termbeam 0.1.0 → 1.0.0

package/README.md

@@ -13,7 +13,7 @@ I built this because I kept needing to run quick commands on my dev machine whil
 
 [Full documentation](https://dorlugasigal.github.io/TermBeam/)
 
-https://github.com/user-attachments/assets/c91ca15d-0c84-400f-bbfa-3d58d1be07ee
+https://github.com/user-attachments/assets/9dd4f3d7-f017-4314-9b3a-f6a5688e3671
 
 ## Quick Start
 
@@ -30,18 +30,22 @@ termbeam
 
 Scan the QR code printed in your terminal, or open the URL on any device.
 
-### Password protection (recommended)
+### Secure by default
 
-```bash
-termbeam --generate-password
+TermBeam starts with a tunnel and auto-generated password out of the box — just run `termbeam` and scan the QR code.
 
-# or set your own
-termbeam --password mysecret
+```bash
+termbeam                        # tunnel + auto-password (default)
+termbeam --password mysecret    # use a specific password
+termbeam --no-tunnel            # LAN-only (no tunnel)
+termbeam --no-password          # disable password protection
 ```
 
 ## Features
 
 - **Mobile-first UI** with on-screen touch bar (arrow keys, Tab, Enter, Ctrl shortcuts, Esc) and touch-optimized controls
+- **Copy/paste support** — Copy button opens text overlay for finger-selectable terminal content; Paste button with clipboard API + fallback modal
+- **Image paste** — paste images from clipboard, uploaded to server
 - **Tabbed multi-session terminal** — open, switch, and manage multiple sessions from a single tab bar with drag-to-reorder
 - **Split view** — view two sessions side-by-side (horizontal on desktop, vertical on mobile)
 - **Session colors** — assign a color to each session for quick identification
@@ -65,11 +69,14 @@ termbeam --password mysecret
 ## Remote Access
 
 ```bash
-# One-off tunnel (deleted on shutdown)
-termbeam --tunnel --generate-password
+# Tunnel is on by default
+termbeam
 
 # Persisted tunnel (stable URL you can bookmark, reused across restarts, 30-day expiry)
-termbeam --persisted-tunnel --generate-password
+termbeam --persisted-tunnel
+
+# LAN-only (no tunnel)
+termbeam --no-tunnel
 ```
 
 Requires the [Dev Tunnels CLI](https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/get-started):
@@ -88,20 +95,23 @@ termbeam --port 8080              # custom port (default: 3456)
 termbeam --host 127.0.0.1        # restrict to localhost (default: 0.0.0.0)
 ```
 
-| Flag                  | Description                              | Default     |
-| --------------------- | ---------------------------------------- | ----------- |
-| `--password <pw>`     | Set access password (also accepts `--password=<pw>`) | None |
-| `--generate-password` | Auto-generate a secure password          | —           |
-| `--tunnel`            | Create an ephemeral devtunnel URL        | Off         |
-| `--persisted-tunnel`  | Create a reusable devtunnel URL          | Off         |
-| `--port <port>`       | Server port                              | `3456`      |
-| `--host <addr>`       | Bind address                             | `0.0.0.0`   |
+| Flag                  | Description                              | Default          |
+| --------------------- | ---------------------------------------- | ---------------- |
+| `--password <pw>`     | Set access password (also accepts `--password=<pw>`) | Auto-generated |
+| `--no-password`       | Disable password                         | —                |
+| `--generate-password` | Auto-generate a secure password          | On               |
+| `--tunnel`            | Create an ephemeral devtunnel URL        | On               |
+| `--no-tunnel`         | Disable tunnel (LAN-only)                | —                |
+| `--persisted-tunnel`  | Create a reusable devtunnel URL          | Off              |
+| `--port <port>`       | Server port                              | `3456`           |
+| `--host <addr>`       | Bind address                             | `0.0.0.0`        |
+| `--log-level <level>` | Log verbosity (error/warn/info/debug) | `info` |
 
-Environment variables: `PORT`, `TERMBEAM_PASSWORD`, `TERMBEAM_CWD`, `SHELL` (Unix fallback), `COMSPEC` (Windows fallback). See [Configuration docs](https://dorlugasigal.github.io/TermBeam/configuration/).
+Environment variables: `PORT`, `TERMBEAM_PASSWORD`, `TERMBEAM_CWD`, `TERMBEAM_LOG_LEVEL`, `SHELL` (Unix fallback), `COMSPEC` (Windows fallback). See [Configuration docs](https://dorlugasigal.github.io/TermBeam/configuration/).
 
 ## Security
 
-TermBeam binds to all interfaces (`0.0.0.0`) by default, so it's accessible on your local network out of the box. **Always set a password** when running on a shared network, or pass `--host 127.0.0.1` to restrict access to your machine only.
+TermBeam auto-generates a password and creates a tunnel by default, so your terminal is protected out of the box. Be aware that the tunnel exposes your terminal to the internet — use `--no-tunnel` for LAN-only access, or `--host 127.0.0.1` to restrict to your machine only.
 
 Auth uses secure httpOnly cookies with 24-hour expiry, login is rate-limited to 5 attempts per minute, and security headers (X-Frame-Options, X-Content-Type-Options, etc.) are set on all responses. API clients that can't use cookies can authenticate with an `Authorization: Bearer <password>` header. See the [Security Guide](https://dorlugasigal.github.io/TermBeam/security/) for more.
 
@@ -115,4 +125,4 @@ Contributions welcome — see [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## Acknowledgments
 
-Special thanks to [@tamirdresher](https://github.com/tamirdresher) for the [blog post](https://www.tamirdresher.com/blog/2026/02/26/squad-remote-control) that inspired the solution idea for this project, and for his [cli-tunnel](https://github.com/tamirdresher/cli-tunnel) implementation.
+Special thanks to [@tamirdresher](https://github.com/tamirdresher) for the [blog post](https://www.tamirdresher.com/blog/2026/02/26/squad-remote-control) that inspired the solution idea for this project, and for his [cli-tunnel](https://github.com/tamirdresher/cli-tunnel) implementation.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "termbeam",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "description": "Beam your terminal to any device — mobile-optimized web terminal with multi-session support",
   "main": "src/server.js",
   "bin": {
@@ -9,8 +9,8 @@
   "scripts": {
     "start": "node bin/termbeam.js",
     "dev": "node bin/termbeam.js --generate-password",
-    "test": "node --test test/*.test.js",
-    "test:coverage": "c8 --reporter=text --reporter=lcov --reporter=json-summary --reporter=json node --test --test-reporter=spec --test-reporter-destination=stdout test/*.test.js",
+    "test": "node -e \"require('child_process').execFileSync(process.execPath,['--test',...require('fs').readdirSync('test').filter(f=>f.endsWith('.test.js')).map(f=>'test/'+f)],{stdio:'inherit'})\"",
+    "test:coverage": "c8 --exclude=src/tunnel.js --reporter=text --reporter=lcov --reporter=json-summary --reporter=json node -e \"require('child_process').execFileSync(process.execPath,['--test','--test-reporter=spec','--test-reporter-destination=stdout',...require('fs').readdirSync('test').filter(f=>f.endsWith('.test.js')).map(f=>'test/'+f)],{stdio:'inherit'})\"",
     "prepare": "husky",
     "format": "prettier --write .",
     "lint": "node --check src/*.js bin/*.js",
@@ -24,9 +24,18 @@
     "remote-terminal",
     "xterm",
     "websocket",
-    "ssh-alternative"
+    "ssh-alternative",
+    "mobile-terminal",
+    "terminal-sharing",
+    "browser-terminal",
+    "remote-access",
+    "qr-code",
+    "touch-terminal",
+    "terminal-emulator",
+    "devtools",
+    "cli"
   ],
-  "author": "",
+  "author": "Dor Lugasi <dorlugasigal@gmail.com>",
   "license": "MIT",
   "homepage": "https://github.com/dorlugasigal/TermBeam",
   "repository": {

package/public/index.html

@@ -9,9 +9,10 @@
     <meta name="apple-mobile-web-app-capable" content="yes" />
     <meta name="mobile-web-app-capable" content="yes" />
     <meta name="theme-color" content="#1e1e1e" />
+    <meta name="description" content="TermBeam — beam your terminal to any device. Mobile-optimized web terminal with multi-session support, touch controls, and QR code connection. No SSH needed." />
     <link rel="manifest" href="/manifest.json" />
     <link rel="apple-touch-icon" href="/icons/icon-192.png" />
-    <title>TermBeam</title>
+    <title>TermBeam — Beam Your Terminal to Any Device</title>
     <style>
       :root {
         --bg: #1e1e1e;
@@ -647,7 +648,7 @@
         </div>
         <label for="sess-cwd">Working Directory</label>
         <div class="cwd-picker">
-          <input type="text" id="sess-cwd" placeholder="/Users/dorlugasigal" />
+          <input type="text" id="sess-cwd" placeholder="Uses server default" />
           <button type="button" class="cwd-browse-btn" id="browse-btn" title="Browse folders">
             <svg
               width="18"
@@ -838,6 +839,10 @@
         try {
           const res = await fetch('/api/shells');
           const data = await res.json();
+          if (data.cwd) {
+            document.getElementById('sess-cwd').placeholder = data.cwd;
+            hubServerCwd = data.cwd;
+          }
           shellSelect.innerHTML = '';
           for (const s of data.shells) {
             const opt = document.createElement('option');
@@ -952,9 +957,16 @@
       const browserBreadcrumb = document.getElementById('browser-breadcrumb');
       const browserPath = document.getElementById('browser-path');
       let currentBrowsePath = '/';
+      let hubServerCwd = '/';
 
-      document.getElementById('browse-btn').addEventListener('click', () => {
-        const initial = cwdInput.value.trim() || '/';
+      document.getElementById('browse-btn').addEventListener('click', async () => {
+        if (hubServerCwd === '/') {
+          try {
+            const data = await fetch('/api/shells').then(r => r.json());
+            if (data.cwd) hubServerCwd = data.cwd;
+          } catch {}
+        }
+        const initial = cwdInput.value.trim() || hubServerCwd;
         navigateTo(initial);
         browserOverlay.classList.add('visible');
       });
@@ -980,11 +992,17 @@
         try {
           const res = await fetch(`/api/dirs?q=${encodeURIComponent(dir + '/')}`);
           const data = await res.json();
-          if (!data.dirs.length) {
-            browserList.innerHTML = '<div class="browser-empty">No subfolders</div>';
-            return;
+          let items = '';
+          // Add parent (..) entry unless at root
+          const parent = dir.replace(/[/\\][^/\\]+$/, '') || (dir.includes('\\') ? dir.match(/^[A-Za-z]:\\/)?.[0] : '/');
+          if (parent && parent !== dir) {
+            items += `<div class="folder-item" data-path="${esc(parent)}">
+            <span class="folder-icon">📁</span>
+            <span class="folder-name">..</span>
+            <span class="folder-arrow">›</span>
+          </div>`;
           }
-          browserList.innerHTML = data.dirs
+          items += data.dirs
             .map((d) => {
               const name = d.split(/[/\\]/).pop();
               return `<div class="folder-item" data-path="${esc(d)}">
@@ -995,6 +1013,7 @@
             })
             .join('');
 
+          browserList.innerHTML = items || '<div class="browser-empty">No subfolders</div>';
           browserList.querySelectorAll('.folder-item').forEach((el) => {
             el.addEventListener('click', () => navigateTo(el.dataset.path));
           });
@@ -1005,13 +1024,15 @@
       }
 
       function renderBreadcrumb(dir) {
-        const parts = dir.split('/').filter(Boolean);
-        let html = `<button class="crumb" data-path="/">/</button>`;
-        let accumulated = '';
+        const sep = dir.includes('\\') ? '\\' : '/';
+        const parts = dir.split(/[/\\]/).filter(Boolean);
+        const isWindows = /^[A-Za-z]:/.test(dir);
+        let html = isWindows ? '' : `<button class="crumb" data-path="/">/</button>`;
+        let accumulated = isWindows ? '' : '';
         parts.forEach((part, i) => {
-          accumulated += '/' + part;
+          accumulated += (i === 0 && isWindows ? '' : sep) + part;
           const isCurrent = i === parts.length - 1;
-          html += `<span class="crumb-sep">›</span>`;
+          if (i > 0 || isWindows) html += `<span class="crumb-sep">›</span>`;
           html += `<button class="crumb${isCurrent ? ' current' : ''}" data-path="${esc(accumulated)}">${esc(part)}</button>`;
         });
         browserBreadcrumb.innerHTML = html;
@@ -1031,6 +1052,7 @@
         .catch(() => {});
 
       loadSessions();
+      loadShells();
       setInterval(loadSessions, 3000);
 
       // Share button

package/public/sw.js

@@ -1,4 +1,4 @@
-const CACHE_NAME = 'termbeam-v2';
+const CACHE_NAME = 'termbeam-v5';
 const SHELL_URLS = ['/', '/terminal'];
 
 self.addEventListener('install', (event) => {
@@ -56,7 +56,21 @@ self.addEventListener('fetch', (event) => {
     return;
   }
 
-  // Cache-first for static assets
+  // Network-first for HTML pages (always get latest code)
+  if (event.request.mode === 'navigate' || event.request.headers.get('accept')?.includes('text/html')) {
+    event.respondWith(
+      fetch(event.request).then((response) => {
+        if (response.ok) {
+          const clone = response.clone();
+          caches.open(CACHE_NAME).then((cache) => cache.put(event.request, clone));
+        }
+        return response;
+      }).catch(() => caches.match(event.request))
+    );
+    return;
+  }
+
+  // Cache-first for static assets (JS, CSS, images)
   event.respondWith(
     caches.match(event.request).then((cached) => {
       if (cached) return cached;