🚀 Beacon Release — Remote Terminal & Command Rename

This release adds remote terminal to Beacon — open a shell on any device from your browser, through BeaconInfra. No SSH port, no VPN, no port forwarding. Also renames beacon master to beacon start.

✨ Highlights

🚇 Tunneling on HA OS

With the beacon home-assistant OS addon you can now enable tunneling (remote access).

🖥️ Remote Terminal

Open a PTY shell session on your device directly from the BeaconInfra dashboard. Traffic relays through BeaconInfra's WebSocket hub — no SSH daemon, no port 22, no inbound connections needed.

How it works:

1. Click "Open Terminal" on a device in the dashboard (Remote Access tab or the Remote Access page)
2. BeaconInfra creates a session and sends a terminal_open piggyback command to the device
3. The Beacon agent picks it up on the next heartbeat, dials back to the cloud via WebSocket, and spawns a local shell
4. Browser ↔ Cloud Hub ↔ Agent PTY — bidirectional relay, binary-safe

Security:

• One-time btt_ tokens per session — SHA-256 hashed, only the hash stored server-side
• Sessions auto-expire after 15 minutes (max duration) or 5 minutes idle
• Shell restricted to an allow-list (/bin/bash, /bin/zsh, /bin/sh, /bin/ash, /bin/dash, /usr/bin/bash, /usr/bin/zsh, /usr/bin/fish)
• The agent runs the shell as its own OS user — no privilege escalation
• A stale session reaper runs every 60s to clean up abandoned sessions

⌨️ beacon start (was beacon master)

The command to start the agent is now beacon start. More intuitive, less jargon. beacon master still works as an alias for backward compatibility — existing scripts and systemd units are unaffected.

🚀 Deploy from beaconinfra dashboard

The device detail page now has a prominent "Deploy" button that opens a dialog where you can enter a project name. Triggers the same deploy flow as a new tag detection.

🛠️ What's included

• Remote terminal: terminal_open piggyback command, agent-side PTY spawner, cloud WebSocket relay hub
• Browser terminal UI (xterm.js) with resize support and session status feedback
• Terminal session API: POST /api/terminal/sessions, GET .../sessions/:id, POST .../sessions/:id/terminate
• Browser and agent WebSocket endpoints with JWT and btt_ token auth
• Shell allow-list (gosec G702 fix) — rejects arbitrary $SHELL values
• Stale session reaper with ExpireStale storage method
• Structured logging (zerolog) for all terminal events: session create, browser connect, agent connect, relay start, close
• beacon master → beacon start rename across both repos (agent + cloud), master kept as Cobra alias
• Deploy dialog on device detail page with project name input
• Terminal accessible from Remote Access page (device dropdown) and device detail Remote Access tab

📋 What's next

• Agent binary rebuild required — devices must run this version for terminal to work. Older agents silently ignore the terminal_open command.
• Terminal sessions are single-user, single-device for now. Multi-tab and session sharing are future work.
• The deploy dialog currently triggers a device-level deploy. Project-targeted deploy via piggyback commands is planned.

Full Changelog: https://github.com/Bajusz15/beacon/compare/v0.6.3-remote-ssh...v0.6.4-remote-ssh-access

Full Changelog: https://github.com/Bajusz15/beacon/compare/v0.6.3-remote-ssh...v0.6.5-remote-tty