weflayr 0.1.2 → 0.3.0

package/.env.example

@@ -0,0 +1,3 @@
+WEFLAYR_INTAKE_URL=https://api.weflayr.com
+WEFLAYR_CLIENT_ID=your-client-id-uuid
+WEFLAYR_CLIENT_SECRET=your-client-secret

package/README.md

@@ -1,147 +1,92 @@
-# Weflayr JS SDK
+# Weflayr Node.js SDK
 
-Drop-in instrumented wrapper for the OpenAI Node.js SDK — add telemetry to your LLM calls in two lines.
+Observability for Node.js - instrument any client or method with one line.
 
-```
-your code  →  instrument(openai)  →  OpenAI SDK  →  OpenAI API
-                     ↓
-            Weflayr Intake API
-            (before · after · error events, fire-and-forget)
-```
-
----
-
-## Installation
+## Install
 
 ```bash
 npm install weflayr
 ```
 
-Requires Node.js 18+ and `openai>=4.0.0`.
-
---- 
-
-## Implementation steps
-
-### 1. Get your credentials
-
-Sign in at [weflayr.com](https://weflayr.com), create a **Flayr**, and copy your `client_id` and `client_secret`.
-
-### 2. Set environment variables
+## Environment variables
 
 ```bash
 WEFLAYR_INTAKE_URL=https://api.weflayr.com
-WEFLAYR_CLIENT_ID=<your-client-id>
-WEFLAYR_CLIENT_SECRET=<your-client-secret>
-```
-
-Or add them to a `.env` file — the SDK uses `dotenv` automatically.
-
-### 3. Initialize Weflayr at startup
-
-Call `setupWeflayr()` once, before any LLM calls. This registers the OpenTelemetry trace provider that powers telemetry.
-
-```js
-import { setupWeflayr } from "weflayr/openai";
-
-await setupWeflayr();
-```
-
-### 4. Instrument your OpenAI client
-
-Wrap your existing client with `instrument()`. The returned client is a drop-in replacement.
-
-```js
-import OpenAI from "openai";
-import { instrument } from "weflayr/openai";
-
-const openai = instrument(new OpenAI());
+WEFLAYR_CLIENT_ID=your-client-id-uuid
+WEFLAYR_CLIENT_SECRET=your-client-secret
 ```
 
-### 5. Use it normally
-
-No other changes needed.
+## Usage
 
 ```js
-const response = await openai.chat.completions.create({
-    model: "gpt-4o-mini",
-    messages: [{ role: "user", content: "Hello!" }],
+const { weflayr_setup, weflayr_instrument } = require('weflayr');
+
+weflayr_setup({
+  event_mode: 'default',      // 'default' | 'light' (light skips before events)
+  content_policy: 'ignore',   // 'ignore' removes ignore_fields | 'allow' keeps only allow_fields
+  ignore_fields: ['messages[].content', 'choices[].message.content'],
+  allow_fields: [],
+  methods: [
+    { call: 'chat.completions.create' }
+  ],
+}, { enabled: true });
+
+const OpenAI = require('openai');
+const client = weflayr_instrument(new OpenAI({ apiKey: process.env.OPENAI_API_KEY }));
+
+// Tags are stripped from args before the API call and attached to the event
+const response = await client.chat.completions.create({
+  model: 'gpt-4o-mini',
+  messages: [{ role: 'user', content: 'Hello' }],
+  __weflayr_tags: { feature: 'chat', customer_id: '42' },
 });
-
-console.log(response.choices[0].message.content);
 ```
 
-### 6. (Optional) Add tags
-
-Pass a `tags` object in any call params to attach metadata — useful for slicing analytics by feature, user, or environment.
+## Instrumenting a plain function
 
 ```js
-const response = await openai.chat.completions.create({
-    model: "gpt-4o-mini",
-    messages: [{ role: "user", content: "Summarize this." }],
-    tags: { feature: "summarization", userId: "u_123", env: "production" },
-});
+async function fetchModels() {
+  const res = await fetch('https://api.example.com/models');
+  return res.json();
+}
+
+weflayr_setup({
+  event_mode: 'default',
+  content_policy: 'ignore',
+  ignore_fields: ['data'],
+  methods: [
+    {
+      call: 'fetchModels',
+      middleware: (_args, response) => ({ count: response?.data?.length ?? 0 }),
+    },
+  ],
+}, { enabled: true });
+
+const instrumented = weflayr_instrument(fetchModels);
+const models = await instrumented({ __weflayr_tags: { app: 'my-app' } });
 ```
 
-Tags are stripped before the request reaches OpenAI — they never affect the API call.
-
----
-
-## Covered endpoints
-
-All token-consuming OpenAI endpoints are instrumented with precise extractors. Any endpoint not in the list below is wrapped automatically by a fallback proxy.
-
-| Endpoint | Fields tracked |
-|---|---|
-| `chat.completions.create` | `model`, `message_count`, `prompt_tokens`, `completion_tokens` |
-| `completions.create` (legacy) | `model`, `prompt_length`, `prompt_tokens`, `completion_tokens` |
-| `embeddings.create` | `model`, `input_count`, `prompt_tokens`, `total_tokens` |
-| `responses.create` | `model`, `input_count`, `input_tokens`, `output_tokens`, `cached_tokens` |
-| `audio.speech.create` (TTS) | `model`, `voice`, `char_count` |
-| `audio.transcriptions.create` (STT) | `model`, `language`, token/duration usage |
-| `audio.translations.create` | `model`, token/duration usage |
-
-Any other method on the client is wrapped by a fallback proxy and tracked under its dotted path (e.g. `images.generate`).
-
----
+## Settings reference
 
-## Telemetry events
-
-Each call emits up to two events to your intake API:
-
-| Event | When | Key fields |
+| Field | Type | Description |
 |---|---|---|
-| `<endpoint>.before` | Before the call | `model`, call-specific params, `tags` |
-| `<endpoint>.after` | On success | all `.before` fields + `elapsed_ms` + token usage |
-| `<endpoint>.error` | On failure | all `.before` fields + `elapsed_ms` + `error_type`, `error_message` |
-
-Events are sent **fire-and-forget** — they never block your code or throw.
+| `event_mode` | `'default'` \| `'light'` | `light` skips before events |
+| `content_policy` | `'ignore'` \| `'allow'` | Which filtering mode to apply |
+| `ignore_fields` | `string[]` | Fields removed from payloads (used when `content_policy: 'ignore'`) |
+| `allow_fields` | `string[]` | Fields kept in payloads; everything else removed (used when `content_policy: 'allow'`) |
+| `methods` | `{ call, middleware? }[]` | Whitelisted method paths to instrument |
 
-By default, message content and prompt text are stripped before sending. Fields omitted: `messages`, `prompt`, `response_content`.
+Field paths support dot notation (`foo.bar`), and array traversal (`messages[].content`).
 
----
+## Middleware
 
-## Full example
+Middleware runs on both **before** and **after** events. `response` is `null` for before events.
 
 ```js
-import OpenAI from "openai";
-import { setupWeflayr, instrument } from "weflayr/openai";
-
-await setupWeflayr();
-
-const openai = instrument(new OpenAI());
-
-const response = await openai.chat.completions.create({
-    model: "gpt-4o-mini",
-    messages: [{ role: "user", content: "What is 2 + 2?" }],
-    tags: { feature: "math", env: "production" },
-});
-
-console.log(response.choices[0].message.content);
+middleware: (args, response) => ({
+  char_count: args?.input?.length ?? 0,
+  result_count: response?.data?.length ?? 0,
+})
 ```
 
----
-
-## License
-
-[Elastic License 2.0](LICENSE) — free to use, modifications and redistribution not permitted.
+The returned object is merged into the event payload.

package/package.json

@@ -1,57 +1,18 @@
 {
   "name": "weflayr",
-  "version": "0.1.2",
-  "description": "Drop-in instrumented wrappers for AI clients with zero-overhead telemetry",
-  "type": "module",
-  "exports": {
-    ".": "./src/weflayr.js",
-    "./openai": "./src/openai.js"
-  },
-  "files": [
-    "src/"
-  ],
+  "version": "0.3.0",
+  "description": "Weflayr Node.js SDK — instrument any LLM client via JS Proxy",
+  "main": "src/index.js",
   "scripts": {
-    "test": "node --test tests/weflayr.test.js tests/openai.test.js",
-    "prepublishOnly": "node --input-type=module --eval \"import './src/weflayr.js'\" 2>/dev/null; echo 'pre-publish check passed'"
+    "test": "node --test tests/index.test.js"
   },
-  "keywords": [
-    "llm",
-    "telemetry",
-    "observability",
-    "openai",
-    "instrumentation",
-    "tracing",
-    "ai",
-    "otel",
-    "opentelemetry"
-  ],
+  "keywords": ["llm", "observability", "weflayr"],
   "author": "Weflayr <contact@weflayr.com>",
   "license": "Elastic-2.0",
-  "homepage": "https://weflayr.com",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/WeFlayr/public-mirror-js-sdk.git"
-  },
-  "bugs": {
-    "url": "https://github.com/WeFlayr/public-mirror-js-sdk/issues"
-  },
   "engines": {
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "dotenv": "^16.0.0",
-    "@opentelemetry/api": "^1.9.0",
-    "@opentelemetry/sdk-trace-base": "^1.30.0"
-  },
-  "optionalDependencies": {
-    "@opentelemetry/exporter-trace-otlp-http": "^0.57.0"
-  },
-  "peerDependencies": {
-    "openai": ">=4.0.0"
-  },
-  "peerDependenciesMeta": {
-    "openai": {
-      "optional": true
-    }
+    "dotenv": "^16.0.0"
   }
 }

package/src/index.js

@@ -0,0 +1,29 @@
+'use strict';
+
+require('dotenv').config();
+
+const { configure, weflayr_instrument, send_event } = require('./instrument');
+
+/**
+ * 
+ * @param {*} settings: settings for weflayr
+ * @param {*} on/off: easily enable or disable weflayr 
+ * @returns 
+ */
+function weflayr_setup(settings, { enabled = true } = {}) {
+  if (!enabled) return;
+
+  const intakeUrl    = process.env.WEFLAYR_INTAKE_URL;
+  const clientId     = process.env.WEFLAYR_CLIENT_ID;
+  const clientSecret = process.env.WEFLAYR_CLIENT_SECRET;
+
+  if (!intakeUrl || !clientId || !clientSecret) {
+    throw new Error(
+      'Weflayr: WEFLAYR_INTAKE_URL, WEFLAYR_CLIENT_ID and WEFLAYR_CLIENT_SECRET must be set'
+    );
+  }
+
+  configure(intakeUrl, clientId, clientSecret, settings);
+}
+
+module.exports = { weflayr_setup, weflayr_instrument, send_event };

package/src/instrument.js

@@ -0,0 +1,320 @@
+'use strict';
+
+const https = require('https');
+const http = require('http');
+const { randomUUID } = require('crypto');
+
+let _config = null;
+
+function configure(intakeUrl, clientId, clientSecret, settings) {
+  _config = { intakeUrl, clientId, clientSecret, settings };
+}
+
+function weflayr_instrument(target) {
+  if (!_config) return target;
+
+  if (typeof target === 'function') {
+    const methodConfig = (_config.settings.methods || []).find(m => m.call === target.name);
+    if (!methodConfig) return target;
+    return _wrapFn(target, target.name, methodConfig);
+  }
+
+  if (target && typeof target === 'object') {
+    return _makeProxy(target, '');
+  }
+
+  return target;
+}
+
+function _makeProxy(target, pathPrefix) {
+  return new Proxy(target, {
+    get(obj, prop) {
+      if (typeof prop === 'symbol') return Reflect.get(obj, prop);
+
+      const value = Reflect.get(obj, prop);
+      const fullPath = pathPrefix ? `${pathPrefix}.${prop}` : prop;
+
+      if (typeof value === 'function') {
+        const methodConfig = (_config.settings.methods || []).find(m => m.call === fullPath);
+        if (methodConfig) {
+          return _wrapFn(value.bind(obj), fullPath, methodConfig);
+        }
+        return value.bind(obj);
+      }
+
+      if (value && typeof value === 'object') {
+        return _makeProxy(value, fullPath);
+      }
+
+      return value;
+    },
+  });
+}
+
+function _wrapFn(fn, methodName, methodConfig) {
+  return async function (...args) {
+    const { tags, cleanArgs } = _extractTags(args);
+    const startTime = Date.now();
+    const { settings } = _config;
+    const eventId = randomUUID();
+    // For multi-arg methods (e.g. convert(voiceId, request)), use the last arg as the
+    // request object so middleware and content policy see the options, not the id.
+    const requestArgs = cleanArgs[cleanArgs.length - 1];
+
+    if (settings.event_mode !== 'light') {
+      const beforeMiddlewareData = methodConfig.middleware
+        ? methodConfig.middleware(requestArgs, null) || {}
+        : {};
+      _sendEvent('before', {
+        event_id: eventId,
+        method: methodName,
+        tags,
+        args: _applyContentPolicy(requestArgs, settings),
+        ...beforeMiddlewareData,
+      });
+    }
+
+    try {
+      const result = await fn(...cleanArgs);
+
+      if (_isAsyncIterable(result)) {
+        _sendEvent('stream_start', { event_id: eventId, method: methodName, tags });
+        return _wrapStream(result, methodName, tags, requestArgs, settings, startTime, methodConfig, eventId);
+      }
+
+      const middlewareData = methodConfig.middleware
+        ? methodConfig.middleware(requestArgs, result) || {}
+        : {};
+
+      _sendEvent('after', {
+        event_id: eventId,
+        method: methodName,
+        tags,
+        args: _applyContentPolicy(requestArgs, settings),
+        response: _applyContentPolicy(_toPlain(result), settings),
+        elapsed_ms: Date.now() - startTime,
+        ...middlewareData,
+      });
+
+      return result;
+    } catch (err) {
+      await _sendEvent('after', {
+        event_id: eventId,
+        method: methodName,
+        tags,
+        args: _applyContentPolicy(requestArgs, settings),
+        error: err.message ?? 'unknown',
+        status_code: err.status ?? err.statusCode ?? 'unknown',
+        elapsed_ms: Date.now() - startTime,
+      });
+      throw err;
+    }
+  };
+}
+
+async function* _wrapStream(stream, methodName, tags, requestArgs, settings, startTime, methodConfig, eventId) {
+  let lastChunk = null;
+  const accumulator = methodConfig.streamMiddleware ? methodConfig.streamMiddleware() : null;
+
+  try {
+    for await (const chunk of stream) {
+      lastChunk = chunk;
+      if (accumulator && accumulator.onChunk(chunk)) {
+        _sendEvent('stream_pending', {
+          event_id: eventId,
+          method: methodName,
+          tags,
+          elapsed_ms: Date.now() - startTime,
+          ...accumulator.finalize(),
+        });
+      }
+      yield chunk;
+    }
+
+    const middlewareData = accumulator
+      ? accumulator.finalize()
+      : (methodConfig.middleware && lastChunk ? methodConfig.middleware(requestArgs, lastChunk) || {}
+      : {});
+
+    _sendEvent('after', {
+      event_id: eventId,
+      method: methodName,
+      tags,
+      args: _applyContentPolicy(requestArgs, settings),
+      response: _applyContentPolicy(_toPlain(lastChunk), settings),
+      elapsed_ms: Date.now() - startTime,
+      ...middlewareData,
+    });
+  } catch (err) {
+    await _sendEvent('after', {
+      event_id: eventId,
+      method: methodName,
+      tags,
+      args: _applyContentPolicy(requestArgs, settings),
+      error: err.message ?? 'unknown',
+      status_code: err.status ?? err.statusCode ?? 'unknown',
+      elapsed_ms: Date.now() - startTime,
+    });
+    throw err;
+  }
+}
+
+function _extractTags(args) {
+  let tags = {};
+  const cleanArgs = args.map(arg => {
+    if (arg && typeof arg === 'object' && !Array.isArray(arg) && '__weflayr_tags' in arg) {
+      const { __weflayr_tags, ...rest } = arg;
+      tags = __weflayr_tags || {};
+      return rest;
+    }
+    return arg;
+  });
+  return { tags, cleanArgs };
+}
+
+function _isAsyncIterable(value) {
+  return value != null && typeof value[Symbol.asyncIterator] === 'function';
+}
+
+function _toPlain(value) {
+  if (!value) return value;
+  if (Buffer.isBuffer(value) || value instanceof Uint8Array || value instanceof ArrayBuffer) return null;
+  if (typeof value.toJSON === 'function') return value.toJSON();
+  return value;
+}
+
+function _applyContentPolicy(data, settings) {
+  if (!data) return data;
+
+  let clone;
+  try {
+    clone = JSON.parse(JSON.stringify(data));
+  } catch {
+    return data;
+  }
+
+  if (settings.content_policy === 'ignore') {
+    for (const field of (settings.ignore_fields || [])) {
+      _deleteField(clone, field);
+    }
+    return clone;
+  }
+
+  return _pickFields(clone, settings.allow_fields || []);
+}
+
+function _pickFields(obj, allowFields) {
+  if (!obj || typeof obj !== 'object' || allowFields.length === 0) return obj;
+
+  const result = {};
+  for (const field of allowFields) {
+    const arrayMatch = field.match(/^(\w+)\[\]\.(.+)$/);
+    if (arrayMatch) {
+      const [, arrayKey, rest] = arrayMatch;
+      if (Array.isArray(obj[arrayKey])) {
+        result[arrayKey] = obj[arrayKey].map(item => _pickFields(item, [rest]));
+      }
+      continue;
+    }
+
+    const dotIdx = field.indexOf('.');
+    if (dotIdx === -1) {
+      if (field in obj) result[field] = obj[field];
+    } else {
+      const key = field.slice(0, dotIdx);
+      const rest = field.slice(dotIdx + 1);
+      if (key in obj) result[key] = _pickFields(obj[key], [rest]);
+    }
+  }
+  return result;
+}
+
+function _deleteField(obj, path) {
+  if (!obj || typeof obj !== 'object') return;
+
+  const arrayMatch = path.match(/^(\w+)\[\]\.(.+)$/);
+  if (arrayMatch) {
+    const [, arrayKey, rest] = arrayMatch;
+    if (Array.isArray(obj[arrayKey])) {
+      obj[arrayKey].forEach(item => _deleteField(item, rest));
+    }
+    return;
+  }
+
+  const dotIdx = path.indexOf('.');
+  if (dotIdx === -1) {
+    delete obj[path];
+  } else {
+    _deleteField(obj[path.slice(0, dotIdx)], path.slice(dotIdx + 1));
+  }
+}
+
+const _debug = process.env.WEFLAYR_DEBUG === 'true';
+
+function _sendEvent(eventType, data) {
+  const { intakeUrl, clientId, clientSecret } = _config;
+  const endpoint = `${intakeUrl.replace(/\/$/, '')}/${clientId}/`;
+
+  let body;
+  try {
+    body = JSON.stringify({
+      event_type: eventType,
+      timestamp: new Date().toISOString(),
+      ...data,
+    });
+  } catch (err) {
+    console.warn(`[weflayr] could not serialize event "${eventType}":`, err.message);
+    return;
+  }
+
+  if (_debug) {
+    console.debug(`[weflayr] → ${eventType}`, JSON.parse(body));
+  }
+
+  let parsed;
+  try {
+    parsed = new URL(endpoint);
+  } catch {
+    return;
+  }
+
+  const lib = parsed.protocol === 'https:' ? https : http;
+  return new Promise((resolve) => {
+    const req = lib.request({
+      hostname: parsed.hostname,
+      port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
+      path: parsed.pathname,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(body),
+        'Authorization': `Bearer ${clientSecret}`,
+      },
+    }, res => {
+      res.resume();
+      if (_debug) {
+        console.debug(`[weflayr] ← ${eventType} status ${res.statusCode}`);
+      }
+      if (res.statusCode >= 400) {
+        console.warn(`[weflayr] intake returned ${res.statusCode} for event "${eventType}"`);
+      }
+      resolve();
+    });
+
+    req.on('error', (err) => {
+      console.warn(`[weflayr] send error for event "${eventType}":`, err.message);
+      resolve();
+    });
+
+    req.write(body);
+    req.end();
+  });
+}
+
+// Send an arbitrary event to the intake. Requires configure() to have been called first.
+function send_event(eventType, data) {
+  if (!_config) return;
+  return _sendEvent(eventType, data);
+}
+
+module.exports = { configure, weflayr_instrument, send_event };

package/src/providers/anthropic-ai-sdk.js

@@ -0,0 +1,63 @@
+'use strict';
+
+// Non-streaming: extract usage from the completed message response.
+function middleware(request, response) {
+  if (!response) return { model: request?.model ?? null };
+  return {
+    model: response.model ?? request?.model ?? null,
+    input_tokens: response.usage?.input_tokens ?? null,
+    output_tokens: response.usage?.output_tokens ?? null,
+    cache_creation_input_tokens: response.usage?.cache_creation_input_tokens ?? null,
+    cache_read_input_tokens: response.usage?.cache_read_input_tokens ?? null,
+  };
+}
+
+// Streaming: Anthropic splits usage across two events.
+//   message_start  → usage.input_tokens  (prompt cost)
+//   message_delta  → usage.output_tokens (completion cost, cumulative final value)
+//   message_stop   → no usage data
+// onChunk returns true only when usage state changes, so _wrapStream fires
+// stream_pending exactly twice: once after message_start, once after message_delta.
+function createStreamAccumulator() {
+  let input_tokens = null;
+  let output_tokens = null;
+  let cache_creation_input_tokens = null;
+  let cache_read_input_tokens = null;
+  let model = null;
+
+  return {
+    onChunk(chunk) {
+      if (chunk.type === 'message_start') {
+        const usage = chunk.message?.usage;
+        model = chunk.message?.model ?? null;
+        input_tokens = usage?.input_tokens ?? null;
+        cache_creation_input_tokens = usage?.cache_creation_input_tokens ?? null;
+        cache_read_input_tokens = usage?.cache_read_input_tokens ?? null;
+        return true;
+      }
+      if (chunk.type === 'message_delta') {
+        output_tokens = chunk.usage?.output_tokens ?? null;
+        return true;
+      }
+      return false;
+    },
+    finalize() {
+      return {
+        model,
+        input_tokens,
+        output_tokens,
+        cache_creation_input_tokens,
+        cache_read_input_tokens,
+      };
+    },
+  };
+}
+
+// Ready-to-use method config for client.messages.create.
+const messagesCreate = {
+  call: 'messages.create',
+  middleware: middleware,
+  streamMiddleware: createStreamAccumulator,
+};
+
+module.exports = { messagesCreate, middleware, createStreamAccumulator };

package/tests/index.test.js

@@ -0,0 +1,191 @@
+'use strict';
+
+const { test } = require('node:test');
+const assert = require('assert/strict');
+
+// Reset module cache between tests so _config doesn't leak
+function freshSDK() {
+  delete require.cache[require.resolve('../src/instrument')];
+  delete require.cache[require.resolve('../src/index')];
+  process.env.WEFLAYR_INTAKE_URL = 'http://localhost:19999'; // nothing listening — fire-and-forget is fine
+  process.env.WEFLAYR_CLIENT_ID = 'test-client-id';
+  process.env.WEFLAYR_CLIENT_SECRET = 'test-secret';
+  return require('../src/index');
+}
+
+// Minimal fake client: one async method at a nested path
+function fakeClient() {
+  return {
+    chat: {
+      completions: {
+        create: async (args) => ({ id: 'res-1', model: args.model, choices: [] }),
+      },
+    },
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Missing options don't crash
+// ---------------------------------------------------------------------------
+
+test('missing ignore_fields does not crash', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({
+    event_mode: 'default',
+    content_policy: 'ignore',
+    // ignore_fields intentionally omitted
+    methods: [{ call: 'chat.completions.create' }],
+  });
+
+  const client = weflayr_instrument(fakeClient());
+  const result = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [] });
+
+  assert.equal(result.id, 'res-1');
+});
+
+test('missing allow_fields does not crash', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({
+    event_mode: 'default',
+    content_policy: 'allow',
+    // allow_fields intentionally omitted
+    methods: [{ call: 'chat.completions.create' }],
+  });
+
+  const client = weflayr_instrument(fakeClient());
+  const result = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [] });
+
+  assert.equal(result.id, 'res-1');
+});
+
+test('missing methods does not crash on object instrumentation', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({
+    event_mode: 'default',
+    content_policy: 'ignore',
+    // methods intentionally omitted
+  });
+
+  const client = weflayr_instrument(fakeClient());
+  const result = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [] });
+
+  assert.equal(result.id, 'res-1');
+});
+
+test('missing methods does not crash on function instrumentation', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({
+    event_mode: 'default',
+    content_policy: 'ignore',
+    // methods intentionally omitted
+  });
+
+  async function myFn(x) { return x * 2; }
+  const instrumented = weflayr_instrument(myFn);
+
+  assert.equal(await instrumented(5), 10);
+});
+
+// ---------------------------------------------------------------------------
+// enabled: false — target passes through unchanged, calls still work
+// ---------------------------------------------------------------------------
+
+test('enabled:false returns the original object untouched', () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({ methods: [{ call: 'chat.completions.create' }] }, { enabled: false });
+
+  const client = fakeClient();
+  const result = weflayr_instrument(client);
+
+  assert.strictEqual(result, client);
+});
+
+test('enabled:false returns the original function untouched', () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  async function myFn(x) { return x * 2; }
+  weflayr_setup({ methods: [{ call: 'myFn' }] }, { enabled: false });
+
+  assert.strictEqual(weflayr_instrument(myFn), myFn);
+});
+
+test('enabled:false — original function still executes correctly', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({ methods: [{ call: 'chat.completions.create' }] }, { enabled: false });
+
+  const client = weflayr_instrument(fakeClient());
+  const result = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [] });
+
+  assert.equal(result.id, 'res-1');
+});
+
+// ---------------------------------------------------------------------------
+// Invalid content_policy falls back to allow — function still works correctly
+// ---------------------------------------------------------------------------
+
+test('invalid content_policy does not crash', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({
+    event_mode: 'default',
+    content_policy: 'not_a_real_policy',
+    allow_fields: [],
+    methods: [{ call: 'chat.completions.create' }],
+  });
+
+  const client = weflayr_instrument(fakeClient());
+  const result = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [] });
+
+  assert.equal(result.id, 'res-1');
+});
+
+test('invalid content_policy does not apply ignore_fields', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  let capturedArgs;
+  const client = {
+    chat: {
+      completions: {
+        create: async (args) => { capturedArgs = args; return { id: 'res-1' }; },
+      },
+    },
+  };
+
+  weflayr_setup({
+    event_mode: 'default',
+    content_policy: 'not_a_real_policy',
+    ignore_fields: ['messages'],
+    allow_fields: [],
+    methods: [{ call: 'chat.completions.create' }],
+  });
+
+  const instrumented = weflayr_instrument(client);
+  await instrumented.chat.completions.create({ model: 'gpt-4o-mini', messages: [{ role: 'user', content: 'hello' }] });
+
+  // ignore_fields must NOT have been applied — the real call receives the original args
+  assert.ok(Array.isArray(capturedArgs.messages));
+  assert.equal(capturedArgs.messages[0].content, 'hello');
+});
+
+test('undefined content_policy falls back to allow (pass-through)', async () => {
+  const { weflayr_setup, weflayr_instrument } = freshSDK();
+
+  weflayr_setup({
+    event_mode: 'default',
+    // content_policy intentionally omitted
+    ignore_fields: ['messages'],
+    allow_fields: [],
+    methods: [{ call: 'chat.completions.create' }],
+  });
+
+  const client = weflayr_instrument(fakeClient());
+  const result = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [] });
+
+  assert.equal(result.id, 'res-1');
+});

package/src/openai.js

@@ -1,116 +0,0 @@
-import { trace } from "@opentelemetry/api";
-import { setupWeflayr, makeWrapper, deepFallbackProxy } from "./weflayr.js";
-
-export { setupWeflayr };
-
-// ── STT usage helper ──────────────────────────────────────────────────────────
-function sttUsage(r) {
-  const usage = r?.usage;
-  if (!usage) return {};
-  if (usage.type === "tokens") {
-    return {
-      usage_type: "tokens",
-      input_tokens: usage.input_tokens,
-      audio_tokens: usage.input_token_details?.audio_tokens,
-    };
-  }
-  if (usage.type === "duration") {
-    return { usage_type: "duration", duration_seconds: usage.seconds };
-  }
-  return {};
-}
-
-// ── Route map ─────────────────────────────────────────────────────────────────
-// Each entry defines one instrumented OpenAI method:
-//   name    — event_type prefix sent to Weflayr
-//   get     — retrieves the original bound method from the client
-//   set     — patches the method back on the client
-//   before  — extracts fields from call params for the .before event
-//   after   — extracts fields from the response for the .after event
-
-const ROUTES = [
-  // client.chat.completions.create
-  {
-    name: "chat.completions.create",
-    get: (c) => c.chat.completions.create.bind(c.chat.completions),
-    set: (c, fn) => { c.chat.completions.create = fn; },
-    before: (p) => ({ model: p.model, message_count: p.messages?.length ?? 0 }),
-    after:  (r) => ({ prompt_tokens: r.usage?.prompt_tokens, completion_tokens: r.usage?.completion_tokens }),
-  },
-
-  // client.completions.create  (legacy text completions)
-  {
-    name: "completions.create",
-    get: (c) => c.completions.create.bind(c.completions),
-    set: (c, fn) => { c.completions.create = fn; },
-    before: (p) => ({ model: p.model, prompt_length: typeof p.prompt === "string" ? p.prompt.length : (p.prompt?.length ?? 0) }),
-    after:  (r) => ({ prompt_tokens: r.usage?.prompt_tokens, completion_tokens: r.usage?.completion_tokens }),
-  },
-
-  // client.embeddings.create
-  {
-    name: "embeddings.create",
-    get: (c) => c.embeddings.create.bind(c.embeddings),
-    set: (c, fn) => { c.embeddings.create = fn; },
-    before: (p) => ({ model: p.model, input_count: Array.isArray(p.input) ? p.input.length : 1 }),
-    after:  (r) => ({ prompt_tokens: r.usage?.prompt_tokens, total_tokens: r.usage?.total_tokens }),
-  },
-
-  // client.responses.create  (Responses API)
-  {
-    name: "responses.create",
-    get: (c) => c.responses.create.bind(c.responses),
-    set: (c, fn) => { c.responses.create = fn; },
-    before: (p) => ({ model: p.model, input_count: Array.isArray(p.input) ? p.input.length : 1 }),
-    after:  (r) => ({
-      input_tokens:   r.usage?.input_tokens,
-      output_tokens:  r.usage?.output_tokens,
-      cached_tokens:  r.usage?.input_tokens_details?.cached_tokens,
-    }),
-  },
-
-  // client.audio.speech.create  (TTS — billed by char count)
-  {
-    name: "audio.speech.create",
-    get: (c) => c.audio.speech.create.bind(c.audio.speech),
-    set: (c, fn) => { c.audio.speech.create = fn; },
-    before: (p) => ({ model: p.model, voice: p.voice, char_count: p.input?.length ?? 0 }),
-    after:  ()  => ({}),
-  },
-
-  // client.audio.transcriptions.create  (STT)
-  {
-    name: "audio.transcriptions.create",
-    get: (c) => c.audio.transcriptions.create.bind(c.audio.transcriptions),
-    set: (c, fn) => { c.audio.transcriptions.create = fn; },
-    before: (p) => ({ model: p.model, language: p.language }),
-    after:  (r) => sttUsage(r),
-  },
-
-  // client.audio.translations.create  (whisper-1 only — billed by duration)
-  {
-    name: "audio.translations.create",
-    get: (c) => c.audio.translations.create.bind(c.audio.translations),
-    set: (c, fn) => { c.audio.translations.create = fn; },
-    before: (p) => ({ model: p.model }),
-    after:  (r) => sttUsage(r),
-  },
-];
-// ─────────────────────────────────────────────────────────────────────────────
-
-// Paths already covered by ROUTES — the fallback Proxy skips these.
-const PATCHED_PATHS = new Set(ROUTES.map((r) => r.name));
-
-export function instrument(client) {
-  const tracer = trace.getTracer("weflayr-openai");
-
-  const providerOpts = { provider: "openai" };
-
-  // 1. Patch all explicitly defined routes with their precise extractors.
-  for (const route of ROUTES) {
-    route.set(client, makeWrapper(route.get(client), route, tracer, providerOpts));
-  }
-
-  // 2. Wrap the whole client in a Proxy that handles anything not in ROUTES.
-  return deepFallbackProxy(client, tracer, PATCHED_PATHS, "", providerOpts);
-}

package/src/weflayr.js

@@ -1,229 +0,0 @@
-import "dotenv/config";
-import { SpanStatusCode } from "@opentelemetry/api";
-import {
-  BasicTracerProvider,
-  SimpleSpanProcessor,
-} from "@opentelemetry/sdk-trace-base";
-import { randomUUID } from "node:crypto";
-
-// ── Weflayr Intake API ────────────────────────────────────────────────────────
-export const INTAKE_URL = (
-  process.env.WEFLAYR_INTAKE_URL ?? "https://api.weflayr.com"
-).replace(/\/$/, "");
-export const CLIENT_ID = process.env.WEFLAYR_CLIENT_ID ?? "";
-export const CLIENT_SECRET = process.env.WEFLAYR_CLIENT_SECRET ?? "";
-
-// ── INFO TO SEND ──────────────────────────────────────────────────────────────
-// Global tags attached to every event. Populate via env vars or hardcode values.
-// Per-call tags can also be passed directly in the create() params (see main.js).
-export const GLOBAL_TAGS = Object.fromEntries(
-  Object.entries({
-    env: process.env.WEFLAYR_TAG_ENV,
-    feature: process.env.WEFLAYR_TAG_FEATURE,
-    version: process.env.WEFLAYR_TAG_VERSION,
-  }).filter(([, v]) => v != null)
-);
-
-// ── INFO TO HIDE ──────────────────────────────────────────────────────────────
-// Keys stripped from every Weflayr event before it is sent.
-// Prevents PII or sensitive content from leaving the process.
-export const HIDDEN_FIELDS = new Set([
-  "messages",         // prompt message content (chat completions)
-  "prompt",           // prompt text (legacy completions)
-  "response_content", // completion response text
-]);
-// ─────────────────────────────────────────────────────────────────────────────
-
-export async function _post(payload) {
-  if (!CLIENT_ID || !CLIENT_SECRET) return;
-
-  for (const key of HIDDEN_FIELDS) delete payload[key];
-  for (const [k, v] of Object.entries(payload)) {
-    if (v == null) delete payload[k];
-  }
-
-  try {
-    await fetch(`${INTAKE_URL}/${CLIENT_ID}/`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${CLIENT_SECRET}`,
-      },
-      body: JSON.stringify(payload),
-    });
-  } catch {
-    // fire-and-forget — never throws
-  }
-}
-
-export class WeflayrSpanProcessor {
-  onStart(span) {
-    const a = span.attributes;
-    const before = JSON.parse(a["weflayr.before"] ?? "{}");
-    const tags = JSON.parse(a["weflayr.tags"] ?? "{}");
-    _post({
-      event_id: a["weflayr.event_id"],
-      event_type: `${span.name}.before`,
-      ...before,
-      tags: Object.keys(tags).length ? tags : undefined,
-    });
-  }
-
-  onEnd(span) {
-    const [ss, sns] = span.startTime;
-    const [es, ens] = span.endTime;
-    const elapsed_ms = Math.round((es - ss) * 1000 + (ens - sns) / 1_000_000);
-
-    const isError = span.status.code === SpanStatusCode.ERROR;
-    const a = span.attributes;
-    const before = JSON.parse(a["weflayr.before"] ?? "{}");
-    const after = JSON.parse(a["weflayr.after"] ?? "{}");
-    const tags = JSON.parse(a["weflayr.tags"] ?? "{}");
-
-    _post({
-      event_id: a["weflayr.event_id"],
-      event_type: `${span.name}.${isError ? "error" : "after"}`,
-      ...before,
-      ...after,
-      elapsed_ms,
-      tags: Object.keys(tags).length ? tags : undefined,
-      ...(isError
-        ? { error_type: a["error.type"], error_message: a["error.message"] }
-        : {}),
-    });
-  }
-
-  forceFlush() { return Promise.resolve(); }
-  shutdown()   { return Promise.resolve(); }
-}
-
-export async function setupWeflayr() {
-  // Direct path: always send to the Weflayr Intake API
-  const spanProcessors = [new WeflayrSpanProcessor()];
-
-  // Optional collector path: also forward OTLP traces to your own collector.
-  // Set WEFLAYR_COLLECTOR_ENDPOINT in .env to enable (e.g. http://localhost:4318/v1/traces).
-  if (process.env.WEFLAYR_COLLECTOR_ENDPOINT) {
-    const { OTLPTraceExporter } = await import(
-      "@opentelemetry/exporter-trace-otlp-http"
-    );
-    spanProcessors.push(
-      new SimpleSpanProcessor(
-        new OTLPTraceExporter({ url: process.env.WEFLAYR_COLLECTOR_ENDPOINT })
-      )
-    );
-  }
-
-  new BasicTracerProvider({ spanProcessors }).register();
-}
-
-export function makeWrapper(original, route, tracer, { provider } = {}) {
-  return async function ({ tags: callTags, ...params }) {
-    const tags = { ...GLOBAL_TAGS, ...callTags };
-    const before = { ...(provider ? { provider } : {}), ...route.before(params) };
-    const span = tracer.startSpan(route.name, {
-      attributes: {
-        "weflayr.event_id": randomUUID(),
-        "weflayr.before":   JSON.stringify(before),
-        "weflayr.tags":     JSON.stringify(tags),
-      },
-    });
-
-    try {
-      const response = await original(params);
-      span.setAttribute("weflayr.after", JSON.stringify(route.after(response)));
-      span.setStatus({ code: SpanStatusCode.OK });
-      return response;
-    } catch (err) {
-      span.setStatus({ code: SpanStatusCode.ERROR, message: err.message });
-      span.setAttribute("error.type", err.constructor.name);
-      span.setAttribute("error.message", err.message);
-      throw err;
-    } finally {
-      span.end();
-    }
-  };
-}
-
-export function makeFallbackWrapper(fn, target, name, tracer, { provider } = {}) {
-  return function (...args) {
-    let callArgs = args;
-    let tags = GLOBAL_TAGS;
-
-    // If the first argument is a plain params object, extract `tags` from it.
-    if (args[0] !== null && typeof args[0] === "object" && !Array.isArray(args[0])) {
-      const { tags: callTags, ...rest } = args[0];
-      callArgs = [rest, ...args.slice(1)];
-      tags = { ...GLOBAL_TAGS, ...callTags };
-    }
-
-    const before = { ...(provider ? { provider } : {}), model: callArgs[0]?.model };
-    const span = tracer.startSpan(name, {
-      attributes: {
-        "weflayr.event_id": randomUUID(),
-        "weflayr.before":   JSON.stringify(before),
-        "weflayr.tags":     JSON.stringify(tags),
-      },
-    });
-
-    let result;
-    try {
-      result = fn.apply(target, callArgs);
-    } catch (err) {
-      span.setStatus({ code: SpanStatusCode.ERROR, message: err.message });
-      span.setAttribute("error.type", err.constructor.name);
-      span.setAttribute("error.message", err.message);
-      span.end();
-      throw err;
-    }
-
-    // Handle both sync and async return values.
-    if (result && typeof result.then === "function") {
-      return result.then(
-        (response) => {
-          span.setAttribute("weflayr.after", "{}");
-          span.setStatus({ code: SpanStatusCode.OK });
-          span.end();
-          return response;
-        },
-        (err) => {
-          span.setStatus({ code: SpanStatusCode.ERROR, message: err.message });
-          span.setAttribute("error.type", err.constructor.name);
-          span.setAttribute("error.message", err.message);
-          span.end();
-          throw err;
-        }
-      );
-    }
-
-    span.setAttribute("weflayr.after", "{}");
-    span.setStatus({ code: SpanStatusCode.OK });
-    span.end();
-    return result;
-  };
-}
-
-// Recursively wraps every function on `obj` that is not already covered by patchedPaths.
-// `path` tracks the dotted property path (e.g. "images.generate").
-export function deepFallbackProxy(obj, tracer, patchedPaths, path = "", opts = {}) {
-  return new Proxy(obj, {
-    get(target, prop) {
-      if (typeof prop !== "string") return Reflect.get(target, prop);
-
-      const val = Reflect.get(target, prop);
-      const fullPath = path ? `${path}.${prop}` : prop;
-
-      if (typeof val === "function") {
-        // Already patched by explicit routes — return the existing wrapper as-is.
-        if (patchedPaths.has(fullPath)) return val;
-        return makeFallbackWrapper(val, target, fullPath, tracer, opts);
-      }
-
-      if (val !== null && typeof val === "object") {
-        return deepFallbackProxy(val, tracer, patchedPaths, fullPath, opts);
-      }
-
-      return val;
-    },
-  });
-}