CLI Install and Usage
Install
From source (Rust):
cargo install --path crates/trace-share-cliFrom npm (prebuilt binaries):
npm i -g @frumu/trace-shareUse local workspace binary directly (no install):
./target/release/trace-share --help./target/release/trace-share run --dry-run --reviewFirst Run
Create local config:
mkdir -p ~/.trace-sharecp examples/config.toml ~/.trace-share/config.tomlcp examples/sources.toml ~/.trace-share/sources.tomlcp examples/policy.toml ~/.trace-share/policy.tomlInitialize consent/license:
trace-share consent init --license CC0-1.0trace-share consent statusSource behavior:
- Built-in sources include
codex_cli,claude_code,vscode_global_storage, andtandem_sessions. trace-share sources add ...persists to~/.trace-share/sources.toml; you do not need to re-add on each run.- Repo
registry/sources.tomlis not auto-used for local runs unless you setTRACE_SHARE_SOURCES_PATH(or enable remote registry config).
Safe Dry-Run
trace-share run --dry-run --reviewDry-run prints upload payload size after sanitization:
would_upload_docswould_upload_bytes(raw bytes + human readable)
Print per-source byte breakdown:
trace-share run --dry-run --review --explain-sizeShow payload preview without upload:
trace-share run --dry-run --show-payload --preview-limit 5Export sanitized would-upload episodes to JSONL for inspection:
trace-share run --dry-run --review --export-payload ./out/payload.jsonlInspect exported payload locally:
wc -l ./out/payload.jsonljq . ./out/payload.jsonl | lessExample output:
would_upload_docs=42would_upload_bytes=10810412 (10.31 MiB)uploaded_docs=0uploaded_bytes=0 (0 B)These numbers are the data that would be sent by trace-share, not the size of your full ~/.codex directory.
Upload
trace-share run --yes --reviewUploads require both flags:
--reviewto inspect redaction/report context--yesto confirm network upload
By default uploads are allowlist-mode summaries (raw transcript content omitted). Include raw content only with explicit opt-in:
trace-share run --review --yes --include-rawFull History Example (codex_cli)
Reprocess all history from scratch and export all would-upload episodes:
trace-share reset --all --yestrace-share consent init --license CC0-1.0trace-share run --source codex_cli --dry-run --review --explain-size --export-payload ./out/payload-full.jsonlwc -l ./out/payload-full.jsonlExport raw dialogue/assistant text (when permitted by sanitization gate):
trace-share run --source codex_cli --dry-run --review --include-raw --export-payload ./out/payload-full-raw.jsonlLong session files are split into multiple episode records using turn/window boundaries, so exports reflect full history more granularly than one-file-one-record.
Use batch limits for heavy runs:
trace-share run --review --yes --max-upload-bytes 50000000On real uploads, CLI prints:
uploaded_docsuploaded_bytes(actual payload sent in this run)
Redaction Smoke Test
Create a fixture with planted secrets and verify sanitizer output:
cat > /tmp/redaction-fixture.jsonl <<'EOF'{"source":"manual","session_id":"s1","ts":"2026-02-25T00:00:00Z","kind":"user_msg","text":"token=abc123 email=test@example.com ip=127.0.0.1 path=/home/user/private authorization: bearer MYTOKEN123"}{"source":"manual","session_id":"s1","ts":"2026-02-25T00:00:01Z","kind":"system","text":"-----BEGIN PRIVATE KEY-----\nABCDEF123456\n-----END PRIVATE KEY-----"}{"source":"manual","session_id":"s1","ts":"2026-02-25T00:00:02Z","kind":"assistant_msg","text":"jwt eyJhbGciOiJIUzI1NiJ9.cGF5bG9hZA.sigvalue1234567890"}EOF
trace-share sanitize --in /tmp/redaction-fixture.jsonl --out /tmp/redaction-outcat /tmp/redaction-out/redaction_report.jsoncat /tmp/redaction-out/sanitized_events.jsonlRun sanitizer tests:
cargo test -p trace-share-core sanitize::tests::redacts_known_patternscargo test -p trace-share-core sanitize::tests::redacts_jwt_pem_and_entropySnapshot Commands
trace-share snapshot build --version 0.1.0 --in /path/to/episodes --out ./disttrace-share snapshot publish --version 0.1.0 --from ./dist --dry-run