Control AI coding agents from your phone — Claude Code, Codex, and Antigravity. Self-hosted, E2E encrypted, open source.
Project description
CorvusTunnel
Control AI Agents from Your Phone
Self-hosted remote control for Claude Code, Codex, and Antigravity. Free, open source, E2E encrypted.
Quick Start
# Install
pip install corvustunnel
# Start
corvustunnel start
# With a specific workspace
corvustunnel start --workspace /path/to/your/project
Scan the QR code with your phone → you're connected.
Features
- Multi-agent support — Claude Code, Codex CLI, Antigravity
- End-to-end encryption — NaCl/libsodium, ephemeral key exchange on every connection (relay sees only ciphertext)
- QR code connect — scan to connect, no manual URL typing
- Real-time streaming — WebSocket-based terminal I/O via xterm.js
- Push notifications — Web Push API alerts for agent events
- PWA support — install on your phone like a native app
- Smart suggestions — context-aware action chips (approve, reject, continue)
- Command favorites — pin frequently used prompts for one-tap access
- Audit logging — JSONL forensic logs of all sessions
- Security hardened — IP ban, rate limiting, body size limits, CORS, security headers
- Self-hosted — runs on your machine, your data stays with you
- Unlimited — no session limits, no cooldowns, no restrictions
How It Works
Your Phone Your Computer
┌─────────┐ ┌──────────────────┐
│ │ WebSocket │ CorvusTunnel │
│ Scan │ ◄──────────────► │ ├── FastAPI │
│ QR │ (E2E encrypted)│ ├── PTY/pexpect │
│ Code │ │ └── Agent │
│ │ │ (claude/ │
│ Send │ │ codex/ │
│ prompts│ │ agy) │
└─────────┘ └──────────────────┘
▲ ▲
│ Cloudflare Relay │
└──────────────────────────────┘
(TLS + E2E encryption)
Installation
pip install corvustunnel
corvustunnel start
Security
- E2E Encryption: Every terminal frame is encrypted with NaCl Box (
crypto_box: X25519 key agreement + XSalsa20-Poly1305 authenticated encryption). The browser and your machine are the only endpoints that hold keys — the relay forwards opaque ciphertext. - Forward secrecy: Both sides generate ephemeral X25519 keypairs per connection; keys never touch disk and are dropped on disconnect.
- Auth: One-time boot token → session token with IP binding
- WebSocket: Ticket-based auth (one-time, 30s TTL, IP-bound)
- Rate Limiting: Per-endpoint via slowapi
- IP Auto-Ban: After repeated auth failures
See SECURITY.md for full details and vulnerability reporting.
Relay & privacy
By default CorvusTunnel registers a session with the hosted relay
(roost.corvustunnel.com) so your phone can reach your machine without any
port-forwarding. Because terminal I/O is end-to-end encrypted, the relay only
ever forwards opaque ciphertext — it cannot read your prompts, your code, or
the agent's output. If you would rather not use the hosted relay at all:
corvustunnel start --no-relay— use a cloudflared Quick Tunnel instead.corvustunnel start --no-relay --no-tunnel— LAN only (binds0.0.0.0, reachable from your local network).corvustunnel start --host https://your.domain— front it with your own reverse proxy.
The public port binds to 127.0.0.1 by default (relay/tunnel modes). Use
--bind 0.0.0.0 to expose it directly, and set TRUSTED_PROXIES if a reverse
proxy you control terminates the connection — otherwise X-Forwarded-For is
ignored and the direct socket address is used for bans and rate limits.
API
| Endpoint | Auth | Description |
|---|---|---|
GET /api/health |
No | Health check |
POST /api/e2e/exchange |
No | E2E key exchange |
POST /api/claim |
Boot token | Exchange boot token for session token |
GET /api/browse |
Session | Directory browser |
GET /api/check-agents |
Session | List available AI agents |
POST /api/ws-ticket |
Session | Get WebSocket connection ticket |
WS /api/terminal/ws |
Ticket | Interactive terminal session |
Internal API (localhost:8001):
| Endpoint | Description |
|---|---|
GET /audit |
View audit logs |
GET /deeplog |
View deep (plaintext) logs |
GET /terminal/status |
Terminal session status |
Environment Variables
| Variable | Default | Description |
|---|---|---|
AGENT_TOKEN |
Auto-generated | Bearer token for API auth |
ALLOWED_DIRS |
Home + CWD | Comma-separated allowed directories |
AUDIT_LOG_DIR |
./logs |
Audit log directory |
PUBLIC_PORT |
8000 |
Public API port |
INTERNAL_PORT |
8001 |
Internal admin port |
TRUSTED_PROXIES |
(none) | Extra IPs (besides loopback) whose X-Forwarded-For is trusted |
Development
git clone https://github.com/maliozturk/CorvusTunnel.git
cd CorvusTunnel
pip install -e ".[dev]"
AGENT_TOKEN=dev-token corvustunnel start --verbose
Contributing
See CONTRIBUTING.md for guidelines.
License
MIT — see LICENSE
Links
- Website: corvustunnel.com
- GitHub: github.com/maliozturk/CorvusTunnel
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file corvustunnel-1.1.0.tar.gz.
File metadata
- Download URL: corvustunnel-1.1.0.tar.gz
- Upload date:
- Size: 832.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5db8449e412e09fa82f2334fe9f8d304c22fbce391ac4c513215a36ea9d3c769
|
|
| MD5 |
cb7ecceb2d9118e7c67fa7d64bb9413e
|
|
| BLAKE2b-256 |
aee512c766d9d8e1a0eda2839fcd1bdd9bd34b914656c5740aaf0fac96df1480
|
File details
Details for the file corvustunnel-1.1.0-py3-none-any.whl.
File metadata
- Download URL: corvustunnel-1.1.0-py3-none-any.whl
- Upload date:
- Size: 827.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a79a9dfdf98a45744ef87760fa666173eb905779111a7a19a3130318f38c815c
|
|
| MD5 |
f0f2449f7293a5e44578731b80336cf5
|
|
| BLAKE2b-256 |
3507933f357feefb2132cbdf8fbbe0b6d8ec4f876fc7832066a4c9bb139d335d
|