@tkpdx01/ccc 1.2.6 → 1.3.0

package/README.md

@@ -45,12 +45,89 @@ ccc edit [profile]     # Edit profile / 编辑配置
 ccc delete [profile]   # Delete profile / 删除配置
 ```
 
+### WebDAV Cloud Sync / WebDAV 云同步
+
+```bash
+ccc webdav setup       # Configure WebDAV and sync password / 配置 WebDAV 和同步密码
+ccc webdav push        # Push profiles to cloud / 推送到云端
+ccc webdav pull        # Pull profiles from cloud / 从云端拉取
+ccc webdav status      # View sync status / 查看同步状态
+```
+
 ## Features / 功能
 
 - **Multiple Profiles / 多配置**: Manage different API configurations
 - **Template Support / 模板**: Based on `~/.claude/settings.json`
 - **Smart Import / 智能导入**: Auto-detect API URL and token
 - **Sync Settings / 同步**: Update from template, preserve credentials
+- **WebDAV Cloud Sync / 云同步**: Encrypted sync across devices
+
+## Sync Command / 同步命令
+
+The `sync` command updates profiles with the latest settings from `~/.claude/settings.json` while preserving each profile's API credentials (`ANTHROPIC_AUTH_TOKEN` and `ANTHROPIC_BASE_URL`).
+
+`sync` 命令从 `~/.claude/settings.json` 同步最新设置到 profiles，同时保留每个 profile 的 API 凭证（`ANTHROPIC_AUTH_TOKEN` 和 `ANTHROPIC_BASE_URL`）。
+
+```bash
+ccc sync [profile]     # Sync single profile / 同步单个配置
+ccc sync --all         # Sync all profiles / 同步所有配置
+```
+
+Use this when you've updated your main Claude settings (plugins, model, etc.) and want to apply those changes to all profiles.
+
+当你更新了主 Claude 设置（插件、模型等）并想将这些更改应用到所有 profiles 时使用此命令。
+
+## WebDAV Cloud Sync / WebDAV 云同步
+
+Sync your profiles across multiple devices using any WebDAV service (Nutstore, Nextcloud, etc.).
+
+使用任意 WebDAV 服务（坚果云、Nextcloud 等）在多设备间同步配置。
+
+### Setup / 配置
+
+```bash
+ccc webdav setup
+```
+
+This will prompt for:
+- WebDAV server URL
+- Username / Password
+- Remote storage path
+- Sync password (for encryption)
+
+### Commands / 命令
+
+```bash
+ccc webdav push        # Upload encrypted profiles / 上传加密配置
+ccc webdav pull        # Download and decrypt / 下载并解密
+ccc webdav status      # View sync status / 查看同步状态
+ccc webdav push -f     # Force push (skip conflict prompts) / 强制推送
+ccc webdav pull -f     # Force pull (skip conflict prompts) / 强制拉取
+```
+
+### Security / 安全设计
+
+- **End-to-end encryption**: All data is encrypted locally with AES-256-GCM before upload. Even if someone gains access to your WebDAV storage, they cannot read your API keys without the sync password.
+
+- **Password-based protection**: Your sync password is never transmitted. It derives the encryption key using PBKDF2 (100,000 iterations).
+
+- **Local password caching**: On trusted devices, the password is cached locally (encrypted with machine fingerprint), so you don't need to enter it every time.
+
+- **Manual sync only**: Synchronization only happens when you explicitly run `push` or `pull`. No background processes, no automatic uploads. You always know when your data leaves your machine.
+
+- **Non-destructive merge**: By default, conflicts preserve both versions instead of overwriting. Use `--force` only when you're certain.
+
+**安全设计**：
+
+- **端到端加密**：所有数据在上传前使用 AES-256-GCM 本地加密。即使他人获取了你的 WebDAV 存储访问权限，没有同步密码也无法读取你的 API Key。
+
+- **密码保护**：同步密码永不传输，使用 PBKDF2（10万次迭代）派生加密密钥。
+
+- **本机免密**：在可信设备上，密码使用机器指纹加密缓存在本地，无需每次输入。
+
+- **手动同步**：同步仅在你显式执行 `push` 或 `pull` 时发生。无后台进程，无自动上传。你始终清楚数据何时离开本机。
+
+- **无损合并**：默认情况下，冲突时保留两个版本而非覆盖。仅在确定时使用 `--force`。
 
 ## Storage / 存储
 

package/index.js

@@ -16,6 +16,8 @@ import {
   newCommand,
   editCommand,
   deleteCommand,
+  syncCommand,
+  webdavCommand,
   helpCommand
 } from './src/commands/index.js';
 
@@ -25,7 +27,7 @@ const program = new Command();
 program
   .name('ccc')
   .description('Claude Code Settings Launcher - 管理多个 Claude Code 配置文件')
-  .version('1.2.6');
+  .version('1.3.0');
 
 // 注册所有命令
 listCommand(program);
@@ -35,6 +37,8 @@ importCommand(program);
 newCommand(program);
 editCommand(program);
 deleteCommand(program);
+syncCommand(program);
+webdavCommand(program);
 helpCommand(program);
 
 // ccc <profile> 或 ccc (无参数)
@@ -47,7 +51,7 @@ program
 
     if (profile) {
       // 检查是否是子命令
-      if (['list', 'ls', 'use', 'show', 'import', 'if', 'new', 'edit', 'delete', 'rm', 'help'].includes(profile)) {
+      if (['list', 'ls', 'use', 'show', 'import', 'if', 'new', 'edit', 'delete', 'rm', 'sync', 'webdav', 'help'].includes(profile)) {
         return; // 让子命令处理
       }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tkpdx01/ccc",
-  "version": "1.2.6",
+  "version": "1.3.0",
   "description": "Claude Code Settings Launcher - Manage multiple Claude Code profiles",
   "main": "index.js",
   "bin": {
@@ -34,6 +34,7 @@
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
     "commander": "^12.0.0",
-    "inquirer": "^9.2.0"
+    "inquirer": "^9.2.0",
+    "webdav": "^5.8.0"
   }
 }

package/src/commands/edit.js

@@ -10,7 +10,9 @@ import {
   saveProfile,
   setDefaultProfile,
   deleteProfile,
-  resolveProfile
+  resolveProfile,
+  getProfileCredentials,
+  getClaudeSettingsTemplate
 } from '../profiles.js';
 
 export function editCommand(program) {
@@ -47,11 +49,12 @@ export function editCommand(program) {
         profile = resolved;
       }
 
-      const currentSettings = readProfile(profile);
+      // 使用新的 getProfileCredentials 函数获取凭证（支持新旧格式）
+      const { apiKey: currentApiKey, apiUrl: currentApiUrl } = getProfileCredentials(profile);
 
       console.log(chalk.cyan(`\n当前配置 (${profile}):`));
-      console.log(chalk.gray(`  ANTHROPIC_BASE_URL: ${currentSettings.ANTHROPIC_BASE_URL || '未设置'}`));
-      console.log(chalk.gray(`  ANTHROPIC_AUTH_TOKEN: ${currentSettings.ANTHROPIC_AUTH_TOKEN ? currentSettings.ANTHROPIC_AUTH_TOKEN.substring(0, 10) + '...' : '未设置'}`));
+      console.log(chalk.gray(`  ANTHROPIC_BASE_URL: ${currentApiUrl || '未设置'}`));
+      console.log(chalk.gray(`  ANTHROPIC_AUTH_TOKEN: ${currentApiKey ? currentApiKey.substring(0, 10) + '...' : '未设置'}`));
       console.log();
 
       const { apiUrl, apiKey, newName } = await inquirer.prompt([
@@ -59,13 +62,13 @@ export function editCommand(program) {
           type: 'input',
           name: 'apiUrl',
           message: 'ANTHROPIC_BASE_URL:',
-          default: currentSettings.ANTHROPIC_BASE_URL || ''
+          default: currentApiUrl || ''
         },
         {
           type: 'input',
           name: 'apiKey',
           message: 'ANTHROPIC_AUTH_TOKEN:',
-          default: currentSettings.ANTHROPIC_AUTH_TOKEN || ''
+          default: currentApiKey || ''
         },
         {
           type: 'input',
@@ -75,11 +78,22 @@ export function editCommand(program) {
         }
       ]);
 
-      // 影子配置只存储 API 凭证
-      const newSettings = {
-        ANTHROPIC_AUTH_TOKEN: apiKey,
-        ANTHROPIC_BASE_URL: apiUrl
-      };
+      // 读取当前 profile 或使用主配置模板
+      let currentProfile = readProfile(profile);
+      if (!currentProfile || !currentProfile.env) {
+        // 如果是旧格式或空配置，基于主配置模板创建
+        const template = getClaudeSettingsTemplate() || {};
+        currentProfile = { ...template };
+      }
+
+      // 确保 env 对象存在
+      if (!currentProfile.env) {
+        currentProfile.env = {};
+      }
+
+      // 更新 env 中的 API 凭证
+      currentProfile.env.ANTHROPIC_AUTH_TOKEN = apiKey;
+      currentProfile.env.ANTHROPIC_BASE_URL = apiUrl;
 
       // 如果重命名
       if (newName && newName !== profile) {
@@ -88,7 +102,7 @@ export function editCommand(program) {
           console.log(chalk.red(`Profile "${newName}" 已存在`));
           process.exit(1);
         }
-        saveProfile(newName, newSettings);
+        saveProfile(newName, currentProfile);
         deleteProfile(profile);
 
         // 更新默认 profile
@@ -98,7 +112,7 @@ export function editCommand(program) {
 
         console.log(chalk.green(`\n✓ Profile 已重命名为 "${newName}" 并保存`));
       } else {
-        saveProfile(profile, newSettings);
+        saveProfile(profile, currentProfile);
         console.log(chalk.green(`\n✓ Profile "${profile}" 已更新`));
       }
     });

package/src/commands/index.js

@@ -5,5 +5,7 @@ export { importCommand } from './import.js';
 export { newCommand } from './new.js';
 export { editCommand } from './edit.js';
 export { deleteCommand } from './delete.js';
+export { syncCommand } from './sync.js';
+export { webdavCommand } from './webdav.js';
 export { helpCommand, showHelp } from './help.js';
 

package/src/commands/list.js

@@ -1,7 +1,6 @@
-import fs from 'fs';
 import chalk from 'chalk';
 import Table from 'cli-table3';
-import { getProfiles, getDefaultProfile, getProfilePath } from '../profiles.js';
+import { getProfiles, getDefaultProfile, getProfileCredentials } from '../profiles.js';
 
 export function listCommand(program) {
   program
@@ -31,19 +30,8 @@ export function listCommand(program) {
 
       profiles.forEach((p, index) => {
         const isDefault = p === defaultProfile;
-        const profilePath = getProfilePath(p);
-        let baseUrl = chalk.gray('(未设置)');
-
-        try {
-          const content = fs.readFileSync(profilePath, 'utf-8');
-          // 用正则从 JSON 文件内容中提取 ANTHROPIC_BASE_URL（新格式直接在顶层）
-          const match = content.match(/"ANTHROPIC_BASE_URL"\s*:\s*"([^"]+)"/);
-          if (match && match[1]) {
-            baseUrl = match[1];
-          }
-        } catch {
-          baseUrl = chalk.red('(读取失败)');
-        }
+        const { apiUrl } = getProfileCredentials(p);
+        const baseUrl = apiUrl || chalk.gray('(未设置)');
 
         const num = isDefault ? chalk.green(`${index + 1}`) : chalk.gray(`${index + 1}`);
         const name = isDefault ? chalk.green(`${p} *`) : p;

package/src/commands/new.js

@@ -4,7 +4,7 @@ import {
   ensureDirs,
   getProfiles,
   profileExists,
-  saveProfile,
+  createProfileFromTemplate,
   setDefaultProfile
 } from '../profiles.js';
 import { launchClaude } from '../launch.js';
@@ -12,7 +12,7 @@ import { launchClaude } from '../launch.js';
 export function newCommand(program) {
   program
     .command('new [name]')
-    .description('创建新的影子配置（只包含 API 凭证）')
+    .description('创建新的配置（基于 ~/.claude/settings.json，在 env 中设置 API 凭证）')
     .action(async (name) => {
       // 如果没有提供名称，询问
       if (!name) {
@@ -80,15 +80,9 @@ export function newCommand(program) {
         }
       }
 
-      // 影子配置只存储 API 凭证
-      const newSettings = {
-        ANTHROPIC_AUTH_TOKEN: apiKey,
-        ANTHROPIC_BASE_URL: apiUrl
-      };
-
       ensureDirs();
-      saveProfile(finalName, newSettings);
-      console.log(chalk.green(`\n✓ 配置 "${finalName}" 已创建`));
+      createProfileFromTemplate(finalName, apiUrl, apiKey);
+      console.log(chalk.green(`\n✓ 配置 "${finalName}" 已创建（基于 ~/.claude/settings.json）`));
 
       // 如果是第一个 profile，设为默认
       const profiles = getProfiles();

package/src/commands/sync.js

@@ -0,0 +1,93 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import {
+  getProfiles,
+  syncProfileWithTemplate,
+  getClaudeSettingsTemplate,
+  resolveProfile
+} from '../profiles.js';
+
+export function syncCommand(program) {
+  program
+    .command('sync [profile]')
+    .description('同步 ~/.claude/settings.json 到 profile（保留 API 凭证）')
+    .option('-a, --all', '同步所有 profiles')
+    .action(async (profile, options) => {
+      // 检查主配置是否存在
+      const template = getClaudeSettingsTemplate();
+      if (!template) {
+        console.log(chalk.red('未找到 ~/.claude/settings.json'));
+        console.log(chalk.gray('请确保 Claude Code 已正确安装'));
+        process.exit(1);
+      }
+
+      const profiles = getProfiles();
+
+      if (profiles.length === 0) {
+        console.log(chalk.yellow('没有可用的 profiles'));
+        console.log(chalk.gray('使用 "ccc new" 创建配置'));
+        process.exit(0);
+      }
+
+      // 同步所有 profiles
+      if (options.all) {
+        const { confirm } = await inquirer.prompt([
+          {
+            type: 'confirm',
+            name: 'confirm',
+            message: `确定要同步所有 ${profiles.length} 个 profiles 吗?`,
+            default: false
+          }
+        ]);
+
+        if (!confirm) {
+          console.log(chalk.yellow('已取消'));
+          process.exit(0);
+        }
+
+        console.log(chalk.cyan('\n开始同步所有 profiles...\n'));
+
+        let successCount = 0;
+        for (const p of profiles) {
+          const result = syncProfileWithTemplate(p);
+          if (result) {
+            console.log(chalk.green(`  ✓ ${p}`));
+            successCount++;
+          } else {
+            console.log(chalk.red(`  ✗ ${p} (同步失败)`));
+          }
+        }
+
+        console.log(chalk.green(`\n✓ 已同步 ${successCount}/${profiles.length} 个 profiles`));
+        return;
+      }
+
+      // 同步单个 profile
+      if (!profile) {
+        const { selectedProfile } = await inquirer.prompt([
+          {
+            type: 'list',
+            name: 'selectedProfile',
+            message: '选择要同步的配置:',
+            choices: profiles
+          }
+        ]);
+        profile = selectedProfile;
+      } else {
+        const resolved = resolveProfile(profile);
+        if (!resolved) {
+          console.log(chalk.red(`Profile "${profile}" 不存在`));
+          process.exit(1);
+        }
+        profile = resolved;
+      }
+
+      const result = syncProfileWithTemplate(profile);
+      if (result) {
+        console.log(chalk.green(`\n✓ Profile "${profile}" 已同步（保留了 API 凭证）`));
+      } else {
+        console.log(chalk.red(`\n✗ 同步失败`));
+        process.exit(1);
+      }
+    });
+}

package/src/commands/webdav.js

@@ -0,0 +1,477 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { getProfiles } from '../profiles.js';
+import {
+  saveSyncPassword,
+  loadSyncPassword,
+  hasSyncPassword
+} from '../crypto.js';
+import {
+  getWebDAVConfig,
+  saveWebDAVConfig,
+  createWebDAVClient,
+  uploadProfiles,
+  downloadProfiles,
+  getRemoteInfo,
+  compareProfiles,
+  mergePull,
+  mergePush
+} from '../webdav.js';
+
+// 获取或请求同步密码
+async function getSyncPassword(forcePrompt = false) {
+  if (!forcePrompt) {
+    const cached = loadSyncPassword();
+    if (cached) {
+      return cached;
+    }
+  }
+
+  const { password } = await inquirer.prompt([
+    {
+      type: 'password',
+      name: 'password',
+      message: '请输入同步密码:',
+      mask: '*',
+      validate: (input) => input.length >= 6 || '密码至少需要 6 个字符'
+    }
+  ]);
+
+  return password;
+}
+
+// setup 子命令
+async function setupAction() {
+  console.log(chalk.cyan('\n配置 WebDAV 同步\n'));
+
+  const existingConfig = getWebDAVConfig();
+
+  const answers = await inquirer.prompt([
+    {
+      type: 'input',
+      name: 'url',
+      message: 'WebDAV 服务器地址:',
+      default: existingConfig?.url || '',
+      validate: (input) => {
+        if (!input) return '请输入 WebDAV 地址';
+        if (!input.startsWith('http://') && !input.startsWith('https://')) {
+          return '地址必须以 http:// 或 https:// 开头';
+        }
+        return true;
+      }
+    },
+    {
+      type: 'input',
+      name: 'username',
+      message: 'WebDAV 用户名:',
+      default: existingConfig?.username || ''
+    },
+    {
+      type: 'password',
+      name: 'password',
+      message: 'WebDAV 密码:',
+      mask: '*'
+    },
+    {
+      type: 'input',
+      name: 'path',
+      message: '远程存储路径:',
+      default: existingConfig?.path || '/ccc-sync',
+      validate: (input) => input.startsWith('/') || '路径必须以 / 开头'
+    }
+  ]);
+
+  // 测试连接
+  console.log(chalk.gray('\n测试连接...'));
+  try {
+    const client = createWebDAVClient(answers);
+    await client.getDirectoryContents('/');
+    console.log(chalk.green('✓ 连接成功'));
+  } catch (err) {
+    console.log(chalk.red(`✗ 连接失败: ${err.message}`));
+    const { continueAnyway } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'continueAnyway',
+        message: '是否仍要保存配置？',
+        default: false
+      }
+    ]);
+    if (!continueAnyway) {
+      process.exit(1);
+    }
+  }
+
+  saveWebDAVConfig(answers);
+  console.log(chalk.green('✓ WebDAV 配置已保存'));
+
+  // 设置同步密码
+  const hasPassword = hasSyncPassword();
+  const { setupPassword } = await inquirer.prompt([
+    {
+      type: 'confirm',
+      name: 'setupPassword',
+      message: hasPassword ? '是否重新设置同步密码？' : '是否设置同步密码？',
+      default: !hasPassword
+    }
+  ]);
+
+  if (setupPassword) {
+    const { newPassword, confirmPassword } = await inquirer.prompt([
+      {
+        type: 'password',
+        name: 'newPassword',
+        message: '设置同步密码 (用于加密云端数据):',
+        mask: '*',
+        validate: (input) => input.length >= 6 || '密码至少需要 6 个字符'
+      },
+      {
+        type: 'password',
+        name: 'confirmPassword',
+        message: '确认同步密码:',
+        mask: '*'
+      }
+    ]);
+
+    if (newPassword !== confirmPassword) {
+      console.log(chalk.red('✗ 两次输入的密码不一致'));
+      process.exit(1);
+    }
+
+    saveSyncPassword(newPassword);
+    console.log(chalk.green('✓ 同步密码已保存（本机免密）'));
+  }
+
+  console.log(chalk.cyan('\n配置完成！使用以下命令同步:'));
+  console.log(chalk.gray('  ccc webdav push   - 推送到云端'));
+  console.log(chalk.gray('  ccc webdav pull   - 从云端拉取'));
+  console.log(chalk.gray('  ccc webdav status - 查看同步状态'));
+}
+
+// push 子命令
+async function pushAction(options) {
+  const config = getWebDAVConfig();
+  if (!config) {
+    console.log(chalk.red('请先运行 "ccc webdav setup" 配置 WebDAV'));
+    process.exit(1);
+  }
+
+  const localProfiles = getProfiles();
+  if (localProfiles.length === 0) {
+    console.log(chalk.yellow('没有可同步的 profiles'));
+    process.exit(0);
+  }
+
+  const syncPassword = await getSyncPassword();
+  const client = createWebDAVClient(config);
+
+  console.log(chalk.gray('\n检查远程状态...'));
+
+  let remoteData = null;
+  try {
+    remoteData = await downloadProfiles(client, config, syncPassword);
+  } catch (err) {
+    if (err.message.includes('密码错误')) {
+      console.log(chalk.red(`✗ ${err.message}`));
+      process.exit(1);
+    }
+    // 远程可能不存在，继续
+  }
+
+  const diff = compareProfiles(localProfiles, remoteData);
+
+  // 显示差异
+  console.log(chalk.cyan('\n同步预览:'));
+
+  if (diff.localOnly.length > 0) {
+    console.log(chalk.green(`  ↑ 新增: ${diff.localOnly.join(', ')}`));
+  }
+
+  if (diff.remoteOnly.length > 0) {
+    console.log(chalk.gray(`  ○ 远程独有 (保留): ${diff.remoteOnly.join(', ')}`));
+  }
+
+  const unchanged = diff.both.filter(n => !diff.conflicts.find(c => c.name === n));
+  if (unchanged.length > 0) {
+    console.log(chalk.gray(`  = 无变化: ${unchanged.join(', ')}`));
+  }
+
+  // 处理冲突
+  const resolutions = {};
+
+  if (diff.conflicts.length > 0 && !options.force) {
+    console.log(chalk.yellow(`\n  ⚠️  发现 ${diff.conflicts.length} 个冲突:`));
+
+    for (const conflict of diff.conflicts) {
+      const remoteTime = new Date(conflict.remoteUpdatedAt).toLocaleString();
+      console.log(chalk.yellow(`\n  "${conflict.name}" - 云端修改于 ${remoteTime}`));
+
+      const { resolution } = await inquirer.prompt([
+        {
+          type: 'list',
+          name: 'resolution',
+          message: `如何处理 "${conflict.name}"？`,
+          choices: [
+            { name: '保留两者 (本地上传为 *_local)', value: 'keep_both' },
+            { name: '使用本地版本覆盖云端', value: 'use_local' },
+            { name: '保留云端版本', value: 'keep_remote' }
+          ],
+          default: 'keep_both'
+        }
+      ]);
+
+      resolutions[conflict.name] = resolution;
+    }
+  } else if (diff.conflicts.length > 0 && options.force) {
+    console.log(chalk.yellow(`  ⚠️  ${diff.conflicts.length} 个冲突将使用本地版本覆盖`));
+    for (const conflict of diff.conflicts) {
+      resolutions[conflict.name] = 'use_local';
+    }
+  }
+
+  // 确认
+  if (!options.force) {
+    const { confirm } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'confirm',
+        message: '确认推送？',
+        default: true
+      }
+    ]);
+
+    if (!confirm) {
+      console.log(chalk.yellow('已取消'));
+      process.exit(0);
+    }
+  }
+
+  // 执行推送
+  console.log(chalk.gray('\n正在推送...'));
+  try {
+    const result = await mergePush(client, config, syncPassword, diff.conflicts, resolutions);
+    console.log(chalk.green(`\n✓ 已推送 ${result.count} 个 profiles 到云端`));
+  } catch (err) {
+    console.log(chalk.red(`\n✗ 推送失败: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+// pull 子命令
+async function pullAction(options) {
+  const config = getWebDAVConfig();
+  if (!config) {
+    console.log(chalk.red('请先运行 "ccc webdav setup" 配置 WebDAV'));
+    process.exit(1);
+  }
+
+  const syncPassword = await getSyncPassword();
+  const client = createWebDAVClient(config);
+
+  console.log(chalk.gray('\n正在获取云端数据...'));
+
+  let remoteData = null;
+  try {
+    remoteData = await downloadProfiles(client, config, syncPassword);
+  } catch (err) {
+    console.log(chalk.red(`✗ ${err.message}`));
+    process.exit(1);
+  }
+
+  if (!remoteData) {
+    console.log(chalk.yellow('云端没有同步数据'));
+    console.log(chalk.gray('使用 "ccc webdav push" 推送本地配置'));
+    process.exit(0);
+  }
+
+  const localProfiles = getProfiles();
+  const diff = compareProfiles(localProfiles, remoteData);
+
+  // 显示差异
+  console.log(chalk.cyan('\n同步预览:'));
+
+  if (diff.remoteOnly.length > 0) {
+    console.log(chalk.green(`  ↓ 新增: ${diff.remoteOnly.join(', ')}`));
+  }
+
+  if (diff.localOnly.length > 0) {
+    console.log(chalk.gray(`  ○ 本地独有 (保留): ${diff.localOnly.join(', ')}`));
+  }
+
+  const unchanged = diff.both.filter(n => !diff.conflicts.find(c => c.name === n));
+  if (unchanged.length > 0) {
+    console.log(chalk.gray(`  = 无变化: ${unchanged.join(', ')}`));
+  }
+
+  // 处理冲突
+  const resolutions = {};
+
+  if (diff.conflicts.length > 0 && !options.force) {
+    console.log(chalk.yellow(`\n  ⚠️  发现 ${diff.conflicts.length} 个冲突:`));
+
+    for (const conflict of diff.conflicts) {
+      const remoteTime = new Date(conflict.remoteUpdatedAt).toLocaleString();
+      console.log(chalk.yellow(`\n  "${conflict.name}" - 云端修改于 ${remoteTime}`));
+
+      const { resolution } = await inquirer.prompt([
+        {
+          type: 'list',
+          name: 'resolution',
+          message: `如何处理 "${conflict.name}"？`,
+          choices: [
+            { name: '保留两者 (云端保存为 *_cloud)', value: 'keep_both' },
+            { name: '使用云端版本覆盖本地', value: 'use_remote' },
+            { name: '保留本地版本', value: 'keep_local' }
+          ],
+          default: 'keep_both'
+        }
+      ]);
+
+      resolutions[conflict.name] = resolution;
+    }
+  } else if (diff.conflicts.length > 0 && options.force) {
+    console.log(chalk.yellow(`  ⚠️  ${diff.conflicts.length} 个冲突将使用云端版本覆盖`));
+    for (const conflict of diff.conflicts) {
+      resolutions[conflict.name] = 'use_remote';
+    }
+  }
+
+  // 如果没有任何变化
+  if (diff.remoteOnly.length === 0 && diff.conflicts.length === 0) {
+    console.log(chalk.green('\n✓ 本地已是最新'));
+    process.exit(0);
+  }
+
+  // 确认
+  if (!options.force) {
+    const { confirm } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'confirm',
+        message: '确认拉取？',
+        default: true
+      }
+    ]);
+
+    if (!confirm) {
+      console.log(chalk.yellow('已取消'));
+      process.exit(0);
+    }
+  }
+
+  // 执行拉取
+  console.log(chalk.gray('\n正在拉取...'));
+  const result = mergePull(remoteData, diff.conflicts, resolutions);
+
+  if (result.imported.length > 0) {
+    console.log(chalk.green(`  ✓ 导入: ${result.imported.join(', ')}`));
+  }
+  if (result.renamed.length > 0) {
+    for (const r of result.renamed) {
+      console.log(chalk.cyan(`  ✓ ${r.original} → ${r.renamed}`));
+    }
+  }
+  if (result.skipped.length > 0) {
+    console.log(chalk.gray(`  ○ 跳过: ${result.skipped.join(', ')}`));
+  }
+
+  const total = result.imported.length + result.renamed.length;
+  console.log(chalk.green(`\n✓ 已拉取 ${total} 个 profiles`));
+}
+
+// status 子命令
+async function statusAction() {
+  const config = getWebDAVConfig();
+  if (!config) {
+    console.log(chalk.red('请先运行 "ccc webdav setup" 配置 WebDAV'));
+    process.exit(1);
+  }
+
+  console.log(chalk.cyan('\nWebDAV 同步状态\n'));
+  console.log(chalk.gray(`服务器: ${config.url}`));
+  console.log(chalk.gray(`路径: ${config.path}`));
+  console.log(chalk.gray(`本机免密: ${hasSyncPassword() ? '是' : '否'}`));
+
+  const syncPassword = await getSyncPassword();
+  const client = createWebDAVClient(config);
+
+  console.log(chalk.gray('\n检查远程状态...'));
+
+  const remoteInfo = await getRemoteInfo(client, config, syncPassword);
+  const localProfiles = getProfiles();
+
+  console.log(chalk.cyan('\n本地:'));
+  console.log(`  Profiles: ${localProfiles.length}`);
+  if (localProfiles.length > 0) {
+    console.log(chalk.gray(`  ${localProfiles.join(', ')}`));
+  }
+
+  console.log(chalk.cyan('\n云端:'));
+  if (remoteInfo.exists) {
+    console.log(`  Profiles: ${remoteInfo.profileCount}`);
+    console.log(`  最后更新: ${new Date(remoteInfo.updatedAt).toLocaleString()}`);
+    if (remoteInfo.profileNames.length > 0) {
+      console.log(chalk.gray(`  ${remoteInfo.profileNames.join(', ')}`));
+    }
+  } else if (remoteInfo.error) {
+    console.log(chalk.red(`  错误: ${remoteInfo.error}`));
+  } else {
+    console.log(chalk.gray('  (无数据)'));
+  }
+
+  // 比较差异
+  if (remoteInfo.exists) {
+    let remoteData = null;
+    try {
+      remoteData = await downloadProfiles(client, config, syncPassword);
+    } catch {
+      // ignore
+    }
+
+    if (remoteData) {
+      const diff = compareProfiles(localProfiles, remoteData);
+
+      console.log(chalk.cyan('\n差异:'));
+      if (diff.localOnly.length > 0) {
+        console.log(chalk.green(`  本地新增: ${diff.localOnly.join(', ')}`));
+      }
+      if (diff.remoteOnly.length > 0) {
+        console.log(chalk.blue(`  云端新增: ${diff.remoteOnly.join(', ')}`));
+      }
+      if (diff.conflicts.length > 0) {
+        console.log(chalk.yellow(`  有冲突: ${diff.conflicts.map(c => c.name).join(', ')}`));
+      }
+      if (diff.localOnly.length === 0 && diff.remoteOnly.length === 0 && diff.conflicts.length === 0) {
+        console.log(chalk.green('  ✓ 已同步'));
+      }
+    }
+  }
+}
+
+export function webdavCommand(program) {
+  const webdav = program
+    .command('webdav')
+    .description('WebDAV 云同步');
+
+  webdav
+    .command('setup')
+    .description('配置 WebDAV 连接和同步密码')
+    .action(setupAction);
+
+  webdav
+    .command('push')
+    .description('推送本地 profiles 到云端')
+    .option('-f, --force', '强制覆盖，跳过冲突确认')
+    .action(pushAction);
+
+  webdav
+    .command('pull')
+    .description('从云端拉取 profiles 到本地')
+    .option('-f, --force', '强制覆盖，跳过冲突确认')
+    .action(pullAction);
+
+  webdav
+    .command('status')
+    .description('查看同步状态')
+    .action(statusAction);
+}

package/src/crypto.js

@@ -0,0 +1,147 @@
+import crypto from 'crypto';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { CONFIG_DIR } from './config.js';
+
+const ALGORITHM = 'aes-256-gcm';
+const KEY_LENGTH = 32;
+const IV_LENGTH = 16;
+const SALT_LENGTH = 32;
+const AUTH_TAG_LENGTH = 16;
+const PBKDF2_ITERATIONS = 100000;
+const FILE_MAGIC = 'CCC_V1';
+const SYNC_KEY_FILE = path.join(CONFIG_DIR, '.sync_key');
+
+// 获取机器指纹（用于本地密码缓存加密）
+function getMachineFingerprint() {
+  const hostname = os.hostname();
+  const username = os.userInfo().username;
+  const platform = os.platform();
+  const arch = os.arch();
+  // 组合多个机器特征生成指纹
+  const fingerprint = `${hostname}:${username}:${platform}:${arch}:ccc-sync`;
+  return crypto.createHash('sha256').update(fingerprint).digest();
+}
+
+// 从密码派生加密密钥
+function deriveKey(password, salt) {
+  return crypto.pbkdf2Sync(password, salt, PBKDF2_ITERATIONS, KEY_LENGTH, 'sha256');
+}
+
+// 加密数据
+export function encrypt(plaintext, password) {
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const key = deriveKey(password, salt);
+
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+
+  // 格式: MAGIC + salt + iv + authTag + encrypted
+  const magic = Buffer.from(FILE_MAGIC, 'utf8');
+  return Buffer.concat([magic, salt, iv, authTag, encrypted]);
+}
+
+// 解密数据
+export function decrypt(encryptedBuffer, password) {
+  const magic = Buffer.from(FILE_MAGIC, 'utf8');
+  const magicLength = magic.length;
+
+  // 验证 magic header
+  if (encryptedBuffer.length < magicLength + SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH) {
+    throw new Error('无效的加密文件格式');
+  }
+
+  const fileMagic = encryptedBuffer.subarray(0, magicLength);
+  if (!fileMagic.equals(magic)) {
+    throw new Error('无效的加密文件格式');
+  }
+
+  let offset = magicLength;
+  const salt = encryptedBuffer.subarray(offset, offset + SALT_LENGTH);
+  offset += SALT_LENGTH;
+  const iv = encryptedBuffer.subarray(offset, offset + IV_LENGTH);
+  offset += IV_LENGTH;
+  const authTag = encryptedBuffer.subarray(offset, offset + AUTH_TAG_LENGTH);
+  offset += AUTH_TAG_LENGTH;
+  const encrypted = encryptedBuffer.subarray(offset);
+
+  const key = deriveKey(password, salt);
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+
+  try {
+    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    return decrypted.toString('utf8');
+  } catch (err) {
+    throw new Error('解密失败：密码错误或数据损坏');
+  }
+}
+
+// 使用机器指纹加密本地密码缓存
+export function encryptLocalPassword(password) {
+  const key = getMachineFingerprint();
+  const iv = crypto.randomBytes(IV_LENGTH);
+
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(password, 'utf8'), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+
+  return Buffer.concat([iv, authTag, encrypted]);
+}
+
+// 使用机器指纹解密本地密码缓存
+export function decryptLocalPassword(encryptedBuffer) {
+  if (encryptedBuffer.length < IV_LENGTH + AUTH_TAG_LENGTH) {
+    throw new Error('无效的本地密码缓存');
+  }
+
+  const key = getMachineFingerprint();
+  const iv = encryptedBuffer.subarray(0, IV_LENGTH);
+  const authTag = encryptedBuffer.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+  const encrypted = encryptedBuffer.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+
+  try {
+    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    return decrypted.toString('utf8');
+  } catch (err) {
+    throw new Error('本地密码缓存解密失败');
+  }
+}
+
+// 保存同步密码到本地（加密存储）
+export function saveSyncPassword(password) {
+  const encrypted = encryptLocalPassword(password);
+  fs.writeFileSync(SYNC_KEY_FILE, encrypted);
+}
+
+// 读取本地缓存的同步密码
+export function loadSyncPassword() {
+  if (!fs.existsSync(SYNC_KEY_FILE)) {
+    return null;
+  }
+  try {
+    const encrypted = fs.readFileSync(SYNC_KEY_FILE);
+    return decryptLocalPassword(encrypted);
+  } catch (err) {
+    return null;
+  }
+}
+
+// 检查是否有本地缓存的密码
+export function hasSyncPassword() {
+  return fs.existsSync(SYNC_KEY_FILE);
+}
+
+// 清除本地缓存的密码
+export function clearSyncPassword() {
+  if (fs.existsSync(SYNC_KEY_FILE)) {
+    fs.unlinkSync(SYNC_KEY_FILE);
+  }
+}

package/src/profiles.js

@@ -106,6 +106,65 @@ export function saveProfile(name, settings) {
   fs.writeFileSync(profilePath, JSON.stringify(settings, null, 2));
 }
 
+// 创建基于主配置的 profile（复制 ~/.claude/settings.json 并设置 env）
+export function createProfileFromTemplate(name, apiUrl, apiKey) {
+  const template = getClaudeSettingsTemplate() || {};
+
+  // 确保 env 对象存在
+  if (!template.env) {
+    template.env = {};
+  }
+
+  // 只设置 API 凭证到 env
+  template.env.ANTHROPIC_AUTH_TOKEN = apiKey;
+  template.env.ANTHROPIC_BASE_URL = apiUrl;
+
+  saveProfile(name, template);
+  return template;
+}
+
+// 同步主配置到 profile（保留 profile 的 API 凭证）
+export function syncProfileWithTemplate(name) {
+  const template = getClaudeSettingsTemplate();
+  if (!template) {
+    return null;
+  }
+
+  const currentProfile = readProfile(name);
+  if (!currentProfile) {
+    return null;
+  }
+
+  // 保存当前 profile 的 API 凭证（支持新旧格式）
+  const currentEnv = currentProfile.env || {};
+  const apiKey = currentEnv.ANTHROPIC_AUTH_TOKEN || currentProfile.ANTHROPIC_AUTH_TOKEN || '';
+  const apiUrl = currentEnv.ANTHROPIC_BASE_URL || currentProfile.ANTHROPIC_BASE_URL || '';
+
+  // 复制主配置
+  const newProfile = { ...template };
+
+  // 确保 env 对象存在并保留 API 凭证
+  newProfile.env = { ...(template.env || {}), ANTHROPIC_AUTH_TOKEN: apiKey, ANTHROPIC_BASE_URL: apiUrl };
+
+  saveProfile(name, newProfile);
+  return newProfile;
+}
+
+// 从 profile 中提取 API 凭证
+export function getProfileCredentials(name) {
+  const profile = readProfile(name);
+  if (!profile) {
+    return { apiKey: '', apiUrl: '' };
+  }
+
+  // 支持旧格式（直接在顶层）和新格式（在 env 中）
+  const env = profile.env || {};
+  return {
+    apiKey: env.ANTHROPIC_AUTH_TOKEN || profile.ANTHROPIC_AUTH_TOKEN || '',
+    apiUrl: env.ANTHROPIC_BASE_URL || profile.ANTHROPIC_BASE_URL || ''
+  };
+}
+
 // 删除 profile
 export function deleteProfile(name) {
   const profilePath = getProfilePath(name);

package/src/webdav.js

@@ -0,0 +1,268 @@
+import { createClient } from 'webdav';
+import fs from 'fs';
+import path from 'path';
+import { CONFIG_DIR, PROFILES_DIR } from './config.js';
+import { encrypt, decrypt } from './crypto.js';
+import { getProfiles, readProfile, saveProfile } from './profiles.js';
+
+const WEBDAV_CONFIG_FILE = path.join(CONFIG_DIR, 'webdav.json');
+const REMOTE_FILE_NAME = 'ccc-profiles.encrypted';
+
+// 读取 WebDAV 配置
+export function getWebDAVConfig() {
+  if (!fs.existsSync(WEBDAV_CONFIG_FILE)) {
+    return null;
+  }
+  try {
+    return JSON.parse(fs.readFileSync(WEBDAV_CONFIG_FILE, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+
+// 保存 WebDAV 配置
+export function saveWebDAVConfig(config) {
+  fs.writeFileSync(WEBDAV_CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+
+// 创建 WebDAV 客户端
+export function createWebDAVClient(config) {
+  return createClient(config.url, {
+    username: config.username,
+    password: config.password
+  });
+}
+
+// 获取远程文件路径
+function getRemotePath(config) {
+  const basePath = config.path || '/';
+  return path.posix.join(basePath, REMOTE_FILE_NAME);
+}
+
+// 上传加密的 profiles 到 WebDAV
+export async function uploadProfiles(client, config, syncPassword) {
+  const profiles = getProfiles();
+  const profilesData = {};
+
+  for (const name of profiles) {
+    const profile = readProfile(name);
+    if (profile) {
+      profilesData[name] = {
+        data: profile,
+        updatedAt: Date.now()
+      };
+    }
+  }
+
+  const payload = {
+    version: 1,
+    updatedAt: Date.now(),
+    profiles: profilesData
+  };
+
+  const encrypted = encrypt(JSON.stringify(payload), syncPassword);
+  const remotePath = getRemotePath(config);
+
+  // 确保目录存在
+  const baseDir = config.path || '/';
+  try {
+    await client.createDirectory(baseDir, { recursive: true });
+  } catch {
+    // 目录可能已存在
+  }
+
+  await client.putFileContents(remotePath, encrypted);
+  return { count: profiles.length, updatedAt: payload.updatedAt };
+}
+
+// 从 WebDAV 下载加密的 profiles
+export async function downloadProfiles(client, config, syncPassword) {
+  const remotePath = getRemotePath(config);
+
+  try {
+    const exists = await client.exists(remotePath);
+    if (!exists) {
+      return null;
+    }
+  } catch {
+    return null;
+  }
+
+  const encrypted = await client.getFileContents(remotePath);
+  const decrypted = decrypt(Buffer.from(encrypted), syncPassword);
+  return JSON.parse(decrypted);
+}
+
+// 获取远程文件信息
+export async function getRemoteInfo(client, config, syncPassword) {
+  try {
+    const data = await downloadProfiles(client, config, syncPassword);
+    if (!data) {
+      return { exists: false };
+    }
+    return {
+      exists: true,
+      updatedAt: data.updatedAt,
+      profileCount: Object.keys(data.profiles).length,
+      profileNames: Object.keys(data.profiles)
+    };
+  } catch (err) {
+    return { exists: false, error: err.message };
+  }
+}
+
+// 比较本地和远程 profiles，返回差异
+export function compareProfiles(localProfiles, remoteData) {
+  const local = new Set(localProfiles);
+  const remote = new Set(remoteData ? Object.keys(remoteData.profiles) : []);
+
+  const result = {
+    localOnly: [],      // 只在本地存在
+    remoteOnly: [],     // 只在远程存在
+    both: [],           // 两边都有
+    conflicts: []       // 两边都有且内容不同
+  };
+
+  // 本地存在的
+  for (const name of local) {
+    if (remote.has(name)) {
+      result.both.push(name);
+    } else {
+      result.localOnly.push(name);
+    }
+  }
+
+  // 只在远程存在的
+  for (const name of remote) {
+    if (!local.has(name)) {
+      result.remoteOnly.push(name);
+    }
+  }
+
+  // 检查内容是否相同
+  if (remoteData) {
+    for (const name of result.both) {
+      const localProfile = readProfile(name);
+      const remoteProfile = remoteData.profiles[name].data;
+
+      if (JSON.stringify(localProfile) !== JSON.stringify(remoteProfile)) {
+        result.conflicts.push({
+          name,
+          localData: localProfile,
+          remoteData: remoteProfile,
+          remoteUpdatedAt: remoteData.profiles[name].updatedAt
+        });
+      }
+    }
+  }
+
+  return result;
+}
+
+// 执行最大合并的 pull 操作
+export function mergePull(remoteData, conflicts, resolutions) {
+  const imported = [];
+  const skipped = [];
+  const renamed = [];
+
+  if (!remoteData) {
+    return { imported, skipped, renamed };
+  }
+
+  const localProfiles = new Set(getProfiles());
+
+  for (const [name, profileData] of Object.entries(remoteData.profiles)) {
+    const conflict = conflicts.find(c => c.name === name);
+
+    if (conflict) {
+      // 有冲突
+      const resolution = resolutions[name] || 'keep_both';
+
+      if (resolution === 'use_remote') {
+        saveProfile(name, profileData.data);
+        imported.push(name);
+      } else if (resolution === 'keep_local') {
+        skipped.push(name);
+      } else {
+        // keep_both: 保留两者，远程版本重命名
+        const newName = `${name}_cloud`;
+        saveProfile(newName, profileData.data);
+        renamed.push({ original: name, renamed: newName });
+      }
+    } else if (!localProfiles.has(name)) {
+      // 本地不存在，直接导入
+      saveProfile(name, profileData.data);
+      imported.push(name);
+    }
+  }
+
+  return { imported, skipped, renamed };
+}
+
+// 执行最大合并的 push 操作
+export async function mergePush(client, config, syncPassword, conflicts, resolutions) {
+  const localProfiles = getProfiles();
+  let remoteData = null;
+
+  try {
+    remoteData = await downloadProfiles(client, config, syncPassword);
+  } catch {
+    // 远程可能不存在
+  }
+
+  const profilesData = {};
+
+  // 保留远程独有的（最大合并）
+  if (remoteData) {
+    const localSet = new Set(localProfiles);
+    for (const [name, data] of Object.entries(remoteData.profiles)) {
+      if (!localSet.has(name)) {
+        profilesData[name] = data;
+      }
+    }
+  }
+
+  // 添加本地的
+  for (const name of localProfiles) {
+    const profile = readProfile(name);
+    if (!profile) continue;
+
+    const conflict = conflicts.find(c => c.name === name);
+    if (conflict) {
+      const resolution = resolutions[name] || 'keep_both';
+
+      if (resolution === 'use_local') {
+        profilesData[name] = { data: profile, updatedAt: Date.now() };
+      } else if (resolution === 'keep_remote') {
+        // 保留远程版本
+        profilesData[name] = remoteData.profiles[name];
+      } else {
+        // keep_both: 保留两者，本地版本用 _local 后缀
+        profilesData[name] = remoteData.profiles[name]; // 保留原名为远程版本
+        profilesData[`${name}_local`] = { data: profile, updatedAt: Date.now() };
+      }
+    } else {
+      profilesData[name] = { data: profile, updatedAt: Date.now() };
+    }
+  }
+
+  const payload = {
+    version: 1,
+    updatedAt: Date.now(),
+    profiles: profilesData
+  };
+
+  const encrypted = encrypt(JSON.stringify(payload), syncPassword);
+  const remotePath = getRemotePath(config);
+
+  // 确保目录存在
+  const baseDir = config.path || '/';
+  try {
+    await client.createDirectory(baseDir, { recursive: true });
+  } catch {
+    // 目录可能已存在
+  }
+
+  await client.putFileContents(remotePath, encrypted);
+  return { count: Object.keys(profilesData).length };
+}