@gravito/spectrum 3.0.0 → 3.0.2

package/README.md

@@ -1,20 +1,23 @@
-# @gravito/spectrum
+# @gravito/spectrum 🔭
 
 > **Your telescope into the Gravito universe — real-time insights, zero configuration.**
 
-`@gravito/spectrum` is a powerful, zero-config debug dashboard designed specifically for the Gravito ecosystem. It acts as a telescope for your application, capturing HTTP requests, database queries, logs, and exceptions in real-time.
+`@gravito/spectrum` is a powerful, zero-config observability and debug dashboard designed specifically for the Gravito ecosystem. It acts as a telescope for your application, capturing HTTP requests, database queries, and application logs in real-time.
 
 ![Spectrum Dashboard](https://via.placeholder.com/1200x600/0f172a/38bdf8?text=Gravito+Spectrum+UI)
 
-## ✨ Features
+## 🌟 Features
 
-- **⚡️ Real-time Updates**: Powered by Server-Sent Events (SSE), observe requests as they happen without refreshing.
-- **🔍 Deep Inspection**: View detailed request/response headers, bodies, and execution time.
-- **🗄️ Database Profiling**: Automatically captures `@gravito/atlas` SQL queries with bindings and duration.
-- **↺ Request Replay**: One-click replay of any captured request to quickly reproduce bugs or test fixes.
-- **📊 Live Statistics**: Monitor error rates, average latency, and throughput in real-time.
-- **💾 Persistence**: Support for File-based storage to keep debug data across server restarts.
-- **🛡️ Security Gates**: Configurable authorization logic to secure the dashboard in sensitive environments.
+- **⚡️ Real-time Updates**: Powered by **Server-Sent Events (SSE)**, observe requests and logs as they happen without refreshing the page.
+- **🔍 Deep Inspection**: View detailed request/response headers, status codes, and precise execution timing.
+- **🗄️ Database Profiling**: Automatically hooks into `@gravito/atlas` to capture SQL queries, bindings, and execution duration.
+- **↺ Request Replay**: One-click replay of any captured request directly from the dashboard to quickly reproduce bugs or test fixes.
+- **📊 Live Statistics**: Monitor total requests, average latency, and error rates via a real-time dashboard.
+- **💾 Pluggable Storage**: 
+  - **MemoryStorage**: Fast, zero-config storage for development (default).
+  - **FileStorage**: Persistent storage that survives server restarts.
+- **🛡️ Security Gates**: Built-in authorization support to protect your debug data in sensitive environments.
+- **🎨 Modern UI**: A clean, responsive dashboard built with Tailwind CSS and Vue.js.
 
 ## 📦 Installation
 
@@ -32,7 +35,7 @@ import { SpectrumOrbit } from '@gravito/spectrum'
 
 const core = new PlanetCore()
 
-// Initialize Spectrum (Development only recommended)
+// Initialize Spectrum (Recommended for development only)
 if (process.env.NODE_ENV !== 'production') {
   await core.orbit(new SpectrumOrbit())
 }
@@ -40,72 +43,121 @@ if (process.env.NODE_ENV !== 'production') {
 await core.liftoff()
 ```
 
-Visit **http://localhost:3000/gravito/spectrum** to see your dashboard.
+By default, visit **`http://localhost:3000/gravito/spectrum`** to access your dashboard.
 
 ## ⚙️ Configuration
 
-You can customize Spectrum by passing a configuration object.
+You can customize Spectrum by passing a configuration object to the `SpectrumOrbit` constructor.
 
 ```typescript
+import { SpectrumOrbit, FileStorage } from '@gravito/spectrum'
+
 await core.orbit(new SpectrumOrbit({
-  // Change the dashboard path
+  // Custom dashboard path
   path: '/_debug',
   
-  // Storage Strategy (Memory or File)
-  storage: new MemoryStorage(), 
+  // Storage Strategy (MemoryStorage or FileStorage)
+  storage: new FileStorage({ directory: './storage/spectrum' }), 
   
+  // Maximum number of items to keep (per category)
+  maxItems: 500,
+
   // Sample Rate (0.0 to 1.0)
-  // Useful for high-traffic environments to prevent flooding
+  // 1.0 captures everything, 0.1 captures only 10% of traffic
   sampleRate: 1.0, 
   
   // Security Gate (Authorization)
   gate: async (c) => {
-    // Return true to allow access
-    return c.req.ip === '127.0.0.1'
+    // Return true to allow access, false to block
+    const user = c.get('auth')?.user;
+    return user?.isAdmin === true;
   }
 }))
 ```
 
 ## 🛡️ Production Safety
 
-Spectrum is designed primarily for **local development**. If you enable it in production, you **MUST** follow these rules:
-
-1.  **Configure a Gate**: Never leave the dashboard open to the public.
-2.  **Enable Persistence**: Use `FileStorage` so data isn't lost on restart, or stick to `MemoryStorage` to avoid filling up disk space.
-3.  **Set Sample Rate**: Set `sampleRate: 0.1` (10%) or lower to avoid performance impact on high-traffic sites.
+Spectrum is optimized for local development. If you choose to enable it in production, please follow these security guidelines:
 
-```typescript
-if (process.env.NODE_ENV === 'production') {
-  await core.orbit(new SpectrumOrbit({
-    storage: new FileStorage({ directory: './storage/spectrum' }),
-    sampleRate: 0.05, // Capture only 5% of requests
-    gate: async (c) => c.req.header('x-admin-token') === process.env.ADMIN_TOKEN
-  }))
-}
-```
+1.  **Always Configure a Gate**: Never leave the dashboard publicly accessible. Use the `gate` option to implement authentication.
+2.  **Enable Persistence with Caution**: Use `FileStorage` to keep data across restarts, but monitor disk usage.
+3.  **Adjust Sample Rate**: For high-traffic applications, set a lower `sampleRate` (e.g., `0.01` or 1%) to minimize performance overhead.
 
 ## 🔌 Integrations
 
 ### Database (Atlas)
-
-If `@gravito/atlas` is installed and loaded in your application, Spectrum automatically detects it and begins capturing all database queries. No extra configuration is needed.
+Spectrum automatically detects `@gravito/atlas` if it's part of your orbits. It will begin capturing all SQL queries, allowing you to see exactly what's happening at the database level for every request.
 
 ### Logs (Logger)
-
-Spectrum automatically wraps the core logger. Any call to `core.logger.info()`, `debug()`, `warn()`, or `error()` is captured and displayed in the dashboard alongside the request context.
+Spectrum wraps the Gravito core logger. Any logs generated via `core.logger.info()`, `debug()`, `warn()`, or `error()` are captured and linked to the timeline of incoming requests.
 
 ## ❓ Spectrum vs Monitor
 
 | Feature | `@gravito/spectrum` | `@gravito/monitor` |
 |---------|---------------------|--------------------|
-| **Goal** | **Local Debugging** | **Cluster Observability** |
-| **Interface** | Built-in UI Dashboard | JSON / Prometheus / OTLP |
-| **Scope** | Single Node (Stateful) | Distributed (Stateless) |
-| **Data Retention** | Short-term (Recent 100) | Long-term (TSDB) |
-| **Best For** | Developers fixing bugs | DevOps monitoring uptime |
-
-If you are running in Kubernetes or Serverless and need aggregated logs from multiple instances, use **@gravito/monitor** with an external backend like Grafana or Datadog.
-
-## License
-
-MIT
+| **Primary Goal** | **Local Debugging & Profiling** | **Production Cluster Observability** |
+| **Interface** | Built-in Web UI Dashboard | JSON / Prometheus / OpenTelemetry |
+| **Data Scope** | Single Node (Stateful) | Distributed (Stateless) |
+| **Retention** | Short-term (Recent items) | Long-term (TSDB Integration) |
+| **Best For** | Developers fixing bugs locally | DevOps monitoring system health |
+
+## 🛠️ Roadmap & Future Improvements
+
+### Phase 1: Core Enhancement
+
+| Feature | Description | Priority |
+|---------|-------------|----------|
+| **Request/Response Body Capture** | Capture and display request/response bodies with size limits and content-type filtering | High |
+| **Advanced Filtering** | Add search, filter by method/status/duration in dashboard | High |
+| **Export Functionality** | Export captured data as HAR, JSON, or CSV | Medium |
+| **Request Diff View** | Compare two captured requests side-by-side | Medium |
+
+### Phase 2: Storage & Performance
+
+| Feature | Description | Priority |
+|---------|-------------|----------|
+| **SQLite Storage** | Add SQLite backend for better query performance and data integrity | High |
+| **Batch Write Optimization** | Buffer writes and flush periodically to reduce I/O | Medium |
+| **Memory Limit Controls** | Configurable memory caps with automatic pruning | Medium |
+| **Compression** | GZIP compression for FileStorage to reduce disk usage | Low |
+
+### Phase 3: Observability Integration
+
+| Feature | Description | Priority |
+|---------|-------------|----------|
+| **OpenTelemetry Export** | Export traces to OTLP-compatible backends | High |
+| **Trace Context Propagation** | Link requests to distributed traces | High |
+| **Custom Span Annotations** | Allow manual span creation within request lifecycle | Medium |
+| **Metrics Dashboard** | P50/P95/P99 latency charts, request rate graphs | Medium |
+
+### Phase 4: Developer Experience
+
+| Feature | Description | Priority |
+|---------|-------------|----------|
+| **Dark/Light Theme Toggle** | User-selectable theme for dashboard | Low |
+| **Keyboard Shortcuts** | Navigate and filter with keyboard | Low |
+| **WebSocket Support** | Capture and display WebSocket frames | Medium |
+| **Request Timeline View** | Visual timeline showing request waterfall | Medium |
+| **Mobile-Responsive Dashboard** | Improved mobile layout for dashboard | Low |
+
+### Phase 5: Core Bug Fixes
+
+| Issue | Description | Status | Priority |
+|-------|-------------|--------|----------|
+| **Request-Log-Query Correlation** | Link logs and queries to their originating request for better debugging | ✅ Fixed | High |
+| **Config Consistency** | Ensure `SpectrumConfig.maxItems` is properly passed to Storage backends | ✅ Fixed | High |
+| **FileStorage.prune()** | Currently only prunes requests, needs to handle logs and queries | ✅ Fixed | Medium |
+| **SSE Connection Cleanup** | Improve handling of disconnected SSE clients to prevent memory leaks | ✅ Fixed | High |
+| **Dashboard CSRF Protection** | Add CSRF protection for POST endpoints (`/clear`, `/replay`) | ✅ Fixed | High |
+| **Large Payload Handling** | Implement streaming for large request/response bodies | ⏳ Planned | Medium |
+
+### Contributing
+
+We welcome contributions! Priority areas:
+- Storage backend implementations (Redis, PostgreSQL)
+- Dashboard UI improvements
+- Performance optimizations for high-traffic scenarios
+
+## 📄 License
+
+MIT © Carl Lee

package/README.zh-TW.md

@@ -0,0 +1,163 @@
+# @gravito/spectrum 🔭
+
+> **您進入 Gravito 宇宙的望遠鏡 —— 即時分析，零配置。**
+
+`@gravito/spectrum` 是專為 Gravito 生態系統設計的功能強大、零配置的可觀測性與除錯儀表板。它就像是您應用程式的望遠鏡，能即時捕捉 HTTP 請求、資料庫查詢以及應用程式日誌。
+
+![Spectrum 儀表板](https://via.placeholder.com/1200x600/0f172a/38bdf8?text=Gravito+Spectrum+UI)
+
+## 🌟 特性
+
+- **⚡️ 即時更新**：基於 **Server-Sent Events (SSE)** 技術，無需重新整理頁面即可即時觀察請求與日誌。
+- **🔍 深度檢查**：查看詳細的請求/回應標頭 (Headers)、狀態碼以及精確的執行時間。
+- **🗄️ 資料庫分析**：自動整合 `@gravito/atlas`，捕捉所有 SQL 查詢、綁定參數以及執行耗時。
+- **↺ 請求重放 (Replay)**：直接從儀表板一鍵重放任何已捕捉的請求，快速重現 Bug 或測試修復結果。
+- **📊 即時統計**：透過即時儀表板監控總請求數、平均延遲以及錯誤率。
+- **💾 可插拔儲存**：
+  - **MemoryStorage**：適用於開發環境的快速零配置儲存（預設）。
+  - **FileStorage**：持久化儲存，即使伺服器重啟資料也不會遺失。
+- **🛡️ 安全閘門 (Security Gates)**：內建授權支援，在敏感環境中保護您的除錯數據。
+- **🎨 現代化介面**：使用 Tailwind CSS 與 Vue.js 打造的簡潔、響應式儀表板。
+
+## 📦 安裝
+
+```bash
+bun add @gravito/spectrum
+```
+
+## 🚀 快速上手
+
+只需在您的應用程式入口點註冊 `SpectrumOrbit`：
+
+```typescript
+import { PlanetCore } from '@gravito/core'
+import { SpectrumOrbit } from '@gravito/spectrum'
+
+const core = new PlanetCore()
+
+// 初始化 Spectrum (建議僅在開發環境中使用)
+if (process.env.NODE_ENV !== 'production') {
+  await core.orbit(new SpectrumOrbit())
+}
+
+await core.liftoff()
+```
+
+預設情況下，訪問 **`http://localhost:3000/gravito/spectrum`** 即可進入儀表板。
+
+## ⚙️ 配置選項
+
+您可以透過向 `SpectrumOrbit` 建構函數傳遞配置物件來客製化 Spectrum。
+
+```typescript
+import { SpectrumOrbit, FileStorage } from '@gravito/spectrum'
+
+await core.orbit(new SpectrumOrbit({
+  // 客製化儀表板路徑
+  path: '/_debug',
+  
+  // 儲存策略 (MemoryStorage 或 FileStorage)
+  storage: new FileStorage({ directory: './storage/spectrum' }), 
+  
+  // 每個類別保留的最大項目數
+  maxItems: 500,
+
+  // 採樣率 (0.0 到 1.0)
+  // 1.0 代表捕捉所有請求，0.1 代表僅捕捉 10% 的流量
+  sampleRate: 1.0, 
+  
+  // 安全閘門 (授權檢查)
+  gate: async (c) => {
+    // 回傳 true 允許訪問，false 則阻擋
+    const user = c.get('auth')?.user;
+    return user?.isAdmin === true;
+  }
+}))
+```
+
+## 🛡️ 正式環境安全指南
+
+Spectrum 主要針對本地開發進行優化。若您選擇在正式環境啟用，請遵循以下安全建議：
+
+1.  **務必配置安全閘門**：絕不要讓儀表板處於公開可訪問狀態。請使用 `gate` 選項實作身份驗證。
+2.  **謹慎啟用持久化**：使用 `FileStorage` 可保留重啟後的資料，但請監控磁碟空間使用量。
+3.  **調整採樣率**：對於高流量應用，建議設定較低的 `sampleRate`（例如 `0.01` 或 1%），以將效能開銷降至最低。
+
+## 🔌 模組整合
+
+### 資料庫 (Atlas)
+若您的 Orbits 中包含 `@gravito/atlas`，Spectrum 會自動偵測並開始捕捉所有 SQL 查詢，讓您能精確掌握每個請求在資料庫層級的運作狀況。
+
+### 日誌 (Logger)
+Spectrum 封裝了 Gravito 核心日誌系統。所有透過 `core.logger.info()`, `debug()`, `warn()`, 或 `error()` 產生的日誌都會被捕捉，並與當下的請求上下文關聯顯示。
+
+## ❓ Spectrum vs Monitor
+
+| 特性 | `@gravito/spectrum` | `@gravito/monitor` |
+|---------|---------------------|--------------------|
+| **主要目標** | **本地除錯與效能分析** | **生產環境叢集觀測** |
+| **界面** | 內建 Web UI 儀表板 | JSON / Prometheus / OpenTelemetry |
+| **數據範圍** | 單節點 (具狀態) | 分散式 (無狀態) |
+| **資料保留** | 短期 (近期項目) | 長期 (整合時序資料庫) |
+| **適用對象** | 在本地修復 Bug 的開發者 | 監控系統健康狀況的 DevOps |
+
+## 🛠️ 發展藍圖與未來改進
+
+### 第一階段：核心功能強化
+
+| 功能 | 描述 | 優先級 |
+|------|------|--------|
+| **請求/回應 Body 捕獲** | 捕獲並顯示請求/回應內容，支援大小限制和內容類型過濾 | 高 |
+| **進階過濾功能** | 在儀表板中新增搜尋、依方法/狀態/耗時過濾 | 高 |
+| **匯出功能** | 將捕獲的資料匯出為 HAR、JSON 或 CSV 格式 | 中 |
+| **請求差異比較** | 並排比較兩個已捕獲的請求 | 中 |
+
+### 第二階段：儲存與效能優化
+
+| 功能 | 描述 | 優先級 |
+|------|------|--------|
+| **SQLite 儲存** | 新增 SQLite 後端以提升查詢效能和資料完整性 | 高 |
+| **批次寫入優化** | 緩衝寫入並定期刷新以減少 I/O 操作 | 中 |
+| **記憶體限制控制** | 可配置的記憶體上限與自動修剪機制 | 中 |
+| **壓縮功能** | FileStorage 支援 GZIP 壓縮以減少磁碟使用 | 低 |
+
+### 第三階段：可觀測性整合
+
+| 功能 | 描述 | 優先級 |
+|------|------|--------|
+| **OpenTelemetry 匯出** | 將追蹤資料匯出至 OTLP 相容的後端 | 高 |
+| **追蹤上下文傳播** | 將請求與分散式追蹤連結 | 高 |
+| **自訂 Span 標註** | 允許在請求生命週期中手動建立 Span | 中 |
+| **指標儀表板** | P50/P95/P99 延遲圖表、請求速率圖表 | 中 |
+
+### 第四階段：開發者體驗提升
+
+| 功能 | 描述 | 優先級 |
+|------|------|--------|
+| **深色/淺色主題切換** | 使用者可選擇的儀表板主題 | 低 |
+| **鍵盤快捷鍵** | 使用鍵盤導航和過濾 | 低 |
+| **WebSocket 支援** | 捕獲並顯示 WebSocket 訊框 | 中 |
+| **請求時間軸視圖** | 視覺化時間軸顯示請求瀑布流 | 中 |
+| **行動裝置響應式儀表板** | 改善儀表板的行動裝置佈局 | 低 |
+
+### 第五階段：核心問題修復
+
+| 問題 | 描述 | 優先級 |
+|------|------|--------|
+| **請求-日誌-查詢關聯** | 將日誌和查詢與其來源請求連結，以提升除錯效率 | 高 |
+| **配置一致性** | 確保 `SpectrumConfig.maxItems` 正確傳遞給儲存後端 | 高 |
+| **FileStorage.prune()** | 目前僅修剪 requests，需要處理 logs 和 queries | 中 |
+| **SSE 連線清理** | 改善已斷開連線的 SSE 客戶端處理機制以防止記憶體洩漏 | 高 |
+| **儀表板 CSRF 保護** | 為 POST 端點（`/clear`、`/replay`）新增 CSRF 保護 | 高 |
+| **大型 Payload 處理** | 為大型請求/回應內容實作串流處理 | 中 |
+
+### 參與貢獻
+
+歡迎貢獻！優先領域：
+- 儲存後端實作（Redis、PostgreSQL）
+- 儀表板 UI 改進
+- 高流量場景的效能優化
+
+## 📄 授權
+
+MIT © Carl Lee