README
ΒΆ
β‘ devx
Supercharged local dev environment β Podman + Cloudflare Tunnels + Tailscale in one CLI
devx provisions a customized Fedora CoreOS VM via Podman Machine and automatically configures Cloudflare Tunnels (instant public HTTPS) and Tailscale (zero-trust corporate network access) β all from a single command.
The Problem
Local development is plagued by recurring friction:
- "It works on my machine" β Inconsistent host OS configs, file watcher limits, kernel parameters
- Accessing internal services β Developers need corporate APIs/databases without routing everything through a slow VPN
- Webhooks & sharing β Testing Stripe/GitHub webhooks or sharing a prototype requires sketchy ngrok setups
The Solution
devx vm init # One command. Done.
You get a fully-configured Fedora CoreOS VM with:
- π Instant public HTTPS β Your machine gets
your-name.ipv1337.devautomatically - π Zero-trust corporate access β The VM joins your Tailnet transparently
- π ngrok-like port exposure β
devx tunnel expose 3000gives you a public URL in seconds - ποΈ Host-level isolation β Pre-tuned
inotifylimits, rootful containers, dedicated kernel
Installation
From Releases (recommended)
Download the latest binary from GitHub Releases:
# macOS (Apple Silicon)
curl -sL https://github.com/VitruvianSoftware/devx/releases/latest/download/devx_darwin_arm64.tar.gz | tar xz
sudo mv devx /usr/local/bin/
# macOS (Intel)
curl -sL https://github.com/VitruvianSoftware/devx/releases/latest/download/devx_darwin_amd64.tar.gz | tar xz
sudo mv devx /usr/local/bin/
# Linux (amd64)
curl -sL https://github.com/VitruvianSoftware/devx/releases/latest/download/devx_linux_amd64.tar.gz | tar xz
sudo mv devx /usr/local/bin/
From Source
go install github.com/VitruvianSoftware/devx@latest
Prerequisites
These tools must be installed before running devx vm init:
| Tool | Install | Purpose |
|---|---|---|
| Podman | brew install podman |
VM and container runtime |
| cloudflared | brew install cloudflare/cloudflare/cloudflared |
Cloudflare tunnel daemon |
| butane | brew install butane |
Ignition config compiler |
Quick Start
# 1. Authenticate with Cloudflare (one-time)
cloudflared login
# 2. Provision your dev environment
devx vm init
# 3. Run something and expose it
devx exec podman run -d -p 8080:80 docker.io/nginx
# Visit https://your-name.ipv1337.dev β it's live!
# 4. Expose any local port instantly (like ngrok)
devx tunnel expose 3000 --name myapp
# β https://myapp.your-name.ipv1337.dev
Architecture
flowchart TB
subgraph devlaptop["Developer's Mac"]
direction TB
Code[VS Code / Terminal] --> |podman run| UserContainers
subgraph podmanvm["Podman Machine (Fedora CoreOS)"]
subgraph daemons["Systemd Controlled"]
TS[Tailscale Daemon]
CF[Cloudflared Tunnel]
end
subgraph UserContainers["Developer's Apps"]
App["API / Web App<br/>Port 8080"]
DB[(Local DB)]
end
CF -->|Forwards Ingress| App
TS -->|Exposes Subnets| App
end
end
subgraph internet["Public Web"]
CFEdge((Cloudflare Edge))
PublicURL["https://developer.ipv1337.dev"]
ExternalUser((External User / Webhook))
ExternalUser --> PublicURL
PublicURL --> CFEdge
end
subgraph tailnet["Internal Network (Corporate Tailnet)"]
StagingDB[(Staging Database)]
InternalAPI[Internal Microservices]
end
CFEdge <-->|Secure Encrypted Tunnel| CF
TS <-->|Zero-Trust VPN Overlay| tailnet
classDef vm fill:#f0f4f8,stroke:#0288d1,stroke-width:2px;
classDef daemon fill:#e1f5fe,stroke:#0277bd,stroke-width:1px;
classDef container fill:#e8f5e9,stroke:#2e7d32,stroke-width:1px;
class podmanvm vm;
class TS,CF daemon;
class App,DB container;
CLI Reference
devx β Supercharged local dev environment
Commands:
vm Manage the local development VM
tunnel Manage Cloudflare tunnels and port exposure
config Manage devx configuration and credentials
exec Run low-level infrastructure tools directly
version Print the devx version
VM Management (devx vm)
| Command | Description |
|---|---|
devx vm init |
Full first-time provisioning with interactive TUI |
devx vm status |
Show health of VM, Cloudflare tunnel, and Tailscale |
devx vm teardown |
Stop and permanently remove the VM (prompts for confirmation) |
devx vm ssh |
Drop into an SSH shell inside the VM |
Tunnel & Port Exposure (devx tunnel)
| Command | Description |
|---|---|
devx tunnel expose [port] |
Expose a local port to the internet via *.ipv1337.dev |
devx tunnel expose [port] --name myapp |
Use a static subdomain (myapp.you.ipv1337.dev) |
devx tunnel expose [port] --basic-auth "user:pass" |
Protect your exposed URL with Basic Authentication |
devx tunnel inspect [port] |
Live TUI to inspect and replay HTTP traffic (like ngrok inspect) |
devx tunnel up |
Expose multiple mapping routes via a devx.yaml topology |
devx tunnel list |
List all active port exposures with URLs and ports |
devx tunnel unexpose |
Clean up all exposed tunnels |
devx tunnel update |
Rotate Cloudflare credentials without rebuilding the VM |
ποΈ Multi-Port Mapping (devx.yaml)
Manage complex projects that require multiple services (like a backend API, a frontend web app, and a webhook consumer) simultaneously via a unified single file.
Just create a devx.yaml in your project root:
name: my-project
tunnels:
- name: api
port: 8080
basic_auth: "admin:pass"
- name: web
port: 3000
Then run devx tunnel up. Your local services will automatically map under contiguous domains like api-my-project-you.ipv1337.dev via a singular, highly efficient Cloudflare connection.
π Built-in Authentication (--basic-auth)
Exposing local ports to the public internet securely shouldn't require premium subscriptions to external services. devx comes with a highly-performant built-in reverse proxy in Go.
Simply pass the --basic-auth flag to instantly protect your active development environment with encrypted basic authentication at the edge proxy layer.
# Expose your Next.js app but require credentials
devx tunnel expose 3000 --basic-auth "admin:supersecret"
# Inspect webhooks while restricting access
devx tunnel inspect 8080 --name stripe-test --basic-auth "webhook:testing123"
π Custom Domain Support (BYOD)
Want to use your own company domain instead of the free .ipv1337.dev sandbox? Any devx tunnel command supports the --domain override!
As long as you are logged into a Cloudflare account that owns the zone, Cloudflared will dynamically configure the requested DNS edge dynamically.
# Provision a branded tunnel endpoint on your own custom domain
devx tunnel expose 8000 --domain mycompany.dev --name api
# β https://api.mycompany.dev
# Or use it globally across an entire YAML topology
devx tunnel up --domain mycompany.dev
Configuration (devx config)
| Command | Description |
|---|---|
devx config secrets |
Interactive credential setup / rotation for .env |
π Request Inspector (devx tunnel inspect)
A free, open-source replacement for ngrok's paid web inspector. Captures every HTTP request and response flowing through your tunnel in a live terminal UI.
# Inspect traffic to a local app (local-only, no tunnel)
devx tunnel inspect 8080
# Inspect AND expose via Cloudflare tunnel
devx tunnel inspect 3000 --expose
# With a static subdomain
devx tunnel inspect 8080 --name myapi
Features:
- π Live scrollable request list with method, path, status, and duration
- π Detailed view showing full request/response headers and bodies
- π One-key replay (
r) to resend any captured request - π·οΈ Replay tagging so you can compare original vs replayed responses
- π§Ή Clear captured requests with
c
Configuration (devx config)
| Command | Description |
|---|---|
devx config secrets |
Interactive credential setup / rotation for .env |
Low-Level Tools (devx exec)
Pass-through wrappers that forward arguments directly to the underlying tools:
| Command | Description |
|---|---|
devx exec podman [args] |
Run Podman commands against the VM |
devx exec tailscale [args] |
Interact with the VM's Tailscale daemon |
devx exec cloudflared [args] |
Run cloudflared commands directly |
devx exec butane [args] |
Run butane commands directly |
Configuration
devx reads its secrets from a .env file in the current directory. Copy the example and fill in your values:
cp .env.example .env
# Edit .env with your Cloudflare tunnel token and hostname
See .env.example for all available configuration options.
Contributing
We welcome contributions! Please read our Contributing Guide for details on:
- Development setup
- Code style and conventions
- Pull request process
- Commit message format
License
MIT Β© VitruvianSoftware
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
internal
|
|
|
exposure
Package exposure persists local metadata for active tunnel exposures that cannot be retrieved from the Cloudflare API (e.g.
|
Package exposure persists local metadata for active tunnel exposures that cannot be retrieved from the Cloudflare API (e.g. |
|
inspector
Package inspector provides an HTTP reverse proxy with request/response capture and a terminal UI for inspecting and replaying traffic.
|
Package inspector provides an HTTP reverse proxy with request/response capture and a terminal UI for inspecting and replaying traffic. |