Concepts
Architecture, git worktrees, tmux sessions, and how they fit together.
Architecture
NomadFlowCode is built as a Rust workspace with three crates:
| Crate | Role |
|---|---|
nomadflow-core | Configuration, data models, shell utilities, git/tmux/ttyd services |
nomadflow-server | Axum HTTP server with auth middleware and WebSocket proxy |
nomadflow-tui | Ratatui TUI wizard for interactive setup |
All three compile into a single nomadflow binary.
Git worktrees
Instead of switching branches in a single working directory, NomadFlowCode uses git worktrees. Each feature branch gets its own directory:
~/.nomadflowcode/
repos/ # bare clones
my-project/
worktrees/ # one directory per feature
my-project/
feature-a/
feature-b/This means you can have multiple features checked out simultaneously without stashing or losing state.
Tmux sessions
NomadFlowCode manages a single tmux session (default: nomadflow). Each feature gets a dedicated tmux window named {repo}:{feature} to avoid collisions across repositories.
When you switch features, the server:
- Creates a worktree (if needed)
- Creates or selects the tmux window
- Changes to the worktree directory
ttyd and WebSocket proxy
ttyd exposes the tmux session as a web terminal on port 7681. The mobile app loads the ttyd HTML page directly for HTTP content.
For WebSocket connections, iOS WKWebView does not send Basic Auth headers on WebSocket upgrades. To solve this, the NomadFlowCode server provides a WebSocket proxy at /terminal/ws that:
- Authenticates via a
tokenquery parameter - Forwards the WebSocket connection to ttyd with proper Basic Auth headers
Authentication flow
Mobile App
│
├─ API requests ──► Bearer token in Authorization header
│ Server validates against auth.secret
│
├─ ttyd HTML ──────► Loaded directly (basicAuthCredential in URL)
│
└─ Terminal WS ───► /terminal/ws?token=<secret>
Server proxies to ttyd with Basic AuthFile structure
~/.nomadflowcode/
config.toml # server configuration
repos/ # bare git clones
worktrees/ # checked-out worktrees per feature