@harperfast/harper-pro 5.0.0-beta.5 → 5.0.0-beta.7

package/core/security/jsLoader.ts

@@ -20,6 +20,14 @@ import { EventEmitter } from 'node:events';
 
 type Lockdown = 'none' | 'freeze' | 'ses';
 const APPLICATIONS_LOCKDOWN: Lockdown = env.get(CONFIG_PARAMS.APPLICATIONS_LOCKDOWN);
+const HARPER_MODULE_IDS = new Set([
+	'harper',
+	'harperdb',
+	'harperdb/v1',
+	'harperdb/v2',
+	'@harperfast/harper',
+	'@harperfast/harper-pro',
+]);
 
 let lockedDown = false;
 /**
@@ -138,8 +146,9 @@ function parseJsonModule(source: string, url: string): any {
  * Load a module using Node's vm.Module API with (not really secure) sandboxing
  */
 async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
-	const moduleCache = new Map<string, SourceTextModule | SyntheticModule>();
+	const moduleCache = new Map<string, Promise<SourceTextModule | SyntheticModule>>();
 	const linkingPromises = new Map<string, Promise<void>>();
+	const cjsCache = new Map<string, { exports: any }>();
 
 	// Create a secure context with limited globals
 	const contextObject = getGlobalObject(scope);
@@ -149,30 +158,38 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 	 * Resolve module specifier to absolute URL
 	 */
 	function resolveModule(specifier: string, referrer: string): string {
-		if (specifier === 'harperdb' || specifier === 'harper') return 'harper';
-		if (specifier.startsWith('harper/') || specifier.startsWith('harperdb/')) {
+		if (HARPER_MODULE_IDS.has(specifier)) {
+			return 'harper'; // resolve any harper package as an alias to a single synthetic module
+		}
+		const parts = specifier.split('/');
+		if (parts[0] === 'harper') {
+			// block harper/* for now (reserving for potential future use)
 			throw new Error(`Module ${specifier} is not allowed, may only access the 'harper' module`);
 		}
-		if (specifier.startsWith('file://')) {
+		if (parts[0] === 'file:') {
 			return specifier;
 		}
-		// For relative paths, resolve to absolute file URL
-		if (specifier.startsWith('.')) {
-			const resolved = createRequire(referrer).resolve(specifier);
-			if (isAbsolute(resolved)) {
-				return pathToFileURL(resolved).toString();
-			}
-			return resolved;
+		const resolved = createRequire(referrer).resolve(specifier);
+		if (isAbsolute(resolved)) {
+			return pathToFileURL(resolved).toString();
 		}
-		// For package names and node: specifiers, keep as-is for proper require() handling
-		return specifier;
+		return resolved;
 	}
 
 	/**
 	 * Load a CommonJS module in our private context
 	 */
 	function loadCJS(url: string, source: string): { exports: any } {
+		// Check cache first to handle circular dependencies
+		if (cjsCache.has(url)) {
+			return cjsCache.get(url)!;
+		}
+
+		// Create module object and cache it immediately (before execution)
+		// This allows circular dependencies to get a reference to the incomplete module
 		const cjsModule = { exports: {} };
+		cjsCache.set(url, cjsModule);
+
 		if (url.endsWith('.json')) {
 			cjsModule.exports = parseJsonModule(source, url);
 			return cjsModule;
@@ -200,7 +217,7 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 			filename: url,
 			async importModuleDynamically(specifier: string, script) {
 				const resolvedUrl = resolveModule(specifier, script.sourceURL);
-				const useContainment = specifier.startsWith('.') || scope.dependencyContainment;
+				const useContainment = specifier.startsWith('.') || scope.dependencyContainment !== false;
 				const dynamicModule = await loadModuleWithCache(resolvedUrl, useContainment);
 				return dynamicModule;
 			},
@@ -217,31 +234,88 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 	}
 	function loadCJSModule(url: string, source: string, usePrivateGlobal: boolean): SyntheticModule {
 		const cjsModule = usePrivateGlobal ? loadCJS(url, source) : { exports: require(url) };
-		const exportNames = Object.keys(cjsModule.exports);
+		let exports = cjsModule.exports;
+		if (exports.default === undefined) {
+			// provide the default export for compatibility
+			exports = { default: exports, ...exports };
+		}
+		const exportNames = Object.keys(exports);
+
 		const synModule = new SyntheticModule(
-			exportNames.length > 0 ? exportNames : ['default'],
+			exportNames,
 			function () {
-				if (exportNames.length > 0) {
-					for (const key of exportNames) {
-						this.setExport(key, cjsModule.exports[key]);
-					}
-				} else {
-					this.setExport('default', cjsModule.exports);
+				for (const key of exportNames) {
+					this.setExport(key, exports[key]);
 				}
 			},
 			{ identifier: url, context }
 		);
-		moduleCache.set(url, synModule);
+		// Don't cache here - let getOrCreateModule handle caching
 		return synModule;
 	}
 
+	/**
+	 * Check if a package (or any of its dependencies) depends on harper
+	 * Expects a file URL like: file:///path/to/node_modules/package-name/dist/index.js
+	 */
+	function packageDependsOnHarper(fileUrl: string): boolean {
+		try {
+			// Convert file:// URL to path
+			const filePath = fileURLToPath(fileUrl);
+
+			// Find the node_modules directory and package name
+			// Example: /path/to/node_modules/package-name/dist/index.js
+			// or: /path/to/node_modules/@scope/package-name/dist/index.js
+			const nodeModulesMarker = '/node_modules/';
+			const nodeModulesIndex = filePath.lastIndexOf(nodeModulesMarker);
+			if (nodeModulesIndex === -1) return false;
+
+			// Get the part after /node_modules/
+			const afterNodeModules = filePath.substring(nodeModulesIndex + nodeModulesMarker.length);
+			const parts = afterNodeModules.split('/');
+
+			// Handle scoped packages (@scope/package-name) vs regular packages (package-name)
+			const beforeNodeModules = filePath.substring(0, nodeModulesIndex);
+			const packageRoot = parts[0].startsWith('@')
+				? join(beforeNodeModules, 'node_modules', parts[0], parts[1])
+				: join(beforeNodeModules, 'node_modules', parts[0]);
+
+			// Read package.json from the package root
+			const packageJsonPath = join(packageRoot, 'package.json');
+			const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
+
+			const deps = {
+				...packageJson.dependencies,
+				...packageJson.devDependencies,
+				...packageJson.peerDependencies,
+			};
+
+			// Check if harper is a direct dependency
+			return Object.keys(deps).some((dep) => HARPER_MODULE_IDS.has(dep));
+		} catch {
+			return false;
+		}
+	}
+
 	/**
 	 * Linker function for module resolution during instantiation
 	 */
 	async function linker(specifier: string, referencingModule: SourceTextModule | SyntheticModule) {
 		const resolvedUrl = resolveModule(specifier, referencingModule.identifier);
 
-		const useContainment = specifier.startsWith('.') || scope.dependencyContainment;
+		// Determine if we should use VM containment for this module
+		let useContainment = specifier.startsWith('.'); // Always contain relative imports
+
+		if (!useContainment && scope.dependencyContainment !== false) {
+			// For npm packages, check if they depend on harper
+			if (resolvedUrl.startsWith('file://') && resolvedUrl.includes('node_modules')) {
+				useContainment = packageDependsOnHarper(resolvedUrl);
+			} else {
+				// Non-file URLs (bare specifiers) - use default behavior
+				useContainment = scope.dependencyContainment === true;
+			}
+		}
+
 		// Return the module immediately (even if not yet linked) to support circular dependencies
 		return await getOrCreateModule(resolvedUrl, useContainment);
 	}
@@ -256,7 +330,7 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 		}
 
 		// Create the module and cache it immediately (before linking)
-		const module = await createModule(url, usePrivateGlobal);
+		const module = createModule(url, usePrivateGlobal);
 		moduleCache.set(url, module);
 
 		return module;
@@ -270,10 +344,11 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 
 		// Only link/evaluate once per module
 		if (!linkingPromises.has(url)) {
-			linkingPromises.set(
-				url,
-				module.link(linker).then(() => module.evaluate())
-			);
+			const linkingPromise = (async () => {
+				await module.link(linker);
+				await module.evaluate();
+			})();
+			linkingPromises.set(url, linkingPromise);
 		}
 
 		// Wait for linking to complete
@@ -288,7 +363,7 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 		let module: SourceTextModule | SyntheticModule;
 
 		// Handle special built-in modules
-		if (url === 'harper' || url === 'harperdb') {
+		if (url === 'harper') {
 			let harperExports = getHarperExports(scope);
 			module = new SyntheticModule(
 				Object.keys(harperExports),
@@ -299,7 +374,7 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 				},
 				{ identifier: url, context }
 			);
-		} else if (url.startsWith('file://')) {
+		} else if (url.startsWith('file://') && usePrivateGlobal) {
 			checkAllowedModulePath(url, scope.verifyPath);
 			let source = await readFile(new URL(url), { encoding: 'utf-8' });
 
@@ -320,67 +395,51 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 					source = await stripTypeScriptTypes(source);
 				}
 
-				// Try to parse as ESM first
+				// Try CJS first since it will fail fast with clear syntax errors on ESM syntax
 				try {
-					module = new SourceTextModule(source, {
-						identifier: url,
-						context,
-						initializeImportMeta(meta) {
-							meta.url = url;
-						},
-						async importModuleDynamically(specifier: string) {
-							const resolvedUrl = resolveModule(specifier, url);
-							const dynamicModule = await loadModuleWithCache(resolvedUrl, true);
-							return dynamicModule;
-						},
-					});
-				} catch (err) {
-					// If ESM parsing fails, try to load as CommonJS
-					if (
-						err.message?.includes('require is not defined') ||
-						source.includes('module.exports') ||
-						source.includes('exports.')
-					) {
-						module = loadCJSModule(url, source, usePrivateGlobal);
-					} else {
-						throw err;
+					module = loadCJSModule(url, source, usePrivateGlobal);
+				} catch {
+					// If CJS loading fails (likely due to ESM syntax like import/export), try ESM
+					try {
+						module = new SourceTextModule(source, {
+							identifier: url,
+							context,
+							initializeImportMeta(meta) {
+								meta.url = url;
+							},
+							async importModuleDynamically(specifier: string) {
+								const resolvedUrl = resolveModule(specifier, url);
+								const dynamicModule = await loadModuleWithCache(resolvedUrl, true);
+								return dynamicModule;
+							},
+						});
+					} catch (esmErr) {
+						// Both failed - throw the ESM error as it's likely more relevant
+						throw esmErr;
 					}
 				}
 			}
 		} else {
 			const replacedModule = checkAllowedModulePath(url, scope.verifyPath);
-			// For Node.js built-in modules (node:) and npm packages
+			// For Node.js built-in modules (node:) and npm packages without dependency containment
 			// Always try require first to properly handle CJS modules with named exports
-			try {
-				const cjsExports = replacedModule ?? require(url);
-				// It's a CJS module - expose all properties as named exports
-				const exportNames = Object.keys(cjsExports);
-				module = new SyntheticModule(
-					exportNames.length > 0 ? [...exportNames, 'default'] : ['default'],
-					function () {
-						if (exportNames.length > 0) {
-							for (const key of exportNames) {
-								this.setExport(key, cjsExports[key]);
-							}
-						}
-						this.setExport('default', cjsExports);
-					},
-					{ identifier: url, context }
-				);
-			} catch {
-				// Fall back to dynamic import for ESM packages
-				const importedModule = await import(url);
-				const exportNames = Object.keys(importedModule);
-				module = new SyntheticModule(
-					exportNames,
-					function () {
-						for (const key of exportNames) {
-							this.setExport(key, importedModule[key]);
-						}
-					},
-					{ identifier: url, context }
-				);
+			// Fall back to dynamic import for ESM packages
+			let importedModule = replacedModule ?? (await import(url));
+			const cjsModule = importedModule['module.exports'];
+			if (cjsModule) {
+				// back-compat import
+				importedModule = importedModule.default ? { default: importedModule.default, ...cjsModule } : cjsModule;
 			}
+			const exportNames = Object.keys(importedModule);
+			module = new SyntheticModule(
+				exportNames,
+				function () {
+					for (const key of exportNames) {
+						this.setExport(key, importedModule[key]);
+					}
+				},
+				{ identifier: url, context }
+			);
 		}
 
 		return module;
@@ -404,7 +463,15 @@ async function getCompartment(scope: ApplicationScope, globals) {
 		{
 			name: 'harper-app',
 			resolveHook(moduleSpecifier, moduleReferrer) {
-				if (moduleSpecifier === 'harperdb' || moduleSpecifier === 'harper') return 'harper';
+				if (HARPER_MODULE_IDS.has(moduleSpecifier)) {
+					return 'harper'; // resolve any harper package as an alias to a single synthetic module
+				}
+				const parts = moduleSpecifier.split('/');
+				if (parts[0] === 'harper') {
+					// block harper/* for now (reserving for potential future use)
+					throw new Error(`Module ${moduleSpecifier} is not allowed, may only access the 'harper' module`);
+				}
+
 				const resolved = createRequire(moduleReferrer).resolve(moduleSpecifier);
 				if (isAbsolute(resolved)) {
 					const resolvedURL = pathToFileURL(resolved).toString();
@@ -523,6 +590,25 @@ function getHarperExports(scope: ApplicationScope) {
 		authenticateUser: server.authenticateUser,
 		operation: server.operation,
 		contentTypes,
+		Attribute: undefined,
+		Config: undefined,
+		ConfigValue: undefined,
+		Context: undefined,
+		FileAndURLPathConfig: undefined,
+		FilesOption: undefined,
+		FilesOptionObject: undefined,
+		IterableEventQueue: undefined,
+		Logger: undefined,
+		Query: undefined,
+		RecordObject: undefined,
+		RequestTargetOrId: undefined,
+		ResourceInterface: undefined,
+		Scope: undefined,
+		Session: undefined,
+		SourceContext: undefined,
+		SubscriptionRequest: undefined,
+		Table: undefined,
+		User: undefined,
 	};
 }
 const ALLOWED_NODE_BUILTIN_MODULES = env.get(CONFIG_PARAMS.APPLICATIONS_ALLOWEDBUILTINMODULES)
@@ -534,14 +620,19 @@ const ALLOWED_NODE_BUILTIN_MODULES = env.get(CONFIG_PARAMS.APPLICATIONS_ALLOWEDB
 			},
 		};
 const ALLOWED_COMMANDS = new Set(env.get(CONFIG_PARAMS.APPLICATIONS_ALLOWEDSPAWNCOMMANDS) ?? []);
-const REPLACED_BUILTIN_MODULES = {
-	child_process: {
-		exec: createSpawn(child_process.exec),
-		execFile: createSpawn(child_process.execFile),
-		fork: createSpawn(child_process.fork, true), // this is launching node, so deemed safe
-		spawn: createSpawn(child_process.spawn),
+const child_processConstrained = {
+	exec: createSpawn(child_process.exec),
+	execFile: createSpawn(child_process.execFile),
+	fork: createSpawn(child_process.fork, true), // this is launching node, so deemed safe
+	spawn: createSpawn(child_process.spawn),
+	execSync: function () {
+		throw new Error('execSync is not allowed');
 	},
 };
+child_processConstrained.default = child_processConstrained;
+const REPLACED_BUILTIN_MODULES = {
+	child_process: child_processConstrained,
+};
 /**
  * Creates a ChildProcess-like object for an existing process
  */

package/core/server/REST.ts

@@ -4,7 +4,7 @@ import * as harperLogger from '../utility/logging/harper_logger.js';
 import { ServerOptions } from 'http';
 import { ServerError, ClientError } from '../utility/errors/hdbError.js';
 import { Resources } from '../resources/Resources.ts';
-import { Resource } from '../resources/Resource.ts';
+import { Resource, missingMethod, allowedMethods } from '../resources/Resource.ts';
 import { IterableEventQueue } from '../resources/IterableEventQueue.ts';
 import { transaction } from '../resources/transaction.ts';
 import { Headers, mergeHeaders } from '../server/serverHelpers/Headers.ts';
@@ -114,29 +114,38 @@ async function http(request: Context & Request, nextHandler) {
 			switch (method) {
 				case 'GET':
 				case 'HEAD':
-					return resource.get(target, request);
+					return resource.get ? resource.get(target, request) : missingMethod(resource, 'get');
 				case 'POST':
-					return resource.post(target, request.data, request);
+					return resource.post ? resource.post(target, request.data, request) : missingMethod(resource, 'post');
 				case 'PUT':
-					return resource.put(target, request.data, request);
+					return resource.put ? resource.put(target, request.data, request) : missingMethod(resource, 'put');
 				case 'DELETE':
-					return resource.delete(target, request);
+					return resource.delete ? resource.delete(target, request) : missingMethod(resource, 'delete');
 				case 'PATCH':
-					return resource.patch(target, request.data, request);
+					return resource.patch ? resource.patch(target, request.data, request) : missingMethod(resource, 'patch');
 				case 'OPTIONS': // used primarily for CORS
-					headers.setIfNone('Allow', 'GET, HEAD, POST, PUT, DELETE, PATCH, OPTIONS, TRACE, QUERY, COPY, MOVE');
+					headers.setIfNone(
+						'Allow',
+						allowedMethods(resource)
+							.map((method) => method.toUpperCase())
+							.join(', ')
+					);
 					return;
 				case 'CONNECT':
 					// websockets? and event-stream
-					return resource.connect(target, null, request);
+					return resource.connect ? resource.connect(target, null, request) : missingMethod(resource, 'connect');
 				case 'TRACE':
 					return 'Harper is the terminating server';
 				case 'QUERY':
-					return resource.query(target, request.data, request);
+					return resource.query ? resource.query(target, request.data, request) : missingMethod(resource, 'query');
 				case 'COPY': // methods suggested from webdav RFC 4918
-					return resource.copy(target, headersObject.destination, request);
+					return resource.copy
+						? resource.copy(target, headersObject.destination, request)
+						: missingMethod(resource, 'copy');
 				case 'MOVE':
-					return resource.move(target, headersObject.destination, request);
+					return resource.move
+						? resource.move(target, headersObject.destination, request)
+						: missingMethod(resource, 'move');
 				case 'BREW': // RFC 2324
 					throw new ClientError("Harper is short and stout and can't brew coffee", 418);
 				default:

package/core/server/http.ts

@@ -8,7 +8,7 @@ import harperLogger from '../utility/logging/harper_logger.js';
 import { parentPort } from 'node:worker_threads';
 import env from '../utility/environment/environmentManager.js';
 import * as terms from '../utility/hdbTerms.ts';
-import { resolvePath } from '../config/configUtils.js';
+import { getConfigPath } from '../config/configUtils.js';
 import { getTicketKeys } from './threads/manageThreads.js';
 import { createTLSSelector } from '../security/keys.js';
 import { createSecureServer } from 'node:http2';
@@ -181,7 +181,7 @@ function getPorts(options) {
 
 	if (options?.usageType === 'operations-api' && env.get(terms.CONFIG_PARAMS.OPERATIONSAPI_NETWORK_DOMAINSOCKET)) {
 		ports.push({
-			port: resolvePath(env.get(terms.CONFIG_PARAMS.OPERATIONSAPI_NETWORK_DOMAINSOCKET)),
+			port: getConfigPath(terms.CONFIG_PARAMS.OPERATIONSAPI_NETWORK_DOMAINSOCKET),
 			secure: false,
 		});
 	}
@@ -209,7 +209,7 @@ function getHTTPServer(port: number, secure: boolean, options: ServerOptions) {
 	setPortServerMap(port, { protocol_name: secure ? 'HTTPS' : 'HTTP', name: getComponentName() });
 	if (!httpServers[port]) {
 		// TODO: These should all come from httpOptions or operationsApiOptions
-		const serverPrefix = isOperationsServer ? 'operationsApi_network' : 'http';
+		const serverPrefix = isOperationsServer ? 'operationsApi_network' : (usageType ?? 'http');
 		const keepAliveTimeout = env.get(serverPrefix + '_keepAliveTimeout');
 		const requestTimeout = env.get(serverPrefix + '_timeout');
 		const headersTimeout = env.get(serverPrefix + '_headersTimeout');

package/core/server/itc/serverHandlers.js

@@ -149,7 +149,7 @@ async function componentStatusRequestHandler(event) {
 			if (originatorThreadId === undefined) {
 				hdbLogger.debug('No originator threadId, falling back to broadcast');
 			} else {
-				hdbLogger.warn(`Failed to send direct response to thread ${originatorThreadId}, falling back to broadcast`);
+				hdbLogger.debug(`Failed to send direct response to thread ${originatorThreadId}, falling back to broadcast`);
 			}
 			await sendItcEvent(responseMessage);
 		}

package/core/static/defaultConfig.yaml

@@ -26,7 +26,7 @@ analytics:
 applications:
   lockdown: freeze
   containment: vm
-  dependencyContainment: false
+  dependencyContainment: auto
   allowedSpawnCommands:
     - npm
     - node

package/core/utility/hdbTerms.ts

@@ -426,6 +426,7 @@ export const LEGACY_CONFIG_PARAMS = {
 export const CONFIG_PARAMS = {
 	ANALYTICS_AGGREGATEPERIOD: 'analytics_aggregatePeriod',
 	ANALYTICS_REPLICATE: 'analytics_replicate',
+	ANALYTICS_STORAGEINTERVAL: 'analytics_storageInterval',
 	AUTHENTICATION_AUTHORIZELOCAL: 'authentication_authorizeLocal',
 	AUTHENTICATION_CACHETTL: 'authentication_cacheTTL',
 	AUTHENTICATION_COOKIE_DOMAINS: 'authentication_cookie_domains',

package/core/utility/logging/harper_logger.js

@@ -82,7 +82,7 @@ function updateLogger(logger, logOptions, name) {
 	logger.logToStdstreams = logOptions.stdStreams ?? false;
 	// if there is a configured tag or if a component is logging to default/main log path, use the component name as the tag
 	// to differentiate it
-	logger.tag = logOptions.tag ?? (mainLogger.path === logger.path && name);
+	logger.tag = logOptions.tag ?? ((mainLogger.path === logger.path || externalLogger.path === logger.path) && name);
 }
 // creates a logger where the methods are only defined if they are within the log level.
 // Using this conditional logger means that every method call must be optional like log.trace?.('message),
@@ -98,6 +98,14 @@ function updateConditional(logger) {
 	conditional.debug = LOG_LEVEL_HIERARCHY.debug >= logger.level ? logger.debug.bind(logger) : undefined;
 	conditional.trace = LOG_LEVEL_HIERARCHY.trace >= logger.level ? logger.trace.bind(logger) : undefined;
 }
+/**
+ * Resolve a config path value against rootPath if it is relative.
+ */
+function resolveLogPath(configPath, rootPath) {
+	if (!configPath || !rootPath) return configPath;
+	if (pathModule.isAbsolute(configPath)) return configPath;
+	return pathModule.resolve(rootPath, configPath);
+}
 async function updateLogSettings() {
 	if (!rootConfig) {
 		// set up the initial watcher
@@ -109,11 +117,23 @@ async function updateLogSettings() {
 	}
 	let rootConfigObject = rootConfig.config;
 	const logOptions = rootConfigObject.logging ?? {};
+	// Resolve relative paths against rootPath from the same config
+	const rootPath = rootConfigObject.rootPath;
+	if (logOptions.root) {
+		logOptions.root = resolveLogPath(logOptions.root, rootPath);
+	}
+	if (logOptions.rotation?.path) {
+		logOptions.rotation.path = resolveLogPath(logOptions.rotation.path, rootPath);
+	}
 	updateLogger(mainLogger, logOptions);
 	logFilePath = mainLogger.path;
 	logConsole = logOptions.console ?? false;
 	if (logOptions.external) {
 		updateLogger(externalLogger, logOptions.external);
+		for (let [name, component] of mainLogger.components) {
+			if (!(rootConfigObject[name] && rootConfigObject[name].logging) && component.isExternal)
+				updateLogger(component, logOptions.external, name);
+		}
 	}
 	for (const name in rootConfigObject) {
 		// we now scan each component to see if it has logging individual configured
@@ -121,7 +141,8 @@ async function updateLogSettings() {
 		if (component.logging) {
 			updateLogger(mainLogger.forComponent(name), component.logging, name);
 		} else if (mainLogger.hasComponent(name)) {
-			updateLogger(mainLogger.forComponent(name), logOptions, name);
+			const componentLogger = mainLogger.forComponent(name);
+			updateLogger(componentLogger, (componentLogger.isExternal && logOptions.external) ?? logOptions, name);
 		}
 	}
 }
@@ -226,7 +247,7 @@ module.exports = {
 	createLogger,
 	logsAtLevel,
 	getLogFilePath: () => logFilePath,
-	forComponent: (name) => mainLogger.forComponent(name),
+	forComponent: (name, isExternal) => mainLogger.forComponent(name, isExternal),
 	setMainLogger,
 	setLogLevel,
 	OUTPUTS,
@@ -273,6 +294,9 @@ module.exports.externalLogger = {
 	loggerWithTag(tag) {
 		return externalLogger.withTag(tag);
 	},
+	forComponent(name) {
+		return externalLogger.forComponent(name);
+	},
 };
 _assignPackageExport('logger', module.exports.externalLogger);
 
@@ -467,7 +491,7 @@ function createLogger({
 	component,
 }) {
 	if (!logLevel) logLevel = 'info';
-	let level = LOG_LEVEL_HIERARCHY[logLevel];
+	let level = typeof logLevel === 'number' ? logLevel : LOG_LEVEL_HIERARCHY[logLevel];
 	let logger;
 	/**
 	 * Log to std out and/or file
@@ -549,25 +573,29 @@ function createLogger({
 	logger.logToStdstreams = logToStdstreams;
 	if (!component) {
 		let components = new Map();
-		logger.forComponent = function (name) {
+		logger.forComponent = function (name, isExternal = false) {
 			let componentLogger = components.get(name);
 			if (!componentLogger) {
+				const protoLogger = isExternal ? externalLogger : logger;
 				componentLogger = createLogger({
-					path: logFilePath,
-					level: logLevel,
-					stdStreams: logToStdstreams,
-					isExternalInstance: name === 'external',
-					rotation,
+					path: protoLogger.path,
+					level: protoLogger.level,
+					stdStreams: protoLogger.logToStdstreams,
+					isExternalInstance: isExternal || name === 'external',
+					rotation: protoLogger.rotation,
 					writeToLog,
 					component: true,
 				});
+				componentLogger.tag = name;
 				components.set(name, componentLogger);
 			}
+			if (isExternal) componentLogger.isExternal = true;
 			return componentLogger;
 		};
 		logger.hasComponent = function (name) {
 			return components.has(name);
 		};
+		logger.components = components;
 	}
 	return logger;
 }
@@ -793,13 +821,18 @@ function getLogConfig(hdbConfigPath) {
 			};
 		}
 		const configDoc = YAML.parseDocument(fs.readFileSync(hdbConfigPath, 'utf8'));
+		const rootPath = configDoc.getIn(['rootPath']);
 		const level = configDoc.getIn(['logging', 'level']);
-		const configLogPath = configDoc.getIn(['logging', 'root']);
+		const configLogPath = resolveLogPath(configDoc.getIn(['logging', 'root']), rootPath);
 		const toFile = configDoc.getIn(['logging', 'file']);
 		const toStream = configDoc.getIn(['logging', 'stdStreams']);
 		const logConsole = configDoc.getIn(['logging', 'console']);
 		const colorMode = configDoc.getIn(['logging', 'colors']) ?? true; // default to true
 		const rotation = configDoc.getIn(['logging', 'rotation'])?.toJSON();
+		// Resolve rotation path if relative
+		if (rotation?.path) {
+			rotation.path = resolveLogPath(rotation.path, rootPath);
+		}
 
 		return {
 			level,