npm - securenow - Versions diffs - 5.17.0 → 5.18.0 - Mend

securenow 5.17.0 → 5.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/NPM_README.md CHANGED Viewed

@@ -211,20 +211,6 @@ npx securenow logs --app <key> --minutes 30 --level error
 npx securenow logs trace <traceId>
 ```
-### Security Issues
-```bash
-# List all issues
-npx securenow issues
-npx securenow issues --status open
-# Show issue details with AI analysis
-npx securenow issues show <issue-id>
-# Resolve an issue
-npx securenow issues resolve <issue-id>
-```
 ### Notifications
 ```bash
@@ -382,21 +368,13 @@ You can also use the `SECURENOW_TOKEN` env var for per-terminal sessions without
 ```bash
 # Authenticate with a token in CI (env var — no file needed)
-SECURENOW_TOKEN=$MY_SECRET npx securenow issues --json
+SECURENOW_TOKEN=$MY_SECRET npx securenow logs --json
 # Or use login with explicit token
 npx securenow login --token $SECURENOW_TOKEN
 # Use --json for machine-readable output
-npx securenow issues --json | jq '.[] | select(.severity == "critical")'
-# Check for critical issues in a pipeline
-ISSUES=$(npx securenow issues --json --status open)
-CRITICAL=$(echo "$ISSUES" | jq '[.[] | select(.severity == "critical")] | length')
-if [ "$CRITICAL" -gt "0" ]; then
-  echo "Found $CRITICAL critical issues!"
-  exit 1
-fi
+npx securenow logs --json --level error | jq '.logs'
 ```
 ### Complete Command Reference
@@ -419,10 +397,7 @@ fi
 | | `logs trace <id>` | Logs for a trace |
 | | `analytics` | Response analytics |
 | | `status` | Dashboard overview |
-| **Detect** | `issues` | List issues |
-| | `issues show <id>` | Issue details |
-| | `issues resolve <id>` | Resolve issue |
-| | `notifications` | List notifications |
+| **Detect** | `notifications` | List notifications |
 | | `notifications unread` | Unread count |
 | | `notifications read <id>` | Mark read |
 | | `notifications read-all` | Mark all read |

package/README.md CHANGED Viewed

@@ -117,10 +117,9 @@ npx securenow apps create my-app
 # Set it as default so you don't need --app every time
 npx securenow config set defaultApp <key>
-# View traces, logs, issues
+# View traces, logs
 npx securenow traces
 npx securenow logs
-npx securenow issues
 # IP intelligence, forensic queries, blocklist
 npx securenow ip 1.2.3.4
@@ -295,9 +294,6 @@ Most users won't need this — just add `-r securenow/register` to your existing
 | Command | Description |
 |---------|-------------|
-| `securenow issues` | List security issues |
-| `securenow issues show <id>` | Show issue details and AI analysis |
-| `securenow issues resolve <id>` | Mark an issue as resolved |
 | `securenow notifications` | List notifications |
 | `securenow notifications unread` | Show unread count |
 | `securenow notifications read <id>` | Mark notification as read |

package/SKILL-CLI.md CHANGED Viewed

@@ -159,15 +159,6 @@ securenow logs list --app my-app --minutes 30 --level error
 securenow logs trace <traceId>               # logs correlated to a specific trace
 ```
-### Issues
-```bash
-securenow issues [--app <key>] [--status open|resolved]
-securenow issues list --status open
-securenow issues show <id>                   # full issue details
-securenow issues resolve <id>                # mark as resolved
-```
 ### Notifications
 ```bash
@@ -342,7 +333,7 @@ securenow ip traces <attacker-ip> --json
 securenow traces show <trace-id> --json
 securenow traces analyze <trace-id> --json
 # Decision: block the IP
-securenow blocklist add <attacker-ip> --reason "Automated: SQL injection from issue #<id>"
+securenow blocklist add <attacker-ip> --reason "Automated: SQL injection detected"
 ```
 #### Notification IP Investigation Statuses
@@ -387,7 +378,6 @@ securenow status --json
 securenow firewall status --json
 securenow blocklist stats --json
 securenow api-map stats --json
-securenow issues list --status open --json
 securenow forensics "summarize all attacks in the last 7 days"
 ```

package/cli/config.js CHANGED Viewed

@@ -62,12 +62,18 @@ function getAuthSource() {
 function loadConfig() {
   const global = loadJSON(CONFIG_FILE);
   const local = fs.existsSync(LOCAL_CONFIG_FILE) ? loadJSON(LOCAL_CONFIG_FILE) : {};
+  if (hasLocalCredentials()) {
+    const { defaultApp: _ignored, ...globalWithoutAccountScoped } = global;
+    return { ...DEFAULTS, ...globalWithoutAccountScoped, ...local };
+  }
   return { ...DEFAULTS, ...global, ...local };
 }
-function saveConfig(config) {
-  const existing = loadJSON(CONFIG_FILE);
-  saveJSON(CONFIG_FILE, { ...existing, ...config });
+function saveConfig(config, { local } = {}) {
+  const useLocal = local === true || (local == null && hasLocalCredentials());
+  const targetFile = useLocal ? LOCAL_CONFIG_FILE : CONFIG_FILE;
+  const existing = loadJSON(targetFile);
+  saveJSON(targetFile, { ...existing, ...config });
 }
 function getConfigValue(key) {

package/cli/monitor.js CHANGED Viewed

@@ -163,6 +163,24 @@ async function tracesAnalyze(args, flags) {
 // ── Logs ──
+// Parse a duration string like "6h", "30m", "2d", "90s" into minutes.
+// Returns null on unparseable input so the caller can error out clearly
+// instead of silently falling through to a default.
+function parseDurationToMinutes(value) {
+  if (value == null || value === '') return null;
+  const m = String(value).trim().match(/^(\d+)\s*(s|m|h|d)?$/i);
+  if (!m) return null;
+  const n = parseInt(m[1], 10);
+  const unit = (m[2] || 'm').toLowerCase();
+  if (unit === 's') return Math.max(1, Math.round(n / 60));
+  if (unit === 'm') return n;
+  if (unit === 'h') return n * 60;
+  if (unit === 'd') return n * 60 * 24;
+  return null;
+}
+const LOG_LEVELS = ['TRACE', 'DEBUG', 'INFO', 'WARN', 'WARNING', 'ERROR', 'FATAL'];
 async function logsList(args, flags) {
   requireAuth();
   const appKey = resolveApp(flags);
@@ -171,17 +189,42 @@ async function logsList(args, flags) {
     process.exit(1);
   }
+  let minutes = 60;
+  if (flags.since != null) {
+    const parsed = parseDurationToMinutes(flags.since);
+    if (parsed == null) {
+      ui.error(`Invalid --since value "${flags.since}". Expected e.g. 30m, 6h, 2d.`);
+      process.exit(1);
+    }
+    minutes = parsed;
+  } else if (flags.minutes != null) {
+    const n = parseInt(flags.minutes, 10);
+    if (isNaN(n) || n <= 0) {
+      ui.error(`Invalid --minutes value "${flags.minutes}".`);
+      process.exit(1);
+    }
+    minutes = n;
+  }
+  let severity = null;
+  if (flags.level) {
+    severity = String(flags.level).toUpperCase();
+    if (!LOG_LEVELS.includes(severity)) {
+      ui.error(`Invalid --level "${flags.level}". Expected one of: ${LOG_LEVELS.join(', ').toLowerCase()}.`);
+      process.exit(1);
+    }
+  }
   const s = ui.spinner('Fetching logs');
   try {
-    const minutes = parseInt(flags.minutes || '60', 10);
     const now = Date.now();
     const query = {
       appKeys: appKey,
-      limit: flags.limit || 50,
+      limit: flags.limit || 200,
       from: flags.start || new Date(now - minutes * 60 * 1000).toISOString(),
       to: flags.end || new Date(now).toISOString(),
     };
-    if (flags.level) query.severity = flags.level;
+    if (severity) query.severity = severity;
     const data = await api.get('/logs', { query });
     const logs = data.logs || [];
@@ -193,11 +236,12 @@ async function logsList(args, flags) {
     for (const log of logs) {
       const level = (log.severityText || log.level || 'INFO').toUpperCase();
       const levelColor = {
-        ERROR: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
-        INFO: ui.c.cyan, DEBUG: ui.c.dim,
+        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
+        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
       }[level] || ui.c.white;
-      const time = ui.c.dim(log.timestamp ? new Date(log.timestamp).toLocaleTimeString() : '');
+      const parsedTime = ui.parseTimestamp(log.timestamp);
+      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
       const body = log.body || log.message || log.severityText || '';
       console.log(`  ${time} ${levelColor(level.padEnd(7))} ${body}`);
@@ -233,11 +277,12 @@ async function logsTrace(args, flags) {
     for (const log of logs) {
       const level = (log.severityText || log.level || 'INFO').toUpperCase();
       const levelColor = {
-        ERROR: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
-        INFO: ui.c.cyan, DEBUG: ui.c.dim,
+        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
+        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
       }[level] || ui.c.white;
-      const time = ui.c.dim(log.timestamp ? new Date(log.timestamp).toLocaleTimeString() : '');
+      const parsedTime = ui.parseTimestamp(log.timestamp);
+      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
       console.log(`  ${time} ${levelColor(level.padEnd(7))} ${log.body || log.message || ''}`);
     }
     console.log('');
@@ -247,108 +292,6 @@ async function logsTrace(args, flags) {
   }
 }
-// ── Issues ──
-async function issuesList(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching issues');
-  try {
-    const query = {};
-    const appKey = resolveApp(flags);
-    if (appKey) query.serviceName = appKey;
-    if (flags.status) query.status = flags.status;
-    const data = await api.get('/issues', { query });
-    const issues = data.issues || [];
-    s.stop(`Found ${issues.length} issue${issues.length !== 1 ? 's' : ''}`);
-    if (flags.json) { ui.json(data); return; }
-    console.log('');
-    const rows = issues.map(i => [
-      ui.c.dim(ui.truncate(i._id, 12)),
-      ui.statusBadge(i.severity || i.level || 'medium'),
-      ui.statusBadge(i.status || 'open'),
-      ui.truncate(i.title || i.message || i.type || '', 50),
-      i.serviceName || '—',
-      i.count != null ? String(i.count) : '—',
-      ui.timeAgo(i.lastSeen || i.createdAt),
-    ]);
-    ui.table(['ID', 'Severity', 'Status', 'Title', 'App', 'Count', 'Last Seen'], rows);
-    if (data.total != null) {
-      console.log(ui.c.dim(`  Total: ${data.total}`));
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch issues');
-    throw err;
-  }
-}
-async function issuesShow(args, flags) {
-  requireAuth();
-  const id = args[0];
-  if (!id) {
-    ui.error('Issue ID required. Usage: securenow issues show <id>');
-    process.exit(1);
-  }
-  const s = ui.spinner('Fetching issue');
-  try {
-    const data = await api.get(`/issues/${id}`);
-    const issue = data.issue || data;
-    s.stop('Issue loaded');
-    if (flags.json) { ui.json(issue); return; }
-    console.log('');
-    ui.heading(issue.title || issue.type || `Issue ${id}`);
-    console.log('');
-    ui.keyValue([
-      ['ID', issue._id],
-      ['Status', ui.statusBadge(issue.status || 'open')],
-      ['Severity', ui.statusBadge(issue.severity || issue.level || 'medium')],
-      ['App', issue.serviceName || '—'],
-      ['Type', issue.type || '—'],
-      ['Count', issue.count != null ? String(issue.count) : '—'],
-      ['First Seen', issue.firstSeen ? new Date(issue.firstSeen).toLocaleString() : '—'],
-      ['Last Seen', issue.lastSeen ? new Date(issue.lastSeen).toLocaleString() : '—'],
-    ]);
-    if (issue.message || issue.description) {
-      ui.subheading('Description');
-      console.log(`\n  ${issue.message || issue.description}\n`);
-    }
-    if (issue.analysis) {
-      ui.subheading('AI Analysis');
-      console.log(`\n  ${issue.analysis}\n`);
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch issue');
-    throw err;
-  }
-}
-async function issuesResolve(args, flags) {
-  requireAuth();
-  const id = args[0];
-  if (!id) {
-    ui.error('Issue ID required. Usage: securenow issues resolve <id>');
-    process.exit(1);
-  }
-  const s = ui.spinner('Resolving issue');
-  try {
-    await api.patch(`/issues/${id}`, { status: 'resolved' });
-    s.stop('Issue resolved');
-  } catch (err) {
-    s.fail('Failed to resolve issue');
-    throw err;
-  }
-}
 // ── Notifications ──
@@ -489,9 +432,6 @@ module.exports = {
   tracesAnalyze,
   logsList,
   logsTrace,
-  issuesList,
-  issuesShow,
-  issuesResolve,
   notificationsList,
   notificationsRead,
   notificationsReadAll,

package/cli/ui.js CHANGED Viewed

@@ -266,9 +266,36 @@ function hr() {
   console.log(c.dim('─'.repeat(width)));
 }
+// Parses timestamps the backend returns in multiple formats:
+//   - UInt64 nanoseconds as a string (signoz logs) → "1775856777891000000"
+//   - ClickHouse DateTime64 string (signoz traces)  → "2026-04-10 21:34:51.133000000" (UTC, no Z)
+//   - ISO 8601                                       → "2026-04-10T21:34:51.133Z"
+//   - number (ms) / Date                              → passthrough
+function parseTimestamp(ts) {
+  if (ts == null || ts === '') return null;
+  if (ts instanceof Date) return isNaN(ts.getTime()) ? null : ts;
+  if (typeof ts === 'number') {
+    const d = new Date(ts);
+    return isNaN(d.getTime()) ? null : d;
+  }
+  const s = String(ts).trim();
+  if (/^\d{16,}$/.test(s)) {
+    const d = new Date(Number(s) / 1e6);
+    return isNaN(d.getTime()) ? null : d;
+  }
+  if (/^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/.test(s) && !/[zZ]|[+-]\d{2}:?\d{2}$/.test(s)) {
+    const isoish = s.replace(' ', 'T').replace(/\.(\d{3})\d*$/, '.$1') + 'Z';
+    const d = new Date(isoish);
+    if (!isNaN(d.getTime())) return d;
+  }
+  const d = new Date(s);
+  return isNaN(d.getTime()) ? null : d;
+}
 function timeAgo(dateStr) {
-  if (!dateStr) return '—';
-  const diff = Date.now() - new Date(dateStr).getTime();
+  const date = parseTimestamp(dateStr);
+  if (!date) return '—';
+  const diff = Date.now() - date.getTime();
   const seconds = Math.floor(diff / 1000);
   if (seconds < 60) return 'just now';
   const minutes = Math.floor(seconds / 60);
@@ -277,7 +304,7 @@ function timeAgo(dateStr) {
   if (hours < 24) return `${hours}h ago`;
   const days = Math.floor(hours / 24);
   if (days < 30) return `${days}d ago`;
-  return new Date(dateStr).toLocaleDateString();
+  return date.toLocaleDateString();
 }
 function truncate(str, len = 50) {
@@ -351,6 +378,7 @@ module.exports = {
   json,
   hr,
   timeAgo,
+  parseTimestamp,
   truncate,
   statusBadge,
   httpStatusColor,

package/cli.js CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 'use strict';
 const ui = require('./cli/ui');
@@ -90,21 +90,11 @@ const COMMANDS = {
     desc: 'View application logs',
     usage: 'securenow logs [options]',
     sub: {
-      list: { desc: 'List recent logs', flags: { app: 'App key', limit: 'Max results', minutes: 'Time window in minutes', level: 'Filter by level' }, run: (a, f) => require('./cli/monitor').logsList(a, f) },
+      list: { desc: 'List recent logs', flags: { app: 'App key', limit: 'Max results (default 200)', since: 'Time window (e.g. 30m, 6h, 2d)', minutes: 'Time window in minutes (alias for --since Nm)', level: 'Filter by level (error, warn, info, debug)', start: 'Start time (ISO 8601)', end: 'End time (ISO 8601)' }, run: (a, f) => require('./cli/monitor').logsList(a, f) },
       trace: { desc: 'Show logs for a trace', usage: 'securenow logs trace <traceId>', run: (a, f) => require('./cli/monitor').logsTrace(a, f) },
     },
     defaultSub: 'list',
   },
-  issues: {
-    desc: 'Manage security issues',
-    usage: 'securenow issues <subcommand> [options]',
-    sub: {
-      list: { desc: 'List issues', flags: { app: 'App key', status: 'Filter by status' }, run: (a, f) => require('./cli/monitor').issuesList(a, f) },
-      show: { desc: 'Show issue details', usage: 'securenow issues show <id>', run: (a, f) => require('./cli/monitor').issuesShow(a, f) },
-      resolve: { desc: 'Resolve an issue', usage: 'securenow issues resolve <id>', run: (a, f) => require('./cli/monitor').issuesResolve(a, f) },
-    },
-    defaultSub: 'list',
-  },
   notifications: {
     desc: 'Manage notifications',
     usage: 'securenow notifications <subcommand> [options]',
@@ -362,7 +352,7 @@ function showHelp(commandName) {
     'Authentication': ['login', 'logout', 'whoami'],
     'Applications': ['apps', 'init', 'status'],
     'Observe': ['traces', 'logs', 'analytics'],
-    'Detect & Respond': ['issues', 'notifications', 'alerts', 'fp'],
+    'Detect & Respond': ['notifications', 'alerts', 'fp'],
     'Investigate': ['ip', 'forensics', 'api-map'],
     'Firewall': ['firewall'],
     'Remediation': ['blocklist', 'allowlist', 'trusted'],

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "5.17.0",
+  "version": "5.18.0",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",