ghostterm 2.1.0 → 2.1.1

package/README.md

@@ -1,6 +1,17 @@
-# GhostTerm
+# GhostTerm — Control Claude Code from Your Phone
 
-Control your PC terminal from your phone — direct P2P, no relay server.
+> **v2.0: Complete P2P Rewrite** — No more relay servers. Your terminal data never leaves your devices.
+
+GhostTerm lets you control your PC terminal from your phone over a **direct peer-to-peer WebRTC connection**. Built for Claude Code users who need to approve prompts, monitor output, and manage sessions on the go.
+
+## Why GhostTerm?
+
+**Zero Trust Architecture** — Unlike traditional remote terminal tools that route your data through a server, GhostTerm establishes a direct encrypted tunnel between your phone and PC. The signaling server only helps with the initial handshake — it never sees your terminal data.
+
+- **End-to-end encrypted** (WebRTC DTLS) — not even we can read your data
+- **Direct P2P** — sub-millisecond latency, no relay bottleneck
+- **Google Sign-In auto-pair** — same account on phone + PC, connects instantly
+- **No API keys, no SSH, no Tailscale** — just `npx ghostterm` and go
 
 ## Quick Start
 
@@ -8,34 +19,85 @@ Control your PC terminal from your phone — direct P2P, no relay server.
 npx ghostterm
 ```
 
-First time: browser opens for Google sign-in (one-time). After that, it remembers you.
+1. Run the command above on your PC (requires [Node.js 18+](https://nodejs.org))
+2. First time: browser opens for Google sign-in (one-time, remembered after)
+3. Open **[ghostterm.pages.dev](https://ghostterm.pages.dev)** on your phone
+4. Sign in with the same Google account → **auto-connects, no codes needed**
+
+## Features
 
-## How it works
+| Feature | Description |
+|---------|------------|
+| **4 Concurrent Terminals** | Manage multiple Claude Code sessions with ghost cell tabs |
+| **One-Tap y/n** | Approve or deny Claude Code permission prompts instantly |
+| **Pixel Office** | Animated ghost workspace — see all terminals at a glance |
+| **File Upload** | Send screenshots and files from phone to PC |
+| **Dangerous Mode** | Launch Claude Code with `--dangerously-skip-permissions` |
+| **Auto-Reconnect** | Seamless recovery when connection drops |
+| **PWA Support** | Add to home screen for native app experience |
 
-1. Run `npx ghostterm` on your PC
-2. Open [ghostterm.pages.dev](https://ghostterm.pages.dev) on your phone
-3. Sign in with the same Google account → auto-connects, no codes needed
-4. All terminal data flows directly between devices (WebRTC, end-to-end encrypted)
+## What's New in v2.0
 
-## Features
+GhostTerm v2.0 is a **ground-up rewrite** replacing the relay architecture with peer-to-peer WebRTC:
+
+- **Before (v1):** Phone → Relay Server → PC (server sees all terminal data)
+- **After (v2):** Phone ↔ PC directly (server only helps with pairing)
+
+This means:
+- Your terminal data is **never stored or transmitted through any server**
+- Latency drops from ~100ms (relay round-trip) to **<5ms** (direct P2P)
+- Server costs are near-zero (signaling only, no data relay)
+- Works even if the signaling server goes down (existing connections persist)
+
+## Security Model
 
-- **Direct P2P** — no relay server, zero latency
-- **End-to-end encrypted** — DTLS encryption, server never sees your data
-- **Google auto-pair** — same account on both sides, no codes needed
-- **4 terminals** — manage multiple sessions with ghost cells
-- **Pixel office** — animated ghost workspace with your terminals
-- **One-tap y/n** — approve Claude Code prompts instantly
-- **File upload** — send files from phone to PC
+```
+Phone ──── WebRTC DataChannel (DTLS 1.3 encrypted) ────── PC
+                        │
+                  (pairing only)
+                        │
+               Signaling Server
+          (exchanges SDP/ICE, never sees terminal data)
+```
+
+- **DTLS encryption**: All terminal data encrypted end-to-end
+- **No data at rest**: Signaling server stores nothing
+- **One-time pair codes**: 6-digit codes expire in 5 minutes
+- **Brute force protection**: 3 wrong codes = 60s lockout
+- **Google OAuth**: Verified identity for auto-pairing
+
+## How It Works
+
+1. Your PC connects to a lightweight signaling server and registers with your Google account
+2. Your phone opens the web app and signs in with the same Google account
+3. The signaling server matches the accounts and facilitates a WebRTC handshake
+4. A direct peer-to-peer connection is established between your phone and PC
+5. All terminal I/O flows directly over the encrypted P2P channel
+6. The signaling server is no longer involved
 
 ## Options
 
 ```
--s, --signal <url>   Signaling server URL
---site <url>         Mobile site URL
--h, --help           Show help
+npx ghostterm [options]
+
+  -s, --signal <url>   Custom signaling server URL
+  --site <url>         Custom mobile site URL
+  -h, --help           Show help
 ```
 
 ## Requirements
 
-- Node.js >= 18
-- Windows, macOS, or Linux
+- **Node.js 18+** (for the PC companion)
+- **Modern browser** (for the phone — Safari, Chrome, Firefox)
+- **Google account** (for auto-pairing; or use 6-digit code without login)
+
+## Privacy
+
+- No analytics or tracking on the terminal data path
+- Google Sign-In is used solely for pairing — we don't access your Google data
+- The signaling server is open-source and can be self-hosted
+- All WebRTC connections use DTLS encryption by default
+
+## License
+
+MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ghostterm",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "Control your PC terminal from your phone — direct P2P, no server in between",
   "bin": {
     "ghostterm": "bin/ghostterm-p2p.js"