BUILDING THE TERMINAL

The desktop terminal is real xterm.js wired to a backend — but the backend never spawns a shell.

The frontend

xterm.js renders; keystrokes go out over a websocket.

const ws = new WebSocket(`wss://${location.host}/ws/terminal`);
term.onData(d => ws.send(JSON.stringify({type:'input', data:d})));
ws.onmessage = e => term.write(e.data);

The backend

A tiny interpreter — canned responses only, zero OS exec.

$ whoami
guest
$ ls
about.txt  contact.txt  projects.txt

Why it's safe

No pty, no shell, localhost-bound, behind nginx.

Deploy

systemd unit + nginx wss proxy.