /\.(?:js|css|map|ico|png|jpg|jpeg|gif|svg|webp|woff2?|ttf|eot)$/,
+      /^\/favicon/,
+      /^\/node_modules\//,
+      // Framework-specific static/internal paths
+      /^\/_next\//,
+      /^\/__nextjs/,
+      /^\/@vite\//,
+      /^\/__vite/
+    ];
   }
+});
-  document.getElementById('clear-btn').addEventListener('click', async function() {
-    if (!confirm('This will clear all data including performance metrics history. Continue?')) return;
-    await fetch('${DASHBOARD_API_CLEAR}', {method: 'POST'});
-    state.flows = []; state.requests = []; state.fetches = []; state.errors = []; state.logs = []; state.queries = [];
-    state.insights = []; state.findings = [];
-    graphData = []; selectedEndpoint = ${ALL_ENDPOINTS_SELECTOR}; timelineCache = {};
-    renderFlows(); renderRequests(); renderFetches(); renderErrors(); renderLogs(); renderQueries(); renderGraph(); renderOverview(); renderSecurity(); updateStats();
-    showToast('Cleared');
-  });
+// src/store/request-store.ts
+function flattenHeaders(headers) {
+  const flat = {};
+  for (const [key, value] of Object.entries(headers)) {
+    if (value === void 0) continue;
+    flat[key] = Array.isArray(value) ? value.join(", ") : value;
+  }
+  return flat;
+}
+var RequestStore;
+var init_request_store = __esm({
+  "src/store/request-store.ts"() {
+    "use strict";
+    init_constants();
+    init_static_patterns();
+    RequestStore = class {
+      constructor(maxEntries = MAX_REQUEST_ENTRIES) {
+        this.maxEntries = maxEntries;
+      }
+      requests = [];
+      listeners = [];
+      capture(input) {
+        const url = input.url;
+        const path = url.split("?")[0];
+        let requestBodyStr = null;
+        if (input.requestBody && input.requestBody.length > 0) {
+          requestBodyStr = input.requestBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
+        }
+        let responseBodyStr = null;
+        if (input.responseBody && input.responseBody.length > 0) {
+          const ct = input.responseContentType;
+          if (ct.includes("json") || ct.includes("text") || ct.includes("html")) {
+            responseBodyStr = input.responseBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
+          }
+        }
+        const entry = {
+          id: input.requestId,
+          method: input.method,
+          url,
+          path,
+          headers: flattenHeaders(input.requestHeaders),
+          requestBody: requestBodyStr,
+          statusCode: input.statusCode,
+          responseHeaders: flattenHeaders(input.responseHeaders),
+          responseBody: responseBodyStr,
+          startedAt: input.startTime,
+          durationMs: Math.round((input.endTime ?? performance.now()) - input.startTime),
+          responseSize: input.responseBody?.length ?? 0,
+          isStatic: isStaticPath(path)
+        };
+        this.requests.push(entry);
+        if (this.requests.length > this.maxEntries) {
+          this.requests.shift();
+        }
+        for (const fn of this.listeners) {
+          fn(entry);
+        }
+        return entry;
+      }
+      getAll() {
+        return this.requests;
+      }
+      clear() {
+        this.requests.length = 0;
+      }
+      onRequest(fn) {
+        this.listeners.push(fn);
+      }
+      offRequest(fn) {
+        const idx = this.listeners.indexOf(fn);
+        if (idx !== -1) this.listeners.splice(idx, 1);
+      }
+    };
+  }
+});
-  init();
-  `;
-}
-var init_app2 = __esm({
-  "src/dashboard/client/app.ts"() {
+// src/store/telemetry-store.ts
+import { randomUUID as randomUUID4 } from "crypto";
+var TelemetryStore;
+var init_telemetry_store = __esm({
+  "src/store/telemetry-store.ts"() {
     "use strict";
     init_constants();
-    init_constants2();
+    TelemetryStore = class {
+      constructor(maxEntries = MAX_TELEMETRY_ENTRIES) {
+        this.maxEntries = maxEntries;
+      }
+      entries = [];
+      listeners = [];
+      add(data) {
+        const entry = { id: randomUUID4(), ...data };
+        this.entries.push(entry);
+        if (this.entries.length > this.maxEntries) this.entries.shift();
+        for (const fn of this.listeners) fn(entry);
+        return entry;
+      }
+      getAll() {
+        return this.entries;
+      }
+      getByRequest(requestId) {
+        return this.entries.filter((e) => e.parentRequestId === requestId);
+      }
+      clear() {
+        this.entries.length = 0;
+      }
+      onEntry(fn) {
+        this.listeners.push(fn);
+      }
+      offEntry(fn) {
+        const idx = this.listeners.indexOf(fn);
+        if (idx !== -1) this.listeners.splice(idx, 1);
+      }
+    };
   }
 });
-// src/dashboard/client/index.ts
-function getClientScript(config) {
-  return `
-(function(){
-  var PORT = ${config.proxyPort};
-  var state = { flows: [], requests: [], fetches: [], errors: [], logs: [], queries: [], insights: [], findings: [], viewMode: 'simple', activeView: 'overview' };
-  var appEl = document.getElementById('app');
-  var flowListEl = document.getElementById('flow-list');
-  var reqListEl = document.getElementById('request-list');
-  var emptyFlows = document.getElementById('empty-flows');
-  var toastEl = document.getElementById('toast');
+// src/store/fetch-store.ts
+var FetchStore;
+var init_fetch_store = __esm({
+  "src/store/fetch-store.ts"() {
+    "use strict";
+    init_telemetry_store();
+    FetchStore = class extends TelemetryStore {
+    };
+  }
+});
-  ${getHelpers()}
-  ${getTelemetryViewHelpers()}
-  ${getSqlUtils()}
-  ${getFlowsView()}
-  ${getRequestsView()}
-  ${getFetchesView()}
-  ${getErrorsView()}
-  ${getLogsView()}
-  ${getQueriesView()}
-  ${getTimelineView()}
-  ${getGraphView()}
-  ${getOverviewView()}
-  ${getSecurityView()}
-  ${getApp()}
-})();
-`;
-}
-var init_client = __esm({
-  "src/dashboard/client/index.ts"() {
+// src/store/log-store.ts
+var LogStore;
+var init_log_store = __esm({
+  "src/store/log-store.ts"() {
     "use strict";
-    init_helpers();
-    init_view_helpers();
-    init_sql_utils();
-    init_flows2();
-    init_requests2();
-    init_fetches();
-    init_errors2();
-    init_logs();
-    init_queries();
-    init_timeline2();
-    init_graph2();
-    init_overview3();
-    init_security3();
-    init_app2();
+    init_telemetry_store();
+    LogStore = class extends TelemetryStore {
+    };
   }
 });
-// src/dashboard/page.ts
-function getDashboardHtml(config) {
-  return `<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>brakit</title>
-<style>${getStyles()}</style>
-</head>
-<body>
-${getLayoutHtml(config)}
-<script>${getClientScript(config)}</script>
-</body>
-</html>`;
-}
-var init_page = __esm({
-  "src/dashboard/page.ts"() {
+// src/store/error-store.ts
+var ErrorStore;
+var init_error_store = __esm({
+  "src/store/error-store.ts"() {
     "use strict";
-    init_styles();
-    init_layout2();
-    init_client();
+    init_telemetry_store();
+    ErrorStore = class extends TelemetryStore {
+    };
   }
 });
-// src/telemetry/config.ts
-import { homedir } from "os";
-import { join as join2 } from "path";
-import { existsSync as existsSync4, readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4 } from "fs";
-import { randomUUID as randomUUID5 } from "crypto";
-function readConfig() {
-  try {
-    if (!existsSync4(CONFIG_PATH)) return null;
-    return JSON.parse(readFileSync4(CONFIG_PATH, "utf-8"));
-  } catch {
-    return null;
+// src/store/query-store.ts
+var QueryStore;
+var init_query_store = __esm({
+  "src/store/query-store.ts"() {
+    "use strict";
+    init_telemetry_store();
+    QueryStore = class extends TelemetryStore {
+    };
   }
+});
+// src/utils/math.ts
+function percentile(values, p) {
+  if (values.length === 0) return 0;
+  const sorted = [...values].sort((a, b) => a - b);
+  const idx = Math.ceil(p * sorted.length) - 1;
+  return Math.round(sorted[Math.max(0, idx)]);
 }
-function isTelemetryEnabled() {
-  const env = process.env.BRAKIT_TELEMETRY;
-  if (env !== void 0) return env !== "false" && env !== "0" && env !== "off";
-  return readConfig()?.telemetry ?? true;
-}
-var CONFIG_DIR, CONFIG_PATH;
-var init_config = __esm({
-  "src/telemetry/config.ts"() {
+var init_math = __esm({
+  "src/utils/math.ts"() {
     "use strict";
-    CONFIG_DIR = join2(homedir(), ".brakit");
-    CONFIG_PATH = join2(CONFIG_DIR, "config.json");
   }
 });
-// src/telemetry/index.ts
-import { platform, release, arch } from "os";
-function recordTabViewed(tab) {
-  tabsViewed.add(tab);
-}
-function recordDashboardOpened() {
-  dashboardOpened = true;
+// src/store/metrics/metrics-store.ts
+import { randomUUID as randomUUID5 } from "crypto";
+function createAccumulator() {
+  return {
+    durations: [],
+    queryCounts: [],
+    errorCount: 0,
+    totalDurationSum: 0,
+    totalRequestCount: 0,
+    totalErrorCount: 0,
+    totalQuerySum: 0,
+    totalQueryTimeMs: 0,
+    totalFetchTimeMs: 0
+  };
 }
-var tabsViewed, dashboardOpened;
-var init_telemetry = __esm({
-  "src/telemetry/index.ts"() {
+var MetricsStore;
+var init_metrics_store = __esm({
+  "src/store/metrics/metrics-store.ts"() {
     "use strict";
-    init_src();
-    init_store();
-    init_config();
-    init_config();
-    tabsViewed = /* @__PURE__ */ new Set();
-    dashboardOpened = false;
+    init_constants();
+    init_math();
+    init_endpoint();
+    MetricsStore = class {
+      constructor(persistence) {
+        this.persistence = persistence;
+        this.data = persistence.load();
+        for (const ep of this.data.endpoints) {
+          this.endpointIndex.set(ep.endpoint, ep);
+        }
+      }
+      data;
+      endpointIndex = /* @__PURE__ */ new Map();
+      sessionId = randomUUID5();
+      sessionStart = Date.now();
+      flushTimer = null;
+      accumulators = /* @__PURE__ */ new Map();
+      pendingPoints = /* @__PURE__ */ new Map();
+      start() {
+        this.flushTimer = setInterval(
+          () => this.flush(),
+          METRICS_FLUSH_INTERVAL_MS
+        );
+        this.flushTimer.unref();
+      }
+      stop() {
+        if (this.flushTimer) {
+          clearInterval(this.flushTimer);
+          this.flushTimer = null;
+        }
+        this.flush(true);
+      }
+      recordRequest(req, metrics) {
+        if (req.isStatic) return;
+        const key = getEndpointKey(req.method, req.path);
+        let acc = this.accumulators.get(key);
+        if (!acc) {
+          acc = createAccumulator();
+          this.accumulators.set(key, acc);
+        }
+        acc.durations.push(req.durationMs);
+        acc.queryCounts.push(metrics.queryCount);
+        if (req.statusCode >= 400) acc.errorCount++;
+        acc.totalDurationSum += req.durationMs;
+        acc.totalRequestCount++;
+        acc.totalQuerySum += metrics.queryCount;
+        acc.totalQueryTimeMs += metrics.queryTimeMs;
+        acc.totalFetchTimeMs += metrics.fetchTimeMs;
+        if (req.statusCode >= 400) acc.totalErrorCount++;
+        const timestamp = Math.round(
+          Date.now() - (performance.now() - req.startedAt)
+        );
+        const point = {
+          timestamp,
+          durationMs: req.durationMs,
+          statusCode: req.statusCode,
+          queryCount: metrics.queryCount,
+          queryTimeMs: metrics.queryTimeMs,
+          fetchTimeMs: metrics.fetchTimeMs
+        };
+        let pending2 = this.pendingPoints.get(key);
+        if (!pending2) {
+          pending2 = [];
+          this.pendingPoints.set(key, pending2);
+        }
+        pending2.push(point);
+      }
+      getAll() {
+        return this.data.endpoints;
+      }
+      getEndpoint(endpoint) {
+        return this.endpointIndex.get(endpoint);
+      }
+      getLiveEndpoints() {
+        const merged = /* @__PURE__ */ new Map();
+        for (const ep of this.data.endpoints) {
+          if (ep.dataPoints && ep.dataPoints.length > 0) {
+            merged.set(ep.endpoint, ep.dataPoints);
+          }
+        }
+        for (const [endpoint, points] of this.pendingPoints) {
+          const existing = merged.get(endpoint);
+          merged.set(endpoint, existing ? existing.concat(points) : points);
+        }
+        const endpoints = [];
+        for (const [endpoint, requests] of merged) {
+          if (requests.length === 0) continue;
+          const durations = requests.map((r) => r.durationMs);
+          const errors = requests.filter((r) => r.statusCode >= 400).length;
+          const totalQueries = requests.reduce((s, r) => s + r.queryCount, 0);
+          const totalQueryTime = requests.reduce((s, r) => s + (r.queryTimeMs ?? 0), 0);
+          const totalFetchTime = requests.reduce((s, r) => s + (r.fetchTimeMs ?? 0), 0);
+          const n = requests.length;
+          const avgDurationMs = Math.round(durations.reduce((s, d) => s + d, 0) / n);
+          const avgQueryTimeMs = Math.round(totalQueryTime / n);
+          const avgFetchTimeMs = Math.round(totalFetchTime / n);
+          endpoints.push({
+            endpoint,
+            requests,
+            summary: {
+              p95Ms: percentile(durations, 0.95),
+              errorRate: errors / n,
+              avgQueryCount: Math.round(totalQueries / n),
+              totalRequests: n,
+              avgQueryTimeMs,
+              avgFetchTimeMs,
+              avgAppTimeMs: Math.max(0, avgDurationMs - avgQueryTimeMs - avgFetchTimeMs)
+            }
+          });
+        }
+        endpoints.sort((a, b) => b.summary.p95Ms - a.summary.p95Ms);
+        return endpoints;
+      }
+      reset() {
+        this.data = { version: 1, endpoints: [] };
+        this.endpointIndex.clear();
+        this.accumulators.clear();
+        this.pendingPoints.clear();
+        this.persistence.remove();
+      }
+      flush(sync = false) {
+        for (const [endpoint, acc] of this.accumulators) {
+          if (acc.durations.length === 0) continue;
+          const n = acc.totalRequestCount;
+          const session = {
+            sessionId: this.sessionId,
+            startedAt: this.sessionStart,
+            avgDurationMs: Math.round(acc.totalDurationSum / n),
+            p95DurationMs: percentile(acc.durations, 0.95),
+            requestCount: n,
+            errorCount: acc.totalErrorCount,
+            avgQueryCount: n > 0 ? Math.round(acc.totalQuerySum / n) : 0,
+            avgQueryTimeMs: n > 0 ? Math.round(acc.totalQueryTimeMs / n) : 0,
+            avgFetchTimeMs: n > 0 ? Math.round(acc.totalFetchTimeMs / n) : 0
+          };
+          const epMetrics = this.getOrCreateEndpoint(endpoint);
+          const existingIdx = epMetrics.sessions.findIndex(
+            (s) => s.sessionId === this.sessionId
+          );
+          if (existingIdx !== -1) {
+            epMetrics.sessions[existingIdx] = session;
+          } else {
+            epMetrics.sessions.push(session);
+          }
+          if (epMetrics.sessions.length > METRICS_MAX_SESSIONS) {
+            epMetrics.sessions = epMetrics.sessions.slice(-METRICS_MAX_SESSIONS);
+          }
+          acc.durations.length = 0;
+          acc.queryCounts.length = 0;
+          acc.errorCount = 0;
+        }
+        for (const [endpoint, points] of this.pendingPoints) {
+          if (points.length === 0) continue;
+          const epMetrics = this.getOrCreateEndpoint(endpoint);
+          const existing = epMetrics.dataPoints ?? [];
+          epMetrics.dataPoints = existing.concat(points).slice(-METRICS_MAX_DATA_POINTS);
+        }
+        this.pendingPoints.clear();
+        if (sync) {
+          this.persistence.saveSync(this.data);
+        } else {
+          this.persistence.save(this.data);
+        }
+      }
+      getOrCreateEndpoint(endpoint) {
+        let ep = this.endpointIndex.get(endpoint);
+        if (!ep) {
+          ep = { endpoint, sessions: [] };
+          this.data.endpoints.push(ep);
+          this.endpointIndex.set(endpoint, ep);
+        }
+        return ep;
+      }
+    };
   }
 });
-// src/dashboard/router.ts
-function isDashboardRequest(url) {
-  return url === DASHBOARD_PREFIX || url.startsWith(DASHBOARD_PREFIX + "/");
-}
-function createDashboardHandler(deps) {
-  const routes = {
-    [DASHBOARD_API_REQUESTS]: handleApiRequests,
-    [DASHBOARD_API_EVENTS]: createSSEHandler(deps.analysisEngine),
-    [DASHBOARD_API_FLOWS]: handleApiFlows,
-    [DASHBOARD_API_CLEAR]: createClearHandler(deps.metricsStore, deps.findingStore),
-    [DASHBOARD_API_LOGS]: handleApiLogs,
-    [DASHBOARD_API_FETCHES]: handleApiFetches,
-    [DASHBOARD_API_ERRORS]: handleApiErrors,
-    [DASHBOARD_API_QUERIES]: handleApiQueries,
-    [DASHBOARD_API_METRICS]: createMetricsHandler(deps.metricsStore),
-    [DASHBOARD_API_METRICS_LIVE]: createLiveMetricsHandler(deps.metricsStore),
-    [DASHBOARD_API_INGEST]: handleApiIngest,
-    [DASHBOARD_API_ACTIVITY]: handleApiActivity
-  };
-  if (deps.analysisEngine) {
-    routes[DASHBOARD_API_INSIGHTS] = createInsightsHandler(deps.analysisEngine);
-    routes[DASHBOARD_API_SECURITY] = createSecurityHandler(deps.analysisEngine);
-  }
-  if (deps.findingStore) {
-    routes[DASHBOARD_API_FINDINGS] = createFindingsHandler(deps.findingStore);
-  }
-  routes[DASHBOARD_API_TAB] = (req, res) => {
-    const raw = (req.url ?? "").split("tab=")[1];
-    if (raw) {
-      const tab = decodeURIComponent(raw).slice(0, MAX_TAB_NAME_LENGTH);
-      if (VALID_TABS.has(tab) && isTelemetryEnabled()) recordTabViewed(tab);
-    }
-    res.writeHead(204);
-    res.end();
-  };
-  return (req, res, config) => {
-    const path = (req.url ?? "/").split("?")[0];
-    const handler = routes[path];
-    if (handler) {
-      handler(req, res);
-      return;
-    }
-    if (isTelemetryEnabled()) recordDashboardOpened();
-    res.writeHead(200, {
-      "content-type": "text/html; charset=utf-8",
-      "cache-control": "no-cache",
-      ...SECURITY_HEADERS
-    });
-    res.end(getDashboardHtml(config));
-  };
-}
-var VALID_TABS, SECURITY_HEADERS;
-var init_router = __esm({
-  "src/dashboard/router.ts"() {
+// src/store/metrics/persistence.ts
+import { readFileSync as readFileSync4, existsSync as existsSync5, unlinkSync } from "fs";
+import { resolve as resolve3 } from "path";
+var FileMetricsPersistence;
+var init_persistence = __esm({
+  "src/store/metrics/persistence.ts"() {
     "use strict";
     init_constants();
-    init_api();
-    init_insights();
-    init_findings();
-    init_sse();
-    init_page();
-    init_telemetry();
-    VALID_TABS = /* @__PURE__ */ new Set([
-      "overview",
-      "actions",
-      "requests",
-      "fetches",
-      "queries",
-      "errors",
-      "logs",
-      "performance",
-      "security"
-    ]);
-    SECURITY_HEADERS = {
-      "x-content-type-options": "nosniff",
-      "x-frame-options": "DENY",
-      "referrer-policy": "no-referrer"
+    init_atomic_writer();
+    init_log();
+    FileMetricsPersistence = class {
+      metricsPath;
+      writer;
+      constructor(rootDir) {
+        this.metricsPath = resolve3(rootDir, METRICS_FILE);
+        this.writer = new AtomicWriter({
+          dir: resolve3(rootDir, METRICS_DIR),
+          filePath: this.metricsPath,
+          gitignoreEntry: METRICS_DIR,
+          label: "metrics"
+        });
+      }
+      load() {
+        try {
+          if (existsSync5(this.metricsPath)) {
+            const raw = readFileSync4(this.metricsPath, "utf-8");
+            const parsed = JSON.parse(raw);
+            if (parsed?.version === 1 && Array.isArray(parsed.endpoints)) {
+              return parsed;
+            }
+          }
+        } catch (err) {
+          brakitWarn(`failed to load metrics: ${err.message}`);
+        }
+        return { version: 1, endpoints: [] };
+      }
+      save(data) {
+        this.writer.writeAsync(JSON.stringify(data));
+      }
+      saveSync(data) {
+        this.writer.writeSync(JSON.stringify(data));
+      }
+      remove() {
+        try {
+          if (existsSync5(this.metricsPath)) {
+            unlinkSync(this.metricsPath);
+          }
+        } catch {
+        }
+      }
     };
   }
 });
-// src/constants/severity.ts
-var SEVERITY_ICON;
-var init_severity = __esm({
-  "src/constants/severity.ts"() {
+// src/store/index.ts
+var init_store = __esm({
+  "src/store/index.ts"() {
     "use strict";
-    SEVERITY_ICON = {
-      critical: "\u2717",
-      warning: "\u26A0",
-      info: "\u2139"
-    };
+    init_request_store();
+    init_telemetry_store();
+    init_fetch_store();
+    init_log_store();
+    init_error_store();
+    init_query_store();
+    init_metrics_store();
+    init_persistence();
   }
 });
@@ -7254,11 +7303,13 @@ function formatConsoleLine(insight, suffix) {
   }
   return line;
 }
-function createConsoleInsightListener(proxyPort, metricsStore) {
+function startTerminalInsights(registry, proxyPort) {
+  const bus = registry.get("event-bus");
+  const metricsStore = registry.get("metrics-store");
   const printedKeys = /* @__PURE__ */ new Set();
   const resolvedKeys = /* @__PURE__ */ new Set();
   const dashUrl = `localhost:${proxyPort}${DASHBOARD_PREFIX}`;
-  return ({ statefulInsights }) => {
+  return bus.on("analysis:updated", ({ statefulInsights }) => {
     const newLines = [];
     const resolvedLines = [];
     for (const si of statefulInsights) {
@@ -7300,7 +7351,7 @@ function createConsoleInsightListener(proxyPort, metricsStore) {
       print("");
       print(`  ${pc.magenta(pc.bold("brakit"))} ${pc.dim("\u2192")} ${pc.green("Issues fixed!")}`);
     }
-  };
+  });
 }
 var SEVERITY_COLOR;
 var init_terminal = __esm({
@@ -7394,10 +7445,11 @@ function outgoingToIncoming(headers) {
 }
 function decompress(body, encoding) {
   try {
-    if (encoding === "gzip") return gunzipSync(body);
-    if (encoding === "br") return brotliDecompressSync(body);
-    if (encoding === "deflate") return inflateSync(body);
-  } catch {
+    if (encoding === CONTENT_ENCODING_GZIP) return gunzipSync(body);
+    if (encoding === CONTENT_ENCODING_BR) return brotliDecompressSync(body);
+    if (encoding === CONTENT_ENCODING_DEFLATE) return inflateSync(body);
+  } catch (e) {
+    brakitDebug(`decompress failed: ${e.message}`);
   }
   return body;
 }
@@ -7407,7 +7459,7 @@ function toBuffer(chunk) {
   if (typeof chunk === "string") return Buffer.from(chunk);
   return null;
 }
-function captureInProcess(req, res, requestId) {
+function captureInProcess(req, res, requestId, requestStore) {
   const startTime = performance.now();
   const method = req.method ?? "GET";
   const resChunks = [];
@@ -7424,7 +7476,8 @@ function captureInProcess(req, res, requestId) {
           resSize += buf.length;
         }
       }
-    } catch {
+    } catch (e) {
+      brakitDebug(`capture write: ${e.message}`);
     }
     return originalWrite.apply(this, args);
   };
@@ -7437,7 +7490,8 @@ function captureInProcess(req, res, requestId) {
           resChunks.push(buf);
         }
       }
-    } catch {
+    } catch (e) {
+      brakitDebug(`capture end: ${e.message}`);
     }
     const result = originalEnd.apply(this, args);
     const endTime = performance.now();
@@ -7447,7 +7501,7 @@ function captureInProcess(req, res, requestId) {
       if (body && encoding) {
         body = decompress(body, encoding);
       }
-      defaultStore.capture({
+      requestStore.capture({
         requestId,
         method,
         url: req.url ?? "/",
@@ -7461,7 +7515,8 @@ function captureInProcess(req, res, requestId) {
         endTime,
         config: { maxBodyCapture: DEFAULT_MAX_BODY_CAPTURE }
       });
-    } catch {
+    } catch (e) {
+      brakitDebug(`capture store: ${e.message}`);
     }
     return result;
   };
@@ -7469,8 +7524,8 @@ function captureInProcess(req, res, requestId) {
 var init_capture = __esm({
   "src/runtime/capture.ts"() {
     "use strict";
-    init_request_log();
     init_constants();
+    init_log();
   }
 });
@@ -7496,6 +7551,10 @@ function installInterceptor(deps) {
           deps.onFirstRequest(port);
         }
       }
+      const localPort = req.socket.localPort;
+      if (bannerPrinted && localPort && deps.config.proxyPort && localPort !== deps.config.proxyPort) {
+        return original.apply(this, [event, ...args]);
+      }
       if (isDashboardRequest(url)) {
         if (!isLocalRequest(req)) {
           res.writeHead(404);
@@ -7511,7 +7570,7 @@ function installInterceptor(deps) {
         url,
         method: req.method ?? "GET"
       };
-      captureInProcess(req, res, requestId);
+      captureInProcess(req, res, requestId, deps.requestStore);
       return storage.run(
         ctx,
         () => original.apply(this, [event, ...args])
@@ -7543,91 +7602,115 @@ var setup_exports = {};
 __export(setup_exports, {
   setup: () => setup
 });
-import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync5, existsSync as existsSync5, unlinkSync as unlinkSync2 } from "fs";
+import { writeFileSync as writeFileSync4, readFileSync as readFileSync5, mkdirSync as mkdirSync4, existsSync as existsSync6, unlinkSync as unlinkSync2 } from "fs";
 import { resolve as resolve4 } from "path";
 function setup() {
   if (initialized) return;
   initialized = true;
-  setEmitter(routeEvent2);
-  setupFetchHook();
-  setupConsoleHook();
-  setupErrorHook();
-  const registry = createDefaultRegistry();
-  registry.patchAll(routeEvent2);
+  const bus = new EventBus();
+  const registry = new ServiceRegistry();
+  const requestStore = new RequestStore();
+  const fetchStore = new FetchStore();
+  const logStore = new LogStore();
+  const errorStore = new ErrorStore();
+  const queryStore = new QueryStore();
+  registry.register("event-bus", bus);
+  registry.register("request-store", requestStore);
+  registry.register("fetch-store", fetchStore);
+  registry.register("log-store", logStore);
+  registry.register("error-store", errorStore);
+  registry.register("query-store", queryStore);
+  bus.on("telemetry:fetch", (data) => fetchStore.add(data));
+  bus.on("telemetry:query", (data) => queryStore.add(data));
+  bus.on("telemetry:log", (data) => logStore.add(data));
+  bus.on("telemetry:error", (data) => errorStore.add(data));
+  requestStore.onRequest((req) => bus.emit("request:completed", req));
+  const telemetryEmit = (event) => {
+    const channel = `telemetry:${event.type}`;
+    bus.emit(channel, event.data);
+  };
+  setupFetchHook(telemetryEmit);
+  setupConsoleHook(telemetryEmit);
+  setupErrorHook(telemetryEmit);
+  const adapterRegistry = createDefaultRegistry();
+  adapterRegistry.patchAll(telemetryEmit);
   const cwd = process.cwd();
   const metricsStore = new MetricsStore(new FileMetricsPersistence(cwd));
   metricsStore.start();
+  registry.register("metrics-store", metricsStore);
   const findingStore = new FindingStore(cwd);
   findingStore.start();
-  const analysisEngine = new AnalysisEngine(metricsStore, findingStore);
+  registry.register("finding-store", findingStore);
+  const analysisEngine = new AnalysisEngine(registry);
   analysisEngine.start();
-  const config = {
-    proxyPort: 0,
-    targetPort: 0,
-    showStatic: false,
-    maxBodyCapture: DEFAULT_MAX_BODY_CAPTURE
-  };
-  const handleDashboard = createDashboardHandler({ metricsStore, analysisEngine, findingStore });
-  onRequest((req) => {
-    const queries = defaultQueryStore.getByRequest(req.id);
-    const fetches = defaultFetchStore.getByRequest(req.id);
+  registry.register("analysis-engine", analysisEngine);
+  bus.on("request:completed", (req) => {
+    const queries = queryStore.getByRequest(req.id);
+    const fetches = fetchStore.getByRequest(req.id);
     metricsStore.recordRequest(req, {
       queryCount: queries.length,
       queryTimeMs: queries.reduce((s, q) => s + q.durationMs, 0),
       fetchTimeMs: fetches.reduce((s, f) => s + f.durationMs, 0)
     });
   });
+  const config = {
+    proxyPort: 0,
+    targetPort: 0,
+    showStatic: false,
+    maxBodyCapture: DEFAULT_MAX_BODY_CAPTURE
+  };
+  const handleDashboard = createDashboardHandler(registry);
+  let terminalDispose = null;
   installInterceptor({
     handleDashboard,
     config,
+    requestStore,
     onFirstRequest(port) {
+      setBrakitPort(port);
       const dir = resolve4(cwd, METRICS_DIR);
-      if (!existsSync5(dir)) mkdirSync5(dir, { recursive: true });
-      writeFileSync5(resolve4(cwd, PORT_FILE), String(port));
-      analysisEngine.onUpdate(createConsoleInsightListener(port, metricsStore));
+      if (!existsSync6(dir)) mkdirSync4(dir, { recursive: true });
+      const portPath = resolve4(cwd, PORT_FILE);
+      if (existsSync6(portPath)) {
+        const old = readFileSync5(portPath, "utf-8").trim();
+        if (old && old !== String(port)) {
+          brakitDebug(`Overwriting stale port file (was ${old}, now ${port})`);
+        }
+      }
+      writeFileSync4(portPath, String(port));
+      terminalDispose = startTerminalInsights(registry, port);
       process.stdout.write(`  brakit v${VERSION} \u2014 http://localhost:${port}${DASHBOARD_PREFIX}
 `);
     }
   });
   health.setTeardown(() => {
     uninstallInterceptor();
+    terminalDispose?.();
     analysisEngine.stop();
     findingStore.stop();
     metricsStore.stop();
     try {
       const portPath = resolve4(cwd, PORT_FILE);
-      if (existsSync5(portPath)) unlinkSync2(portPath);
+      if (existsSync6(portPath)) unlinkSync2(portPath);
     } catch {
     }
   });
 }
-function routeEvent2(event) {
-  switch (event.type) {
-    case "fetch":
-      defaultFetchStore.add(event.data);
-      break;
-    case "log":
-      defaultLogStore.add(event.data);
-      break;
-    case "error":
-      defaultErrorStore.add(event.data);
-      break;
-    case "query":
-      defaultQueryStore.add(event.data);
-      break;
-  }
-}
 var initialized;
 var init_setup = __esm({
   "src/runtime/setup.ts"() {
     "use strict";
-    init_transport2();
     init_fetch();
     init_console();
     init_errors();
     init_adapters();
     init_router();
-    init_request_log();
+    init_event_bus();
+    init_service_registry();
+    init_request_store();
+    init_fetch_store();
+    init_log_store();
+    init_error_store();
+    init_query_store();
     init_store();
     init_finding_store();
     init_engine();
@@ -7636,6 +7719,7 @@ var init_setup = __esm({
     init_constants();
     init_health2();
     init_interceptor();
+    init_log();
     initialized = false;
   }
 });