npm - securenow - Versions diffs - 7.0.0-anas.2 → 7.1.0 - Mend

securenow 7.0.0-anas.2 → 7.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/CONSUMING-APPS-GUIDE.md +17 -11
package/README.md +204 -282
package/SKILL-CLI.md +8 -4
package/app-config.js +21 -1
package/cli/apiKey.js +55 -0
package/cli/apps.js +8 -19
package/cli/auth.js +13 -2
package/cli/config.js +24 -0
package/cli/diagnostics.js +3 -1
package/cli.js +24 -0
package/docs/ALL-FRAMEWORKS-QUICKSTART.md +8 -0
package/docs/ENVIRONMENT-VARIABLES.md +24 -15
package/docs/LOGGING-QUICKSTART.md +25 -38
package/docs/NEXTJS-QUICKSTART.md +46 -36
package/docs/NUXT-GUIDE.md +17 -13
package/examples/nextjs-env-example.txt +32 -34
package/firewall-only.js +3 -2
package/nextjs.js +4 -2
package/package.json +1 -1
package/postinstall.js +3 -11

package/docs/NUXT-GUIDE.md CHANGED Viewed

@@ -2,12 +2,15 @@
 ## Quick Start (1 minute)
-### 1. Install
+### 1. Install + login
 ```bash
 npm install securenow
+npx securenow login    # pick/create your app in the browser
 ```
+`login` writes `.securenow/credentials.json` locally. No `.env` needed for local dev.
 ### 2. Add the module to `nuxt.config.ts`
 ```ts
@@ -16,16 +19,7 @@ export default defineNuxtConfig({
 });
 ```
-### 3. Set environment variables
-Create a `.env` file in your project root:
-```env
-SECURENOW_APPID=my-nuxt-app
-SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
-```
-### 4. Start your app
+### 3. Start your app
 ```bash
 nuxt dev
@@ -36,10 +30,20 @@ You should see in the console:
 ```
 [securenow] Nuxt module loaded — server plugin registered
 [securenow] 🚀 Nuxt OTel SDK started → https://freetrial.securenow.ai:4318/v1/traces
-[securenow] service.name=my-nuxt-app instance.id=my-nuxt-app-...
 ```
-That's it — all server-side requests are now traced.
+That's it — all server-side requests are now traced, logs forwarded, and bodies captured. The app you picked during `login` is where they land.
+### 4. (Optional) Override for CI / Docker / prod
+`.securenow/credentials.json` is for local dev. For environments where you can't run `npx securenow login`, set env vars:
+```env
+SECURENOW_APPID=<app-key-uuid>
+SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
+```
+Env vars always take precedence.
 ---

package/examples/nextjs-env-example.txt CHANGED Viewed

@@ -1,34 +1,32 @@
-# SecureNow Configuration for Next.js
-# Place these in your .env.local file
-# Required: Your application identifier
-SECURENOW_APPID=my-nextjs-app
-# Optional: Your OTLP collector endpoint (SecureNow or any OTLP-compatible backend)
-# Default: https://freetrial.securenow.ai:4318
-SECURENOW_INSTANCE=http://your-otlp-collector:4318
-# Optional: API Key or authentication headers
-OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"
-# Optional: Don't append UUID to service name (useful for dev)
-# SECURENOW_NO_UUID=1
-# Optional: Log level
-# OTEL_LOG_LEVEL=info
-# Optional: Disable specific instrumentations (comma-separated)
-# SECURENOW_DISABLE_INSTRUMENTATIONS=fs,dns
-# Optional: Create a test span on startup
-# SECURENOW_TEST_SPAN=1
-# Next.js will automatically use NODE_ENV
-# NODE_ENV=production
+# SecureNow Configuration for Next.js
+#
+# ============================================================
+# For local dev you do NOT need this file.
+# Instead run:
+#   npx securenow login
+# That writes .securenow/credentials.json and the SDK reads it.
+# ============================================================
+#
+# This template is for CI / Docker / Vercel — places where you
+# can't run the interactive login. Env vars always take
+# precedence over .securenow/credentials.json.
+# App routing key (UUID). From: npx securenow apps
+SECURENOW_APPID=your-app-key-uuid
+# OTLP collector endpoint. Default is the Free Trial.
+SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
+# Optional — defaults are already sensible. Flip to 0 to disable.
+# SECURENOW_LOGGING_ENABLED=0      # forward console.* as OTLP logs
+# SECURENOW_CAPTURE_BODY=0         # capture POST/PUT/PATCH JSON + form bodies
+# SECURENOW_CAPTURE_MULTIPART=0    # capture multipart field / file metadata
+# SECURENOW_MAX_BODY_SIZE=10240    # bytes (default 10KB)
+# Optional — OTel tuning
+# OTEL_LOG_LEVEL=info
+# SECURENOW_DISABLE_INSTRUMENTATIONS=fs,dns
+# SECURENOW_NO_UUID=1              # use bare APPID as service.name (no UUID suffix)
+# Authentication (auto-set when SECURENOW_APPID is present)
+# OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"

package/firewall-only.js CHANGED Viewed

@@ -8,7 +8,7 @@
  *   NODE_OPTIONS='-r securenow/firewall-only' next start
  *
  * Reads .env via dotenv (if installed), then initialises the HTTP-level
- * firewall when SECURENOW_API_KEY is present.
+ * firewall when an API key is resolvable (env var or .securenow/credentials.json).
  */
 try { require('dotenv').config(); } catch (_) {}
@@ -16,7 +16,8 @@ try { require('dotenv').config(); } catch (_) {}
 const env = (k) =>
   process.env[k] ?? process.env[k.toUpperCase()] ?? process.env[k.toLowerCase()];
-const firewallApiKey = env('SECURENOW_API_KEY');
+const { resolveApiKey } = require('./app-config');
+const firewallApiKey = resolveApiKey();
 if (firewallApiKey && env('SECURENOW_FIREWALL_ENABLED') !== '0') {
   require('./firewall').init({

package/nextjs.js CHANGED Viewed

@@ -610,8 +610,10 @@ function registerSecureNow(options = {}) {
     }
   }
-  // Firewall — runs independently from OTel so it works even if tracing fails
-  const firewallApiKey = env('SECURENOW_API_KEY');
+  // Firewall — runs independently from OTel so it works even if tracing fails.
+  // Key comes from env OR .securenow/credentials.json (set via
+  // `npx securenow api-key set snk_live_...`), so you don't need a .env entry.
+  const firewallApiKey = require('./app-config').resolveApiKey();
   if (firewallApiKey && env('SECURENOW_FIREWALL_ENABLED') !== '0') {
     try {
       require('./firewall').init({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "7.0.0-anas.2",
+  "version": "7.1.0",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",

package/postinstall.js CHANGED Viewed

@@ -289,19 +289,11 @@ async function setup() {
           }
         }
-        // Create .env.local if it doesn't exist
-        const envPath = path.join(process.cwd(), '.env.local');
-        if (!fs.existsSync(envPath)) {
-          createEnvTemplate(envPath);
-          console.log('✅ Created .env.local template');
-        }
         console.log('\n┌─────────────────────────────────────────────────┐');
         console.log('│  🚀 Next Steps:                                 │');
         console.log('│                                                 │');
-        console.log('│  1. Edit .env.local and set:                   │');
-        console.log('│     SECURENOW_APPID=your-app-name              │');
-        console.log('│     SECURENOW_INSTANCE=http://your-otlp-backend:4318 │');
+        console.log('│  1. Pick your app in the browser:              │');
+        console.log('│     npx securenow login                        │');
         console.log('│                                                 │');
         console.log('│  2. Run your app: npm run dev                  │');
         console.log('│                                                 │');
@@ -312,7 +304,7 @@ async function setup() {
         }
         console.log('│  📚 Full guide: npm docs securenow              │');
         console.log('└─────────────────────────────────────────────────┘\n');
         rl.close();
       });