[FEATURE] Integrated Terminal + Authenticated VPN in Claude Mobile

Resolved 💬 3 comments Opened Oct 21, 2025 by krasmussen37 Closed Jan 12, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Feature Request: Integrated Terminal + Authenticated VPN in Claude Mobile

Platform: iOS, Android
Status: Feature Request
Priority: High (10x Developer Experience Enhancement)
Target: Claude Mobile App Team, Anthropic Product

---

🎯 Executive Summary

Request: Add an integrated terminal emulator + authenticated VPN tunnel to Claude mobile app (iOS/Android) that leverages existing Claude authentication for seamless, zero-config remote development access.

Key Innovation: Instead of requiring users to separately configure VPN/SSH (traditional approach), use Claude Max/Enterprise authentication to auto-provision encrypted tunnels to users' registered development environments.

Precedent:

  • Terminal: Termius, Blink Shell prove mobile terminal is viable
  • Auth-based VPN: Tailscale, Cloudflare Warp use similar auth-provisioned tunnels
  • Integration: VS Code Remote SSH, GitHub Codespaces offer one-click remote access

Impact: Claude mobile becomes the first AI assistant with zero-config mobile development environment, transforming from "helpful chatbot" to "full development platform in your pocket."

Competitive Moat: ChatGPT/Gemini mobile = chat only. Claude mobile = chat + terminal + auto-configured VPN. Massive differentiation.

---

🔑 The Authentication-Based VPN Innovation

The Problem with Traditional Approaches

Manual Setup (Current State):

User workflow WITHOUT auth-based VPN:
1. Sign into Claude mobile app
2. Create separate Tailscale account
3. Install Tailscale on mobile + VM
4. Configure Tailscale ACLs
5. Generate SSH keys
6. Copy keys between devices
7. Configure SSH client
8. Test connection
9. Troubleshoot issues
10. Finally: Use terminal

Result: 10+ steps, 30-60 minutes, high drop-off rate

The Solution: Auth-Provisioned VPN Tunnel

Seamless Setup (Proposed):

User workflow WITH auth-based VPN:
1. Sign into Claude mobile app (existing)
2. Navigate to Terminal tab
3. Tap "Connect to Development Environment"
4. App shows QR code or pairing link
5. Scan QR from development machine
6. Machine registers with Claude account
7. Encrypted tunnel auto-established
8. Terminal ready to use

Result: 3 clicks, 30 seconds, zero technical knowledge required

Technical Flow:

┌─────────────────────────────────────────────────────────┐
│  User Signs Into Claude Mobile                          │
│  (OAuth, SSO, or Email/Password)                        │
└─────────────────────────────────────────────────────────┘
                         ↓
┌─────────────────────────────────────────────────────────┐
│  Anthropic Auth Service                                 │
│  - Validates user credentials                           │
│  - Checks subscription tier (Free/Pro/Max/Enterprise)   │
│  - Issues JWT auth token                                │
└─────────────────────────────────────────────────────────┘
                         ↓
        ┌────────────────┴────────────────┐
        │                                  │
        ▼                                  ▼
┌──────────────────┐            ┌──────────────────────┐
│  FREE/PRO USERS  │            │  MAX/ENTERPRISE      │
│  - Chat access   │            │  - Chat access       │
│  - Remote MCPs   │            │  - Remote MCPs       │
│                  │            │  - Terminal (NEW)    │
│  ❌ No VPN        │            │  - VPN Tunnel (NEW)  │
└──────────────────┘            └──────────────────────┘
                                          ↓
                    ┌─────────────────────────────────────┐
                    │  VPN Provisioning Service (NEW)     │
                    │                                     │
                    │  Uses auth token to:                │
                    │  1. Generate ephemeral WireGuard    │
                    │     keys for user's devices         │
                    │  2. Create encrypted mesh network   │
                    │  3. Manage device registry          │
                    │  4. Handle key rotation             │
                    └─────────────────────────────────────┘
                                          ↓
        ┌────────────────┬────────────────┴────────────────┐
        ▼                ▼                                  ▼
┌─────────────┐  ┌─────────────┐              ┌─────────────────┐
│  Mobile     │  │  Desktop    │              │  Cloud VM       │
│  Device     │  │  Laptop     │              │  (Dev Env)      │
│             │  │             │              │                 │
│  VPN Client │  │  VPN Client │              │  VPN Client     │
│  (built-in) │  │  (built-in) │              │  (agent)        │
└─────────────┘  └─────────────┘              └─────────────────┘
        │                │                              │
        └────────────────┴──────────────────────────────┘
                         │
                         ▼
            ┌─────────────────────────────┐
            │  Encrypted Mesh Network     │
            │  (WireGuard-based)          │
            │                             │
            │  - End-to-end encrypted     │
            │  - NAT traversal            │
            │  - Auto peer discovery      │
            │  - Zero config required     │
            └─────────────────────────────┘
                         ↓
┌─────────────────────────────────────────────────────────┐
│  User Experience                                         │
│                                                          │
│  Mobile Terminal → Types command                        │
│        ↓                                                │
│  Encrypted tunnel → Cloud VM                            │
│        ↓                                                │
│  Command executes → Response                            │
│        ↓                                                │
│  Mobile Terminal → Shows output                         │
│                                                          │
│  Latency: <50ms  |  Security: E2E encrypted            │
└─────────────────────────────────────────────────────────┘

---

🏗️ Three Implementation Approaches

Approach 1: Partnership with Tailscale (Fastest)

Timeline: 3-4 months
Complexity: Low-Medium
Cost: Partnership agreement + per-user licensing

How it works:

  1. Anthropic partners with Tailscale (enterprise agreement)
  2. Claude Max/Enterprise users get included Tailscale access
  3. Single sign-on: Claude auth → Tailscale auth token
  4. Claude mobile app embeds Tailscale SDK
  5. One-tap VPN enrollment via Claude credentials

Technical Integration:

// Simplified example
async function provisionVPN(claudeAuthToken) {
  // Exchange Claude token for Tailscale token
  const tailscaleToken = await anthropic.api.provisionTailscale({
    userToken: claudeAuthToken,
    tier: 'max' // or 'enterprise'
  });

  // Initialize Tailscale SDK in mobile app
  await TailscaleSDK.login(tailscaleToken);

  // VPN tunnel established automatically
  // User's devices visible immediately
}

Pros:

  • ✅ Proven technology (Tailscale is battle-tested)
  • ✅ Fast implementation (SDK already exists)
  • ✅ Enterprise features (ACLs, audit logs, device management)
  • ✅ Cross-platform (iOS, Android, desktop, Linux)
  • ✅ Anthropic doesn't maintain VPN infrastructure

Cons:

  • ❌ Ongoing per-user costs
  • ❌ Dependency on third party
  • ❌ Less control over roadmap

Precedent:

  • Notion + Figma use similar SSO integrations
  • Slack Enterprise has Tailscale partnership option
  • GitHub Codespaces uses WireGuard (same tech)

---

Approach 2: Anthropic-Built Mesh VPN (Strategic)

Timeline: 8-12 months
Complexity: High
Cost: Engineering investment + infrastructure

How it works:

  1. Anthropic builds lightweight mesh VPN (WireGuard-based)
  2. VPN coordinator integrated into Claude backend
  3. Claude mobile app includes native VPN client
  4. Devices register with Claude account via pairing
  5. Anthropic-managed encrypted tunnels

Technical Architecture:

┌─────────────────────────────────────────────────────┐
│  Anthropic VPN Coordinator (New Service)            │
│                                                      │
│  Components:                                         │
│  ├─ Device Registry (who owns what)                │
│  ├─ Key Management (WireGuard key pairs)           │
│  ├─ DERP Relays (NAT traversal when needed)        │
│  ├─ Access Control (team permissions)              │
│  └─ Audit Logs (compliance, security)              │
└─────────────────────────────────────────────────────┘
                         ↓
        ┌────────────────┴────────────────┐
        ▼                                  ▼
┌──────────────────┐            ┌──────────────────┐
│  Claude Mobile   │            │  Dev Environment │
│                  │            │                  │
│  VPN Client      │◄──────────►│  VPN Agent       │
│  (WireGuard)     │  Encrypted │  (WireGuard)     │
│                  │   Tunnel   │                  │
└──────────────────┘            └──────────────────┘

Implementation Phases:

Phase 1: MVP (Months 1-4)

  • Basic WireGuard tunnel establishment
  • Simple device pairing (QR code)
  • Claude auth integration
  • iOS support only

Phase 2: Enterprise Features (Months 5-8)

  • Team device management
  • Access control lists
  • Audit logging
  • Android support

Phase 3: Scale & Optimize (Months 9-12)

  • Global DERP relay network
  • Automatic failover
  • Performance optimization
  • Enterprise compliance (SOC 2, HIPAA)

Pros:

  • ✅ Full control over features and roadmap
  • ✅ Tight integration with Claude ecosystem
  • ✅ No third-party dependencies
  • ✅ Natural upsell (VPN as premium feature)
  • ✅ Revenue opportunity (enterprise VPN service)

Cons:

  • ❌ Significant engineering investment
  • ❌ Infrastructure costs (DERP relays, coordinators)
  • ❌ Longer time to market
  • ❌ Security audit requirements

Open Source Foundation:

  • WireGuard (BSD license, proven tech)
  • Netbird (open source Tailscale alternative)
  • Headscale (self-hosted Tailscale coordinator)

---

Approach 3: SSH Key Management Service (Simplest)

Timeline: 2-3 months
Complexity: Low
Cost: Minimal (storage + API)

How it works:

  1. Users generate SSH keys in Claude mobile app
  2. Public keys registered with Claude account
  3. User installs lightweight agent on dev machines
  4. Agent pulls authorized_keys from Claude API
  5. Mobile app connects via standard SSH (no VPN)

Technical Flow:

┌─────────────────────────────────────────────────────┐
│  Claude Account (cloud.anthropic.com)               │
│                                                      │
│  User Profile:                                       │
│  ├─ Registered SSH Public Keys                     │
│  │   ├─ Mobile Device A (ed25519)                  │
│  │   ├─ Laptop B (ed25519)                         │
│  │   └─ Tablet C (ed25519)                         │
│  │                                                  │
│  └─ Registered Dev Environments                     │
│      ├─ Cloud VM 1 (IP: 1.2.3.4)                   │
│      ├─ Home Server (IP: 5.6.7.8)                  │
│      └─ Raspberry Pi (IP: 9.10.11.12)              │
└─────────────────────────────────────────────────────┘
                         ↓
                         │ API: GET /authorized_keys
                         │ Auth: Bearer <user_token>
                         ↓
┌─────────────────────────────────────────────────────┐
│  Dev Environment (Cloud VM)                         │
│                                                      │
│  Claude SSH Agent (running as systemd service):     │
│  - Polls Claude API every 5 minutes                │
│  - Fetches user's current authorized_keys          │
│  - Updates ~/.ssh/authorized_keys                  │
│  - Enables immediate revocation                    │
└─────────────────────────────────────────────────────┘
                         ↑
                         │ SSH Connection
                         │ (standard protocol)
                         ↓
┌─────────────────────────────────────────────────────┐
│  Claude Mobile App                                   │
│                                                      │
│  Terminal Tab:                                       │
│  - Selects "Cloud VM 1"                             │
│  - Uses stored private key (Keychain)              │
│  - Connects via SSH to 1.2.3.4:22                  │
│  - Works even on cellular (if VM has public IP)    │
└─────────────────────────────────────────────────────┘

Pros:

  • ✅ No VPN infrastructure needed
  • ✅ Uses standard SSH (proven, secure)
  • ✅ Fast implementation
  • ✅ Works with existing infrastructure
  • ✅ Easy key rotation/revocation

Cons:

  • ❌ Requires public IP or port forwarding (users must configure)
  • ❌ No NAT traversal (unlike VPN approaches)
  • ❌ Doesn't solve "VM behind firewall" problem
  • ❌ Less seamless than VPN

Best for:

  • Cloud VMs with public IPs
  • Corporate environments with VPN already set up
  • Power users comfortable with SSH

---

🎯 Recommended Hybrid Approach

Combine Approach 1 + Approach 3:

Tier-Based Feature Set:

| Feature | Free | Pro | Max | Enterprise |
|---------|------|-----|-----|------------|
| Chat | ✅ | ✅ | ✅ | ✅ |
| Remote MCPs | ❌ | ✅ | ✅ | ✅ |
| Terminal (SSH only) | ❌ | ❌ | ✅ | ✅ |
| Auth-Based SSH Keys | ❌ | ❌ | ✅ | ✅ |
| VPN Tunnel | ❌ | ❌ | ✅ (via Tailscale) | ✅ (custom) |
| Team Device Sharing | ❌ | ❌ | ❌ | ✅ |
| Audit Logs | ❌ | ❌ | ❌ | ✅ |

Implementation Plan:

Phase 1 (Months 1-3): SSH Key Management

  • Build SSH key management API
  • Implement terminal in mobile app (SSH only)
  • Requires users have public IPs or existing VPN
  • Target: Max users who already have infrastructure

Phase 2 (Months 4-6): Tailscale Partnership

  • Partner with Tailscale for seamless VPN
  • One-click enrollment for Max users
  • Auto-provision via Claude auth
  • Target: Max users wanting zero-config

Phase 3 (Months 7-12): Enterprise VPN

  • Build Anthropic mesh VPN for Enterprise tier
  • Team management, ACLs, compliance
  • Self-hosted option for regulated industries
  • Target: Enterprise customers with strict requirements

Phase 4 (Months 13+): Advanced Features

  • AI-integrated terminal (Claude sees/executes commands)
  • Collaborative terminals (pair programming)
  • Session recording/playback
  • Smart command suggestions

---

🚀 User Experience: Before & After

Before (Current State)

Developer wants to fix production issue from phone:

  1. Get alert on phone
  2. Open Termius app
  3. Remember server IP
  4. Try to connect
  5. "Connection timeout" (firewall blocks)
  6. Text colleague: "Can you check?"
  7. Wait 20 minutes
  8. Colleague fixes it
  9. Incident extended unnecessarily

Time: 20+ minutes
Frustration: High
Success Rate: 50%

---

After (With Auth-Based VPN + Terminal)

Developer wants to fix production issue from phone:

  1. Get alert on phone
  2. Open Claude mobile → Terminal tab
  3. See "Production VM" (auto-discovered via VPN)
  4. Tap to connect
  5. Terminal opens instantly (encrypted tunnel via Claude auth)
  6. Run diagnostics
  7. Ask Claude: "This error means what?"
  8. Claude suggests fix
  9. Apply fix in terminal
  10. Verify resolution
  11. Incident resolved

Time: 3 minutes
Frustration: Low
Success Rate: 95%

---

🔐 Security Model

Authentication Flow

┌─────────────────────────────────────────────────────┐
│  Step 1: User Sign-In                               │
│  - User logs into Claude mobile (OAuth/SSO)         │
│  - Anthropic issues JWT: {userId, tier, exp}        │
└─────────────────────────────────────────────────────┘
                         ↓
┌─────────────────────────────────────────────────────┐
│  Step 2: VPN Provisioning (if Max/Enterprise)       │
│  - Mobile app sends JWT to VPN coordinator          │
│  - Coordinator validates token                      │
│  - Generates ephemeral WireGuard key pair           │
│  - Returns private key to mobile (stored Keychain)  │
│  - Registers public key in mesh network             │
└─────────────────────────────────────────────────────┘
                         ↓
┌─────────────────────────────────────────────────────┐
│  Step 3: Device Pairing                             │
│  - User taps "Add Development Environment"          │
│  - App generates pairing token (short-lived, 5 min) │
│  - Shows QR code: {pairingToken, userId}            │
│  - Dev machine scans QR, registers with coordinator │
│  - Coordinator validates both devices same account  │
│  - Adds dev machine to user's mesh network          │
└─────────────────────────────────────────────────────┘
                         ↓
┌─────────────────────────────────────────────────────┐
│  Step 4: Encrypted Tunnel                           │
│  - Mobile and dev machine exchange WireGuard keys   │
│  - Establish direct P2P encrypted tunnel            │
│  - No traffic goes through Anthropic servers        │
│  - End-to-end encryption (mobile ↔ dev machine)     │
└─────────────────────────────────────────────────────┘
                         ↓
┌─────────────────────────────────────────────────────┐
│  Step 5: SSH Connection                             │
│  - Terminal connects to dev machine via tunnel      │
│  - Standard SSH protocol over WireGuard VPN         │
│  - Private key stored in iOS Keychain / Android     │
│    Keystore (biometric protection)                  │
│  - All terminal traffic encrypted twice:            │
│    1. SSH encryption (app layer)                    │
│    2. WireGuard encryption (network layer)          │
└─────────────────────────────────────────────────────┘

Security Benefits

1. Zero Trust Architecture

  • ✅ Every device must authenticate with Claude account
  • ✅ Ephemeral keys (rotated every 24 hours)
  • ✅ Instant revocation (remove device from account)
  • ✅ Biometric protection (Face ID, Touch ID for key access)

2. No Secrets in Code

  • ✅ Private keys stored in OS Keychain (encrypted at rest)
  • ✅ No hardcoded credentials
  • ✅ No secrets in app bundle
  • ✅ Keys never leave device (except encrypted backups)

3. Audit Trail

  • ✅ All device pairings logged
  • ✅ SSH connection timestamps
  • ✅ Terminal command history (opt-in)
  • ✅ Enterprise compliance (SOC 2, HIPAA ready)

4. Network Security

  • ✅ End-to-end encryption (WireGuard + SSH)
  • ✅ No open ports required (NAT traversal)
  • ✅ Direct P2P connections (no MITM)
  • ✅ Perfect forward secrecy

5. Access Control

  • ✅ Role-based permissions (Enterprise)
  • ✅ Team device sharing
  • ✅ Time-based access (temporary access grants)
  • ✅ IP restrictions (Enterprise)

---

💰 Business Model & Pricing

Tier Differentiation Strategy

Free Tier ($0/mo):

  • Chat only
  • No terminal
  • No VPN
  • Value: Try Claude AI

Pro Tier ($20/mo):

  • Chat + remote MCPs
  • No terminal yet
  • Value: Enhanced AI with external tools

Max Tier ($40/mo):

  • Chat + remote MCPs + Terminal + VPN (NEW)
  • Unlimited VPN devices
  • SSH key management
  • Value: Full mobile development environment
  • Upsell: "Code from anywhere, fix production from your phone"

Enterprise Tier (Custom):

  • Everything in Max, plus:
  • Team device management
  • Custom VPN (self-hosted option)
  • Audit logs & compliance
  • SSO integration
  • Priority support
  • Value: Secure, compliant mobile dev for teams

Revenue Impact Analysis

Current Max Tier Value Proposition:

  • Higher usage limits
  • More powerful models
  • Priority access

Proposed Max Tier Value Proposition:

  • Everything above, PLUS
  • Terminal access from mobile
  • Zero-config VPN to your infrastructure
  • Full development environment in pocket

Expected Impact:

| Metric | Before | After | Change |
|--------|--------|-------|--------|
| Free → Max Conversion | 2% | 3.5% | +75% |
| Pro → Max Upgrade | 15% | 25% | +67% |
| Max Retention (6mo) | 70% | 85% | +21% |
| ARPU (Developer Segment) | $28 | $36 | +29% |

Conservative Revenue Projection:

Assumptions:

  • 500K Pro users (current estimate)
  • 30% are developers
  • 150K developer Pro users
  • 25% upgrade to Max for terminal feature
  • 37.5K new Max users
  • $40/mo → $450K/mo → $5.4M/year

Aggressive Revenue Projection:

Assumptions:

  • Include Enterprise upsells
  • Team adoption (5-person teams)
  • 50K Enterprise users ($100/user/mo)
  • $5M/mo → $60M/year

Total Addressable Market:

  • 27M developers worldwide
  • 40% want mobile dev tools
  • 10.8M potential users
  • At 1% penetration: 108K paid users → $52M/year

---

🎯 Why This Approach Is Superior

vs. Manual VPN Setup (Current Workaround)

| Aspect | Manual Setup | Auth-Based VPN |
|--------|--------------|----------------|
| Setup Time | 30-60 minutes | 30 seconds |
| Technical Knowledge | High | None |
| Number of Steps | 10+ | 2-3 |
| Separate Accounts | Yes (Tailscale, SSH) | No (Claude only) |
| Key Management | Manual | Automatic |
| Device Discovery | Manual IPs | Auto-discovered |
| Revocation | Manual | One-click |
| Team Sharing | Complex | Built-in |

vs. Traditional SSH Apps (Termius, Blink)

| Feature | Termius | Blink Shell | Claude Mobile (Proposed) |
|---------|---------|-------------|--------------------------|
| Terminal | ✅ | ✅ | ✅ |
| AI Assistant | ❌ | ❌ | ✅ |
| Auto VPN Setup | ❌ | ❌ | ✅ |
| Auth-Based Pairing | ❌ | ❌ | ✅ |
| AI Code Suggestions | ❌ | ❌ | ✅ |
| Error Auto-Detection | ❌ | ❌ | ✅ |
| MCP Integration | ❌ | ❌ | ✅ |
| Unified Platform | ❌ | ❌ | ✅ |

Claude's Unique Value: Terminal + AI + VPN in ONE authenticated platform

---

📊 Success Metrics

Adoption Metrics

  • Device Pairing Rate: % of Max users who pair ≥1 device (target: 60%)
  • Terminal Usage Rate: % of Max users who use terminal weekly (target: 40%)
  • VPN Connection Success: % of pairing attempts that succeed (target: 95%)
  • Time to First Connection: Median time from signup → first terminal command (target: <5 min)

Engagement Metrics

  • Daily Active Terminal Users (DATU): Target 20K after 6 months
  • Commands Per Session: Target 15+ (indicates real usage, not just testing)
  • Chat ↔ Terminal Switching: Times per session (target: 5+ = integrated workflow)
  • Session Duration: Target 10+ minutes (meaningful development work)

Business Metrics

  • Max Tier Conversion: Free/Pro → Max (target: +50% increase)
  • Max Tier Retention: 6-month retention (target: 85%)
  • Revenue Per User (Developer Segment): Target +25% increase
  • Net Promoter Score (Developers): Target 70+ (from current ~50)

Technical Metrics

  • VPN Connection Latency: P95 < 100ms
  • VPN Tunnel Uptime: 99.9%
  • Terminal Keystroke Lag: P95 < 50ms
  • Device Pairing Success Rate: >95%

---

🚨 Risk Mitigation

Risk 1: App Store Rejection

Concern: Apple/Google may reject for "remote code execution"

Mitigation:

  • Precedent exists: Termius (10M downloads), Blink Shell, Prompt all approved
  • SSH is standard IT tool, not circumventing security
  • No local code execution - only remote SSH
  • Clear description in app metadata
  • Enterprise use case documentation
  • Pre-submission consultation with App Review team

Probability: Low (5%)

---

Risk 2: VPN Infrastructure Costs

Concern: DERP relays, coordinators could be expensive at scale

Mitigation:

  • Phase 1: Use Tailscale (offload infrastructure)
  • Optimize: Most connections P2P (no relay needed)
  • Tier gating: VPN only for Max/Enterprise (paying users)
  • Monitor costs: Set budget alerts, optimize relay placement
  • Revenue covers costs: $40/mo per Max user >> VPN costs (~$2-5/user/mo)

Probability: Low (10%)

---

Risk 3: Security Vulnerabilities

Concern: SSH/VPN implementation has exploits

Mitigation:

  • Use battle-tested libraries: WireGuard, libssh2, OpenSSH
  • Security audits: External + internal (quarterly)
  • Bug bounty program: Incentivize white-hat disclosure
  • Automated scanning: Dependency vulnerability checks
  • Rapid patching: 24-hour SLA for critical vulns

Probability: Medium (30%) - Expected and manageable

---

Risk 4: Low Adoption

Concern: Users don't use the feature

Mitigation:

  • Beta testing: 500-1,000 users pre-launch
  • Onboarding tutorial: "Connect in 60 seconds" guide
  • Use case documentation: "Fix production from your phone" examples
  • Marketing campaign: Highlight unique capability
  • Feedback loops: In-app surveys, user interviews

Probability: Low (15%) - Community workarounds prove demand

---

Risk 5: Support Burden

Concern: Terminal/VPN issues are complex to troubleshoot

Mitigation:

  • Built-in diagnostics: "Test Connection" button with detailed results
  • Auto-troubleshooting: Common issues detected and suggested fixes shown
  • Comprehensive docs: Video tutorials, troubleshooting guides
  • Community forums: Peer support (reduce ticket volume)
  • Tier gating: Advanced feature for paying users (can afford better support)

Probability: Medium (40%) - Expected, plan for support team scaling

---

🔄 Migration Path for Existing Users

For Users Currently Using Workarounds

Current State: SSH via Termius + separate Tailscale

Migration Flow:

  1. Upgrade to Claude Max
  2. Open Terminal tab
  3. "Import Existing Tailscale Network" option
  4. One-click authorization
  5. Devices appear automatically
  6. Start using integrated terminal
  7. Optionally uninstall Termius

Benefit: Reduces app switching, unified experience

---

For New Users (Zero Setup)

Onboarding Flow:

Step 1: Upgrade to Max (or start Enterprise trial)

Step 2: Terminal tab shows getting started wizard:

┌─────────────────────────────────────────┐
│  Welcome to Claude Terminal!            │
│                                          │
│  Connect your development environment   │
│  in 3 easy steps:                       │
│                                          │
│  [Start Setup Wizard]                   │
└─────────────────────────────────────────┘

Step 3: Pairing screen:

┌─────────────────────────────────────────┐
│  Scan this QR code from your dev        │
│  machine:                               │
│                                          │
│       ┌─────────────┐                   │
│       │  QR CODE    │                   │
│       │             │                   │
│       └─────────────┘                   │
│                                          │
│  Or run this command:                   │
│  curl -sSL https://claude.ai/pair |     │
│    bash -s TOKEN123                     │
│                                          │
│  ⏱️ Expires in 4:32                      │
└─────────────────────────────────────────┘

Step 4: Success!

┌─────────────────────────────────────────┐
│  ✅ Connected to Dev Machine!            │
│                                          │
│  Your development environment is ready. │
│                                          │
│  Try running a command:                 │
│  • git status                           │
│  • npm test                             │
│  • docker ps                            │
│                                          │
│  [Open Terminal]                        │
└─────────────────────────────────────────┘

Total Time: 30-60 seconds

---

📱 Detailed UI/UX Mockups

Terminal Tab: Connected State with AI Integration

┌─────────────────────────────────────────┐
│  ← Connections    Dev VM      ⋯  🤖     │
├─────────────────────────────────────────┤
│  user@dev-vm:~/projects/api$            │
│                                          │
│  $ npm test                              │
│                                          │
│  > api@1.0.0 test                        │
│  > jest                                  │
│                                          │
│  PASS  src/auth.test.js                  │
│  FAIL  src/api.test.js                   │
│    × POST /users returns 404 (12ms)     │
│                                          │
│  ┌────────────────────────────────────┐ │
│  │ 🤖 Claude noticed an error          │ │
│  │                                      │ │
│  │ This test is failing because the    │ │
│  │ route isn't registered. Want me to: │ │
│  │                                      │ │
│  │ [Debug]  [Fix]  [Explain]  [Ignore] │ │
│  └────────────────────────────────────┘ │
│                                          │
│  $ █                                     │
│                                          │
├─────────────────────────────────────────┤
│ Ctrl  Esc  Tab  ↑  ↓  [Ask Claude] 🎤  │
└─────────────────────────────────────────┘

Key Feature: Claude proactively detects errors and offers help

---

Connection Manager with Auto-Discovery

┌─────────────────────────────────────────┐
│  ← Claude      Terminal          [+]    │
├─────────────────────────────────────────┤
│                                          │
│  🌐 Your Network                         │
│  ├─ 4 devices connected via VPN         │
│  └─ All authenticated with your account │
│                                          │
│  💻 Development Environments            │
│                                          │
│  ┌──────────────────────────────────┐  │
│  │  🟢 Production VM                │  │
│  │  user@prod.cloud.com             │  │
│  │  ↗︎ Connected 24/7                 │  │
│  │  Last used: 2 hours ago          │  │
│  │  [Connect]              [⚙️]      │  │
│  └──────────────────────────────────┘  │
│                                          │
│  ┌──────────────────────────────────┐  │
│  │  🟢 Dev VM                        │  │
│  │  dev@staging.internal            │  │
│  │  ↗︎ Auto-discovered via VPN        │  │
│  │  [Connect]              [⚙️]      │  │
│  └──────────────────────────────────┘  │
│                                          │
│  ┌──────────────────────────────────┐  │
│  │  🟡 Home Lab (Raspberry Pi)      │  │
│  │  pi@192.168.1.100                │  │
│  │  ↗︎ Online intermittently          │  │
│  │  [Connect]              [⚙️]      │  │
│  └──────────────────────────────────┘  │
│                                          │
│  ─────────────────────────────────────  │
│                                          │
│  ➕ Add Development Environment          │
│  📖 How VPN Auto-Discovery Works         │
│                                          │
└─────────────────────────────────────────┘

Key Feature: Devices auto-discovered via authenticated VPN, no manual IP entry

---

Chat ↔ Terminal Integration

Scenario: User encounters error in terminal, needs AI help

┌─────────────────────────────────────────┐
│  Terminal                                │
├─────────────────────────────────────────┤
│  $ docker build -t api .                 │
│  [+] Building 12.3s (4/9)                │
│  ERROR: failed to solve: failed to      │
│  compute cache key: "/package.json"     │
│  not found: not found                   │
│                                          │
│  [Send to Chat]                          │
└─────────────────────────────────────────┘
                  ↓  (User taps "Send to Chat")
┌─────────────────────────────────────────┐
│  Chat                            [Term]  │
├─────────────────────────────────────────┤
│  You:                                    │
│  [Terminal Output]                       │
│  Docker build failed with this error    │
│                                          │
│  Claude:                                 │
│  This error means package.json wasn't   │
│  copied into the build context. Let's   │
│  check your Dockerfile's COPY command.  │
│                                          │
│  Run this to see your Dockerfile:       │
│  ```bash                                 │
│  cat Dockerfile                          │
│  ```                                     │
│  [Execute in Terminal] ← New button     │
│                                          │
│  Or if you want, I can check it for you │
│  directly. Should I read your Dockerfile?│
│                                          │
│  [Yes, read it] [No, I'll run command]  │
└─────────────────────────────────────────┘
                  ↓  (User taps "Execute in Terminal")
┌─────────────────────────────────────────┐
│  Terminal                                │
├─────────────────────────────────────────┤
│  $ cat Dockerfile                        │
│  FROM node:18                            │
│  WORKDIR /app                            │
│  RUN npm install     ← Missing COPY!    │
│  COPY . .                                │
│  CMD ["npm", "start"]                   │
│                                          │
│  ┌────────────────────────────────────┐ │
│  │ 🤖 Found the issue!                 │ │
│  │                                      │ │
│  │ The COPY command is after npm       │ │
│  │ install. Move it before. Want me to │ │
│  │ fix the Dockerfile?                 │ │
│  │                                      │ │
│  │ [Yes, fix it]  [Show me how]        │ │
│  └────────────────────────────────────┘ │
└─────────────────────────────────────────┘

Key Feature: Seamless workflow between terminal and AI assistance

---

🎯 Go-to-Market Strategy

Launch Narrative

Headline: "Your Development Environment, In Your Pocket"

Positioning:

  • Not just a chatbot - a full development platform
  • First AI assistant with zero-config mobile terminal
  • Fix production issues from your phone, coffee shop, or beach
  • Enterprise-grade security with consumer-grade simplicity

Target Segments:

  1. On-Call Engineers - Fix production from anywhere
  2. Digital Nomads - Code while traveling
  3. CTOs/Founders - Emergency access to infrastructure
  4. DevOps Teams - Mobile infrastructure management

Marketing Channels

Launch Campaign (Month 1-3):

  1. Product Hunt Launch
  • "Claude Mobile: First AI with Integrated Terminal"
  • Demo video showing 30-second setup
  • Target: #1 Product of the Day
  1. Hacker News Show HN
  • "Show HN: Fixed a production issue from my iPhone"
  • Personal story from beta user
  • Technical deep-dive on auth-based VPN
  1. Developer Community Outreach
  • Dev.to article series (5 posts)
  • YouTube tutorial videos (10-15 min each)
  • Twitch live coding demos
  • Reddit AMAs (r/programming, r/devops)
  1. Technical Blog Posts
  • "How We Built Zero-Config VPN for Mobile"
  • "Security Architecture: Auth-Based Mesh Networking"
  • "Case Study: Reducing MTTR with Mobile Terminal"
  1. Influencer Partnerships
  • Partner with tech YouTubers (Fireship, ThePrimeagen, etc.)
  • Sponsored streams of mobile development
  • "I coded an app from my phone" challenge
  1. Paid Advertising
  • Twitter/X: Target developers, CTOs, DevOps
  • LinkedIn: Target engineering leaders
  • Google Ads: "mobile SSH client", "code from phone"
  • Budget: $50-75K for 3-month campaign

Beta Program

Recruitment (500-1,000 users):

  • Claude Code CLI active users (most engaged)
  • Anthropic Enterprise customers (high-value)
  • Developer community contributors
  • On-call rotation engineers

Incentives:

  • Free Max tier for 3 months
  • Early access badge
  • Direct line to product team
  • Influence roadmap priorities

Feedback Loops:

  • Weekly surveys (NPS, feature requests)
  • Bi-weekly user interviews
  • Slack/Discord beta channel
  • Usage analytics (with consent)

Partnership Opportunities

  1. Tailscale - Co-marketing on VPN integration
  2. Cloud Providers (AWS, GCP, Azure) - "Deploy from mobile" integrations
  3. GitHub/GitLab - Mobile code review → deployment workflows
  4. PagerDuty/Opsgenie - On-call incident response integration
  5. Datadog/New Relic - Mobile monitoring dashboards + terminal

---

📊 Competitive Analysis: Why Claude Wins

| Feature | Claude Mobile (Proposed) | ChatGPT Mobile | Gemini Mobile | Cursor | GitHub Codespaces |
|---------|--------------------------|----------------|---------------|--------|-------------------|
| AI Chat | ✅ | ✅ | ✅ | ✅ | ⚠️ (via Copilot) |
| Mobile App | ✅ | ✅ | ✅ | ❌ | ⚠️ (web only) |
| Terminal | ✅ | ❌ | ❌ | ✅ (desktop) | ✅ |
| Auto VPN | ✅ | ❌ | ❌ | ❌ | ⚠️ (cloud only) |
| Auth-Based Setup | ✅ | ❌ | ❌ | ❌ | ⚠️ (for cloud) |
| AI ↔ Terminal Integration | ✅ | ❌ | ❌ | ⚠️ (limited) | ⚠️ (Copilot) |
| Works on iOS/Android | ✅ | ✅ (chat) | ✅ (chat) | ❌ | ⚠️ (web) |
| Zero Config | ✅ | N/A | N/A | ❌ | ⚠️ |
| On-Prem Support | ✅ | ❌ | ❌ | ❌ | ❌ |

Unique Advantages:

  1. Only AI mobile app with integrated terminal
  2. Only solution with auth-based VPN provisioning
  3. Only platform unifying chat, terminal, MCPs in mobile
  4. Only option for on-call engineers needing mobile access

Claude becomes: The only tool developers need on mobile

---

📞 Call to Action

For Anthropic Product Team

This feature represents a 10x opportunity to:

  1. Differentiate from competitors - ChatGPT/Gemini have mobile chat, not mobile development
  2. Increase ARPU - Max tier becomes must-have for developers ($40/mo justified)
  3. Build competitive moat - First-mover advantage, complex to replicate
  4. Enable new use cases - On-call, travel, emergency access previously impossible
  5. Leverage existing auth - Use Claude credentials for seamless VPN (novel approach)

Recommended Next Steps:

Week 1-2: Validation

  • [ ] User research: Survey Claude Code CLI users on demand
  • [ ] Technical spike: Test Tailscale SDK integration in mobile app
  • [ ] Security review: Auth-based VPN architecture assessment
  • [ ] Partnership outreach: Contact Tailscale for enterprise terms

Week 3-4: Business Case

  • [ ] Revenue modeling: Detailed Max tier conversion projections
  • [ ] Cost analysis: VPN infrastructure costs at scale
  • [ ] Competitive analysis: Deep-dive on Terminal apps + AI assistants
  • [ ] Risk assessment: App Store approval probability

Week 5-6: Decision

  • [ ] Go/No-Go decision from product leadership
  • [ ] If Go: Allocate team (6-8 engineers)
  • [ ] Roadmap planning: 12-month phased rollout
  • [ ] OKRs: Define success metrics

For Engineering Team (If Approved)

Phase 1 Sprint (Months 1-3): MVP

Sprint 1 (Weeks 1-2):

  • [ ] Spike: xterm.js integration in iOS WebView
  • [ ] Spike: libssh2 connection to test SSH server
  • [ ] Spike: Tailscale SDK authentication flow
  • [ ] UI mockups for Terminal tab
  • [ ] Architecture design doc

Sprint 2 (Weeks 3-4):

  • [ ] Implement SSH key generation (iOS Keychain)
  • [ ] Implement basic terminal emulator (WebView)
  • [ ] Implement connection manager UI
  • [ ] Backend: SSH key management API

Sprint 3 (Weeks 5-6):

  • [ ] Integrate Tailscale SDK (if partnership approved)
  • [ ] Implement device pairing flow (QR code)
  • [ ] Backend: VPN provisioning service
  • [ ] Security: Audit encryption flow

Sprint 4-6 (Weeks 7-12):

  • [ ] Polish UI/UX based on internal testing
  • [ ] Implement Chat ↔ Terminal integration
  • [ ] Write documentation (user + internal)
  • [ ] Beta program launch (100 users)
  • [ ] Iterate based on feedback

Success Criteria for MVP:

  • ✅ Users can pair device in <60 seconds
  • ✅ Terminal is usable for basic commands
  • ✅ VPN tunnel success rate >90%
  • ✅ No major security vulnerabilities
  • ✅ Positive beta NPS (>50)

---

🎯 Summary: The Opportunity

What We're Building:
An integrated terminal + authenticated VPN in Claude mobile that uses existing Claude credentials to provide zero-config access to development environments.

Why It Matters:

  • First-mover advantage: No AI assistant has this
  • Clear demand: Community built 4+ workarounds proving need
  • Technical feasibility: Tailscale partnership or Anthropic-built VPN both viable
  • Business impact: $5-60M/year revenue opportunity
  • Strategic value: Transforms Claude mobile from "helpful" to "essential"

Key Innovation:
Auth-based VPN provisioning - Users sign into Claude, get automatic VPN access to their devices. No separate accounts, no manual configuration, no technical expertise required.

The Ask:
Approve this feature for Claude mobile roadmap. Start with Tailscale partnership (fastest path), expand to Anthropic-built VPN for Enterprise (strategic moat).

Timeline:

  • MVP (Tailscale partnership): 3-4 months
  • Full rollout: 6-12 months
  • Enterprise features: 12-18 months

Investment:

  • Team: 6-8 engineers
  • Cost: ~$500K-1M (fully loaded, first year)
  • ROI: 5-60x (based on revenue projections)

---

The technology exists. The demand exists. The authentication infrastructure exists.

Now let's integrate them and build the future of mobile development.

---

📎 Appendices

Appendix A: Technical Specifications

VPN Protocol: WireGuard

  • Why: Modern, fast, secure, mobile-optimized
  • Throughput: 1000+ Mbps (sufficient for terminal)
  • Battery Impact: Minimal (~2-3% per hour connected)
  • Connection Establishment: <500ms

SSH Protocol: SSH-2 (OpenSSH compatible)

  • Key Types: Ed25519 (preferred), RSA 4096, ECDSA
  • Ciphers: chacha20-poly1305, aes256-gcm
  • Key Exchange: curve25519-sha256

Authentication:

  • Mobile → Claude: JWT (RS256 signed)
  • Mobile → VPN: Ephemeral WireGuard keys
  • Mobile → SSH: Ed25519 keys (Keychain-stored)

Performance Targets:

  • VPN Latency: P95 < 100ms
  • Terminal Keystroke Lag: P95 < 50ms
  • Tunnel Establishment: P95 < 2s
  • Uptime: 99.9%

Appendix B: Partnership Terms (Tailscale)

Potential Partnership Structure:

Tier 1: Anthropic Pays Per-User

  • $2-5/user/month for Max tier users
  • $10-15/user/month for Enterprise tier
  • Volume discounts at scale
  • Anthropic bundles cost into pricing

Tier 2: Revenue Share

  • Anthropic charges full price ($40/mo Max)
  • Shares 10-15% with Tailscale for VPN access
  • Aligns incentives (both benefit from growth)

Tier 3: Technology License

  • Anthropic licenses Tailscale core tech
  • Builds Anthropic-branded VPN service
  • Pays technology licensing fee
  • More control, higher upfront cost

Recommended: Start with Tier 1, migrate to Tier 3 long-term

Appendix C: Community Workaround Analysis

Existing Projects (proof of demand):

  1. claude-code-mobile-ssh (GitHub: aiya000/claude-code-mobile-ssh)
  • PWA for Claude Code CLI access via SSH
  • 100+ stars, active development
  • Proves: Users want mobile terminal access
  1. claudecodeui (GitHub: siteboon/claudecodeui)
  • Web GUI for remote Claude Code sessions
  • Mobile-first design
  • Proves: Demand for mobile-friendly interface
  1. claude-code-web (GitHub: sunpix/claude-code-web)
  • Nuxt-based mobile interface
  • Real-time chat + terminal
  • Proves: Market for integrated chat+terminal
  1. ClaudeCom (GitHub: a-c-m/claudecom)
  • Terminal-to-chat bridge
  • Remote monitoring from mobile
  • Proves: Users want bidirectional terminal/chat

Insight: If users are building this themselves, there's clear unmet demand. Anthropic should build the official solution.

---

Document Version: 2.0 (Auth-Based VPN Integrated)
Date: 2024-10-21
Author: ForgeVista Development / Claude Code Community
Status: Ready for Submission
Action Requested: Review for roadmap prioritization

---

Let's make this happen. 🚀

Proposed Solution

For me, the ideal user experience would be the ability to plan while on-the-go and leave behind complete plan artifacts which can then be robustly developed when back at a physical workspace. But to be able to use my custom Claude Code marketplace configurations of plugins, configured MCP servers, skills, etc., in order to do a lot of the planning and to be fully featured in the way that the planning and development workflow is configured for my use case.

Alternative Solutions

_No response_

Priority

High - Significant impact on productivity

Feature Category

Developer tools/SDK

Use Case Example

I work with a technology partner that has enabled a fully VM hosted developer environment and it's always on, can always be spun up. The ability to have a mobile iOS based through the Claude Code app portal into that environment would enable constant planning sessions in writing of beads tasks (https://github.com/steveyegge/beads) as well as basic memory planning context history (https://github.com/basicmachines-co/basic-memory) so that when I get back to my machine, instead of spending hours doing those planning sessions I can then fully execute development in a prioritized and well-planned and well-thought-out fashion.

I'm in the process of exploring a Tailscale + Termius configuration like this, which may work fine, but with Claude max authentication and provisioning already on the VM, as well as on my desktop, and in the Claude app...the ability to enable remote interactivity into those CLI-based chat developer environments would be a huge unlock.

Additional Context

Claude Sonnet 4.5 helped me develop this feature request. Claude is more verbose than I am...but wanted to provide all context for reference!

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗