Core Analysis¶

Core Concern: The vt wrapper and Git Follow Mode are designed to preserve local shell behavior and context in browser sessions, enabling developers to work on mobile devices in a familiar way.

Technical Analysis¶

• Role of vt: As an intelligent wrapper, vt forwards pty streams while attempting to resolve shell aliases/functions, manage session titles (for dashboard clarity), and auto-select the best implementation between macOS app and npm install.
• Value of Git Follow Mode: Binds sessions to the current Git branch, automatically switching/following branches to reduce context switching when working across multiple repos/branches.
• Compatibility risks: Complex shell setups (custom prompts, dynamic env injection, zsh/fish features) may break alias resolution or environment recreation; monorepos and non-standard worktrees can confuse repo scanning or branch detection.

Usage Recommendations¶

1. Validate alias and function resolution in critical projects by running vt --shell and confirming consistent behavior.
2. For monorepos or multi-worktree projects, explicitly set the working directory or disable Git Follow Mode to avoid misdetection.
3. If aliases/environments are inconsistent, check shell startup script loading order (.bashrc/.zshrc/.profile).

Reminder: vt convenience relies on assumptions about local shell behavior; highly customized environments need extra validation.

Summary: vt and Git Follow Mode improve mobile development ergonomics and branch-context consistency, but require testing and possible adjustments in complex shell or monorepo setups.

Core Analysis¶

Core Concern: VibeTunnel supports multiple access methods, each with trade-offs in security, usability, and privacy. Misconfiguration can expose interactive shells.

Security Comparison¶

• localhost-only: Highest security (no remote exposure); suitable for local-only or SSH-tunneled access.
• Tailscale (private network): Recommended. WireGuard-based encrypted channel provides private reachability without opening public ports—good balance of security and convenience.
• Tailscale Funnel / ngrok (public exposure): Convenient but higher risk. If used, restrict source IPs, enforce strong auth, use short-lived tokens, and revoke tunnels after use.

Privacy & Session Recording¶

• Session recordings (asciinema) persist terminal output: scrub sensitive env vars before recording, avoid displaying secrets, and review recordings before sharing.

Practical Recommendations¶

1. Default policy: Prefer localhost and Tailscale private network.
2. When enabling public access: Enforce authentication (password/short-lived tokens), IP whitelisting, short tunnel lifetimes, and immediate revocation after use.
3. Audit: Log accesses, review recorded sessions, and do not publicly share unreviewed recordings.
4. Deployment: Run the backend within a managed network (VPN/Tailscale) and integrate with enterprise monitoring/audit stacks.

Important Notice: Enabling Funnel/ngrok without proper auth risks exposing an interactive shell to the public internet.

Summary: Use Tailscale for secure convenience; only enable public tunnels with strict authentication and auditing, and handle recordings cautiously to prevent leaks.