securenow 6.0.2 → 6.1.0

package/cli/init.js

@@ -0,0 +1,201 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const ui = require('./ui');
+
+const INSTRUMENTATION_JS = `export async function register() {
+  if (process.env.NEXT_RUNTIME === 'nodejs') {
+    const { registerSecureNow } = require('securenow/nextjs');
+    registerSecureNow();
+  }
+}
+`;
+
+const INSTRUMENTATION_TS = `export async function register() {
+  if (process.env.NEXT_RUNTIME === 'nodejs') {
+    const { registerSecureNow } = require('securenow/nextjs');
+    registerSecureNow();
+  }
+}
+`;
+
+function detectProject(dir) {
+  const pkgPath = path.join(dir, 'package.json');
+  if (!fs.existsSync(pkgPath)) return { framework: 'unknown' };
+
+  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+
+  if (allDeps.next) return { framework: 'nextjs', pkg, pkgPath, nextVersion: allDeps.next };
+  if (allDeps.nuxt) return { framework: 'nuxt', pkg, pkgPath };
+  if (allDeps.express) return { framework: 'express', pkg, pkgPath };
+  if (allDeps.fastify) return { framework: 'fastify', pkg, pkgPath };
+  if (allDeps.koa) return { framework: 'koa', pkg, pkgPath };
+  if (allDeps.hapi || allDeps['@hapi/hapi']) return { framework: 'hapi', pkg, pkgPath };
+  return { framework: 'node', pkg, pkgPath };
+}
+
+function findInstrumentationFile(dir) {
+  for (const name of ['instrumentation.ts', 'instrumentation.js', 'src/instrumentation.ts', 'src/instrumentation.js']) {
+    const p = path.join(dir, name);
+    if (fs.existsSync(p)) return p;
+  }
+  return null;
+}
+
+function findNextConfig(dir) {
+  for (const name of ['next.config.js', 'next.config.mjs', 'next.config.ts']) {
+    const p = path.join(dir, name);
+    if (fs.existsSync(p)) return p;
+  }
+  return null;
+}
+
+function hasTypeScript(dir) {
+  return fs.existsSync(path.join(dir, 'tsconfig.json'));
+}
+
+async function init(_args, flags) {
+  const dir = process.cwd();
+  const project = detectProject(dir);
+
+  ui.header('SecureNow Project Setup');
+
+  if (project.framework === 'unknown') {
+    ui.error('No package.json found. Run this command in your project root.');
+    process.exit(1);
+  }
+
+  ui.info(`Detected framework: ${ui.bold(project.framework)}`);
+
+  if (project.framework === 'nextjs') {
+    await initNextJs(dir, project, flags);
+  } else if (project.framework === 'nuxt') {
+    initNuxt(dir, project);
+  } else {
+    initNode(dir, project);
+  }
+
+  initEnv(dir, flags);
+
+  console.log('');
+  ui.success('Setup complete! Run your app to verify.');
+}
+
+async function initNextJs(dir, project, flags) {
+  const useTs = hasTypeScript(dir);
+  const ext = useTs ? 'ts' : 'js';
+
+  const existing = findInstrumentationFile(dir);
+  if (existing) {
+    ui.info(`instrumentation file already exists: ${path.relative(dir, existing)}`);
+  } else {
+    const filePath = path.join(dir, `instrumentation.${ext}`);
+    const content = useTs ? INSTRUMENTATION_TS : INSTRUMENTATION_JS;
+    fs.writeFileSync(filePath, content, 'utf8');
+    ui.success(`Created instrumentation.${ext}`);
+  }
+
+  const configPath = findNextConfig(dir);
+  if (configPath) {
+    const content = fs.readFileSync(configPath, 'utf8');
+    if (content.includes('withSecureNow')) {
+      ui.info('next.config already uses withSecureNow — skipping');
+    } else if (content.includes('serverExternalPackages') && content.includes('securenow')) {
+      ui.info('next.config already externalizes securenow — skipping');
+    } else if (content.includes('serverComponentsExternalPackages') && content.includes('securenow')) {
+      ui.info('next.config already externalizes securenow — skipping');
+    } else {
+      ui.warn(`Update your ${path.basename(configPath)} to use withSecureNow():`);
+      console.log('');
+      console.log(`  const { withSecureNow } = require('securenow/nextjs-webpack-config');`);
+      console.log(`  module.exports = withSecureNow({ /* your config */ });`);
+      console.log('');
+    }
+  } else {
+    const newConfigPath = path.join(dir, 'next.config.js');
+    fs.writeFileSync(newConfigPath, `const { withSecureNow } = require('securenow/nextjs-webpack-config');\n\nmodule.exports = withSecureNow({\n  reactStrictMode: true,\n});\n`, 'utf8');
+    ui.success('Created next.config.js with withSecureNow()');
+  }
+}
+
+function initNuxt(dir, project) {
+  const configPath = path.join(dir, 'nuxt.config.ts');
+  if (fs.existsSync(configPath)) {
+    const content = fs.readFileSync(configPath, 'utf8');
+    if (content.includes('securenow/nuxt')) {
+      ui.info('nuxt.config already references securenow/nuxt — skipping');
+    } else {
+      ui.warn('Add securenow/nuxt to your nuxt.config modules:');
+      console.log('');
+      console.log("  modules: ['securenow/nuxt'],");
+      console.log('');
+    }
+  } else {
+    ui.warn('Add securenow/nuxt to your nuxt.config modules array.');
+  }
+}
+
+function initNode(dir, project) {
+  const pkg = project.pkg;
+  const scripts = pkg.scripts || {};
+
+  const startScript = scripts.start || '';
+  if (startScript.includes('securenow/register')) {
+    ui.info('start script already uses securenow/register — skipping');
+    return;
+  }
+
+  if (startScript) {
+    ui.warn('Update your start script to include the securenow preload:');
+    console.log('');
+    if (startScript.includes('node ')) {
+      const updated = startScript.replace('node ', 'node -r securenow/register ');
+      console.log(`  "start": "${updated}"`);
+    } else {
+      console.log(`  "start": "node -r securenow/register ${startScript.replace(/^node\s+/, '')}"`);
+    }
+    console.log('');
+  } else {
+    ui.warn('Add a start script with the securenow preload:');
+    console.log('');
+    console.log('  "start": "node -r securenow/register src/index.js"');
+    console.log('');
+  }
+}
+
+function initEnv(dir, flags) {
+  const envFiles = ['.env', '.env.local'];
+  let envPath = null;
+
+  for (const f of envFiles) {
+    const p = path.join(dir, f);
+    if (fs.existsSync(p)) {
+      const content = fs.readFileSync(p, 'utf8');
+      if (content.includes('SECURENOW_API_KEY')) {
+        ui.info(`SECURENOW_API_KEY already set in ${f}`);
+        return;
+      }
+      envPath = p;
+      break;
+    }
+  }
+
+  if (!envPath) envPath = path.join(dir, '.env.local');
+
+  const apiKey = flags.key || flags['api-key'] || '';
+  if (apiKey) {
+    const existing = fs.existsSync(envPath) ? fs.readFileSync(envPath, 'utf8') : '';
+    const sep = existing && !existing.endsWith('\n') ? '\n' : '';
+    fs.appendFileSync(envPath, `${sep}SECURENOW_API_KEY=${apiKey}\n`, 'utf8');
+    ui.success(`Added SECURENOW_API_KEY to ${path.basename(envPath)}`);
+  } else {
+    ui.warn(`Add your API key to ${path.basename(envPath)}:`);
+    console.log('');
+    console.log('  SECURENOW_API_KEY=snk_live_...');
+    console.log('');
+  }
+}
+
+module.exports = { init };

package/cli/monitor.js

@@ -0,0 +1,440 @@
+'use strict';
+
+const { api, requireAuth } = require('./client');
+const config = require('./config');
+const ui = require('./ui');
+
+function resolveApp(flags) {
+  return flags.app || config.getDefaultApp();
+}
+
+// ── Traces ──
+
+async function tracesList(args, flags) {
+  requireAuth();
+  const appKey = resolveApp(flags);
+  if (!appKey) {
+    ui.error('No app specified. Use --app <key> or set a default with `securenow config set defaultApp <key>`');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Fetching traces');
+  try {
+    const query = {
+      appKeys: appKey,
+      limit: flags.limit || 20,
+    };
+    if (flags.start) query.from = flags.start;
+    if (flags.end) query.to = flags.end;
+
+    const data = await api.get('/traces', { query });
+    const traces = data.traces || [];
+    s.stop(`Found ${traces.length} trace${traces.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(traces); return; }
+
+    console.log('');
+    const rows = traces.map(t => [
+      ui.c.dim(ui.truncate(t.traceID || t.traceId || t._id, 16)),
+      t.operationName || t.name || t.serviceName || '—',
+      ui.httpStatusColor(t.statusCode || t.httpStatusCode || t.responseStatusCode || '—'),
+      ui.durationColor(t.durationNano ? t.durationNano / 1e6 : t.duration),
+      t.httpMethod || t.method || '—',
+      ui.truncate(t.httpUrl || t.url || t.httpRoute || '', 40),
+      ui.timeAgo(t.timestamp),
+    ]);
+
+    ui.table(['Trace ID', 'Operation', 'Status', 'Duration', 'Method', 'URL', 'Time'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch traces');
+    throw err;
+  }
+}
+
+async function tracesShow(args, flags) {
+  requireAuth();
+  const traceId = args[0];
+  if (!traceId) {
+    ui.error('Trace ID is required. Usage: securenow traces show <traceId>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Fetching trace details');
+  try {
+    const appKey = resolveApp(flags);
+    const traceQuery = appKey ? { appKeys: appKey } : {};
+    const data = await api.get(`/traces/${traceId}`, { query: traceQuery });
+    s.stop('Trace loaded');
+
+    if (flags.json) { ui.json(data); return; }
+
+    const spans = data.spans || [];
+    console.log('');
+    ui.heading(`Trace ${data.traceId || traceId}`);
+
+    if (spans.length) {
+      ui.subheading(`Spans (${spans.length})`);
+      console.log('');
+      const rows = spans.map(span => [
+        ui.c.dim(ui.truncate(span.spanID || span.spanId, 16)),
+        span.operationName || span.name || '—',
+        ui.httpStatusColor(span.statusCode || span.responseStatusCode || '—'),
+        ui.durationColor(span.durationNano ? span.durationNano / 1e6 : span.duration),
+        span.kind || '—',
+      ]);
+      ui.table(['Span ID', 'Operation', 'Status', 'Duration', 'Kind'], rows);
+    } else {
+      console.log('');
+      ui.info('No spans found for this trace.');
+    }
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch trace');
+    throw err;
+  }
+}
+
+async function tracesAnalyze(args, flags) {
+  requireAuth();
+  const traceId = args[0];
+  if (!traceId) {
+    ui.error('Trace ID is required. Usage: securenow traces analyze <traceId>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Analyzing trace with AI');
+  try {
+    let result = await api.post('/traces/analyze', { traceId });
+
+    if (result.analysisId && result.status === 'running') {
+      const analysisId = result.analysisId;
+      for (let i = 0; i < 120; i++) {
+        await new Promise(r => setTimeout(r, 3000));
+        result = await api.get(`/traces/analyze/${analysisId}`);
+        if (result.status === 'completed' || result.status === 'failed') break;
+      }
+      if (result.status === 'failed') throw new Error(result.error || 'Analysis failed');
+      if (result.status === 'running') throw new Error('Analysis timed out');
+    }
+
+    s.stop('Analysis complete');
+
+    if (flags.json) { ui.json(result); return; }
+
+    const analysis = result.analysis;
+    console.log('');
+    ui.heading('AI Trace Analysis');
+    console.log('');
+
+    if (typeof analysis === 'object' && analysis !== null) {
+      if (analysis.summary) {
+        ui.subheading('Summary');
+        console.log(`\n  ${analysis.summary}\n`);
+      }
+      if (analysis.riskLevel) {
+        console.log(`  ${ui.c.bold('Risk Level:')} ${ui.statusBadge(analysis.riskLevel)}\n`);
+      }
+      if (analysis.securityIssues?.length) {
+        ui.subheading('Security Issues');
+        console.log('');
+        analysis.securityIssues.forEach((issue, i) => {
+          console.log(`  ${i + 1}. ${typeof issue === 'string' ? issue : issue.description || JSON.stringify(issue)}`);
+        });
+        console.log('');
+      }
+      if (analysis.recommendations?.length) {
+        ui.subheading('Recommendations');
+        console.log('');
+        analysis.recommendations.forEach((rec, i) => {
+          console.log(`  ${i + 1}. ${typeof rec === 'string' ? rec : rec.description || JSON.stringify(rec)}`);
+        });
+        console.log('');
+      }
+    } else {
+      console.log(analysis || JSON.stringify(result, null, 2));
+      console.log('');
+    }
+  } catch (err) {
+    s.fail('Analysis failed');
+    throw err;
+  }
+}
+
+// ── Logs ──
+
+// Parse a duration string like "6h", "30m", "2d", "90s" into minutes.
+// Returns null on unparseable input so the caller can error out clearly
+// instead of silently falling through to a default.
+function parseDurationToMinutes(value) {
+  if (value == null || value === '') return null;
+  const m = String(value).trim().match(/^(\d+)\s*(s|m|h|d)?$/i);
+  if (!m) return null;
+  const n = parseInt(m[1], 10);
+  const unit = (m[2] || 'm').toLowerCase();
+  if (unit === 's') return Math.max(1, Math.round(n / 60));
+  if (unit === 'm') return n;
+  if (unit === 'h') return n * 60;
+  if (unit === 'd') return n * 60 * 24;
+  return null;
+}
+
+const LOG_LEVELS = ['TRACE', 'DEBUG', 'INFO', 'WARN', 'WARNING', 'ERROR', 'FATAL'];
+
+async function logsList(args, flags) {
+  requireAuth();
+  const appKey = resolveApp(flags);
+  if (!appKey) {
+    ui.error('No app specified. Use --app <key> or set a default.');
+    process.exit(1);
+  }
+
+  let minutes = 60;
+  if (flags.since != null) {
+    const parsed = parseDurationToMinutes(flags.since);
+    if (parsed == null) {
+      ui.error(`Invalid --since value "${flags.since}". Expected e.g. 30m, 6h, 2d.`);
+      process.exit(1);
+    }
+    minutes = parsed;
+  } else if (flags.minutes != null) {
+    const n = parseInt(flags.minutes, 10);
+    if (isNaN(n) || n <= 0) {
+      ui.error(`Invalid --minutes value "${flags.minutes}".`);
+      process.exit(1);
+    }
+    minutes = n;
+  }
+
+  let severity = null;
+  if (flags.level) {
+    severity = String(flags.level).toUpperCase();
+    if (!LOG_LEVELS.includes(severity)) {
+      ui.error(`Invalid --level "${flags.level}". Expected one of: ${LOG_LEVELS.join(', ').toLowerCase()}.`);
+      process.exit(1);
+    }
+  }
+
+  const s = ui.spinner('Fetching logs');
+  try {
+    const now = Date.now();
+    const query = {
+      appKeys: appKey,
+      limit: flags.limit || 200,
+      from: flags.start || new Date(now - minutes * 60 * 1000).toISOString(),
+      to: flags.end || new Date(now).toISOString(),
+    };
+    if (severity) query.severity = severity;
+
+    const data = await api.get('/logs', { query });
+    const logs = data.logs || [];
+    s.stop(`Found ${logs.length} log${logs.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(logs); return; }
+
+    console.log('');
+    for (const log of logs) {
+      const level = (log.severityText || log.level || 'INFO').toUpperCase();
+      const levelColor = {
+        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
+        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
+      }[level] || ui.c.white;
+
+      const parsedTime = ui.parseTimestamp(log.timestamp);
+      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
+      const body = log.body || log.message || log.severityText || '';
+
+      console.log(`  ${time} ${levelColor(level.padEnd(7))} ${body}`);
+
+      if (log.traceId && flags.verbose) {
+        console.log(`  ${ui.c.dim(`  trace=${log.traceId} span=${log.spanId || ''}`)}`);
+      }
+    }
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch logs');
+    throw err;
+  }
+}
+
+async function logsTrace(args, flags) {
+  requireAuth();
+  const traceId = args[0];
+  if (!traceId) {
+    ui.error('Trace ID required. Usage: securenow logs trace <traceId>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Fetching logs for trace');
+  try {
+    const data = await api.get(`/logs/trace/${traceId}`);
+    const logs = data.logs || [];
+    s.stop(`Found ${logs.length} log${logs.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(logs); return; }
+
+    console.log('');
+    for (const log of logs) {
+      const level = (log.severityText || log.level || 'INFO').toUpperCase();
+      const levelColor = {
+        ERROR: ui.c.red, FATAL: ui.c.red, WARN: ui.c.yellow, WARNING: ui.c.yellow,
+        INFO: ui.c.cyan, DEBUG: ui.c.dim, TRACE: ui.c.dim,
+      }[level] || ui.c.white;
+
+      const parsedTime = ui.parseTimestamp(log.timestamp);
+      const time = ui.c.dim(parsedTime ? parsedTime.toLocaleTimeString() : '');
+      console.log(`  ${time} ${levelColor(level.padEnd(7))} ${log.body || log.message || ''}`);
+    }
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch logs');
+    throw err;
+  }
+}
+
+
+// ── Notifications ──
+
+async function notificationsList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching notifications');
+  try {
+    const query = { limit: flags.limit || 20, page: flags.page || 1 };
+    const data = await api.get('/notifications', { query });
+    const notifications = data.notifications || [];
+    const pagination = data.pagination;
+    s.stop(`Found ${notifications.length} notification${notifications.length !== 1 ? 's' : ''}${pagination ? ` (page ${pagination.page}/${pagination.totalPages})` : ''}`);
+
+    if (flags.json) { ui.json(data); return; }
+
+    console.log('');
+    const rows = notifications.map(n => [
+      ui.c.dim(ui.truncate(n._id, 12)),
+      ui.statusBadge(n.read ? 'read' : 'unread'),
+      ui.truncate(n.title || n.message || n.type || '', 50),
+      n.ip || '—',
+      n.severity ? ui.statusBadge(n.severity) : '—',
+      ui.timeAgo(n.createdAt),
+    ]);
+
+    ui.table(['ID', 'Status', 'Title', 'IP', 'Severity', 'Time'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch notifications');
+    throw err;
+  }
+}
+
+async function notificationsRead(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Notification ID required. Usage: securenow notifications read <id>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Marking as read');
+  try {
+    await api.put(`/notifications/${id}/read`);
+    s.stop('Notification marked as read');
+  } catch (err) {
+    s.fail('Failed to mark notification');
+    throw err;
+  }
+}
+
+async function notificationsReadAll() {
+  requireAuth();
+  const s = ui.spinner('Marking all as read');
+  try {
+    await api.put('/notifications/read-all');
+    s.stop('All notifications marked as read');
+  } catch (err) {
+    s.fail('Failed to mark notifications');
+    throw err;
+  }
+}
+
+async function notificationsUnread() {
+  requireAuth();
+  try {
+    const data = await api.get('/notifications/unread-count');
+    const count = data.count ?? 0;
+    console.log(`\n  ${ui.c.bold(String(count))} unread notification${count !== 1 ? 's' : ''}\n`);
+  } catch (err) {
+    throw err;
+  }
+}
+
+// ── Status / Dashboard Overview ──
+
+async function status(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching dashboard overview');
+  try {
+    const [appsData, unreadData] = await Promise.all([
+      api.get('/applications'),
+      api.get('/notifications/unread-count').catch(() => ({ count: 0 })),
+    ]);
+
+    const apps = appsData.applications || [];
+    s.stop('Dashboard loaded');
+
+    console.log('');
+    ui.heading('SecureNow Dashboard');
+    console.log('');
+
+    ui.keyValue([
+      ['Applications', String(apps.length)],
+      ['Unread Alerts', String(unreadData.count ?? 0)],
+    ]);
+
+    if (apps.length > 0) {
+      ui.subheading('Applications');
+      console.log('');
+      const rows = apps.map(app => [
+        app.name,
+        ui.c.dim(app.key),
+        app.hosts?.length ? app.hosts.join(', ') : ui.c.dim('—'),
+      ]);
+      ui.table(['Name', 'Key', 'Hosts'], rows);
+    }
+
+    const appKey = resolveApp(flags);
+    if (appKey) {
+      try {
+        const protectionData = await api.get('/applications/protection-status');
+        const statuses = protectionData.statuses;
+        if (statuses && Object.keys(statuses).length > 0) {
+          ui.subheading('Protection Status');
+          console.log('');
+          const rows = Object.entries(statuses).map(([id, s]) => [
+            ui.c.dim(ui.truncate(id, 12)),
+            s.protected ? ui.c.green('● protected') : ui.c.red('○ unprotected'),
+            String(s.traceCount || 0),
+            s.lastTrace ? ui.timeAgo(s.lastTrace) : ui.c.dim('—'),
+          ]);
+          ui.table(['App ID', 'Status', 'Traces (15m)', 'Last Trace'], rows);
+        }
+      } catch {}
+    }
+
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to load dashboard');
+    throw err;
+  }
+}
+
+module.exports = {
+  tracesList,
+  tracesShow,
+  tracesAnalyze,
+  logsList,
+  logsTrace,
+  notificationsList,
+  notificationsRead,
+  notificationsReadAll,
+  notificationsUnread,
+  status,
+};