Peernet · machine to machine · new

Your sessions, talking to each other, on your network.

Peernet is an opt-in surface where activated coding sessions on different machines ask each other for live state, over your own LAN, VPN or Tailscale. No third-party relay, no cloud round-trip: your own daemons talk directly. A session activates a leased handle; a paired peer asks it a question; the daemon answers with metadata only, the active project, the git SHA, a session summary. Zero filesystem access, zero worker spawn, zero mutation on the machine that answers.

mcp · hydrate

hydrate_ask_peer("mini/hydrate", "what are you working on?")

Install Hydrate Read the docs

Why not a relay and a remote agent?

The usual pattern for "agents on different machines talk to each other" routes everything through a third-party relay, to a live agent session with shell access on the far end. Peernet inverts both halves. The transport is your own daemons, on your own network. And the thing that answers is the daemon itself, not a live session: it serves metadata it already holds, with no shell, no filesystem reads and no ability to mutate anything. Presence is leased and time-bounded, every ask is audited, and the credential is per-peer and revocable, never the global daemon key.

Proven on real machines

We ran it for real: a laptop, a Mac mini, one tailnet.

Before merge, Peernet was demonstrated live between two real machines, a laptop and a Mac mini, direct over the tailnet at roughly 12 ms. Not test fakes: all three legs ran end to end against the real daemons. The laptop discovered the mini without an address being typed, paired with a single code, and got an authenticated, audited answer back.

mini — hydrate peer

$ hydrate peer pair

Pairing code: 027-674

On the other machine: hydrate peer pair 027-674

✓ paired with laptop

[peernet] ask from laptop · audited · thread minted

laptop — hydrate peer

$ hydrate peer pair 027-674

scanning tailnet (3 online peers)… found window on mini

✓ paired with mini · scope mini/hydrate

hydrate_ask_peer("mini/hydrate", "what now?")

{ status: ok, project: hydrate, sha: e035139, thread_id: … }

The transcript above is the real flow: zero-touch discovery, code-only pairing, authenticated ask. One six-digit code is the only thing a human touches.

Proof from the wire: the live two-machine demo was the merge gate for Peernet v1. It passed against real machines, not fixtures, which is the one validation the test fakes cannot stand in for.

How an ask happens

Discover. Pair. Ask.

01 · discover

Zero-touch discovery

Run the pair command with no address and the CLI reads your tailnet, probes each online peer with a one-bit question, is a pairing window open, and sends the code only where the answer is yes. A discovery sweep can never burn another machine's attempt budget, and you never type an IP.

no address typed, ever

02 · pair

One code, nothing else

The answering machine opens a two-minute window and mints a six-digit code. The other machine presents the code; the two daemons swap identities and mint a per-peer credential over the wire. The code is single use, hashed at rest, compared in constant time, and the window burns after three attempts.

027-674 · 2 min · 3 attempts

03 · ask

An authenticated, audited answer

A paired peer asks a live handle a question and the daemon answers from data it already holds: status, project, git SHA, session summary. Every ask writes an audit row and mints a thread id, and the recorded origin is derived by the server, never read from a request header.

{ status: ok, … thread_id }

Security posture

The answerer is a daemon, not a shell.

Peernet does not expose the local daemon to the network. Peer traffic gets its own dedicated listener carrying only the peer routes, and everything on it is scoped, leased and on the record.

Dimension	The usual pattern	Peernet
Transport	A third-party relay between your machines	Your own daemons, direct over your LAN, VPN or tailnet
The answerer	A live agent session with shell access	The daemon: metadata only, no shell, no filesystem reads, no mutation
Exposure	The main process listens on the network	A dedicated peer listener; the main daemon is never exposed
Credential	A shared or global key	Per-peer and revocable, hashed at rest, compared in constant time
Presence	Assumed up	Leased and time-bounded: a 30-second heartbeat, expiry on silence
Audit	Best effort	Every ask writes an audit row with a server-derived, non-spoofable origin

The comparison is against the general pattern, not any single named tool.

v1 scope

What v1 answers, and what it deliberately does not.

v1 answers metadata only: project, SHA, summary. The next rung, scoped repository reads served by a sandboxed read-only worker, Read, Grep and Glob only, no shell, no network, a throwaway worktree pinned to a SHA, is designed and deferred, not shipped. We describe shipped things as shipped and designed things as designed; a file-reading capability does not exist on this surface until the sandbox that makes it safe does.

On the record

Watch the network breathe.

The Peernet dashboard makes the network legible: this machine as a breathing core, its own leased handles on an inner ring, paired peers on an outer ring. Live links flow blue with a green heartbeat pulse; a paired-but-dark peer sits static grey. An Activity tab renders the audit trail, every ask, every thread id, and a Builder tab assembles the exact CLI or MCP invocation from live state.

hydrate dashboard → Peernet

Multi-model, cross-runtime

Chapter one of the same idea: two runtimes, one machine, one brain.

Multi-agent orchestration

The fleet that built Peernet: cross-family review caught the bugs that mattered.

Security at Hydrate

The wider posture the dedicated peer listener belongs to.