streamlit-remote 0.1.0__tar.gz

streamlit_remote-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yuichiro Tachibana (Tsuchiya)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

streamlit_remote-0.1.0/PKG-INFO

@@ -0,0 +1,225 @@
+Metadata-Version: 2.4
+Name: streamlit-remote
+Version: 0.1.0
+Summary: Run Streamlit apps with optional remote HTTPS access.
+Author: Yuichiro Tachibana (Tsuchiya)
+Author-email: Yuichiro Tachibana (Tsuchiya) <t.yic.yt@gmail.com>
+License-Expression: MIT
+License-File: LICENSE
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Internet :: WWW/HTTP
+Requires-Dist: cryptography>=42
+Requires-Dist: streamlit>=1.28
+Requires-Python: >=3.10
+Project-URL: Homepage, https://github.com/whitphx/streamlit-remote
+Project-URL: Repository, https://github.com/whitphx/streamlit-remote
+Project-URL: Issues, https://github.com/whitphx/streamlit-remote/issues
+Description-Content-Type: text/markdown
+
+# streamlit-remote
+
+`streamlit-remote` runs a Streamlit app locally, can serve it over local HTTPS, and can expose it through a temporary remote HTTPS URL.
+
+It supports Cloudflare Quick Tunnel, ngrok, and managed self-signed certificates for local HTTPS. It is meant for development, demos, and temporary sharing, similar in spirit to Slidev's remote access workflow.
+
+## Installation
+
+```bash
+pip install streamlit-remote
+```
+
+This package requires Python 3.10 or newer.
+
+## Basic Usage
+
+```bash
+st-remote app.py
+```
+
+This starts Streamlit on `http://localhost:8501`, starts a Cloudflare Quick Tunnel to that local URL, prefixes logs from both child processes, prints the public `trycloudflare.com` URL once Cloudflare reports it, and opens that remote URL in your browser.
+
+You can also use the alias:
+
+```bash
+streamlit-remote app.py
+```
+
+## Options
+
+```bash
+st-remote APP [--port 8501] [--host localhost] [--https off] [--provider cloudflare]
+```
+
+Useful options:
+
+```bash
+st-remote app.py --port 9000
+st-remote app.py --host 0.0.0.0
+st-remote app.py --no-remote
+st-remote app.py --no-browser
+st-remote app.py --dry-run
+st-remote app.py --https self-signed --no-remote
+st-remote app.py --provider ngrok
+st-remote app.py --provider ngrok --tunnel-log-level warn
+st-remote app.py -- --server.headless true
+```
+
+Extra arguments after `--` are passed to `python -m streamlit run`.
+
+`st-remote` starts Streamlit in headless mode so Streamlit does not open the local URL automatically. When remote access is enabled, `st-remote` opens the detected remote HTTPS URL instead. Use `--no-browser` to suppress browser opening.
+
+## Local HTTPS
+
+By default, Streamlit runs locally over HTTP:
+
+```bash
+st-remote app.py --https off
+```
+
+For local HTTPS, use managed self-signed mode:
+
+```bash
+st-remote app.py --https self-signed --no-remote
+```
+
+`streamlit-remote` creates and reuses a local development certificate in its own cache directory, then passes Streamlit's `server.sslCertFile` and `server.sslKeyFile` options automatically. You do not need to choose filenames or manage generated certificate files.
+
+Browsers generally do not trust self-signed certificates by default. You may see a certificate warning unless you manually trust the generated certificate. This mode is intended for local development and testing, not production.
+
+Advanced users can pass existing certificate files:
+
+```bash
+st-remote app.py --https cert-files \
+  --ssl-cert-file cert.pem \
+  --ssl-key-file key.pem
+```
+
+## Remote Providers
+
+### Cloudflare Tunnel
+
+Cloudflare Quick Tunnel requires the `cloudflared` command to be installed and available on `PATH`.
+
+Install instructions are available from Cloudflare:
+
+https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/
+
+`streamlit-remote` checks for `cloudflared` before starting the tunnel and prints an actionable error if it is missing. It does not install `cloudflared` automatically.
+
+### ngrok
+
+ngrok requires the `ngrok` command to be installed and available on `PATH`.
+
+Install instructions are available from ngrok:
+
+https://ngrok.com/download
+
+Configure your ngrok account token before use:
+
+```bash
+ngrok config add-authtoken TOKEN
+```
+
+Then run:
+
+```bash
+st-remote app.py --provider ngrok
+```
+
+ngrok provides HTTPS for the public URL while forwarding to your local Streamlit app. If you combine ngrok with local self-signed HTTPS:
+
+```bash
+st-remote app.py --provider ngrok --https self-signed
+```
+
+ngrok still provides HTTPS for the public URL. The self-signed certificate is used only between the local ngrok agent and Streamlit.
+
+## Tunnel Logs
+
+Tunnel provider logs are shown by default:
+
+```bash
+st-remote app.py --tunnel-log-level info
+```
+
+Use a quieter level to reduce provider noise while keeping Streamlit logs visible:
+
+```bash
+st-remote app.py --provider ngrok --tunnel-log-level warn
+st-remote app.py --provider ngrok --tunnel-log-level error
+st-remote app.py --provider ngrok --tunnel-log-level off
+```
+
+`off` suppresses printed tunnel logs but still captures provider output internally when needed to detect the remote URL. ngrok also uses its local agent API as a fallback for URL detection.
+
+## HTTPS Serving vs Remote Access
+
+The design treats HTTPS serving and remote access as separate concepts.
+
+HTTPS serving means the user-facing URL uses HTTPS. Remote access means the app is reachable from outside your local machine.
+
+Cloudflare Quick Tunnel and ngrok usually provide both at once: Streamlit can run locally over plain HTTP, while the provider gives you a public HTTPS URL that forwards to the local app.
+
+Local self-signed HTTPS is different: Streamlit itself runs with HTTPS locally. You can use this without remote access, or combine it with a remote provider when you specifically want HTTPS between the tunnel agent and Streamlit.
+
+Common combinations:
+
+```text
+--https off + --provider cloudflare
+  Public HTTPS via Cloudflare, local HTTP Streamlit.
+
+--https off + --provider ngrok
+  Public HTTPS via ngrok, local HTTP Streamlit.
+
+--https self-signed + --no-remote
+  Local HTTPS Streamlit only.
+
+--https self-signed + --provider ngrok
+  Public HTTPS via ngrok, local HTTPS between ngrok and Streamlit.
+```
+
+For managed self-signed HTTPS with Cloudflare Tunnel, `streamlit-remote` also passes Cloudflare's origin TLS verification flag automatically so `cloudflared` can connect to the local self-signed Streamlit server.
+
+## Security
+
+This exposes a local Streamlit app to the internet.
+
+Do not use it for sensitive data unless you have proper authentication and access control in place. Cloudflare Quick Tunnel and ngrok are best suited for development, demos, and temporary sharing.
+
+Streamlit's built-in SSL configuration is useful for local testing, but it is not a replacement for a production HTTPS reverse proxy.
+
+## Limitations
+
+The current package does not include mkcert integration, production Cloudflare named tunnels, authentication, password protection, reverse proxy management, or PyPI publishing automation.
+
+## Roadmap
+
+- local HTTPS with mkcert
+- optional auth and access-control integration
+
+## Development
+
+```bash
+uv run pytest
+```
+
+## Release Management
+
+This project uses `scriv-release` for changelog-fragment based releases.
+
+For user-visible changes, add a fragment:
+
+```bash
+uv run scriv create --edit
+```
+
+When fragments are merged to `main`, the release workflow opens or updates a changelog preview PR. Merging that preview PR tags the release. Tag pushes matching `v*` run the PyPI publish workflow through Trusted Publishing.
+
+The release workflow expects a GitHub App configured through `RELEASE_APP_CLIENT_ID` and `RELEASE_APP_KEY` so release tags can trigger the downstream publish workflow.

streamlit_remote-0.1.0/README.md

@@ -0,0 +1,200 @@
+# streamlit-remote
+
+`streamlit-remote` runs a Streamlit app locally, can serve it over local HTTPS, and can expose it through a temporary remote HTTPS URL.
+
+It supports Cloudflare Quick Tunnel, ngrok, and managed self-signed certificates for local HTTPS. It is meant for development, demos, and temporary sharing, similar in spirit to Slidev's remote access workflow.
+
+## Installation
+
+```bash
+pip install streamlit-remote
+```
+
+This package requires Python 3.10 or newer.
+
+## Basic Usage
+
+```bash
+st-remote app.py
+```
+
+This starts Streamlit on `http://localhost:8501`, starts a Cloudflare Quick Tunnel to that local URL, prefixes logs from both child processes, prints the public `trycloudflare.com` URL once Cloudflare reports it, and opens that remote URL in your browser.
+
+You can also use the alias:
+
+```bash
+streamlit-remote app.py
+```
+
+## Options
+
+```bash
+st-remote APP [--port 8501] [--host localhost] [--https off] [--provider cloudflare]
+```
+
+Useful options:
+
+```bash
+st-remote app.py --port 9000
+st-remote app.py --host 0.0.0.0
+st-remote app.py --no-remote
+st-remote app.py --no-browser
+st-remote app.py --dry-run
+st-remote app.py --https self-signed --no-remote
+st-remote app.py --provider ngrok
+st-remote app.py --provider ngrok --tunnel-log-level warn
+st-remote app.py -- --server.headless true
+```
+
+Extra arguments after `--` are passed to `python -m streamlit run`.
+
+`st-remote` starts Streamlit in headless mode so Streamlit does not open the local URL automatically. When remote access is enabled, `st-remote` opens the detected remote HTTPS URL instead. Use `--no-browser` to suppress browser opening.
+
+## Local HTTPS
+
+By default, Streamlit runs locally over HTTP:
+
+```bash
+st-remote app.py --https off
+```
+
+For local HTTPS, use managed self-signed mode:
+
+```bash
+st-remote app.py --https self-signed --no-remote
+```
+
+`streamlit-remote` creates and reuses a local development certificate in its own cache directory, then passes Streamlit's `server.sslCertFile` and `server.sslKeyFile` options automatically. You do not need to choose filenames or manage generated certificate files.
+
+Browsers generally do not trust self-signed certificates by default. You may see a certificate warning unless you manually trust the generated certificate. This mode is intended for local development and testing, not production.
+
+Advanced users can pass existing certificate files:
+
+```bash
+st-remote app.py --https cert-files \
+  --ssl-cert-file cert.pem \
+  --ssl-key-file key.pem
+```
+
+## Remote Providers
+
+### Cloudflare Tunnel
+
+Cloudflare Quick Tunnel requires the `cloudflared` command to be installed and available on `PATH`.
+
+Install instructions are available from Cloudflare:
+
+https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/
+
+`streamlit-remote` checks for `cloudflared` before starting the tunnel and prints an actionable error if it is missing. It does not install `cloudflared` automatically.
+
+### ngrok
+
+ngrok requires the `ngrok` command to be installed and available on `PATH`.
+
+Install instructions are available from ngrok:
+
+https://ngrok.com/download
+
+Configure your ngrok account token before use:
+
+```bash
+ngrok config add-authtoken TOKEN
+```
+
+Then run:
+
+```bash
+st-remote app.py --provider ngrok
+```
+
+ngrok provides HTTPS for the public URL while forwarding to your local Streamlit app. If you combine ngrok with local self-signed HTTPS:
+
+```bash
+st-remote app.py --provider ngrok --https self-signed
+```
+
+ngrok still provides HTTPS for the public URL. The self-signed certificate is used only between the local ngrok agent and Streamlit.
+
+## Tunnel Logs
+
+Tunnel provider logs are shown by default:
+
+```bash
+st-remote app.py --tunnel-log-level info
+```
+
+Use a quieter level to reduce provider noise while keeping Streamlit logs visible:
+
+```bash
+st-remote app.py --provider ngrok --tunnel-log-level warn
+st-remote app.py --provider ngrok --tunnel-log-level error
+st-remote app.py --provider ngrok --tunnel-log-level off
+```
+
+`off` suppresses printed tunnel logs but still captures provider output internally when needed to detect the remote URL. ngrok also uses its local agent API as a fallback for URL detection.
+
+## HTTPS Serving vs Remote Access
+
+The design treats HTTPS serving and remote access as separate concepts.
+
+HTTPS serving means the user-facing URL uses HTTPS. Remote access means the app is reachable from outside your local machine.
+
+Cloudflare Quick Tunnel and ngrok usually provide both at once: Streamlit can run locally over plain HTTP, while the provider gives you a public HTTPS URL that forwards to the local app.
+
+Local self-signed HTTPS is different: Streamlit itself runs with HTTPS locally. You can use this without remote access, or combine it with a remote provider when you specifically want HTTPS between the tunnel agent and Streamlit.
+
+Common combinations:
+
+```text
+--https off + --provider cloudflare
+  Public HTTPS via Cloudflare, local HTTP Streamlit.
+
+--https off + --provider ngrok
+  Public HTTPS via ngrok, local HTTP Streamlit.
+
+--https self-signed + --no-remote
+  Local HTTPS Streamlit only.
+
+--https self-signed + --provider ngrok
+  Public HTTPS via ngrok, local HTTPS between ngrok and Streamlit.
+```
+
+For managed self-signed HTTPS with Cloudflare Tunnel, `streamlit-remote` also passes Cloudflare's origin TLS verification flag automatically so `cloudflared` can connect to the local self-signed Streamlit server.
+
+## Security
+
+This exposes a local Streamlit app to the internet.
+
+Do not use it for sensitive data unless you have proper authentication and access control in place. Cloudflare Quick Tunnel and ngrok are best suited for development, demos, and temporary sharing.
+
+Streamlit's built-in SSL configuration is useful for local testing, but it is not a replacement for a production HTTPS reverse proxy.
+
+## Limitations
+
+The current package does not include mkcert integration, production Cloudflare named tunnels, authentication, password protection, reverse proxy management, or PyPI publishing automation.
+
+## Roadmap
+
+- local HTTPS with mkcert
+- optional auth and access-control integration
+
+## Development
+
+```bash
+uv run pytest
+```
+
+## Release Management
+
+This project uses `scriv-release` for changelog-fragment based releases.
+
+For user-visible changes, add a fragment:
+
+```bash
+uv run scriv create --edit
+```
+
+When fragments are merged to `main`, the release workflow opens or updates a changelog preview PR. Merging that preview PR tags the release. Tag pushes matching `v*` run the PyPI publish workflow through Trusted Publishing.
+
+The release workflow expects a GitHub App configured through `RELEASE_APP_CLIENT_ID` and `RELEASE_APP_KEY` so release tags can trigger the downstream publish workflow.

streamlit_remote-0.1.0/pyproject.toml

@@ -0,0 +1,62 @@
+[project]
+name = "streamlit-remote"
+version = "0.1.0"
+description = "Run Streamlit apps with optional remote HTTPS access."
+readme = "README.md"
+license = "MIT"
+license-files = ["LICENSE"]
+authors = [
+    { name = "Yuichiro Tachibana (Tsuchiya)", email = "t.yic.yt@gmail.com" }
+]
+requires-python = ">=3.10"
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Internet :: WWW/HTTP",
+]
+dependencies = [
+    "cryptography>=42",
+    "streamlit>=1.28",
+]
+
+[project.urls]
+Homepage = "https://github.com/whitphx/streamlit-remote"
+Repository = "https://github.com/whitphx/streamlit-remote"
+Issues = "https://github.com/whitphx/streamlit-remote/issues"
+
+[project.scripts]
+st-remote = "streamlit_remote.cli:main"
+streamlit-remote = "streamlit_remote.cli:main"
+
+[dependency-groups]
+dev = [
+    "pytest>=8.0",
+    "scriv-release>=0.7",
+]
+
+[tool.scriv]
+categories = ["Added", "Changed", "Deprecated", "Removed", "Fixed", "Security", "Chore"]
+format = "md"
+md_header_level = 2
+
+[tool.scriv-release]
+version_provider = "uv"
+
+[tool.scriv-release.category_semver_map]
+Added = "minor"
+Changed = "minor"
+Deprecated = "minor"
+Removed = "major"
+Fixed = "patch"
+Security = "patch"
+Chore = "patch"
+
+[build-system]
+requires = ["uv_build>=0.11.8,<0.12.0"]
+build-backend = "uv_build"

streamlit_remote-0.1.0/src/streamlit_remote/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"