@it-club/provisor 0.1.0

package/dist/cli.js

@@ -0,0 +1,2359 @@
+#!/usr/bin/env node
+
+// src/cli.tsx
+import { program } from "commander";
+import { render } from "ink";
+
+// src/commands/init.tsx
+import { useState as useState2, useEffect } from "react";
+import { Box as Box4, Text as Text4, useApp } from "ink";
+
+// src/components/Task.tsx
+import { Box, Text } from "ink";
+import Spinner from "ink-spinner";
+import { jsx, jsxs } from "react/jsx-runtime";
+var statusIcons = {
+  pending: /* @__PURE__ */ jsx(Text, { color: "gray", children: "\u25CB" }),
+  running: /* @__PURE__ */ jsx(Text, { color: "cyan", children: /* @__PURE__ */ jsx(Spinner, { type: "dots" }) }),
+  success: /* @__PURE__ */ jsx(Text, { color: "green", children: "\u2713" }),
+  error: /* @__PURE__ */ jsx(Text, { color: "red", children: "\u2717" }),
+  skipped: /* @__PURE__ */ jsx(Text, { color: "yellow", children: "-" })
+};
+function Task({ label, status, message }) {
+  return /* @__PURE__ */ jsxs(Box, { children: [
+    /* @__PURE__ */ jsx(Box, { width: 3, children: statusIcons[status] }),
+    /* @__PURE__ */ jsxs(Text, { color: status === "error" ? "red" : void 0, children: [
+      label,
+      message && /* @__PURE__ */ jsxs(Text, { color: "gray", children: [
+        " ",
+        message
+      ] })
+    ] })
+  ] });
+}
+
+// src/components/Header.tsx
+import { Box as Box2, Text as Text2 } from "ink";
+import { jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
+function Header({ title, subtitle }) {
+  return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", marginBottom: 1, children: [
+    /* @__PURE__ */ jsxs2(Text2, { bold: true, color: "cyan", children: [
+      "\u25C6 ",
+      title
+    ] }),
+    subtitle && /* @__PURE__ */ jsx2(Text2, { color: "gray", children: subtitle })
+  ] });
+}
+
+// src/components/Confirm.tsx
+import { useState } from "react";
+import { Box as Box3, Text as Text3, useInput } from "ink";
+import { jsx as jsx3, jsxs as jsxs3 } from "react/jsx-runtime";
+function Confirm({ message, onConfirm }) {
+  const [answered, setAnswered] = useState(false);
+  useInput((input, key) => {
+    if (answered) return;
+    if (input.toLowerCase() === "y" || key.return) {
+      setAnswered(true);
+      onConfirm(true);
+    } else if (input.toLowerCase() === "n" || key.escape) {
+      setAnswered(true);
+      onConfirm(false);
+    }
+  });
+  if (answered) return null;
+  return /* @__PURE__ */ jsxs3(Box3, { children: [
+    /* @__PURE__ */ jsx3(Text3, { color: "yellow", children: message }),
+    /* @__PURE__ */ jsx3(Text3, { color: "gray", children: " (y/n) " })
+  ] });
+}
+
+// src/utils/ssh.ts
+import { Client } from "ssh2";
+import { readFileSync, existsSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+function findDefaultKey() {
+  const sshDir = join(homedir(), ".ssh");
+  const keyNames = ["id_ed25519", "id_rsa", "id_ecdsa"];
+  for (const name of keyNames) {
+    const keyPath = join(sshDir, name);
+    if (existsSync(keyPath)) {
+      return keyPath;
+    }
+  }
+  return null;
+}
+function createSSHConfig(options) {
+  const keyPath = options.key || findDefaultKey();
+  if (!keyPath) {
+    throw new Error(
+      "No SSH key found. Specify with --key or ensure ~/.ssh/id_ed25519 exists"
+    );
+  }
+  if (!existsSync(keyPath)) {
+    throw new Error(`SSH key not found: ${keyPath}`);
+  }
+  return {
+    host: options.host,
+    port: parseInt(String(options.port || 22), 10),
+    username: options.user || "root",
+    privateKey: readFileSync(keyPath)
+  };
+}
+function connect(options) {
+  return new Promise((resolve, reject) => {
+    const client = new Client();
+    const config = createSSHConfig(options);
+    client.on("ready", () => resolve(client));
+    client.on("error", reject);
+    client.connect(config);
+  });
+}
+function exec(client, command) {
+  return new Promise((resolve, reject) => {
+    client.exec(command, (err, stream) => {
+      if (err) {
+        reject(err);
+        return;
+      }
+      let stdout = "";
+      let stderr = "";
+      stream.on("data", (data) => {
+        stdout += data.toString();
+      });
+      stream.stderr.on("data", (data) => {
+        stderr += data.toString();
+      });
+      stream.on("close", (code) => {
+        resolve({ stdout, stderr, code: code ?? 0 });
+      });
+    });
+  });
+}
+async function execScript(client, script, useSudo = false) {
+  const escapedScript = script.replace(/'/g, "'\\''");
+  const command = useSudo ? `sudo bash -c '${escapedScript}'` : `bash -c '${escapedScript}'`;
+  return exec(client, command);
+}
+function disconnect(client) {
+  client.end();
+}
+
+// src/commands/init.tsx
+import { jsx as jsx4, jsxs as jsxs4 } from "react/jsx-runtime";
+var SCRIPTS = {
+  checkUser: (user) => `id ${user} &>/dev/null && echo "exists" || echo "not_found"`,
+  createUser: (user) => `
+    adduser --gecos "" --disabled-password ${user}
+    usermod -aG sudo ${user}
+    echo "${user} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${user}
+    chmod 440 /etc/sudoers.d/${user}
+  `,
+  copyRootKeys: (user) => `
+    mkdir -p /home/${user}/.ssh
+    cp /root/.ssh/authorized_keys /home/${user}/.ssh/authorized_keys
+    chown -R ${user}:${user} /home/${user}/.ssh
+    chmod 700 /home/${user}/.ssh
+    chmod 600 /home/${user}/.ssh/authorized_keys
+  `,
+  setupFirewall: () => `
+    apt install -y ufw
+    ufw allow OpenSSH
+    ufw allow 80
+    ufw allow 443
+    echo "y" | ufw enable
+  `,
+  hardenSsh: () => `
+    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
+    sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+    sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+    systemctl restart ssh || systemctl restart sshd
+  `
+};
+function InitCommand(props) {
+  const { exit } = useApp();
+  const [client, setClient] = useState2(null);
+  const [tasks, setTasks] = useState2({
+    connect: "pending",
+    update: "pending",
+    createUser: "pending",
+    setupSsh: "pending",
+    firewall: "pending",
+    hardenSsh: "pending"
+  });
+  const [error, setError] = useState2(null);
+  const [waitingConfirm, setWaitingConfirm] = useState2(false);
+  const [summary, setSummary] = useState2([]);
+  const updateTask = (task, status) => {
+    setTasks((prev) => ({ ...prev, [task]: status }));
+  };
+  const addSummary = (msg) => {
+    setSummary((prev) => [...prev, msg]);
+  };
+  useEffect(() => {
+    const run = async () => {
+      updateTask("connect", "running");
+      try {
+        const sshClient = await connect({ ...props, user: "root" });
+        setClient(sshClient);
+        updateTask("connect", "success");
+      } catch (err) {
+        updateTask("connect", "error");
+        setError(`Connection failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, []);
+  useEffect(() => {
+    if (!client || tasks.connect !== "success" || tasks.update !== "pending") return;
+    const run = async () => {
+      updateTask("update", "running");
+      try {
+        await exec(client, "apt update && apt upgrade -y");
+        await exec(client, "apt install -y curl git");
+        updateTask("update", "success");
+      } catch (err) {
+        updateTask("update", "error");
+        setError(`Update failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tasks.connect]);
+  useEffect(() => {
+    if (!client || tasks.update !== "success" || tasks.createUser !== "pending") return;
+    const run = async () => {
+      updateTask("createUser", "running");
+      try {
+        const result = await exec(client, SCRIPTS.checkUser(props.user));
+        if (result.stdout.trim() === "exists") {
+          updateTask("createUser", "skipped");
+          addSummary(`User '${props.user}' already exists`);
+        } else {
+          await execScript(client, SCRIPTS.createUser(props.user));
+          updateTask("createUser", "success");
+          addSummary(`User '${props.user}' created with sudo access`);
+        }
+      } catch (err) {
+        updateTask("createUser", "error");
+        setError(`User creation failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tasks.update]);
+  useEffect(() => {
+    if (!client || !["success", "skipped"].includes(tasks.createUser) || tasks.setupSsh !== "pending") return;
+    const run = async () => {
+      updateTask("setupSsh", "running");
+      try {
+        await execScript(client, SCRIPTS.copyRootKeys(props.user));
+        updateTask("setupSsh", "success");
+        addSummary(`SSH keys copied to '${props.user}'`);
+      } catch (err) {
+        updateTask("setupSsh", "error");
+        setError(`SSH setup failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tasks.createUser]);
+  useEffect(() => {
+    if (!client || tasks.setupSsh !== "success" || tasks.firewall !== "pending") return;
+    const run = async () => {
+      updateTask("firewall", "running");
+      try {
+        await execScript(client, SCRIPTS.setupFirewall());
+        updateTask("firewall", "success");
+        addSummary("Firewall configured (SSH, HTTP, HTTPS)");
+      } catch (err) {
+        updateTask("firewall", "error");
+        setError(`Firewall setup failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tasks.setupSsh]);
+  useEffect(() => {
+    if (tasks.firewall !== "success" || waitingConfirm || tasks.hardenSsh !== "pending") return;
+    setWaitingConfirm(true);
+  }, [tasks.firewall]);
+  const handleConfirm = async (confirmed) => {
+    if (!client) return;
+    if (!confirmed) {
+      updateTask("hardenSsh", "skipped");
+      addSummary("SSH hardening skipped (root login still enabled)");
+      disconnect(client);
+      setTimeout(() => exit(), 100);
+      return;
+    }
+    updateTask("hardenSsh", "running");
+    try {
+      await execScript(client, SCRIPTS.hardenSsh());
+      updateTask("hardenSsh", "success");
+      addSummary("SSH hardened (root login disabled, password auth disabled)");
+      disconnect(client);
+      setTimeout(() => exit(), 100);
+    } catch (err) {
+      updateTask("hardenSsh", "error");
+      setError(`SSH hardening failed: ${err instanceof Error ? err.message : err}`);
+    }
+  };
+  useEffect(() => {
+    if (error && client) {
+      disconnect(client);
+      setTimeout(() => exit(), 100);
+    }
+  }, [error]);
+  const allDone = tasks.hardenSsh === "success" || tasks.hardenSsh === "skipped";
+  return /* @__PURE__ */ jsxs4(Box4, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx4(Header, { title: "Server Initialization", subtitle: `Host: ${props.host}` }),
+    /* @__PURE__ */ jsx4(Task, { label: "Connect to server", status: tasks.connect }),
+    /* @__PURE__ */ jsx4(Task, { label: "Update system packages", status: tasks.update }),
+    /* @__PURE__ */ jsx4(Task, { label: `Create user '${props.user}'`, status: tasks.createUser }),
+    /* @__PURE__ */ jsx4(Task, { label: "Setup SSH keys", status: tasks.setupSsh }),
+    /* @__PURE__ */ jsx4(Task, { label: "Configure firewall", status: tasks.firewall }),
+    /* @__PURE__ */ jsx4(Task, { label: "Harden SSH", status: tasks.hardenSsh }),
+    waitingConfirm && tasks.hardenSsh === "pending" && /* @__PURE__ */ jsxs4(Box4, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs4(Text4, { color: "yellow", bold: true, children: [
+        "\u26A0 Before proceeding, verify SSH access as '",
+        props.user,
+        "':"
+      ] }),
+      /* @__PURE__ */ jsxs4(Text4, { color: "gray", children: [
+        "  ssh ",
+        props.port !== "22" ? `-p ${props.port} ` : "",
+        props.user,
+        "@",
+        props.host
+      ] }),
+      /* @__PURE__ */ jsx4(Box4, { marginTop: 1, children: /* @__PURE__ */ jsx4(
+        Confirm,
+        {
+          message: "Have you verified SSH access works?",
+          onConfirm: handleConfirm
+        }
+      ) })
+    ] }),
+    error && /* @__PURE__ */ jsx4(Box4, { marginTop: 1, children: /* @__PURE__ */ jsxs4(Text4, { color: "red", children: [
+      "Error: ",
+      error
+    ] }) }),
+    allDone && /* @__PURE__ */ jsxs4(Box4, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx4(Text4, { color: "green", bold: true, children: "\u2713 Initialization complete" }),
+      summary.map((msg, i) => /* @__PURE__ */ jsxs4(Text4, { color: "gray", children: [
+        "  \u2022 ",
+        msg
+      ] }, i)),
+      /* @__PURE__ */ jsx4(Box4, { marginTop: 1, children: /* @__PURE__ */ jsxs4(Text4, { children: [
+        "Next: ",
+        /* @__PURE__ */ jsxs4(Text4, { color: "cyan", children: [
+          "provisor app -h ",
+          props.host
+        ] })
+      ] }) })
+    ] })
+  ] });
+}
+
+// src/commands/app.tsx
+import { useState as useState3, useEffect as useEffect2 } from "react";
+import { Box as Box5, Text as Text5, useApp as useApp2, useInput as useInput2 } from "ink";
+import SelectInput from "ink-select-input";
+import Spinner2 from "ink-spinner";
+import TextInput from "ink-text-input";
+import crypto from "crypto";
+import { Fragment, jsx as jsx5, jsxs as jsxs5 } from "react/jsx-runtime";
+var SCRIPTS2 = {
+  installCaddy: () => `
+    if ! command -v caddy &>/dev/null; then
+      apt install -y debian-keyring debian-archive-keyring apt-transport-https
+      curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+      curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
+      apt update
+      apt install caddy -y
+      echo "installed"
+    else
+      echo "exists"
+    fi
+  `,
+  installNode: () => `
+    if ! command -v node &>/dev/null; then
+      curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
+      apt install -y nodejs
+      echo "installed"
+    else
+      echo "exists"
+    fi
+    if ! command -v pm2 &>/dev/null; then
+      npm install -g pm2
+    fi
+  `,
+  // Check if app directory exists
+  checkAppExists: (name) => `
+    APP_DIR="/var/www/${name}"
+    if [ -d "$APP_DIR" ] && [ "$(ls -A $APP_DIR 2>/dev/null)" ]; then
+      echo "exists"
+    else
+      echo "empty"
+    fi
+  `,
+  // Generate deploy key for private repos
+  generateDeployKey: (name, user) => `
+    SSH_DIR="/home/${user}/.ssh"
+    KEY_FILE="$SSH_DIR/deploy_${name}"
+
+    mkdir -p "$SSH_DIR"
+
+    # Generate key if doesn't exist
+    if [ ! -f "$KEY_FILE" ]; then
+      ssh-keygen -t ed25519 -f "$KEY_FILE" -N "" -C "deploy-key-${name}"
+    fi
+
+    # Configure SSH to use this key for github.com and gitlab.com
+    if ! grep -q "deploy_${name}" "$SSH_DIR/config" 2>/dev/null; then
+      cat >> "$SSH_DIR/config" << EOF
+
+# Deploy key for ${name}
+Host github.com gitlab.com bitbucket.org
+  IdentityFile $KEY_FILE
+  IdentitiesOnly yes
+EOF
+    fi
+
+    chown -R ${user}:${user} "$SSH_DIR"
+    chmod 700 "$SSH_DIR"
+    chmod 600 "$KEY_FILE"
+    chmod 644 "$KEY_FILE.pub"
+    chmod 600 "$SSH_DIR/config" 2>/dev/null || true
+
+    # Output the public key
+    cat "$KEY_FILE.pub"
+  `,
+  // Test SSH connection to git host
+  testGitConnection: (host) => `
+    ssh -o StrictHostKeyChecking=accept-new -o BatchMode=yes -T git@${host} 2>&1 || true
+  `,
+  // Push-to-deploy: setup bare repo with hook
+  setupPushDeploy: (name, branch, user) => `
+    APP_DIR="/var/www/${name}"
+    REPO_DIR="/var/repo/${name}.git"
+
+    mkdir -p "$APP_DIR"
+    mkdir -p "$(dirname "$REPO_DIR")"
+
+    if [ ! -d "$REPO_DIR" ]; then
+      git init --bare "$REPO_DIR"
+    fi
+
+    # Create post-receive hook
+    cat << 'HOOK_EOF' > "$REPO_DIR/hooks/post-receive"
+#!/bin/bash
+set -e
+
+TARGET="/var/www/${name}"
+GIT_DIR="/var/repo/${name}.git"
+BRANCH="${branch}"
+
+echo "=== Deployment Started ==="
+echo "Deploying branch '$BRANCH' to $TARGET..."
+
+git --work-tree="$TARGET" --git-dir="$GIT_DIR" checkout -f "$BRANCH"
+
+cd "$TARGET"
+
+if [ -f "package.json" ]; then
+    echo "Node.js project detected."
+
+    NEED_INSTALL=false
+
+    if [ ! -d "node_modules" ]; then
+        NEED_INSTALL=true
+    elif [ -f "package-lock.json" ]; then
+        LOCK_HASH_FILE="$GIT_DIR/.package-lock-hash"
+        CURRENT_HASH=$(sha256sum package-lock.json | awk '{print $1}')
+
+        if [ -f "$LOCK_HASH_FILE" ]; then
+            PREV_HASH=$(cat "$LOCK_HASH_FILE")
+            if [ "$CURRENT_HASH" != "$PREV_HASH" ]; then
+                NEED_INSTALL=true
+            fi
+        else
+            NEED_INSTALL=true
+        fi
+
+        echo "$CURRENT_HASH" > "$LOCK_HASH_FILE"
+    fi
+
+    if [ "$NEED_INSTALL" = true ]; then
+        echo "Installing dependencies..."
+        npm ci --production 2>/dev/null || npm install --production
+    fi
+
+    if grep -q '"build"' "package.json"; then
+        echo "Building application..."
+        npm run build
+    fi
+
+    PM2_NAME="${name}"
+    if pm2 list 2>/dev/null | grep -q "$PM2_NAME"; then
+        pm2 restart "$PM2_NAME"
+    fi
+else
+    echo "Static site detected."
+fi
+
+echo "=== Deployment Complete ==="
+HOOK_EOF
+
+    chmod +x "$REPO_DIR/hooks/post-receive"
+    chown -R ${user}:${user} "$REPO_DIR"
+    chown -R ${user}:${user} "$APP_DIR"
+    echo "push-deploy-ready"
+  `,
+  // Clone from repository - fresh clone (replace)
+  cloneRepoFresh: (name, repoUrl, branch, user) => `
+    APP_DIR="/var/www/${name}"
+
+    # Remove existing if present
+    rm -rf "$APP_DIR"
+    mkdir -p "$APP_DIR"
+    chown ${user}:${user} "$APP_DIR"
+
+    # Clone as the deploy user to use their SSH keys
+    sudo -u ${user} git clone --branch ${branch} --single-branch ${repoUrl} "$APP_DIR"
+
+    cd "$APP_DIR"
+
+    # Build if Node.js project
+    if [ -f "package.json" ]; then
+        echo "Node.js project detected."
+        sudo -u ${user} npm ci --production 2>/dev/null || sudo -u ${user} npm install --production
+
+        if grep -q '"build"' "package.json"; then
+            echo "Building application..."
+            sudo -u ${user} npm run build
+        fi
+    else
+        echo "Static site detected."
+    fi
+
+    chown -R ${user}:${user} "$APP_DIR"
+    echo "clone-complete"
+  `,
+  // Update existing cloned repo (git pull)
+  updateRepo: (name, branch, user) => `
+    APP_DIR="/var/www/${name}"
+
+    cd "$APP_DIR"
+
+    # Fetch and reset to latest
+    sudo -u ${user} git fetch origin
+    sudo -u ${user} git reset --hard origin/${branch}
+
+    # Build if Node.js project
+    if [ -f "package.json" ]; then
+        echo "Node.js project detected."
+        sudo -u ${user} npm ci --production 2>/dev/null || sudo -u ${user} npm install --production
+
+        if grep -q '"build"' "package.json"; then
+            echo "Building application..."
+            sudo -u ${user} npm run build
+        fi
+
+        PM2_NAME="${name}"
+        if pm2 list 2>/dev/null | grep -q "$PM2_NAME"; then
+            pm2 restart "$PM2_NAME"
+        fi
+    else
+        echo "Static site detected."
+    fi
+
+    echo "update-complete"
+  `,
+  // Create update script for cloned repos
+  createUpdateScript: (name, branch, user) => `
+    cat << 'SCRIPT_EOF' > /usr/local/bin/update-${name}
+#!/bin/bash
+set -e
+
+APP_DIR="/var/www/${name}"
+BRANCH="${branch}"
+USER="${user}"
+
+echo "=== Updating ${name} ==="
+
+cd "$APP_DIR"
+
+# Run git commands as deploy user to use their SSH keys
+sudo -u $USER git fetch origin
+sudo -u $USER git reset --hard origin/$BRANCH
+
+if [ -f "package.json" ]; then
+    sudo -u $USER npm ci --production 2>/dev/null || sudo -u $USER npm install --production
+
+    if grep -q '"build"' "package.json"; then
+        sudo -u $USER npm run build
+    fi
+
+    PM2_NAME="${name}"
+    if pm2 list 2>/dev/null | grep -q "$PM2_NAME"; then
+        pm2 restart "$PM2_NAME"
+    fi
+fi
+
+echo "=== Update Complete ==="
+SCRIPT_EOF
+
+    chmod +x /usr/local/bin/update-${name}
+    echo "update-script-created"
+  `,
+  caddyOnDemand: (appDir) => `
+cat << 'EOF' > /etc/caddy/Caddyfile
+{
+    on_demand_tls {
+        interval 2m
+        burst    5
+    }
+}
+
+https:// {
+    tls {
+        on_demand
+    }
+
+    root * ${appDir}
+    encode gzip
+    try_files {path} /index.html
+    file_server
+}
+
+http:// {
+    redir https://{host}{uri} permanent
+}
+EOF
+caddy validate --config /etc/caddy/Caddyfile && systemctl reload caddy
+  `,
+  caddySpecific: (appDir, domains) => `
+cat << EOF > /etc/caddy/Caddyfile
+${domains} {
+    root * ${appDir}
+    encode gzip
+    try_files {path} /index.html
+    file_server
+}
+EOF
+caddy validate --config /etc/caddy/Caddyfile && systemctl reload caddy
+  `,
+  caddyHttp: (appDir) => `
+cat << 'EOF' > /etc/caddy/Caddyfile
+:80 {
+    root * ${appDir}
+    encode gzip
+    try_files {path} /index.html
+    file_server
+}
+EOF
+caddy validate --config /etc/caddy/Caddyfile && systemctl reload caddy
+  `,
+  // Setup webhook handler for automatic deployment
+  setupWebhook: (name, branch, port, secret) => `
+    # Create webhook handler script
+    cat << 'HANDLER_EOF' > /usr/local/bin/webhook-${name}.js
+#!/usr/bin/env node
+
+const http = require('http');
+const crypto = require('crypto');
+const { spawn } = require('child_process');
+
+const config = {
+  port: ${port},
+  secret: '${secret}',
+  branch: '${branch}',
+  app: '${name}',
+};
+
+const updateScript = '/usr/local/bin/update-' + config.app;
+
+function log(message) {
+  const timestamp = new Date().toISOString();
+  console.log('[' + timestamp + '] ' + message);
+}
+
+function verifySignature(payload, signature, secret) {
+  if (!secret) return true;
+  if (signature.startsWith('sha256=')) {
+    const expected = 'sha256=' + crypto.createHmac('sha256', secret).update(payload).digest('hex');
+    return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
+  }
+  if (signature.startsWith('sha1=')) {
+    const expected = 'sha1=' + crypto.createHmac('sha1', secret).update(payload).digest('hex');
+    return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
+  }
+  return signature === secret;
+}
+
+function getBranchFromPayload(payload) {
+  try {
+    const data = JSON.parse(payload);
+    if (data.ref) return data.ref.replace('refs/heads/', '');
+    if (data.object_kind === 'push' && data.ref) return data.ref.replace('refs/heads/', '');
+    if (data.push && data.push.changes && data.push.changes[0]) {
+      const change = data.push.changes[0];
+      if (change.new && change.new.name) return change.new.name;
+    }
+    return null;
+  } catch (e) { return null; }
+}
+
+function runUpdate() {
+  log('Running update script: ' + updateScript);
+  const child = spawn('sudo', [updateScript], { stdio: ['ignore', 'pipe', 'pipe'] });
+  child.stdout.on('data', (data) => log('[update] ' + data.toString().trim()));
+  child.stderr.on('data', (data) => log('[update:err] ' + data.toString().trim()));
+  child.on('close', (code) => log(code === 0 ? 'Update completed' : 'Update failed: ' + code));
+}
+
+const server = http.createServer((req, res) => {
+  if (req.method === 'GET' && req.url === '/health') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ status: 'ok', app: config.app, branch: config.branch }));
+    return;
+  }
+  if (req.method !== 'POST' || (req.url !== '/webhook' && req.url !== '/')) {
+    res.writeHead(404); res.end('Not found'); return;
+  }
+  let body = '';
+  req.on('data', (chunk) => { body += chunk.toString(); });
+  req.on('end', () => {
+    const signature = req.headers['x-hub-signature-256'] || req.headers['x-hub-signature'] || req.headers['x-gitlab-token'] || '';
+    if (config.secret && !verifySignature(body, signature, config.secret)) {
+      log('Invalid signature'); res.writeHead(401); res.end('Unauthorized'); return;
+    }
+    const branch = getBranchFromPayload(body);
+    if (!branch) { res.writeHead(400); res.end('Invalid payload'); return; }
+    log('Push to branch: ' + branch);
+    if (branch !== config.branch) { res.writeHead(200); res.end('OK (ignored)'); return; }
+    log('Triggering deployment...');
+    runUpdate();
+    res.writeHead(200); res.end('Deployment triggered');
+  });
+});
+
+server.listen(config.port, '0.0.0.0', () => {
+  log('Webhook handler started for ' + config.app + ' on port ' + config.port);
+});
+
+process.on('SIGTERM', () => { server.close(() => process.exit(0)); });
+process.on('SIGINT', () => { server.close(() => process.exit(0)); });
+HANDLER_EOF
+
+    chmod +x /usr/local/bin/webhook-${name}.js
+
+    # Create systemd service
+    cat << 'SERVICE_EOF' > /etc/systemd/system/webhook-${name}.service
+[Unit]
+Description=Webhook handler for ${name}
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/node /usr/local/bin/webhook-${name}.js
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=webhook-${name}
+
+[Install]
+WantedBy=multi-user.target
+SERVICE_EOF
+
+    # Open firewall port
+    ufw allow ${port}/tcp comment "webhook-${name}"
+
+    # Start service
+    systemctl daemon-reload
+    systemctl enable webhook-${name}
+    systemctl start webhook-${name}
+
+    echo "webhook-ready:${port}"
+  `,
+  // Save app config
+  saveConfig: (name, config) => `
+    CONFIG_FILE="/var/www/${name}/.provisor.json"
+    mkdir -p "/var/www/${name}"
+    echo '${JSON.stringify(config)}' > "$CONFIG_FILE"
+    chmod 600 "$CONFIG_FILE"
+  `,
+  // Find available port for webhook
+  findAvailablePort: () => `
+    for port in $(seq 9000 9100); do
+      if ! ss -tuln | grep -q ":$port "; then
+        echo $port
+        exit 0
+      fi
+    done
+    echo "9000"
+  `,
+  // Setup git polling service for automatic deployment
+  setupPolling: (name, branch, user, interval) => `
+    # Create polling script (single poll)
+    cat << 'POLLING_EOF' > /usr/local/bin/poll-${name}.sh
+#!/bin/bash
+set -e
+
+APP_DIR="/var/www/${name}"
+BRANCH="${branch}"
+USER="${user}"
+LOCK_FILE="/tmp/poll-${name}.lock"
+
+# Prevent concurrent runs
+exec 200>"$LOCK_FILE"
+flock -n 200 || exit 0
+
+cd "$APP_DIR"
+
+# Fetch latest changes
+sudo -u $USER git fetch origin "$BRANCH" --quiet 2>/dev/null
+
+# Get local and remote hashes
+LOCAL=$(git rev-parse HEAD)
+REMOTE=$(git rev-parse "origin/$BRANCH")
+
+# If different, deploy
+if [ "$LOCAL" != "$REMOTE" ]; then
+    echo "[$(date -Iseconds)] New commit detected: $REMOTE"
+    sudo /usr/local/bin/update-${name}
+else
+    echo "[$(date -Iseconds)] No changes"
+fi
+POLLING_EOF
+
+    chmod +x /usr/local/bin/poll-${name}.sh
+
+    # Check if systemd is available (PID 1)
+    if pidof systemd > /dev/null 2>&1 || [ "$(cat /proc/1/comm 2>/dev/null)" = "systemd" ]; then
+      # SYSTEMD MODE: Use timer
+      cat << SERVICE_EOF > /etc/systemd/system/poll-${name}.service
+[Unit]
+Description=Git polling service for ${name}
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/poll-${name}.sh
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=poll-${name}
+SERVICE_EOF
+
+      cat << TIMER_EOF > /etc/systemd/system/poll-${name}.timer
+[Unit]
+Description=Run git polling for ${name} every ${interval} seconds
+
+[Timer]
+OnBootSec=30
+OnUnitActiveSec=${interval}s
+AccuracySec=1s
+
+[Install]
+WantedBy=timers.target
+TIMER_EOF
+
+      systemctl daemon-reload
+      systemctl enable poll-${name}.timer
+      systemctl start poll-${name}.timer
+      echo "polling-ready:${interval}:systemd"
+    else
+      # DAEMON MODE: Use background loop (for Docker/non-systemd)
+      cat << 'DAEMON_EOF' > /usr/local/bin/poll-${name}-daemon.sh
+#!/bin/bash
+LOG_FILE="/var/log/poll-${name}.log"
+PID_FILE="/var/run/poll-${name}.pid"
+INTERVAL=${interval}
+
+# Write PID
+echo $$ > "$PID_FILE"
+
+echo "[$(date -Iseconds)] Polling daemon started (every ${interval}s)" >> "$LOG_FILE"
+
+while true; do
+    /usr/local/bin/poll-${name}.sh >> "$LOG_FILE" 2>&1
+    sleep $INTERVAL
+done
+DAEMON_EOF
+
+      chmod +x /usr/local/bin/poll-${name}-daemon.sh
+
+      # Stop existing daemon if running
+      if [ -f /var/run/poll-${name}.pid ]; then
+        kill $(cat /var/run/poll-${name}.pid) 2>/dev/null || true
+        rm -f /var/run/poll-${name}.pid
+      fi
+
+      # Start daemon in background
+      mkdir -p /var/log
+      touch /var/log/poll-${name}.log
+      nohup /usr/local/bin/poll-${name}-daemon.sh > /dev/null 2>&1 &
+      
+      echo "polling-ready:${interval}:daemon"
+    fi
+  `
+};
+var deployOptions = [
+  { label: "Push-to-deploy (git push to server)", value: "push" },
+  { label: "Clone from public repository", value: "clone-public" },
+  { label: "Clone from private repository (with deploy key)", value: "clone-private" }
+];
+var existingAppOptions = [
+  { label: "Replace (delete and clone fresh)", value: "replace" },
+  { label: "Update (git pull latest changes)", value: "update" },
+  { label: "Cancel", value: "cancel" }
+];
+var tlsOptions = [
+  { label: "On-demand TLS (auto-cert for any domain)", value: "ondemand" },
+  { label: "Specific domain(s)", value: "specific" },
+  { label: "No TLS (HTTP only)", value: "none" }
+];
+var autoDeployOptions = [
+  { label: "Git polling (checks every 10s, simpler setup)", value: "polling" },
+  { label: "Webhook (instant, requires repo webhook setup)", value: "webhook" },
+  { label: "Manual only (use provisor deploy command)", value: "none" }
+];
+function getGitHost(url) {
+  if (url.includes("github.com")) return "github.com";
+  if (url.includes("gitlab.com")) return "gitlab.com";
+  if (url.includes("bitbucket.org")) return "bitbucket.org";
+  const match = url.match(/git@([^:]+):/);
+  if (match) return match[1];
+  return "github.com";
+}
+function getDeployKeyInstructions(host) {
+  switch (host) {
+    case "github.com":
+      return {
+        url: "https://github.com/<owner>/<repo>/settings/keys",
+        steps: [
+          "1. Go to your repository on GitHub",
+          "2. Click Settings \u2192 Deploy keys \u2192 Add deploy key",
+          "3. Paste the public key above",
+          '4. Give it a title (e.g., "Server deploy key")',
+          '5. Click "Add key" (leave "Allow write access" unchecked)'
+        ]
+      };
+    case "gitlab.com":
+      return {
+        url: "https://gitlab.com/<owner>/<repo>/-/settings/repository",
+        steps: [
+          "1. Go to your repository on GitLab",
+          "2. Click Settings \u2192 Repository \u2192 Deploy keys",
+          "3. Paste the public key above",
+          '4. Give it a title and click "Add key"'
+        ]
+      };
+    case "bitbucket.org":
+      return {
+        url: "https://bitbucket.org/<owner>/<repo>/admin/access-keys/",
+        steps: [
+          "1. Go to your repository on Bitbucket",
+          "2. Click Repository settings \u2192 Access keys",
+          '3. Click "Add key" and paste the public key above'
+        ]
+      };
+    default:
+      return {
+        url: "",
+        steps: [
+          "1. Go to your repository settings",
+          '2. Find "Deploy keys" or "Access keys" section',
+          "3. Add the public key shown above"
+        ]
+      };
+  }
+}
+function AppCommand(props) {
+  const { exit } = useApp2();
+  const [client, setClient] = useState3(null);
+  const [tasks, setTasks] = useState3({
+    connect: "pending",
+    caddy: "pending",
+    node: "pending",
+    deployKey: "pending",
+    deploy: "pending",
+    webhook: "pending",
+    caddyConfig: "pending"
+  });
+  const [error, setError] = useState3(null);
+  const [selectingMethod, setSelectingMethod] = useState3(false);
+  const [deployMethod, setDeployMethod] = useState3(props.repo ? "clone-public" : null);
+  const [enteringRepo, setEnteringRepo] = useState3(false);
+  const [repoUrl, setRepoUrl] = useState3(props.repo || "");
+  const [selectingTls, setSelectingTls] = useState3(false);
+  const [tlsChoice, setTlsChoice] = useState3(null);
+  const [deployKey, setDeployKey] = useState3("");
+  const [waitingForKeySetup, setWaitingForKeySetup] = useState3(false);
+  const [keyConfirmed, setKeyConfirmed] = useState3(false);
+  const [keyVerifying, setKeyVerifying] = useState3(false);
+  const [keyVerified, setKeyVerified] = useState3(false);
+  const [keyVerifyError, setKeyVerifyError] = useState3(null);
+  const [appExists, setAppExists] = useState3(null);
+  const [selectingExistingAction, setSelectingExistingAction] = useState3(false);
+  const [existingAppAction, setExistingAppAction] = useState3(null);
+  const [selectingAutoDeploy, setSelectingAutoDeploy] = useState3(false);
+  const [autoDeployChoice, setAutoDeployChoice] = useState3(null);
+  const [webhookPort, setWebhookPort] = useState3(0);
+  const [webhookSecret, setWebhookSecret] = useState3("");
+  const [pollingInterval, setPollingInterval] = useState3(10);
+  const [serverIp, setServerIp] = useState3("");
+  const appDir = `/var/www/${props.name}`;
+  const repoDir = `/var/repo/${props.name}.git`;
+  const gitHost = getGitHost(repoUrl);
+  const keyInstructions = getDeployKeyInstructions(gitHost);
+  const updateTask = (task, status) => {
+    setTasks((prev) => ({ ...prev, [task]: status }));
+  };
+  useInput2((input, key) => {
+    if (waitingForKeySetup && !keyConfirmed && !keyVerifying) {
+      if (input.toLowerCase() === "y" || key.return) {
+        setKeyConfirmed(true);
+        setKeyVerifying(true);
+        setKeyVerifyError(null);
+      } else if (input.toLowerCase() === "n" || key.escape) {
+        setError("Deployment cancelled. Please add the deploy key and try again.");
+      }
+    }
+    if (keyVerifyError && !keyVerifying) {
+      if (input.toLowerCase() === "r") {
+        setKeyVerifying(true);
+        setKeyVerifyError(null);
+      } else if (input.toLowerCase() === "q" || key.escape) {
+        setError("Deployment cancelled. Please add the deploy key and try again.");
+      }
+    }
+  });
+  useEffect2(() => {
+    const run = async () => {
+      updateTask("connect", "running");
+      try {
+        const sshClient = await connect(props);
+        setClient(sshClient);
+        const ipResult = await exec(sshClient, "hostname -I | awk '{print $1}'");
+        setServerIp(ipResult.stdout.trim());
+        updateTask("connect", "success");
+      } catch (err) {
+        updateTask("connect", "error");
+        setError(`Connection failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, []);
+  useEffect2(() => {
+    if (!client || tasks.connect !== "success" || tasks.caddy !== "pending") return;
+    const run = async () => {
+      updateTask("caddy", "running");
+      try {
+        await execScript(client, SCRIPTS2.installCaddy(), true);
+        updateTask("caddy", "success");
+      } catch (err) {
+        updateTask("caddy", "error");
+        setError(`Caddy installation failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tasks.connect]);
+  useEffect2(() => {
+    if (!client || tasks.caddy !== "success" || tasks.node !== "pending") return;
+    const run = async () => {
+      updateTask("node", "running");
+      try {
+        await execScript(client, SCRIPTS2.installNode(), true);
+        updateTask("node", "success");
+      } catch (err) {
+        updateTask("node", "error");
+        setError(`Node.js installation failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tasks.caddy]);
+  useEffect2(() => {
+    if (tasks.node !== "success" || selectingMethod || deployMethod !== null) return;
+    setSelectingMethod(true);
+  }, [tasks.node]);
+  const handleMethodSelect = (item) => {
+    setSelectingMethod(false);
+    const method = item.value;
+    setDeployMethod(method);
+    if ((method === "clone-public" || method === "clone-private") && !repoUrl) {
+      setEnteringRepo(true);
+    }
+  };
+  const handleRepoSubmit = (value) => {
+    setRepoUrl(value);
+    setEnteringRepo(false);
+  };
+  useEffect2(() => {
+    if (!client || !deployMethod || enteringRepo) return;
+    if (deployMethod === "push") {
+      setAppExists(false);
+      return;
+    }
+    if (appExists !== null) return;
+    const run = async () => {
+      try {
+        const result = await exec(client, SCRIPTS2.checkAppExists(props.name));
+        setAppExists(result.stdout.trim() === "exists");
+      } catch {
+        setAppExists(false);
+      }
+    };
+    run();
+  }, [client, deployMethod, enteringRepo, repoUrl]);
+  useEffect2(() => {
+    if (appExists === true && !selectingExistingAction && existingAppAction === null) {
+      setSelectingExistingAction(true);
+    }
+    if (appExists === false && existingAppAction === null) {
+      setExistingAppAction("replace");
+    }
+  }, [appExists]);
+  const handleExistingAppSelect = (item) => {
+    setSelectingExistingAction(false);
+    const action = item.value;
+    if (action === "cancel") {
+      setError("Deployment cancelled.");
+      return;
+    }
+    setExistingAppAction(action);
+  };
+  useEffect2(() => {
+    if (!client || deployMethod !== "clone-private" || !repoUrl || tasks.deployKey !== "pending") return;
+    if (existingAppAction === null) return;
+    const run = async () => {
+      updateTask("deployKey", "running");
+      try {
+        const result = await execScript(client, SCRIPTS2.generateDeployKey(props.name, props.user || "deploy"), true);
+        setDeployKey(result.stdout.trim());
+        updateTask("deployKey", "success");
+        setWaitingForKeySetup(true);
+      } catch (err) {
+        updateTask("deployKey", "error");
+        setError(`Deploy key generation failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, deployMethod, repoUrl, existingAppAction]);
+  useEffect2(() => {
+    if (deployMethod && deployMethod !== "clone-private" && tasks.deployKey === "pending" && existingAppAction !== null) {
+      updateTask("deployKey", "skipped");
+    }
+  }, [deployMethod, existingAppAction]);
+  useEffect2(() => {
+    if (!client || !keyVerifying || keyVerified) return;
+    const run = async () => {
+      try {
+        const result = await execScript(client, SCRIPTS2.testGitConnection(gitHost), false);
+        const output = result.stdout.toLowerCase();
+        if (output.includes("permission denied") && !output.includes("successfully authenticated")) {
+          setKeyVerifyError("Permission denied. The deploy key may not be added correctly or may not have read access.");
+          setKeyVerifying(false);
+          return;
+        }
+        if (output.includes("successfully authenticated") || output.includes("welcome to gitlab") || output.includes("logged in as") || output.includes("hi ") && output.includes("!")) {
+          setKeyVerified(true);
+          setKeyVerifying(false);
+          setWaitingForKeySetup(false);
+        } else if (output.includes("could not resolve") || output.includes("connection refused")) {
+          setKeyVerifyError(`Could not connect to ${gitHost}. Check your network connection.`);
+          setKeyVerifying(false);
+        } else {
+          setKeyVerifyError(`Unexpected response from ${gitHost}: ${output.substring(0, 200)}`);
+          setKeyVerifying(false);
+        }
+      } catch (err) {
+        setKeyVerifyError(`Connection test failed: ${err instanceof Error ? err.message : "Unknown error"}`);
+        setKeyVerifying(false);
+      }
+    };
+    run();
+  }, [client, keyVerifying, keyVerified, gitHost]);
+  useEffect2(() => {
+    if (!client || !deployMethod || tasks.deploy !== "pending") return;
+    if (tasks.deployKey !== "success" && tasks.deployKey !== "skipped") return;
+    if (deployMethod === "clone-private" && !keyVerified) return;
+    if ((deployMethod === "clone-public" || deployMethod === "clone-private") && !repoUrl) return;
+    if (existingAppAction === null) return;
+    const run = async () => {
+      updateTask("deploy", "running");
+      try {
+        if (deployMethod === "push") {
+          await execScript(client, SCRIPTS2.setupPushDeploy(props.name, props.branch, props.user || "deploy"), true);
+        } else {
+          if (deployMethod === "clone-private") {
+            await execScript(client, SCRIPTS2.testGitConnection(gitHost), true);
+          }
+          if (existingAppAction === "replace") {
+            await execScript(client, SCRIPTS2.cloneRepoFresh(props.name, repoUrl, props.branch, props.user || "deploy"), true);
+          } else {
+            await execScript(client, SCRIPTS2.updateRepo(props.name, props.branch, props.user || "deploy"), true);
+          }
+          await execScript(client, SCRIPTS2.createUpdateScript(props.name, props.branch, props.user || "deploy"), true);
+        }
+        updateTask("deploy", "success");
+      } catch (err) {
+        updateTask("deploy", "error");
+        setError(`Deployment setup failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, deployMethod, repoUrl, keyVerified, tasks.deployKey, existingAppAction]);
+  useEffect2(() => {
+    if (tasks.deploy !== "success" || tasks.webhook !== "pending") return;
+    if (deployMethod === "push") {
+      updateTask("webhook", "skipped");
+      return;
+    }
+    if (!selectingAutoDeploy && autoDeployChoice === null) {
+      setSelectingAutoDeploy(true);
+    }
+  }, [tasks.deploy, deployMethod]);
+  const handleAutoDeploySelect = async (item) => {
+    setSelectingAutoDeploy(false);
+    const choice = item.value;
+    setAutoDeployChoice(choice);
+    if (choice === "none") {
+      updateTask("webhook", "skipped");
+    }
+  };
+  useEffect2(() => {
+    if (!client || !autoDeployChoice || autoDeployChoice === "none" || tasks.webhook !== "pending") return;
+    const run = async () => {
+      updateTask("webhook", "running");
+      try {
+        const user = props.user || "deploy";
+        if (autoDeployChoice === "polling") {
+          await execScript(client, SCRIPTS2.setupPolling(props.name, props.branch, user, pollingInterval), true);
+          const config = {
+            repo: repoUrl,
+            branch: props.branch,
+            autoDeployType: "polling",
+            pollingInterval
+          };
+          await execScript(client, SCRIPTS2.saveConfig(props.name, config), true);
+        } else if (autoDeployChoice === "webhook") {
+          const portResult = await exec(client, SCRIPTS2.findAvailablePort());
+          const port = parseInt(portResult.stdout.trim(), 10) || 9e3;
+          setWebhookPort(port);
+          const secret = crypto.randomBytes(32).toString("hex");
+          setWebhookSecret(secret);
+          await execScript(client, SCRIPTS2.setupWebhook(props.name, props.branch, port, secret), true);
+          const config = {
+            repo: repoUrl,
+            branch: props.branch,
+            autoDeployType: "webhook",
+            webhookPort: port
+          };
+          await execScript(client, SCRIPTS2.saveConfig(props.name, config), true);
+        }
+        updateTask("webhook", "success");
+      } catch (err) {
+        updateTask("webhook", "error");
+        setError(`Auto-deploy setup failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, autoDeployChoice]);
+  useEffect2(() => {
+    if (tasks.deploy !== "success") return;
+    if (tasks.webhook !== "success" && tasks.webhook !== "skipped") return;
+    if (selectingTls || tlsChoice !== null) return;
+    setSelectingTls(true);
+  }, [tasks.deploy, tasks.webhook]);
+  useEffect2(() => {
+    if (!client || !tlsChoice || tasks.caddyConfig !== "pending") return;
+    const run = async () => {
+      updateTask("caddyConfig", "running");
+      try {
+        let script;
+        switch (tlsChoice) {
+          case "ondemand":
+            script = SCRIPTS2.caddyOnDemand(appDir);
+            break;
+          case "specific":
+            script = SCRIPTS2.caddyOnDemand(appDir);
+            break;
+          case "none":
+            script = SCRIPTS2.caddyHttp(appDir);
+            break;
+        }
+        await execScript(client, script, true);
+        updateTask("caddyConfig", "success");
+        disconnect(client);
+        setTimeout(() => exit(), 100);
+      } catch (err) {
+        updateTask("caddyConfig", "error");
+        setError(`Caddy config failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, [client, tlsChoice]);
+  const handleTlsSelect = (item) => {
+    setSelectingTls(false);
+    setTlsChoice(item.value);
+  };
+  useEffect2(() => {
+    if (error && client) {
+      disconnect(client);
+      setTimeout(() => exit(), 100);
+    }
+  }, [error]);
+  const allDone = tasks.caddyConfig === "success";
+  const isClone = deployMethod === "clone-public" || deployMethod === "clone-private";
+  const deployLabel = isClone ? existingAppAction === "update" ? `Update ${props.name}` : `Clone from ${repoUrl || "repository"}` : "Setup push-to-deploy";
+  return /* @__PURE__ */ jsxs5(Box5, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx5(Header, { title: "Application Provisioning", subtitle: `Host: ${props.host}` }),
+    /* @__PURE__ */ jsx5(Task, { label: "Connect to server", status: tasks.connect }),
+    /* @__PURE__ */ jsx5(Task, { label: "Install Caddy", status: tasks.caddy }),
+    /* @__PURE__ */ jsx5(Task, { label: "Install Node.js & PM2", status: tasks.node }),
+    deployMethod === "clone-private" && /* @__PURE__ */ jsx5(Task, { label: "Generate deploy key", status: tasks.deployKey }),
+    /* @__PURE__ */ jsx5(Task, { label: deployLabel, status: tasks.deploy }),
+    (deployMethod === "clone-public" || deployMethod === "clone-private") && autoDeployChoice && autoDeployChoice !== "none" && /* @__PURE__ */ jsx5(Task, { label: `Setup ${autoDeployChoice === "polling" ? "git polling" : "webhook"} for auto-deploy`, status: tasks.webhook }),
+    /* @__PURE__ */ jsx5(Task, { label: "Configure Caddy", status: tasks.caddyConfig }),
+    selectingMethod && deployMethod === null && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Select deployment method:" }),
+      /* @__PURE__ */ jsx5(SelectInput, { items: deployOptions, onSelect: handleMethodSelect })
+    ] }),
+    enteringRepo && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Enter repository URL:" }),
+      /* @__PURE__ */ jsx5(Text5, { color: "gray", children: deployMethod === "clone-private" ? "(Use SSH URL: git@github.com:user/repo.git)" : "(e.g., https://github.com/user/repo.git)" }),
+      /* @__PURE__ */ jsxs5(Box5, { children: [
+        /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: "> " }),
+        /* @__PURE__ */ jsx5(TextInput, { value: repoUrl, onChange: setRepoUrl, onSubmit: handleRepoSubmit })
+      ] })
+    ] }),
+    selectingExistingAction && existingAppAction === null && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsxs5(Text5, { bold: true, color: "yellow", children: [
+        "\u26A0 App directory ",
+        appDir,
+        " already exists"
+      ] }),
+      /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "What would you like to do?" }),
+      /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsx5(SelectInput, { items: existingAppOptions, onSelect: handleExistingAppSelect }) })
+    ] }),
+    waitingForKeySetup && deployKey && !keyConfirmed && !keyVerifying && !keyVerified && !keyVerifyError && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, color: "yellow", children: "\u2501\u2501\u2501 Deploy Key Generated \u2501\u2501\u2501" }),
+      /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Public key (copy this):" }),
+        /* @__PURE__ */ jsx5(Box5, { marginY: 1, paddingX: 1, borderStyle: "single", borderColor: "cyan", children: /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: deployKey }) })
+      ] }),
+      /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsxs5(Text5, { bold: true, children: [
+          "Add this key to ",
+          gitHost,
+          ":"
+        ] }),
+        keyInstructions.steps.map((step, i) => /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+          "  ",
+          step
+        ] }, i))
+      ] }),
+      /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, children: [
+        /* @__PURE__ */ jsxs5(Text5, { color: "yellow", children: [
+          "Have you added the deploy key to ",
+          gitHost,
+          "? "
+        ] }),
+        /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "(y/n) " })
+      ] })
+    ] }),
+    keyVerifying && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, color: "yellow", children: "\u2501\u2501\u2501 Verifying Deploy Key \u2501\u2501\u2501" }),
+      /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, children: [
+        /* @__PURE__ */ jsx5(Spinner2, { type: "dots" }),
+        /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+          " Testing SSH connection to ",
+          gitHost,
+          "..."
+        ] })
+      ] })
+    ] }),
+    keyVerified && !error && /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsx5(Text5, { color: "green", children: "\u2713 Deploy key verified successfully!" }) }),
+    keyVerifyError && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, color: "red", children: "\u2501\u2501\u2501 Deploy Key Verification Failed \u2501\u2501\u2501" }),
+      /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsxs5(Text5, { color: "red", children: [
+        "\u2717 ",
+        keyVerifyError
+      ] }) }),
+      /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Please check:" }),
+        /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+          "  1. The deploy key is added to ",
+          gitHost
+        ] }),
+        /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  2. The key has read access to the repository" }),
+        /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  3. The repository URL is correct" })
+      ] }),
+      /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+        /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Public key to add:" }),
+        /* @__PURE__ */ jsx5(Box5, { marginY: 1, paddingX: 1, borderStyle: "single", borderColor: "cyan", children: /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: deployKey }) })
+      ] }),
+      /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsx5(Text5, { color: "yellow", children: "Press (r) to retry or (q) to quit" }) })
+    ] }),
+    selectingAutoDeploy && autoDeployChoice === null && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Enable automatic deployment?" }),
+      /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+        "Auto-deploy when you push to ",
+        props.branch,
+        " branch."
+      ] }),
+      /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsx5(SelectInput, { items: autoDeployOptions, onSelect: handleAutoDeploySelect }) })
+    ] }),
+    selectingTls && tlsChoice === null && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Select TLS configuration:" }),
+      /* @__PURE__ */ jsx5(SelectInput, { items: tlsOptions, onSelect: handleTlsSelect })
+    ] }),
+    error && /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsxs5(Text5, { color: "red", children: [
+      "Error: ",
+      error
+    ] }) }),
+    allDone && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx5(Text5, { color: "green", bold: true, children: "\u2713 Application provisioning complete" }),
+      /* @__PURE__ */ jsx5(Box5, { marginTop: 1, flexDirection: "column", children: deployMethod === "push" ? /* @__PURE__ */ jsxs5(Fragment, { children: [
+        /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Git remote (add to local project):" }),
+        /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
+          "  git remote add production ssh://",
+          props.user,
+          "@",
+          serverIp,
+          repoDir
+        ] }),
+        /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Deploy with:" }) }),
+        /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
+          "  git push production ",
+          props.branch
+        ] })
+      ] }) : /* @__PURE__ */ jsxs5(Fragment, { children: [
+        /* @__PURE__ */ jsxs5(Text5, { bold: true, children: [
+          "App ",
+          existingAppAction === "update" ? "updated" : "deployed",
+          " from: ",
+          /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: repoUrl })
+        ] }),
+        /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Manual update:" }) }),
+        /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
+          "  ssh ",
+          props.user,
+          "@",
+          serverIp,
+          ' "sudo update-',
+          props.name,
+          '"'
+        ] }),
+        autoDeployChoice === "polling" && /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+          /* @__PURE__ */ jsx5(Text5, { bold: true, color: "yellow", children: "\u2501\u2501\u2501 Auto-Deploy (Git Polling) \u2501\u2501\u2501" }),
+          /* @__PURE__ */ jsxs5(Text5, { children: [
+            "Polling interval: ",
+            /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
+              pollingInterval,
+              " seconds"
+            ] })
+          ] }),
+          /* @__PURE__ */ jsxs5(Text5, { children: [
+            "Branch: ",
+            /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: props.branch })
+          ] }),
+          /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "The server checks for new commits and deploys automatically." }),
+          /* @__PURE__ */ jsx5(Box5, { marginTop: 1, children: /* @__PURE__ */ jsxs5(Text5, { children: [
+            "View logs: ",
+            /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
+              "journalctl -u poll-",
+              props.name,
+              " -f"
+            ] })
+          ] }) })
+        ] }),
+        autoDeployChoice === "webhook" && webhookPort > 0 && /* @__PURE__ */ jsxs5(Fragment, { children: [
+          /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+            /* @__PURE__ */ jsx5(Text5, { bold: true, color: "yellow", children: "\u2501\u2501\u2501 Auto-Deploy (Webhook) \u2501\u2501\u2501" }),
+            /* @__PURE__ */ jsxs5(Text5, { children: [
+              "Webhook URL: ",
+              /* @__PURE__ */ jsxs5(Text5, { color: "cyan", children: [
+                "http://",
+                serverIp,
+                ":",
+                webhookPort,
+                "/webhook"
+              ] })
+            ] }),
+            /* @__PURE__ */ jsxs5(Text5, { children: [
+              "Secret: ",
+              /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: webhookSecret })
+            ] }),
+            /* @__PURE__ */ jsxs5(Text5, { children: [
+              "Branch: ",
+              /* @__PURE__ */ jsx5(Text5, { color: "cyan", children: props.branch })
+            ] })
+          ] }),
+          /* @__PURE__ */ jsxs5(Box5, { marginTop: 1, flexDirection: "column", children: [
+            /* @__PURE__ */ jsx5(Text5, { bold: true, children: "Add webhook to your repository:" }),
+            gitHost === "github.com" && /* @__PURE__ */ jsxs5(Fragment, { children: [
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  1. Go to your repo \u2192 Settings \u2192 Webhooks \u2192 Add webhook" }),
+              /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+                "  2. Payload URL: http://",
+                serverIp,
+                ":",
+                webhookPort,
+                "/webhook"
+              ] }),
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  3. Content type: application/json" }),
+              /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+                "  4. Secret: ",
+                webhookSecret
+              ] }),
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: '  5. Select "Just the push event"' })
+            ] }),
+            gitHost === "gitlab.com" && /* @__PURE__ */ jsxs5(Fragment, { children: [
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  1. Go to your repo \u2192 Settings \u2192 Webhooks" }),
+              /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+                "  2. URL: http://",
+                serverIp,
+                ":",
+                webhookPort,
+                "/webhook"
+              ] }),
+              /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+                "  3. Secret token: ",
+                webhookSecret
+              ] }),
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  4. Trigger: Push events" })
+            ] }),
+            gitHost === "bitbucket.org" && /* @__PURE__ */ jsxs5(Fragment, { children: [
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  1. Go to your repo \u2192 Repository settings \u2192 Webhooks" }),
+              /* @__PURE__ */ jsxs5(Text5, { color: "gray", children: [
+                "  2. URL: http://",
+                serverIp,
+                ":",
+                webhookPort,
+                "/webhook"
+              ] }),
+              /* @__PURE__ */ jsx5(Text5, { color: "gray", children: "  3. Triggers: Repository push" })
+            ] })
+          ] })
+        ] })
+      ] }) })
+    ] })
+  ] });
+}
+
+// src/commands/ssh-key.tsx
+import { useState as useState4, useEffect as useEffect3 } from "react";
+import { Box as Box6, Text as Text6, useApp as useApp3 } from "ink";
+import { jsx as jsx6, jsxs as jsxs6 } from "react/jsx-runtime";
+function SshKeyCommand(props) {
+  const { exit } = useApp3();
+  const [client, setClient] = useState4(null);
+  const [status, setStatus] = useState4("pending");
+  const [error, setError] = useState4(null);
+  const [keys, setKeys] = useState4([]);
+  const [message, setMessage] = useState4("");
+  useEffect3(() => {
+    const run = async () => {
+      setStatus("running");
+      try {
+        const sshClient = await connect(props);
+        setClient(sshClient);
+        if (props.list) {
+          const result = await exec(sshClient, 'cat ~/.ssh/authorized_keys 2>/dev/null || echo ""');
+          const keyList = result.stdout.trim().split("\n").filter((k) => k.length > 0).map((k) => {
+            const parts = k.split(" ");
+            const type = parts[0] || "unknown";
+            const comment = parts[2] || "no comment";
+            const keyPreview = parts[1]?.slice(-12) || "";
+            return `${type} ...${keyPreview} ${comment}`;
+          });
+          setKeys(keyList);
+          setStatus("success");
+          setMessage(`Found ${keyList.length} key(s)`);
+        } else if (props.add) {
+          const keyPattern = /^(ssh-rsa|ssh-ed25519|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+\S+/;
+          if (!keyPattern.test(props.add)) {
+            throw new Error("Invalid SSH key format");
+          }
+          const existing = await exec(sshClient, 'cat ~/.ssh/authorized_keys 2>/dev/null || echo ""');
+          if (existing.stdout.includes(props.add)) {
+            setStatus("success");
+            setMessage("Key already exists (skipped)");
+          } else {
+            const escapedKey = props.add.replace(/'/g, "'\\''");
+            await exec(sshClient, `echo '${escapedKey}' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys`);
+            setStatus("success");
+            setMessage("Key added successfully");
+          }
+        } else {
+          setStatus("error");
+          setError("Specify --add <key> or --list");
+        }
+        disconnect(sshClient);
+        setTimeout(() => exit(), 100);
+      } catch (err) {
+        setStatus("error");
+        setError(err instanceof Error ? err.message : String(err));
+        if (client) disconnect(client);
+        setTimeout(() => exit(), 100);
+      }
+    };
+    run();
+  }, []);
+  const operation = props.list ? "List SSH keys" : "Add SSH key";
+  return /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx6(Header, { title: "SSH Key Management", subtitle: `Host: ${props.host}` }),
+    /* @__PURE__ */ jsx6(Task, { label: operation, status, message }),
+    props.list && keys.length > 0 && /* @__PURE__ */ jsxs6(Box6, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx6(Text6, { bold: true, children: "Authorized keys:" }),
+      keys.map((key, i) => /* @__PURE__ */ jsxs6(Text6, { color: "gray", children: [
+        "  ",
+        i + 1,
+        ". ",
+        key
+      ] }, i))
+    ] }),
+    error && /* @__PURE__ */ jsx6(Box6, { marginTop: 1, children: /* @__PURE__ */ jsxs6(Text6, { color: "red", children: [
+      "Error: ",
+      error
+    ] }) })
+  ] });
+}
+
+// src/commands/status.tsx
+import { useState as useState5, useEffect as useEffect4 } from "react";
+import { Box as Box7, Text as Text7, useApp as useApp4 } from "ink";
+import { jsx as jsx7, jsxs as jsxs7 } from "react/jsx-runtime";
+function StatusCommand(props) {
+  const { exit } = useApp4();
+  const [taskStatus, setTaskStatus] = useState5("pending");
+  const [error, setError] = useState5(null);
+  const [services, setServices] = useState5([]);
+  const [system, setSystem] = useState5(null);
+  useEffect4(() => {
+    const run = async () => {
+      setTaskStatus("running");
+      try {
+        const client = await connect(props);
+        const [hostnameRes, uptimeRes, loadRes, memRes, diskRes] = await Promise.all([
+          exec(client, "hostname"),
+          exec(client, "uptime -p 2>/dev/null || uptime | awk -F'up' '{print $2}' | awk -F',' '{print $1}'"),
+          exec(client, "cat /proc/loadavg | awk '{print $1, $2, $3}'"),
+          exec(client, `free -h | awk '/^Mem:/ {print $3 "/" $2}'`),
+          exec(client, `df -h / | awk 'NR==2 {print $3 "/" $2 " (" $5 ")"}'`)
+        ]);
+        setSystem({
+          hostname: hostnameRes.stdout.trim(),
+          uptime: uptimeRes.stdout.trim(),
+          load: loadRes.stdout.trim(),
+          memory: memRes.stdout.trim(),
+          disk: diskRes.stdout.trim()
+        });
+        const serviceChecks = ["caddy", "ssh", "ufw"];
+        const serviceResults = [];
+        for (const svc of serviceChecks) {
+          const result = await exec(client, `systemctl is-active ${svc} 2>/dev/null || echo "not-found"`);
+          const status = result.stdout.trim();
+          serviceResults.push({
+            name: svc,
+            running: status === "active",
+            status
+          });
+        }
+        const pm2Result = await exec(client, 'pm2 list 2>/dev/null | grep -E "online|stopped|errored" | wc -l || echo "0"');
+        const pm2Count = parseInt(pm2Result.stdout.trim(), 10);
+        serviceResults.push({
+          name: "pm2",
+          running: pm2Count > 0,
+          status: pm2Count > 0 ? `${pm2Count} process(es)` : "no processes"
+        });
+        setServices(serviceResults);
+        setTaskStatus("success");
+        disconnect(client);
+        setTimeout(() => exit(), 100);
+      } catch (err) {
+        setTaskStatus("error");
+        setError(err instanceof Error ? err.message : String(err));
+        setTimeout(() => exit(), 100);
+      }
+    };
+    run();
+  }, []);
+  return /* @__PURE__ */ jsxs7(Box7, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx7(Header, { title: "Server Status", subtitle: `Host: ${props.host}` }),
+    /* @__PURE__ */ jsx7(Task, { label: "Checking server status", status: taskStatus }),
+    system && /* @__PURE__ */ jsxs7(Box7, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx7(Text7, { bold: true, children: "System:" }),
+      /* @__PURE__ */ jsxs7(Text7, { color: "gray", children: [
+        "  Hostname: ",
+        /* @__PURE__ */ jsx7(Text7, { color: "white", children: system.hostname })
+      ] }),
+      /* @__PURE__ */ jsxs7(Text7, { color: "gray", children: [
+        "  Uptime:   ",
+        /* @__PURE__ */ jsx7(Text7, { color: "white", children: system.uptime })
+      ] }),
+      /* @__PURE__ */ jsxs7(Text7, { color: "gray", children: [
+        "  Load:     ",
+        /* @__PURE__ */ jsx7(Text7, { color: "white", children: system.load })
+      ] }),
+      /* @__PURE__ */ jsxs7(Text7, { color: "gray", children: [
+        "  Memory:   ",
+        /* @__PURE__ */ jsx7(Text7, { color: "white", children: system.memory })
+      ] }),
+      /* @__PURE__ */ jsxs7(Text7, { color: "gray", children: [
+        "  Disk:     ",
+        /* @__PURE__ */ jsx7(Text7, { color: "white", children: system.disk })
+      ] })
+    ] }),
+    services.length > 0 && /* @__PURE__ */ jsxs7(Box7, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx7(Text7, { bold: true, children: "Services:" }),
+      services.map((svc) => /* @__PURE__ */ jsxs7(Box7, { children: [
+        /* @__PURE__ */ jsx7(Text7, { color: "gray", children: "  " }),
+        /* @__PURE__ */ jsx7(Text7, { color: svc.running ? "green" : "red", children: svc.running ? "\u25CF" : "\u25CB" }),
+        /* @__PURE__ */ jsxs7(Text7, { children: [
+          " ",
+          svc.name,
+          ": "
+        ] }),
+        /* @__PURE__ */ jsx7(Text7, { color: svc.running ? "green" : "yellow", children: svc.status })
+      ] }, svc.name))
+    ] }),
+    error && /* @__PURE__ */ jsx7(Box7, { marginTop: 1, children: /* @__PURE__ */ jsxs7(Text7, { color: "red", children: [
+      "Error: ",
+      error
+    ] }) })
+  ] });
+}
+
+// src/commands/deploy.tsx
+import { useState as useState6, useEffect as useEffect5 } from "react";
+import { Box as Box8, Text as Text8, useApp as useApp5 } from "ink";
+import { jsx as jsx8, jsxs as jsxs8 } from "react/jsx-runtime";
+function DeployCommand(props) {
+  const { exit } = useApp5();
+  const [status, setStatus] = useState6("pending");
+  const [output, setOutput] = useState6([]);
+  const [error, setError] = useState6(null);
+  useEffect5(() => {
+    const run = async () => {
+      setStatus("running");
+      try {
+        const client = await connect(props);
+        const checkResult = await exec(client, `test -f /usr/local/bin/update-${props.name} && echo "exists" || echo "not_found"`);
+        if (checkResult.stdout.trim() !== "exists") {
+          throw new Error(`Update script for '${props.name}' not found. Run 'provisor app' first.`);
+        }
+        const result = await exec(client, `sudo /usr/local/bin/update-${props.name} 2>&1`);
+        setOutput(result.stdout.trim().split("\n"));
+        setStatus("success");
+        disconnect(client);
+        setTimeout(() => exit(), 100);
+      } catch (err) {
+        setStatus("error");
+        setError(err instanceof Error ? err.message : String(err));
+        setTimeout(() => exit(), 100);
+      }
+    };
+    run();
+  }, []);
+  return /* @__PURE__ */ jsxs8(Box8, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx8(Header, { title: "Deploy Application", subtitle: `App: ${props.name} | Host: ${props.host}` }),
+    /* @__PURE__ */ jsx8(Task, { label: `Deploying ${props.name}`, status }),
+    output.length > 0 && /* @__PURE__ */ jsx8(Box8, { marginTop: 1, flexDirection: "column", children: output.map((line, i) => /* @__PURE__ */ jsx8(Text8, { color: "gray", children: line }, i)) }),
+    error && /* @__PURE__ */ jsx8(Box8, { marginTop: 1, children: /* @__PURE__ */ jsxs8(Text8, { color: "red", children: [
+      "Error: ",
+      error
+    ] }) }),
+    status === "success" && /* @__PURE__ */ jsx8(Box8, { marginTop: 1, children: /* @__PURE__ */ jsx8(Text8, { color: "green", bold: true, children: "\u2713 Deployment complete" }) })
+  ] });
+}
+
+// src/commands/config.tsx
+import { useState as useState7, useEffect as useEffect6 } from "react";
+import { Box as Box9, Text as Text9, useApp as useApp6 } from "ink";
+import SelectInput2 from "ink-select-input";
+import TextInput2 from "ink-text-input";
+import { jsx as jsx9, jsxs as jsxs9 } from "react/jsx-runtime";
+var SCRIPTS3 = {
+  // Read current config
+  getConfig: (name) => `
+    CONFIG_FILE="/var/www/${name}/.provisor.json"
+    if [ -f "$CONFIG_FILE" ]; then
+      sudo cat "$CONFIG_FILE"
+    else
+      # Try to construct from git info
+      APP_DIR="/var/www/${name}"
+      if [ -d "$APP_DIR/.git" ]; then
+        cd "$APP_DIR"
+        REPO=$(git remote get-url origin 2>/dev/null || echo "")
+        BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "main")
+        echo '{"repo":"'"$REPO"'","branch":"'"$BRANCH"'","webhookEnabled":false,"webhookPort":0}'
+      else
+        echo '{"error":"App not found or not a git repository"}'
+      fi
+    fi
+  `,
+  // Save config
+  saveConfig: (name, config) => `
+    CONFIG_FILE="/var/www/${name}/.provisor.json"
+    echo '${config}' > "$CONFIG_FILE"
+    chmod 600 "$CONFIG_FILE"
+  `,
+  // Update repository URL
+  updateRepo: (name, repoUrl, user) => `
+    APP_DIR="/var/www/${name}"
+    cd "$APP_DIR"
+    sudo -u ${user} git remote set-url origin "${repoUrl}"
+    echo "repo-updated"
+  `,
+  // Update branch
+  updateBranch: (name, branch, user) => `
+    APP_DIR="/var/www/${name}"
+    cd "$APP_DIR"
+
+    # Fetch all branches
+    sudo -u ${user} git fetch origin
+
+    # Switch to new branch
+    sudo -u ${user} git checkout ${branch} 2>/dev/null || sudo -u ${user} git checkout -b ${branch} origin/${branch}
+    sudo -u ${user} git reset --hard origin/${branch}
+
+    # Update the update script with new branch
+    UPDATE_SCRIPT="/usr/local/bin/update-${name}"
+    if [ -f "$UPDATE_SCRIPT" ]; then
+      sed -i 's/BRANCH=".*"/BRANCH="${branch}"/' "$UPDATE_SCRIPT"
+    fi
+
+    # Update webhook service if exists
+    WEBHOOK_SERVICE="/etc/systemd/system/webhook-${name}.service"
+    if [ -f "$WEBHOOK_SERVICE" ]; then
+      sed -i 's/--branch [^ ]*/--branch ${branch}/' "$WEBHOOK_SERVICE"
+      systemctl daemon-reload
+      systemctl restart webhook-${name} 2>/dev/null || true
+    fi
+
+    echo "branch-updated"
+  `,
+  // Generate new deploy key
+  generateNewKey: (name, user) => `
+    SSH_DIR="/home/${user}/.ssh"
+    KEY_FILE="$SSH_DIR/deploy_${name}"
+
+    # Backup old key if exists
+    if [ -f "$KEY_FILE" ]; then
+      mv "$KEY_FILE" "$KEY_FILE.old.$(date +%s)"
+      mv "$KEY_FILE.pub" "$KEY_FILE.pub.old.$(date +%s)"
+    fi
+
+    # Generate new key
+    ssh-keygen -t ed25519 -f "$KEY_FILE" -N "" -C "deploy-key-${name}"
+
+    chown ${user}:${user} "$KEY_FILE" "$KEY_FILE.pub"
+    chmod 600 "$KEY_FILE"
+    chmod 644 "$KEY_FILE.pub"
+
+    cat "$KEY_FILE.pub"
+  `,
+  // Delete deploy key
+  deleteDeployKey: (name, user) => `
+    SSH_DIR="/home/${user}/.ssh"
+    KEY_FILE="$SSH_DIR/deploy_${name}"
+
+    if [ -f "$KEY_FILE" ]; then
+      rm -f "$KEY_FILE" "$KEY_FILE.pub"
+
+      # Remove from SSH config
+      if [ -f "$SSH_DIR/config" ]; then
+        sed -i "/# Deploy key for ${name}/,+4d" "$SSH_DIR/config"
+      fi
+
+      echo "key-deleted"
+    else
+      echo "key-not-found"
+    fi
+  `,
+  // Get current deploy key
+  getDeployKey: (name, user) => `
+    KEY_FILE="/home/${user}/.ssh/deploy_${name}.pub"
+    if [ -f "$KEY_FILE" ]; then
+      cat "$KEY_FILE"
+    else
+      echo ""
+    fi
+  `,
+  // Update webhook secret
+  updateWebhookSecret: (name, secret) => `
+    WEBHOOK_SERVICE="/etc/systemd/system/webhook-${name}.service"
+    if [ -f "$WEBHOOK_SERVICE" ]; then
+      sed -i "s/--secret '[^']*'/--secret '${secret}'/" "$WEBHOOK_SERVICE"
+      systemctl daemon-reload
+      systemctl restart webhook-${name}
+      echo "webhook-secret-updated"
+    else
+      echo "webhook-not-configured"
+    fi
+  `,
+  // Disable webhook
+  disableWebhook: (name) => `
+    systemctl stop webhook-${name} 2>/dev/null || true
+    systemctl disable webhook-${name} 2>/dev/null || true
+    rm -f /etc/systemd/system/webhook-${name}.service
+    systemctl daemon-reload
+    echo "webhook-disabled"
+  `,
+  // Get webhook status
+  getWebhookStatus: (name) => `
+    if systemctl is-active --quiet webhook-${name} 2>/dev/null; then
+      PORT=$(grep -oP '\\-\\-port \\K[0-9]+' /etc/systemd/system/webhook-${name}.service 2>/dev/null || echo "")
+      echo "running:$PORT"
+    else
+      echo "stopped"
+    fi
+  `,
+  // Get polling status (supports both systemd and daemon modes)
+  getPollingStatus: (name) => `
+    # Check systemd timer first
+    if systemctl is-active --quiet poll-${name}.timer 2>/dev/null; then
+      INTERVAL=$(grep -oP 'OnUnitActiveSec=\\\\K[0-9]+' /etc/systemd/system/poll-${name}.timer 2>/dev/null || echo "10")
+      echo "running:$INTERVAL:systemd"
+    # Check daemon mode (PID file) - use ps -p instead of kill -0 (no permission issues)
+    elif [ -f /var/run/poll-${name}.pid ] && ps -p $(cat /var/run/poll-${name}.pid) > /dev/null 2>&1; then
+      INTERVAL=$(grep -oP 'INTERVAL=\\K[0-9]+' /usr/local/bin/poll-${name}-daemon.sh 2>/dev/null || echo "10")
+      echo "running:$INTERVAL:daemon"
+    else
+      echo "stopped"
+    fi
+  `,
+  // Update polling interval (supports both systemd and daemon modes)
+  updatePollingInterval: (name, interval) => `
+    TIMER_FILE="/etc/systemd/system/poll-${name}.timer"
+    DAEMON_FILE="/usr/local/bin/poll-${name}-daemon.sh"
+    
+    if [ -f "$TIMER_FILE" ]; then
+      # Systemd mode
+      sed -i "s/OnUnitActiveSec=[0-9]*s/OnUnitActiveSec=${interval}s/" "$TIMER_FILE"
+      systemctl daemon-reload
+      systemctl restart poll-${name}.timer
+      echo "polling-interval-updated:${interval}:systemd"
+    elif [ -f "$DAEMON_FILE" ]; then
+      # Daemon mode - update interval and restart (all as root)
+      sudo sed -i "s/INTERVAL=[0-9]*/INTERVAL=${interval}/" "$DAEMON_FILE"
+      
+      # Restart daemon (use sudo bash -c for proper backgrounding)
+      if [ -f /var/run/poll-${name}.pid ]; then
+        sudo kill $(cat /var/run/poll-${name}.pid) 2>/dev/null || true
+        sleep 1
+      fi
+      sudo bash -c 'nohup /usr/local/bin/poll-${name}-daemon.sh > /dev/null 2>&1 &'
+      echo "polling-interval-updated:${interval}:daemon"
+    else
+      echo "polling-not-configured"
+    fi
+  `,
+  // Enable polling (supports both systemd and daemon modes)
+  enablePolling: (name, branch, user, interval) => `
+    # Check if systemd is available
+    if pidof systemd > /dev/null 2>&1 || [ "$(cat /proc/1/comm 2>/dev/null)" = "systemd" ]; then
+      # SYSTEMD MODE
+      if [ -f "/etc/systemd/system/poll-${name}.timer" ]; then
+        systemctl enable poll-${name}.timer
+        systemctl start poll-${name}.timer
+        echo "polling-enabled:systemd"
+      else
+        # Create from scratch (same as app.tsx)
+        cat << 'POLLING_EOF' > /usr/local/bin/poll-${name}.sh
+#!/bin/bash
+set -e
+APP_DIR="/var/www/${name}"
+BRANCH="${branch}"
+USER="${user}"
+LOCK_FILE="/tmp/poll-${name}.lock"
+exec 200>"$LOCK_FILE"
+flock -n 200 || exit 0
+cd "$APP_DIR"
+sudo -u $USER git fetch origin "$BRANCH" --quiet 2>/dev/null
+LOCAL=$(git rev-parse HEAD)
+REMOTE=$(git rev-parse "origin/$BRANCH")
+if [ "$LOCAL" != "$REMOTE" ]; then
+    echo "[$(date -Iseconds)] New commit detected: $REMOTE"
+    sudo /usr/local/bin/update-${name}
+else
+    echo "[$(date -Iseconds)] No changes"
+fi
+POLLING_EOF
+        chmod +x /usr/local/bin/poll-${name}.sh
+
+        cat << SERVICE_EOF > /etc/systemd/system/poll-${name}.service
+[Unit]
+Description=Git polling service for ${name}
+After=network.target
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/poll-${name}.sh
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=poll-${name}
+SERVICE_EOF
+
+        cat << TIMER_EOF > /etc/systemd/system/poll-${name}.timer
+[Unit]
+Description=Run git polling for ${name} every ${interval} seconds
+[Timer]
+OnBootSec=30
+OnUnitActiveSec=${interval}s
+AccuracySec=1s
+[Install]
+WantedBy=timers.target
+TIMER_EOF
+
+        systemctl daemon-reload
+        systemctl enable poll-${name}.timer
+        systemctl start poll-${name}.timer
+        echo "polling-created:systemd"
+      fi
+    else
+      # DAEMON MODE (Docker/non-systemd)
+      if [ -f /var/run/poll-${name}.pid ] && kill -0 $(cat /var/run/poll-${name}.pid) 2>/dev/null; then
+        echo "polling-already-running:daemon"
+      else
+        # Create poll script if not exists
+        if [ ! -f /usr/local/bin/poll-${name}.sh ]; then
+          cat << 'POLLING_EOF' > /usr/local/bin/poll-${name}.sh
+#!/bin/bash
+set -e
+APP_DIR="/var/www/${name}"
+BRANCH="${branch}"
+USER="${user}"
+LOCK_FILE="/tmp/poll-${name}.lock"
+exec 200>"$LOCK_FILE"
+flock -n 200 || exit 0
+cd "$APP_DIR"
+sudo -u $USER git fetch origin "$BRANCH" --quiet 2>/dev/null
+LOCAL=$(git rev-parse HEAD)
+REMOTE=$(git rev-parse "origin/$BRANCH")
+if [ "$LOCAL" != "$REMOTE" ]; then
+    echo "[$(date -Iseconds)] New commit detected: $REMOTE"
+    sudo /usr/local/bin/update-${name}
+else
+    echo "[$(date -Iseconds)] No changes"
+fi
+POLLING_EOF
+          chmod +x /usr/local/bin/poll-${name}.sh
+        fi
+
+        # Create daemon script
+        cat << DAEMON_EOF > /usr/local/bin/poll-${name}-daemon.sh
+#!/bin/bash
+LOG_FILE="/var/log/poll-${name}.log"
+PID_FILE="/var/run/poll-${name}.pid"
+INTERVAL=${interval}
+echo $$ > "$PID_FILE"
+echo "[$(date -Iseconds)] Polling daemon started (every ${interval}s)" >> "$LOG_FILE"
+while true; do
+    /usr/local/bin/poll-${name}.sh >> "$LOG_FILE" 2>&1
+    sleep $INTERVAL
+done
+DAEMON_EOF
+        chmod +x /usr/local/bin/poll-${name}-daemon.sh
+
+        mkdir -p /var/log
+        touch /var/log/poll-${name}.log
+        nohup /usr/local/bin/poll-${name}-daemon.sh > /dev/null 2>&1 &
+        echo "polling-created:daemon"
+      fi
+    fi
+  `,
+  // Disable polling (supports both systemd and daemon modes)
+  disablePolling: (name) => `
+    # Stop systemd timer if exists
+    systemctl stop poll-${name}.timer 2>/dev/null || true
+    systemctl disable poll-${name}.timer 2>/dev/null || true
+    rm -f /etc/systemd/system/poll-${name}.timer
+    rm -f /etc/systemd/system/poll-${name}.service
+    systemctl daemon-reload 2>/dev/null || true
+    
+    # Stop daemon if running (use sudo since daemon runs as root)
+    if [ -f /var/run/poll-${name}.pid ]; then
+      sudo kill $(cat /var/run/poll-${name}.pid) 2>/dev/null || true
+      rm -f /var/run/poll-${name}.pid
+    fi
+    
+    # Clean up all polling files
+    rm -f /usr/local/bin/poll-${name}.sh
+    rm -f /usr/local/bin/poll-${name}-daemon.sh
+    
+    echo "polling-disabled"
+  `
+};
+var configActions = [
+  { label: "Show current configuration", value: "show" },
+  { label: "Change repository URL", value: "repo" },
+  { label: "Change deploy branch", value: "branch" },
+  { label: "Generate new deploy key", value: "new-key" },
+  { label: "Delete deploy key", value: "delete-key" },
+  { label: "Update webhook secret", value: "webhook-secret" },
+  { label: "Disable webhook", value: "disable-webhook" },
+  { label: "Change polling interval", value: "polling-interval" },
+  { label: "Enable git polling", value: "enable-polling" },
+  { label: "Disable git polling", value: "disable-polling" }
+];
+function ConfigCommand(props) {
+  const { exit } = useApp6();
+  const [client, setClient] = useState7(null);
+  const [status, setStatus] = useState7("pending");
+  const [error, setError] = useState7(null);
+  const [output, setOutput] = useState7([]);
+  const [selectingAction, setSelectingAction] = useState7(false);
+  const [action, setAction] = useState7(null);
+  const [enteringValue, setEnteringValue] = useState7(false);
+  const [inputValue, setInputValue] = useState7("");
+  const [inputLabel, setInputLabel] = useState7("");
+  const [config, setConfig] = useState7(null);
+  const [deployKey, setDeployKey] = useState7(null);
+  const [webhookStatus, setWebhookStatus] = useState7("");
+  useEffect6(() => {
+    if (props.show) setAction("show");
+    else if (props.repo) {
+      setAction("repo");
+      setInputValue(props.repo);
+    } else if (props.branch) {
+      setAction("branch");
+      setInputValue(props.branch);
+    } else if (props.newKey) setAction("new-key");
+    else if (props.deleteKey) setAction("delete-key");
+    else if (props.webhookSecret) {
+      setAction("webhook-secret");
+      setInputValue(props.webhookSecret);
+    } else if (props.disableWebhook) setAction("disable-webhook");
+    else if (props.pollingInterval) {
+      setAction("polling-interval");
+      setInputValue(String(props.pollingInterval));
+    } else if (props.enablePolling) setAction("enable-polling");
+    else if (props.disablePolling) setAction("disable-polling");
+  }, []);
+  useEffect6(() => {
+    const run = async () => {
+      setStatus("running");
+      try {
+        const sshClient = await connect(props);
+        setClient(sshClient);
+        setStatus("success");
+      } catch (err) {
+        setStatus("error");
+        setError(`Connection failed: ${err instanceof Error ? err.message : err}`);
+      }
+    };
+    run();
+  }, []);
+  useEffect6(() => {
+    if (status === "success" && action === null && !selectingAction) {
+      setSelectingAction(true);
+    }
+  }, [status, action]);
+  const handleActionSelect = (item) => {
+    setSelectingAction(false);
+    const selectedAction = item.value;
+    setAction(selectedAction);
+    if (selectedAction === "repo") {
+      setInputLabel("Enter new repository URL:");
+      setEnteringValue(true);
+    } else if (selectedAction === "branch") {
+      setInputLabel("Enter new branch name:");
+      setEnteringValue(true);
+    } else if (selectedAction === "webhook-secret") {
+      setInputLabel("Enter new webhook secret:");
+      setEnteringValue(true);
+    } else if (selectedAction === "polling-interval") {
+      setInputLabel("Enter polling interval in seconds (e.g., 10, 30, 60):");
+      setEnteringValue(true);
+    }
+  };
+  const handleInputSubmit = (value) => {
+    setInputValue(value);
+    setEnteringValue(false);
+  };
+  useEffect6(() => {
+    if (!client || action === null || enteringValue) return;
+    if ((action === "repo" || action === "branch" || action === "webhook-secret" || action === "polling-interval") && !inputValue) return;
+    const run = async () => {
+      try {
+        const user = props.user || "deploy";
+        const lines = [];
+        switch (action) {
+          case "show": {
+            const configResult = await exec(client, SCRIPTS3.getConfig(props.name));
+            const configData = JSON.parse(configResult.stdout.trim());
+            if (configData.error) {
+              setError(configData.error);
+              return;
+            }
+            const keyResult = await exec(client, SCRIPTS3.getDeployKey(props.name, user));
+            const webhookResult = await exec(client, SCRIPTS3.getWebhookStatus(props.name));
+            const pollingResult = await exec(client, SCRIPTS3.getPollingStatus(props.name));
+            lines.push(`Repository: ${configData.repo || "Not configured"}`);
+            lines.push(`Branch: ${configData.branch || "main"}`);
+            lines.push(`Deploy Key: ${keyResult.stdout.trim() ? "Configured" : "Not configured"}`);
+            const webhookStatusStr = webhookResult.stdout.trim();
+            if (webhookStatusStr.startsWith("running:")) {
+              const port = webhookStatusStr.split(":")[1];
+              lines.push(`Webhook: Running on port ${port}`);
+            } else {
+              lines.push("Webhook: Not configured");
+            }
+            const pollingStatusStr = pollingResult.stdout.trim();
+            if (pollingStatusStr.startsWith("running:")) {
+              const parts = pollingStatusStr.split(":");
+              const interval = parts[1];
+              const mode = parts[2] || "systemd";
+              lines.push(`Git Polling: Running (every ${interval}s, ${mode} mode)`);
+            } else {
+              lines.push("Git Polling: Not configured");
+            }
+            if (keyResult.stdout.trim()) {
+              lines.push("");
+              lines.push("Public Key:");
+              lines.push(keyResult.stdout.trim());
+            }
+            break;
+          }
+          case "repo": {
+            await execScript(client, SCRIPTS3.updateRepo(props.name, inputValue, user), true);
+            lines.push(`Repository updated to: ${inputValue}`);
+            break;
+          }
+          case "branch": {
+            await execScript(client, SCRIPTS3.updateBranch(props.name, inputValue, user), true);
+            lines.push(`Branch updated to: ${inputValue}`);
+            lines.push("Run update command to deploy from new branch.");
+            break;
+          }
+          case "new-key": {
+            const result = await execScript(client, SCRIPTS3.generateNewKey(props.name, user), true);
+            lines.push("New deploy key generated:");
+            lines.push("");
+            lines.push(result.stdout.trim());
+            lines.push("");
+            lines.push("Add this key to your repository settings.");
+            lines.push("Remember to remove the old key if it was configured.");
+            break;
+          }
+          case "delete-key": {
+            const result = await execScript(client, SCRIPTS3.deleteDeployKey(props.name, user), true);
+            if (result.stdout.includes("key-deleted")) {
+              lines.push("Deploy key deleted successfully.");
+              lines.push("Remember to remove it from your repository settings too.");
+            } else {
+              lines.push("No deploy key found for this app.");
+            }
+            break;
+          }
+          case "webhook-secret": {
+            const result = await execScript(client, SCRIPTS3.updateWebhookSecret(props.name, inputValue), true);
+            if (result.stdout.includes("webhook-secret-updated")) {
+              lines.push("Webhook secret updated.");
+              lines.push("Update the secret in your repository webhook settings too.");
+            } else {
+              lines.push("Webhook not configured for this app.");
+            }
+            break;
+          }
+          case "disable-webhook": {
+            await execScript(client, SCRIPTS3.disableWebhook(props.name), true);
+            lines.push("Webhook disabled.");
+            break;
+          }
+          case "polling-interval": {
+            const interval = parseInt(inputValue, 10);
+            if (isNaN(interval) || interval < 1) {
+              setError("Invalid interval. Please enter a number >= 1.");
+              return;
+            }
+            const result = await execScript(client, SCRIPTS3.updatePollingInterval(props.name, interval), true);
+            if (result.stdout.includes("polling-interval-updated")) {
+              lines.push(`Polling interval updated to ${interval} seconds.`);
+            } else {
+              lines.push("Git polling not configured for this app.");
+              lines.push('Use "Enable git polling" to set it up first.');
+            }
+            break;
+          }
+          case "enable-polling": {
+            const configResult = await exec(client, SCRIPTS3.getConfig(props.name));
+            const configData = JSON.parse(configResult.stdout.trim());
+            const branch = configData.branch || "main";
+            const interval = 10;
+            const result = await execScript(client, SCRIPTS3.enablePolling(props.name, branch, user, interval), true);
+            if (result.stdout.includes("polling-enabled")) {
+              lines.push("Git polling re-enabled.");
+              lines.push(`Checking for updates every ${interval} seconds.`);
+            } else if (result.stdout.includes("polling-created")) {
+              lines.push("Git polling enabled.");
+              lines.push(`Checking for updates every ${interval} seconds.`);
+            }
+            lines.push("");
+            lines.push(`View logs: journalctl -u poll-${props.name} -f`);
+            break;
+          }
+          case "disable-polling": {
+            await execScript(client, SCRIPTS3.disablePolling(props.name), true);
+            lines.push("Git polling disabled.");
+            break;
+          }
+        }
+        setOutput(lines);
+        disconnect(client);
+        setTimeout(() => exit(), 100);
+      } catch (err) {
+        setError(`Operation failed: ${err instanceof Error ? err.message : err}`);
+        if (client) disconnect(client);
+        setTimeout(() => exit(), 100);
+      }
+    };
+    run();
+  }, [client, action, inputValue, enteringValue]);
+  return /* @__PURE__ */ jsxs9(Box9, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx9(Header, { title: "App Configuration", subtitle: `App: ${props.name} | Host: ${props.host}` }),
+    /* @__PURE__ */ jsx9(Task, { label: "Connect to server", status }),
+    selectingAction && action === null && /* @__PURE__ */ jsxs9(Box9, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx9(Text9, { bold: true, children: "Select action:" }),
+      /* @__PURE__ */ jsx9(SelectInput2, { items: configActions, onSelect: handleActionSelect })
+    ] }),
+    enteringValue && /* @__PURE__ */ jsxs9(Box9, { marginTop: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx9(Text9, { bold: true, children: inputLabel }),
+      /* @__PURE__ */ jsxs9(Box9, { children: [
+        /* @__PURE__ */ jsx9(Text9, { color: "cyan", children: "> " }),
+        /* @__PURE__ */ jsx9(TextInput2, { value: inputValue, onChange: setInputValue, onSubmit: handleInputSubmit })
+      ] })
+    ] }),
+    output.length > 0 && /* @__PURE__ */ jsx9(Box9, { marginTop: 1, flexDirection: "column", children: output.map((line, i) => /* @__PURE__ */ jsx9(Text9, { color: line.startsWith("ssh-") ? "cyan" : "white", children: line }, i)) }),
+    error && /* @__PURE__ */ jsx9(Box9, { marginTop: 1, children: /* @__PURE__ */ jsxs9(Text9, { color: "red", children: [
+      "Error: ",
+      error
+    ] }) })
+  ] });
+}
+
+// src/cli.tsx
+import { jsx as jsx10 } from "react/jsx-runtime";
+program.name("provisor").description("Server provisioning and deployment CLI").version("0.1.0");
+program.command("init").description("Initialize server with user, SSH, and firewall setup").requiredOption("-h, --host <host>", "Server hostname or IP").option("-u, --user <user>", "Username to create", "deploy").option("-k, --key <path>", "Path to SSH private key for root access").option("-p, --port <port>", "SSH port", "22").action((options) => {
+  render(/* @__PURE__ */ jsx10(InitCommand, { ...options }));
+});
+program.command("app").description("Provision application (Caddy, Node.js, Git deploy)").requiredOption("-h, --host <host>", "Server hostname or IP").option("-u, --user <user>", "Username to connect as", "deploy").option("-k, --key <path>", "Path to SSH private key").option("-p, --port <port>", "SSH port", "22").option("-b, --branch <branch>", "Deploy branch", "main").option("-n, --name <name>", "Application name", "app").option("-r, --repo <url>", "Clone from repository URL (GitHub, GitLab, etc.)").action((options) => {
+  render(/* @__PURE__ */ jsx10(AppCommand, { ...options }));
+});
+program.command("ssh-key").description("Manage SSH keys on the server").requiredOption("-h, --host <host>", "Server hostname or IP").option("-u, --user <user>", "Username to connect as", "deploy").option("-k, --key <path>", "Path to SSH private key").option("-p, --port <port>", "SSH port", "22").option("--add <pubkey>", "Add a new public key").option("--list", "List authorized keys").action((options) => {
+  render(/* @__PURE__ */ jsx10(SshKeyCommand, { ...options }));
+});
+program.command("status").description("Check server status and services").requiredOption("-h, --host <host>", "Server hostname or IP").option("-u, --user <user>", "Username to connect as", "deploy").option("-k, --key <path>", "Path to SSH private key").option("-p, --port <port>", "SSH port", "22").action((options) => {
+  render(/* @__PURE__ */ jsx10(StatusCommand, { ...options }));
+});
+program.command("deploy").description("Trigger deployment for an application").requiredOption("-h, --host <host>", "Server hostname or IP").requiredOption("-n, --name <name>", "Application name").option("-u, --user <user>", "Username to connect as", "deploy").option("-k, --key <path>", "Path to SSH private key").option("-p, --port <port>", "SSH port", "22").action((options) => {
+  render(/* @__PURE__ */ jsx10(DeployCommand, { ...options }));
+});
+program.command("config").description("Manage application configuration").requiredOption("-h, --host <host>", "Server hostname or IP").requiredOption("-n, --name <name>", "Application name").option("-u, --user <user>", "Username to connect as", "deploy").option("-k, --key <path>", "Path to SSH private key").option("-p, --port <port>", "SSH port", "22").option("--show", "Show current configuration").option("--repo <url>", "Change repository URL").option("--branch <branch>", "Change deploy branch").option("--new-key", "Generate new deploy key").option("--delete-key", "Delete deploy key").option("--webhook-secret <secret>", "Update webhook secret").option("--disable-webhook", "Disable webhook").option("--polling-interval <seconds>", "Set git polling interval in seconds", parseInt).option("--enable-polling", "Enable git polling for auto-deploy").option("--disable-polling", "Disable git polling").action((options) => {
+  render(/* @__PURE__ */ jsx10(ConfigCommand, { ...options }));
+});
+program.parse();
+//# sourceMappingURL=cli.js.map