codewhisper-agent 0.1.0

package/bin/cli.js

@@ -0,0 +1,347 @@
+#!/usr/bin/env node
+
+const Agent = require('../src/agent');
+const ConfigStore = require('../src/config-store');
+const { generateKeypair, deriveSharedSecret } = require('../src/crypto');
+
+// --- Parse CLI args ---
+const args = process.argv.slice(2);
+
+function printHelp() {
+  console.log(`
+  codewhisper-agent - Control AI coding CLIs from your phone
+
+  Usage:
+    codewhisper-agent [options]
+
+  Options:
+    --login               Pair with your phone using a pairing code
+    --name <name>         Agent name (default: project folder name)
+    --agent-id <id>       Agent ID (auto-generated if not set)
+    --user-id <id>        User ID (set via --login pairing)
+    --project <path>      Project directory path
+    --cli <claude|gemini> CLI type (default: claude)
+    --cli-path <path>     Custom CLI binary path
+    --backend <url>       Backend WebSocket URL
+    --permission <mode>   Permission mode: full|approve|readonly (default: full)
+    --allowed-tools <t>   Comma-separated tools for approve mode
+    --config              Show current config
+    --reset               Reset config to defaults
+    --help                Show this help
+  `);
+}
+
+function parseArgs() {
+  const opts = {};
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case '--name':         opts.agentName = args[++i]; break;
+      case '--agent-id':     opts.agentId = args[++i]; break;
+      case '--user-id':      opts.userId = args[++i]; break;
+      case '--project':      opts.projectPath = args[++i]; break;
+      case '--cli':          opts.cliType = args[++i]; break;
+      case '--cli-path':     opts.cliPath = args[++i]; break;
+      case '--backend':      opts.backendWsUrl = args[++i]; break;
+      case '--permission':   opts.permissionMode = args[++i]; break;
+      case '--allowed-tools': opts.allowedTools = args[++i]; break;
+      case '--login':        opts._login = true; break;
+      case '--config':       opts._showConfig = true; break;
+      case '--reset':        opts._reset = true; break;
+      case '--help': case '-h': printHelp(); process.exit(0);
+    }
+  }
+  return opts;
+}
+
+const opts = parseArgs();
+
+if (opts._reset) {
+  const fs = require('fs');
+  const path = require('path');
+  const os = require('os');
+  const configDir = path.join(os.homedir(), '.codewhisper');
+  const configFile = path.join(configDir, 'config.json');
+  const projectsDir = path.join(configDir, 'projects');
+  if (fs.existsSync(configFile)) fs.unlinkSync(configFile);
+  if (fs.existsSync(projectsDir)) fs.rmSync(projectsDir, { recursive: true });
+  console.log('Config reset to defaults.');
+  process.exit(0);
+}
+
+// Determine project path: CLI arg > CWD
+const projectPath = opts.projectPath || process.cwd();
+const configStore = new ConfigStore(projectPath);
+
+// Set projectPath in config if not already
+if (!configStore.get('projectPath')) {
+  configStore.set('projectPath', projectPath);
+}
+
+// Default agent name to project folder name if not set by flag or config
+const path = require('path');
+if (!opts.agentName && configStore.get('agentName') === 'my-pc') {
+  const folderName = path.basename(projectPath);
+  if (folderName) configStore.set('agentName', folderName);
+}
+
+// Merge CLI args into saved config
+const { _showConfig, _reset, _login, ...overrides } = opts;
+const cleanOverrides = Object.fromEntries(Object.entries(overrides).filter(([, v]) => v !== undefined));
+if (Object.keys(cleanOverrides).length > 0) {
+  configStore.setAll(cleanOverrides);
+}
+
+if (_showConfig) {
+  console.log('\nCurrent config:\n');
+  console.log(JSON.stringify(configStore.getAll(), null, 2));
+  process.exit(0);
+}
+
+// --- Pairing helpers ---
+
+function getBackendHttpUrl() {
+  const wsUrl = configStore.get('backendWsUrl');
+  return wsUrl.replace(/^wss:/, 'https:').replace(/^ws:/, 'http:');
+}
+
+function generateAgentId() {
+  const os = require('os');
+  const crypto = require('crypto');
+  const hostname = os.hostname().toLowerCase().replace(/[^a-z0-9]/g, '').slice(0, 12) || 'agent';
+  const suffix = crypto.randomBytes(2).toString('hex');
+  return `${hostname}-${suffix}`;
+}
+
+async function promptForCode() {
+  const readline = require('readline');
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question('\x1b[36m  Enter pairing code: \x1b[0m', (answer) => {
+      rl.close();
+      resolve(answer.trim().toUpperCase());
+    });
+  });
+}
+
+async function claimPairingCode(code, agentPublicKey) {
+  const baseUrl = getBackendHttpUrl();
+  const res = await fetch(`${baseUrl}/api/pairing/claim`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ code, agent_public_key: agentPublicKey || undefined }),
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    throw new Error(data.detail || 'Failed to claim pairing code');
+  }
+  return data;
+}
+
+async function generateAgentPairingCode(agentPublicKey) {
+  const baseUrl = getBackendHttpUrl();
+  const res = await fetch(`${baseUrl}/api/pairing/generate-for-agent`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ agent_public_key: agentPublicKey || undefined }),
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    throw new Error(data.detail || 'Failed to generate pairing code');
+  }
+  return data;
+}
+
+async function pollPairing(pairingId) {
+  const baseUrl = getBackendHttpUrl();
+  const res = await fetch(`${baseUrl}/api/pairing/poll/${pairingId}`);
+  const data = await res.json();
+  if (!res.ok) {
+    throw new Error(data.detail || 'Poll failed');
+  }
+  return data;
+}
+
+function displayQrCode(url) {
+  const qrcode = require('qrcode-terminal');
+  return new Promise((resolve) => {
+    qrcode.generate(url, { small: true }, (qr) => {
+      console.log(qr);
+      resolve();
+    });
+  });
+}
+
+async function qrLoginFlow() {
+  console.log('\n\x1b[36m  Generating pairing code...\x1b[0m\n');
+
+  // Generate X25519 keypair for E2E encryption
+  const kp = generateKeypair();
+  configStore.set('publicKey', kp.publicKey);
+  configStore.set('secretKey', kp.secretKey);
+
+  const { code, pairing_id, expires_at } = await generateAgentPairingCode(kp.publicKey);
+  const deepLink = `codewhisper://pair?code=${code}`;
+
+  // Display QR code
+  await displayQrCode(deepLink);
+
+  console.log(`  \x1b[36mScan the QR code above with CodeWhisper app\x1b[0m`);
+  console.log(`  \x1b[36mOr enter this code manually:\x1b[0m  \x1b[1;37m${code}\x1b[0m`);
+  console.log(`  \x1b[90mExpires: ${new Date(expires_at).toLocaleTimeString()}\x1b[0m\n`);
+  console.log('  Waiting for phone to claim...');
+
+  // Poll every 2 seconds
+  const POLL_INTERVAL = 2000;
+  const expiresMs = new Date(expires_at).getTime();
+
+  return new Promise((resolve, reject) => {
+    const interval = setInterval(async () => {
+      if (Date.now() > expiresMs) {
+        clearInterval(interval);
+        reject(new Error('Pairing code expired'));
+        return;
+      }
+      try {
+        const result = await pollPairing(pairing_id);
+        if (result.claimed && result.user_id) {
+          clearInterval(interval);
+          // Derive shared secret if phone sent its public key
+          if (result.phone_public_key) {
+            const shared = deriveSharedSecret(kp.secretKey, result.phone_public_key);
+            configStore.set('sharedSecret', shared);
+            console.log('  \x1b[32mE2E encryption enabled\x1b[0m');
+          }
+          resolve(result.user_id);
+        }
+      } catch {
+        // ignore poll errors, keep trying until expiry
+      }
+    }, POLL_INTERVAL);
+  });
+}
+
+async function loginFlow() {
+  console.log('\n\x1b[36m  Pairing with your phone...\x1b[0m\n');
+
+  // Try QR flow first, fall back to manual code entry
+  try {
+    const userId = await qrLoginFlow();
+    configStore.set('userId', userId);
+    if (!configStore.get('agentId')) {
+      configStore.set('agentId', generateAgentId());
+    }
+    console.log('\n\x1b[32m  ✓ Paired successfully!\x1b[0m');
+    console.log(`  User ID: ${userId}`);
+    console.log(`  Agent ID: ${configStore.get('agentId')}\n`);
+    return;
+  } catch (err) {
+    console.log(`\n\x1b[33m  QR pairing failed: ${err.message}\x1b[0m`);
+    console.log('  \x1b[33mFalling back to manual code entry...\x1b[0m\n');
+  }
+
+  // Manual fallback (original flow)
+  // Generate X25519 keypair for E2E encryption
+  const manualKp = generateKeypair();
+  configStore.set('publicKey', manualKp.publicKey);
+  configStore.set('secretKey', manualKp.secretKey);
+
+  console.log('  Open CodeWhisper on your phone and tap "Add Agent" to get a code.\n');
+  const code = await promptForCode();
+  if (!code) {
+    console.error('\n  No code entered. Exiting.');
+    process.exit(1);
+  }
+
+  try {
+    const result = await claimPairingCode(code, manualKp.publicKey);
+    configStore.set('userId', result.user_id);
+
+    // Derive shared secret if phone sent its public key
+    if (result.phone_public_key) {
+      const shared = deriveSharedSecret(manualKp.secretKey, result.phone_public_key);
+      configStore.set('sharedSecret', shared);
+      console.log('  \x1b[32mE2E encryption enabled\x1b[0m');
+    }
+
+    if (!configStore.get('agentId')) {
+      configStore.set('agentId', generateAgentId());
+    }
+
+    console.log('\n\x1b[32m  ✓ Paired successfully!\x1b[0m');
+    console.log(`  User ID: ${result.user_id}`);
+    console.log(`  Agent ID: ${configStore.get('agentId')}\n`);
+  } catch (err) {
+    console.error(`\n\x1b[31m  ✗ Pairing failed: ${err.message}\x1b[0m`);
+    process.exit(1);
+  }
+}
+
+// --- Main ---
+
+async function main() {
+  // Login if explicitly requested or if userId is missing
+  const needsLogin = _login || !configStore.get('userId');
+  if (needsLogin) {
+    await loginFlow();
+  }
+
+  // Auto-generate agentId if still missing
+  if (!configStore.get('agentId')) {
+    const agentId = generateAgentId();
+    configStore.set('agentId', agentId);
+  }
+
+  const config = configStore.getAll();
+
+  // --- Start agent ---
+  console.log(`
+╔═══════════════════════════════════════╗
+║         CodeWhisper Agent             ║
+╚═══════════════════════════════════════╝
+`);
+  console.log(`  Agent:   ${config.agentName} (${config.agentId})`);
+  console.log(`  CLI:     ${config.cliType}`);
+  console.log(`  Project: ${config.projectPath || '(not set)'}`);
+  console.log(`  Mode:    ${config.permissionMode || 'full'}`);
+  console.log(`  Backend: ${config.backendWsUrl}`);
+  console.log('');
+
+  const agent = new Agent(config, {
+    onConnected: () => {
+      console.log('\x1b[32m● Connected to backend\x1b[0m');
+      console.log('  Waiting for commands from your phone...\n');
+    },
+    onDisconnected: (reason) => {
+      console.log(`\x1b[31m● Disconnected: ${reason}\x1b[0m`);
+    },
+    onLog: (msg) => {
+      console.log(`  ${msg}`);
+    },
+    onActivity: (activity) => {
+      if (activity.type === 'command') {
+        console.log(`\n\x1b[36m▶ Command: ${activity.prompt}\x1b[0m`);
+      } else if (activity.type === 'completed') {
+        console.log(`\x1b[32m✓ Completed\x1b[0m\n`);
+      }
+    },
+  });
+
+  agent.start();
+
+  // Graceful shutdown
+  process.on('SIGINT', () => {
+    console.log('\nShutting down...');
+    agent.stop();
+    process.exit(0);
+  });
+
+  process.on('SIGTERM', () => {
+    agent.stop();
+    process.exit(0);
+  });
+}
+
+main().catch((err) => {
+  console.error(`\nFatal: ${err.message}`);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "codewhisper-agent",
+  "version": "0.1.0",
+  "description": "CLI agent for CodeWhisper - remotely control AI coding CLIs (Claude Code, Gemini CLI and more) from your mobile",
+  "main": "src/agent.js",
+  "bin": {
+    "codewhisper-agent": "./bin/cli.js"
+  },
+  "scripts": {
+    "start": "node bin/cli.js"
+  },
+  "keywords": [
+    "codewhisper",
+    "claude-code",
+    "gemini-cli",
+    "remote",
+    "mobile",
+    "ai",
+    "coding",
+    "agent"
+  ],
+  "author": "wecodeapps",
+  "license": "MIT",
+  "dependencies": {
+    "qrcode-terminal": "^0.12.0",
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1",
+    "ws": "^8.18.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "bin/",
+    "src/agent.js",
+    "src/config-store.js",
+    "src/crypto.js"
+  ]
+}

package/src/agent.js

@@ -0,0 +1,440 @@
+const { spawn, execFile } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const WebSocket = require('ws');
+const { encrypt, decrypt } = require('./crypto');
+
+class Agent {
+  constructor(config, callbacks) {
+    this._config = config;
+    this._cb = callbacks;
+    this._ws = null;
+    this._connected = false;
+    this._heartbeatTimer = null;
+    this._reconnectTimer = null;
+    this._currentProc = null;
+    this._cliReady = false;
+    this._cliVersion = '';
+    this._stopped = false;
+    this._sessionId = null; // Claude Code conversation ID for --resume
+  }
+
+  async start() {
+    this._stopped = false;
+    this._log('Agent starting...');
+    await this._setupCli();
+    if (!this._cliReady) {
+      this._cb.onDisconnected?.(`${this._config.cliType} CLI not found`);
+      return;
+    }
+    this._connect();
+  }
+
+  stop() {
+    this._stopped = true;
+    this._killProcess();
+    clearInterval(this._heartbeatTimer);
+    clearTimeout(this._reconnectTimer);
+    if (this._ws) {
+      this._ws.close();
+      this._ws = null;
+    }
+    this._connected = false;
+    this._log('Agent stopped');
+  }
+
+  getCliStatus() {
+    return { ready: this._cliReady, version: this._cliVersion, type: this._config.cliType };
+  }
+
+  // --- CLI ---
+
+  _getCliPath() {
+    return this._config.cliPath || this._config.cliType || 'claude';
+  }
+
+  _setupCli() {
+    return new Promise((resolve) => {
+      const cliPath = this._getCliPath();
+      execFile(cliPath, ['--version'], (err, stdout) => {
+        if (err) {
+          this._cliReady = false;
+          this._log(`${this._config.cliType} CLI not found at: ${cliPath}`);
+        } else {
+          this._cliReady = true;
+          this._cliVersion = stdout.trim();
+          this._log(`${this._config.cliType} CLI found: ${this._cliVersion}`);
+        }
+        resolve();
+      });
+    });
+  }
+
+  _buildCliArgs(prompt) {
+    if (this._config.cliType === 'gemini') {
+      return ['-p', prompt];
+    }
+    // Claude: --resume keeps the same conversation going
+    const args = ['-p', prompt, '--output-format', 'stream-json', '--verbose'];
+
+    // Permission mode
+    const mode = this._config.permissionMode || 'full';
+    if (mode === 'full') {
+      args.push('--dangerously-skip-permissions');
+    }
+    // 'approve' mode: no skip flag → Claude Code will need approval via allowedTools
+    // 'readonly' mode: add --permission-mode readonly (Claude Code blocks writes)
+
+    if (this._sessionId) {
+      args.push('--resume', this._sessionId);
+      this._log(`Resuming session: ${this._sessionId.substring(0, 8)}...`);
+    }
+
+    // Allowed tools for approve mode
+    if (mode === 'approve' && this._config.allowedTools) {
+      for (const tool of this._config.allowedTools.split(',').map(t => t.trim()).filter(Boolean)) {
+        args.push('--allowedTools', tool);
+      }
+    }
+
+    return args;
+  }
+
+  async *_executeCli(prompt) {
+    const cliPath = this._getCliPath();
+    const args = this._buildCliArgs(prompt);
+
+    this._log(`Executing: ${this._config.cliType} -p '${prompt.substring(0, 60)}'`);
+
+    const proc = spawn(cliPath, args, {
+      cwd: this._config.projectPath || undefined,
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+    this._currentProc = proc;
+
+    let buffer = '';
+    for await (const chunk of proc.stdout) {
+      buffer += chunk.toString();
+      const lines = buffer.split('\n');
+      buffer = lines.pop();
+
+      for (const line of lines) {
+        if (!line.trim()) continue;
+
+        if (this._config.cliType === 'claude') {
+          try {
+            const data = JSON.parse(line);
+            const content = this._extractContent(data);
+            if (content) yield content;
+          } catch {
+            yield line;
+          }
+        } else {
+          yield line;
+        }
+      }
+    }
+    if (buffer.trim()) yield buffer;
+
+    await new Promise((resolve) => {
+      if (proc.exitCode !== null) return resolve();
+      proc.on('close', resolve);
+    });
+    this._currentProc = null;
+  }
+
+  _extractContent(data) {
+    // Capture session ID from init or result events
+    if (data.session_id && !this._sessionId) {
+      this._sessionId = data.session_id;
+      this._log(`Session started: ${this._sessionId.substring(0, 8)}...`);
+    }
+    if (data.type === 'system' && data.session_id) {
+      this._sessionId = data.session_id;
+    }
+
+    if (data.type === 'assistant') {
+      const blocks = data.message?.content || [];
+      const parts = blocks.filter((b) => b.type === 'text').map((b) => b.text || '');
+      return parts.length ? parts.join('\n') : null;
+    }
+    if (data.type === 'result') {
+      // Result event may also contain session_id
+      if (data.session_id) this._sessionId = data.session_id;
+      return data.result || null;
+    }
+    return null;
+  }
+
+  _killProcess() {
+    if (this._currentProc && this._currentProc.exitCode === null) {
+      this._currentProc.kill('SIGTERM');
+      setTimeout(() => {
+        if (this._currentProc?.exitCode === null) this._currentProc.kill('SIGKILL');
+      }, 5000);
+      this._currentProc = null;
+    }
+  }
+
+  // --- Git ---
+
+  _gitRun(...args) {
+    return new Promise((resolve) => {
+      execFile('git', args, { cwd: this._config.projectPath || '.' }, (err, stdout, stderr) => {
+        if (err) resolve('');
+        else resolve(stdout.trim());
+      });
+    });
+  }
+
+  async _gitStatus() {
+    const [raw, branch] = await Promise.all([
+      this._gitRun('status', '--porcelain'),
+      this._gitRun('branch', '--show-current'),
+    ]);
+    const files = raw.split('\n').filter((l) => l.length >= 3).map((l) => ({
+      status: l.substring(0, 2).trim(),
+      path: l.substring(3),
+    }));
+    return { branch, files };
+  }
+
+  async _gitLog(limit = 10) {
+    const raw = await this._gitRun('log', `-${limit}`, '--pretty=format:%H||%an||%s||%ci');
+    return raw.split('\n').filter(Boolean).map((line) => {
+      const [hash, author, message, date] = line.split('||', 4);
+      return { hash: hash?.substring(0, 8), author, message, date };
+    }).filter((c) => c.date);
+  }
+
+  // --- WebSocket ---
+
+  _connect() {
+    if (this._stopped) return;
+
+    const params = new URLSearchParams({
+      user_id: this._config.userId,
+      name: this._config.agentName,
+      project_path: this._config.projectPath,
+      cli_type: this._config.cliType,
+    });
+    const url = `${this._config.backendWsUrl}/ws/agent/${this._config.agentId}?${params}`;
+
+    this._log(`Connecting to backend...`);
+    const ws = new WebSocket(url);
+    this._ws = ws;
+
+    ws.on('open', () => {
+      this._connected = true;
+      this._log('Connected to backend');
+      this._cb.onConnected?.();
+      this._startHeartbeat();
+    });
+
+    ws.on('message', (raw) => {
+      try {
+        const data = JSON.parse(raw.toString());
+        this._onMessage(data);
+      } catch {}
+    });
+
+    ws.on('close', () => {
+      this._connected = false;
+      this._stopHeartbeat();
+      this._cb.onDisconnected?.('Connection closed');
+      this._scheduleReconnect();
+    });
+
+    ws.on('error', (err) => {
+      this._connected = false;
+      this._stopHeartbeat();
+      this._cb.onDisconnected?.(err.message);
+      this._scheduleReconnect();
+    });
+  }
+
+  _scheduleReconnect() {
+    if (this._stopped) return;
+    this._reconnectTimer = setTimeout(() => this._connect(), this._config.reconnectInterval * 1000);
+  }
+
+  _send(message) {
+    if (this._ws?.readyState !== WebSocket.OPEN) return;
+
+    const sharedSecret = this._config.sharedSecret;
+    if (sharedSecret && message.type !== 'pong') {
+      const encrypted = encrypt(message.payload || {}, sharedSecret);
+      if (encrypted) {
+        this._ws.send(JSON.stringify({
+          type: message.type,
+          agent_id: this._config.agentId,
+          encrypted,
+        }));
+        return;
+      }
+    }
+    this._ws.send(JSON.stringify(message));
+  }
+
+  _startHeartbeat() {
+    this._stopHeartbeat();
+    this._heartbeatTimer = setInterval(() => this._send({ type: 'pong' }), this._config.heartbeatInterval * 1000);
+  }
+
+  _stopHeartbeat() {
+    clearInterval(this._heartbeatTimer);
+  }
+
+  // --- Message handling ---
+
+  _onMessage(data) {
+    // E2E decryption: if message has encrypted field, decrypt it
+    if (data.encrypted && this._config.sharedSecret) {
+      const decrypted = decrypt(data.encrypted, this._config.sharedSecret);
+      if (decrypted) {
+        data.payload = decrypted;
+      } else {
+        this._log('Failed to decrypt message');
+        return;
+      }
+    }
+
+    const payload = data.payload || {};
+
+    if (data.type === 'command') {
+      const cmdType = payload.command_type || 'natural_language';
+      if (cmdType.startsWith('git_')) {
+        this._handleGit(payload);
+      } else {
+        this._handleCommand(payload);
+      }
+    } else if (data.type === 'settings_sync' || data.type === 'settings_update') {
+      this._applySettings(payload);
+    } else if (data.type === 'ping') {
+      this._send({ type: 'pong' });
+    }
+  }
+
+  async _handleCommand(payload) {
+    const commandId = payload.command_id || '';
+    const prompt = payload.prompt || '';
+    const cmdType = payload.command_type || 'natural_language';
+
+    this._log(`Command received: type=${cmdType}, id=${commandId}`);
+    this._cb.onActivity?.({ type: 'command', prompt, commandId, time: new Date().toISOString() });
+
+    if (cmdType === 'kill') {
+      this._killProcess();
+      this._send({ type: 'completed', payload: { command_id: commandId, output: 'Cancelled' } });
+      return;
+    }
+
+    if (cmdType === 'new_session') {
+      this._sessionId = null;
+      this._log('Session reset — next command starts fresh');
+      this._send({ type: 'completed', payload: { command_id: commandId, output: 'New session started' } });
+      return;
+    }
+
+    if (cmdType === 'spawn_agent') {
+      this._handleSpawnAgent(payload);
+      return;
+    }
+
+    if (cmdType === 'stop_agent') {
+      this._send({ type: 'completed', payload: { command_id: commandId, output: 'Agent stopping' } });
+      setTimeout(() => process.exit(0), 500);
+      return;
+    }
+
+    if (!this._cliReady) {
+      this._send({ type: 'error', payload: { command_id: commandId, error: 'CLI not ready' } });
+      return;
+    }
+
+    const outputLines = [];
+    try {
+      for await (const chunk of this._executeCli(prompt)) {
+        outputLines.push(chunk);
+        this._send({ type: 'stream', payload: { command_id: commandId, line: chunk } });
+      }
+    } catch (e) {
+      this._send({ type: 'error', payload: { command_id: commandId, error: e.message } });
+      return;
+    }
+
+    this._send({ type: 'completed', payload: { command_id: commandId, output: outputLines.join('') } });
+    this._cb.onActivity?.({ type: 'completed', commandId, time: new Date().toISOString() });
+  }
+
+  _handleSpawnAgent(payload) {
+    const commandId = payload.command_id || '';
+    const projectPath = payload.project_path;
+
+    if (!projectPath || !fs.existsSync(projectPath)) {
+      this._send({ type: 'error', payload: { command_id: commandId, error: `Path not found: ${projectPath}` } });
+      return;
+    }
+
+    try {
+      const cliScript = path.resolve(__dirname, '..', 'bin', 'cli.js');
+      const args = [cliScript, '--project', projectPath];
+      if (payload.cli_type) args.push('--cli', payload.cli_type);
+      if (payload.agent_name) args.push('--name', payload.agent_name);
+
+      const child = spawn(process.execPath, args, {
+        detached: true,
+        stdio: 'ignore',
+        cwd: projectPath,
+      });
+      child.unref();
+
+      this._log(`Spawned child agent (PID ${child.pid}) for ${projectPath}`);
+      this._send({ type: 'completed', payload: { command_id: commandId, output: `Agent spawned for ${projectPath}` } });
+    } catch (e) {
+      this._send({ type: 'error', payload: { command_id: commandId, error: e.message } });
+    }
+  }
+
+  async _handleGit(payload) {
+    const cmdType = payload.command_type;
+
+    if (cmdType === 'git_status') {
+      const data = await this._gitStatus();
+      this._send({ type: 'status', payload: { git_status: data } });
+    } else if (cmdType === 'git_log') {
+      const data = await this._gitLog(payload.limit || 10);
+      this._send({ type: 'status', payload: { git_log: data } });
+    } else if (cmdType === 'git_diff') {
+      const [diff, staged] = await Promise.all([this._gitRun('diff'), this._gitRun('diff', '--staged')]);
+      this._send({ type: 'status', payload: { git_diff: diff, git_diff_staged: staged } });
+    }
+  }
+
+  _applySettings(settings) {
+    const keyMap = {
+      permission_mode: 'permissionMode',
+      allowed_tools: 'allowedTools',
+      cli_type: 'cliType',
+      cli_path: 'cliPath',
+      project_path: 'projectPath',
+      auto_connect: 'autoConnect',
+      reconnect_interval: 'reconnectInterval',
+      heartbeat_interval: 'heartbeatInterval',
+    };
+    for (const [dbKey, configKey] of Object.entries(keyMap)) {
+      if (settings[dbKey] !== undefined) {
+        this._config[configKey] = settings[dbKey];
+      }
+    }
+    this._log(`Settings synced from server`);
+    this._cb.onSettingsUpdate?.(this._config);
+  }
+
+  _log(msg) {
+    const ts = new Date().toISOString().substring(11, 19);
+    this._cb.onLog?.(`${ts} ${msg}`);
+  }
+}
+
+module.exports = Agent;

package/src/config-store.js

@@ -0,0 +1,106 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+const CONFIG_DIR = path.join(os.homedir(), '.codewhisper');
+const GLOBAL_FILE = path.join(CONFIG_DIR, 'config.json');
+const PROJECTS_DIR = path.join(CONFIG_DIR, 'projects');
+
+// Global keys — shared across all projects
+const GLOBAL_KEYS = ['userId', 'backendWsUrl', 'secretKey', 'publicKey', 'sharedSecret'];
+
+const DEFAULTS = {
+  agentName: 'my-pc',
+  agentId: '',
+  userId: '',
+  backendWsUrl: 'wss://codewhisper-api.onrender.com',
+  projectPath: '',
+  cliType: 'claude',
+  cliPath: '',
+  autoConnect: true,
+  permissionMode: 'full',  // full | approve | readonly
+  allowedTools: '',         // comma-separated for approve mode
+  reconnectInterval: 5,
+  heartbeatInterval: 30,
+};
+
+class ConfigStore {
+  constructor(projectPath) {
+    this._projectPath = projectPath || '';
+    this._ensureDirs();
+    this._config = this._load();
+  }
+
+  _ensureDirs() {
+    if (!fs.existsSync(CONFIG_DIR)) {
+      fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+    if (!fs.existsSync(PROJECTS_DIR)) {
+      fs.mkdirSync(PROJECTS_DIR, { recursive: true });
+    }
+  }
+
+  _projectFile() {
+    if (!this._projectPath) return null;
+    const hash = crypto.createHash('md5').update(this._projectPath).digest('hex').slice(0, 12);
+    return path.join(PROJECTS_DIR, `${hash}.json`);
+  }
+
+  _loadFile(filePath) {
+    try {
+      if (filePath && fs.existsSync(filePath)) {
+        return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+      }
+    } catch {}
+    return {};
+  }
+
+  _load() {
+    const global = this._loadFile(GLOBAL_FILE);
+    const project = this._loadFile(this._projectFile());
+    return { ...DEFAULTS, ...global, ...project };
+  }
+
+  _save() {
+    // Split config: global keys → global file, rest → project file
+    const globalData = this._loadFile(GLOBAL_FILE);
+    const projectData = {};
+
+    for (const [key, value] of Object.entries(this._config)) {
+      if (DEFAULTS[key] === undefined) continue; // skip unknown keys
+      if (GLOBAL_KEYS.includes(key)) {
+        globalData[key] = value;
+      } else {
+        projectData[key] = value;
+      }
+    }
+
+    fs.writeFileSync(GLOBAL_FILE, JSON.stringify(globalData, null, 2));
+
+    const projFile = this._projectFile();
+    if (projFile) {
+      fs.writeFileSync(projFile, JSON.stringify(projectData, null, 2));
+    }
+  }
+
+  getAll() {
+    return { ...this._config };
+  }
+
+  get(key) {
+    return this._config[key];
+  }
+
+  set(key, value) {
+    this._config[key] = value;
+    this._save();
+  }
+
+  setAll(config) {
+    this._config = { ...this._config, ...config };
+    this._save();
+  }
+}
+
+module.exports = ConfigStore;

package/src/crypto.js

@@ -0,0 +1,50 @@
+const nacl = require('tweetnacl');
+const { decodeBase64, encodeBase64, decodeUTF8, encodeUTF8 } = require('tweetnacl-util');
+
+function generateKeypair() {
+  const kp = nacl.box.keyPair();
+  return {
+    publicKey: encodeBase64(kp.publicKey),
+    secretKey: encodeBase64(kp.secretKey),
+  };
+}
+
+function deriveSharedSecret(mySecretKeyB64, theirPublicKeyB64) {
+  const mySecretKey = decodeBase64(mySecretKeyB64);
+  const theirPublicKey = decodeBase64(theirPublicKeyB64);
+  const shared = nacl.box.before(theirPublicKey, mySecretKey);
+  return encodeBase64(shared);
+}
+
+function encrypt(payloadObj, sharedKeyB64) {
+  const sharedKey = decodeBase64(sharedKeyB64);
+  const nonce = nacl.randomBytes(nacl.box.nonceLength);
+  const message = decodeUTF8(JSON.stringify(payloadObj));
+  const encrypted = nacl.box.after(message, nonce, sharedKey);
+  if (!encrypted) return null;
+
+  // Concatenate nonce + ciphertext, then base64 encode
+  const full = new Uint8Array(nonce.length + encrypted.length);
+  full.set(nonce);
+  full.set(encrypted, nonce.length);
+  return encodeBase64(full);
+}
+
+function decrypt(encryptedB64, sharedKeyB64) {
+  try {
+    const sharedKey = decodeBase64(sharedKeyB64);
+    const full = decodeBase64(encryptedB64);
+    if (full.length < nacl.box.nonceLength) return null;
+
+    const nonce = full.slice(0, nacl.box.nonceLength);
+    const ciphertext = full.slice(nacl.box.nonceLength);
+    const decrypted = nacl.box.open.after(ciphertext, nonce, sharedKey);
+    if (!decrypted) return null;
+
+    return JSON.parse(encodeUTF8(decrypted));
+  } catch {
+    return null;
+  }
+}
+
+module.exports = { generateKeypair, deriveSharedSecret, encrypt, decrypt };