securenow 5.18.0 → 6.0.0

package/cli/init.js

@@ -1,201 +0,0 @@
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-const ui = require('./ui');
-
-const INSTRUMENTATION_JS = `export async function register() {
-  if (process.env.NEXT_RUNTIME === 'nodejs') {
-    const { registerSecureNow } = require('securenow/nextjs');
-    registerSecureNow();
-  }
-}
-`;
-
-const INSTRUMENTATION_TS = `export async function register() {
-  if (process.env.NEXT_RUNTIME === 'nodejs') {
-    const { registerSecureNow } = require('securenow/nextjs');
-    registerSecureNow();
-  }
-}
-`;
-
-function detectProject(dir) {
-  const pkgPath = path.join(dir, 'package.json');
-  if (!fs.existsSync(pkgPath)) return { framework: 'unknown' };
-
-  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
-
-  if (allDeps.next) return { framework: 'nextjs', pkg, pkgPath, nextVersion: allDeps.next };
-  if (allDeps.nuxt) return { framework: 'nuxt', pkg, pkgPath };
-  if (allDeps.express) return { framework: 'express', pkg, pkgPath };
-  if (allDeps.fastify) return { framework: 'fastify', pkg, pkgPath };
-  if (allDeps.koa) return { framework: 'koa', pkg, pkgPath };
-  if (allDeps.hapi || allDeps['@hapi/hapi']) return { framework: 'hapi', pkg, pkgPath };
-  return { framework: 'node', pkg, pkgPath };
-}
-
-function findInstrumentationFile(dir) {
-  for (const name of ['instrumentation.ts', 'instrumentation.js', 'src/instrumentation.ts', 'src/instrumentation.js']) {
-    const p = path.join(dir, name);
-    if (fs.existsSync(p)) return p;
-  }
-  return null;
-}
-
-function findNextConfig(dir) {
-  for (const name of ['next.config.js', 'next.config.mjs', 'next.config.ts']) {
-    const p = path.join(dir, name);
-    if (fs.existsSync(p)) return p;
-  }
-  return null;
-}
-
-function hasTypeScript(dir) {
-  return fs.existsSync(path.join(dir, 'tsconfig.json'));
-}
-
-async function init(_args, flags) {
-  const dir = process.cwd();
-  const project = detectProject(dir);
-
-  ui.header('SecureNow Project Setup');
-
-  if (project.framework === 'unknown') {
-    ui.error('No package.json found. Run this command in your project root.');
-    process.exit(1);
-  }
-
-  ui.info(`Detected framework: ${ui.bold(project.framework)}`);
-
-  if (project.framework === 'nextjs') {
-    await initNextJs(dir, project, flags);
-  } else if (project.framework === 'nuxt') {
-    initNuxt(dir, project);
-  } else {
-    initNode(dir, project);
-  }
-
-  initEnv(dir, flags);
-
-  console.log('');
-  ui.success('Setup complete! Run your app to verify.');
-}
-
-async function initNextJs(dir, project, flags) {
-  const useTs = hasTypeScript(dir);
-  const ext = useTs ? 'ts' : 'js';
-
-  const existing = findInstrumentationFile(dir);
-  if (existing) {
-    ui.info(`instrumentation file already exists: ${path.relative(dir, existing)}`);
-  } else {
-    const filePath = path.join(dir, `instrumentation.${ext}`);
-    const content = useTs ? INSTRUMENTATION_TS : INSTRUMENTATION_JS;
-    fs.writeFileSync(filePath, content, 'utf8');
-    ui.success(`Created instrumentation.${ext}`);
-  }
-
-  const configPath = findNextConfig(dir);
-  if (configPath) {
-    const content = fs.readFileSync(configPath, 'utf8');
-    if (content.includes('withSecureNow')) {
-      ui.info('next.config already uses withSecureNow — skipping');
-    } else if (content.includes('serverExternalPackages') && content.includes('securenow')) {
-      ui.info('next.config already externalizes securenow — skipping');
-    } else if (content.includes('serverComponentsExternalPackages') && content.includes('securenow')) {
-      ui.info('next.config already externalizes securenow — skipping');
-    } else {
-      ui.warn(`Update your ${path.basename(configPath)} to use withSecureNow():`);
-      console.log('');
-      console.log(`  const { withSecureNow } = require('securenow/nextjs-webpack-config');`);
-      console.log(`  module.exports = withSecureNow({ /* your config */ });`);
-      console.log('');
-    }
-  } else {
-    const newConfigPath = path.join(dir, 'next.config.js');
-    fs.writeFileSync(newConfigPath, `const { withSecureNow } = require('securenow/nextjs-webpack-config');\n\nmodule.exports = withSecureNow({\n  reactStrictMode: true,\n});\n`, 'utf8');
-    ui.success('Created next.config.js with withSecureNow()');
-  }
-}
-
-function initNuxt(dir, project) {
-  const configPath = path.join(dir, 'nuxt.config.ts');
-  if (fs.existsSync(configPath)) {
-    const content = fs.readFileSync(configPath, 'utf8');
-    if (content.includes('securenow/nuxt')) {
-      ui.info('nuxt.config already references securenow/nuxt — skipping');
-    } else {
-      ui.warn('Add securenow/nuxt to your nuxt.config modules:');
-      console.log('');
-      console.log("  modules: ['securenow/nuxt'],");
-      console.log('');
-    }
-  } else {
-    ui.warn('Add securenow/nuxt to your nuxt.config modules array.');
-  }
-}
-
-function initNode(dir, project) {
-  const pkg = project.pkg;
-  const scripts = pkg.scripts || {};
-
-  const startScript = scripts.start || '';
-  if (startScript.includes('securenow/register')) {
-    ui.info('start script already uses securenow/register — skipping');
-    return;
-  }
-
-  if (startScript) {
-    ui.warn('Update your start script to include the securenow preload:');
-    console.log('');
-    if (startScript.includes('node ')) {
-      const updated = startScript.replace('node ', 'node -r securenow/register ');
-      console.log(`  "start": "${updated}"`);
-    } else {
-      console.log(`  "start": "node -r securenow/register ${startScript.replace(/^node\s+/, '')}"`);
-    }
-    console.log('');
-  } else {
-    ui.warn('Add a start script with the securenow preload:');
-    console.log('');
-    console.log('  "start": "node -r securenow/register src/index.js"');
-    console.log('');
-  }
-}
-
-function initEnv(dir, flags) {
-  const envFiles = ['.env', '.env.local'];
-  let envPath = null;
-
-  for (const f of envFiles) {
-    const p = path.join(dir, f);
-    if (fs.existsSync(p)) {
-      const content = fs.readFileSync(p, 'utf8');
-      if (content.includes('SECURENOW_API_KEY')) {
-        ui.info(`SECURENOW_API_KEY already set in ${f}`);
-        return;
-      }
-      envPath = p;
-      break;
-    }
-  }
-
-  if (!envPath) envPath = path.join(dir, '.env.local');
-
-  const apiKey = flags.key || flags['api-key'] || '';
-  if (apiKey) {
-    const existing = fs.existsSync(envPath) ? fs.readFileSync(envPath, 'utf8') : '';
-    const sep = existing && !existing.endsWith('\n') ? '\n' : '';
-    fs.appendFileSync(envPath, `${sep}SECURENOW_API_KEY=${apiKey}\n`, 'utf8');
-    ui.success(`Added SECURENOW_API_KEY to ${path.basename(envPath)}`);
-  } else {
-    ui.warn(`Add your API key to ${path.basename(envPath)}:`);
-    console.log('');
-    console.log('  SECURENOW_API_KEY=snk_live_...');
-    console.log('');
-  }
-}
-
-module.exports = { init };

package/cli/monitor.js

@@ -1,440 +0,0 @@
-'use strict';
-
-const { api, requireAuth } = require('./client');
-const config = require('./config');
-const ui = require('./ui');
-
-function resolveApp(flags) {
-  return flags.app || config.getDefaultApp();
-}
-
-// ── Traces ──
-
-async function tracesList(args, flags) {
-  requireAuth();
-  const appKey = resolveApp(flags);
-  if (!appKey) {
-    ui.error('No app specified. Use --app <key> or set a default with `securenow config set defaultApp <key>`');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching traces');
-  try {
-    const query = {
-      appKeys: appKey,
-      limit: flags.limit || 20,
-    };
-    if (flags.start) query.from = flags.start;
-    if (flags.end) query.to = flags.end;
-
-    const data = await api.get('/traces', { query });
-    const traces = data.traces || [];
-    s.stop(`Found ${traces.length} trace${traces.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(traces); return; }
-
-    console.log('');
-    const rows = traces.map(t => [
-      ui.c.dim(ui.truncate(t.traceID || t.traceId || t._id, 16)),
-      t.operationName || t.name || t.serviceName || '—',
-      ui.httpStatusColor(t.statusCode || t.httpStatusCode || t.responseStatusCode || '—'),
-      ui.durationColor(t.durationNano ? t.durationNano / 1e6 : t.duration),
-      t.httpMethod || t.method || '—',
-      ui.truncate(t.httpUrl || t.url || t.httpRoute || '', 40),
-      ui.timeAgo(t.timestamp),
-    ]);
-
-    ui.table(['Trace ID', 'Operation', 'Status', 'Duration', 'Method', 'URL', 'Time'], rows);
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch traces');
-    throw err;
-  }
-}
-
-async function tracesShow(args, flags) {
-  requireAuth();
-  const traceId = args[0];
-  if (!traceId) {
-    ui.error('Trace ID is required. Usage: securenow traces show <traceId>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching trace details');
-  try {
-    const appKey = resolveApp(flags);
-    const traceQuery = appKey ? { appKeys: appKey } : {};
-    const data = await api.get(`/traces/${traceId}`, { query: traceQuery });
-    s.stop('Trace loaded');
-
-    if (flags.json) { ui.json(data); return; }
-
-    const spans = data.spans || [];
-    console.log('');
-    ui.heading(`Trace ${data.traceId || traceId}`);
-
-    if (spans.length) {
-      ui.subheading(`Spans (${spans.length})`);
-      console.log('');
-      const rows = spans.map(span => [
-        ui.c.dim(ui.truncate(span.spanID || span.spanId, 16)),
-        span.operationName || span.name || '—',
-        ui.httpStatusColor(span.statusCode || span.responseStatusCode || '—'),
-        ui.durationColor(span.durationNano ? span.durationNano / 1e6 : span.duration),
-        span.kind || '—',
-      ]);
-      ui.table(['Span ID', 'Operation', 'Status', 'Duration', 'Kind'], rows);
-    } else {
-      console.log('');
-      ui.info('No spans found for this trace.');
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch trace');
-    throw err;
-  }
-}
-
-async function tracesAnalyze(args, flags) {
-  requireAuth();
-  const traceId = args[0];
-  if (!traceId) {
-    ui.error('Trace ID is required. Usage: securenow traces analyze <traceId>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Analyzing trace with AI');
-  try {
-    let result = await api.post('/traces/analyze', { traceId });
-
-    if (result.analysisId && result.status === 'running') {
-      const analysisId = result.analysisId;
-      for (let i = 0; i < 120; i++) {
-        await new Promise(r => setTimeout(r, 3000));
-        result = await api.get(`/traces/analyze/${analysisId}`);
-        if (result.status === 'completed' || result.status === 'failed') break;
-      }
-      if (result.status === 'failed') throw new Error(result.error || 'Analysis failed');
-      if (result.status === 'running') throw new Error('Analysis timed out');
-    }
-
-    s.stop('Analysis complete');
-
-    if (flags.json) { ui.json(result); return; }
-
-    const analysis = result.analysis;
-    console.log('');
-    ui.heading('AI Trace Analysis');
-    console.log('');
-
-    if (typeof analysis === 'object' && analysis !== null) {
-      if (analysis.summary) {
-        ui.subheading('Summary');
-        console.log(`\n  ${analysis.summary}\n`);
-      }
-      if (analysis.riskLevel) {
-        console.log(`  ${ui.c.bold('Risk Level:')} ${ui.statusBadge(analysis.riskLevel)}\n`);
-      }
-      if (analysis.securityIssues?.length) {
-        ui.subheading('Security Issues');
-        console.log('');
-        analysis.securityIssues.forEach((issue, i) => {
-          console.log(`  ${i + 1}. ${typeof issue === 'string' ? issue : issue.description || JSON.stringify(issue)}`);
-        });
-        console.log('');
-      }
-      if (analysis.recommendations?.length) {
-        ui.subheading('Recommendations');
-        console.log('');
-        analysis.recommendations.forEach((rec, i) => {
-          console.log(`  ${i + 1}. ${typeof rec === 'string' ? rec : rec.description || JSON.stringify(rec)}`);
-        });
-        console.log('');
-      }
-    } else {
-      console.log(analysis || JSON.stringify(result, null, 2));
-      console.log('');
-    }
-  } catch (err) {
-    s.fail('Analysis failed');
-    throw err;
-  }
-}
-
-// ── Logs ──
-
-// Parse a duration string like "6h", "30m", "2d", "90s" into minutes.
-// Returns null on unparseable input so the caller can error out clearly
-// instead of silently falling through to a default.
-function parseDurationToMinutes(value) {
-  if (value == null || value === '') return null;
-  const m = String(value).trim().match(/^(\d+)\s*(s|m|h|d)?$/i);
-  if (!m) return null;
-  const n = parseInt(m[1], 10);
-  const unit = (m[2] || 'm').toLowerCase();
-  if (unit === 's') return Math.max(1, Math.round(n / 60));
-  if (unit === 'm') return n;
-  if (unit === 'h') return n * 60;
-  if (unit === 'd') return n * 60 * 24;
-  return null;
-}
-
-const LOG_LEVELS = ['TRACE', 'DEBUG', 'INFO', 'WARN', 'WARNING', 'ERROR', 'FATAL'];
-
-async function logsList(args, flags) {
-  requireAuth();
-  const appKey = resolveApp(flags);
-  if (!appKey) {
-    ui.error('No app specified. Use --app <key> or set a default.');
-    process.exit(1);
-  }
-
-  let minutes = 60;
-  if (flags.since != null) {
-    const parsed = parseDurationToMinutes(flags.since);
-    if (parsed == null) {
-      ui.error(`Invalid --since value "${flags.since}". Expected e.g. 30m, 6h, 2d.`);
-      process.exit(1);
-    }
-    minutes = parsed;
-  } else if (flags.minutes != null) {
-    const n = parseInt(flags.minutes, 10);
-    if (isNaN(n) || n <= 0) {
-      ui.error(`Invalid --minutes value "${flags.minutes}".`);
-      process.exit(1);
-    }
-    minutes = n;
-  }
-
-  let severity = null;
-  if (flags.level) {
-    severity = String(flags.level).toUpperCase();
-    if (!LOG_LEVELS.includes(severity)) {
-      ui.error(`Invalid --level "${flags.level}". Expected one of: ${LOG_LEVELS.join(', ').toLowerCase()}.`);
-      process.exit(1);
-    }
-  }
-
-  const s = ui.spinner('Fetching logs');
-  try {
-    const now = Date.now();
-    const query = {
-      appKeys: appKey,
-      limit: flags.limit || 200,
-      from: flags.start || new Date(now - minutes * 60 * 1000).toISOString(),
-      to: flags.end || new Date(now).toISOString(),
-    };
-    if (severity) query.severity = severity;
-
-    const data = await api.get('/logs', { query });
-    const logs = data.logs || [];
-    s.stop(`Found ${logs.length} log${logs.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(logs); return; }
-
-    console.log('');
-    for (const log of logs) {
-      const level = (log.severityText || log.level || 'INFO').toUpperCase();
-      const levelColor = {
-        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
-        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
-      }[level] || ui.c.white;
-
-      const parsedTime = ui.parseTimestamp(log.timestamp);
-      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
-      const body = log.body || log.message || log.severityText || '';
-
-      console.log(`  ${time} ${levelColor(level.padEnd(7))} ${body}`);
-
-      if (log.traceId && flags.verbose) {
-        console.log(`  ${ui.c.dim(`  trace=${log.traceId} span=${log.spanId || ''}`)}`);
-      }
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch logs');
-    throw err;
-  }
-}
-
-async function logsTrace(args, flags) {
-  requireAuth();
-  const traceId = args[0];
-  if (!traceId) {
-    ui.error('Trace ID required. Usage: securenow logs trace <traceId>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Fetching logs for trace');
-  try {
-    const data = await api.get(`/logs/trace/${traceId}`);
-    const logs = data.logs || [];
-    s.stop(`Found ${logs.length} log${logs.length !== 1 ? 's' : ''}`);
-
-    if (flags.json) { ui.json(logs); return; }
-
-    console.log('');
-    for (const log of logs) {
-      const level = (log.severityText || log.level || 'INFO').toUpperCase();
-      const levelColor = {
-        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
-        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
-      }[level] || ui.c.white;
-
-      const parsedTime = ui.parseTimestamp(log.timestamp);
-      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
-      console.log(`  ${time} ${levelColor(level.padEnd(7))} ${log.body || log.message || ''}`);
-    }
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch logs');
-    throw err;
-  }
-}
-
-
-// ── Notifications ──
-
-async function notificationsList(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching notifications');
-  try {
-    const query = { limit: flags.limit || 20, page: flags.page || 1 };
-    const data = await api.get('/notifications', { query });
-    const notifications = data.notifications || [];
-    const pagination = data.pagination;
-    s.stop(`Found ${notifications.length} notification${notifications.length !== 1 ? 's' : ''}${pagination ? ` (page ${pagination.page}/${pagination.totalPages})` : ''}`);
-
-    if (flags.json) { ui.json(data); return; }
-
-    console.log('');
-    const rows = notifications.map(n => [
-      ui.c.dim(ui.truncate(n._id, 12)),
-      ui.statusBadge(n.read ? 'read' : 'unread'),
-      ui.truncate(n.title || n.message || n.type || '', 50),
-      n.ip || '—',
-      n.severity ? ui.statusBadge(n.severity) : '—',
-      ui.timeAgo(n.createdAt),
-    ]);
-
-    ui.table(['ID', 'Status', 'Title', 'IP', 'Severity', 'Time'], rows);
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch notifications');
-    throw err;
-  }
-}
-
-async function notificationsRead(args, flags) {
-  requireAuth();
-  const id = args[0];
-  if (!id) {
-    ui.error('Notification ID required. Usage: securenow notifications read <id>');
-    process.exit(1);
-  }
-
-  const s = ui.spinner('Marking as read');
-  try {
-    await api.put(`/notifications/${id}/read`);
-    s.stop('Notification marked as read');
-  } catch (err) {
-    s.fail('Failed to mark notification');
-    throw err;
-  }
-}
-
-async function notificationsReadAll() {
-  requireAuth();
-  const s = ui.spinner('Marking all as read');
-  try {
-    await api.put('/notifications/read-all');
-    s.stop('All notifications marked as read');
-  } catch (err) {
-    s.fail('Failed to mark notifications');
-    throw err;
-  }
-}
-
-async function notificationsUnread() {
-  requireAuth();
-  try {
-    const data = await api.get('/notifications/unread-count');
-    const count = data.count ?? 0;
-    console.log(`\n  ${ui.c.bold(String(count))} unread notification${count !== 1 ? 's' : ''}\n`);
-  } catch (err) {
-    throw err;
-  }
-}
-
-// ── Status / Dashboard Overview ──
-
-async function status(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching dashboard overview');
-  try {
-    const [appsData, unreadData] = await Promise.all([
-      api.get('/applications'),
-      api.get('/notifications/unread-count').catch(() => ({ count: 0 })),
-    ]);
-
-    const apps = appsData.applications || [];
-    s.stop('Dashboard loaded');
-
-    console.log('');
-    ui.heading('SecureNow Dashboard');
-    console.log('');
-
-    ui.keyValue([
-      ['Applications', String(apps.length)],
-      ['Unread Alerts', String(unreadData.count ?? 0)],
-    ]);
-
-    if (apps.length > 0) {
-      ui.subheading('Applications');
-      console.log('');
-      const rows = apps.map(app => [
-        app.name,
-        ui.c.dim(app.key),
-        app.hosts?.length ? app.hosts.join(', ') : ui.c.dim('—'),
-      ]);
-      ui.table(['Name', 'Key', 'Hosts'], rows);
-    }
-
-    const appKey = resolveApp(flags);
-    if (appKey) {
-      try {
-        const protectionData = await api.get('/applications/protection-status');
-        const statuses = protectionData.statuses;
-        if (statuses && Object.keys(statuses).length > 0) {
-          ui.subheading('Protection Status');
-          console.log('');
-          const rows = Object.entries(statuses).map(([id, s]) => [
-            ui.c.dim(ui.truncate(id, 12)),
-            s.protected ? ui.c.green('● protected') : ui.c.red('○ unprotected'),
-            String(s.traceCount || 0),
-            s.lastTrace ? ui.timeAgo(s.lastTrace) : ui.c.dim('—'),
-          ]);
-          ui.table(['App ID', 'Status', 'Traces (15m)', 'Last Trace'], rows);
-        }
-      } catch {}
-    }
-
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to load dashboard');
-    throw err;
-  }
-}
-
-module.exports = {
-  tracesList,
-  tracesShow,
-  tracesAnalyze,
-  logsList,
-  logsTrace,
-  notificationsList,
-  notificationsRead,
-  notificationsReadAll,
-  notificationsUnread,
-  status,
-};