derphole 0.15.1 → 0.15.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +27 -4
  2. package/package.json +1 -1
  3. package/vendor/aarch64-apple-darwin/derphole/derphole +0 -0
  4. package/vendor/aarch64-unknown-linux-musl/derphole/derphole +0 -0
  5. package/vendor/x86_64-apple-darwin/derphole/derphole +0 -0
  6. package/vendor/x86_64-unknown-linux-musl/derphole/derphole +0 -0
package/README.md CHANGED
@@ -4,6 +4,8 @@
4
4
 
5
5
  [`derptun`](#long-lived-tcp-tunnels) is its companion for long-lived TCP tunnels. Use it when a tunnel needs stable tokens, restartable endpoints, and repeated client reconnects.
6
6
 
7
+ [`derpssh`](#share-a-terminal) is its companion for interactive terminal sharing. Use it when two people need one shared PTY with host approval and no open ports.
8
+
7
9
  `derphole` supports:
8
10
 
9
11
  - raw byte streams with `listen` and `pipe`
@@ -30,6 +32,7 @@ Session tokens carry authorization. Public sessions fetch the DERP map at runtim
30
32
  - Use `send` and `receive` for text, files, directories, progress, and receive-code UX.
31
33
  - Use `share` and `open` for temporary access to a local TCP service.
32
34
  - Use `ssh invite` and `ssh accept` for SSH public key exchange.
35
+ - Use [`derpssh`](#share-a-terminal) for approved terminal sharing.
33
36
  - Use [`derptun`](#long-lived-tcp-tunnels) for long-lived TCP tunnels with reusable tokens.
34
37
 
35
38
  ## Quick Start
@@ -124,6 +127,22 @@ Bind `open` to a specific local port:
124
127
  npx -y derphole@latest open <token> 127.0.0.1:8080
125
128
  ```
126
129
 
130
+ ### Share a Terminal
131
+
132
+ Host:
133
+
134
+ ```bash
135
+ npx -y derpssh@latest share
136
+ ```
137
+
138
+ `share` prints a connect command. Send it to the guest:
139
+
140
+ ```bash
141
+ npx -y derpssh@latest connect <invite>
142
+ ```
143
+
144
+ The host approves the guest as read-only or read/write. The session uses the derptun transport path, so neither side needs an inbound port.
145
+
127
146
  ### Long-Lived TCP Tunnels
128
147
 
129
148
  `derptun` is the long-lived TCP tunnel companion to `derphole`. It uses stable tokens, survives restarts on either side, and lets one client reconnect many times without opening ports on `vps-server`. It fits SSH well.
@@ -171,6 +190,7 @@ Use the development channel for the latest commit from `main`:
171
190
  ```bash
172
191
  npx -y derphole@dev version
173
192
  npx -y derptun@dev version
193
+ npx -y derpssh@dev version
174
194
  ```
175
195
 
176
196
  Default output stays quiet: tokens, bind addresses, receive commands, and progress only. Use `--hide-progress` to suppress progress, or `--verbose` to see transitions like `connected-relay` and `connected-direct`:
@@ -205,6 +225,7 @@ The data plane is selected per session:
205
225
 
206
226
  - `share/open` uses multiplexed QUIC streams over `derphole`'s relay/direct UDP transport. One claimed session can carry many TCP connections to the shared service.
207
227
  - `derptun` uses a stable tunnel token and the same transport for reconnectable TCP streams. It is built for longer-lived access, such as SSH to a host behind NAT.
228
+ - `derpssh` uses the derptun app mux for approved terminal streams and side-channel control.
208
229
  - `listen/pipe` uses a one-shot byte stream. It coordinates through DERP, promotes to rate-adaptive direct UDP when traversal succeeds, and stays on encrypted relay fallback when direct paths fail.
209
230
  - `send/receive` wraps the same one-shot stream with text, file, directory, and progress metadata.
210
231
 
@@ -253,6 +274,7 @@ Payload bytes are always end-to-end encrypted between token holders. Session and
253
274
  - Relay-prefix startup frames leave frame kind and byte offsets visible for flow control, but encrypt user payload bytes.
254
275
  - On `share/open`, stream traffic uses authenticated QUIC streams for the claimed session.
255
276
  - On `derptun`, stream traffic uses authenticated QUIC streams pinned to the stable tunnel identity in the token.
277
+ - On `derpssh`, terminal streams use authenticated QUIC streams pinned to the invite identity.
256
278
 
257
279
  Simple rule: token possession authorizes the session. Relays move packets; they do not hold decrypt keys for user payloads.
258
280
 
@@ -276,7 +298,7 @@ mise run check
276
298
  mise run build
277
299
  ```
278
300
 
279
- `mise run build` writes `dist/derphole` and `dist/derptun`.
301
+ `mise run build` writes `dist/derphole`, `dist/derptun`, and `dist/derpssh`.
280
302
 
281
303
  ## Verification
282
304
 
@@ -292,14 +314,15 @@ Remote smoke tests against a host you control:
292
314
  REMOTE_HOST=my-server.example.com mise run smoke-remote
293
315
  REMOTE_HOST=my-server.example.com mise run smoke-remote-share
294
316
  REMOTE_HOST=my-server.example.com mise run smoke-remote-derptun
317
+ REMOTE_HOST=my-server.example.com mise run smoke-remote-derpssh
295
318
  REMOTE_HOST=my-server.example.com mise run promotion-1g
296
319
  ```
297
320
 
298
321
  ## Releases
299
322
 
300
- - npm packages: `derphole`, `derptun`
301
- - production channels: `derphole@latest`, `derptun@latest`
302
- - development channels: `derphole@dev`, `derptun@dev`
323
+ - npm packages: `derphole`, `derptun`, `derpssh`
324
+ - production channels: `derphole@latest`, `derptun@latest`, `derpssh@latest`
325
+ - development channels: `derphole@dev`, `derptun@dev`, `derpssh@dev`
303
326
 
304
327
  ## What Is DERP?
305
328
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "derphole",
3
- "version": "0.15.1",
3
+ "version": "0.15.2",
4
4
  "license": "BSD-3-Clause",
5
5
  "bin": {
6
6
  "derphole": "bin/derphole.js"