@hienlh/ppm 0.12.9 → 0.12.11

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## [0.12.11] - 2026-04-21
+
+### Fixed
+- **Upgrade wiped user config back to defaults**: `configService.importFromYaml()` unconditionally overwrote SQLite config keys with `{...DEFAULT_CONFIG, ...yaml}` on every `load()` call. The upgrade path via supervisor `selfReplace()` re-ran the saved `originalArgv` — which contained `-c <yaml>` baked into systemd/launchd `ExecStart` — re-triggering the overwrite and resetting user config to defaults + stale YAML contents
+
+### Removed
+- **Legacy YAML config support**: Fully migrated to SQLite; removed `-c/--config <path>` CLI flag (from `start`, `restart`, `open`, `autostart enable`), YAML import/migration code, `configPath` in autostart ExecStart, and `__serve__`/`__supervise__` positional config slot. `js-yaml` dep retained (skill frontmatter only)
+
+## [0.12.10] - 2026-04-21
+
+### Fixed
+- **Auth retry stuck across turns**: `authRetried` was a per-session boolean, so the second 401 in any subsequent turn skipped token refresh and the stream hung. Replaced with per-turn counter (`authRetryCount`, max 2) that resets on each successful turn, so every turn gets a fresh refresh budget
+- **Multi-attempt auth recovery**: Centralized auth-error recovery in `recoverFromAuthError` — attempt 1 refreshes the current account's OAuth token, attempt 2 switches to a different active account, only then surfaces an error. All three 401 detection paths (`api_retry`, assistant text, result) share this logic
+- **api_retry 401 stall**: When no recovery path remains, break immediately instead of falling through to SDK's internal 10x retry (which wasted ~5 minutes before surfacing the error)
+
 ## [0.12.9] - 2026-04-21
 
 ### Fixed

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hienlh/ppm",
-  "version": "0.12.9",
+  "version": "0.12.11",
   "description": "Personal Project Manager — mobile-first web IDE with AI assistance",
   "author": "hienlh",
   "license": "MIT",

package/src/cli/commands/autostart.ts

@@ -11,12 +11,11 @@ export function registerAutoStartCommands(program: Command): void {
     .description("Register PPM to start automatically on boot")
     .option("-p, --port <port>", "Override port")
     .option("-s, --share", "(deprecated) Tunnel is now always enabled")
-    .option("-c, --config <path>", "Config file path")
     .option("--profile <name>", "DB profile name")
     .action(async (options) => {
       const { enableAutoStart } = await import("../../services/autostart-register.ts");
 
-      configService.load(options.config);
+      configService.load();
       const port = parseInt(options.port ?? String(configService.get("port")), 10);
       const host = configService.get("host") ?? "0.0.0.0";
 
@@ -24,7 +23,6 @@ export function registerAutoStartCommands(program: Command): void {
         port,
         host,
         share: !!options.share,
-        configPath: options.config,
         profile: options.profile,
       };
 

package/src/cli/commands/init.ts

@@ -1,7 +1,5 @@
 import { resolve, basename } from "node:path";
 import { homedir } from "node:os";
-import { existsSync } from "node:fs";
-import { getPpmDir } from "../../services/ppm-dir.ts";
 import { input, confirm, select, password } from "@inquirer/prompts";
 import { configService } from "../../services/config.service.ts";
 import { projectService } from "../../services/project.service.ts";
@@ -19,15 +17,14 @@ export interface InitOptions {
   yes?: boolean;
 }
 
-/** Check if config already exists */
-/** Check if config already exists (DB or legacy YAML) */
+/** Check if config already exists in SQLite */
 export function hasConfig(): boolean {
   try {
     const dbConfig = getAllConfig();
-    if (Object.keys(dbConfig).length > 0) return true;
-  } catch {}
-  const globalConfig = resolve(getPpmDir(), "config.yaml");
-  return existsSync(globalConfig);
+    return Object.keys(dbConfig).length > 0;
+  } catch {
+    return false;
+  }
 }
 
 export async function initProject(options: InitOptions = {}) {

package/src/cli/commands/restart.ts

@@ -8,7 +8,7 @@ const restartingFlag = () => resolve(getPpmDir(), ".restarting");
 const restartResult = () => resolve(getPpmDir(), ".restart-result");
 
 /** Restart only the server process, keeping the tunnel alive */
-export async function restartServer(options: { config?: string; force?: boolean }) {
+export async function restartServer(options: { force?: boolean }) {
   // Ignore SIGHUP so this process survives when PPM terminal dies
   process.on("SIGHUP", () => {});
 
@@ -114,7 +114,7 @@ export async function restartServer(options: { config?: string; force?: boolean
     : resolve(import.meta.dir, "../../server/index.ts");
 
   const { configService } = await import("../../services/config.service.ts");
-  configService.load(options.config);
+  configService.load();
   const port = status.port as number ?? configService.get("port");
   const host = status.host as string ?? configService.get("host");
 
@@ -133,7 +133,6 @@ export async function restartServer(options: { config?: string; force?: boolean
   // terminal (and its process group) to receive SIGHUP.
   const params = JSON.stringify({
     serverPid, port, host, serverScript,
-    config: options.config ?? "",
     statusFile: statusFile(),
     pidFile: pidFile(),
     restartingFlag: restartingFlag(),
@@ -204,8 +203,8 @@ async function main() {
   // Compiled binary: execPath IS the server, no "run script" needed
   const isCompiled = !process.execPath.includes("bun");
   const serverArgs = isCompiled
-    ? ["__serve__", String(P.port), P.host, P.config].filter(Boolean)
-    : ["run", P.serverScript, "__serve__", String(P.port), P.host, P.config].filter(Boolean);
+    ? ["__serve__", String(P.port), P.host]
+    : ["run", P.serverScript, "__serve__", String(P.port), P.host];
 
   if (process.platform === "win32") {
     const bunExe = process.execPath.replace(/\\\\/g, "\\\\\\\\");

package/src/index.ts

@@ -18,15 +18,12 @@ program
   .description("Start the PPM server (background by default)")
   .option("-p, --port <port>", "Port to listen on")
   .option("-s, --share", "(deprecated) Tunnel is now always enabled")
-  .option("-c, --config <path>", "Path to config file (YAML import into DB)")
   .option("--profile <name>", "DB profile name (e.g. 'dev' → ppm.dev.db)")
   .action(async (options) => {
     // Set DB profile before any DB access
     const { setDbProfile } = await import("./services/db.service.ts");
     if (options.profile) {
       setDbProfile(options.profile);
-    } else if (options.config && /dev/i.test(options.config)) {
-      setDbProfile("dev");
     }
     // Auto-init on first run
     const { hasConfig, initProject } = await import("./cli/commands/init.ts");
@@ -58,7 +55,6 @@ program
 program
   .command("restart")
   .description("Restart the server (keeps tunnel alive)")
-  .option("-c, --config <path>", "Path to config file")
   .option("--force", "Force resume from paused state")
   .action(async (options) => {
     const { restartServer } = await import("./cli/commands/restart.ts");
@@ -78,7 +74,6 @@ program
 program
   .command("open")
   .description("Open PPM in browser")
-  .option("-c, --config <path>", "Path to config file")
   .action(async () => {
     const { openBrowser } = await import("./cli/commands/open.ts");
     await openBrowser();

package/src/providers/claude-agent-sdk.ts

@@ -141,6 +141,57 @@ export class ClaudeAgentSdkProvider implements AIProvider {
    * Auth env vars are ALWAYS explicitly set so the SDK subprocess never falls back
    * to reading the project's .env file (which may contain unrelated API keys).
    */
+  /**
+   * Recover from a 401/auth error. Strategy:
+   *   Attempt 1 (authRetryCount === 0): refresh current account's OAuth token.
+   *   Attempt 2+ (authRetryCount >= 1): switch to a different active account.
+   * Yields account_retry events so the FE can update streaming state.
+   * Returns the new account + incremented retry count, or null if no recovery path remains.
+   * Caller is responsible for rebuilding the SDK query with the returned account.
+   */
+  private async *recoverFromAuthError(opts: {
+    sessionId: string;
+    account: AccountWithTokens;
+    authRetryCount: number;
+    maxRetries: number;
+    context: string;
+  }): AsyncGenerator<ChatEvent, { account: AccountWithTokens; newRetryCount: number } | null, void> {
+    const { sessionId, account, authRetryCount, maxRetries, context } = opts;
+
+    // Attempt 1: refresh the current account's token
+    if (authRetryCount === 0) {
+      try {
+        await accountService.refreshAccessToken(account.id, false, true);
+        const refreshed = accountService.getWithTokens(account.id);
+        if (refreshed) {
+          const label = refreshed.label ?? refreshed.email ?? "Unknown";
+          console.log(`[sdk] session=${sessionId} (${context}) OAuth token refreshed for ${account.id} (${label}) — retrying`);
+          yield { type: "account_retry" as const, reason: "Token refreshed", accountId: refreshed.id, accountLabel: label };
+          return { account: refreshed, newRetryCount: 1 };
+        }
+      } catch (err) {
+        console.error(`[sdk] session=${sessionId} (${context}) OAuth refresh failed:`, err);
+      }
+      // Refresh failed — fall through to account switch
+    }
+
+    // Attempt 2+: switch to a different active account
+    if (authRetryCount < maxRetries) {
+      accountSelector.onAuthError(account.id);
+      const nextAcc = accountSelector.next();
+      if (nextAcc && nextAcc.id !== account.id) {
+        const label = nextAcc.label ?? nextAcc.email ?? "Unknown";
+        console.log(`[sdk] session=${sessionId} (${context}) switching to account ${nextAcc.id} (${label}) after auth failure`);
+        yield { type: "account_retry" as const, reason: "Switching account", accountId: nextAcc.id, accountLabel: label };
+        return { account: nextAcc, newRetryCount: authRetryCount + 1 };
+      }
+      console.warn(`[sdk] session=${sessionId} (${context}) no alternate account available for switch`);
+    } else {
+      console.warn(`[sdk] session=${sessionId} (${context}) auth retry budget exhausted (${authRetryCount}/${maxRetries})`);
+    }
+    return null;
+  }
+
   private buildQueryEnv(
     _projectPath: string | undefined,
     account: { id: string; accessToken: string } | null,
@@ -840,9 +891,12 @@ export class ClaudeAgentSdkProvider implements AIProvider {
       const MAX_RETRIES = 1;
       const MAX_RATE_LIMIT_RETRIES = 3;
       const RATE_LIMIT_BACKOFF_MS = [15_000, 30_000, 60_000]; // 15s, 30s, 60s
+      // Allow 2 refresh attempts per turn (token can rotate mid-conversation).
+      // Counter resets on successful turn (see result handler) so next turn gets a fresh budget.
+      const MAX_AUTH_RETRIES = 2;
       let retryCount = 0;
       let rateLimitRetryCount = 0;
-      let authRetried = false;
+      let authRetryCount = 0;
       let hadAnyEvents = false;
       retryLoop: while (true) {
       // Reset streaming state on retry — clears stale content from failed attempts
@@ -919,59 +973,36 @@ export class ClaudeAgentSdkProvider implements AIProvider {
           // Intercept SDK's internal api_retry with 401 — the SDK will retry up to 10 times
           // with exponential backoff using the same expired token, wasting 2+ minutes.
           // Instead, refresh the OAuth token immediately and restart the query.
-          if (subtype === "api_retry" && (msg as any).error_status === 401 && account && !authRetried) {
-            authRetried = true;
-            try {
-              // force=true: token got 401, so it's invalid regardless of expiresAt
-              await accountService.refreshAccessToken(account.id, false, true);
-              const refreshedAccount = accountService.getWithTokens(account.id);
-              if (refreshedAccount) {
-                const label = refreshedAccount.label ?? refreshedAccount.email ?? "Unknown";
-                console.log(`[sdk] session=${sessionId} intercepted api_retry 401 — refreshing token for ${account.id} (${label})`);
-                yield { type: "account_retry" as const, reason: "Token refreshed", accountId: refreshedAccount.id, accountLabel: label };
-                const retryEnv = this.buildQueryEnv(meta.projectPath, refreshedAccount);
-                closeCurrentStream();
-                const { generator: earlyAuthGen, controller: earlyAuthCtrl } = createMessageChannel();
-                const hasHistory = (this.messageCount.get(sessionId) ?? 0) > 0;
-                if (!hasHistory) earlyAuthCtrl.push(firstMsg);
-                const retryOpts = { ...queryOptions, sessionId: undefined, resume: hasHistory ? sessionId : undefined, env: retryEnv };
-                const rq = query({
-                  prompt: earlyAuthGen,
-                  options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
-                });
-                this.streamingSessions.set(sessionId, { meta, query: rq, controller: earlyAuthCtrl });
-                this.activeQueries.set(sessionId, rq);
-                eventSource = rq;
-                continue retryLoop;
-              }
-            } catch (refreshErr) {
-              console.error(`[sdk] session=${sessionId} early OAuth refresh failed:`, refreshErr);
-              accountSelector.onAuthError(account.id);
-              // Refresh failed (e.g. temporary account with no refresh token).
-              // Abort the current query immediately and try switching to a different account.
-              const nextAcc = accountSelector.next();
-              if (nextAcc && nextAcc.id !== account.id) {
-                account = nextAcc;
-                const label = nextAcc.label ?? nextAcc.email ?? "Unknown";
-                console.log(`[sdk] session=${sessionId} refresh failed — switching to ${nextAcc.id} (${label})`);
-                yield { type: "account_retry" as const, reason: "Switching account", accountId: nextAcc.id, accountLabel: label };
-                const switchEnv = this.buildQueryEnv(meta.projectPath, nextAcc);
-                closeCurrentStream();
-                const { generator: switchGen, controller: switchCtrl } = createMessageChannel();
-                const hasHistory = (this.messageCount.get(sessionId) ?? 0) > 0;
-                if (!hasHistory) switchCtrl.push(firstMsg);
-                const retryOpts = { ...queryOptions, sessionId: undefined, resume: hasHistory ? sessionId : undefined, env: switchEnv };
-                const rq = query({
-                  prompt: switchGen,
-                  options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
-                });
-                this.streamingSessions.set(sessionId, { meta, query: rq, controller: switchCtrl });
-                this.activeQueries.set(sessionId, rq);
-                eventSource = rq;
-                continue retryLoop;
-              }
-              // No other account available — let SDK continue and eventually emit error
+          if (subtype === "api_retry" && (msg as any).error_status === 401 && account) {
+            const recovered = yield* this.recoverFromAuthError({
+              sessionId,
+              account,
+              authRetryCount,
+              maxRetries: MAX_AUTH_RETRIES,
+              context: "api_retry",
+            });
+            if (recovered) {
+              authRetryCount = recovered.newRetryCount;
+              account = recovered.account;
+              const retryEnv = this.buildQueryEnv(meta.projectPath, account);
+              closeCurrentStream();
+              const { generator: earlyAuthGen, controller: earlyAuthCtrl } = createMessageChannel();
+              const hasHistory = (this.messageCount.get(sessionId) ?? 0) > 0;
+              if (!hasHistory) earlyAuthCtrl.push(firstMsg);
+              const retryOpts = { ...queryOptions, sessionId: undefined, resume: hasHistory ? sessionId : undefined, env: retryEnv };
+              const rq = query({
+                prompt: earlyAuthGen,
+                options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
+              });
+              this.streamingSessions.set(sessionId, { meta, query: rq, controller: earlyAuthCtrl });
+              this.activeQueries.set(sessionId, rq);
+              eventSource = rq;
+              continue retryLoop;
             }
+            // No recovery possible — break immediately to avoid SDK internal 10x retry hang
+            console.warn(`[sdk] session=${sessionId} api_retry 401 with no recovery — tearing down streaming session`);
+            yield { type: "error", message: "API authentication failed. Check your account credentials in Settings → Accounts." };
+            break;
           }
 
           // Yield system events so streaming loop can transition phases
@@ -1097,47 +1128,35 @@ export class ClaudeAgentSdkProvider implements AIProvider {
             console.error(`[sdk] session=${sessionId} cwd=${effectiveCwd} assistant error: ${assistantError} (isFirst=${isFirstMessage} retry=${retryCount})`);
             console.error(`[sdk] assistant message dump: ${JSON.stringify(msg).slice(0, 2000)}`);
 
-            // OAuth token expired — refresh and retry once before showing error
-            if (assistantError === "authentication_failed" && account && !authRetried) {
-              authRetried = true;
-              try {
-                // force=true: token got 401, so it's invalid regardless of expiresAt
-                await accountService.refreshAccessToken(account.id, false, true);
-                const refreshedAccount = accountService.getWithTokens(account.id);
-                if (refreshedAccount) {
-                  const label = refreshedAccount.label ?? refreshedAccount.email ?? "Unknown";
-                  console.log(`[sdk] session=${sessionId} OAuth token refreshed for ${account.id} (${label}) — retrying`);
-                  yield { type: "account_retry" as const, reason: "Token refreshed", accountId: refreshedAccount.id, accountLabel: label };
-                  const retryEnv = this.buildQueryEnv(meta.projectPath, refreshedAccount);
-                  // Close failed query and old channel, create new channel + query with refreshed token.
-                  closeCurrentStream();
-                  const { generator: authRetryGen, controller: authRetryCtrl } = createMessageChannel();
-                  const hasHistory = (this.messageCount.get(sessionId) ?? 0) > 0;
-                  if (!hasHistory) authRetryCtrl.push(firstMsg);
-                  const retryOpts = { ...queryOptions, sessionId: undefined, resume: hasHistory ? sessionId : undefined, env: retryEnv };
-                  const rq = query({
-                    prompt: authRetryGen,
-                    options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
-                  });
-                  this.streamingSessions.set(sessionId, { meta, query: rq, controller: authRetryCtrl });
-                  this.activeQueries.set(sessionId, rq);
-                  eventSource = rq;
-                  continue retryLoop;
-                }
-              } catch (refreshErr) {
-                console.error(`[sdk] session=${sessionId} OAuth refresh failed:`, refreshErr);
-                accountSelector.onAuthError(account.id);
+            // OAuth token expired — refresh (and/or switch account) and retry
+            if (assistantError === "authentication_failed" && account) {
+              const recovered = yield* this.recoverFromAuthError({
+                sessionId,
+                account,
+                authRetryCount,
+                maxRetries: MAX_AUTH_RETRIES,
+                context: "assistant",
+              });
+              if (recovered) {
+                authRetryCount = recovered.newRetryCount;
+                account = recovered.account;
+                const retryEnv = this.buildQueryEnv(meta.projectPath, account);
+                closeCurrentStream();
+                const { generator: authRetryGen, controller: authRetryCtrl } = createMessageChannel();
+                const hasHistory = (this.messageCount.get(sessionId) ?? 0) > 0;
+                if (!hasHistory) authRetryCtrl.push(firstMsg);
+                const retryOpts = { ...queryOptions, sessionId: undefined, resume: hasHistory ? sessionId : undefined, env: retryEnv };
+                const rq = query({
+                  prompt: authRetryGen,
+                  options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
+                });
+                this.streamingSessions.set(sessionId, { meta, query: rq, controller: authRetryCtrl });
+                this.activeQueries.set(sessionId, rq);
+                eventSource = rq;
+                continue retryLoop;
               }
-            }
-
-            // Auth failed permanently after retry — cooldown account and break loop.
-            // SDK doesn't send a result event after auth errors in streaming mode,
-            // so the streaming session would stay alive with broken credentials forever.
-            // Breaking here lets the finally block tear down the session, so the next
-            // user message creates a fresh session with a different account.
-            if (assistantError === "authentication_failed" && account && authRetried) {
-              accountSelector.onAuthError(account.id);
-              console.warn(`[sdk] session=${sessionId} auth permanently failed — tearing down streaming session`);
+              // All recovery exhausted — tear down streaming session
+              console.warn(`[sdk] session=${sessionId} auth permanently failed after ${authRetryCount} attempts — tearing down streaming session`);
               yield { type: "error", message: "API authentication failed. Check your account credentials in Settings → Accounts." };
               break;
             }
@@ -1275,38 +1294,33 @@ export class ClaudeAgentSdkProvider implements AIProvider {
               yield { type: "error", message: `Rate limited. Retried ${MAX_RATE_LIMIT_RETRIES} times without success.` };
               continue;
             } else if (errCode === 401) {
-              // Refresh token and retry — resume existing SDK session to preserve context
-              if (!authRetried) {
-                authRetried = true;
-                try {
-                  // force=true: token got 401, so it's invalid regardless of expiresAt
-                  await accountService.refreshAccessToken(account.id, false, true);
-                  const refreshedAccount = accountService.getWithTokens(account.id);
-                  if (refreshedAccount) {
-                    const label = refreshedAccount.label ?? refreshedAccount.email ?? "Unknown";
-                    console.log(`[sdk] 401 in result on account ${account.id} (${label}) — token refreshed, retrying`);
-                    yield { type: "account_retry" as const, reason: "Token refreshed", accountId: refreshedAccount.id, accountLabel: label };
-                    closeCurrentStream();
-                    const retryEnv = this.buildQueryEnv(meta.projectPath, refreshedAccount);
-                    const { generator: authRetryGen2, controller: authRetryCtrl2 } = createMessageChannel();
-                    const authHasHistory2 = (this.messageCount.get(sessionId) ?? 0) > 0;
-                    if (!authHasHistory2) authRetryCtrl2.push(firstMsg);
-                    const retryOpts = { ...queryOptions, sessionId: undefined, resume: authHasHistory2 ? sessionId : undefined, env: retryEnv };
-                    const rq = query({
-                      prompt: authRetryGen2,
-                      options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
-                    });
-                    this.streamingSessions.set(sessionId, { meta, query: rq, controller: authRetryCtrl2 });
-                    this.activeQueries.set(sessionId, rq);
-                    eventSource = rq;
-                    continue retryLoop;
-                  }
-                } catch {
-                  accountSelector.onAuthError(account.id);
-                }
-              } else {
-                accountSelector.onAuthError(account.id);
+              // Refresh (or switch account) and retry — resume existing SDK session to preserve context
+              const recovered = yield* this.recoverFromAuthError({
+                sessionId,
+                account,
+                authRetryCount,
+                maxRetries: MAX_AUTH_RETRIES,
+                context: "result",
+              });
+              if (recovered) {
+                authRetryCount = recovered.newRetryCount;
+                account = recovered.account;
+                closeCurrentStream();
+                const retryEnv = this.buildQueryEnv(meta.projectPath, account);
+                const { generator: authRetryGen2, controller: authRetryCtrl2 } = createMessageChannel();
+                const authHasHistory2 = (this.messageCount.get(sessionId) ?? 0) > 0;
+                if (!authHasHistory2) authRetryCtrl2.push(firstMsg);
+                const retryOpts = { ...queryOptions, sessionId: undefined, resume: authHasHistory2 ? sessionId : undefined, env: retryEnv };
+                const rq = query({
+                  prompt: authRetryGen2,
+                  options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
+                });
+                this.streamingSessions.set(sessionId, { meta, query: rq, controller: authRetryCtrl2 });
+                this.activeQueries.set(sessionId, rq);
+                eventSource = rq;
+                continue retryLoop;
               }
+              // All recovery exhausted — fall through to normal result error surfacing
             } else {
               // Only mark success when the result is actually successful,
               // not for unrecognized error subtypes (e.g. quota exhaustion)
@@ -1443,6 +1457,9 @@ export class ClaudeAgentSdkProvider implements AIProvider {
           resultContextWindowPct = undefined;
           lastAssistantUuid = undefined;
           sdkEventCount = 0;
+          // Reset auth retry budget on successful turn — each new turn gets a fresh
+          // budget so OAuth tokens rotated mid-conversation can still trigger refresh
+          if (!subtype || subtype === "success") authRetryCount = 0;
           continue; // Wait for next turn from generator
         }
       }

package/src/server/index.ts

@@ -219,14 +219,13 @@ async function waitForServerReady(statusFile: string, port: number) {
 export async function startServer(options: {
   port?: string;
   share?: boolean;
-  config?: string;
   profile?: string;
 }) {
   // Tunnel always enabled — cloudflared shares the server publicly
   options.share = true;
 
   // Load config
-  configService.load(options.config);
+  configService.load();
   const port = parseInt(options.port ?? String(configService.get("port")), 10);
   const host = configService.get("host");
 
@@ -368,11 +367,11 @@ export async function startServer(options: {
         if (process.platform === "linux") {
           // Update service file in case config changed (port, share, etc.)
           const { enableAutoStart } = await import("../services/autostart-register.ts");
-          await enableAutoStart({ port, host, share: !!options.share, configPath: options.config, profile: options.profile });
+          await enableAutoStart({ port, host, share: !!options.share, profile: options.profile });
           startedViaService = true;
         } else if (process.platform === "darwin") {
           const { enableAutoStart } = await import("../services/autostart-register.ts");
-          await enableAutoStart({ port, host, share: !!options.share, configPath: options.config, profile: options.profile });
+          await enableAutoStart({ port, host, share: !!options.share, profile: options.profile });
           startedViaService = true;
         }
       }
@@ -392,7 +391,7 @@ export async function startServer(options: {
     } else if (process.platform === "win32") {
       const superviseArgs = [
         "__supervise__", String(port), host,
-        options.config ?? "", options.profile ?? "",
+        options.profile ?? "",
       ];
       if (options.share) superviseArgs.push("--share");
       while (superviseArgs.length > 1 && superviseArgs[superviseArgs.length - 1] === "") superviseArgs.pop();
@@ -423,7 +422,7 @@ export async function startServer(options: {
     } else {
       const superviseArgs = [
         "__supervise__", String(port), host,
-        options.config ?? "", options.profile ?? "",
+        options.profile ?? "",
       ];
       if (options.share) superviseArgs.push("--share");
       while (superviseArgs.length > 1 && superviseArgs[superviseArgs.length - 1] === "") superviseArgs.pop();
@@ -508,7 +507,6 @@ export async function startServer(options: {
         const autoConfig = {
           port, host,
           share: !!options.share,
-          configPath: options.config,
           profile: options.profile,
         };
         // skipStart: supervisor is already running from direct spawn above
@@ -532,18 +530,15 @@ if (process.argv.includes("__serve__")) {
   const idx = process.argv.indexOf("__serve__");
   const port = parseInt(process.argv[idx + 1] ?? "8080", 10);
   const host = process.argv[idx + 2] ?? "0.0.0.0";
-  const configPath = process.argv[idx + 3] && process.argv[idx + 3] !== "_" ? process.argv[idx + 3] : undefined;
-  const profileArg = process.argv[idx + 4] && process.argv[idx + 4] !== "_" ? process.argv[idx + 4] : undefined;
+  const profileArg = process.argv[idx + 3] && process.argv[idx + 3] !== "_" ? process.argv[idx + 3] : undefined;
 
-  // Set DB profile for daemon child — explicit --profile takes priority over config-path detection
+  // Set DB profile for daemon child
   const { setDbProfile } = await import("../services/db.service.ts");
   if (profileArg) {
     setDbProfile(profileArg);
-  } else if (configPath && /dev/i.test(configPath)) {
-    setDbProfile("dev");
   }
 
-  configService.load(configPath);
+  configService.load();
   await setupLogFile();
 
   // Sync externally-started tunnel URL + PID into tunnelService

package/src/services/autostart-generator.ts

@@ -5,7 +5,6 @@ export interface AutoStartConfig {
   port: number;
   host: string;
   share: boolean;
-  configPath?: string;
   profile?: string;
 }
 
@@ -44,20 +43,16 @@ export function buildExecCommand(config: AutoStartConfig): string[] {
   if (isCompiledBinary()) {
     // Compiled binary: just run self with __supervise__ args
     const args = [process.execPath, "__supervise__", String(config.port), config.host];
-    if (config.configPath) args.push(config.configPath);
     if (config.profile) args.push(config.profile);
     if (config.share) args.push("--share");
     return args;
   }
 
-  // Bun runtime: bun run <script> __supervise__ <port> <host> [config] [profile]
+  // Bun runtime: bun run <script> __supervise__ <port> <host> [profile]
   const bunPath = resolveBunPath();
   const scriptPath = resolve(import.meta.dir, "supervisor.ts");
   const args = [bunPath, "run", scriptPath, "__supervise__", String(config.port), config.host];
-  if (config.configPath) args.push(config.configPath);
-  else args.push(""); // placeholder
   if (config.profile) args.push(config.profile);
-  else args.push(""); // placeholder
   if (config.share) args.push("--share");
   return args;
 }

package/src/services/config.service.ts

@@ -1,5 +1,3 @@
-import { existsSync, readFileSync, renameSync } from "node:fs";
-import { resolve } from "node:path";
 import { randomBytes } from "node:crypto";
 import type { PpmConfig, ProjectConfig } from "../types/config.ts";
 import { DEFAULT_CONFIG, sanitizeConfig } from "../types/config.ts";
@@ -15,7 +13,6 @@ import {
   getProjectSettingsJson,
   patchProjectSettingsJson,
 } from "./db.service.ts";
-import { getPpmDir } from "./ppm-dir.ts";
 
 /** Top-level config keys stored in the config table (not projects) */
 const CONFIG_TABLE_KEYS: (keyof PpmConfig)[] = [
@@ -32,20 +29,8 @@ export const FILE_CONFIG_KEYS = {
 class ConfigService {
   private config: PpmConfig = structuredClone(DEFAULT_CONFIG);
 
-  /** Load config from DB. If explicitPath given, import that YAML first. */
-  load(explicitPath?: string): PpmConfig {
-    // Import explicit YAML if provided (e.g. `ppm start -c path`)
-    if (explicitPath && existsSync(explicitPath)) {
-      this.importFromYaml(explicitPath);
-    }
-
-    // Auto-migrate: if config.yaml exists but DB has no config rows
-    // Skip migration when using in-memory DB (tests)
-    if (!getDbFilePath().includes(":memory:")) {
-      this.migrateYamlIfNeeded();
-    }
-
-    // Load from DB
+  /** Load config from SQLite. Creates defaults if DB is empty. */
+  load(): PpmConfig {
     const dbConfig = getAllConfig();
     const dbProjects = getProjects();
 
@@ -102,7 +87,7 @@ class ConfigService {
     return this.config;
   }
 
-  /** Get the DB file path (replaces getConfigPath for YAML) */
+  /** Get the DB file path */
   getConfigPath(): string {
     return getDbFilePath();
   }
@@ -184,84 +169,6 @@ class ConfigService {
       stmt.run(p.path, p.name, p.color ?? null, i);
     }
   }
-
-  private migrateYamlIfNeeded(): void {
-    const yamlPaths = [
-      resolve(getPpmDir(), "config.yaml"),
-      resolve(getPpmDir(), "config.dev.yaml"),
-    ];
-    for (const yamlPath of yamlPaths) {
-      if (!existsSync(yamlPath)) continue;
-      const existing = getAllConfig();
-      if (Object.keys(existing).length > 0) return;
-      this.importFromYaml(yamlPath);
-      try {
-        renameSync(yamlPath, yamlPath + ".bak");
-        console.log(`[config] Migrated ${yamlPath} → SQLite (backup: .bak)`);
-      } catch {}
-    }
-    this.migrateSessionMapIfNeeded();
-    this.migratePushSubsIfNeeded();
-  }
-
-  private importFromYaml(path: string): void {
-    try {
-      const yaml = require("js-yaml");
-      const raw = readFileSync(path, "utf-8");
-      const parsed = yaml.load(raw) as Partial<PpmConfig> | null;
-      if (!parsed) return;
-      const merged = { ...structuredClone(DEFAULT_CONFIG), ...parsed };
-      for (const key of CONFIG_TABLE_KEYS) {
-        const value = (merged as any)[key];
-        if (value !== undefined) {
-          setConfigValue(String(key), JSON.stringify(value));
-        }
-      }
-      if (merged.projects?.length) {
-        this.syncProjectsToDb(merged.projects);
-      }
-    } catch (err) {
-      console.error(`[config] Error importing YAML ${path}:`, (err as Error).message);
-    }
-  }
-
-  private migrateSessionMapIfNeeded(): void {
-    const mapPath = resolve(getPpmDir(), "session-map.json");
-    if (!existsSync(mapPath)) return;
-    try {
-      const { setSessionMetadata } = require("./db.service.ts");
-      const map = JSON.parse(readFileSync(mapPath, "utf-8")) as Record<string, string>;
-      for (const [_ppmId, sdkId] of Object.entries(map)) {
-        // Use SDK ID as canonical session ID (ppmId is legacy)
-        setSessionMetadata(sdkId);
-      }
-      renameSync(mapPath, mapPath + ".bak");
-      console.log("[config] Migrated session-map.json → SQLite");
-    } catch {}
-  }
-
-  private migratePushSubsIfNeeded(): void {
-    const subsPath = resolve(getPpmDir(), "push-subscriptions.json");
-    if (!existsSync(subsPath)) return;
-    try {
-      const { upsertPushSubscription } = require("./db.service.ts");
-      const subs = JSON.parse(readFileSync(subsPath, "utf-8")) as Array<{
-        endpoint: string;
-        keys: { p256dh: string; auth: string };
-        expirationTime?: number | null;
-      }>;
-      for (const sub of subs) {
-        upsertPushSubscription(
-          sub.endpoint,
-          sub.keys.p256dh,
-          sub.keys.auth,
-          sub.expirationTime != null ? String(sub.expirationTime) : null,
-        );
-      }
-      renameSync(subsPath, subsPath + ".bak");
-      console.log("[config] Migrated push-subscriptions.json → SQLite");
-    } catch {}
-  }
 }
 
 /** Singleton config service */

package/src/services/ppmbot/cli-reference-default.ts

@@ -13,7 +13,7 @@ ppm start
   Start the PPM server (background by default)
   -p, --port <port> — Port to listen on
   -s, --share — (deprecated) Tunnel is now always enabled
-  -c, --config <path> — Path to config file (YAML import into DB)
+  --profile <name> — DB profile name (e.g. 'dev' → ppm.dev.db)
 
 ppm stop
   Stop the PPM server (supervisor stays alive)
@@ -25,7 +25,6 @@ ppm down
 
 ppm restart
   Restart the server (keeps tunnel alive)
-  -c, --config <path> — Path to config file
   --force — Force resume from paused state
 
 ppm status
@@ -35,7 +34,6 @@ ppm status
 
 ppm open
   Open PPM in browser
-  -c, --config <path> — Path to config file
 
 ppm logs
   View PPM daemon logs
@@ -203,7 +201,6 @@ ppm autostart enable
   Register PPM to start automatically on boot
   -p, --port <port> — Override port
   -s, --share — (deprecated) Tunnel is now always enabled
-  -c, --config <path> — Config file path
   --profile <name> — DB profile name
 
 ppm autostart disable

package/src/services/supervisor.ts

@@ -2,7 +2,7 @@
  * Supervisor process — long-lived parent that manages server child + tunnel child.
  * Respawns children on crash with exponential backoff.
  * Health-checks server (/api/health) and tunnel URL (public probe).
- * Entry: __supervise__ <port> <host> [config] [profile] [--share]
+ * Entry: __supervise__ <port> <host> [profile] [--share]
  */
 import type { Subprocess } from "bun";
 import { resolve } from "node:path";
@@ -782,7 +782,6 @@ export function shutdown() {
 export async function runSupervisor(opts: {
   port: number;
   host: string;
-  config?: string;
   profile?: string;
   share: boolean;
 }) {
@@ -822,7 +821,7 @@ export async function runSupervisor(opts: {
   // Build __serve__ args
   const serverArgs = [
     "__serve__", String(opts.port), opts.host,
-    opts.config ?? "", opts.profile ?? "",
+    opts.profile ?? "",
   ];
   // Strip trailing empty args
   while (serverArgs.length > 0 && serverArgs[serverArgs.length - 1] === "") serverArgs.pop();
@@ -950,8 +949,7 @@ if (process.argv.includes("__supervise__")) {
   const idx = process.argv.indexOf("__supervise__");
   const port = parseInt(process.argv[idx + 1] ?? "8080", 10);
   const host = process.argv[idx + 2] ?? "0.0.0.0";
-  const config = process.argv[idx + 3] && process.argv[idx + 3] !== "_" ? process.argv[idx + 3] : undefined;
-  const profile = process.argv[idx + 4] && process.argv[idx + 4] !== "_" ? process.argv[idx + 4] : undefined;
+  const profile = process.argv[idx + 3] && process.argv[idx + 3] !== "_" ? process.argv[idx + 3] : undefined;
   const share = process.argv.includes("--share");
 
   // Set DB profile for supervisor (needed to read config)
@@ -960,5 +958,5 @@ if (process.argv.includes("__supervise__")) {
     setDbProfile(profile);
   }
 
-  runSupervisor({ port, host, config, profile, share });
+  runSupervisor({ port, host, profile, share });
 }