@anomira/node-sdk 0.1.2 → 0.1.4

package/README.md

@@ -10,43 +10,60 @@ npm install @anomira/node-sdk
 
 ## Quick Start
 
-```ts
+```js
 import { SentinelAPI } from "@anomira/node-sdk";
 
 const sentinel = new SentinelAPI({
-  apiKey: process.env.ANOMIRA_API_KEY!,
-  appId:  process.env.ANOMIRA_APP_ID!,
+  apiKey:    process.env.SENTINEL_API_KEY,
+  appId:     process.env.SENTINEL_APP_ID,
+  ingestUrl: process.env.SENTINEL_INGEST_URL,
+  debug:     true,
 });
 ```
 
 ## Express
 
-```ts
+```js
 import express from "express";
 import { SentinelAPI } from "@anomira/node-sdk";
 
 const app = express();
+
 const sentinel = new SentinelAPI({
-  apiKey: process.env.ANOMIRA_API_KEY!,
-  appId:  process.env.ANOMIRA_APP_ID!,
+  apiKey:    process.env.SENTINEL_API_KEY,
+  appId:     process.env.SENTINEL_APP_ID,
+  ingestUrl: process.env.SENTINEL_INGEST_URL,
+  debug:     true,
+  captureConsole: true,   // forwards console.log/warn/error to Logs dashboard
+  service:        "my-api",
+  detect: {
+    bruteForce:    true,
+    rateAbuse:     true,
+    pathTraversal: true,
+    xss:           true,
+    scanDetection: true,
+    geoVelocity:   true,
+  },
 });
 
-// Add as global middleware — must come before your routes
-app.use(sentinel.express());
+app.use(express.json());
+app.use(sentinel.express());  // auto-instruments all routes
 
 app.listen(3000);
 ```
 
 ## Fastify
 
-```ts
+```js
 import Fastify from "fastify";
 import { SentinelAPI } from "@anomira/node-sdk";
 
 const app = Fastify();
+
 const sentinel = new SentinelAPI({
-  apiKey: process.env.ANOMIRA_API_KEY!,
-  appId:  process.env.ANOMIRA_APP_ID!,
+  apiKey:    process.env.SENTINEL_API_KEY,
+  appId:     process.env.SENTINEL_APP_ID,
+  ingestUrl: process.env.SENTINEL_INGEST_URL,
 });
 
 await app.register(sentinel.fastify());
@@ -56,7 +73,7 @@ app.listen({ port: 3000 });
 
 ## Manual Event Tracking
 
-```ts
+```js
 // Track a failed OTP attempt
 sentinel.track("auth.otp.failed", {
   ip:     req.ip,
@@ -73,17 +90,17 @@ sentinel.trackPhoneAuth({ ip: req.ip, userId: user.id, phone: user.phone });
 
 ## Structured Logging
 
-```ts
-sentinel.log("info",  "User registered",        { userId: user.id });
-sentinel.log("warn",  "Slow DB query",           { queryMs: 1240 });
-sentinel.log("error", "Payment failed",          { reason: err.message });
+```js
+sentinel.log("info",  "User registered",   { userId: user.id });
+sentinel.log("warn",  "Slow DB query",      { queryMs: 1240 });
+sentinel.log("error", "Payment failed",     { reason: err.message });
 ```
 
 ## Blocklist & Firewall
 
-The SDK syncs your blocklist and firewall rules from the dashboard every 60 seconds. In your own middleware you can check:
+The SDK syncs your blocklist and firewall rules from the dashboard every 60 seconds. Check them in your own middleware:
 
-```ts
+```js
 if (sentinel.isBlocked(req.ip)) {
   return res.status(403).json({ error: "Forbidden" });
 }
@@ -91,7 +108,7 @@ if (sentinel.isBlocked(req.ip)) {
 const match = sentinel.matchFirewallRule({
   url:     req.url,
   body:    req.body,
-  headers: req.headers as Record<string, string>,
+  headers: req.headers,
   ip:      req.ip,
 });
 if (match?.rule.action === "block") {
@@ -109,13 +126,21 @@ npx anomira scan ./src
 
 Exit code `1` if violations are found — CI/CD compatible.
 
+## Environment Variables
+
+| Variable | Description |
+|---|---|
+| `SENTINEL_API_KEY` | Your Anomira API key |
+| `SENTINEL_APP_ID` | Your Anomira app ID |
+| `SENTINEL_INGEST_URL` | Ingest endpoint (from your dashboard) |
+
 ## Configuration
 
 | Option | Type | Default | Description |
 |---|---|---|---|
 | `apiKey` | `string` | — | Your Anomira API key (required) |
 | `appId` | `string` | — | Your Anomira app ID (required) |
-| `ingestUrl` | `string` | Anomira cloud | Custom ingest endpoint |
+| `ingestUrl` | `string` | Anomira cloud | Ingest endpoint URL |
 | `debug` | `boolean` | `false` | Log SDK activity to console |
 | `captureConsole` | `boolean` | `false` | Forward `console.*` calls to the Logs dashboard |
 | `service` | `string` | `"app"` | Service name tag for logs |
@@ -126,6 +151,17 @@ Exit code `1` if violations are found — CI/CD compatible.
 | `detect.scanDetection` | `boolean` | `true` | Detect scanner/bot probing |
 | `detect.geoVelocity` | `boolean` | `true` | Detect impossible travel between logins |
 
+## Graceful Shutdown
+
+Always flush pending events before your process exits:
+
+```js
+process.on("SIGTERM", async () => {
+  await sentinel.flush();
+  process.exit(0);
+});
+```
+
 ## License
 
 MIT

package/dist/index.cjs

@@ -297,6 +297,8 @@ var SentinelClient = class {
     this.logFlushTimer = null;
     this.blocklistTimer = null;
     this.firewallTimer = null;
+    /** True when credentials are missing — all operations become no-ops. */
+    this.disabled = false;
     /** In-process cache of blocked IPs — refreshed every 60 s from the ingest server. */
     this.blockedIpCache = /* @__PURE__ */ new Set();
     /** In-process cache of firewall rules with pre-compiled regex — refreshed every 60 s. */
@@ -305,8 +307,28 @@ var SentinelClient = class {
     this._origLog = console.log.bind(console);
     this._origWarn = console.warn.bind(console);
     this._origError = console.error.bind(console);
-    if (!config.apiKey) throw new Error("[SentinelAPI] apiKey is required");
-    if (!config.appId) throw new Error("[SentinelAPI] appId is required");
+    if (!config.apiKey || !config.appId) {
+      const missing = [!config.apiKey && "apiKey", !config.appId && "appId"].filter(Boolean).join(", ");
+      console.warn(`[Anomira] SDK disabled \u2014 missing config: ${missing}. Set SENTINEL_API_KEY and SENTINEL_APP_ID to enable monitoring.`);
+      this.disabled = true;
+      this.config = {
+        apiKey: "",
+        appId: "",
+        ingestUrl: DEFAULT_INGEST_URL,
+        geoLookupUrl: "",
+        maxBatchSize: DEFAULT_BATCH_SIZE,
+        flushIntervalMs: DEFAULT_FLUSH_MS,
+        maxRetries: DEFAULT_MAX_RETRIES,
+        debug: false,
+        captureConsole: false,
+        service: "app",
+        getUserId: defaultGetUserId,
+        getIp: defaultGetIp,
+        detect: { bruteForce: true, rateAbuse: true, pathTraversal: true, xss: true, scanDetection: true, geoVelocity: true }
+      };
+      this.buffer = new EventBuffer({ appId: "", apiKey: "", ingestUrl: DEFAULT_INGEST_URL, maxBatchSize: 0, flushIntervalMs: 999999999, maxRetries: 0, debug: false });
+      return;
+    }
     this.config = {
       apiKey: config.apiKey,
       appId: config.appId,
@@ -525,6 +547,7 @@ var SentinelClient = class {
    */
   /** Returns true if the IP is in the current blocked list. Synchronous — no network call. */
   isBlocked(ip) {
+    if (this.disabled) return false;
     return this.blockedIpCache.has(ip);
   }
   /** Evaluate firewall rules against a request. Returns the matched rule or null. Synchronous. */
@@ -532,6 +555,7 @@ var SentinelClient = class {
     return this.#matchFirewallRule(req);
   }
   track(eventName, data) {
+    if (this.disabled) return;
     const event = {
       name: eventName,
       ts: Date.now(),
@@ -554,6 +578,7 @@ var SentinelClient = class {
    * ```
    */
   async trackLogin(data) {
+    if (this.disabled) return;
     const tsMs = Date.now();
     this.track(EventName.LOGIN_SUCCESS, { ...data, meta: { ...data.meta } });
     if (!this.config.detect.geoVelocity) return;
@@ -593,6 +618,7 @@ var SentinelClient = class {
    * ```
    */
   trackPhoneAuth(data) {
+    if (this.disabled) return;
     this.track(EventName.PHONE_AUTH, {
       ip: data.ip,
       userId: data.userId,
@@ -609,6 +635,7 @@ var SentinelClient = class {
    * ```
    */
   log(level, message, meta) {
+    if (this.disabled) return;
     const { service, ...rest } = meta ?? {};
     const leaks = scanForLeaks(message);
     if (leaks.length > 0) {
@@ -630,6 +657,7 @@ var SentinelClient = class {
    * Useful before a graceful shutdown outside of the process lifecycle hooks.
    */
   async flush() {
+    if (this.disabled) return;
     await Promise.all([this.buffer.flush(), this.#flushLogs()]);
   }
   /**