securenow 5.2.2 → 5.3.0

package/cli/apps.js

@@ -0,0 +1,167 @@
+'use strict';
+
+const { api, requireAuth } = require('./client');
+const config = require('./config');
+const ui = require('./ui');
+
+async function list(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching applications');
+
+  try {
+    const apps = await api.get('/applications');
+    s.stop(`Found ${apps.length} application${apps.length !== 1 ? 's' : ''}`);
+    console.log('');
+
+    if (flags.json) {
+      ui.json(apps);
+      return;
+    }
+
+    const defaultApp = config.getDefaultApp();
+    const rows = apps.map(app => [
+      app.name + (app.key === defaultApp ? ui.c.cyan(' (default)') : ''),
+      ui.c.dim(app.key),
+      app.hosts?.length ? app.hosts.join(', ') : ui.c.dim('—'),
+      ui.timeAgo(app.createdAt),
+    ]);
+
+    ui.table(['Name', 'Key', 'Hosts', 'Created'], rows);
+    console.log('');
+
+    if (!defaultApp && apps.length > 0) {
+      ui.info(`Tip: Set a default app with ${ui.c.bold('securenow config set defaultApp <key>')}`);
+      console.log('');
+    }
+  } catch (err) {
+    s.fail('Failed to fetch applications');
+    throw err;
+  }
+}
+
+async function create(args, flags) {
+  requireAuth();
+
+  let name = args[0];
+  if (!name) {
+    name = await ui.prompt('Application name');
+    if (!name) {
+      ui.error('Application name is required');
+      process.exit(1);
+    }
+  }
+
+  const body = { name };
+  if (flags.hosts) {
+    body.hosts = flags.hosts.split(',').map(h => h.trim());
+  }
+  if (flags.instance) {
+    body.instanceId = flags.instance;
+  }
+
+  const s = ui.spinner(`Creating application "${name}"`);
+  try {
+    const result = await api.post('/applications', body);
+    const app = result.application || result;
+    s.stop(`Application created`);
+
+    console.log('');
+    ui.keyValue([
+      ['Name', app.name],
+      ['Key', ui.c.green(ui.c.bold(app.key))],
+      ['ID', ui.c.dim(app._id)],
+      ['Hosts', app.hosts?.length ? app.hosts.join(', ') : ui.c.dim('none')],
+    ]);
+
+    console.log('');
+    console.log(`  ${ui.c.bold('Add to your .env.local:')}`);
+    console.log('');
+    console.log(`    SECURENOW_APPID=${app.key}`);
+    console.log('');
+    ui.info(`Set as default: ${ui.c.bold(`securenow config set defaultApp ${app.key}`)}`);
+    console.log('');
+
+    if (flags.json) {
+      ui.json(app);
+    }
+  } catch (err) {
+    s.fail('Failed to create application');
+    throw err;
+  }
+}
+
+async function info(args, flags) {
+  requireAuth();
+
+  const id = args[0];
+  if (!id) {
+    ui.error('Application ID is required. Usage: securenow apps info <id>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Fetching application details');
+  try {
+    const app = await api.get(`/applications/${id}`);
+    s.stop('Application details loaded');
+
+    if (flags.json) {
+      ui.json(app);
+      return;
+    }
+
+    console.log('');
+    ui.heading(app.name);
+    console.log('');
+    ui.keyValue([
+      ['Key', ui.c.bold(app.key)],
+      ['ID', ui.c.dim(app._id)],
+      ['Hosts', app.hosts?.length ? app.hosts.join(', ') : ui.c.dim('none')],
+      ['Instance', app.instanceId || ui.c.dim('default')],
+      ['Created', app.createdAt ? new Date(app.createdAt).toLocaleString() : '—'],
+      ['Updated', app.updatedAt ? new Date(app.updatedAt).toLocaleString() : '—'],
+    ]);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch application');
+    throw err;
+  }
+}
+
+async function remove(args, flags) {
+  requireAuth();
+
+  const id = args[0];
+  if (!id) {
+    ui.error('Application ID is required. Usage: securenow apps delete <id>');
+    process.exit(1);
+  }
+
+  if (!flags.force && !flags.yes) {
+    const ok = await ui.confirm('Are you sure you want to delete this application?');
+    if (!ok) {
+      ui.info('Cancelled');
+      return;
+    }
+  }
+
+  const s = ui.spinner('Deleting application');
+  try {
+    await api.delete(`/applications/${id}`);
+    s.stop('Application deleted');
+  } catch (err) {
+    s.fail('Failed to delete application');
+    throw err;
+  }
+}
+
+async function setDefault(args) {
+  const key = args[0];
+  if (!key) {
+    ui.error('App key is required. Usage: securenow apps default <key>');
+    process.exit(1);
+  }
+  config.setConfigValue('defaultApp', key);
+  ui.success(`Default application set to ${ui.c.bold(key)}`);
+}
+
+module.exports = { list, create, info, remove, setDefault };

package/cli/auth.js

@@ -0,0 +1,208 @@
+'use strict';
+
+const http = require('http');
+const { execSync } = require('child_process');
+const config = require('./config');
+const { api, CLIError } = require('./client');
+const ui = require('./ui');
+
+function openBrowser(url) {
+  try {
+    const platform = process.platform;
+    if (platform === 'darwin') execSync(`open "${url}"`);
+    else if (platform === 'win32') execSync(`start "" "${url}"`);
+    else execSync(`xdg-open "${url}"`);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function decodeJwtPayload(token) {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    const payload = Buffer.from(parts[1], 'base64url').toString('utf8');
+    return JSON.parse(payload);
+  } catch {
+    try {
+      const parts = token.split('.');
+      const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+      const padded = base64 + '='.repeat((4 - base64.length % 4) % 4);
+      const payload = Buffer.from(padded, 'base64').toString('utf8');
+      return JSON.parse(payload);
+    } catch {
+      return null;
+    }
+  }
+}
+
+async function loginWithBrowser() {
+  const appUrl = config.getAppUrl();
+
+  return new Promise((resolve, reject) => {
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url, `http://localhost`);
+
+      if (url.pathname === '/callback') {
+        const token = url.searchParams.get('token');
+        const error = url.searchParams.get('error');
+
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+
+        if (error) {
+          res.end('<html><body style="font-family:system-ui;text-align:center;padding:60px"><h2>Authentication Failed</h2><p>You can close this window.</p></body></html>');
+          server.close();
+          reject(new CLIError(`Authentication failed: ${error}`));
+          return;
+        }
+
+        if (token) {
+          res.end('<html><body style="font-family:system-ui;text-align:center;padding:60px"><h2 style="color:#22c55e">✓ Logged in to SecureNow</h2><p>You can close this window and return to the terminal.</p></body></html>');
+          server.close();
+          resolve(token);
+          return;
+        }
+
+        res.end('<html><body style="font-family:system-ui;text-align:center;padding:60px"><h2>Something went wrong</h2><p>No token received. Please try again.</p></body></html>');
+        server.close();
+        reject(new CLIError('No token received in callback'));
+        return;
+      }
+
+      res.writeHead(404);
+      res.end();
+    });
+
+    server.listen(0, '127.0.0.1', () => {
+      const port = server.address().port;
+      const authUrl = `${appUrl}/cli/auth?callback=http://localhost:${port}/callback`;
+
+      console.log('');
+      ui.info('Opening browser for authentication...');
+      console.log('');
+
+      const opened = openBrowser(authUrl);
+      if (!opened) {
+        console.log('  Open this URL in your browser to log in:\n');
+        console.log(`  ${ui.c.underline(ui.c.cyan(authUrl))}\n`);
+      } else {
+        console.log(`  If the browser didn't open, visit:`);
+        console.log(`  ${ui.c.underline(ui.c.cyan(authUrl))}\n`);
+      }
+
+      console.log(ui.c.dim('  Waiting for authentication...'));
+
+      const timeout = setTimeout(() => {
+        server.close();
+        reject(new CLIError('Login timed out after 5 minutes. Try `securenow login --token <TOKEN>` instead.'));
+      }, 5 * 60 * 1000);
+
+      server.on('close', () => clearTimeout(timeout));
+    });
+
+    server.on('error', (err) => {
+      reject(new CLIError(`Failed to start local server: ${err.message}`));
+    });
+  });
+}
+
+async function loginWithToken(token) {
+  const s = ui.spinner('Validating token');
+  try {
+    await api.get('/applications', { token });
+    s.stop('Token is valid');
+    return token;
+  } catch (err) {
+    s.fail('Token validation failed');
+    throw new CLIError(`Invalid token: ${err.message}`);
+  }
+}
+
+async function login(args, flags) {
+  if (flags.token) {
+    const token = flags.token;
+    await loginWithToken(token);
+    const payload = decodeJwtPayload(token);
+    const email = payload?.email || 'unknown';
+    const exp = payload?.exp ? payload.exp * 1000 : null;
+
+    config.setAuth(token, email, exp);
+    console.log('');
+    ui.success(`Logged in as ${ui.c.bold(email)}`);
+    if (exp) {
+      const days = Math.ceil((exp - Date.now()) / (1000 * 60 * 60 * 24));
+      ui.info(`Session expires in ${days} days`);
+    }
+    return;
+  }
+
+  try {
+    const token = await loginWithBrowser();
+    const payload = decodeJwtPayload(token);
+    const email = payload?.email || 'unknown';
+    const exp = payload?.exp ? payload.exp * 1000 : null;
+
+    config.setAuth(token, email, exp);
+    console.log('');
+    ui.success(`Logged in as ${ui.c.bold(email)}`);
+    if (exp) {
+      const days = Math.ceil((exp - Date.now()) / (1000 * 60 * 60 * 24));
+      ui.info(`Session expires in ${days} days`);
+    }
+  } catch (err) {
+    if (err.message.includes('timed out')) {
+      console.log('');
+      ui.warn('Browser login timed out. You can also login with a token:');
+      console.log('');
+      console.log(`  1. Go to ${ui.c.cyan(config.getAppUrl() + '/dashboard/settings')}`);
+      console.log(`  2. Copy your CLI token`);
+      console.log(`  3. Run: ${ui.c.bold('securenow login --token <YOUR_TOKEN>')}`);
+      console.log('');
+    } else {
+      throw err;
+    }
+  }
+}
+
+async function logout() {
+  const creds = config.loadCredentials();
+  config.clearCredentials();
+  if (creds.email) {
+    ui.success(`Logged out from ${ui.c.bold(creds.email)}`);
+  } else {
+    ui.success('Logged out');
+  }
+}
+
+async function whoami() {
+  const creds = config.loadCredentials();
+  const token = config.getToken();
+
+  if (!token) {
+    ui.error('Not logged in. Run `securenow login` to authenticate.');
+    process.exit(1);
+  }
+
+  const payload = decodeJwtPayload(token);
+
+  ui.heading('Current Session');
+  console.log('');
+  const pairs = [
+    ['Email', creds.email || payload?.email || 'unknown'],
+    ['User ID', payload?.sub || 'unknown'],
+    ['API', config.getApiUrl()],
+  ];
+  if (creds.expiresAt) {
+    const days = Math.ceil((creds.expiresAt - Date.now()) / (1000 * 60 * 60 * 24));
+    pairs.push(['Expires', days > 0 ? `in ${days} days` : ui.c.red('expired')]);
+  }
+  const defaultApp = config.getDefaultApp();
+  if (defaultApp) {
+    pairs.push(['Default App', defaultApp]);
+  }
+  ui.keyValue(pairs);
+  console.log('');
+}
+
+module.exports = { login, logout, whoami };

package/cli/client.js

@@ -0,0 +1,113 @@
+'use strict';
+
+const https = require('https');
+const http = require('http');
+const { URL } = require('url');
+const config = require('./config');
+const ui = require('./ui');
+
+function buildQueryString(params) {
+  if (!params) return '';
+  const entries = Object.entries(params).filter(([, v]) => v != null && v !== '');
+  if (!entries.length) return '';
+  return '?' + entries.map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`).join('&');
+}
+
+function request(method, endpoint, { body, query, token, raw } = {}) {
+  const baseUrl = config.getApiUrl();
+  const qs = buildQueryString(query);
+  const urlStr = `${baseUrl}/api${endpoint}${qs}`;
+  const url = new URL(urlStr);
+  const mod = url.protocol === 'https:' ? https : http;
+
+  const authToken = token || config.getToken();
+
+  return new Promise((resolve, reject) => {
+    const options = {
+      hostname: url.hostname,
+      port: url.port || (url.protocol === 'https:' ? 443 : 80),
+      path: url.pathname + url.search,
+      method,
+      headers: { 'Content-Type': 'application/json', 'User-Agent': 'securenow-cli' },
+    };
+
+    if (authToken) {
+      options.headers['Authorization'] = `Bearer ${authToken}`;
+    }
+
+    const req = mod.request(options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => (data += chunk));
+      res.on('end', () => {
+        if (raw) {
+          return resolve({ status: res.statusCode, headers: res.headers, body: data });
+        }
+
+        let parsed;
+        try {
+          parsed = JSON.parse(data);
+        } catch {
+          parsed = data;
+        }
+
+        if (res.statusCode === 401) {
+          reject(new CLIError('Session expired. Run `securenow login` to re-authenticate.', 401));
+          return;
+        }
+        if (res.statusCode === 403) {
+          reject(new CLIError('Access denied. You may need to upgrade your plan.', 403));
+          return;
+        }
+        if (res.statusCode >= 400) {
+          const msg = parsed?.error || parsed?.message || `Request failed (HTTP ${res.statusCode})`;
+          reject(new CLIError(msg, res.statusCode));
+          return;
+        }
+
+        resolve(parsed);
+      });
+    });
+
+    req.on('error', (err) => {
+      if (err.code === 'ECONNREFUSED') {
+        reject(new CLIError(`Cannot connect to ${baseUrl}. Is the API server running?`));
+      } else if (err.code === 'ENOTFOUND') {
+        reject(new CLIError(`Cannot resolve ${url.hostname}. Check your internet connection.`));
+      } else {
+        reject(new CLIError(`Network error: ${err.message}`));
+      }
+    });
+
+    if (body) {
+      req.write(JSON.stringify(body));
+    }
+    req.end();
+  });
+}
+
+class CLIError extends Error {
+  constructor(message, statusCode) {
+    super(message);
+    this.name = 'CLIError';
+    this.statusCode = statusCode;
+  }
+}
+
+function requireAuth() {
+  const token = config.getToken();
+  if (!token) {
+    ui.error('Not logged in. Run `securenow login` first.');
+    process.exit(1);
+  }
+  return token;
+}
+
+const api = {
+  get: (endpoint, opts) => request('GET', endpoint, opts),
+  post: (endpoint, body, opts) => request('POST', endpoint, { body, ...opts }),
+  put: (endpoint, body, opts) => request('PUT', endpoint, { body, ...opts }),
+  patch: (endpoint, body, opts) => request('PATCH', endpoint, { body, ...opts }),
+  delete: (endpoint, opts) => request('DELETE', endpoint, opts),
+};
+
+module.exports = { api, CLIError, requireAuth, buildQueryString };

package/cli/config.js

@@ -0,0 +1,111 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const CONFIG_DIR = path.join(os.homedir(), '.securenow');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const CREDENTIALS_FILE = path.join(CONFIG_DIR, 'credentials.json');
+
+const DEFAULTS = {
+  apiUrl: 'https://api.securenow.ai',
+  appUrl: 'https://app.securenow.ai',
+  defaultApp: null,
+  output: 'table',
+};
+
+function ensureDir() {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+  }
+}
+
+function loadJSON(filepath) {
+  try {
+    return JSON.parse(fs.readFileSync(filepath, 'utf8'));
+  } catch {
+    return {};
+  }
+}
+
+function saveJSON(filepath, data) {
+  ensureDir();
+  fs.writeFileSync(filepath, JSON.stringify(data, null, 2), { encoding: 'utf8', mode: 0o600 });
+}
+
+function loadConfig() {
+  return { ...DEFAULTS, ...loadJSON(CONFIG_FILE) };
+}
+
+function saveConfig(config) {
+  const existing = loadJSON(CONFIG_FILE);
+  saveJSON(CONFIG_FILE, { ...existing, ...config });
+}
+
+function getConfigValue(key) {
+  const config = loadConfig();
+  return config[key];
+}
+
+function setConfigValue(key, value) {
+  saveConfig({ [key]: value });
+}
+
+function loadCredentials() {
+  return loadJSON(CREDENTIALS_FILE);
+}
+
+function saveCredentials(creds) {
+  saveJSON(CREDENTIALS_FILE, creds);
+}
+
+function clearCredentials() {
+  try {
+    fs.unlinkSync(CREDENTIALS_FILE);
+  } catch {}
+}
+
+function getToken() {
+  const creds = loadCredentials();
+  if (!creds.token) return null;
+
+  if (creds.expiresAt && Date.now() > creds.expiresAt) {
+    return null;
+  }
+  return creds.token;
+}
+
+function setAuth(token, email, expiresAt) {
+  saveCredentials({ token, email, expiresAt });
+}
+
+function getApiUrl() {
+  return process.env.SECURENOW_API_URL || loadConfig().apiUrl;
+}
+
+function getAppUrl() {
+  return process.env.SECURENOW_APP_URL || loadConfig().appUrl;
+}
+
+function getDefaultApp() {
+  return process.env.SECURENOW_APP || loadConfig().defaultApp;
+}
+
+module.exports = {
+  CONFIG_DIR,
+  CONFIG_FILE,
+  CREDENTIALS_FILE,
+  loadConfig,
+  saveConfig,
+  getConfigValue,
+  setConfigValue,
+  loadCredentials,
+  saveCredentials,
+  clearCredentials,
+  getToken,
+  setAuth,
+  getApiUrl,
+  getAppUrl,
+  getDefaultApp,
+};

package/cli/init.js

@@ -0,0 +1,100 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const ui = require('./ui');
+
+const templates = {
+  typescript: `import { registerSecureNow } from 'securenow/nextjs';
+
+export function register() {
+  registerSecureNow();
+}
+`,
+  javascript: `const { registerSecureNow } = require('securenow/nextjs');
+
+export function register() {
+  registerSecureNow();
+}
+`,
+  env: `# SecureNow Configuration
+SECURENOW_APPID=my-nextjs-app
+SECURENOW_INSTANCE=http://your-otlp-backend:4318
+# OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"
+# OTEL_LOG_LEVEL=info
+`,
+};
+
+function isNextJsProject(dir) {
+  try {
+    const pkgPath = path.join(dir, 'package.json');
+    if (!fs.existsSync(pkgPath)) return false;
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return !!deps.next;
+  } catch {
+    return false;
+  }
+}
+
+async function init(args, flags) {
+  const cwd = process.cwd();
+
+  console.log('');
+  ui.heading('SecureNow Setup');
+  console.log('');
+
+  const isNext = isNextJsProject(cwd);
+  if (!isNext && !flags.force) {
+    ui.warn("This doesn't appear to be a Next.js project.");
+    ui.info('Use --force to proceed anyway.');
+    process.exit(1);
+  }
+
+  const useTS = flags.typescript || flags.ts ||
+    (!flags.javascript && !flags.js && fs.existsSync(path.join(cwd, 'tsconfig.json')));
+  const useSrc = flags.src ||
+    (!flags.root && fs.existsSync(path.join(cwd, 'src')));
+
+  const fileName = useTS ? 'instrumentation.ts' : 'instrumentation.js';
+  const filePath = useSrc ? path.join(cwd, 'src', fileName) : path.join(cwd, fileName);
+
+  if (fs.existsSync(filePath) && !flags.force) {
+    ui.error(`${useSrc ? 'src/' : ''}${fileName} already exists. Use --force to overwrite.`);
+    process.exit(1);
+  }
+
+  try {
+    const template = useTS ? templates.typescript : templates.javascript;
+    if (useSrc) fs.mkdirSync(path.join(cwd, 'src'), { recursive: true });
+    fs.writeFileSync(filePath, template, 'utf8');
+    ui.success(`Created ${useSrc ? 'src/' : ''}${fileName}`);
+  } catch (err) {
+    ui.error(`Failed to create instrumentation file: ${err.message}`);
+    process.exit(1);
+  }
+
+  const envPath = path.join(cwd, '.env.local');
+  if (!fs.existsSync(envPath) || flags.force) {
+    try {
+      fs.writeFileSync(envPath, templates.env, 'utf8');
+      ui.success('Created .env.local template');
+    } catch (err) {
+      ui.warn(`Could not create .env.local: ${err.message}`);
+    }
+  } else {
+    ui.info('.env.local already exists (skipped)');
+  }
+
+  console.log('');
+  console.log(`  ${ui.c.bold('Next steps:')}`);
+  console.log('');
+  console.log(`  1. Edit ${ui.c.cyan('.env.local')} and set your SECURENOW_APPID`);
+  console.log(`  2. Run ${ui.c.cyan('npm run dev')} to start your app`);
+  console.log(`  3. Check traces in the SecureNow dashboard`);
+  console.log('');
+  ui.info(`Don't have an app key yet? Run ${ui.c.bold('securenow apps create <name>')}`);
+  console.log('');
+}
+
+module.exports = { init };