securenow 5.18.0 → 6.0.1

package/docs/REQUEST-BODY-CAPTURE.md

@@ -55,24 +55,16 @@ SECURENOW_SENSITIVE_FIELDS=credit_card,email,phone
    ```
    Parsed into object and sensitive fields redacted.
 
-4. **Multipart** (`multipart/form-data`) - ✅ Streaming Metadata Capture (v5.8.0+)
-
-   Requires `SECURENOW_CAPTURE_MULTIPART=1`. Uses a streaming parser — file binary content is never buffered.
-
-   ```json
-   {
-     "fields": { "description": "Profile update", "token": "[REDACTED]" },
-     "files": [
-       { "field": "avatar", "filename": "photo.jpg", "contentType": "image/jpeg", "size": 524288 }
-     ]
-   }
+4. **Multipart** (`multipart/form-data`) - ❌ NOT Captured
+   ```
+   [MULTIPART - NOT CAPTURED]
    ```
-   Text field values are captured with sensitive-field redaction. File parts record metadata only (field, filename, content-type, size). Memory stays at ~few KB regardless of upload size.
+   *File uploads are not captured at all (by design) - too large and unnecessary*
 
 ### ❌ What's NOT Captured
 
 - GET requests (no body)
-- File binary content (only metadata when multipart capture is enabled)
+- File uploads (too large)
 - Bodies larger than max size
 - Binary data
 - Non-POST/PUT/PATCH requests
@@ -226,7 +218,6 @@ mutation Login {
 | `SECURENOW_CAPTURE_BODY` | `0` (disabled) | Enable body capture |
 | `SECURENOW_MAX_BODY_SIZE` | `10240` (10KB) | Maximum body size to capture |
 | `SECURENOW_SENSITIVE_FIELDS` | `` | Comma-separated custom sensitive fields |
-| `SECURENOW_CAPTURE_MULTIPART` | `0` (disabled) | Enable multipart/form-data streaming capture (v5.8.0+) |
 
 ### Programmatic (Next.js)
 
@@ -244,7 +235,7 @@ export function register() {
 
 ---
 
-## 🔍 Viewing in SecureNow
+## 🔍 Viewing in SigNoz
 
 ### Query Examples
 
@@ -286,7 +277,7 @@ Request bodies may contain personal data. Consider:
 
 1. **Legal Basis** - Ensure you have legitimate interest or consent
 2. **Data Minimization** - Only capture what you need
-3. **Retention** - Configure SecureNow retention policies
+3. **Retention** - Configure SigNoz retention policies
 4. **Anonymization** - Add more fields to redact list
 
 ### PCI-DSS Compliance
@@ -406,7 +397,7 @@ Field matching is case-insensitive and uses `includes()`:
    }
    ```
 
-3. **Filter in SecureNow**
+3. **Filter in SigNoz**
    - Use sampling to reduce volume
    - Set up trace tail sampling
 
@@ -538,7 +529,7 @@ SECURENOW_SENSITIVE_FIELDS=""  # Don't do this!
 
 ### Q: Does this work with file uploads?
 
-**A:** Yes! Since v5.8.0, set `SECURENOW_CAPTURE_MULTIPART=1` to capture multipart/form-data requests. The streaming parser extracts text field values and file metadata (name, filename, content-type, size) without ever buffering file binary content. Memory stays bounded at ~few KB regardless of upload size.
+**A:** No, multipart/form-data is not captured (by design). Only metadata is logged.
 
 ### Q: What's the performance impact?
 
@@ -573,7 +564,7 @@ SECURENOW_SENSITIVE_FIELDS=""  # Don't do this!
 
 3. **Deploy!** Bodies are captured with sensitive data automatically redacted.
 
-**View in SecureNow:**
+**View in SigNoz:**
 - `http.request.body` - The captured body (redacted)
 - `http.request.body.size` - Body size in bytes
 - `http.request.body.type` - Content type (json, graphql, form)

package/docs/VERCEL-OTEL-MIGRATION.md

@@ -62,7 +62,7 @@ export function register() {
 ```bash
 # .env.local
 SECURENOW_APPID=my-nextjs-app
-SECURENOW_INSTANCE=http://your-otlp-backend:4318
+SECURENOW_INSTANCE=http://your-signoz:4318
 ```
 
 ### What They Get
@@ -89,7 +89,7 @@ SECURENOW_INSTANCE=http://your-otlp-backend:4318
    - `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT`
 3. SecureNow calls `@vercel/otel`'s `registerOTel()`
 4. @vercel/otel handles all the OpenTelemetry setup
-5. Traces flow to SecureNow
+5. Traces flow to SigNoz
 
 ### What @vercel/otel Does
 
@@ -185,7 +185,7 @@ All options still work:
 ```typescript
 registerSecureNow({
   serviceName: 'my-app',
-  endpoint: 'http://otel-collector:4318',
+  endpoint: 'http://signoz:4318',
   noUuid: false,
 });
 ```

package/examples/README.md

@@ -160,7 +160,7 @@ OTEL_LOG_LEVEL=info
 ```bash
 # Set in Vercel dashboard:
 SECURENOW_APPID=my-app
-SECURENOW_INSTANCE=http://your-collector-host:4318
+SECURENOW_INSTANCE=http://your-signoz:4318
 OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
 ```
 
@@ -180,7 +180,7 @@ npm install securenow@latest
 1. Check console for `[securenow] ✅ OpenTelemetry started`
 2. Enable debug mode: `OTEL_LOG_LEVEL=debug`
 3. Run test script: `node examples/test-nextjs-setup.js`
-4. Verify OTLP collector accessibility: `curl http://your-collector-host:4318/v1/traces`
+4. Verify SigNoz accessibility: `curl http://your-signoz:4318/v1/traces`
 
 ### Too many spans
 
@@ -206,7 +206,7 @@ registerSecureNow({
 ```typescript
 registerSecureNow({
   headers: {
-    'x-api-key': process.env.SECURENOW_API_KEY,
+    'x-api-key': process.env.SIGNOZ_API_KEY,
     'x-environment': process.env.NODE_ENV,
   },
 });
@@ -229,7 +229,7 @@ After setting up:
 
 1. **Run your app** and verify traces appear
 2. **Test key user flows** to see end-to-end tracing
-3. **Check SecureNow dashboard** for service map and traces
+3. **Check SigNoz dashboard** for service map and traces
 4. **Adjust configuration** based on your needs
 5. **Deploy to production** with proper environment variables
 
@@ -242,12 +242,12 @@ $ npm run dev
 
 [securenow] Next.js integration loading (pid=12345)
 [securenow] 🚀 Next.js App → service.name=my-app-abc123
-[securenow] ✅ OpenTelemetry started for Next.js → http://your-collector-host:4318/v1/traces
+[securenow] ✅ OpenTelemetry started for Next.js → http://signoz:4318/v1/traces
 
 ✓ Ready in 1.2s
 ```
 
-Then in SecureNow:
+Then in SigNoz:
 - ✅ See your service in service map
 - ✅ View traces for requests
 - ✅ Analyze performance metrics

package/examples/instrumentation-with-auto-capture.ts

@@ -30,7 +30,7 @@ export function register() {
  * 
  * Configuration in .env.local:
  *   SECURENOW_APPID=my-app
- *   SECURENOW_INSTANCE=http://localhost:4318
+ *   SECURENOW_INSTANCE=http://signoz:4318
  *   SECURENOW_CAPTURE_BODY=1
  *   SECURENOW_MAX_BODY_SIZE=10240
  *   SECURENOW_SENSITIVE_FIELDS=custom_field

package/examples/nextjs-env-example.txt

@@ -4,9 +4,9 @@
 # Required: Your application identifier
 SECURENOW_APPID=my-nextjs-app
 
-# Optional: Your OTLP collector endpoint (SecureNow or any OTLP-compatible backend)
+# Optional: Your SigNoz/OpenTelemetry collector endpoint
 # Default: https://freetrial.securenow.ai:4318
-SECURENOW_INSTANCE=http://your-otlp-collector:4318
+SECURENOW_INSTANCE=http://your-signoz-server:4318
 
 # Optional: API Key or authentication headers
 OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"

package/examples/nextjs-instrumentation.js

@@ -21,7 +21,7 @@ export function register() {
  *   SECURENOW_APPID=my-nextjs-app
  * 
  * Optional:
- *   SECURENOW_INSTANCE=http://your-otlp-collector:4318
+ *   SECURENOW_INSTANCE=http://your-signoz-server:4318
  *   SECURENOW_NO_UUID=1                    # Don't append UUID to service name
  *   OTEL_LOG_LEVEL=info                    # debug|info|warn|error
  *   SECURENOW_DISABLE_INSTRUMENTATIONS=fs  # Comma-separated list

package/examples/nextjs-instrumentation.ts

@@ -21,7 +21,7 @@ export function register() {
  *   SECURENOW_APPID=my-nextjs-app
  * 
  * Optional:
- *   SECURENOW_INSTANCE=http://your-otlp-collector:4318
+ *   SECURENOW_INSTANCE=http://your-signoz-server:4318
  *   SECURENOW_NO_UUID=1                    # Don't append UUID to service name
  *   OTEL_LOG_LEVEL=info                    # debug|info|warn|error
  *   SECURENOW_DISABLE_INSTRUMENTATIONS=fs  # Comma-separated list

package/examples/nextjs-with-logging-example.md

@@ -39,9 +39,9 @@ SECURENOW_LOGGING_ENABLED=1
 SECURENOW_APPID=my-nextjs-app
 SECURENOW_INSTANCE=http://localhost:4318
 
-# For SecureNow or managed OTLP (example):
-# SECURENOW_INSTANCE=https://ingest.<region>.securenow.ai:443
-# OTEL_EXPORTER_OTLP_HEADERS="x-api-key=<your-key>"
+# For SigNoz Cloud:
+# SECURENOW_INSTANCE=https://ingest.<region>.signoz.cloud:443
+# OTEL_EXPORTER_OTLP_HEADERS="signoz-ingestion-key=<your-key>"
 ```
 
 ### 4. Enable Instrumentation in `next.config.js`
@@ -239,9 +239,9 @@ You should see in the console:
 SecureNow initialized with logging enabled
 ```
 
-## View Logs in SecureNow
+## View Logs in SigNoz
 
-1. Open your SecureNow dashboard
+1. Open your SigNoz dashboard
 2. Navigate to **Logs** section
 3. Filter by `service.name = my-nextjs-app`
 4. See all your application logs with:
@@ -298,4 +298,4 @@ await import('securenow/console-instrumentation');  // Second
 
 - [Complete Logging Guide](../docs/LOGGING-GUIDE.md)
 - [Next.js Complete Guide](../docs/NEXTJS-GUIDE.md)
-- [SecureNow](https://securenow.ai/)
+- [View Logs in SigNoz](https://signoz.io/docs/logs-management/overview/)

package/examples/nextjs-with-options.ts

@@ -10,7 +10,7 @@ import { registerSecureNow } from 'securenow/nextjs';
 export function register() {
   registerSecureNow({
     serviceName: 'my-nextjs-app',
-    endpoint: 'http://your-otlp-collector:4318',
+    endpoint: 'http://your-signoz-server:4318',
     noUuid: false,
     disableInstrumentations: ['fs', 'dns'],
     headers: {

package/examples/test-nextjs-setup.js

@@ -58,7 +58,7 @@ setTimeout(() => {
   console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
   console.log('✅ All tests passed!');
   console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
-  console.log('\nCheck your SecureNow dashboard for traces from "test-nextjs-app"\n');
+  console.log('\nCheck your SigNoz dashboard for traces from "test-nextjs-app"\n');
   process.exit(0);
 }, 2000);
 

package/nextjs-auto-capture.js

@@ -1,199 +1,207 @@
-/**
- * SecureNow Next.js Automatic Body Capture
- * 
- * This module automatically patches Next.js request handling to capture bodies
- * WITHOUT requiring customers to wrap their handlers or change their code.
- * 
- * Usage in instrumentation.ts:
- * 
- * import { registerSecureNow } from 'securenow/nextjs';
- * import 'securenow/nextjs-auto-capture'; // Just import this line!
- * 
- * export function register() {
- *   registerSecureNow();
- * }
- * 
- * That's it! Bodies are now captured automatically.
- */
-
-const { trace } = require('@opentelemetry/api');
-
-// Default sensitive fields to redact
-const DEFAULT_SENSITIVE_FIELDS = [
-  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
-  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
-  'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin',
-];
-
-/**
- * Redact sensitive fields from an object
- */
-function redactSensitiveData(obj, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
-  if (!obj || typeof obj !== 'object') return obj;
-  
-  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
-  
-  for (const key of Object.keys(redacted)) {
-    const lowerKey = key.toLowerCase();
-    
-    if (sensitiveFields.some(field => lowerKey.includes(field.toLowerCase()))) {
-      redacted[key] = '[REDACTED]';
-    } else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
-      redacted[key] = redactSensitiveData(redacted[key], sensitiveFields);
-    }
-  }
-  
-  return redacted;
-}
-
-/**
- * Safe body capture that doesn't interfere with Next.js
- */
-async function safeBodyCapture(request, span) {
-  if (!span) return;
-  
-  try {
-    const contentType = request.headers.get('content-type') || '';
-    const maxBodySize = Math.max(1024, parseInt(process.env.SECURENOW_MAX_BODY_SIZE, 10) || 10240);
-    const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
-    const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
-    
-    // Only for supported types
-    if (!contentType.includes('application/json') && 
-        !contentType.includes('application/graphql') &&
-        !contentType.includes('application/x-www-form-urlencoded')) {
-      return;
-    }
-    
-    // Try to read from cache if available (Next.js may have already read it)
-    let bodyText;
-    
-    // Attempt 1: Check if body was already cached by Next.js
-    if (request._bodyText) {
-      bodyText = request._bodyText;
-    } else {
-      // Attempt 2: Try to clone and read
-      try {
-        const cloned = request.clone();
-        bodyText = await cloned.text();
-        // Cache it for Next.js
-        request._bodyText = bodyText;
-      } catch (e) {
-        // If clone fails, body was already consumed - skip silently
-        return;
-      }
-    }
-    
-    if (bodyText.length > maxBodySize) {
-      span.setAttribute('http.request.body', `[TOO LARGE: ${bodyText.length} bytes]`);
-      return;
-    }
-    
-    // Parse and redact
-    if (contentType.includes('application/json') || contentType.includes('application/graphql')) {
-      try {
-        const parsed = JSON.parse(bodyText);
-        const redacted = redactSensitiveData(parsed, allSensitiveFields);
-        span.setAttributes({
-          'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
-          'http.request.body.type': contentType.includes('graphql') ? 'graphql' : 'json',
-          'http.request.body.size': bodyText.length,
-        });
-      } catch (e) {
-        // Parse error - skip
-      }
-    } else if (contentType.includes('application/x-www-form-urlencoded')) {
-      try {
-        const params = new URLSearchParams(bodyText);
-        const parsed = Object.fromEntries(params);
-        const redacted = redactSensitiveData(parsed, allSensitiveFields);
-        span.setAttributes({
-          'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
-          'http.request.body.type': 'form',
-          'http.request.body.size': bodyText.length,
-        });
-      } catch (e) {
-        // Parse error - skip
-      }
-    }
-  } catch (error) {
-    // Silently fail - never break the request
-  }
-}
-
-/**
- * Check if body capture is enabled
- */
-function isBodyCaptureEnabled() {
-  const enabled = String(process.env.SECURENOW_CAPTURE_BODY) === '1' || 
-                  String(process.env.SECURENOW_CAPTURE_BODY).toLowerCase() === 'true';
-  return enabled;
-}
-
-/**
- * Patch Next.js Request to cache body text
- * This allows us to read the body without consuming it
- */
-function patchNextRequest() {
-  if (typeof Request === 'undefined') return;
-  
-  const originalText = Request.prototype.text;
-  const originalJson = Request.prototype.json;
-  
-  // Patch text() to cache result
-  Request.prototype.text = async function() {
-    if (this._bodyText !== undefined) {
-      return this._bodyText;
-    }
-    const text = await originalText.call(this);
-    this._bodyText = text;
-    
-    // Capture for tracing if enabled
-    if (isBodyCaptureEnabled() && ['POST', 'PUT', 'PATCH'].includes(this.method)) {
-      const span = trace.getActiveSpan();
-      if (span) {
-        // Schedule capture after this call (non-blocking)
-        setImmediate(() => {
-          safeBodyCapture(this, span).catch(() => {});
-        });
-      }
-    }
-    
-    return text;
-  };
-  
-  // Patch json() to cache and capture
-  Request.prototype.json = async function() {
-    // First get text
-    const text = await this.text();
-    // Then parse
-    return JSON.parse(text);
-  };
-  
-  console.log('[securenow] ✅ Auto-capture: Patched Next.js Request for automatic body capture');
-}
-
-// Auto-patch when module is imported
-if (isBodyCaptureEnabled()) {
-  try {
-    patchNextRequest();
-    console.log('[securenow] 📝 Automatic body capture: ENABLED');
-    console.log('[securenow] 💡 No code changes needed - bodies captured automatically!');
-  } catch (error) {
-    console.warn('[securenow] ⚠️  Auto-capture patch failed:', error.message);
-    console.warn('[securenow] 💡 Body capture disabled. Use manual approach if needed.');
-  }
-} else {
-  console.log('[securenow] 📝 Automatic body capture: DISABLED (set SECURENOW_CAPTURE_BODY=1 to enable)');
-}
-
-module.exports = {
-  patchNextRequest,
-  safeBodyCapture,
-  redactSensitiveData,
-  isBodyCaptureEnabled,
-};
-
-
-
-
+/**
+ * SecureNow Next.js Automatic Body Capture
+ * 
+ * This module automatically patches Next.js request handling to capture bodies
+ * WITHOUT requiring customers to wrap their handlers or change their code.
+ * 
+ * Usage in instrumentation.ts:
+ * 
+ * import { registerSecureNow } from 'securenow/nextjs';
+ * import 'securenow/nextjs-auto-capture'; // Just import this line!
+ * 
+ * export function register() {
+ *   registerSecureNow();
+ * }
+ * 
+ * That's it! Bodies are now captured automatically.
+ */
+
+const { trace } = require('@opentelemetry/api');
+
+// Default sensitive fields to redact
+const DEFAULT_SENSITIVE_FIELDS = [
+  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
+  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
+  'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin',
+];
+
+/**
+ * Redact sensitive fields from an object
+ */
+function redactSensitiveData(obj, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
+  if (!obj || typeof obj !== 'object') return obj;
+  
+  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
+  
+  for (const key in redacted) {
+    const lowerKey = key.toLowerCase();
+    
+    if (sensitiveFields.some(field => lowerKey.includes(field.toLowerCase()))) {
+      redacted[key] = '[REDACTED]';
+    } else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
+      redacted[key] = redactSensitiveData(redacted[key], sensitiveFields);
+    }
+  }
+  
+  return redacted;
+}
+
+/**
+ * Safe body capture that doesn't interfere with Next.js
+ */
+async function safeBodyCapture(request, span) {
+  if (!span) return;
+  
+  try {
+    const contentType = request.headers.get('content-type') || '';
+    const maxBodySize = parseInt(process.env.SECURENOW_MAX_BODY_SIZE || '10240');
+    const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
+    const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
+    
+    // Only for supported types
+    if (!contentType.includes('application/json') && 
+        !contentType.includes('application/graphql') &&
+        !contentType.includes('application/x-www-form-urlencoded')) {
+      return;
+    }
+    
+    // Try to read from cache if available (Next.js may have already read it)
+    let bodyText;
+    
+    // Attempt 1: Check if body was already cached by Next.js
+    if (request._bodyText) {
+      bodyText = request._bodyText;
+    } else {
+      // Attempt 2: Try to clone and read
+      try {
+        const cloned = request.clone();
+        bodyText = await cloned.text();
+        // Cache it for Next.js
+        request._bodyText = bodyText;
+      } catch (e) {
+        // If clone fails, body was already consumed - skip silently
+        return;
+      }
+    }
+    
+    if (bodyText.length > maxBodySize) {
+      span.setAttribute('http.request.body', `[TOO LARGE: ${bodyText.length} bytes]`);
+      return;
+    }
+    
+    // Parse and redact
+    if (contentType.includes('application/json') || contentType.includes('application/graphql')) {
+      try {
+        const parsed = JSON.parse(bodyText);
+        const redacted = redactSensitiveData(parsed, allSensitiveFields);
+        span.setAttributes({
+          'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
+          'http.request.body.type': contentType.includes('graphql') ? 'graphql' : 'json',
+          'http.request.body.size': bodyText.length,
+        });
+      } catch (e) {
+        // Parse error - skip
+      }
+    } else if (contentType.includes('application/x-www-form-urlencoded')) {
+      try {
+        const params = new URLSearchParams(bodyText);
+        const parsed = Object.fromEntries(params);
+        const redacted = redactSensitiveData(parsed, allSensitiveFields);
+        span.setAttributes({
+          'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
+          'http.request.body.type': 'form',
+          'http.request.body.size': bodyText.length,
+        });
+      } catch (e) {
+        // Parse error - skip
+      }
+    }
+  } catch (error) {
+    // Silently fail - never break the request
+  }
+}
+
+/**
+ * Check if body capture is enabled
+ */
+function isBodyCaptureEnabled() {
+  const enabled = String(process.env.SECURENOW_CAPTURE_BODY) === '1' || 
+                  String(process.env.SECURENOW_CAPTURE_BODY).toLowerCase() === 'true';
+  return enabled;
+}
+
+/**
+ * Patch Next.js Request to cache body text
+ * This allows us to read the body without consuming it
+ */
+function patchNextRequest() {
+  if (typeof Request === 'undefined') return;
+  
+  const originalText = Request.prototype.text;
+  const originalJson = Request.prototype.json;
+  const originalFormData = Request.prototype.formData;
+  
+  // Patch text() to cache result
+  Request.prototype.text = async function() {
+    if (this._bodyText !== undefined) {
+      return this._bodyText;
+    }
+    const text = await originalText.call(this);
+    this._bodyText = text;
+    
+    // Capture for tracing if enabled
+    if (isBodyCaptureEnabled() && ['POST', 'PUT', 'PATCH'].includes(this.method)) {
+      const span = trace.getActiveSpan();
+      if (span) {
+        // Schedule capture after this call (non-blocking)
+        setImmediate(() => {
+          safeBodyCapture(this, span).catch(() => {});
+        });
+      }
+    }
+    
+    return text;
+  };
+  
+  // Patch json() to cache and capture
+  Request.prototype.json = async function() {
+    // First get text
+    const text = await this.text();
+    // Then parse
+    return JSON.parse(text);
+  };
+  
+  // Patch formData() to cache and capture  
+  Request.prototype.formData = async function() {
+    const text = await this.text();
+    const params = new URLSearchParams(text);
+    return params;
+  };
+  
+  console.log('[securenow] ✅ Auto-capture: Patched Next.js Request for automatic body capture');
+}
+
+// Auto-patch when module is imported
+if (isBodyCaptureEnabled()) {
+  try {
+    patchNextRequest();
+    console.log('[securenow] 📝 Automatic body capture: ENABLED');
+    console.log('[securenow] 💡 No code changes needed - bodies captured automatically!');
+  } catch (error) {
+    console.warn('[securenow] ⚠️  Auto-capture patch failed:', error.message);
+    console.warn('[securenow] 💡 Body capture disabled. Use manual approach if needed.');
+  }
+} else {
+  console.log('[securenow] 📝 Automatic body capture: DISABLED (set SECURENOW_CAPTURE_BODY=1 to enable)');
+}
+
+module.exports = {
+  patchNextRequest,
+  safeBodyCapture,
+  redactSensitiveData,
+  isBodyCaptureEnabled,
+};
+
+
+
+