Status: unsupported experimental. These surfaces are source-available but outside the supported v3 product contract. They are hidden from default
hack --help(seehack help --all) and print a warning when invoked.
This is a beta workflow.
Start with Core docs if you are new to hack, and use Beta workflows
for the rest of the remote path.
⚠️ Experimental: this guide has not been validated end-to-end yet. Use with caution and report issues.
Use SSH port-forwarding when you want quick, ad-hoc access without extra tooling. You still need a reachable SSH host (public IP, VPN, or Tailscale).
hack remote setupChoose SSH tunnel when prompted. The wizard enables the gateway, creates a token, and prints the SSH port-forward + QR payload.
- Enable gateway + create a token:
hack gateway enable
hack daemon stop && hack daemon start
hack x gateway token-create --scope read- Forward the gateway port (from your remote client):
ssh -L 7788:127.0.0.1:7788 <user>@<public-host-or-tailnet>- Verify from the client (127.0.0.1 is your local end of the tunnel):
curl -H "Authorization: Bearer $HACK_GATEWAY_TOKEN" http://127.0.0.1:7788/v1/statusIf your machine is not directly reachable, use one of:
- Tailscale (recommended for SSH):
tailscale up --ssh - Public IP + router port-forwarding to SSH
- Cloudflare Access (desktop clients only): see
remote-cloudflare.md
If you want a stable hostname (e.g. ssh.example.com):
- Point an A/AAAA record to your public IP.
- Forward TCP port 22 on your router to your machine.
- Use the DNS name in the SSH command:
ssh <user>@ssh.example.com
hack remote qr --ssh --ssh-host <host> --ssh-user <user>This prints an ssh:// QR payload for mobile clients.