connectbase-client 3.25.0 → 3.25.1

package/dist/cli.js

@@ -6,6 +6,10 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
@@ -22,15 +26,114 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
   mod
 ));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/cli.ts
-var fs = __toESM(require("fs"));
-var path = __toESM(require("path"));
+var cli_exports = {};
+__export(cli_exports, {
+  computeDeployDiff: () => computeDeployDiff,
+  normalizeRelativePath: () => normalizeRelativePath,
+  parseArgs: () => parseArgs,
+  registerEndpointBinding: () => registerEndpointBinding,
+  sha256Hex: () => sha256Hex
+});
+module.exports = __toCommonJS(cli_exports);
+var fs2 = __toESM(require("fs"));
+var path2 = __toESM(require("path"));
 var crypto = __toESM(require("crypto"));
 var https = __toESM(require("https"));
 var http = __toESM(require("http"));
 var readline = __toESM(require("readline"));
-var VERSION = "3.25.0";
+
+// src/tunnel-utils.ts
+var fs = __toESM(require("fs"));
+var path = __toESM(require("path"));
+var os = __toESM(require("os"));
+function getTunnelLockDir() {
+  const platform2 = os.platform();
+  if (platform2 === "darwin") {
+    return path.join(os.homedir(), "Library", "Application Support", "connectbase", "tunnel-locks");
+  } else if (platform2 === "win32") {
+    return path.join(process.env.LOCALAPPDATA || path.join(os.homedir(), "AppData", "Local"), "connectbase", "tunnel-locks");
+  }
+  const stateHome = process.env.XDG_STATE_HOME || path.join(os.homedir(), ".local", "state");
+  return path.join(stateHome, "connectbase", "tunnel-locks");
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (e) {
+    return e.code === "EPERM";
+  }
+}
+function acquireTunnelLock(appID, port, force, version) {
+  const lockDir = getTunnelLockDir();
+  fs.mkdirSync(lockDir, { recursive: true });
+  const lockPath = path.join(lockDir, `${appID}-${port}.lock`);
+  const lockData = {
+    pid: process.pid,
+    startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    appID,
+    port,
+    host: os.hostname(),
+    version
+  };
+  if (!force) {
+    try {
+      const fd = fs.openSync(lockPath, "wx");
+      fs.writeSync(fd, JSON.stringify(lockData, null, 2));
+      fs.closeSync(fd);
+      return lockPath;
+    } catch (e) {
+      if (e.code !== "EEXIST") {
+        return null;
+      }
+    }
+    try {
+      const existing = JSON.parse(fs.readFileSync(lockPath, "utf-8"));
+      if (isProcessAlive(existing.pid)) {
+        return `LOCKED:${existing.pid}:${existing.startedAt}:${existing.host}`;
+      }
+    } catch {
+    }
+  }
+  fs.writeFileSync(lockPath, JSON.stringify(lockData, null, 2));
+  return lockPath;
+}
+function releaseTunnelLock(lockPath) {
+  try {
+    fs.unlinkSync(lockPath);
+  } catch {
+  }
+}
+function handleTunnelError(msg, appId, localPort) {
+  if (msg.code === "replaced") {
+    return {
+      action: "exit",
+      message: `\u26A0  \uB2E4\uB978 \uC138\uC158\uC774 \uAC19\uC740 \uC571+\uD3EC\uD2B8(${appId}:${localPort})\uB85C \uC5F0\uACB0\uB418\uC5B4 \uC774 \uC138\uC158\uC774 \uC885\uB8CC\uB429\uB2C8\uB2E4. \uB3D9\uC77C \uBA38\uC2E0\uC5D0\uC11C \uB450 \uBC88 \uC2E4\uD589\uD558\uC9C0 \uB9C8\uC138\uC694.`,
+      exitCode: 1
+    };
+  }
+  return {
+    action: "warn",
+    message: `\uD130\uB110 \uC5D0\uB7EC: ${msg.error || msg.message || "\uC54C \uC218 \uC5C6\uB294 \uC5D0\uB7EC"}`
+  };
+}
+
+// src/cli.ts
+function getPackageVersion() {
+  try {
+    const pkgPath = path2.join(__dirname, "..", "package.json");
+    if (fs2.existsSync(pkgPath)) {
+      const pkg = JSON.parse(fs2.readFileSync(pkgPath, "utf-8"));
+      return pkg.version || "0.0.0";
+    }
+  } catch {
+  }
+  return "3.25.1";
+}
+var VERSION = getPackageVersion();
 var DEFAULT_BASE_URL = "https://api.connectbase.world";
 var colors = {
   reset: "\x1B[0m",
@@ -111,17 +214,27 @@ var BINARY_EXTENSIONS = /* @__PURE__ */ new Set([
   ".zip",
   ".wasm"
 ]);
+function sha256Hex(value) {
+  return crypto.createHash("sha256").update(value, "utf8").digest("hex");
+}
+function normalizeRelativePath(relativePath) {
+  let p = relativePath.replace(/\\/g, "/");
+  if (!p.startsWith("/")) p = `/${p}`;
+  return p;
+}
 function loadConfig() {
   const config = {
-    apiKey: process.env.CONNECTBASE_API_KEY,
+    publicKey: process.env.CONNECTBASE_PUBLIC_KEY,
+    secretKey: process.env.CONNECTBASE_SECRET_KEY,
     storageId: process.env.CONNECTBASE_STORAGE_ID,
     baseUrl: process.env.CONNECTBASE_BASE_URL || DEFAULT_BASE_URL
   };
-  const rcPath = path.join(process.cwd(), ".connectbaserc");
-  if (fs.existsSync(rcPath)) {
+  const rcPath = path2.join(process.cwd(), ".connectbaserc");
+  if (fs2.existsSync(rcPath)) {
     try {
-      const rcContent = JSON.parse(fs.readFileSync(rcPath, "utf-8"));
-      if (rcContent.apiKey) config.apiKey = rcContent.apiKey;
+      const rcContent = JSON.parse(fs2.readFileSync(rcPath, "utf-8"));
+      if (rcContent.publicKey) config.publicKey = rcContent.publicKey;
+      if (rcContent.secretKey) config.secretKey = rcContent.secretKey;
       if (rcContent.storageId) config.storageId = rcContent.storageId;
       if (rcContent.baseUrl) config.baseUrl = rcContent.baseUrl;
       if (rcContent.deployDir) config.deployDir = rcContent.deployDir;
@@ -133,16 +246,16 @@ function loadConfig() {
 }
 function collectFiles(dir, baseDir = dir) {
   const files = [];
-  const entries = fs.readdirSync(dir, { withFileTypes: true });
+  const entries = fs2.readdirSync(dir, { withFileTypes: true });
   for (const entry of entries) {
-    const fullPath = path.join(dir, entry.name);
-    const relativePath = path.relative(baseDir, fullPath);
+    const fullPath = path2.join(dir, entry.name);
+    const relativePath = path2.relative(baseDir, fullPath);
     if (entry.isDirectory()) {
       if (!entry.name.startsWith(".")) {
         files.push(...collectFiles(fullPath, baseDir));
       }
     } else if (entry.isFile()) {
-      const ext = path.extname(entry.name).toLowerCase();
+      const ext = path2.extname(entry.name).toLowerCase();
       if (!ALLOWED_EXTENSIONS.has(ext)) {
         continue;
       }
@@ -152,15 +265,16 @@ function collectFiles(dir, baseDir = dir) {
       const isBinary = BINARY_EXTENSIONS.has(ext);
       let content;
       if (isBinary) {
-        content = fs.readFileSync(fullPath).toString("base64");
+        content = fs2.readFileSync(fullPath).toString("base64");
       } else {
-        content = fs.readFileSync(fullPath, "utf-8");
+        content = fs2.readFileSync(fullPath, "utf-8");
       }
+      const normalized = normalizeRelativePath(relativePath);
       files.push({
-        path: relativePath.replace(/\\/g, "/"),
-        // Windows 경로 변환
+        path: normalized,
         content,
-        isBinary
+        isBinary,
+        hash: sha256Hex(content)
       });
     }
   }
@@ -229,28 +343,28 @@ function computeDeployTimeout(totalBytes, override) {
   return Math.max(DEPLOY_TIMEOUT_MIN_MS, DEPLOY_TIMEOUT_BASE_MS + sizeBased);
 }
 async function deploy(directory, config, isDev = false, deployOpts = {}) {
-  const dir = path.resolve(directory);
-  if (!fs.existsSync(dir)) {
+  const dir = path2.resolve(directory);
+  if (!fs2.existsSync(dir)) {
     error(`\uB514\uB809\uD1A0\uB9AC\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4: ${dir}`);
     process.exit(1);
   }
-  const pkgPath = path.join(process.cwd(), "package.json");
-  if (fs.existsSync(pkgPath)) {
+  const pkgPath = path2.join(process.cwd(), "package.json");
+  if (fs2.existsSync(pkgPath)) {
     try {
-      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const pkg = JSON.parse(fs2.readFileSync(pkgPath, "utf-8"));
       if (pkg.scripts?.build) {
-        warn(`\uBC30\uD3EC \uC804 \uBE4C\uB4DC\uB97C \uBA3C\uC800 \uC2E4\uD589\uD558\uC138\uC694: ${colors.cyan}npm run build && npx connectbase-client deploy${colors.reset}`);
-        warn(`\uB610\uB294 package.json\uC5D0 deploy \uC2A4\uD06C\uB9BD\uD2B8\uB97C \uB4F1\uB85D\uD558\uC138\uC694: ${colors.cyan}npx connectbase-client init${colors.reset}`);
+        warn(`\uBC30\uD3EC \uC804 \uBE4C\uB4DC\uB97C \uBA3C\uC800 \uC2E4\uD589\uD558\uC138\uC694: ${colors.cyan}npm run build && npx connectbase deploy${colors.reset}`);
+        warn(`\uB610\uB294 package.json\uC5D0 deploy \uC2A4\uD06C\uB9BD\uD2B8\uB97C \uB4F1\uB85D\uD558\uC138\uC694: ${colors.cyan}npx connectbase init${colors.reset}`);
       }
     } catch {
     }
   }
-  if (!fs.statSync(dir).isDirectory()) {
+  if (!fs2.statSync(dir).isDirectory()) {
     error(`${dir}\uB294 \uB514\uB809\uD1A0\uB9AC\uAC00 \uC544\uB2D9\uB2C8\uB2E4`);
     process.exit(1);
   }
-  const indexPath = path.join(dir, "index.html");
-  if (!fs.existsSync(indexPath)) {
+  const indexPath = path2.join(dir, "index.html");
+  if (!fs2.existsSync(indexPath)) {
     error("index.html \uD30C\uC77C\uC774 \uD544\uC694\uD569\uB2C8\uB2E4");
     process.exit(1);
   }
@@ -265,60 +379,149 @@ async function deploy(directory, config, isDev = false, deployOpts = {}) {
   const totalSize = files.reduce((sum, f) => sum + f.content.length, 0);
   const sizeKB = (totalSize / 1024).toFixed(1);
   log(`${colors.green}\u2713${colors.reset} ${files.length}\uAC1C \uD30C\uC77C \uBC1C\uACAC (${sizeKB} KB)`);
-  const deployPath = isDev ? "deploy/dev" : "deploy";
-  const url = `${config.baseUrl}/v1/public/storages/webs/${config.storageId}/${deployPath}`;
   const envLabel = isDev ? "Dev" : "Prod";
+  const baseStorageUrl = `${config.baseUrl}/v1/public/storages/webs/${config.storageId}`;
+  const headers = { "X-Public-Key": config.publicKey };
   const timeoutMs = computeDeployTimeout(totalSize, deployOpts.timeoutMs);
   log(`${colors.dim}\uD0C0\uC784\uC544\uC6C3: ${Math.round(timeoutMs / 1e3)}\uCD08${colors.reset}`);
-  process.stdout.write(`${colors.blue}\u27F3${colors.reset} ${envLabel} \uBC30\uD3EC \uC911...`);
-  let heartbeat = null;
-  if (process.stdout.isTTY) {
-    const startedAt = Date.now();
-    heartbeat = setInterval(() => {
-      const elapsed = Math.floor((Date.now() - startedAt) / 1e3);
-      process.stdout.write(`\r${colors.blue}\u27F3${colors.reset} ${envLabel} \uBC30\uD3EC \uC911... ${colors.dim}(${elapsed}s)${colors.reset}`);
-    }, 1e3);
+  if (isDev) {
+    await fullDeploy(baseStorageUrl, headers, files, envLabel, "deploy/dev", timeoutMs);
+    return;
   }
   try {
-    const response = await makeRequest(
-      url,
-      "POST",
-      {
-        "X-API-Key": config.apiKey
-      },
-      JSON.stringify({
-        files: files.map((f) => ({
-          path: f.path,
-          content: f.content,
-          is_binary: f.isBinary
-        }))
-      }),
-      { timeoutMs }
-    );
+    const manifest = await tryFetchManifest(baseStorageUrl, headers);
+    if (!manifest) {
+      await fullDeploy(baseStorageUrl, headers, files, envLabel, "deploy", timeoutMs);
+      return;
+    }
+    const diff = computeDeployDiff(files, manifest);
+    if (diff.upsert.length === 0 && diff.delete.length === 0) {
+      success(`\uBCC0\uACBD\uC0AC\uD56D \uC5C6\uC74C (${files.length}\uAC1C \uD30C\uC77C \uC77C\uCE58)`);
+      log(`
+${colors.cyan}URL: https://${config.storageId}.web.connectbase.world${colors.reset}
+`);
+      return;
+    }
+    info(`\uBCC0\uACBD: ${colors.green}+${diff.upsert.length}${colors.reset} / ${colors.red}-${diff.delete.length}${colors.reset} (\uC804\uCCB4 ${files.length}\uAC1C \uC911)`);
+    const uploadSize = diff.upsert.reduce((s, f) => s + f.content.length, 0);
+    info(`\uC5C5\uB85C\uB4DC \uD06C\uAE30: ${(uploadSize / 1024).toFixed(1)} KB`);
+    await incrementalDeploy(baseStorageUrl, headers, diff, manifest.revision, envLabel, timeoutMs);
+  } catch (err) {
+    process.stdout.write("\r                    \r");
+    error(`\uB124\uD2B8\uC6CC\uD06C \uC624\uB958: ${err instanceof Error ? err.message : err}`);
+    process.exit(1);
+  }
+}
+async function tryFetchManifest(baseStorageUrl, headers) {
+  const res = await makeRequest(`${baseStorageUrl}/deploy/manifest`, "GET", headers);
+  if (res.status === 404) return null;
+  if (res.status < 200 || res.status >= 300) {
+    const data = res.data;
+    const msg = typeof data === "object" && data !== null ? data.message || data.error || JSON.stringify(data) : `HTTP ${res.status}`;
+    throw new Error(`manifest \uC870\uD68C \uC2E4\uD328: ${msg}`);
+  }
+  const parsed = res.data;
+  if (!parsed || !Array.isArray(parsed.files)) {
+    return null;
+  }
+  return parsed;
+}
+function computeDeployDiff(local, manifest) {
+  const localByPath = /* @__PURE__ */ new Map();
+  for (const f of local) localByPath.set(f.path, f);
+  const remoteByPath = /* @__PURE__ */ new Map();
+  for (const m of manifest.files) remoteByPath.set(m.path, m);
+  const upsert = [];
+  for (const f of local) {
+    const remote = remoteByPath.get(f.path);
+    if (!remote || remote.hash !== f.hash || !remote.hash) {
+      upsert.push({
+        path: f.path,
+        content: f.content,
+        is_binary: f.isBinary,
+        hash: f.hash
+      });
+    }
+  }
+  const toDelete = [];
+  for (const m of manifest.files) {
+    if (!localByPath.has(m.path)) toDelete.push(m.path);
+  }
+  return { upsert, delete: toDelete };
+}
+function startUploadHeartbeat(envLabel, suffix = "\uBC30\uD3EC \uC911") {
+  if (!process.stdout.isTTY) return null;
+  const startedAt = Date.now();
+  return setInterval(() => {
+    const elapsed = Math.floor((Date.now() - startedAt) / 1e3);
+    process.stdout.write(`\r${colors.blue}\u27F3${colors.reset} ${envLabel} ${suffix}... ${colors.dim}(${elapsed}s)${colors.reset}`);
+  }, 1e3);
+}
+async function incrementalDeploy(baseStorageUrl, headers, diff, baseRevision, envLabel, timeoutMs) {
+  process.stdout.write(`${colors.blue}\u27F3${colors.reset} ${envLabel} \uC99D\uBD84 \uBC30\uD3EC \uC911...`);
+  let heartbeat = startUploadHeartbeat(envLabel, "\uC99D\uBD84 \uBC30\uD3EC \uC911");
+  const body = JSON.stringify({
+    upsert: diff.upsert,
+    delete: diff.delete,
+    base_revision: baseRevision
+  });
+  const res = await makeRequest(`${baseStorageUrl}/deploy/incremental`, "POST", headers, body, { timeoutMs });
+  if (heartbeat) clearInterval(heartbeat);
+  process.stdout.write("\r                                              \r");
+  if (res.status === 409) {
+    warn("\uC11C\uBC84 revision \uC774 \uBCC0\uACBD\uB418\uC5C8\uC2B5\uB2C8\uB2E4. manifest \uC7AC\uC870\uD68C \uD6C4 \uC7AC\uC2DC\uB3C4\uD569\uB2C8\uB2E4.");
+    const manifest = await tryFetchManifest(baseStorageUrl, headers);
+    if (!manifest) {
+      error("\uC7AC\uC2DC\uB3C4 manifest \uC870\uD68C \uC2E4\uD328");
+      process.exit(1);
+    }
+    const body2 = JSON.stringify({
+      upsert: diff.upsert,
+      delete: diff.delete,
+      base_revision: manifest.revision
+    });
+    process.stdout.write(`${colors.blue}\u27F3${colors.reset} ${envLabel} \uC99D\uBD84 \uBC30\uD3EC \uC7AC\uC2DC\uB3C4...`);
+    heartbeat = startUploadHeartbeat(envLabel, "\uC99D\uBD84 \uBC30\uD3EC \uC7AC\uC2DC\uB3C4");
+    const res2 = await makeRequest(`${baseStorageUrl}/deploy/incremental`, "POST", headers, body2, { timeoutMs });
     if (heartbeat) clearInterval(heartbeat);
-    process.stdout.write("\r                                          \r");
-    if (response.status >= 200 && response.status < 300) {
-      success(`${envLabel} \uBC30\uD3EC \uC644\uB8CC!`);
-      const data = response.data;
-      if (data?.dev_url) {
-        log(`
+    process.stdout.write("\r                                              \r");
+    handleDeployResponse(res2, envLabel);
+    return;
+  }
+  handleDeployResponse(res, envLabel);
+}
+async function fullDeploy(baseStorageUrl, headers, files, envLabel, endpoint, timeoutMs) {
+  process.stdout.write(`${colors.blue}\u27F3${colors.reset} ${envLabel} \uBC30\uD3EC \uC911...`);
+  const heartbeat = startUploadHeartbeat(envLabel);
+  const body = JSON.stringify({
+    files: files.map((f) => ({
+      path: f.path,
+      content: f.content,
+      is_binary: f.isBinary
+    }))
+  });
+  const res = await makeRequest(`${baseStorageUrl}/${endpoint}`, "POST", headers, body, { timeoutMs });
+  if (heartbeat) clearInterval(heartbeat);
+  process.stdout.write("\r                                              \r");
+  handleDeployResponse(res, envLabel);
+}
+function handleDeployResponse(response, envLabel) {
+  if (response.status >= 200 && response.status < 300) {
+    success(`${envLabel} \uBC30\uD3EC \uC644\uB8CC!`);
+    const data = response.data;
+    if (data?.dev_url) {
+      log(`
 ${colors.yellow}Dev URL: ${data.dev_url}${colors.reset}
 `);
-      } else if (data?.url) {
-        log(`
+    } else if (data?.url) {
+      log(`
 ${colors.cyan}URL: ${data.url}${colors.reset}
 `);
-      }
-    } else {
-      const data = response.data;
-      const errorMsg = typeof data === "object" && data !== null ? data.message || data.error || JSON.stringify(data) : typeof data === "string" ? data : `HTTP ${response.status}`;
-      error(`\uBC30\uD3EC \uC2E4\uD328: ${errorMsg}`);
-      process.exit(1);
     }
-  } catch (err) {
-    if (heartbeat) clearInterval(heartbeat);
-    process.stdout.write("\r                                          \r");
-    error(`\uB124\uD2B8\uC6CC\uD06C \uC624\uB958: ${err instanceof Error ? err.message : err}`);
+  } else {
+    const data = response.data;
+    const errorMsg = typeof data === "object" && data !== null ? data.message || data.error || JSON.stringify(data) : typeof data === "string" ? data : `HTTP ${response.status}`;
+    error(`\uBC30\uD3EC \uC2E4\uD328: ${errorMsg}`);
     process.exit(1);
   }
 }
@@ -334,77 +537,329 @@ function prompt(question) {
     });
   });
 }
+function promptSecret(question) {
+  return new Promise((resolve2) => {
+    process.stdout.write(question);
+    const input = [];
+    if (!process.stdin.isTTY) {
+      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+      rl.question("", (answer) => {
+        rl.close();
+        resolve2(answer.trim());
+      });
+      return;
+    }
+    process.stdin.setRawMode(true);
+    process.stdin.resume();
+    process.stdin.setEncoding("utf-8");
+    const onData = (data) => {
+      for (const char of data) {
+        const code = char.charCodeAt(0);
+        if (char === "\r" || char === "\n") {
+          process.stdin.setRawMode(false);
+          process.stdin.pause();
+          process.stdin.removeListener("data", onData);
+          process.stdout.write("\n");
+          resolve2(input.join("").trim());
+          return;
+        } else if (code === 3) {
+          process.stdin.setRawMode(false);
+          process.stdin.pause();
+          process.stdout.write("\n");
+          process.exit(0);
+        } else if (code === 127 || code === 8) {
+          if (input.length > 0) {
+            input.pop();
+            process.stdout.write("\b \b");
+          }
+        } else if (code >= 32) {
+          input.push(char);
+          process.stdout.write("*");
+        }
+      }
+    };
+    process.stdin.on("data", onData);
+  });
+}
+function getProjectRoot() {
+  const gitRoot = getGitRoot();
+  return gitRoot || process.cwd();
+}
+var CONSOLE_URL = DEFAULT_BASE_URL.replace("api.", "");
+function openBrowser(url) {
+  const { exec } = require("child_process");
+  const platform2 = process.platform;
+  let command;
+  if (platform2 === "darwin") {
+    command = `open "${url}"`;
+  } else if (platform2 === "win32") {
+    command = `start "" "${url}"`;
+  } else {
+    command = `xdg-open "${url}"`;
+  }
+  exec(command, () => {
+  });
+}
+async function browserAuthFlow() {
+  info("\uBE0C\uB77C\uC6B0\uC800 \uC778\uC99D \uC138\uC158\uC744 \uC2DC\uC791\uD569\uB2C8\uB2E4...");
+  const startRes = await makeRequest(
+    `${DEFAULT_BASE_URL}/v1/public/cli-auth/start`,
+    "POST",
+    {}
+  );
+  if (startRes.status !== 200) {
+    const errData = startRes.data;
+    const detail = errData?.error || errData?.message || `HTTP ${startRes.status}`;
+    error(`\uC778\uC99D \uC138\uC158 \uC2DC\uC791\uC5D0 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4: ${detail}`);
+    process.exit(1);
+  }
+  const { session_id } = startRes.data;
+  const authUrl = `${CONSOLE_URL}/auth/cli-auth?session=${session_id}`;
+  log(`
+${colors.cyan}\uBE0C\uB77C\uC6B0\uC800\uC5D0\uC11C \uB85C\uADF8\uC778\uD558\uC138\uC694:${colors.reset}`);
+  log(`${colors.dim}${authUrl}${colors.reset}
+`);
+  openBrowser(authUrl);
+  const pollInterval = 3e3;
+  const maxAttempts = 100;
+  let attempts = 0;
+  let consecutive404 = 0;
+  const max404Retries = 5;
+  const spinnerFrames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+  while (attempts < maxAttempts) {
+    const frame = spinnerFrames[attempts % spinnerFrames.length];
+    process.stdout.write(`\r${colors.blue}${frame}${colors.reset} \uBE0C\uB77C\uC6B0\uC800\uC5D0\uC11C \uC2B9\uC778 \uB300\uAE30 \uC911...`);
+    await new Promise((resolve2) => setTimeout(resolve2, pollInterval));
+    try {
+      const pollRes = await makeRequest(
+        `${DEFAULT_BASE_URL}/v1/public/cli-auth/poll/${session_id}`,
+        "GET",
+        {}
+      );
+      if (pollRes.status === 200) {
+        consecutive404 = 0;
+        const data = pollRes.data;
+        if (data.status === "approved" && data.secret_key) {
+          process.stdout.write("\r                                          \r");
+          success("\uBE0C\uB77C\uC6B0\uC800 \uC778\uC99D\uC774 \uC644\uB8CC\uB418\uC5C8\uC2B5\uB2C8\uB2E4!");
+          return data.secret_key;
+        }
+        if (data.status === "expired") {
+          process.stdout.write("\r                                          \r");
+          error("\uC778\uC99D \uC138\uC158\uC774 \uB9CC\uB8CC\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD574\uC8FC\uC138\uC694.");
+          process.exit(1);
+        }
+        if (data.status === "denied") {
+          process.stdout.write("\r                                          \r");
+          error("\uC778\uC99D\uC774 \uAC70\uBD80\uB418\uC5C8\uC2B5\uB2C8\uB2E4.");
+          process.exit(1);
+        }
+      }
+      if (pollRes.status === 404) {
+        consecutive404++;
+        if (consecutive404 >= max404Retries) {
+          process.stdout.write("\r                                          \r");
+          error("\uC778\uC99D \uC138\uC158\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD574\uC8FC\uC138\uC694.");
+          process.exit(1);
+        }
+      }
+    } catch {
+    }
+    attempts++;
+  }
+  process.stdout.write("\r                                          \r");
+  error("\uC778\uC99D \uC2DC\uAC04\uC774 \uCD08\uACFC\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uB2E4\uC2DC \uC2DC\uB3C4\uD574\uC8FC\uC138\uC694.");
+  process.exit(1);
+}
 async function init() {
   log(`
 ${colors.cyan}Connect Base \uD504\uB85C\uC81D\uD2B8 \uCD08\uAE30\uD654${colors.reset}
 `);
-  const rcPath = path.join(process.cwd(), ".connectbaserc");
-  if (fs.existsSync(rcPath)) {
+  const cwd = process.cwd();
+  const projectRoot = getProjectRoot();
+  if (cwd !== projectRoot) {
+    info(`\uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8 \uAC10\uC9C0: ${projectRoot}`);
+    info(`MCP/\uBB38\uC11C\uB294 \uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8\uC5D0, \uBC30\uD3EC \uC124\uC815\uC740 \uD604\uC7AC \uB514\uB809\uD1A0\uB9AC\uC5D0 \uC0DD\uC131\uB429\uB2C8\uB2E4
+`);
+  }
+  const rcPath = path2.join(cwd, ".connectbaserc");
+  if (fs2.existsSync(rcPath)) {
     const overwrite = await prompt(`${colors.yellow}\u26A0${colors.reset} .connectbaserc\uAC00 \uC774\uBBF8 \uC874\uC7AC\uD569\uB2C8\uB2E4. \uB36E\uC5B4\uC4F0\uC2DC\uACA0\uC2B5\uB2C8\uAE4C? (y/N): `);
     if (overwrite.toLowerCase() !== "y") {
       info("\uCD08\uAE30\uD654\uAC00 \uCDE8\uC18C\uB418\uC5C8\uC2B5\uB2C8\uB2E4");
       return;
     }
   }
-  log(`${colors.dim}Public Key (cb_pk_): SDK\uC6A9 \u2014 \uC6F9/\uC571\uC5D0\uC11C \uC0AC\uC6A9${colors.reset}`);
-  log(`${colors.dim}Secret Key (cb_sk_): MCP/\uAD00\uB9AC\uC790\uC6A9 \u2014 \uC808\uB300 \uB178\uCD9C \uAE08\uC9C0${colors.reset}
+  log(`
+${colors.dim}\uC778\uC99D \uBC29\uC2DD\uC744 \uC120\uD0DD\uD558\uC138\uC694:${colors.reset}`);
+  log(`  ${colors.cyan}1${colors.reset}) Secret Key \uC9C1\uC811 \uC785\uB825 (cb_sk_...)`);
+  log(`  ${colors.cyan}2${colors.reset}) \uBE0C\uB77C\uC6B0\uC800 \uB85C\uADF8\uC778\uC73C\uB85C \uC790\uB3D9 \uBC1C\uAE09
 `);
-  const apiKey = await prompt(`${colors.blue}?${colors.reset} API Key (Public Key \uAD8C\uC7A5): `);
-  if (!apiKey) {
-    error("API Key\uB294 \uD544\uC218\uC785\uB2C8\uB2E4");
-    process.exit(1);
-  }
-  if (apiKey.startsWith("cb_sk_")) {
-    warn("Secret Key\uAC00 \uC785\uB825\uB418\uC5C8\uC2B5\uB2C8\uB2E4. SDK\uC5D0\uB294 Public Key (cb_pk_) \uC0AC\uC6A9\uC744 \uAD8C\uC7A5\uD569\uB2C8\uB2E4.");
-    warn("Secret Key\uB294 \uC804\uCCB4 \uAD8C\uD55C\uC744 \uAC00\uC9C0\uBBC0\uB85C \uCF54\uB4DC\uC5D0 \uB178\uCD9C\uB418\uC9C0 \uC54A\uB3C4\uB85D \uC8FC\uC758\uD558\uC138\uC694.");
+  const authChoice = await prompt(`${colors.blue}?${colors.reset} \uC120\uD0DD (1/2): `);
+  let secretKey = "";
+  if (authChoice === "2") {
+    try {
+      secretKey = await browserAuthFlow();
+    } catch (err) {
+      error(`\uB124\uD2B8\uC6CC\uD06C \uC624\uB958: ${err instanceof Error ? err.message : err}`);
+      info("\uC778\uD130\uB137 \uC5F0\uACB0\uC744 \uD655\uC778\uD558\uAC70\uB098, Secret Key \uC9C1\uC811 \uC785\uB825(\uC635\uC158 1)\uC744 \uC2DC\uB3C4\uD558\uC138\uC694");
+      process.exit(1);
+    }
+  } else {
+    log(`${colors.dim}Secret Key (cb_sk_): \uCF58\uC194 > \uD504\uB85C\uD544 > \uC2DC\uD06C\uB9BF \uD0A4 \uD0ED\uC5D0\uC11C \uBC1C\uAE09${colors.reset}
+`);
+    secretKey = await promptSecret(`${colors.blue}?${colors.reset} Secret Key: `);
+    if (!secretKey) {
+      error("Secret Key\uB294 \uD544\uC218\uC785\uB2C8\uB2E4");
+      process.exit(1);
+    }
+    if (secretKey.startsWith("cb_pk_")) {
+      error("Public Key\uAC00 \uC544\uB2CC Secret Key(cb_sk_)\uB97C \uC785\uB825\uD558\uC138\uC694");
+      info("Secret Key\uB294 \uCF58\uC194 > \uD504\uB85C\uD544 > \uC2DC\uD06C\uB9BF \uD0A4 \uD0ED\uC5D0\uC11C \uC0DD\uC131\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4");
+      process.exit(1);
+    }
+    if (!secretKey.startsWith("cb_sk_")) {
+      error("\uC720\uD6A8\uD558\uC9C0 \uC54A\uC740 \uD0A4 \uD615\uC2DD\uC785\uB2C8\uB2E4. cb_sk_\uB85C \uC2DC\uC791\uD558\uB294 Secret Key\uB97C \uC785\uB825\uD558\uC138\uC694");
+      process.exit(1);
+    }
   }
-  let storageId = "";
+  let appId = "";
+  let publicKey = "";
   try {
-    info("\uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0 \uC870\uD68C \uC911...");
-    const listRes = await makeRequest(
-      `${DEFAULT_BASE_URL}/v1/public/storages/webs`,
+    info("\uC571 \uBAA9\uB85D \uC870\uD68C \uC911...");
+    const appsRes = await makeRequest(
+      `${DEFAULT_BASE_URL}/v1/public/cli/apps`,
       "GET",
-      { "X-API-Key": apiKey }
+      { "X-Public-Key": secretKey }
     );
-    if (listRes.status !== 200) {
-      error(`API Key \uC778\uC99D \uC2E4\uD328 (${listRes.status})`);
+    if (appsRes.status === 401) {
+      error("Secret Key\uAC00 \uC720\uD6A8\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uCF58\uC194\uC5D0\uC11C \uD0A4\uB97C \uD655\uC778\uD558\uC138\uC694");
       process.exit(1);
     }
-    const listData = listRes.data;
-    const storages = listData.storages || [];
-    if (storages.length > 0) {
+    if (appsRes.status !== 200) {
+      throw new Error(`HTTP ${appsRes.status}`);
+    }
+    const appsData = appsRes.data;
+    const apps = appsData.apps || [];
+    if (apps.length > 0) {
       log(`
-${colors.dim}\uAE30\uC874 \uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0:${colors.reset}`);
-      storages.forEach((s, i) => {
-        log(`  ${colors.cyan}${i + 1}${colors.reset}) ${s.name} (${colors.dim}${s.id}${colors.reset})`);
+${colors.dim}\uB0B4 \uC571 \uBAA9\uB85D:${colors.reset}`);
+      apps.forEach((a, i) => {
+        const date = a.created_at ? a.created_at.substring(0, 10) : "";
+        log(`  ${colors.cyan}${i + 1}${colors.reset}) ${a.name} ${colors.dim}(${date})${colors.reset}`);
       });
-      log(`  ${colors.cyan}0${colors.reset}) \uC0C8\uB85C \uC0DD\uC131`);
+      log(`  ${colors.cyan}0${colors.reset}) \uC0C8 \uC571 \uB9CC\uB4E4\uAE30`);
       const choice = await prompt(`
 ${colors.blue}?${colors.reset} \uC120\uD0DD (\uBC88\uD638): `);
       const num = parseInt(choice, 10);
-      if (num > 0 && num <= storages.length) {
-        storageId = storages[num - 1].id;
-        success(`\uC120\uD0DD\uB428: ${storages[num - 1].name}`);
+      if (num > 0 && num <= apps.length) {
+        appId = apps[num - 1].id;
+        success(`\uC120\uD0DD\uB428: ${apps[num - 1].name}`);
+        info("Public Key \uC0DD\uC131 \uC911...");
+        const newKeyRes = await makeRequest(
+          `${DEFAULT_BASE_URL}/v1/public/cli/apps/${appId}/public-keys`,
+          "POST",
+          { "X-Public-Key": secretKey },
+          JSON.stringify({})
+        );
+        if (newKeyRes.status === 201) {
+          const keyData = newKeyRes.data;
+          publicKey = keyData.key;
+          success("Public Key \uBC1C\uAE09 \uC644\uB8CC");
+        } else {
+          warn("Public Key \uC790\uB3D9 \uC0DD\uC131 \uC2E4\uD328. \uC218\uB3D9\uC73C\uB85C \uC0DD\uC131\uD558\uC138\uC694");
+        }
       }
     }
-    if (!storageId) {
-      const projectName = path.basename(process.cwd());
-      const name = await prompt(`${colors.blue}?${colors.reset} \uC2A4\uD1A0\uB9AC\uC9C0 \uC774\uB984 (${projectName}): `) || projectName;
-      info("\uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0 \uC0DD\uC131 \uC911...");
+    if (!appId) {
+      const projectName = path2.basename(cwd);
+      const appName = await prompt(`${colors.blue}?${colors.reset} \uC571 \uC774\uB984 (${projectName}): `) || projectName;
+      info("\uC571 \uC0DD\uC131 \uC911...");
       const createRes = await makeRequest(
-        `${DEFAULT_BASE_URL}/v1/public/storages/webs`,
+        `${DEFAULT_BASE_URL}/v1/public/cli/apps`,
         "POST",
-        { "X-API-Key": apiKey },
-        JSON.stringify({ name })
+        { "X-Public-Key": secretKey },
+        JSON.stringify({ name: appName })
       );
-      if (createRes.status !== 200) {
+      if (createRes.status === 402) {
+        error("\uC571 \uC0DD\uC131 \uD55C\uB3C4 \uCD08\uACFC. \uD50C\uB79C \uC5C5\uADF8\uB808\uC774\uB4DC\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4");
+        process.exit(1);
+      }
+      if (createRes.status !== 201) {
         const data = createRes.data;
-        error(`\uC0DD\uC131 \uC2E4\uD328: ${data?.error || data?.message || `HTTP ${createRes.status}`}`);
+        error(`\uC571 \uC0DD\uC131 \uC2E4\uD328: ${data?.error || `HTTP ${createRes.status}`}`);
         process.exit(1);
       }
       const createData = createRes.data;
-      storageId = createData.storage_web_id;
-      success(`\uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0 \uC0DD\uC131 \uC644\uB8CC: ${createData.name}`);
+      appId = createData.app_id;
+      publicKey = createData.public_key;
+      success(`\uC571 \uC0DD\uC131 \uC644\uB8CC: ${createData.app_name}`);
+      if (publicKey) {
+        success("Public Key \uC790\uB3D9 \uBC1C\uAE09 \uC644\uB8CC");
+      }
+    }
+  } catch (err) {
+    error(`\uB124\uD2B8\uC6CC\uD06C \uC624\uB958: ${err instanceof Error ? err.message : err}`);
+    log(`${colors.dim}\uC218\uB3D9\uC73C\uB85C \uC785\uB825\uD558\uC138\uC694${colors.reset}`);
+    appId = await prompt(`${colors.blue}?${colors.reset} App ID: `);
+    publicKey = await prompt(`${colors.blue}?${colors.reset} Public Key (cb_pk_): `);
+    if (!appId || !publicKey) {
+      error("App ID\uC640 Public Key\uB294 \uD544\uC218\uC785\uB2C8\uB2E4");
+      process.exit(1);
+    }
+  }
+  if (!publicKey) {
+    error("Public Key\uAC00 \uC5C6\uC5B4 \uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0\uB97C \uC870\uD68C\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uCF58\uC194\uC5D0\uC11C Public Key\uB97C \uBC1C\uAE09\uBC1B\uC544 \uB2E4\uC2DC \uC2DC\uB3C4\uD558\uC138\uC694");
+    process.exit(1);
+  }
+  const publicKeyForSdk = publicKey;
+  let storageId = "";
+  try {
+    info("\uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0 \uC870\uD68C \uC911...");
+    const listRes = await makeRequest(
+      `${DEFAULT_BASE_URL}/v1/public/storages/webs`,
+      "GET",
+      { "X-Public-Key": publicKeyForSdk }
+    );
+    if (listRes.status === 200) {
+      const listData = listRes.data;
+      const storages = listData.storages || [];
+      if (storages.length > 0) {
+        log(`
+${colors.dim}\uAE30\uC874 \uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0:${colors.reset}`);
+        storages.forEach((s, i) => {
+          log(`  ${colors.cyan}${i + 1}${colors.reset}) ${s.name} (${colors.dim}${s.id}${colors.reset})`);
+        });
+        log(`  ${colors.cyan}0${colors.reset}) \uC0C8\uB85C \uC0DD\uC131`);
+        const choice = await prompt(`
+${colors.blue}?${colors.reset} \uC120\uD0DD (\uBC88\uD638): `);
+        const num = parseInt(choice, 10);
+        if (num > 0 && num <= storages.length) {
+          storageId = storages[num - 1].id;
+          success(`\uC120\uD0DD\uB428: ${storages[num - 1].name}`);
+        }
+      }
+      if (!storageId) {
+        const projectName = path2.basename(cwd);
+        const name = await prompt(`${colors.blue}?${colors.reset} \uC2A4\uD1A0\uB9AC\uC9C0 \uC774\uB984 (${projectName}): `) || projectName;
+        info("\uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0 \uC0DD\uC131 \uC911...");
+        const createRes = await makeRequest(
+          `${DEFAULT_BASE_URL}/v1/public/storages/webs`,
+          "POST",
+          { "X-Public-Key": publicKeyForSdk },
+          JSON.stringify({ name })
+        );
+        if (createRes.status !== 200) {
+          const data = createRes.data;
+          error(`\uC0DD\uC131 \uC2E4\uD328: ${data?.error || data?.message || `HTTP ${createRes.status}`}`);
+          process.exit(1);
+        }
+        const createData = createRes.data;
+        storageId = createData.storage_web_id;
+        success(`\uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0 \uC0DD\uC131 \uC644\uB8CC: ${createData.name}`);
+      }
+    } else {
+      throw new Error(`HTTP ${listRes.status}`);
     }
   } catch (err) {
     error(`\uB124\uD2B8\uC6CC\uD06C \uC624\uB958: ${err instanceof Error ? err.message : err}`);
@@ -418,41 +873,43 @@ ${colors.blue}?${colors.reset} \uC120\uD0DD (\uBC88\uD638): `);
   const defaultDir = detectBuildDir();
   const deployDir = await prompt(`${colors.blue}?${colors.reset} \uBC30\uD3EC \uB514\uB809\uD1A0\uB9AC (${defaultDir}): `) || defaultDir;
   const config = {
-    apiKey,
+    publicKey: publicKey || "",
     storageId,
     deployDir
   };
-  fs.writeFileSync(rcPath, JSON.stringify(config, null, 2) + "\n");
+  if (secretKey) {
+    config.secretKey = secretKey;
+  }
+  fs2.writeFileSync(rcPath, JSON.stringify(config, null, 2) + "\n");
   success(".connectbaserc \uC0DD\uC131 \uC644\uB8CC");
   addToGitignore(".connectbaserc");
   addDeployScript(deployDir);
-  const setupClaude = await prompt(`
-${colors.blue}?${colors.reset} Claude Code \uC124\uC815\uC744 \uCD94\uAC00\uD560\uAE4C\uC694? (CLAUDE.md, MCP \uC124\uC815) (Y/n): `);
-  if (setupClaude.toLowerCase() !== "n") {
-    await setupClaudeCode(apiKey);
-  }
+  await setupClaudeCode(publicKeyForSdk, secretKey, projectRoot);
   log(`
 ${colors.green}\uCD08\uAE30\uD654 \uC644\uB8CC!${colors.reset}
 `);
   log(`${colors.dim}\uBC30\uD3EC\uD558\uB824\uBA74:${colors.reset}`);
-  log(`  ${colors.cyan}npm run deploy${colors.reset}
+  log(`  ${colors.cyan}npm run deploy${colors.reset}`);
+  log(`
+${colors.dim}Claude Code\uC5D0\uC11C MCP\uAC00 \uC790\uB3D9 \uC5F0\uACB0\uB429\uB2C8\uB2E4${colors.reset}
 `);
 }
 function detectBuildDir() {
-  if (fs.existsSync(path.join(process.cwd(), "dist"))) return "./dist";
-  if (fs.existsSync(path.join(process.cwd(), "build"))) return "./build";
-  if (fs.existsSync(path.join(process.cwd(), "out"))) return "./out";
-  if (fs.existsSync(path.join(process.cwd(), ".next"))) return "./out";
-  if (fs.existsSync(path.join(process.cwd(), "vite.config.ts")) || fs.existsSync(path.join(process.cwd(), "vite.config.js"))) return "./dist";
-  if (fs.existsSync(path.join(process.cwd(), "next.config.js")) || fs.existsSync(path.join(process.cwd(), "next.config.mjs"))) return "./out";
+  if (fs2.existsSync(path2.join(process.cwd(), "dist"))) return "./dist";
+  if (fs2.existsSync(path2.join(process.cwd(), "build"))) return "./build";
+  if (fs2.existsSync(path2.join(process.cwd(), "out"))) return "./out";
+  if (fs2.existsSync(path2.join(process.cwd(), ".next"))) return "./out";
+  if (fs2.existsSync(path2.join(process.cwd(), "vite.config.ts")) || fs2.existsSync(path2.join(process.cwd(), "vite.config.js"))) return "./dist";
+  if (fs2.existsSync(path2.join(process.cwd(), "next.config.js")) || fs2.existsSync(path2.join(process.cwd(), "next.config.mjs"))) return "./out";
   return "./dist";
 }
-function addToGitignore(entry) {
-  const gitignorePath = path.join(process.cwd(), ".gitignore");
-  if (fs.existsSync(gitignorePath)) {
-    const content = fs.readFileSync(gitignorePath, "utf-8");
+function addToGitignore(entry, basePath) {
+  const dir = basePath || process.cwd();
+  const gitignorePath = path2.join(dir, ".gitignore");
+  if (fs2.existsSync(gitignorePath)) {
+    const content = fs2.readFileSync(gitignorePath, "utf-8");
     if (!content.includes(entry)) {
-      fs.appendFileSync(gitignorePath, `
+      fs2.appendFileSync(gitignorePath, `
 # Connect Base
 ${entry}
 `);
@@ -461,28 +918,28 @@ ${entry}
       info(`.gitignore\uC5D0 \uC774\uBBF8 ${entry}\uAC00 \uD3EC\uD568\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4`);
     }
   } else {
-    fs.writeFileSync(gitignorePath, `# Connect Base
+    fs2.writeFileSync(gitignorePath, `# Connect Base
 ${entry}
 `);
     success(".gitignore \uC0DD\uC131 \uC644\uB8CC");
   }
 }
 function addDeployScript(deployDir) {
-  const pkgPath = path.join(process.cwd(), "package.json");
-  if (!fs.existsSync(pkgPath)) {
+  const pkgPath = path2.join(process.cwd(), "package.json");
+  if (!fs2.existsSync(pkgPath)) {
     warn("package.json\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC5B4 deploy \uC2A4\uD06C\uB9BD\uD2B8\uB97C \uCD94\uAC00\uD558\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4");
     return;
   }
   try {
-    const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+    const pkg = JSON.parse(fs2.readFileSync(pkgPath, "utf-8"));
     if (!pkg.scripts) pkg.scripts = {};
     if (pkg.scripts.deploy) {
       info(`package.json\uC5D0 \uC774\uBBF8 deploy \uC2A4\uD06C\uB9BD\uD2B8\uAC00 \uC788\uC2B5\uB2C8\uB2E4: "${pkg.scripts.deploy}"`);
       return;
     }
-    const deployCmd = `connectbase-client deploy ${deployDir}`;
+    const deployCmd = `connectbase deploy ${deployDir}`;
     pkg.scripts.deploy = pkg.scripts.build ? `${pkg.scripts.build} && ${deployCmd}` : deployCmd;
-    fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
+    fs2.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
     success(`package.json\uC5D0 deploy \uC2A4\uD06C\uB9BD\uD2B8 \uCD94\uAC00 \uC644\uB8CC`);
   } catch {
     warn("package.json \uC218\uC815\uC5D0 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4");
@@ -496,21 +953,58 @@ function getGitRoot() {
     return null;
   }
 }
-async function downloadDocs(apiKey, templates, monorepo) {
-  let baseDir = process.cwd();
-  if (monorepo) {
-    const gitRoot = getGitRoot();
-    if (gitRoot) {
-      baseDir = gitRoot;
-      info(`\uBAA8\uB178\uB808\uD3EC \uB8E8\uD2B8 \uAC10\uC9C0: ${gitRoot}`);
-    } else {
-      warn("git root\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uD604\uC7AC \uB514\uB809\uD1A0\uB9AC\uB97C \uC0AC\uC6A9\uD569\uB2C8\uB2E4.");
+function detectMonorepo(gitRoot) {
+  const cwd = process.cwd();
+  const result = { type: "none", root: gitRoot, isSubPackage: false };
+  if (fs2.existsSync(path2.join(gitRoot, "pnpm-workspace.yaml"))) {
+    result.type = "pnpm";
+  } else if (fs2.existsSync(path2.join(gitRoot, "turbo.json"))) {
+    result.type = "turborepo";
+  } else if (fs2.existsSync(path2.join(gitRoot, "nx.json"))) {
+    result.type = "nx";
+  } else if (fs2.existsSync(path2.join(gitRoot, "lerna.json"))) {
+    result.type = "lerna";
+  } else {
+    const rootPkgPath = path2.join(gitRoot, "package.json");
+    if (fs2.existsSync(rootPkgPath)) {
+      try {
+        const pkg = JSON.parse(fs2.readFileSync(rootPkgPath, "utf-8"));
+        if (pkg.workspaces) {
+          result.type = fs2.existsSync(path2.join(gitRoot, "yarn.lock")) ? "yarn" : "npm";
+        }
+      } catch {
+      }
+    }
+  }
+  if (result.type !== "none" && cwd !== gitRoot) {
+    const cwdPkgPath = path2.join(cwd, "package.json");
+    if (fs2.existsSync(cwdPkgPath)) {
+      result.isSubPackage = true;
+      try {
+        const pkg = JSON.parse(fs2.readFileSync(cwdPkgPath, "utf-8"));
+        result.subPackageName = pkg.name;
+      } catch {
+      }
+    }
+  }
+  return result;
+}
+async function downloadDocs(publicKey, templates, baseDir) {
+  if (!baseDir) {
+    baseDir = getProjectRoot();
+  }
+  const gitRoot = getGitRoot() || baseDir;
+  const monorepo = detectMonorepo(gitRoot);
+  if (monorepo.type !== "none") {
+    info(`\uBAA8\uB178\uB808\uD3EC \uAC10\uC9C0: ${monorepo.type} (\uB8E8\uD2B8: ${gitRoot})`);
+    if (monorepo.isSubPackage) {
+      info(`\uD604\uC7AC \uC11C\uBE0C \uD328\uD0A4\uC9C0: ${monorepo.subPackageName || path2.basename(process.cwd())}`);
     }
   }
-  const docsDir = path.join(baseDir, ".claude", "docs");
-  const rootClaudeMd = path.join(baseDir, "CLAUDE.md");
-  if (!fs.existsSync(docsDir)) {
-    fs.mkdirSync(docsDir, { recursive: true });
+  const docsDir = path2.join(gitRoot, ".claude", "docs");
+  const rootClaudeMd = path2.join(gitRoot, "CLAUDE.md");
+  if (!fs2.existsSync(docsDir)) {
+    fs2.mkdirSync(docsDir, { recursive: true });
   }
   if (!templates) {
     templates = ["rules"];
@@ -519,7 +1013,7 @@ async function downloadDocs(apiKey, templates, monorepo) {
   try {
     const templateParam = templates.join(",");
     const res = await makeRequest(
-      `${DEFAULT_BASE_URL}/v1/storages/webs/claude-md?template=${encodeURIComponent(templateParam)}&format=sections&api_key=${encodeURIComponent(apiKey)}`,
+      `${DEFAULT_BASE_URL}/v1/storages/webs/claude-md?template=${encodeURIComponent(templateParam)}&format=sections&public_key=${encodeURIComponent(publicKey)}`,
       "GET",
       {}
     );
@@ -529,11 +1023,15 @@ async function downloadDocs(apiKey, templates, monorepo) {
     const data = typeof res.data === "string" ? JSON.parse(res.data) : res.data;
     const sections = data.sections || [];
     for (const section of sections) {
-      const filePath = path.join(docsDir, section.filename);
-      fs.writeFileSync(filePath, section.content);
+      const filePath = path2.join(docsDir, section.filename);
+      fs2.writeFileSync(filePath, section.content);
     }
-    success(`.claude/docs/ \uC5D0 ${sections.length}\uAC1C \uBB38\uC11C \uC800\uC7A5 \uC644\uB8CC`);
+    success(`${gitRoot}/.claude/docs/ \uC5D0 ${sections.length}\uAC1C \uBB38\uC11C \uC800\uC7A5 \uC644\uB8CC`);
     updateRootClaudeMd(rootClaudeMd);
+    if (monorepo.isSubPackage) {
+      const subClaudeMd = path2.join(process.cwd(), "CLAUDE.md");
+      createSubPackageClaudeMd(subClaudeMd, gitRoot);
+    }
     log(`${colors.dim}\u203B SDK \uBB38\uC11C\uB294 MCP search_sdk_docs\uB85C \uAC80\uC0C9\uD558\uC138\uC694${colors.reset}`);
   } catch {
     warn("SDK \uAC00\uC774\uB4DC \uB2E4\uC6B4\uB85C\uB4DC \uC2E4\uD328, \uAE30\uBCF8 \uBB38\uC11C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4");
@@ -543,8 +1041,12 @@ async function downloadDocs(apiKey, templates, monorepo) {
 
 \uC0C1\uC138 \uAD6C\uD604\uBC95\uC740 MCP \`search_sdk_docs\` \uB3C4\uAD6C\uB85C \uAC80\uC0C9\uD558\uC138\uC694.
 `;
-    fs.writeFileSync(path.join(docsDir, "project-rules.md"), fallbackContent);
+    fs2.writeFileSync(path2.join(docsDir, "project-rules.md"), fallbackContent);
     updateRootClaudeMd(rootClaudeMd);
+    if (monorepo.isSubPackage) {
+      const subClaudeMd = path2.join(process.cwd(), "CLAUDE.md");
+      createSubPackageClaudeMd(subClaudeMd, gitRoot);
+    }
     success(`.claude/docs/ \uC0DD\uC131 \uC644\uB8CC (\uAE30\uBCF8)`);
   }
 }
@@ -555,93 +1057,401 @@ function updateRootClaudeMd(claudeMdPath) {
 ## ConnectBase SDK
 
 \uC774 \uD504\uB85C\uC81D\uD2B8\uB294 **ConnectBase**\uB97C \uBC31\uC5D4\uB4DC\uB85C \uC0AC\uC6A9\uD569\uB2C8\uB2E4.
-\uC0AC\uC6A9\uC790\uB294 **\uBE44\uAC1C\uBC1C\uC790**\uC785\uB2C8\uB2E4. \uC26C\uC6B4 \uB9D0\uB85C \uC124\uBA85\uD558\uACE0, \uBC14\uB85C \uC2E4\uD589 \uAC00\uB2A5\uD55C \uC644\uC131\uB41C \uCF54\uB4DC\uB97C \uC81C\uACF5\uD558\uC138\uC694.
 
 ### AI \uD544\uB3C5 \u2014 \uCF54\uB529 \uC804 \uBC18\uB4DC\uC2DC \uC218\uD589
 
-1. \`.claude/docs/project-rules.md\` \uD30C\uC77C\uC744 **Read tool\uB85C \uC77D\uC73C\uC138\uC694** (\uAE30\uB2A5 \uB9E4\uD551\uD45C, \uBCF4\uC548 \uADDC\uCE59 \uD3EC\uD568)
-2. \uC0AC\uC6A9\uC790 \uC694\uCCAD\uC5D0 \uB9DE\uB294 \uAE30\uB2A5\uC744 \uB9E4\uD551\uD45C\uC5D0\uC11C \uCC3E\uC73C\uC138\uC694
-3. \`search_sdk_docs("\uD0A4\uC6CC\uB4DC")\`\uB85C \uAD6C\uD604 \uBC29\uBC95\uC744 \uAC80\uC0C9\uD558\uC138\uC694
-4. \uC644\uC131\uB41C \uCF54\uB4DC\uB97C \uC791\uC131\uD558\uC138\uC694 (\uC2A4\uB2C8\uD3AB X, \uBC14\uB85C \uC2E4\uD589 \uAC00\uB2A5\uD55C \uC804\uCCB4 \uCF54\uB4DC)
-
-### \uBE44\uAC1C\uBC1C\uC790 \uC751\uB300 \uC6D0\uCE59
-
-- \uC804\uBB38 \uC6A9\uC5B4 \uB300\uC2E0 \uC26C\uC6B4 \uB9D0 \uC0AC\uC6A9 ("API" \u2192 "\uAE30\uB2A5", "DB" \u2192 "\uC800\uC7A5\uC18C")
-- \uC5D0\uB7EC \uBC1C\uC0DD \uC2DC \uC6D0\uC778\uACFC \uD574\uACB0\uCC45\uC744 \uD55C \uC904\uB85C \uC124\uBA85
-- \uCF54\uB4DC \uC791\uC131 \uC804 "\uC774\uB807\uAC8C \uB9CC\uB4E4\uAC8C\uC694~" \uD55C \uC904 \uC694\uC57D \uBA3C\uC800
-- \uBAA8\uB974\uB294 \uAC8C \uC788\uC73C\uBA74 \uB9CC\uB4E4\uAE30 \uC804\uC5D0 \uBA3C\uC800 \uC9C8\uBB38
+1. \`.claude/docs/project-rules.md\`\uB97C **Read tool\uB85C \uC77D\uC73C\uC138\uC694** (\uAE30\uB2A5 \uB9E4\uD551\uD45C, \uBCF4\uC548 \uADDC\uCE59, \uC5D0\uB7EC \uAC00\uC774\uB4DC)
+2. \`search_sdk_docs("\uD0A4\uC6CC\uB4DC")\`\uB85C \uAD6C\uD604 \uBC29\uBC95\uC744 \uAC80\uC0C9\uD558\uC138\uC694
+3. \uAC80\uC0C9 \uACB0\uACFC\uC758 \uCF54\uB4DC \uD328\uD134\uC744 \uB530\uB77C \uAD6C\uD604\uD558\uC138\uC694
 ${endMarker}`;
-  if (fs.existsSync(claudeMdPath)) {
-    let content = fs.readFileSync(claudeMdPath, "utf-8");
+  if (fs2.existsSync(claudeMdPath)) {
+    let content = fs2.readFileSync(claudeMdPath, "utf-8");
     const startIdx = content.indexOf(startMarker);
     const endIdx = content.indexOf(endMarker);
     if (startIdx !== -1 && endIdx !== -1) {
       content = content.substring(0, startIdx) + sdkBlock + content.substring(endIdx + endMarker.length);
     } else {
-      content = content.trimEnd() + "\n\n" + sdkBlock + "\n";
+      content = sdkBlock + "\n\n" + content.trimStart();
     }
-    fs.writeFileSync(claudeMdPath, content);
+    fs2.writeFileSync(claudeMdPath, content);
     info("CLAUDE.md\uC5D0 ConnectBase \uCC38\uC870 \uC5C5\uB370\uC774\uD2B8 \uC644\uB8CC");
   } else {
-    fs.writeFileSync(claudeMdPath, `# \uD504\uB85C\uC81D\uD2B8
+    fs2.writeFileSync(claudeMdPath, `# \uD504\uB85C\uC81D\uD2B8
 
 ${sdkBlock}
 `);
     success("CLAUDE.md \uC0DD\uC131 \uC644\uB8CC");
   }
 }
-async function setupClaudeCode(apiKey) {
-  const mcpConfigPath = path.join(process.cwd(), ".mcp.json");
-  await downloadDocs(apiKey);
-  const mcpConfig = {
-    mcpServers: {
-      "connect-base": {
-        type: "http",
-        url: "https://mcp.connectbase.world/mcp",
-        headers: {
-          Authorization: "Bearer YOUR_SECRET_KEY_HERE"
+function createSubPackageClaudeMd(subClaudeMdPath, gitRoot) {
+  const startMarker = "<!-- CONNECTBASE_SUB_START -->";
+  const endMarker = "<!-- CONNECTBASE_SUB_END -->";
+  const relPath = path2.relative(path2.dirname(subClaudeMdPath), gitRoot);
+  const subBlock = `${startMarker}
+## ConnectBase SDK
+
+\uC774 \uD328\uD0A4\uC9C0\uB294 **ConnectBase**\uB97C \uBC31\uC5D4\uB4DC\uB85C \uC0AC\uC6A9\uD569\uB2C8\uB2E4.
+
+### AI \uD544\uB3C5
+
+1. \uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8\uC758 \`${relPath}/.claude/docs/project-rules.md\`\uB97C **Read tool\uB85C \uC77D\uC73C\uC138\uC694**
+2. \`search_sdk_docs("\uD0A4\uC6CC\uB4DC")\`\uB85C SDK \uAD6C\uD604 \uBC29\uBC95\uC744 \uAC80\uC0C9\uD558\uC138\uC694
+3. \uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8\uC758 \`${relPath}/CLAUDE.md\`\uB3C4 \uCC38\uACE0\uD558\uC138\uC694
+${endMarker}`;
+  if (fs2.existsSync(subClaudeMdPath)) {
+    let content = fs2.readFileSync(subClaudeMdPath, "utf-8");
+    const startIdx = content.indexOf(startMarker);
+    const endIdx = content.indexOf(endMarker);
+    if (startIdx !== -1 && endIdx !== -1) {
+      content = content.substring(0, startIdx) + subBlock + content.substring(endIdx + endMarker.length);
+    } else if (content.indexOf("<!-- CONNECTBASE_START -->") === -1) {
+      content = content.trimEnd() + "\n\n" + subBlock + "\n";
+    } else {
+      return;
+    }
+    fs2.writeFileSync(subClaudeMdPath, content);
+  } else {
+    fs2.writeFileSync(subClaudeMdPath, `# ${path2.basename(path2.dirname(subClaudeMdPath))}
+
+${subBlock}
+`);
+  }
+  success(`\uC11C\uBE0C \uD328\uD0A4\uC9C0 CLAUDE.md \uC0DD\uC131 \uC644\uB8CC: ${subClaudeMdPath}`);
+}
+async function setupMcp(secretKey) {
+  const gitRoot = getGitRoot();
+  const root = gitRoot || process.cwd();
+  const monorepo = detectMonorepo(root);
+  if (monorepo.type !== "none") {
+    info(`\uBAA8\uB178\uB808\uD3EC \uAC10\uC9C0: ${monorepo.type} (\uB8E8\uD2B8: ${root})`);
+    if (monorepo.isSubPackage) {
+      info(`MCP \uC124\uC815\uC740 \uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8(${root})\uC5D0 \uC0DD\uC131\uB429\uB2C8\uB2E4`);
+    }
+  }
+  const mcpConfigPath = path2.join(root, ".mcp.json");
+  if (!secretKey) {
+    log(`
+${colors.dim}\uC778\uC99D \uBC29\uC2DD\uC744 \uC120\uD0DD\uD558\uC138\uC694:${colors.reset}`);
+    log(`  ${colors.cyan}1${colors.reset}) Secret Key \uC9C1\uC811 \uC785\uB825 (cb_sk_...)`);
+    log(`  ${colors.cyan}2${colors.reset}) \uBE0C\uB77C\uC6B0\uC800 \uB85C\uADF8\uC778\uC73C\uB85C \uC790\uB3D9 \uBC1C\uAE09
+`);
+    const authChoice = await prompt(`${colors.blue}?${colors.reset} \uC120\uD0DD (1/2): `);
+    if (authChoice === "2") {
+      try {
+        secretKey = await browserAuthFlow();
+        const skRcPath = path2.join(process.cwd(), ".connectbaserc");
+        let rcData = {};
+        if (fs2.existsSync(skRcPath)) {
+          try {
+            rcData = JSON.parse(fs2.readFileSync(skRcPath, "utf-8"));
+          } catch {
+          }
         }
+        rcData.secretKey = secretKey;
+        fs2.writeFileSync(skRcPath, JSON.stringify(rcData, null, 2) + "\n");
+        addToGitignore(".connectbaserc", root);
+        success("Secret Key \uBC1C\uAE09 \uBC0F \uC800\uC7A5 \uC644\uB8CC");
+      } catch (err) {
+        error(`\uC778\uC99D \uC2E4\uD328: ${err instanceof Error ? err.message : err}`);
+        process.exit(1);
       }
+    } else {
+      secretKey = await promptSecret(`${colors.blue}?${colors.reset} Secret Key: `);
+    }
+  }
+  const mcpEntry = {
+    type: "http",
+    url: "https://mcp.connectbase.world/mcp",
+    headers: {
+      Authorization: `Bearer ${secretKey || "YOUR_SECRET_KEY_HERE"}`
     }
   };
-  fs.writeFileSync(mcpConfigPath, JSON.stringify(mcpConfig, null, 2) + "\n");
-  success(".mcp.json \uC0DD\uC131 \uC644\uB8CC");
-  addToGitignore(".mcp.json");
-  warn("MCP \uC11C\uBC84\uB294 Secret Key (cb_sk_)\uB9CC \uD5C8\uC6A9\uD569\uB2C8\uB2E4.");
-  info(".mcp.json \uD30C\uC77C\uC758 YOUR_SECRET_KEY_HERE\uB97C Secret Key\uB85C \uAD50\uCCB4\uD558\uC138\uC694.");
-  info("Secret Key\uB294 \uCF58\uC194 > \uC124\uC815 > API Keys\uC5D0\uC11C \uC0DD\uC131\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.");
-}
-function createWsTextFrame(payload) {
-  const data = Buffer.from(payload, "utf-8");
-  const len = data.length;
-  const maskKey = crypto.randomBytes(4);
-  let header;
-  if (len < 126) {
-    header = Buffer.alloc(2);
-    header[0] = 129;
-    header[1] = 128 | len;
-  } else if (len < 65536) {
-    header = Buffer.alloc(4);
-    header[0] = 129;
-    header[1] = 128 | 126;
-    header.writeUInt16BE(len, 2);
-  } else {
-    header = Buffer.alloc(10);
-    header[0] = 129;
-    header[1] = 128 | 127;
-    header.writeBigUInt64BE(BigInt(len), 2);
+  let mcpConfig = { mcpServers: {} };
+  if (fs2.existsSync(mcpConfigPath)) {
+    try {
+      mcpConfig = JSON.parse(fs2.readFileSync(mcpConfigPath, "utf-8"));
+      if (!mcpConfig.mcpServers || typeof mcpConfig.mcpServers !== "object") {
+        mcpConfig.mcpServers = {};
+      }
+    } catch {
+      const backupPath = mcpConfigPath + ".backup";
+      fs2.copyFileSync(mcpConfigPath, backupPath);
+      warn(`.mcp.json \uD30C\uC2F1 \uC2E4\uD328, \uBC31\uC5C5 \uC0DD\uC131: ${backupPath}`);
+      mcpConfig = { mcpServers: {} };
+    }
   }
-  const masked = Buffer.alloc(data.length);
-  for (let i = 0; i < data.length; i++) {
-    masked[i] = data[i] ^ maskKey[i % 4];
+  mcpConfig.mcpServers["connect-base"] = mcpEntry;
+  fs2.writeFileSync(mcpConfigPath, JSON.stringify(mcpConfig, null, 2) + "\n");
+  success(`${mcpConfigPath} \uC0DD\uC131 \uC644\uB8CC`);
+  addToGitignore(".mcp.json", root);
+  if (secretKey && secretKey !== "YOUR_SECRET_KEY_HERE") {
+    success("MCP \uC11C\uBC84 \uC124\uC815 \uC644\uB8CC (Secret Key \uC801\uC6A9\uB428)");
+  } else {
+    warn("MCP \uC11C\uBC84\uB294 Secret Key (cb_sk_)\uB9CC \uD5C8\uC6A9\uD569\uB2C8\uB2E4.");
+    info(".mcp.json \uD30C\uC77C\uC758 YOUR_SECRET_KEY_HERE\uB97C Secret Key\uB85C \uAD50\uCCB4\uD558\uC138\uC694.");
   }
-  return Buffer.concat([header, maskKey, masked]);
+  log(`
+${colors.dim}Claude Code\uC5D0\uC11C ConnectBase MCP \uB3C4\uAD6C\uB97C \uC0AC\uC6A9\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.${colors.reset}`);
 }
-function createWsCloseFrame(code) {
-  const maskKey = crypto.randomBytes(4);
-  const payload = Buffer.alloc(2);
-  payload.writeUInt16BE(code, 0);
-  const masked = Buffer.alloc(2);
+async function setupClaudeCode(publicKey, secretKey, projectRoot) {
+  const root = projectRoot || getProjectRoot();
+  await downloadDocs(publicKey, void 0, root);
+  await setupMcp(secretKey);
+}
+async function fetchLatestVersion(packageName) {
+  try {
+    const res = await makeRequest(
+      `https://registry.npmjs.org/${packageName}/latest`,
+      "GET",
+      {}
+    );
+    if (res.status === 200) {
+      const data = res.data;
+      return data.version || null;
+    }
+  } catch {
+  }
+  return null;
+}
+function compareVersions(a, b) {
+  const pa = a.split(".").map(Number);
+  const pb = b.split(".").map(Number);
+  for (let i = 0; i < 3; i++) {
+    const diff = (pa[i] || 0) - (pb[i] || 0);
+    if (diff !== 0) return diff > 0 ? 1 : -1;
+  }
+  return 0;
+}
+function findSubPackagesWithConfig(gitRoot) {
+  const results = [];
+  const candidates = ["apps", "packages", "projects", "services", "libs"];
+  for (const candidate of candidates) {
+    const dir = path2.join(gitRoot, candidate);
+    if (!fs2.existsSync(dir)) continue;
+    try {
+      const entries = fs2.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.isDirectory() || entry.name.startsWith(".")) continue;
+        const subDir = path2.join(dir, entry.name);
+        if (fs2.existsSync(path2.join(subDir, ".connectbaserc"))) {
+          results.push(subDir);
+        }
+      }
+    } catch {
+    }
+  }
+  try {
+    const entries = fs2.readdirSync(gitRoot, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory() || entry.name.startsWith(".") || candidates.includes(entry.name)) continue;
+      if (entry.name === "node_modules") continue;
+      const subDir = path2.join(gitRoot, entry.name);
+      if (fs2.existsSync(path2.join(subDir, ".connectbaserc")) && !results.includes(subDir)) {
+        results.push(subDir);
+      }
+    }
+  } catch {
+  }
+  return results;
+}
+async function update(config, opts) {
+  log(`
+${colors.cyan}ConnectBase Update${colors.reset}
+`);
+  const gitRoot = getGitRoot();
+  const projectRoot = gitRoot || process.cwd();
+  const monorepo = detectMonorepo(projectRoot);
+  info("\uCD5C\uC2E0 \uBC84\uC804 \uD655\uC778 \uC911...");
+  const latestVersion = await fetchLatestVersion("connectbase-client");
+  if (latestVersion) {
+    const cmp = compareVersions(VERSION, latestVersion);
+    if (cmp >= 0) {
+      success(`\uCD5C\uC2E0 \uBC84\uC804\uC785\uB2C8\uB2E4 (v${VERSION})`);
+    } else {
+      warn(`\uC0C8 \uBC84\uC804\uC774 \uC788\uC2B5\uB2C8\uB2E4: v${VERSION} \u2192 v${colors.green}${latestVersion}${colors.reset}`);
+      log(`  ${colors.cyan}npm install connectbase-client@latest${colors.reset}`);
+      log(`  ${colors.cyan}pnpm add connectbase-client@latest${colors.reset}`);
+      log("");
+    }
+  } else {
+    warn("npm \uB808\uC9C0\uC2A4\uD2B8\uB9AC\uC5D0\uC11C \uBC84\uC804 \uC815\uBCF4\uB97C \uAC00\uC838\uC62C \uC218 \uC5C6\uC2B5\uB2C8\uB2E4");
+  }
+  if (opts.checkOnly) {
+    return;
+  }
+  if (monorepo.type !== "none") {
+    info(`\uBAA8\uB178\uB808\uD3EC \uAC10\uC9C0: ${monorepo.type} (\uB8E8\uD2B8: ${projectRoot})`);
+    const subPackages = findSubPackagesWithConfig(projectRoot);
+    if (subPackages.length > 0) {
+      info(`ConnectBase\uB97C \uC0AC\uC6A9\uD558\uB294 \uC11C\uBE0C \uD328\uD0A4\uC9C0 ${subPackages.length}\uAC1C \uBC1C\uACAC:`);
+      for (const sp of subPackages) {
+        log(`  ${colors.dim}\u2022 ${path2.relative(projectRoot, sp)}${colors.reset}`);
+      }
+    }
+  }
+  if (!opts.skipDocs) {
+    log("");
+    info("SDK \uBB38\uC11C \uC5C5\uB370\uC774\uD2B8 \uC911...");
+    let docsKey = config.publicKey || config.secretKey;
+    if (!docsKey) {
+      const rootRcPath = path2.join(projectRoot, ".connectbaserc");
+      if (fs2.existsSync(rootRcPath)) {
+        try {
+          const rc = JSON.parse(fs2.readFileSync(rootRcPath, "utf-8"));
+          docsKey = rc.publicKey || rc.secretKey;
+        } catch {
+        }
+      }
+    }
+    if (!docsKey && monorepo.type !== "none") {
+      const subPackages = findSubPackagesWithConfig(projectRoot);
+      for (const sp of subPackages) {
+        try {
+          const rc = JSON.parse(fs2.readFileSync(path2.join(sp, ".connectbaserc"), "utf-8"));
+          if (rc.publicKey || rc.secretKey) {
+            docsKey = rc.publicKey || rc.secretKey;
+            break;
+          }
+        } catch {
+        }
+      }
+    }
+    if (docsKey) {
+      await downloadDocs(docsKey, void 0, projectRoot);
+    } else {
+      warn("Public Key\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC5B4 \uBB38\uC11C \uC5C5\uB370\uC774\uD2B8\uB97C \uAC74\uB108\uB701\uB2C8\uB2E4");
+      info(".connectbaserc \uD30C\uC77C\uC774\uB098 --public-key \uC635\uC158\uC73C\uB85C \uD0A4\uB97C \uC9C0\uC815\uD558\uC138\uC694");
+    }
+  }
+  if (!opts.skipMcp) {
+    log("");
+    const mcpConfigPath = path2.join(projectRoot, ".mcp.json");
+    if (fs2.existsSync(mcpConfigPath)) {
+      let secretKey = config.secretKey;
+      if (!secretKey) {
+        const rootRcPath = path2.join(projectRoot, ".connectbaserc");
+        if (fs2.existsSync(rootRcPath)) {
+          try {
+            const rc = JSON.parse(fs2.readFileSync(rootRcPath, "utf-8"));
+            secretKey = rc.secretKey;
+          } catch {
+          }
+        }
+      }
+      if (!secretKey && monorepo.type !== "none") {
+        const subPackages = findSubPackagesWithConfig(projectRoot);
+        for (const sp of subPackages) {
+          try {
+            const rc = JSON.parse(fs2.readFileSync(path2.join(sp, ".connectbaserc"), "utf-8"));
+            if (rc.secretKey) {
+              secretKey = rc.secretKey;
+              break;
+            }
+          } catch {
+          }
+        }
+      }
+      if (secretKey) {
+        try {
+          const mcpConfig = JSON.parse(fs2.readFileSync(mcpConfigPath, "utf-8"));
+          const servers = mcpConfig.mcpServers || {};
+          if (servers["connect-base"]) {
+            servers["connect-base"] = {
+              type: "http",
+              url: "https://mcp.connectbase.world/mcp",
+              headers: { Authorization: `Bearer ${secretKey}` }
+            };
+            mcpConfig.mcpServers = servers;
+            fs2.writeFileSync(mcpConfigPath, JSON.stringify(mcpConfig, null, 2) + "\n");
+            success("MCP \uC124\uC815 \uC5C5\uB370\uC774\uD2B8 \uC644\uB8CC");
+          } else {
+            info('.mcp.json\uC5D0 connect-base \uD56D\uBAA9\uC774 \uC5C6\uC2B5\uB2C8\uB2E4. "connectbase mcp"\uB85C \uC124\uC815\uD558\uC138\uC694');
+          }
+        } catch {
+          warn(".mcp.json \uC5C5\uB370\uC774\uD2B8 \uC2E4\uD328");
+        }
+      } else {
+        info("Secret Key\uAC00 \uC5C6\uC5B4 MCP \uC124\uC815 \uC5C5\uB370\uC774\uD2B8\uB97C \uAC74\uB108\uB701\uB2C8\uB2E4");
+      }
+    } else {
+      info('.mcp.json\uC774 \uC5C6\uC2B5\uB2C8\uB2E4. "connectbase mcp"\uB85C \uCD5C\uCD08 \uC124\uC815\uD558\uC138\uC694');
+    }
+  }
+  if (opts.setupRoot || monorepo.type !== "none" && monorepo.isSubPackage) {
+    log("");
+    setupMonorepoRoot(projectRoot, monorepo);
+  }
+  log(`
+${colors.green}\uC5C5\uB370\uC774\uD2B8 \uC644\uB8CC!${colors.reset}
+`);
+}
+function setupMonorepoRoot(projectRoot, monorepo) {
+  const rootPkgPath = path2.join(projectRoot, "package.json");
+  if (!fs2.existsSync(rootPkgPath)) {
+    warn("\uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8\uC5D0 package.json\uC774 \uC5C6\uC5B4 \uD3B8\uC758 \uC2A4\uD06C\uB9BD\uD2B8\uB97C \uCD94\uAC00\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4");
+    return;
+  }
+  try {
+    const pkg = JSON.parse(fs2.readFileSync(rootPkgPath, "utf-8"));
+    if (!pkg.scripts) pkg.scripts = {};
+    let changed = false;
+    if (!pkg.scripts["cb:update"]) {
+      pkg.scripts["cb:update"] = "npx connectbase update";
+      changed = true;
+    }
+    if (!pkg.scripts["cb:docs"]) {
+      pkg.scripts["cb:docs"] = "npx connectbase docs";
+      changed = true;
+    }
+    if (!pkg.scripts["cb:mcp"]) {
+      pkg.scripts["cb:mcp"] = "npx connectbase mcp";
+      changed = true;
+    }
+    if (changed) {
+      fs2.writeFileSync(rootPkgPath, JSON.stringify(pkg, null, 2) + "\n");
+      success("\uBAA8\uB178\uB808\uD3EC \uB8E8\uD2B8\uC5D0 \uD3B8\uC758 \uC2A4\uD06C\uB9BD\uD2B8 \uCD94\uAC00 \uC644\uB8CC");
+      log(`  ${colors.dim}\uC0AC\uC6A9\uBC95:${colors.reset}`);
+      log(`  ${colors.cyan}${monorepo.type === "pnpm" ? "pnpm" : monorepo.type === "yarn" ? "yarn" : "npm run"} cb:update${colors.reset}  \u2014 SDK \uC5C5\uB370\uC774\uD2B8 + \uBB38\uC11C \uAC31\uC2E0`);
+      log(`  ${colors.cyan}${monorepo.type === "pnpm" ? "pnpm" : monorepo.type === "yarn" ? "yarn" : "npm run"} cb:docs${colors.reset}    \u2014 \uBB38\uC11C\uB9CC \uAC31\uC2E0`);
+      log(`  ${colors.cyan}${monorepo.type === "pnpm" ? "pnpm" : monorepo.type === "yarn" ? "yarn" : "npm run"} cb:mcp${colors.reset}     \u2014 MCP \uC124\uC815`);
+    } else {
+      info("\uBAA8\uB178\uB808\uD3EC \uB8E8\uD2B8\uC5D0 \uC774\uBBF8 \uD3B8\uC758 \uC2A4\uD06C\uB9BD\uD2B8\uAC00 \uC124\uC815\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4");
+    }
+  } catch {
+    warn("\uB8E8\uD2B8 package.json \uC218\uC815\uC5D0 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4");
+  }
+}
+function createWsTextFrame(payload) {
+  const data = Buffer.from(payload, "utf-8");
+  const len = data.length;
+  const maskKey = crypto.randomBytes(4);
+  let header;
+  if (len < 126) {
+    header = Buffer.alloc(2);
+    header[0] = 129;
+    header[1] = 128 | len;
+  } else if (len < 65536) {
+    header = Buffer.alloc(4);
+    header[0] = 129;
+    header[1] = 128 | 126;
+    header.writeUInt16BE(len, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[0] = 129;
+    header[1] = 128 | 127;
+    header.writeBigUInt64BE(BigInt(len), 2);
+  }
+  const masked = Buffer.alloc(data.length);
+  for (let i = 0; i < data.length; i++) {
+    masked[i] = data[i] ^ maskKey[i % 4];
+  }
+  return Buffer.concat([header, maskKey, masked]);
+}
+function createWsCloseFrame(code) {
+  const maskKey = crypto.randomBytes(4);
+  const payload = Buffer.alloc(2);
+  payload.writeUInt16BE(code, 0);
+  const masked = Buffer.alloc(2);
   masked[0] = payload[0] ^ maskKey[0];
   masked[1] = payload[1] ^ maskKey[1];
   const header = Buffer.alloc(2);
@@ -656,10 +1466,159 @@ function createWsPongFrame() {
   header[1] = 128 | 0;
   return Buffer.concat([header, maskKey]);
 }
+function createWsBinaryFrame(payload) {
+  const len = payload.length;
+  const maskKey = crypto.randomBytes(4);
+  let header;
+  if (len < 126) {
+    header = Buffer.alloc(2);
+    header[0] = 130;
+    header[1] = 128 | len;
+  } else if (len < 65536) {
+    header = Buffer.alloc(4);
+    header[0] = 130;
+    header[1] = 128 | 126;
+    header.writeUInt16BE(len, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[0] = 130;
+    header[1] = 128 | 127;
+    header.writeBigUInt64BE(BigInt(len), 2);
+  }
+  const masked = Buffer.alloc(len);
+  for (let i = 0; i < len; i++) {
+    masked[i] = payload[i] ^ maskKey[i % 4];
+  }
+  return Buffer.concat([header, maskKey, masked]);
+}
+var UpstreamWsFrameParser = class {
+  constructor(handlers) {
+    this.buffer = Buffer.alloc(0);
+    this.fragmentBuffer = null;
+    this.h = handlers;
+  }
+  feed(chunk) {
+    this.buffer = Buffer.concat([this.buffer, chunk]);
+    try {
+      this.parse();
+    } catch (e) {
+      this.h.onError(e instanceof Error ? e : new Error(String(e)));
+    }
+  }
+  parse() {
+    while (this.buffer.length >= 2) {
+      const firstByte = this.buffer[0];
+      const secondByte = this.buffer[1];
+      const fin = (firstByte & 128) !== 0;
+      const rsv1 = (firstByte & 64) !== 0;
+      const opcode = firstByte & 15;
+      const isMasked = (secondByte & 128) !== 0;
+      let payloadLen = secondByte & 127;
+      let offset = 2;
+      if (payloadLen === 126) {
+        if (this.buffer.length < 4) return;
+        payloadLen = this.buffer.readUInt16BE(2);
+        offset = 4;
+      } else if (payloadLen === 127) {
+        if (this.buffer.length < 10) return;
+        const big = this.buffer.readBigUInt64BE(2);
+        if (big > BigInt(Number.MAX_SAFE_INTEGER)) {
+          throw new Error(`payload too large: ${big}`);
+        }
+        payloadLen = Number(big);
+        offset = 10;
+      }
+      let maskKey = null;
+      if (isMasked) {
+        if (this.buffer.length < offset + 4) return;
+        maskKey = this.buffer.subarray(offset, offset + 4);
+        offset += 4;
+      }
+      if (this.buffer.length < offset + payloadLen) return;
+      if (rsv1 && (opcode === 1 || opcode === 2 || opcode === 0)) {
+        throw new Error("upstream sent compressed (RSV1) frame without negotiation");
+      }
+      let payload = this.buffer.subarray(offset, offset + payloadLen);
+      if (maskKey) {
+        const unmasked = Buffer.alloc(payloadLen);
+        for (let i = 0; i < payloadLen; i++) {
+          unmasked[i] = payload[i] ^ maskKey[i % 4];
+        }
+        payload = unmasked;
+      }
+      this.buffer = this.buffer.subarray(offset + payloadLen);
+      const payloadCopy = Buffer.from(payload);
+      switch (opcode) {
+        case 0:
+          if (this.fragmentBuffer == null) {
+            throw new Error("continuation frame without preceding non-final data frame");
+          }
+          this.fragmentBuffer = Buffer.concat([this.fragmentBuffer, payloadCopy]);
+          if (fin) {
+            const out = this.fragmentBuffer;
+            this.fragmentBuffer = null;
+            this.h.onPayload(out);
+          }
+          break;
+        case 1:
+        // TEXT
+        case 2:
+          if (fin) {
+            this.h.onPayload(payloadCopy);
+          } else {
+            this.fragmentBuffer = payloadCopy;
+          }
+          break;
+        case 8:
+          this.h.onClose();
+          break;
+        case 9:
+          this.h.onPing(payloadCopy);
+          break;
+        case 10:
+          break;
+        default:
+          throw new Error(`unknown WS opcode 0x${opcode.toString(16)}`);
+      }
+    }
+  }
+};
+function createUpstreamTextFrame(payload) {
+  return buildClientFrame(129, payload);
+}
+function createUpstreamPongFrame(payload) {
+  return buildClientFrame(138, payload);
+}
+function buildClientFrame(firstByte, payload) {
+  const len = payload.length;
+  const maskKey = crypto.randomBytes(4);
+  let header;
+  if (len < 126) {
+    header = Buffer.alloc(2);
+    header[0] = firstByte;
+    header[1] = 128 | len;
+  } else if (len < 65536) {
+    header = Buffer.alloc(4);
+    header[0] = firstByte;
+    header[1] = 128 | 126;
+    header.writeUInt16BE(len, 2);
+  } else {
+    header = Buffer.alloc(10);
+    header[0] = firstByte;
+    header[1] = 128 | 127;
+    header.writeBigUInt64BE(BigInt(len), 2);
+  }
+  const masked = Buffer.alloc(len);
+  for (let i = 0; i < len; i++) {
+    masked[i] = payload[i] ^ maskKey[i % 4];
+  }
+  return Buffer.concat([header, maskKey, masked]);
+}
 var WsFrameParser = class {
   constructor(handlers) {
     this.buffer = Buffer.alloc(0);
     this.onMessage = handlers.onMessage;
+    this.onBinary = handlers.onBinary;
     this.onClose = handlers.onClose;
     this.onPing = handlers.onPing;
   }
@@ -704,6 +1663,13 @@ var WsFrameParser = class {
         case 1:
           this.onMessage(payload.toString("utf-8"));
           break;
+        case 2:
+          if (this.onBinary) {
+            const copy = Buffer.alloc(payload.length);
+            payload.copy(copy);
+            this.onBinary(copy);
+          }
+          break;
         case 8:
           this.onClose();
           break;
@@ -725,27 +1691,195 @@ function getTunnelServerUrl(baseUrl) {
   }
   return baseUrl.replace(/:\d+/, ":8090");
 }
-async function startTunnel(port, config, tunnelOpts) {
-  if (!config.apiKey) {
-    error("API Key\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. -k \uC635\uC158 \uB610\uB294 CONNECTBASE_API_KEY \uD658\uACBD\uBCC0\uC218\uB97C \uC124\uC815\uD558\uC138\uC694");
+async function resolveApp(secretKey, baseUrl, appIdOption) {
+  if (appIdOption) {
+    return { appId: appIdOption };
+  }
+  let apps = [];
+  try {
+    info("\uC571 \uBAA9\uB85D \uC870\uD68C \uC911...");
+    const appsRes = await makeRequest(
+      `${baseUrl}/v1/public/cli/apps`,
+      "GET",
+      { "X-Public-Key": secretKey }
+    );
+    if (appsRes.status === 401) {
+      error("Secret Key\uAC00 \uC720\uD6A8\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. \uCF58\uC194\uC5D0\uC11C \uD0A4\uB97C \uD655\uC778\uD558\uC138\uC694");
+      process.exit(1);
+    }
+    if (appsRes.status !== 200) {
+      throw new Error(`HTTP ${appsRes.status}`);
+    }
+    const appsData = appsRes.data;
+    apps = appsData.apps || [];
+  } catch (err) {
+    error(`\uC571 \uBAA9\uB85D \uC870\uD68C \uC2E4\uD328: ${err instanceof Error ? err.message : err}`);
     process.exit(1);
   }
+  if (apps.length === 1) {
+    success(`\uC571 \uC790\uB3D9 \uC120\uD0DD: ${apps[0].name}`);
+    return { appId: apps[0].id };
+  }
+  if (apps.length > 0) {
+    log(`
+${colors.dim}\uB0B4 \uC571 \uBAA9\uB85D:${colors.reset}`);
+    apps.forEach((a, i) => {
+      const date = a.created_at ? a.created_at.substring(0, 10) : "";
+      log(`  ${colors.cyan}${i + 1}${colors.reset}) ${a.name} ${colors.dim}(${date})${colors.reset}`);
+    });
+  }
+  log(`  ${colors.cyan}0${colors.reset}) \uC0C8 \uC571 \uB9CC\uB4E4\uAE30`);
+  const choice = await prompt(`
+${colors.blue}?${colors.reset} \uC571 \uC120\uD0DD (\uBC88\uD638): `);
+  const num = parseInt(choice, 10);
+  if (num > 0 && num <= apps.length) {
+    success(`\uC120\uD0DD\uB428: ${apps[num - 1].name}`);
+    return { appId: apps[num - 1].id };
+  }
+  const projectName = path2.basename(process.cwd());
+  const appName = await prompt(`${colors.blue}?${colors.reset} \uC571 \uC774\uB984 (${projectName}): `) || projectName;
+  info("\uC571 \uC0DD\uC131 \uC911...");
+  const createRes = await makeRequest(
+    `${baseUrl}/v1/public/cli/apps`,
+    "POST",
+    { "X-Public-Key": secretKey },
+    JSON.stringify({ name: appName })
+  );
+  if (createRes.status === 402) {
+    error("\uC571 \uC0DD\uC131 \uD55C\uB3C4 \uCD08\uACFC. \uD50C\uB79C \uC5C5\uADF8\uB808\uC774\uB4DC\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4");
+    process.exit(1);
+  }
+  if (createRes.status !== 201) {
+    const data = createRes.data;
+    error(`\uC571 \uC0DD\uC131 \uC2E4\uD328: ${data?.error || `HTTP ${createRes.status}`}`);
+    process.exit(1);
+  }
+  const createData = createRes.data;
+  success(`\uC571 \uC0DD\uC131 \uC644\uB8CC: ${createData.app_name}`);
+  return { appId: createData.app_id, publicKey: createData.public_key };
+}
+async function registerEndpointBinding(baseUrl, appId, secretKey, tunnelId, label, description) {
+  try {
+    const apiBase = baseUrl.replace(/\/+$/, "");
+    const res = await fetch(`${apiBase}/v1/apps/${encodeURIComponent(appId)}/endpoints/cli`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Public-Key": secretKey
+      },
+      body: JSON.stringify({
+        label,
+        tunnel_id: tunnelId,
+        description: description ?? `CLI tunnel start (${(/* @__PURE__ */ new Date()).toISOString().slice(0, 10)})`
+      })
+    });
+    if (res.status === 201) {
+      success(`Endpoint "${label}" \uC790\uB3D9 \uB4F1\uB85D \uC644\uB8CC`);
+      log(`${colors.green}\u2192${colors.reset} SDK: ${colors.cyan}cb.endpoint.call("${label}", { path: "/...", method: "POST", body: ... })${colors.reset}`);
+    } else if (res.status === 409) {
+      warn(`"${label}" \uB77C\uBCA8\uC774 \uC774\uBBF8 \uB4F1\uB85D\uB418\uC5B4 \uC788\uC2B5\uB2C8\uB2E4. \uC0C8 tunnel_id \uB85C \uAC31\uC2E0\uD558\uB824\uBA74 \uCF58\uC194\uC5D0\uC11C \uC218\uB3D9 PATCH.`);
+    } else {
+      const text = await res.text().catch(() => "");
+      error(`Endpoint "${label}" \uC790\uB3D9 \uB4F1\uB85D \uC2E4\uD328 (status ${res.status}): ${text || "(\uBE48 \uC751\uB2F5)"}`);
+      if (res.status === 401) {
+        info("cb_sk_ Secret Key \uC778\uC9C0, \uCF58\uC194\uC5D0\uC11C \uD68C\uC218\uB418\uC9C0 \uC54A\uC558\uB294\uC9C0 \uD655\uC778\uD558\uC138\uC694.");
+      }
+    }
+  } catch (err) {
+    error(`Endpoint "${label}" \uC790\uB3D9 \uB4F1\uB85D \uC911 \uB124\uD2B8\uC6CC\uD06C \uC624\uB958: ${err instanceof Error ? err.message : err}`);
+  }
+}
+function acquireTunnelLock2(appID, port, force) {
+  const result = acquireTunnelLock(appID, port, force, VERSION);
+  if (result && result.startsWith("LOCKED:")) {
+    const [, pid, startedAt, host] = result.split(":");
+    error(`\uC774\uBBF8 \uC2E4\uD589 \uC911\uC778 \uD130\uB110\uC774 \uC788\uC2B5\uB2C8\uB2E4: PID ${pid}, \uC2DC\uC791 ${startedAt}, \uD638\uC2A4\uD2B8 ${host}`);
+    info("\uC911\uBCF5 \uC2E4\uD589\uC744 \uBB34\uC2DC\uD558\uB824\uBA74 --force \uC635\uC158\uC744 \uC0AC\uC6A9\uD558\uC138\uC694");
+    process.exit(2);
+  }
+  return result;
+}
+async function startTunnel(port, config, tunnelOpts) {
+  let tunnelKey = config.secretKey || (config.publicKey?.startsWith("cb_sk_") ? config.publicKey : "");
+  if (!tunnelKey) {
+    info("Secret Key\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4. \uBE0C\uB77C\uC6B0\uC800 \uB85C\uADF8\uC778\uC73C\uB85C \uBC1C\uAE09\uD569\uB2C8\uB2E4...");
+    try {
+      const sk = await browserAuthFlow();
+      const rcPath2 = path2.join(process.cwd(), ".connectbaserc");
+      let rcData = {};
+      if (fs2.existsSync(rcPath2)) {
+        try {
+          rcData = JSON.parse(fs2.readFileSync(rcPath2, "utf-8"));
+        } catch {
+        }
+      }
+      rcData.secretKey = sk;
+      fs2.writeFileSync(rcPath2, JSON.stringify(rcData, null, 2) + "\n");
+      addToGitignore(".connectbaserc");
+      success("Secret Key \uBC1C\uAE09 \uBC0F \uC800\uC7A5 \uC644\uB8CC");
+      tunnelKey = sk;
+      config.secretKey = sk;
+    } catch (err) {
+      error(`\uC778\uC99D \uC2E4\uD328: ${err instanceof Error ? err.message : err}`);
+      info("-k \uC635\uC158\uC73C\uB85C Secret Key\uB97C \uC9C1\uC811 \uC804\uB2EC\uD560 \uC218\uB3C4 \uC788\uC2B5\uB2C8\uB2E4");
+      process.exit(1);
+    }
+  } else {
+    config.secretKey = tunnelKey;
+  }
+  const rcPath = path2.join(process.cwd(), ".connectbaserc");
+  let savedAppId = tunnelOpts?.appId || "";
+  if (!savedAppId) {
+    try {
+      const rc = JSON.parse(fs2.readFileSync(rcPath, "utf-8"));
+      if (rc.tunnelAppId) savedAppId = rc.tunnelAppId;
+    } catch {
+    }
+  }
+  const { appId } = await resolveApp(tunnelKey, config.baseUrl, savedAppId);
+  try {
+    let rcData = {};
+    if (fs2.existsSync(rcPath)) {
+      try {
+        rcData = JSON.parse(fs2.readFileSync(rcPath, "utf-8"));
+      } catch {
+      }
+    }
+    if (rcData.tunnelAppId !== appId) {
+      rcData.tunnelAppId = appId;
+      fs2.writeFileSync(rcPath, JSON.stringify(rcData, null, 2) + "\n");
+    }
+  } catch {
+  }
+  const lockPath = acquireTunnelLock2(appId, port, tunnelOpts?.force ?? false);
   const tunnelServerUrl = getTunnelServerUrl(config.baseUrl);
   const parsedUrl = new URL(tunnelServerUrl);
   const isHttps = parsedUrl.protocol === "https:";
-  let wsPath = `/v1/tunnel/connect?api_key=${encodeURIComponent(config.apiKey)}`;
+  let wsPath = `/v2/tunnel/connect?app_id=${encodeURIComponent(appId)}&local_port=${port}`;
   if (tunnelOpts?.timeout) {
     wsPath += `&timeout=${tunnelOpts.timeout}`;
   }
   if (tunnelOpts?.maxBody) {
     wsPath += `&max_body=${tunnelOpts.maxBody}`;
   }
+  if (tunnelOpts?.public) {
+    wsPath += `&public=1`;
+  }
   let reconnectAttempts = 0;
   const maxReconnectAttempts = 10;
   let shouldReconnect = true;
   let socket = null;
+  let lockReleased = false;
+  const releaseLock = () => {
+    if (lockPath && !lockReleased) {
+      lockReleased = true;
+      releaseTunnelLock(lockPath);
+    }
+  };
+  process.on("exit", releaseLock);
   const cleanup = () => {
     shouldReconnect = false;
+    releaseLock();
     if (socket) {
       try {
         socket.write(createWsCloseFrame(1e3));
@@ -779,7 +1913,8 @@ ${colors.cyan}ConnectBase Tunnel${colors.reset}`);
         "Upgrade": "websocket",
         "Connection": "Upgrade",
         "Sec-WebSocket-Key": wsKey,
-        "Sec-WebSocket-Version": "13"
+        "Sec-WebSocket-Version": "13",
+        "Authorization": `Bearer ${config.secretKey ?? config.publicKey}`
       }
     };
     const req = lib.request(reqOptions);
@@ -790,11 +1925,22 @@ ${colors.cyan}ConnectBase Tunnel${colors.reset}`);
         onMessage: (data) => {
           try {
             const msg = JSON.parse(data);
-            handleMessage(msg, sock, port);
+            handleMessage(msg, sock, port).catch((e) => {
+              error(`\uBA54\uC2DC\uC9C0 \uCC98\uB9AC \uC911 \uC608\uC678: ${e instanceof Error ? e.message : e}`);
+            });
           } catch (e) {
             warn(`\uBA54\uC2DC\uC9C0 \uD30C\uC2F1 \uC2E4\uD328: ${e}`);
           }
         },
+        onBinary: (data) => {
+          if (data.length < 8) {
+            warn(`v2 binary frame too short (${data.length} bytes)`);
+            return;
+          }
+          const streamId = data.readBigUInt64BE(0).toString();
+          const payload = data.subarray(8);
+          routeStreamData(streamId, payload);
+        },
         onClose: () => {
           info("\uC11C\uBC84\uAC00 \uC5F0\uACB0\uC744 \uC885\uB8CC\uD588\uC2B5\uB2C8\uB2E4");
           sock.destroy();
@@ -858,95 +2004,314 @@ ${colors.cyan}ConnectBase Tunnel${colors.reset}`);
     info(`${(delay / 1e3).toFixed(0)}\uCD08 \uD6C4 \uC7AC\uC5F0\uACB0 \uC2DC\uB3C4... (${reconnectAttempts}/${maxReconnectAttempts})`);
     setTimeout(connect, delay);
   }
-  function handleMessage(msg, sock, localPort) {
-    switch (msg.type) {
-      case "tunnel_ready":
-        success(`\uD130\uB110 \uD65C\uC131\uD654!`);
-        log(`${colors.green}\u2192${colors.reset} URL: ${colors.cyan}${msg.url}${colors.reset}`);
-        log(`${colors.green}\u2192${colors.reset} \uB85C\uCEEC: ${colors.cyan}http://localhost:${localPort}${colors.reset}`);
-        if (msg.timeout || msg.max_body) {
-          log(`${colors.green}\u2192${colors.reset} \uC124\uC815: timeout=${colors.cyan}${msg.timeout}s${colors.reset}, max-body=${colors.cyan}${msg.max_body}MB${colors.reset}`);
-        }
-        log(`
-${colors.dim}Ctrl+C\uB85C \uC885\uB8CC${colors.reset}
-`);
-        break;
-      case "http_request":
-        forwardRequest(msg, sock, localPort);
-        break;
-      case "tunnel_error":
-        error(`\uD130\uB110 \uC5D0\uB7EC: ${msg.message}`);
-        break;
-      case "ping":
-        sock.write(createWsTextFrame(JSON.stringify({ type: "pong" })));
-        break;
+  const streams = /* @__PURE__ */ new Map();
+  function routeStreamData(streamId, payload) {
+    const f = streams.get(streamId);
+    if (!f) return;
+    f.feedBody(payload);
+  }
+  function sendControl(sock, msg) {
+    try {
+      sock.write(createWsTextFrame(JSON.stringify(msg)));
+    } catch {
     }
   }
-  function forwardRequest(msg, sock, localPort) {
-    const requestId = msg.request_id;
-    const method = msg.method;
-    const reqPath = msg.path;
-    const query = msg.query || "";
-    const headers = msg.headers || {};
-    const bodyBase64 = msg.body;
+  function sendBinary(sock, streamIdStr, payload) {
+    try {
+      const header = Buffer.alloc(8);
+      header.writeBigUInt64BE(BigInt(streamIdStr), 0);
+      sock.write(createWsBinaryFrame(Buffer.concat([header, payload])));
+    } catch {
+    }
+  }
+  function startHTTPStream(sock, streamId, open, localPort) {
+    const method = open.method || "GET";
+    const reqPath = open.path || "/";
+    const query = open.query || "";
+    const headers = open.headers || {};
     const fullPath = query ? `${reqPath}?${query}` : reqPath;
     const localHeaders = {};
-    for (const [key, value] of Object.entries(headers)) {
-      if (key.toLowerCase() !== "host") {
-        localHeaders[key] = value;
+    for (const [k, v] of Object.entries(headers)) {
+      if (k.toLowerCase() !== "host") localHeaders[k] = v;
+    }
+    localHeaders["host"] = `localhost:${localPort}`;
+    let started = false;
+    let cancelled = false;
+    const localReq = http.request(
+      { hostname: "127.0.0.1", port: localPort, path: fullPath, method, headers: localHeaders },
+      (res) => {
+        const respHeaders = {};
+        for (const [k, v] of Object.entries(res.headers)) {
+          if (v == null) continue;
+          respHeaders[k] = Array.isArray(v) ? v.join(", ") : v;
+        }
+        started = true;
+        sendControl(sock, {
+          type: "stream_response",
+          stream_id: streamId,
+          status: res.statusCode || 502,
+          headers: respHeaders
+        });
+        const methodColor = method === "GET" ? colors.green : method === "POST" ? colors.blue : colors.yellow;
+        log(`${colors.dim}${(/* @__PURE__ */ new Date()).toLocaleTimeString()}${colors.reset} ${methodColor}${method}${colors.reset} ${reqPath} \u2192 ${res.statusCode}`);
+        res.on("data", (chunk) => {
+          if (cancelled) return;
+          sendBinary(sock, streamId, chunk);
+        });
+        res.on("end", () => {
+          if (cancelled) return;
+          sendControl(sock, { type: "stream_eof", stream_id: streamId, side: "upstream" });
+          sendControl(sock, { type: "stream_close", stream_id: streamId });
+          streams.delete(streamId);
+        });
+        res.on("error", (err) => {
+          sendControl(sock, { type: "stream_close", stream_id: streamId, error: `upstream_error: ${err.message}` });
+          streams.delete(streamId);
+        });
+      }
+    );
+    localReq.on("error", (err) => {
+      warn(`\uB85C\uCEEC \uC11C\uBC84 \uC5F0\uACB0 \uC2E4\uD328 (${method} ${reqPath}): ${err.message}`);
+      if (!started) {
+        sendControl(sock, {
+          type: "stream_response",
+          stream_id: streamId,
+          status: 502,
+          headers: { "content-type": "application/json" }
+        });
+        sendBinary(sock, streamId, Buffer.from(JSON.stringify({ error: `Local server error: ${err.message}` })));
+      }
+      sendControl(sock, { type: "stream_close", stream_id: streamId, error: `upstream_error: ${err.message}` });
+      streams.delete(streamId);
+    });
+    const forwarder = {
+      kind: "http",
+      feedBody: (chunk) => {
+        if (!cancelled) localReq.write(chunk);
+      },
+      endBody: () => {
+        if (!cancelled) localReq.end();
+      },
+      cancel: () => {
+        cancelled = true;
+        try {
+          localReq.destroy();
+        } catch {
+        }
       }
+    };
+    streams.set(streamId, forwarder);
+  }
+  function startWSStream(sock, streamId, open, localPort) {
+    const reqPath = open.path || "/";
+    const query = open.query || "";
+    const headers = open.headers || {};
+    const fullPath = query ? `${reqPath}?${query}` : reqPath;
+    const localHeaders = {};
+    for (const [k, v] of Object.entries(headers)) {
+      const lk = k.toLowerCase();
+      if (lk === "host") continue;
+      if (lk === "sec-websocket-extensions") continue;
+      localHeaders[k] = v;
     }
     localHeaders["host"] = `localhost:${localPort}`;
-    const reqOptions = {
+    localHeaders["connection"] = "Upgrade";
+    localHeaders["upgrade"] = "websocket";
+    let cancelled = false;
+    let upstream = null;
+    const req = http.request({
       hostname: "127.0.0.1",
       port: localPort,
       path: fullPath,
-      method,
+      method: "GET",
       headers: localHeaders
-    };
-    const localReq = http.request(reqOptions, (res) => {
-      const chunks = [];
-      res.on("data", (chunk) => chunks.push(chunk));
-      res.on("end", () => {
-        const body = Buffer.concat(chunks);
-        const responseHeaders = {};
-        for (const [key, value] of Object.entries(res.headers)) {
-          if (value) responseHeaders[key] = Array.isArray(value) ? value.join(", ") : value;
-        }
-        const response = {
-          type: "http_response",
-          request_id: requestId,
-          status: res.statusCode || 200,
-          headers: responseHeaders,
-          body: body.length > 0 ? body.toString("base64") : ""
-        };
-        try {
-          sock.write(createWsTextFrame(JSON.stringify(response)));
-          const methodColor = method === "GET" ? colors.green : method === "POST" ? colors.blue : colors.yellow;
-          log(`${colors.dim}${(/* @__PURE__ */ new Date()).toLocaleTimeString()}${colors.reset} ${methodColor}${method}${colors.reset} ${reqPath} \u2192 ${res.statusCode}`);
-        } catch {
-          warn(`\uC751\uB2F5 \uC804\uC1A1 \uC2E4\uD328: ${requestId}`);
+    });
+    req.on("upgrade", (res, sk) => {
+      upstream = sk;
+      const respHeaders = {};
+      for (const [k, v] of Object.entries(res.headers)) {
+        if (v == null) continue;
+        respHeaders[k] = Array.isArray(v) ? v.join(", ") : v;
+      }
+      sendControl(sock, {
+        type: "stream_response",
+        stream_id: streamId,
+        status: res.statusCode || 101,
+        headers: respHeaders,
+        websocket: true
+      });
+      log(`${colors.dim}${(/* @__PURE__ */ new Date()).toLocaleTimeString()}${colors.reset} ${colors.cyan}WS${colors.reset} ${reqPath} \u2192 101`);
+      const upstreamParser = new UpstreamWsFrameParser({
+        onPayload: (payload) => {
+          if (cancelled) return;
+          sendBinary(sock, streamId, payload);
+        },
+        onPing: (payload) => {
+          if (cancelled || !upstream) return;
+          upstream.write(createUpstreamPongFrame(payload));
+        },
+        onClose: () => {
+          if (cancelled) return;
+          sendControl(sock, { type: "stream_close", stream_id: streamId });
+          streams.delete(streamId);
+        },
+        onError: (err) => {
+          sendControl(sock, { type: "stream_close", stream_id: streamId, error: `upstream_frame_error: ${err.message}` });
+          streams.delete(streamId);
         }
       });
+      sk.on("data", (chunk) => {
+        if (cancelled) return;
+        upstreamParser.feed(chunk);
+      });
+      sk.on("close", () => {
+        if (cancelled) return;
+        sendControl(sock, { type: "stream_close", stream_id: streamId });
+        streams.delete(streamId);
+      });
+      sk.on("error", (err) => {
+        sendControl(sock, { type: "stream_close", stream_id: streamId, error: `upstream_error: ${err.message}` });
+        streams.delete(streamId);
+      });
     });
-    localReq.on("error", (err) => {
-      const response = {
-        type: "http_response",
-        request_id: requestId,
-        status: 502,
-        headers: { "content-type": "application/json" },
-        body: Buffer.from(JSON.stringify({ error: `Local server error: ${err.message}` })).toString("base64")
-      };
-      try {
-        sock.write(createWsTextFrame(JSON.stringify(response)));
-      } catch {
+    req.on("response", (res) => {
+      const respHeaders = {};
+      for (const [k, v] of Object.entries(res.headers)) {
+        if (v == null) continue;
+        respHeaders[k] = Array.isArray(v) ? v.join(", ") : v;
       }
-      warn(`\uB85C\uCEEC \uC11C\uBC84 \uC5F0\uACB0 \uC2E4\uD328 (${method} ${reqPath}): ${err.message}`);
+      sendControl(sock, {
+        type: "stream_response",
+        stream_id: streamId,
+        status: res.statusCode || 502,
+        headers: respHeaders,
+        websocket: false
+      });
+      sendControl(sock, { type: "stream_close", stream_id: streamId });
+      streams.delete(streamId);
+    });
+    req.on("error", (err) => {
+      sendControl(sock, { type: "stream_close", stream_id: streamId, error: `upstream_error: ${err.message}` });
+      streams.delete(streamId);
     });
-    if (bodyBase64) {
-      localReq.write(Buffer.from(bodyBase64, "base64"));
+    req.end();
+    const forwarder = {
+      kind: "ws",
+      // Encode the v2 payload as an upstream WS frame BEFORE writing to
+      // the socket. The prior implementation wrote raw payload to the
+      // socket which is not a valid WS frame; upstream WS servers (e.g.
+      // ComfyUI) would error out. Default to TEXT opcode — the v2
+      // protocol does not propagate the original opcode from the client,
+      // and most WS APIs (JSON-based) use text. Binary client→upstream
+      // is a known limitation pending opcode propagation in v2.
+      feedBody: (chunk) => {
+        if (cancelled || !upstream) return;
+        upstream.write(createUpstreamTextFrame(chunk));
+      },
+      endBody: () => {
+      },
+      cancel: () => {
+        cancelled = true;
+        try {
+          upstream?.destroy();
+        } catch {
+        }
+      }
+    };
+    streams.set(streamId, forwarder);
+  }
+  async function handleMessage(msg, sock, localPort) {
+    switch (msg.type) {
+      case "tunnel_ready": {
+        const proxyToken = typeof msg.proxy_token === "string" ? msg.proxy_token : "";
+        const tunnelUrl = typeof msg.url === "string" ? msg.url : "";
+        const isPublic = msg.public === true;
+        success(`\uD130\uB110 \uD65C\uC131\uD654!`);
+        log(`${colors.green}\u2192${colors.reset} URL:   ${colors.cyan}${tunnelUrl}${colors.reset}`);
+        log(`${colors.green}\u2192${colors.reset} \uB85C\uCEEC:  ${colors.cyan}http://localhost:${localPort}${colors.reset}`);
+        if (msg.timeout || msg.max_body) {
+          log(`${colors.green}\u2192${colors.reset} \uC124\uC815:  timeout=${colors.cyan}${msg.timeout}s${colors.reset}, max-body=${colors.cyan}${msg.max_body}MB${colors.reset}`);
+        }
+        if (isPublic) {
+          log("");
+          log(`${colors.yellow}\u26A0  \uACF5\uAC1C \uBAA8\uB4DC (--public):${colors.reset} proxy_token \uAC80\uC99D\uC774 \uBE44\uD65C\uC131\uD654\uB410\uC2B5\uB2C8\uB2E4.`);
+          log(`   ${colors.dim}tunnelID \uB97C \uC544\uB294 \uB204\uAD6C\uB098 \uC774 URL \uB85C \uB85C\uCEEC \uC11C\uBE44\uC2A4\uC5D0 \uC811\uADFC\uD560 \uC218 \uC788\uC2B5\uB2C8\uB2E4.${colors.reset}`);
+          log(`   ${colors.dim}\uC6F9\uD6C5 \uC218\uC2E0 / \uC678\uBD80 \uC11C\uBE44\uC2A4 \uC5F0\uB3D9 \uBAA9\uC801\uC5D0 \uD55C\uD574 \uC0AC\uC6A9\uD558\uACE0, \uBBFC\uAC10 \uB370\uC774\uD130\uB294 \uCDE8\uAE09\uD558\uC9C0 \uB9C8\uC138\uC694.${colors.reset}`);
+          log("");
+          log(`${colors.dim}  $ curl ${tunnelUrl}/${colors.reset}`);
+        } else if (tunnelOpts?.showToken && proxyToken && tunnelUrl) {
+          log("");
+          log(`${colors.green}\u2192${colors.reset} \uD1A0\uD070:  ${colors.yellow}${proxyToken}${colors.reset}`);
+          log(`
+${colors.dim}\uC678\uBD80 \uC9C1\uC811 \uD638\uCD9C \uC2DC \uB2E4\uC74C \uD5E4\uB354 \uB610\uB294 \uCFFC\uB9AC\uB85C \uD1A0\uD070\uC744 \uC804\uB2EC\uD558\uC138\uC694:${colors.reset}`);
+          log(`${colors.dim}  $ curl -H "X-Proxy-Token: ${proxyToken}" ${tunnelUrl}/${colors.reset}`);
+          log(`${colors.dim}  $ curl "${tunnelUrl}/?proxy_token=${proxyToken}"${colors.reset}`);
+        }
+        if (tunnelOpts?.label) {
+          const tunnelId = typeof msg.tunnel_id === "string" ? msg.tunnel_id : "";
+          if (!tunnelId) {
+            error(`tunnel_ready \uBA54\uC2DC\uC9C0\uC5D0 tunnel_id \uAC00 \uC5C6\uC2B5\uB2C8\uB2E4 \u2014 endpoint "${tunnelOpts.label}" \uC790\uB3D9 \uB4F1\uB85D skip`);
+          } else {
+            await registerEndpointBinding(
+              config.baseUrl,
+              appId,
+              tunnelKey,
+              tunnelId,
+              tunnelOpts.label,
+              tunnelOpts.description
+            );
+          }
+        }
+        log(`
+${colors.dim}Ctrl+C\uB85C \uC885\uB8CC${colors.reset}
+`);
+        break;
+      }
+      case "stream_open": {
+        const sid = String(msg.stream_id ?? "");
+        if (!sid) {
+          warn("stream_open with empty stream_id");
+          break;
+        }
+        const kind = msg.kind || "http";
+        if (kind === "ws") {
+          startWSStream(sock, sid, msg, localPort);
+        } else {
+          startHTTPStream(sock, sid, msg, localPort);
+        }
+        break;
+      }
+      case "stream_eof": {
+        const sid = String(msg.stream_id ?? "");
+        const side = msg.side;
+        if (side === "client") {
+          const f = streams.get(sid);
+          f?.endBody();
+        }
+        break;
+      }
+      case "stream_close": {
+        const sid = String(msg.stream_id ?? "");
+        const f = streams.get(sid);
+        if (f) {
+          f.cancel();
+          streams.delete(sid);
+        }
+        break;
+      }
+      case "tunnel_error": {
+        const result = handleTunnelError(msg, appId, localPort);
+        error(result.message);
+        if (result.action === "exit") {
+          shouldReconnect = false;
+          setTimeout(() => process.exit(result.exitCode ?? 1), 500);
+        }
+        break;
+      }
+      case "ping":
+        sock.write(createWsTextFrame(JSON.stringify({ type: "pong" })));
+        break;
     }
-    localReq.end();
   }
   connect();
   await new Promise(() => {
@@ -954,14 +2319,16 @@ ${colors.dim}Ctrl+C\uB85C \uC885\uB8CC${colors.reset}
 }
 function showHelp() {
   log(`
-${colors.cyan}connectbase-client${colors.reset} - Connect Base SDK & CLI
+${colors.cyan}connectbase${colors.reset} - Connect Base SDK & CLI
 
 ${colors.yellow}\uC0AC\uC6A9\uBC95:${colors.reset}
-  npx connectbase-client <command> [options]
+  npx connectbase <command> [options]
 
 ${colors.yellow}\uBA85\uB839\uC5B4:${colors.reset}
-  init                  \uD504\uB85C\uC81D\uD2B8 \uCD08\uAE30\uD654 (\uC124\uC815 \uD30C\uC77C \uC0DD\uC131)
-  docs                  SDK \uBB38\uC11C \uB2E4\uC6B4\uB85C\uB4DC/\uC5C5\uB370\uC774\uD2B8 (--monorepo: git root\uC5D0 \uC0DD\uC131)
+  init                  \uD504\uB85C\uC81D\uD2B8 \uCD08\uAE30\uD654 (\uC571 \uC0DD\uC131, MCP \uC124\uC815, SDK \uBB38\uC11C \uB2E4\uC6B4\uB85C\uB4DC)
+  update                SDK \uBC84\uC804 \uCCB4\uD06C + \uBB38\uC11C/MCP \uC77C\uAD04 \uC5C5\uB370\uC774\uD2B8 (\uBAA8\uB178\uB808\uD3EC \uB8E8\uD2B8 \uC9C0\uC6D0)
+  docs                  SDK \uBB38\uC11C \uB2E4\uC6B4\uB85C\uB4DC/\uC5C5\uB370\uC774\uD2B8 (\uBAA8\uB178\uB808\uD3EC \uC790\uB3D9 \uAC10\uC9C0)
+  mcp                   MCP \uC11C\uBC84 \uC124\uC815 (.mcp.json \uC0DD\uC131/\uC5C5\uB370\uC774\uD2B8, \uBAA8\uB178\uB808\uD3EC \uC790\uB3D9 \uAC10\uC9C0)
   deploy <directory>    \uC6F9 \uC2A4\uD1A0\uB9AC\uC9C0\uC5D0 \uD30C\uC77C \uBC30\uD3EC (--dev: Dev \uD658\uACBD)
   tunnel <port>         \uB85C\uCEEC \uC11C\uBE44\uC2A4\uB97C \uC778\uD130\uB137\uC5D0 \uB178\uCD9C
 
@@ -974,27 +2341,45 @@ ${colors.yellow}\uCF54\uB4DC \uBD84\uC11D (MCP \uD1B5\uD574 \uC0AC\uC6A9):${colo
 
 ${colors.yellow}\uC635\uC158:${colors.reset}
   -s, --storage <id>    \uC2A4\uD1A0\uB9AC\uC9C0 ID
-  -k, --api-key <key>   API Key
+  -k, --public-key <key>   API Key
   -u, --base-url <url>  \uC11C\uBC84 URL (\uAE30\uBCF8: ${DEFAULT_BASE_URL})
   -t, --timeout <sec>   \uC694\uCCAD \uD0C0\uC784\uC544\uC6C3 (\uCD08, tunnel/deploy \uACF5\uD1B5. deploy \uBBF8\uC9C0\uC815 \uC2DC \uD30C\uC77C \uD06C\uAE30\uC5D0 \uB530\uB77C \uC790\uB3D9 \uC0B0\uC815)
   --max-body <MB>       \uD130\uB110 \uCD5C\uB300 \uBC14\uB514 \uD06C\uAE30 (MB, tunnel \uC804\uC6A9)
+  --force               \uD130\uB110 lockfile \uBB34\uC2DC (\uC911\uBCF5 \uC2E4\uD589 \uAC15\uC81C, tunnel \uC804\uC6A9)
+  --public              proxy_token \uAC80\uC99D \uBE44\uD65C\uC131\uD654 \u2014 \uC6F9\uD6C5/\uC678\uBD80 \uC9C1\uC811 \uD638\uCD9C\uC6A9 (tunnel \uC804\uC6A9)
+  --show-token          proxy_token \uACFC curl \uC608\uC2DC\uB97C \uCD9C\uB825 (--public \uC544\uB2CC \uACBD\uC6B0)
+  --label <name>        Endpoint binding \uC790\uB3D9 \uB4F1\uB85D (tunnel \uC804\uC6A9) \u2014 SDK \uC758 cb.endpoint.call(label) \uD638\uCD9C \uAC00\uB2A5
+  --description <text>  Endpoint binding \uC124\uBA85 (--label \uB3D9\uBC18 \uC2DC\uB9CC)
   -d, --dev             Dev \uD658\uACBD\uC5D0 \uBC30\uD3EC (deploy \uC804\uC6A9)
-  --monorepo            \uBAA8\uB178\uB808\uD3EC git root\uC5D0 \uBB38\uC11C \uC0DD\uC131 (docs \uC804\uC6A9)
+  --check               \uBC84\uC804\uB9CC \uD655\uC778 (update \uC804\uC6A9)
+  --skip-docs           \uBB38\uC11C \uC5C5\uB370\uC774\uD2B8 \uAC74\uB108\uB6F0\uAE30 (update \uC804\uC6A9)
+  --skip-mcp            MCP \uC5C5\uB370\uC774\uD2B8 \uAC74\uB108\uB6F0\uAE30 (update \uC804\uC6A9)
+  --setup-root          \uBAA8\uB178\uB808\uD3EC \uB8E8\uD2B8\uC5D0 \uD3B8\uC758 \uC2A4\uD06C\uB9BD\uD2B8 \uCD94\uAC00 (update \uC804\uC6A9)
+  (docs, mcp, update\uB294 \uBAA8\uB178\uB808\uD3EC\uB97C \uC790\uB3D9 \uAC10\uC9C0\uD558\uC5EC \uD504\uB85C\uC81D\uD2B8 \uB8E8\uD2B8\uC5D0 \uC0DD\uC131)
   -h, --help            \uB3C4\uC6C0\uB9D0 \uD45C\uC2DC
   -v, --version         \uBC84\uC804 \uD45C\uC2DC
 
 ${colors.yellow}\uBE60\uB978 \uC2DC\uC791:${colors.reset}
   ${colors.dim}# 1. \uCD08\uAE30\uD654 (\uCD5C\uCD08 1\uD68C)${colors.reset}
-  npx connectbase-client init
+  npx connectbase init
+
+  ${colors.dim}# 2. SDK \uC804\uCCB4 \uC5C5\uB370\uC774\uD2B8 (\uBC84\uC804 \uCCB4\uD06C + \uBB38\uC11C + MCP)${colors.reset}
+  npx connectbase update
+
+  ${colors.dim}# 2-1. \uBAA8\uB178\uB808\uD3EC \uB8E8\uD2B8\uC5D0 \uD3B8\uC758 \uC2A4\uD06C\uB9BD\uD2B8 \uC124\uCE58${colors.reset}
+  npx connectbase update --setup-root
 
-  ${colors.dim}# 2. SDK \uBB38\uC11C \uC5C5\uB370\uC774\uD2B8${colors.reset}
+  ${colors.dim}# 3. SDK \uBB38\uC11C\uB9CC \uC5C5\uB370\uC774\uD2B8${colors.reset}
   npx connectbase docs
 
-  ${colors.dim}# 3. Prod \uBC30\uD3EC${colors.reset}
+  ${colors.dim}# 4. MCP \uC11C\uBC84 \uC124\uC815${colors.reset}
+  npx connectbase mcp
+
+  ${colors.dim}# 4. Prod \uBC30\uD3EC${colors.reset}
   npm run deploy
 
   ${colors.dim}# 4. Dev \uD658\uACBD \uBC30\uD3EC (\uB0B4\uBD80 QA\uC6A9)${colors.reset}
-  npx connectbase-client deploy ./dist --dev
+  npx connectbase deploy ./dist --dev
 
   ${colors.dim}# 5. \uD130\uB110 (\uAE30\uBCF8)${colors.reset}
   npx connectbase tunnel 3000
@@ -1003,13 +2388,16 @@ ${colors.yellow}\uBE60\uB978 \uC2DC\uC791:${colors.reset}
   npx connectbase tunnel 7860 --timeout 300 --max-body 50
 
 ${colors.yellow}\uD658\uACBD\uBCC0\uC218:${colors.reset}
-  CONNECTBASE_API_KEY       API Key
+  CONNECTBASE_PUBLIC_KEY    Public Key (cb_pk_*)
+  CONNECTBASE_SECRET_KEY    Secret Key (cb_sk_*, \uD130\uB110\uC6A9)
+  CONNECTBASE_PUBLIC_KEY       (deprecated) \uB808\uAC70\uC2DC \u2014 publicKey \uB610\uB294 secretKey \uB85C \uC0AC\uC6A9
   CONNECTBASE_STORAGE_ID    \uC2A4\uD1A0\uB9AC\uC9C0 ID
   CONNECTBASE_BASE_URL      \uC11C\uBC84 URL
 
 ${colors.yellow}\uC124\uC815 \uD30C\uC77C (.connectbaserc):${colors.reset}
   {
-    "apiKey": "your-api-key",
+    "publicKey": "cb_pk_...",
+    "secretKey": "cb_sk_...",
     "storageId": "your-storage-id",
     "deployDir": "./dist"
   }
@@ -1025,18 +2413,38 @@ function parseArgs(args) {
     const arg = args[i];
     if (arg === "-s" || arg === "--storage") {
       result.options.storageId = args[++i];
-    } else if (arg === "-k" || arg === "--api-key") {
-      result.options.apiKey = args[++i];
+    } else if (arg === "-k" || arg === "--public-key" || arg === "--public-key") {
+      result.options.publicKey = args[++i];
+    } else if (arg === "--secret-key") {
+      result.options.secretKey = args[++i];
     } else if (arg === "-u" || arg === "--base-url") {
       result.options.baseUrl = args[++i];
     } else if (arg === "-t" || arg === "--timeout") {
       result.options.timeout = args[++i];
     } else if (arg === "--max-body") {
       result.options.maxBody = args[++i];
+    } else if (arg === "--label") {
+      result.options.label = args[++i];
+    } else if (arg === "--description") {
+      result.options.description = args[++i];
+    } else if (arg === "-a" || arg === "--app") {
+      result.options.appId = args[++i];
+    } else if (arg === "--force") {
+      result.options.force = "true";
+    } else if (arg === "--public") {
+      result.options.public = "true";
+    } else if (arg === "--show-token") {
+      result.options.showToken = "true";
     } else if (arg === "-d" || arg === "--dev") {
       result.options.dev = "true";
-    } else if (arg === "--monorepo") {
-      result.options.monorepo = "true";
+    } else if (arg === "--check") {
+      result.options.check = "true";
+    } else if (arg === "--skip-docs") {
+      result.options.skipDocs = "true";
+    } else if (arg === "--skip-mcp") {
+      result.options.skipMcp = "true";
+    } else if (arg === "--setup-root") {
+      result.options.setupRoot = "true";
     } else if (arg === "-h" || arg === "--help") {
       result.options.help = "true";
     } else if (arg === "-v" || arg === "--version") {
@@ -1055,7 +2463,7 @@ function parseArgs(args) {
 async function main() {
   const parsed = parseArgs(process.argv.slice(2));
   if (parsed.options.version) {
-    log(`connectbase-client v${VERSION}`);
+    log(`connectbase v${VERSION}`);
     return;
   }
   if (parsed.options.help || !parsed.command) {
@@ -1064,30 +2472,32 @@ async function main() {
   }
   const fileConfig = loadConfig();
   const config = {
-    apiKey: parsed.options.apiKey || fileConfig.apiKey,
+    publicKey: parsed.options.publicKey || fileConfig.publicKey,
+    secretKey: parsed.options.secretKey || fileConfig.secretKey,
     storageId: parsed.options.storageId || fileConfig.storageId,
     baseUrl: parsed.options.baseUrl || fileConfig.baseUrl || DEFAULT_BASE_URL
   };
   if (parsed.command === "init") {
     await init();
+  } else if (parsed.command === "update") {
+    await update(config, {
+      checkOnly: parsed.options.check === "true",
+      skipDocs: parsed.options.skipDocs === "true",
+      skipMcp: parsed.options.skipMcp === "true",
+      setupRoot: parsed.options.setupRoot === "true"
+    });
   } else if (parsed.command === "docs") {
-    let docsApiKey = config.apiKey;
-    if (!docsApiKey) {
-      docsApiKey = await prompt(`${colors.blue}?${colors.reset} API Key: `);
-      if (!docsApiKey) {
-        error("API Key\uB294 \uD544\uC218\uC785\uB2C8\uB2E4");
-        process.exit(1);
-      }
-    }
-    await downloadDocs(docsApiKey, void 0, parsed.options.monorepo === "true");
+    await downloadDocs(config.publicKey || "");
+  } else if (parsed.command === "mcp") {
+    await setupMcp();
   } else if (parsed.command === "deploy") {
     const directory = parsed.args[0] || fileConfig.deployDir || ".";
-    if (!config.apiKey) {
-      error('API Key\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. "npx connectbase-client init"\uC73C\uB85C \uC124\uC815\uD558\uAC70\uB098 -k \uC635\uC158\uC744 \uC0AC\uC6A9\uD558\uC138\uC694');
+    if (!config.publicKey) {
+      error('Public Key\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. "npx connectbase init"\uC73C\uB85C \uC124\uC815\uD558\uAC70\uB098 -k \uC635\uC158\uC744 \uC0AC\uC6A9\uD558\uC138\uC694');
       process.exit(1);
     }
     if (!config.storageId) {
-      error('\uC2A4\uD1A0\uB9AC\uC9C0 ID\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. "npx connectbase-client init"\uC73C\uB85C \uC124\uC815\uD558\uAC70\uB098 -s \uC635\uC158\uC744 \uC0AC\uC6A9\uD558\uC138\uC694');
+      error('\uC2A4\uD1A0\uB9AC\uC9C0 ID\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. "npx connectbase init"\uC73C\uB85C \uC124\uC815\uD558\uAC70\uB098 -s \uC635\uC158\uC744 \uC0AC\uC6A9\uD558\uC138\uC694');
       process.exit(1);
     }
     const isDev = parsed.options.dev === "true";
@@ -1101,7 +2511,7 @@ async function main() {
   } else if (parsed.command === "tunnel") {
     const portStr = parsed.args[0];
     if (!portStr) {
-      error("\uD3EC\uD2B8 \uBC88\uD638\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. \uC608: npx connectbase-client tunnel 8084");
+      error("\uD3EC\uD2B8 \uBC88\uD638\uAC00 \uD544\uC694\uD569\uB2C8\uB2E4. \uC608: npx connectbase tunnel 8084");
       process.exit(1);
     }
     const port = parseInt(portStr, 10);
@@ -1118,6 +2528,24 @@ async function main() {
       const m = parseInt(parsed.options.maxBody, 10);
       if (!isNaN(m) && m > 0) tunnelOpts.maxBody = m;
     }
+    if (parsed.options.appId) {
+      tunnelOpts.appId = parsed.options.appId;
+    }
+    if (parsed.options.force === "true") {
+      tunnelOpts.force = true;
+    }
+    if (parsed.options.public === "true") {
+      tunnelOpts.public = true;
+    }
+    if (parsed.options.showToken === "true") {
+      tunnelOpts.showToken = true;
+    }
+    if (parsed.options.label) {
+      tunnelOpts.label = parsed.options.label;
+    }
+    if (parsed.options.description) {
+      tunnelOpts.description = parsed.options.description;
+    }
     await startTunnel(port, config, tunnelOpts);
   } else {
     error(`\uC54C \uC218 \uC5C6\uB294 \uBA85\uB839\uC5B4: ${parsed.command}`);
@@ -1129,3 +2557,11 @@ main().catch((err) => {
   error(err.message);
   process.exit(1);
 });
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  computeDeployDiff,
+  normalizeRelativePath,
+  parseArgs,
+  registerEndpointBinding,
+  sha256Hex
+});