@ceon-oy/monitor-sdk 1.0.1 → 1.0.3

package/README.md

@@ -1,10 +1,32 @@
-# Ceon Monitor - SDK
-
-Lightweight client SDK for sending errors and messages to the Ceon Monitor service.
+# Ceon Monitor SDK
+
+Lightweight client SDK for integrating with the Ceon Monitor service. Provides error reporting, technology tracking, vulnerability auditing, and security event monitoring.
+
+## Table of Contents
+
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+- [Configuration](#configuration)
+- [Features](#features)
+  - [Error Capture](#error-capture)
+  - [Technology Tracking](#technology-tracking)
+  - [Vulnerability Auditing](#vulnerability-auditing)
+  - [Security Events](#security-events)
+- [Framework Examples](#framework-examples)
+  - [Express.js](#expressjs)
+  - [Next.js](#nextjs)
+  - [React (Monolithic)](#react-monolithic)
+  - [React (Separate Server/Client)](#react-separate-serverclient)
+- [API Reference](#api-reference)
+- [Batching Behavior](#batching-behavior)
+- [Building](#building)
 
 ## Installation
 
 ```bash
+# From npm (recommended)
+npm install @ceon-oy/monitor-sdk
+
 # From GitHub
 npm install github:ceon-oy/ceon-monitor-sdk
 ```
@@ -14,7 +36,7 @@ Or add to your `package.json`:
 ```json
 {
   "dependencies": {
-    "@ceon/monitor-sdk": "github:ceon-oy/ceon-monitor-sdk"
+    "@ceon-oy/monitor-sdk": "^1.0.0"
   }
 }
 ```
@@ -26,13 +48,14 @@ Or add to your `package.json`:
 ## Quick Start
 
 ```typescript
-import { MonitorClient } from '@ceon/monitor-sdk';
+import { MonitorClient } from '@ceon-oy/monitor-sdk';
 
 // Initialize the client
 const monitor = new MonitorClient({
-  apiKey: process.env.MONITOR_API_KEY!,
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
   endpoint: 'https://monitor.example.com',
   environment: process.env.NODE_ENV,
+  trackDependencies: true,  // Auto-sync package.json
 });
 
 // Capture an error
@@ -51,6 +74,9 @@ await monitor.captureMessage('User signed up', 'INFO', {
   metadata: { userId: '123', plan: 'premium' },
 });
 
+// Run vulnerability audit
+await monitor.auditDependencies();
+
 // Flush and close before shutdown
 await monitor.close();
 ```
@@ -59,131 +85,276 @@ await monitor.close();
 
 ```typescript
 interface MonitorClientConfig {
-  apiKey: string;           // Your project API key
-  endpoint: string;         // Monitor service URL
-  environment?: string;     // Environment name (default: 'production')
-  batchSize?: number;       // Errors to batch before sending (default: 10)
-  flushIntervalMs?: number; // Auto-flush interval in ms (default: 5000)
+  apiKey: string;                    // Your project API key (required)
+  endpoint: string;                  // Monitor service URL (required)
+  environment?: string;              // Environment name (default: 'production')
+  batchSize?: number;                // Errors to batch before sending (default: 10)
+  flushIntervalMs?: number;          // Auto-flush interval in ms (default: 5000)
+  trackDependencies?: boolean;       // Auto-sync package.json (default: false)
+  dependencySources?: {              // Multiple package.json sources
+    path: string;
+    environment: string;
+  }[];
+  excludePatterns?: string[];        // Glob patterns to exclude (e.g., '@types/*')
+  autoAudit?: boolean;               // Enable automatic vulnerability scanning (default: false)
 }
 ```
 
-## API
-
-### `MonitorClient`
-
-#### `constructor(config: MonitorClientConfig)`
-
-Creates a new monitor client instance.
+### Basic Configuration
 
 ```typescript
 const monitor = new MonitorClient({
-  apiKey: 'cm_your_api_key_here',
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
   endpoint: 'https://monitor.example.com',
   environment: 'production',
-  batchSize: 10,
-  flushIntervalMs: 5000,
 });
 ```
 
-#### `captureError(error: Error, context?: ErrorContext): Promise<void>`
+### Multi-Environment Dependency Tracking
 
-Captures an error and queues it for sending.
+For projects with separate server and client folders:
 
 ```typescript
-await monitor.captureError(error, {
-  severity: 'ERROR',        // DEBUG, INFO, WARNING, ERROR, CRITICAL
-  route: '/api/users',      // API route or page path
-  method: 'POST',           // HTTP method
-  statusCode: 500,          // HTTP status code
-  userAgent: req.headers['user-agent'],
-  ip: req.ip,
-  requestId: req.id,
-  metadata: {               // Any additional data
-    userId: '123',
-    action: 'create_user',
-  },
+const monitor = new MonitorClient({
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: 'https://monitor.example.com',
+  environment: 'server',
+  trackDependencies: true,
+  dependencySources: [
+    { path: './package.json', environment: 'server' },
+    { path: '../client/package.json', environment: 'client' },
+  ],
+  excludePatterns: ['@types/*'],  // Filter out TypeScript type definitions
 });
 ```
 
-#### `captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>`
+## Features
+
+### Error Capture
+
+#### Capture an Error
 
-Captures a log message.
+```typescript
+try {
+  // ... your code
+} catch (error) {
+  await monitor.captureError(error as Error, {
+    severity: 'ERROR',        // DEBUG, INFO, WARNING, ERROR, CRITICAL
+    route: '/api/users',      // API route or page path
+    method: 'POST',           // HTTP method
+    statusCode: 500,          // HTTP status code
+    userAgent: req.headers['user-agent'],
+    ip: req.ip,
+    requestId: req.id,
+    metadata: {               // Any additional data
+      userId: '123',
+      action: 'create_user',
+    },
+  });
+}
+```
+
+#### Capture a Message
 
 ```typescript
 await monitor.captureMessage('Payment processed', 'INFO', {
+  route: '/api/payments',
   metadata: { orderId: '456', amount: 99.99 },
 });
 ```
 
-#### `flush(): Promise<void>`
+### Technology Tracking
+
+#### Automatic Tracking
+
+Enable `trackDependencies: true` to automatically sync your `package.json` dependencies:
+
+```typescript
+const monitor = new MonitorClient({
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: 'https://monitor.example.com',
+  trackDependencies: true,
+});
+```
 
-Immediately sends all queued errors. Called automatically based on `flushIntervalMs` and `batchSize`.
+#### Manual Reporting
 
 ```typescript
-await monitor.flush();
+await monitor.reportTechnologies([
+  { name: 'node', version: '20.10.0', type: 'runtime' },
+  { name: 'express', version: '4.18.2', type: 'framework' },
+  { name: 'prisma', version: '5.0.0', type: 'database' },
+]);
 ```
 
-#### `close(): Promise<void>`
+### Vulnerability Auditing
 
-Flushes remaining errors and stops the client. Call this before your application shuts down.
+Run npm audit and send results to the monitoring server:
 
 ```typescript
-await monitor.close();
+// Basic audit
+const result = await monitor.auditDependencies();
+
+if (result) {
+  console.log(`Scan complete: ${result.processed} vulnerabilities found`);
+  console.log(`Critical: ${result.summary.critical}, High: ${result.summary.high}`);
+}
+
+// Audit a specific project directory
+await monitor.auditDependencies({
+  projectPath: '/path/to/project',
+  environment: 'production',
+});
+```
+
+#### Automatic Auditing (Recommended)
+
+Enable `autoAudit: true` to let the SDK automatically scan for vulnerabilities based on the interval configured in the Ceon Monitor dashboard:
+
+```typescript
+const monitor = new MonitorClient({
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: 'https://monitor.example.com',
+  autoAudit: true,  // Enable automatic vulnerability scanning
+});
+```
+
+With `autoAudit` enabled:
+- SDK fetches the scan interval from the server on startup
+- Runs an initial vulnerability scan
+- Schedules recurring scans based on server configuration (e.g., every 24 hours)
+- Responds to on-demand "Run Scan" requests from the dashboard (polled every 5 minutes)
+
+Configure the scan interval in the Ceon Monitor dashboard under the project's Vulnerabilities page.
+
+#### Manual Scheduled Auditing
+
+If you prefer manual control over scheduling:
+
+```typescript
+// Run on app startup
+monitor.auditDependencies();
+
+// Run daily via cron
+import cron from 'node-cron';
+
+cron.schedule('0 3 * * *', async () => {
+  await monitor.auditDependencies();
+});
+
+// Or using setInterval
+setInterval(async () => {
+  await monitor.auditDependencies();
+}, 24 * 60 * 60 * 1000); // Daily
 ```
 
-## Usage Examples
+### Security Events
 
-### Express.js Error Handler
+#### Report Security Event
 
 ```typescript
-import { MonitorClient } from '@ceon/monitor-sdk';
-import { ErrorRequestHandler } from 'express';
+await monitor.reportSecurityEvent({
+  eventType: 'FAILED_LOGIN',
+  category: 'AUTHENTICATION',
+  severity: 'MEDIUM',
+  ip: '192.168.1.1',
+  identifier: 'user@example.com',
+  metadata: { attempts: 3 },
+});
+```
 
+#### Check for Brute Force
+
+```typescript
+const result = await monitor.checkBruteForce({
+  ip: '192.168.1.1',
+  identifier: 'user@example.com',
+  threshold: 5,
+  windowMinutes: 15,
+});
+
+if (result.blocked) {
+  // Block the request
+  throw new Error('Too many attempts. Please try again later.');
+}
+```
+
+## Framework Examples
+
+### Express.js
+
+```typescript
+import express from 'express';
+import { MonitorClient } from '@ceon-oy/monitor-sdk';
+
+const app = express();
 const monitor = new MonitorClient({
-  apiKey: process.env.MONITOR_API_KEY!,
-  endpoint: process.env.MONITOR_ENDPOINT!,
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: process.env.CEON_MONITOR_ENDPOINT!,
   environment: process.env.NODE_ENV,
+  trackDependencies: true,
+});
+
+// Your routes
+app.get('/api/health', (req, res) => {
+  res.json({ status: 'ok' });
 });
 
-export const errorHandler: ErrorRequestHandler = (err, req, res, next) => {
+// Error handling middleware
+app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
   monitor.captureError(err, {
     route: req.path,
     method: req.method,
-    statusCode: res.statusCode || 500,
-    userAgent: req.headers['user-agent'],
+    statusCode: 500,
+    userAgent: req.get('user-agent'),
     ip: req.ip,
-    metadata: {
-      query: req.query,
-      body: req.body,
-    },
   });
-
   res.status(500).json({ error: 'Internal server error' });
-};
+});
 
 // Graceful shutdown
 process.on('SIGTERM', async () => {
   await monitor.close();
   process.exit(0);
 });
+
+app.listen(3001, () => console.log('Server running on port 3001'));
+```
+
+### Next.js
+
+**1. Create a monitor utility (`lib/monitor.ts`):**
+
+```typescript
+import { MonitorClient } from '@ceon-oy/monitor-sdk';
+
+let monitor: MonitorClient | null = null;
+
+export function getMonitor(): MonitorClient {
+  if (!monitor) {
+    monitor = new MonitorClient({
+      apiKey: process.env.CEON_MONITOR_API_KEY!,
+      endpoint: process.env.CEON_MONITOR_ENDPOINT || 'https://your-monitor-server.com',
+      environment: process.env.NODE_ENV || 'development',
+      trackDependencies: true,
+    });
+  }
+  return monitor;
+}
 ```
 
-### Next.js API Route
+**2. Use in API routes (`app/api/example/route.ts`):**
 
 ```typescript
-import { MonitorClient } from '@ceon/monitor-sdk';
 import { NextRequest, NextResponse } from 'next/server';
+import { getMonitor } from '@/lib/monitor';
 
-const monitor = new MonitorClient({
-  apiKey: process.env.MONITOR_API_KEY!,
-  endpoint: process.env.MONITOR_ENDPOINT!,
-  environment: process.env.NODE_ENV,
-});
+export async function POST(request: NextRequest) {
+  const monitor = getMonitor();
 
-export async function POST(req: NextRequest) {
   try {
-    const body = await req.json();
-    // ... handle request
+    const body = await request.json();
+    // Your logic here
     return NextResponse.json({ success: true });
   } catch (error) {
     await monitor.captureError(error as Error, {
@@ -191,35 +362,377 @@ export async function POST(req: NextRequest) {
       method: 'POST',
       statusCode: 500,
     });
-    return NextResponse.json({ error: 'Internal error' }, { status: 500 });
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
   }
 }
 ```
 
-### Integration with Existing Logger
+**3. Global error handling (`app/error.tsx`):**
+
+```typescript
+'use client';
+
+import { useEffect } from 'react';
+
+export default function Error({
+  error,
+  reset,
+}: {
+  error: Error & { digest?: string };
+  reset: () => void;
+}) {
+  useEffect(() => {
+    fetch('/api/log-error', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        message: error.message,
+        stack: error.stack,
+        digest: error.digest,
+      }),
+    });
+  }, [error]);
+
+  return (
+    <div>
+      <h2>Something went wrong!</h2>
+      <button onClick={() => reset()}>Try again</button>
+    </div>
+  );
+}
+```
+
+**4. Create error logging API route (`app/api/log-error/route.ts`):**
 
 ```typescript
-import { MonitorClient } from '@ceon/monitor-sdk';
+import { NextRequest, NextResponse } from 'next/server';
+import { getMonitor } from '@/lib/monitor';
+
+export async function POST(request: NextRequest) {
+  const monitor = getMonitor();
+  const { message, stack, digest } = await request.json();
+
+  await monitor.captureMessage(message, 'ERROR', {
+    metadata: { stack, digest, source: 'client' },
+  });
+
+  return NextResponse.json({ logged: true });
+}
+```
+
+### React (Monolithic)
+
+For a React project with Express backend in the same folder:
+
+```
+my-app/
+├── package.json
+├── src/
+│   ├── client/          # React frontend
+│   └── server/          # Express backend
+```
+
+**Server (`src/server/index.ts`):**
+
+```typescript
+import express from 'express';
+import path from 'path';
+import { MonitorClient } from '@ceon-oy/monitor-sdk';
+
+const app = express();
+app.use(express.json());
 
 const monitor = new MonitorClient({
-  apiKey: process.env.MONITOR_API_KEY!,
-  endpoint: process.env.MONITOR_ENDPOINT!,
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: process.env.CEON_MONITOR_ENDPOINT!,
+  environment: process.env.NODE_ENV || 'development',
+  trackDependencies: true,
 });
 
-// Wrap your existing logger
-export function logError(message: string, error?: Error, context?: object) {
-  // Your existing logging
-  console.error(message, error);
+// Client error logging endpoint
+app.post('/api/log-client-error', async (req, res) => {
+  const { message, stack, componentStack } = req.body;
+  await monitor.captureMessage(message, 'ERROR', {
+    metadata: { stack, componentStack, source: 'client' },
+  });
+  res.json({ logged: true });
+});
 
-  // Also send to monitor
-  if (error) {
-    monitor.captureError(error, { metadata: context });
-  } else {
-    monitor.captureMessage(message, 'ERROR', { metadata: context });
+// Global error handler
+app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
+  monitor.captureError(err, {
+    route: req.path,
+    method: req.method,
+    statusCode: 500,
+  });
+  res.status(500).json({ error: 'Internal server error' });
+});
+
+// Graceful shutdown
+process.on('SIGTERM', async () => {
+  await monitor.close();
+  process.exit(0);
+});
+
+app.listen(3001, () => console.log('Server running on port 3001'));
+```
+
+**React Error Boundary (`src/client/ErrorBoundary.tsx`):**
+
+```typescript
+import React, { Component, ErrorInfo, ReactNode } from 'react';
+
+interface Props {
+  children: ReactNode;
+}
+
+interface State {
+  hasError: boolean;
+}
+
+class ErrorBoundary extends Component<Props, State> {
+  constructor(props: Props) {
+    super(props);
+    this.state = { hasError: false };
+  }
+
+  static getDerivedStateFromError(): State {
+    return { hasError: true };
+  }
+
+  componentDidCatch(error: Error, errorInfo: ErrorInfo) {
+    fetch('/api/log-client-error', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        message: error.message,
+        stack: error.stack,
+        componentStack: errorInfo.componentStack,
+      }),
+    });
+  }
+
+  render() {
+    if (this.state.hasError) {
+      return <h1>Something went wrong.</h1>;
+    }
+    return this.props.children;
+  }
+}
+
+export default ErrorBoundary;
+```
+
+### React (Separate Server/Client)
+
+For projects with separate server and client folders:
+
+```
+my-project/
+├── server/
+│   ├── package.json
+│   └── src/index.ts
+└── client/
+    ├── package.json
+    └── src/
+```
+
+**Server (`server/src/index.ts`):**
+
+```typescript
+import express from 'express';
+import cors from 'cors';
+import { MonitorClient } from '@ceon-oy/monitor-sdk';
+
+const app = express();
+app.use(cors());
+app.use(express.json());
+
+// Multi-environment dependency tracking
+const monitor = new MonitorClient({
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: process.env.CEON_MONITOR_ENDPOINT!,
+  environment: process.env.NODE_ENV || 'development',
+  trackDependencies: true,
+  dependencySources: [
+    { path: './package.json', environment: 'server' },
+    { path: '../client/package.json', environment: 'client' },
+  ],
+  excludePatterns: ['@types/*'],
+});
+
+// Endpoint for client-side error logging
+app.post('/api/log-error', async (req, res) => {
+  const { message, stack, componentStack, url, userAgent } = req.body;
+
+  await monitor.captureMessage(message, 'ERROR', {
+    route: url,
+    metadata: { stack, componentStack, userAgent, source: 'client' },
+  });
+
+  res.json({ logged: true });
+});
+
+// Global error handler
+app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
+  monitor.captureError(err, {
+    route: req.path,
+    method: req.method,
+    statusCode: 500,
+    userAgent: req.get('user-agent'),
+    ip: req.ip,
+  });
+  res.status(500).json({ error: 'Internal server error' });
+});
+
+// Graceful shutdown
+process.on('SIGTERM', async () => {
+  await monitor.close();
+  process.exit(0);
+});
+
+app.listen(3001, () => console.log('Server running on port 3001'));
+```
+
+**React Error Boundary (`client/src/components/ErrorBoundary.tsx`):**
+
+```typescript
+import React, { Component, ErrorInfo, ReactNode } from 'react';
+
+interface Props {
+  children: ReactNode;
+}
+
+interface State {
+  hasError: boolean;
+  error: Error | null;
+}
+
+class ErrorBoundary extends Component<Props, State> {
+  constructor(props: Props) {
+    super(props);
+    this.state = { hasError: false, error: null };
+  }
+
+  static getDerivedStateFromError(error: Error): State {
+    return { hasError: true, error };
+  }
+
+  componentDidCatch(error: Error, errorInfo: ErrorInfo) {
+    fetch(`${process.env.REACT_APP_API_URL}/api/log-error`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        message: error.message,
+        stack: error.stack,
+        componentStack: errorInfo.componentStack,
+        url: window.location.href,
+        userAgent: navigator.userAgent,
+      }),
+    }).catch(console.error);
+  }
+
+  render() {
+    if (this.state.hasError) {
+      return (
+        <div>
+          <h1>Something went wrong</h1>
+          <button onClick={() => window.location.reload()}>Reload Page</button>
+        </div>
+      );
+    }
+    return this.props.children;
   }
 }
+
+export default ErrorBoundary;
+```
+
+**Global error handlers (`client/src/index.tsx`):**
+
+```typescript
+import React from 'react';
+import ReactDOM from 'react-dom/client';
+import App from './App';
+import ErrorBoundary from './components/ErrorBoundary';
+
+// Global error handlers
+window.onerror = (message, source, lineno, colno, error) => {
+  fetch(`${process.env.REACT_APP_API_URL}/api/log-error`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      message: String(message),
+      stack: error?.stack,
+      url: window.location.href,
+      userAgent: navigator.userAgent,
+    }),
+  }).catch(console.error);
+};
+
+window.onunhandledrejection = (event) => {
+  fetch(`${process.env.REACT_APP_API_URL}/api/log-error`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      message: event.reason?.message || 'Unhandled Promise Rejection',
+      stack: event.reason?.stack,
+      url: window.location.href,
+      userAgent: navigator.userAgent,
+    }),
+  }).catch(console.error);
+};
+
+const root = ReactDOM.createRoot(document.getElementById('root')!);
+root.render(
+  <React.StrictMode>
+    <ErrorBoundary>
+      <App />
+    </ErrorBoundary>
+  </React.StrictMode>
+);
 ```
 
+## API Reference
+
+### `MonitorClient`
+
+#### `constructor(config: MonitorClientConfig)`
+
+Creates a new monitor client instance.
+
+#### `captureError(error: Error, context?: ErrorContext): Promise<void>`
+
+Captures an error and queues it for sending.
+
+#### `captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>`
+
+Captures a log message with optional severity level.
+
+#### `reportTechnologies(technologies: Technology[]): Promise<void>`
+
+Reports technology stack information.
+
+#### `reportSecurityEvent(event: SecurityEvent): Promise<void>`
+
+Reports a security event.
+
+#### `checkBruteForce(params: BruteForceParams): Promise<BruteForceResult>`
+
+Checks for brute force attacks.
+
+#### `auditDependencies(options?: AuditOptions): Promise<AuditResult | null>`
+
+Runs npm audit and sends results to the server.
+
+#### `flush(): Promise<void>`
+
+Immediately sends all queued errors.
+
+#### `close(): Promise<void>`
+
+Flushes remaining errors and stops the client.
+
 ## Batching Behavior
 
 The SDK batches errors to reduce network overhead:
@@ -231,9 +744,9 @@ The SDK batches errors to reduce network overhead:
    - `flush()` is called manually
    - `close()` is called
 
-For serverless/edge environments where the process may terminate quickly, consider:
-- Setting `batchSize: 1` to send immediately
-- Calling `await monitor.flush()` at the end of each request
+For serverless/edge environments where the process may terminate quickly:
+- Set `batchSize: 1` to send immediately
+- Call `await monitor.flush()` at the end of each request
 
 ## Building
 
@@ -258,4 +771,24 @@ interface ErrorContext {
   requestId?: string;
   metadata?: Record<string, unknown>;
 }
+
+interface Technology {
+  name: string;
+  version: string;
+  type: 'runtime' | 'framework' | 'library' | 'database' | 'tool' | 'other';
+  environment?: string;
+}
+
+interface SecurityEvent {
+  eventType: string;
+  category: 'AUTHENTICATION' | 'AUTHORIZATION' | 'RATE_LIMIT' | 'SUSPICIOUS_ACTIVITY' | 'DATA_ACCESS';
+  severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+  ip?: string;
+  identifier?: string;
+  metadata?: Record<string, unknown>;
+}
 ```
+
+## License
+
+MIT

package/dist/index.d.mts

@@ -31,6 +31,8 @@ interface MonitorClientConfig {
     maxRetries?: number;
     /** Request timeout in ms (default: 10000) */
     requestTimeoutMs?: number;
+    /** Enable automatic vulnerability scanning based on server-configured interval (default: false) */
+    autoAudit?: boolean;
 }
 interface TechnologyItem {
     name: string;
@@ -135,12 +137,41 @@ declare class MonitorClient {
     private retryCount;
     private isFlushInProgress;
     private requestTimeoutMs;
+    private autoAudit;
+    private auditIntervalTimer;
+    private settingsPollingTimer;
+    private lastScanTime;
+    private lastKnownScanRequestedAt;
     constructor(config: MonitorClientConfig);
     captureError(error: Error, context?: ErrorContext): Promise<void>;
     captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>;
     flush(): Promise<void>;
     private getErrorKey;
     close(): Promise<void>;
+    private stopAuditIntervalTimer;
+    /**
+     * Fetch project settings from the monitoring server.
+     * Returns configuration including vulnerability scan interval and scan request timestamp.
+     */
+    fetchProjectSettings(): Promise<{
+        name: string;
+        vulnerabilityScanIntervalHours: number;
+        scanRequestedAt: string | null;
+    } | null>;
+    /**
+     * Setup automatic vulnerability scanning based on server-configured interval.
+     * Fetches settings from server and sets up recurring scans.
+     * Also sets up polling for on-demand scan requests from the server.
+     */
+    private setupAutoAudit;
+    /**
+     * Run a vulnerability scan and track the time it was run.
+     */
+    private runScanAndTrackTime;
+    /**
+     * Check if the server has requested an on-demand scan.
+     */
+    private checkForScanRequest;
     private enqueue;
     /**
      * Fetch with timeout to prevent hanging requests

package/dist/index.d.ts

@@ -31,6 +31,8 @@ interface MonitorClientConfig {
     maxRetries?: number;
     /** Request timeout in ms (default: 10000) */
     requestTimeoutMs?: number;
+    /** Enable automatic vulnerability scanning based on server-configured interval (default: false) */
+    autoAudit?: boolean;
 }
 interface TechnologyItem {
     name: string;
@@ -135,12 +137,41 @@ declare class MonitorClient {
     private retryCount;
     private isFlushInProgress;
     private requestTimeoutMs;
+    private autoAudit;
+    private auditIntervalTimer;
+    private settingsPollingTimer;
+    private lastScanTime;
+    private lastKnownScanRequestedAt;
     constructor(config: MonitorClientConfig);
     captureError(error: Error, context?: ErrorContext): Promise<void>;
     captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>;
     flush(): Promise<void>;
     private getErrorKey;
     close(): Promise<void>;
+    private stopAuditIntervalTimer;
+    /**
+     * Fetch project settings from the monitoring server.
+     * Returns configuration including vulnerability scan interval and scan request timestamp.
+     */
+    fetchProjectSettings(): Promise<{
+        name: string;
+        vulnerabilityScanIntervalHours: number;
+        scanRequestedAt: string | null;
+    } | null>;
+    /**
+     * Setup automatic vulnerability scanning based on server-configured interval.
+     * Fetches settings from server and sets up recurring scans.
+     * Also sets up polling for on-demand scan requests from the server.
+     */
+    private setupAutoAudit;
+    /**
+     * Run a vulnerability scan and track the time it was run.
+     */
+    private runScanAndTrackTime;
+    /**
+     * Check if the server has requested an on-demand scan.
+     */
+    private checkForScanRequest;
     private enqueue;
     /**
      * Fetch with timeout to prevent hanging requests

package/dist/index.js

@@ -42,6 +42,10 @@ var MonitorClient = class {
     this.isClosed = false;
     this.retryCount = /* @__PURE__ */ new Map();
     this.isFlushInProgress = false;
+    this.auditIntervalTimer = null;
+    this.settingsPollingTimer = null;
+    this.lastScanTime = null;
+    this.lastKnownScanRequestedAt = null;
     if (!config.apiKey || config.apiKey.trim().length === 0) {
       throw new Error("[MonitorClient] API key is required");
     }
@@ -86,12 +90,18 @@ var MonitorClient = class {
       "@typescript-eslint/*"
     ];
     this.excludePatterns = config.excludePatterns || defaultExcludePatterns;
+    this.autoAudit = config.autoAudit || false;
     this.startFlushTimer();
     if (this.trackDependencies) {
       this.syncDependencies().catch((err) => {
         console.error("[MonitorClient] Failed to sync dependencies:", err instanceof Error ? err.message : String(err));
       });
     }
+    if (this.autoAudit) {
+      this.setupAutoAudit().catch((err) => {
+        console.error("[MonitorClient] Failed to setup auto audit:", err instanceof Error ? err.message : String(err));
+      });
+    }
   }
   async captureError(error, context) {
     if (this.isClosed) return;
@@ -168,8 +178,101 @@ var MonitorClient = class {
   async close() {
     this.isClosed = true;
     this.stopFlushTimer();
+    this.stopAuditIntervalTimer();
     await this.flush();
   }
+  stopAuditIntervalTimer() {
+    if (this.auditIntervalTimer) {
+      clearInterval(this.auditIntervalTimer);
+      this.auditIntervalTimer = null;
+    }
+    if (this.settingsPollingTimer) {
+      clearInterval(this.settingsPollingTimer);
+      this.settingsPollingTimer = null;
+    }
+  }
+  /**
+   * Fetch project settings from the monitoring server.
+   * Returns configuration including vulnerability scan interval and scan request timestamp.
+   */
+  async fetchProjectSettings() {
+    try {
+      const response = await this.fetchWithTimeout(`${this.endpoint}/api/v1/project/settings`, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        console.warn("[MonitorClient] Failed to fetch project settings:", response.status);
+        return null;
+      }
+      const result = await response.json();
+      return result.data || null;
+    } catch (err) {
+      console.warn("[MonitorClient] Failed to fetch project settings:", err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  }
+  /**
+   * Setup automatic vulnerability scanning based on server-configured interval.
+   * Fetches settings from server and sets up recurring scans.
+   * Also sets up polling for on-demand scan requests from the server.
+   */
+  async setupAutoAudit() {
+    const settings = await this.fetchProjectSettings();
+    if (!settings) {
+      console.warn("[MonitorClient] Could not fetch project settings, auto audit disabled");
+      return;
+    }
+    if (settings.scanRequestedAt) {
+      this.lastKnownScanRequestedAt = new Date(settings.scanRequestedAt);
+    }
+    const intervalHours = settings.vulnerabilityScanIntervalHours;
+    if (intervalHours <= 0) {
+      console.log("[MonitorClient] Scheduled vulnerability scanning disabled by server configuration");
+    } else {
+      console.log(`[MonitorClient] Auto vulnerability scanning enabled (every ${intervalHours} hours)`);
+      await this.runScanAndTrackTime();
+      const intervalMs = intervalHours * 60 * 60 * 1e3;
+      this.auditIntervalTimer = setInterval(() => {
+        this.runScanAndTrackTime();
+      }, intervalMs);
+    }
+    console.log("[MonitorClient] Polling for scan requests enabled (every 5 minutes)");
+    this.settingsPollingTimer = setInterval(() => {
+      this.checkForScanRequest();
+    }, 5 * 60 * 1e3);
+  }
+  /**
+   * Run a vulnerability scan and track the time it was run.
+   */
+  async runScanAndTrackTime() {
+    try {
+      await this.auditDependencies();
+      this.lastScanTime = /* @__PURE__ */ new Date();
+    } catch (err) {
+      console.error("[MonitorClient] Vulnerability scan failed:", err instanceof Error ? err.message : String(err));
+    }
+  }
+  /**
+   * Check if the server has requested an on-demand scan.
+   */
+  async checkForScanRequest() {
+    try {
+      const settings = await this.fetchProjectSettings();
+      if (!settings || !settings.scanRequestedAt) return;
+      const scanRequestedAt = new Date(settings.scanRequestedAt);
+      if (!this.lastKnownScanRequestedAt || scanRequestedAt > this.lastKnownScanRequestedAt) {
+        console.log("[MonitorClient] On-demand scan requested by server");
+        this.lastKnownScanRequestedAt = scanRequestedAt;
+        await this.runScanAndTrackTime();
+      }
+    } catch (err) {
+      console.error("[MonitorClient] Failed to check for scan request:", err instanceof Error ? err.message : String(err));
+    }
+  }
   enqueue(payload) {
     if (this.queue.length >= this.maxQueueSize) {
       console.warn("[MonitorClient] Queue full, dropping oldest error");
@@ -458,16 +561,24 @@ var MonitorClient = class {
    * @returns Audit summary with vulnerability counts
    */
   async auditDependencies(options = {}) {
-    if (typeof require === "undefined") {
-      console.warn("[MonitorClient] auditDependencies only works in Node.js environment");
+    if (typeof window !== "undefined" || typeof document !== "undefined") {
+      console.warn("[MonitorClient] auditDependencies only works in Node.js server environment");
+      return null;
+    }
+    let execSync;
+    let path;
+    let fs;
+    try {
+      execSync = require("child_process").execSync;
+      path = require("path");
+      fs = require("fs");
+    } catch {
+      console.warn("[MonitorClient] auditDependencies requires Node.js (not available in bundled/browser environments)");
       return null;
     }
     const startTime = Date.now();
     const environment = options.environment || this.environment;
     try {
-      const { execSync } = require("child_process");
-      const path = require("path");
-      const fs = require("fs");
       let projectPath = options.projectPath || process.cwd();
       if (projectPath.includes("\0") || /[;&|`$(){}[\]<>]/.test(projectPath)) {
         console.error("[MonitorClient] Invalid projectPath: contains forbidden characters");

package/dist/index.mjs

@@ -13,6 +13,10 @@ var MonitorClient = class {
     this.isClosed = false;
     this.retryCount = /* @__PURE__ */ new Map();
     this.isFlushInProgress = false;
+    this.auditIntervalTimer = null;
+    this.settingsPollingTimer = null;
+    this.lastScanTime = null;
+    this.lastKnownScanRequestedAt = null;
     if (!config.apiKey || config.apiKey.trim().length === 0) {
       throw new Error("[MonitorClient] API key is required");
     }
@@ -57,12 +61,18 @@ var MonitorClient = class {
       "@typescript-eslint/*"
     ];
     this.excludePatterns = config.excludePatterns || defaultExcludePatterns;
+    this.autoAudit = config.autoAudit || false;
     this.startFlushTimer();
     if (this.trackDependencies) {
       this.syncDependencies().catch((err) => {
         console.error("[MonitorClient] Failed to sync dependencies:", err instanceof Error ? err.message : String(err));
       });
     }
+    if (this.autoAudit) {
+      this.setupAutoAudit().catch((err) => {
+        console.error("[MonitorClient] Failed to setup auto audit:", err instanceof Error ? err.message : String(err));
+      });
+    }
   }
   async captureError(error, context) {
     if (this.isClosed) return;
@@ -139,8 +149,101 @@ var MonitorClient = class {
   async close() {
     this.isClosed = true;
     this.stopFlushTimer();
+    this.stopAuditIntervalTimer();
     await this.flush();
   }
+  stopAuditIntervalTimer() {
+    if (this.auditIntervalTimer) {
+      clearInterval(this.auditIntervalTimer);
+      this.auditIntervalTimer = null;
+    }
+    if (this.settingsPollingTimer) {
+      clearInterval(this.settingsPollingTimer);
+      this.settingsPollingTimer = null;
+    }
+  }
+  /**
+   * Fetch project settings from the monitoring server.
+   * Returns configuration including vulnerability scan interval and scan request timestamp.
+   */
+  async fetchProjectSettings() {
+    try {
+      const response = await this.fetchWithTimeout(`${this.endpoint}/api/v1/project/settings`, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        console.warn("[MonitorClient] Failed to fetch project settings:", response.status);
+        return null;
+      }
+      const result = await response.json();
+      return result.data || null;
+    } catch (err) {
+      console.warn("[MonitorClient] Failed to fetch project settings:", err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  }
+  /**
+   * Setup automatic vulnerability scanning based on server-configured interval.
+   * Fetches settings from server and sets up recurring scans.
+   * Also sets up polling for on-demand scan requests from the server.
+   */
+  async setupAutoAudit() {
+    const settings = await this.fetchProjectSettings();
+    if (!settings) {
+      console.warn("[MonitorClient] Could not fetch project settings, auto audit disabled");
+      return;
+    }
+    if (settings.scanRequestedAt) {
+      this.lastKnownScanRequestedAt = new Date(settings.scanRequestedAt);
+    }
+    const intervalHours = settings.vulnerabilityScanIntervalHours;
+    if (intervalHours <= 0) {
+      console.log("[MonitorClient] Scheduled vulnerability scanning disabled by server configuration");
+    } else {
+      console.log(`[MonitorClient] Auto vulnerability scanning enabled (every ${intervalHours} hours)`);
+      await this.runScanAndTrackTime();
+      const intervalMs = intervalHours * 60 * 60 * 1e3;
+      this.auditIntervalTimer = setInterval(() => {
+        this.runScanAndTrackTime();
+      }, intervalMs);
+    }
+    console.log("[MonitorClient] Polling for scan requests enabled (every 5 minutes)");
+    this.settingsPollingTimer = setInterval(() => {
+      this.checkForScanRequest();
+    }, 5 * 60 * 1e3);
+  }
+  /**
+   * Run a vulnerability scan and track the time it was run.
+   */
+  async runScanAndTrackTime() {
+    try {
+      await this.auditDependencies();
+      this.lastScanTime = /* @__PURE__ */ new Date();
+    } catch (err) {
+      console.error("[MonitorClient] Vulnerability scan failed:", err instanceof Error ? err.message : String(err));
+    }
+  }
+  /**
+   * Check if the server has requested an on-demand scan.
+   */
+  async checkForScanRequest() {
+    try {
+      const settings = await this.fetchProjectSettings();
+      if (!settings || !settings.scanRequestedAt) return;
+      const scanRequestedAt = new Date(settings.scanRequestedAt);
+      if (!this.lastKnownScanRequestedAt || scanRequestedAt > this.lastKnownScanRequestedAt) {
+        console.log("[MonitorClient] On-demand scan requested by server");
+        this.lastKnownScanRequestedAt = scanRequestedAt;
+        await this.runScanAndTrackTime();
+      }
+    } catch (err) {
+      console.error("[MonitorClient] Failed to check for scan request:", err instanceof Error ? err.message : String(err));
+    }
+  }
   enqueue(payload) {
     if (this.queue.length >= this.maxQueueSize) {
       console.warn("[MonitorClient] Queue full, dropping oldest error");
@@ -429,16 +532,24 @@ var MonitorClient = class {
    * @returns Audit summary with vulnerability counts
    */
   async auditDependencies(options = {}) {
-    if (typeof __require === "undefined") {
-      console.warn("[MonitorClient] auditDependencies only works in Node.js environment");
+    if (typeof window !== "undefined" || typeof document !== "undefined") {
+      console.warn("[MonitorClient] auditDependencies only works in Node.js server environment");
+      return null;
+    }
+    let execSync;
+    let path;
+    let fs;
+    try {
+      execSync = __require("child_process").execSync;
+      path = __require("path");
+      fs = __require("fs");
+    } catch {
+      console.warn("[MonitorClient] auditDependencies requires Node.js (not available in bundled/browser environments)");
       return null;
     }
     const startTime = Date.now();
     const environment = options.environment || this.environment;
     try {
-      const { execSync } = __require("child_process");
-      const path = __require("path");
-      const fs = __require("fs");
       let projectPath = options.projectPath || process.cwd();
       if (projectPath.includes("\0") || /[;&|`$(){}[\]<>]/.test(projectPath)) {
         console.error("[MonitorClient] Invalid projectPath: contains forbidden characters");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ceon-oy/monitor-sdk",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Client SDK for Ceon Monitor - Error tracking, health monitoring, security events, and vulnerability scanning",
   "author": "Ceon",
   "license": "MIT",