docs: cool README hero + document session sharing & Remote MCP

[kshivang]

Refreshes the README intro and documents the two flagship features that were under-surfaced: session sharing (entirely absent before) and Remote MCP.

README

• Hero: centered logo + # BossTerm + tagline ("A blazing-fast terminal you can embed, share to any device, and hand to your AI") + centered badges, followed by a pillars table — ⚡ Fast · 📱 Share · 🤖 MCP for AI · 🧩 Embeddable.
• Features: added Session Sharing, Remote Control, AI/MCP Server, Embeddable.
• New ## Session Sharing section: scopes, view vs control + approval, reach (LAN / Tailscale / default Cloudflare tunnel), mobile web viewer, native remote client, end-to-end encryption — links to the full guide.
• BossTerm MCP: a Remote MCP note (drive the host's MCP from a shared viewer / native client).
• Documentation list: added the sharing guide.

docs/

• docs/session-sharing.md (new): comprehensive guide — scopes, view/control + approval (sessionSharingApprovalScope), reach modes with pre-warm/keep-warm, the touch-tuned viewer, the native "Add remote" client, Remote MCP, the E2E design (#k fragment secret never sent to the relay, per-connection AES-256-GCM, verification code, view/control tokens, trusted hosts), a full settings table, and troubleshooting.
• docs/mcp-server.md: "Remote MCP (over a shared session)" subsection.

wiki/ (mirror)

• New Session-Sharing page; a "Sharing & AI" sidebar group (Session Sharing + MCP); links from Home + Features; a Remote-MCP note on the MCP page.

Accuracy

All values verified against source: sharing defaults (sessionSharingEnabled=false, port 7677, bind=lan, cloudflare mode, funnel approval); MCP (127.0.0.1, port 7676/SSE, mcpEnabled=false, the read/write/manage_tools tool set); and the E2E scheme. Docs-only — no code changes. Pillar anchors, cross-links, the centered-HTML hero, and wiki backlinks were all link-checked.

Generated with Claude Code

[claude]

Review — docs: README hero + Session Sharing & Remote MCP

Docs-only PR (+391/−3 across README, docs/, and the wiki/ mirror). Since the main risk for documentation is silent drift from the code, I independently verified the concrete claims against source rather than taking the PR description at its word. Everything I checked is accurate. 👏

✅ Verified against source

Session-sharing settings (TerminalSettings.kt:902–960) — all eight names and defaults in the settings table match exactly:

• sessionSharingEnabled=false, sessionSharingPort=7677, sessionSharingBind="lan", sessionSharingBindHost="", shareTailscaleMode="cloudflare", sessionSharingPublicUrl="", sessionSharingApprovalScope="funnel", sessionSharingShowIndicator=true.

MCP (TerminalSettings.kt:883/891, BossTermMcpManager.kt, McpTerminalRegistry.kt) — mcpEnabled=false, mcpPort=7676, binds 127.0.0.1 only, SSE transport, default server name bossterm, manage_tools tool present. Matches the doc.

E2E encryption (SessionCrypto.kt, SessionShareManager.kt) — every cryptographic detail is correct:

• 32-byte per-share secret in the URL #k= fragment (SessionCrypto.kt:41, SessionShareManager.kt:1012)
• per-connection AES-256-GCM keys via HKDF-SHA256 (SessionCrypto.kt:18,50)
• direction byte mixed in as AAD (SessionCrypto.kt:21)
• verification code = first 8 hex of SHA-256(secret) = "first 4 bytes" (SessionShareManager.kt:314) ✓
• 24h rolling access key (GRANT_TTL_MS, SessionShareManager.kt:179) ✓

Trusted-host list (SessionShareManager.kt:643–648) — the doc's 172.16–31.* range matches the regex ^172\.(1[6-9]|2\d|3[01])\., plus 127.*, 10.*, 192.168.*, 169.254.*, *.local, *.ts.net. ✓

Approval scope — the funnel-default framing ("public links only; LAN/Serve trusted") matches both requiresApproval() (SessionShareManager.kt:279–286) and its doc comment. Correctly excludes Tailscale serve (tailnet-private) from "public links."

README — all four pillar anchors resolve (#performance, #session-sharing, #bossterm-mcp, #embedding-in-your-app); BossTerm.png exists; the 1,645 MB/s figure matches the Performance section; com.risaboss:bossterm-compose matches the real Gradle coordinate (compose-ui/build.gradle.kts:161); cross-links (docs/session-sharing.md, troubleshooting.md, mcp-server.md, embedding.md) and wiki [[…]] page refs all point at existing files.

Minor / optional notes (non-blocking)

1. "edges out Alacritty" (1,645 vs 1,633 MB/s) in the pillars table — that's a ~0.7% gap, plausibly within run-to-run variance. The number is consistent with the existing Performance section so this isn't a regression, but a hardware-dependent micro-benchmark presented as a headline claim can invite scrutiny. Consider softer phrasing (e.g. "on par with Alacritty") — purely a tone call.
2. Doc/code drift risk — the settings table duplicates defaults that live in TerminalSettings.kt. These are correct today; the usual caveat applies that nothing enforces they stay in sync. Not actionable for this PR, just worth keeping in mind when those defaults change.

Code quality / bugs / performance / security / tests

N/A — no source changes. Markdown is well-structured (ToC, tables, anchored cross-links), the writing is clear, and the security section accurately describes a genuinely sound E2E design.

Verdict: LGTM. Accurate, well-organized, and surfaces two genuinely under-documented features. Nice work.