@anomira/node-sdk 0.1.6 → 0.1.7

package/dist/index.d.cts

@@ -1,10 +1,10 @@
 import { Request, Response, NextFunction } from 'express';
 import { FastifyPluginAsync } from 'fastify';
 
-interface SentinelConfig {
-    /** SDK API key — get this from the SentinelAPI dashboard */
+interface AnomiraConfig {
+    /** SDK API key — get this from the Anomira dashboard */
     apiKey: string;
-    /** Your app ID from the SentinelAPI dashboard */
+    /** Your app ID from the Anomira dashboard */
     appId: string;
     /**
      * Ingest endpoint URL.
@@ -13,7 +13,7 @@ interface SentinelConfig {
     ingestUrl?: string;
     /**
      * Geo-lookup endpoint URL for client-side geo-velocity checks.
-     * Should point to your SentinelAPI ingest service geo endpoint.
+     * Should point to your Anomira ingest service geo endpoint.
      * If not provided, client-side geo-velocity is skipped (server-side still runs).
      * @example "https://ingest.anomira.io/v1/geo"
      */
@@ -40,7 +40,7 @@ interface SentinelConfig {
     debug?: boolean;
     /**
      * If true, automatically intercept console.log/info/warn/error/debug
-     * and forward them to the SentinelAPI Logs dashboard.
+     * and forward them to the Anomira Logs dashboard.
      * Existing console output is preserved — logs still print to your terminal.
      * @default false
      */
@@ -116,6 +116,14 @@ type EventNameValue = typeof EventName[keyof typeof EventName];
 type FirewallField = "url" | "body" | "header" | "user_agent" | "ip";
 type FirewallOperator = "contains" | "equals" | "starts_with" | "ends_with" | "regex";
 type FirewallAction = "block" | "flag";
+interface EndpointDeclaration {
+    /** HTTP method, e.g. "GET".  Use "*" to match any method. */
+    method: string;
+    /** Express-style path, e.g. "/api/users/:id" — colons are normalized automatically. */
+    path: string;
+    /** Whether this endpoint requires authentication.  Defaults to true. */
+    auth?: boolean;
+}
 interface FirewallRule {
     id: string;
     field: FirewallField;
@@ -127,25 +135,25 @@ interface FirewallRule {
 }
 
 /**
- * SentinelClient — the core SDK object.
+ * AnomiraClient — the core SDK object.
  *
  * Instantiate once and reuse across your application:
  *
  * ```ts
- * import { SentinelAPI } from "@anomira/node-sdk";
+ * import { Anomira } from "@anomira/node-sdk";
  *
- * export const sentinel = new SentinelAPI({
+ * export const sentinel = new Anomira({
  *   apiKey: process.env.SENTINEL_API_KEY!,
  *   appId:  process.env.SENTINEL_APP_ID!,
  * });
  * ```
  */
-declare class SentinelClient {
+declare class AnomiraClient {
     #private;
-    readonly config: Required<Omit<SentinelConfig, "getUserId" | "getIp" | "detect">> & {
-        getUserId: NonNullable<SentinelConfig["getUserId"]>;
-        getIp: NonNullable<SentinelConfig["getIp"]>;
-        detect: Required<NonNullable<SentinelConfig["detect"]>>;
+    readonly config: Required<Omit<AnomiraConfig, "getUserId" | "getIp" | "detect">> & {
+        getUserId: NonNullable<AnomiraConfig["getUserId"]>;
+        getIp: NonNullable<AnomiraConfig["getIp"]>;
+        detect: Required<NonNullable<AnomiraConfig["detect"]>>;
         captureConsole: boolean;
         service: string;
     };
@@ -163,7 +171,7 @@ declare class SentinelClient {
     private readonly _origLog;
     private readonly _origWarn;
     private readonly _origError;
-    constructor(config: SentinelConfig);
+    constructor(config: AnomiraConfig);
     /**
      * Track a custom security event.
      *
@@ -230,7 +238,7 @@ declare class SentinelClient {
         meta?: Record<string, unknown>;
     }): void;
     /**
-     * Send a structured log entry to the SentinelAPI Logs dashboard.
+     * Send a structured log entry to the Anomira Logs dashboard.
      *
      * ```ts
      * sentinel.log("info",  "User registered",         { userId: user.id });
@@ -241,6 +249,21 @@ declare class SentinelClient {
     log(level: "debug" | "info" | "warn" | "error" | "fatal", message: string, meta?: Record<string, unknown> & {
         service?: string;
     }): void;
+    /**
+     * Declare your API's known endpoints so Anomira can flag undiscovered
+     * traffic as shadow endpoints.
+     *
+     * Call this once on startup after your routes are registered:
+     *
+     * ```ts
+     * await sentinel.declareEndpoints([
+     *   { method: "GET",  path: "/api/users/:id",  auth: true  },
+     *   { method: "POST", path: "/api/orders",     auth: true  },
+     *   { method: "GET",  path: "/api/health",     auth: false },
+     * ]);
+     * ```
+     */
+    declareEndpoints(endpoints: EndpointDeclaration[]): Promise<void>;
     /**
      * Flush all pending events immediately.
      * Useful before a graceful shutdown outside of the process lifecycle hooks.
@@ -278,10 +301,10 @@ declare class SentinelClient {
  *
  * ```ts
  * import express from "express";
- * import { SentinelAPI } from "@sentinelapi/node-sdk";
+ * import { Anomira } from "@sentinelapi/node-sdk";
  *
  * const app = express();
- * const sentinel = new SentinelAPI({ apiKey: "...", appId: "..." });
+ * const sentinel = new Anomira({ apiKey: "...", appId: "..." });
  *
  * app.use(sentinel.express());          // auto-instrument all routes
  *
@@ -290,7 +313,7 @@ declare class SentinelClient {
  * app.use(createExpressMiddleware(sentinel));
  * ```
  */
-declare function createExpressMiddleware(client: SentinelClient): (req: Request, res: Response, next: NextFunction) => void;
+declare function createExpressMiddleware(client: AnomiraClient): (req: Request, res: Response, next: NextFunction) => void;
 
 /**
  * Typed Fastify plugin — exported separately for projects that want
@@ -304,14 +327,14 @@ declare function createExpressMiddleware(client: SentinelClient): (req: Request,
  *
  * ```ts
  * import Fastify from "fastify";
- * import { SentinelAPI } from "@sentinelapi/node-sdk";
+ * import { Anomira } from "@sentinelapi/node-sdk";
  *
  * const app = Fastify();
- * const sentinel = new SentinelAPI({ apiKey: "...", appId: "..." });
+ * const sentinel = new Anomira({ apiKey: "...", appId: "..." });
  *
  * await app.register(sentinel.fastify());
  * ```
  */
-declare function createFastifyPlugin(client: SentinelClient): FastifyPluginAsync;
+declare function createFastifyPlugin(client: AnomiraClient): FastifyPluginAsync;
 
-export { EventName, type EventNameValue, type IngestPayload, type SdkEvent, SentinelClient as SentinelAPI, type SentinelConfig, createExpressMiddleware, createFastifyPlugin, SentinelClient as default };
+export { AnomiraClient as Anomira, type AnomiraConfig, type EndpointDeclaration, EventName, type EventNameValue, type IngestPayload, type SdkEvent, AnomiraClient as SentinelAPI, type AnomiraConfig as SentinelConfig, createExpressMiddleware, createFastifyPlugin, AnomiraClient as default };

package/dist/index.d.ts

@@ -1,10 +1,10 @@
 import { Request, Response, NextFunction } from 'express';
 import { FastifyPluginAsync } from 'fastify';
 
-interface SentinelConfig {
-    /** SDK API key — get this from the SentinelAPI dashboard */
+interface AnomiraConfig {
+    /** SDK API key — get this from the Anomira dashboard */
     apiKey: string;
-    /** Your app ID from the SentinelAPI dashboard */
+    /** Your app ID from the Anomira dashboard */
     appId: string;
     /**
      * Ingest endpoint URL.
@@ -13,7 +13,7 @@ interface SentinelConfig {
     ingestUrl?: string;
     /**
      * Geo-lookup endpoint URL for client-side geo-velocity checks.
-     * Should point to your SentinelAPI ingest service geo endpoint.
+     * Should point to your Anomira ingest service geo endpoint.
      * If not provided, client-side geo-velocity is skipped (server-side still runs).
      * @example "https://ingest.anomira.io/v1/geo"
      */
@@ -40,7 +40,7 @@ interface SentinelConfig {
     debug?: boolean;
     /**
      * If true, automatically intercept console.log/info/warn/error/debug
-     * and forward them to the SentinelAPI Logs dashboard.
+     * and forward them to the Anomira Logs dashboard.
      * Existing console output is preserved — logs still print to your terminal.
      * @default false
      */
@@ -116,6 +116,14 @@ type EventNameValue = typeof EventName[keyof typeof EventName];
 type FirewallField = "url" | "body" | "header" | "user_agent" | "ip";
 type FirewallOperator = "contains" | "equals" | "starts_with" | "ends_with" | "regex";
 type FirewallAction = "block" | "flag";
+interface EndpointDeclaration {
+    /** HTTP method, e.g. "GET".  Use "*" to match any method. */
+    method: string;
+    /** Express-style path, e.g. "/api/users/:id" — colons are normalized automatically. */
+    path: string;
+    /** Whether this endpoint requires authentication.  Defaults to true. */
+    auth?: boolean;
+}
 interface FirewallRule {
     id: string;
     field: FirewallField;
@@ -127,25 +135,25 @@ interface FirewallRule {
 }
 
 /**
- * SentinelClient — the core SDK object.
+ * AnomiraClient — the core SDK object.
  *
  * Instantiate once and reuse across your application:
  *
  * ```ts
- * import { SentinelAPI } from "@anomira/node-sdk";
+ * import { Anomira } from "@anomira/node-sdk";
  *
- * export const sentinel = new SentinelAPI({
+ * export const sentinel = new Anomira({
  *   apiKey: process.env.SENTINEL_API_KEY!,
  *   appId:  process.env.SENTINEL_APP_ID!,
  * });
  * ```
  */
-declare class SentinelClient {
+declare class AnomiraClient {
     #private;
-    readonly config: Required<Omit<SentinelConfig, "getUserId" | "getIp" | "detect">> & {
-        getUserId: NonNullable<SentinelConfig["getUserId"]>;
-        getIp: NonNullable<SentinelConfig["getIp"]>;
-        detect: Required<NonNullable<SentinelConfig["detect"]>>;
+    readonly config: Required<Omit<AnomiraConfig, "getUserId" | "getIp" | "detect">> & {
+        getUserId: NonNullable<AnomiraConfig["getUserId"]>;
+        getIp: NonNullable<AnomiraConfig["getIp"]>;
+        detect: Required<NonNullable<AnomiraConfig["detect"]>>;
         captureConsole: boolean;
         service: string;
     };
@@ -163,7 +171,7 @@ declare class SentinelClient {
     private readonly _origLog;
     private readonly _origWarn;
     private readonly _origError;
-    constructor(config: SentinelConfig);
+    constructor(config: AnomiraConfig);
     /**
      * Track a custom security event.
      *
@@ -230,7 +238,7 @@ declare class SentinelClient {
         meta?: Record<string, unknown>;
     }): void;
     /**
-     * Send a structured log entry to the SentinelAPI Logs dashboard.
+     * Send a structured log entry to the Anomira Logs dashboard.
      *
      * ```ts
      * sentinel.log("info",  "User registered",         { userId: user.id });
@@ -241,6 +249,21 @@ declare class SentinelClient {
     log(level: "debug" | "info" | "warn" | "error" | "fatal", message: string, meta?: Record<string, unknown> & {
         service?: string;
     }): void;
+    /**
+     * Declare your API's known endpoints so Anomira can flag undiscovered
+     * traffic as shadow endpoints.
+     *
+     * Call this once on startup after your routes are registered:
+     *
+     * ```ts
+     * await sentinel.declareEndpoints([
+     *   { method: "GET",  path: "/api/users/:id",  auth: true  },
+     *   { method: "POST", path: "/api/orders",     auth: true  },
+     *   { method: "GET",  path: "/api/health",     auth: false },
+     * ]);
+     * ```
+     */
+    declareEndpoints(endpoints: EndpointDeclaration[]): Promise<void>;
     /**
      * Flush all pending events immediately.
      * Useful before a graceful shutdown outside of the process lifecycle hooks.
@@ -278,10 +301,10 @@ declare class SentinelClient {
  *
  * ```ts
  * import express from "express";
- * import { SentinelAPI } from "@sentinelapi/node-sdk";
+ * import { Anomira } from "@sentinelapi/node-sdk";
  *
  * const app = express();
- * const sentinel = new SentinelAPI({ apiKey: "...", appId: "..." });
+ * const sentinel = new Anomira({ apiKey: "...", appId: "..." });
  *
  * app.use(sentinel.express());          // auto-instrument all routes
  *
@@ -290,7 +313,7 @@ declare class SentinelClient {
  * app.use(createExpressMiddleware(sentinel));
  * ```
  */
-declare function createExpressMiddleware(client: SentinelClient): (req: Request, res: Response, next: NextFunction) => void;
+declare function createExpressMiddleware(client: AnomiraClient): (req: Request, res: Response, next: NextFunction) => void;
 
 /**
  * Typed Fastify plugin — exported separately for projects that want
@@ -304,14 +327,14 @@ declare function createExpressMiddleware(client: SentinelClient): (req: Request,
  *
  * ```ts
  * import Fastify from "fastify";
- * import { SentinelAPI } from "@sentinelapi/node-sdk";
+ * import { Anomira } from "@sentinelapi/node-sdk";
  *
  * const app = Fastify();
- * const sentinel = new SentinelAPI({ apiKey: "...", appId: "..." });
+ * const sentinel = new Anomira({ apiKey: "...", appId: "..." });
  *
  * await app.register(sentinel.fastify());
  * ```
  */
-declare function createFastifyPlugin(client: SentinelClient): FastifyPluginAsync;
+declare function createFastifyPlugin(client: AnomiraClient): FastifyPluginAsync;
 
-export { EventName, type EventNameValue, type IngestPayload, type SdkEvent, SentinelClient as SentinelAPI, type SentinelConfig, createExpressMiddleware, createFastifyPlugin, SentinelClient as default };
+export { AnomiraClient as Anomira, type AnomiraConfig, type EndpointDeclaration, EventName, type EventNameValue, type IngestPayload, type SdkEvent, AnomiraClient as SentinelAPI, type AnomiraConfig as SentinelConfig, createExpressMiddleware, createFastifyPlugin, AnomiraClient as default };

package/dist/index.js

@@ -105,10 +105,10 @@ var EventBuffer = class {
     }
   }
   log(...args) {
-    if (this.opts.debug) console.log("[SentinelAPI]", ...args);
+    if (this.opts.debug) console.log("[Anomira]", ...args);
   }
   warn(...args) {
-    console.warn("[SentinelAPI]", ...args);
+    console.warn("[Anomira]", ...args);
   }
 };
 function sleep(ms) {
@@ -195,17 +195,15 @@ async function checkGeoVelocity(userId, ip, tsMs, lookupUrl) {
 
 // src/sensitive.ts
 var PATTERNS = [
-  // ── Cryptographic keys and certificates ───────────────────────────────────
+  // ── Cryptographic private keys ────────────────────────────────────────────
+  // NOTE: -----BEGIN CERTIFICATE----- is intentionally excluded — public
+  // certificates are designed to be public and committing them is correct.
+  // Only PRIVATE keys are dangerous.
   {
     type: "private_key",
     label: "Private Key",
     regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/
   },
-  {
-    type: "certificate",
-    label: "Certificate / Public Key",
-    regex: /-----BEGIN CERTIFICATE-----/
-  },
   // ── Cloud provider credentials ────────────────────────────────────────────
   {
     // AWS access key ID — highly specific, almost no false positives
@@ -338,11 +336,12 @@ var PATTERNS = [
   },
   // ── Nigeria-specific PII ──────────────────────────────────────────────────
   {
-    // BVN / NIN: 11 digits, first digit 1-9 (not a phone starting with 0)
-    // Require a non-digit boundary on both sides to reduce false positives
+    // BVN / NIN: 11 digits, first digit 1-9 (not a phone number starting with 0)
+    // Exclude: inside URLs (preceded by / : @ - %), hex strings (followed by a-f),
+    // and UUIDs/hashes (surrounded by alphanumeric chars)
     type: "bvn",
     label: "BVN / NIN",
-    regex: /(?<!\d)[1-9]\d{10}(?!\d)/
+    regex: /(?<![/\-:@%=a-fA-F\w])[1-9]\d{10}(?![a-fA-F\d])/
   },
   {
     // Nigerian phone numbers: 080x, 081x, 070x, 090x, 091x — or with +234 prefix
@@ -409,7 +408,7 @@ var DEFAULT_INGEST_URL = "https://ingest.anomira.io/v1/events";
 var DEFAULT_BATCH_SIZE = 100;
 var DEFAULT_FLUSH_MS = 5e3;
 var DEFAULT_MAX_RETRIES = 3;
-var SentinelClient = class {
+var AnomiraClient = class {
   constructor(config) {
     this.logBuffer = [];
     this.logFlushTimer = null;
@@ -508,7 +507,7 @@ var SentinelClient = class {
       console[method] = (...args) => {
         original(...args);
         const first = args[0];
-        if (typeof first === "string" && first.startsWith("[SentinelAPI]")) return;
+        if (typeof first === "string" && first.startsWith("[Anomira]")) return;
         const message = args.map((a) => typeof a === "string" ? a : JSON.stringify(a)).join(" ");
         const ctx = requestContext.getStore();
         this.log(level, message, {
@@ -532,7 +531,7 @@ var SentinelClient = class {
       const data = await res.json();
       this.blockedIpCache = new Set(data.ips ?? []);
       if (this.config.debug && this.blockedIpCache.size > 0) {
-        this._origLog(`[SentinelAPI] blocklist refreshed \u2014 ${this.blockedIpCache.size} blocked IPs`);
+        this._origLog(`[Anomira] blocklist refreshed \u2014 ${this.blockedIpCache.size} blocked IPs`);
       }
     } catch {
     }
@@ -560,7 +559,7 @@ var SentinelClient = class {
         })() : void 0
       }));
       if (this.config.debug && this.compiledRules.length > 0) {
-        this._origLog(`[SentinelAPI] firewall rules refreshed \u2014 ${this.compiledRules.length} active rules`);
+        this._origLog(`[Anomira] firewall rules refreshed \u2014 ${this.compiledRules.length} active rules`);
       }
     } catch {
     }
@@ -611,7 +610,7 @@ var SentinelClient = class {
         signal: AbortSignal.timeout(8e3)
       });
       if (this.config.debug) {
-        this._origLog(`[SentinelAPI] [logs] \u2705 sent ${batch.length} log entries (${res.status})`);
+        this._origLog(`[Anomira] [logs] \u2705 sent ${batch.length} log entries (${res.status})`);
       }
     } catch {
       this.logBuffer.unshift(...batch);
@@ -630,24 +629,24 @@ var SentinelClient = class {
         signal: AbortSignal.timeout(5e3)
       });
       if (res.status >= 300 && res.status < 400) {
-        this._origWarn(`[SentinelAPI] \u274C Wrong ingest URL \u2014 got redirect to ${res.headers.get("location")}. Check SENTINEL_INGEST_URL.`);
+        this._origWarn(`[Anomira] \u274C Wrong ingest URL \u2014 got redirect to ${res.headers.get("location")}. Check SENTINEL_INGEST_URL.`);
         return;
       }
       if (res.ok) {
-        this._origLog(`[SentinelAPI] \u2705 Connected (appId: ${this.config.appId.slice(0, 8)}\u2026)`);
+        this._origLog(`[Anomira] \u2705 Connected (appId: ${this.config.appId.slice(0, 8)}\u2026)`);
         return;
       }
       if (res.status === 401) {
-        this._origWarn("[SentinelAPI] \u274C Invalid API key \u2014 check your SENTINEL_API_KEY");
+        this._origWarn("[Anomira] \u274C Invalid API key \u2014 check your SENTINEL_API_KEY");
         return;
       }
       if (res.status === 403) {
-        this._origWarn("[SentinelAPI] \u274C App not found or appId mismatch \u2014 check your SENTINEL_APP_ID");
+        this._origWarn("[Anomira] \u274C App not found or appId mismatch \u2014 check your SENTINEL_APP_ID");
         return;
       }
-      this._origWarn(`[SentinelAPI] \u26A0\uFE0F  Ingest returned HTTP ${res.status} \u2014 check your configuration`);
+      this._origWarn(`[Anomira] \u26A0\uFE0F  Ingest returned HTTP ${res.status} \u2014 check your configuration`);
     } catch {
-      this._origWarn("[SentinelAPI] \u26A0\uFE0F  Could not reach ingest endpoint \u2014 check SENTINEL_INGEST_URL (current: " + this.config.ingestUrl + ")");
+      this._origWarn("[Anomira] \u26A0\uFE0F  Could not reach ingest endpoint \u2014 check SENTINEL_INGEST_URL (current: " + this.config.ingestUrl + ")");
     }
   }
   // ─── Public API ────────────────────────────────────────────────────────────
@@ -744,7 +743,7 @@ var SentinelClient = class {
     });
   }
   /**
-   * Send a structured log entry to the SentinelAPI Logs dashboard.
+   * Send a structured log entry to the Anomira Logs dashboard.
    *
    * ```ts
    * sentinel.log("info",  "User registered",         { userId: user.id });
@@ -760,16 +759,47 @@ var SentinelClient = class {
       rest["sensitiveLeaks"] = leaks.map((l) => l.type);
       if (this.config.debug) {
         this._origWarn(
-          `[SentinelAPI] \u26A0\uFE0F  Sensitive data in log (${leaks.map((l) => l.label).join(", ")}): "${message.slice(0, 60)}\u2026"`
+          `[Anomira] \u26A0\uFE0F  Sensitive data in log (${leaks.map((l) => l.label).join(", ")}): "${message.slice(0, 60)}\u2026"`
         );
       }
     }
     this.logBuffer.push({ level, service: service ?? this.config.service, message, meta: rest, ts: Date.now() });
     if (this.config.debug && leaks.length === 0) {
-      this._origLog(`[SentinelAPI] log:${level} ${message}`);
+      this._origLog(`[Anomira] log:${level} ${message}`);
     }
     if (this.logBuffer.length >= 50) void this.#flushLogs();
   }
+  /**
+   * Declare your API's known endpoints so Anomira can flag undiscovered
+   * traffic as shadow endpoints.
+   *
+   * Call this once on startup after your routes are registered:
+   *
+   * ```ts
+   * await sentinel.declareEndpoints([
+   *   { method: "GET",  path: "/api/users/:id",  auth: true  },
+   *   { method: "POST", path: "/api/orders",     auth: true  },
+   *   { method: "GET",  path: "/api/health",     auth: false },
+   * ]);
+   * ```
+   */
+  async declareEndpoints(endpoints) {
+    if (this.disabled || endpoints.length === 0) return;
+    const url = this.config.ingestUrl.replace(/\/v1\/events$/, "/v1/declare-endpoints");
+    try {
+      await fetch(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${this.config.apiKey}`,
+          "Content-Type": "application/json",
+          "User-Agent": `@anomira/node-sdk/0.1.0`
+        },
+        body: JSON.stringify({ appId: this.config.appId, endpoints }),
+        signal: AbortSignal.timeout(1e4)
+      });
+    } catch {
+    }
+  }
   /**
    * Flush all pending events immediately.
    * Useful before a graceful shutdown outside of the process lifecycle hooks.
@@ -1110,6 +1140,6 @@ function createFastifyPlugin2(client) {
   };
 }
 
-export { EventName, SentinelClient as SentinelAPI, createExpressMiddleware2 as createExpressMiddleware, createFastifyPlugin2 as createFastifyPlugin, SentinelClient as default };
+export { AnomiraClient as Anomira, EventName, AnomiraClient as SentinelAPI, createExpressMiddleware2 as createExpressMiddleware, createFastifyPlugin2 as createFastifyPlugin, AnomiraClient as default };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map