Secure, remote AI coding sessions — encrypted end-to-end.
Consortium lets you run AI-powered coding sessions on remote machines and interact with them
from anywhere — your browser, your phone, or your tablet — without ever exposing your data to anyone in between.
Website · What It Does · How It Works · CLI Reference · API Reference · Self-Hosting · License
The easiest way to use Consortium is with the official hosted platform at consortium.dev:
bash
npm install -g consortiumbash
consortiumThat's it. No servers to deploy, no databases to manage, no infrastructure to maintain. Consortium handles the relay — your data stays encrypted end-to-end.
Consortium lets you run AI-powered coding sessions on remote machines and interact with them from anywhere — your browser, your phone, or your tablet — without ever exposing your data to anyone in between.
The problem: Claude Code is a powerful AI coding assistant, but it runs in a local terminal. If you want to start a session on a cloud server, a build machine, or a colleague's workstation, there's no built-in way to watch or control it remotely.
The solution: Consortium connects your machines to a secure relay. You view and manage every session through a clean interface. All communication is end-to-end encrypted — the relay only passes along data it cannot read.
Consortium is made up of three components that work together:
Your Machine Consortium Your Browser
┌──────────────┐ ┌──────────────────┐ ┌──────────────┐
│ │ Encrypted │ │ Encrypted │ │
│ Relay CLI │◄───────────►│ Relay Server │◄───────────►│ Consortium │
│ │ WebSocket │ │ WebSocket │ Web App │
│ Claude Code │ + REST │ Stores only │ + REST │ Decrypts │
│ runs here │ │ encrypted blobs │ │ locally │
└──────────────┘ └──────────────────┘ └──────────────┘
| Component | What it does |
|---|---|
| Relay CLI | Wraps Claude Code on your development machine. Encrypts everything locally and streams it to the relay server. |
| Relay Server | A lightweight message broker. Receives encrypted data, stores it, and forwards it to connected clients. It never decrypts anything. |
| Web App | A browser-based dashboard. Connects to the server, downloads encrypted session data, and decrypts it locally in your browser. |
In short: Even if the relay server were compromised, an attacker would only find encrypted data they cannot read. This is true whether you use the hosted version or self-host.
| Layer | Mechanism | Purpose |
|---|---|---|
| Authentication | Ed25519 challenge-response | Proves identity without passwords |
| Session messages | AES-256-GCM with per-session data keys | Encrypts all prompts and responses |
| Session metadata | NaCl secretbox | Encrypts session names, paths, summaries |
| Transport | WebSocket + HTTPS | Encrypted in transit |
| Server access | Zero-knowledge design | Server stores only ciphertext it cannot decrypt |
The server is intentionally designed as a zero-knowledge relay. It authenticates clients, stores encrypted blobs, and routes events — but it never possesses the keys needed to read the data passing through it.
This zero-knowledge architecture means your data is private whether you use Consortium's hosted infrastructure or deploy your own instance. We can't read your data either.
The consortium CLI wraps Claude Code with end-to-end encryption and streams your sessions through the relay server.
consortium # Start a new encrypted session
consortium auth login # Authenticate and pair this machine
consortium auth status # Check authentication status
consortium daemon start # Start the background service
consortium doctor # Run system diagnostics
consortium notify -p "Done!" # Send a push notification to your devices
The CLI supports multiple commands for authentication, session management, daemon control, multi-model AI sessions, diagnostics, and more. All Claude Code flags are also passed through automatically.
When you run consortium for the first time:
No passwords or email addresses are needed — your identity is your key.
The relay server exposes a REST API and a WebSocket interface. All data payloads are encrypted by the client before transmission — the server only stores and forwards ciphertext.
Consortium uses Ed25519 public-key challenge-response authentication. There are no passwords, no OAuth flows, and no email addresses.
Direct authentication (for clients that already have a key pair):
POST /v1/auth
| Field | Type | Description |
|---|---|---|
publicKey |
string | Base64-encoded Ed25519 public key |
challenge |
string | Base64-encoded challenge bytes |
signature |
string | Base64-encoded signature of the challenge |
Returns a JWT token on success.
Device pairing (for new CLI installations):
POST /v1/auth/request # CLI creates a pairing request
GET /v1/auth/request/status # CLI polls for approval
POST /v1/auth/response # Web dashboard approves the request
This flow lets you pair a new machine by scanning a QR code in the web dashboard. The CLI displays the code, the dashboard scans it, and the server issues a token once approved.
All session endpoints require a valid authentication token.
| Method | Endpoint | Description |
|---|---|---|
GET |
/v1/sessions |
List all sessions (most recent first, up to 150) |
POST |
/v1/sessions |
Create a new session |
GET |
/v1/sessions/:id/messages |
Get messages for a session (most recent first, up to 150) |
DELETE |
/v1/sessions/:id |
Delete a session and all its messages |
Create a session:
POST /v1/sessions
| Field | Type | Description |
|---|---|---|
tag |
string | Unique identifier for the session (prevents duplicates) |
metadata |
string | Encrypted session metadata (name, path, summary) |
dataEncryptionKey |
string? | Encrypted per-session data key (base64) |
| Method | Endpoint | Description |
|---|---|---|
POST |
/v1/machines |
Register a machine |
GET |
/v1/machines |
List all registered machines |
GET |
/v1/machines/:id |
Get a specific machine by ID |
The relay server uses Socket.io for real-time communication. Connect to the WebSocket endpoint at /v1/updates.
Connection authentication:
const socket = io(serverUrl, {
path: '/v1/updates',
auth: {
token: '<jwt-token>',
clientType: 'user-scoped', // or 'session-scoped', 'machine-scoped'
sessionId: '<session-id>', // required for session-scoped
machineId: '<machine-id>' // required for machine-scoped
}
});
Client types:
| Type | Description |
|---|---|
user-scoped |
Receives updates for all sessions and machines (used by the web dashboard) |
session-scoped |
Receives updates for a specific session only (used by the CLI) |
machine-scoped |
Receives updates for a specific machine only |
Client → Server events:
| Event | Description |
|---|---|
message |
Send an encrypted message to a session |
update-metadata |
Update encrypted session metadata (with optimistic locking) |
update-state |
Update encrypted agent state (with optimistic locking) |
session-alive |
Heartbeat indicating a session is still active |
session-end |
Signal that a session has ended |
rpc-register |
Register an RPC method handler (CLI registers bash, readFile, etc.) |
rpc-call |
Call a registered RPC method on another connected client |
Server → Client events:
| Event | Description |
|---|---|
update |
Persistent data update (new session, new message, metadata change) |
ephemeral |
Transient status update (session activity, machine online/offline) |
rpc-request |
Incoming RPC call to handle |
rpc-registered |
Confirmation that an RPC method was registered |
The RPC system lets the web dashboard invoke commands on the CLI through the relay server. The server routes requests between connected clients of the same user — it never interprets the request contents.
Web Dashboard Relay Server CLI
│ │ │
├─ rpc-call(method, params) ──►│ │
│ ├─ rpc-request(method) ───►│
│ │◄── response ─────────────┤
│◄── callback(result) ────────┤ │
RPC calls have a 30-second timeout. If the target client disconnects, all its registered methods are automatically cleaned up.
This repository contains the complete source code for Consortium Relay. If you prefer to run everything on your own infrastructure, you can.
Note: For most users, the hosted version at consortium.dev is the fastest way to get started — no servers, no databases, no maintenance. Self-hosting is available for teams that require full infrastructure control.
git clone https://github.com/ConsortiumAI/consortium-relay.git
cd consortium-relay
yarn install
cp .env.example packages/consortium-server/.env
Edit packages/consortium-server/.env with your database connection string and a random server secret:
DATABASE_URL=postgresql://user:password@localhost:5432/consortium
CONSORTIUM_MASTER_SECRET=your-random-secret-at-least-32-characters
PORT=3005
Then run the database migration:
cd packages/consortium-server
npx prisma migrate dev --name init
cd ../..
cd packages/consortium-server
yarn start
The server will start on http://localhost:3005.
cd packages/consortium-cli
CONSORTIUM_SERVER_URL=http://localhost:3005 yarn start
On firs
$ claude mcp add Consortium \
-- python -m otcore.mcp_server <graph>