nginx
diff --git a/‎api/grpc/mpi/v1/command.pb.go‎
Lines changed: 306 additions & 198 deletions b/‎api/grpc/mpi/v1/command.pb.go‎
Lines changed: 306 additions & 198 deletions
diff --git a/‎api/grpc/mpi/v1/command.pb.validate.go‎
Lines changed: 149 additions & 0 deletions b/‎api/grpc/mpi/v1/command.pb.validate.go‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎api/grpc/mpi/v1/command.proto‎
Lines changed: 15 additions & 1 deletion b/‎api/grpc/mpi/v1/command.proto‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎docs/proto/protos.md‎
Lines changed: 20 additions & 0 deletions b/‎docs/proto/protos.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎internal/collector/otel_collector_plugin.go‎
Lines changed: 27 additions & 17 deletions b/‎internal/collector/otel_collector_plugin.go‎
Lines changed: 27 additions & 17 deletions
diff --git a/‎internal/watcher/health/health_watcher_service.go‎
Lines changed: 2 additions & 1 deletion b/‎internal/watcher/health/health_watcher_service.go‎
Lines changed: 2 additions & 1 deletion
@@ -273,6 +273,8 @@ message InstanceMeta {
         INSTANCE_TYPE_NGINX_PLUS = 3;
         // NGINX Unit
         INSTANCE_TYPE_UNIT = 4;
+        // NGINX App Protect
+        INSTANCE_TYPE_NGINX_APP_PROTECT = 5;
     }
     // the types of instances possible
     InstanceType instance_type = 2;
@@ -296,13 +298,15 @@ message InstanceRuntime {
     // the binary path location
     string binary_path = 2 [(buf.validate.field).string.prefix = "/"];
     // the config path location
-    string config_path = 3 [(buf.validate.field).string.prefix = "/"];
+    string config_path = 3 [(buf.validate.field).string.pattern = "^\\/.*|^$"];
     // more detailed runtime objects
     oneof details {
         // NGINX runtime configuration settings like stub_status, usually read from the NGINX config or NGINX process
         NGINXRuntimeInfo nginx_runtime_info = 4;
         // NGINX Plus runtime configuration settings like api value, usually read from the NGINX config, NGINX process or NGINX Plus API
         NGINXPlusRuntimeInfo nginx_plus_runtime_info = 5;
+        // NGINX App Protect runtime information
+        NGINXAppProtectRuntimeInfo nginx_app_protect_runtime_info = 7;
     }
     // List of worker processes
     repeated InstanceChild instance_children = 6;
@@ -350,6 +354,16 @@ message APIDetails {
     string listen =  2;
 }
 
+// A set of runtime NGINX App Protect settings
+message NGINXAppProtectRuntimeInfo {
+    // NGINX App Protect Release 
+    string release = 1;
+    // Attack signature version
+    string attack_signature_version = 2;
+    // Threat campaign version
+    string threat_campaign_version = 3;
+}
+
 // A set of actions that can be performed on an instance
 message InstanceAction {}
 
 
@@ -65,6 +65,7 @@
     - [InstanceRuntime](#mpi-v1-InstanceRuntime)
     - [ManagementPlaneRequest](#mpi-v1-ManagementPlaneRequest)
     - [MetricsServer](#mpi-v1-MetricsServer)
+    - [NGINXAppProtectRuntimeInfo](#mpi-v1-NGINXAppProtectRuntimeInfo)
     - [NGINXPlusAction](#mpi-v1-NGINXPlusAction)
     - [NGINXPlusRuntimeInfo](#mpi-v1-NGINXPlusRuntimeInfo)
     - [NGINXRuntimeInfo](#mpi-v1-NGINXRuntimeInfo)
@@ -954,6 +955,7 @@ Meta-information relating to the reported instance
 | config_path | [string](#string) |  | the config path location |
 | nginx_runtime_info | [NGINXRuntimeInfo](#mpi-v1-NGINXRuntimeInfo) |  | NGINX runtime configuration settings like stub_status, usually read from the NGINX config or NGINX process |
 | nginx_plus_runtime_info | [NGINXPlusRuntimeInfo](#mpi-v1-NGINXPlusRuntimeInfo) |  | NGINX Plus runtime configuration settings like api value, usually read from the NGINX config, NGINX process or NGINX Plus API |
+| nginx_app_protect_runtime_info | [NGINXAppProtectRuntimeInfo](#mpi-v1-NGINXAppProtectRuntimeInfo) |  | NGINX App Protect runtime information |
 | instance_children | [InstanceChild](#mpi-v1-InstanceChild) | repeated | List of worker processes |
 
 
@@ -992,6 +994,23 @@ The metrics settings associated with origins (sources) of the metrics and destin
 
 
 
+<a name="mpi-v1-NGINXAppProtectRuntimeInfo"></a>
+
+### NGINXAppProtectRuntimeInfo
+A set of runtime NGINX App Protect settings
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| release | [string](#string) |  | NGINX App Protect Release |
+| attack_signature_version | [string](#string) |  | Attack signature version |
+| threat_campaign_version | [string](#string) |  | Threat campaign version |
+
+
+
+
+
+
 <a name="mpi-v1-NGINXPlusAction"></a>
 
 ### NGINXPlusAction
@@ -1209,6 +1228,7 @@ the types of instances possible
 | INSTANCE_TYPE_NGINX | 2 | NGINX |
 | INSTANCE_TYPE_NGINX_PLUS | 3 | NGINX Plus |
 | INSTANCE_TYPE_UNIT | 4 | NGINX Unit |
+| INSTANCE_TYPE_NGINX_APP_PROTECT | 5 | NGINX App Protect |
 
 
 
 
@@ -14,6 +14,8 @@ import (
 	"sync"
 	"time"
 
+	pkgConfig "github.com/nginx/agent/v3/pkg/config"
+
 	"github.com/nginx/agent/v3/api/grpc/mpi/v1"
 	"github.com/nginx/agent/v3/internal/backoff"
 	"github.com/nginx/agent/v3/internal/bus"
@@ -408,28 +410,36 @@ func (oc *Collector) checkForNewReceivers(nginxConfigContext *model.NginxConfigC
 
 		reloadCollector = true
 	} else if nginxConfigContext.PlusAPI.URL == "" {
-		nginxReceiverFound, reloadCollector = oc.updateExistingNginxOSSReceiver(nginxConfigContext)
-
-		if !nginxReceiverFound && nginxConfigContext.StubStatus.URL != "" {
-			oc.config.Collector.Receivers.NginxReceivers = append(
-				oc.config.Collector.Receivers.NginxReceivers,
-				config.NginxReceiver{
-					InstanceID: nginxConfigContext.InstanceID,
-					StubStatus: config.APIDetails{
-						URL:      nginxConfigContext.StubStatus.URL,
-						Listen:   nginxConfigContext.StubStatus.Listen,
-						Location: nginxConfigContext.StubStatus.Location,
-					},
-					AccessLogs: toConfigAccessLog(nginxConfigContext.AccessLogs),
-				},
-			)
+		reloadCollector = oc.addNginxOssReceiver(nginxConfigContext)
+	}
 
+	if oc.config.IsFeatureEnabled(pkgConfig.FeatureLogsNap) {
+		tcplogReceiversFound := oc.updateTcplogReceivers(nginxConfigContext)
+		if tcplogReceiversFound {
 			reloadCollector = true
 		}
 	}
 
-	tcplogReceiversFound := oc.updateTcplogReceivers(nginxConfigContext)
-	if tcplogReceiversFound {
+	return reloadCollector
+}
+
+func (oc *Collector) addNginxOssReceiver(nginxConfigContext *model.NginxConfigContext) bool {
+	nginxReceiverFound, reloadCollector := oc.updateExistingNginxOSSReceiver(nginxConfigContext)
+
+	if !nginxReceiverFound && nginxConfigContext.StubStatus.URL != "" {
+		oc.config.Collector.Receivers.NginxReceivers = append(
+			oc.config.Collector.Receivers.NginxReceivers,
+			config.NginxReceiver{
+				InstanceID: nginxConfigContext.InstanceID,
+				StubStatus: config.APIDetails{
+					URL:      nginxConfigContext.StubStatus.URL,
+					Listen:   nginxConfigContext.StubStatus.Listen,
+					Location: nginxConfigContext.StubStatus.Location,
+				},
+				AccessLogs: toConfigAccessLog(nginxConfigContext.AccessLogs),
+			},
+		)
+
 		reloadCollector = true
 	}
 
 
@@ -61,7 +61,8 @@ func (hw *HealthWatcherService) AddHealthWatcher(instances []*mpi.Instance) {
 			hw.watchers[instance.GetInstanceMeta().GetInstanceId()] = watcher
 		case mpi.InstanceMeta_INSTANCE_TYPE_AGENT:
 		case mpi.InstanceMeta_INSTANCE_TYPE_UNSPECIFIED,
-			mpi.InstanceMeta_INSTANCE_TYPE_UNIT:
+			mpi.InstanceMeta_INSTANCE_TYPE_UNIT,
+			mpi.InstanceMeta_INSTANCE_TYPE_NGINX_APP_PROTECT:
 			fallthrough
 		default:
 			slog.Warn("Health watcher not implemented", "instance_type",