Let a teammate temporarily reach your local development server for pair programming.
Give a support agent time limited access to reproduce a customer's bug.
Grant a contractor scoped access to a staging database for a short debugging window.
Keep an auditable log of every remote access request, approval, and session close.
| emmayusufu/tessera | jesseduffield/openpray | jiangmuran/claude-in-box | |
|---|---|---|---|
| Stars | 23 | 24 | 24 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 4/5 | 2/5 | 4/5 |
| Audience | ops devops | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Real deployments need a public VPS, DNS record, open firewall ports, and a TLS certificate for HTTPS.
Tessera is a tool for temporarily sharing access to something on your computer, like a local database or a web server, with another person, but only after you explicitly approve it. The idea is to solve a common problem: a teammate or contractor needs to reach something running on your machine for a short debugging session, and you want a record of who accessed what and when, without leaving any permanent opening behind. The person who wants access runs a join command with a short code, and the person granting access sees a prompt on their own terminal describing who is asking and why. They type yes to approve, and a tunnel opens that forwards the requester's local port to the approved service on the host machine. Once either side ends the session, or it sits idle for too long, the connection closes and nothing remains open. Every request, approval, and session close is written to an audit log that cannot be edited after the fact. It is built from three small programs written in Go: a coordinator that runs on a public server and relays approved connections without being able to read their contents, an agent that runs on the host machine and only ever reaches out to the coordinator rather than accepting incoming connections directly, and a command line tool used by the person requesting access. Because the agent only dials outward, the host's resource is never directly exposed to the internet until a specific request has been approved. The README describes use cases like pair programming across different networks, letting a customer share their screen and system for a support session, giving a contractor time limited access to a staging database, or providing one off shell access to a machine. It can be run locally for testing, or deployed for real use with Docker or as a plain binary on a server with a public address. The project's own documentation states it has not yet had an independent security review and should not be used to protect production or sensitive systems without one.
A consent based tool that lets someone request temporary access to a service on your computer, which you approve manually, with every action logged.
Mainly Go. The stack also includes Go, mTLS, Docker.
License terms are not shown in the excerpt of the README, check the repository's LICENSE file for exact terms.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.