gateops-core 0.1.0

package/dist/index.mjs

@@ -0,0 +1,1176 @@
+import { v4 } from 'uuid';
+import Database from 'better-sqlite3';
+import { drizzle } from 'drizzle-orm/better-sqlite3';
+import { eq, like, gte, lte, and, desc, sql } from 'drizzle-orm';
+import { sqliteTable, integer, text } from 'drizzle-orm/sqlite-core';
+import * as fs2 from 'fs';
+import * as path from 'path';
+import axios2 from 'axios';
+import { Router } from 'express';
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// package.json
+var require_package = __commonJS({
+  "package.json"(exports$1, module) {
+    module.exports = {
+      name: "gateops-core",
+      version: "0.1.0",
+      description: "Lightweight API observability SDK for Express.js - Zero-config, privacy-first traffic monitoring",
+      main: "dist/index.js",
+      module: "dist/index.mjs",
+      types: "dist/index.d.ts",
+      bin: {
+        "gateops-init": "dist/bin/gateops-init.js"
+      },
+      files: [
+        "dist"
+      ],
+      scripts: {
+        build: "tsup",
+        dev: "tsup --watch",
+        test: "vitest",
+        "test:run": "vitest run",
+        lint: "eslint src --ext .ts",
+        format: "prettier --write src",
+        prepublishOnly: "npm run build"
+      },
+      keywords: [
+        "api",
+        "observability",
+        "monitoring",
+        "express",
+        "middleware",
+        "logging",
+        "debugging",
+        "documentation",
+        "swagger",
+        "openapi"
+      ],
+      author: "GateOps",
+      license: "MIT",
+      repository: {
+        type: "git",
+        url: "https://github.com/gateops/gateops-core"
+      },
+      engines: {
+        node: ">=18.0.0"
+      },
+      peerDependencies: {
+        express: "^4.18.0 || ^5.0.0"
+      },
+      dependencies: {
+        axios: "^1.6.0",
+        "better-sqlite3": "^11.0.0",
+        chalk: "^4.1.2",
+        commander: "^12.0.0",
+        "drizzle-orm": "^0.29.0",
+        inquirer: "^8.2.6",
+        uuid: "^9.0.0",
+        zod: "^3.22.0"
+      },
+      devDependencies: {
+        "@types/better-sqlite3": "^7.6.8",
+        "@types/express": "^4.17.21",
+        "@types/inquirer": "^8.2.10",
+        "@types/node": "^20.10.0",
+        "@types/uuid": "^9.0.7",
+        "drizzle-kit": "^0.20.0",
+        eslint: "^8.56.0",
+        express: "^4.18.2",
+        prettier: "^3.2.0",
+        tsup: "^8.0.0",
+        typescript: "^5.3.0",
+        vitest: "^1.2.0"
+      }
+    };
+  }
+});
+
+// src/config.ts
+var PANEL_BASE_URL = process.env.GATEOPS_PANEL_URL || "https://gateops.sleeksoulsmedia.com";
+var PANEL_ENDPOINTS = {
+  // Verify API key during initialization
+  VERIFY: "/api/sdk/verify",
+  // Send batched logs to Panel
+  LOGS: "/api/sdk/logs",
+  // Fetch remote configuration (optional)
+  CONFIG: "/api/sdk/config",
+  // Send discovered endpoints/routes
+  ENDPOINTS: "/api/sdk/endpoints",
+  // Heartbeat/health check
+  HEARTBEAT: "/api/sdk/heartbeat"
+};
+var SDK_DEFAULTS = {
+  // Buffer settings
+  BUFFER_MAX_SIZE: 50,
+  // Flush when buffer reaches this size
+  BUFFER_FLUSH_INTERVAL: 1e4,
+  // Flush every 10 seconds (ms)
+  // Payload limits
+  MAX_BODY_SIZE: 10240,
+  // 10KB max for req/res bodies
+  // Log retention
+  LOG_TTL_DAYS: 15,
+  // Auto-cleanup logs older than 15 days
+  // Retry settings
+  MAX_RETRY_ATTEMPTS: 3,
+  RETRY_DELAY_BASE: 1e3,
+  // Base delay for exponential backoff (ms)
+  // Database
+  DEFAULT_DB_PATH: ".gateops/data.sqlite",
+  BUFFER_FILE_PATH: ".gateops/buffer.json",
+  // Route prefix for exposed endpoints
+  ROUTE_PREFIX: "/.well-known/gateops"
+};
+var SENSITIVE_PATTERNS = {
+  // Field names to redact (case-insensitive)
+  FIELD_NAMES: [
+    "password",
+    "passwd",
+    "secret",
+    "token",
+    "apikey",
+    "api_key",
+    "api-key",
+    "authorization",
+    "auth",
+    "bearer",
+    "credential",
+    "private",
+    "ssn",
+    "credit_card",
+    "creditcard",
+    "card_number",
+    "cvv",
+    "pin"
+  ],
+  // Regex patterns for value-based detection
+  VALUE_PATTERNS: {
+    // Credit card (basic pattern)
+    CREDIT_CARD: /\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g,
+    // SSN pattern
+    SSN: /\b\d{3}[-]?\d{2}[-]?\d{4}\b/g
+  },
+  // Replacement text
+  REDACTED: "[REDACTED]",
+  MASKED_CARD: "****-****-****-****"
+};
+function getPanelUrl(endpoint) {
+  return `${PANEL_BASE_URL}${PANEL_ENDPOINTS[endpoint]}`;
+}
+
+// src/db/schema.ts
+var schema_exports = {};
+__export(schema_exports, {
+  config: () => config,
+  endpoints: () => endpoints,
+  trafficLogs: () => trafficLogs
+});
+var trafficLogs = sqliteTable("gateops_traffic_logs", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  // Unique identifier for request tracing
+  trace_id: text("trace_id").notNull(),
+  // Request info
+  endpoint: text("endpoint").notNull(),
+  method: text("method").notNull(),
+  status: integer("status").notNull(),
+  duration_ms: integer("duration_ms").notNull(),
+  // Headers (JSON strings)
+  req_headers: text("req_headers"),
+  res_headers: text("res_headers"),
+  // Bodies (JSON strings, sanitized, max 10KB each)
+  req_body: text("req_body"),
+  res_body: text("res_body"),
+  // Additional context
+  query_params: text("query_params"),
+  ip_address: text("ip_address"),
+  user_agent: text("user_agent"),
+  // Timestamp (stored as Unix timestamp)
+  created_at: integer("created_at", { mode: "timestamp" }).notNull()
+});
+var endpoints = sqliteTable("gateops_endpoints", {
+  id: integer("id").primaryKey({ autoIncrement: true }),
+  // Route identification (unique constraint on path + method)
+  path: text("path").notNull(),
+  method: text("method").notNull(),
+  // Inferred request/response schema (JSON string)
+  // Deep inference captures nested structures
+  detected_schema: text("detected_schema"),
+  // List of middleware names (JSON array)
+  middleware_names: text("middleware_names"),
+  // Last time this endpoint was hit
+  last_seen: integer("last_seen", { mode: "timestamp" }).notNull()
+});
+var config = sqliteTable("gateops_config", {
+  // Unique key name
+  key: text("key").primaryKey(),
+  // Value as JSON string
+  value: text("value").notNull(),
+  // When this config was last updated
+  updated_at: integer("updated_at", { mode: "timestamp" })
+});
+var db = null;
+var sqliteDb = null;
+function getDatabase(dbPath) {
+  if (db) {
+    return db;
+  }
+  const resolvedPath = dbPath || process.env.GATEOPS_DB_PATH || SDK_DEFAULTS.DEFAULT_DB_PATH;
+  const absolutePath = path.isAbsolute(resolvedPath) ? resolvedPath : path.join(process.cwd(), resolvedPath);
+  const dir = path.dirname(absolutePath);
+  if (!fs2.existsSync(dir)) {
+    fs2.mkdirSync(dir, { recursive: true });
+  }
+  sqliteDb = new Database(absolutePath);
+  sqliteDb.pragma("journal_mode = WAL");
+  db = drizzle(sqliteDb, { schema: schema_exports });
+  return db;
+}
+function initializeSchema(database) {
+  const targetDb = database || getDatabase();
+  targetDb.run(sql`
+    CREATE TABLE IF NOT EXISTS gateops_traffic_logs (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      trace_id TEXT NOT NULL,
+      endpoint TEXT NOT NULL,
+      method TEXT NOT NULL,
+      status INTEGER NOT NULL,
+      duration_ms INTEGER NOT NULL,
+      req_headers TEXT,
+      res_headers TEXT,
+      req_body TEXT,
+      res_body TEXT,
+      query_params TEXT,
+      ip_address TEXT,
+      user_agent TEXT,
+      created_at INTEGER NOT NULL
+    )
+  `);
+  targetDb.run(sql`
+    CREATE INDEX IF NOT EXISTS idx_traffic_logs_created_at 
+    ON gateops_traffic_logs(created_at)
+  `);
+  targetDb.run(sql`
+    CREATE INDEX IF NOT EXISTS idx_traffic_logs_endpoint 
+    ON gateops_traffic_logs(endpoint, method)
+  `);
+  targetDb.run(sql`
+    CREATE INDEX IF NOT EXISTS idx_traffic_logs_status 
+    ON gateops_traffic_logs(status)
+  `);
+  targetDb.run(sql`
+    CREATE TABLE IF NOT EXISTS gateops_endpoints (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      path TEXT NOT NULL,
+      method TEXT NOT NULL,
+      detected_schema TEXT,
+      middleware_names TEXT,
+      last_seen INTEGER NOT NULL,
+      UNIQUE(path, method)
+    )
+  `);
+  targetDb.run(sql`
+    CREATE TABLE IF NOT EXISTS gateops_config (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL,
+      updated_at INTEGER
+    )
+  `);
+}
+function closeDatabase() {
+  if (sqliteDb) {
+    sqliteDb.close();
+    sqliteDb = null;
+    db = null;
+  }
+}
+function cleanupOldLogs(ttlDays = SDK_DEFAULTS.LOG_TTL_DAYS) {
+  const database = getDatabase();
+  const cutoffDate = /* @__PURE__ */ new Date();
+  cutoffDate.setDate(cutoffDate.getDate() - ttlDays);
+  const result = database.run(sql`
+    DELETE FROM gateops_traffic_logs 
+    WHERE created_at < ${Math.floor(cutoffDate.getTime() / 1e3)}
+  `);
+  return result.changes;
+}
+var BUFFER_VERSION = "1.0.0";
+function getBufferFilePath() {
+  return path.join(process.cwd(), SDK_DEFAULTS.BUFFER_FILE_PATH);
+}
+function saveToDisk(logs) {
+  if (logs.length === 0) {
+    return true;
+  }
+  try {
+    const filePath = getBufferFilePath();
+    const dir = path.dirname(filePath);
+    if (!fs2.existsSync(dir)) {
+      fs2.mkdirSync(dir, { recursive: true });
+    }
+    const state = {
+      logs,
+      savedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      version: BUFFER_VERSION
+    };
+    fs2.writeFileSync(filePath, JSON.stringify(state, null, 2), "utf-8");
+    return true;
+  } catch (error) {
+    console.error("[GateOps] Failed to save buffer to disk:", error);
+    return false;
+  }
+}
+function loadFromDisk() {
+  try {
+    const filePath = getBufferFilePath();
+    if (!fs2.existsSync(filePath)) {
+      return [];
+    }
+    const content = fs2.readFileSync(filePath, "utf-8");
+    const state = JSON.parse(content);
+    if (state.version !== BUFFER_VERSION) {
+      console.warn("[GateOps] Buffer file version mismatch, skipping recovery");
+      clearDiskBuffer();
+      return [];
+    }
+    const logs = state.logs.map((log) => ({
+      ...log,
+      created_at: new Date(log.created_at)
+    }));
+    console.log(`[GateOps] Recovered ${logs.length} logs from disk buffer`);
+    return logs;
+  } catch (error) {
+    console.error("[GateOps] Failed to load buffer from disk:", error);
+    return [];
+  }
+}
+function clearDiskBuffer() {
+  try {
+    const filePath = getBufferFilePath();
+    if (fs2.existsSync(filePath)) {
+      fs2.unlinkSync(filePath);
+    }
+    return true;
+  } catch (error) {
+    console.error("[GateOps] Failed to clear disk buffer:", error);
+    return false;
+  }
+}
+function hasDiskBuffer() {
+  return fs2.existsSync(getBufferFilePath());
+}
+var BufferManager = class {
+  buffer = [];
+  flushInterval = null;
+  isInitialized = false;
+  isFlushing = false;
+  maxSize;
+  intervalMs;
+  localOnly;
+  username;
+  apiKey;
+  constructor() {
+    this.maxSize = SDK_DEFAULTS.BUFFER_MAX_SIZE;
+    this.intervalMs = SDK_DEFAULTS.BUFFER_FLUSH_INTERVAL;
+    this.localOnly = false;
+    this.username = "";
+    this.apiKey = "";
+  }
+  /**
+   * Initialize the buffer manager
+   */
+  initialize(options = {}) {
+    if (this.isInitialized) {
+      return;
+    }
+    this.maxSize = options.maxSize || SDK_DEFAULTS.BUFFER_MAX_SIZE;
+    this.intervalMs = options.intervalMs || SDK_DEFAULTS.BUFFER_FLUSH_INTERVAL;
+    this.localOnly = options.localOnly || false;
+    this.username = options.username || process.env.GATEOPS_USERNAME || "";
+    this.apiKey = options.apiKey || process.env.GATEOPS_API_KEY || "";
+    this.recoverFromDisk();
+    this.startFlushInterval();
+    this.registerShutdownHandlers();
+    this.isInitialized = true;
+  }
+  /**
+   * Push a log entry to the buffer
+   */
+  push(log) {
+    this.buffer.push(log);
+    if (this.buffer.length >= this.maxSize) {
+      this.flush();
+    }
+  }
+  /**
+   * Flush the buffer to database and Panel
+   */
+  async flush() {
+    if (this.isFlushing || this.buffer.length === 0) {
+      return;
+    }
+    this.isFlushing = true;
+    const logsToFlush = [...this.buffer];
+    this.buffer = [];
+    try {
+      await this.writeToDatabase(logsToFlush);
+      if (!this.localOnly && this.username && this.apiKey) {
+        await this.sendToPanel(logsToFlush);
+      }
+      clearDiskBuffer();
+    } catch (error) {
+      console.error("[GateOps] Flush failed:", error);
+      this.buffer = [...logsToFlush, ...this.buffer];
+      saveToDisk(this.buffer);
+    } finally {
+      this.isFlushing = false;
+    }
+  }
+  /**
+   * Write logs to local SQLite database
+   */
+  async writeToDatabase(logs) {
+    const db2 = getDatabase();
+    for (const log of logs) {
+      await db2.insert(trafficLogs).values({
+        trace_id: log.trace_id,
+        endpoint: log.endpoint,
+        method: log.method,
+        status: log.status,
+        duration_ms: log.duration_ms,
+        req_headers: log.req_headers,
+        res_headers: log.res_headers,
+        req_body: log.req_body,
+        res_body: log.res_body,
+        query_params: log.query_params,
+        ip_address: log.ip_address,
+        user_agent: log.user_agent,
+        created_at: log.created_at
+      });
+    }
+  }
+  /**
+   * Send logs to Panel API
+   */
+  async sendToPanel(logs) {
+    const url = getPanelUrl("LOGS");
+    try {
+      await axios2.post(url, {
+        logs: logs.map((log) => ({
+          ...log,
+          created_at: log.created_at.toISOString()
+        }))
+      }, {
+        headers: {
+          "Content-Type": "application/json",
+          "x-gateops-username": this.username,
+          "x-gateops-api-key": this.apiKey
+        },
+        timeout: 1e4
+        // 10 second timeout
+      });
+    } catch (error) {
+      console.warn(
+        "[GateOps] Failed to send logs to Panel:",
+        axios2.isAxiosError(error) ? error.message : error
+      );
+    }
+  }
+  /**
+   * Recover logs from disk buffer
+   */
+  recoverFromDisk() {
+    if (hasDiskBuffer()) {
+      const recoveredLogs = loadFromDisk();
+      if (recoveredLogs.length > 0) {
+        this.buffer = [...recoveredLogs, ...this.buffer];
+        clearDiskBuffer();
+        setTimeout(() => this.flush(), 1e3);
+      }
+    }
+  }
+  /**
+   * Start the periodic flush interval
+   */
+  startFlushInterval() {
+    if (this.flushInterval) {
+      clearInterval(this.flushInterval);
+    }
+    this.flushInterval = setInterval(() => {
+      this.flush();
+    }, this.intervalMs);
+    this.flushInterval.unref();
+  }
+  /**
+   * Register handlers for graceful shutdown
+   */
+  registerShutdownHandlers() {
+    const gracefulShutdown = () => {
+      if (this.buffer.length > 0) {
+        saveToDisk(this.buffer);
+      }
+      this.flush();
+      if (this.flushInterval) {
+        clearInterval(this.flushInterval);
+      }
+    };
+    process.on("SIGINT", gracefulShutdown);
+    process.on("SIGTERM", gracefulShutdown);
+    process.on("beforeExit", gracefulShutdown);
+    process.on("uncaughtException", (error) => {
+      console.error("[GateOps] Uncaught exception, saving buffer to disk:", error);
+      saveToDisk(this.buffer);
+    });
+  }
+  /**
+   * Get current buffer size
+   */
+  getSize() {
+    return this.buffer.length;
+  }
+  /**
+   * Shutdown the buffer manager
+   */
+  shutdown() {
+    if (this.flushInterval) {
+      clearInterval(this.flushInterval);
+      this.flushInterval = null;
+    }
+    if (this.buffer.length > 0) {
+      saveToDisk(this.buffer);
+    }
+    this.isInitialized = false;
+  }
+};
+var buffer = new BufferManager();
+
+// src/sanitizer.ts
+function sanitize(data, maxSize = SDK_DEFAULTS.MAX_BODY_SIZE, customFields = []) {
+  if (data === null || data === void 0) {
+    return data;
+  }
+  const sensitiveFields = [
+    ...SENSITIVE_PATTERNS.FIELD_NAMES,
+    ...customFields.map((f) => f.toLowerCase())
+  ];
+  const sanitized = deepSanitize(data, sensitiveFields);
+  const jsonString = JSON.stringify(sanitized);
+  if (jsonString.length > maxSize) {
+    return {
+      _truncated: true,
+      _originalSize: jsonString.length,
+      _message: `Payload exceeded ${maxSize} bytes, truncated`,
+      _preview: jsonString.substring(0, 500) + "..."
+    };
+  }
+  return sanitized;
+}
+function deepSanitize(data, sensitiveFields) {
+  if (typeof data !== "object" || data === null) {
+    if (typeof data === "string") {
+      return sanitizeString(data);
+    }
+    return data;
+  }
+  if (Array.isArray(data)) {
+    return data.map((item) => deepSanitize(item, sensitiveFields));
+  }
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    const lowerKey = key.toLowerCase();
+    if (sensitiveFields.some((field) => lowerKey.includes(field))) {
+      result[key] = SENSITIVE_PATTERNS.REDACTED;
+    } else if (typeof value === "object" && value !== null) {
+      result[key] = deepSanitize(value, sensitiveFields);
+    } else if (typeof value === "string") {
+      result[key] = sanitizeString(value);
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function sanitizeString(value) {
+  let sanitized = value;
+  sanitized = sanitized.replace(
+    SENSITIVE_PATTERNS.VALUE_PATTERNS.CREDIT_CARD,
+    SENSITIVE_PATTERNS.MASKED_CARD
+  );
+  sanitized = sanitized.replace(
+    SENSITIVE_PATTERNS.VALUE_PATTERNS.SSN,
+    SENSITIVE_PATTERNS.REDACTED
+  );
+  return sanitized;
+}
+function safeStringify(obj, maxSize) {
+  if (obj === void 0 || obj === null) {
+    return void 0;
+  }
+  try {
+    const seen = /* @__PURE__ */ new WeakSet();
+    const result = JSON.stringify(obj, (key, value) => {
+      if (typeof value === "object" && value !== null) {
+        if (seen.has(value)) {
+          return "[Circular]";
+        }
+        seen.add(value);
+      }
+      if (typeof value === "bigint") {
+        return value.toString();
+      }
+      if (typeof value === "function") {
+        return "[Function]";
+      }
+      return value;
+    });
+    if (maxSize && result.length > maxSize) {
+      return result.substring(0, maxSize) + "...[truncated]";
+    }
+    return result;
+  } catch (error) {
+    return "[Unable to stringify]";
+  }
+}
+function sanitizeHeaders(headers) {
+  const sensitiveHeaders = [
+    "authorization",
+    "cookie",
+    "set-cookie",
+    "x-api-key",
+    "x-auth-token",
+    "x-access-token",
+    "proxy-authorization"
+  ];
+  const result = {};
+  for (const [key, value] of Object.entries(headers)) {
+    if (sensitiveHeaders.includes(key.toLowerCase())) {
+      result[key] = SENSITIVE_PATTERNS.REDACTED;
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
+// src/middleware.ts
+function createMiddleware(options = {}) {
+  const isEnabled = options.enabled ?? process.env.GATEOPS_ENABLED !== "false";
+  if (!isEnabled) {
+    return (_req, _res, next) => {
+      next();
+    };
+  }
+  initializeSchema();
+  buffer.initialize({
+    maxSize: options.bufferSize || SDK_DEFAULTS.BUFFER_MAX_SIZE,
+    intervalMs: options.flushInterval || SDK_DEFAULTS.BUFFER_FLUSH_INTERVAL,
+    localOnly: options.localOnly,
+    username: process.env.GATEOPS_USERNAME,
+    apiKey: process.env.GATEOPS_API_KEY
+  });
+  const excludePaths = /* @__PURE__ */ new Set([
+    ...options.excludePaths || [],
+    SDK_DEFAULTS.ROUTE_PREFIX,
+    // Don't log our own routes
+    "/.well-known/gateops"
+  ]);
+  const maxBodySize = options.maxBodySize || SDK_DEFAULTS.MAX_BODY_SIZE;
+  const sensitiveFields = options.sensitiveFields || [];
+  return function gateopsMiddleware(req, res, next) {
+    if (shouldExclude(req.path, excludePaths)) {
+      return next();
+    }
+    const traceId = v4();
+    const startTime = Date.now();
+    req.gateops = {
+      traceId,
+      startTime
+    };
+    const chunks = [];
+    const originalWrite = res.write.bind(res);
+    const originalEnd = res.end.bind(res);
+    res.write = function(chunk, encodingOrCallback, callback) {
+      if (chunk) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+      }
+      if (typeof encodingOrCallback === "function") {
+        return originalWrite(chunk, encodingOrCallback);
+      }
+      return originalWrite(chunk, encodingOrCallback, callback);
+    };
+    res.end = function(chunk, encodingOrCallback, callback) {
+      if (chunk) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+      }
+      const duration = Date.now() - startTime;
+      const responseBody = Buffer.concat(chunks).toString("utf-8");
+      const log = createLogEntry(
+        req,
+        res,
+        traceId,
+        duration,
+        responseBody,
+        maxBodySize,
+        sensitiveFields
+      );
+      buffer.push(log);
+      if (typeof encodingOrCallback === "function") {
+        return originalEnd(chunk, encodingOrCallback);
+      }
+      return originalEnd(chunk, encodingOrCallback, callback);
+    };
+    next();
+  };
+}
+function shouldExclude(path3, excludePaths) {
+  if (excludePaths.has(path3)) {
+    return true;
+  }
+  for (const excluded of excludePaths) {
+    if (path3.startsWith(excluded)) {
+      return true;
+    }
+  }
+  return false;
+}
+function createLogEntry(req, res, traceId, duration, responseBody, maxBodySize, sensitiveFields) {
+  let reqBody = req.body;
+  if (typeof reqBody === "object") {
+    reqBody = sanitize(reqBody, maxBodySize, sensitiveFields);
+  }
+  let resBody;
+  try {
+    resBody = JSON.parse(responseBody);
+    resBody = sanitize(resBody, maxBodySize, sensitiveFields);
+  } catch {
+    resBody = responseBody.length > maxBodySize ? responseBody.substring(0, maxBodySize) + "...[truncated]" : responseBody;
+  }
+  const ip = req.ip || req.headers["x-forwarded-for"]?.toString().split(",")[0] || req.socket?.remoteAddress || "unknown";
+  return {
+    trace_id: traceId,
+    endpoint: req.path,
+    method: req.method,
+    status: res.statusCode,
+    duration_ms: duration,
+    req_headers: safeStringify(sanitizeHeaders(req.headers)),
+    res_headers: safeStringify(sanitizeHeaders(res.getHeaders())),
+    req_body: safeStringify(reqBody, maxBodySize),
+    res_body: safeStringify(resBody, maxBodySize),
+    query_params: safeStringify(req.query),
+    ip_address: ip,
+    user_agent: req.headers["user-agent"],
+    created_at: /* @__PURE__ */ new Date()
+  };
+}
+var middleware_default = createMiddleware;
+var router = Router();
+function authenticate(req, res, next) {
+  const username = req.headers["x-gateops-username"];
+  const apiKey = req.headers["x-gateops-api-key"];
+  const expectedUsername = process.env.GATEOPS_USERNAME;
+  const expectedApiKey = process.env.GATEOPS_API_KEY;
+  if (!expectedUsername || !expectedApiKey) {
+    res.status(503).json({
+      error: "GateOps not configured",
+      message: "GATEOPS_USERNAME and GATEOPS_API_KEY must be set"
+    });
+    return;
+  }
+  if (username !== expectedUsername || apiKey !== expectedApiKey) {
+    res.status(401).json({
+      error: "Unauthorized",
+      message: "Invalid credentials"
+    });
+    return;
+  }
+  next();
+}
+router.use(authenticate);
+router.get("/health", (_req, res) => {
+  res.json({
+    status: "ok",
+    version: require_package().version,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+});
+router.get("/logs", async (req, res) => {
+  try {
+    const db2 = getDatabase();
+    const page = Math.max(1, parseInt(req.query.page) || 1);
+    const limit = Math.min(100, Math.max(1, parseInt(req.query.limit) || 50));
+    const offset = (page - 1) * limit;
+    let query = db2.select().from(trafficLogs);
+    const conditions = [];
+    if (req.query.status) {
+      conditions.push(eq(trafficLogs.status, parseInt(req.query.status)));
+    }
+    if (req.query.method) {
+      conditions.push(eq(trafficLogs.method, req.query.method.toUpperCase()));
+    }
+    if (req.query.endpoint) {
+      conditions.push(like(trafficLogs.endpoint, `%${req.query.endpoint}%`));
+    }
+    if (req.query.from) {
+      conditions.push(gte(trafficLogs.created_at, new Date(req.query.from)));
+    }
+    if (req.query.to) {
+      conditions.push(lte(trafficLogs.created_at, new Date(req.query.to)));
+    }
+    if (req.query.minDuration) {
+      conditions.push(gte(trafficLogs.duration_ms, parseInt(req.query.minDuration)));
+    }
+    const results = await query.where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(trafficLogs.created_at)).limit(limit).offset(offset);
+    const countResult = await db2.select({ count: trafficLogs.id }).from(trafficLogs).where(conditions.length > 0 ? and(...conditions) : void 0);
+    const total = countResult.length;
+    res.json({
+      logs: results,
+      pagination: {
+        page,
+        limit,
+        total,
+        totalPages: Math.ceil(total / limit)
+      }
+    });
+  } catch (error) {
+    console.error("[GateOps] Error fetching logs:", error);
+    res.status(500).json({ error: "Failed to fetch logs" });
+  }
+});
+router.get("/logs/:traceId", async (req, res) => {
+  try {
+    const db2 = getDatabase();
+    const result = await db2.select().from(trafficLogs).where(eq(trafficLogs.trace_id, req.params.traceId)).limit(1);
+    if (result.length === 0) {
+      res.status(404).json({ error: "Log not found" });
+      return;
+    }
+    res.json(result[0]);
+  } catch (error) {
+    console.error("[GateOps] Error fetching log:", error);
+    res.status(500).json({ error: "Failed to fetch log" });
+  }
+});
+router.get("/endpoints", async (_req, res) => {
+  try {
+    const db2 = getDatabase();
+    const results = await db2.select().from(endpoints).orderBy(endpoints.path);
+    res.json({
+      endpoints: results,
+      total: results.length
+    });
+  } catch (error) {
+    console.error("[GateOps] Error fetching endpoints:", error);
+    res.status(500).json({ error: "Failed to fetch endpoints" });
+  }
+});
+router.get("/config", async (_req, res) => {
+  try {
+    const db2 = getDatabase();
+    const results = await db2.select().from(config);
+    const configObj = {};
+    for (const row of results) {
+      try {
+        configObj[row.key] = JSON.parse(row.value);
+      } catch {
+        configObj[row.key] = row.value;
+      }
+    }
+    res.json({
+      config: configObj,
+      defaults: {
+        bufferSize: SDK_DEFAULTS.BUFFER_MAX_SIZE,
+        flushInterval: SDK_DEFAULTS.BUFFER_FLUSH_INTERVAL,
+        maxBodySize: SDK_DEFAULTS.MAX_BODY_SIZE,
+        logTtlDays: SDK_DEFAULTS.LOG_TTL_DAYS
+      }
+    });
+  } catch (error) {
+    console.error("[GateOps] Error fetching config:", error);
+    res.status(500).json({ error: "Failed to fetch config" });
+  }
+});
+router.get("/stats", async (_req, res) => {
+  try {
+    const db2 = getDatabase();
+    const logsCount = await db2.select().from(trafficLogs);
+    const endpointsCount = await db2.select().from(endpoints);
+    const errors = logsCount.filter((l) => l.status >= 500);
+    const avgDuration = logsCount.length > 0 ? logsCount.reduce((sum, l) => sum + l.duration_ms, 0) / logsCount.length : 0;
+    res.json({
+      totalLogs: logsCount.length,
+      totalEndpoints: endpointsCount.length,
+      errorCount: errors.length,
+      errorRate: logsCount.length > 0 ? (errors.length / logsCount.length * 100).toFixed(2) + "%" : "0%",
+      avgDurationMs: Math.round(avgDuration)
+    });
+  } catch (error) {
+    console.error("[GateOps] Error fetching stats:", error);
+    res.status(500).json({ error: "Failed to fetch stats" });
+  }
+});
+function scanRoutes(app) {
+  const routes = [];
+  const expressApp = app;
+  if (!expressApp._router) {
+    console.warn("[GateOps] No router found on app. Routes will be discovered on first request.");
+    return routes;
+  }
+  traverseStack(expressApp._router.stack, "", routes);
+  return routes;
+}
+function traverseStack(stack, basePath, routes) {
+  for (const layer of stack) {
+    if (layer.route) {
+      const routePath = joinPaths(basePath, layer.route.path);
+      const methods = Object.keys(layer.route.methods).filter((m) => layer.route.methods[m]).map((m) => m.toUpperCase());
+      const middlewareNames = layer.route.stack.map((l) => l.name).filter((n) => n && n !== "<anonymous>");
+      for (const method of methods) {
+        routes.push({
+          path: normalizePath(routePath),
+          method,
+          middleware_names: JSON.stringify(middlewareNames),
+          last_seen: /* @__PURE__ */ new Date()
+        });
+      }
+    } else if (layer.name === "router" && layer.handle) {
+      const routerPath = getLayerPath(layer);
+      const nestedRouter = layer.handle;
+      if (nestedRouter.stack) {
+        traverseStack(
+          nestedRouter.stack,
+          joinPaths(basePath, routerPath),
+          routes
+        );
+      }
+    }
+  }
+}
+function getLayerPath(layer) {
+  if (layer.path) {
+    return layer.path;
+  }
+  if (layer.regexp) {
+    const match = layer.regexp.toString().match(/^\/\^(.*?)\\\//);
+    if (match) {
+      return match[1].replace(/\\\//g, "/");
+    }
+  }
+  return "";
+}
+function joinPaths(base, path3) {
+  if (!base) return path3;
+  if (!path3) return base;
+  const normalizedBase = base.endsWith("/") ? base.slice(0, -1) : base;
+  const normalizedPath = path3.startsWith("/") ? path3 : `/${path3}`;
+  return normalizedBase + normalizedPath;
+}
+function normalizePath(path3) {
+  return path3.replace(/:(\w+)/g, "{$1}");
+}
+async function syncRoutesToDatabase(routes) {
+  const db2 = getDatabase();
+  const now = /* @__PURE__ */ new Date();
+  for (const route of routes) {
+    try {
+      const existing = await db2.select().from(endpoints).where(and(
+        eq(endpoints.path, route.path),
+        eq(endpoints.method, route.method)
+      )).limit(1);
+      if (existing.length > 0) {
+        await db2.update(endpoints).set({
+          last_seen: now,
+          middleware_names: route.middleware_names
+        }).where(and(
+          eq(endpoints.path, route.path),
+          eq(endpoints.method, route.method)
+        ));
+      } else {
+        await db2.insert(endpoints).values({
+          path: route.path,
+          method: route.method,
+          middleware_names: route.middleware_names,
+          last_seen: now
+        });
+      }
+    } catch (error) {
+      console.error(`[GateOps] Failed to sync route ${route.method} ${route.path}:`, error);
+    }
+  }
+}
+async function getEndpoints() {
+  const db2 = getDatabase();
+  const rows = await db2.select().from(endpoints);
+  return rows.map((row) => ({
+    id: row.id,
+    path: row.path,
+    method: row.method,
+    detected_schema: row.detected_schema || void 0,
+    middleware_names: row.middleware_names || void 0,
+    last_seen: row.last_seen
+  }));
+}
+async function verifyCredentials(username, apiKey) {
+  try {
+    const response = await axios2.post(
+      getPanelUrl("VERIFY"),
+      { username },
+      {
+        headers: {
+          "Content-Type": "application/json",
+          "x-gateops-username": username,
+          "x-gateops-api-key": apiKey
+        },
+        timeout: 1e4
+      }
+    );
+    return response.data;
+  } catch (error) {
+    if (axios2.isAxiosError(error)) {
+      if (error.response?.status === 401) {
+        return {
+          success: false,
+          message: "Invalid credentials"
+        };
+      }
+      return {
+        success: false,
+        message: error.message
+      };
+    }
+    return {
+      success: false,
+      message: "Connection failed"
+    };
+  }
+}
+async function sendLogs(logs, username, apiKey, retryCount = 0) {
+  try {
+    const response = await axios2.post(
+      getPanelUrl("LOGS"),
+      {
+        logs: logs.map((log) => ({
+          ...log,
+          created_at: log.created_at instanceof Date ? log.created_at.toISOString() : log.created_at
+        }))
+      },
+      {
+        headers: {
+          "Content-Type": "application/json",
+          "x-gateops-username": username,
+          "x-gateops-api-key": apiKey
+        },
+        timeout: 15e3
+      }
+    );
+    return response.data;
+  } catch (error) {
+    if (retryCount < SDK_DEFAULTS.MAX_RETRY_ATTEMPTS) {
+      const delay = SDK_DEFAULTS.RETRY_DELAY_BASE * Math.pow(2, retryCount);
+      await sleep(delay);
+      return sendLogs(logs, username, apiKey, retryCount + 1);
+    }
+    if (axios2.isAxiosError(error)) {
+      return {
+        success: false,
+        received: 0,
+        message: error.message
+      };
+    }
+    return {
+      success: false,
+      received: 0,
+      message: "Failed to send logs"
+    };
+  }
+}
+async function sendEndpoints(routes, username, apiKey) {
+  try {
+    await axios2.post(
+      getPanelUrl("ENDPOINTS"),
+      {
+        endpoints: routes.map((r) => ({
+          path: r.path,
+          method: r.method,
+          detected_schema: r.detected_schema,
+          middleware_names: r.middleware_names,
+          last_seen: r.last_seen instanceof Date ? r.last_seen.toISOString() : r.last_seen
+        }))
+      },
+      {
+        headers: {
+          "Content-Type": "application/json",
+          "x-gateops-username": username,
+          "x-gateops-api-key": apiKey
+        },
+        timeout: 1e4
+      }
+    );
+    return true;
+  } catch (error) {
+    console.warn(
+      "[GateOps] Failed to send endpoints to Panel:",
+      axios2.isAxiosError(error) ? error.message : error
+    );
+    return false;
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/index.ts
+var routesScanned = false;
+function init(options = {}) {
+  const middleware = middleware_default(options);
+  return function gateopsInit(req, res, next) {
+    if (options.exposeRoutes !== false && req.app && !req.app._gateopsRoutesRegistered) {
+      req.app.use(SDK_DEFAULTS.ROUTE_PREFIX, router);
+      req.app._gateopsRoutesRegistered = true;
+    }
+    return middleware(req, res, next);
+  };
+}
+async function scan(app) {
+  if (routesScanned) {
+    return;
+  }
+  const routes = scanRoutes(app);
+  if (routes.length === 0) {
+    console.warn("[GateOps] No routes found. Make sure to call scan() after registering routes.");
+    return;
+  }
+  console.log(`[GateOps] Discovered ${routes.length} routes`);
+  await syncRoutesToDatabase(routes);
+  const username = process.env.GATEOPS_USERNAME;
+  const apiKey = process.env.GATEOPS_API_KEY;
+  if (username && apiKey) {
+    await sendEndpoints(routes, username, apiKey);
+  }
+  routesScanned = true;
+}
+async function flush() {
+  await buffer.flush();
+}
+function shutdown() {
+  buffer.shutdown();
+}
+var gateops = {
+  init,
+  scan,
+  flush,
+  shutdown
+};
+var index_default = gateops;
+
+export { PANEL_ENDPOINTS, SDK_DEFAULTS, buffer, cleanupOldLogs, closeDatabase, index_default as default, flush, router as gateopsRouter, getDatabase, getEndpoints, getPanelUrl, init, initializeSchema, safeStringify, sanitize, sanitizeHeaders, scan, scanRoutes, sendEndpoints, sendLogs, shutdown, syncRoutesToDatabase, verifyCredentials };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map