HN 표시: Clsh – 휴대폰의 실제 터미널(Claude Code와 함께 작동)

Your Mac, in your pocket. Real terminal access from your phone. Not SSH. Not a simulation. A real PTY on your machine, streamed to your pocket. Live Demo · Getting Started · How It Works · Contributing Session Grid | Claude Code on Phone | Terminal + Live Preview | MacBook Keyboard Skin | Skin Studio — 6 Themes | clsh gives you real terminal access to your Mac from your phone. One command, scan the QR code, and you're in. Multiple live terminal sessions, a custom keyboard built for terminal use, 6 keyboard skins, and session management. Open source, zero config. Key highlights: - Run Claude Code from your phone and watch it work in real time - Multiple terminal sessions with live grid preview - Custom keyboard with sticky modifiers, key repeat, and context strip - 3-tier tunnel: ngrok → SSH → Wi-Fi (works without any signup) - Install as a PWA — fullscreen, no browser chrome Requires Node.js 20+ and macOS or Linux. npx clsh-dev A QR code prints to the console. Scan it on your phone. That's it. For a static URL that survives restarts (perfect for PWA home screen): npx clsh-dev setup See the ngrok setup guide for details. Phone / Tablet / Browser │ │ HTTPS (WebSocket) ▼ ┌──────────────┐ │ Tunnel │ ngrok (static URL) / SSH (localhost.run) / Wi-Fi └──────┬───────┘ ▼ ┌──────────────────────┐ │ clsh agent │ ← runs on your machine │ ├── PTY 0: zsh │ │ ├── PTY 1: claude │ │ ├── PTY 2: ... │ │ └── up to 8 sessions │ └──────────────────────┘ npx clsh-dev starts the backend agent + React frontend- The agent spawns real terminal sessions via node-pty - When tmux is installed, sessions are wrapped in tmux for persistence — they survive server restarts - A tunnel (ngrok, SSH, or Wi-Fi) exposes the agent over HTTPS - A one-time bootstrap token + QR code authenticates your phone - xterm.js renders the terminals in your browser with full color and interactivity Security is our top priority. clsh gives remote terminal access to your machine, so any vulnerability could mean full machine compromise. We take this extremely seriously. | Layer | Protection | |---|---| | Authentication | One-time bootstrap tokens (single-use, 5-min TTL), scrypt password hashing (N=16384, 64-byte key, random salt), WebAuthn/Face ID biometric auth | | Token security | JWT issued via HS256, bootstrap token passed in URL hash fragment (never sent to servers), WebSocket auth via first message (not query string) | | Transport | HTTPS enforced via ngrok/SSH tunnels, CORS restricted to known origins, security headers (X-Frame-Options, X-Content-Type-Options, CSP) | | Rate limiting | Auth endpoints: 5-10 requests per 15 minutes, prevents brute force | | WebSocket | Origin validation on upgrade, 64KB max payload, resize dimension bounds checking | | Password storage | Server-side scrypt with crypto.timingSafeEqual (constant-time comparison prevents timing attacks) | | PWA support | Lock screen with Face ID + password, biometric credentials synced server-side for cross-context restoration | Found a vulnerability? Please report it. See SECURITY.md for our disclosure policy, or email [email protected] directly. We respond within 48 hours. We believe in transparency. If you find something, open a security advisory or email us. We will credit all responsible disclosures. - Multiple live sessions — create, rename, close; up to 8 concurrent PTYs - Real PTY — full zsh/bash with colors, vim, tmux, everything - Session persistence — sessions survive server restarts via tmux (auto-detected, graceful fallback if tmux isn't installed) - Session grid — 2-column card layout with live terminal previews - Claude Code streaming — run AI coding agents remotely from your phone - Two layouts — iOS Terminal (6-row, big keys for phone) and MacBook (5-row, compact) - Sticky modifiers — tap Shift/Ctrl/Opt/Cmd once, it stays for the next key - Key repeat — hold any key for auto-repeat (400ms delay, 60ms interval) - Context strip — quick-access: esc, F1-F5, commit, diff, plan, Ctrl+C - 6 skins — iOS Terminal, MacBook Silver, Gamer RGB, Custom Painted, Amber Retro, Ice White - 3-tier tunnel fallback — ngrok → localhost.run SSH → local Wi-Fi - Zero-config start — works immediately with SSH tunnel (no signup needed) - Static URL with ngrok — same URL every time for PWA home screen - QR code auth — scan once, stay connected via JWT - PWA — install to home screen, runs fullscreen without browser chrome - iOS keyboard suppressed — custom keyboard replaces system keyboard - Safe-area insets — works with Dynamic Island and notch devices - Demo mode — scripted terminal animations when no backend is reachable npx clsh-dev Connects through localhost.run — a free SSH tunnel. No signup, no tokens. A QR code prints to the console with the HTTPS URL. For a static domain that survives restarts — perfect for a home screen PWA: brew install ngrok ngrok config add-authtoken YOUR_TOKEN # free at ngrok.com Create a free static domain at dashboard.ngrok.com/domains, then: # .env (project root) NGROK_AUTHT