
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
wolfpack-bridge
Advanced tools
...:.
:=+=:
. .-*####+-
.- :++**####*=.
- :+***#####*=:.
: .+**######*+==++++++=:..
.. .=*#######*++++====+=--=-.
.:.- -+**######**+*#*+=-:-===:
-. .. -++++***#**++*#*--:---===:
-.:--==+=--=*++*+**********+==------++-
.:----=++*++##########******+=====--=+#=-.
.::-----=+*#%%%%%%#***###*+===--==+*=++=:.
...::::-=+*#%%############*+-----===+****+=:.
:--=-====+******++****##***-.::--++*######**
.++-+++++***********#*+*#***=.:---=+**=--=+==
-**++*++****+***##*++*****++=. ----=+=. ..:-
.+##***+*+*****##*#=-=**=-=-::. -**-::-==+++++
:*%%*+=+=+****##**++****+**+-.. -*=- .::::-=
.-#%#*+*+**#***+++**+****+*++=--+=::-:..:...-+
=###***=*+++++-=*=+++++-====-=:-=--:=---==---
.:-+***+=*+++**+++===*++++=--:= ::=::-=----++
.+****+++++*##+***++=+*-.:--:..-===---=-:-++
.-+###**+++*#****+=---:--==.--=:==-==:::-=++
:####*****+++======:.. :...:::---:.=------
.=###***+++*++++--:.:::. :-=::.:..-:---:
:+**++++++*++*+=-:: .. ...... .. .:..::
Mobile & desktop command center for AI coding agents. Control agent sessions (Claude, Codex, Gemini, or any custom command) across multiple machines from your phone or browser. Two session backends: pty (lightweight, no dependencies) or tmux (persistent, survives restarts). Secured by Tailscale — zero-config encrypted access, no ports to open.
Install on your phone's home screen for a native app experience — scan the QR code after setup and tap "Add to Home Screen".
Classic Ghostty (WASM)
┌─────────────┐ ┌───────────┐ ┌──────────────────────────────────┐
│ Phone / │ │ Tailscale │ │ Your Machine │
│ Browser │◄────►│ (HTTPS) │◄────►│ │
│ (PWA) │ │ mesh VPN │ │ ┌──────────┐ ┌──────┐ ┌─────┐ │
└─────────────┘ └───────────┘ │ │ wolfpack │ │pty or│ │Agent│ │
│ │ server │◄│ tmux │◄│(any)│ │
│ │ HTTP/WS │ │ │ │ │ │
│ └──────────┘ └──────┘ └─────┘ │
└──────────────────────────────────┘
Components:
bunx wolfpack-bridge
Or with npx:
npx wolfpack-bridge
Or via shell script (no Node/Bun required):
curl -fsSL https://raw.githubusercontent.com/almogdepaz/wolfpack/main/install.sh | bash
This will download the pre-built binary for your platform, run the setup wizard, and optionally install as a login service.
Supported platforms: macOS (Apple Silicon, Intel), Linux (x64, arm64).
Wolfpack supports two backends for managing terminal sessions. You choose during setup and can switch at runtime from Settings.
| PTY (default) | tmux | |
|---|---|---|
| Dependencies | None | Requires tmux installed |
| Session persistence | In-memory — sessions lost on server crash/restart | tmux server is a separate process — sessions survive wolfpack restarts, deploys, and crashes |
| Terminal streaming | Direct binary WebSocket (/ws/pty) — low latency | Capture-pane polling (/ws/terminal) |
| Desktop terminal | ghostty-web with full scrollback | ghostty-web with full scrollback |
| Best for | Quick setup, no-dependency environments | Long-running agent sessions where persistence matters |
Why tmux is more robust: tmux runs as an independent server process. Your agent sessions live inside tmux, not inside wolfpack. If wolfpack crashes, gets redeployed, or restarts (e.g. launchctl kickstart), tmux sessions keep running untouched. When wolfpack comes back up, it reconnects to the existing tmux sessions automatically. With the PTY backend, a wolfpack restart kills all running sessions — any in-progress agent work is lost.
Why PTY is the default: zero dependencies, simpler setup, and lower latency terminal streaming. For most users running short agent tasks, the convenience outweighs the persistence tradeoff.
Both backends can run simultaneously — the backend router tracks which backend owns each session. You can have tmux sessions and PTY sessions active at the same time.
Wolfpack can only hydrate history that tmux still retains. Desktop terminal sessions prefill the latest 5,000 lines on connect, so if you want deeper scrollback, raise tmux's history limit:
set -g history-limit 50000
Reload tmux or restart your sessions after changing it.
wolfpack # Start the server (runs setup on first launch)
wolfpack setup # Re-run the setup wizard
wolfpack service install # Auto-start on login (launchd / systemd)
wolfpack service stop # Stop the background service
wolfpack service start # Start the background service
wolfpack service status # Check if running
wolfpack service uninstall # Remove the launch agent
wolfpack uninstall # Remove everything (service, config, global command)
On first run, wolfpack walks you through:
~/Dev)18790)+ on any sidebar card to add it to the grid, × to remove. Focused cell highlighted with green glow.Cmd/Ctrl + ArrowUp/Down — cycle between sessionsCmd/Ctrl + ArrowLeft/Right — navigate grid cellsCmd/Ctrl + T — new session (project picker)Cmd/Ctrl + K — clear terminalAll settings (terminal mode, font size, haptics, etc.) persist in localStorage across sessions.
wolfpack setup and say y to "Enable Tailscale HTTPS access?"Tailscale's encrypted mesh network handles auth and routing — no ports to open, no DNS to configure.
Always use the Tailscale hostname (e.g. https://mybox.tail1234.ts.net) — not raw IPs. The QR code from setup already points to the correct URL. Raw IP access (LAN or Tailscale 100.x.x.x) bypasses Tailscale's DNS-based routing and may not be protected by CORS.
JWT authentication adds a second layer of protection. Without it, anyone who can reach the server port has full access to your tmux sessions. To enable:
Generate a secret (minimum 32 characters):
openssl rand -base64 48
Set the environment variable before starting wolfpack:
export WOLFPACK_JWT_SECRET="your-secret-here"
For service installs, add it to your shell profile or the service environment.
Optional configuration:
WOLFPACK_JWT_AUDIENCE — expected aud claimWOLFPACK_JWT_ISSUER — expected iss claimWOLFPACK_JWT_CLOCK_TOLERANCE_SEC — clock skew tolerance (default: 30s)Tokens use HS256 (HMAC-SHA256). The server validates but does not issue tokens — generate them with any JWT library using the same secret.
Without WOLFPACK_JWT_SECRET set, authentication is disabled. This is fine for localhost-only usage but strongly recommended when the server is reachable over a network.
Autonomous task runner. Write a markdown plan file, pick an agent, set iterations, and let it rip. Ralph reads the plan, extracts the first incomplete task, hands it to the agent, marks it done, and moves on — implementing, testing, and committing along the way. See full documentation.
Stored in ~/.wolfpack/config.json:
{
"devDir": "/Users/you/Dev",
"port": 18790,
"backend": "pty",
"tailscaleHostname": "your-machine.tailnet-name.ts.net"
}
Agent command and settings stored in ~/.wolfpack/bridge-settings.json.
Requires Bun (v1.2+).
git clone https://github.com/almogdepaz/wolfpack.git
cd wolfpack
bun install
bun run scripts/gen-assets.ts # generate embedded assets (required once)
bun run cli.ts # start the server locally
bun test # all tests
bun test tests/unit/ # unit tests only
bun test tests/unit/plan-parsing.test.ts # single file
Tests use Bun's built-in runner. Three categories:
tests/unit/ — plan parsing, ralph log parsing, escaping, validation, grid logictests/snapshot/ — launchd plist and systemd unit generationtests/integration/ — API routes, ralph loop endpointsFrontend files live in public/. The server doesn't serve from disk — everything is embedded:
public/ (HTML, PNG, manifest, etc.)bun run scripts/gen-assets.ts — embeds them into public-assets.ts (binary→base64, text→string)public-assets.ts manually — it's auto-generatedbun run scripts/build.ts # assets + 4 platform binaries in dist/
Compiles for: linux-x64, linux-arm64, darwin-x64, darwin-arm64.
mainbun test)MIT
FAQs
Mobile/browser command center for AI coding agents on your own machines
The npm package wolfpack-bridge receives a total of 76 weekly downloads. As such, wolfpack-bridge popularity was classified as not popular.
We found that wolfpack-bridge demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.