Managed cloud. Self-hosted control.
TucDesk Cloud
ManagedSign up and connect your first machine in under 2 minutes. TucDesk handles API servers, rendezvous, relay, storage, and updates.
- •Multi-tenant, isolated by team
- •Always free for individual developers
- •Paid plans for teams and organizations
- •Dashboard at app.tucdesk.app
- •iOS and Android apps included
Self-Hosted
Open SourceRun API, Rendezvous, and Relay on your own servers. Deploy the dashboard Docker image with explicit TucDesk endpoint URLs. Full control. Zero phone-home.
- •API, Rendezvous, TURN — MIT license
- •Dashboard image: ghcr.io/tucdesk/dashboard:latest
- •Same mobile apps, custom server endpoint
- •docker compose up — one command start
TUCDESK_API_URL=https://api.yourdomain.com \
TUCDESK_DASHBOARD_URL=https://dash.yourdomain.com \
TUCDESK_RENDEZVOUS_URL=https://rv.yourdomain.com \
TUCDESK_RELAY_ADDR=rv.yourdomain.com:4101 \
docker compose \
-f docker-compose.selfhosted.yml \
--env-file .env.selfhosted up -d█Encryption from key generation to session close
ED25519 Identity
[ID] Each agent generates a unique cryptographic identity at install time. Registration is signature-verified. No passwords. No shared secrets.
E2E Session Encryption
[E2E] X25519 key exchange and AES-256-GCM protect every session. The relay is a dumb pipe and cannot see your payload.
Signed Audit Trail
[AUDIT] Every action produces an immutable, cryptographically signed audit entry. Tamper detection is built in and exportable for compliance.
From one machine to ten thousand
- •Connect agents via SSH-style pairing key
- •Tag and group machines for policy and batch operations
- •Run commands across tagged fleets in parallel
- •Session recording with cryptographically signed playback
- •ACL policy: allow/deny by agent, team, tag, time window
$ tucdesk fleet run \
--tag production-db \
--command "systemctl status postgres"
running db-01.prod ───────── ok (42ms)
running db-02.prod ───────── ok (38ms)
running db-03.prod ───────── ok (51ms)
✓ 3/3 agents responded█Every surface. Same encryption.
Windows
PowerShell bootstrap, ZIP artifacts, setup installer, and service mode.
Linux
amd64, arm64, and armhf agents with shell, deb, rpm, and apk paths.
Android
Native Compose app with Play Store and self-hosted server profile support.
Installer details matched to your device
Landing visitors keep the same design system, but the install path adapts: iOS and Android redirect to the native pages, while desktop users see Windows, macOS, or Linux-specific commands and artifacts.
1. Install on Desktop
The Linux path is tuned for bare metal, VMs, containers, and cloud instances with service registration plus package artifacts for rollout systems.
- •Download Linux packages
- •deb / rpm / apk / Snap / AUR
2. Register identity
The agent generates an ED25519 identity, registers with rendezvous, and writes the service profile locally.
curl -fsSL https://get.tucdesk.app/install.sh | bash█3. Connect from anywhere
Use the dashboard, mobile apps, TUI, or MCP tools against the same encrypted agent identity and audit model.
tucdesk status
online · paired · audited█Claude and other AI agents can control your fleet
TucDesk ships a native MCP server with tools for fleet operations. Connect Claude, GPT-4, or any MCP-compatible client to read agent status, open sessions, run commands, and review audit logs. Human-in-the-loop approval gates prevent unauthorized autonomous execution.
{
"mcpServers": {
"tucdesk": {
"command": "npx",
"args": ["-y", "tucdesk-mcp"],
"env": {
"TUCDESK_API_URL": "https://api.tucdesk.app",
"TUCDESK_API_KEY": "tdk_..."
}
}
}
}█Infrastructure you can audit, fork, and run
MIT Licensed
API, Rendezvous, TURN relay
Go + Next.js
The full stack
GitHub Releases
Signed binaries every release
The session relay, rendezvous registry, and API server are fully open source under the MIT license. Self-hosters run these on their own infrastructure. The dashboard is distributed as a pre-built Docker image.
Running in 3 steps
The self-hosted distribution keeps the moving parts explicit: environment file, Docker Compose stack, then an agent install command that writes the server profile to disk.
1. Copy the example env file
Start from the documented self-hosted environment template.
cp .env.selfhosted.example .env.selfhosted█2. Start the stack
Run API, rendezvous, TURN, storage, Redis, Postgres, and dashboard.
docker compose -f docker-compose.selfhosted.yml --env-file .env.selfhosted up -d█3. Install agents
Persist the self-hosted ServerProfile into the agent config file.
TUCDESK_MODE=self_hosted ./install.sh█Agent install is readable and auditable
Every environment variable is explicit. No hidden callbacks. No phone-home on self-hosted deployments.
TUCDESK_MODE=self_hosted \
TUCDESK_API_URL="https://api.yourdomain.com" \
TUCDESK_RENDEZVOUS_URL="https://rv.yourdomain.com" \
TUCDESK_RELAY_ADDR="rv.yourdomain.com:4101" \
TUCDESK_RELAY_URL="https://rv.yourdomain.com" \
curl -fsSL https://get.tucdesk.app/install.sh | bash█Start free. Scale when you need to.
- •Always free for individual developers
- •Personal agents and sessions
- •Community support
- •20 operators, 500 agents
- •1 TB recordings
- •4-hour SLA
- •Slack channel support
- •Unlimited self-hosted agents
- •MIT licensed infra
- •Docker image included
- •Community Discord
Self-hosted deployments use the open source infrastructure and the TucDesk dashboard Docker image at no cost.