Hydra

About the project

Hydra is an npm package for managing access to AI tools from CLI and server environments. It combines RBAC, AES-256-GCM encryption, and remote execution over WebSockets so teams can share access without exposing credentials. Published as @deharo/hydra.

Technologies

Features

• Published on npm as @deharo/hydra · 30+ CLI commands · 17+ REST endpoints
• Hybrid architecture: local accounts + remote execution with AES-256-GCM encryption
• Bidirectional terminal streaming via WebSocket + node-pty in real time
• Auth with JWT + refresh token rotation + Argon2id hashing
• Organizations with RBAC (owner/admin/member), invitations and full audit trail
• Execution leases with heartbeat, TTL, automatic cleanup and crash recovery
• Secrets encrypted at rest (AES-256-GCM) — members never see credentials
• Monorepo with npm workspaces: CLI + Fastify server + shared Zod schemas
• 10 PostgreSQL tables with optimized indexes and JSONB audit log

Technical challenges

• Designing architecture where team members never see the credentials
• Bidirectional terminal streaming with WebSocket + remote pseudo-terminal
• Lease system with TTL, heartbeat and orphan session recovery
• Secure refresh token rotation with irreversible HMAC hashes
• Schema-first development with Zod shared between CLI and server

Learnings

• Zero-knowledge security architecture for credential management
• Professional CLI development with Commander.js, Inquirer, Chalk
• Real-time terminal streaming with WebSocket and node-pty
• npm package publishing and distribution
• Monorepo with npm workspaces and automated builds

Screenshots

View 1

View 2