I built this because I was tired of juggling VPN configs, SSH tunnels, and random IPs just to access things like a staging database or a dev API.
Private Connect lets you access private services by name from anywhere, without setting up a VPN, opening firewall rules, or running SSH tunnels.
You expose a single service, get a short-lived connect link, and access exactly that service, nothing else on the network.
This isn’t meant to replace VPNs or zero-trust platforms. It’s for the everyday “can you quickly check this?” and debugging cases where full network access is overkill.
Built this for myself first and decided to share it. Curious where this feels unnecessary, risky, or where you’d prefer existing tools.
It crept up slowly, through small frustrations, awkward workarounds, and moments where I caught myself thinking this feels wrong, but it’s the only way.
Over time, a pattern became hard to ignore:
We’ve gotten incredibly good at designing APIs, but we’ve barely designed access at all.
And now access is starting to behave exactly like an API, whether we intended it to or not.
I’m writing this because I kept running into access decisions that felt small in the moment, but kept shaping systems in ways I didn’t expect, and I didn’t have a good mental model for why.
I'm building Echos(https://github.com/treadiehq/echos), a platform that gives you pre-built AI agents so you can stop rebuilding orchestrators, database agents, and retry logic every time.
Sort of built this because every time I build a multi-agent system, I spend 2-3 weeks creating the same infrastructure: orchestrators that route tasks, database agents with SQL guardrails, retry logic, loop limiting, and cost tracking. Then another week of debugging when things break. I wanted to ship features, not plumbing.
Most frameworks are bulky and complex. You just want pre-built components you can compose like AWS services.
I’ve been experimenting with AI agents lately, and one problem kept coming up: they either get a raw API key with full access or nothing at all. That’s risky, especially if you’re testing agents that can make arbitrary calls.
So I hacked this together.
It lets you wrap agent actions with scoped, short-lived tokens instead of handing over your real API keys.
Right now it:
- Generates scoped, expiring tokens (default 10s)
- Logs every action to kage-keys.log
- Works as a drop-in wrapper for async functions
It’s just an MVP (tokens are fake UUIDs), but I want to see if developers find this helpful before building the production version with real crypto + proxy enforcement.
Private Connect lets you access private services by name from anywhere, without setting up a VPN, opening firewall rules, or running SSH tunnels.
You expose a single service, get a short-lived connect link, and access exactly that service, nothing else on the network.
This isn’t meant to replace VPNs or zero-trust platforms. It’s for the everyday “can you quickly check this?” and debugging cases where full network access is overkill.
Built this for myself first and decided to share it. Curious where this feels unnecessary, risky, or where you’d prefer existing tools.
Try it out at https://privateconnect.co. Also open source https://github.com/treadiehq/private-connect