
Security News
Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
wolfpack-bridge
Advanced tools
...:.
:=+=:
. .-*####+-
.- :++**####*=.
- :+***#####*=:.
: .+**######*+==++++++=:..
.. .=*#######*++++====+=--=-.
.:.- -+**######**+*#*+=-:-===:
-. .. -++++***#**++*#*--:---===:
-.:--==+=--=*++*+**********+==------++-
.:----=++*++##########******+=====--=+#=-.
.::-----=+*#%%%%%%#***###*+===--==+*=++=:.
...::::-=+*#%%############*+-----===+****+=:.
:--=-====+******++****##***-.::--++*######**
.++-+++++***********#*+*#***=.:---=+**=--=+==
-**++*++****+***##*++*****++=. ----=+=. ..:-
.+##***+*+*****##*#=-=**=-=-::. -**-::-==+++++
:*%%*+=+=+****##**++****+**+-.. -*=- .::::-=
.-#%#*+*+**#***+++**+****+*++=--+=::-:..:...-+
=###***=*+++++-=*=+++++-====-=:-=--:=---==---
.:-+***+=*+++**+++===*++++=--:= ::=::-=----++
.+****+++++*##+***++=+*-.:--:..-===---=-:-++
.-+###**+++*#****+=---:--==.--=:==-==:::-=++
:####*****+++======:.. :...:::---:.=------
.=###***+++*++++--:.:::. :-=::.:..-:---:
:+**++++++*++*+=-:: .. ...... .. .:..::
Drive AI coding agents (Claude, Codex, Gemini, any shell command) from your phone or browser. Sessions live in a Rust PTY broker that outlives the web server, so restarts don't kill your agents. Designed to ride on top of Tailscale — no ports to open, no DNS to wire up.
curl -fsSL https://raw.githubusercontent.com/almogdepaz/wolfpack/main/install.sh | bash
Downloads the right pre-built binary for your platform, runs the setup wizard, and optionally installs as a login service. No runtime deps — broker is bundled.
bunx wolfpack-bridge # or: npx wolfpack-bridge
Supported: macOS (arm64/x64), Linux (x64/arm64).
wolfpack walks you through:
tailscale serve for HTTPSScan the QR with your phone, tap Add to Home Screen, done.
+, remove via ×, Cmd+ArrowLeft/Right to navigate.git, copy). On-screen keyboard suppressed until you ask for it. Long-press to select.wolfpack Start the server (runs setup on first launch)
wolfpack setup Re-run the setup wizard
wolfpack ls List active broker sessions
wolfpack kill <name> Kill a session
wolfpack doctor Diagnose broker, binaries, JWT, Tailscale
wolfpack service ... install / start / stop / restart / status / uninstall (add --broker to include broker)
wolfpack uninstall --yes Remove everything
Wolfpack exposes repository-local agent skills in skills/:
wolfpack-plan — plan-file task header conventions that Ralph can parse.wolfpack-ralph — Ralph loop response contract, notifications, and sandbox/socket caveats.wolfpack-tailnet-control — discover, inspect, and control Wolfpack terminal sessions across Tailscale hosts.Copy or symlink these skill directories into an agent's skill path when you want that agent to opt in.
┌─────────────┐ ┌───────────┐ ┌──────────────────────────────────────────┐
│ Phone / │ │ Tailscale │ │ Your Machine │
│ Browser │◄──►│ (HTTPS) │◄──►│ │
│ (PWA) │ │ mesh VPN │ │ ┌──────────┐ unix ┌──────────────┐ │
└─────────────┘ └───────────┘ │ │ wolfpack │ socket │ wolfpack- │ │
│ │ server │◄───────►│ broker │ │
│ │ (Bun) │ │ (Rust, PTY) │ │
│ │ HTTP/WS │ │ owns agents │ │
│ └──────────┘ └──────────────┘ │
└──────────────────────────────────────────┘
wolfpack-broker, Rust daemon. Owns every PTY, keeps per-session output rings. One Unix-domain socket per host ($XDG_RUNTIME_DIR/wolfpack-broker.sock, fallback ~/.wolfpack/broker.sock). Wire protocol in docs/broker-protocol.md.Tailscale already gates who can reach the server. If you want an extra auth layer on top — useful if you share your tailnet with others, or for defense-in-depth — set a JWT secret:
export WOLFPACK_JWT_SECRET="$(openssl rand -base64 48)"
Tokens are HS256; the server validates, it does not issue — sign them with any JWT library using the same secret.
Optional: WOLFPACK_JWT_AUDIENCE, WOLFPACK_JWT_ISSUER, WOLFPACK_JWT_CLOCK_TOLERANCE_SEC (default 30s).
~/.wolfpack/config.json (mode 0600):
{
"devDir": "/Users/you/Dev",
"port": 18790,
"tailscaleHostname": "your-machine.tailnet-name.ts.net"
}
Per-server agent settings in ~/.wolfpack/bridge-settings.json. The broker socket's filesystem permissions are the auth boundary.
See CONTRIBUTING.md for dev setup, the asset pipeline, and PR conventions.
Bugs and feature requests: GitHub Issues. Questions and ideas: Discussions.
MIT
FAQs
Mobile/browser command center for AI coding agents on your own machines
The npm package wolfpack-bridge receives a total of 76 weekly downloads. As such, wolfpack-bridge popularity was classified as not popular.
We found that wolfpack-bridge demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.