@tracemarketplace/cli 0.0.1

package/dist/submitter.js

@@ -0,0 +1,65 @@
+/**
+ * submitter.ts — extract one session file and submit it to the API.
+ * Shared by auto-submit (hook), submit (batch), and daemon (watch).
+ */
+import { readFile } from "fs/promises";
+import { extractClaudeCode, extractCodex, extractCursor } from "@tracemarketplace/shared";
+import { ApiClient } from "./api-client.js";
+import { CURSOR_DB_PATH } from "./sessions.js";
+/**
+ * Extract a claude_code or codex_cli session from a file path and submit it.
+ */
+export async function submitFile(tool, filePath, config) {
+    let trace;
+    try {
+        if (tool === "claude_code") {
+            trace = await extractClaudeCode(filePath, config.email);
+        }
+        else {
+            const buf = await readFile(filePath);
+            trace = await extractCodex(buf, config.email);
+        }
+    }
+    catch (err) {
+        return { accepted: false, superseded: false, duplicate: false, turnCount: 0, payoutCents: 0, traceId: null, error: `Extraction failed: ${err}` };
+    }
+    if (trace.turn_count === 0) {
+        return { accepted: false, superseded: false, duplicate: false, turnCount: 0, payoutCents: 0, traceId: null, error: "Empty session" };
+    }
+    return submitTrace(trace, config);
+}
+/**
+ * Extract a Cursor session by session ID and submit it.
+ */
+export async function submitCursorSession(sessionId, config) {
+    let trace;
+    try {
+        trace = await extractCursor(CURSOR_DB_PATH, sessionId, config.email);
+    }
+    catch (err) {
+        return { accepted: false, superseded: false, duplicate: false, turnCount: 0, payoutCents: 0, traceId: null, error: `Cursor extraction failed: ${err}` };
+    }
+    return submitTrace(trace, config);
+}
+async function submitTrace(trace, config) {
+    const client = new ApiClient(config.serverUrl, config.apiKey);
+    try {
+        const result = await client.post("/api/v1/traces/batch", {
+            traces: [trace],
+            source_tool: trace.source_tool,
+        });
+        const first = result.traces?.[0];
+        return {
+            accepted: result.accepted > 0,
+            superseded: result.superseded > 0,
+            duplicate: result.duplicate > 0,
+            turnCount: trace.turn_count,
+            payoutCents: first?.payout_cents ?? 0,
+            traceId: first?.trace_id ?? null,
+        };
+    }
+    catch (err) {
+        return { accepted: false, superseded: false, duplicate: false, turnCount: trace.turn_count, payoutCents: 0, traceId: null, error: `Submit failed: ${err}` };
+    }
+}
+//# sourceMappingURL=submitter.js.map

package/dist/submitter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"submitter.js","sourceRoot":"","sources":["../src/submitter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC1F,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAa/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,IAAiC,EACjC,QAAgB,EAChB,MAAc;IAEd,IAAI,KAAK,CAAC;IACV,IAAI,CAAC;QACH,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;YAC3B,KAAK,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrC,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,sBAAsB,GAAG,EAAE,EAAE,CAAC;IACnJ,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;IACvI,CAAC;IAED,OAAO,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,SAAiB,EACjB,MAAc;IAEd,IAAI,KAAK,CAAC;IACV,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,aAAa,CAAC,cAAc,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,6BAA6B,GAAG,EAAE,EAAE,CAAC;IAC1J,CAAC;IACD,OAAO,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,KAAoD,EAAE,MAAc;IAC7F,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YACvD,MAAM,EAAE,CAAC,KAAK,CAAC;YACf,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAKA,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;QACjC,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,GAAG,CAAC;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU,GAAG,CAAC;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS,GAAG,CAAC;YAC/B,SAAS,EAAE,KAAK,CAAC,UAAU;YAC3B,WAAW,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;YACrC,OAAO,EAAE,KAAK,EAAE,QAAQ,IAAI,IAAI;SACjC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,kBAAkB,GAAG,EAAE,EAAE,CAAC;IAC9J,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@tracemarketplace/cli",
+  "version": "0.0.1",
+  "type": "module",
+  "bin": {
+    "trace": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/cli.ts",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@tracemarketplace/shared": "workspace:*",
+    "better-sqlite3": "^9.4.0",
+    "chalk": "^5.3.0",
+    "commander": "^12.0.0",
+    "fzstd": "^0.1.1",
+    "inquirer": "^9.2.0",
+    "open": "^11.0.0",
+    "ora": "^8.0.0",
+    "p-limit": "^5.0.0"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.0",
+    "@types/inquirer": "^9.0.7",
+    "@types/node": "^20.0.0",
+    "tsx": "^4.7.0",
+    "typescript": "^5.4.0"
+  }
+}

package/src/api-client.ts

@@ -0,0 +1,33 @@
+export class ApiClient {
+  constructor(
+    private baseUrl: string,
+    private apiKey: string
+  ) {}
+
+  async get(path: string): Promise<unknown> {
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      headers: { "X-Api-Key": this.apiKey },
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`API error ${res.status}: ${text}`);
+    }
+    return res.json();
+  }
+
+  async post(path: string, body: unknown): Promise<unknown> {
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Api-Key": this.apiKey,
+      },
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`API error ${res.status}: ${text}`);
+    }
+    return res.json();
+  }
+}

package/src/cli.ts

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+import { program } from "commander";
+import { loginCommand } from "./commands/login.js";
+import { registerCommand } from "./commands/register.js";
+import { whoamiCommand } from "./commands/whoami.js";
+import { submitCommand } from "./commands/submit.js";
+import { statusCommand } from "./commands/status.js";
+import { historyCommand } from "./commands/history.js";
+import { autoSubmitCommand } from "./commands/auto-submit.js";
+import { setupHookCommand } from "./commands/setup-hook.js";
+import { daemonCommand } from "./commands/daemon.js";
+
+program
+  .name("trace")
+  .description("Trace Marketplace CLI — submit AI coding sessions, get paid")
+  .version("0.0.1");
+
+program
+  .command("login")
+  .description("Sign in via browser — opens tracemarketplace.dev, no key needed")
+  .action(() => loginCommand().catch(handleError));
+
+program
+  .command("register")
+  .description("Register your email and get an API key")
+  .option("--server-url <url>", "Server URL (default: https://api.tracemarketplace.dev)")
+  .action((opts) => registerCommand({ serverUrl: opts.serverUrl }).catch(handleError));
+
+program
+  .command("whoami")
+  .description("Show your account info and balance")
+  .action(() => whoamiCommand().catch(handleError));
+
+program
+  .command("submit")
+  .description("Auto-detect and submit traces from Claude Code, Codex CLI, and Cursor")
+  .option("--tool <tool>", "Only submit from specific tool (claude-code|codex|cursor)")
+  .option("--dry-run", "Preview without submitting")
+  .option("--since <duration>", "Only include sessions from last N days (e.g. 30d)", "30d")
+  .action((opts) =>
+    submitCommand({
+      tool: opts.tool,
+      dryRun: opts.dryRun,
+      since: opts.since,
+    }).catch(handleError)
+  );
+
+program
+  .command("status")
+  .description("Show pending submissions and balance")
+  .action(() => statusCommand().catch(handleError));
+
+program
+  .command("history")
+  .description("Show submission history")
+  .action(() => historyCommand().catch(handleError));
+
+program
+  .command("auto-submit")
+  .description("Submit the current session (called by tool hooks — do not run manually)")
+  .option("--tool <tool>", "Tool that triggered the hook (claude-code|cursor|codex)")
+  .option("--session <id>", "Session ID (for cursor/codex hooks)")
+  .option("--file <path>", "Direct path to session file (for claude-code)")
+  .action((opts) => autoSubmitCommand({ tool: opts.tool, session: opts.session, file: opts.file }));
+
+program
+  .command("daemon")
+  .description("Watch session directories and auto-submit new sessions as they appear")
+  .action(() => daemonCommand().catch(handleError));
+
+program
+  .command("setup-hook")
+  .description("Install session-end hooks for Claude Code, Cursor, and Codex CLI")
+  .option("--tool <tool>", "Only set up hook for specific tool (claude-code|cursor|codex)")
+  .action((opts) => setupHookCommand({ tool: opts.tool }).catch(handleError));
+
+function handleError(e: unknown) {
+  console.error((e as Error).message ?? String(e));
+  process.exit(1);
+}
+
+program.parse();

package/src/commands/auto-submit.ts

@@ -0,0 +1,95 @@
+/**
+ * auto-submit — called by tool hooks (Claude Code Stop, Cursor sessionEnd).
+ * Non-interactive: never prompts, always exits 0 so it never blocks the user's tool.
+ * Logs results to ~/.config/tracemarketplace/auto-submit.log
+ */
+import { readFileSync, appendFileSync, mkdirSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+import { loadConfig } from "../config.js";
+import { findLatestFile, findCodexFileById } from "../sessions.js";
+import { submitFile, submitCursorSession } from "../submitter.js";
+
+interface AutoSubmitOptions {
+  tool?: string;
+  session?: string;  // session ID (for cursor)
+  file?: string;     // direct path (for claude-code when not via hook)
+}
+
+export function log(msg: string) {
+  const dir = join(homedir(), ".config", "tracemarketplace");
+  mkdirSync(dir, { recursive: true });
+  try {
+    appendFileSync(join(dir, "auto-submit.log"), `[${new Date().toISOString()}] ${msg}\n`);
+  } catch {}
+}
+
+export async function autoSubmitCommand(opts: AutoSubmitOptions): Promise<void> {
+  try { await run(opts); } catch (err) { log(`ERROR: ${String(err)}`); }
+}
+
+async function run(opts: AutoSubmitOptions): Promise<void> {
+  const config = loadConfig();
+  if (!config) { log("Not registered — run: trace register"); return; }
+
+  // Read hook payload from stdin
+  let hookPayload: Record<string, unknown> = {};
+  try {
+    const raw = readFileSync("/dev/stdin", "utf-8").trim();
+    if (raw) hookPayload = JSON.parse(raw);
+  } catch {}
+
+  const tool = opts.tool ?? inferTool(hookPayload);
+  if (!tool) { log("Could not determine tool"); return; }
+
+  log(`auto-submit triggered for tool=${tool}`);
+
+  if (tool === "claude-code" || tool === "claude_code") {
+    // Claude Code Stop hook sends { session_id, transcript_path }
+    const filePath = opts.file
+      ?? hookPayload["transcript_path"] as string
+      ?? findLatestFile("claude_code");
+
+    if (!filePath) { log("Claude Code: no session file found"); return; }
+
+    const result = await submitFile("claude_code", filePath, config);
+    logResult(result, filePath);
+
+  } else if (tool === "cursor") {
+    const sessionId = opts.session ?? hookPayload["sessionId"] as string;
+    if (!sessionId) { log("Cursor: no sessionId"); return; }
+
+    const result = await submitCursorSession(sessionId, config);
+    logResult(result, sessionId);
+
+  } else if (tool === "codex" || tool === "codex_cli") {
+    // after_agent payload: { "thread-id": "...", "turn-id": "...", "cwd": "...", "last-assistant-message": "..." }
+    // Legacy / manual: session_path or session_id
+    const threadId = hookPayload["thread-id"] as string ?? "";
+    const filePath = opts.file
+      ?? hookPayload["session_path"] as string
+      ?? findCodexFileById(opts.session ?? hookPayload["session_id"] as string ?? threadId ?? "");
+
+    if (!filePath) { log("Codex: no session file found"); return; }
+
+    const result = await submitFile("codex_cli", filePath, config);
+    logResult(result, filePath);
+
+  } else {
+    log(`Unknown tool: ${tool}`);
+  }
+}
+
+function logResult(result: Awaited<ReturnType<typeof submitFile>>, label: string) {
+  if (result.error) { log(`${label}: ${result.error}`); return; }
+  if (result.duplicate) { log(`${label}: already captured — skipped`); return; }
+  if (result.superseded) { log(`${label}: updated (${result.turnCount} turns) — $${(result.payoutCents / 100).toFixed(2)}`); return; }
+  log(`${label}: accepted (${result.turnCount} turns) — $${(result.payoutCents / 100).toFixed(2)}`);
+}
+
+function inferTool(payload: Record<string, unknown>): string | null {
+  if (payload["transcript_path"]) return "claude-code";
+  if (payload["terminationReason"] || payload["sessionId"]) return "cursor";
+  if (payload["session_path"] || payload["thread-id"]) return "codex";
+  return null;
+}

package/src/commands/daemon.ts

@@ -0,0 +1,128 @@
+/**
+ * trace daemon — watches ~/.claude and ~/.codex session dirs and auto-submits on change.
+ * Keeps a state file so already-submitted unchanged files are skipped on restart.
+ *
+ * State: ~/.config/tracemarketplace/daemon-state.json
+ *   { [filePath]: { mtime: number, size: number } }
+ *
+ * On startup: backfills any files newer than last run.
+ * While running: submits files 5s after they stop changing (debounce in watchDirs).
+ * Server handles dedup/supersession — daemon just fires on change.
+ */
+import { readFileSync, writeFileSync, mkdirSync, statSync, existsSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+import chalk from "chalk";
+import { loadConfig } from "../config.js";
+import { findFiles, watchDirs } from "../sessions.js";
+import { submitFile } from "../submitter.js";
+import { log } from "./auto-submit.js";
+
+const STATE_PATH = join(homedir(), ".config", "tracemarketplace", "daemon-state.json");
+
+type DaemonState = Record<string, { mtime: number; size: number }>;
+
+function loadState(): DaemonState {
+  try { return JSON.parse(readFileSync(STATE_PATH, "utf-8")); } catch { return {}; }
+}
+
+function saveState(state: DaemonState) {
+  mkdirSync(join(homedir(), ".config", "tracemarketplace"), { recursive: true });
+  writeFileSync(STATE_PATH, JSON.stringify(state, null, 2));
+}
+
+function hasChanged(filePath: string, state: DaemonState): boolean {
+  try {
+    const { mtimeMs, size } = statSync(filePath);
+    const recorded = state[filePath];
+    if (!recorded) return true;
+    return mtimeMs !== recorded.mtime || size !== recorded.size;
+  } catch { return false; }
+}
+
+function recordFile(filePath: string, state: DaemonState): DaemonState {
+  try {
+    const { mtimeMs, size } = statSync(filePath);
+    return { ...state, [filePath]: { mtime: mtimeMs, size } };
+  } catch { return state; }
+}
+
+async function processFile(
+  tool: "claude_code" | "codex_cli",
+  filePath: string,
+  state: DaemonState
+): Promise<DaemonState> {
+  const config = loadConfig();
+  if (!config) return state;
+
+  const result = await submitFile(tool, filePath, config);
+  const updated = recordFile(filePath, state);
+
+  if (result.error && result.error !== "Empty session") {
+    log(`daemon: ${filePath}: ${result.error}`);
+  } else if (result.duplicate) {
+    // Already current — no log noise
+  } else if (result.superseded) {
+    log(`daemon: updated ${filePath} (${result.turnCount} turns) +$${(result.payoutCents / 100).toFixed(2)}`);
+    console.log(chalk.cyan(`  ↑ updated`), chalk.gray(filePath.split("/").slice(-2).join("/")), chalk.green(`+$${(result.payoutCents / 100).toFixed(2)}`));
+  } else if (result.accepted) {
+    log(`daemon: accepted ${filePath} (${result.turnCount} turns) +$${(result.payoutCents / 100).toFixed(2)}`);
+    console.log(chalk.green(`  ✓ new`), chalk.gray(filePath.split("/").slice(-2).join("/")), chalk.green(`+$${(result.payoutCents / 100).toFixed(2)}`));
+  }
+
+  return updated;
+}
+
+export async function daemonCommand(): Promise<void> {
+  const config = loadConfig();
+  if (!config) {
+    console.error(chalk.red("Not registered. Run: trace register"));
+    process.exit(1);
+  }
+
+  const tools: Array<"claude_code" | "codex_cli"> = [];
+  if (existsSync(join(homedir(), ".claude"))) tools.push("claude_code");
+  if (existsSync(join(homedir(), ".codex", "sessions"))) tools.push("codex_cli");
+
+  if (tools.length === 0) {
+    console.log(chalk.yellow("No supported tools detected (Claude Code, Codex)."));
+    return;
+  }
+
+  console.log(chalk.bold("Trace daemon starting"));
+  console.log(chalk.gray(`Watching: ${tools.join(", ")}`));
+  console.log(chalk.gray("Press Ctrl+C to stop\n"));
+
+  let state = loadState();
+
+  // Backfill: submit any files from the last 7 days that have changed since last run
+  console.log(chalk.gray("Backfilling new/changed sessions..."));
+  let backfilled = 0;
+  for (const tool of tools) {
+    for (const filePath of findFiles(tool, 7)) {
+      if (hasChanged(filePath, state)) {
+        state = await processFile(tool, filePath, state);
+        backfilled++;
+      }
+    }
+  }
+  saveState(state);
+  if (backfilled === 0) console.log(chalk.gray("  Nothing new.\n"));
+  else console.log();
+
+  // Watch for ongoing changes
+  const stop = watchDirs(tools, async (tool, filePath) => {
+    if (!hasChanged(filePath, state)) return;
+    state = await processFile(tool, filePath, state);
+    saveState(state);
+  });
+
+  console.log(chalk.gray("Watching for new sessions...\n"));
+
+  // Graceful shutdown
+  process.on("SIGINT", () => { stop(); console.log(chalk.gray("\nDaemon stopped.")); process.exit(0); });
+  process.on("SIGTERM", () => { stop(); process.exit(0); });
+
+  // Keep alive
+  await new Promise(() => {});
+}

package/src/commands/history.ts

@@ -0,0 +1,50 @@
+import chalk from "chalk";
+import { loadConfig } from "../config.js";
+import { ApiClient } from "../api-client.js";
+
+export async function historyCommand(): Promise<void> {
+  const config = loadConfig();
+  if (!config) {
+    console.error(chalk.red("Not registered. Run: trace register"));
+    process.exit(1);
+  }
+
+  const client = new ApiClient(config.serverUrl, config.apiKey);
+  const subs = (await client.get("/api/v1/submissions")) as Array<{
+    id: string;
+    sourceTool: string;
+    submittedAt: string | number;
+    sessionCount: number;
+    acceptedCount: number | null;
+    totalPayoutCents: number | null;
+  }>;
+
+  if (subs.length === 0) {
+    console.log(chalk.gray("No submissions yet."));
+    return;
+  }
+
+  console.log(
+    chalk.gray(
+      "Date".padEnd(14) +
+        "Tool".padEnd(16) +
+        "Accepted".padEnd(12) +
+        "Payout"
+    )
+  );
+  console.log(chalk.gray("─".repeat(50)));
+
+  for (const s of subs) {
+    const date = new Date(s.submittedAt).toLocaleDateString();
+    const payout =
+      s.totalPayoutCents !== null
+        ? "$" + (s.totalPayoutCents / 100).toFixed(2)
+        : "pending";
+    console.log(
+      date.padEnd(14) +
+        s.sourceTool.padEnd(16) +
+        `${s.acceptedCount ?? "—"}/${s.sessionCount}`.padEnd(12) +
+        chalk.green(payout)
+    );
+  }
+}

package/src/commands/login.ts

@@ -0,0 +1,75 @@
+import chalk from "chalk";
+import ora from "ora";
+import open from "open";
+import { loadConfig, saveConfig } from "../config.js";
+import { ApiClient } from "../api-client.js";
+
+const POLL_INTERVAL = 2000;
+const POLL_TIMEOUT = 10 * 60 * 1000; // 10 min
+
+export async function loginCommand() {
+  const config = loadConfig();
+  const serverUrl = config?.serverUrl ?? "https://api.tracemarketplace.dev";
+  const client = new ApiClient(serverUrl, config?.apiKey ?? "");
+
+  // Step 1: init CLI session
+  const spinner = ora("Initializing...").start();
+  let token: string;
+  let loginUrl: string;
+  try {
+    const res = await client.post("/api/v1/auth/cli-init", {}) as { token: string; loginUrl: string };
+    token = res.token;
+    loginUrl = res.loginUrl;
+    spinner.stop();
+  } catch (e: any) {
+    spinner.fail("Failed to connect to server");
+    throw e;
+  }
+
+  // Step 2: open browser
+  console.log(chalk.dim("\nOpening browser to sign in...\n"));
+  console.log(chalk.dim(`  ${loginUrl}\n`));
+  console.log(chalk.dim("If the browser didn't open, copy the URL above.\n"));
+
+  try {
+    await open(loginUrl);
+  } catch {
+    // Browser open failed — user can copy the URL
+  }
+
+  // Step 3: poll for completion
+  const pollSpinner = ora("Waiting for authentication...").start();
+  const deadline = Date.now() + POLL_TIMEOUT;
+
+  while (Date.now() < deadline) {
+    await sleep(POLL_INTERVAL);
+    try {
+      const res = await client.get(`/api/v1/auth/cli-poll?token=${token}`) as { pending?: boolean; apiKey?: string };
+      if (res.pending) continue;
+      if (res.apiKey) {
+        pollSpinner.succeed("Authenticated");
+
+        // Get user info to confirm
+        const infoClient = new ApiClient(serverUrl, res.apiKey);
+        const me = await infoClient.get("/api/v1/me") as { email: string };
+
+        saveConfig({ apiKey: res.apiKey, serverUrl, email: me.email });
+        console.log(chalk.green(`\n✓ Logged in as ${me.email}\n`));
+        return;
+      }
+    } catch (e: any) {
+      if (e.message?.includes("Expired")) {
+        pollSpinner.fail("Login timed out. Run trace login again.");
+        process.exit(1);
+      }
+      // Transient error — keep polling
+    }
+  }
+
+  pollSpinner.fail("Timed out. Run trace login again.");
+  process.exit(1);
+}
+
+function sleep(ms: number) {
+  return new Promise((r) => setTimeout(r, ms));
+}

package/src/commands/register.ts

@@ -0,0 +1,52 @@
+import inquirer from "inquirer";
+import chalk from "chalk";
+import { saveConfig } from "../config.js";
+
+export async function registerCommand(opts: { serverUrl?: string }): Promise<void> {
+  const { email } = await inquirer.prompt([
+    {
+      type: "input",
+      name: "email",
+      message: "Your email address:",
+      validate: (v: string) => v.includes("@") || "Enter a valid email",
+    },
+  ]);
+
+  const serverUrl =
+    opts.serverUrl ??
+    (
+      await inquirer.prompt([
+        {
+          type: "input",
+          name: "url",
+          message: "Server URL:",
+          default: "https://api.tracemarketplace.dev",
+        },
+      ])
+    ).url;
+
+  const res = await fetch(`${serverUrl}/api/v1/register`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ email }),
+  });
+
+  const data = (await res.json()) as { api_key?: string; error?: string };
+
+  if (!res.ok) {
+    if (res.status === 409 && data.api_key) {
+      console.log(chalk.yellow("Email already registered."));
+      console.log(chalk.cyan("Your API key:"), chalk.bold(data.api_key));
+      saveConfig({ apiKey: data.api_key, serverUrl, email });
+      return;
+    }
+    throw new Error(data.error ?? `HTTP ${res.status}`);
+  }
+
+  const apiKey = data.api_key!;
+  saveConfig({ apiKey, serverUrl, email });
+
+  console.log(chalk.green("Registered successfully!"));
+  console.log(chalk.cyan("Your API key:"), chalk.bold(apiKey));
+  console.log(chalk.gray("Config saved to ~/.config/tracemarketplace/config.json"));
+}