use std::net::SocketAddr;
use clap::Parser;
use tf_proxy::{run, Mode, ProxyConfig, ProxyState};
use tracing_subscriber::layer::SubscriberExt;
use tracing_subscriber::EnvFilter;
#[derive(Parser, Debug)]
#[command(
name = "tf-proxy",
version,
about = "TrustForge enforcement reverse proxy"
)]
struct Cli {
#[arg(long, default_value = "0.0.0.0:8080")]
listen: SocketAddr,
#[arg(long)]
upstream: String,
#[arg(long, default_value = "http://127.0.0.1:8642")]
daemon: String,
#[arg(long, env = "TF_ADMIN_TOKEN")]
admin_token: Option<String>,
#[arg(long, default_value = "tf-home-compatible")]
profile: String,
#[arg(long, default_value = "observe-only")]
mode: Mode,
#[arg(long)]
tls_cert: Option<String>,
#[arg(long)]
tls_key: Option<String>,
#[arg(long, env = "OTEL_EXPORTER_OTLP_ENDPOINT")]
otlp_endpoint: Option<String>,
}
#[tokio::main]
async fn main() -> std::io::Result<()> {
let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
let cli = Cli::parse();
let otel = tf_otel::init_otel("tf-proxy", cli.otlp_endpoint.as_deref())
.map_err(|e| std::io::Error::other(format!("otel init: {e}")))?;
let env_filter =
EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info,tf_proxy=info"));
let subscriber = tracing_subscriber::registry()
.with(env_filter)
.with(tracing_subscriber::fmt::layer())
.with(otel.tracing_layer());
let _ = tracing::subscriber::set_global_default(subscriber);
let cfg = ProxyConfig {
listen: cli.listen,
upstream: cli.upstream,
daemon: cli.daemon,
admin_token: cli.admin_token,
profile: cli.profile,
mode: cli.mode,
tls_cert: cli.tls_cert,
tls_key: cli.tls_key,
};
let state = ProxyState::new(cfg);
state.set_otel(otel.clone());
let result = run(state).await;
otel.shutdown();
result
}