feat(proxy): transparent Anthropic proxy — first slice of #207

crates/tracevault-cli/src/commands/mod.rs

@@ -5,6 +5,7 @@ pub mod flush;
 pub mod init;
 pub mod login;
 pub mod logout;
+pub mod proxy;
 pub mod stats;
 pub mod status;
 pub mod stream;

crates/tracevault-cli/src/commands/proxy.rs

@@ -0,0 +1,64 @@
+//! `tracevault proxy info` — print the TraceVault LLM proxy configuration
+//! a user needs to point their AI tool (Claude Code, GSD2, Cursor, etc.) at
+//! the proxy.
+//!
+//! Read-only and purely local: never calls the network. Output is intended
+//! to be copy-pasted directly into a shell or tool config.
+
+use crate::credentials::Credentials;
+
+const ANSI_BOLD: &str = "\x1b[1m";
+const ANSI_DIM: &str = "\x1b[2m";
+const ANSI_RESET: &str = "\x1b[0m";
+
+/// Print the proxy configuration. Returns process exit code: 0 on success,
+/// 1 when no credentials are available (user has not logged in).
+pub fn run_proxy_info() -> i32 {
+    let creds = match Credentials::load() {
+        Some(c) => c,
+        None => {
+            eprintln!(
+                "Not logged in. Run `tracevault login --server-url <url>` first \
+                 to obtain a TraceVault session token, then try again."
+            );
+            eprintln!(
+                "Credentials file expected at: {}",
+                Credentials::path().display()
+            );
+            return 1;
+        }
+    };
+
+    let server_url = creds.server_url.trim_end_matches('/');
+    let proxy_url = format!("{server_url}/proxy/anthropic");
+    let creds_path = Credentials::path();
+
+    println!("{ANSI_BOLD}TraceVault LLM Proxy{ANSI_RESET}");
+    println!();
+    println!("  Server:           {server_url}");
+    println!("  Proxy base URL:   {ANSI_BOLD}{proxy_url}{ANSI_RESET}");
+    println!("  Credentials file: {}", creds_path.display());
+    println!();
+    println!("{ANSI_BOLD}Setup{ANSI_RESET}");
+    println!();
+    println!("  1. Configure your Anthropic API key once at:");
+    println!("       {server_url}/me/proxy");
+    println!();
+    println!("  2. Set these environment variables for your AI tool:");
+    println!();
+    println!("       {ANSI_BOLD}export ANTHROPIC_BASE_URL=\"{proxy_url}\"{ANSI_RESET}");
+    println!(
+        "       {ANSI_BOLD}export ANTHROPIC_API_KEY=\"<your TraceVault session token>\"{ANSI_RESET}"
+    );
+    println!();
+    println!(
+        "     {ANSI_DIM}Your TraceVault session token lives in {} as the \"token\" field.{ANSI_RESET}",
+        creds_path.display()
+    );
+    println!();
+    println!("  3. Run your AI tool as usual. Requests go through TraceVault and are");
+    println!("     forwarded to api.anthropic.com using the Anthropic key you stored");
+    println!("     in step 1.");
+
+    0
+}

crates/tracevault-cli/src/main.rs

@@ -94,6 +94,18 @@ enum Cli {
     /// policies configured on the TraceVault server.
     #[command(name = "agent-policies")]
     AgentPolicies,
+    /// LLM proxy commands.
+    Proxy {
+        #[command(subcommand)]
+        cmd: ProxyCmd,
+    },
+}
+
+#[derive(clap::Subcommand)]
+enum ProxyCmd {
+    /// Print the proxy URL and setup instructions for AI tools (Claude Code,
+    /// GSD2, Cursor, Codex CLI, etc.).
+    Info,
 }
 
 #[tokio::main]
@@ -212,5 +224,13 @@ async fn main() {
                 std::process::exit(1);
             }
         }
+        Cli::Proxy { cmd } => match cmd {
+            ProxyCmd::Info => {
+                let code = commands::proxy::run_proxy_info();
+                if code != 0 {
+                    std::process::exit(code);
+                }
+            }
+        },
     }
 }

crates/tracevault-cli/tests/init_test.rs

@@ -11,8 +11,13 @@ fn tmp_git_repo() -> TempDir {
 #[tokio::test]
 async fn init_fails_without_git() {
     let tmp = TempDir::new().unwrap();
-    let result =
-        tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false).await;
+    let result = tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await;
     assert!(result.is_err());
     assert!(result
         .unwrap_err()
@@ -25,9 +30,14 @@ async fn init_creates_tracevault_config() {
     let tmp = tmp_git_repo();
     let config_path = tmp.path().join(".tracevault").join("config.toml");
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     assert!(config_path.exists());
     let content = fs::read_to_string(&config_path).unwrap();
@@ -38,9 +48,14 @@ async fn init_creates_tracevault_config() {
 async fn init_creates_directory_structure() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     assert!(tmp.path().join(".tracevault").exists());
     assert!(tmp.path().join(".tracevault/sessions").exists());
@@ -56,9 +71,14 @@ async fn init_creates_directory_structure() {
 async fn init_installs_claude_hooks() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let settings_path = tmp.path().join(".claude/settings.json");
     assert!(settings_path.exists());
@@ -80,9 +100,14 @@ async fn init_merges_into_existing_settings() {
     fs::create_dir_all(&claude_dir).unwrap();
     fs::write(claude_dir.join("settings.json"), r#"{"model": "opus"}"#).unwrap();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let content = fs::read_to_string(claude_dir.join("settings.json")).unwrap();
     let settings: serde_json::Value = serde_json::from_str(&content).unwrap();
@@ -105,9 +130,14 @@ fn tracevault_hooks_has_pre_post_and_notification() {
 async fn init_installs_git_pre_push_hook() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let hook_path = tmp.path().join(".git/hooks/pre-push");
     assert!(hook_path.exists());
@@ -133,9 +163,14 @@ async fn init_preserves_existing_pre_push_hook() {
     )
     .unwrap();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let content = fs::read_to_string(hooks_dir.join("pre-push")).unwrap();
     // Existing content preserved
@@ -150,12 +185,22 @@ async fn init_preserves_existing_pre_push_hook() {
 async fn init_does_not_duplicate_hook_on_reinit() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let content = fs::read_to_string(tmp.path().join(".git/hooks/pre-push")).unwrap();
     let marker_count = content.matches("# tracevault:enforce").count();
@@ -169,9 +214,14 @@ async fn init_does_not_duplicate_hook_on_reinit() {
 async fn init_installs_post_commit_hook() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let hook_path = tmp.path().join(".git/hooks/post-commit");
     assert!(hook_path.exists());
@@ -186,12 +236,22 @@ async fn init_installs_post_commit_hook() {
 async fn init_does_not_duplicate_post_commit_hook_on_reinit() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, false)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        false,
+    )
+    .await
+    .unwrap();
 
     let content = fs::read_to_string(tmp.path().join(".git/hooks/post-commit")).unwrap();
     let marker_count = content.matches("# tracevault:post-commit").count();
@@ -280,7 +340,7 @@ async fn init_writes_server_url_to_config() {
     tracevault_cli::commands::init::init_in_directory(
         tmp.path(),
         Some("https://tv.example.com"),
-        None,
+        Some(ClaudeSettingsTarget::Shared),
         false,
     )
     .await
@@ -295,9 +355,14 @@ async fn init_writes_server_url_to_config() {
 async fn init_no_gitignore_skips_gitignore_update() {
     let tmp = tmp_git_repo();
 
-    tracevault_cli::commands::init::init_in_directory(tmp.path(), None, None, true)
-        .await
-        .unwrap();
+    tracevault_cli::commands::init::init_in_directory(
+        tmp.path(),
+        None,
+        Some(ClaudeSettingsTarget::Shared),
+        true,
+    )
+    .await
+    .unwrap();
 
     // .gitignore should not exist (tmp_git_repo creates a bare repo without one)
     // or should not contain any tracevault entries if it already existed

crates/tracevault-server/Cargo.toml

@@ -30,7 +30,7 @@ ed25519-dalek = { version = "2", features = ["rand_core"] }
 rand = "0.8"
 base64 = "0.22"
 git2 = "0.20"
-reqwest = { version = "0.13", features = ["json"] }
+reqwest = { version = "0.13", features = ["json", "stream"] }
 async-trait = "0.1"
 aes-gcm = "0.10"
 dotenvy = "0.15.7"

crates/tracevault-server/migrations/024_user_anthropic_keys.sql

@@ -0,0 +1,14 @@
+-- Per-user Anthropic API keys, used by the transparent LLM proxy
+-- (issue softwaremill/tracevault#207, parent #181).
+--
+-- One row per user. Key stored encrypted at rest (AES-256-GCM via
+-- the existing encryption.rs path; same encryption_key env var as
+-- org signing keys / SSO client secrets). The plaintext key never
+-- leaves the proxy hot path and is never returned through any API.
+CREATE TABLE user_anthropic_keys (
+    user_id UUID PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE,
+    key_encrypted TEXT NOT NULL,
+    key_nonce TEXT NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);