observability-toolkit 1.8.2 → 1.8.5

package/dist/backends/signoz-api.test.js

@@ -1,65 +1,16 @@
-import { describe, it, mock } from 'node:test';
+/**
+ * Core SigNoz API backend tests
+ * L-STYLE-2: Split from original 2797-line file for maintainability
+ *
+ * Related test files:
+ * - signoz-api-circuit-breaker.test.ts - Circuit breaker tests
+ * - signoz-api-rate-limiter.test.ts - Rate limiter tests
+ * - signoz-api-ssrf.test.ts - SSRF protection tests
+ */
+import { describe, it } from 'node:test';
 import assert from 'node:assert';
 import { SigNozApiBackend } from './signoz-api.js';
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-const setupMock = (fn) => mock.fn(fn);
-// Helper to encode cursor (matches internal implementation)
-function encodeCursor(data) {
-    return Buffer.from(JSON.stringify(data)).toString('base64');
-}
-// Helper to create v5 API response format for traces
-function createV5TraceResponse(spans) {
-    return {
-        data: {
-            data: {
-                results: [{
-                        rows: spans.map(s => ({
-                            timestamp: s.timestamp || new Date().toISOString(),
-                            data: {
-                                trace_id: s.traceID || s.trace_id,
-                                span_id: s.spanID || s.span_id,
-                                parent_span_id: s.parentSpanID || s.parent_span_id,
-                                name: s.name,
-                                kind: s.kind,
-                                duration_nano: s.durationNano || s.duration_nano,
-                                'service.name': s.serviceName || s['service.name'],
-                                response_status_code: s.statusCode,
-                            },
-                        })),
-                    }],
-            },
-        },
-    };
-}
-// Helper to create v5 API log response format
-function createV5LogResponse(logs) {
-    return {
-        data: {
-            data: {
-                results: [{
-                        rows: logs.map(l => ({
-                            timestamp: l.timestamp || new Date().toISOString(),
-                            data: l,
-                        })),
-                    }],
-            },
-        },
-    };
-}
-// Helper to create v5 API metric response format
-function createV5MetricResponse(series) {
-    return {
-        data: {
-            data: {
-                results: [{
-                        aggregations: [{
-                                series: series,
-                            }],
-                    }],
-            },
-        },
-    };
-}
+import { setupMock, createV5TraceResponse, createV5LogResponse, createV5MetricResponse, } from './signoz-api-test-helpers.js';
 describe('SigNozApiBackend', () => {
     describe('constructor', () => {
         it('should initialize with default URL and API key from environment', () => {
@@ -873,972 +824,8 @@ describe('SigNozApiBackend', () => {
             assert.deepStrictEqual(result, []);
         });
     });
-    describe('circuit breaker', () => {
-        it('should open circuit after 3 consecutive failures', async () => {
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // First 3 failures should hit the API (non-circuit-breaker errors are thrown)
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected - API errors are thrown
-                }
-            }
-            assert.strictEqual(callCount, 3);
-            // 4th call should be blocked by circuit breaker (returns [] instead of calling fetch)
-            const prevCount = callCount;
-            const result = await backend.queryTraces({});
-            assert.deepStrictEqual(result, [], 'Should return empty array when circuit open');
-            assert.strictEqual(callCount, prevCount, 'Should not have made another fetch call when circuit open');
-        });
-        it('should allow request in half-open state after reset time', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Trigger 3 failures to open circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            assert.strictEqual(callCount, 3);
-            // Verify circuit is open (returns [] without fetch call)
-            const result = await backend.queryTraces({});
-            assert.deepStrictEqual(result, []);
-            assert.strictEqual(callCount, 3, 'Should not have made fetch call when circuit open');
-            // Advance time past reset period (default 60000ms)
-            currentTime += 61000;
-            // Should allow one request in half-open state
-            try {
-                await backend.queryTraces({});
-            }
-            catch {
-                // expected to fail, but should have made the request
-            }
-            assert.strictEqual(callCount, 4, 'Should have made request in half-open state');
-            Date.now = originalDateNow;
-        });
-        it('should close circuit after successful request in half-open state', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let shouldFail = true;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                if (shouldFail) {
-                    throw new Error('API error');
-                }
-                return {
-                    ok: true,
-                    json: async () => createV5TraceResponse([]),
-                    text: async () => '',
-                };
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Trigger 3 failures to open circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            // Advance time past reset period
-            currentTime += 61000;
-            shouldFail = false;
-            // Successful request in half-open state should close circuit
-            await backend.queryTraces({});
-            assert.strictEqual(callCount, 4);
-            // Circuit should be closed, subsequent requests should work
-            await backend.queryTraces({});
-            assert.strictEqual(callCount, 5);
-            Date.now = originalDateNow;
-        });
-        it('should reopen circuit after failure in half-open state', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Trigger 3 failures to open circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            assert.strictEqual(callCount, 3);
-            // Advance time past reset period
-            currentTime += 61000;
-            // Request in half-open state fails
-            try {
-                await backend.queryTraces({});
-            }
-            catch {
-                // expected
-            }
-            assert.strictEqual(callCount, 4);
-            // Circuit should be open again (failure in half-open reopens it)
-            const result = await backend.queryTraces({});
-            assert.deepStrictEqual(result, []);
-            assert.strictEqual(callCount, 4, 'Should not have made fetch call when circuit reopened');
-            Date.now = originalDateNow;
-        });
-        it('should reset failure count after successful request', async () => {
-            let shouldFail = true;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                if (shouldFail) {
-                    throw new Error('API error');
-                }
-                return {
-                    ok: true,
-                    json: async () => createV5TraceResponse([]),
-                    text: async () => '',
-                };
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // 2 failures (not enough to open circuit)
-            for (let i = 0; i < 2; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            assert.strictEqual(callCount, 2);
-            // Successful request should reset failure count
-            shouldFail = false;
-            await backend.queryTraces({});
-            assert.strictEqual(callCount, 3);
-            // 2 more failures should not open circuit (count was reset)
-            shouldFail = true;
-            for (let i = 0; i < 2; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            assert.strictEqual(callCount, 5);
-            // Should still be able to make requests (circuit not open)
-            try {
-                await backend.queryTraces({});
-            }
-            catch {
-                // expected to fail but should make the call
-            }
-            assert.strictEqual(callCount, 6, 'Circuit should still be closed');
-        });
-        it('should block all query methods when circuit is open', async () => {
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Open the circuit with traces
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            assert.strictEqual(callCount, 3);
-            // All methods should be blocked
-            const methods = [
-                () => backend.queryTraces({}),
-                () => backend.queryLogs({}),
-                () => backend.queryMetrics({ metricName: 'test' }),
-            ];
-            for (const method of methods) {
-                const prevCount = callCount;
-                try {
-                    await method();
-                }
-                catch {
-                    // queryTraces and queryLogs return [] on error, queryMetrics might too
-                }
-                // Verify no additional fetch calls were made
-                assert.strictEqual(callCount, prevCount, 'Should not make fetch call when circuit open');
-            }
-        });
-        it('should report circuit breaker state in health check', async () => {
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Open the circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            // Health check should report circuit breaker status
-            const health = await backend.healthCheck();
-            assert.strictEqual(health.status, 'error');
-            assert(health.message?.includes('Circuit breaker'));
-        });
-        it('should log warning when circuit breaker opens', async () => {
-            const warnLogs = [];
-            const originalWarn = console.warn;
-            console.warn = (msg) => { warnLogs.push(msg); };
-            globalThis.fetch = setupMock(async () => {
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Trigger 3 failures to open circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            console.warn = originalWarn;
-            // Should have logged one warning when circuit opened
-            assert.strictEqual(warnLogs.length, 1);
-            assert(warnLogs[0].includes('[obs-toolkit] Circuit breaker OPENED'));
-            assert(warnLogs[0].includes('3 consecutive failures'));
-            assert(warnLogs[0].includes('was: closed'));
-        });
-        it('should log info when circuit breaker enters half-open state', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            const infoLogs = [];
-            const originalInfo = console.info;
-            console.info = (msg) => { infoLogs.push(msg); };
-            globalThis.fetch = setupMock(async () => {
-                throw new Error('API error');
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Trigger 3 failures to open circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            // Advance time past reset period (default 60000ms)
-            currentTime += 61000;
-            // Attempt a request which should trigger half-open transition
-            try {
-                await backend.queryTraces({});
-            }
-            catch {
-                // expected to fail
-            }
-            console.info = originalInfo;
-            Date.now = originalDateNow;
-            // Should have logged info when entering half-open state
-            assert(infoLogs.some(log => log.includes('[obs-toolkit] Circuit breaker entering HALF-OPEN state')));
-        });
-        it('should log info when circuit breaker closes after successful request', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            const infoLogs = [];
-            const originalInfo = console.info;
-            console.info = (msg) => { infoLogs.push(msg); };
-            let shouldFail = true;
-            globalThis.fetch = setupMock(async () => {
-                if (shouldFail) {
-                    throw new Error('API error');
-                }
-                return {
-                    ok: true,
-                    json: async () => createV5TraceResponse([]),
-                    text: async () => '',
-                };
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Trigger 3 failures to open circuit
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // expected
-                }
-            }
-            // Advance time past reset period
-            currentTime += 61000;
-            shouldFail = false;
-            // Successful request in half-open state should close circuit and log
-            await backend.queryTraces({});
-            console.info = originalInfo;
-            Date.now = originalDateNow;
-            // Should have logged both half-open transition and close
-            assert(infoLogs.some(log => log.includes('[obs-toolkit] Circuit breaker entering HALF-OPEN state')));
-            assert(infoLogs.some(log => log.includes('[obs-toolkit] Circuit breaker CLOSED after successful request')));
-        });
-    });
-    describe('cursor-based pagination', () => {
-        describe('queryTracesPaginated', () => {
-            it('should return paginated results with hasMore=false when fewer results than limit', async () => {
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5TraceResponse([
-                        { traceID: 't1', spanID: 's1', name: 'op1', timestamp: '2026-01-01T12:00:00Z', durationNano: 100000 },
-                        { traceID: 't2', spanID: 's2', name: 'op2', timestamp: '2026-01-01T12:01:00Z', durationNano: 200000 },
-                    ]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryTracesPaginated({ limit: 10 });
-                assert.strictEqual(result.data.length, 2);
-                assert.strictEqual(result.hasMore, false);
-                assert.strictEqual(result.nextCursor, undefined);
-            });
-            it('should return hasMore=true and nextCursor when more results available', async () => {
-                // Return 3 results when limit is 2 (we request limit+1 to detect hasMore)
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5TraceResponse([
-                        { traceID: 't1', spanID: 's1', name: 'op1', timestamp: '2026-01-01T12:00:00Z', durationNano: 100000 },
-                        { traceID: 't2', spanID: 's2', name: 'op2', timestamp: '2026-01-01T12:01:00Z', durationNano: 200000 },
-                        { traceID: 't3', spanID: 's3', name: 'op3', timestamp: '2026-01-01T12:02:00Z', durationNano: 300000 },
-                    ]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryTracesPaginated({ limit: 2 });
-                assert.strictEqual(result.data.length, 2);
-                assert.strictEqual(result.hasMore, true);
-                assert.ok(result.nextCursor);
-            });
-            it('should decode cursor and use for pagination', async () => {
-                let capturedBody;
-                globalThis.fetch = setupMock(async (_url, options) => {
-                    if (options?.body) {
-                        capturedBody = JSON.parse(String(options.body));
-                    }
-                    return {
-                        ok: true,
-                        json: async () => createV5TraceResponse([]),
-                        text: async () => '',
-                    };
-                });
-                const cursor = encodeCursor({ ts: 1704110400000, offset: 50 });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                await backend.queryTracesPaginated({ cursor, limit: 10 });
-                const body = capturedBody;
-                assert.strictEqual(body.start, 1704110400000);
-                const query = body.compositeQuery.queries;
-                const spec = query[0].spec;
-                assert.strictEqual(spec.offset, 50);
-            });
-            it('should ignore invalid cursor and use default values', async () => {
-                let capturedBody;
-                globalThis.fetch = setupMock(async (_url, options) => {
-                    if (options?.body) {
-                        capturedBody = JSON.parse(String(options.body));
-                    }
-                    return {
-                        ok: true,
-                        json: async () => createV5TraceResponse([]),
-                        text: async () => '',
-                    };
-                });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                await backend.queryTracesPaginated({ cursor: 'invalid-cursor', limit: 10 });
-                const body = capturedBody;
-                const query = body.compositeQuery.queries;
-                const spec = query[0].spec;
-                assert.strictEqual(spec.offset, 0);
-            });
-            it('should return empty result on circuit breaker error', async () => {
-                globalThis.fetch = setupMock(async () => {
-                    throw new Error('Circuit breaker open - SigNoz API unavailable');
-                });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryTracesPaginated({});
-                assert.deepStrictEqual(result.data, []);
-                assert.strictEqual(result.hasMore, false);
-            });
-        });
-        describe('queryLogsPaginated', () => {
-            it('should return paginated log results', async () => {
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5LogResponse([
-                        { body: 'log1', severity_text: 'INFO', timestamp: '2026-01-01T12:00:00Z' },
-                        { body: 'log2', severity_text: 'ERROR', timestamp: '2026-01-01T12:01:00Z' },
-                    ]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryLogsPaginated({ limit: 10 });
-                assert.strictEqual(result.data.length, 2);
-                assert.strictEqual(result.hasMore, false);
-            });
-            it('should return hasMore=true when more logs available', async () => {
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5LogResponse([
-                        { body: 'log1', severity_text: 'INFO', timestamp: '2026-01-01T12:00:00Z' },
-                        { body: 'log2', severity_text: 'ERROR', timestamp: '2026-01-01T12:01:00Z' },
-                        { body: 'log3', severity_text: 'WARN', timestamp: '2026-01-01T12:02:00Z' },
-                    ]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryLogsPaginated({ limit: 2 });
-                assert.strictEqual(result.data.length, 2);
-                assert.strictEqual(result.hasMore, true);
-                assert.ok(result.nextCursor);
-            });
-            it('should decode cursor for log pagination', async () => {
-                let capturedBody;
-                globalThis.fetch = setupMock(async (_url, options) => {
-                    if (options?.body) {
-                        capturedBody = JSON.parse(String(options.body));
-                    }
-                    return {
-                        ok: true,
-                        json: async () => createV5LogResponse([]),
-                        text: async () => '',
-                    };
-                });
-                const cursor = encodeCursor({ ts: 1704110400000, offset: 25 });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                await backend.queryLogsPaginated({ cursor, limit: 10 });
-                const body = capturedBody;
-                assert.strictEqual(body.start, 1704110400000);
-                const query = body.compositeQuery.queries;
-                const spec = query[0].spec;
-                assert.strictEqual(spec.offset, 25);
-            });
-            it('should return empty result on circuit breaker error', async () => {
-                globalThis.fetch = setupMock(async () => {
-                    throw new Error('Circuit breaker open - SigNoz API unavailable');
-                });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryLogsPaginated({});
-                assert.deepStrictEqual(result.data, []);
-                assert.strictEqual(result.hasMore, false);
-            });
-        });
-        describe('queryMetricsPaginated', () => {
-            it('should return paginated metric results', async () => {
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5MetricResponse([{
-                            values: [
-                                { timestamp: 1704110400000, value: 42.5 },
-                                { timestamp: 1704110460000, value: 43.2 },
-                            ],
-                        }]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryMetricsPaginated({ metricName: 'test_metric', limit: 10 });
-                assert.strictEqual(result.data.length, 2);
-                assert.strictEqual(result.hasMore, false);
-            });
-            it('should return hasMore=true when more metrics available', async () => {
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5MetricResponse([{
-                            values: [
-                                { timestamp: 1704110400000, value: 1 },
-                                { timestamp: 1704110460000, value: 2 },
-                                { timestamp: 1704110520000, value: 3 },
-                            ],
-                        }]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryMetricsPaginated({ metricName: 'test_metric', limit: 2 });
-                assert.strictEqual(result.data.length, 2);
-                assert.strictEqual(result.hasMore, true);
-                assert.ok(result.nextCursor);
-            });
-            it('should decode cursor for metric pagination', async () => {
-                let capturedBody;
-                globalThis.fetch = setupMock(async (_url, options) => {
-                    if (options?.body) {
-                        capturedBody = JSON.parse(String(options.body));
-                    }
-                    return {
-                        ok: true,
-                        json: async () => createV5MetricResponse([]),
-                        text: async () => '',
-                    };
-                });
-                const cursor = encodeCursor({ ts: 1704110400000, offset: 100 });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                await backend.queryMetricsPaginated({ cursor, metricName: 'test_metric', limit: 10 });
-                const body = capturedBody;
-                assert.strictEqual(body.start, 1704110400000);
-                const query = body.compositeQuery.queries;
-                const spec = query[0].spec;
-                assert.strictEqual(spec.offset, 100);
-            });
-            it('should throw error when metricName missing', async () => {
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                try {
-                    await backend.queryMetricsPaginated({ limit: 10 });
-                    assert.fail('Should have thrown an error');
-                }
-                catch (error) {
-                    assert(error instanceof Error);
-                    assert(error.message.includes('metricName is required'));
-                }
-            });
-            it('should return empty result on circuit breaker error', async () => {
-                globalThis.fetch = setupMock(async () => {
-                    throw new Error('Circuit breaker open - SigNoz API unavailable');
-                });
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryMetricsPaginated({ metricName: 'test_metric' });
-                assert.deepStrictEqual(result.data, []);
-                assert.strictEqual(result.hasMore, false);
-            });
-        });
-        describe('cursor encoding/decoding', () => {
-            it('should produce valid base64 cursor', async () => {
-                globalThis.fetch = setupMock(async () => ({
-                    ok: true,
-                    json: async () => createV5TraceResponse([
-                        { traceID: 't1', spanID: 's1', name: 'op1', timestamp: '2026-01-01T12:00:00Z', durationNano: 100000 },
-                        { traceID: 't2', spanID: 's2', name: 'op2', timestamp: '2026-01-01T12:01:00Z', durationNano: 200000 },
-                        { traceID: 't3', spanID: 's3', name: 'op3', timestamp: '2026-01-01T12:02:00Z', durationNano: 300000 },
-                    ]),
-                    text: async () => '',
-                }));
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                const result = await backend.queryTracesPaginated({ limit: 2 });
-                assert.ok(result.nextCursor);
-                // Verify cursor is valid base64
-                const decoded = Buffer.from(result.nextCursor, 'base64').toString('utf-8');
-                const parsed = JSON.parse(decoded);
-                assert.strictEqual(typeof parsed.ts, 'number');
-                assert.strictEqual(typeof parsed.offset, 'number');
-            });
-            it('should handle cursor with malformed JSON gracefully', async () => {
-                let capturedBody;
-                globalThis.fetch = setupMock(async (_url, options) => {
-                    if (options?.body) {
-                        capturedBody = JSON.parse(String(options.body));
-                    }
-                    return {
-                        ok: true,
-                        json: async () => createV5TraceResponse([]),
-                        text: async () => '',
-                    };
-                });
-                // Create a base64 string that isn't valid JSON
-                const badCursor = Buffer.from('not valid json').toString('base64');
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                await backend.queryTracesPaginated({ cursor: badCursor, limit: 10 });
-                // Should use default offset
-                const body = capturedBody;
-                const query = body.compositeQuery.queries;
-                const spec = query[0].spec;
-                assert.strictEqual(spec.offset, 0);
-            });
-            it('should handle cursor with wrong types gracefully', async () => {
-                let capturedBody;
-                globalThis.fetch = setupMock(async (_url, options) => {
-                    if (options?.body) {
-                        capturedBody = JSON.parse(String(options.body));
-                    }
-                    return {
-                        ok: true,
-                        json: async () => createV5TraceResponse([]),
-                        text: async () => '',
-                    };
-                });
-                // Create a cursor with wrong types
-                const badCursor = Buffer.from(JSON.stringify({ ts: 'not a number', offset: 'also not' })).toString('base64');
-                const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-                await backend.queryTracesPaginated({ cursor: badCursor, limit: 10 });
-                // Should use default offset
-                const body = capturedBody;
-                const query = body.compositeQuery.queries;
-                const spec = query[0].spec;
-                assert.strictEqual(spec.offset, 0);
-            });
-        });
-    });
-    describe('rate limiter', () => {
-        it('should allow requests up to max tokens', async () => {
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                return {
-                    ok: true,
-                    json: async () => createV5TraceResponse([]),
-                    text: async () => '',
-                };
-            });
-            // Create backend - default is 60 tokens
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Make multiple rapid requests - should all succeed within token limit
-            for (let i = 0; i < 10; i++) {
-                await backend.queryTraces({});
-            }
-            assert.strictEqual(callCount, 10, 'All requests within limit should succeed');
-        });
-        it('should block requests when rate limit exceeded', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                return {
-                    ok: true,
-                    json: async () => createV5TraceResponse([]),
-                    text: async () => '',
-                };
-            });
-            // Create backend with very low rate limit (3 tokens) for testing
-            // We need to test the TokenBucketRateLimiter directly since the backend
-            // uses the default from constants
-            const { TokenBucketRateLimiter } = await import('./signoz-api.js');
-            const limiter = new TokenBucketRateLimiter(3, 1); // 3 tokens, 1/sec refill
-            // Use all tokens
-            assert.strictEqual(limiter.tryConsume(), true, '1st token should be available');
-            assert.strictEqual(limiter.tryConsume(), true, '2nd token should be available');
-            assert.strictEqual(limiter.tryConsume(), true, '3rd token should be available');
-            assert.strictEqual(limiter.tryConsume(), false, '4th token should be blocked');
-            Date.now = originalDateNow;
-        });
-        it('should refill tokens over time', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            const { TokenBucketRateLimiter } = await import('./signoz-api.js');
-            const limiter = new TokenBucketRateLimiter(3, 1); // 3 tokens, 1/sec refill
-            // Use all tokens
-            limiter.tryConsume();
-            limiter.tryConsume();
-            limiter.tryConsume();
-            assert.strictEqual(limiter.getAvailableTokens(), 0, 'All tokens should be used');
-            // Advance time by 2 seconds
-            currentTime += 2000;
-            // Should have refilled 2 tokens
-            assert.strictEqual(limiter.getAvailableTokens(), 2, 'Should have refilled 2 tokens');
-            // Advance time by 5 more seconds (past max)
-            currentTime += 5000;
-            // Should cap at max tokens
-            assert.strictEqual(limiter.getAvailableTokens(), 3, 'Should cap at max tokens');
-            Date.now = originalDateNow;
-        });
-        it('should return empty array when rate limited', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                return {
-                    ok: true,
-                    json: async () => createV5TraceResponse([]),
-                    text: async () => '',
-                };
-            });
-            // We can't easily set custom rate limits on the backend, so we'll test
-            // the behavior by making 60+ requests (default limit)
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Make 60 requests (default token limit)
-            for (let i = 0; i < 60; i++) {
-                await backend.queryTraces({});
-            }
-            assert.strictEqual(callCount, 60);
-            // 61st request should be rate limited
-            const result = await backend.queryTraces({});
-            assert.deepStrictEqual(result, [], 'Should return empty array when rate limited');
-            assert.strictEqual(callCount, 60, 'Should not have made fetch call when rate limited');
-            Date.now = originalDateNow;
-        });
-        it('should log warning when rate limit exceeded', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            const warnLogs = [];
-            const originalWarn = console.warn;
-            console.warn = (msg) => { warnLogs.push(msg); };
-            const { TokenBucketRateLimiter } = await import('./signoz-api.js');
-            const limiter = new TokenBucketRateLimiter(2, 1);
-            // Use all tokens
-            limiter.tryConsume();
-            limiter.tryConsume();
-            // This should trigger the warning
-            limiter.tryConsume();
-            console.warn = originalWarn;
-            Date.now = originalDateNow;
-            assert(warnLogs.some(log => log.includes('[obs-toolkit] Rate limit exceeded')));
-        });
-        it('should report rate limit status in health check', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                return {
-                    ok: true,
-                    json: async () => ({ status: 'success' }),
-                    text: async () => '',
-                };
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Use all 60 tokens
-            for (let i = 0; i < 60; i++) {
-                await backend.queryTraces({});
-            }
-            // Health check should report rate limit status
-            const health = await backend.healthCheck();
-            assert.strictEqual(health.status, 'error');
-            assert(health.message?.includes('Rate limit'));
-            Date.now = originalDateNow;
-        });
-        it('should reset tokens with reset method', async () => {
-            const { TokenBucketRateLimiter } = await import('./signoz-api.js');
-            const limiter = new TokenBucketRateLimiter(3, 1);
-            // Use all tokens
-            limiter.tryConsume();
-            limiter.tryConsume();
-            limiter.tryConsume();
-            assert.strictEqual(limiter.getAvailableTokens(), 0);
-            // Reset
-            limiter.reset();
-            assert.strictEqual(limiter.getAvailableTokens(), 3, 'Should have all tokens after reset');
-        });
-        it('should handle logs query when rate limited', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                return {
-                    ok: true,
-                    json: async () => ({ data: { data: { results: [] } } }),
-                    text: async () => '',
-                };
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Use all 60 tokens
-            for (let i = 0; i < 60; i++) {
-                await backend.queryTraces({});
-            }
-            assert.strictEqual(callCount, 60);
-            // Logs query should also be rate limited
-            const result = await backend.queryLogs({});
-            assert.deepStrictEqual(result, []);
-            assert.strictEqual(callCount, 60, 'Should not make fetch call for logs when rate limited');
-            Date.now = originalDateNow;
-        });
-        it('should handle metrics query when rate limited', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                return {
-                    ok: true,
-                    json: async () => ({ data: { data: { results: [] } } }),
-                    text: async () => '',
-                };
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Use all 60 tokens
-            for (let i = 0; i < 60; i++) {
-                await backend.queryTraces({});
-            }
-            assert.strictEqual(callCount, 60);
-            // Metrics query should also be rate limited
-            const result = await backend.queryMetrics({ metricName: 'test' });
-            assert.deepStrictEqual(result, []);
-            assert.strictEqual(callCount, 60, 'Should not make fetch call for metrics when rate limited');
-            Date.now = originalDateNow;
-        });
-        it('should refund single token correctly', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            const { TokenBucketRateLimiter } = await import('./signoz-api.js');
-            const limiter = new TokenBucketRateLimiter(3, 1); // 3 tokens, 1/sec refill
-            // Use all tokens
-            limiter.tryConsume();
-            limiter.tryConsume();
-            limiter.tryConsume();
-            assert.strictEqual(limiter.getAvailableTokens(), 0, 'All tokens should be used');
-            // Refund one token
-            limiter.refund();
-            assert.strictEqual(limiter.getAvailableTokens(), 1, 'Should have 1 token after refund');
-            // Refund again
-            limiter.refund();
-            assert.strictEqual(limiter.getAvailableTokens(), 2, 'Should have 2 tokens after second refund');
-            // Refund at max should not exceed max
-            limiter.refund();
-            limiter.refund(); // This should cap at max
-            assert.strictEqual(limiter.getAvailableTokens(), 3, 'Should cap at max tokens');
-            Date.now = originalDateNow;
-        });
-        it('should refund token when circuit breaker rejects request', async () => {
-            const originalDateNow = Date.now;
-            let currentTime = 1000000;
-            Date.now = () => currentTime;
-            let callCount = 0;
-            globalThis.fetch = setupMock(async () => {
-                callCount++;
-                // Simulate failures to open circuit breaker
-                const response = {
-                    ok: false,
-                    status: 500,
-                    json: async () => ({}),
-                    text: async () => 'Internal Server Error',
-                };
-                return response;
-            });
-            const backend = new SigNozApiBackend('https://signoz.example.com', 'test-key');
-            // Cause circuit breaker to open (default is 3 failures per constants.ts)
-            for (let i = 0; i < 3; i++) {
-                try {
-                    await backend.queryTraces({});
-                }
-                catch {
-                    // Expected to throw
-                }
-            }
-            assert.strictEqual(callCount, 3, 'Should have made 3 failing requests');
-            // Get initial token count - 60 tokens - 3 consumed = 57
-            // Now circuit breaker is open, subsequent requests should refund tokens
-            const result1 = await backend.queryTraces({});
-            assert.deepStrictEqual(result1, [], 'Should return empty when circuit breaker open');
-            // This should not consume more tokens because the token was refunded
-            const result2 = await backend.queryTraces({});
-            assert.deepStrictEqual(result2, [], 'Should return empty when circuit breaker open');
-            // No additional fetch calls should have been made
-            assert.strictEqual(callCount, 3, 'Should not make more fetch calls when circuit breaker open');
-            Date.now = originalDateNow;
-        });
-    });
-    describe('SSRF protection', () => {
-        it('should block localhost URL', () => {
-            const backend = new SigNozApiBackend('https://localhost/api', 'test-key');
-            // Backend with blocked URL will have empty baseUrl
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should have empty base for blocked localhost');
-        });
-        it('should block 127.0.0.1', () => {
-            const backend = new SigNozApiBackend('https://127.0.0.1/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should have empty base for blocked 127.0.0.1');
-        });
-        it('should block IPv6 localhost ::1', () => {
-            const backend = new SigNozApiBackend('https://[::1]/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block IPv6 localhost');
-        });
-        it('should block long-form IPv6 localhost', () => {
-            const backend = new SigNozApiBackend('https://[0:0:0:0:0:0:0:1]/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block long-form IPv6 localhost');
-        });
-        it('should block IPv4-mapped IPv6 localhost', () => {
-            const backend = new SigNozApiBackend('https://[::ffff:127.0.0.1]/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block IPv4-mapped localhost');
-        });
-        it('should block .localhost TLD', () => {
-            const backend = new SigNozApiBackend('https://myapp.localhost/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block .localhost TLD');
-        });
-        it('should block private 192.168.x.x ranges', () => {
-            const backend = new SigNozApiBackend('https://192.168.1.1/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block 192.168.x.x');
-        });
-        it('should block private 10.x.x.x ranges', () => {
-            const backend = new SigNozApiBackend('https://10.0.0.1/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block 10.x.x.x');
-        });
-        it('should block private 172.16-31.x.x ranges', () => {
-            const backend = new SigNozApiBackend('https://172.16.0.1/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block 172.16.x.x');
-        });
-        it('should block IPv6 unique local addresses (fc00::/7)', () => {
-            const backend = new SigNozApiBackend('https://[fc00::1]/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block fc00:: ULA');
-        });
-        it('should block IPv6 link-local addresses (fe80::)', () => {
-            const backend = new SigNozApiBackend('https://[fe80::1]/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block fe80:: link-local');
-        });
-        it('should block .local domain', () => {
-            const backend = new SigNozApiBackend('https://myhost.local/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block .local domain');
-        });
-        it('should block .internal domain', () => {
-            const backend = new SigNozApiBackend('https://signoz.internal/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block .internal domain');
-        });
-        it('should block .home.arpa domain', () => {
-            const backend = new SigNozApiBackend('https://router.home.arpa/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block .home.arpa domain');
-        });
-        it('should allow valid external HTTPS URL', () => {
-            const backend = new SigNozApiBackend('https://signoz.example.com/api/', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.ok(url.includes('signoz.example.com'), 'Should allow valid external URL');
-        });
-        it('should block HTTP protocol', () => {
-            const backend = new SigNozApiBackend('http://signoz.example.com/api', 'test-key');
-            const url = backend.getTraceUrl('trace-123');
-            assert.strictEqual(url, '/trace/trace-123', 'Should block HTTP protocol');
-        });
-    });
+    // Circuit breaker tests: see signoz-api-circuit-breaker.test.ts
+    // Rate limiter tests: see signoz-api-rate-limiter.test.ts
+    // SSRF tests: see signoz-api-ssrf.test.ts
 });
 //# sourceMappingURL=signoz-api.test.js.map