pal-explorer-cli 0.4.12 → 0.4.14

package/lib/commands/share.js

@@ -1,323 +1,336 @@
-import chalk from 'chalk';
-import path from 'path';
-import fs from 'fs';
-import { addShare, storeShareKey } from '../core/shares.js';
-import { getGroup } from '../core/groups.js';
-import config from '../utils/config.js';
-import logger from '../utils/logger.js';
-import { requireRole, getFriends } from '../core/users.js';
-import { checkLimit } from '../core/pro.js';
-
-export default function shareCommand(program) {
-  program
-    .command('share-rename <id> <name>')
-    .description('rename a shared resource')
-    .action((id, name) => {
-      if (!name || !name.trim()) {
-        console.log(chalk.red('Error: name cannot be empty.'));
-        process.exitCode = 1;
-        return;
-      }
-      const shares = config.get('shares') || [];
-      const share = shares.find(s => s.id === id);
-      if (!share) {
-        console.log(chalk.red('Share not found.'));
-        process.exitCode = 1;
-        return;
-      }
-      share.name = name;
-      config.set('shares', shares);
-      console.log(chalk.green(`✔ Share renamed to: ${name}`));
-    });
-
-  program
-    .command('share <file>')
-    .description('share a file, folder, or drive via P2P')
-    .option('-v, --visibility <type>', 'Visibility: global, private, group, network, link-only', 'global')
-    .option('-w, --with <pals...>', 'Specific pals to share with (names or IDs)')
-    .option('--with-group <group>', 'Share with all members of a group')
-    .option('--with-network <network>', 'Share with a network')
-    .option('--streamable', 'Enable media streaming (audio/video playback without download)')
-    .option('--no-recursive', 'Share only top-level files in folder (no subfolders)')
-    .option('--expires <duration>', 'Auto-expire after duration (e.g. 1h, 3d, 7d, 30d)')
-    .option('--max-downloads <n>', 'Auto-expire after N downloads (0 = unlimited)', '0')
-    .option('--password <pwd>', 'Password-protect this share')
-    .addHelpText('after', `
-Examples:
-  $ pe share ./photos                         Share a folder publicly (recursive)
-  $ pe share ./photos --no-recursive          Share only top-level files in folder
-  $ pe share ./docs -v private -w alice       Share privately with pal "alice"
-  $ pe share ./project --with-group team      Share with entire group
-  $ pe share ./file.zip --password secret123  Password-protected share
-  $ pe share ./file.zip                       Share a single file
-  $ pe share ./music --streamable             Share as streaming media server
-  $ pe share ./report.pdf --expires 3d        Share for 3 days then auto-expire
-  $ pe share ./file.zip --max-downloads 5     Expire after 5 downloads
-  $ pe share ./docs -v network --with-network mynet
-
-Note: Private shares create an encrypted copy of your files for E2E seeding.
-This uses additional disk space equal to the original share size.
-`)
-    .action(async (filePath, options) => {
-      if (!filePath || !filePath.trim()) {
-        console.log(chalk.red('Error: file path cannot be empty.'));
-        process.exitCode = 1;
-        return;
-      }
-      const VALID_VISIBILITIES = ['global', 'private', 'group', 'network', 'link-only', 'public'];
-      if (!VALID_VISIBILITIES.includes(options.visibility)) {
-        console.log(chalk.red(`Invalid visibility '${options.visibility}'. Must be one of: ${VALID_VISIBILITIES.join(', ')}`));
-        process.exitCode = 1;
-        return;
-      }
-      const maxDl = parseInt(options.maxDownloads);
-      if (isNaN(maxDl) || maxDl < 0) {
-        console.log(chalk.red('--max-downloads must be a non-negative integer.'));
-        process.exitCode = 1;
-        return;
-      }
-      const absolutePath = path.resolve(filePath);
-      try {
-        try { requireRole('user'); } catch (e) {
-          console.log(chalk.red(e.message));
-          process.exitCode = 1;
-          return;
-        }
-        if (!fs.existsSync(absolutePath)) {
-          console.log(chalk.red(`Path does not exist: ${absolutePath}`));
-          process.exitCode = 1;
-          return;
-        }
-        const friends = getFriends();
-
-        // Validate pals if provided
-        let recipients = [];
-        if (options.withGroup) {
-          const group = getGroup(options.withGroup);
-          if (!group) {
-            console.log(chalk.red(`Group '${options.withGroup}' not found.`));
-            process.exitCode = 1;
-            return;
-          }
-          if (group.members.length === 0) {
-            console.log(chalk.yellow(`Group '${group.name}' has no members.`));
-            process.exitCode = 1;
-            return;
-          }
-          recipients = group.members.map(m => {
-            const pal = friends.find(f => f.id === m.id);
-            return pal || { name: m.name, id: m.id, handle: m.handle };
-          });
-          console.log(chalk.cyan(`Sharing with group '${group.name}' (${recipients.length} members)`));
-        }
-        if (options.with) {
-          const palRecipients = options.with.map(nameOrId => {
-            const stripped = nameOrId.replace(/^@/, '');
-            const pal = friends.find(f =>
-              f.id === stripped || f.name === stripped || f.handle === stripped || f.publicKey === stripped
-            );
-            if (!pal) {
-              console.warn(chalk.yellow(`Warning: Pal '${stripped}' not found in your list.`));
-              return { name: stripped, id: 'unknown' };
-            }
-            return pal;
-          });
-          // Merge, avoid duplicates by id
-          for (const r of palRecipients) {
-            if (!recipients.find(e => e.id === r.id)) {
-              recipients.push(r);
-            }
-          }
-        }
-
-        checkLimit('maxShareRecipients', recipients.length);
-
-        console.log(chalk.blue(`Preparing to share: ${absolutePath}`));
-
-        let type = 'file';
-        try {
-          const stat = fs.statSync(absolutePath);
-          if (stat.isDirectory()) {
-            const parsed = path.parse(absolutePath);
-            type = parsed.dir === parsed.root || absolutePath === parsed.root ? 'drive' : 'folder';
-          }
-        } catch {
-          // path doesn't exist yet — default to 'file'
-        }
-
-        const recursive = options.recursive !== false;
-        let expiresIn = 0;
-        if (options.expires) {
-          expiresIn = parseDuration(options.expires);
-          if (!expiresIn) {
-            console.log(chalk.red('Invalid --expires format. Use: 1h, 3d, 7d, 30d'));
-            process.exitCode = 1;
-            return;
-          }
-        }
-        const maxDownloads = parseInt(options.maxDownloads) || 0;
-        const password = options.password || null;
-        const share = addShare(absolutePath, type, options.visibility, { read: true }, recipients, { recursive, expiresIn, maxDownloads, password });
-
-        // Set streamable flag
-        if (options.streamable) {
-          const shares = config.get('shares');
-          const idx = shares.findIndex(s => s.id === share.id);
-          if (idx !== -1) {
-            shares[idx].streamable = true;
-            config.set('shares', shares);
-          }
-          console.log(chalk.magenta('  Media streaming enabled for this share'));
-        }
-
-        // Set network association
-        if (options.withNetwork) {
-          const shares = config.get('shares');
-          const idx = shares.findIndex(s => s.id === share.id);
-          if (idx !== -1) {
-            shares[idx].sharedWithNetworks = [options.withNetwork];
-            config.set('shares', shares);
-          }
-        }
-
-        // Persist group association
-        if (options.withGroup) {
-          const group = getGroup(options.withGroup);
-          if (group) {
-            const shares = config.get('shares');
-            const idx = shares.findIndex(s => s.id === share.id);
-            if (idx !== -1) {
-              shares[idx].sharedWithGroups = [group.id];
-              config.set('shares', shares);
-            }
-          }
-        }
-
-        // Encrypt for private shares that have named recipients
-        if (options.visibility === 'private' && share.recipients.length > 0) {
-          const { generateShareKey, encryptDirectory, getEncryptedShareDir, encryptShareKeyForRecipient } = await import('../crypto/shareEncryption.js');
-          const shareKey = generateShareKey();
-          const encDir = getEncryptedShareDir(share.id);
-          console.log(chalk.gray('Encrypting files for private share...'));
-          const encStart = Date.now();
-          const encSpinner = setInterval(() => {
-            const elapsed = ((Date.now() - encStart) / 1000).toFixed(0);
-            process.stdout.write(`\r${chalk.gray(`  Encrypting... ${elapsed}s`)}`);
-          }, 1000);
-          try {
-            encryptDirectory(absolutePath, encDir, shareKey);
-          } finally {
-            clearInterval(encSpinner);
-            process.stdout.write('\r' + ' '.repeat(40) + '\r');
-          }
-
-          // Wrap the shareKey for each recipient
-          const encryptedShareKeys = {};
-          for (const recipient of share.recipients) {
-            const pal = friends.find(f => f.name === recipient.name || f.id === recipient.id || f.handle === recipient.handle);
-            if (pal?.id && pal.id !== 'unknown') {
-              encryptedShareKeys[pal.id] = encryptShareKeyForRecipient(shareKey, pal.id);
-            }
-          }
-
-          // Store share key securely in credential store
-          await storeShareKey(share.id, shareKey.toString('hex'));
-
-          // Persist encryption metadata onto the stored share (without shareKeyHex)
-          const shares = config.get('shares');
-          const idx = shares.findIndex(s => s.id === share.id);
-          if (idx !== -1) {
-            shares[idx].encryptedPath = encDir;
-            shares[idx].encryptedShareKeys = encryptedShareKeys;
-            config.set('shares', shares);
-          }
-
-          console.log(chalk.green('Encryption complete.'));
-
-          // Warn about disk overhead for private shares
-          try {
-            const stat = fs.statSync(absolutePath);
-            if (stat.isDirectory()) {
-              let totalSize = 0;
-              const walk = (dir) => {
-                for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
-                  const full = path.join(dir, entry.name);
-                  if (entry.isFile()) totalSize += fs.statSync(full).size;
-                  else if (entry.isDirectory()) walk(full);
-                }
-              };
-              walk(absolutePath);
-              const sizeMB = (totalSize / 1024 / 1024).toFixed(0);
-              if (totalSize > 1024 * 1024 * 1024) {
-                const sizeGB = (totalSize / 1024 / 1024 / 1024).toFixed(1);
-                console.log(chalk.yellow(`  Warning: Private shares create an encrypted copy (~${sizeGB} GB additional disk space).`));
-                console.log(chalk.yellow(`  Total disk usage for this share: ~${(totalSize * 2 / 1024 / 1024 / 1024).toFixed(1)} GB (original + encrypted copy).`));
-              } else if (totalSize > 50 * 1024 * 1024) {
-                console.log(chalk.yellow(`  Note: Private shares create an encrypted copy (~${sizeMB} MB additional disk space).`));
-              }
-            }
-          } catch {}
-        }
-
-        logger.info(`Share added: ${absolutePath}`, { visibility: options.visibility, type, id: share.id });
-        console.log(chalk.green(`✔ Resource added to ${options.visibility} share list!`));
-        if (recipients.length > 0) {
-           console.log(chalk.cyan(`  Shared with: ${recipients.map(r => r.name).join(', ')}`));
-        }
-
-        // Send PAL/1.0 share.offer envelopes to recipients
-        if (options.visibility === 'private' && recipients.length > 0) {
-          try {
-            const { getIdentity } = await import('../core/identity.js');
-            const identity = await getIdentity();
-            if (identity?.privateKey) {
-              const { initiateShare } = await import('../protocol/negotiation.js');
-              const { postTo, getPrimaryServer } = await import('../core/discoveryClient.js');
-              const keyPair = {
-                publicKey: Buffer.from(identity.publicKey, 'hex'),
-                privateKey: Buffer.from(identity.privateKey, 'hex'),
-              };
-              let sent = 0;
-              for (const r of recipients) {
-                const pal = friends.find(f => f.id === r.id);
-                if (pal?.id && pal.id !== 'unknown') {
-                  const result = await initiateShare(keyPair, pal.id, share, options.policy || {});
-                  if (result.ok) {
-                    await postTo(getPrimaryServer(), '/api/v1/messages', {
-                      toHandle: pal.handle || pal.name,
-                      fromHandle: identity.handle || identity.name,
-                      payload: result.envelope,
-                    });
-                    sent++;
-                  }
-                }
-              }
-              if (sent > 0) console.log(chalk.gray(`  PAL/1.0 share offers sent to ${sent} recipient(s)`));
-            }
-          } catch {
-            // Protocol notifications are best-effort
-          }
-        }
-
-        if (share.password) console.log(chalk.yellow('  Password protected'));
-        if (share.expiresAt) console.log(chalk.gray(`  Expires: ${new Date(share.expiresAt).toLocaleString()}`));
-        if (share.maxDownloads) console.log(chalk.gray(`  Max downloads: ${share.maxDownloads}`));
-        console.log(chalk.white('To start seeding, use: pe serve'));
-        console.log(chalk.gray(`ID: ${share.id}`));
-      } catch (err) {
-        logger.error(`Share failed: ${err.message}`, { path: absolutePath });
-        console.error(chalk.red(`Error: ${err.message}`));
-      }
-    });
-}
-
-function parseDuration(str) {
-  const match = str.match(/^(\d+)([dhm])$/);
-  if (!match) return null;
-  const n = parseInt(match[1]);
-  const unit = match[2];
-  if (unit === 'd') return n * 86400000;
-  if (unit === 'h') return n * 3600000;
-  if (unit === 'm') return n * 60000;
-  return null;
-}
+import chalk from 'chalk';
+import path from 'path';
+import fs from 'fs';
+import { addShare, storeShareKey } from '../core/shares.js';
+import { getGroup } from '../core/groups.js';
+import config from '../utils/config.js';
+import logger from '../utils/logger.js';
+import { requireRole, getFriends } from '../core/users.js';
+import { checkLimit } from '../core/pro.js';
+
+export default function shareCommand(program) {
+  program
+    .command('share-rename <id> <name>')
+    .description('rename a shared resource')
+    .action((id, name) => {
+      if (!name || !name.trim()) {
+        console.log(chalk.red('Error: name cannot be empty.'));
+        process.exitCode = 1;
+        return;
+      }
+      const shares = config.get('shares') || [];
+      const share = shares.find(s => s.id === id);
+      if (!share) {
+        console.log(chalk.red('Share not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      share.name = name;
+      config.set('shares', shares);
+      console.log(chalk.green(`✔ Share renamed to: ${name}`));
+    });
+
+  program
+    .command('share <file>')
+    .description('share a file, folder, or drive via P2P')
+    .option('-v, --visibility <type>', 'Visibility: global, private, group, network, link-only', 'global')
+    .option('-w, --with <pals...>', 'Specific pals to share with (names or IDs)')
+    .option('--with-group <group>', 'Share with all members of a group')
+    .option('--with-network <network>', 'Share with a network')
+    .option('--streamable', 'Enable media streaming (audio/video playback without download)')
+    .option('--no-recursive', 'Share only top-level files in folder (no subfolders)')
+    .option('--expires <duration>', 'Auto-expire after duration (e.g. 1h, 3d, 7d, 30d)')
+    .option('--max-downloads <n>', 'Auto-expire after N downloads (0 = unlimited)', '0')
+    .option('--password <pwd>', 'Password-protect this share')
+    .option('--category <type>', 'Category: documents, media, projects, games, backups, other')
+    .option('--description <text>', 'Share description (max 200 chars)')
+    .option('--color <hex>', 'Share color (hex, e.g. #89b4fa)')
+    .option('--icon <emoji>', 'Share icon emoji')
+    .option('--tags <list>', 'Comma-separated tags, e.g. "photos,vacation,2026"')
+    .addHelpText('after', `
+Examples:
+  $ pal share ./photos                         Share a folder publicly (recursive)
+  $ pal share ./photos --no-recursive          Share only top-level files in folder
+  $ pal share ./docs -v private -w alice       Share privately with pal "alice"
+  $ pal share ./project --with-group team      Share with entire group
+  $ pal share ./file.zip --password secret123  Password-protected share
+  $ pal share ./file.zip                       Share a single file
+  $ pal share ./music --streamable             Share as streaming media server
+  $ pal share ./report.pdf --expires 3d        Share for 3 days then auto-expire
+  $ pal share ./file.zip --max-downloads 5     Expire after 5 downloads
+  $ pal share ./docs -v network --with-network mynet
+
+Note: Private shares create an encrypted copy of your files for E2E seeding.
+This uses additional disk space equal to the original share size.
+`)
+    .action(async (filePath, options) => {
+      if (!filePath || !filePath.trim()) {
+        console.log(chalk.red('Error: file path cannot be empty.'));
+        process.exitCode = 1;
+        return;
+      }
+      const VALID_VISIBILITIES = ['global', 'private', 'group', 'network', 'link-only', 'public'];
+      if (!VALID_VISIBILITIES.includes(options.visibility)) {
+        console.log(chalk.red(`Invalid visibility '${options.visibility}'. Must be one of: ${VALID_VISIBILITIES.join(', ')}`));
+        process.exitCode = 1;
+        return;
+      }
+      const maxDl = parseInt(options.maxDownloads);
+      if (isNaN(maxDl) || maxDl < 0) {
+        console.log(chalk.red('--max-downloads must be a non-negative integer.'));
+        process.exitCode = 1;
+        return;
+      }
+      const absolutePath = path.resolve(filePath);
+      try {
+        try { requireRole('user'); } catch (e) {
+          console.log(chalk.red(e.message));
+          process.exitCode = 1;
+          return;
+        }
+        if (!fs.existsSync(absolutePath)) {
+          console.log(chalk.red(`Path does not exist: ${absolutePath}`));
+          process.exitCode = 1;
+          return;
+        }
+        const friends = getFriends();
+
+        // Validate pals if provided
+        let recipients = [];
+        if (options.withGroup) {
+          const group = getGroup(options.withGroup);
+          if (!group) {
+            console.log(chalk.red(`Group '${options.withGroup}' not found.`));
+            process.exitCode = 1;
+            return;
+          }
+          if (group.members.length === 0) {
+            console.log(chalk.yellow(`Group '${group.name}' has no members.`));
+            process.exitCode = 1;
+            return;
+          }
+          recipients = group.members.map(m => {
+            const pal = friends.find(f => f.id === m.id);
+            return pal || { name: m.name, id: m.id, handle: m.handle };
+          });
+          console.log(chalk.cyan(`Sharing with group '${group.name}' (${recipients.length} members)`));
+        }
+        if (options.with) {
+          const palRecipients = options.with.map(nameOrId => {
+            const stripped = nameOrId.replace(/^@/, '');
+            const pal = friends.find(f =>
+              f.id === stripped || f.name === stripped || f.handle === stripped || f.publicKey === stripped
+            );
+            if (!pal) {
+              console.warn(chalk.yellow(`Warning: Pal '${stripped}' not found in your list.`));
+              return { name: stripped, id: 'unknown' };
+            }
+            return pal;
+          });
+          // Merge, avoid duplicates by id
+          for (const r of palRecipients) {
+            if (!recipients.find(e => e.id === r.id)) {
+              recipients.push(r);
+            }
+          }
+        }
+
+        checkLimit('maxShareRecipients', recipients.length);
+
+        console.log(chalk.blue(`Preparing to share: ${absolutePath}`));
+
+        let type = 'file';
+        try {
+          const stat = fs.statSync(absolutePath);
+          if (stat.isDirectory()) {
+            const parsed = path.parse(absolutePath);
+            type = parsed.dir === parsed.root || absolutePath === parsed.root ? 'drive' : 'folder';
+          }
+        } catch {
+          // path doesn't exist yet — default to 'file'
+        }
+
+        const recursive = options.recursive !== false;
+        let expiresIn = 0;
+        if (options.expires) {
+          expiresIn = parseDuration(options.expires);
+          if (!expiresIn) {
+            console.log(chalk.red('Invalid --expires format. Use: 1h, 3d, 7d, 30d'));
+            process.exitCode = 1;
+            return;
+          }
+        }
+        const maxDownloads = parseInt(options.maxDownloads) || 0;
+        const password = options.password || null;
+        const category = options.category || null;
+        const description = options.description ? options.description.slice(0, 200) : null;
+        const color = options.color || null;
+        const icon = options.icon || null;
+        const share = addShare(absolutePath, type, options.visibility, { read: true }, recipients, { recursive, expiresIn, maxDownloads, password, category, description, color, icon });
+        if (options.tags) {
+          const { updateShare } = await import('../core/shares.js');
+          updateShare(share.id, { tags: options.tags.split(',').map(t => t.trim()).filter(Boolean) });
+        }
+
+        // Set streamable flag
+        if (options.streamable) {
+          const shares = config.get('shares');
+          const idx = shares.findIndex(s => s.id === share.id);
+          if (idx !== -1) {
+            shares[idx].streamable = true;
+            config.set('shares', shares);
+          }
+          console.log(chalk.magenta('  Media streaming enabled for this share'));
+        }
+
+        // Set network association
+        if (options.withNetwork) {
+          const shares = config.get('shares');
+          const idx = shares.findIndex(s => s.id === share.id);
+          if (idx !== -1) {
+            shares[idx].sharedWithNetworks = [options.withNetwork];
+            config.set('shares', shares);
+          }
+        }
+
+        // Persist group association
+        if (options.withGroup) {
+          const group = getGroup(options.withGroup);
+          if (group) {
+            const shares = config.get('shares');
+            const idx = shares.findIndex(s => s.id === share.id);
+            if (idx !== -1) {
+              shares[idx].sharedWithGroups = [group.id];
+              config.set('shares', shares);
+            }
+          }
+        }
+
+        // Encrypt for private shares that have named recipients
+        if (options.visibility === 'private' && share.recipients.length > 0) {
+          const { generateShareKey, encryptDirectory, getEncryptedShareDir, encryptShareKeyForRecipient } = await import('../crypto/shareEncryption.js');
+          const shareKey = generateShareKey();
+          const encDir = getEncryptedShareDir(share.id);
+          console.log(chalk.gray('Encrypting files for private share...'));
+          const encStart = Date.now();
+          const encSpinner = setInterval(() => {
+            const elapsed = ((Date.now() - encStart) / 1000).toFixed(0);
+            process.stdout.write(`\r${chalk.gray(`  Encrypting... ${elapsed}s`)}`);
+          }, 1000);
+          try {
+            encryptDirectory(absolutePath, encDir, shareKey);
+          } finally {
+            clearInterval(encSpinner);
+            process.stdout.write('\r' + ' '.repeat(40) + '\r');
+          }
+
+          // Wrap the shareKey for each recipient
+          const encryptedShareKeys = {};
+          for (const recipient of share.recipients) {
+            const pal = friends.find(f => f.name === recipient.name || f.id === recipient.id || f.handle === recipient.handle);
+            if (pal?.id && pal.id !== 'unknown') {
+              encryptedShareKeys[pal.id] = encryptShareKeyForRecipient(shareKey, pal.id);
+            }
+          }
+
+          // Store share key securely in credential store
+          await storeShareKey(share.id, shareKey.toString('hex'));
+
+          // Persist encryption metadata onto the stored share (without shareKeyHex)
+          const shares = config.get('shares');
+          const idx = shares.findIndex(s => s.id === share.id);
+          if (idx !== -1) {
+            shares[idx].encryptedPath = encDir;
+            shares[idx].encryptedShareKeys = encryptedShareKeys;
+            config.set('shares', shares);
+          }
+
+          console.log(chalk.green('Encryption complete.'));
+
+          // Warn about disk overhead for private shares
+          try {
+            const stat = fs.statSync(absolutePath);
+            if (stat.isDirectory()) {
+              let totalSize = 0;
+              const walk = (dir) => {
+                for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+                  const full = path.join(dir, entry.name);
+                  if (entry.isFile()) totalSize += fs.statSync(full).size;
+                  else if (entry.isDirectory()) walk(full);
+                }
+              };
+              walk(absolutePath);
+              const sizeMB = (totalSize / 1024 / 1024).toFixed(0);
+              if (totalSize > 1024 * 1024 * 1024) {
+                const sizeGB = (totalSize / 1024 / 1024 / 1024).toFixed(1);
+                console.log(chalk.yellow(`  Warning: Private shares create an encrypted copy (~${sizeGB} GB additional disk space).`));
+                console.log(chalk.yellow(`  Total disk usage for this share: ~${(totalSize * 2 / 1024 / 1024 / 1024).toFixed(1)} GB (original + encrypted copy).`));
+              } else if (totalSize > 50 * 1024 * 1024) {
+                console.log(chalk.yellow(`  Note: Private shares create an encrypted copy (~${sizeMB} MB additional disk space).`));
+              }
+            }
+          } catch {}
+        }
+
+        logger.info(`Share added: ${absolutePath}`, { visibility: options.visibility, type, id: share.id });
+        console.log(chalk.green(`✔ Resource added to ${options.visibility} share list!`));
+        if (recipients.length > 0) {
+           console.log(chalk.cyan(`  Shared with: ${recipients.map(r => r.name).join(', ')}`));
+        }
+
+        // Send PAL/1.0 share.offer envelopes to recipients
+        if (options.visibility === 'private' && recipients.length > 0) {
+          try {
+            const { getIdentity } = await import('../core/identity.js');
+            const identity = await getIdentity();
+            if (identity?.privateKey) {
+              const { initiateShare } = await import('../protocol/negotiation.js');
+              const { postTo, getPrimaryServer } = await import('../core/discoveryClient.js');
+              const keyPair = {
+                publicKey: Buffer.from(identity.publicKey, 'hex'),
+                privateKey: Buffer.from(identity.privateKey, 'hex'),
+              };
+              let sent = 0;
+              for (const r of recipients) {
+                const pal = friends.find(f => f.id === r.id);
+                if (pal?.id && pal.id !== 'unknown') {
+                  const result = await initiateShare(keyPair, pal.id, share, options.policy || {});
+                  if (result.ok) {
+                    await postTo(getPrimaryServer(), '/api/v1/messages', {
+                      toHandle: pal.handle || pal.name,
+                      fromHandle: identity.handle || identity.name,
+                      payload: result.envelope,
+                    });
+                    sent++;
+                  }
+                }
+              }
+              if (sent > 0) console.log(chalk.gray(`  PAL/1.0 share offers sent to ${sent} recipient(s)`));
+            }
+          } catch {
+            // Protocol notifications are best-effort
+          }
+        }
+
+        if (share.password) console.log(chalk.yellow('  Password protected'));
+        if (share.expiresAt) console.log(chalk.gray(`  Expires: ${new Date(share.expiresAt).toLocaleString()}`));
+        if (share.maxDownloads) console.log(chalk.gray(`  Max downloads: ${share.maxDownloads}`));
+        console.log(chalk.white('To start seeding, use: pal serve'));
+        console.log(chalk.gray(`ID: ${share.id}`));
+      } catch (err) {
+        logger.error(`Share failed: ${err.message}`, { path: absolutePath });
+        console.error(chalk.red(`Error: ${err.message}`));
+      }
+    });
+}
+
+function parseDuration(str) {
+  const match = str.match(/^(\d+)([dhm])$/);
+  if (!match) return null;
+  const n = parseInt(match[1]);
+  const unit = match[2];
+  if (unit === 'd') return n * 86400000;
+  if (unit === 'h') return n * 3600000;
+  if (unit === 'm') return n * 60000;
+  return null;
+}