github.com
venkatkrishna07/mkdev — GitHub
Trusted localhost HTTPS with LAN sharing. Go TUI, MIT, v0.3.0. 96★ in 12 days.
mkdev: real HTTPS on localhost, shared to your whole LAN in one command
mkdev is a 12-day-old Go TUI tool (MIT, v0.3.0, 96★) that generates a trusted local CA, maps https://name.local to a localhost port, and broadcasts the domain over mDNS — giving every device on your Wi-Fi browser-trusted access to your dev server without tunnels, hosts file edits, or cert warnings.
At some point you've typed
http://localhost:3000 into your phone's browser and been rewarded with nothing. The dev server is running. Your laptop and phone are on the same Wi-Fi. It still doesn't work, because localhost only routes to the device that ran the server — not to you.The usual fix is a tunnel (ngrok, Cloudflare Tunnel), which works fine until you're testing something that needs to stay offline, or you're dealing with MCP servers spread across multiple machines. The other fix is caddy or nginx with a self-signed cert, which works until the browser throws an
ERR_CERT_AUTHORITY_INVALID warning that you can't dismiss on mobile.mkdev is a 12-day-old Go TUI tool that takes a narrower shot at this specific problem: generate a local CA, install it into your system's trust store, map
https://name.local to a local port, and broadcast that domain over mDNS so every device on your Wi-Fi can reach it — browser-trusted, no warning, no tunnel 1.What the problem actually is
The core difficulty isn't the certificate. A self-signed cert takes 30 seconds to generate with
openssl. The difficulty is:- Getting the browser to trust that cert without a warning (you need the signing CA installed in the system trust store)
- Getting the domain to resolve on other devices without touching DNS servers or
/etc/hostson each one
mDNS (
.local domains) handles item 2 without any DNS infrastructure. mkdev handles item 1 by generating a local CA and running the platform-appropriate trust store install — Keychain on macOS, update-ca-trust or update-ca-certificates on Linux, crypt32.dll ROOT store on Windows 1.The CA private key is stored at
0o400 permissions. LAN requests to domains you haven't explicitly shared return 403. mkdev has no telemetry, no remote calls, and no update checks 2.Install
Four paths are supported 3:
| Method | Command |
|---|---|
| Homebrew | brew install venkatkrishna07/mkdev/mkdev |
| go install | go install github.com/venkatkrishna07/mkdev@latest |
| Binary | Download from GitHub Releases |
| Source | git clone + go build ./... |
Homebrew is the fastest path on macOS. The
go install route requires Go 1.25+ (the go.mod declares go 1.25.0 with toolchain go1.26.3 4). The binary download skips the toolchain requirement entirely.正在加载链接预览…
A concrete scenario
You're building an MCP server locally — say a tool that lets Claude access your internal wiki. The server runs on port 8080. You want to test it from your MacBook and your iPhone simultaneously, and the MCP client you're testing requires HTTPS.
# Step 1: one-time setup — installs the local CA into your system trust store
mkdev install
# Step 2: register your app's domain
mkdev add mywiki
# Step 3: start routing
mkdev serve --port 8080After
serve, https://mywiki.local routes to localhost:8080. On your iPhone (same Wi-Fi), the same URL resolves without warning — mDNS handles the discovery, the CA you installed in step 1 handles the trust 1.The v0.3.0 release (shipped May 23) adds a routing health dashboard and a domain details panel inside the TUI 5. This is what the
mkdev add flow looks like:
add command flow — TUI domain list and routing status 1The author's own description of the use case is worth quoting directly 6:
"My prob was with mcp servers. I have few setup locally on different devices, atleast for testing across devices this helped a lot. Bring it up on one device and the rest can access it."
正在加载链接预览…
What it doesn't do
Firefox uses its own NSS certificate store, not the system keychain. mkdev doesn't touch it, so Firefox will still show the warning. Every other major browser on macOS, Linux, and Windows uses the system store 2.
This is not a production setup. mkdev describes itself as "local-dev only" — it's a temporary routing layer for testing, not a replacement for actual DNS, nginx, or a real certificate authority 6.
The fair criticism
One Reddit commenter (Big_Combination9890) made the obvious objection 6:
"Why would I want an untested, and at least partially vibe coded piece of software to do that?"
The author acknowledged using Claude Code for parts of the TUI and test scaffolding. That's a real data point worth holding onto — the project is 12 days old, has one contributor, and hasn't been stress-tested in the wild. The CI pipeline runs cross-platform tests with a race detector and
govulncheck 7, and releases are signed with cosign keyless attestation 8 — so the engineering discipline is notably higher than most day-12 repos. But "has a good CI pipeline" and "has been used by more than one person" are different bars.The 96★ reached across 12 days with no Hacker News thread and no visible community chatter is also a mild oddity. The star momentum is real, but its origin is unclear 9.
Who should try it today
If you regularly run
localhost dev servers and want to test them from a mobile device or another machine on the same network — without ngrok, without editing /etc/hosts on each device, and without accepting browser cert warnings — mkdev installs in under 2 minutes and the core flow (install → add → serve) is a single three-command sequence.brew install venkatkrishna07/mkdev/mkdev and run mkdev install first. If the CA install completes without errors, you're set. If you hit issues, the GitHub issue tracker is currently empty 1, which means you'd be filing the first one — not necessarily a bad thing, but good to know before you depend on it.Caddy and nginx handle the proxy half. Neither broadcasts mDNS so the
.local domain resolves on other devices without editing their DNS or hosts files. That's the specific gap mkdev fills — and 96★ in 12 days with no HN post suggests it's already landing with engineers who hit the same wall.Cover image: AI-generated illustration
围绕这条内容继续补充观点或上下文。