@agentmark-ai/cli 0.5.2 → 0.6.0

package/dist/commands/login.js

@@ -0,0 +1,100 @@
+"use strict";
+/**
+ * CLI Login Command
+ * Feature: 013-trace-tunnel
+ *
+ * Implements `agentmark login` - authenticates the CLI with the platform using
+ * browser-based OAuth with localhost token relay.
+ *
+ * Flow:
+ * - Check existing auth (skip if valid)
+ * - Start callback server on random port
+ * - Open browser to platform /auth/cli
+ * - Platform handles OAuth (Google/GitHub) via Supabase
+ * - Platform redirects to localhost callback with session tokens
+ * - Save credentials to ~/.agentmark/auth.json
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = login;
+const pkce_1 = require("../auth/pkce");
+const callback_server_1 = require("../auth/callback-server");
+const credentials_1 = require("../auth/credentials");
+const token_refresh_1 = require("../auth/token-refresh");
+const constants_1 = require("../auth/constants");
+/**
+ * Executes the login flow.
+ */
+function login() {
+    return __awaiter(this, arguments, void 0, function* (options = {}) {
+        const platformUrl = options.baseUrl || constants_1.DEFAULT_PLATFORM_URL;
+        const supabaseUrl = options.supabaseUrl || constants_1.DEFAULT_SUPABASE_URL;
+        const supabaseAnonKey = options.supabaseAnonKey || constants_1.DEFAULT_SUPABASE_ANON_KEY;
+        // Step 1: Check existing auth
+        const existing = (0, credentials_1.loadCredentials)();
+        if (existing) {
+            if (!(0, credentials_1.isExpired)(existing)) {
+                console.log(`✓ Already logged in as ${existing.email}`);
+                return;
+            }
+            // Try to refresh expired token
+            console.log('⚠️  Token expired, attempting refresh...');
+            const refreshed = yield (0, token_refresh_1.refreshAccessToken)(existing, supabaseUrl, supabaseAnonKey);
+            if (refreshed) {
+                console.log(`✓ Token refreshed. Logged in as ${refreshed.email}`);
+                return;
+            }
+            console.log('⚠️  Refresh failed. Starting new login...');
+        }
+        try {
+            // Step 2: Generate state for CSRF protection
+            const state = (0, pkce_1.generateState)();
+            // Step 3: Start callback server
+            const { port, waitForCallback, close } = yield (0, callback_server_1.startCallbackServer)(state);
+            // Step 4: Build auth URL
+            const authUrl = new URL(`${platformUrl}/auth/cli`);
+            authUrl.searchParams.set('redirect_port', port.toString());
+            authUrl.searchParams.set('state', state);
+            console.log('Opening browser to log in...\n');
+            // Step 5: Open browser
+            try {
+                const open = (yield import('open')).default;
+                yield open(authUrl.toString());
+            }
+            catch (error) {
+                console.log(`✗ Failed to open browser automatically.`);
+                console.log(`\nVisit this URL manually:\n${authUrl.toString()}\n`);
+            }
+            // Step 6: Wait for callback with session tokens (30s timeout)
+            const result = yield waitForCallback();
+            // Step 7: Save credentials
+            const credentials = {
+                user_id: result.user_id,
+                email: result.email,
+                access_token: result.access_token,
+                refresh_token: result.refresh_token,
+                expires_at: result.expires_at,
+                created_at: new Date().toISOString(),
+            };
+            (0, credentials_1.saveCredentials)(credentials);
+            console.log(`\n✓ Logged in as ${credentials.email}`);
+            close();
+        }
+        catch (error) {
+            if (error.message.includes('timed out')) {
+                console.log('\n✗ Login timed out. Please try again.');
+                process.exit(1);
+            }
+            throw error;
+        }
+    });
+}
+//# sourceMappingURL=login.js.map

package/dist/commands/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../cli-src/commands/login.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;AA0BH,wBA6EC;AArGD,uCAA6C;AAC7C,6DAA8D;AAC9D,qDAI6B;AAC7B,yDAA2D;AAE3D,iDAI2B;AAQ3B;;GAEG;AACH,SAA8B,KAAK;yDAAC,UAAwB,EAAE;QAC5D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,IAAI,gCAAoB,CAAC;QAC5D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,gCAAoB,CAAC;QAChE,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,qCAAyB,CAAC;QAE7E,8BAA8B;QAC9B,MAAM,QAAQ,GAAG,IAAA,6BAAe,GAAE,CAAC;QACnC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,IAAA,uBAAS,EAAC,QAAQ,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,0BAA0B,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;gBACxD,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YACxD,MAAM,SAAS,GAAG,MAAM,IAAA,kCAAkB,EACxC,QAAQ,EACR,WAAW,EACX,eAAe,CAChB,CAAC;YACF,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,mCAAmC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC;YACH,6CAA6C;YAC7C,MAAM,KAAK,GAAG,IAAA,oBAAa,GAAE,CAAC;YAE9B,gCAAgC;YAChC,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,qCAAmB,EAAC,KAAK,CAAC,CAAC;YAE1E,yBAAyB;YACzB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,WAAW,WAAW,CAAC,CAAC;YACnD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAEzC,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YAE9C,uBAAuB;YACvB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;gBAC5C,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,+BAA+B,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACrE,CAAC;YAED,8DAA8D;YAC9D,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;YAEvC,2BAA2B;YAC3B,MAAM,WAAW,GAAuB;gBACtC,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC,CAAC;YAEF,IAAA,6BAAe,EAAC,WAAW,CAAC,CAAC;YAE7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;YAErD,KAAK,EAAE,CAAC;QACV,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnD,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CAAA"}

package/dist/commands/logout.d.ts

@@ -0,0 +1,20 @@
+/**
+ * CLI Logout Command
+ * Feature: 013-trace-tunnel
+ *
+ * Implements `agentmark logout` - clears CLI authentication and revokes dev API keys.
+ *
+ * Per cli-commands.md contract:
+ * - Load credentials from ~/.agentmark/auth.json
+ * - Load forwarding config from .agentmark/dev-config.json
+ * - Revoke dev API key via platform API
+ * - Delete auth credentials file
+ * - Clear forwarding config
+ */
+export interface LogoutOptions {
+    baseUrl?: string;
+}
+/**
+ * Executes the logout flow.
+ */
+export default function logout(options?: LogoutOptions): Promise<void>;

package/dist/commands/logout.js

@@ -0,0 +1,75 @@
+"use strict";
+/**
+ * CLI Logout Command
+ * Feature: 013-trace-tunnel
+ *
+ * Implements `agentmark logout` - clears CLI authentication and revokes dev API keys.
+ *
+ * Per cli-commands.md contract:
+ * - Load credentials from ~/.agentmark/auth.json
+ * - Load forwarding config from .agentmark/dev-config.json
+ * - Revoke dev API key via platform API
+ * - Delete auth credentials file
+ * - Clear forwarding config
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = logout;
+const credentials_1 = require("../auth/credentials");
+const config_1 = require("../forwarding/config");
+// Default platform URL
+const DEFAULT_PLATFORM_URL = 'https://app.agentmark.co';
+/**
+ * Executes the logout flow.
+ */
+function logout() {
+    return __awaiter(this, arguments, void 0, function* (options = {}) {
+        const platformUrl = options.baseUrl || DEFAULT_PLATFORM_URL;
+        // Step 1: Load credentials
+        const credentials = (0, credentials_1.loadCredentials)();
+        if (!credentials) {
+            console.log('Not logged in.');
+            return;
+        }
+        // Step 2: Load forwarding config
+        const forwardingConfig = (0, config_1.loadForwardingConfig)();
+        // Step 3: Revoke dev API key if it exists
+        if (forwardingConfig === null || forwardingConfig === void 0 ? void 0 : forwardingConfig.apiKeyId) {
+            try {
+                const revokeUrl = `${platformUrl}/api/cli/dev-key/${forwardingConfig.apiKeyId}`;
+                const response = yield fetch(revokeUrl, {
+                    method: 'DELETE',
+                    headers: {
+                        Authorization: `Bearer ${credentials.access_token}`,
+                    },
+                });
+                if (response.ok) {
+                    console.log('✓ Dev API key revoked');
+                }
+                else if (response.status === 404) {
+                    // Key already revoked or doesn't exist - that's fine
+                }
+                else {
+                    console.log('⚠️  Failed to revoke dev API key (continuing anyway)');
+                }
+            }
+            catch (error) {
+                console.log('⚠️  Failed to revoke dev API key (continuing anyway)');
+            }
+        }
+        // Step 4: Clear credentials file
+        (0, credentials_1.clearCredentials)();
+        // Step 5: Clear forwarding config
+        (0, config_1.clearForwardingConfig)();
+        console.log('✓ Logged out. Dev API keys revoked.');
+    });
+}
+//# sourceMappingURL=logout.js.map

package/dist/commands/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../cli-src/commands/logout.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;AAqBH,yBA6CC;AAhED,qDAG6B;AAC7B,iDAG8B;AAE9B,uBAAuB;AACvB,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;AAMxD;;GAEG;AACH,SAA8B,MAAM;yDAClC,UAAyB,EAAE;QAE3B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,IAAI,oBAAoB,CAAC;QAE5D,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAA,6BAAe,GAAE,CAAC;QACtC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,IAAA,6BAAoB,GAAE,CAAC;QAEhD,0CAA0C;QAC1C,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,GAAG,WAAW,oBAAoB,gBAAgB,CAAC,QAAQ,EAAE,CAAC;gBAChF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;oBACtC,MAAM,EAAE,QAAQ;oBAChB,OAAO,EAAE;wBACP,aAAa,EAAE,UAAU,WAAW,CAAC,YAAY,EAAE;qBACpD;iBACF,CAAC,CAAC;gBAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;oBAChB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACvC,CAAC;qBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACnC,qDAAqD;gBACvD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,IAAA,8BAAgB,GAAE,CAAC;QAEnB,kCAAkC;QAClC,IAAA,8BAAqB,GAAE,CAAC;QAExB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;CAAA"}

package/dist/config.d.ts

@@ -7,6 +7,15 @@ export interface LocalConfig {
     tunnelSubdomain?: string;
     createdAt?: string;
     appPort?: number;
+    forwarding?: {
+        appId?: string;
+        appName?: string;
+        tenantId?: string;
+        apiKey?: string;
+        apiKeyId?: string;
+        expiresAt?: string;
+        baseUrl?: string;
+    };
 }
 /**
  * Loads the local development configuration.

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../cli-src/config.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;AAqGH,0CAuCC;AAgCD,4CASC;AAKD,gDAGC;AAKD,gCAMC;AAKD,gCAGC;AA9MD,4CAAoB;AACpB,gDAAwB;AACxB,oDAA4B;AAC5B,4CAAoB;AAEpB,0BAA0B;AAC1B,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACvC,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAChC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AASjC,qDAAqD;AACrD,IAAI,YAAY,GAAuB,IAAI,CAAC;AAC5C,IAAI,gBAAgB,GAAkB,IAAI,CAAC;AAE3C,SAAS,aAAa;IACpB,iEAAiE;IACjE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,YAAE,CAAC,MAAM,EAAE,CAAC;QAC3B,OAAO,cAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;IACzD,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAE/C,kDAAkD;QAClD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,YAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,CAAC;QAED,wDAAwD;QACxD,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAE1B,OAAO,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IACjD,CAAC;IAAC,WAAM,CAAC;QACP,uDAAuD;QACvD,MAAM,MAAM,GAAG,YAAE,CAAC,MAAM,EAAE,CAAC;QAC3B,OAAO,cAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAAmB;IAC/C,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,cAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,4BAA4B,CAAC;QAE3C,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAC1B,IAAI,YAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,gBAAgB,GAAG,YAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,2BAA2B;YAC3B,MAAM,UAAU,GAAG,gBAAgB;gBACjC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC7C,qEAAqE;gBACrE,KAAK,GAAG,IAAI,CAAC;YAEf,YAAE,CAAC,aAAa,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,+BAA+B;IACjC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB;IAC5B,OAAO,gBAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,6CAA6C;IAC7C,MAAM,UAAU,GAAG,gBAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9E,OAAO,aAAa,UAAU,EAAE,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe;IAC7B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,YAAY,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,CAAC;QACH,IAAI,YAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,YAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;YAE/C,kDAAkD;YAClD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC/C,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC;gBAE5E,IAAI,iBAAiB,GAAG,sBAAsB,EAAE,CAAC;oBAC/C,OAAO,CAAC,GAAG,CAAC,kCAAkC,sBAAsB,wBAAwB,CAAC,CAAC;oBAC9F,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;oBACpC,YAAY,GAAG,SAAS,CAAC;oBACzB,gBAAgB,GAAG,UAAU,CAAC;oBAC9B,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YAED,YAAY,GAAG,MAAM,CAAC;YACtB,gBAAgB,GAAG,UAAU,CAAC;YAC9B,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,YAAY,GAAG,SAAS,CAAC;IACzB,gBAAgB,GAAG,UAAU,CAAC;IAC9B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe;IACtB,MAAM,MAAM,GAAgB;QAC1B,aAAa,EAAE,qBAAqB,EAAE;QACtC,eAAe,EAAE,iBAAiB,EAAE;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,eAAe,CAAC,MAAM,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAmB;IAC1C,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,YAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,kEAAkE;IAClE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC/F,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IAC9C,CAAC;IAED,0CAA0C;IAC1C,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,CAAC,aAAc,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,IAAY;IACrC,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,eAAe,CAAC,MAAM,CAAC,CAAC;IACxB,eAAe;IACf,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU;;IACxB,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAA,MAAM,CAAC,OAAO,mCAAI,IAAI,CAAC;AAChC,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../cli-src/config.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;AA8GH,0CAuCC;AAgCD,4CASC;AAKD,gDAGC;AAKD,gCAMC;AAKD,gCAGC;AAvND,4CAAoB;AACpB,gDAAwB;AACxB,oDAA4B;AAC5B,4CAAoB;AAEpB,0BAA0B;AAC1B,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACvC,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAChC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAkBjC,qDAAqD;AACrD,IAAI,YAAY,GAAuB,IAAI,CAAC;AAC5C,IAAI,gBAAgB,GAAkB,IAAI,CAAC;AAE3C,SAAS,aAAa;IACpB,iEAAiE;IACjE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,YAAE,CAAC,MAAM,EAAE,CAAC;QAC3B,OAAO,cAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;IACzD,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAE/C,kDAAkD;QAClD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,YAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,CAAC;QAED,wDAAwD;QACxD,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAE1B,OAAO,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IACjD,CAAC;IAAC,WAAM,CAAC;QACP,uDAAuD;QACvD,MAAM,MAAM,GAAG,YAAE,CAAC,MAAM,EAAE,CAAC;QAC3B,OAAO,cAAI,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAAmB;IAC/C,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,cAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,4BAA4B,CAAC;QAE3C,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAC1B,IAAI,YAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,gBAAgB,GAAG,YAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,2BAA2B;YAC3B,MAAM,UAAU,GAAG,gBAAgB;gBACjC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC7C,qEAAqE;gBACrE,KAAK,GAAG,IAAI,CAAC;YAEf,YAAE,CAAC,aAAa,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,+BAA+B;IACjC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB;IAC5B,OAAO,gBAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,6CAA6C;IAC7C,MAAM,UAAU,GAAG,gBAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9E,OAAO,aAAa,UAAU,EAAE,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe;IAC7B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,YAAY,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,CAAC;QACH,IAAI,YAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,YAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;YAE/C,kDAAkD;YAClD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC/C,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC;gBAE5E,IAAI,iBAAiB,GAAG,sBAAsB,EAAE,CAAC;oBAC/C,OAAO,CAAC,GAAG,CAAC,kCAAkC,sBAAsB,wBAAwB,CAAC,CAAC;oBAC9F,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;oBACpC,YAAY,GAAG,SAAS,CAAC;oBACzB,gBAAgB,GAAG,UAAU,CAAC;oBAC9B,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YAED,YAAY,GAAG,MAAM,CAAC;YACtB,gBAAgB,GAAG,UAAU,CAAC;YAC9B,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,YAAY,GAAG,SAAS,CAAC;IACzB,gBAAgB,GAAG,UAAU,CAAC;IAC9B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe;IACtB,MAAM,MAAM,GAAgB;QAC1B,aAAa,EAAE,qBAAqB,EAAE;QACtC,eAAe,EAAE,iBAAiB,EAAE;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,eAAe,CAAC,MAAM,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAmB;IAC1C,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,YAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,kEAAkE;IAClE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC/F,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IAC9C,CAAC;IAED,0CAA0C;IAC1C,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,CAAC,aAAc,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,CAAC,eAAe,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,IAAY;IACrC,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,eAAe,CAAC,MAAM,CAAC,CAAC;IACxB,eAAe;IACf,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU;;IACxB,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAA,MAAM,CAAC,OAAO,mCAAI,IAAI,CAAC;AAChC,CAAC"}

package/dist/forwarding/config.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Forwarding configuration read/write.
+ * Manages the `forwarding` section of the shared `.agentmark/dev-config.json` file.
+ */
+import { LocalConfig } from '../config';
+export type ForwardingConfig = NonNullable<LocalConfig['forwarding']>;
+/**
+ * Loads the forwarding configuration from the shared dev-config.json.
+ * Returns null if no forwarding config has been saved.
+ */
+export declare function loadForwardingConfig(): ForwardingConfig | null;
+/**
+ * Saves forwarding configuration into the shared dev-config.json.
+ * Merges with the existing config so other fields are preserved.
+ */
+export declare function saveForwardingConfig(forwarding: ForwardingConfig): void;
+/**
+ * Removes the forwarding configuration from the shared dev-config.json.
+ * Preserves all other config fields.
+ */
+export declare function clearForwardingConfig(): void;
+/**
+ * Checks whether the API key in the forwarding config has expired.
+ * Returns true if `expiresAt` is set and is in the past.
+ * Returns false if `expiresAt` is not set (no expiration).
+ */
+export declare function isKeyExpired(config: ForwardingConfig): boolean;

package/dist/forwarding/config.js

@@ -0,0 +1,84 @@
+"use strict";
+/**
+ * Forwarding configuration read/write.
+ * Manages the `forwarding` section of the shared `.agentmark/dev-config.json` file.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadForwardingConfig = loadForwardingConfig;
+exports.saveForwardingConfig = saveForwardingConfig;
+exports.clearForwardingConfig = clearForwardingConfig;
+exports.isKeyExpired = isKeyExpired;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const config_1 = require("../config");
+/**
+ * Returns the path to the shared dev-config.json file.
+ * Mirrors the logic in ../config.ts to ensure both modules
+ * read/write the same file.
+ */
+function getConfigPath() {
+    if (process.env.NODE_ENV === 'test' || process.env.VITEST) {
+        return path_1.default.join(os_1.default.tmpdir(), '.agentmark-dev-config.json');
+    }
+    const cwd = process.cwd();
+    return path_1.default.join(cwd, '.agentmark', 'dev-config.json');
+}
+/**
+ * Writes the full config object back to the shared config file.
+ */
+function writeConfig(config) {
+    const configPath = getConfigPath();
+    try {
+        const configDir = path_1.default.dirname(configPath);
+        if (!fs_1.default.existsSync(configDir)) {
+            fs_1.default.mkdirSync(configDir, { recursive: true });
+        }
+        fs_1.default.writeFileSync(configPath, JSON.stringify(config, null, 2), 'utf-8');
+    }
+    catch (error) {
+        console.error('Error saving forwarding config:', error);
+    }
+}
+/**
+ * Loads the forwarding configuration from the shared dev-config.json.
+ * Returns null if no forwarding config has been saved.
+ */
+function loadForwardingConfig() {
+    var _a;
+    const config = (0, config_1.loadLocalConfig)();
+    return (_a = config.forwarding) !== null && _a !== void 0 ? _a : null;
+}
+/**
+ * Saves forwarding configuration into the shared dev-config.json.
+ * Merges with the existing config so other fields are preserved.
+ */
+function saveForwardingConfig(forwarding) {
+    const config = (0, config_1.loadLocalConfig)();
+    config.forwarding = forwarding;
+    writeConfig(config);
+}
+/**
+ * Removes the forwarding configuration from the shared dev-config.json.
+ * Preserves all other config fields.
+ */
+function clearForwardingConfig() {
+    const config = (0, config_1.loadLocalConfig)();
+    delete config.forwarding;
+    writeConfig(config);
+}
+/**
+ * Checks whether the API key in the forwarding config has expired.
+ * Returns true if `expiresAt` is set and is in the past.
+ * Returns false if `expiresAt` is not set (no expiration).
+ */
+function isKeyExpired(config) {
+    if (!config.expiresAt) {
+        return false;
+    }
+    return new Date(config.expiresAt).getTime() < Date.now();
+}
+//# sourceMappingURL=config.js.map

package/dist/forwarding/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../cli-src/forwarding/config.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;AA4CH,oDAGC;AAMD,oDAIC;AAMD,sDAIC;AAOD,oCAKC;AA7ED,4CAAoB;AACpB,gDAAwB;AACxB,4CAAoB;AACpB,sCAAyD;AAIzD;;;;GAIG;AACH,SAAS,aAAa;IACpB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAC1D,OAAO,cAAI,CAAC,IAAI,CAAC,YAAE,CAAC,MAAM,EAAE,EAAE,4BAA4B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,OAAO,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,MAAmB;IACtC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,YAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,CAAC;QACD,YAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB;;IAClC,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,OAAO,MAAA,MAAM,CAAC,UAAU,mCAAI,IAAI,CAAC;AACnC,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,UAA4B;IAC/D,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,WAAW,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB;IACnC,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,OAAO,MAAM,CAAC,UAAU,CAAC;IACzB,WAAW,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED;;;;GAIG;AACH,SAAgB,YAAY,CAAC,MAAwB;IACnD,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAC3D,CAAC"}

package/dist/forwarding/forwarder.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Trace Forwarding Service
+ * Feature: 013-trace-tunnel
+ *
+ * Forwards locally-generated traces to the platform gateway in near-real-time.
+ *
+ * Per forwarding-protocol.md:
+ * - In-memory FIFO queue (max 100)
+ * - Async HTTP POST with Authorization and X-Agentmark-App-Id headers
+ * - Retry policy: 3 retries with exponential backoff (1s, 2s, 4s)
+ * - 10s timeout per request
+ * - Handle 401 → stop forwarding, 429 → respect Retry-After
+ * - Rate limiting: max 50 forwards/second
+ */
+import { ForwardingConfig } from './config';
+interface ForwardingStats {
+    sent: number;
+    failed: number;
+    buffered: number;
+}
+type TracePayload = Record<string, unknown>;
+export declare class TraceForwarder {
+    private config;
+    private queue;
+    private stats;
+    private isStopped;
+    private processingPromise;
+    private forwardCount;
+    private forwardWindowStart;
+    constructor(config: ForwardingConfig);
+    /**
+     * Enqueues a trace payload for forwarding.
+     * Drops oldest trace if queue is full.
+     * Never throws — forwarding failures are non-fatal by design.
+     */
+    enqueue(payload: TracePayload): void;
+    /**
+     * Checks if we're within the rate limit.
+     * Resets the window every second.
+     */
+    private checkRateLimit;
+    /**
+     * Processes queued traces asynchronously.
+     */
+    private processQueue;
+    /**
+     * Forwards a single trace with retry logic.
+     */
+    private forwardWithRetry;
+    /**
+     * Attempts to forward a trace once.
+     */
+    private forwardOnce;
+    /**
+     * Flushes all buffered traces with a timeout.
+     * Returns the number of traces that could not be flushed.
+     */
+    flush(timeoutMs?: number): Promise<number>;
+    /**
+     * Stops the forwarder.
+     * No more traces will be accepted after calling stop().
+     */
+    stop(): void;
+    /**
+     * Returns current forwarding statistics.
+     */
+    getStats(): ForwardingStats;
+}
+export {};

package/dist/forwarding/forwarder.js

@@ -0,0 +1,225 @@
+"use strict";
+/**
+ * Trace Forwarding Service
+ * Feature: 013-trace-tunnel
+ *
+ * Forwards locally-generated traces to the platform gateway in near-real-time.
+ *
+ * Per forwarding-protocol.md:
+ * - In-memory FIFO queue (max 100)
+ * - Async HTTP POST with Authorization and X-Agentmark-App-Id headers
+ * - Retry policy: 3 retries with exponential backoff (1s, 2s, 4s)
+ * - 10s timeout per request
+ * - Handle 401 → stop forwarding, 429 → respect Retry-After
+ * - Rate limiting: max 50 forwards/second
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TraceForwarder = void 0;
+const MAX_QUEUE_SIZE = 100;
+const REQUEST_TIMEOUT_MS = 10000;
+const MAX_RETRIES = 3;
+const RETRY_DELAYS_MS = [1000, 2000, 4000]; // Exponential backoff
+const MAX_FORWARDS_PER_SECOND = 50;
+class TraceForwarder {
+    constructor(config) {
+        this.queue = [];
+        this.stats = { sent: 0, failed: 0, buffered: 0 };
+        this.isStopped = false;
+        this.processingPromise = null;
+        this.forwardCount = 0;
+        this.forwardWindowStart = Date.now();
+        if (!config.apiKey || !config.baseUrl || !config.appId) {
+            throw new Error('Invalid forwarding config: missing required fields');
+        }
+        this.config = config;
+    }
+    /**
+     * Enqueues a trace payload for forwarding.
+     * Drops oldest trace if queue is full.
+     * Never throws — forwarding failures are non-fatal by design.
+     */
+    enqueue(payload) {
+        try {
+            if (this.isStopped) {
+                return;
+            }
+            // Check rate limit
+            if (!this.checkRateLimit()) {
+                console.warn('[trace-forward] ⚠️  Rate limit exceeded, buffering trace');
+            }
+            // Add to queue
+            this.queue.push(payload);
+            // Drop oldest if queue exceeds max size
+            if (this.queue.length > MAX_QUEUE_SIZE) {
+                this.queue.shift();
+                console.warn('[trace-forward] ⚠️  Queue full, dropped oldest trace');
+            }
+            this.stats.buffered = this.queue.length;
+            // Start processing if not already running
+            if (!this.processingPromise) {
+                this.processingPromise = this.processQueue();
+            }
+        }
+        catch (_a) {
+            // Silently drop — caller (API server) must never be affected by forwarding issues
+        }
+    }
+    /**
+     * Checks if we're within the rate limit.
+     * Resets the window every second.
+     */
+    checkRateLimit() {
+        const now = Date.now();
+        const elapsed = now - this.forwardWindowStart;
+        // Reset window every second
+        if (elapsed >= 1000) {
+            this.forwardCount = 0;
+            this.forwardWindowStart = now;
+        }
+        return this.forwardCount < MAX_FORWARDS_PER_SECOND;
+    }
+    /**
+     * Processes queued traces asynchronously.
+     */
+    processQueue() {
+        return __awaiter(this, void 0, void 0, function* () {
+            while (this.queue.length > 0 && !this.isStopped) {
+                const payload = this.queue.shift();
+                if (!payload)
+                    break;
+                this.stats.buffered = this.queue.length;
+                // Check rate limit before forwarding
+                while (!this.checkRateLimit()) {
+                    yield sleep(100); // Wait briefly before retrying
+                }
+                const success = yield this.forwardWithRetry(payload);
+                if (success) {
+                    this.stats.sent++;
+                    this.forwardCount++;
+                }
+                else {
+                    this.stats.failed++;
+                }
+            }
+            this.processingPromise = null;
+        });
+    }
+    /**
+     * Forwards a single trace with retry logic.
+     */
+    forwardWithRetry(payload) {
+        return __awaiter(this, void 0, void 0, function* () {
+            for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+                const result = yield this.forwardOnce(payload);
+                if (result.success) {
+                    return true;
+                }
+                // Stop forwarding on 401 (auth failure)
+                if (result.status === 401) {
+                    console.error('[trace-forward] ✗ Auth expired. Run \'agentmark login\' to re-authenticate.');
+                    this.stop();
+                    return false;
+                }
+                // Respect Retry-After on 429
+                if (result.status === 429 && result.retryAfter) {
+                    const delay = result.retryAfter * 1000;
+                    console.warn(`[trace-forward] ⚠️  Rate limited, retrying after ${result.retryAfter}s`);
+                    yield sleep(delay);
+                    continue;
+                }
+                // Retry on network error or 5xx
+                if (attempt < MAX_RETRIES) {
+                    const delay = RETRY_DELAYS_MS[attempt];
+                    yield sleep(delay);
+                    continue;
+                }
+                // All retries exhausted
+                console.error(`[trace-forward] ✗ Failed to forward trace after ${MAX_RETRIES + 1} attempts`);
+                return false;
+            }
+            return false;
+        });
+    }
+    /**
+     * Attempts to forward a trace once.
+     */
+    forwardOnce(payload) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const controller = new AbortController();
+                const timeoutId = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+                const response = yield fetch(`${this.config.baseUrl}/v1/traces`, {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        Authorization: this.config.apiKey,
+                        'X-Agentmark-App-Id': this.config.appId,
+                    },
+                    body: JSON.stringify(payload),
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                if (response.ok || response.status === 202) {
+                    return { success: true };
+                }
+                // Extract Retry-After header for 429
+                let retryAfter;
+                if (response.status === 429) {
+                    const retryAfterHeader = response.headers.get('Retry-After');
+                    if (retryAfterHeader) {
+                        retryAfter = parseInt(retryAfterHeader, 10);
+                    }
+                }
+                return { success: false, status: response.status, retryAfter };
+            }
+            catch (error) {
+                // Network error or timeout
+                return { success: false };
+            }
+        });
+    }
+    /**
+     * Flushes all buffered traces with a timeout.
+     * Returns the number of traces that could not be flushed.
+     */
+    flush() {
+        return __awaiter(this, arguments, void 0, function* (timeoutMs = 5000) {
+            const startTime = Date.now();
+            // Wait for current processing to finish or timeout
+            while (this.queue.length > 0 && Date.now() - startTime < timeoutMs) {
+                yield sleep(100);
+            }
+            return this.queue.length;
+        });
+    }
+    /**
+     * Stops the forwarder.
+     * No more traces will be accepted after calling stop().
+     */
+    stop() {
+        this.isStopped = true;
+    }
+    /**
+     * Returns current forwarding statistics.
+     */
+    getStats() {
+        return Object.assign({}, this.stats);
+    }
+}
+exports.TraceForwarder = TraceForwarder;
+/**
+ * Sleep helper for retry delays.
+ */
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+//# sourceMappingURL=forwarder.js.map