Command-as-a-Service CaaS
Turn any CLI tool into an HTTPS-accessible API endpoint. Run local commands remotely through a secure tunnel — without writing a web server, deploying containers, or opening firewall ports.
How It Works
The NFLTR agent listens for incoming HTTP requests and maps them to local command execution. When a request arrives, the agent spawns the configured command, feeds it the request body as stdin, and returns stdout as the HTTP response. The whole pipeline runs over the encrypted gRPC tunnel.
CLI Examples
Expose a script
# Start the agent with a command backend
nfltr command ./deploy.sh
# Callers hit: https://your-agent.nfltr.xyz/
# The request body is piped to deploy.sh's stdin
# deploy.sh's stdout becomes the HTTP responseExpose a database query
# Turn psql into an HTTP API
nfltr command psql -- -U app -d mydb -c
# POST body = SQL query, response = query resultsMulti-command routing
# Different commands for different paths
nfltr command ./default-handler.sh \
--route "/health:curl -s http://localhost:3000/health" \
--route "/deploy:./scripts/deploy.sh" \
--route "/logs:journalctl -u myservice -n 50"Use as a webhook handler
# Handle GitHub webhooks with a local script
nfltr command ./webhook-handler.sh
# Set the GitHub webhook URL to: https://your-agent.nfltr.xyz/Request/Response Flow
| HTTP Request | Maps To |
|---|---|
POST body | stdin of command |
URL path | Route selection / command args |
Query params | Available as env vars |
| Response | stdout of command |
| Exit code ≠ 0 | HTTP 500 + stderr |
Security
- Authenticated access — Only requests routed through the NFLTR server and authenticated by your API key reach the command.
- No open ports — The agent connects outbound. No inbound port forwarding or firewall rules needed.
- Command allowlisting — Only the pre-configured command runs. Arbitrary command injection via the request body is not possible.
- TLS encryption — All traffic between caller and agent is encrypted end-to-end over the gRPC tunnel.
💡 When to use CaaS vs SSH
Use Command-as-a-Service when you want to expose a specific command as an HTTP endpoint (webhooks, API automation). Use SSH tunneling when you need full interactive shell access.
Use Cases
- CI/CD triggers — Run deploy scripts on production servers via an HTTPS webhook from GitHub Actions.
- Internal API gateway — Expose internal CLI tools to your team without writing a web service.
- IoT commands — Send configuration or restart commands to edge devices via HTTP.
- Database access — Run queries against databases that aren't internet-accessible.
- Health checks — Expose health check scripts on remote machines for external monitoring.
Turn any command into an API
One CLI flag converts your script into an authenticated HTTPS endpoint.
CLI Reference Webhook Relay →