securenow 5.3.4 → 5.5.0

package/cli/apps.js

@@ -5,6 +5,7 @@ const config = require('./config');
 const ui = require('./ui');
 
 const FREE_TRIAL_URL = 'https://freetrial.securenow.ai:4318';
+const DOMAIN_REGEX = /^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
 
 function instanceUrl(inst) {
   if (!inst) return FREE_TRIAL_URL;
@@ -143,6 +144,10 @@ async function create(args, flags) {
     if (flags.json) {
       ui.json({ ...app, instanceUrl: envUrl });
     }
+
+    if (app.hosts && app.hosts.length > 0) {
+      await offerSubdomainDiscovery(app.hosts, selectedInstanceId, flags);
+    }
   } catch (err) {
     s.fail('Failed to create application');
     throw err;
@@ -194,11 +199,11 @@ async function pickInstance() {
 }
 
 function openBrowser(url) {
-  const { execSync } = require('child_process');
+  const { execFileSync } = require('child_process');
   try {
-    if (process.platform === 'darwin') execSync(`open "${url}"`);
-    else if (process.platform === 'win32') execSync(`start "" "${url}"`);
-    else execSync(`xdg-open "${url}"`);
+    if (process.platform === 'darwin') execFileSync('open', [url], { stdio: 'ignore' });
+    else if (process.platform === 'win32') execFileSync('cmd', ['/c', 'start', '', url], { stdio: 'ignore' });
+    else execFileSync('xdg-open', [url], { stdio: 'ignore' });
   } catch {
     ui.warn(`Could not open browser. Visit: ${url}`);
   }
@@ -293,4 +298,288 @@ async function setDefault(args) {
   ui.success(`Default application set to ${ui.c.bold(key)}`);
 }
 
-module.exports = { list, create, info, remove, setDefault };
+function extractRootDomains(hosts) {
+  const domains = new Set();
+  for (const host of hosts || []) {
+    let cleaned = host.trim().toLowerCase();
+    try {
+      if (cleaned.startsWith('http://') || cleaned.startsWith('https://')) {
+        cleaned = new URL(cleaned).hostname;
+      }
+    } catch {}
+    if (DOMAIN_REGEX.test(cleaned)) {
+      const parts = cleaned.split('.');
+      const root = parts.length > 2 ? parts.slice(-2).join('.') : cleaned;
+      domains.add(root);
+    }
+  }
+  return [...domains];
+}
+
+async function offerSubdomainDiscovery(hosts, instanceId, flags) {
+  if (!process.stdin.isTTY) return;
+
+  const domains = extractRootDomains(hosts);
+  if (domains.length === 0) return;
+
+  const shouldDiscover = await ui.confirm(
+    `Domain${domains.length > 1 ? 's' : ''} detected (${domains.join(', ')}). Discover subdomains and add them as apps?`
+  );
+  if (!shouldDiscover) return;
+
+  await discoverAndAdd(domains, instanceId, flags);
+}
+
+async function discoverAndAdd(domains, instanceId, flags) {
+  const s = ui.spinner(`Scanning ${domains.length} domain${domains.length > 1 ? 's' : ''} for subdomains`);
+
+  let allSubdomains = [];
+  try {
+    for (const domain of domains) {
+      s.update(`Scanning ${domain}...`);
+      const result = await api.get(`/subdomains`, { query: { domain } });
+      if (result.success && result.subdomains) {
+        allSubdomains.push(...result.subdomains);
+      }
+    }
+    s.stop(`Found ${allSubdomains.length} subdomain${allSubdomains.length !== 1 ? 's' : ''}`);
+  } catch (err) {
+    s.fail('Failed to discover subdomains');
+    throw err;
+  }
+
+  if (allSubdomains.length === 0) {
+    ui.info('No subdomains found.');
+    return;
+  }
+
+  // Filter out subdomains already registered as apps
+  let existingHosts;
+  try {
+    const appData = await api.get('/applications');
+    const apps = appData.applications || [];
+    existingHosts = new Set(apps.flatMap(a => (a.hosts || []).map(h => h.toLowerCase())));
+  } catch {
+    existingHosts = new Set();
+  }
+
+  const newSubdomains = allSubdomains.filter(
+    (s) => !existingHosts.has(s.subdomain.toLowerCase())
+  );
+
+  if (newSubdomains.length === 0) {
+    ui.info('All discovered subdomains are already registered as apps.');
+    return;
+  }
+
+  console.log('');
+  ui.info(`${newSubdomains.length} new subdomain${newSubdomains.length !== 1 ? 's' : ''} found (${allSubdomains.length - newSubdomains.length} already tracked):`);
+
+  if (flags && flags.json) {
+    ui.json(newSubdomains);
+    return;
+  }
+
+  const choices = newSubdomains.map((sub) => ({
+    label: sub.subdomain,
+    detail: `IP: ${sub.ip || 'none'}${sub.cloudflare ? ' · Cloudflare' : ''}`,
+    value: sub.subdomain,
+  }));
+
+  const selected = await ui.multiSelect(
+    'Which subdomains should be added as monitored apps?',
+    choices
+  );
+
+  if (selected.length === 0) {
+    ui.info('No subdomains selected.');
+    return;
+  }
+
+  const createSpinner = ui.spinner(`Creating ${selected.length} application${selected.length !== 1 ? 's' : ''}`);
+  try {
+    const result = await api.post('/applications/bulk', {
+      subdomains: selected,
+      instanceId: instanceId || null,
+    });
+    const count = result.count || selected.length;
+    createSpinner.stop(`Created ${count} application${count !== 1 ? 's' : ''}`);
+
+    console.log('');
+    if (result.applications) {
+      const rows = result.applications.map((app) => [
+        app.name,
+        ui.c.dim(app.key),
+        app.hosts?.join(', ') || '',
+      ]);
+      ui.table(['Name', 'Key', 'Hosts'], rows);
+    }
+    console.log('');
+  } catch (err) {
+    createSpinner.fail('Failed to create applications');
+    throw err;
+  }
+}
+
+async function discover(args, flags) {
+  requireAuth();
+
+  const appId = args[0];
+  let domains = [];
+  let instanceId = null;
+
+  if (appId) {
+    const s = ui.spinner('Fetching application');
+    try {
+      const data = await api.get(`/applications/${appId}`);
+      const app = data.application || data;
+      s.stop(`Application: ${app.name}`);
+      domains = extractRootDomains(app.hosts);
+      instanceId = app.instanceId;
+    } catch (err) {
+      s.fail('Failed to fetch application');
+      throw err;
+    }
+  } else if (flags.domain) {
+    domains = flags.domain.split(',').map(d => d.trim());
+  } else {
+    const domain = await ui.prompt('Domain to scan (e.g. example.com)');
+    if (!domain) {
+      ui.error('Domain is required');
+      process.exit(1);
+    }
+    domains = domain.split(',').map(d => d.trim());
+  }
+
+  if (domains.length === 0) {
+    ui.error('No domains found in application hosts. Specify a domain with --domain');
+    process.exit(1);
+  }
+
+  if (flags.instance) {
+    instanceId = flags.instance;
+  }
+
+  await discoverAndAdd(domains, instanceId, flags);
+}
+
+async function scan(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Running subdomain discovery across all applications');
+
+  try {
+    const appData = await api.get('/applications');
+    const apps = appData.applications || [];
+
+    const allDomains = new Set();
+    let firstInstanceId = null;
+    for (const app of apps) {
+      const roots = extractRootDomains(app.hosts);
+      for (const r of roots) allDomains.add(r);
+      if (!firstInstanceId && app.instanceId) firstInstanceId = app.instanceId;
+    }
+
+    if (allDomains.size === 0) {
+      s.stop('No domains found across your applications');
+      ui.info('Add domains to your application hosts first, then run this command again.');
+      return;
+    }
+
+    s.update(`Found ${allDomains.size} unique domain${allDomains.size !== 1 ? 's' : ''}, scanning...`);
+
+    const existingHosts = new Set(
+      apps.flatMap((a) => (a.hosts || []).map((h) => h.toLowerCase()))
+    );
+
+    let totalNew = 0;
+    let totalCreated = 0;
+    const allNew = [];
+
+    for (const domain of allDomains) {
+      s.update(`Scanning ${domain}...`);
+      try {
+        const result = await api.get('/subdomains', { query: { domain } });
+        if (result.success && result.subdomains) {
+          const newSubs = result.subdomains.filter(
+            (sub) => !existingHosts.has(sub.subdomain.toLowerCase())
+          );
+          totalNew += newSubs.length;
+          allNew.push(...newSubs);
+          for (const sub of newSubs) {
+            existingHosts.add(sub.subdomain.toLowerCase());
+          }
+        }
+      } catch {
+        ui.warn(`Failed to scan ${domain}`);
+      }
+    }
+
+    s.stop(`Scanned ${allDomains.size} domain${allDomains.size !== 1 ? 's' : ''}, found ${totalNew} new subdomain${totalNew !== 1 ? 's' : ''}`);
+
+    if (totalNew === 0) {
+      ui.success('All subdomains are already tracked. Nothing to add.');
+      return;
+    }
+
+    if (flags.yes || flags.force) {
+      const createSpinner = ui.spinner(`Creating ${totalNew} application${totalNew !== 1 ? 's' : ''}`);
+      try {
+        const subdomainNames = allNew.map((s) => s.subdomain);
+        const result = await api.post('/applications/bulk', {
+          subdomains: subdomainNames,
+          instanceId: firstInstanceId || null,
+        });
+        totalCreated = result.count || subdomainNames.length;
+        createSpinner.stop(`Created ${totalCreated} application${totalCreated !== 1 ? 's' : ''}`);
+      } catch (err) {
+        createSpinner.fail('Failed to create applications');
+        throw err;
+      }
+    } else if (process.stdin.isTTY) {
+      const choices = allNew.map((sub) => ({
+        label: sub.subdomain,
+        detail: `IP: ${sub.ip || 'none'}${sub.cloudflare ? ' · Cloudflare' : ''}`,
+        value: sub.subdomain,
+      }));
+
+      const selected = await ui.multiSelect(
+        'Which subdomains should be added as monitored apps?',
+        choices
+      );
+
+      if (selected.length === 0) {
+        ui.info('No subdomains selected.');
+        return;
+      }
+
+      const createSpinner = ui.spinner(`Creating ${selected.length} application${selected.length !== 1 ? 's' : ''}`);
+      try {
+        const result = await api.post('/applications/bulk', {
+          subdomains: selected,
+          instanceId: firstInstanceId || null,
+        });
+        totalCreated = result.count || selected.length;
+        createSpinner.stop(`Created ${totalCreated} application${totalCreated !== 1 ? 's' : ''}`);
+      } catch (err) {
+        createSpinner.fail('Failed to create applications');
+        throw err;
+      }
+    } else {
+      console.log('');
+      for (const sub of allNew) {
+        console.log(`  ${sub.subdomain} ${ui.c.dim(`(IP: ${sub.ip || 'none'})`)}`);
+      }
+      console.log('');
+      ui.info(`Run with --yes to auto-create all ${totalNew} apps.`);
+    }
+
+    if (flags.json) {
+      ui.json({ domainsScanned: allDomains.size, newSubdomains: totalNew, appsCreated: totalCreated });
+    }
+  } catch (err) {
+    s.fail('Subdomain scan failed');
+    throw err;
+  }
+}
+
+module.exports = { list, create, info, remove, setDefault, discover, scan };

package/cli/auth.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const http = require('http');
-const { execSync } = require('child_process');
+const { execFileSync } = require('child_process');
 const config = require('./config');
 const { api, CLIError } = require('./client');
 const ui = require('./ui');
@@ -9,9 +9,9 @@ const ui = require('./ui');
 function openBrowser(url) {
   try {
     const platform = process.platform;
-    if (platform === 'darwin') execSync(`open "${url}"`);
-    else if (platform === 'win32') execSync(`start "" "${url}"`);
-    else execSync(`xdg-open "${url}"`);
+    if (platform === 'darwin') execFileSync('open', [url], { stdio: 'ignore' });
+    else if (platform === 'win32') execFileSync('cmd', ['/c', 'start', '', url], { stdio: 'ignore' });
+    else execFileSync('xdg-open', [url], { stdio: 'ignore' });
     return true;
   } catch {
     return false;

package/cli/ui.js

@@ -213,6 +213,50 @@ async function select(question, choices) {
   return choices[idx].value ?? choices[idx];
 }
 
+async function multiSelect(question, choices) {
+  console.log(`\n  ${c.cyan('?')} ${question}\n`);
+  choices.forEach((choice, i) => {
+    const label = choice.label || choice;
+    const detail = choice.detail ? c.dim(` — ${choice.detail}`) : '';
+    console.log(`    ${c.bold(String(i + 1).padStart(3))} ${label}${detail}`);
+  });
+  console.log('');
+  console.log(c.dim(`  Enter numbers separated by commas, a range (e.g. 1-5), or "all"`));
+  const answer = await prompt('Selection');
+
+  if (!answer) return [];
+
+  if (answer.toLowerCase() === 'all') {
+    return choices.map((ch) => ch.value ?? ch);
+  }
+
+  const indices = new Set();
+  for (const part of answer.split(',')) {
+    const trimmed = part.trim();
+    if (trimmed.includes('-')) {
+      const [startStr, endStr] = trimmed.split('-');
+      const start = parseInt(startStr, 10);
+      const end = parseInt(endStr, 10);
+      if (!isNaN(start) && !isNaN(end)) {
+        for (let i = Math.min(start, end); i <= Math.max(start, end); i++) {
+          indices.add(i);
+        }
+      }
+    } else {
+      const num = parseInt(trimmed, 10);
+      if (!isNaN(num)) indices.add(num);
+    }
+  }
+
+  const selected = [];
+  for (const idx of indices) {
+    if (idx >= 1 && idx <= choices.length) {
+      selected.push(choices[idx - 1].value ?? choices[idx - 1]);
+    }
+  }
+  return selected;
+}
+
 function json(data) {
   console.log(JSON.stringify(data, null, 2));
 }
@@ -302,6 +346,7 @@ module.exports = {
   prompt,
   confirm,
   select,
+  multiSelect,
   json,
   hr,
   timeAgo,

package/cli.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 'use strict';
 
 const ui = require('./cli/ui');
@@ -64,6 +64,8 @@ const COMMANDS = {
       info: { desc: 'Show application details', usage: 'securenow apps info <id>', run: (a, f) => require('./cli/apps').info(a, f) },
       delete: { desc: 'Delete an application', usage: 'securenow apps delete <id> [--force]', run: (a, f) => require('./cli/apps').remove(a, f) },
       default: { desc: 'Set default application', usage: 'securenow apps default <key>', run: (a, f) => require('./cli/apps').setDefault(a, f) },
+      discover: { desc: 'Discover subdomains and add as apps', usage: 'securenow apps discover [appId] [--domain example.com]', run: (a, f) => require('./cli/apps').discover(a, f) },
+      scan: { desc: 'Scan all app domains for new subdomains', usage: 'securenow apps scan [--yes]', run: (a, f) => require('./cli/apps').scan(a, f) },
     },
     defaultSub: 'list',
   },

package/nextjs.js

@@ -5,18 +5,36 @@
  * 
  * Usage in Next.js app:
  * 
- * 1. Create instrumentation.ts (or .js) in your project root:
+ * 1. Add serverExternalPackages to next.config.js (REQUIRED to avoid webpack bundling issues):
+ * 
+ *    const nextConfig = {
+ *      serverExternalPackages: [
+ *        "securenow",
+ *        "@opentelemetry/sdk-node",
+ *        "@opentelemetry/auto-instrumentations-node",
+ *        "@opentelemetry/instrumentation-http",
+ *        "@opentelemetry/exporter-trace-otlp-http",
+ *        "@opentelemetry/exporter-logs-otlp-http",
+ *        "@opentelemetry/sdk-logs",
+ *        "@opentelemetry/instrumentation",
+ *        "@opentelemetry/resources",
+ *        "@opentelemetry/semantic-conventions",
+ *        "@opentelemetry/api",
+ *        "@opentelemetry/api-logs",
+ *        "@vercel/otel",
+ *      ],
+ *    };
+ * 
+ * 2. Create instrumentation.ts (or .js) in your project root:
  * 
  *    import { registerSecureNow } from 'securenow/nextjs';
  *    export function register() {
  *      registerSecureNow();
  *    }
  * 
- * 2. Set environment variables:
+ * 3. Set environment variables:
  *    SECURENOW_APPID=my-nextjs-app
  *    SECURENOW_INSTANCE=http://your-otlp-backend:4318
- * 
- * That's it! 🎉 No webpack warnings!
  */
 
 const { v4: uuidv4 } = require('uuid');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "5.3.4",
+  "version": "5.5.0",
   "description": "OpenTelemetry instrumentation for Node.js and Next.js - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",
@@ -64,6 +64,7 @@
       "default": "./nextjs-wrapper.js"
     },
     "./nextjs-webpack-config": "./nextjs-webpack-config.js",
+    "./package.json": "./package.json",
     "./register-vite": "./register-vite.js",
     "./web-vite": {
       "import": "./web-vite.mjs",
@@ -105,7 +106,7 @@
     "@opentelemetry/instrumentation": "0.47.0",
     "@opentelemetry/instrumentation-document-load": "0.47.0",
     "@opentelemetry/instrumentation-fetch": "0.47.0",
-    "@opentelemetry/instrumentation-http": "^0.208.0",
+    "@opentelemetry/instrumentation-http": "0.47.0",
     "@opentelemetry/instrumentation-user-interaction": "0.47.0",
     "@opentelemetry/instrumentation-xml-http-request": "0.47.0",
     "@opentelemetry/resources": "1.20.0",

package/tracing.js

@@ -1,7 +1,10 @@
 'use strict';
 
 /**
- * Preload with: NODE_OPTIONS="-r securenow/register"
+ * Preload with: node --require securenow/register app.js
+ *
+ * For ESM apps ("type": "module" in package.json), you MUST also add the ESM loader hook:
+ *   node --import @opentelemetry/instrumentation/hook.mjs --require securenow/register app.js
  *
  * Env:
  *   SECURENOW_APPID=logical-name              # or OTEL_SERVICE_NAME=logical-name
@@ -97,6 +100,27 @@ function redactGraphQLQuery(query, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
   return redacted;
 }
 
+// -------- ESM detection --------
+(() => {
+  try {
+    const fs = require('fs');
+    const path = require('path');
+    const pkgPath = path.resolve(process.cwd(), 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+      if (pkg.type === 'module') {
+        const execArgv = process.execArgv.join(' ');
+        const hasEsmHook = execArgv.includes('hook.mjs') || execArgv.includes('import-in-the-middle');
+        if (!hasEsmHook) {
+          console.warn('[securenow] ⚠️  ESM app detected ("type": "module") but no ESM loader hook found.');
+          console.warn('[securenow]    Instrumentations will NOT work without the ESM hook.');
+          console.warn('[securenow]    Fix: node --import @opentelemetry/instrumentation/hook.mjs --require securenow/register app.js');
+        }
+      }
+    }
+  } catch (_) {}
+})();
+
 // -------- diagnostics --------
 (() => {
   const L = (env('OTEL_LOG_LEVEL') || '').toLowerCase();