@senzops/apm-node 1.1.18 → 1.2.1

package/src/core/client.ts

@@ -2,15 +2,23 @@ import { Transport } from './transport';
 import { Context } from './context';
 import { SenzorOptions, ActiveTrace, TaskRun, SenzorLog } from './types';
 import { randomUUID } from 'crypto';
-import { instrumentHttp, instrumentFetch } from '../instrumentation/http';
-import { instrumentMongo } from '../instrumentation/mongo';
-import { instrumentPg } from '../instrumentation/pg';
-import { instrumentBullMQ } from '../instrumentation/bullmq';
-import { instrumentNodeCron } from '../instrumentation/cron';
-import { SDK_META } from '../utils/sdkMeta';
-import { parseTraceparent } from '../utils/traceContext';
-
-const generateW3CTraceId = () => randomUUID().replace(/-/g, '');
+import { instrumentHttp, instrumentFetch } from '../instrumentation/http';
+import { instrumentExpress } from '../instrumentation/express';
+import { instrumentFastify } from '../instrumentation/fastify';
+import { instrumentKoa } from '../instrumentation/koa';
+import { instrumentMongo } from '../instrumentation/mongo';
+import { instrumentPg } from '../instrumentation/pg';
+import { instrumentUndici } from '../instrumentation/undici';
+import { instrumentRedis } from '../instrumentation/redis';
+import { instrumentMysql } from '../instrumentation/mysql';
+import { instrumentMongoose } from '../instrumentation/mongoose';
+import { instrumentBullMQ } from '../instrumentation/bullmq';
+import { instrumentNodeCron } from '../instrumentation/cron';
+import { SDK_META } from '../utils/sdkMeta';
+import { parseTraceparent } from '../utils/traceContext';
+import { generateSpanId, generateTraceId } from '../utils/ids';
+import { sanitizeAttributes } from './sanitizer';
+import { startCapturedSpan } from '../instrumentation/span';
 
 // Memory-safe JSON stringifier to handle cyclical objects 
 // (like Express 'req' objects) passed into console.log
@@ -25,39 +33,69 @@ const safeStringify = (obj: any): string => {
   });
 };
 
-export class SenzorClient {
-  private transport: Transport | null = null;
-  private options: SenzorOptions | null = null;
-  private isInstrumented = false;
-
-  public init(options: SenzorOptions) {
-    if (!options.apiKey) {
-      console.warn('[Senzor] API Key missing. SDK disabled.');
-      return;
-    }
+export class SenzorClient {
+  private transport: Transport | null = null;
+  private options: SenzorOptions | null = null;
+  private isInstrumented = false;
+
+  public preload(options: Partial<SenzorOptions> = {}) {
+    const endpoint = options.endpoint || 'https://api.senzor.dev/api/ingest/apm';
+    const debug = options.debug || false;
+
+    this.options = {
+      apiKey: '',
+      ...this.options,
+      ...options
+    };
+
+    this.installNativeInstrumentations(endpoint, debug);
+  }
+
+  public init(options: SenzorOptions) {
+    if (!options.apiKey) {
+      console.warn('[Senzor] API Key missing. SDK disabled.');
+      return;
+    }
     this.options = options;
     const endpoint = options.endpoint || 'https://api.senzor.dev/api/ingest/apm';
     const debug = options.debug || false;
-
-    this.transport = new Transport({ ...options, endpoint });
-
-    if (!this.isInstrumented) {
-      this.setupGlobalErrorHandlers();
-      this.setupLogInterception(); // Fire up Auto Log Instrumentation
-
-      try { instrumentHttp(endpoint, debug); } catch (e) { }
-      try { instrumentFetch(endpoint, debug); } catch (e) { }
-      try { instrumentMongo(debug); } catch (e) { }
-      try { instrumentPg(); } catch (e) { }
-
-      // Task Integrations 
-      try { instrumentBullMQ(this, debug); } catch (e) { }
-      try { instrumentNodeCron(this, debug); } catch (e) { }
-
-      this.isInstrumented = true;
-      if (debug) console.log('[Senzor] Auto-instrumentation enabled');
-    }
-  }
+
+    this.transport = new Transport({ ...options, endpoint });
+    this.installNativeInstrumentations(endpoint, debug);
+  }
+
+  private isInstrumentationEnabled(name: string): boolean {
+    const setting = this.options?.instrumentations;
+    if (setting === false) return false;
+    if (Array.isArray(setting)) return setting.includes(name);
+    return true;
+  }
+
+  private installNativeInstrumentations(endpoint: string, debug: boolean) {
+    if (!this.isInstrumented) {
+      this.setupGlobalErrorHandlers();
+      this.setupLogInterception(); // Fire up Auto Log Instrumentation
+
+      try { if (this.isInstrumentationEnabled('http')) instrumentHttp(this, endpoint, this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('express')) instrumentExpress(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('fastify')) instrumentFastify(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('koa')) instrumentKoa(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('fetch')) instrumentFetch(endpoint, this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('undici')) instrumentUndici(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('mongo')) instrumentMongo(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('mongoose')) instrumentMongoose(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('pg')) instrumentPg(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('mysql')) instrumentMysql(this.options || undefined); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('redis')) instrumentRedis(this.options || undefined); } catch (e) { }
+
+      // Task Integrations 
+      try { if (this.isInstrumentationEnabled('bullmq')) instrumentBullMQ(this, debug); } catch (e) { }
+      try { if (this.isInstrumentationEnabled('cron')) instrumentNodeCron(this, debug); } catch (e) { }
+
+      this.isInstrumented = true;
+      if (debug) console.log('[Senzor] Auto-instrumentation enabled');
+    }
+  }
 
   // --- Enterprise Auto-Log Interception ---
   private setupLogInterception() {
@@ -94,13 +132,13 @@ export class SenzorClient {
               attributes.errorStack = arg.stack;
               attributes.errorName = arg.name;
             } else if (typeof arg === 'object' && arg !== null) {
-              try {
-                // New Relic Style Destructuring: Merge all object keys into `attributes`
-                const parsed = JSON.parse(safeStringify(arg));
-                attributes = { ...attributes, ...parsed };
-              } catch (e) {
-                attributes.unparseableObject = true;
-              }
+              try {
+                // New Relic Style Destructuring: Merge all object keys into `attributes`
+                const parsed = JSON.parse(safeStringify(arg));
+                attributes = { ...attributes, ...sanitizeAttributes(parsed, this.options || undefined) };
+              } catch (e) {
+                attributes.unparseableObject = true;
+              }
             } else {
               message += (message ? ' ' : '') + String(arg);
             }
@@ -216,11 +254,20 @@ export class SenzorClient {
     process.on('SIGINT', () => safeCapture(new Error('Process received SIGINT'), { type: 'processSignal', signal: 'SIGINT' }));
   }
 
-  public startTrace<T>(data: Partial<ActiveTrace['data']> & { headers?: any }, next: () => T): T {
-    if (!this.transport) return next();
-
-    let inheritedTraceId: string | undefined = undefined;
-    let inheritedParentSpanId: string | undefined = undefined;
+  public startTrace<T>(data: Partial<ActiveTrace['data']> & { headers?: any }, next: () => T): T {
+    if (!this.transport) return next();
+
+    const existingTrace = Context.current();
+    if (existingTrace?.contextType === 'apm') {
+      existingTrace.data = {
+        ...existingTrace.data,
+        ...data
+      };
+      return next();
+    }
+
+    let inheritedTraceId: string | undefined = undefined;
+    let inheritedParentSpanId: string | undefined = undefined;
 
     if (data.headers) {
       const getHeader = (key: string) => {
@@ -243,32 +290,44 @@ export class SenzorClient {
       }
     }
 
-    const activeTraceId = inheritedTraceId || generateW3CTraceId();
-
-    const trace: ActiveTrace = {
-      id: activeTraceId,
-      contextType: 'apm',
-      startTime: performance.now(),
-      data: { ...data, parentTraceId: inheritedTraceId, parentSpanId: inheritedParentSpanId },
-      spans: []
-    };
+    const activeTraceId = inheritedTraceId || generateTraceId();
+    const rootSpanId = generateSpanId();
+
+    const trace: ActiveTrace = {
+      id: activeTraceId,
+      contextType: 'apm',
+      startTime: performance.now(),
+      rootSpanId,
+      activeSpanId: rootSpanId,
+      data: { ...data, parentTraceId: inheritedTraceId, parentSpanId: inheritedParentSpanId, rootSpanId },
+      spans: [],
+      maxSpans: this.options?.maxSpansPerTrace ?? 500,
+      droppedSpans: 0
+    };
 
     return Context.run(trace, next);
   }
 
-  public endTrace(status: number, extraData: any = {}) {
-    const trace = Context.current();
-    if (!trace || trace.contextType !== 'apm' || !this.transport) return;
-    const duration = performance.now() - trace.startTime;
-
-    const payload = {
-      traceId: trace.id,
-      parentTraceId: trace.data.parentTraceId,
-      parentSpanId: trace.data.parentSpanId,
-      ...trace.data,
-      ...extraData,
-      status, duration, spans: trace.spans, timestamp: new Date().toISOString()
-    };
+  public endTrace(status: number, extraData: any = {}) {
+    const trace = Context.current();
+    if (!trace || trace.contextType !== 'apm' || !this.transport) return;
+    if (trace.ended) return;
+    trace.ended = true;
+    const duration = performance.now() - trace.startTime;
+
+    const payload = {
+      traceId: trace.id,
+      parentTraceId: trace.data.parentTraceId,
+      parentSpanId: trace.data.parentSpanId,
+      rootSpanId: trace.rootSpanId,
+      ...trace.data,
+      ...extraData,
+      status,
+      duration,
+      spans: trace.spans,
+      droppedSpans: trace.droppedSpans,
+      timestamp: new Date().toISOString()
+    };
     this.transport.addTrace(payload);
   }
 
@@ -282,17 +341,21 @@ export class SenzorClient {
     const startMemory = process.memoryUsage ? process.memoryUsage().heapUsed : 0;
     const startCpu = process.cpuUsage ? process.cpuUsage() : undefined;
 
-    const task: ActiveTrace = {
-      id: randomUUID(),
-      contextType: 'task',
-      startTime: performance.now(),
-      startMemory,
-      startCpu,
-      data: { taskName: name, taskType: type, triggerTraceId, ...options },
-      spans: []
-    };
-    return Context.run(task, next);
-  }
+    const task: ActiveTrace = {
+      id: randomUUID(),
+      contextType: 'task',
+      startTime: performance.now(),
+      rootSpanId: generateSpanId(),
+      startMemory,
+      startCpu,
+      data: { taskName: name, taskType: type, triggerTraceId, ...options },
+      spans: [],
+      maxSpans: this.options?.maxSpansPerTrace ?? 500,
+      droppedSpans: 0
+    };
+    task.activeSpanId = task.rootSpanId;
+    return Context.run(task, next);
+  }
 
   public endTask(status: 'success' | 'failed', extraMetadata: any = {}) {
     const task = Context.current();
@@ -318,7 +381,7 @@ export class SenzorClient {
       queueDelay: task.data.queueDelay,
       attempts: task.data.attempts,
       isDeadLetter: task.data.isDeadLetter,
-      metadata: { ...task.data.metadata, ...extraMetadata },
+      metadata: { ...task.data.metadata, ...extraMetadata, droppedSpans: task.droppedSpans },
       resourceMetrics,
       status,
       duration: performance.now() - task.startTime,
@@ -357,35 +420,32 @@ export class SenzorClient {
 
     const currentTrace = Context.current();
 
-    const errPayload = {
-      errorClass: parsedError.name || 'Error',
-      message: parsedError.message,
-      stackTrace: parsedError.stack,
-      context,
-      timestamp: new Date().toISOString()
-    };
+    const errPayload = {
+      errorClass: parsedError.name || 'Error',
+      message: parsedError.message,
+      stackTrace: parsedError.stack,
+      context: sanitizeAttributes(context, this.options || undefined),
+      timestamp: new Date().toISOString()
+    };
 
     if (currentTrace?.contextType === 'task') {
       this.transport.addError({ ...errPayload, runId: currentTrace.id }, 'task');
     } else {
       this.transport.addError({ ...errPayload, traceId: currentTrace?.id }, 'apm');
     }
-  }
-
-  public track(data: any) {
-    this.transport?.addTrace({ traceId: generateW3CTraceId(), ...data, spans: [], timestamp: new Date().toISOString() });
-  }
-
-  public startSpan(name: string, type: 'db' | 'http' | 'function' | 'custom' = 'custom') {
-    const trace = Context.current();
-    if (!trace) return { end: () => { } };
-    const startTime = performance.now() - trace.startTime;
-    const spanStartAbs = performance.now();
-    const spanId = randomUUID().replace(/-/g, '').slice(0, 16);
-    return { end: (meta?: any, status?: number) => { Context.addSpan({ spanId, name, type, startTime, duration: performance.now() - spanStartAbs, status, meta }); } };
-  }
+  }
+
+  public track(data: any) {
+    this.transport?.addTrace({ traceId: generateTraceId(), ...data, spans: [], timestamp: new Date().toISOString() });
+  }
+
+  public startSpan(name: string, type: 'db' | 'http' | 'function' | 'custom' = 'custom') {
+    const span = startCapturedSpan(name, type, {}, this.options || undefined);
+    if (!span) return { end: () => { } };
+    return { end: (meta?: any, status?: number) => span.end(status, meta) };
+  }
 
   public async flush() { if (this.transport) await this.transport.flush(); }
 }
 
-export const client = new SenzorClient();
+export const client = new SenzorClient();

package/src/core/context.ts

@@ -1,21 +1,48 @@
-import { AsyncLocalStorage } from 'async_hooks';
-import { ActiveTrace } from './types';
-
-export const storage = new AsyncLocalStorage<ActiveTrace>();
-
-export const Context = {
-  run: <T>(trace: ActiveTrace, fn: () => T): T => {
-    return storage.run(trace, fn);
-  },
-
-  current: (): ActiveTrace | undefined => {
-    return storage.getStore();
-  },
-
-  addSpan: (span: any) => {
-    const store = storage.getStore();
-    if (store) {
-      store.spans.push(span);
-    }
-  }
-};
+import { AsyncLocalStorage } from 'async_hooks';
+import { ActiveTrace, Span } from './types';
+
+export const storage = new AsyncLocalStorage<ActiveTrace>();
+
+export const Context = {
+  run: <T>(trace: ActiveTrace, fn: () => T): T => {
+    return storage.run(trace, fn);
+  },
+
+  withActiveSpan: <T>(spanId: string, fn: () => T): T => {
+    const store = storage.getStore();
+    if (!store) return fn();
+
+    return storage.run(
+      {
+        ...store,
+        activeSpanId: spanId,
+        data: store.data,
+        spans: store.spans
+      },
+      fn
+    );
+  },
+
+  current: (): ActiveTrace | undefined => {
+    return storage.getStore();
+  },
+
+  addSpan: (span: Span) => {
+    const store = storage.getStore();
+    if (store) {
+      Context.addSpanToTrace(store, span);
+    }
+  },
+
+  addSpanToTrace: (trace: ActiveTrace, span: Span) => {
+    if (trace.ended) return;
+
+    const maxSpans = trace.maxSpans ?? 500;
+    if (trace.spans.length >= maxSpans) {
+      trace.droppedSpans = (trace.droppedSpans ?? 0) + 1;
+      return;
+    }
+
+    trace.spans.push(span);
+  }
+};

package/src/core/sanitizer.ts

@@ -0,0 +1,203 @@
+import { SenzorOptions } from './types';
+
+const DEFAULT_MAX_ATTRIBUTES = 64;
+const DEFAULT_MAX_ATTRIBUTE_LENGTH = 2048;
+const MAX_DEPTH = 4;
+const MAX_ARRAY_ITEMS = 20;
+
+const SENSITIVE_KEY_PATTERN =
+  /(^|[-_.])(authorization|cookie|set-cookie|password|passwd|pwd|secret|token|api[-_.]?key|x-api-key|access[-_.]?token|refresh[-_.]?token|client[-_.]?secret|private[-_.]?key)([-_.]|$)/i;
+
+export interface SanitizerOptions {
+  maxAttributes?: number;
+  maxAttributeLength?: number;
+}
+
+const getLimits = (options?: SanitizerOptions | SenzorOptions) => ({
+  maxAttributes: options?.maxAttributes ?? DEFAULT_MAX_ATTRIBUTES,
+  maxAttributeLength:
+    options?.maxAttributeLength ?? DEFAULT_MAX_ATTRIBUTE_LENGTH
+});
+
+export const truncate = (
+  value: string,
+  maxLength = DEFAULT_MAX_ATTRIBUTE_LENGTH
+): string => {
+  if (value.length <= maxLength) return value;
+  return `${value.slice(0, Math.max(0, maxLength - 15))}...[truncated]`;
+};
+
+export const isSensitiveKey = (key: string): boolean =>
+  SENSITIVE_KEY_PATTERN.test(key);
+
+const sanitizePrimitive = (
+  value: unknown,
+  maxLength: number
+): string | number | boolean | null | undefined => {
+  if (value === null || value === undefined) return value;
+
+  if (
+    typeof value === 'number' ||
+    typeof value === 'boolean'
+  ) {
+    return value;
+  }
+
+  if (typeof value === 'bigint') {
+    return value.toString();
+  }
+
+  if (typeof value === 'string') {
+    return truncate(value, maxLength);
+  }
+
+  return undefined;
+};
+
+const sanitizeValue = (
+  key: string,
+  value: unknown,
+  options: Required<SanitizerOptions>,
+  depth: number
+): unknown => {
+  if (isSensitiveKey(key)) return '[REDACTED]';
+
+  const primitive =
+    sanitizePrimitive(value, options.maxAttributeLength);
+
+  if (primitive !== undefined || value === undefined) {
+    return primitive;
+  }
+
+  if (value instanceof Error) {
+    return {
+      name: truncate(value.name, options.maxAttributeLength),
+      message: truncate(value.message, options.maxAttributeLength),
+      stack: value.stack
+        ? truncate(value.stack, options.maxAttributeLength)
+        : undefined
+    };
+  }
+
+  if (depth >= MAX_DEPTH) {
+    return '[MaxDepth]';
+  }
+
+  if (Array.isArray(value)) {
+    return value
+      .slice(0, MAX_ARRAY_ITEMS)
+      .map((item) =>
+        sanitizeValue(key, item, options, depth + 1)
+      );
+  }
+
+  if (typeof value === 'object') {
+    const output: Record<string, unknown> = {};
+    let count = 0;
+
+    for (const [childKey, childValue] of Object.entries(
+      value as Record<string, unknown>
+    )) {
+      if (count >= options.maxAttributes) {
+        output.__truncated = true;
+        break;
+      }
+
+      output[childKey] = sanitizeValue(
+        childKey,
+        childValue,
+        options,
+        depth + 1
+      );
+      count++;
+    }
+
+    return output;
+  }
+
+  return truncate(String(value), options.maxAttributeLength);
+};
+
+export const sanitizeAttributes = (
+  attributes: Record<string, unknown> = {},
+  options?: SanitizerOptions | SenzorOptions
+): Record<string, unknown> => {
+  const limits = getLimits(options);
+  const normalizedOptions: Required<SanitizerOptions> = {
+    maxAttributes: limits.maxAttributes,
+    maxAttributeLength: limits.maxAttributeLength
+  };
+
+  const output: Record<string, unknown> = {};
+  let count = 0;
+
+  for (const [key, value] of Object.entries(attributes)) {
+    if (count >= normalizedOptions.maxAttributes) {
+      output.__truncated = true;
+      break;
+    }
+
+    output[key] = sanitizeValue(
+      key,
+      value,
+      normalizedOptions,
+      0
+    );
+    count++;
+  }
+
+  return output;
+};
+
+export const sanitizeHeaders = (
+  headers: unknown,
+  options?: SanitizerOptions | SenzorOptions
+): Record<string, unknown> => {
+  if (!headers || typeof headers !== 'object') return {};
+
+  const plainHeaders: Record<string, unknown> = {};
+
+  if (typeof (headers as any).forEach === 'function') {
+    (headers as any).forEach((value: unknown, key: string) => {
+      plainHeaders[key.toLowerCase()] = value;
+    });
+  } else {
+    for (const [key, value] of Object.entries(
+      headers as Record<string, unknown>
+    )) {
+      plainHeaders[key.toLowerCase()] = Array.isArray(value)
+        ? value.join(', ')
+        : value;
+    }
+  }
+
+  return sanitizeAttributes(plainHeaders, options);
+};
+
+export const normalizeSql = (
+  sql: unknown,
+  options?: SenzorOptions
+): string | undefined => {
+  if (typeof sql !== 'string') return undefined;
+
+  const collapsed = sql.replace(/\s+/g, ' ').trim();
+  if (!collapsed) return undefined;
+
+  const withoutLiterals = collapsed
+    .replace(/'(?:''|[^'])*'/g, '?')
+    .replace(/"(?:\\"|[^"])*"/g, '?')
+    .replace(/\b\d+(\.\d+)?\b/g, '?');
+
+  return truncate(
+    options?.captureDbStatement === false
+      ? withoutLiterals.split(' ').slice(0, 6).join(' ')
+      : withoutLiterals,
+    options?.maxAttributeLength ?? DEFAULT_MAX_ATTRIBUTE_LENGTH
+  );
+};
+
+export const getSqlOperation = (sql: unknown): string | undefined => {
+  if (typeof sql !== 'string') return undefined;
+  const match = sql.trim().match(/^([a-z]+)/i);
+  return match?.[1]?.toUpperCase();
+};