Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Team Collaboration

One of tuna's best features is built-in support for team development. Each developer automatically gets their own subdomain, preventing conflicts.

The Problem

When multiple developers work on the same project with tunnels:

  • Subdomain conflicts - Two people can't use api.example.com at the same time
  • Manual coordination - "Hey, are you using the tunnel right now?"
  • DNS collisions - Overwriting each other's DNS records

The Solution: $USER Variable

Use the $USER environment variable in your forward domain:

{
  "tuna": {
    "forward": "$USER-api.example.com",
    "port": 3000
  }
}

Now each developer automatically gets their own subdomain:

DeveloperUsernameTunnel URL
Alicealicehttps://alice-api.example.com
Bobbobhttps://bob-api.example.com
Charliecharliehttps://charlie-api.example.com

Setup

1. Configure package.json

{
  "tuna": {
    "forward": "$USER-api.example.com",
    "port": 3000
  }
}

2. Each Developer Logs In

Each team member runs this once:

tuna --login

They'll need:

  • The same Cloudflare API token (shared) or their own token with appropriate permissions
  • The root domain (example.com)

3. Run Normally

tuna npm run dev

Each developer sees their own URL:

✓ Tunnel active: https://alice-api.example.com → localhost:3000

Patterns

API Server

{
  "tuna": {
    "forward": "$USER-api.example.com",
    "port": 8080
  }
}

Frontend + Backend

For a monorepo with multiple services:

// packages/frontend/package.json
{
  "tuna": {
    "forward": "$USER-app.example.com",
    "port": 3000
  }
}
 
// packages/backend/package.json  
{
  "tuna": {
    "forward": "$USER-api.example.com",
    "port": 8080
  }
}

Feature Branches

Use $TUNA_USER for feature-specific tunnels:

# Working on feature-auth
TUNA_USER=auth tuna npm run dev
# → auth-api.example.com
 
# Working on feature-payments
TUNA_USER=payments tuna npm run dev
# → payments-api.example.com

Sharing Credentials

Option 1: Shared API Token

Create one API token and share it with the team:

Pros:
  • Simple setup
  • One token to manage
Cons:
  • Can't revoke access for one person
  • Harder to audit who did what

Option 2: Individual Tokens

Each developer creates their own token:

Pros:
  • Can revoke individual access
  • Better audit trail
  • Follows principle of least privilege
Cons:
  • More setup per person

Token Permissions Needed

Each token needs:

ScopeResourcePermission
AccountCloudflare TunnelEdit
AccountAccess: Apps and PoliciesEdit
ZoneDNSEdit
AccountAccount SettingsRead

Listing Team Tunnels

See all tunnels for your domain:

tuna --list

Output:

TUNNELS for example.com (3)
 
NAME                           STATUS    DOMAIN                     CREATED
tuna-alice-api-example-com     ● active  alice-api.example.com      2024-01-15
tuna-bob-api-example-com       ● active  bob-api.example.com        2024-01-15
tuna-charlie-api-example-com   ○ down    charlie-api.example.com    2024-01-14

Cleanup

Developers can clean up their own tunnels:

# Delete current project's tunnel
tuna --delete
 
# Delete specific tunnel
tuna --delete tuna-alice-api-example-com

Best Practices

  1. Use consistent naming - Agree on a pattern like $USER-{service}.example.com
  2. Document the setup - Add tuna setup to your project's README
  3. Share the domain - Everyone should use the same root domain
  4. Clean up old tunnels - Delete tunnels when leaving a project