Remote access
Open spawn from another device such as a phone, tablet, or another laptop.
Use remote access to open spawn from another device — a phone, a tablet, or another laptop — by exposing the server beyond localhost.
Security first
Always set --auth-token before exposing the server outside localhost. Treat the token like a password.
- Always set
--auth-tokenbefore exposing the server outside localhost, and treat the token like a password. - When you control the process launcher, prefer sending the auth token in a JSON envelope via
--bootstrap-fd <fd>. The launcher starts the server first, then sends a one-shot JSON envelope over the inherited file descriptor, so the token never appears in process environment or command-line arguments. - Prefer binding to trusted interfaces (a LAN IP or Tailnet IP) instead of all interfaces unless you actually need them.
Build and run
Build and start the server
Build everything, generate a token, and start the server bound to all IPv4 interfaces.
bun run build
TOKEN="$(openssl rand -hex 24)"
bun run --cwd apps/server start -- --host 0.0.0.0 --port 3773 --auth-token "$TOKEN" --no-browser--host 0.0.0.0 listens on all IPv4 interfaces, and --no-browser prevents local auto-open, which is better for headless or remote setups. Ensure your OS firewall allows inbound TCP on the chosen port.
Open it on your phone
Browse to your machine's IP and port from the other device.
http://<your-machine-ip>:3773For example, http://192.168.1.42:3773. You'll need the auth token to connect.
Tailscale
Binding directly to your Tailnet IP limits exposure compared to 0.0.0.0, since only devices in your tailnet can reach it.
TAILNET_IP="$(tailscale ip -4)"
TOKEN="$(openssl rand -hex 24)"
bun run --cwd apps/server start -- --host "$(tailscale ip -4)" --port 3773 --auth-token "$TOKEN" --no-browserThen open http://<tailnet-ip>:3773 from any device in your tailnet.
The auth token is still required even on a tailnet. See The CLI for the full option map.