@tameflare/cli 0.8.0 → 0.9.0

package/README.md

@@ -1,6 +1,6 @@
 # @tameflare/cli
 
-The official CLI for [TameFlare](https://tameflare.com) — secure and govern AI agent traffic through a transparent proxy gateway.
+The official CLI for [TameFlare](https://tameflare.com) - secure and govern AI agent traffic through a transparent proxy gateway.
 
 ## Install
 
@@ -31,12 +31,12 @@ tf run --name my-agent -- python agent.py
 
 | Command | Description |
 |---------|-------------|
-| `tf init` | Initialize TameFlare — downloads gateway, creates config |
+| `tf init` | Initialize TameFlare - downloads gateway, creates config |
 | `tf run --name <n> <cmd>` | Run a process through the proxy gateway |
 | `tf status` | Show gateway status and active processes |
 | `tf stop` | Stop the gateway |
 | `tf logs` | View recent traffic logs |
-| `tf kill-switch` | Emergency stop — block all traffic |
+| `tf kill-switch` | Emergency stop - block all traffic |
 | `tf connector add <type>` | Add a connector (github, openai, slack, stripe, generic) |
 | `tf connector list` | List active connectors |
 | `tf connector remove <id>` | Remove a connector |
@@ -75,9 +75,9 @@ Then open [http://localhost:3000](http://localhost:3000).
 ## Links
 
 - [Documentation](https://tameflare.com/docs)
-- [GitHub](https://github.com/agentfirewall/agentfirewall)
+- [GitHub](https://github.com/tameflare/tameflare)
 - [Website](https://tameflare.com)
 
 ## License
 
-[ELv2](https://github.com/agentfirewall/agentfirewall/blob/main/LICENSE)
+[ELv2](https://github.com/tameflare/tameflare/blob/main/LICENSE)

package/dist/commands/connector.js

@@ -45,7 +45,7 @@ function connectorCommand() {
     cmd
         .command("add <type>")
         .description("Add a connector (github, generic)")
-        .option("--token <token>", "API token or credential (visible in shell history — prefer --token-stdin or --token-env)")
+        .option("--token <token>", "API token or credential (visible in shell history - prefer --token-stdin or --token-env)")
         .option("--token-stdin", "Read token from stdin (avoids shell history exposure)")
         .option("--token-env <var>", "Read token from environment variable")
         .option("--name <name>", "Display name")

package/dist/commands/init.js

@@ -5,15 +5,42 @@ const commander_1 = require("commander");
 const child_process_1 = require("child_process");
 const fs_1 = require("fs");
 const path_1 = require("path");
+const readline_1 = require("readline");
 const utils_1 = require("../utils");
+const https_1 = require("https");
+const http_1 = require("http");
+const login_1 = require("./login");
+const GATEWAY_VERSION = "0.8.0";
+const GITHUB_REPO = "tameflare/tameflare";
 function initCommand() {
     const cmd = new commander_1.Command("init")
         .description("Initialize TameFlare gateway in the current directory")
         .option("--port <port>", "Gateway port", "9443")
         .option("--enforcement <level>", "Enforcement level: monitor, soft_enforce, full_enforce", "monitor")
         .option("--platform <name>", "Platform template: openclaw, langchain, n8n, claude-code")
+        .option("--dashboard-url <url>", "Dashboard URL for config phone-home (e.g. https://tameflare.com)")
+        .option("--gateway-id <id>", "Gateway ID from dashboard")
+        .option("--gateway-token <token>", "Gateway auth token from dashboard")
+        .option("--list", "List your gateways and pick one (requires tf login first)")
         .action(async (opts) => {
         const tfDir = (0, utils_1.getTfDir)();
+        // If --list or no gateway credentials provided, try to auto-detect from tf login
+        const creds = (0, login_1.loadCredentials)();
+        if ((opts.list || (!opts.gatewayId && !opts.gatewayToken)) && creds?.token) {
+            const dashUrl = opts.dashboardUrl || creds.dashboard_url;
+            const picked = await pickGatewayInteractive(dashUrl, creds.token, opts.list);
+            if (picked) {
+                opts.dashboardUrl = dashUrl;
+                opts.gatewayId = picked.id;
+                opts.gatewayToken = picked.gateway_token;
+                console.log(`[TF] Selected gateway: ${picked.name} (${picked.id})`);
+            }
+            else if (opts.list) {
+                // --list was explicit but no gateway picked
+                process.exit(1);
+            }
+            // If not --list and auto-detect failed, fall through to manual mode
+        }
         if ((0, utils_1.isGatewayInitialized)()) {
             console.log("[TF] Already initialized at", tfDir);
             console.log("[TF] Starting gateway...");
@@ -26,8 +53,8 @@ function initCommand() {
             const enforcement = opts.platform
                 ? "full_enforce"
                 : opts.enforcement;
-            // Write config
-            const config = [
+            // Write config (persist dashboard credentials so they survive restarts)
+            const configLines = [
                 "gateway:",
                 `  port: ${opts.port}`,
                 "  dashboard_port: 3000",
@@ -40,7 +67,18 @@ function initCommand() {
                 "tls:",
                 `  ca_cert: "${(0, path_1.join)(tfDir, "ca.crt").replace(/\\/g, "/")}"`,
                 `  ca_key: "${(0, path_1.join)(tfDir, "ca.key").replace(/\\/g, "/")}"`,
-            ].join("\n");
+            ];
+            if (opts.dashboardUrl || opts.gatewayId || opts.gatewayToken) {
+                configLines.push("");
+                configLines.push("dashboard:");
+                if (opts.dashboardUrl)
+                    configLines.push(`  url: "${opts.dashboardUrl}"`);
+                if (opts.gatewayId)
+                    configLines.push(`  gateway_id: "${opts.gatewayId}"`);
+                if (opts.gatewayToken)
+                    configLines.push(`  gateway_token: "${opts.gatewayToken}"`);
+            }
+            const config = configLines.join("\n");
             (0, fs_1.writeFileSync)((0, utils_1.getConfigPath)(), config, "utf-8");
             console.log("[TF] Config created at", (0, utils_1.getConfigPath)());
             // Write platform template
@@ -65,17 +103,69 @@ function initCommand() {
                 }
             }
         }
-        // Find and start the gateway binary
-        const gatewayBin = findGatewayBinary();
+        // Find or download the gateway binary
+        let gatewayBin = findGatewayBinary();
         if (!gatewayBin) {
-            console.error("[TF] Gateway binary not found.");
-            console.error("[TF] Build it with: cd apps/gateway-v2 && go build -o gateway ./cmd/gateway");
-            process.exit(1);
+            console.log("[TF] Gateway binary not found. Downloading...");
+            try {
+                gatewayBin = await downloadGatewayBinary(tfDir);
+            }
+            catch (err) {
+                console.error(`[TF] Failed to download gateway: ${err.message}`);
+                console.error("[TF] You can manually download from: https://github.com/tameflare/tameflare/releases");
+                process.exit(1);
+            }
+        }
+        // Build environment variables for the gateway binary.
+        // Priority: CLI flags > config file > tf login credentials
+        const gatewayEnv = { ...process.env };
+        let dashUrl = opts.dashboardUrl;
+        let gwId = opts.gatewayId;
+        let gwToken = opts.gatewayToken;
+        // Try reading from config file
+        if (!dashUrl || !gwId || !gwToken) {
+            try {
+                const cfgText = (0, fs_1.readFileSync)((0, utils_1.getConfigPath)(), "utf-8");
+                const dashSection = cfgText.split(/^dashboard:/m)[1] ?? "";
+                if (!dashUrl) {
+                    const m = dashSection.match(/^\s+url:\s*"(.+?)"/m);
+                    if (m)
+                        dashUrl = m[1];
+                }
+                if (!gwId) {
+                    const m = dashSection.match(/gateway_id:\s*"(.+?)"/);
+                    if (m)
+                        gwId = m[1];
+                }
+                if (!gwToken) {
+                    const m = dashSection.match(/gateway_token:\s*"(.+?)"/);
+                    if (m)
+                        gwToken = m[1];
+                }
+            }
+            catch { }
+        }
+        // Fall back to tf login credentials for dashboard URL
+        if (!dashUrl && creds?.dashboard_url) {
+            dashUrl = creds.dashboard_url;
+        }
+        if (dashUrl)
+            gatewayEnv.TF_DASHBOARD_URL = dashUrl;
+        if (gwId)
+            gatewayEnv.TF_GATEWAY_ID = gwId;
+        if (gwToken)
+            gatewayEnv.TF_GATEWAY_TOKEN = gwToken;
+        if (dashUrl && gwId && gwToken) {
+            console.log(`[TF] Dashboard: ${dashUrl} (gateway: ${gwId})`);
+        }
+        else if (!gwId || !gwToken) {
+            console.log("[TF] No gateway credentials configured. Run 'tf login' then 'tf init --list' to select a gateway.");
         }
         console.log("[TF] Starting gateway...");
         const gateway = (0, child_process_1.spawn)(gatewayBin, ["--config", (0, utils_1.getConfigPath)()], {
             stdio: "inherit",
             detached: false,
+            env: gatewayEnv,
         });
         gateway.on("error", (err) => {
             console.error("[TF] Failed to start gateway:", err.message);
@@ -98,11 +188,64 @@ function initCommand() {
     });
     return cmd;
 }
+async function pickGatewayInteractive(dashboardUrl, token, explicit) {
+    try {
+        const res = await fetch(`${dashboardUrl}/api/cli/gateways`, {
+            headers: { Authorization: `Bearer ${token}` },
+        });
+        if (!res.ok) {
+            if (res.status === 401) {
+                console.error("[TF] Token expired or invalid. Run 'tf login' again.");
+            }
+            else {
+                console.error(`[TF] Failed to fetch gateways: ${res.status}`);
+            }
+            return null;
+        }
+        const data = await res.json();
+        const gws = data.gateways ?? [];
+        if (gws.length === 0) {
+            console.log("[TF] No gateways found. Create one at the dashboard first.");
+            return null;
+        }
+        // Auto-select if only one gateway
+        if (gws.length === 1) {
+            console.log(`[TF] Found 1 gateway: ${gws[0].name}`);
+            return gws[0];
+        }
+        // Interactive selection
+        console.log("");
+        console.log("[TF] Your gateways:");
+        gws.forEach((gw, i) => {
+            console.log(`  ${i + 1}. ${gw.name} (${gw.id}) [${gw.enforcement_level}]`);
+        });
+        console.log("");
+        const rl = (0, readline_1.createInterface)({ input: process.stdin, output: process.stdout });
+        const answer = await new Promise((resolve) => {
+            rl.question("[TF] Select gateway (number): ", (ans) => {
+                rl.close();
+                resolve(ans.trim());
+            });
+        });
+        const idx = parseInt(answer, 10) - 1;
+        if (isNaN(idx) || idx < 0 || idx >= gws.length) {
+            console.error("[TF] Invalid selection.");
+            return null;
+        }
+        return gws[idx];
+    }
+    catch (err) {
+        if (!explicit)
+            return null; // Silent fail for auto-detect
+        console.error(`[TF] Failed to list gateways: ${err.message}`);
+        return null;
+    }
+}
 function getPlatformTemplate(platform) {
     const templates = {
         openclaw: {
             name: "OpenClaw",
-            description: "AI agent framework — blocks all unknown domains, pre-allows LLM APIs",
+            description: "AI agent framework - blocks all unknown domains, pre-allows LLM APIs",
             connectors: ["openai", "anthropic"],
             setup_commands: [
                 'npx tf connector add openai --token $OPENAI_API_KEY',
@@ -114,7 +257,7 @@ function getPlatformTemplate(platform) {
         },
         langchain: {
             name: "LangChain",
-            description: "LLM framework — pre-allows LLM APIs and search, blocks file:// and localhost",
+            description: "LLM framework - pre-allows LLM APIs and search, blocks file:// and localhost",
             connectors: ["openai", "anthropic"],
             setup_commands: [
                 'npx tf connector add openai --token $OPENAI_API_KEY',
@@ -127,7 +270,7 @@ function getPlatformTemplate(platform) {
         },
         n8n: {
             name: "n8n",
-            description: "Workflow automation — pre-allows common integration endpoints",
+            description: "Workflow automation - pre-allows common integration endpoints",
             connectors: ["openai", "slack", "github"],
             setup_commands: [
                 'npx tf connector add openai --token $OPENAI_API_KEY',
@@ -141,7 +284,7 @@ function getPlatformTemplate(platform) {
         },
         "claude-code": {
             name: "Claude Code",
-            description: "AI coding assistant — pre-allows package registries and git, blocks all other outbound",
+            description: "AI coding assistant - pre-allows package registries and git, blocks all other outbound",
             connectors: ["github"],
             setup_commands: [
                 'npx tf connector add github --token $GITHUB_TOKEN',
@@ -158,11 +301,18 @@ function getPlatformTemplate(platform) {
     return templates[platform] ?? null;
 }
 function findGatewayBinary() {
+    const tfDir = (0, utils_1.getTfDir)();
+    const isWin = process.platform === "win32";
+    const binName = isWin ? "tameflare-gateway.exe" : "tameflare-gateway";
     const candidates = [
-        (0, path_1.join)(process.cwd(), "apps", "gateway-v2", "gateway.exe"),
-        (0, path_1.join)(process.cwd(), "apps", "gateway-v2", "gateway"),
-        (0, path_1.join)(process.cwd(), "gateway.exe"),
-        (0, path_1.join)(process.cwd(), "gateway"),
+        // Preferred: downloaded binary in .tf/bin/
+        (0, path_1.join)(tfDir, "bin", binName),
+        // Dev: local build in monorepo
+        (0, path_1.join)(process.cwd(), "apps", "gateway-v2", binName),
+        (0, path_1.join)(process.cwd(), "apps", "gateway-v2", isWin ? "gateway.exe" : "gateway"),
+        // Fallback: cwd
+        (0, path_1.join)(process.cwd(), binName),
+        (0, path_1.join)(process.cwd(), isWin ? "gateway.exe" : "gateway"),
     ];
     for (const candidate of candidates) {
         if ((0, fs_1.existsSync)(candidate)) {
@@ -171,3 +321,102 @@ function findGatewayBinary() {
     }
     return null;
 }
+function getPlatformArch() {
+    const platform = process.platform;
+    const arch = process.arch;
+    let os;
+    switch (platform) {
+        case "linux":
+            os = "linux";
+            break;
+        case "darwin":
+            os = "darwin";
+            break;
+        case "win32":
+            os = "windows";
+            break;
+        default: throw new Error(`Unsupported platform: ${platform}`);
+    }
+    let goArch;
+    switch (arch) {
+        case "x64":
+            goArch = "amd64";
+            break;
+        case "arm64":
+            goArch = "arm64";
+            break;
+        default: throw new Error(`Unsupported architecture: ${arch}`);
+    }
+    const ext = os === "windows" ? "zip" : "tar.gz";
+    return { os, arch: goArch, ext };
+}
+function followRedirects(url) {
+    return new Promise((resolve, reject) => {
+        const getter = url.startsWith("https") ? https_1.get : http_1.get;
+        getter(url, (res) => {
+            if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                followRedirects(res.headers.location).then(resolve).catch(reject);
+                return;
+            }
+            if (res.statusCode && res.statusCode >= 400) {
+                reject(new Error(`HTTP ${res.statusCode} downloading ${url}`));
+                return;
+            }
+            const chunks = [];
+            res.on("data", (chunk) => chunks.push(chunk));
+            res.on("end", () => resolve(Buffer.concat(chunks)));
+            res.on("error", reject);
+        }).on("error", reject);
+    });
+}
+async function downloadGatewayBinary(tfDir) {
+    const { os, arch, ext } = getPlatformArch();
+    const archiveName = `tameflare-gateway_${GATEWAY_VERSION}_${os}_${arch}.${ext}`;
+    const downloadUrl = `https://github.com/${GITHUB_REPO}/releases/download/gateway-v${GATEWAY_VERSION}/${archiveName}`;
+    console.log(`[TF] Downloading gateway v${GATEWAY_VERSION} for ${os}/${arch}...`);
+    console.log(`[TF] From: ${downloadUrl}`);
+    const data = await followRedirects(downloadUrl);
+    const binDir = (0, path_1.join)(tfDir, "bin");
+    (0, fs_1.mkdirSync)(binDir, { recursive: true });
+    const archivePath = (0, path_1.join)(binDir, archiveName);
+    (0, fs_1.writeFileSync)(archivePath, data);
+    const isWin = os === "windows";
+    const binName = isWin ? "tameflare-gateway.exe" : "tameflare-gateway";
+    const binPath = (0, path_1.join)(binDir, binName);
+    // Extract the binary from the archive
+    if (ext === "tar.gz") {
+        try {
+            (0, child_process_1.execSync)(`tar -xzf "${archivePath}" -C "${binDir}" ${binName}`, { stdio: "pipe" });
+        }
+        catch {
+            // Some tar versions need different syntax
+            (0, child_process_1.execSync)(`tar -xzf "${archivePath}" -C "${binDir}"`, { stdio: "pipe" });
+        }
+        (0, fs_1.chmodSync)(binPath, 0o755);
+    }
+    else {
+        // Windows zip - use PowerShell
+        (0, child_process_1.execSync)(`powershell -Command "Expand-Archive -Force -Path '${archivePath}' -DestinationPath '${binDir}'"`, { stdio: "pipe" });
+    }
+    // Clean up archive
+    try {
+        (0, fs_1.unlinkSync)(archivePath);
+    }
+    catch { }
+    if (!(0, fs_1.existsSync)(binPath)) {
+        // Binary might be in a subdirectory - search for it
+        const files = (0, fs_1.readdirSync)(binDir, { recursive: true });
+        const found = files.find((f) => typeof f === "string" && f.endsWith(binName));
+        if (found) {
+            const foundPath = (0, path_1.join)(binDir, found);
+            if (foundPath !== binPath) {
+                (0, fs_1.renameSync)(foundPath, binPath);
+            }
+        }
+        else {
+            throw new Error(`Binary ${binName} not found in downloaded archive`);
+        }
+    }
+    console.log(`[TF] Gateway binary installed at ${binPath}`);
+    return binPath;
+}

package/dist/commands/kill-switch.js

@@ -8,7 +8,7 @@ function killSwitchCommand() {
         .description("Emergency: block all gateway traffic");
     cmd
         .command("activate")
-        .description("Activate kill switch — block ALL traffic immediately")
+        .description("Activate kill switch - block ALL traffic immediately")
         .option("--reason <reason>", "Reason for activation", "Manual activation")
         .action(async (opts) => {
         (0, utils_1.requireGateway)();
@@ -28,7 +28,7 @@ function killSwitchCommand() {
     });
     cmd
         .command("deactivate")
-        .description("Deactivate kill switch — resume normal enforcement")
+        .description("Deactivate kill switch - resume normal enforcement")
         .action(async () => {
         (0, utils_1.requireGateway)();
         try {

package/dist/commands/login.d.ts

@@ -0,0 +1,13 @@
+import { Command } from "commander";
+export interface TameFlareCredentials {
+    token: string;
+    dashboard_url: string;
+    org_id?: string;
+    user_id?: string;
+    created_at: string;
+}
+export declare function getCredentialsPath(): string;
+export declare function loadCredentials(): TameFlareCredentials | null;
+export declare function saveCredentials(creds: TameFlareCredentials): void;
+export declare function loginCommand(): Command;
+export declare function logoutCommand(): Command;

package/dist/commands/login.js

@@ -0,0 +1,180 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCredentialsPath = getCredentialsPath;
+exports.loadCredentials = loadCredentials;
+exports.saveCredentials = saveCredentials;
+exports.loginCommand = loginCommand;
+exports.logoutCommand = logoutCommand;
+const commander_1 = require("commander");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+const CREDENTIALS_DIR = (0, path_1.join)((0, os_1.homedir)(), ".tameflare");
+const CREDENTIALS_FILE = (0, path_1.join)(CREDENTIALS_DIR, "credentials.json");
+function getCredentialsPath() {
+    return CREDENTIALS_FILE;
+}
+function loadCredentials() {
+    try {
+        if (!(0, fs_1.existsSync)(CREDENTIALS_FILE))
+            return null;
+        const raw = (0, fs_1.readFileSync)(CREDENTIALS_FILE, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+function saveCredentials(creds) {
+    (0, fs_1.mkdirSync)(CREDENTIALS_DIR, { recursive: true });
+    (0, fs_1.writeFileSync)(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), "utf-8");
+}
+function loginCommand() {
+    const cmd = new commander_1.Command("login")
+        .description("Authenticate with tameflare.com (opens browser)")
+        .option("--dashboard-url <url>", "Dashboard URL", "https://tameflare.com")
+        .option("--token <token>", "Use a personal API token directly (for CI/CD)")
+        .action(async (opts) => {
+        const dashboardUrl = opts.dashboardUrl.replace(/\/+$/, "");
+        // Option 1: Direct token (for CI/CD, no browser)
+        if (opts.token) {
+            saveCredentials({
+                token: opts.token,
+                dashboard_url: dashboardUrl,
+                created_at: new Date().toISOString(),
+            });
+            console.log(`[TF] Token saved to ${CREDENTIALS_FILE}`);
+            console.log("[TF] Logged in. Run 'tf init' to set up a gateway.");
+            return;
+        }
+        // Option 2: Browser OAuth flow (device authorization grant)
+        console.log("[TF] Logging in to TameFlare...");
+        console.log("");
+        // 1. Start auth session
+        let sessionData;
+        try {
+            const res = await fetch(`${dashboardUrl}/api/cli/auth`, { method: "POST" });
+            if (!res.ok) {
+                const err = await res.json().catch(() => ({ error: res.statusText }));
+                console.error(`[TF] Failed to start auth session: ${err.error}`);
+                process.exit(1);
+            }
+            sessionData = await res.json();
+        }
+        catch (err) {
+            console.error(`[TF] Cannot reach ${dashboardUrl}: ${err.message}`);
+            process.exit(1);
+        }
+        // 2. Open browser
+        const url = sessionData.verification_url;
+        console.log("[TF] Opening browser to authorize...");
+        console.log(`[TF] If the browser doesn't open, visit: ${url}`);
+        console.log("");
+        try {
+            const { exec } = await Promise.resolve().then(() => __importStar(require("child_process")));
+            const openCmd = process.platform === "win32" ? `start "" "${url}"`
+                : process.platform === "darwin" ? `open "${url}"`
+                    : `xdg-open "${url}"`;
+            exec(openCmd);
+        }
+        catch {
+            // Browser open failed — user can manually visit the URL
+        }
+        // 3. Poll for approval
+        console.log("[TF] Waiting for authorization...");
+        const pollInterval = (sessionData.poll_interval || 2) * 1000;
+        const maxWait = (sessionData.expires_in || 600) * 1000;
+        const startTime = Date.now();
+        while (Date.now() - startTime < maxWait) {
+            await new Promise((r) => setTimeout(r, pollInterval));
+            try {
+                const res = await fetch(`${dashboardUrl}/api/cli/auth?code=${sessionData.code}`);
+                const data = await res.json();
+                if (data.status === "approved" && data.token) {
+                    // Save credentials
+                    saveCredentials({
+                        token: data.token,
+                        dashboard_url: dashboardUrl,
+                        org_id: data.org_id,
+                        user_id: data.user_id,
+                        created_at: new Date().toISOString(),
+                    });
+                    console.log("");
+                    console.log("[TF] Logged in successfully!");
+                    console.log(`[TF] Credentials saved to ${CREDENTIALS_FILE}`);
+                    console.log("");
+                    console.log("[TF] Next steps:");
+                    console.log("  tf init          # Set up a gateway in this directory");
+                    console.log("  tf init --list   # List your gateways and pick one");
+                    return;
+                }
+                if (data.status === "expired") {
+                    console.error("\n[TF] Session expired. Run 'tf login' again.");
+                    process.exit(1);
+                }
+                // Still pending — show a dot to indicate progress
+                process.stdout.write(".");
+            }
+            catch {
+                // Network error — keep trying
+                process.stdout.write("x");
+            }
+        }
+        console.error("\n[TF] Timed out waiting for authorization. Run 'tf login' again.");
+        process.exit(1);
+    });
+    return cmd;
+}
+function logoutCommand() {
+    const cmd = new commander_1.Command("logout")
+        .description("Remove saved TameFlare credentials")
+        .action(() => {
+        try {
+            const { unlinkSync } = require("fs");
+            if ((0, fs_1.existsSync)(CREDENTIALS_FILE)) {
+                unlinkSync(CREDENTIALS_FILE);
+                console.log("[TF] Logged out. Credentials removed.");
+            }
+            else {
+                console.log("[TF] Not logged in.");
+            }
+        }
+        catch (err) {
+            console.error(`[TF] Failed to remove credentials: ${err.message}`);
+        }
+    });
+    return cmd;
+}

package/dist/commands/run.js

@@ -6,12 +6,13 @@ const child_process_1 = require("child_process");
 const utils_1 = require("../utils");
 function runCommand() {
     const cmd = new commander_1.Command("run")
-        .description("Run a process through the TameFlare proxy")
-        .requiredOption("--name <name>", "Process name")
+        .description("Run a process through the TameFlare gateway proxy")
+        .requiredOption("--gateway <name>", "Gateway name (configured at tameflare.com/dashboard/gateways)")
+        .option("--name <name>", "Alias for --gateway (deprecated)")
         .argument("<command...>", "Command to run")
         .action(async (commandArgs, opts) => {
         (0, utils_1.requireGateway)();
-        const processName = opts.name;
+        const processName = opts.gateway || opts.name;
         const [command, ...args] = commandArgs;
         console.log(`[TF] Registering process "${processName}"...`);
         // Register process with gateway
@@ -80,6 +81,6 @@ async function deregister(name) {
         console.log(`[TF] Process "${name}" deregistered`);
     }
     catch {
-        // Gateway may already be down — ignore
+        // Gateway may already be down - ignore
     }
 }

package/dist/commands/status.js

@@ -10,21 +10,36 @@ function statusCommand() {
         (0, utils_1.requireGateway)();
         try {
             const status = await (0, utils_1.gatewayRequest)("GET", "/internal/status");
-            console.log("[TF] Gateway Status");
-            console.log("  Status:      ", status.status);
-            console.log("  Enforcement: ", status.enforcement_level);
-            console.log("  Proxy mode:  ", status.proxy_mode);
-            console.log("  Processes:   ", status.processes_active);
             console.log("");
-            console.log("[TF] Traffic");
-            console.log("  Total:       ", status.traffic.total);
-            console.log("  Allowed:     ", status.traffic.allowed);
-            console.log("  Denied:      ", status.traffic.denied);
+            console.log("  TameFlare Gateway");
+            console.log("  ─────────────────────────────────");
+            if (status.gateway_name) {
+                console.log(`  Gateway:       ${status.gateway_name}`);
+            }
+            if (status.version) {
+                console.log(`  Version:       ${status.version}`);
+            }
+            console.log(`  Status:        \x1b[32m${status.status}\x1b[0m`);
+            console.log(`  Enforcement:   ${status.enforcement_level}`);
+            if (status.uptime) {
+                console.log(`  Uptime:        ${status.uptime}`);
+            }
+            console.log(`  Processes:     ${status.processes_active}`);
+            if (status.connectors_active !== undefined) {
+                console.log(`  Connectors:    ${status.connectors_active}`);
+            }
+            console.log("");
+            console.log("  Traffic");
+            console.log("  ─────────────────────────────────");
+            console.log(`  Total:         ${status.traffic.total}`);
+            console.log(`  Allowed:       \x1b[32m${status.traffic.allowed}\x1b[0m`);
+            console.log(`  Denied:        \x1b[31m${status.traffic.denied}\x1b[0m`);
             // List processes
             const processes = await (0, utils_1.gatewayRequest)("GET", "/internal/processes");
             if (processes && processes.length > 0) {
                 console.log("");
-                console.log("[TF] Active Processes");
+                console.log("  Active Processes");
+                console.log("  ─────────────────────────────────");
                 const rows = processes.map((p) => [
                     p.name,
                     String(p.port),
@@ -33,6 +48,7 @@ function statusCommand() {
                 ]);
                 console.log((0, utils_1.formatTable)(["Name", "Port", "Requests", "Last Activity"], rows));
             }
+            console.log("");
         }
         catch (err) {
             console.error("[TF] Gateway is not running.");

package/dist/index.js

@@ -10,11 +10,14 @@ const logs_1 = require("./commands/logs");
 const kill_switch_1 = require("./commands/kill-switch");
 const connector_1 = require("./commands/connector");
 const approvals_1 = require("./commands/approvals");
+const login_1 = require("./commands/login");
 const program = new commander_1.Command();
 program
     .name("tf")
-    .description("TameFlare — Govern and secure AI gateway traffic")
-    .version("0.8.0");
+    .description("TameFlare - Govern and secure AI gateway traffic")
+    .version("0.9.0");
+program.addCommand((0, login_1.loginCommand)());
+program.addCommand((0, login_1.logoutCommand)());
 program.addCommand((0, init_1.initCommand)());
 program.addCommand((0, run_1.runCommand)());
 program.addCommand((0, status_1.statusCommand)());

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tameflare/cli",
-  "version": "0.8.0",
-  "description": "TameFlare CLI — secure and govern AI agent traffic through a transparent proxy gateway",
+  "version": "0.9.0",
+  "description": "TameFlare CLI - secure and govern AI agent traffic through a transparent proxy gateway",
   "bin": {
     "tf": "dist/index.js"
   },
@@ -26,12 +26,12 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/agentfirewall/agentfirewall",
+    "url": "https://github.com/tameflare/tameflare",
     "directory": "packages/cli"
   },
   "homepage": "https://tameflare.com",
   "bugs": {
-    "url": "https://github.com/agentfirewall/agentfirewall/issues"
+    "url": "https://github.com/tameflare/tameflare/issues"
   },
   "keywords": [
     "tameflare",