terminal-use-mcp
The terminal-use-mcp server enables AI agents to control interactive TUI (Text User Interface) programs locally and remotely through a snapshot-driven interaction loop, rather than simple command execution. Supported use cases include lazygit, vim, htop, REPLs, debuggers, and remote AI agent TUIs (e.g., Claude Code, Codex CLI).
Session Lifecycle: Start sessions with configurable command, working directory, dimensions, and TTL; attach to existing tmux sessions; list, inspect, rename, kill, and clean up sessions.
Observation: Capture terminal snapshots (viewport or full scrollback); wait for specific text/regex patterns; wait for output to stabilize; search screen or scrollback buffer; scroll the viewport.
Input & Interaction: Type text, press single keys or complex combos (e.g., ctrl+shift+f, alt+enter), paste large text with safety checks, and simulate mouse clicks/scrolls at specific coordinates.
Meta & Management: Resize terminal dimensions; export transcripts (text, JSONL, or Markdown) with optional secret redaction; check server health; list key expressions; query provider capabilities; retrieve session event history; send signals (SIGINT, SIGTERM, SIGKILL).
Remote SSH Control: List local and SSH targets; query and verify target readiness; manage sessions on remote hosts via ssh-pty or ssh-tmux.
Tmux Management: List and kill tmux sessions on local or remote hosts.
Security: Command allow/deny lists, CWD policy modes, automatic secret redaction, dangerous prompt detection, and ReDoS protection for regex input.
Allows AI agents to interact with htop for system monitoring and process management within terminal sessions.
Enables AI agents to interact with Python REPL for executing Python code interactively in a terminal.
Provides tmux-based terminal sessions with persistence, disconnect recovery, and multi-user attach capabilities.
Allows AI agents to interact with Vim editor for text editing tasks within terminal sessions.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@terminal-use-mcpstart lazygit in my project directory"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
terminal-use-mcp
Local + remote terminal interaction control MCP Server. Lets AI agents control interactive TUI programs the way a human would.
Platform | Status |
Linux x86_64 / ARM64 | Supported |
macOS Intel / Apple Silicon | Supported (best effort) |
WSL2 | Supported (best effort) |
Native Windows | Experimental (native-pty only; tmux requires psmux or WSL2) |
Windows users: The
native-ptyprovider works on Windows (shell auto-detection:ComSpec→cmd.exe). Thetmuxprovider requires a Unix PTY multiplexer — install psmux (tmux-compatible, 83 commands, usestmuxas alias) or use WSL2. Iftmuxis not on PATH, setTERMINAL_USE_TMUX_PATHto its absolute or relative path.
This is not a shell runner. Use your bash tool for simple commands. This server handles TUI programs that require keyboard interaction: lazygit, vim, htop, Python REPL, debuggers, installers, external agent TUIs (Claude Code, Codex CLI, OpenCode).
Concept
terminal-use-mcp provides a snapshot-driven interaction loop:
snapshot → analyze → type/press → wait → snapshotUnlike tmux send-keys + sleep, the server observes PTY render events directly. wait_for_text / wait_stable block until the program actually responds — no polling, no guessing.
What it is for: Programs that need keyboard input — REPLs, debuggers, TUI apps, installers, external coding agents.
What it is NOT for: Simple command execution → use your bash tool.
Related MCP server: interactive-process-mcp
Quick Start
Prerequisites
Dependency | Minimum | Purpose |
Node.js | 20+ | Run the MCP server |
npm | 8+ | Install dependencies |
node-gyp + C++ toolchain | — | Compile node-pty (optional; fallback to tmux if missing). Also needed for re2 (optional; ReDoS protection) |
tmux | 3.2+ | tmux provider (optional; only native-pty available if missing) |
MCP Client Configuration
Claude Code / Claude Desktop
Add to .mcp.json (project root) or claude_desktop_config.json:
{
"mcpServers": {
"terminal-use": {
"command": "npx",
"args": ["-y", "terminal-use-mcp"],
"env": {
"TERMINAL_USE_WORKSPACE_ROOT": "<your-project-path>",
"TERMINAL_USE_ALLOWED_CWD": "<your-project-path>,/tmp",
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}
}
}OpenAI Codex CLI
Add to .codex/config.json in the mcp_servers field:
{
"mcp_servers": {
"terminal-use": {
"command": "npx",
"args": ["-y", "terminal-use-mcp"],
"env": {
"TERMINAL_USE_WORKSPACE_ROOT": "<your-project-path>",
"TERMINAL_USE_ALLOWED_CWD": "<your-project-path>,/tmp",
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}
}
}OpenCode
Add to .opencode/opencode.json in the mcp field:
{
"mcp": {
"terminal-use": {
"type": "local",
"command": ["npx", "-y", "terminal-use-mcp"],
"enabled": true,
"environment": {
"TERMINAL_USE_WORKSPACE_ROOT": "<your-project-path>",
"TERMINAL_USE_ALLOWED_CWD": "<your-project-path>,/tmp",
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}
}
}stdio transport: stdout is reserved for MCP protocol. All logs go to stderr. Server cleans up all sessions on SIGINT/SIGTERM.
Copy-Paste Setup Prompts
Paste the appropriate prompt into your AI agent for autonomous installation:
Set up terminal-use-mcp with these steps:
1. Prerequisites check:
- Confirm Node.js 20+ and npm 8+ are available (node -v / npm -v)
2. Configure MCP:
- Create or edit .mcp.json in the project root, adding:
{
"mcpServers": {
"terminal-use": {
"command": "npx",
"args": ["-y", "terminal-use-mcp"],
"env": {
"TERMINAL_USE_WORKSPACE_ROOT": "<current-project-absolute-path>",
"TERMINAL_USE_ALLOWED_CWD": "<current-project-absolute-path>,/tmp",
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}
}
}
- Replace <current-project-absolute-path> with the actual path
- TERMINAL_USE_PROVIDERS controls which providers are enabled (comma-separated).
Common values:
- "native-pty,tmux" — local only (default, no SSH)
- "native-pty,tmux,ssh-pty,ssh-tmux" — all providers (include remote SSH)
- "tmux" — tmux only (when node-pty is unavailable)
If unsure, use "native-pty,tmux".
- If tmux is not on PATH, set TERMINAL_USE_TMUX_PATH to its absolute or relative path.
- Windows: native-pty only by default. For tmux support, install psmux (https://github.com/psmux/psmux)
which provides a `tmux` alias, or use WSL2.
- Security configuration (optional):
- TERMINAL_USE_ALLOW_COMMANDS: commands allowed despite built-in deny list (comma-separated)
- TERMINAL_USE_DENY_COMMANDS: additional commands to deny beyond built-in list (comma-separated)
- TERMINAL_USE_RISKY_COMMAND_MODE: how to handle risky commands — "deny" (default, block), "ask" (prompt user), "allow" (permit all)
If unsure, leave these unset (default deny mode is safe for most use cases).
3. Install skills:
- ASK the user: "Do you have npx skills (skills.sh) installed? (Yes / No / Not sure)"
- If Yes or Not sure (try first):
ASK the user: "Install skills globally (available across all projects) or in this project only? (global / project)"
If global: Run: npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup -g
If project: Run: npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup
If the command fails, fall back to manual download (see below).
- If No (manual download):
Download https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/terminal-use/SKILL.md
and save to .claude/skills/terminal-use/SKILL.md
Download https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/terminal-use-setup/SKILL.md
and save to .claude/skills/terminal-use-setup/SKILL.md
- ASK the user: "Do you need to remotely control any of these AI agent TUIs via terminal-use-mcp?
- Claude Code TUI (tui-claude-code)
- Codex CLI TUI (tui-codex-cli)
- OpenCode TUI (tui-opencode-native)
- OpenCode + OmO plugin TUI (tui-opencode-omo)
If unsure, skip — you can add them later with: npx skills add HLH2023/terminal-use-mcp -s <skill-name>"
- For each confirmed agent: if skills.sh is available, run
npx skills add HLH2023/terminal-use-mcp -s <skill-name>
(append -g if the user chose global install)
Otherwise, download from
https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/<skill-name>/SKILL.md
and save to .claude/skills/<skill-name>/SKILL.md
- ASK the user: "The core skill includes both local (§1-§11) and remote SSH (§12-§17) sections.
If you only use local terminals, I can remove §12-§17 to save ~500 lines.
Should I trim the skill?"
4. Restart Claude Code for the config to take effect
5. Verify:
- Confirm terminal.health, terminal.start etc. appear in the MCP tool list
- Call terminal.health to confirm server and provider status are OK
- Compare the version in terminal.health response with the skill version header (e.g. v0.2.0).
If they mismatch, inform the user and suggest updating skills with: npx skills update
Constraints:
- Do not output any secrets
- Only notify me if node-pty compilation fails; handle other issues yourselfSet up terminal-use-mcp with these steps:
1. Prerequisites check:
- Confirm Node.js 20+ and npm 8+ are available (node -v / npm -v)
2. Configure MCP:
- Create or edit .codex/config.json, adding to mcp_servers:
{
"terminal-use": {
"command": "npx",
"args": ["-y", "terminal-use-mcp"],
"env": {
"TERMINAL_USE_WORKSPACE_ROOT": "<current-project-absolute-path>",
"TERMINAL_USE_ALLOWED_CWD": "<current-project-absolute-path>,/tmp",
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}
}
- Replace <current-project-absolute-path> with the actual path
- TERMINAL_USE_PROVIDERS controls which providers are enabled (comma-separated).
Common values:
- "native-pty,tmux" — local only (default, no SSH)
- "native-pty,tmux,ssh-pty,ssh-tmux" — all providers (include remote SSH)
- "tmux" — tmux only (when node-pty is unavailable)
If unsure, use "native-pty,tmux".
- If tmux is not on PATH, set TERMINAL_USE_TMUX_PATH to its absolute or relative path.
- Windows: native-pty only by default. For tmux support, install psmux (https://github.com/psmux/psmux)
which provides a `tmux` alias, or use WSL2.
- Security configuration (optional):
- TERMINAL_USE_ALLOW_COMMANDS: commands allowed despite built-in deny list (comma-separated)
- TERMINAL_USE_DENY_COMMANDS: additional commands to deny beyond built-in list (comma-separated)
- TERMINAL_USE_RISKY_COMMAND_MODE: how to handle risky commands — "deny" (default, block), "ask" (prompt user), "allow" (permit all)
If unsure, leave these unset (default deny mode is safe for most use cases).
3. Install skills:
- ASK the user: "Do you have npx skills (skills.sh) installed? (Yes / No / Not sure)"
- If Yes or Not sure (try first):
ASK the user: "Install skills globally (available across all projects) or in this project only? (global / project)"
If global: Run: npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup -g
If project: Run: npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup
If the command fails, fall back to manual download (see below).
- If No (manual download):
Download https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/terminal-use/SKILL.md
and save to .codex/skills/terminal-use/SKILL.md
Download https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/terminal-use-setup/SKILL.md
and save to .codex/skills/terminal-use-setup/SKILL.md
- ASK the user: "Do you need to remotely control any of these AI agent TUIs via terminal-use-mcp?
- Claude Code TUI (tui-claude-code)
- Codex CLI TUI (tui-codex-cli)
- OpenCode TUI (tui-opencode-native)
- OpenCode + OmO plugin TUI (tui-opencode-omo)
If unsure, skip — you can add them later with: npx skills add HLH2023/terminal-use-mcp -s <skill-name>"
- For each confirmed agent: if skills.sh is available, run
npx skills add HLH2023/terminal-use-mcp -s <skill-name>
(append -g if the user chose global install)
Otherwise, download from
https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/<skill-name>/SKILL.md
and save to .codex/skills/<skill-name>/SKILL.md
- ASK the user: "The core skill includes both local (§1-§11) and remote SSH (§12-§17) sections.
If you only use local terminals, I can remove §12-§17 to save ~500 lines.
Should I trim the skill?"
4. Restart Codex CLI for the config to take effect
5. Verify:
- Confirm terminal.health appears when you start a session
- Call terminal.health and compare the version with the skill version header (e.g. v0.2.0).
If they mismatch, inform the user and suggest updating skills with: npx skills update
Constraints:
- Do not output any secrets
- Only notify me if node-pty compilation fails; handle other issues yourselfSet up terminal-use-mcp with these steps:
1. Prerequisites check:
- Confirm Node.js 20+ and npm 8+ are available (node -v / npm -v)
2. Configure MCP:
- Add to .opencode/opencode.json in the mcp field:
{
"type": "local",
"command": ["npx", "-y", "terminal-use-mcp"],
"enabled": true,
"environment": {
"TERMINAL_USE_WORKSPACE_ROOT": "<current-project-absolute-path>",
"TERMINAL_USE_ALLOWED_CWD": "<current-project-absolute-path>,/tmp",
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}
- TERMINAL_USE_PROVIDERS controls which providers are enabled (comma-separated).
Common values:
- "native-pty,tmux" — local only (default, no SSH)
- "native-pty,tmux,ssh-pty,ssh-tmux" — all providers (include remote SSH)
- "tmux" — tmux only (when node-pty is unavailable)
If unsure, use "native-pty,tmux".
- If tmux is not on PATH, set TERMINAL_USE_TMUX_PATH to its absolute or relative path.
- Windows: native-pty only by default. For tmux support, install psmux (https://github.com/psmux/psmux)
which provides a `tmux` alias, or use WSL2.
- Security configuration (optional):
- TERMINAL_USE_ALLOW_COMMANDS: commands allowed despite built-in deny list (comma-separated)
- TERMINAL_USE_DENY_COMMANDS: additional commands to deny beyond built-in list (comma-separated)
- TERMINAL_USE_RISKY_COMMAND_MODE: how to handle risky commands — "deny" (default, block), "ask" (prompt user), "allow" (permit all)
If unsure, leave these unset (default deny mode is safe for most use cases).
3. Install skills:
- ASK the user: "Do you have npx skills (skills.sh) installed? (Yes / No / Not sure)"
- If Yes or Not sure (try first):
ASK the user: "Install skills globally (available across all projects) or in this project only? (global / project)"
If global: Run: npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup -g
If project: Run: npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup
If the command fails, fall back to manual download (see below).
- If No (manual download):
Download https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/terminal-use/SKILL.md
and save to .opencode/skills/terminal-use/SKILL.md
Download https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/terminal-use-setup/SKILL.md
and save to .opencode/skills/terminal-use-setup/SKILL.md
- ASK the user: "Do you need to remotely control any of these AI agent TUIs via terminal-use-mcp?
- Claude Code TUI (tui-claude-code)
- Codex CLI TUI (tui-codex-cli)
- OpenCode TUI (tui-opencode-native)
- OpenCode + OmO plugin TUI (tui-opencode-omo)
If unsure, skip — you can add them later with: npx skills add HLH2023/terminal-use-mcp -s <skill-name>"
- For each confirmed agent: if skills.sh is available, run
npx skills add HLH2023/terminal-use-mcp -s <skill-name>
(append -g if the user chose global install)
Otherwise, download from
https://raw.githubusercontent.com/HLH2023/terminal-use-mcp/main/skills/<skill-name>/SKILL.md
and save to .opencode/skills/<skill-name>/SKILL.md
- ASK the user: "The core skill includes both local (§1-§11) and remote SSH (§12-§17) sections.
If you only use local terminals, I can remove §12-§17 to save ~500 lines.
Should I trim the skill?"
4. Restart OpenCode for the config to take effect
5. Verify:
- Confirm terminal.health, terminal.start etc. appear in the MCP tool list
- Call terminal.health and compare the version with the skill version header (e.g. v0.2.0).
If they mismatch, inform the user and suggest updating skills with: npx skills update
Constraints:
- Do not output any secrets
- Only notify me if node-pty compilation fails; handle other issues yourselfSkills (Optional)
terminal-use-mcp provides core skills (terminal-use and terminal-use-setup, available in the GitHub repository) that teach AI agents how to use the MCP tools correctly and how to configure the server. Additionally, there are agent-specific skills for controlling external AI agent TUIs. Skills are not included in the npm package — download them from GitHub. Install only the ones you need.
Installation via skills.sh (Recommended)
skills.sh (npx skills) provides one-command install and update for skills across 19+ AI agent platforms:
# Interactive selection — pick which skills to install (default when repo has multiple skills)
npx skills add HLH2023/terminal-use-mcp
# Install only core skills (recommended for most users)
npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup
# Install a specific agent TUI skill
npx skills add HLH2023/terminal-use-mcp -s tui-claude-code
# Install all skills (core + all agent TUI skills)
npx skills add HLH2023/terminal-use-mcp --all
# Install globally (available across projects)
npx skills add HLH2023/terminal-use-mcp -s terminal-use -s terminal-use-setup -g
# Update installed skills to latest
npx skills updateTip: Only install the TUI skills you need. For normal terminal automation (lazygit, vim, htop, REPLs), the two core skills are sufficient.
Manual Installation
Download SKILL.md files from GitHub and place them in your agent's skill directory:
Skill | Required? | Install |
| Yes (core operations) | Copy |
| Yes (core configuration) | Copy |
| If you remotely control Claude Code | Copy |
| If you remotely control Codex CLI | Copy |
| If you remotely control OpenCode | Copy |
| If you remotely control OpenCode with OmO | Copy |
When to install agent-specific skills: Only when you need to remotely control another AI agent's TUI (e.g., one agent driving another). For normal terminal automation (lazygit, vim, htop, REPLs), the core skill is sufficient.
Customization & Trimming
Skills are plain Markdown — edit them freely to match your needs:
Trim the core skill:
terminal-useincludes §1-§17. If you only use local terminals, delete §12-§17 (remote SSH). Sections like §7 (Common Patterns, ~130 lines) and §16 (Remote Operation Patterns, ~150 lines) are the largest and safe to remove if your AI learns by doing.Pick only the agent skills you need: Don't install
tui-claude-codeif you never control Claude Code. Each agent skill is fully self-contained.Minimal core skill: §1 + §3 + §6 (~80 lines) covers the essential purpose, operation loop, and safety rules. Everything else is reference material.
Each SKILL.md includes a Customization Guide table at the top that marks which sections are safe to remove.
Providers
Provider | Use Case | Key Advantage |
| Most interactive TUI programs (default) | Fast response, high-quality snapshots, highlight detection |
| Sessions needing persistence, disconnect recovery, multi-user attach | Attachable, sessions survive MCP restart |
| TUI programs on remote hosts | Reuses local xterm/snapshot/transcript stack over SSH |
| Persistent remote sessions, disconnect recovery, human-attachable | Full remote tmux lifecycle management |
Auto-selection: local → native-pty (fallback tmux); remote → ssh-pty (fallback ssh-tmux).
Provider Configuration
Control which providers are available via the TERMINAL_USE_PROVIDERS environment variable (comma-separated whitelist). If unset, all providers are enabled.
{
"env": {
"TERMINAL_USE_PROVIDERS": "native-pty,tmux"
}
}Value | Effect |
(not set) | All providers enabled |
| Local only — no SSH providers |
| tmux only — useful in environments without node-pty |
| Remote only — no local terminal providers |
Disabled providers are excluded from registration and auto-selection. terminal.health reports them as "disabled by TERMINAL_USE_PROVIDERS config".
Environment Variables
Core Configuration
Variable | Purpose | Default |
| Enabled provider whitelist (CSV) | All providers |
| Default provider (overrides auto-selection priority) |
|
| Absolute or relative path to tmux binary (when not on PATH) |
|
| CWD policy root | current working directory |
| Allowed working directories (CSV) | (empty; workspace root is always allowed via TERMINAL_USE_WORKSPACE_ROOT) |
| CWD policy for local |
|
| Commands allowed even if on deny list (CSV, overrides deny) | (empty) |
| Extra denied commands beyond built-in list (CSV) | (empty) |
| How to handle denied commands: |
|
Session & Behavior
Variable | Purpose | Default |
| Session auto-cleanup timeout (ms) |
|
| How often to check for expired sessions (ms) |
|
| Default terminal columns for new sessions |
|
| Default terminal rows for new sessions |
|
| Paste size threshold requiring confirmation (characters) |
|
| Hard paste size limit — pastes above this are always refused (characters) |
|
| Log verbosity: |
|
| Path to SSH host profiles configuration file | XDG config dir / hosts.json (profiles/*.json takes priority) |
| Set to | (not set — denied) |
| Set to | (not set — only redacted) |
Path Overrides
Variable | Purpose | Default |
| Override artifact/transcript output directory |
|
| Override XDG config directory | See XDG/platform defaults below |
| Override config.json file path |
|
| Override XDG data directory (artifact, session data) | See XDG/platform defaults below |
XDG / Platform Paths
Variable | Purpose | Platform |
| XDG config home — app appends | Linux, macOS |
| XDG data home — app appends | Linux, macOS |
| XDG runtime directory (used for SSH agent socket discovery) | Linux |
| Windows roaming app data — app appends | Windows |
| Windows local app data — app appends | Windows |
| Windows command interpreter path (used by native-pty shell wrapping) | Windows |
SSH Authentication
Variable | Purpose |
| SSH agent socket path (discovered automatically if not set; see ssh-auth.ts discovery chain) |
| SSH ProxyJump configuration (passed to SSH connection) |
MCP Tools
Session Lifecycle (7 tools)
Tool | Purpose |
| Start a terminal session |
| Attach to an existing session (tmux) |
| List all active sessions |
| Query session details |
| Rename a session label |
| Terminate a session and its process |
| Clean up all expired sessions |
Observation (5 tools)
Tool | Purpose |
| Capture current screen state |
| Wait for specific text to appear |
| Wait until output stops changing |
| Search for text in screen/scrollback |
| Scroll the terminal viewport |
Input (5 tools)
Tool | Purpose |
| Type text into the terminal |
| Send a key press (supports arbitrary combos e.g. |
| Paste large text (with safety checks) |
| Mouse click (SGR-1006) |
| Mouse wheel scroll (SGR-1006) |
Meta (7 tools)
Tool | Purpose |
| Change terminal dimensions |
| Export session transcript |
| Check server and provider status |
| List available key expressions |
| Query provider capability matrix |
| Get session event history |
| Send signal (SIGINT/SIGTERM/SIGKILL) |
Remote Control (3 tools)
Tool | Purpose |
| List available targets (local + SSH) |
| Query target details (redacted) |
| Verify SSH target local readiness preflight |
Tmux Management (2 tools)
Tool | Purpose |
| List local or remote tmux sessions |
| Kill a tmux session by name |
Security Overview
terminal-use-mcp is not a sandbox. Security policies restrict the entry point, not the TUI program's internal behavior.
Command allow + deny lists: Built-in deny list blocks dangerous startup commands (
sudo,rm,ssh,curl, etc.).TERMINAL_USE_ALLOW_COMMANDSoverrides the deny list (allow takes priority).TERMINAL_USE_DENY_COMMANDSextends it.TERMINAL_USE_RISKY_COMMAND_MODEcontrols how denied commands are handled:deny(default, block),ask(return confirmation prompt), orallow(permit all).CWD policy: Controls which directories
terminal.startcan use as working directories.TERMINAL_USE_WORKSPACE_ROOTandTERMINAL_USE_ALLOWED_CWDdefine the allowlist.TERMINAL_USE_CWD_POLICY_MODEcontrols the policy mode:"guarded"(default) allows workspaceRoot/allowedCwdRoots, blocks known dangerous roots (/,/root,/etc, etc.), and allows other non-denied dirs;"strict"only allows dirs within workspaceRoot or allowedCwdRoots — all others are denied. For agent/homelab/remote-ops usage, setTERMINAL_USE_CWD_POLICY_MODE=strictto make cwd a true allowlist.Secret redaction: Auto-replaces API keys, tokens, private keys with
<REDACTED_*>in outputConfirmation detection: Warns when dangerous prompts appear on screen
Provider whitelist:
TERMINAL_USE_PROVIDERScontrols which providers are enabled (unset = all)observationTrust: All snapshots return
observationTrust: "untrusted"— terminal output is untrusted observation, not instructionReDoS protection: User-supplied regex is validated against catastrophic backtracking. When the
re2optional dependency is installed, all regex execution uses the RE2 engine (guaranteed linear time). Withoutre2, a heuristic nested-quantifier detector blocks known dangerous patterns.
See docs/security.md for full policy details, env var overrides, and regex patterns.
Remote SSH
Remote SSH features let you control TUI programs on remote hosts. Two SSH providers available:
ssh-pty | ssh-tmux | |
Best for | Interactive remote TUI | Persistent remote sessions |
Highlights | Yes (full xterm) | No |
Disconnect recovery | No | Yes |
SSH targets are defined in ~/.config/terminal-use-mcp/hosts.json. No password login; ssh-agent or key-file auth only.
See docs/REMOTE_TERMINAL_GUIDE.md for full design.
Version & Updates
Checking Your Version
Call terminal.health — the response includes a version field reflecting the running server version.
npx Caching Behavior
npx does not auto-update. It caches the package on first run and reuses the cached version until the cache expires. To ensure you're running the latest version:
Intent | Command |
Run latest |
|
Pin a version |
|
Force refresh cache |
|
Clear npx cache entirely |
|
Skill Versioning
terminal-use-mcp provides two categories of skills:
Skill | Version Header | Maintenance |
|
| Maintained alongside server releases |
|
| Maintained alongside server releases |
|
| Community-maintained — NOT updated in lockstep with target program releases |
If a TUI program updates and keybindings change, update the corresponding skill yourself or submit a PR. The core terminal-use skill is updated with each server release.
CWD Policy Mode
TERMINAL_USE_CWD_POLICY_MODE controls CWD restriction for terminal.start:
Mode | Behavior |
| Allows |
| Only allows |
For production/agent usage, set TERMINAL_USE_CWD_POLICY_MODE=strict to make CWD a true allowlist.
Further Reading
Topic | Document |
Security policies, env vars, deny lists | |
Scrollback strategy, buffer modes | |
Type definitions, error codes | |
Remote SSH design | |
Remote SSH architecture | |
Controlling Claude Code TUI | |
Controlling Codex CLI TUI | |
Controlling OpenCode TUI | |
Controlling OpenCode + OmO |
Development
Script | Description |
| Start MCP server (tsx direct run) |
| TypeScript compilation |
| Type checking ( |
| Run all tests |
| typecheck + test |
Acknowledgments
This project was inspired by and references the following open-source projects:
Direct References (code-level inspiration)
Project | Repository | License | How Referenced |
MIT | Key mapping format and screen stabilization semantics. Independent implementation — no code copied. |
Architecture References (documentation-level only)
Project | Repository | License |
MIT | ||
MIT | ||
MIT | ||
MIT |
Runtime Dependencies
All permissively licensed (MIT). No GPL/LGPL dependencies.
Package | License |
@modelcontextprotocol/sdk | MIT |
ssh2 | MIT |
zod | MIT |
@xterm/headless + addon-unicode11 | MIT |
node-pty (optional) | MIT |
re2 (optional) | BSD-3-Clause |
License
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/HLH2023/terminal-use-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server