@overcastsre/node 1.0.0

package/README.md

@@ -0,0 +1,47 @@
+# @overcast/node
+
+Overcast SRE monitoring SDK for Node.js. One install, one line — captures everything.
+
+## Install
+
+```bash
+npm install @overcast/node
+```
+
+## Usage
+
+```js
+require('@overcast/node').init({ apiKey: 'oc_...', serviceName: 'my-api' });
+```
+
+That's it. The SDK automatically captures:
+
+- All `console.log/info/debug/warn/error` output
+- Uncaught exceptions and unhandled promise rejections
+- All outgoing HTTP/HTTPS requests (status, latency, request/response bodies)
+- Process warnings and deprecations
+- Memory usage, event-loop lag, handle leaks
+- Stack traces with full context
+
+## Express Middleware (optional)
+
+```js
+const overcast = require('@overcast/node');
+overcast.init({ apiKey: 'oc_...' });
+
+const app = express();
+app.use(overcast.middleware()); // Captures all incoming requests
+```
+
+## Options
+
+| Option | Default | Description |
+|---|---|---|
+| `apiKey` | required | Your Overcast API key |
+| `serviceName` | `'node-app'` | Service name in the dashboard |
+| `environment` | `NODE_ENV` | `'production'`, `'staging'`, etc. |
+| `encryptPayload` | `false` | AES-256-GCM encrypt payloads |
+| `encryptionKey` | `''` | 32-byte hex key for encryption |
+| `sanitize` | `true` | Redact PII (passwords, tokens, etc.) |
+| `batchSize` | `50` | Logs per batch |
+| `flushInterval` | `5000` | Flush interval in ms |

package/index.js

@@ -0,0 +1,784 @@
+/**
+ * @overcast/node — Overcast SRE Monitoring SDK for Node.js
+ *
+ * Captures EVERYTHING from your Node.js application:
+ *   - All console output (log, info, debug, warn, error)
+ *   - Uncaught exceptions & unhandled promise rejections
+ *   - Process warnings & deprecations
+ *   - All outgoing HTTP/HTTPS requests (status, latency, body)
+ *   - Express / Fastify / Koa / Hono middleware (incoming requests)
+ *   - Memory usage, event-loop lag, CPU spikes
+ *   - Stack traces with source context
+ *
+ * Usage — literally two lines:
+ *   const overcast = require('@overcast/node');
+ *   overcast.init({ apiKey: 'oc_...', serviceName: 'my-api' });
+ *
+ * That's it. Everything is captured automatically.
+ *
+ * @module @overcast/node
+ */
+
+'use strict';
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONFIGURATION & STATE
+// ═══════════════════════════════════════════════════════════════════════════════
+
+let _config = {
+  apiKey: '',
+  serviceName: 'node-app',
+  environment: process.env.NODE_ENV || 'production',
+  baseUrl: 'https://platform.overcastsre.com',
+  version: '',
+
+  // What to capture
+  captureConsole: true,         // All console.log/info/debug/warn/error
+  captureExceptions: true,      // Uncaught exceptions
+  captureRejections: true,      // Unhandled promise rejections
+  captureHttp: true,            // Outgoing HTTP/HTTPS calls
+  capturePerformance: true,     // Memory, event-loop lag
+  captureProcessWarnings: true, // Process warnings & deprecations
+
+  // Thresholds
+  slowRequestThreshold: 5000,   // ms — flag outgoing calls slower than this
+  memoryWarningPercent: 85,     // % — flag when heap usage exceeds this
+  eventLoopLagThreshold: 100,   // ms — flag when event loop lag exceeds this
+
+  // Batching
+  batchSize: 50,                // Send after N logs
+  flushInterval: 5000,          // Or every N ms
+  maxBufferSize: 1000,          // Drop oldest logs if buffer exceeds this
+
+  // Sampling (1.0 = 100%)
+  logSamplingRate: 1.0,
+  httpSamplingRate: 1.0,
+
+  // Security
+  encryptPayload: false,        // AES-256-GCM encrypt payloads before sending
+  encryptionKey: '',            // 32-byte hex key for AES-256-GCM
+  sanitize: true,               // Redact PII (passwords, tokens, emails, etc.)
+
+  // Debug
+  debug: false,
+};
+
+let _initialized = false;
+let _sending = false;
+let _buffer = [];
+let _flushTimer = null;
+let _perfTimer = null;
+let _originals = {};
+
+const INGEST_ENDPOINT = '/api/v1/ingest/logs';
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PUBLIC API
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Initialize Overcast monitoring. Call once at application startup.
+ *
+ * @param {Object} options
+ * @param {string} options.apiKey - Your Overcast API key (required)
+ * @param {string} options.serviceName - Name for this service in the dashboard
+ * @param {string} [options.environment] - 'production', 'staging', etc.
+ * @param {string} [options.baseUrl] - Overcast platform URL
+ * @param {boolean} [options.encryptPayload] - AES-256-GCM encrypt log payloads
+ * @param {string} [options.encryptionKey] - 32-byte hex key for encryption
+ */
+function init(options = {}) {
+  if (_initialized) {
+    _debugLog('Already initialized, skipping.');
+    return module.exports;
+  }
+
+  if (!options.apiKey) {
+    console.error('[Overcast] apiKey is required. Get yours at https://overcastsre.com/settings');
+    return module.exports;
+  }
+
+  Object.assign(_config, options);
+  _initialized = true;
+
+  // Install all interceptors
+  if (_config.captureConsole) _installConsoleCapture();
+  if (_config.captureExceptions) _installExceptionCapture();
+  if (_config.captureRejections) _installRejectionCapture();
+  if (_config.captureProcessWarnings) _installWarningCapture();
+  if (_config.captureHttp) _installHttpCapture();
+  if (_config.capturePerformance) _installPerformanceCapture();
+
+  // Flush on exit
+  _installShutdownHandlers();
+
+  // Start flush timer
+  _flushTimer = setInterval(_flush, _config.flushInterval);
+  if (_flushTimer.unref) _flushTimer.unref(); // Don't keep process alive
+
+  _debugLog(`Initialized for service "${_config.serviceName}" in ${_config.environment}`);
+
+  // Send init heartbeat
+  _enqueue('INFO', 'Overcast SDK initialized', {
+    type: 'sdk_init',
+    sdkVersion: '1.0.0',
+    nodeVersion: process.version,
+    platform: process.platform,
+    arch: process.arch,
+  });
+
+  return module.exports;
+}
+
+/**
+ * Manually log at any level.
+ */
+function error(message, metadata) { _enqueue('ERROR', message, { ...metadata, type: 'manual' }); }
+function warn(message, metadata) { _enqueue('WARNING', message, { ...metadata, type: 'manual' }); }
+function info(message, metadata) { _enqueue('INFO', message, { ...metadata, type: 'manual' }); }
+function debug(message, metadata) { _enqueue('DEBUG', message, { ...metadata, type: 'manual' }); }
+
+/**
+ * Capture an exception manually.
+ */
+function captureException(err, metadata = {}) {
+  if (!(err instanceof Error)) err = new Error(String(err));
+  _enqueue('ERROR', err.message, {
+    ...metadata,
+    type: 'captured_exception',
+    error: { name: err.name, message: err.message, stack: err.stack },
+  });
+}
+
+/**
+ * Express/Connect middleware — captures all incoming requests.
+ *
+ * Usage:
+ *   const app = express();
+ *   app.use(overcast.middleware());
+ */
+function middleware() {
+  return function overcastMiddleware(req, res, next) {
+    const start = Date.now();
+    const originalEnd = res.end;
+
+    res.end = function (...args) {
+      const duration = Date.now() - start;
+      const level = res.statusCode >= 500 ? 'ERROR' : res.statusCode >= 400 ? 'WARNING' : 'INFO';
+
+      _enqueue(level, `${req.method} ${req.originalUrl || req.url} ${res.statusCode} ${duration}ms`, {
+        type: 'http_incoming',
+        method: req.method,
+        url: req.originalUrl || req.url,
+        statusCode: res.statusCode,
+        duration,
+        userAgent: req.headers['user-agent'],
+        ip: req.ip || req.connection?.remoteAddress,
+        contentLength: res.getHeader('content-length'),
+        query: req.query,
+      });
+
+      originalEnd.apply(this, args);
+    };
+
+    next();
+  };
+}
+
+/**
+ * Force-flush all buffered logs immediately.
+ * Returns a Promise that resolves when the flush completes.
+ */
+function flush() {
+  return _flush();
+}
+
+/**
+ * Gracefully shut down the SDK. Flushes remaining logs.
+ */
+async function shutdown() {
+  if (_flushTimer) clearInterval(_flushTimer);
+  if (_perfTimer) clearInterval(_perfTimer);
+  await _flush();
+  _initialized = false;
+  _debugLog('Shutdown complete.');
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CONSOLE CAPTURE — intercepts ALL console methods
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _installConsoleCapture() {
+  const methods = ['log', 'info', 'debug', 'warn', 'error', 'trace'];
+  const levelMap = { log: 'INFO', info: 'INFO', debug: 'DEBUG', warn: 'WARNING', error: 'ERROR', trace: 'DEBUG' };
+
+  for (const method of methods) {
+    _originals[`console_${method}`] = console[method];
+    console[method] = function (...args) {
+      // Always call original first
+      _originals[`console_${method}`].apply(console, args);
+
+      // Prevent recursion
+      if (_sending) return;
+
+      // Sampling
+      if (Math.random() > _config.logSamplingRate) return;
+
+      const { message, errorObj } = _formatArgs(args);
+      const meta = { type: `console_${method}` };
+      if (errorObj) {
+        meta.error = { name: errorObj.name, message: errorObj.message, stack: errorObj.stack };
+      }
+
+      _enqueue(levelMap[method] || 'INFO', message, meta);
+    };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXCEPTION & REJECTION CAPTURE
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _installExceptionCapture() {
+  process.on('uncaughtException', (err, origin) => {
+    _enqueue('ERROR', `Uncaught Exception: ${err.message}`, {
+      type: 'uncaught_exception',
+      origin,
+      error: { name: err.name, message: err.message, stack: err.stack },
+    });
+    _flush(); // Flush immediately — process may die
+  });
+}
+
+function _installRejectionCapture() {
+  process.on('unhandledRejection', (reason, promise) => {
+    const err = reason instanceof Error ? reason : new Error(String(reason));
+    _enqueue('ERROR', `Unhandled Promise Rejection: ${err.message}`, {
+      type: 'unhandled_rejection',
+      error: { name: err.name, message: err.message, stack: err.stack },
+    });
+  });
+}
+
+function _installWarningCapture() {
+  process.on('warning', (warning) => {
+    _enqueue('WARNING', `Process Warning: ${warning.message}`, {
+      type: 'process_warning',
+      warningName: warning.name,
+      warningCode: warning.code,
+      stack: warning.stack,
+    });
+  });
+
+  // Capture deprecations
+  const origEmit = process.emit;
+  process.emit = function (event, ...args) {
+    if (event === 'deprecation' && args[0]) {
+      const dep = args[0];
+      _enqueue('WARNING', `Deprecation: ${dep.message || dep}`, {
+        type: 'deprecation',
+        code: dep.code,
+      });
+    }
+    return origEmit.apply(this, [event, ...args]);
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// HTTP CAPTURE — intercepts ALL outgoing http/https requests
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _installHttpCapture() {
+  try {
+    const http = require('http');
+    const https = require('https');
+
+    _wrapHttpModule(http, 'http');
+    _wrapHttpModule(https, 'https');
+  } catch (err) {
+    _debugLog('Could not wrap http/https modules:', err.message);
+  }
+}
+
+function _wrapHttpModule(mod, protocol) {
+  const originalRequest = mod.request;
+  const originalGet = mod.get;
+
+  mod.request = function (...args) {
+    const req = originalRequest.apply(this, args);
+    return _instrumentRequest(req, args, protocol);
+  };
+
+  mod.get = function (...args) {
+    const req = originalGet.apply(this, args);
+    return _instrumentRequest(req, args, protocol);
+  };
+}
+
+function _instrumentRequest(req, args, protocol) {
+  // Parse URL
+  let url = '', method = 'GET', hostname = '';
+  if (typeof args[0] === 'string' || args[0] instanceof URL) {
+    const parsed = new URL(typeof args[0] === 'string' ? args[0] : args[0].href);
+    url = parsed.href;
+    hostname = parsed.hostname;
+  } else if (args[0] && typeof args[0] === 'object') {
+    hostname = args[0].hostname || args[0].host || 'unknown';
+    const path = args[0].path || '/';
+    url = `${protocol}://${hostname}${path}`;
+    method = args[0].method || 'GET';
+  }
+
+  // Skip Overcast's own calls
+  if (url.includes(_config.baseUrl)) return req;
+
+  // Sampling
+  if (Math.random() > _config.httpSamplingRate) return req;
+
+  const startTime = Date.now();
+  const bodyChunks = [];
+
+  // Capture request body
+  const origWrite = req.write.bind(req);
+  req.write = function (chunk, ...rest) {
+    if (chunk) bodyChunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    return origWrite(chunk, ...rest);
+  };
+
+  req.on('response', (res) => {
+    const duration = Date.now() - startTime;
+    const responseChunks = [];
+
+    res.on('data', (chunk) => responseChunks.push(chunk));
+    res.on('end', () => {
+      let requestBody = _parseBody(bodyChunks);
+      let responseBody = _parseBody(responseChunks);
+
+      const meta = {
+        type: 'http_outgoing',
+        protocol,
+        method,
+        url,
+        hostname,
+        statusCode: res.statusCode,
+        statusMessage: res.statusMessage,
+        duration,
+        requestBody,
+        responseBody,
+        responseHeaders: _sanitizeHeaders(res.headers),
+      };
+
+      // Slow request
+      if (duration > _config.slowRequestThreshold) {
+        _enqueue('WARNING', `Slow outgoing request: ${method} ${url} took ${duration}ms`, { ...meta, type: 'slow_http_outgoing' });
+      }
+
+      // Failed request
+      if (res.statusCode >= 400) {
+        const level = res.statusCode >= 500 ? 'ERROR' : 'WARNING';
+        _enqueue(level, `HTTP ${res.statusCode}: ${method} ${url}`, meta);
+      } else {
+        _enqueue('DEBUG', `HTTP ${res.statusCode}: ${method} ${url} (${duration}ms)`, meta);
+      }
+    });
+  });
+
+  req.on('error', (err) => {
+    const duration = Date.now() - startTime;
+    _enqueue('ERROR', `Network error: ${method} ${url} — ${err.message}`, {
+      type: 'http_network_error',
+      method, url, hostname, duration, protocol,
+      error: { name: err.name, message: err.message, stack: err.stack },
+    });
+  });
+
+  req.on('timeout', () => {
+    const duration = Date.now() - startTime;
+    _enqueue('ERROR', `Request timeout: ${method} ${url} after ${duration}ms`, {
+      type: 'http_timeout',
+      method, url, hostname, duration, protocol,
+    });
+  });
+
+  return req;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PERFORMANCE CAPTURE — memory, event-loop lag, CPU
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _installPerformanceCapture() {
+  let lastLoopCheck = Date.now();
+
+  _perfTimer = setInterval(() => {
+    // Memory usage
+    const mem = process.memoryUsage();
+    const heapUsedMB = (mem.heapUsed / 1048576).toFixed(1);
+    const heapTotalMB = (mem.heapTotal / 1048576).toFixed(1);
+    const rssMB = (mem.rss / 1048576).toFixed(1);
+    const heapPercent = (mem.heapUsed / mem.heapTotal) * 100;
+
+    if (heapPercent > _config.memoryWarningPercent) {
+      _enqueue('WARNING', `High memory usage: ${heapPercent.toFixed(1)}% heap (${heapUsedMB}MB / ${heapTotalMB}MB)`, {
+        type: 'performance_memory',
+        heapUsedMB: +heapUsedMB,
+        heapTotalMB: +heapTotalMB,
+        rssMB: +rssMB,
+        heapPercent: +heapPercent.toFixed(1),
+        externalMB: +(mem.external / 1048576).toFixed(1),
+      });
+    }
+
+    // Event loop lag
+    const now = Date.now();
+    const lag = now - lastLoopCheck - 30000; // Timer fires every 30s
+    lastLoopCheck = now;
+    if (lag > _config.eventLoopLagThreshold) {
+      _enqueue('WARNING', `Event loop lag: ${lag}ms`, {
+        type: 'performance_event_loop_lag',
+        lagMs: lag,
+      });
+    }
+
+    // Active handles/requests (leak detection)
+    const handles = process._getActiveHandles?.()?.length || 0;
+    const requests = process._getActiveRequests?.()?.length || 0;
+    if (handles > 500) {
+      _enqueue('WARNING', `High active handles: ${handles}`, {
+        type: 'performance_handle_leak',
+        activeHandles: handles,
+        activeRequests: requests,
+      });
+    }
+  }, 30000);
+
+  if (_perfTimer.unref) _perfTimer.unref();
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SHUTDOWN HANDLERS — flush before process exits
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _installShutdownHandlers() {
+  const signals = ['SIGINT', 'SIGTERM', 'SIGQUIT'];
+
+  for (const sig of signals) {
+    process.on(sig, () => {
+      _enqueue('INFO', `Process received ${sig}`, { type: 'process_signal', signal: sig });
+      _flush();
+    });
+  }
+
+  process.on('beforeExit', () => {
+    _flush();
+  });
+
+  process.on('exit', (code) => {
+    // Synchronous flush on exit (best effort)
+    _enqueue('INFO', `Process exiting with code ${code}`, { type: 'process_exit', exitCode: code });
+    _flushSync();
+  });
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// DATA SANITIZATION — redact PII, secrets, tokens
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _sanitize(data) {
+  if (!_config.sanitize) return data;
+  if (data === null || data === undefined) return data;
+
+  if (typeof data === 'string') return _sanitizeString(data);
+  if (typeof data === 'number' || typeof data === 'boolean') return data;
+  if (data instanceof Error) {
+    return { name: data.name, message: _sanitizeString(data.message), stack: data.stack ? _sanitizeString(data.stack) : undefined };
+  }
+  if (Array.isArray(data)) return data.map(d => _sanitize(d));
+
+  if (typeof data === 'object') {
+    const out = {};
+    for (const key of Object.keys(data)) {
+      const lk = key.toLowerCase();
+      if (_isSensitiveKey(lk)) {
+        out[key] = '[REDACTED]';
+      } else {
+        try { out[key] = _sanitize(data[key]); } catch { out[key] = '[Unserializable]'; }
+      }
+    }
+    return out;
+  }
+  return data;
+}
+
+function _isSensitiveKey(k) {
+  return /password|passwd|pwd|secret|token|auth|apikey|api_key|access_key|private_key|credential|credit|card|ssn|social|cookie|session_id/.test(k);
+}
+
+function _sanitizeString(str) {
+  if (typeof str !== 'string') return str;
+  return str
+    // Passwords in key=value
+    .replace(/\b(password|passwd|pwd|secret|pass)\s*[:=]\s*["']?([^\s"',;}\]]+)["']?/gi, '$1=[REDACTED]')
+    // Bearer tokens
+    .replace(/\b(Bearer)\s+[A-Za-z0-9\-._~+\/]+=*/gi, '$1 [REDACTED]')
+    // JWTs
+    .replace(/\beyJ[A-Za-z0-9\-_=]+\.eyJ[A-Za-z0-9\-_=]+\.[A-Za-z0-9\-_.+\/=]*/g, '[REDACTED_JWT]')
+    // API keys (sk_, pk_, etc.)
+    .replace(/\b(sk_|pk_|api_|key_|token_)[A-Za-z0-9]{16,}/gi, '[REDACTED_KEY]')
+    // AWS keys
+    .replace(/\b(AKIA|ASIA)[A-Z0-9]{16}/g, '[REDACTED_AWS]')
+    // Emails
+    .replace(/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g, '[REDACTED_EMAIL]')
+    // Phone numbers
+    .replace(/(\+\d{1,3}[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}/g, '[REDACTED_PHONE]')
+    // Credit card numbers
+    .replace(/\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g, '[REDACTED_CC]')
+    // SSN
+    .replace(/\b\d{3}-\d{2}-\d{4}\b/g, '[REDACTED_SSN]')
+    // URL tokens/sessions
+    .replace(/([?&])(session|sess|sid|token|auth|key|apikey)=([^&\s]+)/gi, '$1$2=[REDACTED]')
+    // Authorization headers in strings
+    .replace(/(Authorization|X-Auth-Token|X-API-Key)\s*:\s*([^\s,;]+)/gi, '$1: [REDACTED]');
+}
+
+function _sanitizeHeaders(headers) {
+  if (!headers || !_config.sanitize) return headers;
+  const out = { ...headers };
+  const sensitive = ['authorization', 'cookie', 'set-cookie', 'x-auth-token', 'x-api-key', 'proxy-authorization'];
+  for (const key of sensitive) {
+    if (out[key]) out[key] = '[REDACTED]';
+  }
+  return out;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ENCRYPTION — AES-256-GCM payload encryption
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _encrypt(plaintext) {
+  if (!_config.encryptPayload || !_config.encryptionKey) return plaintext;
+
+  try {
+    const crypto = require('crypto');
+    const key = Buffer.from(_config.encryptionKey, 'hex');
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+
+    let encrypted = cipher.update(plaintext, 'utf8', 'base64');
+    encrypted += cipher.final('base64');
+    const authTag = cipher.getAuthTag().toString('base64');
+
+    return JSON.stringify({
+      encrypted: true,
+      algorithm: 'aes-256-gcm',
+      iv: iv.toString('base64'),
+      authTag,
+      data: encrypted,
+    });
+  } catch (err) {
+    _debugLog('Encryption failed, sending unencrypted:', err.message);
+    return plaintext;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// TRANSPORT — batching, flushing, sending to Overcast
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _enqueue(level, message, metadata = {}) {
+  if (!_initialized) return;
+  if (_sending) return; // Prevent recursion
+
+  // Sanitize
+  const sanitizedMessage = _sanitize(message);
+  const sanitizedMetadata = _sanitize(metadata);
+
+  const entry = {
+    timestamp: new Date().toISOString(),
+    level: level.toUpperCase(),
+    message: typeof sanitizedMessage === 'string' ? sanitizedMessage : JSON.stringify(sanitizedMessage),
+    service: _config.serviceName,
+    environment: _config.environment,
+    raw_log: typeof sanitizedMessage === 'string' ? sanitizedMessage : JSON.stringify(sanitizedMessage),
+    metadata: {
+      ...sanitizedMetadata,
+      sdkLanguage: 'node',
+      sdkVersion: '1.0.0',
+      nodeVersion: process.version,
+      pid: process.pid,
+    },
+  };
+
+  // If error metadata has a stack trace, append it
+  if (sanitizedMetadata.error?.stack) {
+    entry.message += `\n\nStack trace:\n${sanitizedMetadata.error.stack}`;
+    entry.raw_log = entry.message;
+  }
+
+  _buffer.push(entry);
+
+  // Drop oldest if buffer is too large
+  if (_buffer.length > _config.maxBufferSize) {
+    _buffer = _buffer.slice(_buffer.length - _config.maxBufferSize);
+  }
+
+  // Flush immediately for errors, or when batch is full
+  if (level === 'ERROR' || _buffer.length >= _config.batchSize) {
+    _flush();
+  }
+}
+
+function _flush() {
+  if (_buffer.length === 0) return Promise.resolve();
+
+  const logs = _buffer.splice(0, _config.batchSize);
+
+  let body = JSON.stringify({
+    api_key: _config.apiKey,
+    source_type: 'application',
+    source_description: `${_config.serviceName} (node/${process.version})`,
+    logs,
+  });
+
+  // Encrypt if configured
+  if (_config.encryptPayload) {
+    body = _encrypt(body);
+  }
+
+  return _send(body).catch(err => {
+    _debugLog('Flush failed:', err.message);
+    // Re-enqueue failed logs (put them back at front)
+    _buffer.unshift(...logs);
+    if (_buffer.length > _config.maxBufferSize) {
+      _buffer = _buffer.slice(_buffer.length - _config.maxBufferSize);
+    }
+  });
+}
+
+function _flushSync() {
+  // Best-effort synchronous flush using child_process
+  if (_buffer.length === 0) return;
+
+  try {
+    const { execSync } = require('child_process');
+    const logs = _buffer.splice(0);
+    const body = JSON.stringify({
+      api_key: _config.apiKey,
+      source_type: 'application',
+      source_description: `${_config.serviceName} (node/${process.version})`,
+      logs,
+    });
+
+    const url = `${_config.baseUrl}${INGEST_ENDPOINT}`;
+    // Use curl for synchronous send
+    execSync(`curl -s -X POST "${url}" -H "Content-Type: application/json" -H "X-Overcast-Key: ${_config.apiKey}" -d '${body.replace(/'/g, "'\\''")}'`, {
+      timeout: 5000,
+      stdio: 'ignore',
+    });
+  } catch {
+    // Best effort — process is exiting
+  }
+}
+
+function _send(body) {
+  _sending = true;
+
+  return new Promise((resolve, reject) => {
+    try {
+      const url = new URL(`${_config.baseUrl}${INGEST_ENDPOINT}`);
+      const isHttps = url.protocol === 'https:';
+      const mod = isHttps ? require('https') : require('http');
+
+      const req = mod.request({
+        hostname: url.hostname,
+        port: url.port || (isHttps ? 443 : 80),
+        path: url.pathname,
+        method: 'POST',
+        headers: {
+          'Content-Type': _config.encryptPayload ? 'application/octet-stream' : 'application/json',
+          'Content-Length': Buffer.byteLength(body),
+          'X-Overcast-Key': _config.apiKey,
+          'X-Overcast-Service': _config.serviceName,
+          'X-Overcast-SDK': 'node/1.0.0',
+          'User-Agent': `overcast-node/1.0.0 node/${process.version}`,
+        },
+        // TLS security
+        minVersion: 'TLSv1.2',
+        rejectUnauthorized: true,
+      }, (res) => {
+        res.resume(); // Consume response
+        _sending = false;
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          resolve();
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}`));
+        }
+      });
+
+      req.on('error', (err) => { _sending = false; reject(err); });
+      req.setTimeout(10000, () => { _sending = false; req.destroy(); reject(new Error('Timeout')); });
+      req.write(body);
+      req.end();
+    } catch (err) {
+      _sending = false;
+      reject(err);
+    }
+  });
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// HELPERS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+function _formatArgs(args) {
+  let errorObj = null;
+  const parts = [];
+
+  for (const arg of args) {
+    if (arg instanceof Error) {
+      if (!errorObj) errorObj = arg;
+      parts.push(arg.message);
+    } else if (typeof arg === 'object') {
+      try { parts.push(JSON.stringify(arg)); } catch { parts.push('[Object]'); }
+    } else {
+      parts.push(String(arg));
+    }
+  }
+
+  return { message: parts.join(' '), errorObj };
+}
+
+function _parseBody(chunks) {
+  if (!chunks || chunks.length === 0) return null;
+  try {
+    const buf = Buffer.concat(chunks);
+    const str = buf.toString('utf8').substring(0, 2000);
+    try { return JSON.parse(str); } catch { return str; }
+  } catch { return null; }
+}
+
+function _debugLog(...args) {
+  if (_config.debug && _originals.console_log) {
+    _originals.console_log.apply(console, ['[Overcast]', ...args]);
+  } else if (_config.debug) {
+    // Before console capture is installed
+    process.stdout.write(`[Overcast] ${args.join(' ')}\n`);
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  init,
+  error,
+  warn,
+  info,
+  debug,
+  captureException,
+  middleware,
+  flush,
+  shutdown,
+  getBufferSize: () => _buffer.length,
+};

package/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "@overcastsre/node",
+  "version": "1.0.0",
+  "description": "Overcast SRE monitoring SDK for Node.js — one-line install, captures everything.",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "license": "MIT",
+  "keywords": ["overcast", "monitoring", "logging", "error-tracking", "observability", "apm", "node"],
+  "engines": { "node": ">=14.0.0" },
+  "files": ["index.js", "index.d.ts", "README.md"],
+  "repository": { "type": "git", "url": "https://github.com/overcast/sdk-node" },
+  "homepage": "https://overcastsre.com/docs/node"
+}