@geekbeer/minion 2.70.2 → 3.4.7

package/linux/minion-cli.sh

@@ -4,8 +4,8 @@
 # CLI tool for interacting with and setting up the minion agent
 #
 # Usage:
-#   sudo minion-cli setup [options]          # Set up minion agent service (root)
-#   sudo minion-cli reconfigure [options]    # Re-register with new HQ credentials (root)
+#   sudo minion-cli setup --user <USERNAME>  # Install software & register services (root)
+#   sudo minion-cli configure [options]      # Connect to HQ, deploy skills, start services (root)
 #   sudo minion-cli uninstall [--keep-data]  # Remove agent and services (root)
 #   sudo minion-cli start                    # Start agent service (root)
 #   sudo minion-cli stop                     # Stop agent service (root)
@@ -19,10 +19,12 @@
 #
 # Setup options:
 #   --user <USERNAME>     Target user for the agent (required when running as root)
-#   --hq-url <URL>        HQ server URL (optional, omit for standalone mode)
-#   --minion-id <UUID>    Minion ID (optional)
-#   --api-token <TOKEN>   API token (optional)
-#   --setup-tunnel        Set up cloudflared tunnel (requires --hq-url and --api-token)
+#
+# Configure options:
+#   --hq-url <URL>        HQ server URL (required)
+#   --minion-id <UUID>    Minion ID (required)
+#   --api-token <TOKEN>   API token (required)
+#   --setup-tunnel        Set up cloudflared tunnel
 
 set -euo pipefail
 
@@ -129,12 +131,7 @@ fi
 # setup subcommand
 # ============================================================
 do_setup() {
-  local HQ_URL=""
-  local MINION_ID=""
-  local API_TOKEN=""
   local CLI_USER=""
-  local SETUP_TUNNEL=false
-  local ARGS_PROVIDED=false
 
   # Parse arguments
   while [[ $# -gt 0 ]]; do
@@ -143,32 +140,13 @@ do_setup() {
         CLI_USER="$2"
         shift 2
         ;;
-      --hq-url)
-        HQ_URL="$2"
-        ARGS_PROVIDED=true
-        shift 2
-        ;;
-      --minion-id)
-        MINION_ID="$2"
-        ARGS_PROVIDED=true
-        shift 2
-        ;;
-      --api-token)
-        API_TOKEN="$2"
-        ARGS_PROVIDED=true
-        shift 2
-        ;;
-      --setup-tunnel)
-        SETUP_TUNNEL=true
-        shift
-        ;;
       --non-interactive)
         # Accepted for cloud-init compatibility (setup is always non-interactive)
         shift
         ;;
       *)
         echo "Unknown option: $1"
-        echo "Usage: minion-cli setup --user <USERNAME> [--hq-url <URL>] [--minion-id <UUID>] [--api-token <TOKEN>] [--setup-tunnel]"
+        echo "Usage: sudo minion-cli setup --user <USERNAME>"
         exit 1
         ;;
     esac
@@ -209,38 +187,13 @@ do_setup() {
   fi
   # Non-root case: TARGET_USER is already set to $(whoami)
 
-  # Preserve existing .env values if no arguments were provided (redeploy scenario)
-  if [ "$ARGS_PROVIDED" = false ] && [ -f /opt/minion-agent/.env ]; then
-    echo "Reading existing .env values (redeploy mode)..."
-    while IFS='=' read -r key value; do
-      [[ -z "$key" || "$key" == \#* ]] && continue
-      case "$key" in
-        HQ_URL) [ -z "$HQ_URL" ] && HQ_URL="$value" ;;
-        MINION_ID) [ -z "$MINION_ID" ] && MINION_ID="$value" ;;
-        API_TOKEN) [ -z "$API_TOKEN" ] && API_TOKEN="$value" ;;
-      esac
-    done < /opt/minion-agent/.env
-  fi
-
   echo "========================================="
   echo " @geekbeer/minion Setup"
   echo "========================================="
   echo "User: $TARGET_USER ($TARGET_HOME)"
-
-  if [ -n "$HQ_URL" ]; then
-    echo "Mode: Connected to HQ ($HQ_URL)"
-  else
-    echo "Mode: Standalone (no HQ connection)"
-  fi
-  if [ "$SETUP_TUNNEL" = true ]; then
-    echo "Tunnel: Enabled"
-  fi
   echo ""
 
   local TOTAL_STEPS=9
-  if [ "$SETUP_TUNNEL" = true ]; then
-    TOTAL_STEPS=10
-  fi
 
   # Step 1: Install Claude Code
   echo "[1/${TOTAL_STEPS}] Installing Claude Code..."
@@ -289,30 +242,23 @@ do_setup() {
   $SUDO chown "${TARGET_USER}:${TARGET_USER}" /opt/minion-agent 2>/dev/null || true
   echo "  -> /opt/minion-agent/ created"
 
-  # Step 4: Generate .env file
+  # Step 4: Generate default .env file (HQ credentials set later via 'configure')
   echo "[4/${TOTAL_STEPS}] Generating .env file..."
-  local ENV_CONTENT=""
-  ENV_CONTENT+="# Minion Agent Configuration\n"
-  ENV_CONTENT+="# Generated by minion-cli setup\n\n"
-
-  if [ -n "$HQ_URL" ]; then
-    ENV_CONTENT+="HQ_URL=${HQ_URL}\n"
-  fi
-  if [ -n "$API_TOKEN" ]; then
-    ENV_CONTENT+="API_TOKEN=${API_TOKEN}\n"
-  fi
-  if [ -n "$MINION_ID" ]; then
-    ENV_CONTENT+="MINION_ID=${MINION_ID}\n"
+  if [ ! -f /opt/minion-agent/.env ]; then
+    local ENV_CONTENT=""
+    ENV_CONTENT+="# Minion Agent Configuration\n"
+    ENV_CONTENT+="# Generated by minion-cli setup\n\n"
+    ENV_CONTENT+="AGENT_PORT=8080\n"
+    ENV_CONTENT+="MINION_USER=${TARGET_USER}\n"
+    ENV_CONTENT+="REFLECTION_TIME=03:00\n"
+
+    echo -e "$ENV_CONTENT" | $SUDO tee /opt/minion-agent/.env > /dev/null
+    $SUDO chown "${TARGET_USER}:${TARGET_USER}" /opt/minion-agent/.env
+    echo "  -> /opt/minion-agent/.env created (run 'configure' to set HQ credentials)"
+  else
+    echo "  -> /opt/minion-agent/.env already exists, preserving"
   fi
 
-  ENV_CONTENT+="AGENT_PORT=8080\n"
-  ENV_CONTENT+="MINION_USER=${TARGET_USER}\n"
-  ENV_CONTENT+="REFLECTION_TIME=03:00\n"
-
-  echo -e "$ENV_CONTENT" | $SUDO tee /opt/minion-agent/.env > /dev/null
-  $SUDO chown "${TARGET_USER}:${TARGET_USER}" /opt/minion-agent/.env
-  echo "  -> /opt/minion-agent/.env generated"
-
   # Step 5: Configure sudoers for agent user
   echo "[5/${TOTAL_STEPS}] Configuring sudoers for agent user..."
   if [ "$TARGET_USER" != "root" ]; then
@@ -682,147 +628,20 @@ SUPEOF
     fi
   fi
 
-  # Step 10 (optional): Cloudflare Tunnel setup
-  if [ "$SETUP_TUNNEL" = true ]; then
-    echo ""
-    echo "[10/${TOTAL_STEPS}] Setting up Cloudflare Tunnel..."
-
-    if [ -z "$HQ_URL" ] || [ -z "$API_TOKEN" ]; then
-      echo "  ERROR: --setup-tunnel requires --hq-url and --api-token"
-      exit 1
-    fi
-
-    # Install cloudflared if not present (architecture-aware)
-    if ! command -v cloudflared &>/dev/null; then
-      echo "  Installing cloudflared..."
-      local CF_ARCH
-      CF_ARCH=$(dpkg --print-architecture 2>/dev/null || echo "amd64")
-      curl -fsSL "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-${CF_ARCH}.deb" \
-        -o /tmp/cloudflared.deb
-      $SUDO dpkg -i /tmp/cloudflared.deb
-      rm -f /tmp/cloudflared.deb
-    else
-      echo "  -> cloudflared already installed"
-    fi
-
-    # Fetch tunnel config from HQ API
-    # Response contains credentials_json and config_yml (generated server-side)
-    echo "  Fetching tunnel configuration from HQ..."
-    local TUNNEL_DATA
-    TUNNEL_DATA=$(curl -sfL -H "Authorization: Bearer ${API_TOKEN}" \
-      "${HQ_URL}/api/minion/tunnel-credentials" 2>&1) || true
-
-    if [ -z "$TUNNEL_DATA" ] || ! echo "$TUNNEL_DATA" | jq -e '.tunnel_id' > /dev/null 2>&1; then
-      echo "  ERROR: Failed to fetch tunnel credentials from HQ"
-      echo "  Tunnel may not be configured for this minion yet"
-      echo "  Skipping tunnel setup (agent is running without tunnel)"
-    else
-      local TUNNEL_ID CREDS_JSON CONFIG_YML
-      TUNNEL_ID=$(echo "$TUNNEL_DATA" | jq -r '.tunnel_id')
-      CREDS_JSON=$(echo "$TUNNEL_DATA" | jq -r '.credentials_json')
-      CONFIG_YML=$(echo "$TUNNEL_DATA" | jq -r '.config_yml')
-
-      # Save credentials file (content from HQ, saved as-is)
-      $SUDO mkdir -p /etc/cloudflared
-      echo "$CREDS_JSON" | $SUDO tee "/etc/cloudflared/${TUNNEL_ID}.json" > /dev/null
-      $SUDO chmod 600 "/etc/cloudflared/${TUNNEL_ID}.json"
-      $SUDO chown root:root "/etc/cloudflared/${TUNNEL_ID}.json"
-      echo "  -> /etc/cloudflared/${TUNNEL_ID}.json saved"
-
-      # Save config file (content from HQ, saved as-is)
-      echo "$CONFIG_YML" | $SUDO tee /etc/cloudflared/config.yml > /dev/null
-      echo "  -> /etc/cloudflared/config.yml saved"
-
-      # Install and start cloudflared service (process-manager aware)
-      case "$PROC_MGR" in
-        systemd)
-          $SUDO cloudflared service install 2>/dev/null || true
-          $SUDO systemctl enable cloudflared 2>/dev/null || true
-          $SUDO systemctl start cloudflared 2>/dev/null || true
-          ;;
-        supervisord)
-          # Create supervisord config for cloudflared
-          $SUDO tee /etc/supervisor/conf.d/cloudflared.conf > /dev/null <<CFEOF
-[program:cloudflared]
-command=/usr/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
-autorestart=true
-priority=150
-startsecs=5
-stdout_logfile=/var/log/supervisor/cloudflared.log
-stderr_logfile=/var/log/supervisor/cloudflared.log
-CFEOF
-          # Reload supervisord if running
-          if $SUDO supervisorctl status &>/dev/null; then
-            $SUDO supervisorctl reread
-            $SUDO supervisorctl update
-          fi
-          ;;
-        *)
-          echo "  WARNING: No supported process manager for cloudflared"
-          echo "  You may need to start cloudflared manually:"
-          echo "  cloudflared tunnel --config /etc/cloudflared/config.yml run"
-          ;;
-      esac
-      echo "  -> cloudflared tunnel configured and started"
-    fi
-  fi
-
-  # Notify HQ if configured (after all steps including tunnel setup)
-  if [ -n "$HQ_URL" ] && [ -n "$API_TOKEN" ]; then
-    echo ""
-    echo "Notifying HQ of setup completion..."
-    local NOTIFY_RESPONSE
-    local HOSTNAME_VAL
-    local LAN_IP
-    HOSTNAME_VAL=$(hostname 2>/dev/null || echo "")
-    LAN_IP=$(detect_lan_ip)
-
-    # Build request body with LAN IP detection
-    # Docker: use hostname (container name) for internal_ip_address (resolved via Docker DNS)
-    # Self-hosted: use LAN IP for both fields (hostname is not resolvable on LAN)
-    local BODY
-    if [ -f /.dockerenv ]; then
-      BODY="{\"internal_ip_address\":\"${HOSTNAME_VAL}\"}"
-    elif [ -n "$LAN_IP" ]; then
-      BODY="{\"internal_ip_address\":\"${LAN_IP}\",\"ip_address\":\"${LAN_IP}\"}"
-    else
-      BODY="{\"internal_ip_address\":\"${HOSTNAME_VAL}\"}"
-    fi
-
-    NOTIFY_RESPONSE=$(curl -sfL -X POST "${HQ_URL}/api/minion/setup-complete" \
-      -H "Content-Type: application/json" \
-      -H "Authorization: Bearer ${API_TOKEN}" \
-      -d "$BODY" 2>&1) || true
-
-    if echo "$NOTIFY_RESPONSE" | grep -q '"success":true' 2>/dev/null; then
-      if [ -n "$LAN_IP" ] && [ ! -f /.dockerenv ]; then
-        echo "  -> HQ notified successfully (LAN IP: ${LAN_IP})"
-      else
-        echo "  -> HQ notified successfully"
-      fi
-    else
-      echo "  -> HQ notification skipped (HQ may not be reachable)"
-    fi
-  fi
-
   echo ""
   echo "========================================="
   echo " Setup Complete!"
   echo "========================================="
   echo ""
   echo "Agent user: $TARGET_USER"
+  echo "Services registered (not yet started)."
+  echo ""
+  echo "Next step: Connect to HQ:"
+  echo "  sudo minion-cli configure \\"
+  echo "    --hq-url <HQ_URL> \\"
+  echo "    --minion-id <MINION_ID> \\"
+  echo "    --api-token <API_TOKEN>"
   echo ""
-  echo "Useful commands:"
-  echo "  minion-cli status                     # Agent status"
-  echo "  minion-cli health                     # Health check"
-  echo "  minion-cli daemons                    # Daemon status"
-  echo "  sudo minion-cli restart               # Restart agent"
-  echo "  sudo minion-cli stop                  # Stop agent"
-  if [ "$PROC_MGR" = "systemd" ]; then
-    echo "  journalctl -u minion-agent -f         # View logs"
-  else
-    echo "  tail -f /var/log/supervisor/minion-agent.log  # View logs"
-  fi
 }
 
 # ============================================================
@@ -989,10 +808,11 @@ do_uninstall() {
 # ============================================================
 # reconfigure subcommand
 # ============================================================
-do_reconfigure() {
+do_configure() {
   local HQ_URL=""
   local MINION_ID=""
   local API_TOKEN=""
+  local SETUP_TUNNEL=false
 
   # Parse arguments
   while [[ $# -gt 0 ]]; do
@@ -1009,9 +829,16 @@ do_reconfigure() {
         API_TOKEN="$2"
         shift 2
         ;;
+      --setup-tunnel)
+        SETUP_TUNNEL=true
+        shift
+        ;;
+      --non-interactive)
+        shift
+        ;;
       *)
         echo "Unknown option: $1"
-        echo "Usage: sudo minion-cli reconfigure --hq-url <URL> --minion-id <UUID> --api-token <TOKEN>"
+        echo "Usage: sudo minion-cli configure --hq-url <URL> --minion-id <UUID> --api-token <TOKEN> [--setup-tunnel]"
         exit 1
         ;;
     esac
@@ -1020,56 +847,172 @@ do_reconfigure() {
   # Validate required arguments
   if [ -z "$HQ_URL" ] || [ -z "$MINION_ID" ] || [ -z "$API_TOKEN" ]; then
     echo "ERROR: All three options are required: --hq-url, --minion-id, --api-token"
-    echo "Usage: sudo minion-cli reconfigure --hq-url <URL> --minion-id <UUID> --api-token <TOKEN>"
+    echo "Usage: sudo minion-cli configure --hq-url <URL> --minion-id <UUID> --api-token <TOKEN> [--setup-tunnel]"
     exit 1
   fi
 
-  # Check that .env exists (setup must have been run before)
-  if [ ! -f /opt/minion-agent/.env ]; then
-    echo "ERROR: /opt/minion-agent/.env not found."
-    echo "It looks like minion-cli setup has not been run on this server."
-    echo "Please run 'sudo minion-cli setup' first for initial installation."
+  # Check that setup has been run
+  if [ ! -d /opt/minion-agent ]; then
+    echo "ERROR: /opt/minion-agent not found."
+    echo "Please run 'sudo minion-cli setup --user <USERNAME>' first."
     exit 1
   fi
 
+  local TOTAL_STEPS=5
+  if [ "$SETUP_TUNNEL" = true ]; then
+    TOTAL_STEPS=6
+  fi
+
   echo "========================================="
-  echo " @geekbeer/minion Reconfigure"
+  echo " @geekbeer/minion Configure"
   echo "========================================="
   echo "HQ: $HQ_URL"
   echo "Minion ID: $MINION_ID"
+  if [ "$SETUP_TUNNEL" = true ]; then
+    echo "Tunnel: Enabled"
+  fi
   echo ""
 
-  # Step 1: Read existing .env and preserve non-credential keys
-  echo "[1/4] Updating .env credentials..."
+  # Step 1: Write/update .env with HQ credentials
+  echo "[1/${TOTAL_STEPS}] Writing .env credentials..."
   local ENV_CONTENT=""
   ENV_CONTENT+="# Minion Agent Configuration\n"
-  ENV_CONTENT+="# Reconfigured by minion-cli reconfigure\n\n"
+  ENV_CONTENT+="# Configured by minion-cli configure\n\n"
   ENV_CONTENT+="HQ_URL=${HQ_URL}\n"
   ENV_CONTENT+="API_TOKEN=${API_TOKEN}\n"
   ENV_CONTENT+="MINION_ID=${MINION_ID}\n"
 
   # Preserve non-credential keys from existing .env
-  while IFS='=' read -r key value; do
-    [[ -z "$key" || "$key" == \#* ]] && continue
-    case "$key" in
-      HQ_URL|API_TOKEN|MINION_ID) ;; # Skip — already set above
-      *) ENV_CONTENT+="${key}=${value}\n" ;;
-    esac
-  done < /opt/minion-agent/.env
+  if [ -f /opt/minion-agent/.env ]; then
+    while IFS='=' read -r key value; do
+      [[ -z "$key" || "$key" == \#* ]] && continue
+      case "$key" in
+        HQ_URL|API_TOKEN|MINION_ID) ;; # Skip — already set above
+        *) ENV_CONTENT+="${key}=${value}\n" ;;
+      esac
+    done < /opt/minion-agent/.env
+  fi
 
   echo -e "$ENV_CONTENT" | $SUDO tee /opt/minion-agent/.env > /dev/null
   echo "  -> /opt/minion-agent/.env updated"
 
-  # Step 2: Update process manager config & restart service
-  echo "[2/4] Restarting minion-agent service..."
+  # Step 2: Deploy bundled skills and rules
+  echo "[2/${TOTAL_STEPS}] Deploying bundled assets..."
+  local NPM_ROOT
+  NPM_ROOT=$(npm root -g 2>/dev/null || echo "")
+  local BUNDLED_SKILLS_DIR="${NPM_ROOT}/@geekbeer/minion/skills"
+  # Detect target user from .env
+  local DEPLOY_USER
+  DEPLOY_USER=$(grep '^MINION_USER=' /opt/minion-agent/.env | cut -d= -f2 || echo "")
+  local DEPLOY_HOME
+  if [ -n "$DEPLOY_USER" ]; then
+    DEPLOY_HOME=$(getent passwd "$DEPLOY_USER" | cut -d: -f6 || echo "$HOME")
+  else
+    DEPLOY_HOME="$HOME"
+  fi
+  local DEPLOY_AS=""
+  if [ "$(id -u)" -eq 0 ] && [ -n "$DEPLOY_USER" ] && [ "$DEPLOY_USER" != "root" ]; then
+    DEPLOY_AS="sudo -u $DEPLOY_USER"
+  fi
+
+  local CLAUDE_SKILLS_DIR="${DEPLOY_HOME}/.claude/skills"
+  if [ -d "$BUNDLED_SKILLS_DIR" ]; then
+    $DEPLOY_AS mkdir -p "$CLAUDE_SKILLS_DIR"
+    for skill_dir in "$BUNDLED_SKILLS_DIR"/*/; do
+      if [ -d "$skill_dir" ]; then
+        local skill_name=$(basename "$skill_dir")
+        $DEPLOY_AS cp -r "$skill_dir" "${CLAUDE_SKILLS_DIR}/${skill_name}"
+        echo "  -> Deployed skill: $skill_name"
+      fi
+    done
+  fi
+
+  local BUNDLED_RULES_DIR="${NPM_ROOT}/@geekbeer/minion/rules"
+  local CLAUDE_RULES_DIR="${DEPLOY_HOME}/.claude/rules"
+  if [ -d "$BUNDLED_RULES_DIR" ]; then
+    $DEPLOY_AS mkdir -p "$CLAUDE_RULES_DIR"
+    $DEPLOY_AS cp "$BUNDLED_RULES_DIR"/core.md "$CLAUDE_RULES_DIR"/core.md
+    echo "  -> Deployed rules: core.md"
+    if [ -f "$CLAUDE_RULES_DIR/minion.md" ]; then
+      $DEPLOY_AS rm -f "$CLAUDE_RULES_DIR/minion.md"
+      echo "  -> Removed legacy rules: minion.md"
+    fi
+  fi
+
+  # Step 3 (optional): Cloudflare Tunnel setup
+  local CURRENT_STEP=3
+  if [ "$SETUP_TUNNEL" = true ]; then
+    echo "[${CURRENT_STEP}/${TOTAL_STEPS}] Setting up Cloudflare Tunnel..."
+
+    # Install cloudflared if not present
+    if ! command -v cloudflared &>/dev/null; then
+      echo "  Installing cloudflared..."
+      local CF_ARCH
+      CF_ARCH=$(dpkg --print-architecture 2>/dev/null || echo "amd64")
+      curl -fsSL "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-${CF_ARCH}.deb" \
+        -o /tmp/cloudflared.deb
+      $SUDO dpkg -i /tmp/cloudflared.deb
+      rm -f /tmp/cloudflared.deb
+    else
+      echo "  -> cloudflared already installed"
+    fi
+
+    # Fetch tunnel config from HQ API
+    echo "  Fetching tunnel configuration from HQ..."
+    local TUNNEL_DATA
+    TUNNEL_DATA=$(curl -sfL -H "Authorization: Bearer ${API_TOKEN}" \
+      "${HQ_URL}/api/minion/tunnel-credentials" 2>&1) || true
+
+    if [ -z "$TUNNEL_DATA" ] || ! echo "$TUNNEL_DATA" | jq -e '.tunnel_id' > /dev/null 2>&1; then
+      echo "  ERROR: Failed to fetch tunnel credentials from HQ"
+      echo "  Skipping tunnel setup"
+    else
+      local TUNNEL_ID CREDS_JSON CONFIG_YML
+      TUNNEL_ID=$(echo "$TUNNEL_DATA" | jq -r '.tunnel_id')
+      CREDS_JSON=$(echo "$TUNNEL_DATA" | jq -r '.credentials_json')
+      CONFIG_YML=$(echo "$TUNNEL_DATA" | jq -r '.config_yml')
+
+      $SUDO mkdir -p /etc/cloudflared
+      echo "$CREDS_JSON" | $SUDO tee "/etc/cloudflared/${TUNNEL_ID}.json" > /dev/null
+      $SUDO chmod 600 "/etc/cloudflared/${TUNNEL_ID}.json"
+      $SUDO chown root:root "/etc/cloudflared/${TUNNEL_ID}.json"
+      echo "$CONFIG_YML" | $SUDO tee /etc/cloudflared/config.yml > /dev/null
+
+      case "$PROC_MGR" in
+        systemd)
+          $SUDO cloudflared service install 2>/dev/null || true
+          $SUDO systemctl enable cloudflared 2>/dev/null || true
+          $SUDO systemctl start cloudflared 2>/dev/null || true
+          ;;
+        supervisord)
+          $SUDO tee /etc/supervisor/conf.d/cloudflared.conf > /dev/null <<CFEOF
+[program:cloudflared]
+command=/usr/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
+autorestart=true
+priority=150
+startsecs=5
+stdout_logfile=/var/log/supervisor/cloudflared.log
+stderr_logfile=/var/log/supervisor/cloudflared.log
+CFEOF
+          if $SUDO supervisorctl status &>/dev/null; then
+            $SUDO supervisorctl reread
+            $SUDO supervisorctl update
+          fi
+          ;;
+      esac
+      echo "  -> cloudflared tunnel configured and started"
+    fi
+    CURRENT_STEP=$((CURRENT_STEP + 1))
+  fi
+
+  # Start/restart services
+  echo "[$(( TOTAL_STEPS - 1 ))/${TOTAL_STEPS}] Starting services..."
   if [ -z "$PROC_MGR" ]; then
     echo "  WARNING: No supported process manager found"
-    echo "  Please restart the minion-agent service manually"
   elif [ "$PROC_MGR" = "supervisord" ]; then
     # supervisord bakes env vars into conf — must regenerate
     local CONF_FILE="/etc/supervisor/conf.d/minion-agent.conf"
     if [ -f "$CONF_FILE" ]; then
-      # Read current conf to preserve command, user, and other settings
       local CURRENT_COMMAND
       CURRENT_COMMAND=$(grep '^command=' "$CONF_FILE" | head -1)
       local CURRENT_DIRECTORY
@@ -1077,9 +1020,7 @@ do_reconfigure() {
       local CURRENT_USER_LINE
       CURRENT_USER_LINE=$(grep '^user=' "$CONF_FILE" || echo "")
 
-      # Rebuild environment line from updated .env
       local ENV_LINE="environment="
-      # Detect home dir for the service user
       local SVC_USER
       SVC_USER=$(echo "$CURRENT_USER_LINE" | sed 's/user=//')
       local SVC_HOME="$HOME"
@@ -1109,15 +1050,14 @@ SUPEOF
     fi
     $SUDO supervisorctl reread > /dev/null 2>&1
     $SUDO supervisorctl update > /dev/null 2>&1
-    echo "  -> minion-agent restarted (supervisord)"
+    echo "  -> minion-agent started (supervisord)"
   else
-    # systemd reads .env via EnvironmentFile — just restart
     svc_control restart
-    echo "  -> minion-agent restarted (systemd)"
+    echo "  -> minion-agent started (systemd)"
   fi
 
-  # Step 3: Health check
-  echo "[3/4] Verifying agent health..."
+  # Health check
+  echo "[${TOTAL_STEPS}/${TOTAL_STEPS}] Verifying agent health..."
   local HEALTH_OK=false
   for i in $(seq 1 5); do
     if curl -sf http://localhost:8080/api/health > /dev/null 2>&1; then
@@ -1133,8 +1073,9 @@ SUPEOF
     echo "  Check logs for details"
   fi
 
-  # Step 4: Notify HQ (best-effort — heartbeat will also notify automatically)
-  echo "[4/4] Notifying HQ..."
+  # Notify HQ
+  echo ""
+  echo "Notifying HQ..."
   local NOTIFY_RESPONSE
   local HOSTNAME_VAL
   local LAN_IP
@@ -1167,8 +1108,19 @@ SUPEOF
 
   echo ""
   echo "========================================="
-  echo " Reconfigure Complete!"
+  echo " Configure Complete!"
   echo "========================================="
+  echo ""
+  echo "Useful commands:"
+  echo "  minion-cli status                     # Agent status"
+  echo "  minion-cli health                     # Health check"
+  echo "  sudo minion-cli restart               # Restart agent"
+  if [ "$PROC_MGR" = "systemd" ]; then
+    echo "  journalctl -u minion-agent -f         # View logs"
+  else
+    echo "  tail -f /var/log/supervisor/minion-agent.log  # View logs"
+  fi
+}
   echo ""
   echo "The minion should appear online in HQ shortly."
 }
@@ -1192,10 +1144,10 @@ case "${1:-}" in
     do_uninstall "$@"
     ;;
 
-  reconfigure)
-    require_root reconfigure
+  configure|reconfigure)
+    require_root "$1"
     shift
-    do_reconfigure "$@"
+    do_configure "$@"
     ;;
 
   status)
@@ -1329,8 +1281,8 @@ case "${1:-}" in
     echo "Minion Agent CLI (@geekbeer/minion) v${CLI_VERSION}"
     echo ""
     echo "Usage:"
-    echo "  sudo minion-cli setup [options]           # Set up agent service (root)"
-    echo "  sudo minion-cli reconfigure [options]     # Re-register with new HQ credentials (root)"
+    echo "  sudo minion-cli setup --user <USERNAME>   # Install software & register services (root)"
+    echo "  sudo minion-cli configure [options]       # Connect to HQ, deploy skills, start services (root)"
     echo "  sudo minion-cli uninstall [options]       # Remove agent and services (root)"
     echo "  sudo minion-cli start                     # Start agent service (root)"
     echo "  sudo minion-cli stop                      # Stop agent service (root)"
@@ -1344,15 +1296,12 @@ case "${1:-}" in
     echo ""
     echo "Setup options:"
     echo "  --user <USERNAME>     Target user for the agent (required when running as root)"
-    echo "  --hq-url <URL>        HQ server URL (optional)"
-    echo "  --minion-id <UUID>    Minion ID (optional)"
-    echo "  --api-token <TOKEN>   API token (optional)"
-    echo "  --setup-tunnel        Set up cloudflared tunnel (requires --hq-url, --api-token)"
     echo ""
-    echo "Reconfigure options:"
+    echo "Configure options:"
     echo "  --hq-url <URL>        HQ server URL (required)"
     echo "  --minion-id <UUID>    Minion ID (required)"
     echo "  --api-token <TOKEN>   API token (required)"
+    echo "  --setup-tunnel        Set up cloudflared tunnel"
     echo ""
     echo "Uninstall options:"
     echo "  --keep-data           Keep /opt/minion-agent/.env (preserve credentials)"