securenow 2.0.4 → 3.0.0

package/package.json

@@ -1,31 +1,28 @@
 {
-    "name": "securenow",
-    "version": "2.0.4",
-    "description": "Securenow for nodejs apps",
-    "main": "tracing.js",
-    "dependencies": {
-        "@opentelemetry/api": "^1.9.0",
-        "@opentelemetry/auto-instrumentations-node": "^0.40.3",
-        "@opentelemetry/exporter-trace-otlp-http": "^0.47.0",
-        "@opentelemetry/instrumentation-express": "^0.38.0",
-        "@opentelemetry/instrumentation-fastify": "^0.44.2",
-        "@opentelemetry/instrumentation-graphql": "^0.47.1",
-        "@opentelemetry/instrumentation-hapi": "^0.45.2",
-        "@opentelemetry/instrumentation-http": "^0.51.1",
-        "@opentelemetry/instrumentation-koa": "^0.47.1",
-        "@opentelemetry/instrumentation-mongodb": "^0.43.0",
-        "@opentelemetry/instrumentation-mysql": "^0.45.1",
-        "@opentelemetry/instrumentation-mysql2": "^0.45.2",
-        "@opentelemetry/instrumentation-nestjs-core": "^0.44.1",
-        "@opentelemetry/instrumentation-pg": "^0.51.1",
-        "@opentelemetry/instrumentation-redis": "^0.46.1",
-        "@opentelemetry/resources": "^1.30.1",
-        "@opentelemetry/sdk-node": "^0.47.0",
-        "@opentelemetry/semantic-conventions": "^1.30.0",
-        "uuid": "^9.0.1"
-    },
-    "scripts": {},
-    "keywords": [],
-    "author": "",
-    "license": "ISC"
+  "name": "securenow",
+  "version": "3.0.0",
+  "description": "Zero-config OpenTelemetry auto-instrumentation for Node",
+  "type": "commonjs",
+  "main": "register.js",
+  "exports": {
+    ".": "./register.js",
+    "./register": "./register.js",
+    "./tracing": "./tracing.js"
+  },
+  "files": [
+    "register.js",
+    "tracing.js",
+    "README.md"
+  ],
+  "dependencies": {
+    "@opentelemetry/api": "1.9.0",
+    "@opentelemetry/auto-instrumentations-node": "0.47.0",
+    "@opentelemetry/exporter-trace-otlp-http": "0.47.0",
+    "@opentelemetry/resources": "1.30.1",
+    "@opentelemetry/sdk-node": "0.47.0",
+    "@opentelemetry/semantic-conventions": "1.30.0",
+    "uuid": "^11.1.0"
+  },
+  "sideEffects": true,
+  "license": "ISC"
 }

package/register.js

@@ -0,0 +1,2 @@
+// tiny entry so users can always do: --require securenow/register
+require('./tracing');

package/tracing.js

@@ -1,46 +1,139 @@
-// tracing.js
-'use strict'
-const process = require('process');
-//OpenTelemetry
-const opentelemetry = require('@opentelemetry/sdk-node');
-const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
-//instrumentations
-const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
-const { ExpressInstrumentation } = require("@opentelemetry/instrumentation-express");
-const { HttpInstrumentation } = require("@opentelemetry/instrumentation-http");
+'use strict';
 
-const { v4: uuidv4 } = require('uuid');
+/**
+ * securenow/tracing.js
+ * Preload with: NODE_OPTIONS="--require securenow/register"  (or -r securenow/register via PM2)
+ * Env you can use:
+ *   - securenow_instance=http://host:4318         # base OTLP/HTTP endpoint (defaults to http://46.62.173.237:4318)
+ *   - OTEL_EXPORTER_OTLP_ENDPOINT=...             # alt base (will be used if securenow_instance not set)
+ *   - OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=...      # full traces URL (overrides base)
+ *   - OTEL_EXPORTER_OTLP_HEADERS="authorization=Bearer abc123,foo=bar"
+ *   - OTEL_SERVICE_NAME=your-service              # logical name (UUID suffix auto-appended)
+ *   - securenow_appid=your-appid                  # fallback logical name (UUID suffix auto-appended)
+ *   - SECURENOW_NO_UUID=1                         # disable UUID suffix
+ *   - SECURENOW_DISABLE_INSTRUMENTATIONS="@opentelemetry/instrumentation-mongodb,@opentelemetry/instrumentation-redis"
+ *   - OTEL_LOG_LEVEL=info|debug                   # OTel internal diagnostics
+ *   - SECURENOW_TEST_SPAN=1                       # emit a smoke-test span on startup
+ */
+
+const { diag, DiagConsoleLogger, DiagLogLevel } = require('@opentelemetry/api');
+
+// ---------- Diagnostics level ----------
+(() => {
+  const L = (process.env.OTEL_LOG_LEVEL || '').toLowerCase();
+  const level =
+    L === 'debug' ? DiagLogLevel.DEBUG :
+    L === 'info'  ? DiagLogLevel.INFO  :
+    L === 'warn'  ? DiagLogLevel.WARN  :
+    L === 'error' ? DiagLogLevel.ERROR :
+    DiagLogLevel.NONE;
+  diag.setLogger(new DiagConsoleLogger(), level);
+  console.log('[securenow] preload loaded');
+})();
+
+const { NodeSDK } = require('@opentelemetry/sdk-node');
+const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
 const { Resource } = require('@opentelemetry/resources');
 const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
+const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
+const { v4: uuidv4 } = require('uuid');
+
+// ---------- Show actual loaded OTel versions (helpful for debugging) ----------
+try {
+  const vApi = require('@opentelemetry/api/package.json').version;
+  const vSdk = require('@opentelemetry/sdk-node/package.json').version;
+  console.log('[securenow] otel versions → api:', vApi, 'sdk-node:', vSdk);
+} catch (e) {
+  console.log('[securenow] could not read otel versions', e && e.message);
+}
+
+// ---------- Endpoint config (HTTP/4318) ----------
+const endpointBase = (process.env.securenow_instance || process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'http://46.62.173.237:4318').replace(/\/$/, '');
+const tracesUrl = (process.env.OTEL_EXPORTER_OTLP_TRACES_ENDPOINT || `${endpointBase}/v1/traces`);
 
-const securenow_instance = process.env.securenow_instance || 'http://46.62.173.237:4318';
-const exporterOptions = {
-  url: securenow_instance+'/v1/traces'
+// ---------- Headers parsing ----------
+function parseOtelHeaders(str) {
+  const headers = {};
+  if (!str) return headers;
+  // split on comma; tolerate spaces
+  for (const raw of str.split(',')) {
+    const piece = raw.trim();
+    if (!piece) continue;
+    const eq = piece.indexOf('=');
+    if (eq === -1) continue;
+    const k = piece.slice(0, eq).trim();
+    const v = piece.slice(eq + 1).trim();
+    if (k) headers[k.toLowerCase()] = v;
+  }
+  return headers;
 }
+const headers = parseOtelHeaders(process.env.OTEL_EXPORTER_OTLP_HEADERS);
+
+// ---------- Service name with UUID rules ----------
+let serviceName;
+if (process.env.securenow_appid) {
+  serviceName = process.env.securenow_appid;
+} else {
+  // default can also be unique to avoid collisions
+  serviceName = `securenow-free-${uuidv4()}`;
+}
+
+// ---------- Disable instrumentations via env ----------
+const disabledList = (process.env.SECURENOW_DISABLE_INSTRUMENTATIONS || '')
+  .split(',')
+  .map(s => s.trim())
+  .filter(Boolean);
+const disabledMap = {};
+for (const name of disabledList) disabledMap[name] = { enabled: false };
 
-const traceExporter = new OTLPTraceExporter(exporterOptions);
-const sdk = new opentelemetry.NodeSDK({
+// ---------- Build exporter & SDK ----------
+const traceExporter = new OTLPTraceExporter({ url: tracesUrl, headers });
+
+const sdk = new NodeSDK({
   traceExporter,
-  instrumentations: [
-    // Auto-instrument many Node.js libraries and frameworks
-    getNodeAutoInstrumentations(),
-    // Add specific instrumentations that might not be covered by auto-instrumentation
-    new ExpressInstrumentation(), 
-    new HttpInstrumentation(),
-  ],
+  instrumentations: getNodeAutoInstrumentations({
+    // Merge disabled flags (keys must match package names)
+    ...disabledMap,
+  }),
   resource: new Resource({
-    [SemanticResourceAttributes.SERVICE_NAME]: process.env.securenow_appid || 'securenow-free-'+uuidv4()
-  })
+    [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
+    [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: process.env.NODE_ENV || 'development',
+    [SemanticResourceAttributes.SERVICE_VERSION]: process.env.npm_package_version || undefined,
+  }),
 });
-  
-// initialize the SDK and register with the OpenTelemetry API
-// this enables the API to record telemetry
-sdk.start()
-  
-// gracefully shut down the SDK on process exit
-process.on('SIGTERM', () => {
-  sdk.shutdown()
-  .then(() => console.log('Tracing terminated'))
-  .catch((error) => console.log('Error terminating tracing', error))
-  .finally(() => process.exit(0));
-});
+
+// ---------- Start (supports both sync/async start()) ----------
+(async () => {
+  try {
+    const res = sdk.start?.();          // may be undefined or a Promise
+    await Promise.resolve(res);         // normalize to Promise
+    console.log('[securenow] OTel SDK started →', tracesUrl);
+
+    // Optional smoke test to verify export path
+    if ((process.env.SECURENOW_TEST_SPAN || '') === '1') {
+      const api = require('@opentelemetry/api');
+      const tracer = api.trace.getTracer('securenow-smoke');
+      const span = tracer.startSpan('securenow.startup.smoke');
+      span.setAttribute('securenow.test', true);
+      span.end();
+      console.log('[securenow] emitted startup smoke span');
+    }
+  } catch (err) {
+    console.error('[securenow] OTel start failed:', (err && err.stack) || err);
+  }
+})();
+
+// ---------- Graceful shutdown (supports both sync/async shutdown()) ----------
+async function safeShutdown(sig) {
+  try {
+    const r = sdk.shutdown?.();         // may be undefined or a Promise
+    await Promise.resolve(r);
+    console.log(`[securenow] Tracing terminated on ${sig}`);
+  } catch (err) {
+    console.error('[securenow] Tracing shutdown error:', err);
+  } finally {
+    process.exit(0);
+  }
+}
+process.on('SIGINT',  () => safeShutdown('SIGINT'));
+process.on('SIGTERM', () => safeShutdown('SIGTERM'));