CLI Reference and Use Cases

Command Reference

broch share

Create a tunnel to a local service.

Syntax:

broch share <name> [--target <url>] [--inspect] [--no-rewrite]

Options:

• <name> — Name for this tunnel (used in your URL)
• --target <url> — Target service URL (default: http://localhost:80)
• --inspect — Additionally capture request/response bodies and serve a local inspector UI for replay (see Inspecting requests)
• --no-rewrite — Forward requests unmodified: skip the automatic Host/Referer/Location/Set-Cookie rewrites (X-Forwarded-* headers are still sent). See Proxy Behavior

Examples:

broch share my-app
broch share my-app --target http://localhost:3000
broch share my-app --target https://myapp.local:8443
broch share my-app --target http://localhost:3000 --inspect
broch share my-app --target http://localhost:3000 --no-rewrite

Live request log. While the tunnel is up, the CLI prints a one-line summary of every inbound request:

  my-app   ← GET → 200 / (5ms)
  my-app   ← POST → 201 /api/users (12ms)

This is always on — --inspect controls body capture and the inspector UI, not the log. Replayed requests appear with a ↳ arrow.

Inspecting requests

Pass --inspect to additionally:

• buffer the last 50 requests + responses for the tunnel in memory (bodies truncated to 64 KB);
• start a small local HTTP server (default port 4040, falling through to 4041–4049 if busy);
• print the inspector URL alongside the tunnel URL on startup.

Open the inspector URL in your browser to see captured requests, expand details, and click Replay to fire any request again at your local target. Capture is memory-only — nothing is written to disk and nothing leaves your machine.

broch status

View the status of your setup: server health and version, client version, authentication status, and your session URL format.

broch status

When the server reports a degraded state (for example a license problem), status prints each failing readiness check with its description.

broch doctor

Print a sanitized diagnostic bundle — client and server version, server health and readiness checks, version compatibility, and authentication state. Run it whenever something is wrong and email the output to [email protected].

broch doctor

The output contains no secrets — no tokens, no keys — and stays on your machine until you choose to send it.

broch user tag

Set your user tag — a 6-letter code appended to your session names to make them unique.

Syntax:

broch user tag <tag>

Example:

broch user tag abcdef

The tag must be exactly 6 letters (a–z, A–Z). After setting it, session URLs follow the format {name}-abcdef.tunnels.company.com (using your deployment’s wildcard hostname).

broch config

View and manage your local configuration.

Subcommands:

broch config show

View your current configuration:

broch config show

broch config set

Set your Broch server URL:

broch config set --server https://broch.yourcompany.com

Records the Broch server the CLI connects to — the HTTPS URL of your deployment.

broch config forget-host

Forget the pinned host key for a server. The CLI pins a server’s host key on first connection; run this after a server-side key rotation to re-arm trust-on-first-use:

broch config forget-host                       # forget the configured server
broch config forget-host https://broch.yourcompany.com

broch auth

Manage authentication.

Subcommands:

broch auth login

Authenticate with the Broch server:

broch auth login

Your browser will open for sign-in.

broch auth logout

Log out and remove stored credentials:

broch auth logout

broch --version

Check the installed version:

broch --version

More Help

Get help on any command:

broch --help
broch share --help
broch config --help

The CLI discloses commands progressively: --help shows the commands available in your current state (server configured, signed in), so a fresh install lists fewer commands than a signed-in one.