security

no account. no cloud relay. no middleman.

pseudocoder is built with a zero-cloud architecture. your terminal traffic never touches a third-party server. your code stays between your devices.

important

pairing grants full terminal access with your user privileges. only use over tailscale or a trusted local network. never expose the host to the public internet.

architecture

your phone connects directly to your machine. there's no relay server in between.

  • direct connection: the host cli runs on your machine and streams over websocket to your phone
  • no cloud relay: we don't run any servers. your terminal traffic stays on your network
  • tls encryption: all connections are encrypted in transit
  • local pairing: pairing codes are generated locally via unix socket, never exposed to the network until you share them

device pairing

  • pairing requires explicit action on both devices (qr scan or manual code entry)
  • each paired device is tracked and can be revoked at any time
  • pairing codes are single-use and time-limited

best practices

  • use tailscale: creates a secure mesh network between your devices with no port forwarding
  • stay on trusted networks: local network or tailscale only
  • don't expose to the internet: the host is not designed for public access
  • review the source: the host cli is fully open source
  • revoke unused devices: remove paired devices you no longer use

what flows through the connection

everything that appears in your terminal: commands, output, diffs, file paths, potentially api keys or credentials if they're visible in the terminal. this is why the direct connection matters. none of it touches infrastructure you don't control.

learn more

back to home →