@ssm123ssm/vault 0.1.10 → 0.1.11

package/index.js

@@ -25,5 +25,5 @@ if (!["link", "add", "run"].includes(command)) {
   process.exit(1);
 }
 
-const agentCli = path.join(__dirname, "..", "preview-agent.js");
+const agentCli = path.join(__dirname, "preview-agent.js");
 require(agentCli);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ssm123ssm/vault",
-  "version": "0.1.10",
+  "version": "0.1.11",
   "private": false,
   "description": "Preview Vault agent CLI",
   "bin": {

package/preview-agent.js

@@ -0,0 +1,862 @@
+#!/usr/bin/env node
+
+const fs = require("fs/promises");
+const fsSync = require("fs");
+const path = require("path");
+const os = require("os");
+const crypto = require("crypto");
+const prompts = require("prompts");
+const WebSocket = require("ws");
+const sodium = require("libsodium-wrappers");
+const http = require("http");
+const { spawn } = require("child_process");
+
+const CONFIG_DIR = path.join(os.homedir(), ".preview");
+const CONFIG_PATH = path.join(CONFIG_DIR, "agent.json");
+
+const MIME_TYPES = {
+  ".html": "text/html",
+  ".htm": "text/html",
+  ".pdf": "application/pdf",
+  ".csv": "text/csv",
+  ".json": "application/json",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".svg": "image/svg+xml",
+  ".txt": "text/plain",
+  ".md": "text/markdown",
+};
+
+function getMimeType(filename) {
+  const ext = path.extname(filename).toLowerCase();
+  return MIME_TYPES[ext] || "application/octet-stream";
+}
+
+function toBase64(buffer) {
+  return Buffer.from(buffer).toString("base64");
+}
+
+function deriveKey(passphrase, salt) {
+  return crypto.pbkdf2Sync(passphrase, salt, 250000, 32, "sha256");
+}
+
+function encryptBuffer(key, payload) {
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+  const ciphertext = Buffer.concat([cipher.update(payload), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return { iv, ciphertext: Buffer.concat([ciphertext, tag]) };
+}
+
+async function walkDir(rootDir) {
+  const entries = await fs.readdir(rootDir, { withFileTypes: true });
+  const files = [];
+
+  for (const entry of entries) {
+    if (entry.name.startsWith(".")) continue;
+    const fullPath = path.join(rootDir, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...(await walkDir(fullPath)));
+    } else {
+      files.push(fullPath);
+    }
+  }
+
+  return files;
+}
+
+async function loadConfig() {
+  try {
+    const raw = await fs.readFile(CONFIG_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    if (parsed?.projects) {
+      for (const [key, value] of Object.entries(parsed.projects)) {
+        if (value && typeof value.source === "string") {
+          parsed.projects[key].source = sanitizePath(value.source);
+        }
+      }
+    }
+    return parsed;
+  } catch (_error) {
+    return { appUrl: null, agentId: null, sessionToken: null, projects: {} };
+  }
+}
+
+async function saveConfig(config) {
+  await fs.mkdir(CONFIG_DIR, { recursive: true });
+  await fs.writeFile(CONFIG_PATH, JSON.stringify(config, null, 2));
+}
+
+function toWsUrl(appUrl) {
+  if (!appUrl) return null;
+  if (appUrl.startsWith("ws://") || appUrl.startsWith("wss://")) {
+    return appUrl.endsWith("/api/agents/socket")
+      ? appUrl
+      : appUrl.replace(/\/$/, "") + "/api/agents/socket";
+  }
+  return appUrl.replace(/^http/, "ws").replace(/\/$/, "") + "/api/agents/socket";
+}
+
+function normalizeWsUrl(url, fallbackAppUrl) {
+  if (!url) return toWsUrl(fallbackAppUrl);
+  if (url.startsWith("ws://") || url.startsWith("wss://")) return toWsUrl(url);
+  return toWsUrl(url);
+}
+
+function sanitizePath(input) {
+  const trimmed = input.trim();
+  if (
+    (trimmed.startsWith("'") && trimmed.endsWith("'")) ||
+    (trimmed.startsWith("\"") && trimmed.endsWith("\""))
+  ) {
+    return trimmed.slice(1, -1);
+  }
+  return trimmed;
+}
+
+async function listDirectories(dir) {
+  const entries = await fs.readdir(dir, { withFileTypes: true });
+  return entries
+    .filter((entry) => entry.isDirectory())
+    .map((entry) => entry.name)
+    .sort((a, b) => a.localeCompare(b));
+}
+
+async function selectDirectory(startDir) {
+  let current = path.resolve(startDir || process.cwd());
+  while (true) {
+    let choices = [];
+    try {
+      const dirs = await listDirectories(current);
+      choices = [
+        { title: "Use this directory", value: "__select__" },
+        { title: "..", value: "__up__" },
+        ...dirs.map((name) => ({
+          title: name + path.sep,
+          value: path.join(current, name),
+        })),
+      ];
+    } catch (_error) {
+      choices = [
+        { title: "Use this directory", value: "__select__" },
+        { title: "..", value: "__up__" },
+      ];
+    }
+
+    const response = await prompts({
+      type: "select",
+      name: "next",
+      message: `Select directory (${current})`,
+      choices,
+      initial: 0,
+    });
+
+    if (!response.next) return current;
+    if (response.next === "__select__") return current;
+    if (response.next === "__up__") {
+      const parent = path.dirname(current);
+      if (parent === current) return current;
+      current = parent;
+      continue;
+    }
+    current = response.next;
+  }
+}
+
+async function selectDirectoryViaServer() {
+  const homeDir = os.homedir();
+  const port = Number(process.env.PREVIEW_AGENT_UI_PORT || 5595);
+
+  let resolveSelection;
+  let rejectSelection;
+  const selectionPromise = new Promise((resolve, reject) => {
+    resolveSelection = resolve;
+    rejectSelection = reject;
+  });
+
+  const server = http.createServer(async (req, res) => {
+    const url = new URL(req.url || "/", `http://localhost:${port}`);
+
+    if (url.pathname === "/api/list") {
+      const targetPath = url.searchParams.get("path") || homeDir;
+      try {
+        const entries = await listDirectories(targetPath);
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            path: targetPath,
+            entries: entries.map((name) => ({
+              name,
+              path: path.join(targetPath, name),
+            })),
+            parent: path.dirname(targetPath),
+          })
+        );
+      } catch (_error) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unable to list directory." }));
+      }
+      return;
+    }
+
+    if (url.pathname === "/api/select" && req.method === "POST") {
+      let body = "";
+      req.on("data", (chunk) => {
+        body += chunk.toString();
+      });
+      req.on("end", () => {
+        try {
+          const payload = JSON.parse(body || "{}");
+          const selected = payload.path;
+          if (!selected) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Missing path." }));
+            return;
+          }
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ status: "ok" }));
+          resolveSelection(selected);
+          server.close();
+        } catch (_error) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Invalid payload." }));
+        }
+      });
+      return;
+    }
+
+    if (url.pathname === "/") {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(`<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>Preview Agent - Select Folder</title>
+    <style>
+      body { font-family: ui-sans-serif, system-ui; background:#0f1117; color:#f3f1eb; margin:0; }
+      .wrap { max-width: 720px; margin: 0 auto; padding: 24px; }
+      .card { background:#151a24; border:1px solid rgba(255,255,255,0.08); border-radius:16px; padding:16px; }
+      .path { font-family: ui-monospace, SFMono-Regular; font-size: 12px; }
+      .list { margin-top:12px; display:grid; gap:8px; }
+      button { background:#222837; color:#f3f1eb; border:1px solid rgba(255,255,255,0.12); border-radius:12px; padding:8px 12px; cursor:pointer; }
+      button:hover { border-color:#f97316; }
+      .primary { background:#f97316; color:#1a1410; font-weight:600; }
+      .row { display:flex; gap:8px; align-items:center; flex-wrap:wrap; }
+    </style>
+  </head>
+  <body>
+    <div class="wrap">
+      <h2>Select a folder for this project</h2>
+      <div class="card">
+        <div class="row">
+          <button id="upBtn">Up</button>
+          <button id="useBtn" class="primary">Use this folder</button>
+        </div>
+        <div class="path" id="path"></div>
+        <div class="list" id="list"></div>
+      </div>
+      <p style="font-size:12px;opacity:0.7;margin-top:12px;">Leave this window open until selection is confirmed.</p>
+    </div>
+    <script>
+      let currentPath = "";
+      const pathEl = document.getElementById("path");
+      const listEl = document.getElementById("list");
+      const upBtn = document.getElementById("upBtn");
+      const useBtn = document.getElementById("useBtn");
+
+      async function load(path) {
+        const res = await fetch("/api/list?path=" + encodeURIComponent(path || ""));
+        const data = await res.json();
+        if (!res.ok) return;
+        currentPath = data.path;
+        pathEl.textContent = currentPath;
+        listEl.innerHTML = "";
+        data.entries.forEach((entry) => {
+          const btn = document.createElement("button");
+          btn.textContent = entry.name + "/";
+          btn.onclick = () => load(entry.path);
+          listEl.appendChild(btn);
+        });
+        upBtn.onclick = () => load(data.parent);
+      }
+
+      useBtn.onclick = async () => {
+        await fetch("/api/select", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ path: currentPath }),
+        });
+        useBtn.textContent = "Selected";
+      };
+
+      load("");
+    </script>
+  </body>
+</html>`);
+      return;
+    }
+
+    res.writeHead(404);
+    res.end();
+  });
+
+  server.listen(port);
+  console.log(`Open http://localhost:${port} to select a folder.`);
+
+  const timeout = setTimeout(() => {
+    rejectSelection(new Error("Folder selection timed out."));
+    server.close();
+  }, 5 * 60 * 1000);
+
+  try {
+    const selected = await selectionPromise;
+    clearTimeout(timeout);
+    return selected;
+  } catch (error) {
+    clearTimeout(timeout);
+    throw error;
+  }
+}
+
+function getArgValue(flag) {
+  const index = process.argv.indexOf(flag);
+  if (index === -1) return null;
+  const value = process.argv[index + 1];
+  if (!value || value.startsWith("--")) return null;
+  return value;
+}
+
+function hasFlag(flag) {
+  return process.argv.includes(flag);
+}
+
+async function ensureAgentKeypair(config) {
+  await sodium.ready;
+  const existing = config.agentKeyPair;
+  if (existing?.publicKey && existing?.privateKey) {
+    try {
+      const decoded = Buffer.from(existing.publicKey, "base64").toString("utf8");
+      if (decoded.includes("BEGIN")) {
+        // Legacy PEM keypair; regenerate in libsodium format.
+        config.agentKeyPair = null;
+      } else {
+        return existing;
+      }
+    } catch (_error) {
+      // fall through to regenerate
+    }
+  }
+  const keyPair = sodium.crypto_box_keypair();
+  const pair = {
+    publicKey: sodium.to_base64(keyPair.publicKey, sodium.base64_variants.ORIGINAL),
+    privateKey: sodium.to_base64(keyPair.privateKey, sodium.base64_variants.ORIGINAL),
+  };
+  config.agentKeyPair = pair;
+  return pair;
+}
+
+async function linkAgent({ silent = false } = {}) {
+  const config = await loadConfig();
+  const codeFromArg = getArgValue("--code") || null;
+  const appUrlFromArg = getArgValue("--app-url") || null;
+  const keyPair = await ensureAgentKeypair(config);
+  const defaultAppUrl =
+    appUrlFromArg ||
+    config.appUrl ||
+    process.env.PREVIEW_APP_URL ||
+    "http://localhost:3000";
+
+  let response = {
+    appUrl: defaultAppUrl,
+    code: codeFromArg || "",
+    name: os.hostname(),
+  };
+
+  if (!silent) {
+    response = await prompts([
+      {
+        type: "text",
+        name: "appUrl",
+        message: "Dashboard URL",
+        initial: defaultAppUrl,
+      },
+      {
+        type: "text",
+        name: "code",
+        message: "Link code",
+        initial: codeFromArg || undefined,
+      },
+      {
+        type: "text",
+        name: "name",
+        message: "Agent name",
+        initial: os.hostname(),
+      },
+    ]);
+  }
+
+  if (!response.code) {
+    console.error("Missing link code.");
+    process.exit(1);
+  }
+
+  const appUrl = response.appUrl.replace(/\/$/, "");
+  const claim = await fetch(`${appUrl}/api/agents/claim`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      code: response.code,
+      name: response.name || os.hostname(),
+      publicKey: keyPair.publicKey,
+    }),
+  });
+
+  if (!claim.ok) {
+    const data = await claim.json().catch(() => ({}));
+    console.error(data?.error || "Unable to link agent.");
+    process.exit(1);
+  }
+
+  const data = await claim.json();
+  const wsUrlFromEnv = process.env.PREVIEW_AGENT_WS_URL || null;
+  const wsUrlFromServer = data.wsUrl || null;
+  const updated = {
+    ...config,
+    appUrl,
+    agentId: data.agentId,
+    sessionToken: data.sessionToken,
+    agentName: response.name || config.agentName || os.hostname(),
+    agentKeyPair: keyPair,
+    wsUrl: normalizeWsUrl(wsUrlFromEnv || wsUrlFromServer, appUrl),
+  };
+  await saveConfig(updated);
+  if (!silent) {
+    console.log(`Linked agent ${data.agentId}.`);
+  }
+}
+
+async function addProject() {
+  const config = await loadConfig();
+  const response = await prompts([
+    {
+      type: "text",
+      name: "projectId",
+      message: "Project ID",
+    },
+    {
+      type: "toggle",
+      name: "browse",
+      message: "Select source directory",
+      initial: true,
+      active: "browse",
+      inactive: "type",
+    },
+    {
+      type: (prev) => (prev ? null : "text"),
+      name: "source",
+      message: "Local source directory",
+      initial: ".",
+    },
+    {
+      type: "password",
+      name: "passphrase",
+      message: "Project passphrase",
+    },
+    {
+      type: "text",
+      name: "projectName",
+      message: "Project name (optional)",
+    },
+  ]);
+
+  if (!response.projectId || !response.passphrase) {
+    console.error("Project ID and passphrase are required.");
+    process.exit(1);
+  }
+
+  const sourceDir = response.browse
+    ? await selectDirectory(response.source || process.cwd())
+    : sanitizePath(response.source || ".");
+
+  const projectConfig = {
+    source: sourceDir,
+    passphrase: response.passphrase,
+    projectName: response.projectName || null,
+  };
+  config.projects = config.projects || {};
+  config.projects[response.projectId] = projectConfig;
+  await saveConfig(config);
+  console.log(`Project ${response.projectId} saved.`);
+}
+
+async function uploadProject(projectId, commandPayload, config) {
+  const projectConfig = config.projects?.[projectId];
+  if (!projectConfig) {
+    throw new Error(`Project ${projectId} not configured.`);
+  }
+  if (!commandPayload?.uploadToken) {
+    throw new Error("Missing upload token.");
+  }
+
+  const appUrl = (config.appUrl || "").replace(/\/$/, "");
+  const syncBase = `${appUrl}/api/sync`;
+  const sourceDir = path.resolve(process.cwd(), projectConfig.source);
+  const { filePaths, fingerprint, fileCount, totalBytes } =
+    await computeProjectFingerprint(sourceDir);
+  if (filePaths.length === 0) {
+    throw new Error("No files found to upload.");
+  }
+
+  const salt = crypto.randomBytes(16);
+  const key = deriveKey(projectConfig.passphrase, salt);
+
+  const manifestFiles = [];
+  for (const filePath of filePaths) {
+    const payload = await fs.readFile(filePath);
+    const hash = crypto.createHash("sha256").update(payload).digest("hex");
+    const relativeName = path.relative(sourceDir, filePath);
+    const baseName = path.basename(relativeName);
+    const fileId = crypto.randomBytes(9).toString("hex");
+    const stableHash = crypto.createHash("sha256").update(relativeName).digest("hex");
+    const { iv, ciphertext } = encryptBuffer(key, payload);
+
+    const uploadResponse = await fetch(`${syncBase}/file`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/octet-stream",
+        "x-preview-project": projectId,
+        "x-preview-file": fileId,
+        "x-preview-agent-token": commandPayload.uploadToken,
+      },
+      body: ciphertext,
+    });
+
+    if (!uploadResponse.ok) {
+      throw new Error(`Upload failed for ${relativeName}.`);
+    }
+
+    const stats = await fs.stat(filePath);
+
+    manifestFiles.push({
+      id: fileId,
+      name: baseName,
+      path: relativeName,
+      size: stats.size,
+      type: getMimeType(filePath),
+      updatedAt: new Date().toISOString(),
+      iv: toBase64(iv),
+      hash: `sha256:${hash}`,
+      stableId: `sha256:${stableHash}`,
+    });
+  }
+
+  const manifest = {
+    version: 1,
+    projectId,
+    projectName: projectConfig.projectName || null,
+    createdAt: new Date().toISOString(),
+    files: manifestFiles,
+  };
+
+  const manifestEncrypted = encryptBuffer(
+    key,
+    Buffer.from(JSON.stringify(manifest))
+  );
+
+  const manifestPayload = {
+    iv: toBase64(manifestEncrypted.iv),
+    ciphertext: toBase64(manifestEncrypted.ciphertext),
+  };
+
+  const projectPayload = {
+    projectId,
+    projectName: projectConfig.projectName || null,
+    salt: toBase64(salt),
+    createdAt: new Date().toISOString(),
+  };
+
+  const commitResponse = await fetch(`${syncBase}/commit`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      projectId,
+      agentToken: commandPayload.uploadToken,
+      manifest: manifestPayload,
+      project: projectPayload,
+    }),
+  });
+
+  if (!commitResponse.ok) {
+    throw new Error("Failed to commit manifest.");
+  }
+
+  projectConfig.lastFingerprint = fingerprint;
+  projectConfig.lastFileCount = fileCount;
+  projectConfig.lastTotalBytes = totalBytes;
+  await saveConfig(config);
+
+  return { files: manifestFiles.length };
+}
+
+async function computeProjectFingerprint(sourceDir) {
+  const filePaths = await walkDir(sourceDir);
+  const hash = crypto.createHash("sha256");
+  let totalBytes = 0;
+  for (const filePath of filePaths) {
+    const stats = await fs.stat(filePath);
+    const relativeName = path.relative(sourceDir, filePath);
+    hash.update(relativeName);
+    hash.update(String(stats.size));
+    hash.update(String(stats.mtimeMs));
+    totalBytes += stats.size;
+  }
+  return {
+    filePaths,
+    fingerprint: hash.digest("hex"),
+    fileCount: filePaths.length,
+    totalBytes,
+  };
+}
+
+async function decryptAgentSecret(encrypted, keyPair) {
+  await sodium.ready;
+  const cipher = sodium.from_base64(encrypted, sodium.base64_variants.ORIGINAL);
+  const priv = sodium.from_base64(keyPair.privateKey, sodium.base64_variants.ORIGINAL);
+  const pub = sodium.from_base64(keyPair.publicKey, sodium.base64_variants.ORIGINAL);
+  const decrypted = sodium.crypto_box_seal_open(cipher, pub, priv);
+  return sodium.to_string(decrypted);
+}
+
+async function reportAgentStatus(config) {
+  const appUrl = (config.appUrl || "").replace(/\/$/, "");
+  const statusUrl = `${appUrl}/api/agents/status`;
+  const projectsPayload = [];
+
+  for (const [projectId, projectConfig] of Object.entries(config.projects || {})) {
+    const sourceDir = path.resolve(process.cwd(), projectConfig.source);
+    const scan = await computeProjectFingerprint(sourceDir).catch(() => null);
+    if (!scan) continue;
+    const pending = scan.fingerprint !== projectConfig.lastFingerprint;
+    projectsPayload.push({
+      projectId,
+      fingerprint: scan.fingerprint,
+      fileCount: scan.fileCount,
+      totalBytes: scan.totalBytes,
+      scannedAt: new Date().toISOString(),
+      pending,
+    });
+  }
+
+  if (projectsPayload.length === 0) return;
+
+  await fetch(statusUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${config.sessionToken}`,
+    },
+    body: JSON.stringify({ projects: projectsPayload }),
+  }).catch(() => null);
+}
+
+function runDaemon() {
+  let ws = null;
+  let reconnectMs = 2000;
+  console.log("Preview agent starting...");
+  const daemonMode = hasFlag("--daemon") || hasFlag("--daemon-child");
+
+  if (hasFlag("--daemon") && !hasFlag("--daemon-child")) {
+    const args = process.argv.slice(2).filter((arg) => arg !== "--daemon");
+    const logPath = path.join(CONFIG_DIR, "agent.log");
+    fsSync.mkdirSync(CONFIG_DIR, { recursive: true });
+    const outFd = fsSync.openSync(logPath, "a");
+    const child = spawn(process.execPath, [__filename, ...args, "--daemon-child"], {
+      detached: true,
+      stdio: ["ignore", outFd, outFd],
+    });
+    child.unref();
+    console.log(`Daemon started in background. Logs: ${logPath}`);
+    return;
+  }
+
+  const connect = async () => {
+    const config = await loadConfig();
+    if (!config.sessionToken || !config.appUrl) {
+      console.error("Agent not linked. Run preview-agent link first.");
+      process.exit(1);
+    }
+    const agentLabel = config.agentName
+      ? `${config.agentName} (${config.agentId || "unknown"})`
+      : config.agentId || "unknown";
+
+    const wsUrl = normalizeWsUrl(
+      process.env.PREVIEW_AGENT_WS_URL || config.wsUrl,
+      config.appUrl
+    );
+    if (!wsUrl) {
+      console.error("Missing wsUrl.");
+      process.exit(1);
+    }
+
+    console.log(`Connecting to ${wsUrl}...`);
+    ws = new WebSocket(wsUrl);
+
+    ws.on("open", () => {
+      reconnectMs = 2000;
+      console.log(`WebSocket connected. Authenticating as ${agentLabel}...`);
+      ws.send(
+        JSON.stringify({
+          type: "auth",
+          token: config.sessionToken,
+        })
+      );
+    });
+
+    ws.on("message", async (raw) => {
+      let data = null;
+      try {
+        data = JSON.parse(raw.toString());
+      } catch (_error) {
+        return;
+      }
+
+      if (data?.type === "auth_ok") {
+        console.log(`Authenticated as agent ${agentLabel}.`);
+        reportAgentStatus(config).catch(() => null);
+        return;
+      }
+
+      if (data?.type === "auth_error") {
+        console.error(`Auth failed: ${data.error || "unknown error"}`);
+        return;
+      }
+
+      if (data?.type === "command" && data?.command) {
+        const command = data.command;
+        console.log(
+          `[${agentLabel}] Received command ${command.id} (${command.type}).`
+        );
+        ws.send(JSON.stringify({ type: "command:ack", commandId: command.id }));
+        try {
+          if (command.type === "SYNC") {
+            const result = await uploadProject(
+              command.projectId,
+              command.payload || {},
+              config
+            );
+            console.log(
+              `[${agentLabel}] Sync completed for ${command.projectId} (${result.files} files).`
+            );
+            ws.send(
+              JSON.stringify({
+                type: "command:result",
+                commandId: command.id,
+                status: "SUCCESS",
+                details: result,
+              })
+            );
+          } else if (command.type === "CONFIG") {
+            const config = await loadConfig();
+            const keyPair = await ensureAgentKeypair(config);
+            const encryptedPassphrase = command.payload?.encryptedPassphrase;
+            if (!encryptedPassphrase) {
+              throw new Error("Missing encrypted passphrase.");
+            }
+            const passphrase = await decryptAgentSecret(
+              encryptedPassphrase,
+              keyPair
+            );
+            const projectName = command.payload?.projectName || null;
+            const sourceDir = daemonMode
+              ? await selectDirectoryViaServer()
+              : await selectDirectory(process.cwd());
+            config.projects = config.projects || {};
+            config.projects[command.projectId] = {
+              source: sourceDir,
+              passphrase,
+              projectName,
+            };
+            await saveConfig(config);
+            ws.send(
+              JSON.stringify({
+                type: "command:result",
+                commandId: command.id,
+                status: "SUCCESS",
+                details: { configured: true },
+              })
+            );
+          } else if (command.type === "REVOKE") {
+            console.log(`[${agentLabel}] Agent revoked. Shutting down.`);
+            ws.send(
+              JSON.stringify({
+                type: "command:result",
+                commandId: command.id,
+                status: "SUCCESS",
+                details: { revoked: true },
+              })
+            );
+            ws.close();
+            process.exit(0);
+          }
+        } catch (error) {
+          console.error(
+            `[${agentLabel}] Sync failed for ${command.projectId}: ${error.message || error}`
+          );
+          ws.send(
+            JSON.stringify({
+              type: "command:result",
+              commandId: command.id,
+              status: "FAILED",
+              details: { error: error.message || "Sync failed." },
+            })
+          );
+        }
+      }
+    });
+
+    ws.on("close", () => {
+      console.log("WebSocket disconnected. Reconnecting...");
+      setTimeout(connect, reconnectMs);
+      reconnectMs = Math.min(reconnectMs * 1.6, 15000);
+    });
+
+    ws.on("error", (err) => {
+      console.error(`WebSocket error: ${err.message || err}`);
+      ws.close();
+    });
+  };
+
+  connect().catch((error) => {
+    console.error(error.message || error);
+    process.exit(1);
+  });
+
+  setInterval(async () => {
+    const config = await loadConfig();
+    if (config.sessionToken && config.appUrl) {
+      reportAgentStatus(config).catch(() => null);
+    }
+  }, 20000);
+}
+
+const command = process.argv[2];
+if (command === "link") {
+  linkAgent({ silent: false });
+} else if (command === "add") {
+  addProject();
+} else if (command === "run") {
+  if (hasFlag("--link")) {
+    linkAgent({ silent: true })
+      .then(() => runDaemon())
+      .catch((error) => {
+        console.error(error.message || error);
+        process.exit(1);
+      });
+  } else {
+    runDaemon();
+  }
+} else {
+  console.log("Usage: preview-agent <link|add|run>");
+}