COTTYby Orlix
Open source · MIT · one Go binary ████████████████████████████████ ██╔════╝ ██╔═══██╗╚══██╔══╝╚══██╔══╝╚████╔╝ ██████████║ ╚████╔╝ ██████████║ ╚██╔╝ ██████╗ ╚██████╔╝ ██████ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝

Your shell. Your guests. Your rules.

Cotty is the multiplayer terminal: host your shell, teammates join from a terminal or a browser. Watch together, and type together when you allow it. End-to-end encrypted, with per-guest permissions and a "who typed what" audit trail.

$ go install github.com/tylerbroqs/cotty/cmd/cotty@latest
cotty host · end-to-end encrypted

    

A scripted replay of a real Cotty session.

## features

Not screen sharing. A shared session.

Guests connect to the live PTY: the things pair debugging and incident response actually need, none of the video blur.

>_

Multiplayer, not a movie

Guests attach to the live terminal. Grant write access and their keystrokes land in the same shell, with no lag-smeared pixels.

[#]

End-to-end encrypted

Relayed sessions are sealed with AES-256-GCM by default. The key rides in the URL fragment: it never touches the wire, and the relay only ever sees ciphertext.

<->

Works behind NAT

The host dials out to a relay you can self-host with one command. No port forwarding, no firewall tickets, no daemons.

://

Join from a browser

Every relay serves an embedded xterm.js client, decryption included via WebCrypto. Send a link and teammates install nothing.

+/-

Per-guest permissions

Everyone joins view-only with a name. cotty ctl allow alice, deny, kick, live, from any terminal on the host machine.

===

Audit trail and recording

Every applied keystroke attributed by participant, plus joins and permission changes. Record sessions as asciicast v2 and replay them with cotty replay or asciinema.

## security

The relay can't read your session.

  • AES-256-GCM by default for every relayed session: opt out, never opt in.
  • The key never touches the network. It lives in the URL fragment, which clients strip before any request is made.
  • Wrong key fails loudly: a guest without the key is refused with an explanation, not shown garbage.
  • No accounts, no telemetry. Sessions are protected by a random join code; everything runs on machines you control.
# the host prints a join URL,
# the key stays after the #, off the wire

cotty join "wss://relay/ws?code=XJ4K2P#k=8D0Uy…"
                                └──────────┘
                          never sent anywhere

# what the relay sees:
4f 8a 2c e1 9b …  (ciphertext)

## quick start

Sharing a shell in under a minute.

On your LAN in ten seconds, or across the internet with a relay you host yourself.

Install

One static binary: host, client, relay, and web UI included.

go install github.com/tylerbroqs/cotty/cmd/cotty@latest

Host your shell

Guests are view-only by default. Cotty prints the join links.

cotty host                  # on your LAN
cotty host --relay relay.example.com:7374   # behind NAT, E2EE

Teammates join

From any terminal, or from a browser with nothing to install.

cotty join -name alice "wss://relay/ws?code=XJ4K2P#k=…"

Stay in control

Grant, revoke, and kick, live, without ending the session.

cotty ctl allow alice   # let alice type
cotty ctl kick bob      # remove bob

## get started

Stop screen-sharing your terminal.

View on GitHub Read the docs