@geekbeer/minion 1.5.0 → 1.6.0

package/minion-cli.sh

@@ -4,16 +4,17 @@
 # CLI tool for interacting with and setting up the minion agent
 #
 # Usage:
-#   minion-cli setup [options]               # Set up minion agent service
-#   minion-cli start                         # Start agent service
-#   minion-cli stop                          # Stop agent service
-#   minion-cli restart                       # Restart agent service
+#   sudo minion-cli setup [options]          # Set up minion agent service (root)
+#   sudo minion-cli start                    # Start agent service (root)
+#   sudo minion-cli stop                     # Stop agent service (root)
+#   sudo minion-cli restart                  # Restart agent service (root)
 #   minion-cli status                        # Get current status
 #   minion-cli health                        # Health check
 #   minion-cli set-status busy "Running X"   # Set status and task
 #   minion-cli set-status online             # Set status only
 #
 # Setup options:
+#   --user <USERNAME>     Target user for the agent (required when running as root)
 #   --hq-url <URL>        HQ server URL (optional, omit for standalone mode)
 #   --minion-id <UUID>    Minion ID (optional)
 #   --api-token <TOKEN>   API token (optional)
@@ -24,13 +25,10 @@ set -euo pipefail
 # Ensure HOME is set (cloud-init may not set it)
 export HOME="${HOME:-$(getent passwd "$(whoami)" | cut -d: -f6)}"
 
-# Detect target user: when running as root (e.g., cloud-init), install user-level
-# tools for the 'ubuntu' user instead of root
-if [ "$(id -u)" -eq 0 ] && getent passwd ubuntu &>/dev/null; then
-  TARGET_USER="ubuntu"
-  TARGET_HOME=$(getent passwd "$TARGET_USER" | cut -d: -f6)
-  RUN_AS="sudo -u $TARGET_USER"
-elif [ "$(id -u)" -eq 0 ]; then
+# Detect target user
+# Resolved after argument parsing in do_setup (--user flag may override)
+# For non-setup commands, use current user
+if [ "$(id -u)" -eq 0 ]; then
   TARGET_USER="root"
   TARGET_HOME="$HOME"
   RUN_AS=""
@@ -50,8 +48,16 @@ if [ "$(id -u)" -ne 0 ] && command -v sudo &>/dev/null; then
   SUDO="sudo"
 fi
 
+# Require root for service management commands
+require_root() {
+  if [ "$(id -u)" -ne 0 ]; then
+    echo "Error: 'minion-cli $1' requires root privileges."
+    echo "Usage: sudo minion-cli $1"
+    exit 1
+  fi
+}
+
 # Detect process manager: systemd or supervisord
-# Detect process manager
 # Check if systemd is actually running (not just installed)
 # /run/systemd/system exists only when systemd is the init system
 SERVICE_NAME="minion-agent"
@@ -68,10 +74,10 @@ svc_control() {
   local action="$1"
   case "$PROC_MGR" in
     systemd)
-      $SUDO systemctl "$action" "$SERVICE_NAME"
+      systemctl "$action" "$SERVICE_NAME"
       ;;
     supervisord)
-      $SUDO supervisorctl "$action" "$SERVICE_NAME"
+      supervisorctl "$action" "$SERVICE_NAME"
       ;;
     *)
       echo "Error: No supported process manager found (systemd or supervisord)"
@@ -89,12 +95,17 @@ do_setup() {
   local HQ_URL=""
   local MINION_ID=""
   local API_TOKEN=""
+  local CLI_USER=""
   local SETUP_TUNNEL=false
   local ARGS_PROVIDED=false
 
   # Parse arguments
   while [[ $# -gt 0 ]]; do
     case "$1" in
+      --user)
+        CLI_USER="$2"
+        shift 2
+        ;;
       --hq-url)
         HQ_URL="$2"
         ARGS_PROVIDED=true
@@ -120,12 +131,47 @@ do_setup() {
         ;;
       *)
         echo "Unknown option: $1"
-        echo "Usage: minion-cli setup [--hq-url <URL>] [--minion-id <UUID>] [--api-token <TOKEN>] [--setup-tunnel]"
+        echo "Usage: minion-cli setup --user <USERNAME> [--hq-url <URL>] [--minion-id <UUID>] [--api-token <TOKEN>] [--setup-tunnel]"
         exit 1
         ;;
     esac
   done
 
+  # Resolve target user for setup
+  if [ -n "$CLI_USER" ]; then
+    # Explicit --user flag provided
+    TARGET_USER="$CLI_USER"
+    TARGET_HOME=$(getent passwd "$TARGET_USER" | cut -d: -f6)
+    if [ -z "$TARGET_HOME" ]; then
+      echo "ERROR: User '$TARGET_USER' does not exist on this system."
+      echo "Create the user first: sudo useradd -m -s /bin/bash $TARGET_USER"
+      exit 1
+    fi
+    if [ "$(id -u)" -eq 0 ] && [ "$TARGET_USER" != "root" ]; then
+      RUN_AS="sudo -u $TARGET_USER"
+    fi
+  elif [ "$(id -u)" -eq 0 ]; then
+    # Running as root without --user
+    if [ "$PROC_MGR" = "supervisord" ]; then
+      # Container environment (supervisord) - allow root for backward compatibility
+      echo "  NOTE: Running as root in container environment (supervisord detected)"
+      TARGET_USER="root"
+      TARGET_HOME="$HOME"
+      RUN_AS=""
+    else
+      echo "ERROR: Running as root without --user flag is not supported."
+      echo ""
+      echo "Usage: sudo minion-cli setup --user <USERNAME> [--hq-url <URL>] ..."
+      echo ""
+      echo "The --user flag specifies which system user the minion agent will run as."
+      echo "This user must already exist. Example:"
+      echo "  sudo useradd -m -s /bin/bash minion"
+      echo "  sudo minion-cli setup --user minion --hq-url https://..."
+      exit 1
+    fi
+  fi
+  # Non-root case: TARGET_USER is already set to $(whoami)
+
   # Preserve existing .env values if no arguments were provided (redeploy scenario)
   if [ "$ARGS_PROVIDED" = false ] && [ -f /opt/minion-agent/.env ]; then
     echo "Reading existing .env values (redeploy mode)..."
@@ -142,6 +188,7 @@ do_setup() {
   echo "========================================="
   echo " @geekbeer/minion Setup"
   echo "========================================="
+  echo "User: $TARGET_USER ($TARGET_HOME)"
 
   if [ -n "$HQ_URL" ]; then
     echo "Mode: Connected to HQ ($HQ_URL)"
@@ -202,6 +249,7 @@ do_setup() {
   # Step 3: Create config directory
   echo "[3/${TOTAL_STEPS}] Creating config directory..."
   $SUDO mkdir -p /opt/minion-agent
+  $SUDO chown "${TARGET_USER}:${TARGET_USER}" /opt/minion-agent 2>/dev/null || true
   echo "  -> /opt/minion-agent/ created"
 
   # Step 4: Generate .env file
@@ -222,6 +270,7 @@ do_setup() {
 
   ENV_CONTENT+="AGENT_PORT=3001\n"
   ENV_CONTENT+="HEARTBEAT_INTERVAL=30\n"
+  ENV_CONTENT+="MINION_USER=${TARGET_USER}\n"
 
   echo -e "$ENV_CONTENT" | $SUDO tee /opt/minion-agent/.env > /dev/null
   echo "  -> /opt/minion-agent/.env generated"
@@ -240,19 +289,39 @@ do_setup() {
 
   case "$PROC_MGR" in
     systemd)
+      # Create tmux-init service (ensures 'main' session exists)
+      $SUDO tee /etc/systemd/system/tmux-init.service > /dev/null <<TMUXEOF
+[Unit]
+Description=tmux session initialization (main)
+After=network.target
+
+[Service]
+Type=oneshot
+User=${TARGET_USER}
+RemainAfterExit=yes
+ExecStart=/bin/bash -c 'tmux has-session -t main 2>/dev/null || tmux new-session -d -s main; tmux set-option -g mouse on'
+
+[Install]
+WantedBy=multi-user.target
+TMUXEOF
+      echo "  -> /etc/systemd/system/tmux-init.service created"
+
+      # Create minion-agent service
       $SUDO tee /etc/systemd/system/minion-agent.service > /dev/null <<SVCEOF
 [Unit]
 Description=Minion Agent API (@geekbeer/minion)
-After=network.target
+After=network.target tmux-init.service
+Wants=tmux-init.service
 
 [Service]
 Type=simple
-User=root
+User=${TARGET_USER}
 WorkingDirectory=/opt/minion-agent
 ExecStart=/usr/bin/node ${SERVER_PATH}
 Restart=always
 RestartSec=10
 EnvironmentFile=/opt/minion-agent/.env
+Environment=MINION_USER=${TARGET_USER}
 
 [Install]
 WantedBy=multi-user.target
@@ -268,12 +337,20 @@ SVCEOF
         [[ -z "$key" || "$key" == \#* ]] && continue
         ENV_PAIRS+=("${key}=\"${value}\"")
       done < /opt/minion-agent/.env
+
       ENV_LINE+="$(IFS=,; echo "${ENV_PAIRS[*]}")"
 
+      # Build user line (omit for root)
+      local USER_LINE=""
+      if [ "$TARGET_USER" != "root" ]; then
+        USER_LINE="user=${TARGET_USER}"
+      fi
+
       $SUDO tee /etc/supervisor/conf.d/minion-agent.conf > /dev/null <<SUPEOF
 [program:minion-agent]
 command=/usr/bin/node ${SERVER_PATH}
 directory=/opt/minion-agent
+${USER_LINE}
 ${ENV_LINE}
 autorestart=true
 priority=500
@@ -295,6 +372,8 @@ SUPEOF
   case "$PROC_MGR" in
     systemd)
       $SUDO systemctl daemon-reload
+      $SUDO systemctl enable tmux-init
+      $SUDO systemctl start tmux-init
       $SUDO systemctl enable minion-agent
       $SUDO systemctl start minion-agent
       ;;
@@ -438,11 +517,13 @@ SUPEOF
   echo " Setup Complete!"
   echo "========================================="
   echo ""
+  echo "Agent user: $TARGET_USER"
+  echo ""
   echo "Useful commands:"
   echo "  minion-cli status                     # Agent status"
   echo "  minion-cli health                     # Health check"
-  echo "  minion-cli restart                    # Restart agent"
-  echo "  minion-cli stop                       # Stop agent"
+  echo "  sudo minion-cli restart               # Restart agent"
+  echo "  sudo minion-cli stop                  # Stop agent"
   if [ "$PROC_MGR" = "systemd" ]; then
     echo "  journalctl -u minion-agent -f         # View logs"
   else
@@ -487,16 +568,19 @@ case "${1:-}" in
     ;;
 
   start)
+    require_root start
     svc_control start
     echo "minion-agent started ($PROC_MGR)"
     ;;
 
   stop)
+    require_root stop
     svc_control stop
     echo "minion-agent stopped ($PROC_MGR)"
     ;;
 
   restart)
+    require_root restart
     svc_control restart
     echo "minion-agent restarted ($PROC_MGR)"
     ;;
@@ -505,16 +589,17 @@ case "${1:-}" in
     echo "Minion Agent CLI (@geekbeer/minion) v${CLI_VERSION}"
     echo ""
     echo "Usage:"
-    echo "  minion-cli setup [options]                # Set up agent service"
-    echo "  minion-cli start                          # Start agent service"
-    echo "  minion-cli stop                           # Stop agent service"
-    echo "  minion-cli restart                        # Restart agent service"
+    echo "  sudo minion-cli setup [options]           # Set up agent service (root)"
+    echo "  sudo minion-cli start                     # Start agent service (root)"
+    echo "  sudo minion-cli stop                      # Stop agent service (root)"
+    echo "  sudo minion-cli restart                   # Restart agent service (root)"
     echo "  minion-cli status                         # Get current status"
     echo "  minion-cli health                         # Health check"
     echo "  minion-cli set-status <status> [task]     # Set status and optional task"
     echo "  minion-cli --version                      # Show version"
     echo ""
     echo "Setup options:"
+    echo "  --user <USERNAME>     Target user for the agent (required when running as root)"
     echo "  --hq-url <URL>        HQ server URL (optional)"
     echo "  --minion-id <UUID>    Minion ID (optional)"
     echo "  --api-token <TOKEN>   API token (optional)"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "server.js",
   "bin": {

package/routes/commands.js

@@ -4,7 +4,6 @@
  * Endpoints:
  * - GET  /api/commands      - List available commands
  * - POST /api/command       - Execute a whitelisted command
- * - POST /api/vnc-password  - Change VNC password
  */
 
 const { exec } = require('child_process')
@@ -12,7 +11,7 @@ const { promisify } = require('util')
 const execAsync = promisify(exec)
 
 const { verifyToken } = require('../lib/auth')
-const { SUDO, detectProcessManager, buildAllowedCommands } = require('../lib/process-manager')
+const { detectProcessManager, buildAllowedCommands } = require('../lib/process-manager')
 
 const PROC_MGR = detectProcessManager()
 const ALLOWED_COMMANDS = buildAllowedCommands(PROC_MGR)
@@ -109,54 +108,6 @@ async function commandRoutes(fastify) {
     }
   })
 
-  // Change VNC password
-  fastify.post('/api/vnc-password', async (request, reply) => {
-    if (!verifyToken(request)) {
-      reply.code(401)
-      return { success: false, error: 'Unauthorized' }
-    }
-
-    const { password } = request.body || {}
-
-    if (!password || password.length < 1) {
-      reply.code(400)
-      return { success: false, error: 'password is required' }
-    }
-
-    console.log('[VNC] Changing VNC password')
-
-    try {
-      // Escape single quotes in password for shell safety
-      const escapedPassword = password.replace(/'/g, "'\\''")
-
-      // Use x11vnc to store the new password
-      await execAsync(
-        `x11vnc -storepasswd '${escapedPassword}' ~/.vnc/passwd`,
-        { timeout: 10000 }
-      )
-
-      // Restart x11vnc to apply the new password
-      if (PROC_MGR === 'systemd') {
-        await execAsync(`${SUDO}systemctl restart x11vnc`, { timeout: 10000 })
-      } else if (PROC_MGR === 'supervisord') {
-        await execAsync(`${SUDO}supervisorctl restart x11vnc`, { timeout: 10000 })
-      }
-
-      console.log('[VNC] Password changed successfully')
-
-      return {
-        success: true,
-        message: 'VNC password changed successfully',
-      }
-    } catch (error) {
-      console.error(`[VNC] Failed to change password: ${error.message}`)
-      reply.code(500)
-      return {
-        success: false,
-        error: error.message,
-      }
-    }
-  })
 }
 
 /**

package/routes/index.js

@@ -13,7 +13,6 @@
  * Commands (routes/commands.js)
  *   GET  /api/commands            - List available commands (auth required)
  *   POST /api/command             - Execute a whitelisted command (auth required)
- *   POST /api/vnc-password        - Change VNC password (auth required)
  *
  * Skills (routes/skills.js)
  *   GET  /api/list-skills         - List deployed skills (auth required)

package/routes/terminal.js

@@ -16,6 +16,7 @@
 
 const { exec, spawn } = require('child_process')
 const { promisify } = require('util')
+const net = require('net')
 const os = require('os')
 const execAsync = promisify(exec)
 
@@ -38,16 +39,35 @@ const ttydProcesses = new Map()
 const TTYD_BASE_PORT = 7682
 
 /**
- * Find an available port for ttyd
- * @returns {number} Available port
+ * Check if a port is available by attempting to bind to it
+ * @param {number} port
+ * @returns {Promise<boolean>}
+ */
+function isPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = net.createServer()
+    server.once('error', () => resolve(false))
+    server.once('listening', () => {
+      server.close(() => resolve(true))
+    })
+    server.listen(port, '0.0.0.0')
+  })
+}
+
+/**
+ * Find an available port for ttyd (checks OS-level availability)
+ * @returns {Promise<number>} Available port
  */
-function findAvailablePort() {
+async function findAvailablePort() {
   const usedPorts = new Set([...ttydProcesses.values()].map(p => p.port))
   let port = TTYD_BASE_PORT
-  while (usedPorts.has(port)) {
+  while (port < TTYD_BASE_PORT + 100) {
+    if (!usedPorts.has(port) && await isPortAvailable(port)) {
+      return port
+    }
     port++
   }
-  return port
+  throw new Error('No available port found for ttyd')
 }
 
 /**
@@ -81,22 +101,34 @@ async function startTtydForSession(session) {
     throw new Error('ttyd is not installed')
   }
 
-  // Verify tmux session exists
+  // Verify tmux session exists; auto-create if missing
   try {
     await execAsync(`tmux has-session -t "${session}"`, {
       timeout: 5000,
       env: { ...process.env, HOME: homeDir },
     })
   } catch {
-    throw new Error(`tmux session '${session}' not found`)
+    console.log(`[Terminal] Session '${session}' not found, auto-creating...`)
+    try {
+      await execAsync(`tmux new-session -d -s "${session}" -c "${homeDir}"`, {
+        timeout: 5000,
+        env: { ...process.env, HOME: homeDir },
+      })
+      console.log(`[Terminal] Auto-created session '${session}'`)
+    } catch (createErr) {
+      throw new Error(
+        `tmux session '${session}' not found and auto-creation failed: ${createErr.message}`
+      )
+    }
   }
 
-  const port = findAvailablePort()
+  const port = await findAvailablePort()
 
   const proc = spawn('ttyd', [
     '-p', port.toString(),
     '-t', 'fontSize=14',
     '-t', 'theme={"background": "#1a1a2e", "foreground": "#eee"}',
+    '--',
     'tmux', 'attach', '-t', session,
   ], {
     env: { ...process.env, HOME: homeDir },
@@ -104,13 +136,18 @@ async function startTtydForSession(session) {
     detached: false,
   })
 
+  // Track early exit to detect startup failures
+  let earlyExit = null
+
   proc.on('error', (err) => {
     console.error(`[Terminal] ttyd error for session '${session}': ${err.message}`)
+    earlyExit = { code: null, error: err.message }
     ttydProcesses.delete(session)
   })
 
-  proc.on('exit', (code) => {
-    console.log(`[Terminal] ttyd exited for session '${session}' with code ${code}`)
+  proc.on('exit', (code, signal) => {
+    console.log(`[Terminal] ttyd exited for session '${session}' with code ${code}, signal ${signal}`)
+    earlyExit = { code, signal }
     ttydProcesses.delete(session)
   })
 
@@ -126,8 +163,17 @@ async function startTtydForSession(session) {
 
   console.log(`[Terminal] Started ttyd for session '${session}' on port ${port}`)
 
-  // Wait for ttyd to start listening
-  await new Promise(resolve => setTimeout(resolve, 500))
+  // Wait for ttyd to start listening, checking for early exit
+  const maxWait = 500
+  const checkInterval = 50
+  for (let waited = 0; waited < maxWait; waited += checkInterval) {
+    await new Promise(resolve => setTimeout(resolve, checkInterval))
+    if (earlyExit) {
+      throw new Error(
+        `ttyd exited immediately for session '${session}' (code=${earlyExit.code}, signal=${earlyExit.signal || 'none'})`
+      )
+    }
+  }
 
   return { port, alreadyRunning: false }
 }
@@ -388,7 +434,7 @@ async function terminalRoutes(fastify) {
       // Create new detached session
       // -d: detached, -s: session name
       // Optionally run a command in the new session
-      let createCommand = `tmux new-session -d -s "${sessionName}"`
+      let createCommand = `tmux new-session -d -s "${sessionName}" -c "${homeDir}"`
       if (command) {
         // Escape command for shell safety
         const escapedCommand = command.replace(/'/g, "'\\''")
@@ -634,9 +680,29 @@ function cleanupTtyd() {
   ttydProcesses.clear()
 }
 
+/**
+ * Kill any stale ttyd processes left over from a previous agent run.
+ * Call this on server startup before accepting connections.
+ */
+async function killStaleTtydProcesses() {
+  try {
+    const { stdout } = await execAsync("pgrep -f '^ttyd ' || true", { timeout: 5000 })
+    const pids = stdout.trim().split('\n').filter(Boolean)
+    if (pids.length > 0) {
+      console.log(`[Terminal] Found ${pids.length} stale ttyd process(es), killing: ${pids.join(', ')}`)
+      await execAsync(`kill ${pids.join(' ')}`, { timeout: 5000 }).catch(() => {})
+      // Wait briefly for processes to exit and release ports
+      await new Promise(resolve => setTimeout(resolve, 300))
+    }
+  } catch {
+    // Ignore errors (pgrep returns non-zero when no matches)
+  }
+}
+
 module.exports = {
   terminalRoutes,
   cleanupTtyd,
+  killStaleTtydProcesses,
   ttydProcesses,
   startTtydForSession,
 }

package/server.js

@@ -5,20 +5,13 @@
  * See routes/index.js for API documentation.
  */
 
-const { promisify } = require('util')
-const { exec } = require('child_process')
-const path = require('path')
-const os = require('os')
-const execAsync = promisify(exec)
-
 const fastify = require('fastify')({ logger: true })
 const { config, validate, isHqConfigured } = require('./config')
 const workflowRunner = require('./workflow-runner')
 const workflowStore = require('./workflow-store')
 
 const { registerRoutes, setOffline, getProcessManager, getAllowedCommands } = require('./routes')
-const { SUDO } = require('./lib/process-manager')
-const { cleanupTtyd } = require('./routes/terminal')
+const { cleanupTtyd, killStaleTtydProcesses } = require('./routes/terminal')
 const { startTerminalProxy, stopTerminalProxy } = require('./terminal-proxy')
 
 // Validate configuration before starting
@@ -49,64 +42,6 @@ async function shutdown(signal) {
 process.on('SIGTERM', () => shutdown('SIGTERM'))
 process.on('SIGINT', () => shutdown('SIGINT'))
 
-// Sync VNC password from HQ
-async function syncVncPassword() {
-  console.log('[VNC] Syncing VNC password from HQ...')
-
-  try {
-    const url = `${config.HQ_URL}/api/minion/vnc-password`
-    const response = await fetch(url, {
-      method: 'GET',
-      headers: {
-        'Authorization': `Bearer ${config.API_TOKEN}`,
-      },
-    })
-
-    if (!response.ok) {
-      const errorText = await response.text()
-      console.error(`[VNC] Failed to get VNC password from HQ: ${response.status} - ${errorText}`)
-      return false
-    }
-
-    const data = await response.json()
-    const vncPassword = data.vnc_password
-
-    if (!vncPassword) {
-      console.log('[VNC] No VNC password set in HQ, using default')
-      return true
-    }
-
-    console.log('[VNC] Got VNC password from HQ, applying...')
-
-    // Escape single quotes for shell safety
-    const escapedPassword = vncPassword.replace(/'/g, "'\\''")
-
-    // Ensure .vnc directory exists and set password
-    const homeDir = os.homedir()
-    const vncDir = path.join(homeDir, '.vnc')
-    const vncPasswdPath = path.join(vncDir, 'passwd')
-    await execAsync(`mkdir -p ${vncDir}`, { timeout: 5000 })
-    await execAsync(
-      `x11vnc -storepasswd '${escapedPassword}' ${vncPasswdPath}`,
-      { timeout: 10000 }
-    )
-    await execAsync(`chmod 600 ${vncPasswdPath}`, { timeout: 5000 })
-
-    // Restart x11vnc to apply the new password
-    if (PROC_MGR === 'systemd') {
-      await execAsync(`${SUDO}systemctl restart x11vnc`, { timeout: 10000 })
-    } else if (PROC_MGR === 'supervisord') {
-      await execAsync(`${SUDO}supervisorctl restart x11vnc`, { timeout: 10000 })
-    }
-
-    console.log('[VNC] VNC password synced successfully')
-    return true
-  } catch (error) {
-    console.error(`[VNC] Failed to sync VNC password: ${error.message}`)
-    return false
-  }
-}
-
 // Start server
 async function start() {
   try {
@@ -118,7 +53,8 @@ async function start() {
 
     console.log(`[Server] Minion agent listening on port ${config.AGENT_PORT}`)
 
-    // Start terminal WebSocket proxy on port 7681
+    // Kill any stale ttyd processes from a previous run, then start terminal proxy
+    await killStaleTtydProcesses()
     try {
       await startTerminalProxy()
     } catch (err) {
@@ -139,11 +75,6 @@ async function start() {
 
     if (isHqConfigured()) {
       console.log(`[Server] HQ URL: ${config.HQ_URL}`)
-
-      // Sync VNC password from HQ (non-blocking, run in background)
-      syncVncPassword().catch(err => {
-        console.error('[VNC] Background sync failed:', err.message)
-      })
     } else {
       console.log('[Server] Running in standalone mode (no HQ connection)')
     }