Skip to main content
The Synti server runs the agent without a desktop window, exposing it over a WebSocket that clients connect to. Use it to keep an agent running on a remote machine, drive it from CI, or share one backend across the terminal client, a browser, and thin desktop clients. Clients authenticate with a bearer token, and remote deployments should always run over TLS.

Start a server

Generate a token and launch the server. Bind to loopback for local-only use, or to all interfaces for remote access.
The server listens on 127.0.0.1:9100 by default. Print the token you generated and keep it safe — clients need it verbatim.
Never expose the server on a network without TLS. Anyone who can reach the port and token gets full agent access, including tools that run commands and read files.

Configuration

The server reads its settings from environment variables. When a certificate and key are set, the server accepts secure wss:// connections; otherwise it speaks plain ws://.

Enable TLS

1

Obtain a certificate and key

Use a trusted certificate (for example from Let’s Encrypt) for public hosts, or a self-signed pair for private networks.
2

Point the server at them

3

Connect over wss://

Clients now use a wss:// URL. For a self-signed certificate, clients must trust your CA with SYNTI_TLS_CA.

Connect a client

Point the CLI at the server and verify connectivity:
See Terminal Client and the full CLI reference.

Deployment notes

For production, front the server with nginx, Caddy, or a Cloudflare Tunnel and let it handle TLS. The server can then bind to loopback while the proxy faces the network.
Tailscale, a WireGuard mesh, or an SSH tunnel keeps the server off the public internet entirely while still allowing remote clients.
Treat SYNTI_SERVER_TOKEN like a password. Rotate it by restarting the server with a new value and updating clients.

Terminal Client

Connect and drive the server from the shell.

CLI Reference

Every synti-cli command and flag.

Environment Variables

All server-mode variables.

Network Proxy

Reach a server through a proxy or CA.