minivibe 0.1.0

package/agent/agent.js

@@ -0,0 +1,1218 @@
+#!/usr/bin/env node
+
+/**
+ * vibe-agent - Persistent daemon for remote Claude Code session management
+ *
+ * Runs on a host (EC2, local Mac, etc.) and accepts commands from iOS to:
+ * - Start new Claude Code sessions
+ * - Resume existing sessions
+ * - Stop running sessions
+ *
+ * Usage:
+ *   vibe-agent --bridge wss://ws.neng.ai --token <firebase-token>
+ *   vibe-agent --login --bridge wss://ws.neng.ai
+ */
+
+const { spawn, execSync } = require('child_process');
+const WebSocket = require('ws');
+const { WebSocketServer } = require('ws');
+const { v4: uuidv4 } = require('uuid');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+// ====================
+// Configuration
+// ====================
+
+const CONFIG_DIR = path.join(os.homedir(), '.vibe-agent');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const AUTH_FILE = path.join(CONFIG_DIR, 'auth.json');
+
+const RECONNECT_DELAY_MS = 5000;
+const HEARTBEAT_INTERVAL_MS = 30000;
+const LOCAL_SERVER_PORT = 9999;
+const PORT_FILE = path.join(os.homedir(), '.vibe-agent', 'port');
+
+// Colors for terminal output
+const colors = {
+  reset: '\x1b[0m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  red: '\x1b[31m',
+  cyan: '\x1b[36m',
+  dim: '\x1b[2m',
+  bold: '\x1b[1m'
+};
+
+function log(msg, color = colors.reset) {
+  const timestamp = new Date().toLocaleTimeString();
+  console.log(`${colors.dim}[${timestamp}]${colors.reset} ${color}${msg}${colors.reset}`);
+}
+
+// ====================
+// Configuration Management
+// ====================
+
+function loadConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+    }
+  } catch (err) {
+    // Ignore
+  }
+  return {};
+}
+
+function saveConfig(config) {
+  try {
+    if (!fs.existsSync(CONFIG_DIR)) {
+      fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), 'utf8');
+    // Restrict permissions on Unix (Windows uses ACLs instead)
+    if (process.platform !== 'win32') {
+      fs.chmodSync(CONFIG_FILE, 0o600);
+    }
+  } catch (err) {
+    log(`Failed to save config: ${err.message}`, colors.red);
+  }
+}
+
+function loadAuth() {
+  try {
+    if (fs.existsSync(AUTH_FILE)) {
+      return JSON.parse(fs.readFileSync(AUTH_FILE, 'utf8'));
+    }
+  } catch (err) {
+    // Ignore
+  }
+  return null;
+}
+
+function saveAuth(idToken, refreshToken = null) {
+  try {
+    if (!fs.existsSync(CONFIG_DIR)) {
+      fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+    const data = { idToken, refreshToken, updatedAt: new Date().toISOString() };
+    fs.writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), 'utf8');
+    // Restrict permissions on Unix (Windows uses ACLs instead)
+    if (process.platform !== 'win32') {
+      fs.chmodSync(AUTH_FILE, 0o600);
+    }
+    return true;
+  } catch (err) {
+    log(`Failed to save auth: ${err.message}`, colors.red);
+    return false;
+  }
+}
+
+// ====================
+// Token Refresh
+// ====================
+
+const FIREBASE_CONFIG = {
+  apiKey: "AIzaSyAJKYavMidKYxRpfhP2IHUiy8dafc3ISqc"
+};
+
+async function refreshIdToken() {
+  const auth = loadAuth();
+  if (!auth?.refreshToken) {
+    return null;
+  }
+
+  try {
+    log('Refreshing authentication token...', colors.dim);
+    const response = await fetch(
+      `https://securetoken.googleapis.com/v1/token?key=${FIREBASE_CONFIG.apiKey}`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: `grant_type=refresh_token&refresh_token=${auth.refreshToken}`
+      }
+    );
+
+    if (!response.ok) {
+      const error = await response.json();
+      log(`Token refresh failed: ${error.error?.message || response.status}`, colors.yellow);
+      return null;
+    }
+
+    const data = await response.json();
+    saveAuth(data.id_token, data.refresh_token);
+    log('Token refreshed successfully', colors.green);
+    return data.id_token;
+  } catch (err) {
+    log(`Token refresh error: ${err.message}`, colors.red);
+    return null;
+  }
+}
+
+// ====================
+// Agent State
+// ====================
+
+let bridgeUrl = null;
+let authToken = null;
+let ws = null;
+let isAuthenticated = false;
+let agentId = null;
+let hostName = os.hostname();
+let reconnectTimer = null;
+let heartbeatTimer = null;
+
+// Track running sessions: sessionId -> { process, path, name, localWs }
+const runningSessions = new Map();
+
+// Track sessions being intentionally stopped (to distinguish from unexpected disconnects)
+const stoppingSessions = new Set();
+
+// Local server for vibe-cli connections
+let localServer = null;
+// Track local CLI connections: ws -> { sessionId, authenticated }
+const localClients = new Map();
+
+// ====================
+// WebSocket Connection
+// ====================
+
+function connect() {
+  if (!bridgeUrl) {
+    log('No bridge URL configured', colors.red);
+    return;
+  }
+
+  log(`Connecting to ${bridgeUrl}...`, colors.cyan);
+
+  try {
+    ws = new WebSocket(bridgeUrl);
+  } catch (err) {
+    log(`Failed to create WebSocket: ${err.message}`, colors.red);
+    scheduleReconnect();
+    return;
+  }
+
+  ws.on('open', () => {
+    log('Connected to bridge', colors.green);
+    clearTimeout(reconnectTimer);
+
+    // Authenticate
+    if (authToken) {
+      send({ type: 'authenticate', token: authToken });
+    } else {
+      log('No auth token - run: vibe-agent --login', colors.yellow);
+    }
+  });
+
+  ws.on('message', (data) => {
+    try {
+      const msg = JSON.parse(data.toString());
+      handleMessage(msg);
+    } catch (err) {
+      log(`Failed to parse message: ${err.message}`, colors.red);
+    }
+  });
+
+  ws.on('close', () => {
+    log('Disconnected from bridge', colors.yellow);
+    isAuthenticated = false;
+    stopHeartbeat();
+
+    // Notify all local clients that bridge is disconnected
+    for (const [clientWs, clientInfo] of localClients) {
+      try {
+        clientWs.send(JSON.stringify({
+          type: 'bridge_disconnected',
+          message: 'Bridge connection lost, reconnecting...'
+        }));
+      } catch (err) {
+        // Client may already be closed
+      }
+    }
+
+    scheduleReconnect();
+  });
+
+  ws.on('error', (err) => {
+    log(`WebSocket error: ${err.message}`, colors.red);
+  });
+}
+
+function send(msg) {
+  if (ws && ws.readyState === WebSocket.OPEN) {
+    ws.send(JSON.stringify(msg));
+    return true;
+  }
+  return false;
+}
+
+function scheduleReconnect() {
+  if (reconnectTimer) return;
+  log(`Reconnecting in ${RECONNECT_DELAY_MS / 1000}s...`, colors.dim);
+  reconnectTimer = setTimeout(() => {
+    reconnectTimer = null;
+    connect();
+  }, RECONNECT_DELAY_MS);
+}
+
+function startHeartbeat() {
+  stopHeartbeat();
+  heartbeatTimer = setInterval(() => {
+    send({ type: 'agent_heartbeat' });
+  }, HEARTBEAT_INTERVAL_MS);
+}
+
+function stopHeartbeat() {
+  if (heartbeatTimer) {
+    clearInterval(heartbeatTimer);
+    heartbeatTimer = null;
+  }
+}
+
+// ====================
+// Local Server (for vibe-cli connections)
+// ====================
+
+function startLocalServer() {
+  try {
+    localServer = new WebSocketServer({ port: LOCAL_SERVER_PORT });
+
+    localServer.on('listening', () => {
+      log(`Local server listening on port ${LOCAL_SERVER_PORT}`, colors.green);
+      // Write port file for auto-discovery
+      try {
+        fs.writeFileSync(PORT_FILE, LOCAL_SERVER_PORT.toString(), 'utf8');
+      } catch (err) {
+        // Ignore
+      }
+    });
+
+    localServer.on('connection', (clientWs) => {
+      log('Local vibe-cli connected', colors.cyan);
+
+      localClients.set(clientWs, {
+        sessionId: null,
+        authenticated: false
+      });
+
+      clientWs.on('message', (data) => {
+        try {
+          const msg = JSON.parse(data.toString());
+          handleLocalMessage(clientWs, msg);
+        } catch (err) {
+          log(`Failed to parse local message: ${err.message}`, colors.red);
+        }
+      });
+
+      clientWs.on('close', () => {
+        const clientInfo = localClients.get(clientWs);
+        if (clientInfo?.sessionId) {
+          const sessionId = clientInfo.sessionId;
+          const wasIntentionalStop = stoppingSessions.has(sessionId);
+          stoppingSessions.delete(sessionId);  // Clean up
+
+          log(`Local session ${sessionId.slice(0, 8)} ${wasIntentionalStop ? 'stopped' : 'disconnected'}`, colors.dim);
+          runningSessions.delete(sessionId);
+          // Notify bridge
+          send({
+            type: 'agent_session_ended',
+            sessionId: sessionId,
+            exitCode: 0,
+            reason: wasIntentionalStop ? 'stopped_by_user' : 'disconnected'
+          });
+        }
+        localClients.delete(clientWs);
+      });
+
+      clientWs.on('error', (err) => {
+        log(`Local client error: ${err.message}`, colors.red);
+      });
+    });
+
+    localServer.on('error', (err) => {
+      if (err.code === 'EADDRINUSE') {
+        log(`Port ${LOCAL_SERVER_PORT} in use - another agent running?`, colors.red);
+      } else {
+        log(`Local server error: ${err.message}`, colors.red);
+      }
+    });
+
+  } catch (err) {
+    log(`Failed to start local server: ${err.message}`, colors.red);
+  }
+}
+
+function stopLocalServer() {
+  if (localServer) {
+    localServer.close();
+    localServer = null;
+  }
+  // Remove port file
+  try {
+    if (fs.existsSync(PORT_FILE)) {
+      fs.unlinkSync(PORT_FILE);
+    }
+  } catch (err) {
+    // Ignore
+  }
+}
+
+function handleLocalMessage(clientWs, msg) {
+  const clientInfo = localClients.get(clientWs);
+
+  switch (msg.type) {
+    // Authentication: local clients inherit agent's auth
+    case 'authenticate':
+      // Local clients don't need to re-authenticate - they inherit agent's session
+      clientInfo.authenticated = true;
+      clientWs.send(JSON.stringify({
+        type: 'authenticated',
+        userId: 'local',
+        email: 'via-agent'
+      }));
+      break;
+
+    // Session registration: track locally and relay to bridge
+    case 'register_session':
+      const sessionId = msg.sessionId;
+      clientInfo.sessionId = sessionId;
+
+      // Track this session as managed by agent
+      runningSessions.set(sessionId, {
+        localWs: clientWs,
+        path: msg.path || process.cwd(),
+        name: msg.name || path.basename(msg.path || process.cwd()),
+        startedAt: new Date().toISOString(),
+        managed: true  // Indicates connected via local server, not spawned
+      });
+
+      log(`Local session registered: ${sessionId.slice(0, 8)} (${msg.name || msg.path})`, colors.green);
+
+      // Check if agent is authenticated (has agentId)
+      if (!agentId) {
+        log('Warning: Agent not authenticated yet, session will not be managed', colors.yellow);
+      }
+
+      // Relay to bridge with agentId so bridge knows this session is managed
+      const registrationMsg = {
+        ...msg,
+        agentId: agentId || null,  // null if not yet authenticated
+        agentHostName: agentId ? hostName : null
+      };
+      if (send(registrationMsg)) {
+        // Bridge will respond with session_registered
+      } else {
+        clientWs.send(JSON.stringify({
+          type: 'error',
+          message: 'Not connected to bridge'
+        }));
+      }
+      break;
+
+    // All other messages: relay to bridge
+    default:
+      // Add sessionId if not present
+      if (!msg.sessionId && clientInfo.sessionId) {
+        msg.sessionId = clientInfo.sessionId;
+      }
+
+      if (send(msg)) {
+        // Message relayed successfully
+      } else {
+        clientWs.send(JSON.stringify({
+          type: 'error',
+          message: 'Not connected to bridge'
+        }));
+      }
+      break;
+  }
+}
+
+// Relay bridge messages to appropriate local client
+function relayToLocalClient(msg) {
+  const sessionId = msg.sessionId;
+  if (!sessionId) return false;
+
+  const session = runningSessions.get(sessionId);
+  if (!session?.localWs) return false;
+
+  try {
+    session.localWs.send(JSON.stringify(msg));
+    return true;
+  } catch (err) {
+    log(`Failed to relay to local client: ${err.message}`, colors.red);
+    return false;
+  }
+}
+
+// ====================
+// Message Handling
+// ====================
+
+function handleMessage(msg) {
+  switch (msg.type) {
+    case 'authenticated':
+      isAuthenticated = true;
+      log(`Authenticated as ${msg.email || msg.userId}`, colors.green);
+
+      // Register as an agent
+      if (!agentId) {
+        agentId = uuidv4();
+        // Persist agentId so it survives restarts
+        const config = loadConfig();
+        config.agentId = agentId;
+        saveConfig(config);
+        log(`Generated new agent ID: ${agentId.slice(0, 8)}...`, colors.dim);
+      }
+      send({
+        type: 'agent_register',
+        agentId,
+        hostName,
+        platform: process.platform,
+        activeSessions: Array.from(runningSessions.keys())
+      });
+      startHeartbeat();
+
+      // Re-register all sessions with bridge after reconnect
+      for (const [sessionId, session] of runningSessions) {
+        log(`Re-registering session: ${sessionId.slice(0, 8)} (${session.managed ? 'managed' : 'spawned'})`, colors.dim);
+        send({
+          type: 'register_session',
+          sessionId,
+          path: session.path,
+          name: session.name,
+          agentId: agentId,
+          agentHostName: hostName
+        });
+      }
+
+      // Notify local clients that bridge is reconnected
+      for (const [clientWs, clientInfo] of localClients) {
+        try {
+          clientWs.send(JSON.stringify({
+            type: 'bridge_reconnected',
+            message: 'Bridge connection restored'
+          }));
+        } catch (err) {
+          // Client may already be closed
+        }
+      }
+      break;
+
+    case 'auth_error':
+      isAuthenticated = false;
+      log(`Authentication failed: ${msg.message}`, colors.yellow);
+
+      // Try to refresh token
+      (async () => {
+        const newToken = await refreshIdToken();
+        if (newToken) {
+          authToken = newToken;
+          send({ type: 'authenticate', token: newToken });
+        } else {
+          log('Please re-login: vibe-agent --login', colors.red);
+        }
+      })();
+      break;
+
+    case 'agent_registered':
+      log(`Agent registered: ${msg.agentId}`, colors.green);
+      log(`Host: ${hostName}`, colors.dim);
+      log('Waiting for commands...', colors.cyan);
+      break;
+
+    case 'start_session':
+      handleStartSession(msg);
+      break;
+
+    case 'resume_session':
+      handleResumeSession(msg);
+      break;
+
+    case 'stop_session':
+      handleStopSession(msg);
+      break;
+
+    case 'list_agent_sessions':
+      send({
+        type: 'agent_sessions',
+        sessions: Array.from(runningSessions.entries()).map(([id, s]) => ({
+          sessionId: id,
+          path: s.path,
+          name: s.name,
+          status: 'active'
+        }))
+      });
+      break;
+
+    case 'error':
+      log(`Bridge error: ${msg.message}`, colors.red);
+      // Relay errors to local client if applicable
+      relayToLocalClient(msg);
+      break;
+
+    // Messages to relay to local vibe-cli clients
+    case 'session_registered':
+    case 'joined_session':
+    case 'message_history':
+    case 'claude_message':
+    case 'permission_request':
+    case 'session_status':
+    case 'session_ended':
+    case 'session_renamed':
+    case 'user_message':
+    case 'permission_approved':
+    case 'permission_denied':
+      // These are responses/events for local sessions - relay them
+      relayToLocalClient(msg);
+      break;
+
+    default:
+      // Try to relay unknown messages to local client
+      if (msg.sessionId) {
+        relayToLocalClient(msg);
+      }
+      break;
+  }
+}
+
+// ====================
+// Session Management
+// ====================
+
+function findVibeCli() {
+  // Look for vibe.js in common locations
+  const locations = [
+    path.join(__dirname, '..', 'vibe-cli', 'vibe.js'),
+    path.join(os.homedir(), 'vibe-cli', 'vibe.js'),
+  ];
+
+  // Add platform-specific locations
+  if (process.platform === 'win32') {
+    locations.push(path.join(os.homedir(), 'AppData', 'Local', 'vibe-cli', 'vibe.js'));
+  } else {
+    locations.push('/usr/local/bin/vibe');
+  }
+
+  for (const loc of locations) {
+    if (fs.existsSync(loc)) {
+      return loc;
+    }
+  }
+
+  // Try to find via which/where
+  try {
+    const cmd = process.platform === 'win32' ? 'where vibe' : 'which vibe';
+    const result = execSync(cmd, { encoding: 'utf8' }).trim();
+    // 'where' on Windows can return multiple lines, take the first
+    return result.split('\n')[0].trim();
+  } catch {
+    return null;
+  }
+}
+
+function handleStartSession(msg) {
+  const { sessionId, path: projectPath, name, prompt, requestId } = msg;
+
+  log(`Starting session: ${name || projectPath || 'new'}`, colors.cyan);
+
+  const vibeCli = findVibeCli();
+  if (!vibeCli) {
+    log('vibe-cli not found!', colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: 'vibe-cli not found on this host'
+    });
+    return;
+  }
+
+  // Build args - use --agent to connect via local server
+  const args = ['--agent', `ws://localhost:${LOCAL_SERVER_PORT}`];
+
+  if (name) {
+    args.push('--name', name);
+  }
+
+  if (prompt) {
+    args.push(prompt);
+  }
+
+  // Spawn vibe-cli - expand ~ to home directory
+  let cwd = projectPath || os.homedir();
+  if (cwd.startsWith('~')) {
+    cwd = cwd.replace(/^~/, os.homedir());
+  }
+
+  // Validate path exists
+  if (!fs.existsSync(cwd)) {
+    log(`Path does not exist: ${cwd}`, colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: `Path does not exist: ${cwd}`
+    });
+    return;
+  }
+
+  log(`Spawning: node ${vibeCli} ${args.join(' ')}`, colors.dim);
+  log(`Working directory: ${cwd}`, colors.dim);
+
+  try {
+    const proc = spawn('node', [vibeCli, ...args], {
+      cwd,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      detached: false
+    });
+
+    const newSessionId = sessionId || uuidv4();
+
+    runningSessions.set(newSessionId, {
+      process: proc,
+      path: cwd,
+      name: name || path.basename(cwd),
+      startedAt: new Date().toISOString()
+    });
+
+    proc.stdout.on('data', (data) => {
+      // Log output for debugging
+      const output = data.toString().trim();
+      if (output) {
+        log(`[${newSessionId.slice(0, 8)}] ${output}`, colors.dim);
+      }
+    });
+
+    proc.stderr.on('data', (data) => {
+      const output = data.toString().trim();
+      if (output) {
+        log(`[${newSessionId.slice(0, 8)}] ${output}`, colors.yellow);
+      }
+    });
+
+    proc.on('exit', (code) => {
+      log(`Session ${newSessionId.slice(0, 8)} exited with code ${code}`, colors.dim);
+      runningSessions.delete(newSessionId);
+
+      send({
+        type: 'agent_session_ended',
+        sessionId: newSessionId,
+        exitCode: code
+      });
+    });
+
+    proc.on('error', (err) => {
+      log(`Session error: ${err.message}`, colors.red);
+      runningSessions.delete(newSessionId);
+
+      send({
+        type: 'agent_session_error',
+        requestId,
+        sessionId: newSessionId,
+        error: err.message
+      });
+    });
+
+    // Notify bridge that session started
+    send({
+      type: 'agent_session_started',
+      requestId,
+      sessionId: newSessionId,
+      path: cwd,
+      name: name || path.basename(cwd)
+    });
+
+    log(`Session started: ${newSessionId.slice(0, 8)}`, colors.green);
+
+  } catch (err) {
+    log(`Failed to start session: ${err.message}`, colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: err.message
+    });
+  }
+}
+
+function handleResumeSession(msg) {
+  const { sessionId, path: projectPath, name, requestId } = msg;
+
+  log(`Resuming session: ${sessionId.slice(0, 8)}`, colors.cyan);
+
+  // Check if already running
+  if (runningSessions.has(sessionId)) {
+    log('Session is already running', colors.yellow);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: 'Session is already running'
+    });
+    return;
+  }
+
+  const vibeCli = findVibeCli();
+  if (!vibeCli) {
+    log('vibe-cli not found!', colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: 'vibe-cli not found on this host'
+    });
+    return;
+  }
+
+  // Build args with --resume - use --agent to connect via local server
+  const args = ['--agent', `ws://localhost:${LOCAL_SERVER_PORT}`, '--resume', sessionId];
+
+  if (name) {
+    args.push('--name', name);
+  }
+
+  // Spawn vibe-cli with resume - expand ~ to home directory
+  let cwd = projectPath || os.homedir();
+  if (cwd.startsWith('~')) {
+    cwd = cwd.replace(/^~/, os.homedir());
+  }
+
+  // Validate path exists
+  if (!fs.existsSync(cwd)) {
+    log(`Path does not exist: ${cwd}`, colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: `Path does not exist: ${cwd}`
+    });
+    return;
+  }
+
+  log(`Spawning: node ${vibeCli} ${args.join(' ')}`, colors.dim);
+
+  try {
+    const proc = spawn('node', [vibeCli, ...args], {
+      cwd,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      detached: false
+    });
+
+    runningSessions.set(sessionId, {
+      process: proc,
+      path: cwd,
+      name: name || path.basename(cwd),
+      startedAt: new Date().toISOString()
+    });
+
+    proc.stdout.on('data', (data) => {
+      const output = data.toString().trim();
+      if (output) {
+        log(`[${sessionId.slice(0, 8)}] ${output}`, colors.dim);
+      }
+    });
+
+    proc.stderr.on('data', (data) => {
+      const output = data.toString().trim();
+      if (output) {
+        log(`[${sessionId.slice(0, 8)}] ${output}`, colors.yellow);
+      }
+    });
+
+    proc.on('exit', (code) => {
+      log(`Session ${sessionId.slice(0, 8)} exited with code ${code}`, colors.dim);
+      runningSessions.delete(sessionId);
+
+      send({
+        type: 'agent_session_ended',
+        sessionId,
+        exitCode: code
+      });
+    });
+
+    proc.on('error', (err) => {
+      log(`Session error: ${err.message}`, colors.red);
+      runningSessions.delete(sessionId);
+
+      send({
+        type: 'agent_session_error',
+        requestId,
+        sessionId,
+        error: err.message
+      });
+    });
+
+    // Notify bridge
+    send({
+      type: 'agent_session_resumed',
+      requestId,
+      sessionId,
+      path: cwd,
+      name: name || path.basename(cwd)
+    });
+
+    log(`Session resumed: ${sessionId.slice(0, 8)}`, colors.green);
+
+  } catch (err) {
+    log(`Failed to resume session: ${err.message}`, colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: err.message
+    });
+  }
+}
+
+function handleStopSession(msg) {
+  const { sessionId, requestId } = msg;
+
+  const session = runningSessions.get(sessionId);
+  if (!session) {
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: 'Session not found'
+    });
+    return;
+  }
+
+  log(`Stopping session: ${sessionId.slice(0, 8)}`, colors.yellow);
+
+  try {
+    if (session.process) {
+      // Spawned session - kill the process
+      // On Windows, kill() without signal terminates the process
+      // On Unix, SIGTERM is the graceful termination signal
+      if (process.platform === 'win32') {
+        session.process.kill();
+      } else {
+        session.process.kill('SIGTERM');
+
+        // Force kill after timeout (Unix only, Windows kill() is already forceful)
+        setTimeout(() => {
+          if (runningSessions.has(sessionId) && session.process) {
+            session.process.kill('SIGKILL');
+          }
+        }, 5000);
+      }
+    } else if (session.localWs) {
+      // Managed session (connected via --agent) - send stop command first
+      // This tells vibe-cli to NOT reconnect after disconnect
+      stoppingSessions.add(sessionId);  // Track intentional stop
+      try {
+        session.localWs.send(JSON.stringify({
+          type: 'session_stop',
+          sessionId,
+          reason: 'stopped_by_user'
+        }));
+      } catch (err) {
+        // Ignore send errors
+      }
+      // Give vibe-cli time to process the stop message before closing
+      setTimeout(() => {
+        try {
+          session.localWs.close(1000, 'Stopped by agent');
+        } catch (err) {
+          // Already closed
+        }
+      }, 100);
+      runningSessions.delete(sessionId);
+    }
+
+    send({
+      type: 'agent_session_stopping',
+      requestId,
+      sessionId
+    });
+  } catch (err) {
+    log(`Failed to stop session: ${err.message}`, colors.red);
+    send({
+      type: 'agent_session_error',
+      requestId,
+      sessionId,
+      error: err.message
+    });
+  }
+}
+
+// ====================
+// Headless Login
+// ====================
+
+async function startHeadlessLogin(bridgeHttpUrl) {
+  console.log(`
+${colors.cyan}${colors.bold}vibe-agent Headless Login${colors.reset}
+${'='.repeat(40)}
+`);
+
+  try {
+    log('Requesting device code...', colors.dim);
+    const codeRes = await fetch(`${bridgeHttpUrl}/device/code`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' }
+    });
+
+    if (!codeRes.ok) {
+      log(`Failed to get device code: ${codeRes.status}`, colors.red);
+      process.exit(1);
+    }
+
+    const { deviceId, code, expiresIn } = await codeRes.json();
+
+    console.log(`   Visit:  ${bridgeHttpUrl}/device`);
+    console.log(`   Code:   ${colors.bold}${code}${colors.reset}`);
+    console.log('');
+    console.log(`   Code expires in ${Math.floor(expiresIn / 60)} minutes.`);
+    console.log('   Waiting for authentication...');
+    console.log('');
+
+    // Poll for token
+    const pollInterval = 3000;
+    const maxAttempts = Math.ceil((expiresIn * 1000) / pollInterval);
+
+    for (let i = 0; i < maxAttempts; i++) {
+      await new Promise(r => setTimeout(r, pollInterval));
+
+      try {
+        const pollRes = await fetch(`${bridgeHttpUrl}/device/poll/${deviceId}`);
+        const pollData = await pollRes.json();
+
+        if (pollData.status === 'complete') {
+          saveAuth(pollData.token, pollData.refreshToken || null);
+          console.log('');
+          log(`Logged in as ${pollData.email}`, colors.green);
+          log(`Auth saved to ${AUTH_FILE}`, colors.dim);
+          if (pollData.refreshToken) {
+            log('Token auto-refresh enabled', colors.dim);
+          }
+          process.exit(0);
+        } else if (pollRes.status === 404 || pollData.error === 'Device not found or expired') {
+          console.log('\n\nCode expired. Please try again.');
+          process.exit(1);
+        }
+
+        process.stdout.write('.');
+      } catch (err) {
+        process.stdout.write('!');
+      }
+    }
+
+    console.log('\n\nLogin timed out.');
+    process.exit(1);
+
+  } catch (err) {
+    log(`Login failed: ${err.message}`, colors.red);
+    process.exit(1);
+  }
+}
+
+// ====================
+// CLI Argument Parsing
+// ====================
+
+function printHelp() {
+  console.log(`
+${colors.cyan}${colors.bold}vibe-agent${colors.reset} - Persistent daemon for remote Claude Code sessions
+
+${colors.bold}Usage:${colors.reset}
+  vibe-agent --bridge <url>              Start agent connected to bridge
+  vibe-agent --login --bridge <url>      Login via device code flow
+  vibe-agent --status                    Show agent status
+
+${colors.bold}Options:${colors.reset}
+  --bridge <url>    Bridge server URL (wss://ws.neng.ai)
+  --login           Start device code login flow
+  --token <token>   Use specific Firebase token
+  --name <name>     Set host display name
+  --status          Show current status and exit
+  --help, -h        Show this help
+
+${colors.bold}Examples:${colors.reset}
+  # Login (first time)
+  vibe-agent --login --bridge wss://ws.neng.ai
+
+  # Start agent daemon
+  vibe-agent --bridge wss://ws.neng.ai
+
+  # Start with custom host name
+  vibe-agent --bridge wss://ws.neng.ai --name "AWS Dev Server"
+`);
+}
+
+function parseArgs() {
+  const args = process.argv.slice(2);
+  const options = {
+    bridge: null,
+    token: null,
+    login: false,
+    name: null,
+    status: false,
+    help: false
+  };
+
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    switch (arg) {
+      case '--bridge':
+        options.bridge = args[++i];
+        break;
+      case '--token':
+        options.token = args[++i];
+        break;
+      case '--login':
+        options.login = true;
+        break;
+      case '--name':
+        options.name = args[++i];
+        break;
+      case '--status':
+        options.status = true;
+        break;
+      case '--help':
+      case '-h':
+        options.help = true;
+        break;
+    }
+  }
+
+  return options;
+}
+
+// ====================
+// Main
+// ====================
+
+async function main() {
+  const options = parseArgs();
+
+  if (options.help) {
+    printHelp();
+    process.exit(0);
+  }
+
+  // Load saved config
+  const config = loadConfig();
+
+  bridgeUrl = options.bridge || config.bridgeUrl;
+  hostName = options.name || config.hostName || os.hostname();
+  agentId = config.agentId || null;  // Load persisted agentId
+
+  if (options.token) {
+    authToken = options.token;
+    saveAuth(authToken);
+  } else {
+    const auth = loadAuth();
+    authToken = auth?.idToken;
+  }
+
+  // Save config for next time
+  if (bridgeUrl) {
+    config.bridgeUrl = bridgeUrl;
+  }
+  if (options.name) {
+    config.hostName = hostName;
+  }
+  saveConfig(config);
+
+  // Status check
+  if (options.status) {
+    console.log(`Bridge URL: ${bridgeUrl || 'Not configured'}`);
+    console.log(`Host Name:  ${hostName}`);
+    console.log(`Auth Token: ${authToken ? 'Configured' : 'Not configured'}`);
+    console.log(`Agent ID:   ${agentId || 'Will be assigned on first connect'}`);
+    process.exit(0);
+  }
+
+  // Login flow
+  if (options.login) {
+    if (!bridgeUrl) {
+      log('--bridge URL required for login', colors.red);
+      process.exit(1);
+    }
+    const httpUrl = bridgeUrl.replace('wss://', 'https://').replace('ws://', 'http://');
+    await startHeadlessLogin(httpUrl);
+    return;
+  }
+
+  // Validate requirements
+  if (!bridgeUrl) {
+    log('No bridge URL. Run: vibe-agent --bridge wss://ws.neng.ai', colors.red);
+    process.exit(1);
+  }
+
+  if (!authToken) {
+    log('No auth token. Run: vibe-agent --login --bridge <url>', colors.yellow);
+  }
+
+  // Banner
+  console.log(`
+${colors.cyan}${colors.bold}vibe-agent${colors.reset}
+${'='.repeat(40)}
+   Host:   ${hostName}
+   Bridge: ${bridgeUrl}
+   Local:  ws://localhost:${LOCAL_SERVER_PORT}
+   Auth:   ${authToken ? 'Configured' : 'Not configured'}
+${'='.repeat(40)}
+`);
+
+  // Start local server for vibe-cli connections
+  startLocalServer();
+
+  // Connect to bridge
+  connect();
+
+  // Handle shutdown (SIGINT works on both Unix and Windows for Ctrl+C)
+  const shutdown = () => {
+    log('Shutting down...', colors.yellow);
+
+    // Stop all sessions (both spawned and managed)
+    for (const [sessionId, session] of runningSessions) {
+      log(`Stopping session ${sessionId.slice(0, 8)}`, colors.dim);
+      if (session.process) {
+        try {
+          // On Windows, kill() without signal terminates the process
+          // On Unix, SIGTERM is the graceful termination signal
+          if (process.platform === 'win32') {
+            session.process.kill();
+          } else {
+            session.process.kill('SIGTERM');
+          }
+        } catch (err) {
+          // Ignore
+        }
+      } else if (session.localWs) {
+        try {
+          session.localWs.close(1001, 'Agent shutting down');
+        } catch (err) {
+          // Ignore
+        }
+      }
+    }
+
+    // Stop local server (closes remaining client connections)
+    stopLocalServer();
+
+    if (ws) {
+      ws.close();
+    }
+
+    setTimeout(() => process.exit(0), 1000);
+  };
+
+  process.on('SIGINT', shutdown);
+
+  // SIGTERM only exists on Unix
+  if (process.platform !== 'win32') {
+    process.on('SIGTERM', shutdown);
+  }
+}
+
+main().catch(err => {
+  log(`Fatal error: ${err.message}`, colors.red);
+  process.exit(1);
+});