npm - @lobu/cli - Versions diffs - 3.0.3 → 3.0.4 - Mend

@lobu/cli 3.0.3 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/README.md +8 -8
package/dist/__tests__/login.test.d.ts +2 -0
package/dist/__tests__/login.test.d.ts.map +1 -0
package/dist/__tests__/login.test.js +173 -0
package/dist/__tests__/login.test.js.map +1 -0
package/dist/api/client.d.ts.map +1 -1
package/dist/api/client.js +3 -5
package/dist/api/client.js.map +1 -1
package/dist/api/context.d.ts +22 -0
package/dist/api/context.d.ts.map +1 -0
package/dist/api/context.js +113 -0
package/dist/api/context.js.map +1 -0
package/dist/api/credentials.d.ts +9 -4
package/dist/api/credentials.d.ts.map +1 -1
package/dist/api/credentials.js +127 -15
package/dist/api/credentials.js.map +1 -1
package/dist/commands/chat.d.ts +11 -0
package/dist/commands/chat.d.ts.map +1 -0
package/dist/commands/chat.js +195 -0
package/dist/commands/chat.js.map +1 -0
package/dist/commands/context.d.ts +8 -0
package/dist/commands/context.d.ts.map +1 -0
package/dist/commands/context.js +46 -0
package/dist/commands/context.js.map +1 -0
package/dist/commands/dev.d.ts +1 -8
package/dist/commands/dev.d.ts.map +1 -1
package/dist/commands/dev.js +236 -57
package/dist/commands/dev.js.map +1 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +351 -676
package/dist/commands/init.js.map +1 -1
package/dist/commands/launch.d.ts.map +1 -1
package/dist/commands/launch.js +2 -8
package/dist/commands/launch.js.map +1 -1
package/dist/commands/login.d.ts +2 -0
package/dist/commands/login.d.ts.map +1 -1
package/dist/commands/login.js +283 -14
package/dist/commands/login.js.map +1 -1
package/dist/commands/logout.d.ts +3 -1
package/dist/commands/logout.d.ts.map +1 -1
package/dist/commands/logout.js +5 -3
package/dist/commands/logout.js.map +1 -1
package/dist/commands/providers/add.d.ts.map +1 -1
package/dist/commands/providers/add.js +38 -14
package/dist/commands/providers/add.js.map +1 -1
package/dist/commands/providers/list.d.ts.map +1 -1
package/dist/commands/providers/list.js +4 -2
package/dist/commands/providers/list.js.map +1 -1
package/dist/commands/skills/add.d.ts.map +1 -1
package/dist/commands/skills/add.js +25 -7
package/dist/commands/skills/add.js.map +1 -1
package/dist/commands/skills/info.d.ts.map +1 -1
package/dist/commands/skills/info.js.map +1 -1
package/dist/commands/skills/list.d.ts.map +1 -1
package/dist/commands/skills/list.js.map +1 -1
package/dist/commands/skills/registry.d.ts +5 -0
package/dist/commands/skills/registry.d.ts.map +1 -1
package/dist/commands/skills/registry.js.map +1 -1
package/dist/commands/skills/search.d.ts.map +1 -1
package/dist/commands/skills/search.js +3 -1
package/dist/commands/skills/search.js.map +1 -1
package/dist/commands/status.d.ts +1 -1
package/dist/commands/status.d.ts.map +1 -1
package/dist/commands/status.js +107 -4
package/dist/commands/status.js.map +1 -1
package/dist/commands/validate.d.ts.map +1 -1
package/dist/commands/validate.js +9 -20
package/dist/commands/validate.js.map +1 -1
package/dist/commands/whoami.d.ts +3 -1
package/dist/commands/whoami.d.ts.map +1 -1
package/dist/commands/whoami.js +17 -3
package/dist/commands/whoami.js.map +1 -1
package/dist/config/agents-manifest.d.ts +92 -0
package/dist/config/agents-manifest.d.ts.map +1 -0
package/dist/config/agents-manifest.js +7 -0
package/dist/config/agents-manifest.js.map +1 -0
package/dist/config/loader.d.ts +18 -0
package/dist/config/loader.d.ts.map +1 -1
package/dist/config/loader.js +62 -2
package/dist/config/loader.js.map +1 -1
package/dist/config/platform-schemas.d.ts +120 -0
package/dist/config/platform-schemas.d.ts.map +1 -0
package/dist/config/platform-schemas.js +97 -0
package/dist/config/platform-schemas.js.map +1 -0
package/dist/config/schema.d.ts +546 -111
package/dist/config/schema.d.ts.map +1 -1
package/dist/config/schema.js +26 -19
package/dist/config/schema.js.map +1 -1
package/dist/config/transformer.d.ts +3 -0
package/dist/config/transformer.d.ts.map +1 -1
package/dist/config/transformer.js +7 -10
package/dist/config/transformer.js.map +1 -1
package/dist/index.d.ts +0 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +52 -10
package/dist/index.js.map +1 -1
package/dist/system-skills.json +89 -29
package/dist/templates/.env.tmpl +3 -14
package/dist/templates/.gitignore.tmpl +1 -0
package/dist/templates/README.md.tmpl +7 -8
package/dist/utils/markdown.d.ts +3 -0
package/dist/utils/markdown.d.ts.map +1 -0
package/dist/utils/markdown.js +10 -0
package/dist/utils/markdown.js.map +1 -0
package/package.json +4 -2
package/dist/templates/lobu.toml.tmpl +0 -44

package/dist/commands/init.js CHANGED Viewed

@@ -5,100 +5,9 @@ import { join } from "node:path";
 import chalk from "chalk";
 import inquirer from "inquirer";
 import ora from "ora";
-import YAML from "yaml";
-import { getRequiredEnvVars, MCP_SERVERS, } from "../mcp-servers.js";
+import { isIntegrationSkill, isProviderSkill, loadSkillsRegistry, } from "../commands/skills/registry.js";
+import { secretsSetCommand } from "../commands/secrets.js";
 import { renderTemplate } from "../utils/template.js";
-const DEFAULT_SLACK_MANIFEST = {
-    display_information: {
-        name: "Lobu",
-        description: "Hire AI peers to work with you, using your environments",
-        background_color: "#4a154b",
-        long_description: "This bot integrates Claude Code SDK with Slack to provide AI-powered coding assistance directly in your workspace. You can generate apps/AI peers that will appear as new handles.",
-    },
-    features: {
-        app_home: {
-            home_tab_enabled: true,
-            messages_tab_enabled: true,
-            messages_tab_read_only_enabled: false,
-        },
-        bot_user: {
-            display_name: "Lobu",
-            always_online: true,
-        },
-        slash_commands: [
-            {
-                command: "/lobu",
-                description: "Lobu commands - manage repositories and authentication",
-                usage_hint: "connect | login | help",
-            },
-        ],
-        assistant_view: {
-            assistant_description: "It can generate Claude Code session working on public Github data",
-            suggested_prompts: [
-                {
-                    title: "Create a project",
-                    message: "Create a new project",
-                },
-                {
-                    title: "Start working on a feature",
-                    message: "List me projects and let me tell you what I want to develop on which project",
-                },
-                {
-                    title: "Fix a bug",
-                    message: "List me projects and let me tell you what I want to develop on which project",
-                },
-                {
-                    title: "Ask a question to the codebase",
-                    message: "List me projects and let me tell you what I want to develop on which project",
-                },
-            ],
-        },
-    },
-    oauth_config: {
-        redirect_urls: [],
-        scopes: {
-            bot: [
-                "app_mentions:read",
-                "assistant:write",
-                "channels:history",
-                "channels:read",
-                "chat:write",
-                "chat:write.public",
-                "groups:history",
-                "groups:read",
-                "im:history",
-                "im:read",
-                "im:write",
-                "files:read",
-                "files:write",
-                "mpim:read",
-                "reactions:read",
-                "reactions:write",
-                "users:read",
-                "commands",
-            ],
-        },
-    },
-    settings: {
-        event_subscriptions: {
-            bot_events: [
-                "app_home_opened",
-                "app_mention",
-                "team_join",
-                "member_joined_channel",
-                "message.channels",
-                "message.groups",
-                "message.im",
-            ],
-        },
-        interactivity: {
-            is_enabled: true,
-        },
-        org_deploy_enabled: false,
-        socket_mode_enabled: true,
-        token_rotation_enabled: false,
-    },
-};
 export async function initCommand(cwd = process.cwd(), projectNameArg) {
     console.log(chalk.bold.cyan("\n🤖 Welcome to Lobu!\n"));
     // Get CLI version
@@ -137,430 +46,295 @@ export async function initCommand(cwd = process.cwd(), projectNameArg) {
         await mkdir(projectDir, { recursive: true });
         console.log(chalk.dim(`\nCreating project in: ${chalk.cyan(projectDir)}\n`));
     }
-    // MCP Server selection
-    const { configureMcp } = await inquirer.prompt([
+    // Deployment mode selection
+    const { deploymentMode } = await inquirer.prompt([
         {
-            type: "confirm",
-            name: "configureMcp",
-            message: "Would you like to configure MCP servers?",
-            default: true,
-        },
-    ]);
-    let selectedMcpServers = [];
-    let publicUrl = "";
-    if (configureMcp) {
-        const { mcpServers } = await inquirer.prompt([
-            {
-                type: "checkbox",
-                name: "mcpServers",
-                message: "Select MCP servers to configure (you can add more later):",
-                choices: [
-                    ...MCP_SERVERS.map((server) => ({
-                        name: `${server.name} - ${server.description}`,
-                        value: server.id,
-                        checked: server.id === "github", // GitHub selected by default
-                    })),
-                    {
-                        name: "Custom MCP server (provide URL)",
-                        value: "custom",
-                    },
-                ],
-                pageSize: 15,
-            },
-        ]);
-        selectedMcpServers = MCP_SERVERS.filter((s) => mcpServers.includes(s.id));
-        // Handle custom MCP server
-        if (mcpServers.includes("custom")) {
-            const { customMcpUrl, customMcpName } = await inquirer.prompt([
-                {
-                    type: "input",
-                    name: "customMcpName",
-                    message: "Custom MCP server name:",
-                    validate: (input) => {
-                        if (!input || !/^[a-z0-9-]+$/.test(input)) {
-                            return "Name must be lowercase alphanumeric with hyphens only";
-                        }
-                        return true;
-                    },
-                },
+            type: "list",
+            name: "deploymentMode",
+            message: "How should workers run?",
+            choices: [
                 {
-                    type: "input",
-                    name: "customMcpUrl",
-                    message: "Custom MCP server URL:",
-                    validate: (input) => {
-                        if (!input) {
-                            return "Please enter a valid URL";
-                        }
-                        try {
-                            new URL(input);
-                            return true;
-                        }
-                        catch {
-                            return "Please enter a valid URL (e.g., https://your-mcp-server.com)";
-                        }
-                    },
-                },
-            ]);
-            selectedMcpServers.push({
-                id: customMcpName,
-                name: customMcpName,
-                description: "Custom MCP server",
-                type: "none",
-                config: {
-                    url: customMcpUrl,
+                    name: "Embedded — virtual bash & filesystem, no package installs, lower resource usage",
+                    value: "embedded",
                 },
-            });
-        }
-        // Check if any OAuth servers were selected
-        const hasOAuthServers = selectedMcpServers.some((s) => s.type === "oauth");
-        if (hasOAuthServers) {
-            const { publicGatewayUrl } = await inquirer.prompt([
                 {
-                    type: "input",
-                    name: "publicGatewayUrl",
-                    message: "Public Gateway URL (required for OAuth MCP servers):",
-                    default: "http://localhost:8080",
-                    validate: (input) => {
-                        if (!input) {
-                            return "Public URL is required when using OAuth-based MCP servers";
-                        }
-                        try {
-                            new URL(input);
-                            return true;
-                        }
-                        catch {
-                            return "Please enter a valid URL (e.g., https://your-domain.com)";
-                        }
-                    },
+                    name: "Docker — isolated containers per user, full OS access, heavier but more capable",
+                    value: "docker",
                 },
-            ]);
-            publicUrl = publicGatewayUrl;
-        }
-    }
-    // Platform selection
-    const { selectedPlatforms } = await inquirer.prompt([
+            ],
+            default: "embedded",
+        },
+    ]);
+    // Gateway port selection
+    const { gatewayPort } = await inquirer.prompt([
         {
-            type: "checkbox",
-            name: "selectedPlatforms",
-            message: "Which messaging platform(s) do you want to configure?",
+            type: "input",
+            name: "gatewayPort",
+            message: "Gateway port?",
+            default: "8080",
+            validate: (input) => {
+                const port = Number(input);
+                if (!Number.isInteger(port) || port < 1 || port > 65535) {
+                    return "Please enter a valid port number (1-65535)";
+                }
+                return true;
+            },
+        },
+    ]);
+    // Public gateway URL (optional — only needed for OAuth callbacks and external webhooks)
+    const { publicGatewayUrl } = await inquirer.prompt([
+        {
+            type: "input",
+            name: "publicGatewayUrl",
+            message: "Public gateway URL? (leave empty for local dev, set for OAuth/webhooks)",
+            default: "",
+        },
+    ]);
+    // Admin password
+    const { adminPassword } = await inquirer.prompt([
+        {
+            type: "password",
+            name: "adminPassword",
+            message: "Admin password?",
+            mask: "*",
+            validate: (input) => {
+                if (!input || input.length < 4) {
+                    return "Password must be at least 4 characters";
+                }
+                return true;
+            },
+        },
+    ]);
+    // Worker network access policy
+    const { networkPolicy } = await inquirer.prompt([
+        {
+            type: "list",
+            name: "networkPolicy",
+            message: "Worker network access?",
             choices: [
                 {
-                    name: "Telegram (quickest — 1 token from @BotFather)",
-                    value: "telegram",
+                    name: "Restricted (recommended) — common registries only (npm, GitHub, PyPI)",
+                    value: "restricted",
                 },
                 {
-                    name: "Slack (requires app creation + 3 credentials)",
-                    value: "slack",
+                    name: "Open — workers can access any domain",
+                    value: "open",
                 },
                 {
-                    name: "API only (no chat platform, use REST endpoints)",
-                    value: "api",
+                    name: "Isolated — workers have no internet access",
+                    value: "isolated",
                 },
             ],
-            validate: (input) => {
-                if (input.length === 0) {
-                    return "Select at least one platform";
-                }
-                return true;
-            },
+            default: "restricted",
         },
     ]);
-    // Telegram setup
-    let telegramBotToken = "";
-    let telegramAllowFrom = "";
-    if (selectedPlatforms.includes("telegram")) {
-        console.log(chalk.bold("\n📱 Telegram Setup"));
-        console.log(chalk.dim("  Step 1: Open Telegram and message @BotFather"));
-        console.log(chalk.dim("  Step 2: Send /newbot and follow the prompts"));
-        console.log(chalk.dim("  Step 3: Copy the bot token\n"));
-        const telegramAnswers = await inquirer.prompt([
-            {
-                type: "password",
-                name: "telegramBotToken",
-                message: "Telegram Bot Token?",
-                validate: (input) => {
-                    if (!input) {
-                        return "Please enter your Telegram bot token";
-                    }
-                    if (!/^\d+:[A-Za-z0-9_-]+$/.test(input)) {
-                        return "Invalid token format. Expected: digits:alphanumeric (e.g., 123456789:ABCdefGHI...)";
-                    }
-                    return true;
-                },
-            },
-        ]);
-        telegramBotToken = telegramAnswers.telegramBotToken;
-        // Validate token via Telegram API
-        const spinner = ora("Verifying Telegram bot token...").start();
-        try {
-            const response = await fetch(`https://api.telegram.org/bot${telegramBotToken}/getMe`);
-            const data = (await response.json());
-            if (data.ok && data.result?.username) {
-                spinner.succeed(`Bot verified: @${data.result.username}`);
-            }
-            else {
-                spinner.warn("Could not verify bot token — check it after setup if needed");
-            }
-        }
-        catch {
-            spinner.warn("Could not reach Telegram API — token will be saved as-is");
-        }
-        const { telegramAllowFromInput } = await inquirer.prompt([
-            {
-                type: "input",
-                name: "telegramAllowFromInput",
-                message: "Restrict to specific Telegram user IDs? (comma-separated, leave empty to allow all)",
-                default: "",
-            },
-        ]);
-        telegramAllowFrom = telegramAllowFromInput;
-    }
-    // Slack setup
-    let credentialAnswers = {
-        slackSigningSecret: "",
-        slackAppToken: "",
-        slackBotToken: "",
-    };
-    if (selectedPlatforms.includes("slack")) {
-        const { slackAppOption } = await inquirer.prompt([
-            {
-                type: "list",
-                name: "slackAppOption",
-                message: "Slack app setup?",
-                choices: [
-                    {
-                        name: "Create a new Slack app using the Lobu manifest",
-                        value: "create",
-                    },
-                    {
-                        name: "Use an existing Slack app",
-                        value: "existing",
-                    },
-                ],
-                default: "create",
-            },
-        ]);
-        if (slackAppOption === "create") {
-            const manifestUrl = await getSlackManifestUrl();
-            console.log(chalk.bold("\n🔗 Create your Slack app"));
-            console.log(`Open this link to create the app with the recommended manifest:\n${chalk.cyan(chalk.underline(manifestUrl))}\n`);
-            await inquirer.prompt([
+    // Provider selection (from system-skills.json registry)
+    const providerSkills = loadSkillsRegistry().filter(isProviderSkill);
+    const providerChoices = [
+        { name: "Skip — I'll add a provider later", value: "" },
+        ...providerSkills.map((s) => ({
+            name: `${s.providers[0].displayName}${s.providers[0].defaultModel ? ` (${s.providers[0].defaultModel})` : ""}`,
+            value: s.id,
+        })),
+    ];
+    const { providerId } = await inquirer.prompt([
+        {
+            type: "list",
+            name: "providerId",
+            message: "AI provider?",
+            choices: providerChoices,
+            default: "",
+        },
+    ]);
+    let providerApiKey = "";
+    let selectedProvider;
+    if (providerId) {
+        selectedProvider = providerSkills.find((s) => s.id === providerId);
+        const p = selectedProvider?.providers?.[0];
+        if (p) {
+            const { apiKey } = await inquirer.prompt([
                 {
-                    type: "confirm",
-                    name: "slackAppCreated",
-                    message: "Press enter after clicking \u201CCreate\u201D and returning here to continue.",
-                    default: true,
+                    type: "password",
+                    name: "apiKey",
+                    message: `${p.displayName} API key:`,
+                    mask: "*",
                 },
             ]);
+            providerApiKey = apiKey || "";
         }
-        const { slackAppId } = await inquirer.prompt([
+    }
+    // Skills selection (integration skills from registry, excluding provider-only skills)
+    const integrationSkills = loadSkillsRegistry().filter((s) => isIntegrationSkill(s) && !isProviderSkill(s) && !s.hidden);
+    const { skillIds } = await inquirer.prompt([
+        {
+            type: "checkbox",
+            name: "skillIds",
+            message: "Enable integration skills?",
+            choices: integrationSkills.map((s) => ({
+                name: `${s.name} — ${s.description}`,
+                value: s.id,
+                checked: s.id === "github",
+            })),
+            when: integrationSkills.length > 0,
+        },
+    ]);
+    const selectedSkillIds = skillIds || [];
+    // Connection (messaging platform) selection
+    const platformChoices = [
+        { name: "Skip — I'll connect a platform later", value: "" },
+        { name: "Telegram", value: "telegram" },
+        { name: "Slack", value: "slack" },
+        { name: "Discord", value: "discord" },
+    ];
+    const { platformType } = await inquirer.prompt([
+        {
+            type: "list",
+            name: "platformType",
+            message: "Connect a messaging platform?",
+            choices: platformChoices,
+            default: "",
+        },
+    ]);
+    const connectionConfig = {};
+    const connectionSecrets = [];
+    if (platformType === "telegram") {
+        const { botToken } = await inquirer.prompt([
             {
-                type: "input",
-                name: "slackAppId",
-                message: "Slack App ID (optional)?",
-                default: "",
+                type: "password",
+                name: "botToken",
+                message: "Telegram bot token (from @BotFather):",
+                mask: "*",
             },
         ]);
-        const trimmedAppId = slackAppId.trim();
-        const appIdForLinks = trimmedAppId !== "" ? trimmedAppId : "<YOUR_APP_ID>";
-        const appDashboardUrl = `https://api.slack.com/apps/${appIdForLinks}`;
-        const oauthUrl = `${appDashboardUrl}/oauth`;
-        console.log(chalk.bold("\n🔐 Collect your Slack credentials"));
-        console.log(`Signing Secret & App-Level Tokens: ${chalk.cyan(chalk.underline(appDashboardUrl))}`);
-        console.log(`OAuth Tokens (Bot Token): ${chalk.cyan(chalk.underline(oauthUrl))}, you need to install the app first.\n`);
-        if (trimmedAppId === "") {
-            console.log(chalk.dim("Replace <YOUR_APP_ID> in the links above once you locate your Slack app ID."));
-            console.log();
+        if (botToken) {
+            connectionConfig.botToken = "$TELEGRAM_BOT_TOKEN";
+            connectionSecrets.push({
+                envVar: "TELEGRAM_BOT_TOKEN",
+                value: botToken,
+            });
         }
-        credentialAnswers = await inquirer.prompt([
-            {
-                type: "password",
-                name: "slackSigningSecret",
-                message: "Slack Signing Secret?",
-                validate: (input) => {
-                    if (!input) {
-                        return "Please enter your Slack signing secret.";
-                    }
-                    return true;
-                },
-            },
+    }
+    else if (platformType === "slack") {
+        const slackAnswers = await inquirer.prompt([
             {
                 type: "password",
-                name: "slackAppToken",
-                message: "Slack App Token (xapp-...)?",
-                validate: (input) => {
-                    if (!input || !input.startsWith("xapp-")) {
-                        return "Please enter a valid Slack app token starting with xapp-";
-                    }
-                    return true;
-                },
+                name: "botToken",
+                message: "Slack bot token (xoxb-...):",
+                mask: "*",
             },
             {
                 type: "password",
-                name: "slackBotToken",
-                message: "Slack Bot Token (xoxb-...)?",
-                validate: (input) => {
-                    if (!input || !input.startsWith("xoxb-")) {
-                        return "Please enter a valid Slack bot token starting with xoxb-";
-                    }
-                    return true;
-                },
+                name: "signingSecret",
+                message: "Slack signing secret:",
+                mask: "*",
             },
         ]);
+        if (slackAnswers.botToken) {
+            connectionConfig.botToken = "$SLACK_BOT_TOKEN";
+            connectionSecrets.push({
+                envVar: "SLACK_BOT_TOKEN",
+                value: slackAnswers.botToken,
+            });
+        }
+        if (slackAnswers.signingSecret) {
+            connectionConfig.signingSecret = "$SLACK_SIGNING_SECRET";
+            connectionSecrets.push({
+                envVar: "SLACK_SIGNING_SECRET",
+                value: slackAnswers.signingSecret,
+            });
+        }
     }
-    const { aiKeyStrategy } = await inquirer.prompt([
-        {
-            type: "list",
-            name: "aiKeyStrategy",
-            message: "How should teammates access Claude/OpenAI?",
-            choices: [
-                {
-                    name: "Each user brings their subscriptions",
-                    value: "user-provided",
-                },
-                {
-                    name: "Provide shared keys now so the bot works out of the box",
-                    value: "shared",
-                },
-            ],
-            default: "user-provided",
-        },
-    ]);
-    let anthropicApiKey = "";
-    if (aiKeyStrategy === "shared") {
-        const { sharedAnthropicApiKey } = await inquirer.prompt([
+    else if (platformType === "discord") {
+        const { botToken } = await inquirer.prompt([
             {
                 type: "password",
-                name: "sharedAnthropicApiKey",
-                message: "Shared Anthropic (Claude) API Key (sk-ant-...)?",
+                name: "botToken",
+                message: "Discord bot token:",
+                mask: "*",
             },
         ]);
-        anthropicApiKey = sharedAnthropicApiKey;
-    }
-    if (anthropicApiKey === "") {
-        const authHint = selectedPlatforms.includes("slack")
-            ? "teammates authorize Claude/OpenAI from the Slack Home tab on first use"
-            : "users authorize Claude/OpenAI on first use";
-        console.log(chalk.dim(`\nℹ With no shared API key, ${authHint}.\n`));
+        if (botToken) {
+            connectionConfig.botToken = "$DISCORD_BOT_TOKEN";
+            connectionSecrets.push({
+                envVar: "DISCORD_BOT_TOKEN",
+                value: botToken,
+            });
+        }
     }
-    // Worker network access configuration
-    const { networkAccessMode } = await inquirer.prompt([
+    // Settings page OAuth login (optional)
+    const { oauthIssuer } = await inquirer.prompt([
         {
-            type: "list",
-            name: "networkAccessMode",
-            message: "Configure worker internet access:",
-            choices: [
-                {
-                    name: "🔒 Filtered access (recommended) - Allow only specific domains",
-                    value: "filtered",
-                },
-                {
-                    name: "🚫 Complete isolation - No internet access",
-                    value: "isolated",
-                },
-                {
-                    name: "🌐 Unrestricted access - Full internet (not recommended)",
-                    value: "unrestricted",
-                },
-            ],
-            default: "filtered",
+            type: "input",
+            name: "oauthIssuer",
+            message: "Settings page OAuth issuer URL (leave empty to skip):",
+            default: "",
         },
     ]);
-    let allowedDomains = "";
-    let disallowedDomains = "";
-    const defaultDomains = [
-        "registry.npmjs.org",
-        ".npmjs.org",
-        "github.com",
-        ".github.com",
-        ".githubusercontent.com",
-        "cdn.jsdelivr.net",
-        "unpkg.com",
-        "pypi.org",
-        "files.pythonhosted.org",
-    ].join(",");
-    if (networkAccessMode === "filtered") {
-        const { customizeDomains } = await inquirer.prompt([
+    const oauthSecrets = [];
+    if (oauthIssuer) {
+        const oauthAnswers = await inquirer.prompt([
             {
-                type: "confirm",
-                name: "customizeDomains",
-                message: "Use default allowed domains? (Claude API, npm, GitHub, PyPI, CDNs)",
-                default: true,
+                type: "input",
+                name: "clientId",
+                message: "OAuth client ID (leave empty for dynamic registration):",
+                default: "",
             },
-        ]);
-        if (!customizeDomains) {
-            const { allowedDomainsInput } = await inquirer.prompt([
-                {
-                    type: "input",
-                    name: "allowedDomainsInput",
-                    message: "Enter comma-separated allowed domains:",
-                    default: defaultDomains,
-                    validate: (input) => {
-                        if (!input || input.trim().length === 0) {
-                            return "At least one domain is required for filtered mode";
-                        }
-                        return true;
-                    },
-                },
-            ]);
-            allowedDomains = allowedDomainsInput;
-        }
-        else {
-            allowedDomains = defaultDomains;
-        }
-        const { addDisallowedDomains } = await inquirer.prompt([
             {
-                type: "confirm",
-                name: "addDisallowedDomains",
-                message: "Add disallowed domains? (Optional - blocks specific domains within allowed patterns)",
-                default: false,
+                type: "password",
+                name: "clientSecret",
+                message: "OAuth client secret (leave empty if public client):",
+                mask: "*",
+                default: "",
             },
         ]);
-        if (addDisallowedDomains) {
-            const { disallowedDomainsInput } = await inquirer.prompt([
-                {
-                    type: "input",
-                    name: "disallowedDomainsInput",
-                    message: "Enter comma-separated disallowed domains:",
-                },
-            ]);
-            disallowedDomains = disallowedDomainsInput;
+        oauthSecrets.push({
+            envVar: "SETTINGS_OAUTH_ISSUER_URL",
+            value: oauthIssuer,
+        });
+        if (oauthAnswers.clientId) {
+            oauthSecrets.push({
+                envVar: "SETTINGS_OAUTH_CLIENT_ID",
+                value: oauthAnswers.clientId,
+            });
+        }
+        if (oauthAnswers.clientSecret) {
+            oauthSecrets.push({
+                envVar: "SETTINGS_OAUTH_CLIENT_SECRET",
+                value: oauthAnswers.clientSecret,
+            });
         }
     }
-    else if (networkAccessMode === "unrestricted") {
+    // Compute network domains from selected policy
+    let allowedDomains;
+    let disallowedDomains;
+    if (networkPolicy === "open") {
         allowedDomains = "*";
-        const { addDisallowedDomains } = await inquirer.prompt([
-            {
-                type: "confirm",
-                name: "addDisallowedDomains",
-                message: "Block any specific domains? (Optional)",
-                default: false,
-            },
-        ]);
-        if (addDisallowedDomains) {
-            const { disallowedDomainsInput } = await inquirer.prompt([
-                {
-                    type: "input",
-                    name: "disallowedDomainsInput",
-                    message: "Enter comma-separated domains to block:",
-                },
-            ]);
-            disallowedDomains = disallowedDomainsInput;
-        }
+        disallowedDomains = "";
+    }
+    else if (networkPolicy === "isolated") {
+        allowedDomains = "";
+        disallowedDomains = "";
+    }
+    else {
+        // restricted (default)
+        allowedDomains = [
+            "registry.npmjs.org",
+            ".npmjs.org",
+            "github.com",
+            ".github.com",
+            ".githubusercontent.com",
+            "cdn.jsdelivr.net",
+            "unpkg.com",
+            "pypi.org",
+            "files.pythonhosted.org",
+        ].join(",");
+        disallowedDomains = "";
     }
-    // else isolated mode: leave both empty
-    // Generate encryption key for credentials
     const encryptionKey = randomBytes(32).toString("hex");
     const answers = {
         ...baseAnswers,
-        ...credentialAnswers,
-        anthropicApiKey,
-        publicUrl,
+        deploymentMode: deploymentMode,
         encryptionKey,
-        selectedMcpServers,
-        selectedPlatforms,
-        telegramBotToken,
-        telegramAllowFrom,
         allowedDomains,
         disallowedDomains,
     };
@@ -568,95 +342,78 @@ export async function initCommand(cwd = process.cwd(), projectNameArg) {
     const composeFilename = "docker-compose.yml";
     const spinner = ora("Creating Lobu project...").start();
     try {
-        // Create .lobu directory in project directory
-        const lobuDir = join(projectDir, ".lobu");
-        await mkdir(lobuDir, { recursive: true });
-        // Generate MCP config if servers were selected
-        if (answers.selectedMcpServers.length > 0) {
-            const mcpConfig = {
-                mcpServers: {},
-            };
-            for (const server of answers.selectedMcpServers) {
-                // Clone the config and replace PUBLIC_URL placeholder
-                const serverConfig = JSON.parse(JSON.stringify(server.config)
-                    .replace(/\{PUBLIC_URL\}/g, answers.publicUrl || "http://localhost:8080")
-                    .replace(/\$\{([A-Z_]+)\}/g, (match, varName) => {
-                    // Keep env: prefix for secrets, remove for client IDs
-                    if (match.includes("env:")) {
-                        return match;
-                    }
-                    return `\${${varName}}`; // Will be replaced with instructions
-                }));
-                mcpConfig.mcpServers[server.id] = serverConfig;
-            }
-            await writeFile(join(lobuDir, "mcp.config.json"), JSON.stringify(mcpConfig, null, 2));
-        }
+        // Create .lobu and data directories in project directory
+        await mkdir(join(projectDir, ".lobu"), { recursive: true });
+        await mkdir(join(projectDir, "data"), { recursive: true });
         // Generate lobu.toml
         await generateLobuToml(projectDir, {
             agentName: projectName,
-            platforms: answers.selectedPlatforms,
-            mcpServers: answers.selectedMcpServers,
             allowedDomains: answers.allowedDomains,
+            providerId: providerId || undefined,
+            providerEnvVar: selectedProvider?.providers?.[0]?.envVarName,
+            providerModel: selectedProvider?.providers?.[0]?.defaultModel,
+            connectionType: platformType || undefined,
+            connectionConfig: Object.keys(connectionConfig).length > 0 ? connectionConfig : undefined,
+            skillIds: selectedSkillIds,
         });
         const variables = {
             PROJECT_NAME: projectName,
             CLI_VERSION: cliVersion,
-            SLACK_SIGNING_SECRET: answers.slackSigningSecret,
-            SLACK_BOT_TOKEN: answers.slackBotToken,
-            SLACK_APP_TOKEN: answers.slackAppToken,
-            TELEGRAM_ENABLED: answers.selectedPlatforms.includes("telegram")
-                ? "true"
-                : "false",
-            TELEGRAM_BOT_TOKEN: answers.telegramBotToken,
-            TELEGRAM_ALLOW_FROM: answers.telegramAllowFrom,
+            DEPLOYMENT_MODE: answers.deploymentMode,
+            ADMIN_PASSWORD: adminPassword,
             ENCRYPTION_KEY: answers.encryptionKey,
-            ANTHROPIC_API_KEY: answers.anthropicApiKey || "",
-            PUBLIC_GATEWAY_URL: answers.publicUrl || "http://localhost:8080",
-            GATEWAY_PORT: "8080",
+            GATEWAY_PORT: gatewayPort,
             WORKER_ALLOWED_DOMAINS: answers.allowedDomains,
             WORKER_DISALLOWED_DOMAINS: answers.disallowedDomains,
         };
         // Create .env file
         await renderTemplate(".env.tmpl", variables, join(projectDir, ".env"));
-        // Append MCP environment variables if any were selected
-        if (answers.selectedMcpServers.length > 0) {
-            const requiredEnvVars = getRequiredEnvVars(answers.selectedMcpServers);
-            if (requiredEnvVars.length > 0) {
-                let mcpEnvContent = "\n# MCP Server Credentials\n";
-                mcpEnvContent +=
-                    "# Add your OAuth client secrets and API keys below:\n";
-                for (const varName of requiredEnvVars) {
-                    mcpEnvContent += `${varName}=your_${varName.toLowerCase()}_here\n`;
-                }
-                const envPath = join(projectDir, ".env");
-                const currentContent = await readFile(envPath, "utf-8");
-                await writeFile(envPath, currentContent + mcpEnvContent);
-            }
+        // Save public gateway URL if explicitly set
+        if (publicGatewayUrl) {
+            await secretsSetCommand(projectDir, "PUBLIC_GATEWAY_URL", publicGatewayUrl);
+        }
+        // Save provider API key to .env
+        if (providerApiKey && selectedProvider?.providers?.[0]?.envVarName) {
+            await secretsSetCommand(projectDir, selectedProvider.providers[0].envVarName, providerApiKey);
+        }
+        // Save connection secrets to .env
+        for (const secret of connectionSecrets) {
+            await secretsSetCommand(projectDir, secret.envVar, secret.value);
+        }
+        // Save OAuth secrets to .env
+        for (const secret of oauthSecrets) {
+            await secretsSetCommand(projectDir, secret.envVar, secret.value);
         }
         // Create .gitignore
         await renderTemplate(".gitignore.tmpl", {}, join(projectDir, ".gitignore"));
         // Create README
         await renderTemplate("README.md.tmpl", variables, join(projectDir, "README.md"));
-        // Create agent instruction files
-        await writeFile(join(projectDir, "IDENTITY.md"), `# Identity\n\nYou are ${projectName}, a helpful AI assistant.\n`);
-        await writeFile(join(projectDir, "SOUL.md"), `# Instructions\n\nBe concise and helpful. Ask clarifying questions when the request is ambiguous.\n`);
-        await writeFile(join(projectDir, "USER.md"), `# User Context\n\n<!-- Add user-specific preferences, timezone, environment details here -->\n`);
-        // Create skills directory for custom skills
+        // Create agent directory with instruction files
+        const agentDir = join(projectDir, "agents", projectName);
+        await mkdir(agentDir, { recursive: true });
+        await writeFile(join(agentDir, "IDENTITY.md"), `# Identity\n\nYou are ${projectName}, a helpful AI assistant.\n`);
+        await writeFile(join(agentDir, "SOUL.md"), `# Instructions\n\nBe concise and helpful. Ask clarifying questions when the request is ambiguous.\n`);
+        await writeFile(join(agentDir, "USER.md"), `# User Context\n\n<!-- Add user-specific preferences, timezone, environment details here -->\n`);
+        // Create agent-specific skills directory
+        await mkdir(join(agentDir, "skills"), { recursive: true });
+        await writeFile(join(agentDir, "skills", ".gitkeep"), "");
+        // Create shared skills directory
         await mkdir(join(projectDir, "skills"), { recursive: true });
         await writeFile(join(projectDir, "skills", ".gitkeep"), "");
         // Create AGENTS.md
         await renderTemplate("AGENTS.md.tmpl", variables, join(projectDir, "AGENTS.md"));
         // Create TESTING.md
         await renderTemplate("TESTING.md.tmpl", variables, join(projectDir, "TESTING.md"));
-        // Create Dockerfile.worker
-        await renderTemplate("Dockerfile.worker.tmpl", variables, join(projectDir, "Dockerfile.worker"));
-        // Generate docker-compose.yml (always includes network isolation infrastructure)
+        if (answers.deploymentMode === "docker") {
+            // Create Dockerfile.worker for docker mode
+            await renderTemplate("Dockerfile.worker.tmpl", variables, join(projectDir, "Dockerfile.worker"));
+        }
+        // Always generate docker-compose.yml (Redis is needed for all modes)
         const composeContent = generateDockerCompose({
             projectName,
-            gatewayPort: "8080",
+            gatewayPort,
             dockerfilePath: "./Dockerfile.worker",
-            hasMcpServers: answers.selectedMcpServers.length > 0,
-            platforms: answers.selectedPlatforms,
+            deploymentMode: answers.deploymentMode,
         });
         await writeFile(join(projectDir, composeFilename), composeContent);
         spinner.succeed("Project created successfully!");
@@ -666,62 +423,24 @@ export async function initCommand(cwd = process.cwd(), projectNameArg) {
         console.log(chalk.cyan("  1. Navigate to your project:"));
         console.log(chalk.dim(`     cd ${projectName}\n`));
         console.log(chalk.cyan("  2. Review your configuration:"));
-        console.log(chalk.dim("     - lobu.toml          (providers, skills, network)"));
-        console.log(chalk.dim("     - IDENTITY.md        (who the agent is)"));
-        console.log(chalk.dim("     - SOUL.md            (behavior rules)"));
-        console.log(chalk.dim("     - USER.md            (user-specific context)"));
-        console.log(chalk.dim("     - skills/            (custom skills — auto-discovered)"));
-        console.log(chalk.dim("     - .env               (secrets)"));
+        console.log(chalk.dim("     - lobu.toml                    (agents, providers, skills, network)"));
+        console.log(chalk.dim(`     - agents/${projectName}/   (IDENTITY.md, SOUL.md, USER.md, skills/)`));
+        console.log(chalk.dim("     - skills/                      (shared skills — all agents)"));
+        console.log(chalk.dim("     - .env                         (secrets)"));
         console.log(chalk.dim(`     - ${composeFilename}`));
-        console.log(chalk.dim("     - Dockerfile.worker"));
-        if (answers.selectedMcpServers.length > 0) {
-            console.log(chalk.dim("     - .lobu/mcp.config.json"));
+        if (answers.deploymentMode === "docker") {
+            console.log(chalk.dim("     - Dockerfile.worker"));
         }
         console.log();
-        // MCP Setup instructions
-        if (answers.selectedMcpServers.length > 0) {
-            const oauthServers = answers.selectedMcpServers.filter((s) => s.type === "oauth");
-            const apiKeyServers = answers.selectedMcpServers.filter((s) => s.type === "api-key");
-            if (oauthServers.length > 0 || apiKeyServers.length > 0) {
-                console.log(chalk.cyan("  3. Configure MCP servers:"));
-                if (oauthServers.length > 0) {
-                    console.log(chalk.yellow("\n     OAuth-based MCP servers:"));
-                    for (const server of oauthServers) {
-                        console.log(chalk.dim(`     - ${server.name}:`));
-                        const instructions = server.setupInstructions
-                            ?.replace(/\{PUBLIC_URL\}/g, answers.publicUrl || "http://localhost:8080")
-                            .split("\n")
-                            .filter((line) => line.trim())
-                            .map((line) => `       ${line}`)
-                            .join("\n");
-                        if (instructions) {
-                            console.log(chalk.dim(instructions));
-                        }
-                    }
-                }
-                if (apiKeyServers.length > 0) {
-                    console.log(chalk.yellow("\n     API Key-based MCP servers:"));
-                    for (const server of apiKeyServers) {
-                        console.log(chalk.dim(`     - ${server.name}: Add API key to .env file`));
-                    }
-                }
-                console.log(chalk.cyan("\n  4. Start the services:"));
-            }
-            else {
-                console.log(chalk.cyan("  3. Start the services:"));
-            }
-        }
-        else {
-            console.log(chalk.cyan("  3. Start the services:"));
-        }
-        console.log(chalk.dim(`     docker compose -f ${composeFilename} up -d\n`));
-        console.log(chalk.cyan(`  ${answers.selectedMcpServers.length > 0 ? "5" : "4"}. View logs:`));
-        console.log(chalk.dim(`     docker compose -f ${composeFilename} logs -f\n`));
-        console.log(chalk.cyan(`  ${answers.selectedMcpServers.length > 0 ? "6" : "5"}. Stop the services:`));
-        console.log(chalk.dim(`     docker compose -f ${composeFilename} down\n`));
-        console.log(chalk.yellow("ℹ When you modify Dockerfile.worker or context files, rebuild the worker image:\n"));
-        console.log(chalk.dim(`  docker compose -f ${composeFilename} build worker\n`));
-        console.log(chalk.dim("  The gateway will automatically pick up the latest worker image.\n"));
+        const gatewayUrl = `http://localhost:${gatewayPort}`;
+        console.log(chalk.cyan("  3. Start the services:"));
+        console.log(chalk.dim("     lobu dev -d\n"));
+        console.log(chalk.cyan("  4. Open the admin page:"));
+        console.log(chalk.dim(`     ${gatewayUrl}/agents\n`));
+        console.log(chalk.cyan("  5. View logs:"));
+        console.log(chalk.dim("     docker compose logs -f\n"));
+        console.log(chalk.cyan("  6. Stop the services:"));
+        console.log(chalk.dim("     docker compose down\n"));
     }
     catch (error) {
         spinner.fail("Failed to create project");
@@ -729,82 +448,55 @@ export async function initCommand(cwd = process.cwd(), projectNameArg) {
     }
 }
 async function generateLobuToml(projectDir, options) {
+    const id = options.agentName;
     const lines = [
         "# lobu.toml — Agent configuration",
         "# Docs: https://lobu.ai/docs/getting-started",
         "#",
-        "# Agent identity lives in markdown files:",
-        "#   IDENTITY.md  — Who the agent is",
-        "#   SOUL.md      — Behavior rules & instructions",
-        "#   USER.md      — User-specific context",
-        "#   skills/*.md  — Custom capabilities (auto-discovered)",
+        "# Each [agents.{id}] defines an agent. The dir field points to a directory",
+        "# containing IDENTITY.md, SOUL.md, USER.md, and optionally skills/.",
+        "# Shared skills in the root skills/ directory are available to all agents.",
         "",
-        "[agent]",
-        `name = "${options.agentName}"`,
+        `[agents.${id}]`,
+        `name = "${id}"`,
         `description = ""`,
+        `dir = "./agents/${id}"`,
         "",
-        "# LLM providers (order = priority)",
-        "[[providers]]",
-        'id = "groq"',
-        'model = "llama-3.3-70b-versatile"',
-        "",
-        "# Skills from the registry",
-        "[skills]",
-        'enabled = ["github"]',
+        "# LLM providers (order = priority, key = API key or $ENV_VAR)",
     ];
-    // Custom MCP servers
-    const customMcps = options.mcpServers.filter((s) => s.type === "none" || s.type === "command");
-    if (customMcps.length > 0) {
-        lines.push("");
-        for (const mcp of customMcps) {
-            if (mcp.config?.url) {
-                lines.push(`[skills.mcp.${mcp.id}]`);
-                lines.push(`url = "${mcp.config.url}"`);
-            }
+    if (options.providerId && options.providerEnvVar) {
+        lines.push(`[[agents.${id}.providers]]`, `id = "${options.providerId}"`, ...(options.providerModel ? [`model = "${options.providerModel}"`] : []), `key = "$${options.providerEnvVar}"`);
+    }
+    else {
+        lines.push("# Add providers via the admin page or uncomment below:", `# [[agents.${id}.providers]]`, '# id = "anthropic"', '# key = "$ANTHROPIC_API_KEY"');
+    }
+    lines.push("");
+    if (options.connectionType && options.connectionConfig) {
+        lines.push(`[[agents.${id}.connections]]`, `type = "${options.connectionType}"`);
+        lines.push(`[agents.${id}.connections.config]`);
+        for (const [key, value] of Object.entries(options.connectionConfig)) {
+            lines.push(`${key} = "${value}"`);
         }
     }
+    else {
+        lines.push("# Messaging platform (add via admin page or uncomment below):", `# [[agents.${id}.connections]]`, '# type = "telegram"', `# [agents.${id}.connections.config]`, '# botToken = "$TELEGRAM_BOT_TOKEN"');
+    }
+    lines.push("", "# Skills from the registry", `[agents.${id}.skills]`, `enabled = [${(options.skillIds ?? []).map((s) => `"${s}"`).join(", ")}]`, "", "# MCP servers (add custom tool servers with optional OAuth):", `# [agents.${id}.skills.mcp.my-mcp]`, '# url = "https://my-mcp.example.com"', `# [agents.${id}.skills.mcp.my-mcp.oauth]`, '# auth_url = "https://auth.example.com/authorize"', '# token_url = "https://auth.example.com/token"', '# client_id = "$MY_MCP_CLIENT_ID"');
     // Network
+    lines.push("", `[agents.${id}.network]`);
     if (options.allowedDomains) {
         const domains = options.allowedDomains
             .split(",")
             .map((d) => `"${d.trim()}"`)
             .join(", ");
-        lines.push("", "[network]", `allowed = [${domains}]`);
-    }
-    // Platforms
-    const platformLines = [];
-    if (options.platforms.includes("telegram")) {
-        platformLines.push("telegram = true");
-    }
-    if (options.platforms.includes("slack")) {
-        platformLines.push("slack = true");
+        lines.push(`allowed = [${domains}]`);
     }
-    if (options.platforms.includes("api")) {
-        platformLines.push("api = true");
-    }
-    if (platformLines.length > 0) {
-        lines.push("", "[platforms]");
-        lines.push(...platformLines);
+    else {
+        lines.push("allowed = []");
     }
     lines.push(""); // trailing newline
     await writeFile(join(projectDir, "lobu.toml"), lines.join("\n"));
 }
-async function getSlackManifestUrl() {
-    const manifestYaml = await loadSlackManifestYaml();
-    const encodedManifest = encodeURIComponent(manifestYaml);
-    return `https://api.slack.com/apps?new_app=1&manifest_yaml=${encodedManifest}`;
-}
-async function loadSlackManifestYaml() {
-    try {
-        const manifestUrl = new URL("../../../../slack-app-manifest.json", import.meta.url);
-        const manifestContent = await readFile(manifestUrl, "utf-8");
-        const manifest = JSON.parse(manifestContent);
-        return YAML.stringify(manifest).trim();
-    }
-    catch {
-        return YAML.stringify(DEFAULT_SLACK_MANIFEST).trim();
-    }
-}
 async function getCliVersion() {
     const pkgPath = new URL("../../package.json", import.meta.url);
     const pkgContent = await readFile(pkgPath, "utf-8");
@@ -812,41 +504,33 @@ async function getCliVersion() {
     return pkg.version || "0.1.0";
 }
 function generateDockerCompose(options) {
-    const { projectName, gatewayPort, hasMcpServers, platforms } = options;
-    const workerImage = `ghcr.io/lobu-ai/lobu-worker-base:latest`;
+    const { projectName, gatewayPort, deploymentMode } = options;
     const gatewayImage = `ghcr.io/lobu-ai/lobu-gateway:latest`;
-    const mcpConfigMount = hasMcpServers
-        ? `
-      - ./.lobu/mcp.config.json:/app/.lobu/mcp.config.json:ro`
-        : "";
-    const mcpEnvVars = hasMcpServers
+    const workerImage = `ghcr.io/lobu-ai/lobu-worker-base:latest`;
+    const dockerSocketMount = deploymentMode === "docker"
         ? `
-      MCP_CONFIG_URL: file:///app/.lobu/mcp.config.json
-      ENCRYPTION_KEY: \${ENCRYPTION_KEY}`
+      - /var/run/docker.sock:/var/run/docker.sock`
         : "";
-    const telegramEnvVars = platforms.includes("telegram")
+    const workerImageEnv = deploymentMode === "docker"
         ? `
-      TELEGRAM_ENABLED: \${TELEGRAM_ENABLED:-false}
-      TELEGRAM_BOT_TOKEN: \${TELEGRAM_BOT_TOKEN:-}
-      TELEGRAM_ALLOW_FROM: \${TELEGRAM_ALLOW_FROM:-}`
+      WORKER_IMAGE: ${workerImage}`
         : "";
-    const slackEnvVars = platforms.includes("slack")
+    const proxyPort = deploymentMode === "docker"
         ? `
-      SLACK_BOT_TOKEN: \${SLACK_BOT_TOKEN}
-      SLACK_APP_TOKEN: \${SLACK_APP_TOKEN}
-      SLACK_SIGNING_SECRET: \${SLACK_SIGNING_SECRET}`
+      - "127.0.0.1:8118:8118" # HTTP proxy for workers`
         : "";
     return `# Generated by @lobu/cli
-# You can modify this file as needed
+# Deployment mode: ${deploymentMode}
 name: ${projectName}
 services:
   redis:
     image: redis:7-alpine
-    command: redis-server --maxmemory 256mb --maxmemory-policy allkeys-lru --save 60 1 --dir /data
+    command: redis-server --maxmemory 256mb --maxmemory-policy noeviction --save 60 1 --dir /data
+    working_dir: /tmp
     volumes:
-      - redis_data:/data
+      - ./data:/data
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
       interval: 10s
@@ -858,48 +542,39 @@ services:
   gateway:
     image: ${gatewayImage}
+    pull_policy: always
     ports:
-      - "${gatewayPort}:8080"
-      - "8118:8118" # HTTP proxy for workers
+      - "127.0.0.1:\${GATEWAY_PORT:-${gatewayPort}}:8080"${proxyPort}
     environment:
-      DEPLOYMENT_MODE: docker
-      WORKER_IMAGE: ${workerImage}
-      QUEUE_URL: redis://redis:6379/0${slackEnvVars}${telegramEnvVars}
+      DEPLOYMENT_MODE: ${deploymentMode}${workerImageEnv}
+      QUEUE_URL: redis://redis:6379/0
       PUBLIC_GATEWAY_URL: \${PUBLIC_GATEWAY_URL:-}
       NODE_ENV: production
-      ANTHROPIC_API_KEY: \${ANTHROPIC_API_KEY:-}
-      COMPOSE_PROJECT_NAME: ${projectName}${mcpEnvVars}
-      # Worker network access control
-      # Empty/unset: Complete isolation (deny all)
-      # WORKER_ALLOWED_DOMAINS=*: Unrestricted access
-      # WORKER_ALLOWED_DOMAINS=domains: Allowlist mode
+      COMPOSE_PROJECT_NAME: ${projectName}
+      ADMIN_PASSWORD: \${ADMIN_PASSWORD}
+      ENCRYPTION_KEY: \${ENCRYPTION_KEY}
       WORKER_ALLOWED_DOMAINS: \${WORKER_ALLOWED_DOMAINS:-}
       WORKER_DISALLOWED_DOMAINS: \${WORKER_DISALLOWED_DOMAINS:-}
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock${mcpConfigMount}
-      - env_storage:/app/.lobu/env
+      SETTINGS_OAUTH_ISSUER_URL: \${SETTINGS_OAUTH_ISSUER_URL:-}
+      SETTINGS_OAUTH_CLIENT_ID: \${SETTINGS_OAUTH_CLIENT_ID:-}
+      SETTINGS_OAUTH_CLIENT_SECRET: \${SETTINGS_OAUTH_CLIENT_SECRET:-}
+    volumes:${dockerSocketMount}
+      - ./.lobu:/app/.lobu
     networks:
-      - lobu-public   # Internet access
-      - lobu-internal # Internal services (redis, workers)
+      - lobu-public
+      - lobu-internal
     depends_on:
       redis:
         condition: service_healthy
     restart: unless-stopped
 networks:
-  # Public network with internet access (gateway only)
   lobu-public:
     driver: bridge
-  # Internal network - no direct internet access
-  # Workers use this network and can only reach internet via gateway's proxy
   lobu-internal:
     internal: true
     driver: bridge
-volumes:
-  redis_data:
-  env_storage:
 `;
 }
 //# sourceMappingURL=init.js.map