securenow 5.17.1 → 6.0.0

package/cli/monitor.js

@@ -1,545 +0,0 @@
-'use strict';
-
-const { api, requireAuth } = require('./client');
-const config = require('./config');
-const ui = require('./ui');
-
-function resolveApp(flags) {
-  return flags.app || config.getDefaultApp();
-}
-
-// ── Traces ──
-
-async function tracesList(args, flags) {
-  requireAuth();
-  const appKey = resolveApp(flags);
-  if (!appKey) {
-    ui.error('No app specified. Use --app <key> or set a default with `securenow config set defaultApp <key>`');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching traces');
-  try {
-    const query = {
-      appKeys: appKey,
-      limit: flags.limit || 20,
-    };
-    if (flags.start) query.from = flags.start;
-    if (flags.end) query.to = flags.end;
-
-    const data = await api.get('/traces', { query });
-    const traces = data.traces || [];
-    s.stop(`Found ${traces.length} trace${traces.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(traces); return; }
-
-    console.log('');
-    const rows = traces.map(t => [
-      ui.c.dim(ui.truncate(t.traceID || t.traceId || t._id, 16)),
-      t.operationName || t.name || t.serviceName || '—',
-      ui.httpStatusColor(t.statusCode || t.httpStatusCode || t.responseStatusCode || '—'),
-      ui.durationColor(t.durationNano ? t.durationNano / 1e6 : t.duration),
-      t.httpMethod || t.method || '—',
-      ui.truncate(t.httpUrl || t.url || t.httpRoute || '', 40),
-      ui.timeAgo(t.timestamp),
-    ]);
-
-    ui.table(['Trace ID', 'Operation', 'Status', 'Duration', 'Method', 'URL', 'Time'], rows);
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch traces');
-    throw err;
-  }
-}
-
-async function tracesShow(args, flags) {
-  requireAuth();
-  const traceId = args[0];
-  if (!traceId) {
-    ui.error('Trace ID is required. Usage: securenow traces show <traceId>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching trace details');
-  try {
-    const appKey = resolveApp(flags);
-    const traceQuery = appKey ? { appKeys: appKey } : {};
-    const data = await api.get(`/traces/${traceId}`, { query: traceQuery });
-    s.stop('Trace loaded');
-
-    if (flags.json) { ui.json(data); return; }
-
-    const spans = data.spans || [];
-    console.log('');
-    ui.heading(`Trace ${data.traceId || traceId}`);
-
-    if (spans.length) {
-      ui.subheading(`Spans (${spans.length})`);
-      console.log('');
-      const rows = spans.map(span => [
-        ui.c.dim(ui.truncate(span.spanID || span.spanId, 16)),
-        span.operationName || span.name || '—',
-        ui.httpStatusColor(span.statusCode || span.responseStatusCode || '—'),
-        ui.durationColor(span.durationNano ? span.durationNano / 1e6 : span.duration),
-        span.kind || '—',
-      ]);
-      ui.table(['Span ID', 'Operation', 'Status', 'Duration', 'Kind'], rows);
-    } else {
-      console.log('');
-      ui.info('No spans found for this trace.');
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch trace');
-    throw err;
-  }
-}
-
-async function tracesAnalyze(args, flags) {
-  requireAuth();
-  const traceId = args[0];
-  if (!traceId) {
-    ui.error('Trace ID is required. Usage: securenow traces analyze <traceId>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Analyzing trace with AI');
-  try {
-    let result = await api.post('/traces/analyze', { traceId });
-
-    if (result.analysisId && result.status === 'running') {
-      const analysisId = result.analysisId;
-      for (let i = 0; i < 120; i++) {
-        await new Promise(r => setTimeout(r, 3000));
-        result = await api.get(`/traces/analyze/${analysisId}`);
-        if (result.status === 'completed' || result.status === 'failed') break;
-      }
-      if (result.status === 'failed') throw new Error(result.error || 'Analysis failed');
-      if (result.status === 'running') throw new Error('Analysis timed out');
-    }
-
-    s.stop('Analysis complete');
-
-    if (flags.json) { ui.json(result); return; }
-
-    const analysis = result.analysis;
-    console.log('');
-    ui.heading('AI Trace Analysis');
-    console.log('');
-
-    if (typeof analysis === 'object' && analysis !== null) {
-      if (analysis.summary) {
-        ui.subheading('Summary');
-        console.log(`\n  ${analysis.summary}\n`);
-      }
-      if (analysis.riskLevel) {
-        console.log(`  ${ui.c.bold('Risk Level:')} ${ui.statusBadge(analysis.riskLevel)}\n`);
-      }
-      if (analysis.securityIssues?.length) {
-        ui.subheading('Security Issues');
-        console.log('');
-        analysis.securityIssues.forEach((issue, i) => {
-          console.log(`  ${i + 1}. ${typeof issue === 'string' ? issue : issue.description || JSON.stringify(issue)}`);
-        });
-        console.log('');
-      }
-      if (analysis.recommendations?.length) {
-        ui.subheading('Recommendations');
-        console.log('');
-        analysis.recommendations.forEach((rec, i) => {
-          console.log(`  ${i + 1}. ${typeof rec === 'string' ? rec : rec.description || JSON.stringify(rec)}`);
-        });
-        console.log('');
-      }
-    } else {
-      console.log(analysis || JSON.stringify(result, null, 2));
-      console.log('');
-    }
-  } catch (err) {
-    s.fail('Analysis failed');
-    throw err;
-  }
-}
-
-// ── Logs ──
-
-// Parse a duration string like "6h", "30m", "2d", "90s" into minutes.
-// Returns null on unparseable input so the caller can error out clearly
-// instead of silently falling through to a default.
-function parseDurationToMinutes(value) {
-  if (value == null || value === '') return null;
-  const m = String(value).trim().match(/^(\d+)\s*(s|m|h|d)?$/i);
-  if (!m) return null;
-  const n = parseInt(m[1], 10);
-  const unit = (m[2] || 'm').toLowerCase();
-  if (unit === 's') return Math.max(1, Math.round(n / 60));
-  if (unit === 'm') return n;
-  if (unit === 'h') return n * 60;
-  if (unit === 'd') return n * 60 * 24;
-  return null;
-}
-
-const LOG_LEVELS = ['TRACE', 'DEBUG', 'INFO', 'WARN', 'WARNING', 'ERROR', 'FATAL'];
-
-async function logsList(args, flags) {
-  requireAuth();
-  const appKey = resolveApp(flags);
-  if (!appKey) {
-    ui.error('No app specified. Use --app <key> or set a default.');
-    process.exit(1);
-  }
-
-  let minutes = 60;
-  if (flags.since != null) {
-    const parsed = parseDurationToMinutes(flags.since);
-    if (parsed == null) {
-      ui.error(`Invalid --since value "${flags.since}". Expected e.g. 30m, 6h, 2d.`);
-      process.exit(1);
-    }
-    minutes = parsed;
-  } else if (flags.minutes != null) {
-    const n = parseInt(flags.minutes, 10);
-    if (isNaN(n) || n <= 0) {
-      ui.error(`Invalid --minutes value "${flags.minutes}".`);
-      process.exit(1);
-    }
-    minutes = n;
-  }
-
-  let severity = null;
-  if (flags.level) {
-    severity = String(flags.level).toUpperCase();
-    if (!LOG_LEVELS.includes(severity)) {
-      ui.error(`Invalid --level "${flags.level}". Expected one of: ${LOG_LEVELS.join(', ').toLowerCase()}.`);
-      process.exit(1);
-    }
-  }
-
-  const s = ui.spinner('Fetching logs');
-  try {
-    const now = Date.now();
-    const query = {
-      appKeys: appKey,
-      limit: flags.limit || 200,
-      from: flags.start || new Date(now - minutes * 60 * 1000).toISOString(),
-      to: flags.end || new Date(now).toISOString(),
-    };
-    if (severity) query.severity = severity;
-
-    const data = await api.get('/logs', { query });
-    const logs = data.logs || [];
-    s.stop(`Found ${logs.length} log${logs.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(logs); return; }
-
-    console.log('');
-    for (const log of logs) {
-      const level = (log.severityText || log.level || 'INFO').toUpperCase();
-      const levelColor = {
-        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
-        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
-      }[level] || ui.c.white;
-
-      const parsedTime = ui.parseTimestamp(log.timestamp);
-      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
-      const body = log.body || log.message || log.severityText || '';
-
-      console.log(`  ${time} ${levelColor(level.padEnd(7))} ${body}`);
-
-      if (log.traceId && flags.verbose) {
-        console.log(`  ${ui.c.dim(`  trace=${log.traceId} span=${log.spanId || ''}`)}`);
-      }
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch logs');
-    throw err;
-  }
-}
-
-async function logsTrace(args, flags) {
-  requireAuth();
-  const traceId = args[0];
-  if (!traceId) {
-    ui.error('Trace ID required. Usage: securenow logs trace <traceId>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching logs for trace');
-  try {
-    const data = await api.get(`/logs/trace/${traceId}`);
-    const logs = data.logs || [];
-    s.stop(`Found ${logs.length} log${logs.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(logs); return; }
-
-    console.log('');
-    for (const log of logs) {
-      const level = (log.severityText || log.level || 'INFO').toUpperCase();
-      const levelColor = {
-        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
-        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
-      }[level] || ui.c.white;
-
-      const parsedTime = ui.parseTimestamp(log.timestamp);
-      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
-      console.log(`  ${time} ${levelColor(level.padEnd(7))} ${log.body || log.message || ''}`);
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch logs');
-    throw err;
-  }
-}
-
-// ── Issues ──
-
-async function issuesList(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching issues');
-  try {
-    const query = {};
-    const appKey = resolveApp(flags);
-    if (appKey) query.serviceName = appKey;
-    if (flags.status) query.status = flags.status;
-
-    const data = await api.get('/issues', { query });
-    const issues = data.issues || [];
-    s.stop(`Found ${issues.length} issue${issues.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(data); return; }
-
-    console.log('');
-    const rows = issues.map(i => [
-      ui.c.dim(ui.truncate(i._id, 12)),
-      ui.statusBadge(i.severity || i.level || 'medium'),
-      ui.statusBadge(i.status || 'open'),
-      ui.truncate(i.title || i.message || i.type || '', 50),
-      i.serviceName || '—',
-      i.count != null ? String(i.count) : '—',
-      ui.timeAgo(i.lastSeen || i.createdAt),
-    ]);
-
-    ui.table(['ID', 'Severity', 'Status', 'Title', 'App', 'Count', 'Last Seen'], rows);
-    if (data.total != null) {
-      console.log(ui.c.dim(`  Total: ${data.total}`));
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch issues');
-    throw err;
-  }
-}
-
-async function issuesShow(args, flags) {
-  requireAuth();
-  const id = args[0];
-  if (!id) {
-    ui.error('Issue ID required. Usage: securenow issues show <id>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching issue');
-  try {
-    const data = await api.get(`/issues/${id}`);
-    const issue = data.issue || data;
-    s.stop('Issue loaded');
-
-    if (flags.json) { ui.json(issue); return; }
-
-    console.log('');
-    ui.heading(issue.title || issue.type || `Issue ${id}`);
-    console.log('');
-    ui.keyValue([
-      ['ID', issue._id],
-      ['Status', ui.statusBadge(issue.status || 'open')],
-      ['Severity', ui.statusBadge(issue.severity || issue.level || 'medium')],
-      ['App', issue.serviceName || '—'],
-      ['Type', issue.type || '—'],
-      ['Count', issue.count != null ? String(issue.count) : '—'],
-      ['First Seen', issue.firstSeen ? new Date(issue.firstSeen).toLocaleString() : '—'],
-      ['Last Seen', issue.lastSeen ? new Date(issue.lastSeen).toLocaleString() : '—'],
-    ]);
-
-    if (issue.message || issue.description) {
-      ui.subheading('Description');
-      console.log(`\n  ${issue.message || issue.description}\n`);
-    }
-
-    if (issue.analysis) {
-      ui.subheading('AI Analysis');
-      console.log(`\n  ${issue.analysis}\n`);
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch issue');
-    throw err;
-  }
-}
-
-async function issuesResolve(args, flags) {
-  requireAuth();
-  const id = args[0];
-  if (!id) {
-    ui.error('Issue ID required. Usage: securenow issues resolve <id>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Resolving issue');
-  try {
-    await api.patch(`/issues/${id}`, { status: 'resolved' });
-    s.stop('Issue resolved');
-  } catch (err) {
-    s.fail('Failed to resolve issue');
-    throw err;
-  }
-}
-
-// ── Notifications ──
-
-async function notificationsList(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching notifications');
-  try {
-    const query = { limit: flags.limit || 20, page: flags.page || 1 };
-    const data = await api.get('/notifications', { query });
-    const notifications = data.notifications || [];
-    const pagination = data.pagination;
-    s.stop(`Found ${notifications.length} notification${notifications.length !== 1 ? 's' : ''}${pagination ? ` (page ${pagination.page}/${pagination.totalPages})` : ''}`);
-
-    if (flags.json) { ui.json(data); return; }
-
-    console.log('');
-    const rows = notifications.map(n => [
-      ui.c.dim(ui.truncate(n._id, 12)),
-      ui.statusBadge(n.read ? 'read' : 'unread'),
-      ui.truncate(n.title || n.message || n.type || '', 50),
-      n.ip || '—',
-      n.severity ? ui.statusBadge(n.severity) : '—',
-      ui.timeAgo(n.createdAt),
-    ]);
-
-    ui.table(['ID', 'Status', 'Title', 'IP', 'Severity', 'Time'], rows);
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch notifications');
-    throw err;
-  }
-}
-
-async function notificationsRead(args, flags) {
-  requireAuth();
-  const id = args[0];
-  if (!id) {
-    ui.error('Notification ID required. Usage: securenow notifications read <id>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Marking as read');
-  try {
-    await api.put(`/notifications/${id}/read`);
-    s.stop('Notification marked as read');
-  } catch (err) {
-    s.fail('Failed to mark notification');
-    throw err;
-  }
-}
-
-async function notificationsReadAll() {
-  requireAuth();
-  const s = ui.spinner('Marking all as read');
-  try {
-    await api.put('/notifications/read-all');
-    s.stop('All notifications marked as read');
-  } catch (err) {
-    s.fail('Failed to mark notifications');
-    throw err;
-  }
-}
-
-async function notificationsUnread() {
-  requireAuth();
-  try {
-    const data = await api.get('/notifications/unread-count');
-    const count = data.count ?? 0;
-    console.log(`\n  ${ui.c.bold(String(count))} unread notification${count !== 1 ? 's' : ''}\n`);
-  } catch (err) {
-    throw err;
-  }
-}
-
-// ── Status / Dashboard Overview ──
-
-async function status(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching dashboard overview');
-  try {
-    const [appsData, unreadData] = await Promise.all([
-      api.get('/applications'),
-      api.get('/notifications/unread-count').catch(() => ({ count: 0 })),
-    ]);
-
-    const apps = appsData.applications || [];
-    s.stop('Dashboard loaded');
-
-    console.log('');
-    ui.heading('SecureNow Dashboard');
-    console.log('');
-
-    ui.keyValue([
-      ['Applications', String(apps.length)],
-      ['Unread Alerts', String(unreadData.count ?? 0)],
-    ]);
-
-    if (apps.length > 0) {
-      ui.subheading('Applications');
-      console.log('');
-      const rows = apps.map(app => [
-        app.name,
-        ui.c.dim(app.key),
-        app.hosts?.length ? app.hosts.join(', ') : ui.c.dim('—'),
-      ]);
-      ui.table(['Name', 'Key', 'Hosts'], rows);
-    }
-
-    const appKey = resolveApp(flags);
-    if (appKey) {
-      try {
-        const protectionData = await api.get('/applications/protection-status');
-        const statuses = protectionData.statuses;
-        if (statuses && Object.keys(statuses).length > 0) {
-          ui.subheading('Protection Status');
-          console.log('');
-          const rows = Object.entries(statuses).map(([id, s]) => [
-            ui.c.dim(ui.truncate(id, 12)),
-            s.protected ? ui.c.green('● protected') : ui.c.red('○ unprotected'),
-            String(s.traceCount || 0),
-            s.lastTrace ? ui.timeAgo(s.lastTrace) : ui.c.dim('—'),
-          ]);
-          ui.table(['App ID', 'Status', 'Traces (15m)', 'Last Trace'], rows);
-        }
-      } catch {}
-    }
-
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to load dashboard');
-    throw err;
-  }
-}
-
-module.exports = {
-  tracesList,
-  tracesShow,
-  tracesAnalyze,
-  logsList,
-  logsTrace,
-  issuesList,
-  issuesShow,
-  issuesResolve,
-  notificationsList,
-  notificationsRead,
-  notificationsReadAll,
-  notificationsUnread,
-  status,
-};

package/cli/run.js

@@ -1,133 +0,0 @@
-'use strict';
-
-const { spawn } = require('child_process');
-const path = require('path');
-const fs = require('fs');
-const ui = require('./ui');
-
-function isESM(scriptPath) {
-  if (scriptPath.endsWith('.mjs')) return true;
-  if (scriptPath.endsWith('.cjs')) return false;
-
-  let dir = path.resolve(path.dirname(scriptPath));
-  while (true) {
-    const pkgPath = path.join(dir, 'package.json');
-    if (fs.existsSync(pkgPath)) {
-      try {
-        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-        return pkg.type === 'module';
-      } catch { return false; }
-    }
-    const parent = path.dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  return false;
-}
-
-function resolveSecurenowRegister() {
-  // When running from the published package, securenow/register resolves to our own register.js.
-  // When running from the monorepo, resolve relative to this file.
-  try {
-    return require.resolve('securenow/register');
-  } catch {
-    return path.resolve(__dirname, '..', 'register.js');
-  }
-}
-
-function resolveESMHook() {
-  // --import uses ESM resolution which requires file:// URLs for absolute paths
-  // on Windows. Using the bare specifier lets Node's own resolver handle it.
-  try {
-    const resolved = require.resolve('@opentelemetry/instrumentation/hook.mjs');
-    const { pathToFileURL } = require('url');
-    return pathToFileURL(resolved).href;
-  } catch {
-    return '@opentelemetry/instrumentation/hook.mjs';
-  }
-}
-
-/**
- * securenow run [node-flags...] <script> [app-args...]
- *
- * Spawns node with the correct OTel preload flags.
- * Passes through Node flags (--watch, --inspect, etc.) and app arguments.
- *
- * We re-parse from process.argv directly so that flags like --watch and
- * --inspect are forwarded to node verbatim (the CLI's own arg parser
- * would otherwise consume them).
- */
-function run(rawArgs) {
-  // rawArgs comes directly from process.argv, everything after `run` (or the file path)
-  if (!rawArgs || rawArgs.length === 0) {
-    ui.error('Missing script path.');
-    console.log('');
-    console.log(`  ${ui.c.bold('Usage:')} securenow run [node-flags] <script> [app-args]`);
-    console.log('');
-    console.log(`  ${ui.c.bold('Examples:')}`);
-    console.log(`    securenow run src/index.js`);
-    console.log(`    securenow run --watch src/index.js`);
-    console.log(`    securenow run --inspect src/server.js --port 3000`);
-    console.log('');
-    process.exit(1);
-  }
-
-  const args = rawArgs;
-
-  // Split into: node flags (before the script), script path, and app args (after)
-  const nodeFlags = [];
-  let scriptIdx = -1;
-
-  for (let i = 0; i < args.length; i++) {
-    if (args[i].startsWith('-')) {
-      nodeFlags.push(args[i]);
-    } else {
-      scriptIdx = i;
-      break;
-    }
-  }
-
-  if (scriptIdx === -1) {
-    ui.error('No script path found. Provide a .js/.mjs/.ts file to run.');
-    process.exit(1);
-  }
-
-  const scriptPath = args[scriptIdx];
-  const appArgs = args.slice(scriptIdx + 1);
-
-  const esm = isESM(scriptPath);
-  const registerPath = resolveSecurenowRegister();
-
-  const otelFlags = [];
-  if (esm) {
-    otelFlags.push('--import', resolveESMHook());
-  }
-  otelFlags.push('--require', registerPath);
-
-  const finalArgs = [...otelFlags, ...nodeFlags, scriptPath, ...appArgs];
-
-  const nodeExe = process.execPath;
-
-  if (process.env.SECURENOW_DEBUG) {
-    console.log(`[securenow] ${ui.c.dim('exec:')} ${nodeExe} ${finalArgs.join(' ')}`);
-  }
-
-  const child = spawn(nodeExe, finalArgs, {
-    stdio: 'inherit',
-    env: process.env,
-    cwd: process.cwd(),
-  });
-
-  child.on('close', (code) => process.exit(code ?? 1));
-  child.on('error', (err) => {
-    ui.error(`Failed to start: ${err.message}`);
-    process.exit(1);
-  });
-
-  // Forward termination signals to the child
-  for (const sig of ['SIGINT', 'SIGTERM', 'SIGHUP']) {
-    process.on(sig, () => child.kill(sig));
-  }
-}
-
-module.exports = { run };