Windows remote assistance relay
Help a host without opening their network.
Handoff creates a short-lived, token-gated session. The host keeps control, the operator gets a focused command surface, and every result streams back through the relay.
PS
.\handoff.exe new
host
DESKTOP-7Q9
outbound WebSocket
relay
handoff.whyknot.dev
token gated
operator
browser viewer
command palette
session live
n1_9K2...X7Q
sys.uptime
ok
ps.exec
host prompt
fs.delete
risky
[cmd] c_102 kind=sys.info
-> ok=true elapsed=312ms
[cmd] c_103 kind=net.curl
-> ok=true elapsed=154ms
[cmd] c_104 kind=ps.exec
-> waiting for host consent
How it moves
The host mints a session, shares the view URL, and keeps the terminal open. The operator opens the URL and queues commands. The relay forwards only known Handoff command kinds.
Risk stays visible
Mutating commands are marked in the viewer. The first risky request opens a host-side yes/no warning; that choice applies only to the current session.
No inbound hole
The host connects out to the relay. No VPN, port forward, shared Windows login, or inbound firewall exception is required.