trickle-backend 0.1.63 → 0.1.65

package/Dockerfile

@@ -0,0 +1,23 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+# Install dependencies
+COPY package.json package-lock.json* ./
+RUN npm ci --production 2>/dev/null || npm install --production
+
+# Copy built files
+COPY dist/ dist/
+
+# Create data directory
+RUN mkdir -p /data
+
+ENV PORT=4888
+ENV TRICKLE_DB_PATH=/data/trickle.db
+
+EXPOSE 4888
+
+HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
+  CMD wget -qO- http://localhost:4888/api/health || exit 1
+
+CMD ["node", "dist/index.js"]

package/dist/db/cloud-migrations.d.ts

@@ -0,0 +1,2 @@
+import type Database from "better-sqlite3";
+export declare function runCloudMigrations(db: Database.Database): void;

package/dist/db/cloud-migrations.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCloudMigrations = runCloudMigrations;
+function runCloudMigrations(db) {
+    db.exec(`
+    -- Projects table: each project is an isolated workspace
+    CREATE TABLE IF NOT EXISTS projects (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      owner_key_id TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      settings TEXT DEFAULT '{}'
+    );
+
+    -- API keys for authentication
+    CREATE TABLE IF NOT EXISTS api_keys (
+      id TEXT PRIMARY KEY,
+      key_hash TEXT NOT NULL UNIQUE,
+      key_prefix TEXT NOT NULL,
+      name TEXT NOT NULL DEFAULT 'default',
+      owner_email TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      last_used_at TEXT,
+      revoked INTEGER NOT NULL DEFAULT 0
+    );
+
+    -- Project data: stores all JSONL/JSON files per project
+    CREATE TABLE IF NOT EXISTS project_data (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      project_id TEXT NOT NULL REFERENCES projects(id),
+      filename TEXT NOT NULL,
+      content TEXT NOT NULL,
+      size_bytes INTEGER NOT NULL DEFAULT 0,
+      pushed_at TEXT NOT NULL DEFAULT (datetime('now')),
+      UNIQUE(project_id, filename)
+    );
+
+    -- Push history for audit trail
+    CREATE TABLE IF NOT EXISTS push_history (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      project_id TEXT NOT NULL REFERENCES projects(id),
+      key_id TEXT NOT NULL,
+      file_count INTEGER NOT NULL,
+      total_bytes INTEGER NOT NULL,
+      pushed_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    -- Shared dashboards (public read-only links)
+    CREATE TABLE IF NOT EXISTS share_links (
+      id TEXT PRIMARY KEY,
+      project_id TEXT NOT NULL REFERENCES projects(id),
+      created_by TEXT NOT NULL,
+      expires_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_project_data_project ON project_data(project_id);
+    CREATE INDEX IF NOT EXISTS idx_push_history_project ON push_history(project_id);
+    CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash);
+  `);
+}

package/dist/db/connection.js

@@ -7,9 +7,9 @@ exports.db = void 0;
 const path_1 = __importDefault(require("path"));
 const fs_1 = __importDefault(require("fs"));
 const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
-const trickleDir = path_1.default.join(process.env.HOME || "~", ".trickle");
+const dbPath = process.env.TRICKLE_DB_PATH || path_1.default.join(process.env.HOME || "~", ".trickle", "trickle.db");
+const trickleDir = path_1.default.dirname(dbPath);
 fs_1.default.mkdirSync(trickleDir, { recursive: true });
-const dbPath = path_1.default.join(trickleDir, "trickle.db");
 const db = new better_sqlite3_1.default(dbPath);
 exports.db = db;
 db.pragma("journal_mode = WAL");

package/dist/index.js

@@ -3,7 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const server_1 = require("./server");
 const connection_1 = require("./db/connection");
 const migrations_1 = require("./db/migrations");
+const cloud_migrations_1 = require("./db/cloud-migrations");
 (0, migrations_1.runMigrations)(connection_1.db);
+(0, cloud_migrations_1.runCloudMigrations)(connection_1.db);
 const PORT = parseInt(process.env.PORT || "4888", 10);
 server_1.app.listen(PORT, () => {
     console.log(`[trickle] Backend listening on http://localhost:${PORT}`);

package/dist/routes/cloud.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Cloud API routes — /api/v1/*
+ *
+ * Provides multi-tenant cloud observability:
+ *   POST /api/v1/push       — Upload .trickle/ data for a project
+ *   GET  /api/v1/pull       — Download project data
+ *   GET  /api/v1/projects   — List projects for authenticated user
+ *   POST /api/v1/projects   — Create a new project
+ *   POST /api/v1/keys       — Generate a new API key
+ *   POST /api/v1/share      — Create a shareable dashboard link
+ *   GET  /api/v1/shared/:id — View shared dashboard data (no auth required)
+ *   GET  /api/v1/dashboard/:projectId — Get dashboard data for a project
+ */
+declare const router: import("express-serve-static-core").Router;
+export default router;

package/dist/routes/cloud.js

@@ -0,0 +1,465 @@
+"use strict";
+/**
+ * Cloud API routes — /api/v1/*
+ *
+ * Provides multi-tenant cloud observability:
+ *   POST /api/v1/push       — Upload .trickle/ data for a project
+ *   GET  /api/v1/pull       — Download project data
+ *   GET  /api/v1/projects   — List projects for authenticated user
+ *   POST /api/v1/projects   — Create a new project
+ *   POST /api/v1/keys       — Generate a new API key
+ *   POST /api/v1/share      — Create a shareable dashboard link
+ *   GET  /api/v1/shared/:id — View shared dashboard data (no auth required)
+ *   GET  /api/v1/dashboard/:projectId — Get dashboard data for a project
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = require("express");
+const crypto_1 = __importDefault(require("crypto"));
+const connection_1 = require("../db/connection");
+const router = (0, express_1.Router)();
+// ── Helpers ──
+function generateId() {
+    return crypto_1.default.randomBytes(12).toString("hex");
+}
+function generateApiKey() {
+    const key = `tk_${crypto_1.default.randomBytes(24).toString("hex")}`;
+    const hash = crypto_1.default.createHash("sha256").update(key).digest("hex");
+    const prefix = key.slice(0, 7);
+    return { key, hash, prefix };
+}
+function hashKey(key) {
+    return crypto_1.default.createHash("sha256").update(key).digest("hex");
+}
+function requireAuth(req, res, next) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader?.startsWith("Bearer ")) {
+        res.status(401).json({ error: "Missing or invalid Authorization header. Use: Bearer <api-key>" });
+        return;
+    }
+    const token = authHeader.slice(7);
+    const tokenHash = hashKey(token);
+    const key = connection_1.db.prepare("SELECT id, name, revoked FROM api_keys WHERE key_hash = ?").get(tokenHash);
+    if (!key) {
+        res.status(401).json({ error: "Invalid API key" });
+        return;
+    }
+    if (key.revoked) {
+        res.status(403).json({ error: "API key has been revoked" });
+        return;
+    }
+    // Update last_used_at
+    connection_1.db.prepare("UPDATE api_keys SET last_used_at = datetime('now') WHERE id = ?").run(key.id);
+    req.keyId = key.id;
+    req.keyName = key.name;
+    next();
+}
+// ── POST /api/v1/keys — Generate a new API key ──
+router.post("/keys", (req, res) => {
+    const { name, email } = req.body || {};
+    const { key, hash, prefix } = generateApiKey();
+    const id = generateId();
+    connection_1.db.prepare("INSERT INTO api_keys (id, key_hash, key_prefix, name, owner_email) VALUES (?, ?, ?, ?, ?)").run(id, hash, prefix, name || "default", email || null);
+    res.status(201).json({
+        id,
+        key, // Only returned once — user must save it
+        prefix,
+        name: name || "default",
+        message: "Save this key — it cannot be retrieved later.",
+    });
+});
+// ── POST /api/v1/ingest — Real-time streaming ingest ──
+// Accepts batched observations and appends to project data files.
+// This enables `trickle run` to stream data to the cloud in real-time.
+router.post("/ingest", requireAuth, (req, res) => {
+    const { project, file, lines } = req.body;
+    if (!project || !file || !lines) {
+        res.status(400).json({ error: "project, file, and lines required" });
+        return;
+    }
+    const projectId = `${req.keyId}:${project}`;
+    // Auto-create project
+    connection_1.db.prepare(`
+    INSERT INTO projects (id, name, owner_key_id, updated_at)
+    VALUES (?, ?, ?, datetime('now'))
+    ON CONFLICT(id) DO UPDATE SET updated_at = datetime('now')
+  `).run(projectId, project, req.keyId);
+    // Append to existing content (or create new)
+    const existing = connection_1.db.prepare("SELECT content FROM project_data WHERE project_id = ? AND filename = ?").get(projectId, file);
+    const newContent = typeof lines === "string" ? lines : lines.join("\n") + "\n";
+    const content = existing ? existing.content + newContent : newContent;
+    const bytes = Buffer.byteLength(content, "utf-8");
+    connection_1.db.prepare(`
+    INSERT INTO project_data (project_id, filename, content, size_bytes, pushed_at)
+    VALUES (?, ?, ?, ?, datetime('now'))
+    ON CONFLICT(project_id, filename) DO UPDATE SET
+      content = excluded.content,
+      size_bytes = excluded.size_bytes,
+      pushed_at = datetime('now')
+  `).run(projectId, file, content, bytes);
+    res.json({ ok: true, file, bytes });
+});
+// ── POST /api/v1/push — Upload project data (full replace) ──
+router.post("/push", requireAuth, (req, res) => {
+    const { project, files, timestamp } = req.body;
+    if (!project || typeof project !== "string") {
+        res.status(400).json({ error: "project name required" });
+        return;
+    }
+    if (!files || typeof files !== "object") {
+        res.status(400).json({ error: "files object required" });
+        return;
+    }
+    const projectId = `${req.keyId}:${project}`;
+    // Upsert project
+    connection_1.db.prepare(`
+    INSERT INTO projects (id, name, owner_key_id, updated_at)
+    VALUES (?, ?, ?, datetime('now'))
+    ON CONFLICT(id) DO UPDATE SET updated_at = datetime('now')
+  `).run(projectId, project, req.keyId);
+    // Upsert each file
+    const upsertFile = connection_1.db.prepare(`
+    INSERT INTO project_data (project_id, filename, content, size_bytes, pushed_at)
+    VALUES (?, ?, ?, ?, datetime('now'))
+    ON CONFLICT(project_id, filename) DO UPDATE SET
+      content = excluded.content,
+      size_bytes = excluded.size_bytes,
+      pushed_at = datetime('now')
+  `);
+    let totalBytes = 0;
+    let fileCount = 0;
+    const insertMany = connection_1.db.transaction(() => {
+        for (const [filename, content] of Object.entries(files)) {
+            if (typeof content !== "string")
+                continue;
+            const bytes = Buffer.byteLength(content, "utf-8");
+            upsertFile.run(projectId, filename, content, bytes);
+            totalBytes += bytes;
+            fileCount++;
+        }
+    });
+    insertMany();
+    // Record push history
+    connection_1.db.prepare("INSERT INTO push_history (project_id, key_id, file_count, total_bytes) VALUES (?, ?, ?, ?)").run(projectId, req.keyId, fileCount, totalBytes);
+    const dashboardUrl = `${req.protocol}://${req.get("host")}/api/v1/dashboard/${encodeURIComponent(projectId)}`;
+    res.json({
+        ok: true,
+        project: projectId,
+        files: fileCount,
+        bytes: totalBytes,
+        url: dashboardUrl,
+    });
+});
+// ── GET /api/v1/pull — Download project data ──
+router.get("/pull", requireAuth, (req, res) => {
+    const project = req.query.project;
+    if (!project) {
+        res.status(400).json({ error: "project query parameter required" });
+        return;
+    }
+    const projectId = `${req.keyId}:${project}`;
+    const rows = connection_1.db.prepare("SELECT filename, content FROM project_data WHERE project_id = ?").all(projectId);
+    if (rows.length === 0) {
+        res.status(404).json({ error: "No data found for this project" });
+        return;
+    }
+    const files = {};
+    for (const row of rows) {
+        files[row.filename] = row.content;
+    }
+    res.json({ project, files, fileCount: rows.length });
+});
+// ── GET /api/v1/projects — List projects ──
+router.get("/projects", requireAuth, (req, res) => {
+    const rows = connection_1.db.prepare(`
+    SELECT p.id, p.name, p.created_at, p.updated_at,
+      (SELECT COUNT(*) FROM project_data pd WHERE pd.project_id = p.id) as file_count,
+      (SELECT SUM(pd.size_bytes) FROM project_data pd WHERE pd.project_id = p.id) as total_bytes
+    FROM projects p
+    WHERE p.owner_key_id = ?
+    ORDER BY p.updated_at DESC
+  `).all(req.keyId);
+    res.json({
+        projects: rows.map((r) => ({
+            id: r.id,
+            name: r.name,
+            files: r.file_count || 0,
+            size: r.total_bytes || 0,
+            createdAt: r.created_at,
+            updatedAt: r.updated_at,
+        })),
+    });
+});
+// ── POST /api/v1/projects — Create project ──
+router.post("/projects", requireAuth, (req, res) => {
+    const { name } = req.body;
+    if (!name) {
+        res.status(400).json({ error: "name required" });
+        return;
+    }
+    const projectId = `${req.keyId}:${name}`;
+    connection_1.db.prepare(`
+    INSERT INTO projects (id, name, owner_key_id)
+    VALUES (?, ?, ?)
+    ON CONFLICT(id) DO NOTHING
+  `).run(projectId, name, req.keyId);
+    res.status(201).json({ id: projectId, name });
+});
+// ── POST /api/v1/share — Create shareable link ──
+router.post("/share", requireAuth, (req, res) => {
+    const { project, expiresInHours } = req.body;
+    if (!project) {
+        res.status(400).json({ error: "project name required" });
+        return;
+    }
+    const projectId = `${req.keyId}:${project}`;
+    // Verify project exists
+    const proj = connection_1.db.prepare("SELECT id FROM projects WHERE id = ?").get(projectId);
+    if (!proj) {
+        res.status(404).json({ error: "Project not found" });
+        return;
+    }
+    const shareId = generateId();
+    const expiresAt = expiresInHours
+        ? new Date(Date.now() + expiresInHours * 3600000).toISOString()
+        : null;
+    connection_1.db.prepare("INSERT INTO share_links (id, project_id, created_by, expires_at) VALUES (?, ?, ?, ?)").run(shareId, projectId, req.keyId, expiresAt);
+    const shareUrl = `${req.protocol}://${req.get("host")}/api/v1/shared/${shareId}`;
+    res.status(201).json({
+        shareId,
+        url: shareUrl,
+        expiresAt,
+    });
+});
+// ── GET /api/v1/shared/:id — View shared data (no auth) ──
+router.get("/shared/:id", (req, res) => {
+    const link = connection_1.db.prepare(`
+    SELECT sl.project_id, sl.expires_at, p.name as project_name
+    FROM share_links sl
+    JOIN projects p ON p.id = sl.project_id
+    WHERE sl.id = ?
+  `).get(req.params.id);
+    if (!link) {
+        res.status(404).json({ error: "Share link not found" });
+        return;
+    }
+    if (link.expires_at && new Date(link.expires_at) < new Date()) {
+        res.status(410).json({ error: "Share link has expired" });
+        return;
+    }
+    const rows = connection_1.db.prepare("SELECT filename, content FROM project_data WHERE project_id = ?").all(link.project_id);
+    const files = {};
+    for (const row of rows) {
+        files[row.filename] = row.content;
+    }
+    // If request accepts HTML, serve dashboard
+    if (req.accepts("html")) {
+        res.send(generateDashboardHtml(link.project_name, files));
+        return;
+    }
+    res.json({ project: link.project_name, files, fileCount: rows.length });
+});
+// ── GET /api/v1/dashboard/:projectId — Authenticated dashboard ──
+router.get("/dashboard/:projectId", requireAuth, (req, res) => {
+    const projectId = decodeURIComponent(req.params.projectId);
+    // Verify ownership
+    const proj = connection_1.db.prepare("SELECT name FROM projects WHERE id = ? AND owner_key_id = ?").get(projectId, req.keyId);
+    if (!proj) {
+        res.status(404).json({ error: "Project not found" });
+        return;
+    }
+    const rows = connection_1.db.prepare("SELECT filename, content FROM project_data WHERE project_id = ?").all(projectId);
+    const files = {};
+    for (const row of rows) {
+        files[row.filename] = row.content;
+    }
+    if (req.accepts("html")) {
+        res.send(generateDashboardHtml(proj.name, files));
+        return;
+    }
+    res.json({ project: proj.name, files, fileCount: rows.length });
+});
+// ── Dashboard HTML generator ──
+function generateDashboardHtml(projectName, files) {
+    // Parse data files
+    const parseJsonl = (content) => content.split("\n").filter(Boolean).map(l => { try {
+        return JSON.parse(l);
+    }
+    catch {
+        return null;
+    } }).filter(Boolean);
+    const observations = files["observations.jsonl"] ? parseJsonl(files["observations.jsonl"]) : [];
+    const variables = files["variables.jsonl"] ? parseJsonl(files["variables.jsonl"]) : [];
+    const calltrace = files["calltrace.jsonl"] ? parseJsonl(files["calltrace.jsonl"]) : [];
+    const queries = files["queries.jsonl"] ? parseJsonl(files["queries.jsonl"]) : [];
+    const errors = files["errors.jsonl"] ? parseJsonl(files["errors.jsonl"]) : [];
+    const alerts = files["alerts.jsonl"] ? parseJsonl(files["alerts.jsonl"]) : [];
+    const profile = files["profile.jsonl"] ? parseJsonl(files["profile.jsonl"]) : [];
+    let environment = {};
+    try {
+        if (files["environment.json"])
+            environment = JSON.parse(files["environment.json"]);
+    }
+    catch { }
+    const criticalAlerts = alerts.filter((a) => a.severity === "critical");
+    const warningAlerts = alerts.filter((a) => a.severity === "warning");
+    const endProfile = profile.find((p) => p.event === "end");
+    const status = criticalAlerts.length > 0 ? "critical" :
+        errors.length > 0 ? "error" :
+            warningAlerts.length > 0 ? "warning" : "healthy";
+    const statusColors = {
+        healthy: "#22c55e", warning: "#eab308", error: "#ef4444", critical: "#dc2626",
+    };
+    const slowFuncs = observations
+        .filter((o) => o.durationMs && o.durationMs > 10)
+        .sort((a, b) => (b.durationMs || 0) - (a.durationMs || 0))
+        .slice(0, 10);
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>${projectName} — trickle dashboard</title>
+<style>
+  * { margin: 0; padding: 0; box-sizing: border-box; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #0f1117; color: #e5e7eb; line-height: 1.5; }
+  .container { max-width: 1200px; margin: 0 auto; padding: 24px; }
+  h1 { font-size: 24px; font-weight: 600; margin-bottom: 8px; }
+  h2 { font-size: 18px; font-weight: 600; margin: 24px 0 12px; color: #9ca3af; }
+  .subtitle { color: #6b7280; font-size: 14px; margin-bottom: 24px; }
+  .grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 16px; margin-bottom: 24px; }
+  .card { background: #1f2937; border-radius: 8px; padding: 16px; border: 1px solid #374151; }
+  .card-label { font-size: 12px; color: #9ca3af; text-transform: uppercase; letter-spacing: 0.05em; }
+  .card-value { font-size: 28px; font-weight: 700; margin-top: 4px; }
+  .status-badge { display: inline-block; padding: 4px 12px; border-radius: 12px; font-size: 12px; font-weight: 600; text-transform: uppercase; }
+  table { width: 100%; border-collapse: collapse; }
+  th { text-align: left; padding: 8px 12px; font-size: 12px; color: #9ca3af; text-transform: uppercase; border-bottom: 1px solid #374151; }
+  td { padding: 8px 12px; border-bottom: 1px solid #1f2937; font-size: 14px; }
+  .mono { font-family: 'SF Mono', Monaco, Consolas, monospace; font-size: 13px; }
+  .bar { height: 8px; border-radius: 4px; background: #3b82f6; display: inline-block; min-width: 4px; }
+  .alert-critical { border-left: 3px solid #ef4444; }
+  .alert-warning { border-left: 3px solid #eab308; }
+  .error-card { background: #1f2937; border-left: 3px solid #ef4444; padding: 12px; margin-bottom: 8px; border-radius: 4px; }
+  .section { background: #1f2937; border-radius: 8px; padding: 16px; border: 1px solid #374151; margin-bottom: 16px; }
+  .tag { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 11px; background: #374151; color: #9ca3af; margin-right: 4px; }
+  footer { text-align: center; padding: 24px; color: #4b5563; font-size: 12px; }
+  a { color: #3b82f6; text-decoration: none; }
+</style>
+</head>
+<body>
+<div class="container">
+  <h1>${projectName}</h1>
+  <div class="subtitle">
+    <span class="status-badge" style="background: ${statusColors[status]}20; color: ${statusColors[status]}">${status.toUpperCase()}</span>
+    ${environment.node ? `<span class="tag">Node ${environment.node.version}</span>` : ""}
+    ${environment.python ? `<span class="tag">Python ${environment.python}</span>` : ""}
+    ${endProfile ? `<span class="tag">${Math.round((endProfile.rssKb || 0) / 1024)}MB RSS</span>` : ""}
+  </div>
+
+  <div class="grid">
+    <div class="card">
+      <div class="card-label">Functions</div>
+      <div class="card-value">${observations.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Variables</div>
+      <div class="card-value">${variables.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">DB Queries</div>
+      <div class="card-value">${queries.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Call Trace</div>
+      <div class="card-value">${calltrace.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Errors</div>
+      <div class="card-value" style="color: ${errors.length > 0 ? "#ef4444" : "#22c55e"}">${errors.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Alerts</div>
+      <div class="card-value" style="color: ${criticalAlerts.length > 0 ? "#ef4444" : warningAlerts.length > 0 ? "#eab308" : "#22c55e"}">${alerts.length}</div>
+    </div>
+  </div>
+
+  ${alerts.length > 0 ? `
+  <h2>Alerts</h2>
+  <div class="section">
+    ${alerts.map((a) => `
+      <div class="card ${a.severity === "critical" ? "alert-critical" : "alert-warning"}" style="margin-bottom: 8px;">
+        <strong>${a.severity === "critical" ? "CRITICAL" : "WARNING"}</strong>: ${escapeHtml(a.message || "")}
+        ${a.suggestion ? `<div style="color: #9ca3af; font-size: 13px; margin-top: 4px;">Fix: ${escapeHtml(a.suggestion)}</div>` : ""}
+      </div>
+    `).join("")}
+  </div>` : ""}
+
+  ${errors.length > 0 ? `
+  <h2>Errors</h2>
+  <div class="section">
+    ${errors.slice(0, 10).map((e) => `
+      <div class="error-card">
+        <strong class="mono">${escapeHtml(e.type || "Error")}</strong>: ${escapeHtml((e.message || "").substring(0, 200))}
+        ${e.function ? `<div style="color: #6b7280; font-size: 12px;">in ${escapeHtml(e.function)}</div>` : ""}
+      </div>
+    `).join("")}
+  </div>` : ""}
+
+  ${slowFuncs.length > 0 ? `
+  <h2>Performance Hotspots</h2>
+  <div class="section">
+    <table>
+      <thead><tr><th>Function</th><th>Module</th><th>Duration</th><th></th></tr></thead>
+      <tbody>
+        ${slowFuncs.map((f) => {
+        const pct = Math.round((f.durationMs / slowFuncs[0].durationMs) * 100);
+        return `<tr>
+            <td class="mono">${escapeHtml(f.functionName || "?")}</td>
+            <td>${escapeHtml(f.module || "?")}</td>
+            <td>${f.durationMs?.toFixed(0)}ms</td>
+            <td><div class="bar" style="width: ${pct}%"></div></td>
+          </tr>`;
+    }).join("")}
+      </tbody>
+    </table>
+  </div>` : ""}
+
+  ${observations.length > 0 ? `
+  <h2>Observed Functions</h2>
+  <div class="section">
+    <table>
+      <thead><tr><th>Function</th><th>Module</th><th>Duration</th></tr></thead>
+      <tbody>
+        ${observations.slice(0, 30).map((o) => `<tr>
+          <td class="mono">${escapeHtml(o.functionName || "?")}</td>
+          <td>${escapeHtml(o.module || "?")}</td>
+          <td>${o.durationMs ? o.durationMs.toFixed(0) + "ms" : "-"}</td>
+        </tr>`).join("")}
+      </tbody>
+    </table>
+  </div>` : ""}
+
+  ${queries.length > 0 ? `
+  <h2>Database Queries</h2>
+  <div class="section">
+    <table>
+      <thead><tr><th>Query</th><th>Duration</th></tr></thead>
+      <tbody>
+        ${queries.slice(0, 20).map((q) => `<tr>
+          <td class="mono" style="max-width: 600px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">${escapeHtml((q.query || q.sql || "?").substring(0, 100))}</td>
+          <td>${q.durationMs ? q.durationMs.toFixed(1) + "ms" : "-"}</td>
+        </tr>`).join("")}
+      </tbody>
+    </table>
+  </div>` : ""}
+</div>
+<footer>Powered by <a href="https://github.com/yiheinchai/trickle">trickle</a> — runtime observability</footer>
+</body>
+</html>`;
+}
+function escapeHtml(s) {
+    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+exports.default = router;

package/dist/server.js

@@ -18,6 +18,7 @@ const dashboard_1 = __importDefault(require("./routes/dashboard"));
 const coverage_1 = __importDefault(require("./routes/coverage"));
 const audit_1 = __importDefault(require("./routes/audit"));
 const search_1 = __importDefault(require("./routes/search"));
+const cloud_1 = __importDefault(require("./routes/cloud"));
 const app = (0, express_1.default)();
 exports.app = app;
 app.use((0, cors_1.default)());
@@ -34,6 +35,7 @@ app.use("/dashboard", dashboard_1.default);
 app.use("/api/coverage", coverage_1.default);
 app.use("/api/audit", audit_1.default);
 app.use("/api/search", search_1.default);
+app.use("/api/v1", cloud_1.default);
 // Health check
 app.get("/api/health", (_req, res) => {
     res.json({ ok: true, timestamp: new Date().toISOString() });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "trickle-backend",
-  "version": "0.1.63",
+  "version": "0.1.65",
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc",

package/src/db/cloud-migrations.ts

@@ -0,0 +1,61 @@
+import type Database from "better-sqlite3";
+
+export function runCloudMigrations(db: Database.Database): void {
+  db.exec(`
+    -- Projects table: each project is an isolated workspace
+    CREATE TABLE IF NOT EXISTS projects (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      owner_key_id TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      settings TEXT DEFAULT '{}'
+    );
+
+    -- API keys for authentication
+    CREATE TABLE IF NOT EXISTS api_keys (
+      id TEXT PRIMARY KEY,
+      key_hash TEXT NOT NULL UNIQUE,
+      key_prefix TEXT NOT NULL,
+      name TEXT NOT NULL DEFAULT 'default',
+      owner_email TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      last_used_at TEXT,
+      revoked INTEGER NOT NULL DEFAULT 0
+    );
+
+    -- Project data: stores all JSONL/JSON files per project
+    CREATE TABLE IF NOT EXISTS project_data (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      project_id TEXT NOT NULL REFERENCES projects(id),
+      filename TEXT NOT NULL,
+      content TEXT NOT NULL,
+      size_bytes INTEGER NOT NULL DEFAULT 0,
+      pushed_at TEXT NOT NULL DEFAULT (datetime('now')),
+      UNIQUE(project_id, filename)
+    );
+
+    -- Push history for audit trail
+    CREATE TABLE IF NOT EXISTS push_history (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      project_id TEXT NOT NULL REFERENCES projects(id),
+      key_id TEXT NOT NULL,
+      file_count INTEGER NOT NULL,
+      total_bytes INTEGER NOT NULL,
+      pushed_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    -- Shared dashboards (public read-only links)
+    CREATE TABLE IF NOT EXISTS share_links (
+      id TEXT PRIMARY KEY,
+      project_id TEXT NOT NULL REFERENCES projects(id),
+      created_by TEXT NOT NULL,
+      expires_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_project_data_project ON project_data(project_id);
+    CREATE INDEX IF NOT EXISTS idx_push_history_project ON push_history(project_id);
+    CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash);
+  `);
+}

package/src/db/connection.ts

@@ -2,12 +2,11 @@ import path from "path";
 import fs from "fs";
 import Database, { Database as DatabaseType } from "better-sqlite3";
 
-const trickleDir = path.join(process.env.HOME || "~", ".trickle");
+const dbPath = process.env.TRICKLE_DB_PATH || path.join(process.env.HOME || "~", ".trickle", "trickle.db");
+const trickleDir = path.dirname(dbPath);
 
 fs.mkdirSync(trickleDir, { recursive: true });
 
-const dbPath = path.join(trickleDir, "trickle.db");
-
 const db: DatabaseType = new Database(dbPath);
 
 db.pragma("journal_mode = WAL");

package/src/index.ts

@@ -1,8 +1,10 @@
 import { app } from "./server";
 import { db } from "./db/connection";
 import { runMigrations } from "./db/migrations";
+import { runCloudMigrations } from "./db/cloud-migrations";
 
 runMigrations(db);
+runCloudMigrations(db);
 
 const PORT = parseInt(process.env.PORT || "4888", 10);
 

package/src/routes/cloud.ts

@@ -0,0 +1,562 @@
+/**
+ * Cloud API routes — /api/v1/*
+ *
+ * Provides multi-tenant cloud observability:
+ *   POST /api/v1/push       — Upload .trickle/ data for a project
+ *   GET  /api/v1/pull       — Download project data
+ *   GET  /api/v1/projects   — List projects for authenticated user
+ *   POST /api/v1/projects   — Create a new project
+ *   POST /api/v1/keys       — Generate a new API key
+ *   POST /api/v1/share      — Create a shareable dashboard link
+ *   GET  /api/v1/shared/:id — View shared dashboard data (no auth required)
+ *   GET  /api/v1/dashboard/:projectId — Get dashboard data for a project
+ */
+
+import { Router, Request, Response, NextFunction } from "express";
+import crypto from "crypto";
+import { db } from "../db/connection";
+
+const router = Router();
+
+// ── Helpers ──
+
+function generateId(): string {
+  return crypto.randomBytes(12).toString("hex");
+}
+
+function generateApiKey(): { key: string; hash: string; prefix: string } {
+  const key = `tk_${crypto.randomBytes(24).toString("hex")}`;
+  const hash = crypto.createHash("sha256").update(key).digest("hex");
+  const prefix = key.slice(0, 7);
+  return { key, hash, prefix };
+}
+
+function hashKey(key: string): string {
+  return crypto.createHash("sha256").update(key).digest("hex");
+}
+
+// ── Auth middleware ──
+
+interface AuthedRequest extends Request {
+  keyId?: string;
+  keyName?: string;
+}
+
+function requireAuth(req: AuthedRequest, res: Response, next: NextFunction): void {
+  const authHeader = req.headers.authorization;
+  if (!authHeader?.startsWith("Bearer ")) {
+    res.status(401).json({ error: "Missing or invalid Authorization header. Use: Bearer <api-key>" });
+    return;
+  }
+
+  const token = authHeader.slice(7);
+  const tokenHash = hashKey(token);
+
+  const key = db.prepare(
+    "SELECT id, name, revoked FROM api_keys WHERE key_hash = ?"
+  ).get(tokenHash) as any;
+
+  if (!key) {
+    res.status(401).json({ error: "Invalid API key" });
+    return;
+  }
+
+  if (key.revoked) {
+    res.status(403).json({ error: "API key has been revoked" });
+    return;
+  }
+
+  // Update last_used_at
+  db.prepare("UPDATE api_keys SET last_used_at = datetime('now') WHERE id = ?").run(key.id);
+
+  req.keyId = key.id;
+  req.keyName = key.name;
+  next();
+}
+
+// ── POST /api/v1/keys — Generate a new API key ──
+
+router.post("/keys", (req: Request, res: Response) => {
+  const { name, email } = req.body || {};
+  const { key, hash, prefix } = generateApiKey();
+  const id = generateId();
+
+  db.prepare(
+    "INSERT INTO api_keys (id, key_hash, key_prefix, name, owner_email) VALUES (?, ?, ?, ?, ?)"
+  ).run(id, hash, prefix, name || "default", email || null);
+
+  res.status(201).json({
+    id,
+    key, // Only returned once — user must save it
+    prefix,
+    name: name || "default",
+    message: "Save this key — it cannot be retrieved later.",
+  });
+});
+
+// ── POST /api/v1/ingest — Real-time streaming ingest ──
+// Accepts batched observations and appends to project data files.
+// This enables `trickle run` to stream data to the cloud in real-time.
+
+router.post("/ingest", requireAuth, (req: AuthedRequest, res: Response) => {
+  const { project, file, lines } = req.body;
+
+  if (!project || !file || !lines) {
+    res.status(400).json({ error: "project, file, and lines required" });
+    return;
+  }
+
+  const projectId = `${req.keyId}:${project}`;
+
+  // Auto-create project
+  db.prepare(`
+    INSERT INTO projects (id, name, owner_key_id, updated_at)
+    VALUES (?, ?, ?, datetime('now'))
+    ON CONFLICT(id) DO UPDATE SET updated_at = datetime('now')
+  `).run(projectId, project, req.keyId);
+
+  // Append to existing content (or create new)
+  const existing = db.prepare(
+    "SELECT content FROM project_data WHERE project_id = ? AND filename = ?"
+  ).get(projectId, file) as any;
+
+  const newContent = typeof lines === "string" ? lines : (lines as string[]).join("\n") + "\n";
+  const content = existing ? existing.content + newContent : newContent;
+  const bytes = Buffer.byteLength(content, "utf-8");
+
+  db.prepare(`
+    INSERT INTO project_data (project_id, filename, content, size_bytes, pushed_at)
+    VALUES (?, ?, ?, ?, datetime('now'))
+    ON CONFLICT(project_id, filename) DO UPDATE SET
+      content = excluded.content,
+      size_bytes = excluded.size_bytes,
+      pushed_at = datetime('now')
+  `).run(projectId, file, content, bytes);
+
+  res.json({ ok: true, file, bytes });
+});
+
+// ── POST /api/v1/push — Upload project data (full replace) ──
+
+router.post("/push", requireAuth, (req: AuthedRequest, res: Response) => {
+  const { project, files, timestamp } = req.body;
+
+  if (!project || typeof project !== "string") {
+    res.status(400).json({ error: "project name required" });
+    return;
+  }
+  if (!files || typeof files !== "object") {
+    res.status(400).json({ error: "files object required" });
+    return;
+  }
+
+  const projectId = `${req.keyId}:${project}`;
+
+  // Upsert project
+  db.prepare(`
+    INSERT INTO projects (id, name, owner_key_id, updated_at)
+    VALUES (?, ?, ?, datetime('now'))
+    ON CONFLICT(id) DO UPDATE SET updated_at = datetime('now')
+  `).run(projectId, project, req.keyId);
+
+  // Upsert each file
+  const upsertFile = db.prepare(`
+    INSERT INTO project_data (project_id, filename, content, size_bytes, pushed_at)
+    VALUES (?, ?, ?, ?, datetime('now'))
+    ON CONFLICT(project_id, filename) DO UPDATE SET
+      content = excluded.content,
+      size_bytes = excluded.size_bytes,
+      pushed_at = datetime('now')
+  `);
+
+  let totalBytes = 0;
+  let fileCount = 0;
+
+  const insertMany = db.transaction(() => {
+    for (const [filename, content] of Object.entries(files)) {
+      if (typeof content !== "string") continue;
+      const bytes = Buffer.byteLength(content, "utf-8");
+      upsertFile.run(projectId, filename, content, bytes);
+      totalBytes += bytes;
+      fileCount++;
+    }
+  });
+  insertMany();
+
+  // Record push history
+  db.prepare(
+    "INSERT INTO push_history (project_id, key_id, file_count, total_bytes) VALUES (?, ?, ?, ?)"
+  ).run(projectId, req.keyId, fileCount, totalBytes);
+
+  const dashboardUrl = `${req.protocol}://${req.get("host")}/api/v1/dashboard/${encodeURIComponent(projectId)}`;
+
+  res.json({
+    ok: true,
+    project: projectId,
+    files: fileCount,
+    bytes: totalBytes,
+    url: dashboardUrl,
+  });
+});
+
+// ── GET /api/v1/pull — Download project data ──
+
+router.get("/pull", requireAuth, (req: AuthedRequest, res: Response) => {
+  const project = req.query.project as string;
+  if (!project) {
+    res.status(400).json({ error: "project query parameter required" });
+    return;
+  }
+
+  const projectId = `${req.keyId}:${project}`;
+
+  const rows = db.prepare(
+    "SELECT filename, content FROM project_data WHERE project_id = ?"
+  ).all(projectId) as any[];
+
+  if (rows.length === 0) {
+    res.status(404).json({ error: "No data found for this project" });
+    return;
+  }
+
+  const files: Record<string, string> = {};
+  for (const row of rows) {
+    files[row.filename] = row.content;
+  }
+
+  res.json({ project, files, fileCount: rows.length });
+});
+
+// ── GET /api/v1/projects — List projects ──
+
+router.get("/projects", requireAuth, (req: AuthedRequest, res: Response) => {
+  const rows = db.prepare(`
+    SELECT p.id, p.name, p.created_at, p.updated_at,
+      (SELECT COUNT(*) FROM project_data pd WHERE pd.project_id = p.id) as file_count,
+      (SELECT SUM(pd.size_bytes) FROM project_data pd WHERE pd.project_id = p.id) as total_bytes
+    FROM projects p
+    WHERE p.owner_key_id = ?
+    ORDER BY p.updated_at DESC
+  `).all(req.keyId) as any[];
+
+  res.json({
+    projects: rows.map((r: any) => ({
+      id: r.id,
+      name: r.name,
+      files: r.file_count || 0,
+      size: r.total_bytes || 0,
+      createdAt: r.created_at,
+      updatedAt: r.updated_at,
+    })),
+  });
+});
+
+// ── POST /api/v1/projects — Create project ──
+
+router.post("/projects", requireAuth, (req: AuthedRequest, res: Response) => {
+  const { name } = req.body;
+  if (!name) {
+    res.status(400).json({ error: "name required" });
+    return;
+  }
+
+  const projectId = `${req.keyId}:${name}`;
+
+  db.prepare(`
+    INSERT INTO projects (id, name, owner_key_id)
+    VALUES (?, ?, ?)
+    ON CONFLICT(id) DO NOTHING
+  `).run(projectId, name, req.keyId);
+
+  res.status(201).json({ id: projectId, name });
+});
+
+// ── POST /api/v1/share — Create shareable link ──
+
+router.post("/share", requireAuth, (req: AuthedRequest, res: Response) => {
+  const { project, expiresInHours } = req.body;
+  if (!project) {
+    res.status(400).json({ error: "project name required" });
+    return;
+  }
+
+  const projectId = `${req.keyId}:${project}`;
+
+  // Verify project exists
+  const proj = db.prepare("SELECT id FROM projects WHERE id = ?").get(projectId);
+  if (!proj) {
+    res.status(404).json({ error: "Project not found" });
+    return;
+  }
+
+  const shareId = generateId();
+  const expiresAt = expiresInHours
+    ? new Date(Date.now() + expiresInHours * 3600000).toISOString()
+    : null;
+
+  db.prepare(
+    "INSERT INTO share_links (id, project_id, created_by, expires_at) VALUES (?, ?, ?, ?)"
+  ).run(shareId, projectId, req.keyId!, expiresAt);
+
+  const shareUrl = `${req.protocol}://${req.get("host")}/api/v1/shared/${shareId}`;
+
+  res.status(201).json({
+    shareId,
+    url: shareUrl,
+    expiresAt,
+  });
+});
+
+// ── GET /api/v1/shared/:id — View shared data (no auth) ──
+
+router.get("/shared/:id", (req: Request, res: Response) => {
+  const link = db.prepare(`
+    SELECT sl.project_id, sl.expires_at, p.name as project_name
+    FROM share_links sl
+    JOIN projects p ON p.id = sl.project_id
+    WHERE sl.id = ?
+  `).get(req.params.id) as any;
+
+  if (!link) {
+    res.status(404).json({ error: "Share link not found" });
+    return;
+  }
+
+  if (link.expires_at && new Date(link.expires_at) < new Date()) {
+    res.status(410).json({ error: "Share link has expired" });
+    return;
+  }
+
+  const rows = db.prepare(
+    "SELECT filename, content FROM project_data WHERE project_id = ?"
+  ).all(link.project_id) as any[];
+
+  const files: Record<string, string> = {};
+  for (const row of rows) {
+    files[row.filename] = row.content;
+  }
+
+  // If request accepts HTML, serve dashboard
+  if (req.accepts("html")) {
+    res.send(generateDashboardHtml(link.project_name, files));
+    return;
+  }
+
+  res.json({ project: link.project_name, files, fileCount: rows.length });
+});
+
+// ── GET /api/v1/dashboard/:projectId — Authenticated dashboard ──
+
+router.get("/dashboard/:projectId", requireAuth, (req: AuthedRequest, res: Response) => {
+  const projectId = decodeURIComponent(req.params.projectId);
+
+  // Verify ownership
+  const proj = db.prepare(
+    "SELECT name FROM projects WHERE id = ? AND owner_key_id = ?"
+  ).get(projectId, req.keyId) as any;
+
+  if (!proj) {
+    res.status(404).json({ error: "Project not found" });
+    return;
+  }
+
+  const rows = db.prepare(
+    "SELECT filename, content FROM project_data WHERE project_id = ?"
+  ).all(projectId) as any[];
+
+  const files: Record<string, string> = {};
+  for (const row of rows) {
+    files[row.filename] = row.content;
+  }
+
+  if (req.accepts("html")) {
+    res.send(generateDashboardHtml(proj.name, files));
+    return;
+  }
+
+  res.json({ project: proj.name, files, fileCount: rows.length });
+});
+
+// ── Dashboard HTML generator ──
+
+function generateDashboardHtml(projectName: string, files: Record<string, string>): string {
+  // Parse data files
+  const parseJsonl = (content: string) =>
+    content.split("\n").filter(Boolean).map(l => { try { return JSON.parse(l); } catch { return null; } }).filter(Boolean);
+
+  const observations = files["observations.jsonl"] ? parseJsonl(files["observations.jsonl"]) : [];
+  const variables = files["variables.jsonl"] ? parseJsonl(files["variables.jsonl"]) : [];
+  const calltrace = files["calltrace.jsonl"] ? parseJsonl(files["calltrace.jsonl"]) : [];
+  const queries = files["queries.jsonl"] ? parseJsonl(files["queries.jsonl"]) : [];
+  const errors = files["errors.jsonl"] ? parseJsonl(files["errors.jsonl"]) : [];
+  const alerts = files["alerts.jsonl"] ? parseJsonl(files["alerts.jsonl"]) : [];
+  const profile = files["profile.jsonl"] ? parseJsonl(files["profile.jsonl"]) : [];
+  let environment: any = {};
+  try { if (files["environment.json"]) environment = JSON.parse(files["environment.json"]); } catch {}
+
+  const criticalAlerts = alerts.filter((a: any) => a.severity === "critical");
+  const warningAlerts = alerts.filter((a: any) => a.severity === "warning");
+  const endProfile = profile.find((p: any) => p.event === "end");
+
+  const status = criticalAlerts.length > 0 ? "critical" :
+    errors.length > 0 ? "error" :
+    warningAlerts.length > 0 ? "warning" : "healthy";
+
+  const statusColors: Record<string, string> = {
+    healthy: "#22c55e", warning: "#eab308", error: "#ef4444", critical: "#dc2626",
+  };
+
+  const slowFuncs = observations
+    .filter((o: any) => o.durationMs && o.durationMs > 10)
+    .sort((a: any, b: any) => (b.durationMs || 0) - (a.durationMs || 0))
+    .slice(0, 10);
+
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>${projectName} — trickle dashboard</title>
+<style>
+  * { margin: 0; padding: 0; box-sizing: border-box; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #0f1117; color: #e5e7eb; line-height: 1.5; }
+  .container { max-width: 1200px; margin: 0 auto; padding: 24px; }
+  h1 { font-size: 24px; font-weight: 600; margin-bottom: 8px; }
+  h2 { font-size: 18px; font-weight: 600; margin: 24px 0 12px; color: #9ca3af; }
+  .subtitle { color: #6b7280; font-size: 14px; margin-bottom: 24px; }
+  .grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 16px; margin-bottom: 24px; }
+  .card { background: #1f2937; border-radius: 8px; padding: 16px; border: 1px solid #374151; }
+  .card-label { font-size: 12px; color: #9ca3af; text-transform: uppercase; letter-spacing: 0.05em; }
+  .card-value { font-size: 28px; font-weight: 700; margin-top: 4px; }
+  .status-badge { display: inline-block; padding: 4px 12px; border-radius: 12px; font-size: 12px; font-weight: 600; text-transform: uppercase; }
+  table { width: 100%; border-collapse: collapse; }
+  th { text-align: left; padding: 8px 12px; font-size: 12px; color: #9ca3af; text-transform: uppercase; border-bottom: 1px solid #374151; }
+  td { padding: 8px 12px; border-bottom: 1px solid #1f2937; font-size: 14px; }
+  .mono { font-family: 'SF Mono', Monaco, Consolas, monospace; font-size: 13px; }
+  .bar { height: 8px; border-radius: 4px; background: #3b82f6; display: inline-block; min-width: 4px; }
+  .alert-critical { border-left: 3px solid #ef4444; }
+  .alert-warning { border-left: 3px solid #eab308; }
+  .error-card { background: #1f2937; border-left: 3px solid #ef4444; padding: 12px; margin-bottom: 8px; border-radius: 4px; }
+  .section { background: #1f2937; border-radius: 8px; padding: 16px; border: 1px solid #374151; margin-bottom: 16px; }
+  .tag { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 11px; background: #374151; color: #9ca3af; margin-right: 4px; }
+  footer { text-align: center; padding: 24px; color: #4b5563; font-size: 12px; }
+  a { color: #3b82f6; text-decoration: none; }
+</style>
+</head>
+<body>
+<div class="container">
+  <h1>${projectName}</h1>
+  <div class="subtitle">
+    <span class="status-badge" style="background: ${statusColors[status]}20; color: ${statusColors[status]}">${status.toUpperCase()}</span>
+    ${environment.node ? `<span class="tag">Node ${environment.node.version}</span>` : ""}
+    ${environment.python ? `<span class="tag">Python ${environment.python}</span>` : ""}
+    ${endProfile ? `<span class="tag">${Math.round((endProfile.rssKb || 0) / 1024)}MB RSS</span>` : ""}
+  </div>
+
+  <div class="grid">
+    <div class="card">
+      <div class="card-label">Functions</div>
+      <div class="card-value">${observations.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Variables</div>
+      <div class="card-value">${variables.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">DB Queries</div>
+      <div class="card-value">${queries.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Call Trace</div>
+      <div class="card-value">${calltrace.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Errors</div>
+      <div class="card-value" style="color: ${errors.length > 0 ? "#ef4444" : "#22c55e"}">${errors.length}</div>
+    </div>
+    <div class="card">
+      <div class="card-label">Alerts</div>
+      <div class="card-value" style="color: ${criticalAlerts.length > 0 ? "#ef4444" : warningAlerts.length > 0 ? "#eab308" : "#22c55e"}">${alerts.length}</div>
+    </div>
+  </div>
+
+  ${alerts.length > 0 ? `
+  <h2>Alerts</h2>
+  <div class="section">
+    ${alerts.map((a: any) => `
+      <div class="card ${a.severity === "critical" ? "alert-critical" : "alert-warning"}" style="margin-bottom: 8px;">
+        <strong>${a.severity === "critical" ? "CRITICAL" : "WARNING"}</strong>: ${escapeHtml(a.message || "")}
+        ${a.suggestion ? `<div style="color: #9ca3af; font-size: 13px; margin-top: 4px;">Fix: ${escapeHtml(a.suggestion)}</div>` : ""}
+      </div>
+    `).join("")}
+  </div>` : ""}
+
+  ${errors.length > 0 ? `
+  <h2>Errors</h2>
+  <div class="section">
+    ${errors.slice(0, 10).map((e: any) => `
+      <div class="error-card">
+        <strong class="mono">${escapeHtml(e.type || "Error")}</strong>: ${escapeHtml((e.message || "").substring(0, 200))}
+        ${e.function ? `<div style="color: #6b7280; font-size: 12px;">in ${escapeHtml(e.function)}</div>` : ""}
+      </div>
+    `).join("")}
+  </div>` : ""}
+
+  ${slowFuncs.length > 0 ? `
+  <h2>Performance Hotspots</h2>
+  <div class="section">
+    <table>
+      <thead><tr><th>Function</th><th>Module</th><th>Duration</th><th></th></tr></thead>
+      <tbody>
+        ${slowFuncs.map((f: any) => {
+          const pct = Math.round((f.durationMs / slowFuncs[0].durationMs) * 100);
+          return `<tr>
+            <td class="mono">${escapeHtml(f.functionName || "?")}</td>
+            <td>${escapeHtml(f.module || "?")}</td>
+            <td>${f.durationMs?.toFixed(0)}ms</td>
+            <td><div class="bar" style="width: ${pct}%"></div></td>
+          </tr>`;
+        }).join("")}
+      </tbody>
+    </table>
+  </div>` : ""}
+
+  ${observations.length > 0 ? `
+  <h2>Observed Functions</h2>
+  <div class="section">
+    <table>
+      <thead><tr><th>Function</th><th>Module</th><th>Duration</th></tr></thead>
+      <tbody>
+        ${observations.slice(0, 30).map((o: any) => `<tr>
+          <td class="mono">${escapeHtml(o.functionName || "?")}</td>
+          <td>${escapeHtml(o.module || "?")}</td>
+          <td>${o.durationMs ? o.durationMs.toFixed(0) + "ms" : "-"}</td>
+        </tr>`).join("")}
+      </tbody>
+    </table>
+  </div>` : ""}
+
+  ${queries.length > 0 ? `
+  <h2>Database Queries</h2>
+  <div class="section">
+    <table>
+      <thead><tr><th>Query</th><th>Duration</th></tr></thead>
+      <tbody>
+        ${queries.slice(0, 20).map((q: any) => `<tr>
+          <td class="mono" style="max-width: 600px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">${escapeHtml((q.query || q.sql || "?").substring(0, 100))}</td>
+          <td>${q.durationMs ? q.durationMs.toFixed(1) + "ms" : "-"}</td>
+        </tr>`).join("")}
+      </tbody>
+    </table>
+  </div>` : ""}
+</div>
+<footer>Powered by <a href="https://github.com/yiheinchai/trickle">trickle</a> — runtime observability</footer>
+</body>
+</html>`;
+}
+
+function escapeHtml(s: string): string {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+
+export default router;

package/src/server.ts

@@ -13,6 +13,7 @@ import dashboardRouter from "./routes/dashboard";
 import coverageRouter from "./routes/coverage";
 import auditRouter from "./routes/audit";
 import searchRouter from "./routes/search";
+import cloudRouter from "./routes/cloud";
 
 const app = express();
 
@@ -31,6 +32,7 @@ app.use("/dashboard", dashboardRouter);
 app.use("/api/coverage", coverageRouter);
 app.use("/api/audit", auditRouter);
 app.use("/api/search", searchRouter);
+app.use("/api/v1", cloudRouter);
 
 // Health check
 app.get("/api/health", (_req, res) => {