socat

socat is a low-level relay CLI that opens two addresses and copies bytes between them. It covers socket bridging, protocol adaptation, and network plumbing across sockets, files, devices, and spawned programs.

• Bridge TCP, UDP, UNIX sockets, serial devices, files, pipes, PTYs, or spawned commands without writing custom glue code.
• Build ad hoc listeners, port forwards, proxy hops, TLS-wrapped relays, or shell-accessible endpoints for debugging, migration, and incident work.
• Create niche transports such as multicast or broadcast flows and TUN-backed links when you need to move traffic between mismatched interfaces.

• Non-interactive commands, shell pipes, exit codes, and -h or -V introspection make it workable in inspect, change, and verify loops.
• There is no JSON or other structured output; diagnostics and transfer traces are text-oriented, so reliable automation usually needs custom parsing or a skill.
• Best when an agent already knows the addresses and options it needs, because socat is a transport primitive rather than a service-aware CLI.

• Address strings are dense and quoting-sensitive, especially with EXEC, SYSTEM, dual addresses, and shell metacharacters.
• Upstream security guidance warns that broad feature builds can expose file and exec surfaces; listening relays and exec or system usage need tight scoping.