Synara’s server is a standard HTTP/WebSocket process — it can bind to any network interface your machine has, not justDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Emanuele-web04/synara/llms.txt
Use this file to discover all available pages before exploring further.
localhost. That means you can open the full workspace UI from a phone, tablet, or another laptop on your home network or Tailscale tailnet, with the agent processes and file system still running on your development machine.
CLI Flags and Environment Variables
Every startup option is available both as a CLI flag and as an environment variable. The CLI flag always takes precedence over the corresponding environment variable.| CLI flag | Environment variable | Default | Description |
|---|---|---|---|
--mode <web|desktop> | T3CODE_MODE | web | Runtime mode. desktop defaults to loopback binding and auto-opens a browser unless overridden. |
--port <number> | T3CODE_PORT | 3773 | TCP port for the HTTP and WebSocket server. |
--host <address> | T3CODE_HOST | (unset) | Network interface address to bind. Unset means 127.0.0.1 in desktop mode; all interfaces in web mode. |
--home-dir <path> | SYNARA_HOME | ~/.synara | Base directory for all Synara data (database, settings, logs). |
--dev-url <url> | VITE_DEV_SERVER_URL | (unset) | Proxy/redirect target for the Vite dev server. Set only during development. |
--no-browser | T3CODE_NO_BROWSER | false | Disable automatic browser opening on startup. |
--auth-token <token> | T3CODE_AUTH_TOKEN | (unset) | Secret token required to authenticate WebSocket connections. |
LAN / Home Network Access
This setup exposes Synara to every device on your local network. Complete the steps in order.Remote access requires the pre-built client assets. The dev-mode Vite proxy is tied to
localhost and will not work from another device.Copy the token somewhere safe — you’ll enter it in the browser when you connect from another device.
bun run --cwd apps/server start -- \
--host 0.0.0.0 \
--port 3773 \
--auth-token "$TOKEN" \
--no-browser
--host 0.0.0.0 listens on every IPv4 interface, including your LAN IP.--no-browser skips auto-opening a tab locally, which is usually preferable for a server-style session.# macOS
ipconfig getifaddr en0
# Linux
ip -4 addr show | grep inet | awk '{print $2}' | cut -d/ -f1
Tailscale / Tailnet Access
If you use Tailscale, you can bind Synara directly to your Tailnet IP. This is more secure than0.0.0.0 because the port is only reachable by devices already enrolled in your tailnet.
TAILNET_IP="$(tailscale ip -4)"
TOKEN="$(openssl rand -hex 24)"
echo "Tailnet IP: $TAILNET_IP"
echo "Token: $TOKEN"
bun run --cwd apps/server start -- \
--host "$TAILNET_IP" \
--port 3773 \
--auth-token "$TOKEN" \
--no-browser
You can also use
--host 0.0.0.0 and connect through the Tailnet IP from remote devices — both approaches work. Binding directly to the Tailnet IP is preferred because it prevents the port from being reachable on your LAN or other interfaces.Security Guidelines
Follow these practices to keep your instance secure:- Treat the auth token like a password. Do not commit it to version control or share it in plaintext. Regenerate it with
openssl rand -hex 24if you believe it has been compromised. - Prefer a scoped
--hostover0.0.0.0. Binding to your LAN IP or Tailnet IP limits exposure to the relevant network segment. - Use Tailscale for untrusted networks. If you need to access Synara outside your home LAN, a tailnet gives you encrypted point-to-point connectivity without opening a port to the internet.
- Do not expose port 3773 to the public internet unless you have additional layers of protection (VPN, firewall rules, reverse proxy with TLS, etc.).
Persistent Remote Setup with an Environment Variable
If you always run Synara remotely, set the environment variables in your shell profile (e.g.~/.zshrc or ~/.bashrc) so you never need to pass flags manually: