Merge pull request #290 from czlonkowski/feature/telemetry-docker-cloud-detection

feat: add Docker/cloud environment detection to telemetry (v2.18.1)
Merge pull request #289 from czlonkowski/fix/validation-warning-system-redesign
2026-01-30 14:32:04 +00:00 · 2025-10-08 14:30:00 +02:00 · 2025-10-08 12:27:00 +02:00
12 changed files with 69 additions and 1490 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,435 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

-## [2.18.3] - 2025-10-09
-
-### 🔒 Critical Safety Fixes
-
-**Emergency hotfix addressing 7 critical issues from v2.18.2 code review.**
-
-This release fixes critical safety violations in the startup error logging system that could have prevented the server from starting. All fixes ensure telemetry failures never crash the server.
-
-#### Problem
-
-Code review of v2.18.2 identified 7 critical/high-priority safety issues:
- **CRITICAL-01**: Missing database checkpoints (DATABASE_CONNECTING/CONNECTED never logged)
- **CRITICAL-02**: Constructor can throw before defensive initialization
- **CRITICAL-03**: Blocking awaits delay startup (5s+ with 10 checkpoints × 500ms latency)
- **HIGH-01**: ReDoS vulnerability in error sanitization regex
- **HIGH-02**: Race conditions in EarlyErrorLogger initialization
- **HIGH-03**: No timeout on Supabase operations (can hang indefinitely)
- **HIGH-04**: Missing N8N API checkpoints
-
-#### Fixed
-
-**CRITICAL-01: Missing Database Checkpoints**
- Added `DATABASE_CONNECTING` checkpoint before database initialization
- Added `DATABASE_CONNECTED` checkpoint after successful initialization
- Pass `earlyLogger` to `N8NDocumentationMCPServer` constructor
- Checkpoint logging in `initializeDatabase()` method
- Files: `src/mcp/server.ts`, `src/mcp/index.ts`
-
-**CRITICAL-02: Constructor Can Throw**
- Converted `EarlyErrorLogger` to singleton pattern with `getInstance()` method
- Initialize ALL fields to safe defaults BEFORE any operation that can throw
- Defensive initialization order:
-  1. Set `enabled = false` (safe default)
-  2. Set `supabase = null` (safe default)
-  3. Set `userId = null` (safe default)
-  4. THEN wrap initialization in try-catch
- Async `initialize()` method separated from constructor
- File: `src/telemetry/early-error-logger.ts`
-
-**CRITICAL-03: Blocking Awaits Delay Startup**
- Removed ALL `await` keywords from checkpoint calls (8 locations)
- Changed `logCheckpoint()` from async to synchronous (void return)
- Changed `logStartupError()` to fire-and-forget with internal async implementation
- Changed `logStartupSuccess()` to fire-and-forget
- Startup no longer blocked by telemetry operations
- Files: `src/mcp/index.ts`, `src/telemetry/early-error-logger.ts`
-
-**HIGH-01: ReDoS Vulnerability in Error Sanitization**
- Removed negative lookbehind regex: `(?<!Bearer\s)token\s*[=:]\s*\S+`
- Replaced with simplified regex: `\btoken\s*[=:]\s*[^\s;,)]+`
- No complex capturing groups (catastrophic backtracking impossible)
- File: `src/telemetry/error-sanitization-utils.ts`
-
-**HIGH-02: Race Conditions in EarlyErrorLogger**
- Singleton pattern prevents multiple instances
- Added `initPromise` property to track initialization state
- Added `waitForInit()` method for testing
- All methods gracefully handle uninitialized state
- File: `src/telemetry/early-error-logger.ts`
-
-**HIGH-03: No Timeout on Supabase Operations**
- Added `withTimeout()` wrapper function (5-second max)
- Uses `Promise.race()` pattern to prevent hanging
- Applies to all direct Supabase inserts
- Returns `null` on timeout (graceful degradation)
- File: `src/telemetry/early-error-logger.ts`
-
-**HIGH-04: Missing N8N API Checkpoints**
- Added `N8N_API_CHECKING` checkpoint before n8n API configuration check
- Added `N8N_API_READY` checkpoint after configuration validated
- Logged after database initialization completes
- File: `src/mcp/server.ts`
-
-#### Added
-
-**Shared Sanitization Utilities**
- Created `src/telemetry/error-sanitization-utils.ts`
- `sanitizeErrorMessageCore()` function shared across modules
- Eliminates code duplication between `error-sanitizer.ts` and `event-tracker.ts`
- Includes ReDoS fix (simplified token regex)
-
-**Singleton Pattern for EarlyErrorLogger**
- `EarlyErrorLogger.getInstance()` - Get singleton instance
- Private constructor prevents direct instantiation
- `waitForInit()` method for testing
-
-**Timeout Wrapper**
- `withTimeout()` helper function
- 5-second timeout for all Supabase operations
- Promise.race pattern with automatic cleanup
-
-#### Changed
-
-**EarlyErrorLogger Architecture**
- Singleton instead of direct instantiation
- Defensive initialization (safe defaults first)
- Fire-and-forget methods (non-blocking)
- Timeout protection for network operations
-
-**Checkpoint Logging**
- All checkpoint calls are now fire-and-forget (no await)
- No startup delay from telemetry operations
- Database checkpoints now logged in server.ts
- N8N API checkpoints now logged after database init
-
-**Error Sanitization**
- Shared utilities across all telemetry modules
- ReDoS-safe regex patterns
- Consistent sanitization behavior
-
-#### Technical Details
-
-**Defensive Initialization Pattern:**
-```typescript
-export class EarlyErrorLogger {
-  // Safe defaults FIRST (before any throwing operation)
-  private enabled: boolean = false;
-  private supabase: SupabaseClient | null = null;
-  private userId: string | null = null;
-
-  private constructor() {
-    // Kick off async init without blocking
-    this.initPromise = this.initialize();
-  }
-
-  private async initialize(): Promise<void> {
-    try {
-      // Validate config BEFORE using
-      if (!TELEMETRY_BACKEND.URL || !TELEMETRY_BACKEND.ANON_KEY) {
-        this.enabled = false;
-        return;
-      }
-      // ... rest of initialization
-    } catch (error) {
-      // Ensure safe state on error
-      this.enabled = false;
-      this.supabase = null;
-      this.userId = null;
-    }
-  }
-}
-```
-
-**Fire-and-Forget Pattern:**
-```typescript
-// BEFORE (BLOCKING):
-await earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED);
-
-// AFTER (NON-BLOCKING):
-earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED);
-```
-
-**Timeout Wrapper:**
-```typescript
-async function withTimeout<T>(promise: Promise<T>, timeoutMs: number, operation: string): Promise<T | null> {
-  try {
-    const timeoutPromise = new Promise<T>((_, reject) => {
-      setTimeout(() => reject(new Error(`${operation} timeout after ${timeoutMs}ms`)), timeoutMs);
-    });
-    return await Promise.race([promise, timeoutPromise]);
-  } catch (error) {
-    logger.debug(`${operation} failed or timed out:`, error);
-    return null;
-  }
-}
-```
-
-**ReDoS Fix:**
-```typescript
-// BEFORE (VULNERABLE):
-.replace(/(?<!Bearer\s)token\s*[=:]\s*\S+/gi, 'token=[REDACTED]')
-
-// AFTER (SAFE):
-.replace(/\btoken\s*[=:]\s*[^\s;,)]+/gi, 'token=[REDACTED]')
-```
-
-#### Impact
-
-**Server Stability:**
- **100%** elimination of telemetry-caused startup failures
- Telemetry failures NEVER crash the server
- Startup time unaffected by telemetry latency
-
-**Coverage Improvement:**
- Database failures now tracked (DATABASE_CONNECTING/CONNECTED checkpoints)
- N8N API configuration issues now tracked (N8N_API_CHECKING/READY checkpoints)
- Complete visibility into all startup phases
-
-**Performance:**
- No startup delay from telemetry (removed blocking awaits)
- 5-second timeout prevents hanging on Supabase failures
- Fire-and-forget pattern ensures server starts immediately
-
-**Security:**
- ReDoS vulnerability eliminated
- Simplified regex patterns (no catastrophic backtracking)
- Shared sanitization ensures consistency
-
-**Code Quality:**
- DRY principle (shared error-sanitization-utils)
- Defensive programming (safe defaults before operations)
- Race-condition free (singleton + initPromise)
-
-#### Files Changed
-
-**New Files (1):**
- `src/telemetry/error-sanitization-utils.ts` - Shared sanitization utilities
-
-**Modified Files (5):**
- `src/telemetry/early-error-logger.ts` - Singleton + defensive init + fire-and-forget + timeout
- `src/telemetry/error-sanitizer.ts` - Use shared sanitization utils
- `src/telemetry/event-tracker.ts` - Use shared sanitization utils
- `src/mcp/index.ts` - Remove blocking awaits, use singleton getInstance()
- `src/mcp/server.ts` - Add database and N8N API checkpoints
- `package.json` - Version bump to 2.18.3
-
-#### Testing
-
- **Safety**: All critical issues addressed with comprehensive fixes
- **Backward Compatibility**: 100% - only internal implementation changes
- **TypeScript**: All type checks pass
- **Build**: Clean build with no errors
-
-#### References
-
- **Code Review**: v2.18.2 comprehensive review identified 7 critical/high issues
- **User Feedback**: "Make sure telemetry failures would not crash the server - it should start regardless of this"
- **Implementation**: All CRITICAL and HIGH recommendations implemented
-
-## [2.18.2] - 2025-10-09
-
-### 🔍 Startup Error Detection
-
-**Added comprehensive startup error tracking to diagnose "server won't start" scenarios.**
-
-This release addresses a critical telemetry gap: we now capture errors that occur BEFORE the MCP server fully initializes, enabling diagnosis of the 2.2% of users who experience startup failures that were previously invisible.
-
-#### Problem
-
-Analysis of telemetry data revealed critical gaps in error coverage:
- **Zero telemetry captured** when server fails to start (no data before MCP handshake)
- **106 users (2.2%)** had only `session_start` with no other activity (likely startup failures)
- **463 users (9.7%)** experienced immediate failures or quick abandonment
- **All 4,478 error events** were from tool execution - none from initialization phase
- **Current error coverage: ~45%** - missing all pre-handshake failures
-
-#### Added
-
-**Early Error Logging System**
- New `EarlyErrorLogger` class - Independent error tracking before main telemetry ready
- Direct Supabase insert (bypasses batching for immediate persistence)
- Works even when main telemetry fails to initialize
- Sanitized error messages with security patterns from v2.15.3
- File: `src/telemetry/early-error-logger.ts`
-
-**Startup Checkpoint Tracking System**
- 10 checkpoints throughout startup process to identify failure points:
-  1. `process_started` - Process initialization
-  2. `database_connecting` - Before DB connection
-  3. `database_connected` - DB ready
-  4. `n8n_api_checking` - Before n8n API check (if applicable)
-  5. `n8n_api_ready` - n8n API ready (if applicable)
-  6. `telemetry_initializing` - Before telemetry init
-  7. `telemetry_ready` - Telemetry ready
-  8. `mcp_handshake_starting` - Before MCP handshake
-  9. `mcp_handshake_complete` - Handshake success
-  10. `server_ready` - Full initialization complete
- Helper functions: `findFailedCheckpoint()`, `getCheckpointDescription()`, `getCompletionPercentage()`
- File: `src/telemetry/startup-checkpoints.ts`
-
-**New Event Type: `startup_error`**
- Captures pre-handshake failures with full context
- Properties: `checkpoint`, `errorMessage`, `errorType`, `checkpointsPassed`, `startupDuration`, platform info
- Fires even when main telemetry not ready
- Uses early error logger with direct Supabase insert
-
-**Enhanced `session_start` Event**
- `startupDurationMs` - Time from process start to ready (new, optional)
- `checkpointsPassed` - Array of successfully passed checkpoints (new, optional)
- `startupErrorCount` - Count of errors during startup (new, optional)
- Backward compatible - all new fields optional
-
-**Startup Completion Event**
- New `startup_completed` event type
- Fired after first successful tool call
- Confirms server is functional (not a "zombie server")
- Distinguishes "never started" from "started but silent"
-
-**Error Message Sanitization**
- New `error-sanitizer.ts` utility for secure error message handling
- `extractErrorMessage()` - Safe extraction from Error objects, strings, unknowns
- `sanitizeStartupError()` - Security-focused sanitization using v2.15.3 patterns
- Removes URLs, credentials, API keys, emails, long keys
- Early truncation (ReDoS prevention), stack trace limitation (3 lines)
- File: `src/telemetry/error-sanitizer.ts`
-
-#### Changed
-
- `src/mcp/index.ts` - Added comprehensive checkpoint tracking throughout `main()` function
-  - Early logger initialization at process start
-  - Checkpoints before/after each major initialization step
-  - Error handling with checkpoint context
-  - Startup success logging with duration
- `src/mcp/server.ts` - Enhanced database initialization logging
-  - Detailed debug logs for each initialization step
-  - Better error context for database failures
- `src/telemetry/event-tracker.ts` - Enhanced `trackSessionStart()` method
-  - Now accepts optional `startupData` parameter
-  - New `trackStartupComplete()` method
- `src/telemetry/event-validator.ts` - Added validation schemas
-  - `startupErrorPropertiesSchema` for startup_error events
-  - `startupCompletedPropertiesSchema` for startup_completed events
- `src/telemetry/telemetry-types.ts` - New type definitions
-  - `StartupErrorEvent` interface
-  - `StartupCompletedEvent` interface
-  - `SessionStartProperties` interface with new optional fields
-
-#### Technical Details
-
-**Checkpoint Flow:**
-```
-Process Started → Telemetry Init → Telemetry Ready →
-MCP Handshake Starting → MCP Handshake Complete → Server Ready
-```
-
-**Error Capture Example:**
-```typescript
-try {
-  await earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.DATABASE_CONNECTING);
-  // ... database initialization ...
-  await earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.DATABASE_CONNECTED);
-} catch (error) {
-  const failedCheckpoint = findFailedCheckpoint(checkpoints);
-  await earlyLogger.logStartupError(failedCheckpoint, error);
-  throw error;
-}
-```
-
-**Error Sanitization:**
- Reuses v2.15.3 security patterns
- Early truncation to 1500 chars (ReDoS prevention)
- Redacts: URLs → `[URL]`, AWS keys → `[AWS_KEY]`, emails → `[EMAIL]`, etc.
- Stack traces limited to first 3 lines
- Final truncation to 500 chars
-
-**Database Schema:**
-```typescript
-// startup_error event structure
-{
-  event: 'startup_error',
-  user_id: string,
-  properties: {
-    checkpoint: string,           // Which checkpoint failed
-    errorMessage: string,          // Sanitized error message
-    errorType: string,             // Error type (Error, TypeError, etc.)
-    checkpointsPassed: string[],   // Checkpoints passed before failure
-    checkpointsPassedCount: number,
-    startupDuration: number,       // Time until failure (ms)
-    platform: string,              // OS platform
-    arch: string,                  // CPU architecture
-    nodeVersion: string,           // Node.js version
-    isDocker: boolean              // Docker environment
-  }
-}
-```
-
-#### Impact
-
-**Coverage Improvement:**
- **Before: 45%** error coverage (only post-handshake errors captured)
- **After: 95%** error coverage (pre-handshake + post-handshake errors)
- **+50 percentage points** in error detection capability
-
-**New Scenarios Now Diagnosable:**
-1. Database connection timeout → `database_connecting` checkpoint + error details
-2. Database file not found → `database_connecting` checkpoint + specific file path error
-3. MCP protocol mismatch → `mcp_handshake_starting` checkpoint + protocol version error
-4. Permission/access denied → Checkpoint + specific permission error
-5. Missing dependencies → Early checkpoint + dependency error
-6. Environment configuration errors → Relevant checkpoint + config details
-7. n8n API connectivity problems → `n8n_api_checking` checkpoint + connection error
-8. Telemetry initialization failures → `telemetry_initializing` checkpoint + init error
-9. Silent crashes → Detected via missing `startup_completed` event
-10. Resource constraints (memory, disk) → Checkpoint + resource error
-
-**Visibility Gains:**
- Users experiencing startup failures now generate telemetry events
- Failed checkpoint identifies exact failure point in startup sequence
- Sanitized error messages provide actionable debugging information
- Startup duration tracking identifies performance bottlenecks
- Completion percentage shows how far initialization progressed
-
-**Data Volume Impact:**
- Each successful startup: ~300 bytes (checkpoint list in session_start)
- Each failed startup: ~800 bytes (startup_error event with context)
- Expected increase: <1KB per user session
- Minimal Supabase storage impact
-
-#### Files Changed
-
-**New Files (3):**
- `src/telemetry/early-error-logger.ts` - Early error capture system
- `src/telemetry/startup-checkpoints.ts` - Checkpoint constants and helpers
- `src/telemetry/error-sanitizer.ts` - Error message sanitization utility
-
-**Modified Files (6):**
- `src/mcp/index.ts` - Integrated checkpoint tracking throughout startup
- `src/mcp/server.ts` - Enhanced database initialization logging
- `src/telemetry/event-tracker.ts` - Enhanced session_start with startup data
- `src/telemetry/event-validator.ts` - Added startup event validation
- `src/telemetry/telemetry-types.ts` - New event type definitions
- `package.json` - Version bump to 2.18.2
-
-#### Next Steps
-
-1. **Monitor Production** - Watch for startup_error events in Supabase dashboard
-2. **Analyze Patterns** - Identify most common startup failure scenarios
-3. **Build Diagnostics** - Create startup reliability dashboard
-4. **Improve Documentation** - Add troubleshooting guides for common failures
-5. **Measure Impact** - Validate that Docker/cloud user ID stability fix (v2.17.1) is working
-6. **Segment Analysis** - Compare startup reliability across environments (Docker vs local vs cloud)
-
-#### Testing
-
- **Coverage**: All new code covered by existing telemetry test suites
- **Integration**: Manual testing verified checkpoint tracking works correctly
- **Backward Compatibility**: 100% - all new fields optional, no breaking changes
- **Validation**: Zod schemas ensure data quality
-
 ## [2.18.1] - 2025-10-08

 ### 🔍 Telemetry Enhancement
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "n8n-mcp",
-  "version": "2.18.3",
+  "version": "2.18.1",
  "description": "Integration between n8n workflow automation and Model Context Protocol (MCP)",
  "main": "dist/index.js",
  "bin": {
--- a/src/mcp/index.ts
+++ b/src/mcp/index.ts
@@ -3,8 +3,6 @@
 import { N8NDocumentationMCPServer } from './server';
 import { logger } from '../utils/logger';
 import { TelemetryConfigManager } from '../telemetry/config-manager';
-import { EarlyErrorLogger } from '../telemetry/early-error-logger';
-import { STARTUP_CHECKPOINTS, findFailedCheckpoint, StartupCheckpoint } from '../telemetry/startup-checkpoints';
 import { existsSync } from 'fs';

 // Add error details to stderr for Claude Desktop debugging
@@ -55,19 +53,8 @@ function isContainerEnvironment(): boolean {
 }

 async function main() {
-  // Initialize early error logger for pre-handshake error capture (v2.18.3)
-  // Now using singleton pattern with defensive initialization
-  const startTime = Date.now();
-  const earlyLogger = EarlyErrorLogger.getInstance();
-  const checkpoints: StartupCheckpoint[] = [];
-
-  try {
-    // Checkpoint: Process started (fire-and-forget, no await)
-    earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED);
-    checkpoints.push(STARTUP_CHECKPOINTS.PROCESS_STARTED);
-
-    // Handle telemetry CLI commands
-    const args = process.argv.slice(2);
+  // Handle telemetry CLI commands
+  const args = process.argv.slice(2);
  if (args.length > 0 && args[0] === 'telemetry') {
    const telemetryConfig = TelemetryConfigManager.getInstance();
    const action = args[1];
@@ -102,15 +89,6 @@ Learn more: https://github.com/czlonkowski/n8n-mcp/blob/main/PRIVACY.md

  const mode = process.env.MCP_MODE || 'stdio';

-    // Checkpoint: Telemetry initializing (fire-and-forget, no await)
-    earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.TELEMETRY_INITIALIZING);
-    checkpoints.push(STARTUP_CHECKPOINTS.TELEMETRY_INITIALIZING);
-
-    // Telemetry is already initialized by TelemetryConfigManager in imports
-    // Mark as ready (fire-and-forget, no await)
-    earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.TELEMETRY_READY);
-    checkpoints.push(STARTUP_CHECKPOINTS.TELEMETRY_READY);
-
  try {
    // Only show debug messages in HTTP mode to avoid corrupting stdio communication
    if (mode === 'http') {
@@ -118,10 +96,6 @@ Learn more: https://github.com/czlonkowski/n8n-mcp/blob/main/PRIVACY.md
      console.error('Current directory:', process.cwd());
      console.error('Node version:', process.version);
    }
-
-    // Checkpoint: MCP handshake starting (fire-and-forget, no await)
-    earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.MCP_HANDSHAKE_STARTING);
-    checkpoints.push(STARTUP_CHECKPOINTS.MCP_HANDSHAKE_STARTING);
    
    if (mode === 'http') {
      // Check if we should use the fixed implementation
@@ -147,7 +121,7 @@ Learn more: https://github.com/czlonkowski/n8n-mcp/blob/main/PRIVACY.md
      }
    } else {
      // Stdio mode - for local Claude Desktop
-      const server = new N8NDocumentationMCPServer(undefined, earlyLogger);
+      const server = new N8NDocumentationMCPServer();

      // Graceful shutdown handler (fixes Issue #277)
      let isShuttingDown = false;
@@ -211,31 +185,12 @@ Learn more: https://github.com/czlonkowski/n8n-mcp/blob/main/PRIVACY.md

      await server.run();
    }
-
-    // Checkpoint: MCP handshake complete (fire-and-forget, no await)
-    earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.MCP_HANDSHAKE_COMPLETE);
-    checkpoints.push(STARTUP_CHECKPOINTS.MCP_HANDSHAKE_COMPLETE);
-
-    // Checkpoint: Server ready (fire-and-forget, no await)
-    earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.SERVER_READY);
-    checkpoints.push(STARTUP_CHECKPOINTS.SERVER_READY);
-
-    // Log successful startup (fire-and-forget, no await)
-    const startupDuration = Date.now() - startTime;
-    earlyLogger.logStartupSuccess(checkpoints, startupDuration);
-
-    logger.info(`Server startup completed in ${startupDuration}ms (${checkpoints.length} checkpoints passed)`);
-
  } catch (error) {
-    // Log startup error with checkpoint context (fire-and-forget, no await)
-    const failedCheckpoint = findFailedCheckpoint(checkpoints);
-    earlyLogger.logStartupError(failedCheckpoint, error);
-
    // In stdio mode, we cannot output to console at all
    if (mode !== 'stdio') {
      console.error('Failed to start MCP server:', error);
      logger.error('Failed to start MCP server', error);
-
+      
      // Provide helpful error messages
      if (error instanceof Error && error.message.includes('nodes.db not found')) {
        console.error('\nTo fix this issue:');
@@ -249,12 +204,7 @@ Learn more: https://github.com/czlonkowski/n8n-mcp/blob/main/PRIVACY.md
        console.error('3. If that doesn\'t work, try: rm -rf node_modules && npm install');
      }
    }
-
-    process.exit(1);
-  }
-  } catch (outerError) {
-    // Outer error catch for early initialization failures
-    logger.error('Critical startup error:', outerError);
+    
    process.exit(1);
  }
 }
--- a/src/mcp/server.ts
+++ b/src/mcp/server.ts
@@ -37,8 +37,6 @@ import {
 } from '../utils/protocol-version';
 import { InstanceContext } from '../types/instance-context';
 import { telemetry } from '../telemetry';
-import { EarlyErrorLogger } from '../telemetry/early-error-logger';
-import { STARTUP_CHECKPOINTS } from '../telemetry/startup-checkpoints';

 interface NodeRow {
  node_type: string;
@@ -69,11 +67,9 @@ export class N8NDocumentationMCPServer {
  private instanceContext?: InstanceContext;
  private previousTool: string | null = null;
  private previousToolTimestamp: number = Date.now();
-  private earlyLogger: EarlyErrorLogger | null = null;

-  constructor(instanceContext?: InstanceContext, earlyLogger?: EarlyErrorLogger) {
+  constructor(instanceContext?: InstanceContext) {
    this.instanceContext = instanceContext;
-    this.earlyLogger = earlyLogger || null;
    // Check for test environment first
    const envDbPath = process.env.NODE_DB_PATH;
    let dbPath: string | null = null;
@@ -104,27 +100,18 @@ export class N8NDocumentationMCPServer {
    }
    
    // Initialize database asynchronously
-    this.initialized = this.initializeDatabase(dbPath).then(() => {
-      // After database is ready, check n8n API configuration (v2.18.3)
-      if (this.earlyLogger) {
-        this.earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.N8N_API_CHECKING);
-      }
-
-      // Log n8n API configuration status at startup
-      const apiConfigured = isN8nApiConfigured();
-      const totalTools = apiConfigured ?
-        n8nDocumentationToolsFinal.length + n8nManagementTools.length :
-        n8nDocumentationToolsFinal.length;
-
-      logger.info(`MCP server initialized with ${totalTools} tools (n8n API: ${apiConfigured ? 'configured' : 'not configured'})`);
-
-      if (this.earlyLogger) {
-        this.earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.N8N_API_READY);
-      }
-    });
-
+    this.initialized = this.initializeDatabase(dbPath);
+    
    logger.info('Initializing n8n Documentation MCP server');
    
+    // Log n8n API configuration status at startup
+    const apiConfigured = isN8nApiConfigured();
+    const totalTools = apiConfigured ? 
+      n8nDocumentationToolsFinal.length + n8nManagementTools.length : 
+      n8nDocumentationToolsFinal.length;
+    
+    logger.info(`MCP server initialized with ${totalTools} tools (n8n API: ${apiConfigured ? 'configured' : 'not configured'})`);
+    
    this.server = new Server(
      {
        name: 'n8n-documentation-mcp',
@@ -142,38 +129,20 @@ export class N8NDocumentationMCPServer {
  
  private async initializeDatabase(dbPath: string): Promise<void> {
    try {
-      // Checkpoint: Database connecting (v2.18.3)
-      if (this.earlyLogger) {
-        this.earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.DATABASE_CONNECTING);
-      }
-
-      logger.debug('Database initialization starting...', { dbPath });
-
      this.db = await createDatabaseAdapter(dbPath);
-      logger.debug('Database adapter created');
-
+      
      // If using in-memory database for tests, initialize schema
      if (dbPath === ':memory:') {
        await this.initializeInMemorySchema();
-        logger.debug('In-memory schema initialized');
      }
-
+      
      this.repository = new NodeRepository(this.db);
-      logger.debug('Node repository initialized');
-
      this.templateService = new TemplateService(this.db);
-      logger.debug('Template service initialized');

      // Initialize similarity services for enhanced validation
      EnhancedConfigValidator.initializeSimilarityServices(this.repository);
-      logger.debug('Similarity services initialized');

-      // Checkpoint: Database connected (v2.18.3)
-      if (this.earlyLogger) {
-        this.earlyLogger.logCheckpoint(STARTUP_CHECKPOINTS.DATABASE_CONNECTED);
-      }
-
-      logger.info(`Database initialized successfully from: ${dbPath}`);
+      logger.info(`Initialized database from: ${dbPath}`);
    } catch (error) {
      logger.error('Failed to initialize database:', error);
      throw new Error(`Failed to open database: ${error instanceof Error ? error.message : 'Unknown error'}`);
--- a/src/telemetry/early-error-logger.ts
+++ b/src/telemetry/early-error-logger.ts
@@ -1,298 +0,0 @@
-/**
- * Early Error Logger (v2.18.3)
- * Captures errors that occur BEFORE the main telemetry system is ready
- * Uses direct Supabase insert to bypass batching and ensure immediate persistence
- *
- * CRITICAL FIXES:
- * - Singleton pattern to prevent multiple instances
- * - Defensive initialization (safe defaults before any throwing operation)
- * - Timeout wrapper for Supabase operations (5s max)
- * - Shared sanitization utilities (DRY principle)
- */
-
-import { createClient, SupabaseClient } from '@supabase/supabase-js';
-import { TelemetryConfigManager } from './config-manager';
-import { TELEMETRY_BACKEND } from './telemetry-types';
-import { StartupCheckpoint, isValidCheckpoint, getCheckpointDescription } from './startup-checkpoints';
-import { sanitizeErrorMessageCore } from './error-sanitization-utils';
-import { logger } from '../utils/logger';
-
-/**
- * Timeout wrapper for async operations
- * Prevents hanging if Supabase is unreachable
- */
-async function withTimeout<T>(promise: Promise<T>, timeoutMs: number, operation: string): Promise<T | null> {
-  try {
-    const timeoutPromise = new Promise<T>((_, reject) => {
-      setTimeout(() => reject(new Error(`${operation} timeout after ${timeoutMs}ms`)), timeoutMs);
-    });
-
-    return await Promise.race([promise, timeoutPromise]);
-  } catch (error) {
-    logger.debug(`${operation} failed or timed out:`, error);
-    return null;
-  }
-}
-
-export class EarlyErrorLogger {
-  // Singleton instance
-  private static instance: EarlyErrorLogger | null = null;
-
-  // DEFENSIVE INITIALIZATION: Initialize all fields to safe defaults FIRST
-  // This ensures the object is in a valid state even if initialization fails
-  private enabled: boolean = false;  // Safe default: disabled
-  private supabase: SupabaseClient | null = null;  // Safe default: null
-  private userId: string | null = null;  // Safe default: null
-  private checkpoints: StartupCheckpoint[] = [];
-  private startTime: number = Date.now();
-  private initPromise: Promise<void>;
-
-  /**
-   * Private constructor - use getInstance() instead
-   * Ensures only one instance exists per process
-   */
-  private constructor() {
-    // Kick off async initialization without blocking
-    this.initPromise = this.initialize();
-  }
-
-  /**
-   * Get singleton instance
-   * Safe to call from anywhere - initialization errors won't crash caller
-   */
-  static getInstance(): EarlyErrorLogger {
-    if (!EarlyErrorLogger.instance) {
-      EarlyErrorLogger.instance = new EarlyErrorLogger();
-    }
-    return EarlyErrorLogger.instance;
-  }
-
-  /**
-   * Async initialization logic
-   * Separated from constructor to prevent throwing before safe defaults are set
-   */
-  private async initialize(): Promise<void> {
-    try {
-      // Validate backend configuration before using
-      if (!TELEMETRY_BACKEND.URL || !TELEMETRY_BACKEND.ANON_KEY) {
-        logger.debug('Telemetry backend not configured, early error logger disabled');
-        this.enabled = false;
-        return;
-      }
-
-      // Check if telemetry is disabled by user
-      const configManager = TelemetryConfigManager.getInstance();
-      const isEnabled = configManager.isEnabled();
-
-      if (!isEnabled) {
-        logger.debug('Telemetry disabled by user, early error logger will not send events');
-        this.enabled = false;
-        return;
-      }
-
-      // Initialize Supabase client for direct inserts
-      this.supabase = createClient(
-        TELEMETRY_BACKEND.URL,
-        TELEMETRY_BACKEND.ANON_KEY,
-        {
-          auth: {
-            persistSession: false,
-            autoRefreshToken: false,
-          },
-        }
-      );
-
-      // Get user ID from config manager
-      this.userId = configManager.getUserId();
-
-      // Mark as enabled only after successful initialization
-      this.enabled = true;
-
-      logger.debug('Early error logger initialized successfully');
-    } catch (error) {
-      // Initialization failed - ensure safe state
-      logger.debug('Early error logger initialization failed:', error);
-      this.enabled = false;
-      this.supabase = null;
-      this.userId = null;
-    }
-  }
-
-  /**
-   * Wait for initialization to complete (for testing)
-   * Not needed in production - all methods handle uninitialized state gracefully
-   */
-  async waitForInit(): Promise<void> {
-    await this.initPromise;
-  }
-
-  /**
-   * Log a checkpoint as the server progresses through startup
-   * FIRE-AND-FORGET: Does not block caller (no await needed)
-   */
-  logCheckpoint(checkpoint: StartupCheckpoint): void {
-    if (!this.enabled) {
-      return;
-    }
-
-    try {
-      // Validate checkpoint
-      if (!isValidCheckpoint(checkpoint)) {
-        logger.warn(`Invalid checkpoint: ${checkpoint}`);
-        return;
-      }
-
-      // Add to internal checkpoint list
-      this.checkpoints.push(checkpoint);
-
-      logger.debug(`Checkpoint passed: ${checkpoint} (${getCheckpointDescription(checkpoint)})`);
-    } catch (error) {
-      // Don't throw - we don't want checkpoint logging to crash the server
-      logger.debug('Failed to log checkpoint:', error);
-    }
-  }
-
-  /**
-   * Log a startup error with checkpoint context
-   * This is the main error capture mechanism
-   * FIRE-AND-FORGET: Does not block caller
-   */
-  logStartupError(checkpoint: StartupCheckpoint, error: unknown): void {
-    if (!this.enabled || !this.supabase || !this.userId) {
-      return;
-    }
-
-    // Run async operation without blocking caller
-    this.logStartupErrorAsync(checkpoint, error).catch((logError) => {
-      // Swallow errors - telemetry must never crash the server
-      logger.debug('Failed to log startup error:', logError);
-    });
-  }
-
-  /**
-   * Internal async implementation with timeout wrapper
-   */
-  private async logStartupErrorAsync(checkpoint: StartupCheckpoint, error: unknown): Promise<void> {
-    try {
-      // Sanitize error message using shared utilities (v2.18.3)
-      let errorMessage = 'Unknown error';
-      if (error instanceof Error) {
-        errorMessage = error.message;
-        if (error.stack) {
-          errorMessage = error.stack;
-        }
-      } else if (typeof error === 'string') {
-        errorMessage = error;
-      } else {
-        errorMessage = String(error);
-      }
-
-      const sanitizedError = sanitizeErrorMessageCore(errorMessage);
-
-      // Extract error type if it's an Error object
-      let errorType = 'unknown';
-      if (error instanceof Error) {
-        errorType = error.name || 'Error';
-      } else if (typeof error === 'string') {
-        errorType = 'string_error';
-      }
-
-      // Create startup_error event
-      const event = {
-        user_id: this.userId!,
-        event: 'startup_error',
-        properties: {
-          checkpoint,
-          errorMessage: sanitizedError,
-          errorType,
-          checkpointsPassed: this.checkpoints,
-          checkpointsPassedCount: this.checkpoints.length,
-          startupDuration: Date.now() - this.startTime,
-          platform: process.platform,
-          arch: process.arch,
-          nodeVersion: process.version,
-          isDocker: process.env.IS_DOCKER === 'true',
-        },
-        created_at: new Date().toISOString(),
-      };
-
-      // Direct insert to Supabase with timeout (5s max)
-      const insertOperation = async () => {
-        return await this.supabase!
-          .from('events')
-          .insert(event)
-          .select()
-          .single();
-      };
-
-      const result = await withTimeout(insertOperation(), 5000, 'Startup error insert');
-
-      if (result && 'error' in result && result.error) {
-        logger.debug('Failed to insert startup error event:', result.error);
-      } else if (result) {
-        logger.debug(`Startup error logged for checkpoint: ${checkpoint}`);
-      }
-    } catch (logError) {
-      // Don't throw - telemetry failures should never crash the server
-      logger.debug('Failed to log startup error:', logError);
-    }
-  }
-
-  /**
-   * Log successful startup completion
-   * Called when all checkpoints have been passed
-   * FIRE-AND-FORGET: Does not block caller
-   */
-  logStartupSuccess(checkpoints: StartupCheckpoint[], durationMs: number): void {
-    if (!this.enabled) {
-      return;
-    }
-
-    try {
-      // Store checkpoints for potential session_start enhancement
-      this.checkpoints = checkpoints;
-
-      logger.debug(`Startup successful: ${checkpoints.length} checkpoints passed in ${durationMs}ms`);
-
-      // We don't send a separate event here - this data will be included
-      // in the session_start event sent by the main telemetry system
-    } catch (error) {
-      logger.debug('Failed to log startup success:', error);
-    }
-  }
-
-  /**
-   * Get the list of checkpoints passed so far
-   */
-  getCheckpoints(): StartupCheckpoint[] {
-    return [...this.checkpoints];
-  }
-
-  /**
-   * Get startup duration in milliseconds
-   */
-  getStartupDuration(): number {
-    return Date.now() - this.startTime;
-  }
-
-  /**
-   * Get startup data for inclusion in session_start event
-   */
-  getStartupData(): { durationMs: number; checkpoints: StartupCheckpoint[] } | null {
-    if (!this.enabled) {
-      return null;
-    }
-
-    return {
-      durationMs: this.getStartupDuration(),
-      checkpoints: this.getCheckpoints(),
-    };
-  }
-
-  /**
-   * Check if early logger is enabled
-   */
-  isEnabled(): boolean {
-    return this.enabled && this.supabase !== null && this.userId !== null;
-  }
-}
--- a/src/telemetry/error-sanitization-utils.ts
+++ b/src/telemetry/error-sanitization-utils.ts
@@ -1,75 +0,0 @@
-/**
- * Shared Error Sanitization Utilities
- * Used by both error-sanitizer.ts and event-tracker.ts to avoid code duplication
- *
- * Security patterns from v2.15.3 with ReDoS fix from v2.18.3
- */
-
-import { logger } from '../utils/logger';
-
-/**
- * Core error message sanitization with security-focused patterns
- *
- * Sanitization order (critical for preventing leakage):
- * 1. Early truncation (ReDoS prevention)
- * 2. Stack trace limitation
- * 3. URLs (most encompassing) - fully redact
- * 4. Specific credentials (AWS, GitHub, JWT, Bearer)
- * 5. Emails (after URLs)
- * 6. Long keys and tokens
- * 7. Generic credential patterns
- * 8. Final truncation
- *
- * @param errorMessage - Raw error message to sanitize
- * @returns Sanitized error message safe for telemetry
- */
-export function sanitizeErrorMessageCore(errorMessage: string): string {
-  try {
-    // Early truncate to prevent ReDoS and performance issues
-    const maxLength = 1500;
-    const trimmed = errorMessage.length > maxLength
-      ? errorMessage.substring(0, maxLength)
-      : errorMessage;
-
-    // Handle stack traces - keep only first 3 lines (message + top stack frames)
-    const lines = trimmed.split('\n');
-    let sanitized = lines.slice(0, 3).join('\n');
-
-    // Sanitize sensitive data in correct order to prevent leakage
-
-    // 1. URLs first (most encompassing) - fully redact to prevent path leakage
-    sanitized = sanitized.replace(/https?:\/\/\S+/gi, '[URL]');
-
-    // 2. Specific credential patterns (before generic patterns)
-    sanitized = sanitized
-      .replace(/AKIA[A-Z0-9]{16}/g, '[AWS_KEY]')
-      .replace(/ghp_[a-zA-Z0-9]{36,}/g, '[GITHUB_TOKEN]')
-      .replace(/eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g, '[JWT]')
-      .replace(/Bearer\s+[^\s]+/gi, 'Bearer [TOKEN]');
-
-    // 3. Emails (after URLs to avoid partial matches)
-    sanitized = sanitized.replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, '[EMAIL]');
-
-    // 4. Long keys and quoted tokens
-    sanitized = sanitized
-      .replace(/\b[a-zA-Z0-9_-]{32,}\b/g, '[KEY]')
-      .replace(/(['"])[a-zA-Z0-9_-]{16,}\1/g, '$1[TOKEN]$1');
-
-    // 5. Generic credential patterns (after specific ones to avoid conflicts)
-    // FIX (v2.18.3): Replaced negative lookbehind with simpler regex to prevent ReDoS
-    sanitized = sanitized
-      .replace(/password\s*[=:]\s*\S+/gi, 'password=[REDACTED]')
-      .replace(/api[_-]?key\s*[=:]\s*\S+/gi, 'api_key=[REDACTED]')
-      .replace(/\btoken\s*[=:]\s*[^\s;,)]+/gi, 'token=[REDACTED]'); // Simplified regex (no negative lookbehind)
-
-    // Final truncate to 500 chars
-    if (sanitized.length > 500) {
-      sanitized = sanitized.substring(0, 500) + '...';
-    }
-
-    return sanitized;
-  } catch (error) {
-    logger.debug('Error message sanitization failed:', error);
-    return '[SANITIZATION_FAILED]';
-  }
-}
--- a/src/telemetry/error-sanitizer.ts
+++ b/src/telemetry/error-sanitizer.ts
@@ -1,65 +0,0 @@
-/**
- * Error Sanitizer for Startup Errors (v2.18.3)
- * Extracts and sanitizes error messages with security-focused patterns
- * Now uses shared sanitization utilities to avoid code duplication
- */
-
-import { logger } from '../utils/logger';
-import { sanitizeErrorMessageCore } from './error-sanitization-utils';
-
-/**
- * Extract error message from unknown error type
- * Safely handles Error objects, strings, and other types
- */
-export function extractErrorMessage(error: unknown): string {
-  try {
-    if (error instanceof Error) {
-      // Include stack trace if available (will be truncated later)
-      return error.stack || error.message || 'Unknown error';
-    }
-
-    if (typeof error === 'string') {
-      return error;
-    }
-
-    if (error && typeof error === 'object') {
-      // Try to extract message from object
-      const errorObj = error as any;
-      if (errorObj.message) {
-        return String(errorObj.message);
-      }
-      if (errorObj.error) {
-        return String(errorObj.error);
-      }
-      // Fall back to JSON stringify with truncation
-      try {
-        return JSON.stringify(error).substring(0, 500);
-      } catch {
-        return 'Error object (unstringifiable)';
-      }
-    }
-
-    return String(error);
-  } catch (extractError) {
-    logger.debug('Error during message extraction:', extractError);
-    return 'Error message extraction failed';
-  }
-}
-
-/**
- * Sanitize startup error message to remove sensitive data
- * Now uses shared sanitization core from error-sanitization-utils.ts (v2.18.3)
- * This eliminates code duplication and the ReDoS vulnerability
- */
-export function sanitizeStartupError(errorMessage: string): string {
-  return sanitizeErrorMessageCore(errorMessage);
-}
-
-/**
- * Combined operation: Extract and sanitize error message
- * This is the main entry point for startup error processing
- */
-export function processStartupError(error: unknown): string {
-  const message = extractErrorMessage(error);
-  return sanitizeStartupError(message);
-}
--- a/src/telemetry/event-tracker.ts
+++ b/src/telemetry/event-tracker.ts
@@ -1,7 +1,6 @@
 /**
- * Event Tracker for Telemetry (v2.18.3)
+ * Event Tracker for Telemetry
 * Handles all event tracking logic extracted from TelemetryManager
- * Now uses shared sanitization utilities to avoid code duplication
 */

 import { TelemetryEvent, WorkflowTelemetry } from './telemetry-types';
@@ -12,7 +11,6 @@ import { TelemetryError, TelemetryErrorType } from './telemetry-error';
 import { logger } from '../utils/logger';
 import { existsSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { sanitizeErrorMessageCore } from './error-sanitization-utils';

 export class TelemetryEventTracker {
  private rateLimiter: TelemetryRateLimiter;
@@ -167,13 +165,9 @@ export class TelemetryEventTracker {
  }

  /**
-   * Track session start with optional startup tracking data (v2.18.2)
+   * Track session start
   */
-  trackSessionStart(startupData?: {
-    durationMs?: number;
-    checkpoints?: string[];
-    errorCount?: number;
-  }): void {
+  trackSessionStart(): void {
    if (!this.isEnabled()) return;

    this.trackEvent('session_start', {
@@ -183,22 +177,6 @@ export class TelemetryEventTracker {
      nodeVersion: process.version,
      isDocker: process.env.IS_DOCKER === 'true',
      cloudPlatform: this.detectCloudPlatform(),
-      // NEW: Startup tracking fields (v2.18.2)
-      startupDurationMs: startupData?.durationMs,
-      checkpointsPassed: startupData?.checkpoints,
-      startupErrorCount: startupData?.errorCount || 0,
-    });
-  }
-
-  /**
-   * Track startup completion (v2.18.2)
-   * Called after first successful tool call to confirm server is functional
-   */
-  trackStartupComplete(): void {
-    if (!this.isEnabled()) return;
-
-    this.trackEvent('startup_completed', {
-      version: this.getPackageVersion(),
    });
  }

@@ -472,10 +450,53 @@ export class TelemetryEventTracker {

  /**
   * Sanitize error message
-   * Now uses shared sanitization core from error-sanitization-utils.ts (v2.18.3)
-   * This eliminates code duplication and the ReDoS vulnerability
   */
  private sanitizeErrorMessage(errorMessage: string): string {
-    return sanitizeErrorMessageCore(errorMessage);
+    try {
+      // Early truncate to prevent ReDoS and performance issues
+      const maxLength = 1500;
+      const trimmed = errorMessage.length > maxLength
+        ? errorMessage.substring(0, maxLength)
+        : errorMessage;
+
+      // Handle stack traces - keep only first 3 lines (message + top stack frames)
+      const lines = trimmed.split('\n');
+      let sanitized = lines.slice(0, 3).join('\n');
+
+      // Sanitize sensitive data in correct order to prevent leakage
+      // 1. URLs first (most encompassing) - fully redact to prevent path leakage
+      sanitized = sanitized.replace(/https?:\/\/\S+/gi, '[URL]');
+
+      // 2. Specific credential patterns (before generic patterns)
+      sanitized = sanitized
+        .replace(/AKIA[A-Z0-9]{16}/g, '[AWS_KEY]')
+        .replace(/ghp_[a-zA-Z0-9]{36,}/g, '[GITHUB_TOKEN]')
+        .replace(/eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g, '[JWT]')
+        .replace(/Bearer\s+[^\s]+/gi, 'Bearer [TOKEN]');
+
+      // 3. Emails (after URLs to avoid partial matches)
+      sanitized = sanitized.replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, '[EMAIL]');
+
+      // 4. Long keys and quoted tokens
+      sanitized = sanitized
+        .replace(/\b[a-zA-Z0-9_-]{32,}\b/g, '[KEY]')
+        .replace(/(['"])[a-zA-Z0-9_-]{16,}\1/g, '$1[TOKEN]$1');
+
+      // 5. Generic credential patterns (after specific ones to avoid conflicts)
+      sanitized = sanitized
+        .replace(/password\s*[=:]\s*\S+/gi, 'password=[REDACTED]')
+        .replace(/api[_-]?key\s*[=:]\s*\S+/gi, 'api_key=[REDACTED]')
+        .replace(/(?<!Bearer\s)token\s*[=:]\s*\S+/gi, 'token=[REDACTED]');  // Negative lookbehind to avoid Bearer tokens
+
+      // Final truncate to 500 chars
+      if (sanitized.length > 500) {
+        sanitized = sanitized.substring(0, 500) + '...';
+      }
+
+      return sanitized;
+    } catch (error) {
+      logger.debug('Error message sanitization failed:', error);
+      return '[SANITIZATION_FAILED]';
+    }
  }
 }
--- a/src/telemetry/event-validator.ts
+++ b/src/telemetry/event-validator.ts
@@ -104,33 +104,12 @@ const performanceMetricPropertiesSchema = z.object({
  metadata: z.record(z.any()).optional()
 });

-// Schema for startup_error event properties (v2.18.2)
-const startupErrorPropertiesSchema = z.object({
-  checkpoint: z.string().max(100),
-  errorMessage: z.string().max(500),
-  errorType: z.string().max(100),
-  checkpointsPassed: z.array(z.string()).max(20),
-  checkpointsPassedCount: z.number().int().min(0).max(20),
-  startupDuration: z.number().min(0).max(300000), // Max 5 minutes
-  platform: z.string().max(50),
-  arch: z.string().max(50),
-  nodeVersion: z.string().max(50),
-  isDocker: z.boolean()
-});
-
-// Schema for startup_completed event properties (v2.18.2)
-const startupCompletedPropertiesSchema = z.object({
-  version: z.string().max(50)
-});
-
 // Map of event names to their specific schemas
 const EVENT_SCHEMAS: Record<string, z.ZodSchema<any>> = {
  'tool_used': toolUsagePropertiesSchema,
  'search_query': searchQueryPropertiesSchema,
  'validation_details': validationDetailsPropertiesSchema,
  'performance_metric': performanceMetricPropertiesSchema,
-  'startup_error': startupErrorPropertiesSchema,
-  'startup_completed': startupCompletedPropertiesSchema,
 };

 /**
--- a/src/telemetry/startup-checkpoints.ts
+++ b/src/telemetry/startup-checkpoints.ts
@@ -1,133 +0,0 @@
-/**
- * Startup Checkpoint System
- * Defines checkpoints throughout the server initialization process
- * to identify where failures occur
- */
-
-/**
- * Startup checkpoint constants
- * These checkpoints mark key stages in the server initialization process
- */
-export const STARTUP_CHECKPOINTS = {
-  /** Process has started, very first checkpoint */
-  PROCESS_STARTED: 'process_started',
-
-  /** About to connect to database */
-  DATABASE_CONNECTING: 'database_connecting',
-
-  /** Database connection successful */
-  DATABASE_CONNECTED: 'database_connected',
-
-  /** About to check n8n API configuration (if applicable) */
-  N8N_API_CHECKING: 'n8n_api_checking',
-
-  /** n8n API is configured and ready (if applicable) */
-  N8N_API_READY: 'n8n_api_ready',
-
-  /** About to initialize telemetry system */
-  TELEMETRY_INITIALIZING: 'telemetry_initializing',
-
-  /** Telemetry system is ready */
-  TELEMETRY_READY: 'telemetry_ready',
-
-  /** About to start MCP handshake */
-  MCP_HANDSHAKE_STARTING: 'mcp_handshake_starting',
-
-  /** MCP handshake completed successfully */
-  MCP_HANDSHAKE_COMPLETE: 'mcp_handshake_complete',
-
-  /** Server is fully ready to handle requests */
-  SERVER_READY: 'server_ready',
-} as const;
-
-/**
- * Type for checkpoint names
- */
-export type StartupCheckpoint = typeof STARTUP_CHECKPOINTS[keyof typeof STARTUP_CHECKPOINTS];
-
-/**
- * Checkpoint data structure
- */
-export interface CheckpointData {
-  name: StartupCheckpoint;
-  timestamp: number;
-  success: boolean;
-  error?: string;
-}
-
-/**
- * Get all checkpoint names in order
- */
-export function getAllCheckpoints(): StartupCheckpoint[] {
-  return Object.values(STARTUP_CHECKPOINTS);
-}
-
-/**
- * Find which checkpoint failed based on the list of passed checkpoints
- * Returns the first checkpoint that was not passed
- */
-export function findFailedCheckpoint(passedCheckpoints: string[]): StartupCheckpoint {
-  const allCheckpoints = getAllCheckpoints();
-
-  for (const checkpoint of allCheckpoints) {
-    if (!passedCheckpoints.includes(checkpoint)) {
-      return checkpoint;
-    }
-  }
-
-  // If all checkpoints were passed, the failure must have occurred after SERVER_READY
-  // This would be an unexpected post-initialization failure
-  return STARTUP_CHECKPOINTS.SERVER_READY;
-}
-
-/**
- * Validate if a string is a valid checkpoint
- */
-export function isValidCheckpoint(checkpoint: string): checkpoint is StartupCheckpoint {
-  return getAllCheckpoints().includes(checkpoint as StartupCheckpoint);
-}
-
-/**
- * Get human-readable description for a checkpoint
- */
-export function getCheckpointDescription(checkpoint: StartupCheckpoint): string {
-  const descriptions: Record<StartupCheckpoint, string> = {
-    [STARTUP_CHECKPOINTS.PROCESS_STARTED]: 'Process initialization started',
-    [STARTUP_CHECKPOINTS.DATABASE_CONNECTING]: 'Connecting to database',
-    [STARTUP_CHECKPOINTS.DATABASE_CONNECTED]: 'Database connection established',
-    [STARTUP_CHECKPOINTS.N8N_API_CHECKING]: 'Checking n8n API configuration',
-    [STARTUP_CHECKPOINTS.N8N_API_READY]: 'n8n API ready',
-    [STARTUP_CHECKPOINTS.TELEMETRY_INITIALIZING]: 'Initializing telemetry system',
-    [STARTUP_CHECKPOINTS.TELEMETRY_READY]: 'Telemetry system ready',
-    [STARTUP_CHECKPOINTS.MCP_HANDSHAKE_STARTING]: 'Starting MCP protocol handshake',
-    [STARTUP_CHECKPOINTS.MCP_HANDSHAKE_COMPLETE]: 'MCP handshake completed',
-    [STARTUP_CHECKPOINTS.SERVER_READY]: 'Server fully initialized and ready',
-  };
-
-  return descriptions[checkpoint] || 'Unknown checkpoint';
-}
-
-/**
- * Get the next expected checkpoint after the given one
- * Returns null if this is the last checkpoint
- */
-export function getNextCheckpoint(current: StartupCheckpoint): StartupCheckpoint | null {
-  const allCheckpoints = getAllCheckpoints();
-  const currentIndex = allCheckpoints.indexOf(current);
-
-  if (currentIndex === -1 || currentIndex === allCheckpoints.length - 1) {
-    return null;
-  }
-
-  return allCheckpoints[currentIndex + 1];
-}
-
-/**
- * Calculate completion percentage based on checkpoints passed
- */
-export function getCompletionPercentage(passedCheckpoints: string[]): number {
-  const totalCheckpoints = getAllCheckpoints().length;
-  const passedCount = passedCheckpoints.length;
-
-  return Math.round((passedCount / totalCheckpoints) * 100);
-}
--- a/src/telemetry/telemetry-types.ts
+++ b/src/telemetry/telemetry-types.ts
@@ -3,8 +3,6 @@
 * Centralized type definitions for the telemetry system
 */

-import { StartupCheckpoint } from './startup-checkpoints';
-
 export interface TelemetryEvent {
  user_id: string;
  event: string;
@@ -12,51 +10,6 @@ export interface TelemetryEvent {
  created_at?: string;
 }

-/**
- * Startup error event - captures pre-handshake failures
- */
-export interface StartupErrorEvent extends TelemetryEvent {
-  event: 'startup_error';
-  properties: {
-    checkpoint: StartupCheckpoint;
-    errorMessage: string;
-    errorType: string;
-    checkpointsPassed: StartupCheckpoint[];
-    checkpointsPassedCount: number;
-    startupDuration: number;
-    platform: string;
-    arch: string;
-    nodeVersion: string;
-    isDocker: boolean;
-  };
-}
-
-/**
- * Startup completed event - confirms server is functional
- */
-export interface StartupCompletedEvent extends TelemetryEvent {
-  event: 'startup_completed';
-  properties: {
-    version: string;
-  };
-}
-
-/**
- * Enhanced session start properties with startup tracking
- */
-export interface SessionStartProperties {
-  version: string;
-  platform: string;
-  arch: string;
-  nodeVersion: string;
-  isDocker: boolean;
-  cloudPlatform: string | null;
-  // NEW: Startup tracking fields (v2.18.2)
-  startupDurationMs?: number;
-  checkpointsPassed?: StartupCheckpoint[];
-  startupErrorCount?: number;
-}
-
 export interface WorkflowTelemetry {
  user_id: string;
  workflow_hash: string;
--- a/tests/unit/telemetry/v2.18.3-fixes-verification.test.ts
+++ b/tests/unit/telemetry/v2.18.3-fixes-verification.test.ts
@@ -1,293 +0,0 @@
-/**
- * Verification Tests for v2.18.3 Critical Fixes
- * Tests all 7 fixes from the code review:
- * - CRITICAL-01: Database checkpoints logged
- * - CRITICAL-02: Defensive initialization
- * - CRITICAL-03: Non-blocking checkpoints
- * - HIGH-01: ReDoS vulnerability fixed
- * - HIGH-02: Race condition prevention
- * - HIGH-03: Timeout on Supabase operations
- * - HIGH-04: N8N API checkpoints logged
- */
-
-import { EarlyErrorLogger } from '../../../src/telemetry/early-error-logger';
-import { sanitizeErrorMessageCore } from '../../../src/telemetry/error-sanitization-utils';
-import { STARTUP_CHECKPOINTS } from '../../../src/telemetry/startup-checkpoints';
-
-describe('v2.18.3 Critical Fixes Verification', () => {
-  describe('CRITICAL-02: Defensive Initialization', () => {
-    it('should initialize all fields to safe defaults before any throwing operation', () => {
-      // Create instance - should not throw even if Supabase fails
-      const logger = EarlyErrorLogger.getInstance();
-      expect(logger).toBeDefined();
-
-      // Should be able to call methods immediately without crashing
-      expect(() => logger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED)).not.toThrow();
-      expect(() => logger.getCheckpoints()).not.toThrow();
-      expect(() => logger.getStartupDuration()).not.toThrow();
-    });
-
-    it('should handle multiple getInstance calls correctly (singleton)', () => {
-      const logger1 = EarlyErrorLogger.getInstance();
-      const logger2 = EarlyErrorLogger.getInstance();
-
-      expect(logger1).toBe(logger2);
-    });
-
-    it('should gracefully handle being disabled', () => {
-      const logger = EarlyErrorLogger.getInstance();
-
-      // Even if disabled, these should not throw
-      expect(() => logger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED)).not.toThrow();
-      expect(() => logger.logStartupError(STARTUP_CHECKPOINTS.DATABASE_CONNECTING, new Error('test'))).not.toThrow();
-      expect(() => logger.logStartupSuccess([], 100)).not.toThrow();
-    });
-  });
-
-  describe('CRITICAL-03: Non-blocking Checkpoints', () => {
-    it('logCheckpoint should be synchronous (fire-and-forget)', () => {
-      const logger = EarlyErrorLogger.getInstance();
-      const start = Date.now();
-
-      // Should return immediately, not block
-      logger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED);
-
-      const duration = Date.now() - start;
-      expect(duration).toBeLessThan(50); // Should be nearly instant
-    });
-
-    it('logStartupError should be synchronous (fire-and-forget)', () => {
-      const logger = EarlyErrorLogger.getInstance();
-      const start = Date.now();
-
-      // Should return immediately, not block
-      logger.logStartupError(STARTUP_CHECKPOINTS.DATABASE_CONNECTING, new Error('test'));
-
-      const duration = Date.now() - start;
-      expect(duration).toBeLessThan(50); // Should be nearly instant
-    });
-
-    it('logStartupSuccess should be synchronous (fire-and-forget)', () => {
-      const logger = EarlyErrorLogger.getInstance();
-      const start = Date.now();
-
-      // Should return immediately, not block
-      logger.logStartupSuccess([STARTUP_CHECKPOINTS.PROCESS_STARTED], 100);
-
-      const duration = Date.now() - start;
-      expect(duration).toBeLessThan(50); // Should be nearly instant
-    });
-  });
-
-  describe('HIGH-01: ReDoS Vulnerability Fixed', () => {
-    it('should handle long token strings without catastrophic backtracking', () => {
-      // This would cause ReDoS with the old regex: (?<!Bearer\s)token\s*[=:]\s*\S+
-      const maliciousInput = 'token=' + 'a'.repeat(10000);
-
-      const start = Date.now();
-      const result = sanitizeErrorMessageCore(maliciousInput);
-      const duration = Date.now() - start;
-
-      // Should complete in reasonable time (< 100ms)
-      expect(duration).toBeLessThan(100);
-      expect(result).toContain('[REDACTED]');
-    });
-
-    it('should use simplified regex pattern without negative lookbehind', () => {
-      // Test that the new pattern works correctly
-      const testCases = [
-        { input: 'token=abc123', shouldContain: '[REDACTED]' },
-        { input: 'token: xyz789', shouldContain: '[REDACTED]' },
-        { input: 'Bearer token=secret', shouldContain: '[TOKEN]' }, // Bearer gets handled separately
-        { input: 'token = test', shouldContain: '[REDACTED]' },
-        { input: 'some text here', shouldNotContain: '[REDACTED]' },
-      ];
-
-      testCases.forEach((testCase) => {
-        const result = sanitizeErrorMessageCore(testCase.input);
-        if ('shouldContain' in testCase) {
-          expect(result).toContain(testCase.shouldContain);
-        } else if ('shouldNotContain' in testCase) {
-          expect(result).not.toContain(testCase.shouldNotContain);
-        }
-      });
-    });
-
-    it('should handle edge cases without hanging', () => {
-      const edgeCases = [
-        'token=',
-        'token:',
-        'token =     ',
-        '= token',
-        'tokentoken=value',
-      ];
-
-      edgeCases.forEach((input) => {
-        const start = Date.now();
-        expect(() => sanitizeErrorMessageCore(input)).not.toThrow();
-        const duration = Date.now() - start;
-        expect(duration).toBeLessThan(50);
-      });
-    });
-  });
-
-  describe('HIGH-02: Race Condition Prevention', () => {
-    it('should track initialization state with initPromise', async () => {
-      const logger = EarlyErrorLogger.getInstance();
-
-      // Should have waitForInit method
-      expect(logger.waitForInit).toBeDefined();
-      expect(typeof logger.waitForInit).toBe('function');
-
-      // Should be able to wait for init without hanging
-      await expect(logger.waitForInit()).resolves.not.toThrow();
-    });
-
-    it('should handle concurrent checkpoint logging safely', () => {
-      const logger = EarlyErrorLogger.getInstance();
-
-      // Log multiple checkpoints concurrently
-      const checkpoints = [
-        STARTUP_CHECKPOINTS.PROCESS_STARTED,
-        STARTUP_CHECKPOINTS.DATABASE_CONNECTING,
-        STARTUP_CHECKPOINTS.DATABASE_CONNECTED,
-        STARTUP_CHECKPOINTS.N8N_API_CHECKING,
-        STARTUP_CHECKPOINTS.N8N_API_READY,
-      ];
-
-      expect(() => {
-        checkpoints.forEach(cp => logger.logCheckpoint(cp));
-      }).not.toThrow();
-    });
-  });
-
-  describe('HIGH-03: Timeout on Supabase Operations', () => {
-    it('should implement withTimeout wrapper function', async () => {
-      const logger = EarlyErrorLogger.getInstance();
-
-      // We can't directly test the private withTimeout function,
-      // but we can verify that operations don't hang indefinitely
-      const start = Date.now();
-
-      // Log an error - should complete quickly even if Supabase fails
-      logger.logStartupError(STARTUP_CHECKPOINTS.DATABASE_CONNECTING, new Error('test'));
-
-      // Give it a moment to attempt the operation
-      await new Promise(resolve => setTimeout(resolve, 100));
-
-      const duration = Date.now() - start;
-
-      // Should not hang for more than 6 seconds (5s timeout + 1s buffer)
-      expect(duration).toBeLessThan(6000);
-    });
-
-    it('should gracefully degrade when timeout occurs', async () => {
-      const logger = EarlyErrorLogger.getInstance();
-
-      // Multiple error logs should all complete quickly
-      const promises = [];
-      for (let i = 0; i < 5; i++) {
-        logger.logStartupError(STARTUP_CHECKPOINTS.DATABASE_CONNECTING, new Error(`test-${i}`));
-        promises.push(new Promise(resolve => setTimeout(resolve, 50)));
-      }
-
-      await Promise.all(promises);
-
-      // All operations should have returned (fire-and-forget)
-      expect(true).toBe(true);
-    });
-  });
-
-  describe('Error Sanitization - Shared Utilities', () => {
-    it('should remove sensitive patterns in correct order', () => {
-      const sensitiveData = 'Error: https://api.example.com/token=secret123 user@email.com';
-      const sanitized = sanitizeErrorMessageCore(sensitiveData);
-
-      expect(sanitized).not.toContain('api.example.com');
-      expect(sanitized).not.toContain('secret123');
-      expect(sanitized).not.toContain('user@email.com');
-      expect(sanitized).toContain('[URL]');
-      expect(sanitized).toContain('[EMAIL]');
-    });
-
-    it('should handle AWS keys', () => {
-      const input = 'Error: AWS key AKIAIOSFODNN7EXAMPLE leaked';
-      const result = sanitizeErrorMessageCore(input);
-
-      expect(result).not.toContain('AKIAIOSFODNN7EXAMPLE');
-      expect(result).toContain('[AWS_KEY]');
-    });
-
-    it('should handle GitHub tokens', () => {
-      const input = 'Auth failed with ghp_1234567890abcdefghijklmnopqrstuvwxyz';
-      const result = sanitizeErrorMessageCore(input);
-
-      expect(result).not.toContain('ghp_1234567890abcdefghijklmnopqrstuvwxyz');
-      expect(result).toContain('[GITHUB_TOKEN]');
-    });
-
-    it('should handle JWTs', () => {
-      const input = 'JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.abcdefghij';
-      const result = sanitizeErrorMessageCore(input);
-
-      // JWT pattern should match the full JWT
-      expect(result).not.toContain('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9');
-      expect(result).toContain('[JWT]');
-    });
-
-    it('should limit stack traces to 3 lines', () => {
-      const stackTrace = 'Error: Test\n  at func1 (file1.js:1:1)\n  at func2 (file2.js:2:2)\n  at func3 (file3.js:3:3)\n  at func4 (file4.js:4:4)';
-      const result = sanitizeErrorMessageCore(stackTrace);
-
-      const lines = result.split('\n');
-      expect(lines.length).toBeLessThanOrEqual(3);
-    });
-
-    it('should truncate at 500 chars after sanitization', () => {
-      const longMessage = 'Error: ' + 'a'.repeat(1000);
-      const result = sanitizeErrorMessageCore(longMessage);
-
-      expect(result.length).toBeLessThanOrEqual(503); // 500 + '...'
-    });
-
-    it('should return safe default on sanitization failure', () => {
-      // Pass something that might cause issues
-      const result = sanitizeErrorMessageCore(null as any);
-
-      expect(result).toBe('[SANITIZATION_FAILED]');
-    });
-  });
-
-  describe('Checkpoint Integration', () => {
-    it('should have all required checkpoint constants defined', () => {
-      expect(STARTUP_CHECKPOINTS.PROCESS_STARTED).toBe('process_started');
-      expect(STARTUP_CHECKPOINTS.DATABASE_CONNECTING).toBe('database_connecting');
-      expect(STARTUP_CHECKPOINTS.DATABASE_CONNECTED).toBe('database_connected');
-      expect(STARTUP_CHECKPOINTS.N8N_API_CHECKING).toBe('n8n_api_checking');
-      expect(STARTUP_CHECKPOINTS.N8N_API_READY).toBe('n8n_api_ready');
-      expect(STARTUP_CHECKPOINTS.TELEMETRY_INITIALIZING).toBe('telemetry_initializing');
-      expect(STARTUP_CHECKPOINTS.TELEMETRY_READY).toBe('telemetry_ready');
-      expect(STARTUP_CHECKPOINTS.MCP_HANDSHAKE_STARTING).toBe('mcp_handshake_starting');
-      expect(STARTUP_CHECKPOINTS.MCP_HANDSHAKE_COMPLETE).toBe('mcp_handshake_complete');
-      expect(STARTUP_CHECKPOINTS.SERVER_READY).toBe('server_ready');
-    });
-
-    it('should track checkpoints correctly', () => {
-      const logger = EarlyErrorLogger.getInstance();
-      const initialCount = logger.getCheckpoints().length;
-
-      logger.logCheckpoint(STARTUP_CHECKPOINTS.PROCESS_STARTED);
-
-      const checkpoints = logger.getCheckpoints();
-      expect(checkpoints.length).toBeGreaterThanOrEqual(initialCount);
-    });
-
-    it('should calculate startup duration', () => {
-      const logger = EarlyErrorLogger.getInstance();
-      const duration = logger.getStartupDuration();
-
-      expect(duration).toBeGreaterThanOrEqual(0);
-      expect(typeof duration).toBe('number');
-    });
-  });
-});
Author	SHA1	Message	Date
Romuald Członkowski	08d43bd7fb	Merge pull request #290 from czlonkowski/feature/telemetry-docker-cloud-detection feat: add Docker/cloud environment detection to telemetry (v2.18.1)	2025-10-08 14:30:00 +02:00
Romuald Członkowski	08a1d42f09	Merge pull request #289 from czlonkowski/fix/validation-warning-system-redesign fix: resolve validation warning system false positives (96.5% noise reduction)	2025-10-08 12:27:00 +02:00