@lamalibre/portlama-agent 1.0.7 → 1.0.9

package/LICENSE.md

@@ -10,7 +10,7 @@ You may use, copy, modify, and distribute this software for any **noncommercial*
 
 ## Commercial Use
 
-Commercial use of this software requires a commercial license, available by contacting licence@codelama.com.tr.
+Commercial use of this software requires a commercial license, available by contacting license@codelama.com.tr.
 
 Commercial use includes, but is not limited to:
 

package/README.md

@@ -1,7 +1,7 @@
 # @lamalibre/portlama-agent
 
-Mac tunnel agent for Portlama — installs a Chisel tunnel client and manages it
-as a macOS launchd agent.
+Tunnel agent for Portlama — manages a Chisel tunnel client as a system service
+on macOS (launchd) and Linux (systemd).
 
 ## Installation
 
@@ -10,16 +10,17 @@ npx @lamalibre/portlama-agent setup
 ```
 
 The setup command downloads the Chisel binary, configures the tunnel connection,
-installs a launchd plist, and starts the agent. The panel provides the
-connection details and an agent-scoped mTLS certificate.
+installs a system service (launchd plist on macOS, systemd unit on Linux), and
+starts the agent. The panel provides the connection details and an agent-scoped
+mTLS certificate.
 
 ## Commands
 
 | Command                            | Description                                |
 | ---------------------------------- | ------------------------------------------ |
 | `setup`                            | Install Chisel and configure the tunnel    |
-| `update`                           | Update Chisel binary to latest version     |
-| `uninstall`                        | Remove Chisel, plist, and configuration    |
+| `update`                           | Re-fetch config from panel and restart     |
+| `uninstall`                        | Remove Chisel, service, and configuration  |
 | `status`                           | Show tunnel connection status              |
 | `logs`                             | Display recent tunnel logs                 |
 | `sites`                            | List all static sites                      |
@@ -102,11 +103,11 @@ portlama-agent deploy blog ./dist
 
 ## Requirements
 
-| Requirement | Details                         |
-| ----------- | ------------------------------- |
-| OS          | macOS                           |
-| Node.js     | >= 20.0.0                       |
-| Access      | User account (no root required) |
+| Requirement | Details                                         |
+| ----------- | ----------------------------------------------- |
+| OS          | macOS or Ubuntu Linux (24.04 LTS)               |
+| Node.js     | >= 20.0.0                                       |
+| Access      | User account on macOS; root/sudo on Linux       |
 
 ## How It Works
 
@@ -115,8 +116,8 @@ certificate (not the admin certificate). It connects to the server's Chisel
 endpoint over WebSocket-over-HTTPS and exposes local ports as configured
 in the panel's tunnel settings.
 
-The launchd plist ensures the tunnel reconnects automatically after reboot
-or network changes.
+The system service (launchd on macOS, systemd on Linux) ensures the tunnel
+reconnects automatically after reboot or network changes.
 
 ## Further Reading
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@lamalibre/portlama-agent",
-  "version": "1.0.7",
-  "description": "Mac agent for Portlama — installs Chisel tunnel client and manages launchd agent",
+  "version": "1.0.9",
+  "description": "Tunnel agent for Portlama — manages Chisel tunnel client as a system service",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",
   "author": "Code Lama Software",
@@ -30,6 +30,9 @@
     "chisel",
     "macos",
     "launchd",
+    "linux",
+    "systemd",
+    "ubuntu",
     "agent"
   ],
   "dependencies": {

package/src/commands/deploy.js

@@ -2,7 +2,7 @@ import chalk from 'chalk';
 import { Listr } from 'listr2';
 import { readdir, stat } from 'node:fs/promises';
 import path from 'node:path';
-import { assertMacOS } from '../lib/platform.js';
+import { assertSupportedPlatform } from '../lib/platform.js';
 import { requireAgentConfig } from '../lib/config.js';
 import { fetchSites, fetchSiteFiles, deleteSiteFile, uploadSiteFiles } from '../lib/panel-api.js';
 import { formatBytes } from '../lib/format.js';
@@ -40,7 +40,7 @@ async function scanDirectory(dir, base = '') {
  * @param {string[]} args
  */
 export async function runDeploy(args) {
-  assertMacOS();
+  assertSupportedPlatform();
   const config = await requireAgentConfig();
 
   const target = args[0];

package/src/commands/logs.js

@@ -1,14 +1,14 @@
 import { existsSync } from 'node:fs';
 import { execa } from 'execa';
 import chalk from 'chalk';
-import { assertMacOS, LOG_FILE, ERROR_LOG_FILE } from '../lib/platform.js';
+import { assertSupportedPlatform, LOG_FILE, ERROR_LOG_FILE } from '../lib/platform.js';
 
 /**
  * Stream chisel logs to the terminal.
  * Tails both stdout and stderr log files.
  */
 export async function runLogs() {
-  assertMacOS();
+  assertSupportedPlatform();
 
   const files = [];
   if (existsSync(LOG_FILE)) files.push(LOG_FILE);

package/src/commands/plugin.js

@@ -3,7 +3,7 @@ import { execa } from 'execa';
 import { readFile, writeFile, rename, open, mkdir, rm } from 'node:fs/promises';
 import { createRequire } from 'node:module';
 import path from 'node:path';
-import { assertMacOS, AGENT_DIR } from '../lib/platform.js';
+import { assertSupportedPlatform, AGENT_DIR } from '../lib/platform.js';
 
 const PLUGINS_FILE = path.join(AGENT_DIR, 'plugins.json');
 
@@ -225,7 +225,7 @@ async function showStatus() {
  * Entry point for the plugin subcommand.
  */
 export async function runPlugin(args) {
-  assertMacOS();
+  assertSupportedPlatform();
 
   const subcommand = args[0];
   const target = args[1];

package/src/commands/setup.js

@@ -5,14 +5,15 @@ import { resolve } from 'node:path';
 import path from 'node:path';
 import { Listr } from 'listr2';
 import chalk from 'chalk';
-import { assertMacOS, CHISEL_BIN_DIR, LOGS_DIR, AGENT_DIR } from '../lib/platform.js';
+import { assertSupportedPlatform, isDarwin, CHISEL_BIN_DIR, LOGS_DIR, AGENT_DIR } from '../lib/platform.js';
 import { loadAgentConfig, saveAgentConfig } from '../lib/config.js';
-import { fetchHealth, fetchPlist, fetchTunnels, curlPostUnauthenticated } from '../lib/panel-api.js';
+import { fetchHealth, fetchAgentConfig, fetchTunnels, curlPostUnauthenticated } from '../lib/panel-api.js';
 import { extractPemFromP12, cleanupPemFiles } from '../lib/ws-helpers.js';
 import { installChisel } from '../lib/chisel.js';
-import { rewritePlist, writePlistFile } from '../lib/plist.js';
-import { isAgentLoaded, unloadAgent, loadAgent, getAgentPid } from '../lib/launchctl.js';
-import { generateKeypairAndCSR, importIdentityToKeychain, secureDelete } from '../lib/keychain.js';
+import { generateServiceConfig, writeServiceConfigFile } from '../lib/service-config.js';
+import { isAgentLoaded, unloadAgent, loadAgent, getAgentPid } from '../lib/service.js';
+import { generateKeypairAndCSR, secureDelete } from '../lib/keychain.js';
+import { storeEnrolledCert } from '../lib/cert-store.js';
 
 /**
  * Prompt for user input via readline.
@@ -38,6 +39,8 @@ function prompt(question, defaultValue) {
 
 /**
  * Parse --token and --panel-url flags from argv.
+ * Token can also be provided via PORTLAMA_ENROLLMENT_TOKEN env var
+ * to avoid exposure in process listings.
  * @returns {{ token?: string, panelUrl?: string }}
  */
 function parseSetupFlags() {
@@ -50,6 +53,10 @@ function parseSetupFlags() {
       flags.panelUrl = args[++i];
     }
   }
+  // Prefer env var over CLI arg to keep token out of process listings
+  if (process.env.PORTLAMA_ENROLLMENT_TOKEN) {
+    flags.token = process.env.PORTLAMA_ENROLLMENT_TOKEN;
+  }
   return flags;
 }
 
@@ -75,8 +82,8 @@ export async function runSetup() {
  * @param {{ token: string, panelUrl?: string }} flags
  */
 async function runTokenSetup(flags) {
-  // Step 1: Verify macOS
-  assertMacOS();
+  // Step 1: Verify supported platform
+  assertSupportedPlatform();
 
   // Check for existing config
   const existingConfig = await loadAgentConfig();
@@ -88,8 +95,10 @@ async function runTokenSetup(flags) {
   }
 
   console.log('');
-  console.log(chalk.bold('  Portlama Agent Setup (Hardware-Bound Certificate)'));
-  console.log(chalk.dim('  Connect this Mac to your Portlama server using a Keychain-bound certificate.'));
+  console.log(chalk.bold('  Portlama Agent Setup (Token-Based Enrollment)'));
+  console.log(chalk.dim(isDarwin()
+    ? '  Connect this Mac to your Portlama server using a Keychain-bound certificate.'
+    : '  Connect this machine to your Portlama server using a certificate.'));
   console.log('');
 
   let panelUrl = flags.panelUrl;
@@ -110,8 +119,10 @@ async function runTokenSetup(flags) {
     token: flags.token,
     agentLabel: null,
     keychainIdentity: null,
+    p12Path: null,
+    p12Password: null,
     chiselVersion: null,
-    plistXml: null,
+    serviceConfig: null,
     domain: null,
     tunnels: [],
   };
@@ -157,19 +168,25 @@ async function runTokenSetup(flags) {
         rendererOptions: { persistentOutput: true },
       },
       {
-        title: 'Importing certificate into Keychain',
+        title: isDarwin() ? 'Importing certificate into Keychain' : 'Storing certificate',
         task: async (_ctx, task) => {
           // The server overrides the CSR subject with the correct CN=agent:<label>
           // during signing, so the CSR placeholder subject doesn't matter.
-          const { identity } = await importIdentityToKeychain(
+          const result = await storeEnrolledCert(
             ctx._keyData.keyPath,
             ctx._certPem,
             ctx._caCertPem,
             ctx.agentLabel,
             console,
           );
-          ctx.keychainIdentity = identity;
-          task.output = `Identity "${identity}" imported (non-extractable)`;
+          if (result.identity) {
+            ctx.keychainIdentity = result.identity;
+            task.output = `Identity "${result.identity}" imported (non-extractable)`;
+          } else {
+            ctx.p12Path = result.p12Path;
+            ctx.p12Password = result.p12Password;
+            task.output = `Certificate stored at ${result.p12Path}`;
+          }
         },
         rendererOptions: { persistentOutput: true },
       },
@@ -183,12 +200,10 @@ async function runTokenSetup(flags) {
       {
         title: 'Verifying panel connectivity',
         task: async (_ctx, task) => {
-          const config = {
-            panelUrl: ctx.panelUrl,
-            authMethod: 'keychain',
-            keychainIdentity: ctx.keychainIdentity,
-          };
-          const health = await fetchHealth(config);
+          const authConfig = ctx.keychainIdentity
+            ? { panelUrl: ctx.panelUrl, authMethod: 'keychain', keychainIdentity: ctx.keychainIdentity }
+            : { panelUrl: ctx.panelUrl, authMethod: 'p12', p12Path: ctx.p12Path, p12Password: ctx.p12Password };
+          const health = await fetchHealth(authConfig);
           task.output = `Panel is reachable (status: ${health.status || 'ok'})`;
         },
         rendererOptions: { persistentOutput: true },
@@ -209,30 +224,24 @@ async function runTokenSetup(flags) {
       {
         title: 'Fetching tunnel configuration',
         task: async (_ctx, task) => {
-          const config = {
-            panelUrl: ctx.panelUrl,
-            authMethod: 'keychain',
-            keychainIdentity: ctx.keychainIdentity,
-          };
-          const data = await fetchPlist(config);
-          ctx.plistXml = data.plist;
+          const authConfig = ctx.keychainIdentity
+            ? { panelUrl: ctx.panelUrl, authMethod: 'keychain', keychainIdentity: ctx.keychainIdentity }
+            : { panelUrl: ctx.panelUrl, authMethod: 'p12', p12Path: ctx.p12Path, p12Password: ctx.p12Password };
 
-          const tunnelData = await fetchTunnels(config);
+          const agentConfig = await fetchAgentConfig(authConfig);
+          ctx.domain = agentConfig.domain;
+          ctx.serviceConfig = generateServiceConfig(agentConfig.chiselArgs);
+
+          const tunnelData = await fetchTunnels(authConfig);
           ctx.tunnels = tunnelData.tunnels || [];
           task.output = `${ctx.tunnels.length} tunnel(s) configured`;
         },
         rendererOptions: { persistentOutput: true },
       },
       {
-        title: 'Rewriting plist paths',
-        task: async () => {
-          ctx.plistXml = rewritePlist(ctx.plistXml);
-        },
-      },
-      {
-        title: 'Writing plist file',
+        title: 'Writing service config',
         task: async () => {
-          await writePlistFile(ctx.plistXml);
+          await writeServiceConfigFile(ctx.serviceConfig);
         },
       },
       {
@@ -247,13 +256,16 @@ async function runTokenSetup(flags) {
       },
       {
         title: 'Loading agent',
+        skip: () => ctx.tunnels.length === 0 && 'No tunnels configured — run portlama-agent update after creating tunnels',
         task: async () => {
           await loadAgent();
         },
       },
       {
         title: 'Verifying agent is running',
+        skip: () => ctx.tunnels.length === 0 && 'No tunnels configured',
         task: async (_ctx, task) => {
+          // Give the service manager a moment to start the process
           await new Promise((r) => setTimeout(r, 2000));
           const pid = await getAgentPid();
           if (pid) {
@@ -272,18 +284,24 @@ async function runTokenSetup(flags) {
       {
         title: 'Saving configuration',
         task: async () => {
-          const domainMatch = ctx.plistXml.match(/wss:\/\/tunnel\.([^:]+):/);
-          ctx.domain = domainMatch ? domainMatch[1] : null;
-
-          await saveAgentConfig({
+          const configData = {
             panelUrl: ctx.panelUrl,
-            authMethod: 'keychain',
-            keychainIdentity: ctx.keychainIdentity,
             agentLabel: ctx.agentLabel,
             domain: ctx.domain,
             chiselVersion: ctx.chiselVersion,
             setupAt: new Date().toISOString(),
-          });
+          };
+
+          if (ctx.keychainIdentity) {
+            configData.authMethod = 'keychain';
+            configData.keychainIdentity = ctx.keychainIdentity;
+          } else {
+            configData.authMethod = 'p12';
+            configData.p12Path = ctx.p12Path;
+            configData.p12Password = ctx.p12Password;
+          }
+
+          await saveAgentConfig(configData);
         },
       },
     ],
@@ -298,7 +316,7 @@ async function runTokenSetup(flags) {
     await tasks.run();
   } catch (err) {
     // Securely delete the temporary private key if it was generated but not
-    // yet imported into Keychain (importIdentityToKeychain handles its own cleanup).
+    // yet consumed by storeEnrolledCert (which handles its own cleanup).
     if (ctx._keyData?.keyPath) {
       await secureDelete(ctx._keyData.keyPath).catch(() => {});
     }
@@ -313,8 +331,8 @@ async function runTokenSetup(flags) {
  * Traditional P12-based setup flow.
  */
 async function runP12Setup() {
-  // Step 1: Verify macOS
-  assertMacOS();
+  // Step 1: Verify supported platform
+  assertSupportedPlatform();
 
   // Check for existing config
   const existingConfig = await loadAgentConfig();
@@ -328,7 +346,9 @@ async function runP12Setup() {
   // Step 2: Prompt credentials
   console.log('');
   console.log(chalk.bold('  Portlama Agent Setup'));
-  console.log(chalk.dim('  Connect this Mac to your Portlama server.'));
+  console.log(chalk.dim(isDarwin()
+    ? '  Connect this Mac to your Portlama server.'
+    : '  Connect this machine to your Portlama server.'));
   console.log('');
   console.log(chalk.dim('  The admin must generate an agent certificate from the panel first:'));
   console.log(chalk.dim('    Panel → Certificates → Agent Certificates → Generate'));
@@ -363,7 +383,7 @@ async function runP12Setup() {
     p12Path,
     p12Password,
     chiselVersion: null,
-    plistXml: null,
+    serviceConfig: null,
     domain: null,
     tunnels: [],
   };
@@ -415,8 +435,9 @@ async function runP12Setup() {
       {
         title: 'Fetching tunnel configuration',
         task: async (_ctx, task) => {
-          const data = await fetchPlist(ctx.panelUrl, ctx.p12Path, ctx.p12Password);
-          ctx.plistXml = data.plist;
+          const agentConfig = await fetchAgentConfig(ctx.panelUrl, ctx.p12Path, ctx.p12Password);
+          ctx.domain = agentConfig.domain;
+          ctx.serviceConfig = generateServiceConfig(agentConfig.chiselArgs);
 
           // Also fetch tunnel list for the summary
           const tunnelData = await fetchTunnels(ctx.panelUrl, ctx.p12Path, ctx.p12Password);
@@ -426,15 +447,9 @@ async function runP12Setup() {
         rendererOptions: { persistentOutput: true },
       },
       {
-        title: 'Rewriting plist paths',
-        task: async () => {
-          ctx.plistXml = rewritePlist(ctx.plistXml);
-        },
-      },
-      {
-        title: 'Writing plist file',
+        title: 'Writing service config',
         task: async () => {
-          await writePlistFile(ctx.plistXml);
+          await writeServiceConfigFile(ctx.serviceConfig);
         },
       },
       {
@@ -449,14 +464,16 @@ async function runP12Setup() {
       },
       {
         title: 'Loading agent',
+        skip: () => ctx.tunnels.length === 0 && 'No tunnels configured — run portlama-agent update after creating tunnels',
         task: async () => {
           await loadAgent();
         },
       },
       {
         title: 'Verifying agent is running',
+        skip: () => ctx.tunnels.length === 0 && 'No tunnels configured',
         task: async (_ctx, task) => {
-          // Give launchd a moment to start the process
+          // Give the service manager a moment to start the process
           await new Promise((r) => setTimeout(r, 2000));
           const pid = await getAgentPid();
           if (pid) {
@@ -475,10 +492,6 @@ async function runP12Setup() {
       {
         title: 'Saving configuration',
         task: async () => {
-          // Extract domain from the plist (look for wss://tunnel.<domain>)
-          const domainMatch = ctx.plistXml.match(/wss:\/\/tunnel\.([^:]+):/);
-          ctx.domain = domainMatch ? domainMatch[1] : null;
-
           await saveAgentConfig({
             panelUrl: ctx.panelUrl,
             authMethod: 'p12',

package/src/commands/sites.js

@@ -1,6 +1,6 @@
 import { createInterface } from 'node:readline';
 import chalk from 'chalk';
-import { assertMacOS } from '../lib/platform.js';
+import { assertSupportedPlatform } from '../lib/platform.js';
 import { requireAgentConfig } from '../lib/config.js';
 import { fetchSites, createSite, deleteSite } from '../lib/panel-api.js';
 import { formatBytes } from '../lib/format.js';
@@ -57,7 +57,7 @@ function parseFlags(args) {
  * @param {string[]} args
  */
 export async function runSites(args) {
-  assertMacOS();
+  assertSupportedPlatform();
   const config = await requireAgentConfig();
   const sub = args[0];
 

package/src/commands/status.js

@@ -1,7 +1,7 @@
 import chalk from 'chalk';
-import { assertMacOS, CHISEL_BIN_PATH, PLIST_PATH, LOG_FILE, AGENT_DIR } from '../lib/platform.js';
+import { assertSupportedPlatform, CHISEL_BIN_PATH, SERVICE_CONFIG_PATH, LOG_FILE, AGENT_DIR } from '../lib/platform.js';
 import { loadAgentConfig } from '../lib/config.js';
-import { isAgentLoaded, getAgentPid } from '../lib/launchctl.js';
+import { isAgentLoaded, getAgentPid } from '../lib/service.js';
 import { getInstalledVersion } from '../lib/chisel.js';
 import { fetchTunnels } from '../lib/panel-api.js';
 import { existsSync } from 'node:fs';
@@ -10,7 +10,7 @@ import { existsSync } from 'node:fs';
  * Print formatted status information about the agent.
  */
 export async function runStatus() {
-  assertMacOS();
+  assertSupportedPlatform();
 
   const b = chalk.bold;
   const c = chalk.cyan;
@@ -52,7 +52,7 @@ export async function runStatus() {
   );
 
   // Files
-  console.log(`  ${b('Plist:')}     ${existsSync(PLIST_PATH) ? g('present') : y('missing')}`);
+  console.log(`  ${b('Service:')}   ${existsSync(SERVICE_CONFIG_PATH) ? g('present') : y('missing')}`);
   console.log(`  ${b('Config:')}    ${existsSync(AGENT_DIR) ? g('present') : y('missing')}`);
   console.log(`  ${b('Logs:')}      ${d(LOG_FILE)}`);
 

package/src/commands/uninstall.js

@@ -2,14 +2,14 @@ import { rm } from 'node:fs/promises';
 import { existsSync } from 'node:fs';
 import { Listr } from 'listr2';
 import chalk from 'chalk';
-import { assertMacOS, AGENT_DIR, PLIST_PATH } from '../lib/platform.js';
-import { isAgentLoaded, unloadAgent } from '../lib/launchctl.js';
+import { assertSupportedPlatform, AGENT_DIR, SERVICE_CONFIG_PATH, isLinux } from '../lib/platform.js';
+import { isAgentLoaded, unloadAgent } from '../lib/service.js';
 
 /**
- * Unload the agent, remove the plist, chisel binary, and config.
+ * Unload the agent, remove the service config, chisel binary, and config.
  */
 export async function runUninstall() {
-  assertMacOS();
+  assertSupportedPlatform();
 
   const tasks = new Listr(
     [
@@ -24,10 +24,14 @@ export async function runUninstall() {
         },
       },
       {
-        title: 'Removing plist file',
-        skip: () => !existsSync(PLIST_PATH) && 'Plist not found',
+        title: 'Removing service config',
+        skip: () => !existsSync(SERVICE_CONFIG_PATH) && 'Service config not found',
         task: async () => {
-          await rm(PLIST_PATH);
+          await rm(SERVICE_CONFIG_PATH);
+          if (isLinux()) {
+            const { execa } = await import('execa');
+            await execa('systemctl', ['daemon-reload']);
+          }
         },
       },
       {

package/src/commands/update.js

@@ -1,22 +1,22 @@
 import { Listr } from 'listr2';
 import chalk from 'chalk';
-import { assertMacOS } from '../lib/platform.js';
+import { assertSupportedPlatform } from '../lib/platform.js';
 import { requireAgentConfig, saveAgentConfig } from '../lib/config.js';
-import { fetchPlist, fetchTunnels } from '../lib/panel-api.js';
-import { rewritePlist, writePlistFile } from '../lib/plist.js';
-import { isAgentLoaded, unloadAgent, loadAgent, getAgentPid } from '../lib/launchctl.js';
+import { fetchAgentConfig, fetchTunnels } from '../lib/panel-api.js';
+import { generateServiceConfig, writeServiceConfigFile } from '../lib/service-config.js';
+import { isAgentLoaded, unloadAgent, loadAgent, getAgentPid } from '../lib/service.js';
 
 /**
- * Re-fetch the plist from the panel and restart the agent.
+ * Re-fetch tunnel config from the panel and restart the agent.
  * Used after adding/removing tunnels on the panel.
  */
 export async function runUpdate() {
-  assertMacOS();
+  assertSupportedPlatform();
 
   const config = await requireAgentConfig();
 
   const ctx = {
-    plistXml: null,
+    serviceConfig: null,
     tunnels: [],
   };
 
@@ -25,8 +25,8 @@ export async function runUpdate() {
       {
         title: 'Fetching updated tunnel configuration',
         task: async (_ctx, task) => {
-          const data = await fetchPlist(config);
-          ctx.plistXml = data.plist;
+          const agentConfig = await fetchAgentConfig(config);
+          ctx.serviceConfig = generateServiceConfig(agentConfig.chiselArgs);
 
           const tunnelData = await fetchTunnels(config);
           ctx.tunnels = tunnelData.tunnels || [];
@@ -35,15 +35,9 @@ export async function runUpdate() {
         rendererOptions: { persistentOutput: true },
       },
       {
-        title: 'Rewriting plist paths',
+        title: 'Writing service config',
         task: async () => {
-          ctx.plistXml = rewritePlist(ctx.plistXml);
-        },
-      },
-      {
-        title: 'Writing plist file',
-        task: async () => {
-          await writePlistFile(ctx.plistXml);
+          await writeServiceConfigFile(ctx.serviceConfig);
         },
       },
       {

package/src/index.js

@@ -9,7 +9,7 @@ function printHelp() {
   const d = chalk.dim;
 
   console.log(`
-${b('portlama-agent')} — Mac tunnel agent for Portlama
+${b('portlama-agent')} — tunnel agent for Portlama (macOS & Linux)
 
 ${b('USAGE')}
 
@@ -18,7 +18,7 @@ ${b('USAGE')}
 ${b('COMMANDS')}
 
   ${c('setup')}           Interactive setup: install Chisel, fetch tunnel config, start agent
-  ${c('update')}          Re-fetch plist from panel after tunnel changes
+  ${c('update')}          Re-fetch config from panel after tunnel changes
   ${c('uninstall')}       Stop agent and remove all files
   ${c('status')}          Show agent health, tunnel list, connection status
   ${c('logs')}            Stream Chisel log output (tail -f)
@@ -28,9 +28,12 @@ ${b('COMMANDS')}
 
 ${b('EXAMPLES')}
 
-  ${d('# First-time setup')}
+  ${d('# First-time setup (interactive)')}
   ${c('npx @lamalibre/portlama-agent setup')}
 
+  ${d('# Token-based setup (non-interactive)')}
+  ${c('PORTLAMA_ENROLLMENT_TOKEN=<token> portlama-agent setup --panel-url https://1.2.3.4:9292')}
+
   ${d('# After adding a tunnel on the panel')}
   ${c('portlama-agent update')}
 
@@ -52,9 +55,9 @@ ${b('EXAMPLES')}
 
 ${b('PREREQUISITES')}
 
-  ${d('•')} macOS (arm64 or x64)
-  ${d('•')} Agent certificate (.p12) generated from your Portlama panel
-    (Panel → Certificates → Agent Certificates → Generate)
+  ${d('•')} macOS (arm64 or x64) or Ubuntu Linux (arm64 or x64)
+  ${d('•')} Agent certificate (.p12) or enrollment token from your Portlama panel
+    (Panel → Certificates → Agent Certificates → Generate / Enroll)
   ${d('•')} Panel URL (e.g. https://1.2.3.4:9292)
 `);
   process.exit(0);