securenow 7.6.6 → 7.6.8

package/firewall.js

@@ -45,12 +45,15 @@ let _circuitOpenedAt = 0;
 let _pollInflight = false;
 let _retryAfterUntil = 0;
 
-// Keep-alive agents — reuse TCP connections across polls (TLS handshake once)
-const _httpAgent = new http.Agent({ keepAlive: true, maxSockets: 2, keepAliveMsecs: 30_000 });
-const _httpsAgent = new https.Agent({ keepAlive: true, maxSockets: 2, keepAliveMsecs: 30_000 });
+// Firewall control-plane traffic is low-frequency and correctness-critical.
+// Use non-keep-alive agents so clustered apps do not reuse sockets that an
+// upstream load balancer has silently closed between sync cycles.
+const _httpAgent = new http.Agent({ keepAlive: false });
+const _httpsAgent = new https.Agent({ keepAlive: false });
 const EVENT_FLUSH_INTERVAL_MS = 2_000;
 const EVENT_BATCH_SIZE = 25;
 const EVENT_QUEUE_MAX = 1_000;
+const TRANSIENT_NETWORK_CODES = new Set(['ECONNRESET', 'EPIPE', 'ETIMEDOUT', 'EAI_AGAIN']);
 
 // Unified sync uses /firewall/sync (v2). Falls back to legacy on 404.
 let _useUnifiedSync = true;
@@ -119,67 +122,95 @@ function jitter(baseMs) {
   return baseMs * (0.8 + Math.random() * 0.4);
 }
 
-function agentFor(url) {
-  return url.startsWith('https') ? _httpsAgent : _httpAgent;
-}
-
-function httpGet(url, extraHeaders, timeout, callback) {
-  const mod = url.startsWith('https') ? https : http;
-  const parsed = new URL(url);
-
-  const req = mod.request({
-    hostname: parsed.hostname,
-    port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
-    path: parsed.pathname + parsed.search,
-    method: 'GET',
-    headers: {
-      'Authorization': `Bearer ${_options.apiKey}`,
-      'User-Agent': 'securenow-firewall-sdk',
-      ...extraHeaders,
-    },
-    timeout,
-    agent: agentFor(url),
-  }, (res) => {
-    let data = '';
-    res.on('data', (chunk) => { data += chunk; });
-    res.on('end', () => { callback(null, res, data); });
-  });
-
-  req.on('error', (err) => callback(err));
-  req.on('timeout', () => { req.destroy(); callback(new Error('Request timed out')); });
-  req.end();
+function agentFor(url) {
+  return url.startsWith('https') ? _httpsAgent : _httpAgent;
 }
 
-function httpPostJson(url, body, timeout, callback) {
+function isTransientNetworkError(err) {
+  if (!err) return false;
+  if (err.code && TRANSIENT_NETWORK_CODES.has(err.code)) return true;
+  return /socket hang up|connection reset|ECONNRESET/i.test(String(err.message || ''));
+}
+
+function formatRequestError(err) {
+  if (!err) return 'unknown error';
+  const parts = [err.message || String(err)];
+  if (err.code && !parts[0].includes(err.code)) parts.push(`code=${err.code}`);
+  if (err.syscall) parts.push(`syscall=${err.syscall}`);
+  return parts.join(' ');
+}
+
+function requestOnce(method, url, body, extraHeaders, timeout, callback) {
   const mod = url.startsWith('https') ? https : http;
   const parsed = new URL(url);
-  const payload = JSON.stringify(body || {});
+  const payload = body == null ? null : JSON.stringify(body || {});
 
   const req = mod.request({
     hostname: parsed.hostname,
     port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
     path: parsed.pathname + parsed.search,
-    method: 'POST',
+    method,
     headers: {
       'Authorization': `Bearer ${_options.apiKey}`,
       'User-Agent': 'securenow-firewall-sdk',
-      'Content-Type': 'application/json',
-      'Content-Length': Buffer.byteLength(payload),
+      'Connection': 'close',
+      ...(payload
+        ? {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(payload),
+          }
+        : {}),
+      ...extraHeaders,
     },
     timeout,
     agent: agentFor(url),
   }, (res) => {
     let data = '';
     res.on('data', (chunk) => { data += chunk; });
-    res.on('end', () => { callback(null, res, data); });
+    res.on('end', () => { done(null, res, data); });
   });
 
-  req.on('error', (err) => callback(err));
-  req.on('timeout', () => { req.destroy(); callback(new Error('Request timed out')); });
-  req.write(payload);
+  let finished = false;
+  function done(...args) {
+    if (finished) return;
+    finished = true;
+    callback(...args);
+  }
+
+  req.on('error', (err) => done(err));
+  req.on('timeout', () => {
+    const err = new Error('Request timed out');
+    err.code = 'ETIMEDOUT';
+    done(err);
+    req.destroy(err);
+  });
+  if (payload) req.write(payload);
   req.end();
 }
 
+function requestWithRetry(method, url, body, extraHeaders, timeout, callback) {
+  requestOnce(method, url, body, extraHeaders, timeout, (err, res, data) => {
+    if (!err || !isTransientNetworkError(err)) return callback(err, res, data);
+
+    if (_options && _options.log) {
+      console.warn('[securenow] Firewall: transient API socket error, retrying once:', formatRequestError(err));
+    }
+
+    const retryTimer = setTimeout(() => {
+      requestOnce(method, url, body, extraHeaders, timeout, callback);
+    }, 100);
+    if (retryTimer.unref) retryTimer.unref();
+  });
+}
+
+function httpGet(url, extraHeaders, timeout, callback) {
+  requestWithRetry('GET', url, null, extraHeaders, timeout, callback);
+}
+
+function httpPostJson(url, body, timeout, callback) {
+  requestWithRetry('POST', url, body, {}, timeout, callback);
+}
+
 function scheduleEventFlush() {
   if (_eventTimer || _eventQueue.length === 0) return;
   _eventTimer = setTimeout(() => {
@@ -202,7 +233,7 @@ function flushFirewallEvents() {
   httpPostJson(url, { events: batch }, 5000, (err, res) => {
     if (err || !res || res.statusCode >= 400) {
       if (_options.log) {
-        const msg = err ? err.message : `API returned ${res.statusCode}`;
+        const msg = err ? formatRequestError(err) : `API returned ${res.statusCode}`;
         console.warn('[securenow] Firewall: failed to report blocked-request ledger:', msg);
       }
     }
@@ -448,19 +479,19 @@ function doLegacyPoll(callback) {
       callback(null, { blChanged, alChanged });
     }
 
-    if (blChanged) {
-      legacyBlocklistSync((err, changed, stats) => {
-        if (err && _options.log) console.warn('[securenow] Firewall: sync failed (using stale list):', err.message);
-        else if (changed && stats && _options.log) console.log('[securenow] Firewall: re-synced %d blocked IPs', stats.total);
-        syncDone();
-      });
-    }
-    if (alChanged) {
-      legacyAllowlistSync((err, changed, stats) => {
-        if (err && _options.log) console.warn('[securenow] Firewall: allowlist sync failed:', err.message);
-        else if (changed && stats && _options.log) console.log('[securenow] Firewall: re-synced %d allowed IPs', stats.total);
-        syncDone();
-      });
+    if (blChanged) {
+      legacyBlocklistSync((err, changed, stats) => {
+        if (err && _options.log) console.warn('[securenow] Firewall: sync failed (using stale list):', formatRequestError(err));
+        else if (changed && stats && _options.log) console.log('[securenow] Firewall: re-synced %d blocked IPs', stats.total);
+        syncDone();
+      });
+    }
+    if (alChanged) {
+      legacyAllowlistSync((err, changed, stats) => {
+        if (err && _options.log) console.warn('[securenow] Firewall: allowlist sync failed:', formatRequestError(err));
+        else if (changed && stats && _options.log) console.log('[securenow] Firewall: re-synced %d allowed IPs', stats.total);
+        syncDone();
+      });
     }
   }
 
@@ -495,7 +526,7 @@ function pollOnce(callback) {
       _consecutiveErrors++;
       _stats.errors++;
       maybeOpenCircuit();
-      if (_options.log) console.warn('[securenow] Firewall: poll failed:', err.message);
+      if (_options.log) console.warn('[securenow] Firewall: poll failed:', formatRequestError(err));
       return callback(err);
     }
     _consecutiveErrors = 0;
@@ -565,7 +596,7 @@ function startSyncLoop() {
           if (retryTimer.unref) retryTimer.unref();
           return;
         }
-        if (_options.log) console.warn('[securenow] Firewall: initial sync failed:', err.message);
+        if (_options.log) console.warn('[securenow] Firewall: initial sync failed:', formatRequestError(err));
         if (_options.failMode === 'closed') {
           _matcher = { isBlocked: () => true, stats: () => ({ exact: 0, cidr: 0, total: 0 }) };
         }

package/mcp/catalog.js

@@ -32,7 +32,7 @@ Runbook:
    node -p "require('./node_modules/securenow/package.json').version"
    npx securenow version
    Stop and fix the install if either is below 7.5.1 or npx still resolves an older local package.
-3. Read the installed package surface before editing files: node_modules/securenow/package.json, README/NPM_README, SKILL-API, SKILL-CLI, docs/MCP-GUIDE.md if present, npx securenow help, and relevant subcommand help for login/init/firewall/doctor/env/test-span/log/mcp.
+3. Read the installed package surface before editing files: node_modules/securenow/package.json, README/NPM_README, SKILL-API, SKILL-CLI, npx securenow help, and relevant subcommand help for login/init/firewall/doctor/env/test-span/log/mcp.
 4. Mandatory auth gate:
    - Run npx securenow whoami from the project root.
    - If not logged in, run npx securenow login from the project root and wait for the browser flow.

package/nextjs-webpack-config.js

@@ -16,21 +16,9 @@
  *   module.exports = { webpack: (config, opts) => getSecureNowWebpackConfig(config, opts) };
  */
 
-const EXTERNAL_PACKAGES = [
-  'securenow',
-  '@opentelemetry/sdk-node',
-  '@opentelemetry/auto-instrumentations-node',
-  '@opentelemetry/instrumentation-http',
-  '@opentelemetry/exporter-trace-otlp-http',
-  '@opentelemetry/exporter-logs-otlp-http',
-  '@opentelemetry/sdk-logs',
-  '@opentelemetry/instrumentation',
-  '@opentelemetry/resources',
-  '@opentelemetry/semantic-conventions',
-  '@opentelemetry/api',
-  '@opentelemetry/api-logs',
-  '@vercel/otel',
-];
+const EXTERNAL_PACKAGES = [
+  'securenow',
+];
 
 function detectNextMajor() {
   try {

package/nextjs.js

@@ -5,31 +5,19 @@
  * 
  * Usage in Next.js app:
  * 
- * 1. Add serverExternalPackages to next.config.js (REQUIRED to avoid webpack bundling issues):
+ * 1. Add securenow to serverExternalPackages in next.config.js:
  * 
  *    const nextConfig = {
- *      serverExternalPackages: [
- *        "securenow",
- *        "@opentelemetry/sdk-node",
- *        "@opentelemetry/auto-instrumentations-node",
- *        "@opentelemetry/instrumentation-http",
- *        "@opentelemetry/exporter-trace-otlp-http",
- *        "@opentelemetry/exporter-logs-otlp-http",
- *        "@opentelemetry/sdk-logs",
- *        "@opentelemetry/instrumentation",
- *        "@opentelemetry/resources",
- *        "@opentelemetry/semantic-conventions",
- *        "@opentelemetry/api",
- *        "@opentelemetry/api-logs",
- *        "@vercel/otel",
- *      ],
+ *      serverExternalPackages: ["securenow"],
  *    };
  * 
  * 2. Create instrumentation.ts (or .js) in your project root:
  * 
- *    import { registerSecureNow } from 'securenow/nextjs';
- *    export function register() {
- *      registerSecureNow();
+ *    export async function register() {
+ *      if (process.env.NEXT_RUNTIME !== "nodejs") return;
+ *      const securenowNext = await import("securenow/nextjs");
+ *      securenowNext.registerSecureNow({ captureBody: true });
+ *      await import("securenow/nextjs-auto-capture");
  *    }
  * 
  * 3. Run `npx securenow login` and `npx securenow init`.
@@ -39,11 +27,22 @@
 
 const { randomUUID } = require('crypto');
 const appConfig = require('./app-config');
+const otelResources = require('@opentelemetry/resources');
 
 const env = appConfig.env;
 
 let isRegistered = false;
 
+function createResource(attributes) {
+  if (typeof otelResources.resourceFromAttributes === 'function') {
+    return otelResources.resourceFromAttributes(attributes);
+  }
+  if (typeof otelResources.Resource === 'function') {
+    return new otelResources.Resource(attributes);
+  }
+  throw new Error('Unsupported @opentelemetry/resources version');
+}
+
 // Default sensitive fields to redact from request bodies
 const DEFAULT_SENSITIVE_FIELDS = [
   'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
@@ -430,7 +429,6 @@ function registerSecureNow(options = {}) {
       // -------- Self-Hosted (EC2/PM2): Use Vanilla OpenTelemetry SDK --------
       const { NodeSDK } = require('@opentelemetry/sdk-node');
       const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
-      const { Resource } = require('@opentelemetry/resources');
       const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
       
       const traceExporter = new OTLPTraceExporter({ 
@@ -442,7 +440,7 @@ function registerSecureNow(options = {}) {
         serviceName: serviceName,
         traceExporter: traceExporter,
         instrumentations: [httpInstrumentation],
-        resource: new Resource({
+        resource: createResource({
           [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
           [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: deploymentEnvironment,
           [SemanticResourceAttributes.SERVICE_VERSION]: process.env.npm_package_version || undefined,
@@ -466,12 +464,12 @@ function registerSecureNow(options = {}) {
           });
 
           const loggerProvider = new LoggerProvider({
-            resource: new Resource({
+            resource: createResource({
               [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
               [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: deploymentEnvironment,
             }),
+            processors: [new BatchLogRecordProcessor(logExporter)],
           });
-          loggerProvider.addLogRecordProcessor(new BatchLogRecordProcessor(logExporter));
 
           // Patch console to forward logs as OTLP log records
           const logger = loggerProvider.getLogger('console', '1.0.0');

package/nuxt-server-plugin.mjs

@@ -9,7 +9,7 @@
 
 import { NodeSDK } from '@opentelemetry/sdk-node';
 import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
-import { Resource } from '@opentelemetry/resources';
+import * as otelResources from '@opentelemetry/resources';
 import { SemanticResourceAttributes } from '@opentelemetry/semantic-conventions';
 import { HttpInstrumentation } from '@opentelemetry/instrumentation-http';
 import {
@@ -17,8 +17,8 @@ import {
   trace as otelTrace,
   SpanStatusCode,
 } from '@opentelemetry/api';
-import { v4 as uuidv4 } from 'uuid';
 import { createRequire } from 'node:module';
+import { randomUUID } from 'node:crypto';
 
 const nodeRequire = createRequire(import.meta.url);
 const appConfig = nodeRequire('./app-config');
@@ -27,6 +27,16 @@ const appConfig = nodeRequire('./app-config');
 
 const env = appConfig.env;
 
+function createResource(attributes) {
+  if (typeof otelResources.resourceFromAttributes === 'function') {
+    return otelResources.resourceFromAttributes(attributes);
+  }
+  if (typeof otelResources.Resource === 'function') {
+    return new otelResources.Resource(attributes);
+  }
+  throw new Error('Unsupported @opentelemetry/resources version');
+}
+
 const DEFAULT_SENSITIVE_FIELDS = [
   'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
   'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
@@ -79,9 +89,9 @@ export default defineNitroPlugin(async (nitroApp) => {
 
   let serviceName;
   if (baseName) {
-    serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
+    serviceName = noUuid ? baseName : `${baseName}-${randomUUID()}`;
   } else {
-    serviceName = `nuxt-app-${uuidv4()}`;
+    serviceName = `nuxt-app-${randomUUID()}`;
     console.warn(
       '[securenow] ⚠️  No app identity resolved. Using fallback: %s',
       serviceName,
@@ -91,7 +101,7 @@ export default defineNitroPlugin(async (nitroApp) => {
     );
   }
 
-  const serviceInstanceId = `${baseName || 'securenow'}-${uuidv4()}`;
+  const serviceInstanceId = `${baseName || 'securenow'}-${randomUUID()}`;
 
   // ── Endpoints ──
   const resolvedEndpoints = appConfig.resolveEndpoints({ endpoint: opts.endpoint || resolvedApp.instance });
@@ -101,7 +111,7 @@ export default defineNitroPlugin(async (nitroApp) => {
   const headers = resolvedEndpoints.headers;
 
   // ── Resource ──
-  const resource = new Resource({
+  const resource = createResource({
     [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
     [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: serviceInstanceId,
     [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: deploymentEnvironment,
@@ -237,10 +247,10 @@ export default defineNitroPlugin(async (nitroApp) => {
       );
 
       const logExporter = new OTLPLogExporter({ url: logsUrl, headers });
-      loggerProvider = new LoggerProvider({ resource });
-      loggerProvider.addLogRecordProcessor(
-        new BatchLogRecordProcessor(logExporter),
-      );
+      loggerProvider = new LoggerProvider({
+        resource,
+        processors: [new BatchLogRecordProcessor(logExporter)],
+      });
 
       const logger = loggerProvider.getLogger('console', '1.0.0');
       const SEV = { DEBUG: 5, INFO: 9, WARN: 13, ERROR: 17 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "7.6.6",
+  "version": "7.6.8",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",
@@ -9,9 +9,6 @@
     "securenow": "cli.js",
     "securenow-mcp": "mcp/server.js"
   },
-  "scripts": {
-    "postinstall": "node postinstall.js || exit 0"
-  },
   "keywords": [
     "opentelemetry",
     "otel",
@@ -135,47 +132,49 @@
     "firewall-tcp.js",
     "firewall-iptables.js",
     "firewall-cloud.js",
-    "postinstall.js",
     "register-vite.js",
     "web-vite.mjs",
     "app-config.js",
-    "examples/",
-    "docs/",
     "README.md",
     "NPM_README.md",
-    "CONSUMING-APPS-GUIDE.md",
     "SKILL-CLI.md",
     "SKILL-API.md"
   ],
   "dependencies": {
-    "@opentelemetry/api": "1.7.0",
-    "@opentelemetry/api-logs": "0.47.0",
-    "@opentelemetry/auto-instrumentations-node": "0.47.0",
-    "@opentelemetry/exporter-logs-otlp-http": "0.47.0",
-    "@opentelemetry/exporter-trace-otlp-http": "0.47.0",
-    "@opentelemetry/instrumentation": "0.47.0",
-    "@opentelemetry/instrumentation-document-load": "0.47.0",
-    "@opentelemetry/instrumentation-fetch": "0.47.0",
-    "@opentelemetry/instrumentation-http": "0.47.0",
-    "@opentelemetry/instrumentation-mongodb": "0.46.0",
-    "@opentelemetry/instrumentation-user-interaction": "0.47.0",
-    "@opentelemetry/instrumentation-xml-http-request": "0.47.0",
-    "@opentelemetry/resources": "1.20.0",
-    "@opentelemetry/sdk-logs": "0.47.0",
-    "@opentelemetry/sdk-node": "0.47.0",
-    "@opentelemetry/sdk-trace-web": "1.20.0",
-    "@opentelemetry/semantic-conventions": "1.20.0",
-    "dotenv": "^17.2.1",
-    "uuid": "^9.0.0"
+    "@opentelemetry/api": "1.9.1",
+    "@opentelemetry/api-logs": "0.218.0",
+    "@opentelemetry/auto-instrumentations-node": "0.76.0",
+    "@opentelemetry/core": "2.7.1",
+    "@opentelemetry/exporter-logs-otlp-http": "0.218.0",
+    "@opentelemetry/exporter-trace-otlp-http": "0.218.0",
+    "@opentelemetry/instrumentation": "0.218.0",
+    "@opentelemetry/instrumentation-document-load": "0.63.0",
+    "@opentelemetry/instrumentation-fetch": "0.218.0",
+    "@opentelemetry/instrumentation-http": "0.218.0",
+    "@opentelemetry/instrumentation-mongodb": "0.71.0",
+    "@opentelemetry/instrumentation-user-interaction": "0.62.0",
+    "@opentelemetry/instrumentation-xml-http-request": "0.218.0",
+    "@opentelemetry/resources": "2.7.1",
+    "@opentelemetry/sdk-logs": "0.218.0",
+    "@opentelemetry/sdk-metrics": "2.7.1",
+    "@opentelemetry/sdk-node": "0.218.0",
+    "@opentelemetry/sdk-trace-base": "2.7.1",
+    "@opentelemetry/sdk-trace-web": "2.7.1",
+    "@opentelemetry/semantic-conventions": "1.41.1",
+    "dotenv": "17.2.1"
   },
   "optionalDependencies": {
-    "@vercel/otel": "1.10.4"
-  },
-  "overrides": {
-    "@opentelemetry/api": "1.7.0",
-    "@opentelemetry/api-logs": "0.47.0",
-    "protobufjs": "^7.5.5"
+    "@vercel/otel": "2.1.2"
   },
   "sideEffects": true,
-  "license": "ISC"
+  "license": "ISC",
+  "directories": {
+    "doc": "docs",
+    "example": "examples"
+  },
+  "devDependencies": {},
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": ""
 }

package/register.js

@@ -9,7 +9,7 @@
 // 1. Load dotenv quietly only for legacy installs. Normal local and production
 // configuration comes from .securenow/credentials.json via app-config.js.
 try {
-  require('dotenv').config();
+  require('dotenv').config({ quiet: true });
 } catch (e) {
   // dotenv is optional.
 }

package/tracing.js

@@ -33,15 +33,25 @@ const { NodeSDK } = require('@opentelemetry/sdk-node');
 const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
 const { OTLPLogExporter } = require('@opentelemetry/exporter-logs-otlp-http');
 const { LoggerProvider, BatchLogRecordProcessor } = require('@opentelemetry/sdk-logs');
-const { Resource } = require('@opentelemetry/resources');
+const otelResources = require('@opentelemetry/resources');
 const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
 const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
 const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
-const { v4: uuidv4 } = require('uuid');
+const { randomUUID } = require('crypto');
 const appConfig = require('./app-config');
 
 const env = appConfig.env;
 
+function createResource(attributes) {
+  if (typeof otelResources.resourceFromAttributes === 'function') {
+    return otelResources.resourceFromAttributes(attributes);
+  }
+  if (typeof otelResources.Resource === 'function') {
+    return new otelResources.Resource(attributes);
+  }
+  throw new Error('Unsupported @opentelemetry/resources version');
+}
+
 // Default sensitive fields to redact from request bodies
 const DEFAULT_SENSITIVE_FIELDS = [
   'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
@@ -297,15 +307,15 @@ if (!baseName && inPm2Cluster && strict) {
 // service.name
 let serviceName;
 if (baseName) {
-  serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
+  serviceName = noUuid ? baseName : `${baseName}-${randomUUID()}`;
 } else {
   // last-resort fallback (only if STRlCT is off). You can rename this to make it obvious in monitoring.
-  serviceName = `securenow-free-${uuidv4()}`;
+  serviceName = `securenow-free-${randomUUID()}`;
 }
 
 // service.instance.id = <appid-or-fallback>-<uuid> (unique per worker)
 const instancePrefix   = baseName || 'securenow';
-const serviceInstanceId = `${instancePrefix}-${uuidv4()}`;
+const serviceInstanceId = `${instancePrefix}-${randomUUID()}`;
 
 // Loud line per worker to prove what was used
 console.log('[securenow] pid=%d appId=%s instance=%s apiKey=%s → service.name=%s instance.id=%s',
@@ -466,7 +476,7 @@ const httpInstrumentation = new HttpInstrumentation({
 const loggingEnabled = !/^(0|false)$/i.test(String(env('SECURENOW_LOGGING_ENABLED') ?? ''));
 
 // Create shared resource for both traces and logs
-const sharedResource = new Resource({
+const sharedResource = createResource({
   [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
   [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: serviceInstanceId,
   [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: appConfig.resolveDeploymentEnvironment(),
@@ -485,8 +495,8 @@ if (loggingEnabled) {
   const batchLogProcessor = new BatchLogRecordProcessor(logExporter);
   loggerProvider = new LoggerProvider({
     resource: sharedResource,
+    processors: [batchLogProcessor],
   });
-  loggerProvider.addLogRecordProcessor(batchLogProcessor);
 
   // Auto-patch console.* so every log/warn/error becomes an OTel log record
   const _logger = loggerProvider.getLogger('console', '1.0.0');