securenow 7.5.1 → 7.6.1

package/cli/init.js

@@ -1,244 +1,243 @@
-'use strict';
-
+'use strict';
+
 const fs = require('fs');
 const path = require('path');
 const ui = require('./ui');
 const config = require('./config');
 
-const DEFAULT_ENV = {
-  SECURENOW_LOGGING_ENABLED: '1',
-  SECURENOW_CAPTURE_BODY: '1',
-  SECURENOW_CAPTURE_MULTIPART: '1',
-  SECURENOW_FIREWALL_ENABLED: '1',
-};
-
-const INSTRUMENTATION_JS = `import { createRequire } from 'node:module';
-
-const require = createRequire(import.meta.url);
-
-export async function register() {
+const INSTRUMENTATION = `export async function register() {
   if (process.env.NEXT_RUNTIME !== 'nodejs') return;
 
-  process.env.SECURENOW_LOGGING_ENABLED ??= '1';
-  process.env.SECURENOW_CAPTURE_BODY ??= '1';
-  process.env.SECURENOW_CAPTURE_MULTIPART ??= '1';
-  process.env.SECURENOW_FIREWALL_ENABLED ??= '1';
-
-  const { registerSecureNow } = require('securenow/nextjs');
+  const securenowNext = await import(/* webpackIgnore: true */ 'securenow/nextjs');
+  const registerSecureNow = securenowNext.registerSecureNow || securenowNext.default?.registerSecureNow;
   registerSecureNow({ captureBody: true });
-  require('securenow/nextjs-auto-capture');
+  await import(/* webpackIgnore: true */ 'securenow/nextjs-auto-capture');
 }
 `;
 
-const INSTRUMENTATION_TS = `import { createRequire } from 'node:module';
+function detectProject(dir) {
+  const pkgPath = path.join(dir, 'package.json');
+  if (!fs.existsSync(pkgPath)) return { framework: 'unknown' };
 
-const require = createRequire(import.meta.url);
+  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8').replace(/^\uFEFF/, ''));
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
 
-export async function register() {
-  if (process.env.NEXT_RUNTIME !== 'nodejs') return;
+  if (allDeps.next) return { framework: 'nextjs', pkg, pkgPath, nextVersion: allDeps.next };
+  if (allDeps.nuxt) return { framework: 'nuxt', pkg, pkgPath };
+  if (allDeps.express) return { framework: 'express', pkg, pkgPath };
+  if (allDeps.fastify) return { framework: 'fastify', pkg, pkgPath };
+  if (allDeps.koa) return { framework: 'koa', pkg, pkgPath };
+  if (allDeps.hapi || allDeps['@hapi/hapi']) return { framework: 'hapi', pkg, pkgPath };
+  return { framework: 'node', pkg, pkgPath };
+}
 
-  process.env.SECURENOW_LOGGING_ENABLED ??= '1';
-  process.env.SECURENOW_CAPTURE_BODY ??= '1';
-  process.env.SECURENOW_CAPTURE_MULTIPART ??= '1';
-  process.env.SECURENOW_FIREWALL_ENABLED ??= '1';
+function findInstrumentationFile(dir) {
+  for (const name of ['instrumentation.ts', 'instrumentation.js', 'src/instrumentation.ts', 'src/instrumentation.js']) {
+    const p = path.join(dir, name);
+    if (fs.existsSync(p)) return p;
+  }
+  return null;
+}
 
-  const { registerSecureNow } = require('securenow/nextjs');
-  registerSecureNow({ captureBody: true });
-  require('securenow/nextjs-auto-capture');
+function findNextConfig(dir) {
+  for (const name of ['next.config.js', 'next.config.mjs', 'next.config.ts']) {
+    const p = path.join(dir, name);
+    if (fs.existsSync(p)) return p;
+  }
+  return null;
 }
-`;
-
-function detectProject(dir) {
-  const pkgPath = path.join(dir, 'package.json');
-  if (!fs.existsSync(pkgPath)) return { framework: 'unknown' };
-
-  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
-
-  if (allDeps.next) return { framework: 'nextjs', pkg, pkgPath, nextVersion: allDeps.next };
-  if (allDeps.nuxt) return { framework: 'nuxt', pkg, pkgPath };
-  if (allDeps.express) return { framework: 'express', pkg, pkgPath };
-  if (allDeps.fastify) return { framework: 'fastify', pkg, pkgPath };
-  if (allDeps.koa) return { framework: 'koa', pkg, pkgPath };
-  if (allDeps.hapi || allDeps['@hapi/hapi']) return { framework: 'hapi', pkg, pkgPath };
-  return { framework: 'node', pkg, pkgPath };
-}
-
-function findInstrumentationFile(dir) {
-  for (const name of ['instrumentation.ts', 'instrumentation.js', 'src/instrumentation.ts', 'src/instrumentation.js']) {
-    const p = path.join(dir, name);
-    if (fs.existsSync(p)) return p;
-  }
-  return null;
-}
-
-function findNextConfig(dir) {
-  for (const name of ['next.config.js', 'next.config.mjs', 'next.config.ts']) {
-    const p = path.join(dir, name);
-    if (fs.existsSync(p)) return p;
-  }
-  return null;
-}
-
-function hasTypeScript(dir) {
-  return fs.existsSync(path.join(dir, 'tsconfig.json'));
-}
-
-async function init(_args, flags) {
-  const dir = process.cwd();
-  const project = detectProject(dir);
-
-  ui.header('SecureNow Project Setup');
-
-  if (project.framework === 'unknown') {
-    ui.error('No package.json found. Run this command in your project root.');
-    process.exit(1);
-  }
-
-  ui.info(`Detected framework: ${ui.bold(project.framework)}`);
-
-  if (project.framework === 'nextjs') {
-    await initNextJs(dir, project, flags);
-  } else if (project.framework === 'nuxt') {
-    initNuxt(dir, project);
-  } else {
-    initNode(dir, project);
-  }
-
-  initEnv(dir, flags);
-
-  console.log('');
-  ui.success('Setup complete! Run your app to verify.');
-}
-
-async function initNextJs(dir, project, flags) {
-  const useTs = hasTypeScript(dir);
-  const ext = useTs ? 'ts' : 'js';
-
-  const existing = findInstrumentationFile(dir);
-  if (existing) {
-    ui.info(`instrumentation file already exists: ${path.relative(dir, existing)}`);
-  } else {
-    const filePath = path.join(dir, `instrumentation.${ext}`);
-    const content = useTs ? INSTRUMENTATION_TS : INSTRUMENTATION_JS;
-    fs.writeFileSync(filePath, content, 'utf8');
-    ui.success(`Created instrumentation.${ext}`);
-  }
-
-  const configPath = findNextConfig(dir);
-  if (configPath) {
-    const content = fs.readFileSync(configPath, 'utf8');
-    if (content.includes('withSecureNow')) {
-      ui.info('next.config already uses withSecureNow — skipping');
-    } else if (content.includes('serverExternalPackages') && content.includes('securenow')) {
-      ui.info('next.config already externalizes securenow — skipping');
-    } else if (content.includes('serverComponentsExternalPackages') && content.includes('securenow')) {
-      ui.info('next.config already externalizes securenow — skipping');
-    } else {
-      ui.warn(`Update your ${path.basename(configPath)} to use withSecureNow():`);
-      console.log('');
-      console.log(`  const { withSecureNow } = require('securenow/nextjs-webpack-config');`);
-      console.log(`  module.exports = withSecureNow({ /* your config */ });`);
-      console.log('');
-    }
-  } else {
-    const newConfigPath = path.join(dir, 'next.config.js');
-    fs.writeFileSync(newConfigPath, `const { withSecureNow } = require('securenow/nextjs-webpack-config');\n\nmodule.exports = withSecureNow({\n  reactStrictMode: true,\n});\n`, 'utf8');
-    ui.success('Created next.config.js with withSecureNow()');
-  }
-}
-
-function initNuxt(dir, project) {
-  const configPath = path.join(dir, 'nuxt.config.ts');
-  if (fs.existsSync(configPath)) {
-    const content = fs.readFileSync(configPath, 'utf8');
-    if (content.includes('securenow/nuxt')) {
-      ui.info('nuxt.config already references securenow/nuxt — skipping');
-    } else {
-      ui.warn('Add securenow/nuxt to your nuxt.config modules:');
-      console.log('');
-      console.log("  modules: ['securenow/nuxt'],");
-      console.log('');
-    }
-  } else {
-    ui.warn('Add securenow/nuxt to your nuxt.config modules array.');
-  }
-}
-
-function initNode(dir, project) {
-  const pkg = project.pkg;
-  const scripts = pkg.scripts || {};
-
-  const startScript = scripts.start || '';
-  if (startScript.includes('securenow/register')) {
-    ui.info('start script already uses securenow/register — skipping');
-    return;
-  }
-
-  if (startScript) {
-    ui.warn('Update your start script to include the securenow preload:');
-    console.log('');
-    if (startScript.includes('node ')) {
-      const updated = startScript.replace('node ', 'node -r securenow/register ');
-      console.log(`  "start": "${updated}"`);
-    } else {
-      console.log(`  "start": "node -r securenow/register ${startScript.replace(/^node\s+/, '')}"`);
-    }
-    console.log('');
-  } else {
-    ui.warn('Add a start script with the securenow preload:');
-    console.log('');
-    console.log('  "start": "node -r securenow/register src/index.js"');
-    console.log('');
-  }
-}
-
-function initEnv(dir, flags) {
-  const envFiles = ['.env', '.env.local'];
-  let envPath = null;
-
-  for (const f of envFiles) {
-    const p = path.join(dir, f);
-    if (fs.existsSync(p)) {
-      envPath = p;
-      break;
-    }
+
+function hasTypeScript(dir) {
+  return fs.existsSync(path.join(dir, 'tsconfig.json'));
+}
+
+function nextMajor(project) {
+  const raw = String(project.nextVersion || '').replace(/^[^\d]*/, '');
+  const major = parseInt(raw, 10);
+  return Number.isFinite(major) ? major : 15;
+}
+
+async function init(_args, flags) {
+  const dir = process.cwd();
+  const project = detectProject(dir);
+
+  ui.header('SecureNow Project Setup');
+
+  if (project.framework === 'unknown') {
+    ui.error('No package.json found. Run this command in your project root.');
+    process.exit(1);
   }
 
-  if (!envPath) envPath = path.join(dir, '.env.local');
+  ui.info(`Detected framework: ${ui.bold(project.framework)}`);
+  initCredentials(flags);
 
-  const existing = fs.existsSync(envPath) ? fs.readFileSync(envPath, 'utf8') : '';
-  const additions = [];
-  for (const [key, value] of Object.entries(DEFAULT_ENV)) {
-    if (!hasEnvKey(existing, key)) additions.push(`${key}=${value}`);
+  if (project.framework === 'nextjs') {
+    await initNextJs(dir, project, flags);
+  } else if (project.framework === 'nuxt') {
+    initNuxt(dir);
+  } else {
+    initNode(project);
   }
 
+  console.log('');
+  ui.success('Setup complete.');
+  ui.info('Run `npx securenow login` if this project is not linked to an app yet.');
+  ui.info('Then verify with `npx securenow test-span` and `npx securenow status`.');
+}
+
+function initCredentials(flags) {
+  config.ensureCredentialDefaults({ local: true });
+  config.ensureLocalGitignore();
+  const creds = config.loadCredentials();
+  creds.config = creds.config || {};
+  creds.config.runtime = creds.config.runtime || {};
+  creds.config.runtime.deploymentEnvironment = flags.env || flags.environment || 'local';
+  config.saveCredentials(creds, { local: true });
+
   const explicitApiKey = flags.key || flags['api-key'] || '';
-  const hasApiKey = hasEnvKey(existing, 'SECURENOW_API_KEY');
-  if (explicitApiKey && !hasApiKey) additions.push(`SECURENOW_API_KEY=${explicitApiKey}`);
+  if (explicitApiKey) {
+    if (!String(explicitApiKey).startsWith('snk_live_')) {
+      ui.error('--key must start with snk_live_');
+      process.exit(1);
+    }
+    config.setApiKey(explicitApiKey, { local: true });
+    ui.success('Stored firewall API key in .securenow/credentials.json');
+  }
 
-  if (additions.length > 0) {
-    const sep = existing && !existing.endsWith('\n') ? '\n' : '';
-    fs.appendFileSync(envPath, `${sep}${additions.join('\n')}\n`, 'utf8');
-    ui.success(`Updated ${path.basename(envPath)} with SecureNow defaults`);
+  ui.success('Ensured .securenow/credentials.json has secure defaults and explanations');
+}
+
+async function initNextJs(dir, project, flags) {
+  const useTs = flags.javascript ? false : flags.typescript ? true : hasTypeScript(dir);
+  const ext = useTs ? 'ts' : 'js';
+
+  const existing = findInstrumentationFile(dir);
+  if (existing) {
+    ui.info(`instrumentation file already exists: ${path.relative(dir, existing)}`);
+    printAgentPrompt('instrumentation', path.basename(existing), nextMajor(project));
   } else {
-    ui.info(`${path.basename(envPath)} already contains SecureNow defaults`);
+    const filePath = path.join(dir, `instrumentation.${ext}`);
+    fs.writeFileSync(filePath, INSTRUMENTATION, 'utf8');
+    ui.success(`Created instrumentation.${ext}`);
   }
 
-  if (hasApiKey || explicitApiKey) {
-    ui.info(`SECURENOW_API_KEY is set in ${path.basename(envPath)}`);
-  } else if (config.getApiKey()) {
-    ui.info('Using firewall API key from project .securenow/credentials.json');
+  const configPath = findNextConfig(dir);
+  if (configPath) {
+    const patched = patchNextConfig(configPath, nextMajor(project));
+    if (patched === 'already') {
+      ui.info(`${path.basename(configPath)} already externalizes securenow`);
+    } else if (patched === 'patched') {
+      ui.success(`Updated ${path.basename(configPath)} with SecureNow server externalization`);
+    } else {
+      ui.warn(`Could not safely edit ${path.basename(configPath)} automatically.`);
+      printAgentPrompt('next-config', path.basename(configPath), nextMajor(project));
+    }
   } else {
-    ui.warn(`Add your API key to ${path.basename(envPath)}:`);
+    const newConfigPath = path.join(dir, 'next.config.mjs');
+    fs.writeFileSync(newConfigPath, `/** @type {import('next').NextConfig} */
+const nextConfig = {
+  serverExternalPackages: ['securenow'],
+};
+
+export default nextConfig;
+`, 'utf8');
+    ui.success('Created next.config.mjs');
+  }
+}
+
+function patchNextConfig(configPath, major) {
+  const content = fs.readFileSync(configPath, 'utf8');
+  const serverExternalWithSecureNow = /serverExternalPackages\s*:\s*\[[\s\S]*?['"]securenow['"][\s\S]*?\]/m.test(content);
+  const serverComponentsWithSecureNow = /serverComponentsExternalPackages\s*:\s*\[[\s\S]*?['"]securenow['"][\s\S]*?\]/m.test(content);
+  if (serverExternalWithSecureNow || serverComponentsWithSecureNow || content.includes('withSecureNow(')) {
+    return 'already';
+  }
+
+  if (major < 15) return 'manual';
+
+  const existingServerExternal = content.match(/serverExternalPackages\s*:\s*\[([\s\S]*?)\]/m);
+  if (existingServerExternal) {
+    const current = existingServerExternal[1].trim().replace(/,\s*$/, '');
+    const replacement = `serverExternalPackages: [${current ? `${current}, ` : ''}'securenow']`;
+    fs.writeFileSync(configPath, content.replace(existingServerExternal[0], replacement), 'utf8');
+    return 'patched';
+  }
+
+  const insert = `  serverExternalPackages: ['securenow'],\n`;
+  const patterns = [
+    /(const\s+nextConfig\s*=\s*{\s*\r?\n)/,
+    /(export\s+default\s+{\s*\r?\n)/,
+    /(module\.exports\s*=\s*{\s*\r?\n)/,
+  ];
+
+  for (const pattern of patterns) {
+    if (pattern.test(content)) {
+      fs.writeFileSync(configPath, content.replace(pattern, `$1${insert}`), 'utf8');
+      return 'patched';
+    }
+  }
+
+  return 'manual';
+}
+
+function printAgentPrompt(kind, filename, major) {
+  console.log('');
+  ui.heading('Codex/Claude prompt');
+  console.log([
+    'Set up SecureNow in this existing Next.js project without using .env files.',
+    'Use .securenow/credentials.json for local and production configuration; do not add .env files.',
+    kind === 'instrumentation'
+      ? `Merge this into ${filename}: in register(), return unless process.env.NEXT_RUNTIME === "nodejs"; then dynamically import "securenow/nextjs" and "securenow/nextjs-auto-capture" with /* webpackIgnore: true */ so Next does not bundle OpenTelemetry internals. Preserve all existing instrumentation.`
+      : null,
+    kind === 'next-config' && major >= 15
+      ? `Update ${filename} while preserving existing config: add securenow to serverExternalPackages, e.g. serverExternalPackages: [...(existing || []), "securenow"].`
+      : null,
+    kind === 'next-config' && major < 15
+      ? `Update ${filename} while preserving existing config: enable experimental.instrumentationHook and add securenow to experimental.serverComponentsExternalPackages.`
+      : null,
+    'Verify with: npx securenow env, npx securenow test-span, npx securenow status, and the project build command.',
+  ].filter(Boolean).join('\n'));
+  console.log('');
+}
+
+function initNuxt(dir) {
+  const configPath = path.join(dir, 'nuxt.config.ts');
+  if (fs.existsSync(configPath)) {
+    const content = fs.readFileSync(configPath, 'utf8');
+    if (content.includes('securenow/nuxt')) {
+      ui.info('nuxt.config already references securenow/nuxt');
+    } else {
+      ui.warn('Add securenow/nuxt to your nuxt.config modules array.');
+    }
+  } else {
+    ui.warn('Add securenow/nuxt to your nuxt.config modules array.');
+  }
+}
+
+function initNode(project) {
+  const scripts = project.pkg.scripts || {};
+  const startScript = scripts.start || '';
+  if (startScript.includes('securenow/register')) {
+    ui.info('start script already uses securenow/register');
+    return;
+  }
+
+  if (startScript) {
+    ui.warn('Update your start script to include the securenow preload:');
     console.log('');
-    console.log('  SECURENOW_API_KEY=snk_live_...');
+    if (startScript.includes('node ')) {
+      const updated = startScript.replace('node ', 'node -r securenow/register ');
+      console.log(`  "start": "${updated}"`);
+    } else {
+      console.log(`  "start": "node -r securenow/register ${startScript.replace(/^node\s+/, '')}"`);
+    }
+    console.log('');
+  } else {
+    ui.warn('Add a start script with the securenow preload:');
+    console.log('');
+    console.log('  "start": "node -r securenow/register src/index.js"');
     console.log('');
   }
 }
 
-function hasEnvKey(content, key) {
-  return new RegExp(`^\\s*${key}\\s*=`, 'm').test(content || '');
-}
-
-module.exports = { init };
+module.exports = { init };