Skip to content
carryOn carryOn carryOn

How It Works

Remote access connects your devices through three components working together: a signaling service, a relay node, and your devices. Terminal data is end-to-end encrypted at every step - no server in the middle can read it.

Components

Section titled “Components”

Signaling service

Section titled “Signaling service”

The signaling service runs on Cloudflare Workers. It handles:

  • Authentication - verifying device identities and tokens.
  • Device tracking - knowing which of your devices are currently online.
  • Session list caching - storing encrypted snapshots of your session lists so other devices can see what is available.
  • Connection orchestration - pairing two devices through a relay when you want to connect.

The signaling service never sees your terminal data. It only handles encrypted blobs and metadata needed for pairing.

Relay node

Section titled “Relay node”

The relay is a stateless WebSocket proxy that forwards encrypted bytes between two paired devices. It cannot decrypt the traffic - it sees only opaque bytes flowing in both directions. Relay nodes are horizontally scalable, and your devices are assigned one dynamically during connection setup.

Your devices

Section titled “Your devices”

Each device runs the carryOn daemon and maintains a persistent connection to the signaling service (when remote access is enabled). Devices hold their own X25519 keypairs and perform all encryption and decryption locally.

Connection flow

Section titled “Connection flow”

Here is what happens when you connect to a session on another device:

  1. Daemon registers - your daemon connects to the signaling service on startup (if remote access is enabled).
  2. Session list pushed - the daemon encrypts a snapshot of its session list and pushes it to the signaling service. The snapshot is encrypted so that only your other registered devices can read it.
  3. Browse available sessions - from another device, you see your online devices and their sessions (decrypted locally on your device).
  4. Select a session - you pick a session to connect to. The signaling service generates a short-lived pairing token and selects a relay node.
  5. Both devices connect to the relay - your two devices open WebSocket connections to the assigned relay and present the pairing token.
  6. Key exchange - an ephemeral key exchange derives a shared session key that only the two devices know. The relay never sees this key.
  7. Terminal I/O flows - terminal input and output travel through the relay, end-to-end encrypted. The relay sees only opaque bytes.
  8. Disconnect and cleanup - when the connection ends, ephemeral keys are discarded. This provides forward secrecy - even if a key were somehow compromised later, it could not decrypt past sessions.

Reconnection

Section titled “Reconnection”

If the relay connection drops - due to a network change, laptop sleep, or anything else - both devices automatically fall back to the signaling service. They re-pair through a new relay node with fresh ephemeral keys. This happens transparently and does not interrupt your session state, only the live connection.

Security

Section titled “Security”

All terminal data is end-to-end encrypted between your devices. Neither the signaling service nor the relay can read it. For full details on the cryptographic design, threat model, and trust boundaries, see the Security page.