v0.7.1

What's New

Web Terminal Consolidation

• Consolidated the web terminal into a single reusable WebTerminal.vue component
• Extended ShellGateway to accept share tokens directly for seamless terminal authentication
• The share page (/share/[token]) now has a fully functional terminal (previously a non-working stub)

Complete Swagger/OpenAPI Documentation

• Added @ApiOperation, @ApiResponse, @ApiBody, @ApiParam, and @ApiQuery decorators to all 45 previously undocumented endpoints
• New API tags: Debug, AI, Environment Shares, Temporary Tunnels, Proxy, Diagnostics
• Full documentation now available at /docs

UX & Honesty Fixes

• Replaced synthetic AI response in the debug viewer with an honest "AI not available" message
• Replaced misleading CLI "Temporary tunnels coming soon!" messages with specific error feedback
• Removed hardcoded setTimeout delays in the debug page — loading is now event-driven
• Updated "Web Terminal Preview" label to "Web Terminal"

Internal

• Resolved circular dependency between TunnelModule and SharesModule using forwardRef
• Version bump to 0.7.1 across all packages

v0.7.0 — AI Agent Grants

AI Agent Grants

New feature: give AI agents (Cursor, Claude, Codex, etc.) temporary, scoped access to private resources.

What's new

• connect grant command — one command to grant an AI agent time-limited access to a database, API, or other private resource
• Grant API — create, list, revoke, and validate grants via REST (/v1/grants)
• Grant-aware proxy — AI agents access resources via /grant/:resource/ with a grant token; scope enforcement blocks mutations for read-only grants
• Auto-expiry — grants expire after the specified TTL; no cleanup needed

Usage

# Grant Claude 5 minutes of read-only access to your postgres service
connect grant claude --db postgres --ttl 5m

# List active grants
connect grant --list

# Revoke a grant early
connect grant --revoke <id>

Why

AI coding agents need access to databases, staging APIs, and internal tools. Today the options are: expose services publicly, paste credentials into prompts, disable security, or block AI entirely. Grants give you a middle path: time-limited, scoped access that expires automatically.

No credentials in prompts. No open ports. Access disappears.

v0.6.27 — E2E encryption for agent-to-agent tunnels

End-to-end encryption

Agent-to-agent tunnels (connect expose + connect reach) are now end-to-end encrypted by default. The Hub relays ciphertext only and cannot read payloads even if compromised.

Highlights

• X25519 ECDH key exchange + AES-256-GCM for tunnel data (Node.js crypto, zero new dependencies)
• Ephemeral keys per connection; Hub never sees session keys
• --no-e2e on expose / reach to disable; automatic fallback if the other side doesn't support E2E
• Scope: agent-to-agent TCP bridges only (temporary tunnels and browser connections unchanged)

Docs

• Security architecture updated with protocol details.

Version

• All packages bumped to 0.6.27.

v0.6.26

Full Changelog: v0.6.25...v0.6.26

v0.6.25: Browser Terminal with PTY

Browser Terminal with PTY support

The browser terminal now spawns a real shell (PTY) on the host instead of forwarding raw TCP to SSH. Open /terminal in the browser, enter a share code, and get a live terminal.

Changes

• Agent: PTY support via node-pty (dev) or python3 pty.spawn (compiled binary)
• Hub: sends pty: true flag on browser bridge dial, forwards resize events
• Web: /terminal page with xterm.js, resize support

How to update

Download the connect binary from this release and replace your existing one.

v0.6.24

Security & fixes

• Debug: SSRF protection on replay endpoint; validate target URLs (block private/metadata). End session by token only (fix auth bypass).
• Tunnel: Reject only reconnecting agent’s pending HTTP requests (fix cross-agent 502s). Pass and validate agentId on HTTP response handlers; base64 chunk handling; require all chunks before resolve.
• Temporary tunnels: Management token for create/close/query/info/debug; remove unauthenticated list; CLI local store and WEB_URL/APP_URL alignment.
• Agents: Use withoutRls() for rotateToken and validateAgent; fix sendCommand fromAgentId (use agent id, not workspace id).
• Auth: Resend required in production (throw if missing); no magic-link logging in prod. Login returns same message for existing/missing email (no user enumeration). Rate limiting uses req.ip (no X-Forwarded-For spoof).
• Security: extractClientIp uses rightmost X-Forwarded-For; add security.spec test.
• AI: Redact traffic context in chat when using cloud provider.
• Email: Prefer WEB_URL/APP_URL consistently; don’t log Resend errors that could contain secrets.
• Version: Bump to 0.6.24; add db:migrate script for Railway.

v0.6.23

Device allowlisting

• connect share --require-approval — only approved devices can join
• Host: --pending, --approve, --deny to manage join requests
• Device allowlist doc

Terminal from anywhere

• connect shell [port] — expose SSH as service shell (default port 22)
• Joiner: connect join <code> then connect reach shell then ssh localhost
• Terminal doc

Other

• Free tier: 24h temp tunnel TTL, stable slug subdomains (--slug, --ttl)
• npm: private-connect@0.6.23, @privateconnect/sdk@0.6.23

v0.6.21

Free tier improvements

• Temp tunnel TTL: Sessions up to 24 hours (configurable via --ttl or MAX_TEMP_TUNNEL_TTL_MINUTES).
• Stable subdomain without account: --slug myapp gives https://myapp.privateconnect.co when the name is available.
• CLI: npx private-connect tunnel 3000 --slug myapp --ttl 1440
• Node API: createTunnel({ port: 3000, ttl: 1440, slug: 'myapp' })
• Docs: Free tier (no signup) — limits, server config, paid vs free.

v0.6.8: Security hardening

Security hardening

This release addresses several security findings identified during an internal audit.

API Keys

• API keys are now hashed (SHA-256) before storage — the database no longer contains plaintext keys. A backfill migration was applied to production before deploy.

Encryption

• Workspace AI provider API keys are now encrypted at rest using AES-256-GCM. Requires FIELD_ENCRYPTION_KEY env var (64-char hex).

Web Frontend

• API key removed from localStorage — the web UI now relies solely on the session cookie for authentication, eliminating XSS exfiltration of the API key from the browser.

Rate Limiting

• Per-email rate limiting added to magic-link endpoints (3/min per address) in addition to the existing per-IP limit, preventing inbox flooding via IP rotation.

Headers & CSP

• Removed unsafe-eval from Swagger UI Content-Security-Policy
• Fixed www redirect to use req.protocol (respects trust proxy) instead of raw X-Forwarded-Proto header
• Stripped internal state (dbConnected, appReady) from public /health endpoint
• Added SRI integrity hash to Seline analytics script

Infrastructure

• Docker Compose DB credentials now use env var substitution — no hardcoded passwords in the repo
• Debug startup logging gated behind NODE_ENV !== production

v0.6.17

connect link — zero-config public URLs

connect link now auto-detects and exposes services in one step. No need to run connect expose first.

What's new

• connect link (no args) — scans local ports, finds your running service, exposes it if needed, and gives you a public URL
• connect link 3000 — targets a specific port, same auto-expose flow
• connect link my-app — if already exposed, instantly creates the link; if not found, shows helpful guidance
• Smart detection: checks if a service is already exposed to avoid duplicate work
• Auto-naming from pconnect.yml, well-known ports, process names, or package.json

Examples

# Just run it — detects what's on localhost, exposes, links
connect link

# Target a specific port
connect link 3000

# Already exposed? Just creates the link
connect link my-app

# With options
connect link --expires 7d --methods GET --rate-limit 100