Self-hosted preview links for AI-built apps

Ship local apps to shareable links without exposing your IP.

Preview Tunnel sandboxes apps inside Docker, forwards traffic through an outbound relay, and gives you permission-scoped links for demos, reviews, and quick mobile checks — while keeping the host machine private.

See how it works Explore features

Outbound-only tunnel Full / read-only / blocked Auto-detects common app stacks

Live preview control surface

Active tunnel

running sandboxes

Permission

Read-only

GET/HEAD allowed, writes blocked

https://relay.example.com/p/…?t=••••••

Routing path

AI Agent → Docker sandbox → Outbound tunnel → Relay → Shareable URL

Features

A private preview system built for real workflows.

The relay sits between the public internet and the user machine, so preview traffic never directly reveals the host IP.

🛡

IP cloaking by default

Visitors only talk to the relay. Your local machine stays behind an outbound WebSocket tunnel.

🔐

Permission-scoped links

Each preview can be full access, read-only, or blocked. Read-only previews sanitize HTML and disable writes.

⚙

Stack auto-detection

Works with common app stacks out of the box: Next.js, Vite, CRA, Angular, Nuxt, Node, Python, Rails, and static HTML.

How it works

Simple on the surface, deliberate under the hood.

01 · Build

An AI agent or developer starts a local app

The plugin watches for builds, spins up a sandbox, and assigns a tunnel ID for the preview session.

02 · Tunnel

Traffic leaves the machine only through an outbound connection

No inbound ports are required on the user machine. The relay owns the public edge.

03 · Share

A link is issued with the right permission model

Generate a link, copy it, revoke it later, or limit route access depending on the review you need.

Direct mode Use your real IP for private phone/tablet review when you do not need the relay.

Live dashboards Relay admins see tunnels, requests, geographies, bandwidth, and revocation controls in real time.

Read-only rewriting Preview HTML gets rewritten to discourage edits and form submissions while keeping browsing usable.

Revocation Kill a tunnel and every link behind it immediately returns 410 Gone.

Getting started

Use the relay for production sharing, and the plugin for local previews.

Run the relay

Deploy the relay server on a VPS and point a public domain at it. The landing page lives here.

Start the plugin

Install the plugin on your machine, configure the relay URLs and secrets, then launch the daemon.

Generate a link

Run a build, create a preview, and copy the shareable URL. Revoke it whenever the review is done.

Private previews, clean links, no exposed host IP.

Want the admin console? Open the relay dashboard. Want your local sandbox view? Start the plugin dashboard from the user machine.

Open admin dashboard Review security model