Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tinkerer9/collabokeys/llms.txt

Use this file to discover all available pages before exploring further.

CollaboKeys is designed for trusted local networks — it grants players on the same LAN the ability to emulate keypresses on the host machine. While each player is limited to only their own assigned keys, this is still meaningful access to the host’s keyboard. This section covers the protections that are in place, what players are and are not permitted to do, and how to respond quickly if something goes wrong.

What Players Can Do

CollaboKeys is intentionally restrictive about what a player is allowed to control.
  • Only their own keys — Each player can only emulate keys that have been reserved to them. A player who owns ArrowLeft cannot send ArrowRight if that key belongs to someone else (or to no one yet).
  • Emulation can be disabled at any time — The admin can disable all emulation globally with the disable emulation command or the Enable/Disable control on the admin page. When emulation is off, no keypresses reach the OS regardless of what players send.
  • Rate limiting — A global keypress rate limit prevents players from flooding the server with inputs. By default the limit is 150 keypresses per minute across all players. This can be adjusted via maxKeypressesPerMinute in src/config.json. Set it to 0 to remove the limit entirely.
  • Keypresses only — Players send keydown and keyup events over Socket.IO. That is the extent of their capability. They cannot access files, run commands, read the host’s screen, or interact with the OS in any way other than emulated key events.

What Players Cannot Do by Default

Several potentially dangerous key types are disabled in src/keycodes.js out of the box and must be explicitly enabled by an admin before any player can emulate them:
  • System-level and modifier keyscommand, esc, shift, option, control, caps lock, tab, and delete are all disabled by default.
  • Function keysF1 through F20 are disabled by default.
  • No mouse emulation — CollaboKeys is strictly keyboard-only. There is no mechanism for players to move the mouse pointer, click, or scroll.
  • No screen access — Players cannot see the host’s screen. They interact entirely through the web client, which shows only their own reserved key list.

Admin Page Security

The admin page is the most powerful interface in CollaboKeys. Anyone who can access it can stop the server, revoke keys, or manage players.
Set adminPage.password in src/config.json to a non-empty string. Any browser that opens the admin page will be presented with a password prompt before controls become visible.
src/config.json
{
  "adminPage": {
    "enabled": true,
    "password": "your-strong-password",
    "autoAuthHost": true
  }
}
Anyone who knows the password and can reach the server on the network will be able to authenticate and run admin commands. Choose a password that others on the network cannot easily guess.
On shared or public networks — a coffee shop Wi-Fi, a school network, a hotel — always set a strong admin password or disable the admin page entirely (adminPage.enabled: false). Without a password, any device on the same network can open /admin and gain full control over the CollaboKeys server and connected players.

Monitoring

The admin page provides real-time visibility into everything happening in a session.
  • Logs panel — Every error, warn, info, and http level event is streamed live to the admin page. Player connections, name changes, keypresses, and emulation errors all appear here in real time. See the Logging page for details.
  • list command — Use list all (or ls all) at any time to see every connected player, their IP address, and the keys they have reserved. Use list active to focus on players who are actively in the session, or list wr to check the waiting room.
The host should always monitor what players are typing and what is happening on their computer — especially when running a session with people they do not know personally. Keep an eye on which players are connected, what keys they hold, and what input is being sent to the active game.

Emergency Stop Procedures

If a malicious or unexpected player connects and starts sending unwanted keypresses, stop CollaboKeys immediately using one of the following methods — listed from fastest to slowest:
1

Use the admin dashboard (fastest)

If another device has the admin page open at http://<host-ip>:<port>/admin, click the stop program button in the Controls section. This sends the stop command to the server and terminates the process instantly.
2

Quit from the Dock

Right-click (or two-finger click) the CollaboKeys icon in the macOS Dock and select Quit. This is the standard graceful quit path for the Electron app.
3

Force Quit

If the app is unresponsive, press Command + Option + Escape to open the Force Quit window. Select CollaboKeys from the list and click Force Quit.

Network Scope

CollaboKeys binds its HTTP and Socket.IO server to 0.0.0.0, which means it listens on all local network interfaces. Players must be on the same LAN as the host — cross-network play is not supported and there is no built-in tunnelling or relay.
Keep all players on a trusted home or office network. Do not port-forward the CollaboKeys port through your router or expose it to the internet. There is no authentication layer on the player-facing client page, so any device that can reach the port can join as a player.

Build docs developers (and LLMs) love

Get started for freeTalk to us