Install the CLI and start using Console in minutes.
Account required
Console requires a free account. Sign up first, then run tedigo-console setup to link your API key. All sessions are authenticated and encrypted end-to-end.
# macOS / Linux
curl -fsSL https://console.tedigo.com/install.sh | bash
After installing, configure your API key. This links the CLI to your Console account.
# Link your account (requires API key from console.tedigo.com)
tedigo-console setup
# Check your version
tedigo-console version
# Update to the latest version
tedigo-console update
Share your local Claude Code, Codex, or Cursor session with your team through the browser. Each session is authenticated with your API key and accessible only to your organization.
# Start a session
tedigo-console connect
# Start with a custom name and directory
tedigo-console connect --name my-project --dir ~/code/my-app
# List active sessions
tedigo-console sessions
How it works
The CLI creates a secure WebSocket tunnel from your machine to the Console dashboard. Team members can view and interact with your terminal session in the browser. Works behind firewalls and NAT — no port forwarding needed.
Expose any local server to the internet with a public HTTPS URL. Share a dev build, test webhooks, or demo a feature — no ngrok needed.
# Expose localhost:3000 with a random URL (free)
tedigo-console tunnel 3000
Tunnel active!
Public URL: https://t-a8k3m9x2.tunnel.tedigo.com
Forwarding: localhost:3000
# Use a reserved subdomain (paid plan)
tedigo-console tunnel 3000 my-api
Public URL: https://my-api.tunnel.tedigo.com
Access Token: tk_9f3a7b2e1d...
Random vs reserved names
Random tunnels (t-xxxxxxxx) are available on every plan, including free. The URL is unguessable and disappears when you disconnect.
Reserved names are a paid feature. Reserve a subdomain in Settings → Reserved Tunnel Names to keep the same URL across every session. Names are locked to your organization — no one else can claim them.
Naming policy
Every reservation is screened before it's saved. We reject names that:
apple-login, stripe-pay)secure-verify, reset-password)api, www, status)Valid names are 3–64 characters, lowercase letters, digits, and hyphens. Each organization may hold up to 10 reserved names.
Access tokens on reserved tunnels
Reserved subdomains automatically generate an access token at runtime. Requests must include it as an Authorization: Bearer header or a ?token= query parameter. The token changes every time you start the tunnel.
Domain limitation
Browser features tied to a specific domain — like passkeys, WebAuthn, and domain-scoped cookies — won't work through tunnels. Use email and password login for testing authenticated flows.
Serve a reserved tunnel from a hostname you own — api.mycompany.com instead of my-api.tunnel.tedigo.com. TLS certificates are issued automatically on first request.
1. Reserve a tunnel name
In Settings → Reserved Tunnel Names, reserve a name like my-api. This is what your custom domain will point at internally.
2. Add your domain in Console
Go to Settings → Custom Domain and enter the subdomain you want to use (e.g. api.mycompany.com). Console will show two DNS records to add at your registrar.
3. Add the DNS records
At your DNS provider, create:
TXT record at _tedigo-verify.<your-hostname> with the value Console shows — proves you own the domain.CNAME record at <your-hostname> pointing to tunnel.tedigo.com — routes traffic to us.Example · hostname api.mydomain.net
| Type | Host | Value |
|---|---|---|
| TXT | _tedigo-verify.api.mydomain.net | tedigo-verify=a1b2c3… |
| CNAME | api.mydomain.net | tunnel.tedigo.com |
Console shows your real TXT value once you've added the domain — copy it from the panel.
4. Verify and map
Click Check DNS. Once verified, pick the reserved name from step 1 in the dropdown. Traffic to your domain will route to whichever tunnel is currently running with that name.
One domain per organization
For now, each org can have one custom domain. Support for multiple domains is on the roadmap.
Subdomains only
Use a subdomain (api.mycompany.com), not an apex (mycompany.com). Apex domains don't support CNAME records at the DNS level.
Your code and data stay yours. Console is a relay — we move bytes, we don't read them.
Authenticated connections
Every CLI connection requires a valid API key linked to your Console account. Unauthenticated connections are rejected.
Encrypted end-to-end
All traffic uses TLS 1.3 (HTTPS/WSS). Terminal data and HTTP tunnel payloads are encrypted in transit. No data is transmitted in the clear.
Organization isolation
Sessions and tunnels are scoped to your organization. Other orgs cannot see, access, or intercept them.
No storage, no logging
Terminal data and HTTP tunnel traffic are live streams. We do not store, log, record, or retain your session content or tunnel payloads. Ever.
No payload inspection
We do not inspect, analyze, parse, or read the content of your terminal sessions or HTTP tunnel requests. The relay forwards bytes — it does not look at them.
No third-party sharing
Your session data and tunnel traffic are never shared with third parties, analytics services, or AI training pipelines.
What we do track: session metadata only — connection time, duration, org ID, device ID. This powers your usage dashboard and quota enforcement. The content of your sessions and tunnel traffic is never part of this metadata.
