SessionCast now encrypts all terminal data end-to-end using AES-256-GCM. Combined with zstd compression, your sessions are both secure and fast.

How It Works

When E2E encryption is enabled, the CLI agent and web viewer negotiate a shared key. All terminal output (screen) and keyboard input (keys) are encrypted before leaving the device.

CLI Agent                        Web Viewer
  screen → zstd compress → AES-256-GCM encrypt → relay → decrypt → decompress → render
  keys   ← decrypt ← AES-256-GCM encrypt ← relay ← encrypt ← keystrokes

The relay server only sees encrypted blobs — it cannot read your terminal content.

Zstd Compression

We switched from gzip to zstd for screen data compression. Zstd provides:

• Faster compression — 3–5x faster than gzip at similar ratios
• Better ratios — terminal output compresses well with zstd's dictionary-based approach
• Lower latency — less CPU time per frame means smoother streaming

The new message types screenZstd and screenEnc replace the previous screen type when compression or encryption is active.

What Changes for Users

Nothing — encryption is transparent. If both the CLI agent and web viewer support E2E encryption, it activates automatically. Older clients continue to work with unencrypted connections.

Message Types

• screen — Uncompressed, unencrypted (legacy)
• screenZstd — Zstd compressed, no encryption
• screenEnc — Zstd compressed + AES-256-GCM encrypted
• keysEnc — AES-256-GCM encrypted keystrokes

Requirements

• CLI Agent v2.3.0 or later
• Web Viewer — latest version at app.sessioncast.io

Update your CLI:

npm install -g sessioncast-cli@2.3.1