opentunnel-cli 1.0.0

package/dist/cli/index.js

@@ -0,0 +1,1357 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const TunnelClient_1 = require("../client/TunnelClient");
+const NgrokClient_1 = require("../client/NgrokClient");
+const utils_1 = require("../shared/utils");
+const yaml_1 = require("yaml");
+const CONFIG_FILE = "opentunnel.yml";
+const program = new commander_1.Command();
+program
+    .name("opentunnel")
+    .alias("ot")
+    .description("Expose local ports to the internet via custom domains or ngrok")
+    .version("1.0.0");
+// HTTP tunnel command
+program
+    .command("http <port>")
+    .description("Expose a local HTTP server")
+    .option("-s, --server <url>", "Server URL (use 'ngrok' for ngrok)")
+    .option("-t, --token <token>", "Authentication token (or ngrok authtoken)")
+    .option("-n, --subdomain <name>", "Custom subdomain (e.g., 'myapp' for myapp.op.domain.com)")
+    .option("-d, --detach", "Run tunnel in background")
+    .option("-h, --host <host>", "Local host", "localhost")
+    .option("--domain <domain>", "Server domain (e.g., domain.com)")
+    .option("--https", "Use HTTPS for local connection")
+    .option("--insecure", "Skip SSL certificate verification (for self-signed certs)")
+    .option("--ngrok", "Use ngrok instead of OpenTunnel server")
+    .option("--region <region>", "Ngrok region (us, eu, ap, au, sa, jp, in)", "us")
+    .action(async (port, options) => {
+    // Build server URL from domain if provided
+    const serverUrl = options.server || (options.domain
+        ? `wss://${options.domain}/_tunnel`
+        : "ws://localhost:8080/_tunnel");
+    if (options.detach) {
+        await runTunnelInBackground("http", port, { ...options, server: serverUrl });
+        return;
+    }
+    if (options.ngrok || options.server === "ngrok") {
+        await createNgrokTunnel({
+            protocol: options.https ? "https" : "http",
+            localHost: options.host,
+            localPort: parseInt(port),
+            subdomain: options.subdomain,
+            authtoken: options.token,
+            region: options.region,
+        });
+    }
+    else {
+        await createTunnel({
+            protocol: options.https ? "https" : "http",
+            localHost: options.host,
+            localPort: parseInt(port),
+            subdomain: options.subdomain,
+            serverUrl,
+            token: options.token,
+            insecure: options.insecure,
+        });
+    }
+});
+// TCP tunnel command
+program
+    .command("tcp <port>")
+    .description("Expose a local TCP server")
+    .option("-s, --server <url>", "Server URL (use 'ngrok' for ngrok)")
+    .option("-t, --token <token>", "Authentication token (or ngrok authtoken)")
+    .option("-r, --remote-port <port>", "Remote port to use")
+    .option("-h, --host <host>", "Local host", "localhost")
+    .option("-d, --detach", "Run tunnel in background")
+    .option("--domain <domain>", "Server domain (e.g., domain.com)")
+    .option("--insecure", "Skip SSL certificate verification (for self-signed certs)")
+    .option("--ngrok", "Use ngrok instead of OpenTunnel server")
+    .option("--region <region>", "Ngrok region (us, eu, ap, au, sa, jp, in)", "us")
+    .action(async (port, options) => {
+    const serverUrl = options.server || (options.domain
+        ? `wss://${options.domain}/_tunnel`
+        : "ws://localhost:8080/_tunnel");
+    if (options.detach) {
+        await runTunnelInBackground("tcp", port, { ...options, server: serverUrl });
+        return;
+    }
+    if (options.ngrok || options.server === "ngrok") {
+        await createNgrokTunnel({
+            protocol: "tcp",
+            localHost: options.host,
+            localPort: parseInt(port),
+            remotePort: options.remotePort ? parseInt(options.remotePort) : undefined,
+            authtoken: options.token,
+            region: options.region,
+        });
+    }
+    else {
+        await createTunnel({
+            protocol: "tcp",
+            localHost: options.host,
+            localPort: parseInt(port),
+            remotePort: options.remotePort ? parseInt(options.remotePort) : undefined,
+            serverUrl,
+            token: options.token,
+            insecure: options.insecure,
+        });
+    }
+});
+// Quick expose command
+program
+    .command("expose <port>")
+    .description("Quick expose a local port (auto-detects HTTP)")
+    .option("-s, --server <url>", "Server URL")
+    .option("-t, --token <token>", "Authentication token")
+    .option("-n, --subdomain <name>", "Custom subdomain")
+    .option("-d, --detach", "Run tunnel in background")
+    .option("-p, --protocol <proto>", "Protocol (http, https, tcp)", "http")
+    .option("--domain <domain>", "Server domain (e.g., domain.com)")
+    .option("--insecure", "Skip SSL certificate verification (for self-signed certs)")
+    .option("--ngrok", "Use ngrok instead of OpenTunnel server")
+    .action(async (port, options) => {
+    const serverUrl = options.server || (options.domain
+        ? `wss://${options.domain}/_tunnel`
+        : "ws://localhost:8080/_tunnel");
+    if (options.detach) {
+        await runTunnelInBackground("expose", port, { ...options, server: serverUrl });
+        return;
+    }
+    if (options.ngrok || options.server === "ngrok") {
+        await createNgrokTunnel({
+            protocol: options.protocol,
+            localHost: "localhost",
+            localPort: parseInt(port),
+            subdomain: options.subdomain,
+            authtoken: options.token,
+        });
+    }
+    else {
+        await createTunnel({
+            protocol: options.protocol,
+            localHost: "localhost",
+            localPort: parseInt(port),
+            subdomain: options.subdomain,
+            serverUrl,
+            token: options.token,
+            insecure: options.insecure,
+        });
+    }
+});
+// Server command
+program
+    .command("server")
+    .description("Start the OpenTunnel server (standalone mode)")
+    .option("-p, --port <port>", "Server port", "443")
+    .option("--public-port <port>", "Public port shown in URLs (default: same as port)")
+    .option("--domain <domain>", "Base domain", "localhost")
+    .option("-b, --base-path <path>", "Subdomain base path (e.g., 'op' for *.op.domain.com)", "op")
+    .option("--host <host>", "Bind host", "0.0.0.0")
+    .option("--tcp-min <port>", "Minimum TCP port", "10000")
+    .option("--tcp-max <port>", "Maximum TCP port", "20000")
+    .option("--auth-tokens <tokens>", "Comma-separated auth tokens")
+    .option("--no-https", "Disable HTTPS (use plain HTTP)")
+    .option("--https-cert <path>", "Path to SSL certificate (for custom certs)")
+    .option("--https-key <path>", "Path to SSL private key (for custom certs)")
+    .option("--letsencrypt", "Use Let's Encrypt instead of self-signed (requires port 80)")
+    .option("--email <email>", "Email for Let's Encrypt notifications")
+    .option("--production", "Use Let's Encrypt production (default: staging)")
+    .option("--cloudflare-token <token>", "Cloudflare API token for DNS-01 challenge")
+    .option("--duckdns-token <token>", "DuckDNS token for dynamic DNS updates")
+    .option("-d, --detach", "Run server in background (detached mode)")
+    .action(async (options) => {
+    // Detached mode - run in background
+    if (options.detach) {
+        const { spawn } = await Promise.resolve().then(() => __importStar(require("child_process")));
+        const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+        const path = await Promise.resolve().then(() => __importStar(require("path")));
+        const pidFile = path.join(process.cwd(), ".opentunnel.pid");
+        const logFile = path.join(process.cwd(), "opentunnel.log");
+        // Check if already running
+        if (fs.existsSync(pidFile)) {
+            const oldPid = fs.readFileSync(pidFile, "utf-8").trim();
+            try {
+                process.kill(parseInt(oldPid), 0);
+                console.log(chalk_1.default.yellow(`Server already running (PID: ${oldPid})`));
+                console.log(chalk_1.default.gray(`Stop it with: opentunnel stop`));
+                return;
+            }
+            catch {
+                fs.unlinkSync(pidFile);
+            }
+        }
+        // Build args without -d flag
+        const args = ["server"];
+        if (options.port)
+            args.push("-p", options.port);
+        if (options.publicPort)
+            args.push("--public-port", options.publicPort);
+        if (options.domain)
+            args.push("--domain", options.domain);
+        if (options.basePath)
+            args.push("-b", options.basePath);
+        if (options.host)
+            args.push("--host", options.host);
+        if (options.tcpMin)
+            args.push("--tcp-min", options.tcpMin);
+        if (options.tcpMax)
+            args.push("--tcp-max", options.tcpMax);
+        if (options.authTokens)
+            args.push("--auth-tokens", options.authTokens);
+        if (options.https)
+            args.push("--https");
+        if (options.email)
+            args.push("--email", options.email);
+        if (options.production)
+            args.push("--production");
+        if (options.cloudflareToken)
+            args.push("--cloudflare-token", options.cloudflareToken);
+        if (options.duckdnsToken)
+            args.push("--duckdns-token", options.duckdnsToken);
+        if (options.autoDns)
+            args.push("--auto-dns");
+        if (options.dnsCreateRecords)
+            args.push("--dns-create-records");
+        if (options.dnsDeleteOnClose)
+            args.push("--dns-delete-on-close");
+        const out = fs.openSync(logFile, "a");
+        const err = fs.openSync(logFile, "a");
+        const child = spawn(process.execPath, [process.argv[1], ...args], {
+            detached: true,
+            stdio: ["ignore", out, err],
+            cwd: process.cwd(),
+        });
+        child.unref();
+        fs.writeFileSync(pidFile, String(child.pid));
+        console.log(chalk_1.default.green(`OpenTunnel server started in background`));
+        console.log(chalk_1.default.gray(`  PID:      ${child.pid}`));
+        console.log(chalk_1.default.gray(`  Port:     ${options.port}`));
+        console.log(chalk_1.default.gray(`  Domain:   ${options.domain}`));
+        console.log(chalk_1.default.gray(`  Log:      ${logFile}`));
+        console.log(chalk_1.default.gray(`  PID file: ${pidFile}`));
+        console.log("");
+        console.log(chalk_1.default.gray(`Stop with:  node dist/cli/index.js stop`));
+        console.log(chalk_1.default.gray(`Logs:       tail -f ${logFile}`));
+        return;
+    }
+    // Normal foreground mode
+    const { TunnelServer } = await Promise.resolve().then(() => __importStar(require("../server/TunnelServer")));
+    // Determine HTTPS configuration (self-signed enabled by default)
+    let httpsConfig = undefined;
+    let selfSignedHttpsConfig = undefined;
+    let autoHttpsConfig = undefined;
+    if (options.httpsCert && options.httpsKey) {
+        // Custom certificates provided
+        const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+        httpsConfig = {
+            cert: fs.readFileSync(options.httpsCert, "utf-8"),
+            key: fs.readFileSync(options.httpsKey, "utf-8"),
+        };
+    }
+    else if (options.letsencrypt) {
+        // Let's Encrypt
+        autoHttpsConfig = {
+            enabled: true,
+            email: options.email || `admin@${options.domain}`,
+            production: options.production || false,
+            cloudflareToken: options.cloudflareToken,
+        };
+    }
+    else {
+        // Self-signed by default (use --no-https to disable)
+        selfSignedHttpsConfig = {
+            enabled: options.https !== false,
+        };
+    }
+    const server = new TunnelServer({
+        port: parseInt(options.port),
+        publicPort: options.publicPort ? parseInt(options.publicPort) : undefined,
+        host: options.host,
+        domain: options.domain,
+        basePath: options.basePath,
+        tunnelPortRange: {
+            min: parseInt(options.tcpMin),
+            max: parseInt(options.tcpMax),
+        },
+        auth: options.authTokens
+            ? { required: true, tokens: options.authTokens.split(",") }
+            : undefined,
+        https: httpsConfig,
+        selfSignedHttps: selfSignedHttpsConfig,
+        autoHttps: autoHttpsConfig,
+        autoDns: detectDnsConfig(options),
+    });
+    // Helper function to auto-detect DNS provider
+    function detectDnsConfig(opts) {
+        // Auto-detect provider based on tokens or domain
+        const domain = opts.domain || "localhost";
+        const isDuckDnsDomain = domain.endsWith(".duckdns.org");
+        // Priority: explicit token > domain detection
+        if (opts.cloudflareToken) {
+            return {
+                enabled: true,
+                provider: "cloudflare",
+                cloudflareToken: opts.cloudflareToken,
+                createRecords: opts.dnsCreateRecords !== false,
+                deleteOnClose: opts.dnsDeleteOnClose || false,
+                setupWildcard: true,
+            };
+        }
+        if (opts.duckdnsToken || isDuckDnsDomain) {
+            return {
+                enabled: true,
+                provider: "duckdns",
+                duckdnsToken: opts.duckdnsToken,
+                createRecords: false, // DuckDNS doesn't support subdomains
+                deleteOnClose: false,
+                setupWildcard: false,
+            };
+        }
+        // No auto DNS if no tokens provided
+        if (opts.autoDns) {
+            console.log(chalk_1.default.yellow("Warning: --auto-dns requires --cloudflare-token or --duckdns-token"));
+        }
+        return undefined;
+    }
+    console.log(chalk_1.default.cyan(`
+ ██████╗ ██████╗ ███████╗███╗   ██╗████████╗██╗   ██╗███╗   ██╗███╗   ██╗███████╗██╗
+██╔═══██╗██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██║   ██║████╗  ██║████╗  ██║██╔════╝██║
+██║   ██║██████╔╝█████╗  ██╔██╗ ██║   ██║   ██║   ██║██╔██╗ ██║██╔██╗ ██║█████╗  ██║
+██║   ██║██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██║   ██║██║╚██╗██║██║╚██╗██║██╔══╝  ██║
+╚██████╔╝██║     ███████╗██║ ╚████║   ██║   ╚██████╔╝██║ ╚████║██║ ╚████║███████╗███████╗
+ ╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝    ╚═════╝ ╚═╝  ╚═══╝╚═╝  ╚═══╝╚══════╝╚══════╝
+`));
+    server.on("tunnel:created", ({ tunnelId, publicUrl }) => {
+        console.log(chalk_1.default.green(`[+] Tunnel created: ${publicUrl}`));
+    });
+    server.on("tunnel:closed", ({ tunnelId }) => {
+        console.log(chalk_1.default.yellow(`[-] Tunnel closed: ${tunnelId}`));
+    });
+    await server.start();
+    console.log(chalk_1.default.green(`\nServer running on ${options.host}:${options.port}`));
+    console.log(chalk_1.default.gray(`Domain: ${options.domain}`));
+    console.log(chalk_1.default.gray(`Subdomain pattern: *.${options.basePath}.${options.domain}`));
+    console.log(chalk_1.default.gray(`TCP port range: ${options.tcpMin}-${options.tcpMax}\n`));
+});
+// Stop command
+program
+    .command("stop")
+    .description("Stop the OpenTunnel server running in background")
+    .action(async () => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const pidFile = path.join(process.cwd(), ".opentunnel.pid");
+    if (!fs.existsSync(pidFile)) {
+        console.log(chalk_1.default.yellow("No server running (PID file not found)"));
+        return;
+    }
+    const pid = parseInt(fs.readFileSync(pidFile, "utf-8").trim());
+    try {
+        process.kill(pid, "SIGTERM");
+        fs.unlinkSync(pidFile);
+        console.log(chalk_1.default.green(`Server stopped (PID: ${pid})`));
+    }
+    catch (err) {
+        if (err.code === "ESRCH") {
+            fs.unlinkSync(pidFile);
+            console.log(chalk_1.default.yellow(`Server was not running (stale PID file removed)`));
+        }
+        else {
+            console.log(chalk_1.default.red(`Failed to stop server: ${err.message}`));
+        }
+    }
+});
+// Logs command
+program
+    .command("logs")
+    .description("Show server logs")
+    .option("-f, --follow", "Follow log output")
+    .option("-n, --lines <n>", "Number of lines to show", "50")
+    .action(async (options) => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const { spawn } = await Promise.resolve().then(() => __importStar(require("child_process")));
+    const logFile = path.join(process.cwd(), "opentunnel.log");
+    if (!fs.existsSync(logFile)) {
+        console.log(chalk_1.default.yellow("No log file found"));
+        return;
+    }
+    if (options.follow) {
+        // Use tail -f on Unix or PowerShell on Windows
+        const isWindows = process.platform === "win32";
+        if (isWindows) {
+            const child = spawn("powershell", ["-Command", `Get-Content -Path "${logFile}" -Tail ${options.lines} -Wait`], {
+                stdio: "inherit"
+            });
+            child.on("error", () => {
+                // Fallback: just read the file
+                console.log(fs.readFileSync(logFile, "utf-8"));
+            });
+        }
+        else {
+            spawn("tail", ["-f", "-n", options.lines, logFile], { stdio: "inherit" });
+        }
+    }
+    else {
+        const content = fs.readFileSync(logFile, "utf-8");
+        const lines = content.split("\n");
+        const lastLines = lines.slice(-parseInt(options.lines));
+        console.log(lastLines.join("\n"));
+    }
+});
+// Status command
+program
+    .command("status")
+    .description("Check server status")
+    .option("-s, --server <url>", "Server URL", "http://localhost:8080")
+    .action(async (options) => {
+    const spinner = (0, ora_1.default)("Checking server status...").start();
+    try {
+        const http = await Promise.resolve().then(() => __importStar(require("http")));
+        const url = new URL("/api/stats", options.server);
+        const response = await new Promise((resolve, reject) => {
+            http.get(url.toString(), (res) => {
+                let data = "";
+                res.on("data", chunk => data += chunk);
+                res.on("end", () => resolve(JSON.parse(data)));
+            }).on("error", reject);
+        });
+        spinner.succeed("Server is running");
+        console.log(chalk_1.default.gray(`  Clients: ${response.clients}`));
+        console.log(chalk_1.default.gray(`  Tunnels: ${response.tunnels}`));
+        console.log(chalk_1.default.gray(`  Uptime: ${(0, utils_1.formatDuration)(response.uptime * 1000)}`));
+    }
+    catch {
+        spinner.fail("Server is not reachable");
+    }
+});
+// List tunnels command
+program
+    .command("list")
+    .description("List active tunnels")
+    .option("-s, --server <url>", "Server URL", "http://localhost:8080")
+    .action(async (options) => {
+    const spinner = (0, ora_1.default)("Fetching tunnels...").start();
+    try {
+        const http = await Promise.resolve().then(() => __importStar(require("http")));
+        const url = new URL("/api/tunnels", options.server);
+        const response = await new Promise((resolve, reject) => {
+            http.get(url.toString(), (res) => {
+                let data = "";
+                res.on("data", chunk => data += chunk);
+                res.on("end", () => resolve(JSON.parse(data)));
+            }).on("error", reject);
+        });
+        spinner.stop();
+        if (response.tunnels.length === 0) {
+            console.log(chalk_1.default.yellow("No active tunnels"));
+            return;
+        }
+        console.log(chalk_1.default.cyan("\nActive Tunnels:"));
+        console.log(chalk_1.default.gray("─".repeat(80)));
+        for (const tunnel of response.tunnels) {
+            console.log(`  ${chalk_1.default.white(tunnel.id)}`);
+            console.log(`    Protocol: ${chalk_1.default.yellow(tunnel.protocol.toUpperCase())}`);
+            console.log(`    Local:    ${chalk_1.default.gray(tunnel.localAddress)}`);
+            console.log(`    Public:   ${chalk_1.default.green(tunnel.publicUrl)}`);
+            console.log(`    Traffic:  ${chalk_1.default.blue(`↓${(0, utils_1.formatBytes)(tunnel.bytesIn)} ↑${(0, utils_1.formatBytes)(tunnel.bytesOut)}`)}`);
+            console.log(chalk_1.default.gray("─".repeat(80)));
+        }
+    }
+    catch (err) {
+        spinner.fail("Failed to fetch tunnels");
+    }
+});
+// Setup/help command - explains requirements
+program
+    .command("setup")
+    .description("Show setup instructions for running OpenTunnel on a custom domain")
+    .option("--domain <domain>", "Show setup for specific domain")
+    .action(async (options) => {
+    const domain = options.domain || "yourdomain.com";
+    console.log(chalk_1.default.cyan(`
+╔══════════════════════════════════════════════════════════════════════════════╗
+║                        OpenTunnel Setup Guide                                 ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+`));
+    console.log(chalk_1.default.white.bold("1. SERVER REQUIREMENTS"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   You need a server (VPS, cloud instance, etc.) with:
+   ${chalk_1.default.green("✓")} Public IP address
+   ${chalk_1.default.green("✓")} Ports 80 and 443 open (for HTTP/HTTPS)
+   ${chalk_1.default.green("✓")} Port 8080 open (for WebSocket tunnel, or use reverse proxy)
+   ${chalk_1.default.green("✓")} Node.js 18+ installed
+`);
+    // Try to get public IP for the docs
+    let serverIP = "<YOUR_SERVER_IP>";
+    try {
+        const https = await Promise.resolve().then(() => __importStar(require("https")));
+        serverIP = await new Promise((resolve) => {
+            https.get("https://api.ipify.org", (res) => {
+                let data = "";
+                res.on("data", (chunk) => (data += chunk));
+                res.on("end", () => resolve(data.trim()));
+            }).on("error", () => resolve("<YOUR_SERVER_IP>"));
+        });
+    }
+    catch { }
+    console.log(chalk_1.default.white.bold("2. DNS CONFIGURATION"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   ${chalk_1.default.yellow.bold("Your server's public IP:")} ${chalk_1.default.green(serverIP)}
+
+   ${chalk_1.default.white.bold("Required DNS Records (create in Cloudflare/your DNS provider):")}
+
+   ┌──────────┬─────────────────────────┬─────────────────────┬──────────────┐
+   │ ${chalk_1.default.cyan("Type")}     │ ${chalk_1.default.cyan("Name")}                    │ ${chalk_1.default.cyan("Content")}             │ ${chalk_1.default.cyan("Proxy")}        │
+   ├──────────┼─────────────────────────┼─────────────────────┼──────────────┤
+   │ ${chalk_1.default.yellow("A")}        │ op.${domain.padEnd(20)} │ ${serverIP.padEnd(19)} │ ${chalk_1.default.red("OFF (DNS only)")} │
+   │ ${chalk_1.default.yellow("A")}        │ *.op.${domain.padEnd(18)} │ ${serverIP.padEnd(19)} │ ${chalk_1.default.red("OFF (DNS only)")} │
+   └──────────┴─────────────────────────┴─────────────────────┴──────────────┘
+
+   ${chalk_1.default.yellow("⚠ IMPORTANT: Disable Cloudflare Proxy (gray cloud, not orange)")}
+   ${chalk_1.default.gray("   - Proxy OFF = DNS only (gray cloud) ← Use this")}
+   ${chalk_1.default.gray("   - Proxy ON  = Proxied (orange cloud) ← Don't use")}
+
+   ${chalk_1.default.gray("Why? WebSocket tunnels and TCP don't work well through Cloudflare's proxy.")}
+
+   ${chalk_1.default.gray("─".repeat(40))}
+
+   ${chalk_1.default.green("Option A: Automatic DNS with Cloudflare (Recommended)")}
+   ${chalk_1.default.gray("If you provide a Cloudflare token, OpenTunnel will create these records automatically!")}
+
+   ${chalk_1.default.cyan("Option B: Manual DNS setup")}
+   ${chalk_1.default.gray("Create the records above manually in your DNS provider.")}
+
+   ${chalk_1.default.gray("After DNS propagation, these URLs will work:")}
+   ${chalk_1.default.green(`   https://op.${domain}`)}           ${chalk_1.default.gray("← Server dashboard")}
+   ${chalk_1.default.green(`   https://myapp.op.${domain}`)}     ${chalk_1.default.gray("← Your tunnel")}
+   ${chalk_1.default.green(`   https://api.op.${domain}`)}       ${chalk_1.default.gray("← Another tunnel")}
+   ${chalk_1.default.green(`   https://anything.op.${domain}`)}  ${chalk_1.default.gray("← Any subdomain")}
+
+   ${chalk_1.default.yellow("Tip:")} You can change 'op' to any prefix you prefer (e.g., 'tunnel', 't', etc.)
+`);
+    console.log(chalk_1.default.white.bold("3. SERVER SETUP (Automatic HTTPS + DNS)"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   On your server, run:
+
+   ${chalk_1.default.cyan("# Clone and install")}
+   git clone https://github.com/your-repo/opentunnel.git
+   cd opentunnel
+   npm install && npm run build
+
+   ${chalk_1.default.cyan("# Option A: Full automatic setup with Cloudflare (Recommended)")}
+   ${chalk_1.default.gray("Get your Cloudflare API token from: https://dash.cloudflare.com/profile/api-tokens")}
+   ${chalk_1.default.gray("Required permissions: Zone:DNS:Edit")}
+
+   ${chalk_1.default.green(`sudo node dist/cli/index.js server \\
+     --domain ${domain} \\
+     --https \\
+     --email admin@${domain} \\
+     --cloudflare-token YOUR_CF_API_TOKEN \\
+     --production -d`)}
+
+   ${chalk_1.default.gray("This will automatically:")}
+   ${chalk_1.default.green("✓")} Create DNS records (*.op.${domain} and op.${domain})
+   ${chalk_1.default.green("✓")} Obtain wildcard SSL certificate
+   ${chalk_1.default.green("✓")} Use DNS-01 challenge (no port 80 needed during setup)
+   ${chalk_1.default.green("✓")} Listen on port 443 (HTTPS)
+   ${chalk_1.default.green("✓")} Redirect HTTP (80) to HTTPS
+   ${chalk_1.default.green("✓")} Auto-renew certificates
+   ${chalk_1.default.green("✓")} Create individual DNS records per tunnel
+
+   ${chalk_1.default.cyan("# Option B: DNS only (no HTTPS)")}
+   ${chalk_1.default.green(`node dist/cli/index.js server --domain ${domain} --cloudflare-token YOUR_CF_TOKEN -d`)}
+   ${chalk_1.default.gray("Creates DNS records automatically, HTTP only (port 8080)")}
+
+   ${chalk_1.default.cyan("# Option C: Manual DNS + HTTPS")}
+   ${chalk_1.default.yellow("Note: Requires manual DNS wildcard record setup")}
+   ${chalk_1.default.green(`sudo node dist/cli/index.js server --domain ${domain} --https --email admin@${domain} --production -d`)}
+
+   ${chalk_1.default.cyan("# Option D: Testing/local (no HTTPS, no auto DNS)")}
+   node dist/cli/index.js server --domain ${domain} -d
+
+   ${chalk_1.default.cyan("# With authentication")}
+   sudo node dist/cli/index.js server --domain ${domain} --https --cloudflare-token CF_TOKEN --auth-tokens "secret" -d
+
+   ${chalk_1.default.yellow("Note: Use 'sudo' for ports 80/443. Or run without --https on port 8080.")}
+`);
+    console.log(chalk_1.default.white.bold("4. REVERSE PROXY (Optional - only if needed)"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   ${chalk_1.default.green("OpenTunnel handles HTTPS automatically!")}
+   ${chalk_1.default.gray("Only use a reverse proxy if you need additional features.")}
+
+   ${chalk_1.default.cyan("# If you prefer using Caddy:")}
+   ${domain}, *.op.${domain} {
+       reverse_proxy localhost:8080
+   }
+
+   ${chalk_1.default.cyan("# If you prefer Nginx (requires manual cert setup):")}
+   server {
+       listen 443 ssl;
+       server_name ${domain} *.op.${domain};
+       ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
+       ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
+       location / {
+           proxy_pass http://localhost:8080;
+           proxy_http_version 1.1;
+           proxy_set_header Upgrade $http_upgrade;
+           proxy_set_header Connection "upgrade";
+           proxy_set_header Host $host;
+       }
+   }
+`);
+    console.log(chalk_1.default.white.bold("5. CLIENT USAGE"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   From your local machine:
+
+   ${chalk_1.default.cyan("# Connect to your server")}
+   opentunnel http 3000 --subdomain myapp --domain ${domain}
+
+   ${chalk_1.default.cyan("# Your local port 3000 will be available at:")}
+   ${chalk_1.default.green(`https://myapp.op.${domain}`)}
+
+   ${chalk_1.default.cyan("# With authentication token")}
+   opentunnel http 3000 -n myapp --domain ${domain} -t "secret-token"
+`);
+    console.log(chalk_1.default.white.bold("6. PORT FORWARDING (If behind NAT/Router)"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   If your server is behind a router:
+
+   ${chalk_1.default.yellow("Router Settings → Port Forwarding:")}
+   ┌────────────────┬───────────────┬────────────────┐
+   │ External Port  │ Internal Port │ Protocol       │
+   ├────────────────┼───────────────┼────────────────┤
+   │ 80             │ 80            │ TCP            │
+   │ 443            │ 443           │ TCP            │
+   │ 8080           │ 8080          │ TCP            │
+   │ 10000-20000    │ 10000-20000   │ TCP (for TCP)  │
+   └────────────────┴───────────────┴────────────────┘
+`);
+    console.log(chalk_1.default.white.bold("7. VERIFY SETUP"));
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(`
+   ${chalk_1.default.cyan("# Check DNS propagation")}
+   nslookup ${domain}
+   nslookup test.op.${domain}
+
+   ${chalk_1.default.cyan("# Test server connection")}
+   curl -I https://${domain}
+
+   ${chalk_1.default.cyan("# Test WebSocket endpoint")}
+   curl -I https://${domain}/_tunnel
+`);
+    console.log(chalk_1.default.gray("─".repeat(78)));
+    console.log(chalk_1.default.green("\nNeed help? https://github.com/your-repo/opentunnel/issues\n"));
+});
+// Init command - create example config
+program
+    .command("init")
+    .description("Create an example opentunnel.yml configuration file")
+    .option("-f, --force", "Overwrite existing config file")
+    .action(async (options) => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const configPath = path.join(process.cwd(), CONFIG_FILE);
+    if (fs.existsSync(configPath) && !options.force) {
+        console.log(chalk_1.default.yellow(`Config file already exists: ${configPath}`));
+        console.log(chalk_1.default.gray("Use --force to overwrite"));
+        return;
+    }
+    const exampleConfig = {
+        version: "1.0",
+        server: {
+            url: "ws://localhost:8080/_tunnel",
+            // token: "your-auth-token",
+        },
+        tunnels: [
+            {
+                name: "web",
+                protocol: "http",
+                port: 3000,
+                subdomain: "web",
+                autostart: true,
+            },
+            {
+                name: "api",
+                protocol: "http",
+                port: 4000,
+                subdomain: "api",
+                autostart: true,
+            },
+            {
+                name: "database",
+                protocol: "tcp",
+                port: 5432,
+                autostart: false,
+            },
+        ],
+    };
+    fs.writeFileSync(configPath, (0, yaml_1.stringify)(exampleConfig, { indent: 2 }));
+    console.log(chalk_1.default.green(`Created ${CONFIG_FILE}`));
+    console.log(chalk_1.default.gray(`\nEdit the file to configure your tunnels, then run:`));
+    console.log(chalk_1.default.cyan(`  opentunnel up      # Start all tunnels`));
+    console.log(chalk_1.default.cyan(`  opentunnel up -d   # Start in background`));
+});
+// Up command - start tunnels from config (like docker-compose up)
+program
+    .command("up")
+    .description("Start server and tunnels from opentunnel.yml (like docker-compose up)")
+    .option("-d, --detach", "Run in background (detached mode)")
+    .option("-f, --file <path>", "Config file path", CONFIG_FILE)
+    .option("--no-autostart", "Ignore autostart setting, start all tunnels")
+    .action(async (options) => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const { TunnelServer } = await Promise.resolve().then(() => __importStar(require("../server/TunnelServer")));
+    // Load config file
+    const configPath = path.join(process.cwd(), options.file);
+    let config = { version: "1.0", tunnels: [] };
+    if (fs.existsSync(configPath)) {
+        const configContent = fs.readFileSync(configPath, "utf-8");
+        config = (0, yaml_1.parse)(configContent);
+    }
+    else {
+        console.log(chalk_1.default.red(`Config file not found: ${configPath}`));
+        console.log(chalk_1.default.gray(`Run 'opentunnel init' to create one`));
+        return;
+    }
+    const tunnelsToStart = options.autostart === false
+        ? config.tunnels
+        : config.tunnels?.filter(t => t.autostart !== false) || [];
+    // Get server config from yml
+    const port = config.server?.port || 443;
+    const domain = config.server?.domain || "localhost";
+    const basePath = config.server?.basePath || "op";
+    const useHttps = config.server?.https !== false;
+    const tcpMin = config.server?.tcpPortMin || 10000;
+    const tcpMax = config.server?.tcpPortMax || 20000;
+    // Display banner
+    console.log(chalk_1.default.cyan(`
+ ██████╗ ██████╗ ███████╗███╗   ██╗████████╗██╗   ██╗███╗   ██╗███╗   ██╗███████╗██╗
+██╔═══██╗██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██║   ██║████╗  ██║████╗  ██║██╔════╝██║
+██║   ██║██████╔╝█████╗  ██╔██╗ ██║   ██║   ██║   ██║██╔██╗ ██║██╔██╗ ██║█████╗  ██║
+██║   ██║██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██║   ██║██║╚██╗██║██║╚██╗██║██╔══╝  ██║
+╚██████╔╝██║     ███████╗██║ ╚████║   ██║   ╚██████╔╝██║ ╚████║██║ ╚████║███████╗███████╗
+ ╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝    ╚═════╝ ╚═╝  ╚═══╝╚═╝  ╚═══╝╚══════╝╚══════╝
+`));
+    // Start server
+    const spinner = (0, ora_1.default)("Starting server...").start();
+    const server = new TunnelServer({
+        port,
+        host: "0.0.0.0",
+        domain,
+        basePath,
+        tunnelPortRange: {
+            min: tcpMin,
+            max: tcpMax,
+        },
+        selfSignedHttps: useHttps ? { enabled: true } : undefined,
+    });
+    try {
+        await server.start();
+        spinner.succeed(`Server running on https://${basePath}.${domain}:${port}`);
+        // Start tunnels if defined
+        if (tunnelsToStart.length > 0) {
+            console.log(chalk_1.default.cyan(`\nStarting ${tunnelsToStart.length} tunnel(s)...\n`));
+            const protocol = useHttps ? "wss" : "ws";
+            const serverUrl = `${protocol}://localhost:${port}/_tunnel`;
+            // Small delay to ensure server is fully ready
+            await new Promise(resolve => setTimeout(resolve, 500));
+            await startTunnelsFromConfig(tunnelsToStart, serverUrl, config.server?.token, true);
+        }
+        else {
+            console.log(chalk_1.default.yellow("\nNo tunnels defined in config"));
+        }
+        console.log(chalk_1.default.gray("\nPress Ctrl+C to stop"));
+        // Keep running
+        await new Promise(() => { });
+    }
+    catch (error) {
+        spinner.fail(`Failed to start: ${error.message}`);
+        process.exit(1);
+    }
+});
+// Down command - stop all tunnels (like docker-compose down)
+program
+    .command("down")
+    .description("Stop all running tunnels (like docker-compose down)")
+    .action(async () => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    // Find all tunnel PID files
+    const pidFiles = fs.readdirSync(process.cwd())
+        .filter(f => f.startsWith(".opentunnel-") && f.endsWith(".pid"));
+    // Also include the server PID
+    const serverPidFile = ".opentunnel.pid";
+    if (fs.existsSync(path.join(process.cwd(), serverPidFile))) {
+        pidFiles.push(serverPidFile);
+    }
+    if (pidFiles.length === 0) {
+        console.log(chalk_1.default.yellow("No tunnels running"));
+        return;
+    }
+    console.log(chalk_1.default.cyan(`Stopping ${pidFiles.length} process(es)...\n`));
+    for (const pidFile of pidFiles) {
+        const pidPath = path.join(process.cwd(), pidFile);
+        const pid = parseInt(fs.readFileSync(pidPath, "utf-8").trim());
+        const name = pidFile.replace(".opentunnel-", "").replace(".pid", "").replace(".opentunnel", "server");
+        try {
+            process.kill(pid, "SIGTERM");
+            fs.unlinkSync(pidPath);
+            console.log(chalk_1.default.green(`  ✓ Stopped ${name} (PID: ${pid})`));
+        }
+        catch (err) {
+            if (err.code === "ESRCH") {
+                fs.unlinkSync(pidPath);
+                console.log(chalk_1.default.yellow(`  - ${name} was not running (cleaned up)`));
+            }
+            else {
+                console.log(chalk_1.default.red(`  ✗ Failed to stop ${name}: ${err.message}`));
+            }
+        }
+    }
+    // Clean up log files
+    const logFiles = fs.readdirSync(process.cwd())
+        .filter(f => f.startsWith("opentunnel") && f.endsWith(".log"));
+    if (logFiles.length > 0) {
+        console.log(chalk_1.default.gray(`\nLog files preserved: ${logFiles.join(", ")}`));
+    }
+    console.log(chalk_1.default.green("\nAll tunnels stopped"));
+});
+// PS command - list running tunnel processes (like docker ps)
+program
+    .command("ps")
+    .description("List running tunnel processes (like docker ps)")
+    .action(async () => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const pidFiles = fs.readdirSync(process.cwd())
+        .filter(f => f.startsWith(".opentunnel") && f.endsWith(".pid"));
+    if (pidFiles.length === 0) {
+        console.log(chalk_1.default.yellow("No tunnels running"));
+        console.log(chalk_1.default.gray("Start tunnels with: opentunnel up -d"));
+        return;
+    }
+    console.log(chalk_1.default.cyan("\nRunning Processes:"));
+    console.log(chalk_1.default.gray("─".repeat(60)));
+    console.log(chalk_1.default.gray(`  ${"NAME".padEnd(20)} ${"PID".padEnd(10)} ${"STATUS".padEnd(10)}`));
+    console.log(chalk_1.default.gray("─".repeat(60)));
+    for (const pidFile of pidFiles) {
+        const pidPath = path.join(process.cwd(), pidFile);
+        const pid = parseInt(fs.readFileSync(pidPath, "utf-8").trim());
+        let name = pidFile.replace(".opentunnel-", "").replace(".pid", "").replace(".opentunnel", "");
+        if (name === "")
+            name = "server";
+        let status = "unknown";
+        let statusColor = chalk_1.default.gray;
+        try {
+            process.kill(pid, 0); // Check if process exists
+            status = "running";
+            statusColor = chalk_1.default.green;
+        }
+        catch {
+            status = "stopped";
+            statusColor = chalk_1.default.red;
+        }
+        console.log(`  ${chalk_1.default.white(name.padEnd(20))} ${chalk_1.default.gray(String(pid).padEnd(10))} ${statusColor(status)}`);
+    }
+    console.log(chalk_1.default.gray("─".repeat(60)));
+    console.log(chalk_1.default.gray(`\nStop all: opentunnel down`));
+});
+// Test server command - simple HTTP server for testing tunnels
+program
+    .command("test-server")
+    .description("Start a simple HTTP test server")
+    .option("-p, --port <port>", "Port to listen on", "3000")
+    .option("-d, --detach", "Run in background")
+    .action(async (options) => {
+    const http = await Promise.resolve().then(() => __importStar(require("http")));
+    const port = parseInt(options.port);
+    if (options.detach) {
+        const { spawn } = await Promise.resolve().then(() => __importStar(require("child_process")));
+        const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+        const path = await Promise.resolve().then(() => __importStar(require("path")));
+        const pidFile = path.join(process.cwd(), `.test-server-${port}.pid`);
+        const logFile = path.join(process.cwd(), `test-server-${port}.log`);
+        if (fs.existsSync(pidFile)) {
+            const oldPid = fs.readFileSync(pidFile, "utf-8").trim();
+            try {
+                process.kill(parseInt(oldPid), 0);
+                console.log(chalk_1.default.yellow(`Test server already running on port ${port} (PID: ${oldPid})`));
+                return;
+            }
+            catch {
+                fs.unlinkSync(pidFile);
+            }
+        }
+        const out = fs.openSync(logFile, "a");
+        const err = fs.openSync(logFile, "a");
+        const child = spawn(process.execPath, [process.argv[1], "test-server", "-p", String(port)], {
+            detached: true,
+            stdio: ["ignore", out, err],
+            cwd: process.cwd(),
+        });
+        child.unref();
+        fs.writeFileSync(pidFile, String(child.pid));
+        console.log(chalk_1.default.green(`Test server started on port ${port}`));
+        console.log(chalk_1.default.gray(`  PID: ${child.pid}`));
+        console.log(chalk_1.default.gray(`  URL: http://localhost:${port}`));
+        console.log(chalk_1.default.gray(`  Log: ${logFile}`));
+        return;
+    }
+    const server = http.createServer((req, res) => {
+        const timestamp = new Date().toISOString();
+        const method = req.method;
+        const url = req.url;
+        const headers = JSON.stringify(req.headers, null, 2);
+        console.log(chalk_1.default.cyan(`[${timestamp}] ${method} ${url}`));
+        // Collect body for POST/PUT
+        let body = "";
+        req.on("data", (chunk) => { body += chunk; });
+        req.on("end", () => {
+            const response = {
+                success: true,
+                message: "OpenTunnel Test Server",
+                request: {
+                    method,
+                    url,
+                    headers: req.headers,
+                    body: body || undefined,
+                },
+                server: {
+                    port,
+                    timestamp,
+                    uptime: process.uptime(),
+                },
+            };
+            res.writeHead(200, {
+                "Content-Type": "application/json",
+                "X-Powered-By": "OpenTunnel Test Server",
+            });
+            res.end(JSON.stringify(response, null, 2));
+        });
+    });
+    server.listen(port, () => {
+        console.log(chalk_1.default.green(`\n  OpenTunnel Test Server`));
+        console.log(chalk_1.default.gray("  ─────────────────────────────────────────"));
+        console.log(`  ${chalk_1.default.white("Status:")}   ${chalk_1.default.green("● Running")}`);
+        console.log(`  ${chalk_1.default.white("Port:")}     ${chalk_1.default.cyan(port)}`);
+        console.log(`  ${chalk_1.default.white("URL:")}      ${chalk_1.default.cyan(`http://localhost:${port}`)}`);
+        console.log(chalk_1.default.gray("  ─────────────────────────────────────────"));
+        console.log(chalk_1.default.gray("\n  Endpoints:"));
+        console.log(chalk_1.default.gray(`    GET  /         → Returns server info`));
+        console.log(chalk_1.default.gray(`    GET  /health   → Health check`));
+        console.log(chalk_1.default.gray(`    POST /echo     → Echo request body`));
+        console.log(chalk_1.default.gray(`    ANY  /*        → Returns request details`));
+        console.log(chalk_1.default.gray("\n  Press Ctrl+C to stop\n"));
+    });
+    process.on("SIGINT", () => {
+        console.log(chalk_1.default.yellow("\n  Shutting down..."));
+        server.close(() => {
+            console.log(chalk_1.default.green("  Test server stopped"));
+            process.exit(0);
+        });
+    });
+});
+// Stop test servers command
+program
+    .command("test-server-stop")
+    .description("Stop all test servers")
+    .option("-p, --port <port>", "Stop specific port")
+    .action(async (options) => {
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    let pidFiles;
+    if (options.port) {
+        const specific = `.test-server-${options.port}.pid`;
+        pidFiles = fs.existsSync(path.join(process.cwd(), specific)) ? [specific] : [];
+    }
+    else {
+        pidFiles = fs.readdirSync(process.cwd())
+            .filter(f => f.startsWith(".test-server-") && f.endsWith(".pid"));
+    }
+    if (pidFiles.length === 0) {
+        console.log(chalk_1.default.yellow("No test servers running"));
+        return;
+    }
+    for (const pidFile of pidFiles) {
+        const pidPath = path.join(process.cwd(), pidFile);
+        const pid = parseInt(fs.readFileSync(pidPath, "utf-8").trim());
+        const port = pidFile.replace(".test-server-", "").replace(".pid", "");
+        try {
+            process.kill(pid, "SIGTERM");
+            fs.unlinkSync(pidPath);
+            console.log(chalk_1.default.green(`  ✓ Stopped test server on port ${port} (PID: ${pid})`));
+        }
+        catch (err) {
+            if (err.code === "ESRCH") {
+                fs.unlinkSync(pidPath);
+                console.log(chalk_1.default.yellow(`  - Test server on port ${port} was not running`));
+            }
+        }
+    }
+});
+async function runTunnelInBackgroundFromConfig(name, protocol, port, options) {
+    const { spawn } = await Promise.resolve().then(() => __importStar(require("child_process")));
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const pidFile = path.join(process.cwd(), `.opentunnel-${name}.pid`);
+    const logFile = path.join(process.cwd(), `opentunnel-${name}.log`);
+    // Check if already running
+    if (fs.existsSync(pidFile)) {
+        const oldPid = fs.readFileSync(pidFile, "utf-8").trim();
+        try {
+            process.kill(parseInt(oldPid), 0);
+            console.log(chalk_1.default.yellow(`  - ${name}: already running (PID: ${oldPid})`));
+            return;
+        }
+        catch {
+            fs.unlinkSync(pidFile);
+        }
+    }
+    // Build args
+    const args = [protocol, String(port)];
+    if (options.subdomain)
+        args.push("-n", options.subdomain);
+    if (options.server)
+        args.push("-s", options.server);
+    if (options.token)
+        args.push("-t", options.token);
+    if (options.host)
+        args.push("-h", options.host);
+    if (options.remotePort)
+        args.push("-r", String(options.remotePort));
+    const out = fs.openSync(logFile, "a");
+    const err = fs.openSync(logFile, "a");
+    const child = spawn(process.execPath, [process.argv[1], ...args], {
+        detached: true,
+        stdio: ["ignore", out, err],
+        cwd: process.cwd(),
+    });
+    child.unref();
+    fs.writeFileSync(pidFile, String(child.pid));
+    console.log(chalk_1.default.green(`  ✓ ${name}: started (PID: ${child.pid})`));
+}
+async function startTunnelsFromConfig(tunnels, serverUrl, token, insecure) {
+    const spinner = (0, ora_1.default)("Connecting to server...").start();
+    const client = new TunnelClient_1.TunnelClient({
+        serverUrl,
+        token,
+        reconnect: true,
+        silent: true,
+        rejectUnauthorized: !insecure,
+    });
+    try {
+        await client.connect();
+        spinner.succeed("Connected to server");
+        const activeTunnels = [];
+        for (const tunnel of tunnels) {
+            const tunnelSpinner = (0, ora_1.default)(`Creating tunnel: ${tunnel.name}...`).start();
+            try {
+                const { tunnelId, publicUrl } = await client.createTunnel({
+                    protocol: tunnel.protocol,
+                    localHost: tunnel.host || "localhost",
+                    localPort: tunnel.port,
+                    subdomain: tunnel.subdomain,
+                    remotePort: tunnel.remotePort,
+                });
+                activeTunnels.push({ name: tunnel.name, tunnelId, publicUrl });
+                tunnelSpinner.succeed(`${tunnel.name}: ${publicUrl}`);
+            }
+            catch (err) {
+                tunnelSpinner.fail(`${tunnel.name}: ${err.message}`);
+            }
+        }
+        if (activeTunnels.length === 0) {
+            console.log(chalk_1.default.red("\nNo tunnels created"));
+            process.exit(1);
+        }
+        console.log(chalk_1.default.cyan("\n─────────────────────────────────────────"));
+        console.log(chalk_1.default.green(`  ${activeTunnels.length} tunnel(s) active`));
+        console.log(chalk_1.default.cyan("─────────────────────────────────────────\n"));
+        for (const t of activeTunnels) {
+            console.log(`  ${chalk_1.default.white(t.name.padEnd(15))} ${chalk_1.default.green(t.publicUrl)}`);
+        }
+        console.log(chalk_1.default.gray("\n  Press Ctrl+C to stop all tunnels\n"));
+        // Keep alive with uptime counter
+        const startTime = Date.now();
+        const statsInterval = setInterval(() => {
+            const uptime = (0, utils_1.formatDuration)(Date.now() - startTime);
+            process.stdout.write(`\r  ${chalk_1.default.gray(`Uptime: ${uptime}`)}`);
+        }, 1000);
+        // Handle exit
+        const cleanup = async () => {
+            clearInterval(statsInterval);
+            console.log("\n");
+            const closeSpinner = (0, ora_1.default)("Closing tunnels...").start();
+            for (const t of activeTunnels) {
+                await client.closeTunnel(t.tunnelId);
+            }
+            await client.disconnect();
+            closeSpinner.succeed("All tunnels closed");
+            process.exit(0);
+        };
+        process.on("SIGINT", cleanup);
+        process.on("SIGTERM", cleanup);
+        // Handle reconnection
+        client.on("disconnected", () => {
+            console.log(chalk_1.default.yellow("\n  Disconnected, reconnecting..."));
+        });
+        client.on("connected", () => {
+            console.log(chalk_1.default.green("  Reconnected!"));
+        });
+    }
+    catch (err) {
+        spinner.fail(`Failed: ${err.message}`);
+        process.exit(1);
+    }
+}
+async function runTunnelInBackground(command, port, options) {
+    const { spawn } = await Promise.resolve().then(() => __importStar(require("child_process")));
+    const fs = await Promise.resolve().then(() => __importStar(require("fs")));
+    const path = await Promise.resolve().then(() => __importStar(require("path")));
+    const tunnelId = `tunnel-${port}-${Date.now()}`;
+    const pidFile = path.join(process.cwd(), `.opentunnel-${port}.pid`);
+    const logFile = path.join(process.cwd(), `opentunnel-${port}.log`);
+    // Check if already running
+    if (fs.existsSync(pidFile)) {
+        const oldPid = fs.readFileSync(pidFile, "utf-8").trim();
+        try {
+            process.kill(parseInt(oldPid), 0);
+            console.log(chalk_1.default.yellow(`Tunnel already running on port ${port} (PID: ${oldPid})`));
+            console.log(chalk_1.default.gray(`Stop it with: kill ${oldPid}`));
+            return;
+        }
+        catch {
+            fs.unlinkSync(pidFile);
+        }
+    }
+    // Build args without -d flag
+    const args = [command, port];
+    if (options.subdomain)
+        args.push("-n", options.subdomain);
+    if (options.server)
+        args.push("-s", options.server);
+    if (options.token)
+        args.push("-t", options.token);
+    if (options.host)
+        args.push("-h", options.host);
+    if (options.https)
+        args.push("--https");
+    if (options.ngrok)
+        args.push("--ngrok");
+    if (options.region)
+        args.push("--region", options.region);
+    if (options.remotePort)
+        args.push("-r", options.remotePort);
+    if (options.protocol)
+        args.push("-p", options.protocol);
+    const out = fs.openSync(logFile, "a");
+    const err = fs.openSync(logFile, "a");
+    const child = spawn(process.execPath, [process.argv[1], ...args], {
+        detached: true,
+        stdio: ["ignore", out, err],
+        cwd: process.cwd(),
+    });
+    child.unref();
+    fs.writeFileSync(pidFile, String(child.pid));
+    // Extract domain from server URL for display
+    const serverUrl = options.server || "ws://localhost:8080/_tunnel";
+    let displayDomain = "localhost:8080";
+    let expectedUrl = `http://${options.subdomain || "random"}.op.localhost:8080`;
+    try {
+        const url = new URL(serverUrl.replace("wss://", "https://").replace("ws://", "http://"));
+        displayDomain = url.host;
+        const isSecure = serverUrl.startsWith("wss://");
+        const protocol = isSecure ? "https" : "http";
+        const subdomain = options.subdomain || "<random>";
+        expectedUrl = `${protocol}://${subdomain}.op.${url.hostname}`;
+        if ((isSecure && url.port && url.port !== "443") || (!isSecure && url.port && url.port !== "80")) {
+            expectedUrl += `:${url.port}`;
+        }
+    }
+    catch { }
+    console.log(chalk_1.default.green(`Tunnel started in background`));
+    console.log(chalk_1.default.gray("  ─────────────────────────────────────────"));
+    console.log(`  ${chalk_1.default.white("PID:")}       ${chalk_1.default.cyan(child.pid)}`);
+    console.log(`  ${chalk_1.default.white("Local:")}     ${chalk_1.default.gray(`localhost:${port}`)}`);
+    console.log(`  ${chalk_1.default.white("Server:")}    ${chalk_1.default.gray(displayDomain)}`);
+    console.log(`  ${chalk_1.default.white("Public:")}    ${chalk_1.default.green(expectedUrl)} ${chalk_1.default.yellow("(pending)")}`);
+    console.log(chalk_1.default.gray("  ─────────────────────────────────────────"));
+    console.log(chalk_1.default.gray(`  Log: ${logFile}`));
+    console.log("");
+    console.log(chalk_1.default.gray(`Stop with:  kill ${child.pid}`));
+    console.log(chalk_1.default.gray(`Check:      tail -f ${logFile}`));
+}
+async function createTunnel(options) {
+    const spinner = (0, ora_1.default)("Connecting to server...").start();
+    const client = new TunnelClient_1.TunnelClient({
+        serverUrl: options.serverUrl,
+        token: options.token,
+        reconnect: true,
+        silent: true,
+        rejectUnauthorized: !options.insecure,
+    });
+    try {
+        await client.connect();
+        spinner.text = "Creating tunnel...";
+        const { tunnelId, publicUrl } = await client.createTunnel({
+            protocol: options.protocol,
+            localHost: options.localHost,
+            localPort: options.localPort,
+            subdomain: options.subdomain,
+            remotePort: options.remotePort,
+        });
+        spinner.succeed("Tunnel established!");
+        printTunnelInfo({
+            status: "Online",
+            protocol: options.protocol,
+            localHost: options.localHost,
+            localPort: options.localPort,
+            publicUrl,
+            provider: "OpenTunnel",
+        });
+        // Keep alive
+        const startTime = Date.now();
+        const statsInterval = setInterval(() => {
+            const uptime = (0, utils_1.formatDuration)(Date.now() - startTime);
+            process.stdout.write(`\r  ${chalk_1.default.gray(`Uptime: ${uptime}`)}`);
+        }, 1000);
+        // Handle exit
+        const cleanup = async () => {
+            clearInterval(statsInterval);
+            console.log("\n");
+            spinner.start("Closing tunnel...");
+            await client.closeTunnel(tunnelId);
+            await client.disconnect();
+            spinner.succeed("Tunnel closed");
+            process.exit(0);
+        };
+        process.on("SIGINT", cleanup);
+        process.on("SIGTERM", cleanup);
+        // Handle reconnection
+        client.on("disconnected", () => {
+            console.log(chalk_1.default.yellow("\n  Disconnected, reconnecting..."));
+        });
+        client.on("connected", () => {
+            console.log(chalk_1.default.green("  Reconnected!"));
+        });
+    }
+    catch (err) {
+        spinner.fail(`Failed: ${err.message}`);
+        process.exit(1);
+    }
+}
+async function createNgrokTunnel(options) {
+    const spinner = (0, ora_1.default)("Starting ngrok...").start();
+    const client = new NgrokClient_1.NgrokClient({
+        authtoken: options.authtoken,
+        region: options.region,
+    });
+    try {
+        await client.connect();
+        spinner.text = "Creating tunnel...";
+        const { tunnelId, publicUrl } = await client.createTunnel({
+            protocol: options.protocol,
+            localHost: options.localHost,
+            localPort: options.localPort,
+            subdomain: options.subdomain,
+            remotePort: options.remotePort,
+        });
+        spinner.succeed("Tunnel established!");
+        printTunnelInfo({
+            status: "Online",
+            protocol: options.protocol,
+            localHost: options.localHost,
+            localPort: options.localPort,
+            publicUrl,
+            provider: "ngrok",
+        });
+        // Keep alive
+        const startTime = Date.now();
+        const statsInterval = setInterval(() => {
+            const uptime = (0, utils_1.formatDuration)(Date.now() - startTime);
+            process.stdout.write(`\r  ${chalk_1.default.gray(`Uptime: ${uptime}`)}`);
+        }, 1000);
+        // Handle exit
+        const cleanup = async () => {
+            clearInterval(statsInterval);
+            console.log("\n");
+            spinner.start("Closing tunnel...");
+            await client.closeTunnel(tunnelId);
+            await client.disconnect();
+            spinner.succeed("Tunnel closed");
+            process.exit(0);
+        };
+        process.on("SIGINT", cleanup);
+        process.on("SIGTERM", cleanup);
+    }
+    catch (err) {
+        spinner.fail(`Failed: ${err.message}`);
+        console.log(chalk_1.default.yellow("\nMake sure ngrok is installed: https://ngrok.com/download"));
+        process.exit(1);
+    }
+}
+function printTunnelInfo(info) {
+    console.log("");
+    console.log(chalk_1.default.cyan(`  OpenTunnel ${chalk_1.default.gray(`(via ${info.provider})`)}`));
+    console.log(chalk_1.default.gray("  ─────────────────────────────────────────"));
+    console.log(`  ${chalk_1.default.white("Status:")}    ${chalk_1.default.green(`● ${info.status}`)}`);
+    console.log(`  ${chalk_1.default.white("Protocol:")}  ${chalk_1.default.yellow(info.protocol.toUpperCase())}`);
+    console.log(`  ${chalk_1.default.white("Local:")}     ${chalk_1.default.gray(`${info.localHost}:${info.localPort}`)}`);
+    console.log(`  ${chalk_1.default.white("Public:")}    ${chalk_1.default.green(info.publicUrl)}`);
+    console.log(chalk_1.default.gray("  ─────────────────────────────────────────"));
+    console.log("");
+    console.log(chalk_1.default.gray("  Press Ctrl+C to close the tunnel"));
+    console.log("");
+}
+program.parse();
+//# sourceMappingURL=index.js.map