Install the CLI and start using Console in minutes.
Account required
Console requires a free account. Sign up first, then run tedigo-console setup to link your API key. All sessions are authenticated and encrypted end-to-end.
# macOS / Linux
curl -fsSL https://console.tedigo.com/install.sh | bash
After installing, configure your API key. This links the CLI to your Console account.
# Link your account (requires API key from console.tedigo.com)
tedigo-console setup
# Check your version
tedigo-console version
# Update to the latest version
tedigo-console update
Share your local Claude Code, Codex, or Cursor session with your team through the browser. Each session is authenticated with your API key and accessible only to your organization.
# Start a session
tedigo-console connect
# Start with a custom name and directory
tedigo-console connect --name my-project --dir ~/code/my-app
# List active sessions
tedigo-console sessions
How it works
The CLI creates a secure WebSocket tunnel from your machine to the Console dashboard. Team members can view and interact with your terminal session in the browser. Works behind firewalls and NAT — no port forwarding needed.
Expose any local server to the internet with a public HTTPS URL. Share a dev build, test webhooks, or demo a feature — no ngrok needed.
# Expose localhost:3000 with a random URL
tedigo-console tunnel 3000
Tunnel active!
Public URL: https://t-a8k3m9x2.tunnel.tedigo.com
Forwarding: localhost:3000
# Use a custom subdomain (requires access token)
tedigo-console tunnel 3000 my-api
Public URL: https://my-api.tunnel.tedigo.com
Access Token: tk_9f3a7b2e1d...
Custom names are protected
Random tunnels use unguessable IDs and are open by default. Custom-named tunnels automatically generate an access token — requests must include it as a Authorization: Bearer header or ?token= query parameter.
Custom names are first-come, first-served and not reserved to your organization. Avoid sensitive names — anyone who knows the URL and token can access the tunnel while it is active. Tunnels are removed shortly after you disconnect.
Domain limitation
Browser features tied to a specific domain — like passkeys, WebAuthn, and domain-scoped cookies — won't work through tunnels. Use email and password login for testing authenticated flows.
Your code and data stay yours. Console is a relay — we move bytes, we don't read them.
Authenticated connections
Every CLI connection requires a valid API key linked to your Console account. Unauthenticated connections are rejected.
Encrypted end-to-end
All traffic uses TLS 1.3 (HTTPS/WSS). Terminal data and HTTP tunnel payloads are encrypted in transit. No data is transmitted in the clear.
Organization isolation
Sessions and tunnels are scoped to your organization. Other orgs cannot see, access, or intercept them.
No storage, no logging
Terminal data and HTTP tunnel traffic are live streams. We do not store, log, record, or retain your session content or tunnel payloads. Ever.
No payload inspection
We do not inspect, analyze, parse, or read the content of your terminal sessions or HTTP tunnel requests. The relay forwards bytes — it does not look at them.
No third-party sharing
Your session data and tunnel traffic are never shared with third parties, analytics services, or AI training pipelines.
What we do track: session metadata only — connection time, duration, org ID, device ID. This powers your usage dashboard and quota enforcement. The content of your sessions and tunnel traffic is never part of this metadata.
