Hydra

About the project

CLI tool and server platform for managing personal and team accounts in AI tools like Claude Code and Codex CLI. Solves the problem of securely sharing organizational credentials without exposing secrets, combining local account management with real-time remote execution via WebSocket + PTY. Hybrid architecture: personal accounts 100% local, organization accounts executed remotely with AES-256-GCM encryption. Published on npm as @deharo/hydra.

Technologies

Features

• Published on npm as @deharo/hydra · 30+ CLI commands · 17+ REST endpoints
• Hybrid architecture: local accounts + remote execution with AES-256-GCM encryption
• Bidirectional terminal streaming via WebSocket + node-pty in real time
• Auth with JWT + refresh token rotation + Argon2id hashing
• Organizations with RBAC (owner/admin/member), invitations and full audit trail
• Execution leases with heartbeat, TTL, automatic cleanup and crash recovery
• Secrets encrypted at rest (AES-256-GCM) — members never see credentials
• Monorepo with npm workspaces: CLI + Fastify server + shared Zod schemas
• 10 PostgreSQL tables with optimized indexes and JSONB audit log

Technical challenges

• Designing architecture where team members never see the credentials
• Bidirectional terminal streaming with WebSocket + remote pseudo-terminal
• Lease system with TTL, heartbeat and orphan session recovery
• Secure refresh token rotation with irreversible HMAC hashes
• Schema-first development with Zod shared between CLI and server

Learnings

• Zero-knowledge security architecture for credential management
• Professional CLI development with Commander.js, Inquirer, Chalk
• Real-time terminal streaming with WebSocket and node-pty
• npm package publishing and distribution
• Monorepo with npm workspaces and automated builds