write mutations — see Safe mutations.
Create a bucket
The bucket’sinternal_domain is its receiving URL — point the provider at https://<internal_domain>. The name is a positional argument, not a flag.
bucket.id (needed to attach a forwarder) and bucket.slug (used by every diagnostic command).
--response-mode decides how the bucket answers the provider:QUEUE(default) — acknowledge immediately with--ack-status-code/--ack-body, then forward asynchronously. Best for reliability.PROXY— forward synchronously and return the target’s response, bounded by--proxy-timeout-ms. Use only when the provider needs the real downstream response.
Create a forwarder
Attach a forwarder to the bucket by slug. Bucket ID is accepted for compatibility, but agents should prefer the slug fromrepost bucket list. The name is positional; for an EXTERNAL forwarder (the default type), --target is required.
| Flag | Default | Controls |
|---|---|---|
--max-retries | 3 | Delivery attempts before a row reaches the DLQ. |
--retry-delay-ms | 15000 | Initial backoff before the first retry. |
--retry-backoff | 2.0 | Multiplier applied to each successive delay. |
--retry-max-delay-ms | 900000 | Ceiling on backoff (15 min). |
--rate-limit-per-second | 0 (off) | Max deliveries/sec from this forwarder. |
--http-timeout-ms | 30000 | Per-attempt request timeout. |
--rate-limit-per-second is a persistent cap on all deliveries from this forwarder — it’s what tames the burst when you resume after a deploy. It is not the same as replay --rate, which throttles a single replay job.Provision idempotently
init is idempotent; the individual create commands are not.
List before creating
repost bucket list --json and repost forwarder list --bucket <bucket-slug> --json. Match on name / slug / target_url.Create only the gap
If the bucket exists, reuse its
id. If a forwarder with that target exists, reuse it. Create only what the lists do not already contain.Inspect the topology
bucket get returns the bucket plus its active forwarders — the authoritative view of one route.
Verify end to end
Provisioning is not done until a real request flows through. Send a test webhook tohttps://<internal_domain>, then confirm both halves:
A clean
expect (exit 0) proves the bucket received the request. Running forwards chain on that event_id then shows the delivery attempt — a SUCCEEDED status proves the forwarder delivered. Together they confirm the route is live end to end. (Filter failures with forwards search --failed, not a status: query — see Search & filters.)Continue
Guard deployments
Pause and resume the forwarders you just created.
Diagnose webhooks
Inspect what the new route receives and delivers.
Forwarders
Path modes, transforms, and the complete forwarder model.