@simonyea/holysheep-cli 2.1.38 → 2.1.41

package/src/commands/webui.js

@@ -1,622 +0,0 @@
-/**
- * hs web — 启动 WebUI 本地管理面板
- *
- * 2.1.0 开始：`hs web` 默认直接启动 **真 AionUi v1.9.18 源码 fork 的 server**
- * (`dist-server/server.mjs`)，登录改成 HolySheep API Key（源码级改造，不是
- * proxy wrapper 也不是外壳）。用户看到的就是 AionUi 自己的 UI。
- *
- * Modes:
- *   <default>                      → AionUi fork + HolySheep API Key login
- *   HOLYSHEEP_WEBUI_LEGACY=1       → 旧 HolySheep Workspace 页面 (fallback)
- *   --aionui                       → 强制走 AionUi 路径（即使 runtime 缺失也不退回）
- */
-'use strict'
-
-const chalk = require('chalk')
-const { execSync, spawn } = require('child_process')
-const fs = require('fs')
-const path = require('path')
-const http = require('http')
-
-function isLegacy(opts) {
-  return process.env.HOLYSHEEP_WEBUI_LEGACY === '1'
-}
-
-// ── Bun resolution ───────────────────────────────────────────────────────────
-function homeBunCandidate() {
-  // bun's official installer always drops the binary at:
-  //   Windows: %USERPROFILE%\.bun\bin\bun.exe
-  //   Unix:    $HOME/.bun/bin/bun
-  // This fallback covers the very common "user just installed bun but hasn't
-  // reopened the terminal, so PATH doesn't see it yet" case.
-  const home = process.env.HOME || process.env.USERPROFILE || require('os').homedir()
-  if (!home) return null
-  const name = process.platform === 'win32' ? 'bun.exe' : 'bun'
-  return path.join(home, '.bun', 'bin', name)
-}
-
-function resolveBunPath() {
-  // 1. Dev: use bundled bun if present (darwin-arm64 only in 2.0.x)
-  const bundledBun = path.join(__dirname, '..', 'webui', 'vendor', 'bun-darwin-arm64')
-  if (process.platform === 'darwin' && process.arch === 'arm64' && fs.existsSync(bundledBun)) {
-    return bundledBun
-  }
-  // 2. Env override
-  if (process.env.BUN && fs.existsSync(process.env.BUN)) return process.env.BUN
-  // 3. System bun — platform-correct lookup command
-  const isWindows = process.platform === 'win32'
-  try {
-    // `where.exe bun` on Windows prints one line per match; pick the first.
-    // `which bun` on Unix prints exactly one line (or fails with exit !=0).
-    const cmd = isWindows ? 'where.exe bun' : 'which bun'
-    const raw = execSync(cmd, {
-      stdio: ['ignore', 'pipe', 'ignore'],
-      encoding: 'utf8',
-      timeout: 3000,
-    })
-    // Windows emits CRLF and may list multiple paths — take the first existing one.
-    const candidates = raw.split(/\r?\n/).map((s) => s.trim()).filter(Boolean)
-    for (const p of candidates) {
-      if (fs.existsSync(p)) return p
-    }
-  } catch {}
-  // 4. ~/.bun/bin fallback — bun installer's canonical location. Catches the
-  // "installed bun, didn't reopen terminal" scenario that previously forced
-  // users to fallback to legacy workspace on first `hs web`.
-  const homeBun = homeBunCandidate()
-  if (homeBun && fs.existsSync(homeBun)) return homeBun
-  // 5. No bun found. AionUi's dist-server/server.mjs uses `bun:` URL scheme
-  // imports (verified 2026-04-21: node 25 throws ERR_UNSUPPORTED_ESM_URL_SCHEME
-  // immediately), so bun is a hard runtime dep. Caller can auto-install.
-  return null
-}
-
-function describeBunInstall() {
-  if (process.platform === 'win32') {
-    return 'powershell -c "irm bun.sh/install.ps1 | iex"'
-  }
-  return 'curl -fsSL https://bun.sh/install | bash'
-}
-
-// Auto-install bun using the official bun.sh installer. Returns the newly
-// resolved bun path on success, or null on any failure (caller falls back).
-// Controlled by HOLYSHEEP_WEBUI_NO_AUTOFETCH_BUN=1 (opt-out).
-function autoInstallBun(logger) {
-  const isWindows = process.platform === 'win32'
-  // Both installers are official bun.sh first-party scripts. We log the URL
-  // explicitly so the user knows what's running.
-  const cmd = isWindows
-    ? 'powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "irm https://bun.sh/install.ps1 | iex"'
-    : 'bash -c "curl -fsSL https://bun.sh/install | bash"'
-  logger(`[auto-install-bun] platform=${process.platform} command=${cmd}`)
-  logger('  Fetching official bun installer from https://bun.sh — this takes ~30s')
-  try {
-    execSync(cmd, {
-      stdio: 'inherit',
-      timeout: 180_000,
-      // Keep env minimal — don't leak weird node_options into the installer
-      env: { ...process.env, NODE_OPTIONS: '' },
-    })
-  } catch (e) {
-    logger(`[auto-install-bun] failed: ${e.message || e}`)
-    return null
-  }
-  // Re-resolve — the installer drops bun at ~/.bun/bin/bun[.exe], which our
-  // resolveBunPath() fallback (step 4) picks up without needing a shell reload.
-  const p = resolveBunPath()
-  if (!p) {
-    logger('[auto-install-bun] installer finished but bun still not found at ~/.bun/bin — aborting')
-    return null
-  }
-  logger(`[auto-install-bun] success → ${p}`)
-  return p
-}
-
-// ── Runtime resolution ───────────────────────────────────────────────────────
-// This file used to have its own "does `server.mjs` exist?" resolver and
-// short-circuit before the fetcher was ever consulted. That's why earlier
-// releases' version-drift detection (added in `aionui-runtime-fetcher.js`)
-// never kicked in — we never called it. Now the single source of truth is
-// `resolveRuntime()` from the fetcher module, with stale detection + atomic
-// upgrade baked in. We just call it twice:
-//   * Once synchronously-shaped (allowDownload:false) for the "[mode=…]"
-//     status line so we don't incur a network hit just to print a label.
-//   * Once with allowDownload:true inside startAionUiMode, where we're
-//     willing to pay the ~20MB download to get a fresh runtime.
-async function resolveAionUiRuntime({ allowDownload, logger = () => {} } = {}) {
-  const { resolveRuntime } = require('../webui/aionui-runtime-fetcher')
-  return resolveRuntime({ allowDownload: !!allowDownload, logger })
-}
-
-// Cheap probe for the status line. No download, never blocks.
-function probeAionUiRuntimeLabel() {
-  try {
-    const {
-      USER_CACHE_DIR,
-      VENDOR_DIR,
-      isValidRuntimeDir,
-      isVersionCurrent,
-    } = require('../webui/aionui-runtime-fetcher')
-
-    // aionui-fork/ label only appears when dev opted-in via HOLYSHEEP_DEV=1 —
-    // must match the resolver gating in aionui-runtime-fetcher.js, otherwise
-    // the status line would lie ("runtime=aionui-fork" when the actual resolver
-    // is about to return user-cache).
-    if (process.env.HOLYSHEEP_DEV === '1') {
-      const forkDir = path.resolve(__dirname, '..', '..', 'aionui-fork')
-      if (isValidRuntimeDir(forkDir)) return 'dev-checkout'
-    }
-    if (isValidRuntimeDir(VENDOR_DIR)) return 'vendor'
-    if (isValidRuntimeDir(USER_CACHE_DIR)) {
-      return isVersionCurrent(USER_CACHE_DIR) ? 'installed' : 'installed-stale'
-    }
-  } catch {}
-  return 'none'
-}
-
-async function downloadAionUiRuntime(logger) {
-  // Fetcher has a baked-in default URL + SHA256 — no env var required.
-  // HOLYSHEEP_AIONUI_RUNTIME_URL still works as an override.
-  return resolveAionUiRuntime({ allowDownload: true, logger })
-}
-
-// ── HolySheep config → API key ───────────────────────────────────────────────
-function readHolySheepApiKey() {
-  try {
-    const { getApiKey } = require('../utils/config')
-    const key = getApiKey()
-    if (key && /^cr_/.test(key)) return key
-  } catch {}
-  return null
-}
-
-// ── HTTP utility: POST JSON with CSRF auto-bootstrap ─────────────────────────
-function httpRequest(options, body) {
-  return new Promise((resolve, reject) => {
-    const req = http.request(options, (res) => {
-      const chunks = []
-      res.on('data', (c) => chunks.push(c))
-      res.on('end', () => {
-        const buf = Buffer.concat(chunks)
-        resolve({ status: res.statusCode || 0, headers: res.headers, body: buf.toString('utf8') })
-      })
-    })
-    req.on('error', reject)
-    if (body) req.write(body)
-    req.end()
-  })
-}
-
-async function fetchCsrfToken(port) {
-  // AionUi sets csrf cookie on first GET /. We fetch / and read Set-Cookie.
-  const r = await httpRequest({ host: '127.0.0.1', port, path: '/', method: 'GET' })
-  const setCookie = r.headers['set-cookie'] || []
-  for (const sc of setCookie) {
-    const m = sc.match(/csrfToken=([^;]+);/)
-    if (m) return { csrfToken: m[1], allCookies: setCookie.map((s) => s.split(';')[0]).join('; ') }
-  }
-  return null
-}
-
-async function loginWithApiKey(port, apiKey) {
-  const csrf = await fetchCsrfToken(port)
-  if (!csrf) throw new Error('Failed to acquire CSRF token from HolySheep runtime')
-  const body = JSON.stringify({ apiKey, csrfToken: decodeURIComponent(csrf.csrfToken) })
-  const r = await httpRequest(
-    {
-      host: '127.0.0.1',
-      port,
-      path: '/login',
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Content-Length': Buffer.byteLength(body),
-        Cookie: csrf.allCookies,
-        'x-csrf-token': decodeURIComponent(csrf.csrfToken),
-      },
-    },
-    body
-  )
-  if (r.status !== 200) {
-    throw new Error(`/login returned ${r.status}: ${r.body.slice(0, 200)}`)
-  }
-  const setCookie = r.headers['set-cookie'] || []
-  // Return a Cookie header string the browser can be seeded with.
-  const cookieLine = setCookie.map((s) => s.split(';')[0]).join('; ')
-  return { cookieLine, body: JSON.parse(r.body) }
-}
-
-// ── Start patched AionUi server ──────────────────────────────────────────────
-// Timeout is generous for Windows first launch: Defender scans 41MB server.mjs,
-// bun JIT-compiles, AionUi initializes sqlite under ~/.aionui-home, and npm
-// may still pull the renderer. 60s is the realistic upper bound on a cold box.
-const AIONUI_STARTUP_TIMEOUT_MS = Number(process.env.HS_WEB_STARTUP_TIMEOUT_MS) || 60_000
-const AIONUI_LOG_TAIL_BYTES = 4096
-
-function spawnAionUiServer({ bunPath, runtimeDir, port }) {
-  return new Promise((resolve, reject) => {
-    const entry = path.join(runtimeDir, 'dist-server', 'server.mjs')
-    if (!fs.existsSync(entry)) {
-      return reject(new Error(`HolySheep runtime entry not found: ${entry}`))
-    }
-
-    // AionUi reads PORT / HOST / JWT_SECRET from env. We set a stable JWT secret
-    // derived from machine so cookies survive restarts of hs web within a session.
-    const child = spawn(bunPath, [entry], {
-      cwd: runtimeDir,
-      env: {
-        ...process.env,
-        PORT: String(port),
-        HOST: '127.0.0.1',
-        NODE_ENV: 'production',
-        // Let AionUi pick its own JWT secret; it'll persist under ~/.aionui-home
-      },
-      stdio: ['ignore', 'pipe', 'pipe'],
-    })
-
-    // ── Log capture ────────────────────────────────────────────────────────
-    // Always subscribe to stdout+stderr. In debug mode we ALSO print live; in
-    // normal mode we keep the last ~4KB in a ring buffer so that if startup
-    // fails (timeout OR exit-before-ready) we can surface the real error to
-    // the user instead of the previous silent "failed to start within 20s".
-    const debug = process.env.HS_WEB_DEBUG === '1'
-    let logTail = ''
-    const appendLog = (stream, chunk) => {
-      const s = Buffer.isBuffer(chunk) ? chunk.toString('utf8') : String(chunk)
-      logTail += s
-      if (logTail.length > AIONUI_LOG_TAIL_BYTES) {
-        logTail = logTail.slice(logTail.length - AIONUI_LOG_TAIL_BYTES)
-      }
-      if (debug) {
-        const target = stream === 'err' ? process.stderr : process.stdout
-        target.write(chalk.gray(`[holysheep] ${s}`))
-      }
-    }
-    child.stdout.on('data', (d) => appendLog('out', d))
-    child.stderr.on('data', (d) => appendLog('err', d))
-
-    // ── Progress + timeout ─────────────────────────────────────────────────
-    let settled = false
-    const startedAt = Date.now()
-    const onReady = () => {
-      if (!settled) {
-        settled = true
-        clearInterval(progressTick)
-        resolve(child)
-      }
-    }
-    const fail = (reason) => {
-      if (settled) return
-      settled = true
-      clearInterval(progressTick)
-      const tail = logTail.trim()
-      let msg = reason
-      if (tail) {
-        msg += `\n\n  --- last HolySheep runtime output (stderr+stdout tail) ---\n${tail
-          .split(/\r?\n/)
-          .map((line) => `  ${line}`)
-          .join('\n')}\n  ------------------------------------------------`
-      } else {
-        msg += '\n  (no output captured from HolySheep runtime — check ' +
-          (process.platform === 'win32' ? 'Windows Defender / antivirus quarantining bun.exe' : 'bun or runtime corruption') +
-          ')'
-      }
-      reject(new Error(msg))
-    }
-
-    // Progress log every 10s, so user knows we're not hung. On Windows first
-    // launch (Defender scanning bun + bun JIT + sqlite init), 30-50s is normal.
-    const progressTick = setInterval(() => {
-      if (settled) return
-      const waited = Math.round((Date.now() - startedAt) / 1000)
-      const hint = process.platform === 'win32'
-        ? ' (Windows first-launch can take up to 60s while Defender scans bun.exe + server.mjs)'
-        : ''
-      console.log(chalk.gray(`  still starting HolySheep runtime — waited ${waited}s…${hint}`))
-    }, 10_000)
-
-    const timer = setTimeout(() => {
-      fail(`HolySheep runtime failed to start within ${Math.round(AIONUI_STARTUP_TIMEOUT_MS / 1000)}s`)
-    }, AIONUI_STARTUP_TIMEOUT_MS)
-
-    // ── Readiness poll ─────────────────────────────────────────────────────
-    const pollReady = () => {
-      if (settled) return
-      const req = http.request(
-        { host: '127.0.0.1', port, path: '/', method: 'HEAD', timeout: 500 },
-        (res) => {
-          if (res.statusCode && res.statusCode < 500) {
-            clearTimeout(timer)
-            onReady()
-          } else {
-            setTimeout(pollReady, 300)
-          }
-        }
-      )
-      req.on('error', () => setTimeout(pollReady, 300))
-      req.on('timeout', () => {
-        req.destroy()
-        setTimeout(pollReady, 300)
-      })
-      req.end()
-    }
-    // Start polling after a short grace period so bun has time to boot.
-    setTimeout(pollReady, 600)
-
-    // ── Early exit ─────────────────────────────────────────────────────────
-    child.on('exit', (code, signal) => {
-      const reason = signal
-        ? `HolySheep runtime exited with signal ${signal} before becoming ready`
-        : `HolySheep runtime exited with code ${code} before becoming ready`
-      clearTimeout(timer)
-      fail(reason)
-    })
-    child.on('error', (err) => {
-      clearTimeout(timer)
-      fail(`HolySheep runtime spawn error: ${err.message || err}`)
-    })
-  })
-}
-
-// ── The real AionUi-mode flow ────────────────────────────────────────────────
-async function startAionUiMode(opts) {
-  const port = Number(opts.port) || 9876
-
-  // 1. Resolve runtime. Fetcher returns one of:
-  //   source='user-cache'        → version matches baked-in DEFAULT_RUNTIME_VERSION
-  //   source='user-cache-stale'  → version mismatch AND upgrade was skipped/failed
-  //                                (we can still boot with the old runtime,
-  //                                 but the user sees an explicit warning)
-  //   source='download-upgrade'  → cache was stale, we auto-upgraded in place
-  //   source='download'          → first-ever install, freshly downloaded
-  //   source='aionui-fork'/'vendor' → dev checkout
-  //
-  // We always call with allowDownload:true here (unless the user disabled
-  // auto-fetch) so stale caches get upgraded the same way first-run downloads
-  // happen. Before 2.1.10 the local resolver short-circuited on "file exists"
-  // and stale caches stayed stale forever.
-  const autoFetchDisabled = process.env.HOLYSHEEP_WEBUI_NO_AUTOFETCH === '1'
-  if (!autoFetchDisabled) {
-    // Pre-announce only when we know we're going to hit the network. For
-    // first-ever install we always do. For stale cache we _may_ do, depending
-    // on HOLYSHEEP_AIONUI_SKIP_UPGRADE.
-    const probe = probeAionUiRuntimeLabel()
-    if (probe === 'none') {
-      console.log(chalk.cyan('▶ HolySheep runtime not installed — downloading automatically (~21 MB, one-time)'))
-      console.log(chalk.gray('  (disable with HOLYSHEEP_WEBUI_NO_AUTOFETCH=1; override URL with HOLYSHEEP_AIONUI_RUNTIME_URL)'))
-    } else if (probe === 'installed-stale' && process.env.HOLYSHEEP_AIONUI_SKIP_UPGRADE !== '1') {
-      console.log(chalk.cyan('▶ HolySheep runtime is out of date — upgrading in place (atomic)'))
-      console.log(chalk.gray('  (set HOLYSHEEP_AIONUI_SKIP_UPGRADE=1 to pin current cache; HOLYSHEEP_AIONUI_PIN_VERSION=<v> to lock a version)'))
-    }
-  }
-  let runtime = await resolveAionUiRuntime({
-    allowDownload: !autoFetchDisabled,
-    logger: (m) => console.log(chalk.gray(`  ${m}`)),
-  })
-  if (runtime && runtime.source === 'download-upgrade') {
-    console.log(chalk.green(`  ✓ HolySheep runtime upgraded to ${runtime.version}`))
-  } else if (runtime && runtime.source === 'user-cache-stale') {
-    console.log(chalk.yellow(
-      `  ⚠ Running stale HolySheep runtime (${runtime.version}, expected newer). ` +
-      `Run: rm -rf ~/.holysheep/aionui-runtime && hs web  to force rebuild.`
-    ))
-  } else if (runtime && runtime.source === 'download') {
-    console.log(chalk.gray('  HolySheep runtime installed. Next: ensure bun is available to launch it.'))
-  }
-  if (!runtime) {
-    const home = process.env.HOME || process.env.USERPROFILE || '~'
-    console.log(chalk.red('✗ HolySheep runtime not found and auto-download did not succeed'))
-    console.log()
-    console.log(chalk.gray('  Expected at one of:'))
-    console.log(chalk.gray(`    • ${path.resolve(__dirname, '..', '..', 'aionui-fork', 'dist-server')}  (dev checkout)`))
-    console.log(chalk.gray(`    • ${path.join(home, '.holysheep', 'aionui-runtime', 'dist-server')}  (installed)`))
-    console.log()
-    console.log(chalk.yellow('  Retry manually:'))
-    console.log(chalk.cyan('    hs web --setup-runtime'))
-    console.log(chalk.gray('  Or pin a specific runtime URL + SHA256:'))
-    console.log(chalk.cyan('    export HOLYSHEEP_AIONUI_RUNTIME_URL=https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep.tar.gz'))
-    console.log(chalk.cyan('    export HOLYSHEEP_AIONUI_RUNTIME_SHA256=<see README>'))
-    console.log(chalk.cyan('    hs web --setup-runtime'))
-    console.log()
-    if (opts.aionui) {
-      console.log(chalk.red('  --aionui flag requires runtime. Aborting.'))
-      process.exit(1)
-    }
-    console.log(chalk.yellow('  Falling back to legacy HolySheep workspace. Set HOLYSHEEP_WEBUI_LEGACY=1 to silence this message.'))
-    console.log()
-    return startLegacyMode(opts)
-  }
-
-  // 2. Resolve bun — and auto-install if missing (opt-out via env, TTY-gated)
-  let bunPath = resolveBunPath()
-  const autoBunDisabled = process.env.HOLYSHEEP_WEBUI_NO_AUTOFETCH_BUN === '1'
-  if (!bunPath && !autoBunDisabled) {
-    // TTY guard: auto-install pipes a remote script into a shell. In CI,
-    // Docker builds, or other non-interactive environments the user can't
-    // cancel and didn't knowingly opt in. Skip auto-install there and fall
-    // through to the existing manual-install guidance + legacy fallback.
-    if (!process.stdout.isTTY) {
-      console.log(chalk.yellow('  bun missing and not running in a TTY — skipping auto-install (safety).'))
-      console.log(chalk.gray('  In CI / Docker / non-interactive shells, install bun explicitly first:'))
-      console.log(chalk.cyan(`    ${describeBunInstall()}`))
-      console.log(chalk.gray('  Or opt out of this safety with HOLYSHEEP_WEBUI_FORCE_AUTOFETCH_BUN=1.'))
-      if (process.env.HOLYSHEEP_WEBUI_FORCE_AUTOFETCH_BUN === '1') {
-        console.log(chalk.cyan('▶ HOLYSHEEP_WEBUI_FORCE_AUTOFETCH_BUN=1 set — attempting auto-install anyway'))
-        bunPath = autoInstallBun((m) => console.log(chalk.gray(`  ${m}`)))
-      }
-    } else {
-      console.log(chalk.cyan('▶ bun runtime not installed — installing automatically (one-time)'))
-      console.log(chalk.gray('  (disable with HOLYSHEEP_WEBUI_NO_AUTOFETCH_BUN=1; takes ~30s; source: bun.sh official installer)'))
-      bunPath = autoInstallBun((m) => console.log(chalk.gray(`  ${m}`)))
-    }
-  }
-  if (!bunPath) {
-    console.log(chalk.red('✗ bun is required to run the HolySheep runtime'))
-    console.log(chalk.gray('  (HolySheep runtime uses bun: URL-scheme imports that Node cannot load directly)'))
-    console.log(chalk.gray('  HolySheep runtime itself is ready — bun is the last missing piece.'))
-    console.log()
-    console.log(chalk.yellow('  Install bun manually:'))
-    console.log(chalk.cyan(`    ${describeBunInstall()}`))
-    console.log(chalk.gray('  After install, close and reopen your terminal, then retry `hs web`.'))
-    console.log()
-    if (opts.aionui) {
-      console.log(chalk.red('  --aionui flag requires bun. Aborting.'))
-      process.exit(1)
-    }
-    console.log(chalk.yellow('  HolySheep runtime ready but bun auto-install failed — falling back to legacy HolySheep workspace.'))
-    console.log()
-    return startLegacyMode(opts)
-  }
-
-  console.log(chalk.cyan(`▶ Starting HolySheep runtime (source: ${runtime.source})`))
-
-  // 3. Spawn AionUi on an internal loopback port and wrap it with
-  // `aionui-wrapper.js` which listens on the user-visible port. This is the
-  // critical architectural piece that makes `/api/holysheep/balance`,
-  // `/api/holysheep/tools`, `/api/holysheep/setup`, etc. actually reachable
-  // from the browser: the wrapper in-process dispatches those routes to
-  // `src/webui/server.js`'s exported handlers, and proxies everything else
-  // (including /login, /api/auth/*, WebSocket /ws) to AionUi.
-  //
-  // Before 2.1.14 hs web spawned AionUi directly on :9876 and the wrapper
-  // was dead code — so the Dashboard couldn't fetch balance/tools at all.
-  const { startWrapper } = require('../webui/aionui-wrapper')
-
-  // Pick an internal port. We rely on the wrapper's own picker to avoid
-  // duplicating logic, but we need to know the public port upfront for the
-  // user-visible URL message.
-  let wrapper
-  let aionuiProc
-  try {
-    wrapper = await startWrapper({
-      port,                 // user-visible port (default 9876)
-      runtimeDir: runtime.dir,
-      runtimeVersion: runtime.version,
-      runtimeSource: runtime.source,
-      bunPath,
-    })
-    aionuiProc = wrapper.aionui
-  } catch (e) {
-    const [firstLine, ...rest] = String(e.message).split(/\r?\n/)
-    console.log(chalk.red(`✗ HolySheep runtime failed to start: ${firstLine}`))
-    for (const line of rest) {
-      if (line.trim()) console.log(chalk.gray(line))
-    }
-    console.log()
-    console.log(chalk.gray('  Tip: run again with HS_WEB_DEBUG=1 to stream HolySheep runtime logs live.'))
-    console.log(chalk.gray('       If this is a first launch on Windows, try once more — Defender'))
-    console.log(chalk.gray('       will cache bun.exe + server.mjs after the first scan.'))
-    if (opts.aionui) process.exit(1)
-    console.log(chalk.yellow('  Falling back to legacy workspace.'))
-    return startLegacyMode(opts)
-  }
-
-  const baseUrl = `http://127.0.0.1:${port}`
-  const internalPort = wrapper.internalPort
-
-  // 4. Auto-login via HolySheep API key if available — talks to the INTERNAL
-  // AionUi port (bypasses the wrapper's rate limits / middleware), because
-  // this is just a cookie-warmer for the browser launch URL.
-  const apiKey = readHolySheepApiKey()
-  let launchUrl = baseUrl
-  if (apiKey) {
-    try {
-      const { cookieLine } = await loginWithApiKey(internalPort, apiKey)
-      // We can't programmatically seed the browser with cookies easily. Best UX:
-      //   - AionUi /login already set the cookie in our HTTP client, not the browser
-      //   - We ask user to paste key once in UI, OR we display a one-shot magic link
-      // For now, we open /login with the key prefilled via URL hash so the React
-      // login page can auto-submit. Implemented via localStorage fallback below.
-      if (cookieLine) {
-        // The cookie was set on our programmatic client, not the browser. Since
-        // we can't cross-write cookies, we just let AionUi's /login page auto-fill
-        // the apiKey via URL hash. React page reads window.location.hash on mount.
-        launchUrl = `${baseUrl}/login#apiKey=${encodeURIComponent(apiKey)}`
-        console.log(chalk.green('✓ HolySheep API key detected — auto-filled on login page'))
-      }
-    } catch (e) {
-      console.log(chalk.yellow(`  (auto-login pre-check failed: ${e.message} — will open /login manually)`))
-      launchUrl = `${baseUrl}/login`
-    }
-  } else {
-    launchUrl = `${baseUrl}/login`
-    console.log(chalk.yellow('  No HolySheep API key saved yet. Run `hs login` first to enable auto-fill.'))
-  }
-
-  console.log(chalk.green(`✓ WebUI 已启动: ${chalk.cyan.bold(launchUrl)}`))
-  console.log(chalk.gray('  Mode: HolySheep WebUI (HolySheep 登录)'))
-  console.log(chalk.gray('  Press Ctrl+C to stop'))
-  console.log()
-
-  if (opts.open !== false) {
-    try {
-      const platform = process.platform
-      if (platform === 'darwin') execSync(`open "${launchUrl}"`)
-      else if (platform === 'win32') execSync(`start "" "${launchUrl}"`)
-      else execSync(`xdg-open "${launchUrl}"`)
-    } catch {}
-  }
-
-  const stop = () => {
-    try { aionuiProc.kill('SIGTERM') } catch {}
-    setTimeout(() => {
-      try { aionuiProc.kill('SIGKILL') } catch {}
-      process.exit(0)
-    }, 2000)
-  }
-  process.on('SIGINT', stop)
-  process.on('SIGTERM', stop)
-
-  await new Promise(() => {})
-}
-
-// ── Legacy fallback (old HolySheep Workspace page) ───────────────────────────
-async function startLegacyMode(opts) {
-  const port = Number(opts.port) || 9876
-  const { startServer } = require('../webui/server')
-  await startServer(port)
-  const url = `http://127.0.0.1:${port}`
-  console.log(chalk.green(`✓ WebUI 已启动: ${chalk.cyan.bold(url)}`))
-  console.log(chalk.gray('  (Legacy HolySheep Workspace — 原生 node 轻量模式)'))
-  console.log(chalk.gray('  按 Ctrl+C 停止'))
-  console.log()
-  if (opts.open !== false) {
-    try {
-      const platform = process.platform
-      if (platform === 'darwin') execSync(`open "${url}"`)
-      else if (platform === 'win32') execSync(`start "" "${url}"`)
-      else execSync(`xdg-open "${url}"`)
-    } catch {}
-  }
-  await new Promise(() => {})
-}
-
-async function webui(opts) {
-  console.log()
-  console.log(chalk.bold('🌐  HolySheep WebUI'))
-  console.log(chalk.gray('━'.repeat(50)))
-  console.log()
-
-  try {
-    // 默认走 AionUi；HOLYSHEEP_WEBUI_LEGACY=1 才退回 legacy
-    if (isLegacy(opts) && !opts.aionui) {
-      console.log(chalk.gray(`[mode=legacy platform=${process.platform}]`))
-      console.log()
-      return await startLegacyMode(opts)
-    }
-    // Tri-state mode line: helps user-reports when things go sideways.
-    // Runtime label now distinguishes `installed` (version matches baked-in
-    // DEFAULT_RUNTIME_VERSION) from `installed-stale` (will auto-upgrade on
-    // next call to resolveAionUiRuntime). `none` means first-ever launch.
-    const bunFound = resolveBunPath() ? 'found' : 'missing'
-    const rtLabel = probeAionUiRuntimeLabel()
-    console.log(chalk.gray(`[mode=holysheep platform=${process.platform} bun=${bunFound} runtime=${rtLabel}]`))
-    console.log()
-    return await startAionUiMode(opts)
-  } catch (err) {
-    console.log(chalk.red(`✗ 启动失败: ${err.message}`))
-    process.exit(1)
-  }
-}
-
-module.exports = webui