# ADR-0008: Cross-machine reach is Tailscale; Studio endpoint is `100.105.59.118:8431`

**Status:** Accepted (Phase 1; reaffirmed Phase 2)

## Context

Desktop runs on the MacBook Pro; mobile runs on JT's phone; the
workspace-state server runs on the Mac Studio. All three need a stable IP
that survives WAN address changes, doesn't require port-forwarding, and
authenticates per-device. JT already runs Tailscale on every device for
SSH and Dropbox-bypass file shipping.

## Decision

Both desktop and mobile clients connect to the Studio at its Tailscale IP
`100.105.59.118:8431`. No public exposure. No reverse proxy. No DNS hack.
The IP is stable across the Tailscale lifetime of the Studio host. Clients
display a "disconnected" pill when the endpoint isn't reachable; mobile
also surfaces a one-line hint to verify VPN.

## Consequences

Single canonical endpoint string. No per-network configuration. Mobile and
desktop share one client adapter (`@recoil/http-adapter`) that knows nothing
about transport beyond "fetch this URL." The cost: the device must be
joined to the Tailscale network — the console does not work over public
internet without VPN. We accept that as a Recoil-product expectation: it's
a single-operator tool, not a SaaS.