Back to Documentation

DriftSocket Documentation

Temporary documentation. Detailed guides and API references will be published as the platform stabilizes.

What DriftSocket Is

DriftSocket provides secure, identity-aware tunneling to expose services safely with auditability and network controls.

Getting Started

  • Define the service you want to expose and expected traffic profile.
  • Decide the access model: public, allowlisted, or identity-gated.
  • Contact the Mecverse team to provision an environment and credentials.
Request Access

CLI Commands

DriftSocket ships with a CLI named ds. The core workflow is: authenticate, start a tunnel, then share the public URL.

Authenticate

ds login

Opens a browser-based login and stores an access token locally for subsequent commands.

HTTP Tunnel

Forward a local HTTP service running on a port to a public URL.

ds http 3000

# Optional: choose a region
ds http 3000 --region ap-south-1

# Optional: request a stable hostname
ds http 3000 --hostname api.myteam.example

ds http <port> creates an encrypted tunnel and forwards incoming traffic to localhost:<port>.

TCP Tunnel

Forward a raw TCP service such as Postgres, Redis, or an internal API gateway.

ds tcp 5432

# Optional: bind to a specific local host
ds tcp 5432 --local-host 127.0.0.1

Restrict Access

Keep tunnels private by default and explicitly allow only what you need.

# Allowlist by IP/CIDR
ds http 3000 --allow 203.0.113.10 --allow 198.51.100.0/24

# Require identity-based access (SSO / org members)
ds http 3000 --require-auth

Inspect and Manage Tunnels

ds status
ds tunnels list
ds tunnels close <tunnel-id>

Use these commands to confirm which tunnels are active and to close them when work is complete.