npm - azify-logger - Versions diffs - 1.0.43 → 1.0.45 - Mend

azify-logger 1.0.43 → 1.0.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +3 -3
package/index.js +84 -7
package/init.js +21 -11
package/middleware-express.js +46 -44
package/middleware-pino.js +173 -0
package/package.json +5 -1
package/pino-config.js +26 -0
package/preload.js +15 -0
package/register-http-client-early.js +816 -0
package/register.js +1327 -372
package/sampling.js +1 -1
package/server.js +407 -159
package/store.js +37 -11
package/streams/httpQueue.js +24 -12
package/streams/pino.js +59 -7

package/server.js CHANGED Viewed

@@ -1,11 +1,16 @@
-require('dotenv').config({ path: './env/app.env' })
+const path = require('path')
+const http = require('http')
+require('dotenv').config({ path: path.resolve(__dirname, 'env', 'app.env') })
+console.log('[startup] env loaded')
 require('./register-otel.js')
+console.log('[startup] register-otel done')
 const axios = require('axios')
 const express = require('express')
 const cors = require('cors')
 const os = require('os')
 const fs = require('fs')
+const isLocalEnv = process.env.NODE_ENV === 'development'
 let trace, context, propagation, W3CTraceContextPropagator
 try {
   const otelApi = require('@opentelemetry/api')
@@ -30,6 +35,22 @@ const allowedExternalIPs = (process.env.ALLOWED_SOURCE_IPS || '')
 app.set('trust proxy', 1)
+app.use((req, res, next) => {
+  if (req.path === '/health') {
+    res.status(200).set('Content-Type', 'application/json').end(JSON.stringify({ status: 'ok', service: 'azify-logger' }))
+    return
+  }
+  next()
+})
+let heartbeatCount = 0
+const heartbeatInterval = setInterval(() => {
+  heartbeatCount++
+  if (heartbeatCount <= 24) console.log('[heartbeat]', heartbeatCount, 'uptime', Math.floor(process.uptime()), 's')
+  if (heartbeatCount >= 24) try { clearInterval(heartbeatInterval) } catch (_) {}
+}, 5000)
+if (typeof heartbeatInterval.unref === 'function') heartbeatInterval.unref()
 app.use(express.json({ limit: '10mb' }))
 app.use(express.urlencoded({ extended: true, limit: '10mb' }))
 app.use(cors())
@@ -38,12 +59,22 @@ const authEnabled = process.env.AZURE_AD_AUTH_ENABLED === 'true'
 let ensureAuthenticated = (req, res, next) => next()
 let ensureAdmin = (req, res, next) => res.status(403).send('Forbidden')
 if (authEnabled) {
-  const { setupAuth, setupAuthRoutes, ensureAuthenticated: _ensureAuth, ensureAdmin: _ensureAdmin } = require('./auth')
-  setupAuth(app)
-  setupAuthRoutes(app)
-  ensureAuthenticated = _ensureAuth
-  ensureAdmin = _ensureAdmin
+  const tenantId = process.env.AZURE_TENANT_ID
+  const clientId = process.env.AZURE_CLIENT_ID
+  const clientSecret = process.env.AZURE_CLIENT_SECRET
+  const redirectUrl = process.env.AZURE_REDIRECT_URL
+  if (!tenantId || !clientId || !clientSecret || !redirectUrl) {
+    console.error('[auth] ⚠️ Azure AD habilitado mas variáveis faltando. Defina AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET e AZURE_REDIRECT_URL em env/app.env')
+    console.error('[auth] Variáveis atuais: AZURE_TENANT_ID=' + (tenantId ? '***' : 'VAZIO') + ', AZURE_CLIENT_ID=' + (clientId ? '***' : 'VAZIO') + ', AZURE_CLIENT_SECRET=' + (clientSecret ? '***' : 'VAZIO') + ', AZURE_REDIRECT_URL=' + (redirectUrl ? '***' : 'VAZIO'))
+  } else {
+    const { setupAuth, setupAuthRoutes, ensureAuthenticated: _ensureAuth, ensureAdmin: _ensureAdmin } = require('./auth')
+    setupAuth(app)
+    setupAuthRoutes(app)
+    ensureAuthenticated = _ensureAuth
+    ensureAdmin = _ensureAdmin
+  }
 }
+console.log('[startup] auth configured')
 const IS_LOCAL = process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'dev' || !process.env.NODE_ENV
@@ -77,15 +108,22 @@ function validateNetworkAccess(req, res, next) {
     return next()
   }
+  const directPeer = (req.connection?.remoteAddress || req.socket?.remoteAddress || '')
+  const directPeerNorm = directPeer.replace(/^::ffff:/, '')
+  if (isPrivateOrLocalhost(directPeerNorm)) {
+    return next()
+  }
   const clientIP = req.headers['x-forwarded-for']?.split(',')[0]?.trim() ||
                    req.headers['x-real-ip'] ||
                    req.ip ||
-                   req.connection.remoteAddress ||
-                   req.socket.remoteAddress
+                   req.connection?.remoteAddress ||
+                   req.socket?.remoteAddress ||
+                   ''
   if (
     !IS_LOCAL &&
-    !isPrivateOrLocalhost(clientIP) &&
+    !isPrivateOrLocalhost(String(clientIP).replace(/^::ffff:/, '')) &&
     !(allowedExternalIPs.length > 0 && allowedExternalIPs.includes(clientIP))
   ) {
     return res.status(403).json({
@@ -100,6 +138,39 @@ function validateNetworkAccess(req, res, next) {
 app.use(validateNetworkAccess)
+const tempoBackendOrigin = (isLocalEnv ? 'http://localhost:3200' : 'http://tempo:3200').replace(/\/$/, '')
+app.use('/tempo-proxy', (req, res) => {
+  const pathname = (req.originalUrl || req.url || '').split('?')[0]
+  const pathMatch = pathname.match(/\/tempo-proxy\/([^/]+)(\/.*|$)/) || pathname.match(/^\/([^/]+)(\/.*|)$/)
+  if (!pathMatch) {
+    return res.status(400).json({ error: 'tempo-proxy requires path: /tempo-proxy/:tenantId/...' })
+  }
+  const tenantId = pathMatch[1]
+  const upstreamPath = (pathMatch[2] || '').trim() || '/'
+  const q = req.originalUrl.includes('?') ? '?' + req.originalUrl.split('?').slice(1).join('?') : ''
+  const targetUrl = `${tempoBackendOrigin}${upstreamPath}${q}`
+  const fwdHeaders = { ...req.headers, host: undefined, 'x-scope-orgid': tenantId }
+  axios.request({
+    method: req.method,
+    url: targetUrl,
+    headers: fwdHeaders,
+    data: req.method !== 'GET' && req.method !== 'HEAD' ? req.body : undefined,
+    responseType: 'arraybuffer',
+    validateStatus: () => true,
+    timeout: 60000,
+    maxRedirects: 0
+  }).then((proxied) => {
+    res.status(proxied.status)
+    const h = proxied.headers
+    if (h['content-type']) res.set('Content-Type', h['content-type'])
+    if (h['content-length']) res.set('Content-Length', h['content-length'])
+    res.end(Buffer.from(proxied.data))
+  }).catch((err) => {
+    console.warn('[tempo-proxy]', tenantId, err.message || err)
+    res.status(502).json({ error: 'Tempo proxy error', message: err.message })
+  })
+})
 const tracer = trace.getTracer('azify-logger', '1.0.0')
 const propagator = new W3CTraceContextPropagator()
@@ -156,6 +227,7 @@ async function ensureIndexTemplate() {
               userAgent: { type: 'text' },
               environment: { type: 'keyword' },
               hostname: { type: 'keyword' },
+              source: { type: 'keyword' },
               responseBody: { type: 'text' },
               error: {
                 properties: {
@@ -167,7 +239,7 @@ async function ensureIndexTemplate() {
             }
           }
       },
-      priority: 500
+      priority: 1000
     })
   } catch (error) {
   }
@@ -192,8 +264,7 @@ async function fetchGrafanaOrgNames() {
 }
 async function fetchGrafanaOrgs() {
-  const runningInDocker = fs.existsSync('/.dockerenv')
-  const defaultGrafanaUrl = runningInDocker ? 'http://azify-grafana:3000' : 'http://127.0.0.1:3002'
+  const defaultGrafanaUrl = isLocalEnv ? 'http://127.0.0.1:3002' : 'http://azify-grafana:3000'
   const grafanaUrl = process.env.GRAFANA_URL || defaultGrafanaUrl
   const grafanaAdminUser = process.env.GRAFANA_ADMIN_USER || 'admin'
   const grafanaAdminPassword = process.env.GRAFANA_ADMIN_PASSWORD || process.env.GF_SECURITY_ADMIN_PASSWORD || 'admin'
@@ -273,10 +344,28 @@ function escapeForSQLite(str) {
   return str.replace(/'/g, "''").replace(/\\/g, '\\\\').replace(/\n/g, '\\n').replace(/\r/g, '\\r')
 }
-function runSqlite(sql) {
+const { exec } = require('child_process')
+const { promisify } = require('util')
+const execAsync = promisify(exec)
+let _sqlite3Available = null
+async function isSqlite3Available() {
+  if (_sqlite3Available !== null) return _sqlite3Available
+  try {
+    await execAsync('which sqlite3', { encoding: 'utf8' })
+    _sqlite3Available = true
+    return true
+  } catch (_) {
+    _sqlite3Available = false
+    console.warn('[setupGrafana] sqlite3 não encontrado no PATH; fallback de Organization/datasource via SQLite desabilitado. Instale sqlite3 ou use a API do Grafana.')
+    return false
+  }
+}
+/** Async runSqlite: não bloqueia o event loop (evita timeout em /health e auth). */
+async function runSqlite(sql) {
   const dbPath = process.env.GRAFANA_SQLITE_PATH || '/var/lib/grafana/grafana.db'
   const grafanaContainer = process.env.GRAFANA_DOCKER_CONTAINER || 'azify-grafana'
-  const { execSync } = require('child_process')
   const localDbExists = fs.existsSync(dbPath)
   const escapedForLocal = sql.replace(/"/g, '""')
@@ -284,30 +373,34 @@ function runSqlite(sql) {
   const command = localDbExists
     ? `sqlite3 ${dbPath} "${escapedForLocal}"`
-    : `docker exec ${grafanaContainer} sh -c "sqlite3 ${dbPath} \\"${escapedForDocker}\\""`;
+    : `docker exec ${grafanaContainer} sh -c "sqlite3 ${dbPath} \\"${escapedForDocker}\\""`
   try {
     if (!localDbExists) {
       console.log(`[runSqlite] Executando comando via docker exec no container ${grafanaContainer}`)
     }
-    return execSync(command, { encoding: 'utf8', shell: '/bin/bash' }).trim()
+    const { stdout } = await execAsync(command, { encoding: 'utf8', shell: '/bin/bash', maxBuffer: 10 * 1024 * 1024 })
+    return (stdout || '').trim()
   } catch (error) {
     const stderr = error.stderr?.toString()?.trim()
-    throw new Error(stderr || error.message)
+    const msg = stderr || error.message
+    if (msg.includes('not found') || msg.includes('sqlite3')) _sqlite3Available = false
+    throw new Error(msg)
   }
 }
 async function createOrgViaSQLite(appName) {
-  const dbPath = '/var/lib/grafana/grafana.db'
+  if (!(await isSqlite3Available())) return null
+  const dbPath = process.env.GRAFANA_SQLITE_PATH || '/var/lib/grafana/grafana.db'
   try {
-    console.log(`[createOrgViaSQLite] Verificando database em ${dbPath}...`)
     if (!fs.existsSync(dbPath)) {
-      console.log(`[createOrgViaSQLite] Banco não acessível localmente; tentando via docker exec`)
+      if (!isLocalEnv) {
+        console.log(`[createOrgViaSQLite] Banco não acessível localmente; tentando via docker exec`)
+      }
     }
-    console.log(`[createOrgViaSQLite] Verificando se Organization '${appName}' já existe...`)
-    const existingId = runSqlite(`SELECT id FROM org WHERE name='${appName}';`)
+    const existingId = await runSqlite(`SELECT id FROM org WHERE name='${appName}';`)
     if (existingId && existingId !== '') {
       console.log(`[createOrgViaSQLite] ✅ Organization '${appName}' já existe (ID: ${existingId})`)
@@ -315,7 +408,7 @@ async function createOrgViaSQLite(appName) {
     }
     console.log(`[createOrgViaSQLite] Criando Organization '${appName}'...`)
-    const newId = runSqlite(`INSERT INTO org (name, version, created, updated) VALUES ('${appName}', 1, datetime('now'), datetime('now')); SELECT id FROM org WHERE name='${appName}';`)
+    const newId = await runSqlite(`INSERT INTO org (name, version, created, updated) VALUES ('${appName}', 1, datetime('now'), datetime('now')); SELECT id FROM org WHERE name='${appName}';`)
     if (newId && newId !== '') {
       console.log(`[createOrgViaSQLite] ✅ Organization '${appName}' criada com sucesso (ID: ${newId})`)
@@ -330,24 +423,36 @@ async function createOrgViaSQLite(appName) {
   }
 }
-async function setupGrafanaForApp(appName) {
-  const runningInDocker = fs.existsSync('/.dockerenv')
-  const defaultGrafanaUrl = runningInDocker ? 'http://azify-grafana:3000' : 'http://127.0.0.1:3002'
-  const grafanaUrl = process.env.GRAFANA_URL || defaultGrafanaUrl
-  const grafanaAdminUser = process.env.GRAFANA_ADMIN_USER || 'admin'
-  const grafanaAdminPassword = process.env.GRAFANA_ADMIN_PASSWORD || process.env.GF_SECURITY_ADMIN_PASSWORD || 'admin'
-  const defaultOpensearchUrl = runningInDocker ? 'http://azify-opensearch:9200' : 'http://127.0.0.1:9200'
-  const opensearchUrl = process.env.OPENSEARCH_URL || defaultOpensearchUrl
-  const grafanaOpensearchUrl = process.env.GRAFANA_OPENSEARCH_URL || (runningInDocker ? 'http://azify-opensearch:9200' : opensearchUrl)
+let _setupGrafanaQueue = Promise.resolve()
+async function setupGrafanaForApp(appName) {
   if (!setupGrafanaForApp._cache) {
     setupGrafanaForApp._cache = new Set()
   }
   if (setupGrafanaForApp._cache.has(appName)) {
     return
   }
+  const waitFor = _setupGrafanaQueue
+  let release
+  _setupGrafanaQueue = new Promise((r) => { release = r })
+  await waitFor
+  try {
+    return await _setupGrafanaForAppImpl(appName)
+  } finally {
+    release()
+  }
+}
+async function _setupGrafanaForAppImpl(appName) {
+  const defaultGrafanaUrl = isLocalEnv ? 'http://127.0.0.1:3002' : 'http://azify-grafana:3000'
+  const grafanaUrl = process.env.GRAFANA_URL || defaultGrafanaUrl
+  const grafanaAdminUser = process.env.GRAFANA_ADMIN_USER || 'admin'
+  const grafanaAdminPassword = process.env.GRAFANA_ADMIN_PASSWORD || process.env.GF_SECURITY_ADMIN_PASSWORD || 'admin'
+  const defaultOpensearchUrl = isLocalEnv ? 'http://127.0.0.1:9200' : 'http://azify-opensearch:9200'
+  const opensearchUrl = process.env.OPENSEARCH_URL || defaultOpensearchUrl
+  const grafanaOpensearchUrl = process.env.GRAFANA_OPENSEARCH_URL || (isLocalEnv ? opensearchUrl : 'http://azify-opensearch:9200')
   setupGrafanaForApp._cache.add(appName)
   console.log(`[setupGrafana] Processando app: ${appName}`)
@@ -463,19 +568,16 @@ async function setupGrafanaForApp(appName) {
             }
           }
         } catch (userError) {
-          const dbUserId = await new Promise((resolve) => {
-            try {
-              const result = runSqlite(`SELECT id FROM user WHERE email='${trimmedEmail}';`)
-              resolve(result || null)
-            } catch (err) {
-              console.error(`[setupGrafana] ❌ Falha ao buscar usuário ${trimmedEmail} via SQLite: ${err.message}`)
-              resolve(null)
-            }
-          })
+          let dbUserId = null
+          try {
+            dbUserId = await runSqlite(`SELECT id FROM user WHERE email='${trimmedEmail}';`) || null
+          } catch (err) {
+            console.error(`[setupGrafana] ❌ Falha ao buscar usuário ${trimmedEmail} via SQLite: ${err.message}`)
+          }
           if (dbUserId) {
             try {
-              runSqlite(`INSERT OR IGNORE INTO org_user (org_id, user_id, role, created, updated) VALUES (${org.id}, ${dbUserId}, 'Admin', datetime('now'), datetime('now')); UPDATE org_user SET role='Admin' WHERE org_id=${org.id} AND user_id=${dbUserId};`)
+              await runSqlite(`INSERT OR IGNORE INTO org_user (org_id, user_id, role, created, updated) VALUES (${org.id}, ${dbUserId}, 'Admin', datetime('now'), datetime('now')); UPDATE org_user SET role='Admin' WHERE org_id=${org.id} AND user_id=${dbUserId};`)
             } catch (fallbackError) {
               console.error(`[setupGrafana] ❌ Falha ao promover ${trimmedEmail} via SQLite: ${fallbackError.message}`)
               throw fallbackError
@@ -545,17 +647,9 @@ async function setupGrafanaForApp(appName) {
               const opensearchUrlEscaped = escapeForSQLite(grafanaOpensearchUrl)
               const dsUidEscaped = escapeForSQLite(datasourceUid)
               const jsonEscaped = dsJson.replace(/'/g, "''")
-              const dbPath = process.env.GRAFANA_SQLITE_PATH || '/var/lib/grafana/grafana.db'
-              const grafanaContainer = process.env.GRAFANA_DOCKER_CONTAINER || 'azify-grafana'
-              const { execSync } = require('child_process')
-              const localDbExists = fs.existsSync(dbPath)
               const sql = `INSERT INTO data_source (org_id, version, type, name, access, url, is_default, json_data, uid, created, updated, basic_auth, with_credentials) VALUES (${org.id}, 1, 'grafana-opensearch-datasource', '${dsName}', 'proxy', '${opensearchUrlEscaped}', ${datasourceConfig.isDefault ? 1 : 0}, '${jsonEscaped}', '${dsUidEscaped}', datetime('now'), datetime('now'), 0, 0);`
-              if (localDbExists) {
-                execSync(`sqlite3 ${dbPath} "${sql.replace(/"/g, '""')}"`, { encoding: 'utf8' })
-              } else {
-                execSync(`docker exec ${grafanaContainer} sqlite3 ${dbPath} '${sql.replace(/'/g, "'\\''")}'`, { encoding: 'utf8', shell: '/bin/bash' })
-              }
-              const dsId = runSqlite('SELECT last_insert_rowid();')
+              await runSqlite(sql)
+              const dsId = await runSqlite('SELECT last_insert_rowid();')
               console.log(`[setupGrafana] ✅ Datasource criado via SQLite: ${datasourceUid} (ID: ${dsId})`)
             } catch (sqliteError) {
               console.error(`[setupGrafana] ❌ Erro ao criar datasource via SQLite: ${sqliteError.message}`)
@@ -572,17 +666,9 @@ async function setupGrafanaForApp(appName) {
             const opensearchUrlEscaped = escapeForSQLite(grafanaOpensearchUrl)
             const dsUidEscaped = escapeForSQLite(datasourceUid)
             const jsonEscaped = dsJson.replace(/'/g, "''")
-            const dbPath = process.env.GRAFANA_SQLITE_PATH || '/var/lib/grafana/grafana.db'
-            const grafanaContainer = process.env.GRAFANA_DOCKER_CONTAINER || 'azify-grafana'
-            const { execSync } = require('child_process')
-            const localDbExists = fs.existsSync(dbPath)
             const sql = `INSERT INTO data_source (org_id, version, type, name, access, url, is_default, json_data, uid, created, updated, basic_auth, with_credentials) VALUES (${org.id}, 1, 'grafana-opensearch-datasource', '${dsName}', 'proxy', '${opensearchUrlEscaped}', ${datasourceConfig.isDefault ? 1 : 0}, '${jsonEscaped}', '${dsUidEscaped}', datetime('now'), datetime('now'), 0, 0);`
-            if (localDbExists) {
-              execSync(`sqlite3 ${dbPath} "${sql.replace(/"/g, '""')}"`, { encoding: 'utf8' })
-            } else {
-              execSync(`docker exec ${grafanaContainer} sqlite3 ${dbPath} '${sql.replace(/'/g, "'\\''")}'`, { encoding: 'utf8', shell: '/bin/bash' })
-            }
-            const dsId = runSqlite('SELECT last_insert_rowid();')
+            await runSqlite(sql)
+            const dsId = await runSqlite('SELECT last_insert_rowid();')
             console.log(`[setupGrafana] ✅ Datasource criado via SQLite: ${datasourceUid} (ID: ${dsId})`)
           } catch (sqliteError) {
             console.error(`[setupGrafana] ❌ Erro ao criar datasource via SQLite: ${sqliteError.message}`)
@@ -593,8 +679,9 @@ async function setupGrafanaForApp(appName) {
     try {
       const tempoDatasourceUid = `tempo-${appName.toLowerCase()}`
-      const tempoUrl = runningInDocker ? 'http://tempo:3200' : 'http://localhost:3200'
       const serviceNameNorm = String(appName).trim().toLowerCase().replace(/[^a-z0-9-]/g, '-')
+      const loggerPort = process.env.PORT || 3001
+      const tempoUrl = `http://azify-logger:${loggerPort}/tempo-proxy/${serviceNameNorm}`
       const tempoJsonData = {
         httpMethod: 'GET',
         httpHeaderName1: 'X-Scope-OrgID',
@@ -624,7 +711,6 @@ async function setupGrafanaForApp(appName) {
         uid: tempoDatasourceUid,
         isDefault: false,
         jsonData: tempoJsonData,
-        secureJsonData: { httpHeaderValue1: serviceNameNorm },
         editable: true,
         version: 1
       }
@@ -649,8 +735,7 @@ async function setupGrafanaForApp(appName) {
             uid: tempoDatasourceUid,
             isDefault: false,
             version: existingTempo.data.version ?? 1,
-            jsonData: { ...(existingTempo.data.jsonData || {}), ...tempoJsonData },
-            secureJsonData: { httpHeaderValue1: serviceNameNorm }
+            jsonData: { ...(existingTempo.data.jsonData || {}), ...tempoJsonData }
           }
           await axios.put(
             `${grafanaUrl}/api/datasources/${id}`,
@@ -948,17 +1033,9 @@ async function setupGrafanaForApp(appName) {
           const slug = dashboardTitle.toLowerCase().replace(/[^a-z0-9-]/g, '-')
           const slugEscaped = escapeForSQLite(slug)
           const uidEscaped = escapeForSQLite(dashboardUid)
-          const dbPath = process.env.GRAFANA_SQLITE_PATH || '/var/lib/grafana/grafana.db'
-          const grafanaContainer = process.env.GRAFANA_DOCKER_CONTAINER || 'azify-grafana'
-          const { execSync } = require('child_process')
-          const localDbExists = fs.existsSync(dbPath)
           const sql = `INSERT INTO dashboard (org_id, version, slug, title, data, created, updated, uid, is_folder, folder_id) VALUES (${org.id}, 0, '${slugEscaped}', '${escapedTitle}', '${escapedJson}', datetime('now'), datetime('now'), '${uidEscaped}', 0, 0);`
-          if (localDbExists) {
-            execSync(`sqlite3 ${dbPath} "${sql.replace(/"/g, '""')}"`, { encoding: 'utf8' })
-          } else {
-            execSync(`docker exec ${grafanaContainer} sqlite3 ${dbPath} '${sql.replace(/'/g, "'\\''")}'`, { encoding: 'utf8', shell: '/bin/bash' })
-          }
-          const dashboardId = runSqlite('SELECT last_insert_rowid();')
+          await runSqlite(sql)
+          const dashboardId = await runSqlite('SELECT last_insert_rowid();')
           console.log(`[setupGrafana] ✅ Dashboard criado via SQLite: ${dashboardTitle} (ID: ${dashboardId})`)
         } catch (sqliteError) {
           console.error(`[setupGrafana] ❌ Erro ao criar dashboard via SQLite: ${sqliteError.message}`)
@@ -986,8 +1063,7 @@ async function setupGrafanaForApp(appName) {
 }
 async function getGrafanaClientConfig(apiTokenFromRequest) {
-  const runningInDocker = fs.existsSync('/.dockerenv')
-  const defaultGrafanaUrl = runningInDocker ? 'http://azify-grafana:3000' : 'http://127.0.0.1:3002'
+  const defaultGrafanaUrl = isLocalEnv ? 'http://127.0.0.1:3002' : 'http://azify-grafana:3000'
   const grafanaUrl = process.env.GRAFANA_URL || defaultGrafanaUrl
   const apiToken = apiTokenFromRequest || process.env.GRAFANA_API_TOKEN
@@ -1761,21 +1837,55 @@ async function handleLog(req, res) {
     ))
   )
-  if (shouldFilterLog) {
+  const isRequestOrResponse = messageLower.includes('[request]') || messageLower.includes('[response]')
+  const isAzifyHttpClientLog = (meta && meta.source === 'http-client') || isRequestOrResponse
+  if (!isAzifyHttpClientLog && shouldFilterLog) {
     return res.json({ success: true, message: 'Log filtrado' })
   }
+  if (isRequestOrResponse && process.env.AZIFY_LOGGER_DEBUG === '1') {
+    console.log('[azify-logger][server] REQUEST/RESPONSE received:', (typeof message === 'string' ? message : '').slice(0, 80))
+  }
+  if (isRequestOrResponse && meta && typeof meta === 'object' && meta.source !== 'http-client') {
+    meta = { ...meta, source: 'http-client' }
+  }
   const requestId = meta && meta.requestId
+  function toTraceIdHex32(val) {
+    if (val == null || typeof val !== 'string') return null
+    const hex = String(val).replace(/[^0-9a-fA-F]/g, '').slice(0, 32)
+    return hex ? hex.padStart(32, '0').slice(0, 32) : null
+  }
   let traceContext = null
   if (meta && meta.traceId && meta.spanId) {
-    traceContext = {
-      traceId: meta.traceId,
-      spanId: meta.spanId,
-      parentSpanId: meta.parentSpanId || null
+    const tid = toTraceIdHex32(meta.traceId)
+    if (tid) {
+      traceContext = {
+        traceId: tid,
+        spanId: String(meta.spanId).slice(0, 16),
+        parentSpanId: meta.parentSpanId != null && meta.parentSpanId !== '' ? String(meta.parentSpanId) : null
+      }
     }
-  } else {
+  }
+  if (!traceContext && typeof message === 'string' && /traceId/i.test(message)) {
+    const m = message.match(/"traceId"\s*:\s*"([^"]+)"/)
+    const s = message.match(/"spanId"\s*:\s*"([^"]+)"/)
+    if (m && m[1]) {
+      const tid = toTraceIdHex32(m[1])
+      if (tid) {
+        traceContext = {
+          traceId: tid,
+          spanId: (s && s[1]) ? String(s[1]).slice(0, 16) : generateSpanId(),
+          parentSpanId: null
+        }
+      }
+    }
+  }
+  if (!traceContext) {
     try {
       const extractedCtx = propagation.extract(context.active(), req.headers, {
         get (carrier, key) {
@@ -1792,8 +1902,8 @@ async function handleLog(req, res) {
       const spanContext = (span && span.spanContext && span.spanContext()) || null
       if (spanContext && spanContext.traceId && spanContext.spanId) {
         traceContext = {
-          traceId: spanContext.traceId,
-          spanId: spanContext.spanId,
+          traceId: toTraceIdHex32(spanContext.traceId) || String(spanContext.traceId).replace(/-/g, '').padStart(32, '0').slice(0, 32),
+          spanId: String(spanContext.spanId).slice(0, 16),
           parentSpanId: null
         }
       }
@@ -1916,6 +2026,16 @@ async function handleLog(req, res) {
             value = truncateBody(value, false)
           }
           logEntry[key] = value
+        } else if (key === 'error') {
+          if (value != null && typeof value === 'object' && !Array.isArray(value) && (value.message != null || value.stack != null || value.name != null)) {
+            logEntry.error = {
+              message: value.message != null ? String(value.message) : '',
+              stack: value.stack != null ? String(value.stack) : undefined,
+              name: value.name != null ? String(value.name) : undefined
+            }
+          } else if (value != null) {
+            logEntry.error = { message: String(value) }
+          }
         } else {
           logEntry[key] = value
         }
@@ -1924,60 +2044,161 @@ async function handleLog(req, res) {
   }
   logEntry.message = message
+  if (isRequestOrResponse) logEntry.source = 'http-client'
-  try {
-    const osUrl = process.env.OPENSEARCH_URL || 'http://localhost:9200'
-    const appName = logEntry.appName || logEntry.service?.name || 'unknown'
-    const serviceName = appName.toLowerCase().replace(/[^a-z0-9-]/g, '-')
-    const indexName = `logs-${serviceName}`
-    addSeenServiceName(serviceName)
-    await axios.post(`${osUrl}/${indexName}/_doc`, logEntry, {
-      headers: { 'Content-Type': 'application/json' }
-    })
+  const osUrl = process.env.OPENSEARCH_URL || 'http://localhost:9200'
+  const appName = logEntry.appName || logEntry.service?.name || 'unknown'
+  const serviceName = appName.toLowerCase().replace(/[^a-z0-9-]/g, '-')
+  const indexName = `logs-${serviceName}`
+  addSeenServiceName(serviceName)
-    console.log(`[setupGrafana] serviceName: ${serviceName}, appName: ${appName}`)
+  res.json({ success: true, message: 'Log enviado com sucesso', index: indexName })
-    if (serviceName !== 'unknown' && serviceName !== 'unknown-service') {
-      console.log(`[setupGrafana] Iniciando setup para app: ${serviceName}`)
-      setupGrafanaForApp(serviceName).then(() => {
-        console.log(`[setupGrafana] ✅ Setup concluído para ${serviceName}`)
-      }).catch((err) => {
-        const errorMsg = err?.response?.data?.message || err?.message || 'Erro desconhecido'
-        const status = err?.response?.status || 'N/A'
-        console.error(`[setupGrafana] ❌ Erro ao configurar Grafana para ${serviceName}: ${errorMsg} (status: ${status})`)
-        if (err?.stack) {
-          console.error(`[setupGrafana] Stack: ${err.stack.substring(0, 200)}`)
-        }
-      })
-    } else {
-      console.log(`[setupGrafana] ⚠️  Pulando setup para serviceName inválido: ${serviceName}`)
-    }
+  _enqueueOpenSearchWrite(osUrl, indexName, logEntry, serviceName)
+}
-    res.json({ success: true, message: 'Log enviado com sucesso', index: indexName })
-  } catch (error) {
-    const status = error?.response?.status
-    const errorMsg = error?.response?.data?.error?.reason ||
-      error?.response?.data?.message ||
-      error?.message ||
-      'Erro desconhecido'
-    console.error('❌ Falha ao enviar log para OpenSearch', {
-      status,
-      message: errorMsg
-    })
+const _openSearchWriteQueue = []
+let _openSearchWriteInFlight = 0
+const _openSearchWriteMaxConcurrent = 10
+const _openSearchWriteTimeout = 5000
+let _openSearchFailuresInRow = 0
+let _openSearchCircuitOpenUntil = 0
+let _openSearchCircuitRetryTimer = null
+const _openSearchCircuitThreshold = 5
+const _openSearchCircuitPauseMs = 30000
+const _openSearchQueueMaxLen = 2000
+const _logDedupeWindowMs = 5000
+const _logDedupeMaxKeys = 15000
+const _logDedupeSeen = new Map()
+const _logDedupeBucketMs = 80
+function _logDedupeKey(serviceName, logEntry) {
+  const msg = typeof logEntry.message === 'string' ? logEntry.message.substring(0, 500) : String(logEntry.message || '')
+  const msgLower = msg.toLowerCase()
+  const isReqRes = msgLower.includes('[request]') || msgLower.includes('[response]')
+  const traceId = logEntry.traceId != null ? String(logEntry.traceId).trim() : ''
+  const spanId = logEntry.spanId != null ? String(logEntry.spanId).trim() : ''
+  if (isReqRes) {
+    const kind = msgLower.includes('[request]') ? 'REQUEST' : 'RESPONSE'
+    if (traceId && spanId) return `r|${serviceName}|${traceId}|${spanId}|${kind}`
+    const ts = logEntry['@timestamp'] != null ? Number(logEntry['@timestamp']) : Date.now()
+    const bucket = Math.floor(ts / _logDedupeBucketMs) * _logDedupeBucketMs
+    return `r|${serviceName}|${bucket}|${kind}`
+  }
+  if (traceId && spanId) return `t|${serviceName}|${traceId}|${spanId}|${msg}`
+  const requestId = (logEntry.requestId != null ? String(logEntry.requestId).trim() : '') || ''
+  if (!requestId) return null
+  const ts = logEntry['@timestamp'] != null ? Number(logEntry['@timestamp']) : Date.now()
+  const bucket = Math.floor(ts / _logDedupeBucketMs) * _logDedupeBucketMs
+  return `b|${serviceName}|${requestId}|${msg}|${bucket}`
+}
-    if (error?.response?.data) {
-      try {
-        console.error('📦 Resposta OpenSearch:', JSON.stringify(error.response.data).substring(0, 2000))
-      } catch (_) {
-        console.error('📦 Resposta OpenSearch (raw):', error.response.data)
+function _enqueueOpenSearchWrite(osUrl, indexName, logEntry, serviceName) {
+  if (_openSearchWriteQueue.length >= _openSearchQueueMaxLen) {
+    if (!_enqueueOpenSearchWrite._lastQueueFullLog || Date.now() - _enqueueOpenSearchWrite._lastQueueFullLog > 60000) {
+      _enqueueOpenSearchWrite._lastQueueFullLog = Date.now()
+      console.warn('[opensearch] Fila cheia, log descartado (queue full). Verifique se o OpenSearch está acessível.')
+    }
+    return
+  }
+  const key = _logDedupeKey(serviceName, logEntry)
+  const now = Date.now()
+  if (key != null) {
+    if (_logDedupeSeen.size > _logDedupeMaxKeys) {
+      for (const [k, exp] of _logDedupeSeen) {
+        if (exp < now) _logDedupeSeen.delete(k)
       }
-    } else if (error?.code) {
-      console.error('⚙️  Código de erro:', error.code)
     }
+    const expiry = _logDedupeSeen.get(key)
+    if (expiry != null && expiry > now) return
+    _logDedupeSeen.set(key, now + _logDedupeWindowMs)
+  }
+  if (process.env.AZIFY_LOGGER_DEBUG === '1') {
+    const msg = typeof logEntry.message === 'string' ? logEntry.message : ''
+    if (msg.toLowerCase().includes('[request]') || msg.toLowerCase().includes('[response]')) {
+      console.log('[azify-logger][server] REQUEST/RESPONSE enqueued for OpenSearch:', msg.slice(0, 70))
+    }
+  }
+  _openSearchWriteQueue.push({ osUrl, indexName, logEntry, serviceName })
+  _drainOpenSearchQueue()
+}
-    res.status(500).json({ success: false, message: 'Erro ao enviar log para OpenSearch' })
+function _drainOpenSearchQueue() {
+  const now = Date.now()
+  if (now < _openSearchCircuitOpenUntil) return
+  if (now >= _openSearchCircuitOpenUntil && _openSearchCircuitOpenUntil > 0) {
+    _openSearchCircuitOpenUntil = 0
+    _openSearchFailuresInRow = 0
+    console.log('[opensearch] Retomando envio após pausa do circuit breaker')
+  }
+  while (_openSearchWriteInFlight < _openSearchWriteMaxConcurrent && _openSearchWriteQueue.length > 0) {
+    const job = _openSearchWriteQueue.shift()
+    if (!job) break
+    _openSearchWriteInFlight++
+    axios.post(`${job.osUrl}/${job.indexName}/_doc`, job.logEntry, {
+      headers: { 'Content-Type': 'application/json' },
+      timeout: _openSearchWriteTimeout
+    })
+      .then(() => {
+        _openSearchFailuresInRow = 0
+        if (process.env.AZIFY_LOGGER_DEBUG === '1') {
+          const msg = typeof job.logEntry.message === 'string' ? job.logEntry.message : ''
+          if (msg.toLowerCase().includes('[request]') || msg.toLowerCase().includes('[response]')) {
+            console.log('[azify-logger][server] REQUEST/RESPONSE written to OpenSearch index=', job.indexName, 'msg=', msg.slice(0, 60))
+          }
+        }
+        const SETUP_THROTTLE_MS = 10 * 60 * 1000
+        if (!handleLog._lastSetupTime) handleLog._lastSetupTime = new Map()
+        const last = handleLog._lastSetupTime.get(job.serviceName) || 0
+        const now = Date.now()
+        const shouldRunSetup = job.serviceName !== 'unknown' && job.serviceName !== 'unknown-service' && job.serviceName !== 'unknown-app' && (now - last >= SETUP_THROTTLE_MS)
+        if (shouldRunSetup) {
+          handleLog._lastSetupTime.set(job.serviceName, now)
+          setupGrafanaForApp(job.serviceName).then(() => {
+            if (process.env.NODE_ENV === 'development') console.log(`[setupGrafana] ✅ Setup concluído para ${job.serviceName}`)
+          }).catch((err) => {
+            const status = err?.response?.status
+            const msg = (err?.message || '').toString()
+            const isAuthOrSqlite = status === 401 || msg.includes('sqlite3') || msg.includes('Invalid username or password')
+            if (isAuthOrSqlite) {
+              handleLog._lastSetupTime.set(job.serviceName, now + 60 * 60 * 1000)
+            }
+            const errorMsg = err?.response?.data?.message || err?.message || 'Erro desconhecido'
+            console.error(`[setupGrafana] ❌ Erro ao configurar Grafana para ${job.serviceName}: ${errorMsg} (status: ${status || 'N/A'})`)
+            if (err?.stack) {
+              console.error(`[setupGrafana] Stack: ${err.stack.substring(0, 200)}`)
+            }
+          })
+        }
+      })
+      .catch((error) => {
+        _openSearchFailuresInRow++
+        if (_openSearchFailuresInRow >= _openSearchCircuitThreshold) {
+          _openSearchCircuitOpenUntil = Date.now() + _openSearchCircuitPauseMs
+          console.error('[opensearch] Indisponível, pausando envio por', _openSearchCircuitPauseMs / 1000, 's')
+          if (_openSearchCircuitRetryTimer == null) {
+            _openSearchCircuitRetryTimer = setTimeout(() => {
+              _openSearchCircuitRetryTimer = null
+              _drainOpenSearchQueue()
+            }, _openSearchCircuitPauseMs)
+            if (_openSearchCircuitRetryTimer.unref) _openSearchCircuitRetryTimer.unref()
+          }
+        }
+        if (_openSearchFailuresInRow <= 2) {
+          const status = error?.response?.status
+          const errorMsg = error?.response?.data?.error?.reason ||
+            error?.response?.data?.message ||
+            error?.message ||
+            'Erro desconhecido'
+          console.error('❌ Falha ao enviar log para OpenSearch', { status, message: errorMsg })
+          if (error?.code) console.error('⚙️  Código de erro:', error.code)
+        }
+      })
+      .finally(() => {
+        _openSearchWriteInFlight--
+        _drainOpenSearchQueue()
+      })
   }
 }
@@ -2003,24 +2224,37 @@ function extractServiceNamesFromTraceBody(body) {
   return names
 }
+function normalizeServiceNameForTempo(s) {
+  const t = String(s || '').trim().toLowerCase().replace(/[^a-z0-9-]/g, '-')
+  return t && t !== 'unknown' && t !== 'unknown-service' ? t : 'default'
+}
 app.post('/v1/traces', async (req, res) => {
   try {
     const names = extractServiceNamesFromTraceBody(req.body)
     for (const name of names) addSeenServiceName(name)
     if (req.body?.resourceSpans?.length) scheduleOtelCollectorConfigWrite()
-    const ep = process.env.OTEL_EXPORTER_OTLP_ENDPOINT || process.env.OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
-    let traceUrl = 'http://127.0.0.1:4318/v1/traces'
-    if (ep) {
-      try {
-        const u = new URL(ep)
-        traceUrl = ep.includes('/v1/') ? ep : `${u.origin.replace(/\/$/, '')}/v1/traces`
-      } catch (_) {}
+    const firstService = names.size ? normalizeServiceNameForTempo(Array.from(names)[0]) : 'default'
+    const headers = { 'Content-Type': 'application/json' }
+    if (firstService) headers['X-Scope-OrgID'] = firstService
+    let traceUrl
+    if (!isLocalEnv) {
+      traceUrl = 'http://tempo:4318/v1/traces'
+    } else {
+      const ep = process.env.OTEL_EXPORTER_OTLP_ENDPOINT || process.env.OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
+      traceUrl = 'http://127.0.0.1:4318/v1/traces'
+      if (ep) {
+        try {
+          const u = new URL(ep)
+          traceUrl = ep.includes('/v1/') ? ep : `${u.origin.replace(/\/$/, '')}/v1/traces`
+        } catch (_) {}
+      }
     }
     const response = await axios.post(traceUrl, req.body, {
-      headers: {
-        'Content-Type': 'application/json'
-      },
+      headers,
       data: req.body,
       timeout: 30000
     })
@@ -2092,8 +2326,7 @@ app.post('/dashboards/register', async (req, res) => {
     await setupGrafanaForApp(appName)
-    const runningInDocker = fs.existsSync('/.dockerenv')
-    const defaultGrafanaUrl = runningInDocker ? 'http://azify-grafana:3000' : 'http://127.0.0.1:3002'
+    const defaultGrafanaUrl = isLocalEnv ? 'http://127.0.0.1:3002' : 'http://azify-grafana:3000'
     const grafanaUrl = process.env.GRAFANA_URL || defaultGrafanaUrl
     const grafanaAdminUser = process.env.GRAFANA_ADMIN_USER || 'admin'
     const grafanaAdminPassword = process.env.GRAFANA_ADMIN_PASSWORD || process.env.GF_SECURITY_ADMIN_PASSWORD || 'admin'
@@ -2182,7 +2415,7 @@ app.post('/dashboards/register', async (req, res) => {
       {
         auth,
         headers: { 'X-Grafana-Org-Id': orgId, 'Content-Type': 'application/json' },
-        timeout: 10000
+        timeout: 5000
       }
     )
@@ -2212,23 +2445,38 @@ app.post('/dashboards/register', async (req, res) => {
   }
 })
+app.use((err, req, res, next) => {
+  console.error('[server] Erro não tratado:', err?.message || err)
+  if (err?.stack) console.error('[server] Stack:', err.stack)
+  if (!res.headersSent) {
+    res.status(500).json({ success: false, message: 'Internal Server Error', error: process.env.NODE_ENV === 'development' ? (err?.message || String(err)) : undefined })
+  }
+})
 const port = process.env.PORT || 3001
 app.listen(port, () => {
+  console.log('[startup] server listening on port', port, '- /health ready')
   setTimeout(() => writeOtelCollectorConfigIfEnabled().catch(() => {}), 3000)
-  setTimeout(async () => {
-    try {
-      const orgs = await fetchGrafanaOrgs()
-      const toSetup = orgs.filter((o) => o.id !== 1 && o.name && o.name.toLowerCase() !== 'main org')
-      if (setupGrafanaForApp._cache) setupGrafanaForApp._cache.clear()
-      for (const org of toSetup) {
-        await setupGrafanaForApp(org.name).catch((e) => console.warn('[setupGrafana] Reaplicar Tempo para org', org.name, ':', e?.message || e))
-      }
-      if (toSetup.length) await writeOtelCollectorConfigIfEnabled().catch(() => {})
-    } catch (e) {
-      console.warn('[setupGrafana] Reaplicar Tempo para todas as orgs:', e?.message || e)
-    }
-  }, 12000)
+  setTimeout(() => {
+    fetchGrafanaOrgs()
+      .then((orgs) => {
+        const toSetup = orgs.filter((o) => o.id !== 1 && o.name && o.name.toLowerCase() !== 'main org')
+        if (setupGrafanaForApp._cache) setupGrafanaForApp._cache.clear()
+        function runNext(i) {
+          if (i >= toSetup.length) {
+            if (toSetup.length) writeOtelCollectorConfigIfEnabled().catch(() => {})
+            return
+          }
+          setImmediate(() => {
+            setupGrafanaForApp(toSetup[i].name).catch((e) => console.warn('[setupGrafana] Reaplicar Tempo para org', toSetup[i].name, ':', e?.message || e))
+              .finally(() => setTimeout(() => runNext(i + 1), 1000))
+          })
+        }
+        runNext(0)
+      })
+      .catch((e) => console.warn('[setupGrafana] Reaplicar Tempo para todas as orgs:', e?.message || e))
+  }, 60000)
 })
 process.on('SIGTERM', () => {