The iPhone & iPad setup, under the microscope.

The steps, re-examined

Each guide step made one choice for clarity. Here's the reasoning and the roads not taken — all shaped by one hard limit: Apple doesn't let you install command-line tools on iOS.

The editor route — the browser-based loophole around Apple's rules

Apple doesn't allow VS Code as an iOS app — and no future App Store policy is likely to change that, because Apple won't approve apps that run downloaded code. But that's not the end of the editor story: a real iPad (12.9"-class screen, Magic Keyboard, fast Wi-Fi) plus a browser tab pointed at a cloud editor is, honestly, a viable workstation for review and small edits. The trick is knowing which "browser-based VS Code" path fits which moment. Here are the four real paths, with the tradeoffs Apple's sandbox imposes.

• Path A — SSH into a real machine + edit there. The spine of the iOS guide: Blink Shell or Termius into a PC, Mac, or droplet, then use the agent CLIs and nano/vim directly. No graphical editor, just a window into a real one running elsewhere.
• Path B — vscode.dev in Safari. Open https://vscode.dev. A real-feeling VS Code in a browser tab; sign in with GitHub to edit any of your repos. Limitations: no terminal, no extensions that need a runtime, ephemeral session.
• Path C — GitHub Codespaces in Safari. A full VS Code with a real Linux machine behind it, in GitHub's cloud, in a browser tab. Has a terminal, runs extensions properly (including Copilot/Cline), persists between sessions. Bills per minute when active.
• Path D — code-server on your own machine. Run linuxserver/code-server on a NAS or droplet you already own (see the Synology and Linux analyses), reach it over Tailscale from Safari. You own the box; the iPad is just the screen.

• Working Copy — a genuine Git client for iPad, the closest thing iOS has to "real development" on-device. Clone, branch, commit, push — all native, all offline-capable. The natural companion to the browser-based editor paths above for the moments you want a real Git client and not a terminal.
• Blink Shell (paid) and Termius (generous free tier) — the two solid SSH clients already noted in Step 1. Blink also includes mosh, which survives flaky connections — important on an iPad you carry between Wi-Fi networks.
• a-Shell and iSH — sandboxed mini-Linux apps that run inside iOS. Curious, limited; they cannot run the real agents. Use them for tiny script work, not as editor hosts.
• Swift Playgrounds — Apple's own coding app, mentioned for completeness. It's a Swift-on-iPad environment, not a general-purpose editor and not in the same conversation as VS Code.

• Use Safari, not Chrome. Counterintuitive but true: Safari on iPadOS handles keyboard shortcuts more cleanly in browser-based VS Code than Chrome does, and battery is better.
• "Add to Home Screen" on vscode.dev, your Codespaces URL, or your code-server URL. The result acts like a real app — full-screen, no Safari chrome, one tap to launch.
• Use a real keyboard. The Magic Keyboard, Logitech Combo Touch, or any Bluetooth keyboard with Cmd support transforms iPad editing. Without it, you're tapping glass. With it, you're not.
• External display via USB-C. Modern iPads drive an external monitor reasonably well in Stage Manager — your browser-based VS Code on a 27" screen is suddenly the same shape as a Mac editor.
• Keyboard remap: in Settings → General → Keyboard, remap Caps Lock to Escape. Mostly useful for the vim users among you, but tellingly missed.

• GitHub Copilot works fully inside Codespaces in Safari — the smoothest in-browser AI experience on iPad.
• Claude Code, Cline, Continue work in code-server (Path D) because it's a full VS Code; they generally don't work in vscode.dev (Path B), which is the sandboxed web build.
• The agent runs where the editor runs — in Codespaces, the agent is in GitHub's cloud; in code-server on your NAS, the agent is on your NAS. The iPad just shows the screen.

• The iPad is real-screen, real-keyboard hardware. Once you accept "browser is the editor," it's a genuine workstation for review, prose, small edits, and PR review.
• Codespaces is a full VS Code with full AI. Not a toy.
• Excellent battery and zero fan noise — long sessions in a coffee shop are quieter and longer than a laptop.
• Tailscale + code-server is private — your iPad reaches your own code on your own box, no third party in the loop.
• Working Copy + browser editor covers the Git pieces Safari can't.
• Cellular iPad with Tailscale = your code-server is reachable on a plane, on a train, on any cell tower.

• No native VS Code, ever. Every "real editor" option routes through a browser tab. If you hate browser-based editors, the iPad isn't your machine.
• No native Anthropic / OpenAI CLI. All agent work happens on the remote box; the iPad is the client.
• Safari quirks. Some keyboard shortcuts clash with iPadOS system shortcuts (Cmd+W closes the tab, Cmd+Tab switches apps); custom shortcuts may need re-mapping inside the browser editor.
• Codespaces bills by the minute. Auto-stop after idle (Codespaces' default 30 min) prevents runaway bills, but check the setting.
• Latency. Cellular adds round-trip lag to every keystroke. Wi-Fi is fine; spotty 5G isn't.
• No real local-AI option. An iPad can't host an Ollama model — everything happens in the cloud or on a remote machine. (Apple's on-device LLM in iPadOS 26 is for system features, not user-installed agents.)
• Two-factor and biometric flows on a remote box can be awkward over SSH — keep your second factor accessible.

• Quick PR review or read-only: vscode.dev in Safari. Zero setup, zero billing.
• Genuine work session from an iPad: Codespaces in Safari with the Magic Keyboard. Real editor, real AI, real terminal.
• Privacy-preserving iPad workstation: code-server on your own NAS or droplet, reached over Tailscale. You own everything in the loop.
• Single-file remote edit: Blink Shell + vim on the remote box. Fastest, no browser involved.
• Working Copy as your iPad Git client regardless of which editor you choose — it covers the gap the browser-based editors leave around real Git.
• Don't bother: sideloading anything to fake "VS Code on iPad," or running iSH as a serious dev environment. Neither path leads anywhere useful.

What we left out — and why

The guide is deliberately a clean six-step spine. That clarity has a cost: real omissions. Here they are, honestly, with the reason each was cut.

Trending & cool — tools worth a look

Scanning the developer conversation on X and GitHub in May 2026, here's what's hot that the guide doesn't yet mention. On iOS you can't run any of these on the phone — you reach them by SSHing into a real machine over Tailscale, where they actually run.

Getting ready for Mythos

Mythos is Anthropic's first model specialized for one domain: defensive cybersecurity. Announced April 7 2026 as the engine of Project Glasswing, it has already found a 27-year-old vulnerability in OpenBSD and bugs in FFmpeg. It is invitation-only ($25 / $125 per million tokens), shipped to 12 founding orgs and 40+ critical-infrastructure partners — not a download. Full briefing →

On iOS this matters in a specific way: the iPhone or iPad is a remote / monitoring endpoint, not where Mythos-class tools run. "Getting ready" is about preparing the machines your phone connects to:

• Get on MCP now — on your remote machines. Specialized models reach your code and infrastructure through MCP. A working MCP setup on the box you SSH into is the plug Mythos-class tools will use tomorrow.
• Have your code in Git, reachable over Tailscale. A security model is only useful pointed at your systems. Repos in Git + machines on your tailnet = ready to analyze — and your phone is how you'll check in on it.
• Tighten your own security first (Part 5). The irony: you can't safely run a vulnerability-finding model on a sloppy machine. Hardening — including the phone that controls it all — is the prerequisite, not the reward.
• Keep a clean Anthropic account & current Claude Code on the host. Access to new models lands through the same account and tooling you already use.
• Watch Glasswing. If you run anything critical (a business, rentals, client sites), the initiative is where defensive tooling will surface first.

Securing the setup — the part most guides skip

On iOS you're not running the powerful tools — you're holding the keys to the machines that do. Your phone connects over SSH to real computers that can read files, run commands, and reach the internet. That makes the phone a high-value target and the connections worth protecting. Here's how — iOS specifics first, then universal rules adapted to "you're connecting to remote machines from the phone."

• iOS apps can't run arbitrary code. The same limit that frustrates you in the guide is a genuine security win: the App Store sandbox means no app on your phone can quietly download and execute a malicious agent. That makes the iPhone a hard-to-compromise remote control — more locked-down than the Mac or PC it's driving.
• Lean into it: keep the phone the clean, trusted endpoint and let the messier, more-exposed work happen on machines you can rebuild.

• Turn on Face ID (or a strong passcode) for the device and, where the app supports it, for the SSH app (Blink and Termius both can require biometrics to open). The phone is a key ring — treat it like one.
• Store SSH keys in the SSH app's secure store. Blink and Termius keep keys in the iOS keychain / Secure Enclave rather than loose files — use that, don't paste private keys into notes or sync them through plaintext.
• Find My on, and know how to wipe. If the phone is lost, Find My lets you locate or remotely erase it before anyone reaches your machines.
• Don't jailbreak. Jailbreaking removes the very sandbox that makes iOS a hard target — it trades away your biggest security advantage. Leave it stock.

• Never paste API keys into files you might share or commit. Anthropic + GitHub run secret-scanning that auto-deactivates leaked Claude keys — helpful, but don't rely on it. Use the browser/app login flow (no key on disk) where you can.
• Keys belong on the remote machine, in its OS credential store or environment variables — never typed into the phone in plaintext.
• Rotate a key the moment you suspect it leaked; give helpers their own keys, never yours.

• Block agent access to secrets. On the machine you SSH into, configure Claude Code's permissions to deny reading .env files, SSH keys, .secrets, and certificates — and to not read its own config.
• Start agents in ask-before-acting mode on a new machine; only loosen once you trust the workflow. Don't run "auto/yolo" modes in a folder full of irreplaceable files — especially when you're driving blind from a phone.
• Work inside a project folder, not the whole drive — limit what the agent can even see.

• Tailscale + key expiry: the phone reaches your machines over the tailnet — turn on key expiry in the admin console so a lost device automatically drops off the network instead of being a standing back door. Use ACLs to restrict who can SSH where and who can reach port 11434.
• Ollama over Tailscale only: there's no Ollama on iOS — you're using a remote Ollama over Tailscale. On the host, setting OLLAMA_HOST=0.0.0.0:11434 exposes the model server to the network; only do it behind Tailscale, never on a public IP or open Wi-Fi. There's no password on Ollama by default.