npm - securenow - Versions diffs - 7.6.7 → 7.6.8 - Mend

securenow 7.6.7 → 7.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/NPM_README.md +13 -13
package/README.md +21 -37
package/app-config.js +5 -3
package/cli/config.js +4 -3
package/cli/diagnostics.js +54 -15
package/cli/run.js +40 -11
package/firewall-only.js +1 -1
package/mcp/catalog.js +1 -1
package/nextjs-webpack-config.js +3 -15
package/nextjs.js +21 -23
package/nuxt-server-plugin.mjs +20 -10
package/package.json +33 -34
package/register.js +1 -1
package/tracing.js +17 -7
package/web-vite.mjs +23 -13
package/CONSUMING-APPS-GUIDE.md +0 -463
package/docs/ALL-FRAMEWORKS-QUICKSTART.md +0 -1388
package/docs/API-KEYS-GUIDE.md +0 -278
package/docs/ARCHITECTURE.md +0 -408
package/docs/AUTO-BODY-CAPTURE.md +0 -412
package/docs/AUTO-SETUP-SUMMARY.md +0 -331
package/docs/AUTO-SETUP.md +0 -419
package/docs/AUTOMATIC-IP-CAPTURE.md +0 -359
package/docs/BODY-CAPTURE-FIX.md +0 -261
package/docs/BODY-CAPTURE-QUICKSTART.md +0 -147
package/docs/CHANGELOG-NEXTJS.md +0 -235
package/docs/COMPLETION-REPORT.md +0 -408
package/docs/CUSTOMER-GUIDE.md +0 -364
package/docs/EASIEST-SETUP.md +0 -342
package/docs/ENVIRONMENT-VARIABLES.md +0 -166
package/docs/ENVIRONMENTS.md +0 -60
package/docs/EXPRESS-BODY-CAPTURE.md +0 -1028
package/docs/EXPRESS-SETUP-GUIDE.md +0 -722
package/docs/FINAL-SOLUTION.md +0 -335
package/docs/FIREWALL-GUIDE.md +0 -440
package/docs/IMPLEMENTATION-SUMMARY.md +0 -410
package/docs/INDEX.md +0 -222
package/docs/LOGGING-GUIDE.md +0 -704
package/docs/LOGGING-QUICKSTART.md +0 -221
package/docs/MCP-GUIDE.md +0 -58
package/docs/NEXTJS-BODY-CAPTURE-COMPARISON.md +0 -323
package/docs/NEXTJS-BODY-CAPTURE.md +0 -368
package/docs/NEXTJS-GUIDE.md +0 -392
package/docs/NEXTJS-QUICKSTART.md +0 -83
package/docs/NEXTJS-SETUP-COMPLETE.md +0 -795
package/docs/NEXTJS-WEBPACK-WARNINGS.md +0 -267
package/docs/NEXTJS-WRAPPER-APPROACH.md +0 -414
package/docs/NUXT-GUIDE.md +0 -173
package/docs/QUICKSTART-BODY-CAPTURE.md +0 -293
package/docs/REDACTION-EXAMPLES.md +0 -484
package/docs/REQUEST-BODY-CAPTURE.md +0 -587
package/docs/SOLUTION-SUMMARY.md +0 -312
package/docs/VERCEL-OTEL-MIGRATION.md +0 -255
package/examples/README.md +0 -265
package/examples/express-with-logging.js +0 -137
package/examples/instrumentation-with-auto-capture.ts +0 -41
package/examples/next.config.js +0 -37
package/examples/nextjs-api-route-with-body-capture.ts +0 -54
package/examples/nextjs-env-example.txt +0 -32
package/examples/nextjs-instrumentation.js +0 -36
package/examples/nextjs-instrumentation.ts +0 -36
package/examples/nextjs-middleware.js +0 -37
package/examples/nextjs-middleware.ts +0 -37
package/examples/nextjs-with-logging-example.md +0 -301
package/examples/nextjs-with-options.ts +0 -36
package/examples/test-nextjs-setup.js +0 -70
package/postinstall.js +0 -296

package/docs/ENVIRONMENT-VARIABLES.md DELETED Viewed

@@ -1,166 +0,0 @@
-# SecureNow Credentials Reference
-SecureNow uses `.securenow/credentials.json` in local development and production. No `.env` file is required.
-```bash
-npx securenow login
-npx securenow init
-```
-`login` writes the selected app, collector instance, CLI token, and firewall key to `./.securenow/credentials.json`. `init` ensures that file also contains secure defaults and an `_securenow.explanations` block for end users. Keep `.securenow/` in `.gitignore`.
-## Production Runtime File
-Production should use the same file structure, but without the CLI OAuth fields. From a logged-in project:
-```bash
-npx securenow credentials runtime --env production
-```
-This writes:
-```text
-.securenow/credentials.production.json
-```
-Deploy that JSON as a secret file and mount or copy it to:
-```text
-<app-root>/.securenow/credentials.json
-```
-The runtime file contains `apiKey`, `app`, `config`, and `_securenow.explanations`; it intentionally omits `token`, `email`, and `expiresAt`.
-## Resolution Order
-1. Project `./.securenow/credentials.json`
-2. Global `~/.securenow/credentials.json`
-3. `package.json#name` where a human-readable fallback label is useful
-4. Built-in secure default
-Legacy environment variables are fallback-only for existing deployments. New local, CI, Docker, and production setups should use the credentials file.
-## Credentials File Shape
-```json
-{
-  "apiKey": "snk_live_...",
-  "app": {
-    "key": "<secure-now-app-uuid>",
-    "name": "my-app",
-    "instance": "https://freetrial.securenow.ai:4318"
-  },
-  "config": {
-    "logging": { "enabled": true },
-    "capture": {
-      "body": true,
-      "multipart": true,
-      "maxBodySize": 10240,
-      "sensitiveFields": []
-    },
-    "otel": {
-      "endpoint": null,
-      "tracesEndpoint": null,
-      "logsEndpoint": null,
-      "headers": {},
-      "logLevel": "none",
-      "disableInstrumentations": []
-    },
-    "runtime": {
-      "deploymentEnvironment": "production",
-      "noUuid": null,
-      "strict": false,
-      "testSpan": false,
-      "hideBanner": false
-    },
-    "firewall": {
-      "enabled": true,
-      "apiUrl": "https://api.securenow.ai",
-      "versionCheckInterval": 10,
-      "syncInterval": 300,
-      "failMode": "open",
-      "statusCode": 403,
-      "log": true,
-      "tcp": false,
-      "iptables": false,
-      "cloud": null,
-      "cloudDryRun": false,
-      "cloudflare": {
-        "apiToken": null,
-        "accountId": null
-      },
-      "aws": {
-        "wafIpSetId": null,
-        "wafIpSetName": "securenow-blocklist",
-        "wafScope": "REGIONAL"
-      },
-      "gcp": {
-        "projectId": null,
-        "securityPolicy": null
-      }
-    },
-    "networking": {
-      "trustedProxies": []
-    }
-  }
-}
-```
-## Credentials Keys
-| Credentials path | Default | Notes |
-|---|---|---|
-| `app.key` | package name fallback | SecureNow app routing UUID / OTel service name. |
-| `app.name` | package name fallback | Human-readable app name. |
-| `app.instance` | `https://freetrial.securenow.ai:4318` | OTLP base endpoint. |
-| `apiKey` | `null` | `snk_live_...` firewall sync key. |
-| `config.otel.endpoint` | app instance | Optional OTLP base endpoint override. |
-| `config.otel.tracesEndpoint` | `{instance}/v1/traces` | Full traces endpoint. |
-| `config.otel.logsEndpoint` | `{instance}/v1/logs` | Full logs endpoint. |
-| `config.otel.headers` | auto `x-api-key=<app.key>` | Extra OTLP headers as an object. |
-| `config.otel.logLevel` | `none` | `none`, `error`, `warn`, `info`, or `debug`. |
-| `config.otel.disableInstrumentations` | `[]` | OTel instrumentation package names to skip. |
-| `config.logging.enabled` | `true` | Console log forwarding. |
-| `config.capture.body` | `true` | JSON, GraphQL, and form body capture. |
-| `config.capture.multipart` | `true` | Multipart text fields and file metadata; never file content. |
-| `config.capture.maxBodySize` | `10240` | Bytes captured per request body. |
-| `config.capture.sensitiveFields` | `[]` | Extra redaction field fragments. |
-| `config.runtime.deploymentEnvironment` | `production` | Sent as `deployment.environment`. |
-| `config.runtime.noUuid` | auto | Auto is true when an app key is present. |
-| `config.runtime.strict` | `false` | Exit clustered workers when no app identity resolves. |
-| `config.runtime.testSpan` | `false` | Prefer `npx securenow test-span` for manual checks. |
-| `config.runtime.hideBanner` | `false` | Hide free-trial response banner. |
-| `config.firewall.enabled` | `true` | Local SDK firewall switch. Leave absent/true for protection; set false only when intentionally disabling in this credentials file. Dashboard app toggle also applies. |
-| `config.firewall.apiUrl` | `https://api.securenow.ai` | SecureNow API base URL. |
-| `config.firewall.versionCheckInterval` | `10` | Seconds between lightweight version checks. |
-| `config.firewall.syncInterval` | `300` | Seconds between full blocklist syncs. |
-| `config.firewall.failMode` | `open` | `open` or `closed`. |
-| `config.firewall.statusCode` | `403` | HTTP status for blocked requests. |
-| `config.firewall.log` | `true` | Log firewall decisions locally. |
-| `config.firewall.tcp` | `false` | Opt-in Layer 2 TCP drop. |
-| `config.firewall.iptables` | `false` | Opt-in Linux iptables/nftables drop. |
-| `config.firewall.cloud` | `null` | `cloudflare`, `aws`, or `gcp`. |
-| `config.firewall.cloudDryRun` | `false` | Preview cloud WAF pushes. |
-| `config.firewall.cloudflare.apiToken` | `null` | Cloudflare Layer 4 WAF credential. |
-| `config.firewall.cloudflare.accountId` | `null` | Cloudflare account id. |
-| `config.firewall.aws.wafIpSetId` | `null` | AWS WAF IP set id. |
-| `config.firewall.aws.wafIpSetName` | `securenow-blocklist` | AWS WAF IP set name. |
-| `config.firewall.aws.wafScope` | `REGIONAL` | AWS WAF scope. |
-| `config.firewall.gcp.projectId` | `null` | GCP project id. |
-| `config.firewall.gcp.securityPolicy` | `null` | GCP Cloud Armor policy. |
-| `config.networking.trustedProxies` | `[]` | Additional proxy IPs trusted for `X-Forwarded-For`. |
-## Common Edits
-```json
-{
-  "config": {
-    "capture": {
-      "maxBodySize": 20480,
-      "sensitiveFields": ["session_id", "internal_token"]
-    },
-    "logging": { "enabled": false },
-    "firewall": { "failMode": "closed" }
-  }
-}
-```

package/docs/ENVIRONMENTS.md DELETED Viewed

@@ -1,60 +0,0 @@
-# SecureNow Environments
-SecureNow uses one app id for one application, then separates data by deployment environment.
-## Recommended Model
-- Use the same `app.key` for local, preview, staging, and production.
-- Set `config.runtime.deploymentEnvironment` in `.securenow/credentials.json`.
-- Default local setup writes `local`.
-- Production runtime credentials should write `production`.
-- The SDK sends this value as the OpenTelemetry `deployment.environment` resource attribute.
-- The firewall sync sends the same environment to SecureNow so app firewall settings can differ per environment.
-Example local file:
-```json
-{
-  "app": {
-    "key": "00000000-0000-0000-0000-000000000000",
-    "name": "my-app",
-    "instance": "https://freetrial.securenow.ai:4318"
-  },
-  "config": {
-    "runtime": {
-      "deploymentEnvironment": "local"
-    }
-  }
-}
-```
-Example production flow:
-```bash
-npx securenow credentials runtime --env production
-```
-This writes `.securenow/credentials.production.json`. Deploy the generated JSON as a secret file and mount or copy it to:
-```text
-<app-root>/.securenow/credentials.json
-```
-## Investigation Defaults
-Forensics, firewall status, and security investigation tools default to `production`. Use `--env local`, `--env staging`, or `--env all` when you explicitly want another scope.
-```bash
-npx securenow traces --app <app-key> --env production
-npx securenow logs --app <app-key> --env local
-npx securenow forensics "show suspicious IPs in the last hour" --app <app-key> --env production
-npx securenow firewall disable --app <app-key> --env local
-```
-## Firewall Defaults
-- Production defaults to firewall on.
-- Local, preview, staging, and test default to firewall off until explicitly enabled.
-- Blocklists and allowlists are still app-scoped, but the app firewall toggle and threshold are environment-scoped.
-This keeps local development friction low while preserving production as the primary security boundary.