Skip to main content

Control AI coding agents from your phone — Claude Code, Codex, and Antigravity. Self-hosted, E2E encrypted, open source.

Project description

CorvusTunnel

Control AI Agents from Your Phone

Self-hosted remote control for Claude Code, Codex, and Antigravity. Free, open source, E2E encrypted.

License: MIT Python 3.10+ PyPI


Quick Start

# Install
pip install corvustunnel

# Start
corvustunnel start

# With a specific workspace
corvustunnel start --workspace /path/to/your/project

Scan the QR code with your phone → you're connected.

Features

  • Multi-agent support — Claude Code, Codex CLI, Antigravity
  • End-to-end encryption — NaCl/libsodium, ephemeral key exchange on every connection (relay sees only ciphertext)
  • QR code connect — scan to connect, no manual URL typing
  • Real-time streaming — WebSocket-based terminal I/O via xterm.js
  • Push notifications — Web Push API alerts for agent events
  • PWA support — install on your phone like a native app
  • Smart suggestions — context-aware action chips (approve, reject, continue)
  • Command favorites — pin frequently used prompts for one-tap access
  • Audit logging — JSONL forensic logs of all sessions
  • Security hardened — IP ban, rate limiting, body size limits, CORS, security headers
  • Self-hosted — runs on your machine, your data stays with you
  • Unlimited — no session limits, no cooldowns, no restrictions

How It Works

Your Phone                    Your Computer
┌─────────┐                  ┌──────────────────┐
│         │   WebSocket      │  CorvusTunnel    │
│  Scan   │ ◄──────────────► │  ├── FastAPI     │
│  QR     │   (E2E encrypted)│  ├── PTY/pexpect │
│  Code   │                  │  └── Agent       │
│         │                  │      (claude/    │
│  Send   │                  │       codex/     │
│  prompts│                  │       agy)       │
└─────────┘                  └──────────────────┘
     ▲                              ▲
     │    Cloudflare Relay          │
     └──────────────────────────────┘
         (TLS + E2E encryption)

Installation

pip install corvustunnel
corvustunnel start

Security

  • E2E Encryption: Every terminal frame is encrypted with NaCl Box (crypto_box: X25519 key agreement + XSalsa20-Poly1305 authenticated encryption). The browser and your machine are the only endpoints that hold keys — the relay forwards opaque ciphertext.
  • Forward secrecy: Both sides generate ephemeral X25519 keypairs per connection; keys never touch disk and are dropped on disconnect.
  • Auth: One-time boot token → session token with IP binding
  • WebSocket: Ticket-based auth (one-time, 30s TTL, IP-bound)
  • Rate Limiting: Per-endpoint via slowapi
  • IP Auto-Ban: After repeated auth failures

See SECURITY.md for full details and vulnerability reporting.

Relay & privacy

By default CorvusTunnel registers a session with the hosted relay (roost.corvustunnel.com) so your phone can reach your machine without any port-forwarding. Because terminal I/O is end-to-end encrypted, the relay only ever forwards opaque ciphertext — it cannot read your prompts, your code, or the agent's output. If you would rather not use the hosted relay at all:

  • corvustunnel start --no-relay — use a cloudflared Quick Tunnel instead.
  • corvustunnel start --no-relay --no-tunnel — LAN only (binds 0.0.0.0, reachable from your local network).
  • corvustunnel start --host https://your.domain — front it with your own reverse proxy.

The public port binds to 127.0.0.1 by default (relay/tunnel modes). Use --bind 0.0.0.0 to expose it directly, and set TRUSTED_PROXIES if a reverse proxy you control terminates the connection — otherwise X-Forwarded-For is ignored and the direct socket address is used for bans and rate limits.

API

Endpoint Auth Description
GET /api/health No Health check
POST /api/e2e/exchange No E2E key exchange
POST /api/claim Boot token Exchange boot token for session token
GET /api/browse Session Directory browser
GET /api/check-agents Session List available AI agents
POST /api/ws-ticket Session Get WebSocket connection ticket
WS /api/terminal/ws Ticket Interactive terminal session

Internal API (localhost:8001):

Endpoint Description
GET /audit View audit logs
GET /deeplog View deep (plaintext) logs
GET /terminal/status Terminal session status

Environment Variables

Variable Default Description
AGENT_TOKEN Auto-generated Bearer token for API auth
ALLOWED_DIRS Home + CWD Comma-separated allowed directories
AUDIT_LOG_DIR ./logs Audit log directory
PUBLIC_PORT 8000 Public API port
INTERNAL_PORT 8001 Internal admin port
TRUSTED_PROXIES (none) Extra IPs (besides loopback) whose X-Forwarded-For is trusted

Development

git clone https://github.com/maliozturk/CorvusTunnel.git
cd CorvusTunnel
pip install -e ".[dev]"
AGENT_TOKEN=dev-token corvustunnel start --verbose

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT — see LICENSE

Links

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

corvustunnel-1.1.0.tar.gz (832.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

corvustunnel-1.1.0-py3-none-any.whl (827.8 kB view details)

Uploaded Python 3

File details

Details for the file corvustunnel-1.1.0.tar.gz.

File metadata

  • Download URL: corvustunnel-1.1.0.tar.gz
  • Upload date:
  • Size: 832.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for corvustunnel-1.1.0.tar.gz
Algorithm Hash digest
SHA256 5db8449e412e09fa82f2334fe9f8d304c22fbce391ac4c513215a36ea9d3c769
MD5 cb7ecceb2d9118e7c67fa7d64bb9413e
BLAKE2b-256 aee512c766d9d8e1a0eda2839fcd1bdd9bd34b914656c5740aaf0fac96df1480

See more details on using hashes here.

File details

Details for the file corvustunnel-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: corvustunnel-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 827.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for corvustunnel-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a79a9dfdf98a45744ef87760fa666173eb905779111a7a19a3130318f38c815c
MD5 f0f2449f7293a5e44578731b80336cf5
BLAKE2b-256 3507933f357feefb2132cbdf8fbbe0b6d8ec4f876fc7832066a4c9bb139d335d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page