securenow 6.0.0 → 6.0.1

package/docs/CHANGELOG-NEXTJS.md

@@ -1,5 +1,39 @@
 # Changelog - Next.js Support
 
+## Version 6.0.1 (Logging hotfix)
+
+### 🐛 Bug Fixes
+
+- **Fixed: `logger.emit()` silently dropped every log record in 6.0.0.**
+  `tracing.js` constructed the `LoggerProvider` with `{ processors: [new
+  BatchLogRecordProcessor(...)] }`, but that constructor option was only added
+  in `@opentelemetry/sdk-logs` 0.52 — the pinned 0.47.x silently ignores it,
+  leaving the provider with a `NoopLogRecordProcessor`. Every `logger.emit()`
+  (and every auto-captured `console.*`) was dropped, and `forceFlush()`
+  resolved with nothing to export. No HTTP POST ever reached `/v1/logs`.
+  Traces were unaffected (separate pipeline). Fixed by calling
+  `loggerProvider.addLogRecordProcessor(...)` after construction, matching the
+  0.47.x API.
+
+### ✨ Improvements
+
+- **`registerSecureNow()` (Next.js) now wires the OTLP logs pipeline.** In
+  6.0.0, `securenow/nextjs` only set up traces — calling `registerSecureNow()`
+  with `SECURENOW_LOGGING_ENABLED=1` would log the "ENABLED" banner but emit
+  nothing. 6.0.1 creates a `LoggerProvider`, registers a
+  `BatchLogRecordProcessor(OTLPLogExporter)`, publishes it via
+  `logs.setGlobalLoggerProvider()`, and auto-patches
+  `console.log/info/warn/error/debug` to emit OTLP log records. Works on both
+  the Vercel (`@vercel/otel`) and self-hosted (`NodeSDK`) code paths. Graceful
+  flush + shutdown registered on SIGINT/SIGTERM/beforeExit.
+- **`tracing.js` now calls `logs.setGlobalLoggerProvider()`** so consumers can
+  retrieve the logger via `@opentelemetry/api-logs` without depending on the
+  module export.
+- **Docs updated** (`NPM_README.md`, `docs/LOGGING-QUICKSTART.md`) to
+  recommend `registerSecureNow` from `securenow/nextjs` for Next.js apps
+  instead of `securenow/register` + `securenow/console-instrumentation`
+  (which boots a full `NodeSDK` and conflicts with Next.js / `@vercel/otel`).
+
 ## Version 3.1.0 (Next.js Support Added)
 
 ### 🎉 New Features

package/docs/LOGGING-QUICKSTART.md

@@ -101,13 +101,21 @@ app.listen(3000);
 
 ### Next.js
 
+Next.js apps must use `securenow/nextjs` (not `securenow/register`, which
+boots a full NodeSDK and conflicts with Next.js / `@vercel/otel`). Since
+**6.0.1**, `registerSecureNow()` sets up the OTLP logs pipeline and auto-
+patches `console.*` whenever `SECURENOW_LOGGING_ENABLED=1` is set — on both
+Vercel and self-hosted (EC2, PM2, Docker) environments.
+
 ```typescript
 // instrumentation.ts (in project root)
 export async function register() {
   if (process.env.NEXT_RUNTIME === 'nodejs') {
+    // Must be set BEFORE loading securenow/nextjs
     process.env.SECURENOW_LOGGING_ENABLED = '1';
-    await import('securenow/register');
-    await import('securenow/console-instrumentation');
+
+    const { registerSecureNow } = await import('securenow/nextjs');
+    registerSecureNow({ captureBody: true });
   }
 }
 ```
@@ -119,6 +127,14 @@ SECURENOW_APPID=my-nextjs-app
 SECURENOW_INSTANCE=http://localhost:4318
 ```
 
+Enable the instrumentation hook in `next.config.js`:
+
+```javascript
+module.exports = {
+  experimental: { instrumentationHook: true },
+};
+```
+
 ### Fastify
 
 ```javascript

package/nextjs.js

@@ -261,12 +261,18 @@ function registerSecureNow(options = {}) {
     ).replace(/\/$/, '');
     
     const tracesUrl = env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
+    const logsUrl   = env('OTEL_EXPORTER_OTLP_LOGS_ENDPOINT')   || `${endpointBase}/v1/logs`;
 
     // Set environment variables for @vercel/otel to pick up
     process.env.OTEL_SERVICE_NAME = serviceName;
     process.env.OTEL_EXPORTER_OTLP_ENDPOINT = endpointBase;
     process.env.OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = tracesUrl;
 
+    // -------- Logging Configuration --------
+    // Opt-in: SECURENOW_LOGGING_ENABLED=1 (or "true").
+    const loggingEnabled = String(env('SECURENOW_LOGGING_ENABLED')) === '1' ||
+                           String(env('SECURENOW_LOGGING_ENABLED')).toLowerCase() === 'true';
+
     console.log('[securenow] 🚀 Next.js App → service.name=%s', serviceName);
 
     // -------- Body Capture Configuration --------
@@ -506,6 +512,67 @@ function registerSecureNow(options = {}) {
       console.log('[securenow] 🎯 Vanilla SDK initialized for self-hosted environment');
     }
 
+    // -------- Logging pipeline (both Vercel and self-hosted) --------
+    // Neither @vercel/otel nor NodeSDK 0.47.x wires OTLP logs for us, so we
+    // create the LoggerProvider ourselves, register a BatchLogRecordProcessor
+    // (addLogRecordProcessor — the `processors` constructor option was only
+    // added in sdk-logs 0.52 and is silently ignored in 0.47), publish it as
+    // the global logger provider, and auto-patch console.* to emit records.
+    if (loggingEnabled) {
+      const { LoggerProvider, BatchLogRecordProcessor } = require('@opentelemetry/sdk-logs');
+      const { OTLPLogExporter } = require('@opentelemetry/exporter-logs-otlp-http');
+      const { logs } = require('@opentelemetry/api-logs');
+      const { Resource } = require('@opentelemetry/resources');
+      const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
+
+      const logResource = new Resource({
+        [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
+        [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: env('NODE_ENV') || env('VERCEL_ENV') || 'production',
+        [SemanticResourceAttributes.SERVICE_VERSION]: process.env.npm_package_version || process.env.VERCEL_GIT_COMMIT_SHA || undefined,
+      });
+
+      const logExporter = new OTLPLogExporter({
+        url: logsUrl,
+        headers: parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS')),
+      });
+      const loggerProvider = new LoggerProvider({ resource: logResource });
+      loggerProvider.addLogRecordProcessor(new BatchLogRecordProcessor(logExporter));
+      logs.setGlobalLoggerProvider(loggerProvider);
+
+      const _logger = loggerProvider.getLogger('console', '1.0.0');
+      const _orig = { log: console.log, info: console.info, warn: console.warn, error: console.error, debug: console.debug };
+      const SEV = { DEBUG: 5, INFO: 9, WARN: 13, ERROR: 17 };
+      const _emit = (sn, st, args) => {
+        try {
+          _logger.emit({
+            severityNumber: sn,
+            severityText: st,
+            body: args.map(a => (typeof a === 'object' && a !== null)
+              ? (() => { try { return JSON.stringify(a); } catch { return String(a); } })()
+              : String(a)).join(' '),
+            attributes: { 'log.source': 'console', 'log.method': st.toLowerCase() },
+          });
+        } catch (_) {}
+      };
+      console.log   = function (...a) { _emit(SEV.INFO,  'INFO',  a); _orig.log.apply(console, a); };
+      console.info  = function (...a) { _emit(SEV.INFO,  'INFO',  a); _orig.info.apply(console, a); };
+      console.warn  = function (...a) { _emit(SEV.WARN,  'WARN',  a); _orig.warn.apply(console, a); };
+      console.error = function (...a) { _emit(SEV.ERROR, 'ERROR', a); _orig.error.apply(console, a); };
+      console.debug = function (...a) { _emit(SEV.DEBUG, 'DEBUG', a); _orig.debug.apply(console, a); };
+
+      const _shutdownLogs = async () => {
+        try { await Promise.resolve(loggerProvider.forceFlush?.()); } catch (_) {}
+        try { await Promise.resolve(loggerProvider.shutdown?.()); } catch (_) {}
+      };
+      process.on('SIGINT',  _shutdownLogs);
+      process.on('SIGTERM', _shutdownLogs);
+      process.on('beforeExit', _shutdownLogs);
+
+      console.log('[securenow] 📋 Logging: ENABLED → %s', logsUrl);
+    } else {
+      console.log('[securenow] 📋 Logging: DISABLED (set SECURENOW_LOGGING_ENABLED=1 to enable)');
+    }
+
     isRegistered = true;
     console.log('[securenow] ✅ OpenTelemetry started for Next.js → %s', tracesUrl);
     console.log('[securenow] 📊 Auto-capturing comprehensive request metadata:');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "description": "OpenTelemetry instrumentation for Node.js and Next.js - Send traces and logs to SigNoz or any OTLP backend",
   "type": "commonjs",
   "main": "register.js",
@@ -13,11 +13,11 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/securenow/securenow-npm.git"
+    "url": "git+https://github.com/securenow-ai/securenow-npm.git"
   },
   "homepage": "https://securenow.ai",
   "bugs": {
-    "url": "https://github.com/securenow/securenow-npm/issues",
+    "url": "https://github.com/securenow-ai/securenow-npm/issues",
     "email": "support@securenow.ai"
   },
   "author": "SecureNow <support@securenow.ai> (https://securenow.ai)",

package/tracing.js

@@ -23,6 +23,7 @@ const { NodeSDK } = require('@opentelemetry/sdk-node');
 const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
 const { OTLPLogExporter } = require('@opentelemetry/exporter-logs-otlp-http');
 const { LoggerProvider, BatchLogRecordProcessor } = require('@opentelemetry/sdk-logs');
+const { logs: apiLogs } = require('@opentelemetry/api-logs');
 const { Resource } = require('@opentelemetry/resources');
 const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
 const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
@@ -267,9 +268,13 @@ if (loggingEnabled) {
   
   loggerProvider = new LoggerProvider({
     resource: sharedResource,
-    processors: [new BatchLogRecordProcessor(logExporter)],
   });
-  
+  // sdk-logs 0.47.x ignores the `processors` constructor option (added in 0.52),
+  // so the provider would silently keep a NoopLogRecordProcessor and drop every
+  // emit(). Register the processor explicitly instead.
+  loggerProvider.addLogRecordProcessor(new BatchLogRecordProcessor(logExporter));
+  apiLogs.setGlobalLoggerProvider(loggerProvider);
+
   globalLogger = loggerProvider.getLogger('securenow', '1.0.0');
 }