securenow 7.6.6 → 7.6.8

package/docs/EXPRESS-BODY-CAPTURE.md

@@ -1,1028 +0,0 @@
-# Request Body Capture for Express.js with PM2
-
-This guide shows how to automatically capture request bodies in Express.js applications, including those running with PM2 clustering.
-
-**Available for both JavaScript and TypeScript projects!**
-
-## 📖 Table of Contents
-
-- [Overview](#-overview)
-- [Quick Start](#-quick-start)
-- [How It Works](#-how-it-works)
-- [Configuration](#-configuration)
-- [PM2 Clustering](#-pm2-clustering)
-- [Supported Content Types](#-supported-content-types)
-- [Complete Example (JS & TS)](#-example-complete-express--pm2-setup)
-- [Testing Body Capture](#-testing-body-capture)
-- [Troubleshooting](#-troubleshooting)
-- [Security Considerations](#-security-considerations)
-- [Performance Impact](#-performance-impact)
-- [TypeScript-Specific Guide](#-typescript-specific-guide)
-- [Advanced Topics](#-advanced-topics)
-
----
-
-## 🎯 Overview
-
-**SecureNow** captures request bodies at the HTTP instrumentation level, **before Express parses them**. This works automatically for most Express apps, but you need to understand how it interacts with Express body parsers.
-
-This guide provides examples for both **JavaScript** and **TypeScript** projects.
-
-### JavaScript vs TypeScript
-
-| Feature | JavaScript | TypeScript |
-|---------|-----------|------------|
-| **Setup Complexity** | ⚡ Simple | 🔧 Moderate |
-| **Type Safety** | ❌ No | ✅ Yes |
-| **Build Step** | ❌ Not required | ✅ Required |
-| **SecureNow Setup** | Identical | Identical |
-| **Body Capture** | ✅ Works | ✅ Works |
-| **Production Ready** | ✅ Yes | ✅ Yes |
-
-**Both work identically with SecureNow!** Choose based on your project preference.
-
-## ⚡ Quick Start
-
-### 1. Install SecureNow
-
-```bash
-npm install securenow
-```
-
-### 2. Configure Environment Variables
-
-Create `.env` or set in PM2 ecosystem file:
-
-```bash
-SECURENOW_APPID=my-express-api
-SECURENOW_INSTANCE=http://your-otlp-backend:4318
-SECURENOW_CAPTURE_BODY=1
-SECURENOW_MAX_BODY_SIZE=10240
-```
-
-### 3. Enable in Express App
-
-**Option A: Using `--require` flag (Recommended for PM2)**
-
-**JavaScript:**
-
-```javascript
-// app.js - NO changes needed to your code!
-const express = require('express');
-const app = express();
-
-app.use(express.json());
-
-app.post('/api/login', (req, res) => {
-  // Your existing code - body is automatically captured
-  res.json({ success: true });
-});
-
-app.listen(3000);
-```
-
-**TypeScript:**
-
-```typescript
-// app.ts - NO changes needed to your code!
-import express, { Request, Response } from 'express';
-const app = express();
-
-app.use(express.json());
-
-app.post('/api/login', (req: Request, res: Response) => {
-  // Your existing code - body is automatically captured
-  res.json({ success: true });
-});
-
-app.listen(3000);
-```
-
-**Start with PM2:**
-
-```bash
-# JavaScript
-pm2 start app.js --node-args="-r securenow/register"
-
-# TypeScript (after compiling)
-npm run build
-pm2 start dist/app.js --node-args="-r securenow/register"
-```
-
-**Or in `ecosystem.config.js`:**
-
-```javascript
-module.exports = {
-  apps: [{
-    name: 'express-api',
-    script: './app.js',  // or './dist/app.js' for TypeScript
-    instances: 4,
-    exec_mode: 'cluster',
-    node_args: '-r securenow/register',
-    env: {
-      NODE_ENV: 'production',
-      SECURENOW_APPID: 'express-api',
-      SECURENOW_CAPTURE_BODY: '1',
-      SECURENOW_NO_UUID: '1',  // Same service.name across workers
-    }
-  }]
-};
-```
-
-**Option B: Require in Code**
-
-**JavaScript:**
-
-```javascript
-// app.js - Add this at the VERY TOP
-require('securenow/register');
-
-const express = require('express');
-// ... rest of your app
-```
-
-**TypeScript:**
-
-```typescript
-// app.ts - Add this at the VERY TOP
-import 'securenow/register';
-
-import express from 'express';
-// ... rest of your app
-```
-
-## 📝 How It Works
-
-### Body Capture Flow
-
-```
-┌─────────────────────────────────────────────────────────┐
-│  1. HTTP Request arrives                                │
-│     ↓                                                    │
-│  2. SecureNow HTTP Instrumentation reads raw stream     │
-│     - Buffers body chunks                               │
-│     - Does NOT consume stream                           │
-│     ↓                                                    │
-│  3. Express body-parser reads stream                    │
-│     - Parses JSON/form data                             │
-│     - Populates req.body                                │
-│     ↓                                                    │
-│  4. SecureNow captures body on 'end' event              │
-│     - Redacts sensitive fields                          │
-│     - Attaches to OpenTelemetry span                    │
-│     ↓                                                    │
-│  5. Your Express handler runs                           │
-│     - req.body is available as normal                   │
-└─────────────────────────────────────────────────────────┘
-```
-
-### Key Points
-
-1. **Stream Buffering**: SecureNow listens to the Node.js HTTP request stream and buffers chunks as they arrive
-2. **Non-Destructive**: The buffering doesn't consume the stream, so Express can still read it
-3. **Automatic Redaction**: Sensitive fields (passwords, tokens, etc.) are automatically redacted
-4. **Size Limiting**: Bodies larger than `SECURENOW_MAX_BODY_SIZE` are not captured
-
-## 🔧 Configuration
-
-### Environment Variables
-
-| Variable | Description | Default |
-|----------|-------------|---------|
-| `SECURENOW_CAPTURE_BODY` | Enable body capture (`1` or `true`) | `0` (disabled) |
-| `SECURENOW_MAX_BODY_SIZE` | Max body size in bytes | `10240` (10KB) |
-| `SECURENOW_SENSITIVE_FIELDS` | Comma-separated additional sensitive fields | (see below) |
-| `SECURENOW_CAPTURE_MULTIPART` | Enable multipart/form-data streaming capture (`1` or `true`) | `0` (disabled) |
-
-### Default Sensitive Fields
-
-These fields are **automatically redacted**:
-
-```javascript
-'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
-'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
-'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin'
-```
-
-### Adding Custom Sensitive Fields
-
-```bash
-# In .env or PM2 config
-SECURENOW_SENSITIVE_FIELDS=custom_token,internal_key,private_data
-```
-
-## 🚀 PM2 Clustering
-
-### Cluster Mode Setup
-
-**ecosystem.config.js:**
-
-```javascript
-module.exports = {
-  apps: [{
-    name: 'express-api',
-    script: './server.js',
-    instances: 'max',  // Use all CPU cores
-    exec_mode: 'cluster',
-    node_args: '-r securenow/register',
-    env: {
-      NODE_ENV: 'production',
-      SECURENOW_APPID: 'express-api',
-      SECURENOW_INSTANCE: 'http://otel-collector:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      SECURENOW_NO_UUID: '1',      // Same service.name
-      SECURENOW_STRICT: '1',       // Fail if APPID missing
-    }
-  }]
-};
-```
-
-**Start cluster:**
-
-```bash
-pm2 start ecosystem.config.js
-```
-
-### Service Naming in Clusters
-
-**Without `SECURENOW_NO_UUID=1`:**
-- Each worker gets unique service name: `express-api-abc123`, `express-api-def456`
-- Good for debugging individual workers
-- Traces are separated per worker
-
-**With `SECURENOW_NO_UUID=1`:**
-- All workers share same service name: `express-api`
-- Traces are grouped together
-- Recommended for production
-
-### Monitoring Workers
-
-```bash
-# View all workers
-pm2 list
-
-# View logs (all workers)
-pm2 logs express-api
-
-# View logs for specific worker
-pm2 logs express-api --lines 100
-```
-
-## 📋 Supported Content Types
-
-| Content Type | Captured? | Parsed? | Redacted? |
-|--------------|-----------|---------|-----------|
-| `application/json` | ✅ Yes | ✅ Yes | ✅ Yes |
-| `application/graphql` | ✅ Yes | ✅ Yes | ✅ Yes |
-| `application/x-www-form-urlencoded` | ✅ Yes | ✅ Yes | ✅ Yes |
-| `multipart/form-data` | ✅ Metadata | ✅ Streaming | ✅ Yes |
-| `text/plain` | ❌ No | N/A | N/A |
-
-**Note**: Multipart capture requires `SECURENOW_CAPTURE_MULTIPART=1` (v5.8.0+). Uses a streaming parser — text field values and file metadata (name, filename, content-type, size) are captured; file binary content is never buffered or stored.
-
-## 🔍 Example: Complete Express + PM2 Setup
-
-### Project Structure (JavaScript)
-
-```
-my-express-api/
-├── server.js
-├── ecosystem.config.js
-├── .env
-└── package.json
-```
-
-### Project Structure (TypeScript)
-
-```
-my-express-api/
-├── src/
-│   └── server.ts
-├── dist/
-├── ecosystem.config.js
-├── .env
-├── tsconfig.json
-└── package.json
-```
-
----
-
-### server.js (JavaScript)
-
-```javascript
-require('securenow/register');  // At the top!
-
-const express = require('express');
-const app = express();
-
-// Body parsers
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
-// Routes
-app.post('/api/users', (req, res) => {
-  // Body is automatically captured in traces
-  // Sensitive fields are redacted
-  console.log('Creating user:', req.body.email);
-  res.json({ id: 123, email: req.body.email });
-});
-
-app.post('/api/login', (req, res) => {
-  // Password is automatically redacted in traces
-  console.log('Login attempt:', req.body.email);
-  res.json({ token: 'abc123' });
-});
-
-const PORT = process.env.PORT || 3000;
-app.listen(PORT, () => {
-  console.log(`Server running on port ${PORT}, PID: ${process.pid}`);
-});
-```
-
-### server.ts (TypeScript)
-
-```typescript
-import 'securenow/register';  // At the top!
-
-import express, { Request, Response } from 'express';
-const app = express();
-
-// Body parsers
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
-// Types for request bodies
-interface CreateUserBody {
-  email: string;
-  name: string;
-}
-
-interface LoginBody {
-  email: string;
-  password: string;
-}
-
-// Routes
-app.post('/api/users', (req: Request<{}, {}, CreateUserBody>, res: Response) => {
-  // Body is automatically captured in traces
-  // Sensitive fields are redacted
-  console.log('Creating user:', req.body.email);
-  res.json({ id: 123, email: req.body.email });
-});
-
-app.post('/api/login', (req: Request<{}, {}, LoginBody>, res: Response) => {
-  // Password is automatically redacted in traces
-  console.log('Login attempt:', req.body.email);
-  res.json({ token: 'abc123' });
-});
-
-const PORT = process.env.PORT || 3000;
-app.listen(PORT, () => {
-  console.log(`Server running on port ${PORT}, PID: ${process.pid}`);
-});
-```
-
-### tsconfig.json (TypeScript only)
-
-```json
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "commonjs",
-    "lib": ["ES2020"],
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "resolveJsonModule": true,
-    "moduleResolution": "node"
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules"]
-}
-```
-
----
-
-### ecosystem.config.js (JavaScript)
-
-```javascript
-module.exports = {
-  apps: [{
-    name: 'express-api',
-    script: './server.js',
-    instances: 4,
-    exec_mode: 'cluster',
-    node_args: '-r securenow/register',
-    env_production: {
-      NODE_ENV: 'production',
-      PORT: 3000,
-      SECURENOW_APPID: 'express-api',
-      SECURENOW_INSTANCE: 'http://otel-collector.company.com:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      SECURENOW_MAX_BODY_SIZE: '10240',
-      SECURENOW_NO_UUID: '1',
-      SECURENOW_STRICT: '1',
-    },
-    env_development: {
-      NODE_ENV: 'development',
-      PORT: 3000,
-      SECURENOW_APPID: 'express-api-dev',
-      SECURENOW_INSTANCE: 'http://localhost:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      OTEL_LOG_LEVEL: 'debug',
-    }
-  }]
-};
-```
-
-### ecosystem.config.js (TypeScript)
-
-```javascript
-module.exports = {
-  apps: [{
-    name: 'express-api',
-    script: './dist/server.js',  // Compiled JS file
-    instances: 4,
-    exec_mode: 'cluster',
-    node_args: '-r securenow/register',
-    env_production: {
-      NODE_ENV: 'production',
-      PORT: 3000,
-      SECURENOW_APPID: 'express-api',
-      SECURENOW_INSTANCE: 'http://otel-collector.company.com:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      SECURENOW_MAX_BODY_SIZE: '10240',
-      SECURENOW_NO_UUID: '1',
-      SECURENOW_STRICT: '1',
-    },
-    env_development: {
-      NODE_ENV: 'development',
-      PORT: 3000,
-      SECURENOW_APPID: 'express-api-dev',
-      SECURENOW_INSTANCE: 'http://localhost:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      OTEL_LOG_LEVEL: 'debug',
-    }
-  }]
-};
-```
-
----
-
-### Start Application (JavaScript)
-
-```bash
-# Development
-pm2 start ecosystem.config.js --env development
-
-# Production
-pm2 start ecosystem.config.js --env production
-
-# View logs
-pm2 logs express-api
-
-# Monitor
-pm2 monit
-```
-
-### Start Application (TypeScript)
-
-```bash
-# Install TypeScript dependencies
-npm install -D typescript @types/node @types/express ts-node
-
-# Build TypeScript
-npm run build
-# or
-tsc
-
-# Start with PM2 (runs compiled JS)
-pm2 start ecosystem.config.js --env production
-
-# Development with ts-node (optional)
-ts-node --require securenow/register src/server.ts
-
-# View logs
-pm2 logs express-api
-```
-
-### package.json Scripts (TypeScript)
-
-Add these to your `package.json`:
-
-```json
-{
-  "scripts": {
-    "build": "tsc",
-    "dev": "ts-node --require securenow/register src/server.ts",
-    "dev:watch": "nodemon --exec ts-node --require securenow/register src/server.ts",
-    "start": "node --require securenow/register dist/server.js",
-    "pm2:dev": "pm2 start ecosystem.config.js --env development",
-    "pm2:prod": "npm run build && pm2 start ecosystem.config.js --env production"
-  }
-}
-```
-
-## 🧪 Testing Body Capture
-
-### Test Request
-
-```bash
-# Send a POST request
-curl -X POST http://localhost:3000/api/login \
-  -H "Content-Type: application/json" \
-  -d '{
-    "email": "user@example.com",
-    "password": "secret123"
-  }'
-```
-
-### Expected Trace Attributes
-
-In your SecureNow dashboard, you should see:
-
-```json
-{
-  "http.method": "POST",
-  "http.url": "/api/login",
-  "http.status_code": 200,
-  "http.request.body": "{\"email\":\"user@example.com\",\"password\":\"[REDACTED]\"}",
-  "http.request.body.type": "json",
-  "http.request.body.size": 56
-}
-```
-
-**Note**: The `password` field is automatically redacted!
-
-## 🐛 Troubleshooting
-
-### Body Not Captured
-
-**Check:**
-1. Is `SECURENOW_CAPTURE_BODY=1` set?
-2. Is the request method POST/PUT/PATCH?
-3. Is the Content-Type supported?
-4. Is the body size under the limit?
-
-**Enable debug logs:**
-
-```bash
-OTEL_LOG_LEVEL=debug pm2 restart express-api
-pm2 logs express-api
-```
-
-### Body is Empty in req.body
-
-**Possible causes:**
-1. Body parser not configured: Add `app.use(express.json())`
-2. Wrong Content-Type header
-3. Body parser after routes (must be before)
-
-### PM2 Workers Not Tracing
-
-**Check:**
-1. Is `node_args: '-r securenow/register'` in ecosystem config?
-2. Are environment variables set in `env` block?
-3. Check PM2 logs: `pm2 logs express-api`
-
-### High Memory Usage
-
-**Reduce body capture size:**
-
-```bash
-SECURENOW_MAX_BODY_SIZE=5120  # 5KB instead of 10KB
-```
-
-**Or disable for large endpoints:**
-
-```javascript
-// Temporarily disable for file upload endpoint
-app.post('/api/upload', (req, res) => {
-  // Body won't be captured (multipart not supported anyway)
-});
-```
-
-## 🔒 Security Considerations
-
-### 1. Sensitive Data Redaction
-
-**Always review what's being logged**. Even with automatic redaction, you should:
-
-- Add custom sensitive fields: `SECURENOW_SENSITIVE_FIELDS`
-- Test with production-like data
-- Review traces in SecureNow
-
-### 2. Body Size Limits
-
-**Large bodies can cause:**
-- Memory issues
-- Performance degradation
-- Storage costs in SecureNow
-
-**Recommendation:**
-- Keep `SECURENOW_MAX_BODY_SIZE` under 20KB
-- Bodies larger than limit show: `[TOO LARGE: X bytes]`
-
-### 3. PII and Compliance
-
-If you handle PII (Personally Identifiable Information):
-
-- Review sensitive fields list
-- Consider disabling body capture for specific endpoints
-- Implement additional redaction rules
-- Consult your compliance team
-
-### 4. Production Best Practices
-
-```javascript
-// ecosystem.config.js
-module.exports = {
-  apps: [{
-    name: 'express-api',
-    script: './server.js',
-    instances: 'max',
-    exec_mode: 'cluster',
-    node_args: '-r securenow/register',
-    env_production: {
-      NODE_ENV: 'production',
-      SECURENOW_APPID: 'express-api',
-      SECURENOW_CAPTURE_BODY: '1',
-      SECURENOW_MAX_BODY_SIZE: '8192',  // 8KB
-      SECURENOW_SENSITIVE_FIELDS: 'ssn,credit_card,tax_id',
-      SECURENOW_NO_UUID: '1',
-      SECURENOW_STRICT: '1',
-      OTEL_LOG_LEVEL: 'warn',  // Less verbose
-    }
-  }]
-};
-```
-
-## 📊 Performance Impact
-
-### Benchmarks
-
-With body capture **enabled** vs **disabled**:
-
-| Metric | Without Capture | With Capture | Difference |
-|--------|----------------|--------------|------------|
-| Avg Response Time | 12ms | 13ms | +8% |
-| Memory per Request | 2KB | 3KB | +50% |
-| CPU Usage | 5% | 6% | +20% |
-| Throughput (req/s) | 10,000 | 9,800 | -2% |
-
-**Notes:**
-- Tests with 1KB JSON bodies
-- 4-worker PM2 cluster
-- Production mode
-
-### Recommendations
-
-- ✅ **Enable** for APIs with moderate traffic (<1000 req/s)
-- ⚠️ **Evaluate** for high-traffic APIs (1000-10000 req/s)
-- ❌ **Disable** for ultra-high traffic (>10000 req/s) or consider sampling
-
-## 🔷 TypeScript-Specific Guide
-
-### Full TypeScript Setup
-
-**1. Install Dependencies**
-
-```bash
-# Runtime
-npm install securenow express
-
-# Dev dependencies
-npm install -D typescript @types/node @types/express ts-node nodemon
-```
-
-**2. Create TypeScript Config**
-
-`tsconfig.json`:
-
-```json
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "commonjs",
-    "lib": ["ES2020"],
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "resolveJsonModule": true,
-    "moduleResolution": "node",
-    "types": ["node"]
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", "dist"]
-}
-```
-
-**3. Create Express Server with Types**
-
-`src/server.ts`:
-
-```typescript
-import 'securenow/register';  // Must be first!
-
-import express, { Request, Response, NextFunction } from 'express';
-
-const app = express();
-
-// Middleware
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
-// Type-safe request body interfaces
-interface LoginRequest {
-  email: string;
-  password: string;
-}
-
-interface CreateUserRequest {
-  email: string;
-  name: string;
-  age?: number;
-}
-
-interface ApiResponse<T = any> {
-  success: boolean;
-  data?: T;
-  error?: string;
-}
-
-// Routes with type safety
-app.post('/api/login', 
-  (req: Request<{}, ApiResponse, LoginRequest>, res: Response<ApiResponse>) => {
-    // req.body is typed as LoginRequest
-    // Body is automatically captured and password is redacted in traces
-    const { email, password } = req.body;
-    
-    // Your authentication logic here
-    res.json({ 
-      success: true, 
-      data: { token: 'abc123', email } 
-    });
-  }
-);
-
-app.post('/api/users',
-  (req: Request<{}, ApiResponse, CreateUserRequest>, res: Response<ApiResponse>) => {
-    // req.body is typed as CreateUserRequest
-    const { email, name, age } = req.body;
-    
-    res.json({ 
-      success: true, 
-      data: { id: 123, email, name, age } 
-    });
-  }
-);
-
-// Error handler with types
-app.use((err: Error, req: Request, res: Response, next: NextFunction) => {
-  console.error('Error:', err);
-  res.status(500).json({ 
-    success: false, 
-    error: err.message 
-  });
-});
-
-const PORT = process.env.PORT || 3000;
-
-app.listen(PORT, () => {
-  console.log(`Server running on port ${PORT}, PID: ${process.pid}`);
-});
-
-export default app;
-```
-
-**4. Update package.json**
-
-```json
-{
-  "name": "express-ts-app",
-  "version": "1.0.0",
-  "scripts": {
-    "build": "tsc",
-    "dev": "nodemon",
-    "start": "node -r securenow/register dist/server.js",
-    "pm2:dev": "npm run build && pm2 start ecosystem.config.js --env development",
-    "pm2:prod": "npm run build && pm2 start ecosystem.config.js --env production",
-    "pm2:stop": "pm2 stop express-api",
-    "pm2:restart": "npm run build && pm2 restart express-api",
-    "pm2:logs": "pm2 logs express-api"
-  },
-  "dependencies": {
-    "express": "^4.18.0",
-    "securenow": "^4.0.0"
-  },
-  "devDependencies": {
-    "@types/express": "^4.17.21",
-    "@types/node": "^20.0.0",
-    "nodemon": "^3.0.0",
-    "ts-node": "^10.9.0",
-    "typescript": "^5.0.0"
-  }
-}
-```
-
-**5. Create nodemon.json for Development**
-
-```json
-{
-  "watch": ["src"],
-  "ext": "ts",
-  "ignore": ["src/**/*.spec.ts"],
-  "exec": "ts-node --require securenow/register src/server.ts",
-  "env": {
-    "NODE_ENV": "development",
-    "SECURENOW_APPID": "express-ts-dev",
-    "SECURENOW_CAPTURE_BODY": "1",
-    "OTEL_LOG_LEVEL": "debug"
-  }
-}
-```
-
-**6. Create ecosystem.config.js for PM2**
-
-```javascript
-module.exports = {
-  apps: [{
-    name: 'express-api',
-    script: './dist/server.js',
-    instances: 4,
-    exec_mode: 'cluster',
-    node_args: '-r securenow/register',
-    env_production: {
-      NODE_ENV: 'production',
-      PORT: 3000,
-      SECURENOW_APPID: 'express-ts-api',
-      SECURENOW_INSTANCE: 'http://otel-collector.company.com:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      SECURENOW_MAX_BODY_SIZE: '10240',
-      SECURENOW_NO_UUID: '1',
-      SECURENOW_STRICT: '1',
-    },
-    env_development: {
-      NODE_ENV: 'development',
-      PORT: 3000,
-      SECURENOW_APPID: 'express-ts-dev',
-      SECURENOW_INSTANCE: 'http://localhost:4318',
-      SECURENOW_CAPTURE_BODY: '1',
-      OTEL_LOG_LEVEL: 'debug',
-    }
-  }]
-};
-```
-
-**7. Build and Run**
-
-```bash
-# Development with hot reload
-npm run dev
-
-# Build TypeScript
-npm run build
-
-# Run production build
-npm start
-
-# Run with PM2 (production)
-npm run pm2:prod
-
-# View logs
-npm run pm2:logs
-```
-
-### TypeScript Best Practices
-
-**1. Use Strict Types for Request Bodies**
-
-```typescript
-// Define interfaces for all request bodies
-interface LoginBody {
-  email: string;
-  password: string;
-}
-
-// Use generic types
-app.post('/api/login', 
-  (req: Request<{}, {}, LoginBody>, res: Response) => {
-    // req.body is fully typed!
-    const { email, password } = req.body;
-  }
-);
-```
-
-**2. Create Custom Express Types**
-
-`src/types/express.d.ts`:
-
-```typescript
-import { Request } from 'express';
-
-// Extend Express Request with custom properties
-declare global {
-  namespace Express {
-    interface Request {
-      user?: {
-        id: string;
-        email: string;
-      };
-      traceId?: string;
-    }
-  }
-}
-```
-
-**3. Type-Safe Error Handling**
-
-```typescript
-class AppError extends Error {
-  constructor(
-    public statusCode: number,
-    public message: string,
-    public isOperational = true
-  ) {
-    super(message);
-    Object.setPrototypeOf(this, AppError.prototype);
-  }
-}
-
-app.use((err: AppError, req: Request, res: Response, next: NextFunction) => {
-  const { statusCode = 500, message } = err;
-  res.status(statusCode).json({ success: false, error: message });
-});
-```
-
-### TypeScript + PM2 Production Workflow
-
-```bash
-# 1. Build TypeScript
-npm run build
-
-# 2. Start with PM2
-pm2 start ecosystem.config.js --env production
-
-# 3. Monitor
-pm2 monit
-
-# 4. Update code and reload
-git pull
-npm run build
-pm2 reload express-api --update-env
-
-# 5. Zero-downtime restart
-pm2 reload express-api
-```
-
----
-
-## 🎓 Advanced Topics
-
-### Conditional Body Capture
-
-Capture only specific routes:
-
-```javascript
-// Currently not supported - captures all or none
-// Workaround: Use different apps with different configs
-```
-
-### Custom Redaction Logic
-
-Currently not customizable. Default fields are comprehensive.
-
-### Integration with Other Monitoring
-
-SecureNow uses OpenTelemetry standard, so it works with:
-
-- ✅ SecureNow (recommended)
-- ✅ Jaeger
-- ✅ Zipkin
-- ✅ Any OTLP-compatible backend
-
-## 📚 Related Documentation
-
-- [General Request Body Capture](./REQUEST-BODY-CAPTURE.md)
-- [Next.js Automatic Body Capture](./AUTO-BODY-CAPTURE.md)
-- [Redaction Examples](./REDACTION-EXAMPLES.md)
-
-## 💬 Support
-
-If you encounter issues:
-
-1. Check [Troubleshooting](#-troubleshooting) section
-2. Enable debug logs: `OTEL_LOG_LEVEL=debug`
-3. Check PM2 logs: `pm2 logs express-api`
-4. Review your SecureNow dashboard for traces
-
----
-
-**That's it!** Your Express.js app running with PM2 is now capturing request bodies automatically with intelligent redaction. 🎉
-