UNPKG

autotel

Version:

Write Once, Observe Anywhere

github.com/jagreehal/autotel

jagreehal/autotel

64 lines 3.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
//#region src/security-schema.d.ts /** * Security telemetry wire schema — the single source of truth for the * `security.*` span-attribute contract emitted by `autotel-audit` * (`securityEvent()`, `withSecurity()`, `createSecuritySignalProcessor()`) * and consumed by `autotel-subscribers`, `autotel-devtools`, and the * `autotel security` CLI commands. * * Dependency-free and side-effect-free by design: safe to import from * browser bundles (devtools widget) and anything else that only needs * the constants, without pulling in the OpenTelemetry SDK. */ type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical'; /** All severities, lowest first. */ declare const SECURITY_SEVERITIES: readonly SecuritySeverity[]; /** Numeric rank per severity for threshold comparisons. */ declare const SECURITY_SEVERITY_RANK: Record<SecuritySeverity, number>; /** * Parse an untrusted value (span attribute, event payload field) into a * severity, falling back when it is missing or malformed. */ declare function parseSecuritySeverity(value: unknown, fallback?: SecuritySeverity): SecuritySeverity; /** `true` when `severity` meets or exceeds `min`. */ declare function securitySeverityAtLeast(severity: SecuritySeverity, min: SecuritySeverity): boolean; /** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */ declare function escalateSecuritySeverity(severity: SecuritySeverity, floor: SecuritySeverity): SecuritySeverity; /** * Span attribute keys of the security schema. Emitters and consumers must * reference these instead of re-typing the strings. */ declare const SECURITY_ATTR: { /** Marker set on every span carrying a security event. */readonly marker: "autotel.security"; /** Set when the event was force-kept through tail sampling. */ readonly forceKeep: "autotel.security.force_keep"; readonly event: "security.event"; readonly category: "security.category"; readonly outcome: "security.outcome"; readonly severity: "security.severity"; readonly actorId: "security.actor_id"; readonly targetType: "security.target_type"; readonly targetId: "security.target_id"; readonly tenantId: "security.tenant_id"; readonly reason: "security.reason"; /** Custom metadata keys dropped because they looked credential-shaped. */ readonly droppedKeys: "security.dropped_keys"; /** Set by the signal processor on suspicious request paths. */ readonly suspiciousRequest: "security.suspicious_request"; /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */ readonly signal: "security.signal"; }; /** Metric names emitted by the security instrumentation. */ declare const SECURITY_METRICS: { readonly events: "autotel.security.events"; readonly httpSuspicious: "autotel.security.http.suspicious"; readonly httpDenied: "autotel.security.http.denied"; readonly anomaly: "autotel.security.anomaly"; readonly heartbeat: "autotel.security.heartbeat"; }; /** HTTP statuses counted as denied responses by default. */ declare const SECURITY_DENIED_STATUSES: readonly number[]; /** * Span attributes carrying the HTTP response status, current semconv * first, legacy fallback second. */ declare const HTTP_STATUS_ATTRIBUTES: readonly string[]; //#endregion export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, SecuritySeverity, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast }; //# sourceMappingURL=security-schema.d.ts.map