Nexus Terminal

Unified SSH, Serial, Local Shell, and Port Forwarding hub for VS Code.

Manage remote servers, serial devices, local shell profiles, and TCP tunnels from a single sidebar — with proxy support, SFTP file explorer, connection multiplexing, terminal macros, regex highlighting, unread activity indicators, color schemes, and configuration import/export.

Features

• SSH Terminal Sessions — Connect to remote servers with password, private key, or SSH agent authentication. Two-factor authentication (keyboard-interactive) is fully supported — passwords auto-fill while verification codes are prompted separately. Credentials are cached securely via VS Code SecretStorage with silent re-auth. Per-server legacy algorithm toggle for older devices (Cisco IOS, embedded systems).

• SSH Key Deployment — Right-click any server and select "Deploy SSH Key" to automate key-based authentication setup. Discovers existing local keys or generates new ed25519 key pairs, deploys the public key to the remote authorized_keys, and optionally converts the server profile to key auth. Cross-platform (Windows, macOS, Linux).

• SSH Host Key Verification — Trust-on-first-use (TOFU) model stores host keys on first connection and alerts if a key changes (potential MITM). Configurable via nexus.ssh.trustNewHosts.

• Auth Profiles — Define reusable credential sets (password, private key, or SSH agent) and apply them to individual servers or entire folders in bulk. Manage profiles from a dedicated editor panel accessible via the Settings tree or context menu.

• Proxy Support — Route SSH connections through intermediaries when direct access isn't available. Three proxy types are supported per server:

  • SSH Jump Host — Select another configured server as a bastion/jump host (ProxyJump equivalent). Supports multi-hop chaining (A → B → C) with full auth reuse.
  • SOCKS5 Proxy — Connect through a SOCKS5 proxy server with optional username/password authentication.
  • HTTP CONNECT Proxy — Connect through an HTTP proxy using the CONNECT method, common in corporate environments.

• SFTP File Explorer — Browse, download, and manage remote files on connected servers. Drag-and-drop support for moving files between directories. One SSH profile can be set to open the File Explorer automatically after normal Connect when the view is not already showing that server.

• Serial Terminal Sessions — Connect to serial ports (COM/ttyUSB) with configurable baud rate, data bits, parity, stop bits, and RTS/CTS flow control. Supports break signal and XON passthrough. Includes Smart Follow mode for Windows COM-port renumbering: it retries the preferred port, silently reconnects only to the previously approved device when metadata matches, prompts before switching to unfamiliar replacement ports, updates the saved preferred port after a successful move, and keeps the terminal open while waiting or stopped instead of tearing the tab down on serial errors. Runs in an isolated sidecar process for crash safety.

• Local Shell Profiles — Save named local terminal profiles and open one or more local shell sessions from the Connectivity Hub. Use a launchable VS Code terminal profile from the profile dropdown, including common resolved PowerShell, Git Bash, Command Prompt, and WSL profiles when available, or choose Custom Shell to set an explicit shell path, one argument per line, a working directory, and an optional startup command. Manual macros, auto-trigger macros, and Nexus scripts work with Local Shell sessions.

• Port Forwarding (TCP Tunnels) — Three tunnel modes:

  • Local (-L) — Forward a local port to a remote host through SSH.
  • Reverse (-R) — Forward a remote port back to a local target.
  • Dynamic SOCKS5 (-D) — Run a local SOCKS5 proxy that routes traffic to any destination through SSH.

  All modes support configurable local bind addresses (localhost, LAN, or all interfaces), auto-start/auto-stop with server connections, live traffic counters, and a browser URL shortcut for quick access.

• SSH Connection Multiplexing — Share SSH connections across terminals, tunnels, and SFTP for the same server. Reduces connection overhead with automatic ref-counting and configurable idle timeout. Per-server toggle lets you disable multiplexing for devices that don't support multiple channels (e.g. Cisco). Automatic fallback to standalone connections handles channel failures transparently.

• Connectivity Hub — Sidebar tree view showing all servers, serial devices, and local shell profiles, organized into nested folders. Built-in filter to quickly search by name. Drag and drop to rearrange profiles, move between folders, or assign tunnels to servers. Active SSH and serial sessions highlight unread terminal activity in the tree and prepend ● to the terminal tab title until you focus that terminal again.

• Terminal Appearance — Customize terminal font family, size, and weight. Import color schemes from MobaXterm INI files or configure custom themes with live preview.

• Terminal Highlighting — Configurable regex-based pattern highlighting for SSH, serial, and Local Shell terminal output. 20+ built-in rules detect errors, warnings, status keywords, IP/MAC addresses, UUIDs, URLs, interface counters and more with inline ANSI colouring while respecting existing terminal colours. Includes a visual Rule Editor with live preview, staged Apply/Cancel, rule ordering, custom SGR foreground codes, regex safety checks, and one-click reset to defaults.

• Terminal Macros — Define reusable text sequences and send them to the active terminal with one click or keyboard shortcut. Assign any macro a custom keybinding from 108 combinations across three modifier groups: Alt, Alt+Shift, and Ctrl+Shift with A-Z or 0-9 keys. Macros without a keybinding are accessible via Alt+S quick-pick. Includes a Macro Editor panel with multiline editing, secret macro support, inline keybinding assignment, and Macros-view actions to copy or paste secret values via the system clipboard. Clipboard copies place the value in the OS clipboard as plain text. Auto-trigger (expect/send): add a triggerPattern regex to any macro — when terminal output matches, the macro text is sent automatically. Existing macros default to all-terminal matching for compatibility; new macros can be scoped to the active terminal or a matching profile, which is recommended for secret prompts. triggerCooldown prevents echo loops, triggerInterval enables prompt-gated polling macros, and macros can optionally start with auto-trigger paused until you resume them from the Macros view. See the macro guide for step-by-step setup, trigger scopes, cooldowns, intervals, and regex examples.

• Keyboard Passthrough — Optionally pass Ctrl+ key combinations (e.g. Ctrl+B, Ctrl+N) directly to the terminal for applications like vim, nano, and htop. Configurable per-key with 10 supported combinations.

• Session Transcript Logging — Automatically log clean terminal output (ANSI codes stripped) to files with configurable rotation. Per-profile toggle.

• Terminal Tab Commands — Right-click any Nexus terminal tab for three PuTTY-style commands: Reset Terminal (clears the visible screen while preserving scrollback), Clear Scrollback (clears visible and captured transcript together), and Copy All to Clipboard (ANSI-stripped transcript of the session). After a session disconnects, Reset and Clear grey out; Copy All stays enabled so a run can always be captured for a ticket or chat.

• Settings Panel — View and edit extension settings in a dedicated webview panel with grouped categories, terminal-adjacent actions, validation, and host-confirmed auto-save.

• Configuration Export/Import — Full encrypted backup with master password protection, or sanitized share export (credentials stripped, IDs remapped). Proxy configurations are preserved across backup and restore.

• Import from MobaXterm / SecureCRT — Migrate SSH session profiles directly from MobaXterm INI files or SecureCRT XML exports and session directories. Folder hierarchy is preserved.

• Scripts — Author .js automation scripts under .nexus/scripts/ (or the folder of your choice via Nexus Settings → Scripts → Scripts Folder, which exposes a native folder picker; works with or without an open workspace — when none is open, scripts live in the extension's global storage) and run them against any active SSH, Serial, or Local Shell session. Scripts use an async expect/send API (waitFor, expect, waitAny, send, sendLine, sendKey, poll, prompt, confirm, alert, sleep, log) with IntelliSense auto-seeded on first run. Each script runs in an isolated worker_threads Worker so runaway loops can be stopped in <100 ms. Macros on the script's session are suspended automatically (configurable via nexus.scripts.macroPolicy and the per-script @allow-macros header); macros on unrelated sessions keep firing normally. Minimal example:

  /**
  * @nexus-script
  * @name Quick login check
  * @target-type ssh
  */
  await expect(/[$#] $/, { timeout: 10_000 });
  await sendLine("uname -a");
  const out = await expect(/[$#] $/);
  log.info("kernel:", out.before.trim());
  

  See the full scripting guide for the complete API reference, header fields, match-window semantics, error-handling patterns, macro coordination, and examples/scripts/ for seven runnable scripts demonstrating if / while / for loops, retries, polling, user interaction, and complete multi-step procedures.

• Web Extension Fallback — Graceful degradation in browser-based VS Code (SSH/serial features require desktop runtime).

Getting Started

Nexus Terminal is available from both the VS Code Marketplace and Open VSX registries.

First Use Flow

1. Open the Nexus sidebar and create a profile with Nexus: Add Profile, Nexus: Add Server, Nexus: Add Serial Profile, or Nexus: Add Local Shell Profile.
2. Select Connect / Open Local Shell on the profile to open an SSH, Serial, or Local Shell terminal.
3. For SSH profiles, open File Explorer and run Browse Files to choose the connected profile and browse SFTP files.
4. Open Port Forwarding, add a tunnel with Nexus: Add Tunnel, assign an SSH server, then select Start.
5. Create repeatable terminal input with Nexus: Add Blank Macro or Add Macro From Template; create longer automation with Nexus: New Nexus Script.
6. Open Settings and use Encrypted Backup to save a password-protected backup, or Export for Sharing to create a sanitized export without secrets.

Install from VS Code Marketplace

1. Open VS Code and go to the Extensions view (Ctrl+Shift+X)
2. Search for Nexus Terminal
3. Select the listing from the Visual Studio Marketplace
4. Click Install
5. Open the Nexus sidebar (activity bar icon)

Install from Open VSX

• Listing URL: https://open-vsx.org/extension/sentriflow/vscode-nexterminal

1. Open your Open VSX-compatible editor (for example VSCodium, Eclipse Theia, or Gitpod).
2. Go to the Extensions view and search for Nexus Terminal in the Open VSX registry, then click Install.
3. Or install directly from a downloaded VSIX: Extensions > ... > Install from VSIX... and select the package file.
4. Open the Nexus sidebar (activity bar icon).

Install from VSIX

1. Download the .vsix from GitHub Releases
2. In VS Code or Open VSX-compatible editors: Extensions > ... > Install from VSIX...
3. Open the Nexus sidebar (activity bar icon)

Add a Server

1. Click + in the Connectivity Hub title bar, or run Nexus: Add Server from the command palette
2. Enter host, port, username, and authentication details (password, private key, or SSH agent)
3. Optionally configure a proxy (SSH jump host, SOCKS5, or HTTP CONNECT) under the Proxy section
4. Right-click the server and select Connect to open a terminal session
5. To set up key-based auth: right-click the server → Deploy SSH Key → select or generate a key → the public key is deployed automatically

Connect Through a Proxy

If your target server is behind a firewall or bastion host:

1. SSH Jump Host — First add the bastion server as a regular server profile, then edit the target server and set its proxy to "SSH Jump Host", selecting the bastion from the dropdown. Multi-hop chains (A → B → C) work automatically.
2. SOCKS5 / HTTP CONNECT — Edit the target server and set its proxy type, entering the proxy host, port, and optional credentials. Proxy passwords are stored securely in VS Code SecretStorage.

Add a Serial Device

1. Click the serial icon in the Connectivity Hub title bar, or run Nexus: Add Serial Profile
2. Use Scan Serial Ports to discover available ports
3. Choose Standard or Smart Follow connection mode, then configure baud rate, data bits, parity, and stop bits
4. Right-click the profile and select Connect
5. Smart Follow profiles coexist with other serial sessions on different ports, print status updates in the terminal when they switch ports or wait for reattach, silently reconnect only to the previously approved device, and prompt before switching to unfamiliar free ports. Connecting any serial profile is blocked only when the target port is already held by another Nexus serial session.

Add a Local Shell Profile

1. Run Nexus: Add Local Shell Profile, or use Nexus: Add Profile and select Local Shell Profile
2. Name the profile for the workflow you want to save, for example PowerShell Admin, WSL Ubuntu, or Project Shell
3. Choose VS Code Terminal Profile to pick a launchable VS Code terminal profile. Nexus lists explicit-path profiles plus common resolved profiles such as PowerShell, Git Bash, Command Prompt, and detected WSL distros when their executable can be found.
4. Choose Custom Shell when you need a path, command, or arguments Nexus cannot infer. For WSL on Windows, use C:\Windows\System32\wsl.exe; add arguments one per line when you need a distro or startup option, for example -d and Ubuntu
5. Optionally set a working directory and startup command, then save the profile
6. Right-click the profile and select Open Local Shell. You can open multiple sessions from the same saved Local Shell profile.
7. Auto-trigger macros can match Local Shell output. Existing macros scoped to All terminals will also apply to Local Shell sessions; use profile-scoped macros for shell-specific prompts.

Set Up Port Forwarding

1. Switch to the Port Forwarding section in the sidebar
2. Click + to add a tunnel profile and choose the type:
   • Local Forward (-L): specify local port, remote host, and remote port
   • Reverse Forward (-R): specify remote bind address/port and local target host/port
   • Dynamic SOCKS5 (-D): specify local port (default 1080) — routes traffic to any destination through SSH
3. Assign an SSH server to the tunnel, or leave it unassigned to choose at start time
4. Right-click the tunnel and select Start

You can also drag a tunnel profile onto a server in the Connectivity Hub to start it immediately.

Browse Remote Files

1. Connect to an SSH server
2. Open the File Explorer section in the Nexus sidebar
3. Click the server icon to set it as the active SFTP target
4. Browse, download, or drag files between remote directories

In an SSH profile's advanced options, enable Open File Explorer on first connection to start SFTP automatically after normal Connect when the File Explorer is not already showing that server. Saving it checked disables it on any other SSH profile, and it does not run when that profile is used as a jump host, tunnel connection, group connect item, or script-started connection.

Export / Import Configuration

• Encrypted Backup: Run Nexus: Export Backup to create a master-password-protected backup including all profiles, settings, saved credentials, the user .ssh folder, and the configured Nexus scripts folder
• Share Export: Run Nexus: Export Configuration to create a sanitized export safe for sharing (credentials stripped, learned hardware identifiers removed, IDs remapped)
• Import: Run Nexus: Import Configuration to restore from either format. Merge skips existing local .ssh / script files; Replace overwrites files present in the backup but does not delete extra local files.

Import from MobaXterm or SecureCRT

Power users migrating from other SSH clients can import their connection profiles directly:

• MobaXterm: Run Nexus: Import from MobaXterm and select your MobaXterm .ini configuration file. SSH sessions are imported with their folder organization preserved.
• SecureCRT: Run Nexus: Import from SecureCRT and select either your SecureCRT XML export file or your Sessions/ directory. SSH sessions are imported with their hierarchy as folder groups.

Both importers extract hostname, port, and username from each SSH session. Non-SSH sessions (RDP, Telnet, etc.) are skipped. Imported servers default to password authentication.

Development

npm install
npm run build
npm test

To package a VSIX:

npm run package:vsix

Key Settings

Maintainer Notes

• Release process: docs/release.md

Documentation

See docs/functional-documentation.md for detailed architecture and design documentation.

License

Apache 2.0