instar 0.6.0 → 0.6.2

package/.claude/skills/setup-wizard/skill.md

@@ -32,7 +32,7 @@ Start with a brief welcome, then immediately ask HOW they want to use Instar.
 
 **Welcome to Instar!**
 
-Instar gives Claude Code a persistent body — a server, jobs, memory, and messaging. Two ways to use it:
+Instar turns Claude Code into a persistent agent you just talk to — through Telegram, not the terminal. This setup gets you there. Two ways to use it:
 
 ---
 
@@ -246,21 +246,23 @@ which claude
 - **Port** (default: 4040) — "The agent runs a small HTTP server for health checks and internal communication."
 - **Max sessions** (default: 3) — "This limits how many Claude sessions can run at once. 2-3 is usually right."
 
-### 3c. Telegram Setup (Strongly Recommended — Essential for General Agents)
+### 3c. Telegram Setup — The Destination
 
-**Frame Telegram as the primary way to interact with the agent.** Explain briefly:
+**This terminal session is the on-ramp. Telegram is where the agent experience truly begins.** Frame it that way:
 
-> Telegram is where Instar really shines:
+> Right now we're in a terminal. Telegram is where your agent comes alive:
+> - **Just talk** — no commands, no terminal, just conversation
 > - **Topic threads** — organized channels for different concerns
-> - **Message history** — full record of every interaction
-> - **Mobile access** — talk to your agent from anywhere
-> - **Notifications** — your agent reaches you proactively
+> - **Mobile access** — your agent is always reachable
+> - **Proactive** — your agent reaches out when something matters
 
-For **General Agents**: Telegram is essential. Without it, a general agent has no natural interface — you'd have to open a terminal every time. **Strongly encourage** setting it up and explain that this IS the agent's communication channel.
+The goal of this setup is to get the user onto Telegram as fast as possible. Everything else (jobs, config, technical setup) supports that destination.
 
-For **Project Agents**: Telegram is strongly recommended but optional. The agent can still work through CLI sessions without it.
+For **General Agents**: Telegram is essential. Without it, there IS no natural interface. Be direct: "This is how you'll talk to your agent."
 
-If the user declines, that's their choice — but make the tradeoff clear in one sentence.
+For **Project Agents**: Telegram is strongly recommended. Frame it as: "Your agent can message you about builds, issues, and progress — you just reply."
+
+If the user declines, accept it in one sentence and move on — but they should understand they're choosing the terminal-only experience.
 
 #### Browser-Automated Setup (Default)
 
@@ -445,23 +447,23 @@ Append if not present:
 .instar/logs/
 ```
 
-## Phase 4: Summary & Next Steps
+## Phase 4: Summary & Launch
 
-Show what was created briefly, then focus on what happens next.
+Show what was created briefly, then get the user to their agent.
 
-**Next steps — frame around Telegram if configured:**
+**If Telegram was configured — this is the moment:**
 
-If Telegram was set up, emphasize that Telegram IS the interface now:
+> "That's everything. Let me start the server, and then open Telegram and say hello to your agent. That's your primary channel from here on — no terminal needed."
 
-> "Start the server with `instar server start`, then open Telegram. That's it. Your agent will message you when it has something to report. You can message it when you need something done. Everything else — jobs, monitoring, memory — happens automatically."
+Start the server, then direct them to Telegram. The setup is complete when the user is talking to their agent in Telegram, not when config files are written.
 
-If Telegram was NOT set up, mention they can add it later:
+**If Telegram was NOT configured:**
 
-> "Start the server with `instar server start`. You can interact with your agent through Claude Code sessions. For a much richer experience, run `instar add telegram` later — it gives you mobile access, organized threads, and message history."
+> "Start the server with `instar server start`. You can talk to your agent through Claude Code sessions. When you're ready for a richer experience, just ask your agent to help set up Telegram."
 
 Offer to start the server.
 
-**Important:** Do NOT present a list of CLI commands. The point of Instar is that the agent is autonomous. After starting the server, the user talks to their agent (ideally through Telegram), not to the CLI.
+**Important:** Do NOT present a list of CLI commands. The setup's job is to get the user FROM the terminal TO their agent. After starting the server, the user talks to their agent (through Telegram), not to the CLI. The terminal was just the on-ramp.
 
 ## Tone
 

package/README.md

@@ -34,54 +34,45 @@ Named after the developmental stages between molts in arthropods, where each ins
 
 The difference isn't features. It's a shift in what Claude Code *is* -- from a tool you use to an agent that works alongside you. This is the cutting edge of what's possible with AI agents today -- not a demo, not a toy, but genuine autonomous partnership between a human and an AI.
 
-## Two Ways to Use Instar
+## Getting Started
 
-### 🤖 General Agent — A personal AI on your computer
-
-Want a persistent AI assistant you talk to through Telegram? Like OpenClaw, but ToS-compliant.
+One command gets you from zero to talking with your AI partner:
 
 ```bash
 npx instar
-# Choose "General Agent" → set up Telegram → start the server
-# Now talk to your agent from your phone, anywhere
 ```
 
-Your agent runs in the background, handles scheduled tasks, messages you proactively, and grows through experience. Telegram is the primary interface — organized topic threads, full message history, mobile access.
+A guided setup handles the rest — identity, Telegram connection, server. Within minutes, you're talking to your partner from your phone, anywhere. That's the intended experience: **you talk, your partner handles everything else.**
 
-### 📁 Project Agent — Add an agent to your codebase
+### Two configurations
 
-Want an agent that monitors, builds, and maintains a specific project?
+- **General Agent** — A personal AI partner on your computer. Runs in the background, handles scheduled tasks, messages you proactively, and grows through experience.
+- **Project Agent** — A partner embedded in your codebase. Monitors, builds, maintains, and communicates through Telegram or terminal.
 
-```bash
-cd my-project
-npx instar
-# Choose "Project Agent" → configure → start the server
-```
-
-Your agent watches your codebase, runs health checks, handles ops tasks, and communicates through Telegram (recommended) or terminal sessions.
-
----
-
-The wizard walks you through everything: identity, Telegram, jobs, server. One command to go from zero to a running agent.
+Once running, the infrastructure is invisible. Your partner manages its own jobs, health checks, evolution, and self-maintenance. You just talk to it.
 
 **Requirements:** Node.js 20+ · [Claude Code CLI](https://docs.anthropic.com/en/docs/claude-code) · tmux · [API key](https://console.anthropic.com/) or Claude subscription
 
-## CLI Reference
+## CLI Reference (Power Users)
+
+> Most users never need these — your agent manages its own infrastructure. These commands are available for power users and for the agent itself to operate.
 
 ```bash
 # Setup
-instar                          # Interactive setup wizard (General Agent or Project Agent)
+instar                          # Interactive setup wizard
 instar setup                    # Same as above
-instar setup --classic          # Inquirer-based fallback wizard
 instar init my-agent            # Create a new agent (general or project)
-instar init                     # Add agent infrastructure to current project
 
 # Server
 instar server start             # Start the persistent server (background, tmux)
-instar server start --foreground  # Start in foreground (for development)
 instar server stop              # Stop the server
 instar status                   # Show agent infrastructure status
 
+# Lifeline (persistent Telegram connection with auto-recovery)
+instar lifeline start           # Start lifeline (supervises server, queues messages during downtime)
+instar lifeline stop            # Stop lifeline and server
+instar lifeline status          # Check lifeline health
+
 # Add capabilities
 instar add telegram --token BOT_TOKEN --chat-id CHAT_ID
 instar add email --credentials-file ./credentials.json [--token-file ./token.json]
@@ -90,10 +81,8 @@ instar add sentry --dsn https://key@o0.ingest.sentry.io/0
 
 # Users and jobs
 instar user add --id alice --name "Alice" [--telegram 123] [--email a@b.com]
-instar user list
 instar job add --slug check-email --name "Email Check" --schedule "0 */2 * * *" \
   [--description "..."] [--priority high] [--model sonnet]
-instar job list
 
 # Feedback
 instar feedback --type bug --title "Session timeout" --description "Details..."
@@ -116,12 +105,14 @@ instar feedback --type bug --title "Session timeout" --description "Details..."
 ```
 You (Telegram / Terminal)
          │
+    conversation
+         │
          ▼
 ┌─────────────────────────┐
-│     Instar Server       │
-│   (Express + tmux)      │
-│   http://localhost:4040  │
+│    Your AI Partner       │
+│    (Instar Server)       │
 └────────┬────────────────┘
+         │  manages its own infrastructure
          │
          ├─ Claude Code session (job: health-check)
          ├─ Claude Code session (job: email-monitor)
@@ -129,7 +120,7 @@ You (Telegram / Terminal)
          └─ Claude Code session (job: reflection)
 ```
 
-Each session is a **real Claude Code process** with extended thinking, native tools, sub-agents, hooks, skills, and MCP servers. Not an API wrapper -- the full development environment.
+Each session is a **real Claude Code process** with extended thinking, native tools, sub-agents, hooks, skills, and MCP servers. Not an API wrapper -- the full development environment. The agent manages all of this autonomously.
 
 ## Why Instar (vs OpenClaw)
 
@@ -241,14 +232,9 @@ Two-way messaging via Telegram forum topics. Each topic maps to a Claude session
 
 ### Persistent Server
 
-```bash
-instar server start              # Background (tmux)
-instar server start --foreground # Foreground (dev)
-instar server stop
-instar status                    # Health check
-```
+The server runs 24/7 in the background, surviving terminal disconnects and auto-recovering from failures. The agent operates it — you don't need to manage it.
 
-**Endpoints:**
+**API endpoints** (used by the agent internally):
 
 | Method | Path | Description |
 |--------|------|-------------|
@@ -346,7 +332,7 @@ Instar is open source. PRs and issues still work. But the *primary* feedback cha
 
 **How it works:**
 
-1. **You talk to your agent** -- "The email job keeps failing" -- natural conversation, not a bug report form
+1. **You mention a problem** -- "The email job keeps failing" -- natural conversation, not a bug report form
 2. **Agent-to-agent relay** -- Your agent communicates the issue directly to Dawn, the AI that maintains Instar
 3. **Dawn evolves Instar** -- Fixes the infrastructure and publishes an update
 4. **Every agent evolves** -- Agents detect improvements, understand them, and grow -- collectively

package/dist/commands/init.js

@@ -447,12 +447,12 @@ This routes feedback to the Instar maintainers automatically. Valid types: \`bug
 
 **Feedback System** — Report bugs, request features, suggest improvements. All via \`POST /feedback\`. NOT GitHub.
 
-**Job Scheduler** — You can run tasks on a schedule. Jobs are defined in \`.instar/jobs.json\`.
+**Job Scheduler** — Run tasks on a schedule. Jobs are defined in \`.instar/jobs.json\`.
 - View jobs: \`curl http://localhost:${port}/jobs\`
 - Trigger a job: \`curl -X POST http://localhost:${port}/jobs/SLUG/trigger\`
 - **Create new jobs**: Edit \`.instar/jobs.json\`. Each job has a slug, schedule (cron), priority, and either a prompt (Claude session), script (shell command), or skill.
 
-**Sessions** — You can spawn and manage Claude Code sessions.
+**Sessions** — Spawn and manage Claude Code sessions.
 - List: \`curl http://localhost:${port}/sessions\`
 - Spawn: \`curl -X POST http://localhost:${port}/sessions/spawn -H 'Content-Type: application/json' -d '{"name":"task","prompt":"do something"}'\`
 

package/dist/commands/server.js

@@ -23,6 +23,8 @@ import { DispatchManager } from '../core/DispatchManager.js';
 import { UpdateChecker } from '../core/UpdateChecker.js';
 import { registerPort, unregisterPort, startHeartbeat } from '../core/PortRegistry.js';
 import { TelegraphService } from '../publishing/TelegraphService.js';
+import { PrivateViewer } from '../publishing/PrivateViewer.js';
+import { TunnelManager } from '../tunnel/TunnelManager.js';
 /**
  * Respawn a session for a topic, including thread history in the bootstrap.
  * This prevents "thread drift" where respawned sessions lose context.
@@ -397,11 +399,40 @@ export async function startServer(options) {
             });
             console.log(pc.green(`  Publishing enabled (Telegraph)`));
         }
-        const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, dispatches, updateChecker, publisher });
+        // Set up private viewer (always enabled — stores rendered markdown locally)
+        const viewer = new PrivateViewer({
+            viewsDir: path.join(config.stateDir, 'views'),
+        });
+        console.log(pc.green(`  Private viewer enabled`));
+        // Set up Cloudflare Tunnel if configured
+        let tunnel;
+        if (config.tunnel?.enabled) {
+            tunnel = new TunnelManager({
+                enabled: true,
+                type: config.tunnel.type || 'quick',
+                token: config.tunnel.token,
+                port: config.port,
+                stateDir: config.stateDir,
+            });
+        }
+        const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, dispatches, updateChecker, publisher, viewer, tunnel });
         await server.start();
+        // Start tunnel AFTER server is listening
+        if (tunnel) {
+            try {
+                const tunnelUrl = await tunnel.start();
+                console.log(pc.green(`  Tunnel active: ${pc.bold(tunnelUrl)}`));
+            }
+            catch (err) {
+                console.error(pc.red(`  Tunnel failed: ${err instanceof Error ? err.message : String(err)}`));
+                console.log(pc.yellow(`  Server running locally without tunnel. Fix tunnel config and restart.`));
+            }
+        }
         // Graceful shutdown
         const shutdown = async () => {
             console.log('\nShutting down...');
+            if (tunnel)
+                await tunnel.stop();
             stopHeartbeat();
             unregisterPort(config.projectName);
             scheduler?.stop();

package/dist/commands/setup.js

@@ -184,9 +184,10 @@ async function runClassicSetup() {
     }) ?? 3;
     // ── Step 3: Telegram (BEFORE users, so we know context) ────────
     console.log();
-    console.log(pc.bold('  Telegram (Recommended)'));
-    console.log(pc.dim('  Telegram is the most powerful way to interact with your agent.'));
-    console.log(pc.dim('  You get organized topic threads, message history, and mobile access.'));
+    console.log(pc.bold('  Telegram — Where Your Agent Lives'));
+    console.log(pc.dim('  Telegram is where the real experience begins.'));
+    console.log(pc.dim('  Once connected, you just talk — no commands, no terminal.'));
+    console.log(pc.dim('  Topic threads, message history, mobile access, proactive notifications.'));
     console.log();
     const telegramConfig = await promptForTelegram();
     // ── Step 4: User setup ─────────────────────────────────────────
@@ -356,14 +357,25 @@ async function runClassicSetup() {
         console.log();
         const { startServer } = await import('./server.js');
         await startServer({ foreground: false });
+        if (telegramConfig?.chatId) {
+            console.log();
+            console.log(pc.bold('  Now open Telegram and say hello to your agent.'));
+            console.log(pc.dim('  That\'s your primary channel from here on — no terminal needed.'));
+        }
     }
     else {
         console.log();
-        console.log('  When you\'re ready, start the server with:');
+        console.log('  To start the server:');
         console.log(`    ${pc.cyan('instar server start')}`);
         console.log();
-        console.log('  Once running, your agent can handle everything else —');
-        console.log('  just ask it to add jobs, users, or configure new integrations.');
+        if (telegramConfig?.chatId) {
+            console.log('  Then open Telegram and say hello to your agent.');
+            console.log('  That\'s your primary channel — no terminal needed.');
+        }
+        else {
+            console.log('  Once running, just talk to your agent through Claude Code sessions.');
+            console.log('  For a richer experience, set up Telegram later with your agent\'s help.');
+        }
     }
     console.log();
 }
@@ -389,11 +401,13 @@ function isInstarGlobal() {
  */
 async function promptForTelegram() {
     const enableTelegram = await confirm({
-        message: 'Set up Telegram? (recommended — gives you mobile access, organized threads, and message history)',
+        message: 'Set up Telegram? (this is how you\'ll talk to your agent — mobile, threaded, always available)',
         default: true,
     });
-    if (!enableTelegram)
+    if (!enableTelegram) {
+        console.log(pc.dim('  You can set it up later — just ask your agent once it\'s running.'));
         return null;
+    }
     console.log();
     console.log(pc.bold('  Telegram Setup'));
     console.log(pc.dim('  We\'ll walk you through creating a Telegram bot and a group for it to live in.'));

package/dist/core/Config.js

@@ -173,6 +173,7 @@ export function loadConfig(projectDir) {
             feedbackFile: path.join(stateDir, 'feedback.json'),
             ...fileConfig.feedback,
         },
+        tunnel: fileConfig.tunnel,
     };
 }
 /**
@@ -185,6 +186,7 @@ export function ensureStateDir(stateDir) {
         path.join(stateDir, 'state', 'sessions'),
         path.join(stateDir, 'state', 'jobs'),
         path.join(stateDir, 'relationships'),
+        path.join(stateDir, 'views'),
         path.join(stateDir, 'logs'),
     ];
     for (const dir of dirs) {

package/dist/core/types.d.ts

@@ -348,6 +348,8 @@ export interface InstarConfig {
     updates?: UpdateConfig;
     /** Publishing (Telegraph) config */
     publishing?: PublishingConfig;
+    /** Cloudflare Tunnel config */
+    tunnel?: TunnelConfigType;
     /** Request timeout in milliseconds (default: 30000) */
     requestTimeoutMs?: number;
     /** Instar version (from package.json) */
@@ -363,6 +365,14 @@ export interface PublishingConfig {
     /** Author URL shown on published pages */
     authorUrl?: string;
 }
+export interface TunnelConfigType {
+    /** Whether tunnel is enabled */
+    enabled: boolean;
+    /** Tunnel type: 'quick' (ephemeral, no account) or 'named' (persistent, requires token) */
+    type: 'quick' | 'named';
+    /** Cloudflare tunnel token (required for named tunnels) */
+    token?: string;
+}
 export interface DispatchConfig {
     /** Whether dispatch polling is enabled */
     enabled: boolean;

package/dist/index.d.ts

@@ -27,6 +27,10 @@ export { TelegramAdapter } from './messaging/TelegramAdapter.js';
 export type { TelegramConfig } from './messaging/TelegramAdapter.js';
 export { TelegraphService, markdownToNodes, parseInline } from './publishing/TelegraphService.js';
 export type { TelegraphConfig, TelegraphNode, TelegraphElement, TelegraphPage, PublishedPage } from './publishing/TelegraphService.js';
-export type { Session, SessionStatus, SessionManagerConfig, ModelTier, JobDefinition, JobPriority, JobExecution, JobState, JobSchedulerConfig, UserProfile, UserChannel, UserPreferences, Message, OutgoingMessage, MessagingAdapter, MessagingAdapterConfig, QuotaState, AccountQuota, HealthStatus, ComponentHealth, ActivityEvent, InstarConfig, MonitoringConfig, RelationshipRecord, RelationshipManagerConfig, InteractionSummary, FeedbackItem, FeedbackConfig, UpdateInfo, UpdateResult, DispatchConfig, UpdateConfig, PublishingConfig, } from './core/types.js';
+export { PrivateViewer } from './publishing/PrivateViewer.js';
+export type { PrivateView, PrivateViewerConfig } from './publishing/PrivateViewer.js';
+export { TunnelManager } from './tunnel/TunnelManager.js';
+export type { TunnelConfig, TunnelState } from './tunnel/TunnelManager.js';
+export type { Session, SessionStatus, SessionManagerConfig, ModelTier, JobDefinition, JobPriority, JobExecution, JobState, JobSchedulerConfig, UserProfile, UserChannel, UserPreferences, Message, OutgoingMessage, MessagingAdapter, MessagingAdapterConfig, QuotaState, AccountQuota, HealthStatus, ComponentHealth, ActivityEvent, InstarConfig, MonitoringConfig, RelationshipRecord, RelationshipManagerConfig, InteractionSummary, FeedbackItem, FeedbackConfig, UpdateInfo, UpdateResult, DispatchConfig, UpdateConfig, PublishingConfig, TunnelConfigType, } from './core/types.js';
 export type { Dispatch, DispatchCheckResult, DispatchEvaluation, EvaluationDecision, DispatchFeedback, DispatchStats } from './core/DispatchManager.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -29,4 +29,7 @@ export { SleepWakeDetector } from './core/SleepWakeDetector.js';
 export { TelegramAdapter } from './messaging/TelegramAdapter.js';
 // Publishing
 export { TelegraphService, markdownToNodes, parseInline } from './publishing/TelegraphService.js';
+export { PrivateViewer } from './publishing/PrivateViewer.js';
+// Tunnel
+export { TunnelManager } from './tunnel/TunnelManager.js';
 //# sourceMappingURL=index.js.map

package/dist/publishing/PrivateViewer.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Private content viewer for Instar agents.
+ *
+ * Stores markdown content locally and serves it as rendered HTML
+ * via the agent's HTTP server. When combined with a Cloudflare Tunnel,
+ * this provides authenticated access to rendered content from anywhere.
+ *
+ * Unlike Telegraph (public), private views are gated by the agent's
+ * auth token and only accessible through the tunnel URL.
+ */
+export interface PrivateView {
+    id: string;
+    title: string;
+    markdown: string;
+    createdAt: string;
+    updatedAt?: string;
+}
+export interface PrivateViewerConfig {
+    /** Directory to store views */
+    viewsDir: string;
+}
+export declare class PrivateViewer {
+    private viewsDir;
+    private lastTimestamp;
+    constructor(config: PrivateViewerConfig);
+    /**
+     * Store markdown content for private viewing.
+     * Returns the view ID.
+     */
+    create(title: string, markdown: string): PrivateView;
+    /**
+     * Update an existing view.
+     */
+    update(id: string, title: string, markdown: string): PrivateView | null;
+    /**
+     * Get a view by ID.
+     */
+    get(id: string): PrivateView | null;
+    /**
+     * List all views.
+     */
+    list(): PrivateView[];
+    /**
+     * Delete a view.
+     */
+    delete(id: string): boolean;
+    /**
+     * Render a view as self-contained HTML.
+     */
+    renderHtml(view: PrivateView): string;
+    private save;
+}
+//# sourceMappingURL=PrivateViewer.d.ts.map

package/dist/publishing/PrivateViewer.js

@@ -0,0 +1,262 @@
+/**
+ * Private content viewer for Instar agents.
+ *
+ * Stores markdown content locally and serves it as rendered HTML
+ * via the agent's HTTP server. When combined with a Cloudflare Tunnel,
+ * this provides authenticated access to rendered content from anywhere.
+ *
+ * Unlike Telegraph (public), private views are gated by the agent's
+ * auth token and only accessible through the tunnel URL.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import { markdownToNodes } from './TelegraphService.js';
+// ── Service ────────────────────────────────────────────────────────
+export class PrivateViewer {
+    viewsDir;
+    lastTimestamp = 0;
+    constructor(config) {
+        this.viewsDir = config.viewsDir;
+        if (!fs.existsSync(this.viewsDir)) {
+            fs.mkdirSync(this.viewsDir, { recursive: true });
+        }
+    }
+    /**
+     * Store markdown content for private viewing.
+     * Returns the view ID.
+     */
+    create(title, markdown) {
+        const id = crypto.randomUUID();
+        // Ensure monotonically increasing timestamps even within same millisecond
+        let now = Date.now();
+        if (now <= this.lastTimestamp) {
+            now = this.lastTimestamp + 1;
+        }
+        this.lastTimestamp = now;
+        const view = {
+            id,
+            title,
+            markdown,
+            createdAt: new Date(now).toISOString(),
+        };
+        this.save(view);
+        return view;
+    }
+    /**
+     * Update an existing view.
+     */
+    update(id, title, markdown) {
+        const existing = this.get(id);
+        if (!existing)
+            return null;
+        existing.title = title;
+        existing.markdown = markdown;
+        existing.updatedAt = new Date().toISOString();
+        this.save(existing);
+        return existing;
+    }
+    /**
+     * Get a view by ID.
+     */
+    get(id) {
+        const filePath = path.join(this.viewsDir, `${id}.json`);
+        try {
+            if (!fs.existsSync(filePath))
+                return null;
+            return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * List all views.
+     */
+    list() {
+        try {
+            const files = fs.readdirSync(this.viewsDir).filter(f => f.endsWith('.json'));
+            return files.map(f => {
+                try {
+                    return JSON.parse(fs.readFileSync(path.join(this.viewsDir, f), 'utf-8'));
+                }
+                catch {
+                    return null;
+                }
+            }).filter((v) => v !== null)
+                .sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+        }
+        catch {
+            return [];
+        }
+    }
+    /**
+     * Delete a view.
+     */
+    delete(id) {
+        const filePath = path.join(this.viewsDir, `${id}.json`);
+        try {
+            if (!fs.existsSync(filePath))
+                return false;
+            fs.unlinkSync(filePath);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Render a view as self-contained HTML.
+     */
+    renderHtml(view) {
+        const nodes = markdownToNodes(view.markdown);
+        const bodyHtml = nodesToHtml(nodes);
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${escapeHtml(view.title)}</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      line-height: 1.6;
+      color: #1a1a2e;
+      background: #f8f9fa;
+      padding: 0;
+    }
+    .container {
+      max-width: 720px;
+      margin: 0 auto;
+      padding: 2rem 1.5rem;
+      background: #fff;
+      min-height: 100vh;
+    }
+    h1 {
+      font-size: 1.8rem;
+      margin-bottom: 0.5rem;
+      color: #16213e;
+      border-bottom: 2px solid #e8e8e8;
+      padding-bottom: 0.5rem;
+    }
+    .meta {
+      font-size: 0.85rem;
+      color: #888;
+      margin-bottom: 2rem;
+    }
+    h3 { font-size: 1.4rem; margin: 1.5rem 0 0.75rem; color: #16213e; }
+    h4 { font-size: 1.15rem; margin: 1.25rem 0 0.5rem; color: #16213e; }
+    p { margin: 0.75rem 0; }
+    a { color: #0f3460; text-decoration: underline; }
+    a:hover { color: #533483; }
+    strong { font-weight: 600; }
+    em { font-style: italic; }
+    s { text-decoration: line-through; color: #888; }
+    code {
+      font-family: 'SF Mono', 'Fira Code', monospace;
+      background: #f0f0f0;
+      padding: 0.15em 0.35em;
+      border-radius: 3px;
+      font-size: 0.9em;
+    }
+    pre {
+      background: #1a1a2e;
+      color: #e8e8e8;
+      padding: 1rem;
+      border-radius: 6px;
+      overflow-x: auto;
+      margin: 1rem 0;
+    }
+    pre code {
+      background: none;
+      padding: 0;
+      color: inherit;
+      font-size: 0.85rem;
+    }
+    blockquote {
+      border-left: 3px solid #533483;
+      padding: 0.5rem 1rem;
+      margin: 1rem 0;
+      color: #555;
+      background: #faf8ff;
+      border-radius: 0 4px 4px 0;
+    }
+    ul, ol { margin: 0.75rem 0; padding-left: 1.5rem; }
+    li { margin: 0.25rem 0; }
+    hr {
+      border: none;
+      border-top: 1px solid #e0e0e0;
+      margin: 1.5rem 0;
+    }
+    img { max-width: 100%; border-radius: 4px; }
+    figure { margin: 1rem 0; }
+    figcaption { font-size: 0.85rem; color: #888; text-align: center; margin-top: 0.25rem; }
+    .footer {
+      margin-top: 3rem;
+      padding-top: 1rem;
+      border-top: 1px solid #e8e8e8;
+      font-size: 0.8rem;
+      color: #aaa;
+      text-align: center;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>${escapeHtml(view.title)}</h1>
+    <div class="meta">${new Date(view.createdAt).toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric', hour: '2-digit', minute: '2-digit' })}${view.updatedAt ? ' (updated)' : ''}</div>
+    ${bodyHtml}
+    <div class="footer">Served by Instar</div>
+  </div>
+</body>
+</html>`;
+    }
+    save(view) {
+        const filePath = path.join(this.viewsDir, `${view.id}.json`);
+        fs.writeFileSync(filePath, JSON.stringify(view, null, 2));
+    }
+}
+// ── HTML Rendering ─────────────────────────────────────────────────
+function nodesToHtml(nodes) {
+    return nodes.map(nodeToHtml).join('');
+}
+function nodeToHtml(node) {
+    if (typeof node === 'string') {
+        return escapeHtml(node);
+    }
+    const element = node;
+    const tag = element.tag;
+    // Self-closing tags
+    if (tag === 'br')
+        return '<br>';
+    if (tag === 'hr')
+        return '<hr>';
+    if (tag === 'img') {
+        const src = element.attrs?.src ? ` src="${escapeAttr(element.attrs.src)}"` : '';
+        return `<img${src} alt="">`;
+    }
+    // Build attributes
+    let attrs = '';
+    if (element.attrs?.href)
+        attrs += ` href="${escapeAttr(element.attrs.href)}"`;
+    if (element.attrs?.src)
+        attrs += ` src="${escapeAttr(element.attrs.src)}"`;
+    const children = element.children ? nodesToHtml(element.children) : '';
+    return `<${tag}${attrs}>${children}</${tag}>`;
+}
+function escapeHtml(text) {
+    return text
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+}
+function escapeAttr(text) {
+    return text
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}
+//# sourceMappingURL=PrivateViewer.js.map

package/dist/scaffold/templates.js

@@ -49,7 +49,7 @@ export function generateUserMd(userName) {
 
 ## About
 
-Primary collaborator and operator of this agent.
+Primary collaborator and partner.
 
 ## Communication Preferences
 
@@ -177,6 +177,22 @@ This routes feedback to the Instar maintainers automatically. Valid types: \`bug
 
 **⚠ CRITICAL: All Telegraph pages are PUBLIC.** Anyone with the URL can view the content. There is no authentication or access control. NEVER publish sensitive, private, or confidential information through Telegraph. When sharing a link, always inform the user that the page is publicly accessible.
 
+**Private Viewing** — Render markdown as auth-gated HTML pages, accessible only through the agent's server (local or via tunnel).
+- Create: \`curl -X POST http://localhost:${port}/view -H 'Content-Type: application/json' -d '{"title":"Report","markdown":"# Private content"}'\`
+- View (HTML): Open \`http://localhost:${port}/view/VIEW_ID\` in a browser
+- List: \`curl http://localhost:${port}/views\`
+- Update: \`curl -X PUT http://localhost:${port}/view/VIEW_ID -H 'Content-Type: application/json' -d '{"title":"Updated","markdown":"# New content"}'\`
+- Delete: \`curl -X DELETE http://localhost:${port}/view/VIEW_ID\`
+
+**Use private views for sensitive content. Use Telegraph for public content.**
+
+**Cloudflare Tunnel** — Expose the local server to the internet via Cloudflare. Enables remote access to private views, the API, and file serving.
+- Status: \`curl http://localhost:${port}/tunnel\`
+- Configure in \`.instar/config.json\`: \`{"tunnel": {"enabled": true, "type": "quick"}}\`
+- Quick tunnels (default): Zero-config, ephemeral URL (*.trycloudflare.com), no account needed
+- Named tunnels: Persistent custom domain, requires token from Cloudflare dashboard
+- When a tunnel is running, private view responses include a \`tunnelUrl\` field for remote access
+
 **Scripts** — Reusable capabilities in \`.claude/scripts/\`.
 
 ### Self-Discovery (Know Before You Claim)

package/dist/server/AgentServer.d.ts

@@ -16,6 +16,8 @@ import type { DispatchManager } from '../core/DispatchManager.js';
 import type { UpdateChecker } from '../core/UpdateChecker.js';
 import type { QuotaTracker } from '../monitoring/QuotaTracker.js';
 import type { TelegraphService } from '../publishing/TelegraphService.js';
+import type { PrivateViewer } from '../publishing/PrivateViewer.js';
+import type { TunnelManager } from '../tunnel/TunnelManager.js';
 export declare class AgentServer {
     private app;
     private server;
@@ -33,6 +35,8 @@ export declare class AgentServer {
         updateChecker?: UpdateChecker;
         quotaTracker?: QuotaTracker;
         publisher?: TelegraphService;
+        viewer?: PrivateViewer;
+        tunnel?: TunnelManager;
     });
     /**
      * Start the HTTP server.

package/dist/server/AgentServer.js

@@ -34,6 +34,8 @@ export class AgentServer {
             updateChecker: options.updateChecker ?? null,
             quotaTracker: options.quotaTracker ?? null,
             publisher: options.publisher ?? null,
+            viewer: options.viewer ?? null,
+            tunnel: options.tunnel ?? null,
             startTime: this.startTime,
         });
         this.app.use(routes);

package/dist/server/routes.d.ts

@@ -16,6 +16,8 @@ import type { DispatchManager } from '../core/DispatchManager.js';
 import type { UpdateChecker } from '../core/UpdateChecker.js';
 import type { QuotaTracker } from '../monitoring/QuotaTracker.js';
 import type { TelegraphService } from '../publishing/TelegraphService.js';
+import type { PrivateViewer } from '../publishing/PrivateViewer.js';
+import type { TunnelManager } from '../tunnel/TunnelManager.js';
 export interface RouteContext {
     config: InstarConfig;
     sessionManager: SessionManager;
@@ -28,6 +30,8 @@ export interface RouteContext {
     updateChecker: UpdateChecker | null;
     quotaTracker: QuotaTracker | null;
     publisher: TelegraphService | null;
+    viewer: PrivateViewer | null;
+    tunnel: TunnelManager | null;
     startTime: Date;
 }
 export declare function createRoutes(ctx: RouteContext): Router;

package/dist/server/routes.js

@@ -155,6 +155,17 @@ export function createRoutes(ctx) {
             publishing: {
                 enabled: !!ctx.publisher,
                 pageCount: ctx.publisher?.listPages().length ?? 0,
+                warning: 'Telegraph pages are PUBLIC — anyone with the URL can view them.',
+            },
+            privateViewer: {
+                enabled: !!ctx.viewer,
+                viewCount: ctx.viewer?.list().length ?? 0,
+            },
+            tunnel: {
+                enabled: !!ctx.tunnel,
+                running: ctx.tunnel?.isRunning ?? false,
+                url: ctx.tunnel?.url ?? null,
+                type: ctx.config.tunnel?.type ?? null,
             },
             users: {
                 count: userCount,
@@ -867,6 +878,129 @@ export function createRoutes(ctx) {
             res.status(500).json({ error: err instanceof Error ? err.message : String(err) });
         }
     });
+    // ── Private Views (auth-gated rendered markdown) ────────────────
+    const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+    router.post('/view', (req, res) => {
+        if (!ctx.viewer) {
+            res.status(503).json({ error: 'Private viewer not configured' });
+            return;
+        }
+        const { title, markdown } = req.body;
+        if (!title || typeof title !== 'string' || title.length > 256) {
+            res.status(400).json({ error: '"title" must be a string under 256 characters' });
+            return;
+        }
+        if (!markdown || typeof markdown !== 'string') {
+            res.status(400).json({ error: '"markdown" must be a non-empty string' });
+            return;
+        }
+        if (markdown.length > 500_000) {
+            res.status(400).json({ error: '"markdown" must be under 500KB' });
+            return;
+        }
+        const view = ctx.viewer.create(title, markdown);
+        const tunnelUrl = ctx.tunnel?.getExternalUrl(`/view/${view.id}`) ?? null;
+        res.status(201).json({
+            id: view.id,
+            title: view.title,
+            localUrl: `/view/${view.id}`,
+            tunnelUrl,
+            createdAt: view.createdAt,
+        });
+    });
+    router.get('/view/:id', (req, res) => {
+        if (!ctx.viewer) {
+            res.status(503).json({ error: 'Private viewer not configured' });
+            return;
+        }
+        if (!UUID_RE.test(req.params.id)) {
+            res.status(400).json({ error: 'Invalid view ID' });
+            return;
+        }
+        const view = ctx.viewer.get(req.params.id);
+        if (!view) {
+            res.status(404).json({ error: 'View not found' });
+            return;
+        }
+        // Serve rendered HTML
+        const html = ctx.viewer.renderHtml(view);
+        res.setHeader('Content-Type', 'text/html; charset=utf-8');
+        res.send(html);
+    });
+    router.get('/views', (_req, res) => {
+        if (!ctx.viewer) {
+            res.json({ views: [] });
+            return;
+        }
+        const views = ctx.viewer.list().map(v => ({
+            id: v.id,
+            title: v.title,
+            localUrl: `/view/${v.id}`,
+            tunnelUrl: ctx.tunnel?.getExternalUrl(`/view/${v.id}`) ?? null,
+            createdAt: v.createdAt,
+            updatedAt: v.updatedAt,
+        }));
+        res.json({ views });
+    });
+    router.put('/view/:id', (req, res) => {
+        if (!ctx.viewer) {
+            res.status(503).json({ error: 'Private viewer not configured' });
+            return;
+        }
+        if (!UUID_RE.test(req.params.id)) {
+            res.status(400).json({ error: 'Invalid view ID' });
+            return;
+        }
+        const { title, markdown } = req.body;
+        if (!title || typeof title !== 'string' || title.length > 256) {
+            res.status(400).json({ error: '"title" must be a string under 256 characters' });
+            return;
+        }
+        if (!markdown || typeof markdown !== 'string') {
+            res.status(400).json({ error: '"markdown" must be a non-empty string' });
+            return;
+        }
+        const updated = ctx.viewer.update(req.params.id, title, markdown);
+        if (!updated) {
+            res.status(404).json({ error: 'View not found' });
+            return;
+        }
+        res.json({
+            id: updated.id,
+            title: updated.title,
+            localUrl: `/view/${updated.id}`,
+            tunnelUrl: ctx.tunnel?.getExternalUrl(`/view/${updated.id}`) ?? null,
+            updatedAt: updated.updatedAt,
+        });
+    });
+    router.delete('/view/:id', (req, res) => {
+        if (!ctx.viewer) {
+            res.status(503).json({ error: 'Private viewer not configured' });
+            return;
+        }
+        if (!UUID_RE.test(req.params.id)) {
+            res.status(400).json({ error: 'Invalid view ID' });
+            return;
+        }
+        const deleted = ctx.viewer.delete(req.params.id);
+        if (!deleted) {
+            res.status(404).json({ error: 'View not found' });
+            return;
+        }
+        res.json({ ok: true, deleted: req.params.id });
+    });
+    // ── Tunnel Status ──────────────────────────────────────────────
+    router.get('/tunnel', (_req, res) => {
+        if (!ctx.tunnel) {
+            res.json({ enabled: false, url: null });
+            return;
+        }
+        res.json({
+            enabled: true,
+            running: ctx.tunnel.isRunning,
+            ...ctx.tunnel.state,
+        });
+    });
     // ── Events ──────────────────────────────────────────────────────
     router.get('/events', (req, res) => {
         const rawLimit = parseInt(req.query.limit, 10) || 50;

package/dist/tunnel/TunnelManager.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Cloudflare Tunnel manager for Instar agents.
+ *
+ * Manages cloudflared tunnel lifecycle — quick tunnels (zero-config,
+ * ephemeral) and named tunnels (persistent, custom domain).
+ *
+ * Quick tunnels require no Cloudflare account. Named tunnels require
+ * a tunnel token from the Cloudflare dashboard.
+ *
+ * The tunnel exposes the agent's local HTTP server to the internet,
+ * enabling:
+ *   - Private content viewing (auth-gated rendered markdown)
+ *   - Remote API access from anywhere
+ *   - File serving (logs, reports, exports)
+ *   - Webhook endpoints for external integrations
+ */
+import { EventEmitter } from 'node:events';
+export interface TunnelConfig {
+    /** Whether tunnel is enabled */
+    enabled: boolean;
+    /** Tunnel type: 'quick' (ephemeral, no account) or 'named' (persistent, requires token) */
+    type: 'quick' | 'named';
+    /** Cloudflare tunnel token (required for named tunnels) */
+    token?: string;
+    /** Local port to tunnel to */
+    port: number;
+    /** State directory for persisting tunnel info */
+    stateDir: string;
+}
+export interface TunnelState {
+    /** Current tunnel URL (null if not connected) */
+    url: string | null;
+    /** Tunnel type */
+    type: 'quick' | 'named';
+    /** When the tunnel was started */
+    startedAt: string | null;
+    /** Connection info from cloudflared */
+    connectionId?: string;
+    /** Connection location */
+    connectionLocation?: string;
+}
+export interface TunnelEvents {
+    url: (url: string) => void;
+    connected: (info: {
+        id: string;
+        ip: string;
+        location: string;
+    }) => void;
+    disconnected: () => void;
+    error: (error: Error) => void;
+    stopped: () => void;
+}
+export declare class TunnelManager extends EventEmitter {
+    private config;
+    private tunnel;
+    private stateFile;
+    private _state;
+    private _stopped;
+    constructor(config: TunnelConfig);
+    /** Current tunnel URL, or null if not connected */
+    get url(): string | null;
+    /** Whether the tunnel is currently running */
+    get isRunning(): boolean;
+    /** Current tunnel state */
+    get state(): TunnelState;
+    /**
+     * Start the tunnel. Ensures the cloudflared binary is installed,
+     * then starts the appropriate tunnel type.
+     */
+    start(): Promise<string>;
+    /**
+     * Stop the tunnel gracefully.
+     */
+    stop(): Promise<void>;
+    /**
+     * Get the full external URL for a local path.
+     * Returns null if tunnel is not connected.
+     */
+    getExternalUrl(localPath: string): string | null;
+    private ensureBinary;
+    private startQuickTunnel;
+    private startNamedTunnel;
+    private saveState;
+}
+//# sourceMappingURL=TunnelManager.d.ts.map

package/dist/tunnel/TunnelManager.js

@@ -0,0 +1,234 @@
+/**
+ * Cloudflare Tunnel manager for Instar agents.
+ *
+ * Manages cloudflared tunnel lifecycle — quick tunnels (zero-config,
+ * ephemeral) and named tunnels (persistent, custom domain).
+ *
+ * Quick tunnels require no Cloudflare account. Named tunnels require
+ * a tunnel token from the Cloudflare dashboard.
+ *
+ * The tunnel exposes the agent's local HTTP server to the internet,
+ * enabling:
+ *   - Private content viewing (auth-gated rendered markdown)
+ *   - Remote API access from anywhere
+ *   - File serving (logs, reports, exports)
+ *   - Webhook endpoints for external integrations
+ */
+import { EventEmitter } from 'node:events';
+import fs from 'node:fs';
+import path from 'node:path';
+import { bin, install, Tunnel } from 'cloudflared';
+// ── Manager ────────────────────────────────────────────────────────
+export class TunnelManager extends EventEmitter {
+    config;
+    tunnel = null;
+    stateFile;
+    _state;
+    _stopped = false;
+    constructor(config) {
+        super();
+        this.config = config;
+        this.stateFile = path.join(config.stateDir, 'tunnel.json');
+        this._state = {
+            url: null,
+            type: config.type,
+            startedAt: null,
+        };
+    }
+    /** Current tunnel URL, or null if not connected */
+    get url() {
+        return this._state.url;
+    }
+    /** Whether the tunnel is currently running */
+    get isRunning() {
+        return this.tunnel !== null && !this._stopped;
+    }
+    /** Current tunnel state */
+    get state() {
+        return { ...this._state };
+    }
+    /**
+     * Start the tunnel. Ensures the cloudflared binary is installed,
+     * then starts the appropriate tunnel type.
+     */
+    async start() {
+        if (this.tunnel) {
+            throw new Error('Tunnel is already running');
+        }
+        this._stopped = false;
+        // Ensure cloudflared binary is installed
+        await this.ensureBinary();
+        // Start the appropriate tunnel type
+        if (this.config.type === 'named') {
+            if (!this.config.token) {
+                throw new Error('Named tunnel requires a token. Set tunnel.token in config.');
+            }
+            return this.startNamedTunnel();
+        }
+        else {
+            return this.startQuickTunnel();
+        }
+    }
+    /**
+     * Stop the tunnel gracefully.
+     */
+    async stop() {
+        this._stopped = true;
+        if (this.tunnel) {
+            this.tunnel.stop();
+            this.tunnel = null;
+        }
+        this._state.url = null;
+        this._state.startedAt = null;
+        this.saveState();
+        this.emit('stopped');
+    }
+    /**
+     * Get the full external URL for a local path.
+     * Returns null if tunnel is not connected.
+     */
+    getExternalUrl(localPath) {
+        if (!this._state.url)
+            return null;
+        const base = this._state.url.replace(/\/$/, '');
+        const p = localPath.startsWith('/') ? localPath : `/${localPath}`;
+        return `${base}${p}`;
+    }
+    // ── Internal ───────────────────────────────────────────────────
+    async ensureBinary() {
+        if (!fs.existsSync(bin)) {
+            await install(bin);
+        }
+    }
+    startQuickTunnel() {
+        return new Promise((resolve, reject) => {
+            const localUrl = `http://localhost:${this.config.port}`;
+            try {
+                this.tunnel = Tunnel.quick(localUrl);
+            }
+            catch (err) {
+                reject(new Error(`Failed to start quick tunnel: ${err instanceof Error ? err.message : String(err)}`));
+                return;
+            }
+            let resolved = false;
+            const timeout = setTimeout(() => {
+                if (!resolved) {
+                    resolved = true;
+                    reject(new Error('Tunnel connection timed out after 30 seconds'));
+                }
+            }, 30_000);
+            this.tunnel.once('url', (url) => {
+                if (resolved)
+                    return;
+                resolved = true;
+                clearTimeout(timeout);
+                this._state.url = url;
+                this._state.startedAt = new Date().toISOString();
+                this.saveState();
+                this.emit('url', url);
+                resolve(url);
+            });
+            this.tunnel.once('connected', (info) => {
+                this._state.connectionId = info.id;
+                this._state.connectionLocation = info.location;
+                this.saveState();
+                this.emit('connected', info);
+            });
+            this.tunnel.on('error', (err) => {
+                if (!resolved) {
+                    resolved = true;
+                    clearTimeout(timeout);
+                    reject(err);
+                }
+                this.emit('error', err);
+            });
+            this.tunnel.on('exit', (code) => {
+                if (!this._stopped) {
+                    this._state.url = null;
+                    this.saveState();
+                    this.emit('disconnected');
+                    if (!resolved) {
+                        resolved = true;
+                        clearTimeout(timeout);
+                        reject(new Error(`Tunnel process exited with code ${code}`));
+                    }
+                }
+            });
+        });
+    }
+    startNamedTunnel() {
+        return new Promise((resolve, reject) => {
+            try {
+                this.tunnel = Tunnel.withToken(this.config.token);
+            }
+            catch (err) {
+                reject(new Error(`Failed to start named tunnel: ${err instanceof Error ? err.message : String(err)}`));
+                return;
+            }
+            let resolved = false;
+            const timeout = setTimeout(() => {
+                if (!resolved) {
+                    resolved = true;
+                    reject(new Error('Named tunnel connection timed out after 30 seconds'));
+                }
+            }, 30_000);
+            this.tunnel.once('url', (url) => {
+                if (resolved)
+                    return;
+                resolved = true;
+                clearTimeout(timeout);
+                this._state.url = url;
+                this._state.startedAt = new Date().toISOString();
+                this.saveState();
+                this.emit('url', url);
+                resolve(url);
+            });
+            this.tunnel.once('connected', (info) => {
+                this._state.connectionId = info.id;
+                this._state.connectionLocation = info.location;
+                this.saveState();
+                this.emit('connected', info);
+                // For named tunnels, the URL may come from the connection info
+                // rather than the 'url' event, since the URL is pre-configured
+                if (!resolved && this._state.url) {
+                    resolved = true;
+                    clearTimeout(timeout);
+                    resolve(this._state.url);
+                }
+            });
+            this.tunnel.on('error', (err) => {
+                if (!resolved) {
+                    resolved = true;
+                    clearTimeout(timeout);
+                    reject(err);
+                }
+                this.emit('error', err);
+            });
+            this.tunnel.on('exit', (code) => {
+                if (!this._stopped) {
+                    this._state.url = null;
+                    this.saveState();
+                    this.emit('disconnected');
+                    if (!resolved) {
+                        resolved = true;
+                        clearTimeout(timeout);
+                        reject(new Error(`Named tunnel process exited with code ${code}`));
+                    }
+                }
+            });
+        });
+    }
+    saveState() {
+        try {
+            const dir = path.dirname(this.stateFile);
+            if (!fs.existsSync(dir)) {
+                fs.mkdirSync(dir, { recursive: true });
+            }
+            fs.writeFileSync(this.stateFile, JSON.stringify(this._state, null, 2));
+        }
+        catch {
+            // Non-critical — don't crash if state save fails
+        }
+    }
+}
+//# sourceMappingURL=TunnelManager.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "Persistent autonomy infrastructure for AI agents",
   "type": "module",
   "main": "dist/index.js",
@@ -51,6 +51,7 @@
   },
   "dependencies": {
     "@inquirer/prompts": "^8.2.1",
+    "cloudflared": "^0.7.1",
     "commander": "^12.0.0",
     "croner": "^8.0.0",
     "express": "^4.18.0",