[loc] Kyiv · UTC+2 [doc] v0.9.0-beta.1 · english 00:00 PM
SENU / docs
EN UK
Get the binary
[ Documentation · v0.9.0-beta.1 ]

Everything worth knowing
about SENU.

Fifteen chapters — from the first SSH connection to log-viewer plugins. Everything you see in the UI, explained in plain words.

15 chapters · Last update: 2026-05-08 · Українська версія →
— 01 / 15

Overview

SENU is a native cross-platform desktop terminal for sysadmins, DevOps, and people who manage many servers. It bundles SSH, Telnet, Serial, Local, and Docker connections into a single window — plus an SFTP file browser over SSH — with two unusual additions:

  • Server-bound notes — pin notes to specific servers, directories, or files, so context survives between sessions.
  • A plugin-aware Log Viewer — runs your access logs through parsers that detect attack patterns and structure raw text into tables.

The whole app is a ~13 MB native binary (Tauri 2 + Rust), not a 200 MB Electron wrapper. No telemetry. No cloud account. No analytics.

Platforms. Windows, macOS, and Linux. Pre-built signed installers are published for Windows. macOS and Linux are buildable from source (installers ship with stable v0.9.0).

License. Apache 2.0.

— 02 / 15

SSH connections

SSH is the default protocol. Click + Server in the sidebar to add one.

Authentication methods

  • Password — typed inline or stored in the OS keychain
  • Public key — point to a private key file on disk (RSA, Ed25519, ECDSA, DSA), with optional passphrase
  • SSH agent — uses your running ssh-agent (Pageant on Windows, ssh-agent on macOS/Linux). No key file needed; ideal when you already have keys loaded
  • ProxyJump — chain through one or more bastion hosts (-J user@bastion1,user@bastion2)

Host-key verification (TOFU)

The first time you connect to a host, SENU shows the host key's fingerprint and asks you to confirm. Confirmed keys are persisted in the local known_hosts. If a host's key changes later, SENU blocks the connection and surfaces a clear warning — possible MITM.

Importing existing SSH config

The Import SSH config button parses your ~/.ssh/config and imports each host as a server entry, including HostName, User, Port, IdentityFile, and ProxyJump directives.

Connection options

  • Keepalive — 30 s interval, max 3 missed (configurable)
  • Agent forwarding — forward your local agent to the remote
  • Compression — toggleable
  • Custom port — anything 1–65535
  • Custom env — pass environment variables to the remote shell
— 03 / 15

Terminal

The terminal is built on xterm.js 6. It supports:

  • True 24-bit color
  • All standard ANSI escape sequences
  • UTF-8 (full Unicode, including emoji)
  • Mouse reporting (for htop, tmux, vim mouse modes)
  • OSC 52 — remote tmux/vim can put text into your local clipboard
  • Reflow on resize
  • Ligatures (when the chosen font supports them)
  • Smooth scrolling with adjustable buffer (default 10 000 lines)

Copy / paste

  • Copy — select with mouse, automatically copied (when "copy on select" is enabled in Settings) or Ctrl+Shift+C
  • PasteCtrl+Shift+V or middle-click (Linux/macOS)
  • Bracketed paste mode supported — large pastes won't accidentally trigger commands

Search

Ctrl+Shift+F opens an in-terminal search bar with regex support and highlight-all.

Reconnect

If a session drops (network, idle timeout, sleep), the tab shows a reconnect button. Click it to re-establish without losing scrollback.

— 04 / 15

Split layout

Split a single tab into 2, 3, or 4 panes. Useful for monitoring two servers side by side, or running top in one pane while editing in another.

  • Click the split icon in the tab bar
  • Choose the layout: 2 (vertical), 2 (horizontal), 3, or 4 panes
  • Each pane runs its own session (you can connect each to a different server)
  • Click any pane to focus it; the active pane is outlined in the brand green
  • Drag the divider to resize

To exit split mode, close the extra panes — the last remaining pane becomes the full tab again.

— 05 / 15

Broadcast input

When Broadcast is on, every keystroke goes to all open SSH tabs simultaneously. Use it to run the same command across a fleet — apt update, systemctl restart nginx, etc.

  • Toggle from the toolbar icon, or via Command Palette: Ctrl+K → type "broadcast"
  • A clear visual indicator appears in the topbar while broadcast is active (you don't want to forget you have it on)
  • Broadcast affects only SSH tabs that are open right now — new tabs aren't auto-included
  • It does not include Local / Telnet / Serial / Docker tabs

Safety. Always have at least 2 SSH tabs open before turning it on. Pre-broadcast verify what's on screen — broadcast doesn't ask "are you sure," every keystroke is final on every host.

— 06 / 15

SSH tunnels

Forward ports between local and remote. Useful for accessing internal services (databases, dashboards) without opening firewall ports.

Three forwarding modes:

  • Local forward (-L) — local port → remote port. E.g. expose the remote MySQL on localhost:3307
  • Remote forward (-R) — remote port → local port. E.g. let the remote reach a service on your laptop
  • Dynamic forward (-D) — SOCKS5 proxy for ad-hoc routing

Open the Tunnels popover from the active session's toolbar:

  1. Click + Tunnel
  2. Choose mode
  3. Enter the source/destination ports and host (defaults to 127.0.0.1)
  4. Tunnels stay alive for the duration of the SSH session

The popover shows tunnel status (active / failed) and lets you disable/enable individual tunnels without dropping the session.

— 07 / 15

Command history

Every command typed in any SSH or local tab is logged to the local command history.

  • Open with Ctrl+R (search) or via the sidebar
  • Per-server view shows commands run on a specific host
  • Global view shows everything across all hosts
  • Search is fuzzy — type a substring and matches rank by recency
  • Click a history entry to copy / paste / re-run

History is stored locally only. Never synced, never uploaded. Clear individual entries or wipe entirely from Settings → Privacy.

— 08 / 15

Files (SFTP)

Every SSH session has an attached SFTP browser. Switch from the Terminal tab to the Editor tab on the same server.

Browsing

  • Tree on the left, file list on the right
  • Double-click a folder to enter, double-click a file to open it in the built-in editor
  • Right-click for: download, upload, rename, delete, chmod, copy path, "Create note about this file"

Built-in config editor

Files open in a CodeMirror 6 editor with syntax highlighting and language detection for:

  • nginx.conf, sshd_config, *.service (systemd)
  • YAML, JSON, TOML, INI, Dockerfile, .env
  • Bash / Zsh / PowerShell scripts
  • Markdown
  • Generic plain text

Save sends the file back over SFTP. The editor warns about unsaved changes when switching files or closing the tab.

Upload / download

  • Drag-and-drop from your OS file browser into SENU
  • Multi-select for batch transfer
  • Transfer queue with progress bars
  • Resume on disconnect (if the server supports it)
— 09 / 15

Snippets

A snippets library for commonly-used commands. Right-click any line in the terminal → Save as snippet to capture it.

  • Categorize with custom tags or folders
  • Search by name, tag, or content
  • Click → copy to clipboard, or click → run in the active terminal
  • Built-in pack ships with starters: Docker, Git, Nginx, systemd, tmux, common one-liners

Snippets sync with your workspace — they're available across all sessions on your machine. They're not pushed to remote servers.

— 10 / 15

Notes

Status: BETA. Works reliably for daily use; rough edges in some edge cases.

Notes are SENU's killer feature — they pin to specific servers, directories, or files, so when you come back to a project after two weeks, you know what you did and why.

Folders

Real folder hierarchy with drag-and-drop reordering. Fold/unfold any branch. Notes can live at the root or any depth.

Tags

Add tags as #prod, #staging, #alert, etc. Tag colors are deterministic#prod always renders the same hue from a 24-color HSL palette. Click a tag pill to cycle through alternative hues if you want a manual override.

Three editing surfaces

Notes have three editing modes that share the same underlying state:

  1. Sidebar quick-edit — fast inline editing without leaving the current view
  2. Popup editor — modal, larger, distraction-light
  3. Full-screen editor — for long-form documentation

Switch between them anytime — the cursor position and content stay in sync. Auto-save runs at 1 s debounce so you can't lose work.

File binding

Right-click any file in the SFTP browser → Create note about this file. The note carries:

  • Server name
  • Full remote path
  • Inferred title (the filename, editable)

Find the note later by:

  • Server (filter the notes list by host)
  • Tag
  • Folder
  • Searching the binding path

Push-to-server (notes ↔ markdown)

Any note can be pushed back to the bound server as a Markdown file. By default it overwrites the bound path — so a note IS living documentation on the server. Useful pattern: bind a note to /etc/nginx/README.md, edit in SENU, push back, share with the team.

— 11 / 15

Log Viewer

Status: BETA. Tail and search work; plugin pipeline shipped with three parsers.

Open from the sidebar → LogsOpen. Choose a local file or pull one over SFTP.

Plugin pipeline

Logs are piped through plugins in order. Available now:

  • nginx-parser — turns Nginx access logs into a structured table with columns for timestamp, IP, method, path, status, size, user-agent. Color-coded status badges (E/W/I/D = error / warn / info / debug).
  • json-pretty — formats JSON log lines inline, with collapsible nested objects.
  • alert-rules — flags suspicious patterns. Default rules include recon attempts hitting /.env, /admin, /.git/config, brute-force login bursts, and 4xx/5xx storms.
  • laravel-parser (beta) — parses Laravel logs with stack-trace collapsing.
  • timeline-view (beta) — bucket events by minute / hour for spike visualization.

Planned: docker-logs, k8s-parser, user-defined plugins.

Tail mode

Live-follow a log file. New lines appear at the bottom; pause with the Pause button if you need to read without auto-scroll.

Search and filter

Plain-text or regex. Filter by status code, IP, time range, plugin verdict (alert-rules matches only).

— 12 / 15

Chat

Status: ALPHA. Cryptography unaudited. Use at your own risk.

Encrypted messaging between SENU users connected to the same SSH server. Useful when you and a colleague are both admins on the same host and need to exchange a quick note or credential without it sitting on Telegram's servers forever.

How it works

  • Transport runs over the SSH server itself, in /tmp/.senu/ (sticky bit 1777)
  • Each user has a long-term key file at ~/.config/SENU/chat_identity.key containing both an X25519 keypair (for ECDH) and an Ed25519 keypair (for signing)
  • Public keys are exchanged via a small "beacon" file in /tmp/.senu/
  • Messages are encrypted with AES-256-GCM using a fresh ephemeral key per message, sealed with X25519 ECDH against the recipient
  • Every message is signed with Ed25519 over a canonical signing input (sender pubkey + recipient pubkey + ciphertext + nonce + ts). The recipient rejects messages without a valid signature
  • Messages self-destruct on disconnect (the /tmp/.senu/ directory is user-cleaned)

What this gives you

  • Confidentiality — only the intended recipient can decrypt
  • Authenticity — recipient verifies the sender
  • Forward secrecy at the message level — fresh ephemeral key per message means past messages stay unreadable even if a future key leaks
  • Ephemerality — no message persists after the SSH session ends

What this does NOT give you

  • Independent audit. The cryptographic implementation has been written carefully against ed25519-dalek / x25519-dalek / aes-gcm — well-tested crates — but no third party has reviewed the protocol or implementation
  • Server trust. The SSH server itself sees ciphertext and metadata (who's talking to whom, message sizes, timing). It can't read contents
  • Out-of-band identity verification. Just like Signal "safety numbers," confirm a contact's public-key fingerprint over a trusted channel if you care about MITM resistance

Recommended use

Quick coordination between admins on the same box. Not recommended for sensitive comms where compromise would matter — use Signal / Wire / your audited tool of choice for those.

— 13 / 15

Keyboard shortcuts

Shortcut Action
Ctrl+K Command Palette (fuzzy launch servers / panels / settings)
Ctrl+Q Quick Connect
Ctrl+T New tab
Ctrl+W Close tab
Ctrl+Tab Next tab
Ctrl+Shift+Tab Previous tab
Ctrl+1Ctrl+9 Jump to tab N
Ctrl+Shift+C Copy
Ctrl+Shift+V Paste
Ctrl+Shift+F Find in terminal
Ctrl+R Command history search
Ctrl+B Toggle broadcast input
Ctrl+Shift+H Boss Key — instantly hide UI behind a decoy
Ctrl+, Settings
Ctrl+/ Documentation (this page)
Esc Close modal / popover

Boss Key replaces the SENU window with a neutral decoy in one keypress. Useful when the screen is shoulder-surfed. Press again to restore.

— 14 / 15

Settings

Open with Ctrl+, or the gear icon in the topbar.

Themes

  • Stable themes (promoted in the topbar quick picker):
    • SENU — the default. Dark with a green accent. Tuned for long sessions.
    • Nord — calm, blue-leaning Arctic palette.
  • BETA themes (in Settings → Themes, marked with a BETA badge while contrast and palette tuning continue):
    • Catppuccin · Dracula · Matrix · Neon · One Dark
    • Solarized Dark · High Contrast · Light
    • Forest · CRT · Jade

Each theme styles both the UI chrome and the terminal palette. Dark themes are tuned to avoid pure black #000000 (warmer #0c0c0c is gentler on long sessions).

Languages

  • English — full coverage
  • Ukrainian (Українська) — full coverage

Toggle via the language icon in the status bar.

Connection preferences

  • Default port (22)
  • Default keepalive interval (30 s)
  • Default known-hosts file
  • Custom SSH config path
  • Default font and font size for the terminal

Privacy

  • Clear command history (per-server or global)
  • Clear known-hosts
  • Wipe all SENU data (reset to factory state)

Updates

  • Check for updates manually
  • Auto-update infrastructure exists (signed releases via GitHub) but the user-prompt UI is incomplete in this release — manual updates are the safe path for now
— 15 / 15

FAQ

Is this an Electron app? No. SENU is built with Tauri 2 — Rust backend, system webview, ~13 MB total. Compare to ~200 MB for typical Electron alternatives.

Why custom window controls (left-side dots) on Windows? Deliberate UX choice. In DevOps workflows you often have many maximized windows; a left-side close button prevents accidental session closure when you're sweeping right-side X buttons.

Does SENU phone home? No. No telemetry, no analytics, no cloud account. The only outbound network traffic is the connections you explicitly make (SSH / Telnet / etc.) and — if you opt in — the GitHub-hosted update check.

Why no credential vault in this release? Earlier builds had a credential vault. It was removed pending a full rewrite — the previous implementation had reliability issues that aren't acceptable for credential storage. Returning in a future release.

Is the Chat feature secure? The cryptography uses standard primitives (X25519 ECDH + AES-256-GCM + Ed25519 signatures) implemented via well-tested Rust crates. However, the overall implementation has not been independently audited. Don't use it for anything you couldn't tolerate being read.

Why are some themes marked BETA? Only the SENU and Nord themes have been through a full contrast and terminal-palette pass. The other 11 work and are selectable in Settings → Themes, but small details (badge readability, scrollbar contrast, syntax highlighting in the editor) may still need polish.

Where is my data stored? In your OS application-data directory:

  • Windows: %APPDATA%\SENU\
  • macOS: ~/Library/Application Support/SENU/
  • Linux: ~/.config/SENU/

Notes, snippets, command history, workspaces, and the chat identity key all live there. Nothing leaves your machine unless you explicitly push it (e.g. notes → server).

Does SENU support Windows / macOS / Linux equally? Yes — same feature set on all three. Only difference: pre-built installers ship for Windows in v0.9.0-beta.1. macOS and Linux ship installers with stable v0.9.0 (summer 2026).

How do I report a bug? GitHub Issues: github.com/St3llArS33R/SENU/issues

License? Apache 2.0. Use, fork, modify, redistribute. See the LICENSE file in the repository.

SENU is solo-developed by Borys Zaitsev. Issues and pull requests welcome.

Did not find what you were looking for? Open an issue on GitHub →