Launching today
MoDev
The AI dev environment built for your phone.
79 followers
The AI dev environment built for your phone.
79 followers
The AI dev environment built for your phone. Connect GitHub, Vercel, Supabase, Gmail, Calendar, and more. Any AI. Any API. Then chat to ship. → Deploy from your phone → Read repos, commit, open PRs → Query your database with natural language → Manage email and calendar by chat → BYOK on dev plans · Claude included on Moonlight One message. Real execution. From anywhere. Built solo. Bootstrapped. Founding members lock in today's price forever — first 100 only.
Payment Required
Launch Team / Built With
MoDev
Congrats on launching Juan!
What's the auth model when the phone itself is the dev environment? A laptop being stolen means an attacker has to crack disk encryption, hit your password, etc. A phone gets unlocked dozens of times a day in public, and if MoDev is logged in and connected to GitHub + Supabase + Vercel + Gmail, "phone stolen" suddenly means "production access stolen." Is there a step-up auth before destructive actions (deploy, drop table, force-push), or session re-verification on suspicious activity, or is it relying on the phone OS lock as the security boundary?
MoDev
@karimbenkeroum Hey Good morning! Great question, this was core to the design. Every tool is split into read vs. write. Reads (queries, listing repos/deployments) auto-execute. Anything that writes - deploys, DB mutations, sending mail - surfaces a confirmation card before it runs, so nothing fires silently from chat.
On top of that there's a hard-blocked tier that never executes even if you confirm: DROP TABLE, deleting repos, and live Stripe charges. The model literally can't run those.
And because it's BYOK, you're operating against your own GitHub/Vercel/Supabase, ETC. MoDev never hosts your code or holds the keys to do something irreversible behind your back. Human-in-the-loop on every destructive action, by design.
MoDev
@ferdisigona great framing — 'phone stolen = prod access stolen' is exactly the risk to design around.
Today: every destructive/write action needs an explicit in-app confirmation, and the worst ops (drop table, delete repo, charges) are hard-blocked entirely, so a logged-in, unlocked phone still can't deploy or wipe data silently. The current session boundary is OAuth + OS lock.
What's not there yet: a biometric step-up gate before destructive actions and session re-verification on suspicious activity. That's the next security layer on the roadmap. Not going to pretend it's shipped, it's where I'm headed.
mailX by mailwarm
How do you handle safety rails, like preventing accidental production deploys or risky database queries from chat?
MoDev
@jaygangwar thanks! On performance, the phone is just the chat + control layer. The heavy lifting (builds, deploys, queries) runs on your own Vercel/Supabase, not on-device, so it stays light even on mobile.
On Replit: Replit hosts your code and runs the IDE + compute in their cloud. MoDev is BYOK — it never hosts your code. It's the mobile-first AI cockpit on top of your own GitHub + Vercel + Supabase. Different category: we're the control layer, not the host.
The ui looks really good not sure about the performance.
How will you differentiate from replit?