feat: NATS storage integration

Added proper SSL support

Author: nikola-nedic-sa

.gitignore

@@ -203,6 +203,7 @@ config.production.json
 config.apache-kafka-no-auth.json
 config.aws-msk-iam.json
 test-config-confluent.json
+certs/*
 *.key
 *.pem
 *.crt

README.md

@@ -70,8 +70,20 @@ npx superstream-kafka-analyzer
 ```bash
 # Using a configuration file
 npx superstream-kafka-analyzer --config config.json
+
+# Using a configuration file and uploading results to NATS
+npx superstream-kafka-analyzer --config config.json --nats-config nats-config.json
 ```
 
+### NATS Config Mode (Upload to NATS)
+
+```bash
+# Run normal analysis but upload results to NATS instead of generating files
+npx superstream-kafka-analyzer --config config.json --nats-config nats-config.json
+```
+
+This mode works like the normal configuration file mode, but instead of generating local files, it uploads the analysis results to NATS Object Store.
+
 ### Configuration File Examples
 
 **Available Examples:**
@@ -95,6 +107,7 @@ The full list is under the `./config-examples/` folder:
 - [Generic OAuth](config-examples/config.example.generic-oauth.json) - Generic OAuth provider
 - [With Timestamp](config-examples/config.example.with-timestamp.json) - Include timestamp in filenames
 - [Without Timestamp](config-examples/config.example.without-timestamp.json) - No timestamp in filenames
+- [NATS Config](config-examples/config.example.nats-config.json) - configuration for NATS connectivity
 
 **Basic Configuration** (`config.example.json`):
 ```json
@@ -139,6 +152,18 @@ The full list is under the `./config-examples/` folder:
 }
 ```
 
+**NATS Only Configuration** (`config.example.nats-config.json`):
+```json
+{
+  "servers": ["nats://localhost:4222"],
+  "jwt": "your_jwt_token_here",
+  "nkey": "your_nkey_seed_here",
+  "account": "your_account_name",
+  "bucket": "kafka-analysis-test",
+  "objectName": "analysis-result-test"
+}
+```
+
 **AWS MSK with SCRAM** (`config.example.aws-msk.json`):
 ```json
 {
@@ -218,14 +243,11 @@ The full list is under the `./config-examples/` folder:
     "brokers": ["kafka-xxxxx-aiven-kafka.aivencloud.com:12345"],
     "clientId": "superstream-analyzer",
     "vendor": "aiven",
-    "useSasl": true,
-    "sasl": {
-      "mechanism": "SCRAM-SHA-256",
-      "username": "avnadmin",
-      "password": "YOUR_AVNADMIN_PASSWORD"
-    },
+    "useSasl": false,
     "ssl": {
-      "ca": "./path/to/ca.pem"
+      "ca": "path/to/ca.pem",
+      "cert": "path/to/service.cert",
+      "key": "path/to/service.key"
     }
   },
   "file": {
@@ -268,6 +290,7 @@ The full list is under the `./config-examples/` folder:
 | Option | Description | Default |
 |--------|-------------|---------|
 | `--config <path>` | Path to configuration file | - |
+| `--nats-config <path>` | Path to NATS configuration file (uploads to NATS data store instead of generating files) | - |
 
 ## 🔐 Security Protocols
 

bin/index.js

@@ -13,6 +13,7 @@ program
   .description('Interactive utility to analyze Kafka clusters health and configuration')
   .version('1.0.0')
   .option('-c, --config <path>', 'Path to configuration file')
+  .option('--nats-config <path>', 'Path to NATS configuration file (uploads to NATS instead of generating files)')
   .option('-b, --bootstrap-servers <servers>', 'Comma-separated list of Kafka bootstrap servers')
   .option('-v, --verbose', 'Enable verbose logging')
   .option('-t, --timeout <seconds>', 'Connection timeout in seconds', '30')

config-examples/config.example.aiven-kafka.json

@@ -3,14 +3,11 @@
     "brokers": ["kafka-xxxxx-aiven-kafka.aivencloud.com:12345"],
     "clientId": "superstream-analyzer",
     "vendor": "aiven",
-    "useSasl": true,
-    "sasl": {
-      "mechanism": "SCRAM-SHA-256",
-      "username": "avnadmin",
-      "password": "YOUR_AVNADMIN_PASSWORD"
-    },
+    "useSasl": false,
     "ssl": {
-      "ca": "/PATH/TO/YOUR/ca.pem"
+      "ca": "path/to/ca.pem",
+      "cert": "path/to/service.cert",
+      "key": "path/to/service.key"
     }
   },
   "file": {
@@ -19,4 +16,4 @@
     "includeMetadata": true
   },
   "email": "user@example.com"
-} 
+}

config-examples/config.example.nats-config.json

@@ -0,0 +1,8 @@
+{
+  "servers": ["nats://localhost:4222"],
+  "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJLVlZMSUJaUkpFNTNHSFZSQ0JWQUtJMjRRQ0hFQTJJSllKTEpCU0xWMzdZTFpZQlNTUTNBIiwiaWF0IjoxNzU0Mjc4MjUxLCJpc3MiOiJBQVlXTUI0S0RQUUtPNTdJS1M3MlhBWVVCV1hWTDZMWlhHTkczRjQzT1UzUlg1WVpFSU9LUlZSMiIsIm5hbWUiOiIyMjM2NzE5OTAiLCJzdWIiOiJVQ01JQ0dMNEMyVTdFWkhTQU9aWkVIWE5OTkhORjVaRFpYT0lWU0JVWkdDNVgzT0U0NkJTSjdOSCIsIm5hdHMiOnsicHViIjp7fSwic3ViIjp7fSwic3VicyI6LTEsImRhdGEiOi0xLCJwYXlsb2FkIjotMSwidHlwZSI6InVzZXIiLCJ2ZXJzaW9uIjoyfX0.s_FEjZ2b4ww_4mRcwpvGJBo6Oou_Migp32nqcgfOogzGYLOS6Zcp3ocCZAtHoPB4cBapOW2grXB8nEsPEhq2BA",
+  "nkey": "SUALTRX34EJFH2DTLSJQD2VRYRZYZVEPMECWCJTPJ3334KNUX2ZAWOZC3M",
+  "account": "internal",
+  "bucket": "kafka-analysis-reports",
+  "objectName": "analysis-223671990-1"
+} 

package.json

@@ -19,6 +19,7 @@
   },
   "scripts": {
     "start": "node bin/index.js",
+    "nats-config": "node bin/index.js --config config-examples/config.example.json --nats-config config-examples/config.example.nats-config.json",
     "test": "jest",
     "lint": "eslint src/",
     "format": "prettier --write src/"
@@ -38,6 +39,7 @@
     "jsonwebtoken": "^9.0.2",
     "jwks-rsa": "^3.1.0",
     "kafkajs": "^2.2.4",
+    "nats": "^2.19.0",
     "ora": "^5.4.1",
     "simple-oauth2": "^5.1.0",
     "superstream-kafka-analyzer": "^1.0.13"

src/cli.js

@@ -11,6 +11,8 @@ const { Validators } = require('./validators');
 const { HealthChecker } = require('./health-checker');
 const { displayValidationResults, displayTopicSummary } = require('./utils');
 const { SupabaseAnalytics } = require('./analytics');
+const { NATSObjectStore } = require('./nats-object-store');
+const { log } = require('console');
 
 class CLI {
   constructor(options = {}) {
@@ -21,12 +23,31 @@ class CLI {
     };
     this.kafkaClient = null;
     this.fileService = null;
+    this.natsObjectStore = null;
     this.analytics = new SupabaseAnalytics();
 
     // Handle bootstrap-servers option mapping to brokers
     if (options.bootstrapServers && !options.brokers) {
       this.options.brokers = options.bootstrapServers;
     }
+    
+    // Setup graceful shutdown
+    this.setupGracefulShutdown();
+  }
+
+  setupGracefulShutdown() {
+    process.on('SIGINT', async () => {
+      console.log(chalk.yellow('\n\n🛑 Received SIGINT, shutting down gracefully...'));
+      
+      // Stop NATS monitoring if active
+      if (this.natsObjectStore) {
+        this.natsObjectStore.stopMonitoring();
+        await this.natsObjectStore.disconnect();
+      }
+      
+      console.log(chalk.green('✅ Graceful shutdown completed'));
+      process.exit(0);
+    });
   }
 
   async loadConfigFromFile(configPath) {
@@ -115,6 +136,39 @@ class CLI {
     }
   }
 
+  async loadNATSConfig(natsConfigPath) {
+    try {
+      const fullPath = path.resolve(natsConfigPath);
+      if (!fs.existsSync(fullPath)) {
+        throw new Error(`NATS config file not found: ${fullPath}`);
+      }
+
+      const configContent = fs.readFileSync(fullPath, 'utf8');
+      const natsConfig = JSON.parse(configContent);
+
+      // Create NATS object store
+      this.natsObjectStore = new NATSObjectStore(natsConfig);
+
+      // Connect to NATS
+      const connected = await this.natsObjectStore.connect();
+      if (!connected) {
+        throw new Error('Failed to connect to NATS');
+      }
+
+      // Setup object store bucket
+      const bucketReady = await this.natsObjectStore.getOrCreateBucket();
+      if (!bucketReady) {
+        throw new Error('Failed to setup Object Store bucket');
+      }
+
+      console.log(chalk.green(`✅ NATS configuration loaded from: ${fullPath}`));
+      return true;
+    } catch (error) {
+      console.error(chalk.red(`❌ Failed to load NATS config file: ${error.message}`));
+      return false;
+    }
+  }
+
   async promptForConfig() {
     console.log(chalk.blue('\n🚀 Superstream Kafka Analyzer\n'));
     console.log(chalk.gray('Configure your analysis settings:\n'));
@@ -177,6 +231,7 @@ class CLI {
 
     // Authentication configuration based on vendor
     let saslConfig = null;
+    let sslConfig = null;
     if (vendorAnswer.vendor === 'aws-msk') {
       console.log(chalk.yellow('\n🔐 AWS MSK Authentication'));
       const authType = await inquirer.prompt([
@@ -268,27 +323,50 @@ class CLI {
         {
           type: 'input',
           name: 'username',
-          message: 'Username:',
+          message: 'Username (leave empty is using SSL only):',
           validate: (input) => {
-            if (!input.trim()) return 'Username is required for Aiven';
             return true;
           }
         },
         {
           type: 'password',
           name: 'password',
-          message: 'Password:',
+          message: 'Password (leave empty if using SSL only):',
           validate: (input) => {
-            if (!input.trim()) return 'Password is required for Aiven';
             return true;
           }
+        },
+        {
+          type: 'input',
+          name: 'caPath',
+          message: 'CA Certificate path (optional, e.g., "./certs/ca.pem"):',
+          default: './certs/ca.pem'
+        },
+        {
+          type: 'input',
+          name: 'certPath',
+          message: 'Client Certificate path (optional, eg. "./certs/service.cert"):',
+          default: './certs/service.cert',
+        },
+        {
+          type: 'input',
+          name: 'keyPath',
+          message: 'Client Private Key path (optional, eg. "./certs/service.key"):',
+          default: './certs/service.key',
         }
       ]);
+      
       saslConfig = {
         mechanism: 'scram-sha-256',
         username: aivenAnswers.username,
         password: aivenAnswers.password
       };
+      
+      sslConfig = {
+        ca: aivenAnswers.caPath,
+        cert: aivenAnswers.certPath,
+        key: aivenAnswers.keyPath
+      };
     } else {
       // For other vendors, ask if SASL is needed
       const useSasl = await inquirer.prompt([
@@ -346,7 +424,8 @@ class CLI {
       brokers: kafkaAnswers.brokers.split(',').map(broker => broker.trim()), // Convert string to array
       vendor: vendorAnswer.vendor,
       useSasl: !!saslConfig,
-      sasl: saslConfig
+      sasl: saslConfig,
+      ssl: sslConfig
     };
 
     // File Output Configuration
@@ -417,6 +496,7 @@ class CLI {
 
       // Use Commander.js options
       const configPath = this.options.config;
+      const natsConfigPath = this.options.natsConfig;
 
       if (configPath) {
         console.log(chalk.gray(`Debug: Loading config from: ${configPath}`));
@@ -430,6 +510,16 @@ class CLI {
         await this.promptForConfig();
       }
 
+      // Load NATS config if provided
+      if (natsConfigPath) {
+        console.log(chalk.gray(`Debug: Loading NATS config from: ${natsConfigPath}`));
+        const natsConfigLoaded = await this.loadNATSConfig(natsConfigPath);
+        if (!natsConfigLoaded) {
+          process.exit(1);
+        }
+        console.log(chalk.gray('Debug: NATS config loaded successfully'));
+      }
+
       // Initialize services without validation
       console.log(chalk.yellow('\n⚠️  Validation skipped - proceeding directly to analysis'));
       this.kafkaClient = new KafkaClient(this.config.kafka);
@@ -582,6 +672,16 @@ class CLI {
       if (healthResults) {
         analysisResults.healthChecks = healthResults;
       }
+
+        // Store results in NATS
+      if (this.options.natsConfig) {
+        spinner.text = 'Saving results to NATS...';
+        spinner.render();
+        await this.natsObjectStore.storeObject(analysisResults);
+        spinner.stop();
+        console.log(chalk.green('\n✅ Analysis completed and stored to NATS!'));
+        process.exit(0);
+      }
 
       // Check if email is provided for file generation
       if (this.config.email && this.config.email.trim()) {