Add parsing of structured JSON events from Claude Code hooks in PTY
output. State events track session lifecycle (ready/thinking/permission/
question/complete/interrupted). Stats events provide session metrics
(prompts, completions, tools, thinking time, etc).
Events are detected by parsing each line of PTY output, extracting valid
JSON objects with a type field, and forwarding state/stats events to the
server via WebSocket while preserving all output passthrough.
Execute the tab instruction flow:
- Navigate to target option using arrow keys
- Send Tab to enter instruction mode
- Type the instruction text
- Send Enter to submit
The sequence runs asynchronously with proper delays between steps
(50ms between arrows, 100ms before Tab, 100ms before instruction).
QuestionPrompt has a questions array, not flat fields. Updated rendering
to iterate over each question item with its own header, question text,
and options.
Adds new POST /api/prompts/:id/answer endpoint that handles AnswerResponse types:
- option: sends value + newline to PTY
- text: sends user input + newline to PTY
- tab_instructions: placeholder implementation sends selected_option (TODO: needs key sequences)
Updated /approve and /reject endpoints to use "1\n" and "3\n" instead of "y\n" and "n\n"
for consistency with option-based responses. Marked as legacy endpoints for backward compatibility.
Replaced placeholder index.html with a fully functional mobile-first dashboard that connects to the server via SSE and provides real-time session monitoring and prompt approval.
Features:
- Mobile-first design with large touch targets (44px min) and readable fonts
- SSE connection to /events with automatic reconnection on disconnect
- Live display of active sessions with collapsible output views
- Pending prompts section with approve/reject buttons
- Real-time updates for session start/end, streaming output, and prompts
- Dark mode by default with light mode support via prefers-color-scheme
- Plain text terminal output (monospace, scrolls to bottom)
- Connection status indicator in header
Implementation is a single HTML file (~300 lines) with inline CSS and vanilla JS, no frameworks or dependencies.
- Fix SSE cancel handler to properly capture controller in closure
- Remove error JSON messages before WebSocket close (close reason is sufficient)
- Add POST /api/sessions/:sessionId/prompts endpoint for prompt creation
- Add SSE client cleanup on broadcast errors
- Add createPrompt and getSession imports
- Add prompt message type to ClientMessage for CLI prompt reporting
- Add prompt message handler in WebSocket to create and broadcast prompts
Implements device authentication using HMAC-SHA256 signatures with constant-time comparison for security. Includes timestamp-based auth headers with configurable freshness checking (default 5min) and clock skew tolerance.
