securenow 6.0.2 → 6.1.0

package/web-vite.mjs

@@ -1,156 +1,239 @@
-// web-vite.ts — Browser OTel for Vite (ESM)
-// Defaults & naming rules match your Node tracing.js
-
-import { WebTracerProvider, BatchSpanProcessor } from '@opentelemetry/sdk-trace-web';
-import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
-import { Resource } from '@opentelemetry/resources';
-import { SemanticResourceAttributes as S } from '@opentelemetry/semantic-conventions';
-import { registerInstrumentations } from '@opentelemetry/instrumentation';
-import { DocumentLoadInstrumentation } from '@opentelemetry/instrumentation-document-load';
-import { UserInteractionInstrumentation } from '@opentelemetry/instrumentation-user-interaction';
-import { FetchInstrumentation } from '@opentelemetry/instrumentation-fetch';
-import { XMLHttpRequestInstrumentation } from '@opentelemetry/instrumentation-xml-http-request';
-
-// ---- helpers / env ----
-const viteEnv: any = (import.meta as any).env || {};
-
-function env(k: string): string | undefined {
-  // Accept both Vite envs (VITE_*) and raw names for window.__SECURENOW__
-  const direct =
-    viteEnv[k] ??
-    viteEnv[k.toUpperCase()] ??
-    viteEnv[k.toLowerCase()];
-  if (direct != null) return String(direct);
-
-  // Optionally support runtime overrides via window.__SECURENOW__
-  const w = (globalThis as any).window as any;
-  if (w && w.__SECURENOW__ && k in w.__SECURENOW__) return String(w.__SECURENOW__[k]);
-  return undefined;
-}
-
-function parseHeaders(str?: string) {
-  const out: Record<string, string> = {};
-  if (!str) return out;
-  String(str).split(',').forEach(raw => {
-    const s = raw.trim();
-    if (!s) return;
-    const i = s.indexOf('=');
-    if (i === -1) return;
-    out[s.slice(0, i).trim().toLowerCase()] = s.slice(i + 1).trim();
-  });
-  return out;
-}
-
-// ---- endpoints (same defaults as tracing.js) ----
-const endpointBase =
-  (env('SECURENOW_INSTANCE') || env('OTEL_EXPORTER_OTLP_ENDPOINT') || 'https://freetrial.securenow.ai:4318')
-    .replace(/\/$/, '');
-const tracesUrl =
-  env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
-const headers = parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS'));
-
-// ---- naming rules (mirrors tracing.js) ----
-const rawBase = (env('OTEL_SERVICE_NAME') || env('SECURENOW_APPID') || '').trim().replace(/^['"]|['"]$/g, '');
-const baseName = rawBase || null;
-const noUuid = String(env('SECURENOW_NO_UUID')) === '1' || String(env('SECURENOW_NO_UUID')).toLowerCase() === 'true';
-const strict = String(env('SECURENOW_STRICT')) === '1' || String(env('SECURENOW_STRICT')).toLowerCase() === 'true';
-
-// Simple UUID v4 (no crypto dependency needed)
-function uuidv4(): string {
-  const rnd = (n = 16) => Array.from({ length: n }, () => Math.floor(Math.random() * 16).toString(16)).join('');
-  return `${rnd(8)}-${rnd(4)}-4${rnd(3)}-${((8 + Math.random()*4)|0).toString(16)}${rnd(3)}-${rnd(12)}`;
-}
-
-let serviceName: string;
-if (baseName) {
-  serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
-} else {
-  if (strict) {
-    console.error('[securenow/web-vite] FATAL: SECURENOW_APPID/OTEL_SERVICE_NAME missing and SECURENOW_STRICT=1. Tracing disabled.');
-    // Do not start tracing
-    // @ts-expect-error
-    window.__SECURENOW_DISABLED__ = true;
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const _noop = true;
-    // early return by throwing a no-op error caught below:
-    throw new Error('__SECURENOW_NO_START__');
-  }
-  serviceName = `securenow-free-${uuidv4()}`;
-}
-
-const instancePrefix = baseName || 'securenow';
-const serviceInstanceId = `${instancePrefix}-${uuidv4()}`;
-
-// Loud line
-try {
-  // eslint-disable-next-line no-console
-  console.log(
-    '[securenow] web preload loaded SECURENOW_APPID=%s OTEL_SERVICE_NAME=%s SECURENOW_NO_UUID=%s SECURENOW_STRICT=%s → service.name=%s instance.id=%s',
-    JSON.stringify(env('SECURENOW_APPID')),
-    JSON.stringify(env('OTEL_SERVICE_NAME')),
-    JSON.stringify(env('SECURENOW_NO_UUID')),
-    JSON.stringify(env('SECURENOW_STRICT')),
-    serviceName,
-    serviceInstanceId
-  );
-} catch {}
-
-// ---- Provider / Exporter ----
-let started = false;
-
-export function startSecurenowWeb() {
-  if (started) return;
-  started = true;
-
-  const exporter = new OTLPTraceExporter({
-    url: tracesUrl,
-    headers,
-  });
-
-  const provider = new WebTracerProvider({
-    resource: new Resource({
-      [S.SERVICE_NAME]: serviceName,
-      [S.SERVICE_INSTANCE_ID]: serviceInstanceId,
-      [S.DEPLOYMENT_ENVIRONMENT]: viteEnv.MODE || 'production',
-      [S.SERVICE_VERSION]: viteEnv.VITE_APP_VERSION || undefined,
-    }),
-  });
-
-  provider.addSpanProcessor(new BatchSpanProcessor(exporter));
-  provider.register();
-
-  registerInstrumentations({
-    instrumentations: [
-      new DocumentLoadInstrumentation(),
-      new UserInteractionInstrumentation(),
-      new FetchInstrumentation({
-        propagateTraceHeaderCorsUrls: [/.*/],
-        ignoreUrls: [/\/vite\/hmr/, /^chrome-extension:\/\//, /sockjs/],
-      }),
-      new XMLHttpRequestInstrumentation({
-        propagateTraceHeaderCorsUrls: [/.*/],
-      }),
-    ],
-  });
-
-  // Optional smoke span (same flag name)
-  if (String(env('SECURENOW_TEST_SPAN')) === '1') {
-    const api = await import('@opentelemetry/api');
-    const tracer = api.trace.getTracer('securenow-smoke');
-    const span = tracer.startSpan('securenow.startup.smoke.web'); span.end();
-  }
-
-  // eslint-disable-next-line no-console
-  console.log('[securenow] Web OTel started → %s', tracesUrl);
-}
-
-// Auto-start
-try {
-  startSecurenowWeb();
-} catch (e: any) {
-  if (String(e?.message) !== '__SECURENOW_NO_START__') {
-    console.error('[securenow/web-vite] failed to start:', e);
-  }
-}
-
-export default startSecurenowWeb;
+// web-vite.ts — Browser OTel for Vite (ESM)
+// Defaults & naming rules match your Node tracing.js
+
+import { WebTracerProvider, BatchSpanProcessor } from '@opentelemetry/sdk-trace-web';
+import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
+import { Resource } from '@opentelemetry/resources';
+import { SemanticResourceAttributes as S } from '@opentelemetry/semantic-conventions';
+import { registerInstrumentations } from '@opentelemetry/instrumentation';
+import { DocumentLoadInstrumentation } from '@opentelemetry/instrumentation-document-load';
+import { UserInteractionInstrumentation } from '@opentelemetry/instrumentation-user-interaction';
+import { FetchInstrumentation } from '@opentelemetry/instrumentation-fetch';
+import { XMLHttpRequestInstrumentation } from '@opentelemetry/instrumentation-xml-http-request';
+
+// ---- helpers / env ----
+const viteEnv: any = (import.meta as any).env || {};
+
+function env(k: string): string | undefined {
+  // Accept both Vite envs (VITE_*) and raw names for window.__SECURENOW__
+  const direct =
+    viteEnv[k] ??
+    viteEnv[k.toUpperCase()] ??
+    viteEnv[k.toLowerCase()];
+  if (direct != null) return String(direct);
+
+  // Optionally support runtime overrides via window.__SECURENOW__
+  const w = (globalThis as any).window as any;
+  if (w && w.__SECURENOW__ && k in w.__SECURENOW__) return String(w.__SECURENOW__[k]);
+  return undefined;
+}
+
+function parseHeaders(str?: string) {
+  const out: Record<string, string> = {};
+  if (!str) return out;
+  String(str).split(',').forEach(raw => {
+    const s = raw.trim();
+    if (!s) return;
+    const i = s.indexOf('=');
+    if (i === -1) return;
+    out[s.slice(0, i).trim().toLowerCase()] = s.slice(i + 1).trim();
+  });
+  return out;
+}
+
+// ---- endpoints (same defaults as tracing.js) ----
+const endpointBase =
+  (env('SECURENOW_INSTANCE') || env('OTEL_EXPORTER_OTLP_ENDPOINT') || 'https://freetrial.securenow.ai:4318')
+    .replace(/\/$/, '');
+const tracesUrl =
+  env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
+const headers = parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS'));
+
+// ---- naming rules (mirrors tracing.js) ----
+const rawBase = (env('OTEL_SERVICE_NAME') || env('SECURENOW_APPID') || '').trim().replace(/^['"]|['"]$/g, '');
+const baseName = rawBase || null;
+const noUuid = String(env('SECURENOW_NO_UUID')) === '1' || String(env('SECURENOW_NO_UUID')).toLowerCase() === 'true';
+const strict = String(env('SECURENOW_STRICT')) === '1' || String(env('SECURENOW_STRICT')).toLowerCase() === 'true';
+
+function uuidv4(): string {
+  if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  const bytes = new Uint8Array(16);
+  if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+    crypto.getRandomValues(bytes);
+  } else {
+    for (let i = 0; i < 16; i++) bytes[i] = Math.floor(Math.random() * 256);
+  }
+  bytes[6] = (bytes[6] & 0x0f) | 0x40;
+  bytes[8] = (bytes[8] & 0x3f) | 0x80;
+  const hex = Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+  return `${hex.slice(0,8)}-${hex.slice(8,12)}-${hex.slice(12,16)}-${hex.slice(16,20)}-${hex.slice(20)}`;
+}
+
+let serviceName: string;
+let disabled = false;
+if (baseName) {
+  serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
+} else {
+  if (strict) {
+    console.error('[securenow/web-vite] FATAL: SECURENOW_APPID/OTEL_SERVICE_NAME missing and SECURENOW_STRICT=1. Tracing disabled.');
+    // @ts-expect-error
+    window.__SECURENOW_DISABLED__ = true;
+    disabled = true;
+    serviceName = 'disabled';
+  } else {
+    serviceName = `securenow-free-${uuidv4()}`;
+  }
+}
+
+const instancePrefix = baseName || 'securenow';
+const serviceInstanceId = `${instancePrefix}-${uuidv4()}`;
+
+// Loud line
+try {
+  // eslint-disable-next-line no-console
+  console.log(
+    '[securenow] web preload loaded SECURENOW_APPID=%s OTEL_SERVICE_NAME=%s SECURENOW_NO_UUID=%s SECURENOW_STRICT=%s → service.name=%s instance.id=%s',
+    JSON.stringify(env('SECURENOW_APPID')),
+    JSON.stringify(env('OTEL_SERVICE_NAME')),
+    JSON.stringify(env('SECURENOW_NO_UUID')),
+    JSON.stringify(env('SECURENOW_STRICT')),
+    serviceName,
+    serviceInstanceId
+  );
+} catch {}
+
+// ---- Provider / Exporter ----
+let started = false;
+
+export function startSecurenowWeb() {
+  if (started || disabled) return;
+  started = true;
+
+  const exporter = new OTLPTraceExporter({
+    url: tracesUrl,
+    headers,
+  });
+
+  const provider = new WebTracerProvider({
+    resource: new Resource({
+      [S.SERVICE_NAME]: serviceName,
+      [S.SERVICE_INSTANCE_ID]: serviceInstanceId,
+      [S.DEPLOYMENT_ENVIRONMENT]: viteEnv.MODE || 'production',
+      [S.SERVICE_VERSION]: viteEnv.VITE_APP_VERSION || undefined,
+    }),
+  });
+
+  provider.addSpanProcessor(new BatchSpanProcessor(exporter));
+  provider.register();
+
+  registerInstrumentations({
+    instrumentations: [
+      new DocumentLoadInstrumentation(),
+      new UserInteractionInstrumentation(),
+      new FetchInstrumentation({
+        propagateTraceHeaderCorsUrls: [new RegExp(`^${location.origin.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}`)],
+        ignoreUrls: [/\/vite\/hmr/, /^chrome-extension:\/\//, /sockjs/],
+      }),
+      new XMLHttpRequestInstrumentation({
+        propagateTraceHeaderCorsUrls: [new RegExp(`^${location.origin.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}`)],
+      }),
+    ],
+  });
+
+  // Optional smoke span (same flag name)
+  if (String(env('SECURENOW_TEST_SPAN')) === '1') {
+    import('@opentelemetry/api').then(api => {
+      const tracer = api.trace.getTracer('securenow-smoke');
+      const span = tracer.startSpan('securenow.startup.smoke.web'); span.end();
+    }).catch(() => {});
+  }
+
+  // eslint-disable-next-line no-console
+  console.log('[securenow] Web OTel started → %s', tracesUrl);
+}
+
+// ---- Free trial banner (browser DOM injection) ----
+function injectFreeTrialBanner(): void {
+  const FREETRIAL_HOST = 'freetrial.securenow.ai';
+  const hideBanner = String(env('SECURENOW_HIDE_BANNER')) === '1';
+  if (hideBanner || !endpointBase.includes(FREETRIAL_HOST)) return;
+  if (typeof document === 'undefined') return;
+
+  function create(): void {
+    if (document.getElementById('sn-ft-banner')) return;
+
+    const d = document.createElement('div');
+    d.id = 'sn-ft-banner';
+    d.style.cssText =
+      'position:fixed;top:0;left:0;right:0;z-index:2147483647;' +
+      'background:#FEF3CD;color:#856404;padding:10px 16px;' +
+      'font-family:system-ui,-apple-system,sans-serif;font-size:13px;' +
+      'text-align:center;border-bottom:2px solid #FFE69C;' +
+      'display:flex;align-items:center;justify-content:center;gap:6px;' +
+      'box-shadow:0 2px 8px rgba(0,0,0,0.12)';
+
+    const icon = document.createElement('span');
+    icon.textContent = '\u26a0\ufe0f';
+    d.appendChild(icon);
+
+    const msg = document.createElement('span');
+    const strong = document.createElement('strong');
+    strong.textContent = 'Testing Environment:';
+    msg.appendChild(strong);
+    msg.appendChild(document.createTextNode(
+      ' Only add test applications. For production usage, '
+    ));
+
+    const link = document.createElement('a');
+    link.href = 'https://app.securenow.ai/dashboard/settings/instances';
+    link.target = '_blank';
+    link.rel = 'noopener';
+    link.style.cssText = 'color:#664D03;font-weight:600;text-decoration:underline';
+    link.textContent = 'create a new production instance';
+    msg.appendChild(link);
+    msg.appendChild(document.createTextNode('.'));
+    d.appendChild(msg);
+
+    const upgradeBtn = document.createElement('a');
+    upgradeBtn.href = 'https://app.securenow.ai/dashboard/settings/instances';
+    upgradeBtn.target = '_blank';
+    upgradeBtn.rel = 'noopener';
+    upgradeBtn.textContent = '\u26a1 Upgrade';
+    upgradeBtn.style.cssText =
+      'display:inline-flex;align-items:center;gap:4px;' +
+      'background:#D97706;color:#fff;padding:4px 12px;border-radius:4px;' +
+      'font-size:12px;font-weight:600;text-decoration:none;margin-left:10px;' +
+      'white-space:nowrap;transition:background 0.15s';
+    upgradeBtn.onmouseover = () => { upgradeBtn.style.background = '#B45309'; };
+    upgradeBtn.onmouseout = () => { upgradeBtn.style.background = '#D97706'; };
+    d.appendChild(upgradeBtn);
+
+    const close = document.createElement('button');
+    close.textContent = '\u00d7';
+    close.style.cssText =
+      'background:none;border:none;color:#856404;font-size:18px;' +
+      'cursor:pointer;margin-left:12px;padding:0 4px;line-height:1';
+    close.onclick = () => { d.style.display = 'none'; };
+    d.appendChild(close);
+
+    document.body.prepend(d);
+  }
+
+  if (document.readyState === 'loading') {
+    document.addEventListener('DOMContentLoaded', create);
+  } else {
+    create();
+  }
+}
+
+// Auto-start
+try {
+  startSecurenowWeb();
+  injectFreeTrialBanner();
+} catch (e: any) {
+  console.error('[securenow/web-vite] failed to start:', e);
+}
+
+export default startSecurenowWeb;

package/LICENSE

@@ -1,15 +0,0 @@
-ISC License
-
-Copyright (c) 2025 SecureNow
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.