@kakuzu_aon/apkz 1.0.0

package/src/commands/sign.js

@@ -0,0 +1,169 @@
+// ────────────[ KAKUZU ]────────────────────────────
+// | Discord  : kakuzu_aon
+// | Telegram : kakuzu_aon
+// | Github   : kakuzu-aon
+// | File     : sign.js
+// | License  : MIT License © 2026 Kakuzu
+// | Brief    : APK signing command implementation
+// ────────────────★─────────────────────────────────
+
+const { Command } = require('commander');
+const chalk = require('chalk').default;
+const { default: ora } = require('ora');
+const fs = require('fs-extra');
+const path = require('path');
+const { exec } = require('child_process');
+const util = require('util');
+const execPromise = util.promisify(exec);
+
+const signCommand = new Command('sign')
+    .description('Sign APK with keystore')
+    .argument('<apk-file>', 'APK file to sign')
+    .option('-k, --keystore <path>', 'Path to keystore file')
+    .option('-a, --alias <alias>', 'Keystore alias')
+    .option('-p, --password <password>', 'Keystore password')
+    .option('-o, --output <file>', 'Output signed APK file')
+    .option('--debug', 'Create debug keystore and sign')
+    .action(async (apkFile, options) => {
+        let spinner;
+        try {
+            if (!fs.existsSync(apkFile)) {
+                console.error(chalk.red(`🔴 Error: APK file not found: ${apkFile}`));
+                process.exit(1);
+            }
+
+            spinner = ora('🔐 Signing APK...').start();
+            
+            await signAPK(apkFile, options);
+            
+            spinner.succeed('APK signed successfully!');
+            
+        } catch (error) {
+            if (spinner) spinner.fail('Signing failed');
+            console.error(chalk.red('🔴 Error:'), error.message);
+            process.exit(1);
+        }
+    });
+
+async function signAPK(apkPath, options) {
+    const resolvedApkPath = path.resolve(apkPath);
+    let signedApkPath;
+    
+    if (options.output) {
+        signedApkPath = path.resolve(options.output);
+    } else {
+        const parsed = path.parse(apkPath);
+        signedApkPath = path.join(parsed.dir, `${parsed.name}-signed${parsed.ext}`);
+    }
+    
+    if (options.debug) {
+        // Create debug keystore and sign
+        await signWithDebugKeystore(resolvedApkPath, signedApkPath);
+    } else {
+        // Sign with provided keystore
+        await signWithKeystore(resolvedApkPath, signedApkPath, options);
+    }
+    
+    console.log(chalk.green(`✅ Signed APK saved to: ${signedApkPath}`));
+    
+    // Verify signature
+    await verifySignature(signedApkPath);
+}
+
+async function signWithDebugKeystore(apkPath, outputPath) {
+    console.log(chalk.blue('🔧 Creating debug keystore...'));
+    
+    const debugKeystore = path.join(path.dirname(apkPath), 'debug.keystore');
+    
+    // Create debug keystore if it doesn't exist
+    if (!fs.existsSync(debugKeystore)) {
+        try {
+            await execPromise(`keytool -genkey -v -keystore "${debugKeystore}" -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Debug,O=Android,C=US"`);
+            console.log(chalk.green('✅ Debug keystore created'));
+        } catch (error) {
+            throw new Error(`Failed to create debug keystore: ${error.message}`);
+        }
+    }
+    
+    // Sign with debug keystore
+    try {
+        await execPromise(`jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore "${debugKeystore}" -storepass android -keypass android "${apkPath}" androiddebugkey`);
+        
+        // Copy to output path if different
+        if (outputPath !== apkPath) {
+            await fs.copy(apkPath, outputPath);
+        }
+        
+        console.log(chalk.green('✅ APK signed with debug keystore'));
+    } catch (error) {
+        throw new Error(`Failed to sign APK: ${error.message}`);
+    }
+}
+
+async function signWithKeystore(apkPath, outputPath, options) {
+    if (!options.keystore) {
+        throw new Error('Keystore path is required for signing');
+    }
+    
+    if (!fs.existsSync(options.keystore)) {
+        throw new Error(`Keystore not found: ${options.keystore}`);
+    }
+    
+    if (!options.alias) {
+        throw new Error('Keystore alias is required');
+    }
+    
+    const keystorePath = path.resolve(options.keystore);
+    
+    try {
+        let signCommand = `jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore "${keystorePath}"`;
+        
+        if (options.password) {
+            signCommand += ` -storepass "${options.password}"`;
+        }
+        
+        signCommand += ` "${apkPath}" "${options.alias}"`;
+        
+        await execPromise(signCommand);
+        
+        // Copy to output path if different
+        if (outputPath !== apkPath) {
+            await fs.copy(apkPath, outputPath);
+        }
+        
+        console.log(chalk.green(`✅ APK signed with keystore: ${options.keystore}`));
+    } catch (error) {
+        throw new Error(`Failed to sign APK: ${error.message}`);
+    }
+}
+
+async function verifySignature(apkPath) {
+    try {
+        console.log(chalk.blue('🔍 Verifying signature...'));
+        
+        const { stdout } = await execPromise(`jarsigner -verify -verbose "${apkPath}"`);
+        
+        if (stdout.includes('jar verified')) {
+            console.log(chalk.green('✅ APK signature verified successfully'));
+        } else {
+            console.log(chalk.yellow('⚠️  APK signature verification returned warnings'));
+            console.log(chalk.gray(stdout));
+        }
+    } catch (error) {
+        console.log(chalk.yellow('⚠️  Could not verify signature:'));
+        console.log(chalk.gray(error.message));
+    }
+}
+
+// Check if required tools are available
+async function checkSigningTools() {
+    try {
+        await execPromise('jarsigner -help');
+        await execPromise('keytool -help');
+        return true;
+    } catch (error) {
+        return false;
+    }
+}
+
+module.exports = signCommand;

package/src/commands/vulnerability-scan.js

@@ -0,0 +1,404 @@
+// ────────────[ KAKUZU ]────────────────────────────
+// | Discord  : kakuzu_aon
+// | Telegram : kakuzu_aon
+// | Github   : kakuzu-aon
+// | File     : vulnerability-scan.js
+// | License  : MIT License © 2026 Kakuzu
+// | Brief    : APK vulnerability scanning command
+// ────────────────★─────────────────────────────────
+
+const { Command } = require('commander');
+const chalk = require('chalk').default;
+const { default: ora } = require('ora');
+const fs = require('fs-extra');
+const path = require('path');
+const VulnerabilityScanner = require('../utils/vulnerability-scanner');
+const ObfuscationDetector = require('../utils/obfuscation-detector');
+
+const vulnScanCommand = new Command('vuln-scan')
+    .description('Comprehensive vulnerability and security scan')
+    .argument('<apk-file>', 'APK file to scan')
+    .option('-d, --decode-dir <dir>', 'Use existing decoded directory')
+    .option('-o, --output <file>', 'Save scan report to file')
+    .option('-f, --format <format>', 'Report format (json, html, csv)', 'json')
+    .option('--obfuscation', 'Include obfuscation analysis')
+    .option('--deep', 'Perform deep analysis (slower)')
+    .option('--severity <level>', 'Minimum severity level (low, medium, high, critical)', 'low')
+    .action(async (apkFile, options) => {
+        let spinner;
+        try {
+            if (!fs.existsSync(apkFile)) {
+                console.error(chalk.red(`🔴 Error: APK file not found: ${apkFile}`));
+                process.exit(1);
+            }
+
+            spinner = ora('🔍 Starting comprehensive security scan...').start();
+            
+            await performVulnerabilityScan(apkFile, options);
+            
+            spinner.succeed('Security scan completed!');
+            
+        } catch (error) {
+            if (spinner) spinner.fail('Security scan failed');
+            console.error(chalk.red('🔴 Error:'), error.message);
+            process.exit(1);
+        }
+    });
+
+async function performVulnerabilityScan(apkPath, options) {
+    let decodedPath;
+    const tempDir = path.join(path.dirname(apkPath), 'apkz_vuln_' + Date.now());
+    
+    try {
+        // Use existing decoded directory or decode APK
+        if (options.decodeDir && fs.existsSync(options.decodeDir)) {
+            decodedPath = path.resolve(options.decodeDir);
+            console.log(chalk.blue(`📁 Using existing decoded directory: ${decodedPath}`));
+        } else {
+            decodedPath = path.join(tempDir, 'decoded');
+            await decodeAPK(apkPath, decodedPath);
+        }
+
+        // Initialize scanners
+        const vulnScanner = new VulnerabilityScanner();
+        const obfDetector = new ObfuscationDetector();
+
+        // Perform vulnerability scan
+        const vulnSpinner = ora('🔍 Scanning for vulnerabilities...').start();
+        const vulnResults = await vulnScanner.scanAPK(decodedPath, options);
+        vulnSpinner.succeed('Vulnerability scan completed!');
+
+        // Perform obfuscation analysis if requested
+        let obfResults = null;
+        if (options.obfuscation) {
+            const obfSpinner = ora('🔍 Analyzing code obfuscation...').start();
+            obfResults = await obfDetector.analyzeObfuscation(decodedPath);
+            obfSpinner.succeed('Obfuscation analysis completed!');
+        }
+
+        // Display results
+        displayScanResults(vulnResults, obfResults, options);
+        
+        // Save report if requested
+        if (options.output) {
+            const reportData = obfResults ? 
+                { vulnerabilities: vulnResults, obfuscation: obfResults } : 
+                vulnResults;
+            
+            await saveReport(reportData, options.output, options.format);
+            console.log(chalk.green(`💾 Report saved to: ${options.output}`));
+        }
+        
+        // Show risk assessment
+        showRiskAssessment(vulnResults, obfResults);
+        
+    } finally {
+        // Cleanup temp directory if we created one
+        if (!options.decodeDir) {
+            await fs.remove(tempDir);
+        }
+    }
+}
+
+function displayScanResults(vulnResults, obfResults, options) {
+    console.log(chalk.bold('\n🔒 Security Scan Results'));
+    console.log(chalk.gray('─'.repeat(50)));
+
+    // Vulnerability Summary
+    console.log(chalk.bold('\n📊 Vulnerability Summary:'));
+    const vulnSummary = vulnResults.summary;
+    
+    // Risk score visualization
+    const riskScore = vulnSummary.riskScore;
+    let riskColor = chalk.green;
+    if (riskScore >= 70) riskColor = chalk.red;
+    else if (riskScore >= 40) riskColor = chalk.yellow;
+    
+    console.log(`Risk Score: ${riskColor(`${riskScore}/100`)}`);
+    
+    // Severity breakdown
+    const severities = ['critical', 'high', 'medium', 'low'];
+    severities.forEach(severity => {
+        const count = vulnSummary[severity];
+        if (count > 0) {
+            const color = getSeverityColor(severity);
+            console.log(`${color(`${severity.toUpperCase()}: ${count}`)}`);
+        }
+    });
+
+    // Top vulnerabilities
+    if (vulnSummary.total > 0) {
+        console.log(chalk.bold('\n🚨 Top Vulnerabilities:'));
+        const allVulns = [
+            ...vulnResults.vulnerabilities.critical,
+            ...vulnResults.vulnerabilities.high,
+            ...vulnResults.vulnerabilities.medium
+        ].slice(0, 5);
+        
+        allVulns.forEach((vuln, index) => {
+            const severity = vuln.severity.toUpperCase();
+            const color = getSeverityColor(vuln.severity);
+            console.log(`${index + 1}. ${color(`[${severity}]`)} ${vuln.name}`);
+            console.log(chalk.gray(`   File: ${vuln.file}`));
+            console.log(chalk.gray(`   CVSS: ${vuln.cvss}`));
+            console.log(chalk.gray(`   ${vuln.description.substring(0, 100)}${vuln.description.length > 100 ? '...' : ''}`));
+            console.log('');
+        });
+    }
+
+    // Obfuscation results
+    if (obfResults) {
+        console.log(chalk.bold('\n🔍 Obfuscation Analysis:'));
+        const obfLevel = obfResults.obfuscationLevel;
+        const obfScore = obfResults.overallScore;
+        
+        let obfColor = chalk.green;
+        if (obfLevel === 'none') obfColor = chalk.red;
+        else if (obfLevel === 'light') obfColor = chalk.yellow;
+        else if (obfLevel === 'heavy') obfColor = chalk.green;
+        
+        console.log(`Obfuscation Level: ${obfColor(obfLevel.toUpperCase())}`);
+        console.log(`Obfuscation Score: ${obfScore}%`);
+        console.log(`Confidence: ${obfResults.confidence}%`);
+        
+        if (obfResults.antiTampering.techniques.length > 0) {
+            console.log(chalk.blue('\n🛡️ Anti-Tampering Techniques:'));
+            obfResults.antiTampering.techniques.forEach(technique => {
+                console.log(chalk.gray(`  • ${technique}`));
+            });
+        }
+    }
+
+    // Compliance mapping
+    if (vulnResults.compliance.owaspTop10.length > 0) {
+        console.log(chalk.bold('\n📋 OWASP Top 10 Mapping:'));
+        vulnResults.compliance.owaspTop10.forEach(item => {
+            console.log(chalk.gray(`  • ${item}`));
+        });
+    }
+}
+
+function showRiskAssessment(vulnResults, obfResults) {
+    console.log(chalk.bold('\n🎯 Risk Assessment:'));
+    
+    const vulnScore = vulnResults.summary.riskScore;
+    const obfScore = obfResults ? obfResults.overallScore : 0;
+    
+    // Overall risk assessment
+    let overallRisk = 'low';
+    let riskColor = chalk.green;
+    
+    if (vulnScore >= 70 || (vulnScore >= 50 && obfScore < 50)) {
+        overallRisk = 'critical';
+        riskColor = chalk.red;
+    } else if (vulnScore >= 40 || (vulnScore >= 20 && obfScore < 70)) {
+        overallRisk = 'high';
+        riskColor = chalk.red;
+    } else if (vulnScore >= 20 || obfScore < 50) {
+        overallRisk = 'medium';
+        riskColor = chalk.yellow;
+    }
+    
+    console.log(`Overall Risk: ${riskColor(overallRisk.toUpperCase())}`);
+    
+    // Recommendations summary
+    if (vulnResults.recommendations.length > 0) {
+        console.log(chalk.bold('\n💡 Key Recommendations:'));
+        vulnResults.recommendations.slice(0, 3).forEach(rec => {
+            console.log(chalk.blue(`• ${rec.title}`));
+        });
+    }
+    
+    // Action items
+    console.log(chalk.bold('\n⚡ Immediate Actions Required:'));
+    const criticalVulns = vulnResults.vulnerabilities.critical.length + vulnResults.vulnerabilities.high.length;
+    
+    if (criticalVulns > 0) {
+        console.log(chalk.red(`🚨 Address ${criticalVulns} critical/high vulnerabilities immediately`));
+    } else {
+        console.log(chalk.green('✅ No critical vulnerabilities found'));
+    }
+    
+    if (obfResults && obfResults.obfuscationLevel === 'none') {
+        console.log(chalk.yellow('⚠️  Implement code obfuscation to protect against reverse engineering'));
+    }
+    
+    if (obfResults && obfResults.antiTampering.techniques.length === 0) {
+        console.log(chalk.yellow('⚠️  Add anti-tampering protection for production builds'));
+    }
+}
+
+function getSeverityColor(severity) {
+    switch (severity) {
+        case 'critical': return chalk.red;
+        case 'high': return chalk.red;
+        case 'medium': return chalk.yellow;
+        case 'low': return chalk.blue;
+        default: return chalk.gray;
+    }
+}
+
+async function saveReport(data, outputPath, format) {
+    await fs.ensureDir(path.dirname(outputPath));
+    
+    let content;
+    switch (format.toLowerCase()) {
+        case 'html':
+            content = generateHTMLReport(data);
+            break;
+        case 'csv':
+            content = generateCSVReport(data);
+            break;
+        default:
+            content = JSON.stringify(data, null, 2);
+    }
+    
+    await fs.writeFile(outputPath, content);
+}
+
+function generateHTMLReport(data) {
+    const vulnResults = data.vulnerabilities || data;
+    const obfResults = data.obfuscation;
+    
+    return `
+<!DOCTYPE html>
+<html>
+<head>
+    <title>APKZ Security Report</title>
+    <style>
+        body { font-family: Arial, sans-serif; margin: 20px; background: #f5f5f5; }
+        .container { max-width: 1200px; margin: 0 auto; background: white; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); }
+        .header { text-align: center; border-bottom: 2px solid #007bff; padding-bottom: 20px; margin-bottom: 30px; }
+        .risk-score { font-size: 48px; font-weight: bold; text-align: center; margin: 20px 0; }
+        .critical { color: #dc3545; }
+        .high { color: #fd7e14; }
+        .medium { color: #ffc107; }
+        .low { color: #28a745; }
+        .summary { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 20px; margin: 30px 0; }
+        .metric { background: #f8f9fa; padding: 20px; border-radius: 8px; text-align: center; }
+        .vulnerability { background: white; margin: 15px 0; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); border-left: 5px solid #007bff; }
+        .critical { border-left-color: #dc3545; }
+        .high { border-left-color: #fd7e14; }
+        .medium { border-left-color: #ffc107; }
+        .low { border-left-color: #28a745; }
+        .recommendation { background: #e7f3ff; padding: 15px; border-radius: 5px; margin: 10px 0; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>🔒 APKZ Security Report</h1>
+            <p>Generated: ${new Date().toISOString()}</p>
+        </div>
+        
+        <div class="risk-score ${getRiskLevel(vulnResults.summary.riskScore)}">
+            Risk Score: ${vulnResults.summary.riskScore}/100
+        </div>
+        
+        <div class="summary">
+            <div class="metric">
+                <h3>Critical</h3>
+                <p>${vulnResults.summary.critical}</p>
+            </div>
+            <div class="metric">
+                <h3>High</h3>
+                <p>${vulnResults.summary.high}</p>
+            </div>
+            <div class="metric">
+                <h3>Medium</h3>
+                <p>${vulnResults.summary.medium}</p>
+            </div>
+            <div class="metric">
+                <h3>Low</h3>
+                <p>${vulnResults.summary.low}</p>
+            </div>
+        </div>
+        
+        <h2>🚨 Vulnerabilities</h2>
+        ${generateVulnerabilitiesHTML(vulnResults.vulnerabilities)}
+        
+        ${obfResults ? `
+        <h2>🔍 Obfuscation Analysis</h2>
+        <div class="metric">
+            <h3>Obfuscation Level</h3>
+            <p>${obfResults.obfuscationLevel.toUpperCase()}</p>
+        </div>
+        <div class="metric">
+            <h3>Score</h3>
+            <p>${obfResults.overallScore}%</p>
+        </div>
+        ` : ''}
+        
+        <h2>💡 Recommendations</h2>
+        ${generateRecommendationsHTML(vulnResults.recommendations)}
+    </div>
+</body>
+</html>`;
+}
+
+function getRiskLevel(score) {
+    if (score >= 70) return 'critical';
+    if (score >= 40) return 'high';
+    if (score >= 20) return 'medium';
+    return 'low';
+}
+
+function generateVulnerabilitiesHTML(vulnerabilities) {
+    let html = '';
+    
+    for (const [severity, vulns] of Object.entries(vulnerabilities)) {
+        if (vulns.length === 0) continue;
+        
+        for (const vuln of vulns) {
+            html += `
+            <div class="vulnerability ${severity}">
+                <h3>${vuln.name}</h3>
+                <p><strong>Severity:</strong> ${severity.toUpperCase()}</p>
+                <p><strong>CVSS:</strong> ${vuln.cvss}</p>
+                <p><strong>File:</strong> ${vuln.file}</p>
+                <p><strong>Description:</strong> ${vuln.description}</p>
+                ${vuln.evidence ? `<p><strong>Evidence:</strong> <code>${vuln.evidence.join(', ')}</code></p>` : ''}
+            </div>`;
+        }
+    }
+    
+    return html;
+}
+
+function generateRecommendationsHTML(recommendations) {
+    let html = '';
+    
+    for (const rec of recommendations) {
+        html += `
+        <div class="recommendation">
+            <h3>${rec.title}</h3>
+            <p>${rec.description}</p>
+            <ul>
+                ${rec.actions.map(action => `<li>${action}</li>`).join('')}
+            </ul>
+        </div>`;
+    }
+    
+    return html;
+}
+
+function generateCSVReport(data) {
+    const vulnResults = data.vulnerabilities || data;
+    let csv = 'Severity,ID,Name,File,CVSS,Description\n';
+    
+    for (const [severity, vulns] of Object.entries(vulnResults.vulnerabilities)) {
+        for (const vuln of vulns) {
+            csv += `${severity},${vuln.id},"${vuln.name}","${vuln.file}",${vuln.cvss},"${vuln.description}"\n`;
+        }
+    }
+    
+    return csv;
+}
+
+async function decodeAPK(apkPath, outputDir) {
+    const AdmZip = require('adm-zip');
+    const zip = new AdmZip(apkPath);
+    zip.extractAllTo(outputDir, true);
+}
+
+module.exports = vulnScanCommand;

package/src/commands/web.js

@@ -0,0 +1,97 @@
+// ────────────[ KAKUZU ]────────────────────────────
+// | Discord  : kakuzu_aon
+// | Telegram : kakuzu_aon
+// | Github   : kakuzu-aon
+// | File     : web.js
+// | License  : MIT License © 2026 Kakuzu
+// | Brief    : Web interface command
+// ────────────────★─────────────────────────────────
+
+const { Command } = require('commander');
+const chalk = require('chalk').default;
+const { default: ora } = require('ora');
+const WebServer = require('../web/web-server');
+
+const webCommand = new Command('web')
+    .description('Start web interface for APK analysis')
+    .option('-p, --port <number>', 'Port for web server', '3000')
+    .option('--host <address>', 'Host address', 'localhost')
+    .option('--no-open', 'Do not open browser automatically')
+    .action(async (options) => {
+        try {
+            await startWebInterface(options);
+        } catch (error) {
+            console.error(chalk.red('🔴 Error:'), error.message);
+            process.exit(1);
+        }
+    });
+
+async function startWebInterface(options) {
+    const port = parseInt(options.port) || 3000;
+    const host = options.host || 'localhost';
+    
+    console.log(chalk.blue('🌐 Starting APKZ Web Interface...'));
+    
+    const webServer = new WebServer(port);
+    
+    try {
+        await webServer.start();
+        
+        // Display startup information
+        console.log(chalk.green('\n✅ Web server started successfully!'));
+        console.log(chalk.blue(`🌐 Local:   http://${host}:${port}`));
+        console.log(chalk.blue(`🌐 Network: http://0.0.0.0:${port}`));
+        
+        console.log(chalk.bold('\n📋 Available Features:'));
+        console.log(chalk.gray('  • Upload and analyze APK files'));
+        console.log(chalk.gray('  • Vulnerability scanning'));
+        console.log(chalk.gray('  • Obfuscation analysis'));
+        console.log(chalk.gray('  • Network analysis'));
+        console.log(chalk.gray('  • Real-time progress tracking'));
+        console.log(chalk.gray('  • Download reports (JSON, HTML, CSV)'));
+        console.log(chalk.gray('  • Batch processing support'));
+        
+        console.log(chalk.bold('\n🎮 API Endpoints:'));
+        console.log(chalk.gray('  • POST /api/upload - Upload APK'));
+        console.log(chalk.gray('  • POST /api/analyze - Start analysis'));
+        console.log(chalk.gray('  • GET  /api/results/:jobId - Get results'));
+        console.log(chalk.gray('  • GET  /api/jobs - List all jobs'));
+        console.log(chalk.gray('  • GET  /api/download/:jobId/:format - Download report'));
+        
+        // Open browser if not disabled
+        if (options.open !== false) {
+            const open = require('open');
+            try {
+                await open(`http://${host}:${port}`);
+                console.log(chalk.green('\n🌍 Browser opened automatically'));
+            } catch (error) {
+                console.log(chalk.yellow('\n⚠️  Could not open browser automatically'));
+                console.log(chalk.blue(`   Please open: http://${host}:${port}`));
+            }
+        }
+        
+        console.log(chalk.bold('\n🛑 Press Ctrl+C to stop the server'));
+        
+        // Handle graceful shutdown
+        process.on('SIGINT', async () => {
+            console.log(chalk.yellow('\n🛑 Shutting down web server...'));
+            await webServer.stop();
+            console.log(chalk.green('✅ Web server stopped'));
+            process.exit(0);
+        });
+        
+        // Keep process running
+        await new Promise(() => {});
+        
+    } catch (error) {
+        if (error.code === 'EADDRINUSE') {
+            console.error(chalk.red(`🔴 Port ${port} is already in use`));
+            console.error(chalk.yellow(`💡 Try a different port: apkz web -p ${port + 1}`));
+        } else {
+            console.error(chalk.red('🔴 Failed to start web server:'), error.message);
+        }
+        throw error;
+    }
+}
+
+module.exports = webCommand;