securenow 5.17.1 → 6.0.0

package/cli/ui.js

@@ -1,386 +0,0 @@
-'use strict';
-
-const readline = require('readline');
-
-const NO_COLOR = !!process.env.NO_COLOR || !process.stdout.isTTY;
-
-const codes = {
-  reset: '\x1b[0m',
-  bold: '\x1b[1m',
-  dim: '\x1b[2m',
-  italic: '\x1b[3m',
-  underline: '\x1b[4m',
-  red: '\x1b[31m',
-  green: '\x1b[32m',
-  yellow: '\x1b[33m',
-  blue: '\x1b[34m',
-  magenta: '\x1b[35m',
-  cyan: '\x1b[36m',
-  white: '\x1b[37m',
-  gray: '\x1b[90m',
-  bgRed: '\x1b[41m',
-  bgGreen: '\x1b[42m',
-  bgYellow: '\x1b[43m',
-  bgBlue: '\x1b[44m',
-  bgCyan: '\x1b[46m',
-};
-
-function style(code, text) {
-  if (NO_COLOR) return text;
-  return `${code}${text}${codes.reset}`;
-}
-
-const c = {
-  bold: (s) => style(codes.bold, s),
-  dim: (s) => style(codes.dim, s),
-  italic: (s) => style(codes.italic, s),
-  underline: (s) => style(codes.underline, s),
-  red: (s) => style(codes.red, s),
-  green: (s) => style(codes.green, s),
-  yellow: (s) => style(codes.yellow, s),
-  blue: (s) => style(codes.blue, s),
-  magenta: (s) => style(codes.magenta, s),
-  cyan: (s) => style(codes.cyan, s),
-  white: (s) => style(codes.white, s),
-  gray: (s) => style(codes.gray, s),
-  success: (s) => style(codes.green, s),
-  error: (s) => style(codes.red, s),
-  warn: (s) => style(codes.yellow, s),
-  info: (s) => style(codes.cyan, s),
-};
-
-function stripAnsi(str) {
-  return str.replace(/\x1b\[[0-9;]*m/g, '');
-}
-
-function visibleLength(str) {
-  return stripAnsi(str).length;
-}
-
-function padEnd(str, len) {
-  const visible = visibleLength(str);
-  if (visible >= len) return str;
-  return str + ' '.repeat(len - visible);
-}
-
-function table(headers, rows, opts = {}) {
-  if (!rows.length) {
-    console.log(c.dim('  No results found.'));
-    return;
-  }
-
-  const maxWidth = process.stdout.columns || 120;
-  const colWidths = headers.map((h, i) => {
-    const headerLen = visibleLength(String(h));
-    const maxCell = rows.reduce((max, row) => {
-      const cell = String(row[i] ?? '');
-      return Math.max(max, visibleLength(cell));
-    }, 0);
-    return Math.min(Math.max(headerLen, maxCell), opts.maxColWidth || 60);
-  });
-
-  const totalWidth = colWidths.reduce((a, b) => a + b, 0) + (colWidths.length - 1) * 3;
-  if (totalWidth > maxWidth && colWidths.length > 1) {
-    const lastIdx = colWidths.length - 1;
-    const excess = totalWidth - maxWidth;
-    colWidths[lastIdx] = Math.max(10, colWidths[lastIdx] - excess);
-  }
-
-  const headerLine = headers.map((h, i) => padEnd(c.bold(String(h)), colWidths[i])).join('   ');
-  const separator = colWidths.map(w => c.dim('─'.repeat(w))).join('───');
-
-  console.log(`  ${headerLine}`);
-  console.log(`  ${separator}`);
-
-  for (const row of rows) {
-    const line = row.map((cell, i) => {
-      let s = String(cell ?? '');
-      if (visibleLength(s) > colWidths[i]) {
-        s = stripAnsi(s).slice(0, colWidths[i] - 1) + '…';
-      }
-      return padEnd(s, colWidths[i]);
-    }).join('   ');
-    console.log(`  ${line}`);
-  }
-}
-
-function keyValue(pairs) {
-  const maxKey = pairs.reduce((max, [k]) => Math.max(max, k.length), 0);
-  for (const [key, value] of pairs) {
-    console.log(`  ${c.bold(key.padEnd(maxKey))}  ${value ?? c.dim('—')}`);
-  }
-}
-
-function heading(text) {
-  console.log(`\n${c.bold(c.cyan(text))}`);
-}
-
-function subheading(text) {
-  console.log(`\n  ${c.bold(text)}`);
-}
-
-function success(msg) {
-  console.log(`${c.green('✓')} ${msg}`);
-}
-
-function error(msg) {
-  console.error(`${c.red('✗')} ${msg}`);
-}
-
-function warn(msg) {
-  console.log(`${c.yellow('!')} ${msg}`);
-}
-
-function info(msg) {
-  console.log(`${c.cyan('ℹ')} ${msg}`);
-}
-
-function spinner(message) {
-  if (!process.stderr.isTTY) {
-    process.stderr.write(`  ${message}...\n`);
-    return {
-      update() {},
-      stop(msg) { if (msg) process.stderr.write(`  ${msg}\n`); },
-      fail(msg) { if (msg) process.stderr.write(`  ${msg}\n`); },
-    };
-  }
-
-  const frames = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
-  let i = 0;
-  let currentMsg = message;
-  const interval = setInterval(() => {
-    const frame = c.cyan(frames[i++ % frames.length]);
-    process.stderr.write(`\r  ${frame} ${currentMsg}`);
-  }, 80);
-
-  return {
-    update(msg) { currentMsg = msg; },
-    stop(finalMsg) {
-      clearInterval(interval);
-      process.stderr.write(`\r  ${c.green('✓')} ${finalMsg || currentMsg}\n`);
-    },
-    fail(finalMsg) {
-      clearInterval(interval);
-      process.stderr.write(`\r  ${c.red('✗')} ${finalMsg || currentMsg}\n`);
-    },
-  };
-}
-
-function prompt(question, opts = {}) {
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stderr,
-  });
-
-  return new Promise((resolve) => {
-    const q = opts.secret ? question : `  ${c.cyan('?')} ${question} `;
-    rl.question(q, (answer) => {
-      rl.close();
-      resolve(answer.trim());
-    });
-
-    if (opts.secret) {
-      const onData = (char) => {
-        const code = char.toString();
-        if (code === '\n' || code === '\r' || code === '\u0004') return;
-        process.stderr.write('*');
-      };
-      process.stdin.on('data', onData);
-      rl.once('close', () => process.stdin.removeListener('data', onData));
-    }
-  });
-}
-
-async function confirm(question, defaultYes = false) {
-  const hint = defaultYes ? 'Y/n' : 'y/N';
-  const answer = await prompt(`${question} ${c.dim(`(${hint})`)}`);
-  if (!answer) return defaultYes;
-  return answer.toLowerCase().startsWith('y');
-}
-
-async function select(question, choices) {
-  console.log(`\n  ${c.cyan('?')} ${question}\n`);
-  choices.forEach((choice, i) => {
-    console.log(`    ${c.bold(String(i + 1))} ${choice.label || choice}`);
-  });
-  console.log('');
-  const answer = await prompt('Enter number');
-  const idx = parseInt(answer, 10) - 1;
-  if (idx < 0 || idx >= choices.length) {
-    error('Invalid selection');
-    process.exit(1);
-  }
-  return choices[idx].value ?? choices[idx];
-}
-
-async function multiSelect(question, choices) {
-  console.log(`\n  ${c.cyan('?')} ${question}\n`);
-  choices.forEach((choice, i) => {
-    const label = choice.label || choice;
-    const detail = choice.detail ? c.dim(` — ${choice.detail}`) : '';
-    console.log(`    ${c.bold(String(i + 1).padStart(3))} ${label}${detail}`);
-  });
-  console.log('');
-  console.log(c.dim(`  Enter numbers separated by commas, a range (e.g. 1-5), or "all"`));
-  const answer = await prompt('Selection');
-
-  if (!answer) return [];
-
-  if (answer.toLowerCase() === 'all') {
-    return choices.map((ch) => ch.value ?? ch);
-  }
-
-  const indices = new Set();
-  for (const part of answer.split(',')) {
-    const trimmed = part.trim();
-    if (trimmed.includes('-')) {
-      const [startStr, endStr] = trimmed.split('-');
-      const start = parseInt(startStr, 10);
-      const end = parseInt(endStr, 10);
-      if (!isNaN(start) && !isNaN(end)) {
-        for (let i = Math.min(start, end); i <= Math.max(start, end); i++) {
-          indices.add(i);
-        }
-      }
-    } else {
-      const num = parseInt(trimmed, 10);
-      if (!isNaN(num)) indices.add(num);
-    }
-  }
-
-  const selected = [];
-  for (const idx of indices) {
-    if (idx >= 1 && idx <= choices.length) {
-      selected.push(choices[idx - 1].value ?? choices[idx - 1]);
-    }
-  }
-  return selected;
-}
-
-function json(data) {
-  console.log(JSON.stringify(data, null, 2));
-}
-
-function hr() {
-  const width = Math.min(process.stdout.columns || 80, 80);
-  console.log(c.dim('─'.repeat(width)));
-}
-
-// Parses timestamps the backend returns in multiple formats:
-//   - UInt64 nanoseconds as a string (signoz logs) → "1775856777891000000"
-//   - ClickHouse DateTime64 string (signoz traces)  → "2026-04-10 21:34:51.133000000" (UTC, no Z)
-//   - ISO 8601                                       → "2026-04-10T21:34:51.133Z"
-//   - number (ms) / Date                              → passthrough
-function parseTimestamp(ts) {
-  if (ts == null || ts === '') return null;
-  if (ts instanceof Date) return isNaN(ts.getTime()) ? null : ts;
-  if (typeof ts === 'number') {
-    const d = new Date(ts);
-    return isNaN(d.getTime()) ? null : d;
-  }
-  const s = String(ts).trim();
-  if (/^\d{16,}$/.test(s)) {
-    const d = new Date(Number(s) / 1e6);
-    return isNaN(d.getTime()) ? null : d;
-  }
-  if (/^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/.test(s) && !/[zZ]|[+-]\d{2}:?\d{2}$/.test(s)) {
-    const isoish = s.replace(' ', 'T').replace(/\.(\d{3})\d*$/, '.$1') + 'Z';
-    const d = new Date(isoish);
-    if (!isNaN(d.getTime())) return d;
-  }
-  const d = new Date(s);
-  return isNaN(d.getTime()) ? null : d;
-}
-
-function timeAgo(dateStr) {
-  const date = parseTimestamp(dateStr);
-  if (!date) return '—';
-  const diff = Date.now() - date.getTime();
-  const seconds = Math.floor(diff / 1000);
-  if (seconds < 60) return 'just now';
-  const minutes = Math.floor(seconds / 60);
-  if (minutes < 60) return `${minutes}m ago`;
-  const hours = Math.floor(minutes / 60);
-  if (hours < 24) return `${hours}h ago`;
-  const days = Math.floor(hours / 24);
-  if (days < 30) return `${days}d ago`;
-  return date.toLocaleDateString();
-}
-
-function truncate(str, len = 50) {
-  if (!str) return '';
-  str = String(str);
-  if (str.length <= len) return str;
-  return str.slice(0, len - 1) + '…';
-}
-
-function statusBadge(status) {
-  const map = {
-    active: c.green('● active'),
-    inactive: c.dim('○ inactive'),
-    healthy: c.green('● healthy'),
-    unhealthy: c.red('● unhealthy'),
-    warning: c.yellow('● warning'),
-    open: c.red('● open'),
-    resolved: c.green('● resolved'),
-    closed: c.dim('● closed'),
-    acknowledged: c.yellow('● ack'),
-    blocked: c.red('■ blocked'),
-    trusted: c.green('■ trusted'),
-    enabled: c.green('● enabled'),
-    disabled: c.dim('○ disabled'),
-    paused: c.yellow('◆ paused'),
-    critical: c.red('▲ critical'),
-    high: c.red('▲ high'),
-    medium: c.yellow('▲ medium'),
-    low: c.blue('▲ low'),
-    info: c.cyan('▲ info'),
-    read: c.dim('○ read'),
-    unread: c.cyan('● unread'),
-  };
-  return map[(status || '').toLowerCase()] || status;
-}
-
-function httpStatusColor(code) {
-  code = parseInt(code, 10);
-  if (code < 300) return c.green(code);
-  if (code < 400) return c.cyan(code);
-  if (code < 500) return c.yellow(code);
-  return c.red(code);
-}
-
-function durationColor(ms) {
-  ms = parseFloat(ms);
-  if (isNaN(ms)) return '—';
-  if (ms < 100) return c.green(`${ms.toFixed(0)}ms`);
-  if (ms < 500) return c.yellow(`${ms.toFixed(0)}ms`);
-  if (ms < 1000) return c.red(`${ms.toFixed(0)}ms`);
-  return c.red(`${(ms / 1000).toFixed(2)}s`);
-}
-
-module.exports = {
-  c,
-  NO_COLOR,
-  stripAnsi,
-  table,
-  keyValue,
-  heading,
-  subheading,
-  success,
-  error,
-  warn,
-  info,
-  spinner,
-  prompt,
-  confirm,
-  select,
-  multiSelect,
-  json,
-  hr,
-  timeAgo,
-  parseTimestamp,
-  truncate,
-  statusBadge,
-  httpStatusColor,
-  durationColor,
-};

package/docs/API-KEYS-GUIDE.md

@@ -1,233 +0,0 @@
-# SecureNow API Keys
-
-API keys provide programmatic access to the SecureNow platform. They support granular feature-level permissions, application scoping, IP allowlisting, and secure one-time-copy generation.
-
----
-
-## Creating an API Key
-
-### From the Dashboard
-
-1. Go to **Settings → API Keys**
-2. Click **Create API Key**
-3. Enter a name (e.g., "Production Firewall", "CI/CD Pipeline")
-4. Select the scopes (permissions) you need
-5. Optionally restrict to specific applications and IP addresses
-6. Click **Create**
-7. **Copy the key immediately** — it will only be shown once
-
-### From the CLI
-
-```bash
-npx securenow login
-npx securenow firewall status
-```
-
-The `securenow init` and `securenow login` commands can automatically provision a firewall API key for you.
-
----
-
-## Key Format
-
-All API keys use the format:
-
-```
-snk_live_<64 hex characters>
-```
-
-Example: `snk_live_a1b2c3d4e5f6...`
-
-The `snk_live_` prefix makes it easy to identify SecureNow keys in your codebase and credential scanners.
-
----
-
-## Scopes (Permissions)
-
-Each API key has a set of scopes that control what it can access. Scopes follow the `resource:action` pattern.
-
-| Scope | Description |
-|-------|-------------|
-| `firewall:read` | Read the blocklist (used by the firewall SDK) |
-| `blocklist:read` | List and check blocked IPs |
-| `blocklist:write` | Add and remove blocked IPs |
-| `applications:read` | List and view applications |
-| `applications:write` | Create and delete applications |
-| `traces:read` | Query traces |
-| `logs:read` | Query logs |
-| `issues:read` | List and view security issues |
-| `issues:write` | Resolve and manage issues |
-| `alerts:read` | View alert rules, channels, and history |
-| `alerts:write` | Create and manage alert rules |
-| `analytics:read` | View analytics data |
-| `forensics:read` | Run forensic queries |
-| `ip:read` | IP intelligence lookups |
-| `trusted:read` | List trusted IPs |
-| `trusted:write` | Manage trusted IPs |
-| `notifications:read` | List notifications |
-| `notifications:write` | Mark notifications as read |
-| `api-map:read` | View API map |
-| `instances:read` | List instances |
-| `false-positives:read` | List false positive rules |
-| `false-positives:write` | Create and manage false positive rules |
-
-### Principle of Least Privilege
-
-Only grant the scopes your use case requires:
-
-- **Firewall SDK:** `firewall:read`
-- **CI/CD monitoring:** `issues:read`, `traces:read`
-- **Automated remediation:** `blocklist:read`, `blocklist:write`
-- **Dashboard integration:** all `*:read` scopes
-
----
-
-## Application Scoping
-
-Restrict an API key to specific applications. When set, the key can only access data for those applications.
-
-Leave empty to allow access to all applications on your account.
-
-**Alert rules:** Keys that are scoped to specific applications **cannot** create or update alert rules with **`applicationsAll: true`** (“all applications”). Use explicit app keys on each rule instead. Unscoped keys may use all-apps mode.
-
----
-
-## IP Allowlisting
-
-Restrict an API key to specific client IPs or CIDR ranges. When set, requests from other IPs are rejected with 403.
-
-```
-34.56.78.90
-10.0.0.0/24
-```
-
-Leave empty to allow from any IP.
-
----
-
-## Using API Keys
-
-### In HTTP Requests
-
-Pass the API key in the `Authorization` header:
-
-```bash
-curl -s https://api.securenow.ai/api/v1/blocklist \
-  -H "Authorization: Bearer snk_live_abc123..."
-```
-
-### In the Firewall SDK
-
-Set the `SECURENOW_API_KEY` environment variable:
-
-```bash
-SECURENOW_API_KEY=snk_live_abc123...
-```
-
-The firewall SDK reads this automatically on startup.
-
-### In CI/CD
-
-```yaml
-# GitHub Actions example — SDK firewall key
-env:
-  SECURENOW_API_KEY: ${{ secrets.SECURENOW_API_KEY }}
-
-steps:
-  - run: |
-      ISSUES=$(curl -s https://api.securenow.ai/api/v1/issues \
-        -H "Authorization: Bearer $SECURENOW_API_KEY")
-      echo "$ISSUES" | jq '.issues | length'
-```
-
-### CLI Authentication in CI/CD
-
-For CLI commands in CI, use the `SECURENOW_TOKEN` env var to skip file-based login:
-
-```yaml
-# GitHub Actions example — CLI auth via env var
-env:
-  SECURENOW_TOKEN: ${{ secrets.SECURENOW_CLI_TOKEN }}
-
-steps:
-  - run: npx securenow issues --json --status open
-  - run: npx securenow forensics "critical attacks in last 24h" --json
-```
-
-The `SECURENOW_TOKEN` env var takes priority over any stored credentials.
-
----
-
-## Key Management
-
-### Viewing Keys
-
-```bash
-# From the CLI
-npx securenow api-keys list
-```
-
-Or go to **Settings → API Keys** in the dashboard. You'll see the key name, last 4 characters, status, scopes, and last used timestamp.
-
-### Revoking a Key
-
-```bash
-npx securenow api-keys revoke <key-id>
-```
-
-Or click **Revoke** in the dashboard. Revoked keys immediately stop working. This cannot be undone.
-
-### Regenerating a Key
-
-Regeneration creates a new key with the same name, scopes, and settings. The old key is automatically revoked.
-
----
-
-## Rate Limits
-
-API keys are subject to rate limiting:
-
-| Endpoint | Limit |
-|----------|-------|
-| General API (`/api/*`) | 600 requests/minute |
-| Firewall sync (`/api/firewall/*`) | 120 requests/minute |
-
-Rate limit headers are included in every response:
-
-```
-X-RateLimit-Limit: 600
-X-RateLimit-Remaining: 597
-X-RateLimit-Reset: 1712534400
-```
-
----
-
-## Security Best Practices
-
-1. **Never commit API keys to source control.** Use `.env` files or secret managers.
-2. **Use the minimum scopes required.** A firewall key only needs `firewall:read`.
-3. **Restrict by IP when possible.** Server keys should be locked to your server IPs.
-4. **Rotate keys periodically.** Use the regenerate feature to rotate without downtime.
-5. **Monitor usage.** Check the "last used" timestamp and known IPs in the dashboard.
-6. **Revoke unused keys.** Delete keys that are no longer in use.
-
----
-
-## API Versioning
-
-All API endpoints are available at both `/api/` and `/api/v1/`. We recommend using the versioned path for stability:
-
-```bash
-# Recommended
-https://api.securenow.ai/api/v1/blocklist
-
-# Also works (unversioned)
-https://api.securenow.ai/api/blocklist
-```
-
----
-
-## Related Documentation
-
-- [Firewall Guide](./FIREWALL-GUIDE.md) — Automatic IP blocking setup
-- [Environment Variables Reference](./ENVIRONMENT-VARIABLES.md) — All configuration options
-- [All Frameworks Quick Start](./ALL-FRAMEWORKS-QUICKSTART.md) — Framework setup guides