ghostterm 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +56 -0
  2. package/README.md +16 -6
  3. package/package.json +1 -1
package/CHANGELOG.md ADDED
@@ -0,0 +1,56 @@
1
+ # Changelog
2
+
3
+ ## 1.1.3 (2026-03-17)
4
+
5
+ ### Features
6
+ - **12345 numpad popup** — quick number selection for CLI surveys/prompts (raw keypress without Enter)
7
+ - **Screen button** — renamed from "Shot" for clarity
8
+ - **Paste button shows filename** — after uploading, displays shortened filename instead of generic "Paste"
9
+ - **Session persistence** — refreshing the page restores your last active terminal session
10
+ - **PM2 support** — can run in background without a terminal window
11
+
12
+ ### Security & Stability
13
+ - **Heartbeat ping/pong** — relay pings every 20s; mobile detects dead connections within 30s and auto-reconnects
14
+ - **Disconnect overlay** — clear full-screen prompt when companion goes offline
15
+ - **Session loading spinner** — visual feedback when switching sessions
16
+ - **Improved toast notifications** — slide-in animation
17
+
18
+ ### Docs
19
+ - Updated README with new features, PM2 instructions, heartbeat details
20
+ - Added CHANGELOG
21
+
22
+ ## 1.1.1 (2026-03-16)
23
+
24
+ ### Security Hardening
25
+ - **Rate limiting** — 50 messages/second per WebSocket connection
26
+ - **IP connection limit** — max 5 concurrent connections per IP
27
+ - **Brute force protection** — pair code entry locked after 3 failed attempts (60s cooldown)
28
+ - **Origin verification** — only ghostterm.pages.dev allowed
29
+ - **Max payload** — 1MB limit per WebSocket message
30
+ - **Timing-safe HMAC** — prevents timing attacks on token verification
31
+ - **Upload validation** — 5MB size limit + extension whitelist
32
+ - **Pair code format validation** — must be exactly 6 digits
33
+ - **WSS enforcement** — prevents MITM downgrade attacks
34
+ - **Exponential backoff** — reconnection delay 1s → 30s max
35
+
36
+ ### Bug Fixes
37
+ - Fixed ghost duplication (stale session list cleared on reconnect)
38
+ - Fixed auto-scroll during thinking output (touch/button scroll disables auto-scroll)
39
+ - Fixed smartScroll jumping to top of terminal
40
+
41
+ ## 1.1.0 (2026-03-15)
42
+
43
+ ### Features
44
+ - Google OAuth auto-pairing (sign in once, auto-reconnects)
45
+ - Long-lived token (30 days, no repeated Google sign-in)
46
+ - 4 simultaneous terminal sessions with ghost cell previews
47
+ - Pixel office mode
48
+ - File upload and screenshot support
49
+ - D-pad controls, quick keys (y/n/Tab/Shift+Tab)
50
+ - Copy mode for terminal text selection
51
+
52
+ ## 1.0.0 (2026-03-14)
53
+
54
+ - Initial release
55
+ - Basic terminal relay via WebSocket
56
+ - Pair code pairing
package/README.md CHANGED
@@ -40,6 +40,13 @@ npx ghostterm
40
40
 
41
41
  First run opens a browser for Google sign-in. After that, it remembers you.
42
42
 
43
+ **Run in background (no terminal window):**
44
+
45
+ ```bash
46
+ pm2 start ghostterm.js --name ghostterm
47
+ pm2 save
48
+ ```
49
+
43
50
  ### 2. On your phone
44
51
 
45
52
  Open **[ghostterm.pages.dev](https://ghostterm.pages.dev)** in any mobile browser. Sign in with the same Google account.
@@ -73,16 +80,18 @@ Open **[ghostterm.pages.dev](https://ghostterm.pages.dev)** in any mobile browse
73
80
  ### Controls
74
81
 
75
82
  - **Quick keys** — one-tap `y`/`n` for Claude Code approvals
76
- - **D-pad** — arrow keys, Enter, Tab, Shift+Tab
83
+ - **12345 numpad** — tap to pop up number selection for CLI surveys/prompts (raw keypress, no Enter)
84
+ - **D-pad** — arrow keys, Enter, Tab, Shift+Tab, Space
77
85
  - **`claude` button** — quick-launch menu: new session, resume, continue, dangerous mode
78
- - **Ctrl+C** — interrupt running processes
86
+ - **Ctrl+C (Stop)** — interrupt running processes
79
87
  - **Text input** — full keyboard input with Send button
80
88
  - **Copy mode** — select and copy terminal text
81
89
 
82
90
  ### File Transfer
83
91
 
84
- - **Screenshot** — capture your phone screen and send it to your PC terminal
92
+ - **Screen** — capture your terminal screen and send it to your PC as a file
85
93
  - **File upload** — upload files directly from your phone to your desktop
94
+ - **Paste button** — after uploading, shows shortened filename; tap to paste the file path into the terminal
86
95
 
87
96
  ### Visual
88
97
 
@@ -95,7 +104,9 @@ Open **[ghostterm.pages.dev](https://ghostterm.pages.dev)** in any mobile browse
95
104
  - **Google auto-pairing** — sign in once, auto-reconnects forever
96
105
  - **Encrypted relay** — all traffic over WSS (WebSocket Secure)
97
106
  - **Zero data stored** — the relay only forwards messages
98
- - **Auto-reconnect** — handles network drops gracefully
107
+ - **Heartbeat** — relay pings every 20s; dead connections detected and auto-reconnected within 30s
108
+ - **Auto-reconnect** — exponential backoff (1s → 30s max), handles network drops gracefully
109
+ - **Session persistence** — refreshing the page restores your last active terminal session
99
110
 
100
111
  ---
101
112
 
@@ -175,8 +186,7 @@ GHOSTTERM_RELAY=wss://your-relay.example.com npx ghostterm
175
186
 
176
187
  ## Pricing
177
188
 
178
- - **Free**: 1 hour/day, all features included
179
- - **Pro**: $5/month or $12/quarter — unlimited access
189
+ GhostTerm is currently **free** during early access. Pro plans coming soon.
180
190
 
181
191
  ---
182
192
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ghostterm",
3
- "version": "1.1.2",
3
+ "version": "1.1.3",
4
4
  "description": "Mobile terminal for Claude Code — control your PC from your phone",
5
5
  "bin": {
6
6
  "ghostterm": "bin/ghostterm.js"