@ceon-oy/monitor-sdk 1.0.2 → 1.0.3

package/README.md

@@ -96,6 +96,7 @@ interface MonitorClientConfig {
     environment: string;
   }[];
   excludePatterns?: string[];        // Glob patterns to exclude (e.g., '@types/*')
+  autoAudit?: boolean;               // Enable automatic vulnerability scanning (default: false)
 }
 ```
 
@@ -206,7 +207,29 @@ await monitor.auditDependencies({
 });
 ```
 
-#### Scheduled Auditing
+#### Automatic Auditing (Recommended)
+
+Enable `autoAudit: true` to let the SDK automatically scan for vulnerabilities based on the interval configured in the Ceon Monitor dashboard:
+
+```typescript
+const monitor = new MonitorClient({
+  apiKey: process.env.CEON_MONITOR_API_KEY!,
+  endpoint: 'https://monitor.example.com',
+  autoAudit: true,  // Enable automatic vulnerability scanning
+});
+```
+
+With `autoAudit` enabled:
+- SDK fetches the scan interval from the server on startup
+- Runs an initial vulnerability scan
+- Schedules recurring scans based on server configuration (e.g., every 24 hours)
+- Responds to on-demand "Run Scan" requests from the dashboard (polled every 5 minutes)
+
+Configure the scan interval in the Ceon Monitor dashboard under the project's Vulnerabilities page.
+
+#### Manual Scheduled Auditing
+
+If you prefer manual control over scheduling:
 
 ```typescript
 // Run on app startup

package/dist/index.d.mts

@@ -31,6 +31,8 @@ interface MonitorClientConfig {
     maxRetries?: number;
     /** Request timeout in ms (default: 10000) */
     requestTimeoutMs?: number;
+    /** Enable automatic vulnerability scanning based on server-configured interval (default: false) */
+    autoAudit?: boolean;
 }
 interface TechnologyItem {
     name: string;
@@ -135,12 +137,41 @@ declare class MonitorClient {
     private retryCount;
     private isFlushInProgress;
     private requestTimeoutMs;
+    private autoAudit;
+    private auditIntervalTimer;
+    private settingsPollingTimer;
+    private lastScanTime;
+    private lastKnownScanRequestedAt;
     constructor(config: MonitorClientConfig);
     captureError(error: Error, context?: ErrorContext): Promise<void>;
     captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>;
     flush(): Promise<void>;
     private getErrorKey;
     close(): Promise<void>;
+    private stopAuditIntervalTimer;
+    /**
+     * Fetch project settings from the monitoring server.
+     * Returns configuration including vulnerability scan interval and scan request timestamp.
+     */
+    fetchProjectSettings(): Promise<{
+        name: string;
+        vulnerabilityScanIntervalHours: number;
+        scanRequestedAt: string | null;
+    } | null>;
+    /**
+     * Setup automatic vulnerability scanning based on server-configured interval.
+     * Fetches settings from server and sets up recurring scans.
+     * Also sets up polling for on-demand scan requests from the server.
+     */
+    private setupAutoAudit;
+    /**
+     * Run a vulnerability scan and track the time it was run.
+     */
+    private runScanAndTrackTime;
+    /**
+     * Check if the server has requested an on-demand scan.
+     */
+    private checkForScanRequest;
     private enqueue;
     /**
      * Fetch with timeout to prevent hanging requests

package/dist/index.d.ts

@@ -31,6 +31,8 @@ interface MonitorClientConfig {
     maxRetries?: number;
     /** Request timeout in ms (default: 10000) */
     requestTimeoutMs?: number;
+    /** Enable automatic vulnerability scanning based on server-configured interval (default: false) */
+    autoAudit?: boolean;
 }
 interface TechnologyItem {
     name: string;
@@ -135,12 +137,41 @@ declare class MonitorClient {
     private retryCount;
     private isFlushInProgress;
     private requestTimeoutMs;
+    private autoAudit;
+    private auditIntervalTimer;
+    private settingsPollingTimer;
+    private lastScanTime;
+    private lastKnownScanRequestedAt;
     constructor(config: MonitorClientConfig);
     captureError(error: Error, context?: ErrorContext): Promise<void>;
     captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>;
     flush(): Promise<void>;
     private getErrorKey;
     close(): Promise<void>;
+    private stopAuditIntervalTimer;
+    /**
+     * Fetch project settings from the monitoring server.
+     * Returns configuration including vulnerability scan interval and scan request timestamp.
+     */
+    fetchProjectSettings(): Promise<{
+        name: string;
+        vulnerabilityScanIntervalHours: number;
+        scanRequestedAt: string | null;
+    } | null>;
+    /**
+     * Setup automatic vulnerability scanning based on server-configured interval.
+     * Fetches settings from server and sets up recurring scans.
+     * Also sets up polling for on-demand scan requests from the server.
+     */
+    private setupAutoAudit;
+    /**
+     * Run a vulnerability scan and track the time it was run.
+     */
+    private runScanAndTrackTime;
+    /**
+     * Check if the server has requested an on-demand scan.
+     */
+    private checkForScanRequest;
     private enqueue;
     /**
      * Fetch with timeout to prevent hanging requests

package/dist/index.js

@@ -42,6 +42,10 @@ var MonitorClient = class {
     this.isClosed = false;
     this.retryCount = /* @__PURE__ */ new Map();
     this.isFlushInProgress = false;
+    this.auditIntervalTimer = null;
+    this.settingsPollingTimer = null;
+    this.lastScanTime = null;
+    this.lastKnownScanRequestedAt = null;
     if (!config.apiKey || config.apiKey.trim().length === 0) {
       throw new Error("[MonitorClient] API key is required");
     }
@@ -86,12 +90,18 @@ var MonitorClient = class {
       "@typescript-eslint/*"
     ];
     this.excludePatterns = config.excludePatterns || defaultExcludePatterns;
+    this.autoAudit = config.autoAudit || false;
     this.startFlushTimer();
     if (this.trackDependencies) {
       this.syncDependencies().catch((err) => {
         console.error("[MonitorClient] Failed to sync dependencies:", err instanceof Error ? err.message : String(err));
       });
     }
+    if (this.autoAudit) {
+      this.setupAutoAudit().catch((err) => {
+        console.error("[MonitorClient] Failed to setup auto audit:", err instanceof Error ? err.message : String(err));
+      });
+    }
   }
   async captureError(error, context) {
     if (this.isClosed) return;
@@ -168,8 +178,101 @@ var MonitorClient = class {
   async close() {
     this.isClosed = true;
     this.stopFlushTimer();
+    this.stopAuditIntervalTimer();
     await this.flush();
   }
+  stopAuditIntervalTimer() {
+    if (this.auditIntervalTimer) {
+      clearInterval(this.auditIntervalTimer);
+      this.auditIntervalTimer = null;
+    }
+    if (this.settingsPollingTimer) {
+      clearInterval(this.settingsPollingTimer);
+      this.settingsPollingTimer = null;
+    }
+  }
+  /**
+   * Fetch project settings from the monitoring server.
+   * Returns configuration including vulnerability scan interval and scan request timestamp.
+   */
+  async fetchProjectSettings() {
+    try {
+      const response = await this.fetchWithTimeout(`${this.endpoint}/api/v1/project/settings`, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        console.warn("[MonitorClient] Failed to fetch project settings:", response.status);
+        return null;
+      }
+      const result = await response.json();
+      return result.data || null;
+    } catch (err) {
+      console.warn("[MonitorClient] Failed to fetch project settings:", err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  }
+  /**
+   * Setup automatic vulnerability scanning based on server-configured interval.
+   * Fetches settings from server and sets up recurring scans.
+   * Also sets up polling for on-demand scan requests from the server.
+   */
+  async setupAutoAudit() {
+    const settings = await this.fetchProjectSettings();
+    if (!settings) {
+      console.warn("[MonitorClient] Could not fetch project settings, auto audit disabled");
+      return;
+    }
+    if (settings.scanRequestedAt) {
+      this.lastKnownScanRequestedAt = new Date(settings.scanRequestedAt);
+    }
+    const intervalHours = settings.vulnerabilityScanIntervalHours;
+    if (intervalHours <= 0) {
+      console.log("[MonitorClient] Scheduled vulnerability scanning disabled by server configuration");
+    } else {
+      console.log(`[MonitorClient] Auto vulnerability scanning enabled (every ${intervalHours} hours)`);
+      await this.runScanAndTrackTime();
+      const intervalMs = intervalHours * 60 * 60 * 1e3;
+      this.auditIntervalTimer = setInterval(() => {
+        this.runScanAndTrackTime();
+      }, intervalMs);
+    }
+    console.log("[MonitorClient] Polling for scan requests enabled (every 5 minutes)");
+    this.settingsPollingTimer = setInterval(() => {
+      this.checkForScanRequest();
+    }, 5 * 60 * 1e3);
+  }
+  /**
+   * Run a vulnerability scan and track the time it was run.
+   */
+  async runScanAndTrackTime() {
+    try {
+      await this.auditDependencies();
+      this.lastScanTime = /* @__PURE__ */ new Date();
+    } catch (err) {
+      console.error("[MonitorClient] Vulnerability scan failed:", err instanceof Error ? err.message : String(err));
+    }
+  }
+  /**
+   * Check if the server has requested an on-demand scan.
+   */
+  async checkForScanRequest() {
+    try {
+      const settings = await this.fetchProjectSettings();
+      if (!settings || !settings.scanRequestedAt) return;
+      const scanRequestedAt = new Date(settings.scanRequestedAt);
+      if (!this.lastKnownScanRequestedAt || scanRequestedAt > this.lastKnownScanRequestedAt) {
+        console.log("[MonitorClient] On-demand scan requested by server");
+        this.lastKnownScanRequestedAt = scanRequestedAt;
+        await this.runScanAndTrackTime();
+      }
+    } catch (err) {
+      console.error("[MonitorClient] Failed to check for scan request:", err instanceof Error ? err.message : String(err));
+    }
+  }
   enqueue(payload) {
     if (this.queue.length >= this.maxQueueSize) {
       console.warn("[MonitorClient] Queue full, dropping oldest error");

package/dist/index.mjs

@@ -13,6 +13,10 @@ var MonitorClient = class {
     this.isClosed = false;
     this.retryCount = /* @__PURE__ */ new Map();
     this.isFlushInProgress = false;
+    this.auditIntervalTimer = null;
+    this.settingsPollingTimer = null;
+    this.lastScanTime = null;
+    this.lastKnownScanRequestedAt = null;
     if (!config.apiKey || config.apiKey.trim().length === 0) {
       throw new Error("[MonitorClient] API key is required");
     }
@@ -57,12 +61,18 @@ var MonitorClient = class {
       "@typescript-eslint/*"
     ];
     this.excludePatterns = config.excludePatterns || defaultExcludePatterns;
+    this.autoAudit = config.autoAudit || false;
     this.startFlushTimer();
     if (this.trackDependencies) {
       this.syncDependencies().catch((err) => {
         console.error("[MonitorClient] Failed to sync dependencies:", err instanceof Error ? err.message : String(err));
       });
     }
+    if (this.autoAudit) {
+      this.setupAutoAudit().catch((err) => {
+        console.error("[MonitorClient] Failed to setup auto audit:", err instanceof Error ? err.message : String(err));
+      });
+    }
   }
   async captureError(error, context) {
     if (this.isClosed) return;
@@ -139,8 +149,101 @@ var MonitorClient = class {
   async close() {
     this.isClosed = true;
     this.stopFlushTimer();
+    this.stopAuditIntervalTimer();
     await this.flush();
   }
+  stopAuditIntervalTimer() {
+    if (this.auditIntervalTimer) {
+      clearInterval(this.auditIntervalTimer);
+      this.auditIntervalTimer = null;
+    }
+    if (this.settingsPollingTimer) {
+      clearInterval(this.settingsPollingTimer);
+      this.settingsPollingTimer = null;
+    }
+  }
+  /**
+   * Fetch project settings from the monitoring server.
+   * Returns configuration including vulnerability scan interval and scan request timestamp.
+   */
+  async fetchProjectSettings() {
+    try {
+      const response = await this.fetchWithTimeout(`${this.endpoint}/api/v1/project/settings`, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        console.warn("[MonitorClient] Failed to fetch project settings:", response.status);
+        return null;
+      }
+      const result = await response.json();
+      return result.data || null;
+    } catch (err) {
+      console.warn("[MonitorClient] Failed to fetch project settings:", err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  }
+  /**
+   * Setup automatic vulnerability scanning based on server-configured interval.
+   * Fetches settings from server and sets up recurring scans.
+   * Also sets up polling for on-demand scan requests from the server.
+   */
+  async setupAutoAudit() {
+    const settings = await this.fetchProjectSettings();
+    if (!settings) {
+      console.warn("[MonitorClient] Could not fetch project settings, auto audit disabled");
+      return;
+    }
+    if (settings.scanRequestedAt) {
+      this.lastKnownScanRequestedAt = new Date(settings.scanRequestedAt);
+    }
+    const intervalHours = settings.vulnerabilityScanIntervalHours;
+    if (intervalHours <= 0) {
+      console.log("[MonitorClient] Scheduled vulnerability scanning disabled by server configuration");
+    } else {
+      console.log(`[MonitorClient] Auto vulnerability scanning enabled (every ${intervalHours} hours)`);
+      await this.runScanAndTrackTime();
+      const intervalMs = intervalHours * 60 * 60 * 1e3;
+      this.auditIntervalTimer = setInterval(() => {
+        this.runScanAndTrackTime();
+      }, intervalMs);
+    }
+    console.log("[MonitorClient] Polling for scan requests enabled (every 5 minutes)");
+    this.settingsPollingTimer = setInterval(() => {
+      this.checkForScanRequest();
+    }, 5 * 60 * 1e3);
+  }
+  /**
+   * Run a vulnerability scan and track the time it was run.
+   */
+  async runScanAndTrackTime() {
+    try {
+      await this.auditDependencies();
+      this.lastScanTime = /* @__PURE__ */ new Date();
+    } catch (err) {
+      console.error("[MonitorClient] Vulnerability scan failed:", err instanceof Error ? err.message : String(err));
+    }
+  }
+  /**
+   * Check if the server has requested an on-demand scan.
+   */
+  async checkForScanRequest() {
+    try {
+      const settings = await this.fetchProjectSettings();
+      if (!settings || !settings.scanRequestedAt) return;
+      const scanRequestedAt = new Date(settings.scanRequestedAt);
+      if (!this.lastKnownScanRequestedAt || scanRequestedAt > this.lastKnownScanRequestedAt) {
+        console.log("[MonitorClient] On-demand scan requested by server");
+        this.lastKnownScanRequestedAt = scanRequestedAt;
+        await this.runScanAndTrackTime();
+      }
+    } catch (err) {
+      console.error("[MonitorClient] Failed to check for scan request:", err instanceof Error ? err.message : String(err));
+    }
+  }
   enqueue(payload) {
     if (this.queue.length >= this.maxQueueSize) {
       console.warn("[MonitorClient] Queue full, dropping oldest error");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ceon-oy/monitor-sdk",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Client SDK for Ceon Monitor - Error tracking, health monitoring, security events, and vulnerability scanning",
   "author": "Ceon",
   "license": "MIT",