spider-watch 0.1.0

package/README.md

@@ -0,0 +1,274 @@
+# spider-watch
+
+`spider-watch` is a reusable monitoring toolkit for Node.js Express apps, designed for **API-only backends** (no server-rendered views required).
+
+It comes from a common production need: monitor incoming API requests, exceptions, outbound HTTP calls, and operational events in one place, with a built-in dashboard UI (labeled **Spider Watch**) and JSON APIs.
+
+## What it provides
+
+- Request capture (`REQUEST` events): method, path, status, duration, IP, headers/body (optional), response headers/body (optional)
+- Exception capture (`EXCEPTION` events) through Express error middleware
+- Outbound HTTP capture (`EXTERNAL_HTTP` events) via a monitored Axios instance
+- Optional console capture (`LOG` events)
+- Manual domain instrumentation (`DB_QUERY`, `JOB`, `NOTIFICATION`, `MAIL`, `CACHE_OP`)
+- SQLite persistence with retention cleanup
+- Built-in dashboard + API endpoints under a configurable route prefix
+- Basic Auth protection for the monitoring surface
+- Sensitive data masking for headers and payloads
+
+## Requirements
+
+- Node.js `>=18`
+- Express `^4.18.0 || ^5.0.0` (peer dependency)
+
+## Installation
+
+```bash
+pnpm add express-monitoring
+# or: npm install express-monitoring
+# or: yarn add express-monitoring
+```
+
+## Quick start (JavaScript)
+
+```js
+import express from "express";
+import { createMonitoring, loadMonitoringConfigFromEnv } from "express-monitoring";
+
+const app = express();
+
+const monitoring = createMonitoring(loadMonitoringConfigFromEnv(process.env));
+
+app.use(express.json());
+
+// Required order:
+app.use(monitoring.captureMiddleware);
+app.use(monitoring.router);
+app.use(monitoring.errorMiddleware);
+
+monitoring.start();
+
+const server = app.listen(3000, () => {
+  console.log("API listening on :3000");
+});
+
+process.on("SIGTERM", () => {
+  monitoring.stop();
+  server.close(() => process.exit(0));
+});
+```
+
+## Core integration rules
+
+1. Use `captureMiddleware` before your monitoring router and error middleware.
+2. Keep `errorMiddleware` after your application routes/middlewares so thrown errors are captured.
+3. Call `monitoring.start()` during bootstrap and `monitoring.stop()` during shutdown.
+4. If monitoring is enabled and auth is enabled, credentials are required.
+
+## Configuration
+
+You can configure through environment variables or pass options directly.
+
+### Defaults
+
+```js
+{
+  enabled: false,
+  routePrefix: "/monitoring",
+  dbPath: "./data/monitoring.sqlite",
+  retentionDays: 30,
+  captureLogs: false,
+  captureBodies: true,
+  sampleRate: 1,
+  auth: {
+    type: "basic",
+    user: "",
+    pass: "",
+    realm: "Monitoring",
+    enabled: true
+  },
+  masking: {
+    enabled: true,
+    sensitiveKeys: [
+      "password", "token", "authorization", "api_key", "access_token", "refresh_token",
+      "credentials", "cvv", "card_number", "ssn", "private_key"
+    ],
+    maxBodySize: 8192
+  }
+}
+```
+
+### Programmatic config example
+
+```js
+import { createMonitoring } from "express-monitoring";
+
+const monitoring = createMonitoring({
+  enabled: true,
+  routePrefix: "/ops/monitoring",
+  dbPath: "./var/monitoring.sqlite",
+  retentionDays: 14,
+  captureLogs: true,
+  captureBodies: true,
+  sampleRate: 1,
+  auth: {
+    type: "basic",
+    enabled: true,
+    user: "admin",
+    pass: "change-me",
+    realm: "Spider Watch",
+  },
+  masking: {
+    enabled: true,
+    sensitiveKeys: ["authorization", "password", "token", "api_key"],
+    maxBodySize: 4096,
+  },
+});
+```
+
+### Environment config example
+
+```bash
+MONITORING_ENABLED=true
+MONITORING_ROUTE_PREFIX=/monitoring
+MONITORING_DB_PATH=./data/monitoring.sqlite
+MONITORING_RETENTION_DAYS=30
+MONITORING_CAPTURE_LOGS=true
+MONITORING_CAPTURE_BODIES=true
+MONITORING_SAMPLE_RATE=1
+
+MONITORING_AUTH_ENABLED=true
+MONITORING_AUTH_USER=admin
+MONITORING_AUTH_PASS=change-me
+MONITORING_AUTH_REALM="Spider Watch"
+
+MONITORING_MASKING_ENABLED=true
+MONITORING_MAX_BODY_SIZE=8192
+MONITORING_SENSITIVE_KEYS=authorization,password,token,api_key
+```
+
+```js
+import { createMonitoring, loadMonitoringConfigFromEnv } from "express-monitoring";
+
+const monitoring = createMonitoring(loadMonitoringConfigFromEnv(process.env));
+```
+
+### Validation rules
+
+- `sampleRate` must be between `0` and `1`
+- `routePrefix` must start with `/`
+- `retentionDays` and `masking.maxBodySize` must be positive integers
+- If `enabled=true` and `auth.enabled=true`, `auth.user` and `auth.pass` are required
+
+## Monitoring surface
+
+Assuming `routePrefix=/monitoring`:
+
+- `GET /monitoring` → Spider Watch dashboard UI
+- `GET /monitoring/app.js` → dashboard script
+- `GET /monitoring/api/events` → paginated event list with filters
+- `GET /monitoring/api/events/:id` → event detail (request/exceptions/external calls when available)
+- `DELETE /monitoring/api/events` → delete all data (requires JSON body `{"scope":"all"}`)
+- `GET /monitoring/api/requests` → request-only view
+- `GET /monitoring/api/requests/:id` → request detail with linked external calls/exceptions
+
+If monitoring is disabled, requests under the route prefix return HTTP `503`.
+
+## Event model (high-level)
+
+- `REQUEST`: captured by `captureMiddleware`
+- `EXCEPTION`: captured by `errorMiddleware`
+- `EXTERNAL_HTTP`: captured by monitored Axios
+- `LOG`: captured when `captureLogs=true`
+- `SCHEDULED_TASK`: retention cleanup events
+- Instrumentation events: `DB_QUERY`, `JOB`, `NOTIFICATION`, `MAIL`, `CACHE_OP`
+
+Events are linked through a correlation ID generated per captured request.
+
+## Outbound HTTP monitoring (Axios)
+
+Use the monitored client returned by `createMonitoredAxios()`:
+
+```js
+const http = monitoring.createMonitoredAxios();
+
+await http.get("https://api.example.com/v1/users", {
+  headers: { Authorization: "Bearer super-secret-token" },
+});
+```
+
+When monitoring is enabled, outbound requests are stored as `EXTERNAL_HTTP` with method, URL, status, duration, masked headers/body, and optional error summary.
+
+## Manual instrumentation
+
+Use `monitoring.instrumentation` to emit custom operational events:
+
+```js
+monitoring.instrumentation.recordDbQuery("SELECT users by tenant", { tenantId: "t-123" });
+monitoring.instrumentation.recordJobRun("daily-report", { tookMs: 482 });
+monitoring.instrumentation.recordNotification("Slack alert sent", { channel: "#ops" });
+monitoring.instrumentation.recordMail("Welcome email", { userId: "u-42" });
+monitoring.instrumentation.recordCacheOp("users:list cache hit", { key: "users:tenant:t-123" });
+```
+
+## Security and sensitive data
+
+- Protect monitoring routes with Basic Auth in production.
+- Keep credentials out of source code (prefer environment variables/secrets managers).
+- Masking is enabled by default for known sensitive keys.
+- Payload strings are truncated to `masking.maxBodySize`.
+- Binary bodies are stored as `[binary data]`.
+
+## Sampling, storage, and retention
+
+- `sampleRate` controls request capture probability (`1` = all, `0.1` = ~10%).
+- Data is stored in SQLite at `dbPath`.
+- Retention runs immediately on `start()` and then hourly.
+- Old events are deleted according to `retentionDays`.
+
+## Troubleshooting
+
+### `auth.user and auth.pass are required when auth is enabled`
+
+Set both credentials, or disable auth explicitly:
+
+```bash
+MONITORING_AUTH_ENABLED=false
+```
+
+### Dashboard returns 503
+
+Monitoring is disabled. Set:
+
+```bash
+MONITORING_ENABLED=true
+```
+
+### No outbound HTTP events
+
+Use `monitoring.createMonitoredAxios()` for calls you want tracked.
+
+### Missing request payloads
+
+Ensure `captureBodies=true`. If disabled, bodies and captured headers are intentionally omitted.
+
+## Public API
+
+```js
+import { createMonitoring, loadMonitoringConfigFromEnv } from "express-monitoring";
+```
+
+- `createMonitoring(options?)` → monitoring instance
+- `loadMonitoringConfigFromEnv(env?)` → normalized config object
+
+Returned monitoring instance:
+
+- `captureMiddleware`
+- `router`
+- `errorMiddleware`
+- `start()`
+- `stop()`
+- `recordEvent(eventInput)`
+- `instrumentation`
+- `createMonitoredAxios()`
+- `config`

package/dist/config/defaults.d.ts

@@ -0,0 +1,5 @@
+import type { MonitoringOptions } from "../types.js";
+export declare const DEFAULT_SENSITIVE_KEYS: readonly ["password", "passwd", "pass", "secret", "token", "authorization", "auth", "apikey", "api_key", "accesstoken", "access_token", "refreshtoken", "refresh_token", "credential", "credentials", "pin", "cvv", "cvc", "cardnumber", "card_number", "ssn", "private_key", "privatekey"];
+export declare const DEFAULT_OPTIONS: MonitoringOptions;
+export declare function normalizeOptions(partial?: Partial<MonitoringOptions>): MonitoringOptions;
+//# sourceMappingURL=defaults.d.ts.map

package/dist/config/defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD,eAAO,MAAM,sBAAsB,6RAwBzB,CAAC;AAEX,eAAO,MAAM,eAAe,EAAE,iBAoB7B,CAAC;AASF,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,OAAO,CAAC,iBAAiB,CAAM,GAAG,iBAAiB,CAkB5F"}

package/dist/config/defaults.js

@@ -0,0 +1,70 @@
+export const DEFAULT_SENSITIVE_KEYS = [
+    "password",
+    "passwd",
+    "pass",
+    "secret",
+    "token",
+    "authorization",
+    "auth",
+    "apikey",
+    "api_key",
+    "accesstoken",
+    "access_token",
+    "refreshtoken",
+    "refresh_token",
+    "credential",
+    "credentials",
+    "pin",
+    "cvv",
+    "cvc",
+    "cardnumber",
+    "card_number",
+    "ssn",
+    "private_key",
+    "privatekey",
+];
+export const DEFAULT_OPTIONS = {
+    enabled: false,
+    routePrefix: "/monitoring",
+    dbPath: "./data/monitoring.sqlite",
+    retentionDays: 30,
+    captureLogs: false,
+    captureBodies: true,
+    sampleRate: 1,
+    auth: {
+        type: "basic",
+        user: "",
+        pass: "",
+        realm: "Monitoring",
+        enabled: true,
+    },
+    masking: {
+        enabled: true,
+        sensitiveKeys: [...DEFAULT_SENSITIVE_KEYS],
+        maxBodySize: 8192,
+    },
+};
+function normalizeRoutePrefix(value) {
+    const trimmed = value.trim();
+    if (!trimmed)
+        return "/monitoring";
+    const withLeadingSlash = trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+    return withLeadingSlash.replace(/\/+$/, "") || "/monitoring";
+}
+export function normalizeOptions(partial = {}) {
+    const auth = {
+        ...DEFAULT_OPTIONS.auth,
+        ...(partial.auth ?? {}),
+    };
+    const masking = {
+        ...DEFAULT_OPTIONS.masking,
+        ...(partial.masking ?? {}),
+    };
+    return {
+        ...DEFAULT_OPTIONS,
+        ...partial,
+        routePrefix: normalizeRoutePrefix(partial.routePrefix ?? DEFAULT_OPTIONS.routePrefix),
+        auth,
+        masking,
+    };
+}

package/dist/config/env-loader.d.ts

@@ -0,0 +1,3 @@
+import type { MonitoringOptions } from "../types.js";
+export declare function loadMonitoringConfigFromEnv(env?: NodeJS.ProcessEnv): MonitoringOptions;
+//# sourceMappingURL=env-loader.d.ts.map

package/dist/config/env-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-loader.d.ts","sourceRoot":"","sources":["../../src/config/env-loader.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD,wBAAgB,2BAA2B,CACzC,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,iBAAiB,CA6BnB"}

package/dist/config/env-loader.js

@@ -0,0 +1,29 @@
+import { normalizeOptions } from "./defaults.js";
+export function loadMonitoringConfigFromEnv(env = process.env) {
+    const masking = {
+        enabled: env.MONITORING_MASKING_ENABLED !== "false",
+        maxBodySize: parseInt(env.MONITORING_MAX_BODY_SIZE ?? "8192", 10),
+    };
+    if (env.MONITORING_SENSITIVE_KEYS) {
+        masking.sensitiveKeys = env.MONITORING_SENSITIVE_KEYS.split(",")
+            .map((v) => v.trim())
+            .filter(Boolean);
+    }
+    return normalizeOptions({
+        enabled: env.MONITORING_ENABLED === "true",
+        routePrefix: env.MONITORING_ROUTE_PREFIX ?? "/monitoring",
+        dbPath: env.MONITORING_DB_PATH ?? "./data/monitoring.sqlite",
+        retentionDays: parseInt(env.MONITORING_RETENTION_DAYS ?? "30", 10),
+        captureLogs: env.MONITORING_CAPTURE_LOGS === "true",
+        captureBodies: env.MONITORING_CAPTURE_BODIES !== "false",
+        sampleRate: parseFloat(env.MONITORING_SAMPLE_RATE ?? "1"),
+        auth: {
+            type: "basic",
+            user: env.MONITORING_AUTH_USER ?? "",
+            pass: env.MONITORING_AUTH_PASS ?? "",
+            realm: env.MONITORING_AUTH_REALM ?? "Monitoring",
+            enabled: env.MONITORING_AUTH_ENABLED !== "false",
+        },
+        masking,
+    });
+}

package/dist/config/validate.d.ts

@@ -0,0 +1,3 @@
+import type { MonitoringOptions } from "../types.js";
+export declare function validateOptions(options: MonitoringOptions): void;
+//# sourceMappingURL=validate.d.ts.map

package/dist/config/validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/config/validate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD,wBAAgB,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAsBhE"}

package/dist/config/validate.js

@@ -0,0 +1,19 @@
+export function validateOptions(options) {
+    if (!Number.isFinite(options.sampleRate) || options.sampleRate < 0 || options.sampleRate > 1) {
+        throw new Error("[monitoring] sampleRate must be a number between 0 and 1");
+    }
+    if (!options.routePrefix || !options.routePrefix.startsWith("/")) {
+        throw new Error("[monitoring] routePrefix must start with '/'");
+    }
+    if (!Number.isInteger(options.retentionDays) || options.retentionDays <= 0) {
+        throw new Error("[monitoring] retentionDays must be a positive integer");
+    }
+    if (!Number.isInteger(options.masking.maxBodySize) || options.masking.maxBodySize <= 0) {
+        throw new Error("[monitoring] masking.maxBodySize must be a positive integer");
+    }
+    if (options.enabled && options.auth.enabled) {
+        if (!options.auth.user || !options.auth.pass) {
+            throw new Error("[monitoring] auth.user and auth.pass are required when auth is enabled");
+        }
+    }
+}

package/dist/create-monitoring.d.ts

@@ -0,0 +1,3 @@
+import type { MonitoringInstance, MonitoringOptions } from "./types.js";
+export declare function createMonitoring(options?: Partial<MonitoringOptions>): MonitoringInstance;
+//# sourceMappingURL=create-monitoring.d.ts.map

package/dist/create-monitoring.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-monitoring.d.ts","sourceRoot":"","sources":["../src/create-monitoring.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGxE,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,OAAO,CAAC,iBAAiB,CAAM,GAAG,kBAAkB,CAiE7F"}

package/dist/create-monitoring.js

@@ -0,0 +1,73 @@
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { normalizeOptions } from "./config/defaults.js";
+import { validateOptions } from "./config/validate.js";
+import { createBasicAuthMiddleware } from "./middleware/auth-basic.js";
+import { createCaptureMiddleware } from "./middleware/capture.js";
+import { createErrorMiddleware } from "./middleware/error.js";
+import { createMonitoringRepository } from "./repository/monitoring-repository.js";
+import { createSqliteDb } from "./repository/sqlite-db.js";
+import { createMonitoringRouter } from "./router/monitoring-router.js";
+import { createConsoleHookService } from "./services/console-hook.js";
+import { getCorrelationId } from "./services/context.js";
+import { createMonitoredAxios } from "./services/http-client.js";
+import { createInstrumentation } from "./services/instrumentation.js";
+import { createRecorder } from "./services/recorder.js";
+import { createRetentionService } from "./services/retention.js";
+import { createRuntimeState } from "./services/runtime.js";
+import { createMaskingUtils } from "./utils/masking.js";
+export function createMonitoring(options = {}) {
+    const config = normalizeOptions(options);
+    validateOptions(config);
+    const dbAdapter = createSqliteDb(config.dbPath);
+    const repository = createMonitoringRepository(dbAdapter);
+    const runtime = createRuntimeState();
+    const masking = createMaskingUtils(config.masking);
+    const authMiddleware = createBasicAuthMiddleware(config);
+    const recorder = createRecorder(repository, getCorrelationId);
+    const retention = createRetentionService(config, repository, recorder.recordEvent);
+    const consoleHook = createConsoleHookService(config, recorder.recordEvent);
+    const instrumentation = createInstrumentation(recorder.recordEvent);
+    const __dirname = path.dirname(fileURLToPath(import.meta.url));
+    const uiDir = path.join(__dirname, "ui");
+    const captureMiddleware = createCaptureMiddleware(config, repository, masking);
+    const errorMiddleware = createErrorMiddleware(config, repository);
+    const router = createMonitoringRouter(config, repository, authMiddleware, uiDir);
+    function start() {
+        if (runtime.status === "running")
+            return;
+        runtime.status = "running";
+        runtime.startedAt = new Date().toISOString();
+        if (!config.enabled)
+            return;
+        dbAdapter.getDb();
+        runtime.dbConnected = true;
+        consoleHook.install();
+        runtime.consoleHookActive = consoleHook.isInstalled();
+        retention.start();
+        runtime.retentionJobActive = retention.isActive();
+    }
+    function stop() {
+        if (runtime.status === "stopped" || runtime.status === "stopping")
+            return;
+        runtime.status = "stopping";
+        retention.stop();
+        runtime.retentionJobActive = false;
+        consoleHook.uninstall();
+        runtime.consoleHookActive = false;
+        dbAdapter.closeDb();
+        runtime.dbConnected = false;
+        runtime.status = "stopped";
+    }
+    return {
+        captureMiddleware,
+        errorMiddleware,
+        router,
+        start,
+        stop,
+        recordEvent: recorder.recordEvent,
+        instrumentation,
+        createMonitoredAxios: () => createMonitoredAxios(config, repository, masking, getCorrelationId),
+        config,
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { createMonitoring } from "./create-monitoring.js";
+export { loadMonitoringConfigFromEnv } from "./config/env-loader.js";
+export type { MonitoringAuthOptions, MonitoringEvent, MonitoringEventInput, MonitoringInstance, MonitoringMaskingOptions, MonitoringOptions, MonitoringRuntime, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAErE,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,2 @@
+export { createMonitoring } from "./create-monitoring.js";
+export { loadMonitoringConfigFromEnv } from "./config/env-loader.js";

package/dist/middleware/auth-basic.d.ts

@@ -0,0 +1,4 @@
+import type { RequestHandler } from "express";
+import type { MonitoringOptions } from "../types.js";
+export declare function createBasicAuthMiddleware(config: MonitoringOptions): RequestHandler;
+//# sourceMappingURL=auth-basic.d.ts.map

package/dist/middleware/auth-basic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-basic.d.ts","sourceRoot":"","sources":["../../src/middleware/auth-basic.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAE9C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAQrD,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,iBAAiB,GAAG,cAAc,CA8BnF"}

package/dist/middleware/auth-basic.js

@@ -0,0 +1,34 @@
+import { createHash, timingSafeEqual } from "node:crypto";
+function safeCompare(a, b) {
+    const ha = createHash("sha256").update(a).digest();
+    const hb = createHash("sha256").update(b).digest();
+    return timingSafeEqual(ha, hb);
+}
+export function createBasicAuthMiddleware(config) {
+    return (req, res, next) => {
+        if (!config.auth.enabled)
+            return next();
+        const authHeader = req.headers.authorization ?? "";
+        if (!authHeader.startsWith("Basic ")) {
+            res.set("WWW-Authenticate", `Basic realm="${config.auth.realm}"`);
+            return res.status(401).json({ error: "Authentication required" });
+        }
+        try {
+            const decoded = Buffer.from(authHeader.slice(6), "base64").toString("utf8");
+            const colonIndex = decoded.indexOf(":");
+            const user = decoded.substring(0, colonIndex);
+            const pass = decoded.substring(colonIndex + 1);
+            const validUser = safeCompare(user, config.auth.user);
+            const validPass = safeCompare(pass, config.auth.pass);
+            if (!validUser || !validPass) {
+                res.set("WWW-Authenticate", `Basic realm="${config.auth.realm}"`);
+                return res.status(401).json({ error: "Invalid credentials" });
+            }
+            return next();
+        }
+        catch {
+            res.set("WWW-Authenticate", `Basic realm="${config.auth.realm}"`);
+            return res.status(401).json({ error: "Invalid credentials" });
+        }
+    };
+}

package/dist/middleware/capture.d.ts

@@ -0,0 +1,7 @@
+import type { RequestHandler } from "express";
+import type { MonitoringOptions, MonitoringRepository } from "../types.js";
+export declare function createCaptureMiddleware(config: MonitoringOptions, repository: MonitoringRepository, masking: {
+    maskBody: (body: unknown) => string | null;
+    maskHeaders: (headers: unknown) => Record<string, unknown>;
+}): RequestHandler;
+//# sourceMappingURL=capture.d.ts.map

package/dist/middleware/capture.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capture.d.ts","sourceRoot":"","sources":["../../src/middleware/capture.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAG9C,OAAO,KAAK,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAE3E,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,iBAAiB,EACzB,UAAU,EAAE,oBAAoB,EAChC,OAAO,EAAE;IACP,QAAQ,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,CAAC;IAC3C,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC5D,GACA,cAAc,CA+EhB"}

package/dist/middleware/capture.js

@@ -0,0 +1,68 @@
+import { createContext, runWithContext } from "../services/context.js";
+export function createCaptureMiddleware(config, repository, masking) {
+    return (req, res, next) => {
+        if (!config.enabled)
+            return next();
+        if (Math.random() > config.sampleRate)
+            return next();
+        if (req.path.startsWith(config.routePrefix)) {
+            return next();
+        }
+        const context = createContext();
+        const startTime = Date.now();
+        const responseChunks = [];
+        const originalWrite = res.write.bind(res);
+        const originalEnd = res.end.bind(res);
+        res.write = ((chunk, ...args) => {
+            if (chunk) {
+                responseChunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
+            }
+            return originalWrite(chunk, ...args);
+        });
+        res.end = ((chunk, ...args) => {
+            if (chunk) {
+                responseChunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
+            }
+            return originalEnd(chunk, ...args);
+        });
+        runWithContext(context, () => {
+            res.on("finish", () => {
+                try {
+                    const durationMs = Date.now() - startTime;
+                    const rawResponseBody = responseChunks.length
+                        ? Buffer.concat(responseChunks).toString("utf8")
+                        : null;
+                    const requestBody = config.captureBodies ? masking.maskBody(req.body) : null;
+                    const responseBody = config.captureBodies ? masking.maskBody(rawResponseBody) : null;
+                    const ipAddress = req.headers["x-forwarded-for"]?.toString().split(",")[0]?.trim() ??
+                        req.socket.remoteAddress ??
+                        null;
+                    const summary = `${req.method} ${req.path} ${res.statusCode}`;
+                    const severity = res.statusCode >= 500 ? "ERROR" : res.statusCode >= 400 ? "WARN" : "INFO";
+                    const eventId = repository.insertEvent({
+                        eventType: "REQUEST",
+                        severity,
+                        correlationId: context.correlationId,
+                        summary,
+                        data: { requestId: context.requestId },
+                    });
+                    repository.insertRequest(eventId, {
+                        method: req.method,
+                        path: req.path,
+                        statusCode: res.statusCode,
+                        durationMs,
+                        ipAddress,
+                        requestHeaders: config.captureBodies ? masking.maskHeaders(req.headers) : {},
+                        requestBody,
+                        responseHeaders: config.captureBodies ? masking.maskHeaders(res.getHeaders()) : {},
+                        responseBody,
+                    });
+                }
+                catch (err) {
+                    console.error("[monitoring] Failed to capture request:", err instanceof Error ? err.message : String(err));
+                }
+            });
+            next();
+        });
+    };
+}

package/dist/middleware/error.d.ts

@@ -0,0 +1,4 @@
+import type { ErrorRequestHandler } from "express";
+import type { MonitoringOptions, MonitoringRepository } from "../types.js";
+export declare function createErrorMiddleware(config: MonitoringOptions, repository: MonitoringRepository): ErrorRequestHandler;
+//# sourceMappingURL=error.d.ts.map

package/dist/middleware/error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/middleware/error.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAGnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAE3E,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,iBAAiB,EACzB,UAAU,EAAE,oBAAoB,GAC/B,mBAAmB,CA6BrB"}