vibelet 1.2.92 → 1.2.96

package/dist/runtime-version.cjs

@@ -1,2 +1,2 @@
-var c=require("node:fs"),n=require("node:path"),p="@vibelet/cli";function i(r){try{let e=JSON.parse((0,c.readFileSync)(r,"utf8"));if(e.name===p&&typeof e.version=="string"&&e.version.length>0)return e.version}catch{}return null}function l(){return"1.2.92"}var a=l();process.stdout.write(`${a}
+var c=require("node:fs"),n=require("node:path"),p="@vibelet/cli";function i(r){try{let e=JSON.parse((0,c.readFileSync)(r,"utf8"));if(e.name===p&&typeof e.version=="string"&&e.version.length>0)return e.version}catch{}return null}function l(){return"1.2.96"}var a=l();process.stdout.write(`${a}
 `);

package/dist/vibelet.mjs

@@ -12862,10 +12862,12 @@ async function runManagedNativeTerminal({
 
 /* harmony export */ __nccwpck_require__.d(__webpack_exports__, {
 /* harmony export */   AW: () => (/* binding */ readNpmConfigFlag),
+/* harmony export */   NT: () => (/* binding */ hasLegacyAccessArgs),
 /* harmony export */   PC: () => (/* binding */ consumeFlag),
-/* harmony export */   nE: () => (/* binding */ parseNamedArg)
+/* harmony export */   nE: () => (/* binding */ parseNamedArg),
+/* harmony export */   tY: () => (/* binding */ parseAccessTargetArg)
 /* harmony export */ });
-/* unused harmony export readNpmConfigArg */
+/* unused harmony exports readNpmConfigArg, parseAccessValue */
 function consumeFlag(argv, name) {
   const idx = argv.indexOf(`--${name}`);
   if (idx === -1) return false;
@@ -12883,6 +12885,14 @@ function readNpmConfigArg(name, env = process.env) {
   return typeof value === 'string' ? value : null;
 }
 
+function hasArg(argv, name) {
+  return argv.includes(`--${name}`) || argv.some((arg) => arg.startsWith(`--${name}=`));
+}
+
+function hasNpmConfigArg(name, env = process.env) {
+  return typeof env[`npm_config_${name.replace(/-/g, '_')}`] === 'string';
+}
+
 function parseNamedArg(argv, name, errorHint, fail, env = process.env) {
   const inlinePrefix = `--${name}=`;
   const inlineArg = argv.find((arg) => arg.startsWith(inlinePrefix));
@@ -12905,6 +12915,120 @@ function parseNamedArg(argv, name, errorHint, fail, env = process.env) {
   return readNpmConfigArg(name, env);
 }
 
+function hasLegacyAccessArgs(argv, env = process.env) {
+  return (
+    hasArg(argv, 'local') ||
+    hasArg(argv, 'remote') ||
+    hasArg(argv, 'tunnel') ||
+    hasArg(argv, 'relay') ||
+    hasArg(argv, 'host') ||
+    hasArg(argv, 'fallback-hosts') ||
+    readNpmConfigFlag('local', env) ||
+    readNpmConfigFlag('remote', env) ||
+    readNpmConfigFlag('tunnel', env) ||
+    hasNpmConfigArg('relay', env) ||
+    hasNpmConfigArg('host', env) ||
+    hasNpmConfigArg('fallback-hosts', env)
+  );
+}
+
+function normalizeAccessHost(host) {
+  return String(host ?? '')
+    .trim()
+    .replace(/\.$/, '')
+    .toLowerCase();
+}
+
+function isIpv4Host(host) {
+  const parts = host.split('.');
+  return parts.length === 4 && parts.every((part) => /^\d+$/.test(part) && Number(part) >= 0 && Number(part) <= 255);
+}
+
+function isTrustedCleartextAccessHost(host) {
+  const normalized = normalizeAccessHost(host).replace(/^::ffff:/, '');
+  if (
+    normalized === 'localhost' ||
+    normalized === '127.0.0.1' ||
+    normalized === '::1' ||
+    normalized.endsWith('.local') ||
+    normalized.endsWith('.ts.net')
+  ) {
+    return true;
+  }
+  if (isIpv4Host(normalized)) {
+    const [first, second] = normalized.split('.').map(Number);
+    return (
+      first === 10 ||
+      (first === 172 && second >= 16 && second <= 31) ||
+      (first === 192 && second === 168) ||
+      (first === 100 && second >= 64 && second <= 127)
+    );
+  }
+  return Boolean(normalized) && !normalized.includes('.') && !normalized.includes(':');
+}
+
+function parseAccessUrl(rawValue, fail) {
+  let parsed;
+  try {
+    parsed = new URL(rawValue);
+  } catch {
+    fail(`--access must be one of: remote, local, https://..., or host[,fallback]`);
+  }
+  if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
+    fail('--access URL must use http:// or https://');
+  }
+  if (parsed.protocol === 'http:' && !isTrustedCleartextAccessHost(parsed.hostname)) {
+    fail(`Refusing public cleartext access URL ${rawValue}. Use https:// for public relay URLs.`);
+  }
+  return {
+    kind: 'relay',
+    relayUrl: rawValue.replace(/\/$/, ''),
+    source: 'access',
+  };
+}
+
+function parseAccessValue(rawValue, fail) {
+  const value = String(rawValue ?? '').trim();
+  if (value === '') {
+    return { kind: 'clear', source: 'access' };
+  }
+
+  const normalized = value.toLowerCase();
+  if (normalized === 'remote' || normalized === 'quick') {
+    return { kind: 'remote', source: 'access' };
+  }
+  if (normalized === 'local' || normalized === 'none') {
+    return { kind: 'local', source: 'access' };
+  }
+
+  if (/^[a-z][a-z0-9+.-]*:\/\//i.test(value)) {
+    return parseAccessUrl(value, fail);
+  }
+
+  const hosts = value
+    .split(',')
+    .map((entry) => normalizeAccessHost(entry))
+    .filter(Boolean);
+  if (hosts.length === 0) {
+    fail(`--access must include a target host or URL`);
+  }
+  const unsafeHost = hosts.find((host) => !isTrustedCleartextAccessHost(host));
+  if (unsafeHost) {
+    fail(`Refusing public cleartext access host ${unsafeHost}. Use https:// for public relay URLs.`);
+  }
+  return {
+    kind: 'direct',
+    canonicalHost: hosts[0],
+    fallbackHosts: hosts.slice(1),
+    source: 'access',
+  };
+}
+
+function parseAccessTargetArg(argv, fail, env = process.env) {
+  const rawValue = parseNamedArg(argv, 'access', 'remote|local|https://...|host[,fallback]', fail, env);
+  return rawValue === null ? null : parseAccessValue(rawValue, fail);
+}
+
 
 /***/ }),
 
@@ -12977,13 +13101,14 @@ function describeLaunchctlResult(result) {
 /***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __nccwpck_require__) => {
 
 /* harmony export */ __nccwpck_require__.d(__webpack_exports__, {
+/* harmony export */   Gv: () => (/* binding */ buildWebUiUrl),
 /* harmony export */   N7: () => (/* binding */ buildPairingDeepLink),
 /* harmony export */   No: () => (/* binding */ normalizePairingConnections),
 /* harmony export */   YP: () => (/* binding */ createCompactPairingPayload),
 /* harmony export */   dE: () => (/* binding */ findUnsafeCleartextHosts),
 /* harmony export */   uR: () => (/* binding */ formatConnectionSummary)
 /* harmony export */ });
-/* unused harmony exports normalizeHostValue, isIpv4Host, isTailscaleHost, isSharedIpv4Host, isLocalNetworkHost, isLoopbackHost, isPlainLocalHostname, isTrustedCleartextHost, parseCommaSeparatedHosts, isQuickTunnelHost, buildLegacyConnection, formatConnectionSourceLabel */
+/* unused harmony exports normalizeHostValue, isIpv4Host, isTailscaleHost, isSharedIpv4Host, isLocalNetworkHost, isLoopbackHost, isPlainLocalHostname, isTrustedCleartextHost, parseCommaSeparatedHosts, isQuickTunnelHost, buildLegacyConnection, formatConnectionSourceLabel, buildConnectionHttpUrl, encodePairingPayloadForUrlFragment */
 function normalizeHostValue(host) {
   if (typeof host !== 'string') {
     return '';
@@ -13017,16 +13142,11 @@ function isLocalNetworkHost(host) {
     return false;
   }
   const [first, second] = host.split('.').map(Number);
-  return first === 10
-    || (first === 172 && second >= 16 && second <= 31)
-    || (first === 192 && second === 168);
+  return first === 10 || (first === 172 && second >= 16 && second <= 31) || (first === 192 && second === 168);
 }
 
 function isLoopbackHost(host) {
-  return host === 'localhost'
-    || host === '127.0.0.1'
-    || host === '::1'
-    || host === '::ffff:127.0.0.1';
+  return host === 'localhost' || host === '127.0.0.1' || host === '::1' || host === '::ffff:127.0.0.1';
 }
 
 function isPlainLocalHostname(host) {
@@ -13035,24 +13155,28 @@ function isPlainLocalHostname(host) {
 
 function isTrustedCleartextHost(host) {
   const normalized = normalizeHostValue(host.replace(/^https?:\/\//, '').replace(/\/.*$/, ''));
-  return isLoopbackHost(normalized)
-    || isLocalNetworkHost(normalized)
-    || isTailscaleHost(normalized)
-    || isSharedIpv4Host(normalized)
-    || isPlainLocalHostname(normalized);
+  return (
+    isLoopbackHost(normalized) ||
+    isLocalNetworkHost(normalized) ||
+    isTailscaleHost(normalized) ||
+    isSharedIpv4Host(normalized) ||
+    isPlainLocalHostname(normalized)
+  );
 }
 
 function parseCommaSeparatedHosts(rawValue) {
   return typeof rawValue === 'string'
-    ? rawValue.split(',').map((entry) => normalizeHostValue(entry)).filter(Boolean)
+    ? rawValue
+        .split(',')
+        .map((entry) => normalizeHostValue(entry))
+        .filter(Boolean)
     : [];
 }
 
 function findUnsafeCleartextHosts({ hostArg, fallbackHostsArg }) {
-  return [
-    ...(hostArg ? [normalizeHostValue(hostArg)] : []),
-    ...parseCommaSeparatedHosts(fallbackHostsArg),
-  ].filter((host) => host && !isTrustedCleartextHost(host));
+  return [...(hostArg ? [normalizeHostValue(hostArg)] : []), ...parseCommaSeparatedHosts(fallbackHostsArg)].filter(
+    (host) => host && !isTrustedCleartextHost(host),
+  );
 }
 
 function isQuickTunnelHost(host) {
@@ -13099,22 +13223,23 @@ function buildLegacyConnection(host, port, isPrimary) {
 function normalizePairingConnections(pairingPayload) {
   const explicitConnections = Array.isArray(pairingPayload.connections)
     ? pairingPayload.connections
-      .filter((target) => (
-        target
-        && typeof target.host === 'string'
-        && Number.isFinite(target.port)
-        && typeof target.source === 'string'
-        && typeof target.stability === 'string'
-      ))
-      .map((target) => ({
-        kind: target.kind === 'relay' ? 'relay' : 'direct',
-        host: normalizeHostValue(target.host),
-        port: Math.floor(Number(target.port)),
-        ...(target.secure === true ? { secure: true } : {}),
-        source: target.source,
-        stability: target.stability,
-      }))
-      .filter((target) => target.host && target.port > 0)
+        .filter(
+          (target) =>
+            target &&
+            typeof target.host === 'string' &&
+            Number.isFinite(target.port) &&
+            typeof target.source === 'string' &&
+            typeof target.stability === 'string',
+        )
+        .map((target) => ({
+          kind: target.kind === 'relay' ? 'relay' : 'direct',
+          host: normalizeHostValue(target.host),
+          port: Math.floor(Number(target.port)),
+          ...(target.secure === true ? { secure: true } : {}),
+          source: target.source,
+          stability: target.stability,
+        }))
+        .filter((target) => target.host && target.port > 0)
     : [];
 
   const dedupe = (targets) => {
@@ -13134,13 +13259,12 @@ function normalizePairingConnections(pairingPayload) {
   }
 
   const canonicalHost = normalizeHostValue(pairingPayload.canonicalHost) || 'localhost';
-  const port = Number.isFinite(pairingPayload.port) && pairingPayload.port > 0
-    ? Math.floor(Number(pairingPayload.port))
-    : 9876;
+  const port =
+    Number.isFinite(pairingPayload.port) && pairingPayload.port > 0 ? Math.floor(Number(pairingPayload.port)) : 9876;
   const fallbackHosts = Array.isArray(pairingPayload.fallbackHosts)
     ? pairingPayload.fallbackHosts
-      .map((host) => normalizeHostValue(host))
-      .filter((host) => host && host !== canonicalHost)
+        .map((host) => normalizeHostValue(host))
+        .filter((host) => host && host !== canonicalHost)
     : [];
 
   return dedupe([
@@ -13201,6 +13325,26 @@ function buildPairingDeepLink(pairingPayloadText) {
   return `vibelet://pair?data=${encodeURIComponent(pairingPayloadText)}`;
 }
 
+function formatUrlHost(host) {
+  return host.includes(':') && !host.startsWith('[') ? `[${host}]` : host;
+}
+
+function buildConnectionHttpUrl(target) {
+  const secure = target.secure === true || Number(target.port) === 443;
+  const scheme = secure ? 'https' : 'http';
+  const port = Number(target.port);
+  const portSuffix = (secure && port === 443) || (!secure && port === 80) ? '' : `:${port}`;
+  return `${scheme}://${formatUrlHost(target.host)}${portSuffix}`;
+}
+
+function encodePairingPayloadForUrlFragment(pairingPayload) {
+  return Buffer.from(JSON.stringify(pairingPayload), 'utf8').toString('base64url');
+}
+
+function buildWebUiUrl(target, pairingPayload) {
+  return `${buildConnectionHttpUrl(target)}/web#pair=${encodePairingPayloadForUrlFragment(pairingPayload)}`;
+}
+
 
 /***/ }),
 
@@ -14231,7 +14375,7 @@ async function ensureDaemonForTerminalControl(backend) {
         ? 'terminal-control token is missing'
         : 'the running daemon does not advertise terminal-control support';
       process.stderr.write(
-        `Vibelet daemon is running without terminal-control support (${reason}); running native TUI without App takeover because active sessions are present. Stop active App sessions and run \`vibelet restart --local\` to enable takeover.\n`,
+        `Vibelet daemon is running without terminal-control support (${reason}); running native TUI without App takeover because active sessions are present. Stop active App sessions and run \`vibelet restart --access=local\` to enable takeover.\n`,
       );
       return healthyDaemon;
     }
@@ -14251,7 +14395,7 @@ function validateExplicitCleartextHosts({ hostArg, fallbackHostsArg }) {
     return;
   }
   fail(
-    `Refusing public cleartext host ${unsafeHosts[0]}. Use --relay=https://..., a Tailscale host, or a LAN/local address.`,
+    `Refusing public cleartext host ${unsafeHosts[0]}. Use --access=https://..., a Tailscale host, or a LAN/local address.`,
   );
 }
 
@@ -14300,6 +14444,11 @@ async function printPairingSummary(existingHealth = null) {
       process.stdout.write(`  - ${(0,_vibelet_pairing_connections_mjs__WEBPACK_IMPORTED_MODULE_12__/* .formatConnectionSummary */ .uR)(target)}\n`);
     });
   }
+  if (preferredConnection) {
+    process.stdout.write(
+      `Web UI: ${(0,_vibelet_pairing_connections_mjs__WEBPACK_IMPORTED_MODULE_12__/* .buildWebUiUrl */ .Gv)(preferredConnection, (0,_vibelet_pairing_connections_mjs__WEBPACK_IMPORTED_MODULE_12__/* .createCompactPairingPayload */ .YP)(pairingPayload))}\n`,
+    );
+  }
   process.stdout.write(`Paired devices: ${health.pairedDevices}\n`);
   await printPairingQr(pairingPayload);
 }
@@ -14315,15 +14464,13 @@ function printHelp() {
   );
   process.stdout.write(`  npx ${packageJson.name} start     Same as above\n`);
   process.stdout.write(
-    `  npx ${packageJson.name} --local   Use LAN/local pairing only; skip Cloudflare and Tailscale\n`,
+    `  npx ${packageJson.name} --access=local   Use LAN/local pairing only; skip Cloudflare and Tailscale\n`,
   );
-  process.stdout.write(`  npx ${packageJson.name} --force  Force a new Cloudflare Tunnel URL\n`);
-  process.stdout.write(`  npx ${packageJson.name} --relay <url>  Use a custom tunnel URL for remote access\n`);
-  process.stdout.write(`  npx ${packageJson.name} --host <ip>   Set the primary LAN/Tailscale host/IP address\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=remote --force  Force a new Cloudflare Tunnel URL\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=https://<url>  Use a custom tunnel URL for remote access\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=<host>  Set the primary LAN/Tailscale host/IP address\n`);
   process.stdout.write(`  npx ${packageJson.name} --port <port>  Start or query the daemon on a custom port\n`);
-  process.stdout.write(
-    `  npx ${packageJson.name} --fallback-hosts <ips>  Comma-separated LAN/Tailscale fallback IPs\n`,
-  );
+  process.stdout.write(`  npx ${packageJson.name} --access=<host>,<fallbacks>  Set fallback LAN/Tailscale hosts\n`);
   process.stdout.write(`  npx ${packageJson.name} stop      Stop the daemon\n`);
   process.stdout.write(`  npx ${packageJson.name} restart   Restart the daemon\n`);
   process.stdout.write(`  npx ${packageJson.name} status    Show service and daemon status\n`);
@@ -14341,15 +14488,16 @@ function printHelp() {
   process.stdout.write(`  # Remote access is on by default for start/reset/restart\n`);
   process.stdout.write(`  npx ${packageJson.name}\n\n`);
   process.stdout.write(`  # Want LAN/local-only pairing for this run?\n`);
-  process.stdout.write(`  npx ${packageJson.name} --local\n\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=local\n\n`);
   process.stdout.write(`  # Need a fresh Cloudflare Tunnel URL?\n`);
-  process.stdout.write(`  npx ${packageJson.name} --force\n\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=remote --force\n\n`);
   process.stdout.write(`  # Or bring your own tunnel and pass the URL manually:\n`);
   process.stdout.write(`  npx cloudflared tunnel --protocol http2 --url http://localhost:${port}\n`);
   process.stdout.write(`  ngrok http ${port}\n`);
-  process.stdout.write(`  npx ${packageJson.name} --relay=https://<your-tunnel-url>\n\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=https://<your-tunnel-url>\n\n`);
   process.stdout.write(`  # Tailscale (P2P VPN, no tunnel needed)\n`);
-  process.stdout.write(`  npx ${packageJson.name} --host=<tailscale-ip>\n`);
+  process.stdout.write(`  npx ${packageJson.name} --access=<tailscale-ip>\n\n`);
+  process.stdout.write(`Legacy aliases still work: --local, --relay, --host, --fallback-hosts, --remote, --tunnel.\n`);
 }
 
 function parseNamedArg(name, errorHint) {
@@ -14370,6 +14518,31 @@ function parsePortArg() {
   return parsed;
 }
 
+function parseCommandArg(argv) {
+  const namedArgsWithValues = new Set(['--access', '--relay', '--host', '--fallback-hosts', '--port']);
+  for (let i = 2; i < argv.length; i += 1) {
+    const arg = argv[i];
+    if (namedArgsWithValues.has(arg)) {
+      i += 1;
+      continue;
+    }
+    if (
+      arg.startsWith('--access=') ||
+      arg.startsWith('--relay=') ||
+      arg.startsWith('--host=') ||
+      arg.startsWith('--fallback-hosts=') ||
+      arg.startsWith('--port=')
+    ) {
+      continue;
+    }
+    if (arg === '--local' || arg === '--remote' || arg === '--tunnel' || arg === '--force') {
+      continue;
+    }
+    return arg;
+  }
+  return 'default';
+}
+
 function loadRelayConfig() {
   try {
     const data = JSON.parse((0,node_fs__WEBPACK_IMPORTED_MODULE_1__.readFileSync)(relayConfigPath, 'utf8'));
@@ -14405,7 +14578,7 @@ async function main() {
     process.env.VIBE_PORT = String(portArg);
   }
 
-  let command = process.argv[2] ?? 'default';
+  let command = parseCommandArg(process.argv);
 
   if (command === '--help' || command === '-h' || command === 'help') {
     printHelp();
@@ -14429,18 +14602,48 @@ async function main() {
     return;
   }
 
-  (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'remote') ||
-    (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'tunnel') ||
-    (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('remote') ||
-    (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('tunnel');
+  const accessTarget = (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .parseAccessTargetArg */ .tY)(process.argv, fail);
+  if (accessTarget && (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .hasLegacyAccessArgs */ .NT)(process.argv, process.env)) {
+    fail(
+      'Do not combine --access with legacy access flags.',
+      'Use one form, for example `--access=local`, `--access=remote`, `--access=https://...`, or `--access=<host>`.',
+    );
+  }
+  if (!accessTarget) {
+    (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'remote') ||
+      (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'tunnel') ||
+      (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('remote') ||
+      (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('tunnel');
+  }
   const localFlag =
-    (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'local') || (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('local') || isTruthyEnvFlag(process.env.VIBELET_LOCAL_ONLY);
+    accessTarget?.kind === 'local' ||
+    (!accessTarget &&
+      ((0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'local') ||
+        (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('local') ||
+        isTruthyEnvFlag(process.env.VIBELET_LOCAL_ONLY)));
   const forceFlag = (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .consumeFlag */ .PC)(process.argv, 'force') || (0,_vibelet_cli_args_mjs__WEBPACK_IMPORTED_MODULE_13__/* .readNpmConfigFlag */ .AW)('force');
-  const relayArg = parseRelayArg();
-  const hostArg = parseNamedArg('host', '100.x.x.x');
-  const fallbackHostsArg = parseNamedArg('fallback-hosts', '100.x.x.x,192.168.1.x');
+  const relayArg =
+    accessTarget?.kind === 'relay'
+      ? accessTarget.relayUrl
+      : accessTarget?.kind === 'clear'
+        ? ''
+        : accessTarget
+          ? null
+          : parseRelayArg();
+  const hostArg =
+    accessTarget?.kind === 'direct'
+      ? accessTarget.canonicalHost
+      : accessTarget
+        ? null
+        : parseNamedArg('host', '100.x.x.x');
+  const fallbackHostsArg =
+    accessTarget?.kind === 'direct'
+      ? accessTarget.fallbackHosts.join(',')
+      : accessTarget
+        ? null
+        : parseNamedArg('fallback-hosts', '100.x.x.x,192.168.1.x');
   let managedTunnelFailed = false;
-  command = process.argv[2] ?? 'default';
+  command = parseCommandArg(process.argv);
   const startCommand = isDaemonStartCommand(command);
   // --remote/--tunnel remain accepted for compatibility, but startup commands
   // now default to managed remote access unless another connection target wins.
@@ -14471,13 +14674,13 @@ async function main() {
         const message = err instanceof Error ? err.message : String(err);
         process.stderr.write(`${message}\n`);
         process.stderr.write(
-          'Continuing with LAN/local pairing. Use `npx vibelet --force` after fixing Cloudflare Tunnel, or pass `--relay=<url>` for a custom tunnel.\n',
+          'Continuing with LAN/local pairing. Use `npx vibelet --access=remote --force` after fixing Cloudflare Tunnel, or pass `--access=https://<url>` for a custom tunnel.\n',
         );
       }
     }
   }
 
-  // --relay "" clears saved relay; --relay <url> saves it; omitted uses saved value
+  // --access= clears saved relay; --access=https://... saves it; omitted uses saved value.
   if (relayArg !== null) {
     if (relayArg) {
       saveRelayConfig(relayArg);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vibelet",
-  "version": "1.2.92",
+  "version": "1.2.96",
   "description": "Cross-platform CLI for installing and running the Vibelet daemon",
   "homepage": "https://vibelet.icu",
   "files": [