coding-tool-x 3.5.6 → 3.5.7

package/dist/web/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" href="/favicon.ico">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>CC-TOOL - ClaudeCode增强工作助手</title>
-    <script type="module" crossorigin src="/assets/index-GuER-BmS.js"></script>
+    <script type="module" crossorigin src="/assets/index-CtByKdkA.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/markdown-DyTJGI4N.js">
     <link rel="modulepreload" crossorigin href="/assets/vue-vendor-aWwwFAao.js">
     <link rel="modulepreload" crossorigin href="/assets/vendors-Fza9uSYn.js">

package/docs/Caddyfile.example

@@ -0,0 +1,19 @@
+{
+  # Keep both HTTP and HTTPS available instead of redirecting all HTTP traffic.
+  auto_https disable_redirects
+}
+
+# Replace example.com with your public domain.
+http://example.com, https://example.com {
+  encode gzip zstd
+  reverse_proxy 127.0.0.1:19999
+}
+
+# If you only have an IP or internal hostname, Caddy can still terminate TLS:
+# browsers will continue to warn until Caddy's local CA is trusted on the client.
+#
+# http://203.0.113.10, https://203.0.113.10 {
+#   tls internal
+#   encode gzip zstd
+#   reverse_proxy 127.0.0.1:19999
+# }

package/docs/reverse-proxy-https.md

@@ -0,0 +1,57 @@
+# Reverse Proxy HTTPS
+
+This project can stay on its built-in local HTTP server while a reverse proxy provides external HTTPS access.
+
+Recommended topology:
+
+- Coding Tool listens on `127.0.0.1:19999`
+- Caddy listens on `80/443`
+- Caddy proxies both `http://<domain>` and `https://<domain>` to `127.0.0.1:19999`
+
+## Why this setup
+
+- The application keeps its existing local HTTP workflow.
+- HTTPS termination, certificate issuance, and renewal are handled by Caddy.
+- HTTP can remain available for compatibility because redirects are explicitly disabled.
+- WebSocket and API requests work correctly behind the proxy after the forwarded-header compatibility changes in this repo.
+
+## Deployment Steps
+
+1. Point your domain to the server.
+
+2. Open inbound ports `80` and `443`.
+
+3. Start Coding Tool on the server without `--host` so the app only listens locally:
+
+```bash
+ctx ui start
+```
+
+If you prefer foreground mode:
+
+```bash
+ctx ui
+```
+
+4. Copy [docs/Caddyfile.example](./Caddyfile.example), replace `example.com` with your real domain, then load it into Caddy.
+
+Example locations:
+
+```bash
+sudo cp docs/Caddyfile.example /etc/caddy/Caddyfile
+sudo editor /etc/caddy/Caddyfile
+sudo systemctl reload caddy
+```
+
+5. Verify all three paths you care about:
+
+- `http://<domain>` should stay reachable
+- `https://<domain>` should be reachable with TLS
+- `http://127.0.0.1:19999` should still work locally on the server
+
+## Notes
+
+- Browsers will still mark plain HTTP as not secure. Keeping HTTP enabled is only for compatibility.
+- To get a trusted browser padlock, use a real domain that Caddy can issue a public certificate for.
+- If you only have an IP address, you can use `tls internal` in Caddy for testing, but browsers will still warn until that CA is trusted manually.
+- A reverse proxy usually makes `ctx ui --host` unnecessary. Leaving the app on `127.0.0.1` is safer.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coding-tool-x",
-  "version": "3.5.6",
+  "version": "3.5.7",
   "description": "Vibe Coding 增强工作助手 - 智能会话管理、动态渠道切换、全局搜索、实时监控",
   "main": "src/index.js",
   "bin": {
@@ -67,6 +67,7 @@
     "ora": "^5.4.1",
     "pm2": "^6.0.14",
     "rxjs": "^7.8.2",
+    "selfsigned": "^3.0.1",
     "semver": "^7.6.0",
     "toml": "^3.0.0",
     "ws": "^8.18.3"

package/src/commands/daemon.js

@@ -3,6 +3,7 @@ const path = require('path');
 const chalk = require('chalk');
 const { loadConfig } = require('../config/loader');
 const { PATHS, ensureStorageDirMigrated } = require('../config/paths');
+const { isHttpsEnabled, getWebUiBaseUrl } = require('../server/services/web-ui-runtime');
 const {
   findProcessByPort,
   killProcessByPort,
@@ -117,6 +118,20 @@ function shouldStopPM2Process(status) {
   return !['stopped', 'errored', 'stopping', 'launching'].includes(String(status || '').toLowerCase());
 }
 
+function isHttpsEnabledForProcess(processInfo) {
+  const envProtocol = processInfo?.pm2_env?.env?.CC_TOOL_WEB_UI_PROTOCOL;
+  if (typeof envProtocol === 'string' && envProtocol.trim()) {
+    return String(envProtocol).trim().toLowerCase() === 'https';
+  }
+
+  const args = processInfo?.pm2_env?.args;
+  if (Array.isArray(args)) {
+    return args.includes('--https');
+  }
+
+  return String(args || '').includes('--https');
+}
+
 function getManagedPorts(config = loadConfig()) {
   return [
     config.ports?.webUI || 19999,
@@ -281,10 +296,14 @@ async function handleStart() {
 
     // 检查是否启用 LAN 访问 (--host 标志)
     const enableHost = process.argv.includes('--host');
+    const enableHttps = isHttpsEnabled();
     const pmArgs = ['ui', '--daemon'];
     if (enableHost) {
       pmArgs.push('--host');
     }
+    if (enableHttps) {
+      pmArgs.push('--https');
+    }
     require('fs').mkdirSync(PATHS.logs, { recursive: true });
 
     // 启动 PM2 进程
@@ -297,7 +316,8 @@ async function handleStart() {
       max_memory_restart: '500M',
       env: {
         NODE_ENV: 'production',
-        CC_TOOL_PORT: port
+        CC_TOOL_PORT: port,
+        CC_TOOL_WEB_UI_PROTOCOL: enableHttps ? 'https' : 'http'
       },
       output: path.join(PATHS.logs, 'cc-tool-out.log'),
       error: path.join(PATHS.logs, 'cc-tool-out.log'),
@@ -335,10 +355,13 @@ async function handleStart() {
       }
 
       console.log(chalk.green('\n[OK] Coding-Tool 服务已启动（后台运行）\n'));
-      console.log(chalk.gray(`Web UI: http://localhost:${port}`));
+      console.log(chalk.gray(`Web UI: ${getWebUiBaseUrl(port, {
+        https: enableHttps,
+        hostname: enableHttps ? '127.0.0.1' : 'localhost'
+      })}`));
       printPortToolIssue(readyState.degradedPortCheckIssue);
       if (enableHost) {
-        console.log(chalk.yellow(`[WARN]  LAN 访问已启用 (http://<your-ip>:${port})`));
+        console.log(chalk.yellow(`[WARN]  LAN 访问已启用 (${enableHttps ? 'https' : 'http'}://<your-ip>:${port})`));
       }
       console.log(chalk.gray('\n可以安全关闭此终端窗口'));
       console.log(chalk.gray('\n常用命令:'));
@@ -431,8 +454,12 @@ async function handleStatus() {
     // UI 服务状态
     console.log(chalk.bold('[UI] Web UI 服务:'));
     if (existing && existing.pm2_env.status === 'online') {
+      const httpsEnabled = isHttpsEnabledForProcess(existing);
       console.log(chalk.green('  [OK] 状态: 运行中'));
-      console.log(chalk.gray(`  [NET] 地址: http://localhost:${config.ports?.webUI || 19999}`));
+      console.log(chalk.gray(`  [NET] 地址: ${getWebUiBaseUrl(config.ports?.webUI || 19999, {
+        https: httpsEnabled,
+        hostname: httpsEnabled ? '127.0.0.1' : 'localhost'
+      })}`));
       console.log(chalk.gray(`  [KEY] 进程 ID: ${existing.pid}`));
       console.log(chalk.gray(`  [TIMER]  运行时长: ${formatUptime(existing.pm2_env.pm_uptime)}`));
       console.log(chalk.gray(`  [SAVE] 内存使用: ${formatMemory(existing.monit?.memory)}`));
@@ -514,6 +541,7 @@ module.exports = {
   _test: {
     shouldTreatPortOwnershipAsReady,
     getManagedPorts,
-    shouldStopPM2Process
+    shouldStopPM2Process,
+    isHttpsEnabledForProcess
   }
 };

package/src/commands/ui.js

@@ -3,6 +3,7 @@ const { startServer } = require('../server');
 const open = require('open');
 const { getProxyStatus } = require('../server/proxy-server');
 const { loadConfig } = require('../config/loader');
+const { isHttpsEnabled, getWebUiBaseUrl } = require('../server/services/web-ui-runtime');
 
 async function handleUI() {
   // 检查是否为 daemon 模式（PM2 启动）
@@ -11,6 +12,8 @@ async function handleUI() {
   // 检查是否启用 LAN 访问 (--host 标志)
   const enableHost = process.argv.includes('--host');
   const host = enableHost ? '0.0.0.0' : '127.0.0.1';
+  const httpsEnabled = isHttpsEnabled();
+  process.env.CC_TOOL_WEB_UI_PROTOCOL = httpsEnabled ? 'https' : 'http';
 
   if (!isDaemon) {
     console.clear();
@@ -18,15 +21,21 @@ async function handleUI() {
     if (enableHost) {
       console.log(chalk.yellow('[WARN]  LAN 访问已启用 (--host)\n'));
     }
+    if (httpsEnabled) {
+      console.log(chalk.yellow('[LOCK]  已启用原生 HTTPS (--https)\n'));
+    }
   }
 
   // 从配置加载端口
   const config = loadConfig();
   const port = config.ports?.webUI || 19999;
-  const url = `http://localhost:${port}`;
+  const url = getWebUiBaseUrl(port, {
+    https: httpsEnabled,
+    hostname: httpsEnabled ? '127.0.0.1' : 'localhost'
+  });
 
   try {
-    await startServer(port, host);
+    await startServer(port, host, { https: httpsEnabled });
 
     // 自动打开浏览器（仅非 daemon 模式）
     if (!isDaemon) {
@@ -87,7 +96,7 @@ async function handleUI() {
       console.log(chalk.gray('按 Ctrl+C 停止服务器'));
     } else {
       // Daemon 模式：保持运行
-      console.log(chalk.green(`[OK] Coding-Tool 服务已在后台启动 (端口: ${port})`));
+      console.log(chalk.green(`[OK] Coding-Tool 服务已在后台启动 (${httpsEnabled ? 'HTTPS' : 'HTTP'}, 端口: ${port})`));
     }
 
   } catch (error) {

package/src/config/paths.js

@@ -450,6 +450,12 @@ const PATHS = {
 
   // 脚本
   notifyHook: path.join(SCRIPTS_DIR, 'notify-hook.js'),
+  https: {
+    dir: path.join(CONFIG_DIR, 'https'),
+    key: path.join(CONFIG_DIR, 'https', 'localhost-key.pem'),
+    cert: path.join(CONFIG_DIR, 'https', 'localhost-cert.pem'),
+    meta: path.join(CONFIG_DIR, 'https', 'localhost-meta.json')
+  },
 
   // 技能与插件（cc-tool 托管部分）
   localSkills: {

package/src/index.js

@@ -19,6 +19,7 @@ const eventBus = require('./plugins/event-bus');
 const chalk = require('chalk');
 const path = require('path');
 const fs = require('fs');
+let processHandlersRegistered = false;
 
 function getInquirer() {
   return require('inquirer');
@@ -36,35 +37,66 @@ function showHelp() {
   const version = getVersion();
   console.log(chalk.cyan.bold(`\nCODING-TOOL v${version}`));
   console.log(chalk.gray('Vibe Coding 增强工作助手 - 智能会话管理、动态渠道切换、全局搜索、实时监控\n'));
+  console.log(chalk.gray('用法: ctx [command] [options]'));
+  console.log(chalk.gray('不带参数时进入交互菜单；输入未知命令时会直接报错。\n'));
 
   console.log(chalk.yellow('[START] 服务管理:'));
   console.log('  ctx start               启动所有服务（后台运行）');
   console.log('  ctx start --host        启动所有服务（后台运行，允许 LAN 访问）');
+  console.log('  ctx start --https       启动所有服务（后台运行，原生 HTTPS）');
   console.log('  ctx stop                停止所有服务');
   console.log('  ctx restart             重启所有服务');
   console.log('  ctx status              查看服务状态\n');
 
   console.log(chalk.yellow('[UI] UI 管理:'));
   console.log('  ctx ui                  前台启动 Web UI（仅本地访问）');
+  console.log('  ctx ui --https          前台启动 Web UI（原生 HTTPS）');
   console.log('  ctx ui --host           前台启动 Web UI（允许 LAN 访问）');
-  console.log('  ctx ui start            后台启动 Web UI');
+  console.log('  ctx ui start            后台启动 Web UI（等同于 ctx start）');
+  console.log('  ctx ui start --https    后台启动 Web UI（原生 HTTPS）');
   console.log('  ctx ui start --host     后台启动 Web UI（允许 LAN 访问）');
   console.log('  ctx ui stop             停止 Web UI');
   console.log('  ctx ui restart          重启 Web UI\n');
 
-  console.log(chalk.yellow('[PROXY] 代理管理:'));
+  console.log(chalk.yellow('[CHANNEL] 渠道代理管理:'));
   console.log('  ctx claude start        启动 Claude 代理');
   console.log('  ctx claude stop         停止 Claude 代理');
+  console.log('  ctx claude restart      重启 Claude 代理');
   console.log('  ctx claude status       查看 Claude 代理状态');
   console.log('  ctx codex start         启动 Codex 代理');
+  console.log('  ctx codex stop          停止 Codex 代理');
+  console.log('  ctx codex restart       重启 Codex 代理');
+  console.log('  ctx codex status        查看 Codex 代理状态');
   console.log('  ctx gemini start        启动 Gemini 代理');
+  console.log('  ctx gemini stop         停止 Gemini 代理');
+  console.log('  ctx gemini restart      重启 Gemini 代理');
+  console.log('  ctx gemini status       查看 Gemini 代理状态');
   console.log('  ctx opencode start      启动 OpenCode 代理');
-  console.log(chalk.gray('  (codex/gemini/opencode 命令与 claude 类似)\n'));
+  console.log('  ctx opencode stop       停止 OpenCode 代理');
+  console.log('  ctx opencode restart    重启 OpenCode 代理');
+  console.log('  ctx opencode status     查看 OpenCode 代理状态\n');
+
+  console.log(chalk.yellow('[PROXY] 旧版代理命令:'));
+  console.log('  ctx proxy               启动旧版 Claude 代理');
+  console.log('  ctx proxy start         启动旧版 Claude 代理');
+  console.log('  ctx proxy stop          停止旧版 Claude 代理并恢复配置');
+  console.log('  ctx proxy status        查看旧版 Claude 代理状态\n');
+
+  console.log(chalk.yellow('[COMPAT] 兼容命令:'));
+  console.log('  ctx daemon start        等同于 ctx start');
+  console.log('  ctx daemon stop         等同于 ctx stop');
+  console.log('  ctx daemon restart      等同于 ctx restart');
+  console.log('  ctx daemon status       等同于 ctx status');
+  console.log('  ctx daemon logs         查看 UI 日志');
+  console.log('  ctx daemon logs --follow  实时跟踪 UI 日志\n');
 
   console.log(chalk.yellow('[LOG] 日志管理:'));
   console.log('  ctx logs                查看所有日志');
   console.log('  ctx logs ui             查看 UI 日志');
   console.log('  ctx logs claude         查看 Claude 日志');
+  console.log('  ctx logs codex          查看 Codex 日志');
+  console.log('  ctx logs gemini         查看 Gemini 日志');
+  console.log('  ctx logs opencode       查看 OpenCode 日志');
   console.log('  ctx logs --lines 100    查看最近 100 行');
   console.log('  ctx logs --follow       实时跟踪日志');
   console.log('  ctx logs --clear        清空日志\n');
@@ -73,18 +105,24 @@ function showHelp() {
   console.log('  ctx stats               查看总体统计');
   console.log('  ctx stats claude        查看 Claude 统计');
   console.log('  ctx stats --today       查看今日统计');
+  console.log('  ctx stats --week        查看最近 7 天统计');
+  console.log('  ctx stats --month       查看最近 30 天统计');
   console.log('  ctx stats export        导出统计数据\n');
 
   console.log(chalk.yellow('[TOOL]  其他命令:'));
   console.log('  ctx update              检查并更新到最新版本');
+  console.log('  ctx update --check      仅检查更新，不执行安装');
   console.log('  ctx doctor              系统诊断');
   console.log('  ctx port                配置端口');
   console.log('  ctx reset               重置配置');
   console.log('  ctx security reset      关闭访问密码');
+  console.log('  ctx security disable    关闭访问密码（别名）');
+  console.log('  ctx security off        关闭访问密码（别名）');
+  console.log('  ctx help                显示帮助');
   console.log('  ctx --version, -v       显示版本');
   console.log('  ctx --help, -h          显示帮助\n');
 
-  console.log(chalk.yellow('[PROXY] 插件管理:'));
+  console.log(chalk.yellow('[PLUGIN] 插件管理:'));
   console.log('  ctx plugin list         列出已安装插件');
   console.log('  ctx plugin install <url>  从 Git 安装插件');
   console.log('  ctx plugin remove <name>  卸载插件');
@@ -112,21 +150,44 @@ function showHelp() {
   console.log(chalk.gray('  问题: https://github.com/ZeaoZhang/coding-tool/issues\n'));
 }
 
-// 全局错误处理
-process.on('uncaughtException', (err) => {
-  // 忽略终端相关的错误（通常在 Ctrl+C 时发生）
-  if (err.code === 'EIO' || err.code === 'ENOTTY' || err.code === 'EPIPE') {
-    process.exit(0);
+function registerProcessHandlers() {
+  if (processHandlersRegistered) {
+    return;
   }
-  throw err;
-});
 
-// 处理 SIGINT 信号（Ctrl+C）
-process.on('SIGINT', async () => {
-  eventBus.emitSync('cli:shutdown', {});
-  PluginManager.shutdownPlugins();
-  process.exit(0);
-});
+  processHandlersRegistered = true;
+
+  process.on('uncaughtException', (err) => {
+    // 忽略终端相关的错误（通常在 Ctrl+C 时发生）
+    if (err.code === 'EIO' || err.code === 'ENOTTY' || err.code === 'EPIPE') {
+      process.exit(0);
+    }
+    throw err;
+  });
+
+  process.on('SIGINT', async () => {
+    eventBus.emitSync('cli:shutdown', {});
+    PluginManager.shutdownPlugins();
+    process.exit(0);
+  });
+}
+
+function exitWithError(code = 1) {
+  process.exit(code);
+}
+
+function showUnknownCommand(command) {
+  console.error(chalk.red(`\n[ERROR] 未知命令: ${command}\n`));
+  console.log(chalk.gray('使用 ctx --help 查看完整帮助\n'));
+}
+
+function showUnknownSubcommand(command, subCommand, supportedText) {
+  console.error(chalk.red(`\n[ERROR] 未知 ${command} 子命令: ${subCommand}\n`));
+  if (supportedText) {
+    console.log(chalk.gray(`${supportedText}\n`));
+  }
+  console.log(chalk.gray('使用 ctx --help 查看完整帮助\n'));
+}
 
 /**
  * 主函数
@@ -144,7 +205,7 @@ async function main() {
   }
 
   // --help 或 -h - 显示帮助信息
-  if (args[0] === '--help' || args[0] === '-h') {
+  if (args[0] === '--help' || args[0] === '-h' || args[0] === 'help') {
     showHelp();
     return;
   }
@@ -185,8 +246,8 @@ async function main() {
       return;
     }
 
-    console.log(chalk.red(`\n[ERROR] 未知 daemon 子命令: ${subCommand}\n`));
-    console.log(chalk.gray('支持的命令: start, stop, restart, status, logs\n'));
+    showUnknownSubcommand('daemon', subCommand, '支持的命令: start, stop, restart, status, logs');
+    exitWithError(1);
     return;
   }
 
@@ -236,16 +297,18 @@ async function main() {
   // ui 命令 - Web UI 管理
   if (args[0] === 'ui') {
     const subCommand = args[1];
-    if (subCommand === 'start') {
+    if (!subCommand || subCommand.startsWith('--')) {
+      const { handleUI } = require('./commands/ui');
+      await handleUI();
+    } else if (subCommand === 'start') {
       await handleStart();  // UI start 实际上就是启动整个服务
     } else if (subCommand === 'stop') {
       await handleStop();
     } else if (subCommand === 'restart') {
       await handleRestart();
     } else {
-      // 默认前台运行
-      const { handleUI } = require('./commands/ui');
-      await handleUI();
+      showUnknownSubcommand('ui', subCommand, '支持的命令: start, stop, restart，或直接使用 ctx ui [--host] [--https]');
+      exitWithError(1);
     }
     return;
   }
@@ -272,6 +335,7 @@ async function main() {
       default:
         console.log(chalk.red(`\n[ERROR] 未知操作: ${action}\n`));
         console.log(chalk.gray('支持的操作: start, stop, restart, status\n'));
+        exitWithError(1);
     }
     return;
   }
@@ -357,8 +421,8 @@ async function main() {
         return;
 
       default:
-        // 默认执行 start
-        await handleProxyStart();
+        showUnknownSubcommand('proxy', subCommand, '支持的命令: start, stop, status');
+        exitWithError(1);
         return;
     }
   }
@@ -375,15 +439,17 @@ async function main() {
 
   // 初始化插件系统
   const pluginResult = PluginManager.initializePlugins({ config, args });
-  if (pluginResult.loaded > 0) {
+  const isPluginCommand = args[0] && PluginManager.isPluginCommand(args[0]);
+  const shouldShowPluginInitSummary = !args[0] || isPluginCommand;
+  if (shouldShowPluginInitSummary && pluginResult.loaded > 0) {
     console.log(chalk.gray(`[Plugin] 已加载 ${pluginResult.loaded} 个插件`));
   }
-  if (pluginResult.failed.length > 0) {
+  if (shouldShowPluginInitSummary && pluginResult.failed.length > 0) {
     console.log(chalk.yellow(`[Plugin] ${pluginResult.failed.length} 个插件加载失败`));
   }
 
   // 检查是否为插件注册的命令
-  if (args[0] && PluginManager.isPluginCommand(args[0])) {
+  if (isPluginCommand) {
     eventBus.emitSync('cli:command:before', { command: args[0], args: args.slice(1), config });
     const result = await PluginManager.executePluginCommand(args[0], args.slice(1));
     eventBus.emitSync('cli:command:after', { command: args[0], args: args.slice(1), result });
@@ -394,6 +460,12 @@ async function main() {
     return;
   }
 
+  if (args[0]) {
+    showUnknownCommand(args[0]);
+    exitWithError(1);
+    return;
+  }
+
   while (true) {
     // 显示主菜单
     const { showMainMenu } = require('./ui/menu');
@@ -685,8 +757,26 @@ async function main() {
   }
 }
 
-// 启动应用
-main().catch((error) => {
-  console.error('程序出错:', error);
-  process.exit(1);
-});
+async function runCli() {
+  registerProcessHandlers();
+  await main();
+}
+
+if (require.main === module) {
+  runCli().catch((error) => {
+    console.error('程序出错:', error);
+    process.exit(1);
+  });
+}
+
+module.exports = {
+  main,
+  runCli,
+  showHelp,
+  getVersion,
+  _test: {
+    showUnknownCommand,
+    showUnknownSubcommand,
+    registerProcessHandlers
+  }
+};

package/src/server/index.js

@@ -1,4 +1,5 @@
 const express = require('express');
+const https = require('https');
 const path = require('path');
 const chalk = require('chalk');
 const { loadConfig } = require('../config/loader');
@@ -23,6 +24,8 @@ const { startGeminiProxyServer } = require('./gemini-proxy-server');
 const { startOpenCodeProxyServer, collectProxyModelList } = require('./opencode-proxy-server');
 const { createRemoteMutationGuard, isRemoteMutationAllowed } = require('./services/network-access');
 const { createApiRequestLogger } = require('./services/request-logger');
+const { getLocalHttpsCredentials } = require('./services/https-cert');
+const { getWebUiProtocol, isHttpsEnabled, getWebUiBaseUrl, getWebSocketBaseUrl } = require('./services/web-ui-runtime');
 
 function getInquirer() {
   return require('inquirer');
@@ -59,6 +62,8 @@ function printPortToolIssue(issue = getPortToolIssue()) {
 async function startServer(port, host = '127.0.0.1', options = {}) {
   ensureStorageDirMigrated();
   const config = loadConfig();
+  const webUiProtocol = getWebUiProtocol({ https: options.https });
+  const httpsEnabled = isHttpsEnabled({ protocol: webUiProtocol });
   // 使用配置的端口，如果没有传入参数
   if (!port) {
     port = config.ports?.webUI || 19999;
@@ -247,7 +252,18 @@ async function startServer(port, host = '127.0.0.1', options = {}) {
   }
 
   // Start server（确保监听成功后才返回，避免命令误报“已启动”）
-  const server = app.listen(port, host);
+  let httpsCertificate = null;
+  const server = httpsEnabled
+    ? (() => {
+      httpsCertificate = getLocalHttpsCredentials();
+      const httpsServer = https.createServer({
+        key: httpsCertificate.key,
+        cert: httpsCertificate.cert
+      }, app);
+      httpsServer.listen(port, host);
+      return httpsServer;
+    })()
+    : app.listen(port, host);
   await new Promise((resolve) => {
     const onListening = () => {
       server.off('error', onError);
@@ -274,15 +290,19 @@ async function startServer(port, host = '127.0.0.1', options = {}) {
   console.log(`\n[START] Coding-Tool Web UI running at:`);
   if (host === '0.0.0.0') {
     console.log(chalk.yellow(`   [WARN]  警告: 服务正在监听所有网络接口 (LAN 可访问)`));
-    console.log(`   http://localhost:${port}`);
-    console.log(chalk.gray(`   http://<your-ip>:${port} (LAN 访问)`));
+    console.log(`   ${getWebUiBaseUrl(port, { protocol: webUiProtocol })}`);
+    console.log(chalk.gray(`   ${webUiProtocol}://<your-ip>:${port} (LAN 访问)`));
   } else {
-    console.log(`   http://localhost:${port}`);
+    console.log(`   ${getWebUiBaseUrl(port, { protocol: webUiProtocol })}`);
   }
 
   // 附加 WebSocket 服务器到同一个端口
   attachWebSocketServer(server, { host });
-  console.log(`   ws://localhost:${port}/ws\n`);
+  console.log(`   ${getWebSocketBaseUrl(port, { protocol: webUiProtocol })}/ws\n`);
+
+  if (httpsEnabled && httpsCertificate?.generated) {
+    console.log(chalk.gray(`   [LOCK] 已生成本地 HTTPS 证书: ${httpsCertificate.certPath}`));
+  }
 
   if (host === '0.0.0.0' && !allowRemoteMutation) {
     console.log(chalk.yellow('   [LOCK] 已禁用 LAN 远程写操作 (CC_TOOL_ALLOW_REMOTE_WRITE=false)'));