@xagent-ai/cli 1.0.1 → 1.1.1

package/src/auth.ts

@@ -1,7 +1,7 @@
 import axios from 'axios';
 import open from 'open';
 import inquirer from 'inquirer';
-import http from 'http';
+import https from 'https';
 import { AuthConfig, AuthType } from './types.js';
 import { getLogger } from './logger.js';
 
@@ -140,75 +140,47 @@ export class AuthService {
   }
 
   async authenticate(): Promise<boolean> {
+    let result: boolean;
     switch (this.authConfig.type) {
       case AuthType.OAUTH_XAGENT:
-        return await this.authenticateWithXAgent();
-      case AuthType.API_KEY:
-        return await this.authenticateWithApiKey();
+        result = await this.authenticateWithXAgent();
+        break;
       case AuthType.OPENAI_COMPATIBLE:
-        return await this.authenticateWithOpenAICompatible();
+        result = await this.authenticateWithOpenAICompatible();
+        break;
       default:
         throw new Error(`Unknown auth type: ${this.authConfig.type}`);
     }
+
+    return result;
   }
 
   private async authenticateWithXAgent(): Promise<boolean> {
     logger.info('Authenticating with xAgent...', 'Please complete the authentication in your browser');
 
     try {
-      // 1. 先启动 HTTP 服务器接收回调
+      // 1. Start HTTP server to receive callback
       const token = await this.retrieveXAgentToken();
 
-      // 2. 设置认证配置
-      this.authConfig.baseUrl = 'http://xagent-colife.net:3000/v1';
-      this.authConfig.xagentApiBaseUrl = 'http://xagent-colife.net:3000';
+      // 2. 调用后端验证用户
+      const xagentApiBaseUrl = this.authConfig.xagentApiBaseUrl || 'https://154.8.140.52:443';
+      const httpsAgent = new https.Agent({ rejectUnauthorized: false });
+      const response = await axios.get(`${xagentApiBaseUrl}/api/auth/me`, {
+        headers: { 'Authorization': `Bearer ${token}` },
+        httpsAgent
+      });
+
+      // 3. Set authentication configuration
+      this.authConfig.baseUrl = 'https://154.8.140.52:443/v1';
+      this.authConfig.xagentApiBaseUrl = xagentApiBaseUrl;
       this.authConfig.apiKey = token;
+    this.authConfig.type = AuthType.OAUTH_XAGENT;
 
       logger.success('Successfully authenticated with xAgent!');
-      logger.info(`LLM API: http://xagent-colife.net:3000/v1`);
-      logger.info(`VLM API: http://xagent-colife.net:3000/v3`);
       return true;
     } catch (error: any) {
-      const errorMsg = error?.message || 'Unknown error';
-      if (errorMsg.includes('timeout') || errorMsg.includes('Timeout')) {
-        logger.error('Authentication timed out', 'The browser authentication took too long. Please try again.');
-      } else if (errorMsg.includes('No token') || errorMsg.includes('no token')) {
-        logger.error('Authentication was cancelled or failed', 'No token was received from the browser. Please try again.');
-      } else {
-        logger.error('xAgent authentication failed', errorMsg || 'Check your network connection and try again');
-      }
-      return false;
-    }
-  }
-
-  private async authenticateWithApiKey(): Promise<boolean> {
-    logger.info('Authenticating with API Key...');
-
-    const answers = await inquirer.prompt([
-      {
-        type: 'input',
-        name: 'apiKey',
-        message: 'Enter your xAgent API Key:',
-        validate: (input: string) => {
-          if (!input || input.trim().length === 0) {
-            return 'API Key cannot be empty';
-          }
-          return true;
-        }
-      }
-    ]);
-
-    const apiKey = answers.apiKey as string;
-
-    this.authConfig.apiKey = apiKey.trim();
-    this.authConfig.baseUrl = 'https://apis.xagent.cn/v1';
-
-    const isValid = await this.validateApiKey();
-    if (isValid) {
-      logger.success('API Key verified successfully!', 'You can now start using xAgent CLI');
-      return true;
-    } else {
-      logger.error('Invalid API Key, please try again.', 'Make sure you entered the correct API Key');
+      logger.error('Authentication failed', error.message || 'Unknown error');
+      logger.debug('Full error:', JSON.stringify(error.response?.data || error.message));
       return false;
     }
   }
@@ -323,6 +295,7 @@ export class AuthService {
     this.authConfig.baseUrl = baseUrl;
     this.authConfig.apiKey = (apiKey as string).trim();
     this.authConfig.modelName = modelName;
+    this.authConfig.type = AuthType.OPENAI_COMPATIBLE;
 
     const isValid = await this.validateApiKey();
     if (isValid) {
@@ -402,87 +375,80 @@ export class AuthService {
   }
 
   private async retrieveXAgentToken(): Promise<string> {
-    // 使用前端登录页面（支持 callback 参数）
-    const authUrl = 'http://xagent-colife.net:3000/login';
-    const callbackUrl = 'http://localhost:8080/callback';
+    // Use xagentApiBaseUrl from config, fallback to default
+    const webBaseUrl = this.authConfig.xagentApiBaseUrl || 'https://154.8.140.52';
+    const authUrl = `${webBaseUrl}/login`;
+    // Callback URL tells frontend where to store token
+    const callbackUrl = 'https://154.8.140.52:443/callback';
+
+    // 如果已有保存的token，通过URL参数传给Web页面
+    const existingToken = this.authConfig.apiKey;
+    const existingRefreshToken = this.authConfig.refreshToken;
+
+    // 构建登录URL - 如果已有token也传给Web
+    let loginUrl = `${authUrl}?callback=${encodeURIComponent(callbackUrl)}`;
+    if (existingToken) {
+      loginUrl += `&existingToken=${encodeURIComponent(existingToken)}`;
+      if (existingRefreshToken) {
+        loginUrl += `&existingRefreshToken=${encodeURIComponent(existingRefreshToken)}`;
+      }
+    }
 
-    logger.debug(`[OAuth] Opening browser for authentication`);
-    logger.debug(`[OAuth] Login URL: ${authUrl}?callback=${encodeURIComponent(callbackUrl)}`);
+    // Open browser for login, then poll server for token
+    await open(loginUrl);
+    logger.info('Waiting for authentication...', 'Please complete login in your browser');
 
-    // 启动 HTTP 服务器接收回调，然后打开浏览器
+    // Poll server to get token
     return new Promise((resolve, reject) => {
-      let timeoutId: NodeJS.Timeout | null = null;
-      let server: http.Server | null = null;
-      
-      const cleanup = () => {
-        if (timeoutId) {
-          clearTimeout(timeoutId);
-          timeoutId = null;
+      const pollInterval = 2000; // Poll every 2 seconds
+      const maxWaitTime = 30 * 60 * 1000; // 30 minutes timeout
+      const startTime = Date.now();
+
+      const poll = async () => {
+        if (Date.now() - startTime > maxWaitTime) {
+          logger.warn('Authentication timeout after 30 minutes');
+          reject(new Error('Authentication timeout'));
+          return;
         }
-      };
-      
-      const serverCallback = (req: any, res: any) => {
-        logger.debug(`[OAuth] Received request: ${req.url}`);
 
-        if (req.url.startsWith('/callback')) {
-          const url = new URL(req.url, `http://${req.headers.host}`);
-          const token = url.searchParams.get('token');
-          const refreshToken = url.searchParams.get('refreshToken');
-
-          logger.debug(`[OAuth] Callback received, token: ${token ? 'present' : 'missing'}`);
-          logger.debug(`[OAuth] Refresh token: ${refreshToken ? 'present' : 'missing'}`);
-
-          if (token) {
-            cleanup();
-            
+        try {
+          // Create HTTPS agent that ignores certificate errors (for IP-based access)
+          const httpsAgent = new https.Agent({ rejectUnauthorized: false });
+          
+          const response = await axios.get(`${webBaseUrl}/api/cli/get-token`, {
+            timeout: 10000,
+            httpsAgent
+          });
+
+          if (response.data.token) {
+            logger.success('Authentication successful! Received token');
+            logger.debug('[CLI-Auth] Token stored, key:', response.data.token.substring(0, 20) + '...');
             // Save refresh token if provided
-            if (refreshToken) {
-              this.authConfig.refreshToken = refreshToken;
-              logger.debug(`[OAuth] Refresh token saved`);
+            if (response.data.refreshToken) {
+              this.authConfig.refreshToken = response.data.refreshToken;
             }
-
-            // Redirect directly to home page after successful authentication
-            res.writeHead(302, { 'Location': 'http://localhost:3000/' });
-            res.end();
-            if (server) {
-              server.close();
-            }
-            resolve(token);
+            resolve(response.data.token);
+            return;
+          }
+        } catch (error: any) {
+          if (error.response?.status === 404) {
+            // Token not ready yet, continue polling
           } else {
-            cleanup();
-            
-            res.writeHead(400, { 'Content-Type': 'text/html' });
-            res.end('<h1>Authentication Failed: No token</h1>');
-            if (server) {
-              server.close();
-            }
-            reject(new Error('No token received'));
+            console.error('[CLI-Auth] Polling error:', error.message);
           }
         }
+
+        // Continue polling
+        setTimeout(poll, pollInterval);
       };
-      
-      server = http.createServer(serverCallback);
 
-      // 设置超时定时器（在 server 创建后）
-      timeoutId = setTimeout(() => {
-        logger.warn('[OAuth] Authentication timeout after 30 minutes');
-        if (server) {
-          server.close();
-        }
-        reject(new Error('Authentication timeout'));
-      }, 1800000); // 30 minutes
-
-      server.listen(8080, async () => {
-        logger.info('Waiting for authentication...', 'Opening browser for login...');
-        const fullUrl = `${authUrl}?callback=${encodeURIComponent(callbackUrl)}`;
-        logger.debug(`[OAuth] Full URL: ${fullUrl}`);
-        await open(fullUrl);
-      });
+      // Start polling
+      setTimeout(poll, pollInterval);
     });
   }
 
   getAuthConfig(): AuthConfig {
-    return { ...this.authConfig };
+    return { ...this.authConfig, type: this.authConfig.type };
   }
 
   updateAuthConfig(config: Partial<AuthConfig>): void {

package/src/cancellation.ts

@@ -173,4 +173,4 @@ export function getCancellationManager(): CancellationManager {
     cancellationManagerInstance = new CancellationManager();
   }
   return cancellationManagerInstance;
-}
+}

package/src/cli.ts

@@ -10,6 +10,17 @@ import { getMCPManager } from './mcp.js';
 import { getLogger, setConfigProvider } from './logger.js';
 import { theme, icons, colors } from './theme.js';
 import { getCancellationManager } from './cancellation.js';
+import { readFileSync } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+
+// Get current directory
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Read package.json
+const packageJsonPath = join(__dirname, '../package.json');
+const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
 
 const logger = getLogger();
 
@@ -26,10 +37,72 @@ setConfigProvider(() => {
 
 const program = new Command();
 
+/**
+ * Format error message for user-friendly display
+ */
+function formatError(error: unknown): { message: string; suggestion: string } {
+  const errorMessage = error instanceof Error ? error.message : String(error);
+
+  // Network errors
+  if (errorMessage.includes('ENOTFOUND') || errorMessage.includes('ECONNREFUSED')) {
+    return {
+      message: 'Unable to connect to the server',
+      suggestion: 'Please check your network connection and try again.'
+    };
+  }
+  if (errorMessage.includes('ETIMEDOUT') || errorMessage.includes('ECONNRESET')) {
+    return {
+      message: 'Connection timed out',
+      suggestion: 'The server may be busy. Please wait a moment and try again.'
+    };
+  }
+  // Authentication errors
+  if (errorMessage.includes('401') || errorMessage.includes('Unauthorized') || errorMessage.includes('invalid token')) {
+    return {
+      message: 'Authentication failed',
+      suggestion: 'Please login again using: xagent auth'
+    };
+  }
+  // Token expired
+  if (errorMessage.includes('token') && errorMessage.includes('expired')) {
+    return {
+      message: 'Session expired',
+      suggestion: 'Please login again using: xagent auth'
+    };
+  }
+  // Permission errors
+  if (errorMessage.includes('EACCES') || errorMessage.includes('permission denied')) {
+    return {
+      message: 'Permission denied',
+      suggestion: 'Please check your file permissions or run with appropriate privileges.'
+    };
+  }
+  // File not found
+  if (errorMessage.includes('ENOENT') || errorMessage.includes('not found')) {
+    return {
+      message: 'File or resource not found',
+      suggestion: 'Please check the path and try again.'
+    };
+  }
+  // Invalid JSON
+  if (errorMessage.includes('JSON') || errorMessage.includes('parse')) {
+    return {
+      message: 'Invalid data format',
+      suggestion: 'The configuration file may be corrupted. Please check the file content.'
+    };
+  }
+
+  // Default friendly message
+  return {
+    message: 'An error occurred',
+    suggestion: 'Please try again. If the problem persists, check your configuration.'
+  };
+}
+
 program
   .name('xagent')
   .description('AI-powered command-line assistant')
-  .version('1.0.0')
+  .version(packageJson.version)
   .option('-h, --help', 'Show help');
 
 program
@@ -144,9 +217,10 @@ program
         console.log(colors.success(`Agent ${options.remove} removed successfully`));
         console.log('');
       } catch (error: any) {
+        const { message, suggestion } = formatError(error);
         console.log('');
-        console.log(colors.error(`Failed to remove agent: ${error.message}`));
-        console.log(colors.textMuted('Check if the agent exists and try again'));
+        console.log(colors.error(`Failed to remove agent: ${message}`));
+        console.log(colors.textMuted(suggestion));
         console.log('');
       }
     } else {
@@ -207,9 +281,10 @@ program
         console.log(colors.success(`MCP server ${options.remove} removed successfully`));
         console.log('');
       } catch (error: any) {
+        const { message, suggestion } = formatError(error);
         console.log('');
-        console.log(colors.error(`Failed to remove MCP server: ${error.message}`));
-        console.log(colors.textMuted('Check if the server exists and try again'));
+        console.log(colors.error(`Failed to remove MCP server: ${message}`));
+        console.log(colors.textMuted(suggestion));
         console.log('');
       }
     } else {
@@ -238,8 +313,9 @@ program
       console.log(colors.textMuted('You can now run "xagent start" to begin'));
       console.log('');
     } catch (error: any) {
-      console.log(colors.error(`Initialization failed: ${error.message}`));
-      console.log(colors.textMuted('Check if you have write permissions for this directory'));
+      const { message, suggestion } = formatError(error);
+      console.log(colors.error(`Initialization failed: ${message}`));
+      console.log(colors.textMuted(suggestion));
       console.log('');
       process.exit(1);
     }
@@ -285,9 +361,10 @@ program
         console.log(colors.success(`Workflow ${options.add} added successfully!`));
         console.log('');
       } catch (error: any) {
+        const { message, suggestion } = formatError(error);
         console.log('');
-        console.log(colors.error(error.message));
-        console.log(colors.textMuted('Check the workflow ID and try again'));
+        console.log(colors.error(message));
+        console.log(colors.textMuted(suggestion));
         console.log('');
         process.exit(1);
       }
@@ -298,9 +375,10 @@ program
         console.log(colors.success(`Workflow ${options.remove} removed successfully!`));
         console.log('');
       } catch (error: any) {
+        const { message, suggestion } = formatError(error);
         console.log('');
-        console.log(colors.error(error.message));
-        console.log(colors.textMuted('Check if the workflow exists and try again'));
+        console.log(colors.error(message));
+        console.log(colors.textMuted(suggestion));
         console.log('');
         process.exit(1);
       }
@@ -326,7 +404,7 @@ program
     console.log('');
     console.log(colors.border(separator));
     console.log('');
-    console.log(`  ${icons.info}  ${colors.textMuted('Version:')} ${colors.primaryBright('1.0.0')}`);
+    console.log(`  ${icons.info}  ${colors.textMuted('Version:')} ${colors.primaryBright(packageJson.version)}`);
     console.log(`  ${icons.code} ${colors.textMuted('Node.js:')} ${colors.textMuted(process.version)}`);
     console.log(`  ${icons.bolt} ${colors.textMuted('Platform:')} ${colors.textMuted(process.platform + ' ' + process.arch)}`);
     console.log('');
@@ -349,10 +427,70 @@ program
     console.log('');
 
     try {
+      const configManager = getConfigManager();
+      const authConfig = configManager.getAuthConfig();
+
+      // Get GUI-specific VLM configuration
+      const baseUrl = configManager.get('guiSubagentBaseUrl') || configManager.get('baseUrl') || '';
+      const apiKey = configManager.get('guiSubagentApiKey') || configManager.get('apiKey') || '';
+      const modelName = configManager.get('guiSubagentModel') || configManager.get('modelName') || '';
+
+      // Determine mode: local (openai_compatible) or remote
+      const isLocalMode = authConfig.type === 'openai_compatible';
+
+      if (isLocalMode) {
+        // Local mode: require baseUrl configuration
+        if (!baseUrl) {
+          console.log(colors.error('No VLM API URL configured for GUI subagent.'));
+          console.log(colors.textMuted('Please run "xagent auth" and configure guiSubagentBaseUrl.'));
+          console.log('');
+          return;
+        }
+        console.log(colors.info(`${icons.brain} Using local VLM configuration`));
+        console.log(colors.textMuted(`  Model: ${modelName}`));
+        console.log(colors.textMuted(`  Base URL: ${baseUrl}`));
+        console.log('');
+      } else {
+        // Remote mode
+        console.log(colors.info(`${icons.brain} Using remote VLM service`));
+        console.log(colors.textMuted(`  Auth Type: ${authConfig.type}`));
+        console.log('');
+      }
+
       const { createGUISubAgent } = await import('./gui-subagent/index.js');
 
+      // Create remoteVlmCaller for remote mode (uses full messages for consistent behavior)
+      let remoteVlmCaller: ((messages: any[], systemPrompt: string) => Promise<string>) | undefined;
+
+      if (!isLocalMode && authConfig.baseUrl) {
+        const remoteBaseUrl = `${authConfig.baseUrl}/api/agent/vlm`;
+        remoteVlmCaller = async (messages: any[], _systemPrompt: string): Promise<string> => {
+          const response = await fetch(remoteBaseUrl, {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'Authorization': `Bearer ${authConfig.apiKey || ''}`,
+            },
+            body: JSON.stringify({
+              messages
+            }),
+          });
+          if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Remote VLM error: ${response.status} - ${errorText}`);
+          }
+          const result = await response.json() as { response?: string; content?: string; message?: string };
+          return result.response || result.content || result.message || '';
+        };
+      }
+
       const guiAgent = await createGUISubAgent({
         headless: options.headless ?? false,
+        model: isLocalMode ? modelName : undefined,
+        modelBaseUrl: isLocalMode ? baseUrl : undefined,
+        modelApiKey: isLocalMode ? apiKey : undefined,
+        remoteVlmCaller,
+        isLocalMode,
       });
 
       console.log(colors.success('✅ GUI Subagent initialized successfully!'));
@@ -371,8 +509,10 @@ program
       console.log(colors.primaryBright('Use the GUI tools in the interactive session to control the computer.'));
       console.log('');
     } catch (error: any) {
+      const { message, suggestion } = formatError(error);
       console.log('');
-      console.log(colors.error(`Failed to start GUI Subagent: ${error.message}`));
+      console.log(colors.error(`Failed to start GUI Subagent: ${message}`));
+      console.log(colors.textMuted(suggestion));
       console.log('');
     }
   });
@@ -382,3 +522,28 @@ program.parse(process.argv);
 if (!process.argv.slice(2).length) {
   program.outputHelp();
 }
+
+// ============================================================
+// Global error handling - prevent crashes from uncaught errors
+// ============================================================
+
+// Handle uncaught promise rejections
+process.on('unhandledRejection', (reason: any, promise: Promise<any>) => {
+  console.error('\n❌ An unexpected error occurred');
+  if (reason instanceof Error) {
+    console.error(`   ${reason.message}`);
+  } else if (reason) {
+    console.error(`   ${String(reason)}`);
+  }
+  console.error('\n   If this problem persists, please report this issue.');
+  console.error('');
+  process.exit(1);
+});
+
+// Handle uncaught exceptions
+process.on('uncaughtException', (error: Error) => {
+  console.error('\n❌ Critical error - application will exit');
+  console.error(`   ${error.message}`);
+  console.error('');
+  process.exit(1);
+});

package/src/config.ts

@@ -10,12 +10,12 @@ const DEFAULT_SETTINGS: Settings = {
   theme: 'Default',
   selectedAuthType: AuthType.OAUTH_XAGENT,
   apiKey: '',
-  // LLM API - 用于主对话和任务处理 (OpenAI兼容格式)
+  // LLM API - for main conversation and task processing (OpenAI compatible format)
   baseUrl: 'http://xagent-colife.net:3000/v1',
   modelName: 'Qwen3-Coder',
-  // xAgent API - 用于 token 验证等后端调用 (不含 /v1)
+  // xAgent API - for token validation and other backend calls (without /v1)
   xagentApiBaseUrl: 'http://xagent-colife.net:3000',
-  // VLM API - 用于 GUI 自动化（浏览器/桌面操作）
+  // VLM API - for GUI automation (browser/desktop operations)
   guiSubagentModel: 'Qwen3-Coder',
   guiSubagentBaseUrl: 'http://xagent-colife.net:3000/v3',
   guiSubagentApiKey: '',
@@ -66,18 +66,32 @@ export class ConfigManager {
   }
 
   async load(): Promise<Settings> {
+    logger.debug('[CONFIG] ========== load() 开始 ==========');
+    logger.debug('[CONFIG] globalConfigPath:', this.globalConfigPath);
+    logger.debug('[CONFIG] projectConfigPath:', this.projectConfigPath);
+    logger.debug('[CONFIG] 检查文件是否存在...');
+
     try {
       const globalConfig = this.readConfigFile(this.globalConfigPath);
+      logger.debug('[CONFIG] globalConfig 读取成功:', JSON.stringify(globalConfig, null, 2));
+
       this.settings = { ...DEFAULT_SETTINGS, ...globalConfig };
+      logger.debug('[CONFIG] 合并后的 settings:', JSON.stringify(this.settings, null, 2));
 
       if (this.projectConfigPath) {
         const projectConfig = this.readConfigFile(this.projectConfigPath);
+        logger.debug('[CONFIG] projectConfig 读取成功:', JSON.stringify(projectConfig, null, 2));
         this.settings = { ...this.settings, ...projectConfig };
       }
 
+      logger.debug('[CONFIG] 最终 settings.apiKey:', this.settings.apiKey ? this.settings.apiKey.substring(0, 30) + '...' : 'empty');
+      logger.debug('[CONFIG] 最终 settings.refreshToken:', this.settings.refreshToken ? 'exists' : 'empty');
+      logger.debug('[CONFIG] ========== load() 结束 ==========');
+
       return this.settings;
     } catch (error) {
-      logger.error('Failed to load config', 'Check if config files exist and are valid');
+      logger.debug('[CONFIG] load() 捕获到错误:', error instanceof Error ? error.message : String(error));
+      logger.debug('[CONFIG] ========== load() 结束 (使用默认值) ==========');
       return { ...DEFAULT_SETTINGS };
     }
   }
@@ -111,7 +125,7 @@ export class ConfigManager {
   }
 
   getAuthConfig() {
-    return {
+    const result = {
       type: this.settings.selectedAuthType,
       apiKey: this.settings.apiKey,
       refreshToken: this.settings.refreshToken,
@@ -121,10 +135,30 @@ export class ConfigManager {
       searchApiKey: this.settings.searchApiKey,
       showAIDebugInfo: this.settings.showAIDebugInfo
     };
+
+    logger.debug('[CONFIG] getAuthConfig() 返回:');
+    logger.debug('  - type:', result.type);
+    logger.debug('  - apiKey:', result.apiKey ? result.apiKey.substring(0, 30) + '...' : 'empty');
+    logger.debug('  - refreshToken:', result.refreshToken ? 'exists' : 'empty');
+    logger.debug('  - baseUrl:', result.baseUrl);
+    logger.debug('  - xagentApiBaseUrl:', result.xagentApiBaseUrl);
+
+    return result;
   }
 
-  async setAuthConfig(config: Partial<Settings>): Promise<void> {
-    Object.assign(this.settings, config);
+  async setAuthConfig(config: Partial<Settings> & { xagentApiBaseUrl?: string }): Promise<void> {
+    // Extract xagentApiBaseUrl separately since it's not in Settings
+    const { xagentApiBaseUrl, type, ...otherConfig } = config as any;
+    
+    // Map 'type' to 'selectedAuthType' (AuthConfig uses 'type', Settings uses 'selectedAuthType')
+    if (type !== undefined) {
+      this.settings.selectedAuthType = type;
+    }
+    
+    Object.assign(this.settings, otherConfig);
+    if (xagentApiBaseUrl !== undefined) {
+      this.settings.xagentApiBaseUrl = xagentApiBaseUrl;
+    }
     await this.save('global');
   }
 
@@ -221,7 +255,22 @@ export class ConfigManager {
   }
 
   getWorkspacePath(): string | undefined {
-    return this.settings.workspacePath;
+    if (this.settings.workspacePath) {
+      return this.settings.workspacePath;
+    }
+    // Auto-detect: ~/.xagent/workspace
+    const detectedPath = path.join(os.homedir(), '.xagent', 'workspace');
+    
+    // Ensure directory exists
+    try {
+      if (!fs.existsSync(detectedPath)) {
+        fs.mkdirSync(detectedPath, { recursive: true });
+      }
+    } catch {
+      // Ignore errors - caller will handle missing path
+    }
+    
+    return detectedPath;
   }
 
   setWorkspacePath(path: string): void {