- REST API: All session/code/machine endpoints now require AuthenticatedUser
- Viewer WebSocket: Requires JWT token in query params (token=...)
- Agent WebSocket: Requires either valid support code OR API key
- Dashboard: Passes JWT token when connecting to viewer WS
- Native viewer: Passes token in protocol URL and WebSocket connection
- Added AGENT_API_KEY env var support for persistent agents
- Added get_status() to SupportCodeManager for auth validation
This fixes the security vulnerability where unauthenticated agents
could connect and appear in the dashboard without any credentials.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ViewerInfo struct to track viewer name and connection time
- Update session manager to track viewers with names
- Update API to return viewer list for each session
- Update dashboard to display "Mike Connected (3 min)" on machine bars
- Update viewer.html to pass viewer_name parameter
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create viewer.html with canvas-based video display
- Implement protobuf parsing for VideoFrame/RawFrame
- Add zstd decompression using fzstd library
- Convert BGRA to RGBA for canvas rendering
- Add mouse event capture and encoding
- Add keyboard event capture and encoding
- Add Ctrl+Alt+Del special key support
- Add fullscreen toggle
- Update dashboard to open viewer in new window
- Auto-reconnect on connection loss
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
