ngrok exposes a port. tunnel.locker knows the far end is an MCP server with a tool list, so it's MCP-aware, ephemeral, and capability-scoped: it filters the advertised tools to a --scope allowlist, refuses any out-of-scope call agent-side, and enforces a TTL on every call — so revocation is real, not cosmetic.
# install $ cargo install tunnel-locker # share a read-only view of your MCP server $ tunnel open ./my-mcp-server --relay wss://tunnel.locker --scope read link → https://tunnel.locker/t/3f9a8c…#<token>
Open the link as a teammate: in-scope tools work; out-of-scope calls are refused; the link dies on TTL or tunnel close.