Daemonet application
Declare a service in the owner-signed profile, bind it to the WireGuard interface, terminate HTTPS at the origin, and choose network or identity-pass access.
Core repository →Protocols · SDKs · services · release evidence
Daemonet.io is the developer surface for the open Daemonet product and optional 1Man integrations. Protocol objects are signed, bounded, portable, and designed so a managed coordinator cannot quietly become the application endpoint.
$ daemonet service access request private-app
stage device_key_proof verified
stage owner_policy verified
stage eligibility trial 1/3
stage destination_pass 15m
stage signed_endpoint verified
path wireguard_https direct
1man application_data_path falseChoose the layer you need
A service can run entirely on self-hosted Daemonet. Integrate 1Man only for an explicit managed capability such as temporary enrollment coordination, verified public naming, availability operations, or entitlement discovery.
Declare a service in the owner-signed profile, bind it to the WireGuard interface, terminate HTTPS at the origin, and choose network or identity-pass access.
Core repository →Consume signed projection, enrollment, directory, certificate, entitlement, or availability protocols without handing 1Man identity or content custody.
1Man repository →Select Daemon Hub only for a service the owner intentionally publishes. Hub is a typed ingress mode, not a fallback for a failed private route.
Publication boundary →Verified service chain
domain → owner authorityPortable proof assembled from three independently keyed DaemonGate receipts.
name · TLS key · modes · policyDual owner/service signatures define what the service is allowed to do.
replaceable host · short expiryThe current host signs a bounded endpoint without becoming the stable service identity.
selected mode · active leasesThe client verifies the complete chain before connecting through the explicit transport.
Native entitlement API
The service owner chooses acceptable issuers and rights. A portable entitlement is presented to the destination; a short-lived pass opens only the declared service for the exact device key.
{
"mode": "identity_pass",
"revision": 7,
"passSeconds": 900,
"allow": [{ "principal": "profile_member:…", "validUntil": 1800000000 }],
"entitlements": [{ "issuer": "ed25519:…", "audience": "private-app", "right": "connect" }],
"trial": { "passSeconds": 600, "maximumStarts": 3 },
"passIssuers": ["destination-profile-member-key"]
}The pass issuer must be explicitly named in the owner-signed manifest. 1Man has no implicit issue key.
Trial starts and limited entitlement uses are allocated idempotently in durable destination state.
Before a valid pass, the gated name and TCP port are absent from effective DNS and firewall policy. Expiry removes both again.
Namespaces are not transport
`hub.daemonet.io` identifies explicit Hub ingress. `admin.daemonet.cloud` identifies the customer browser portal—not schema-owner administration. Private profile names resolve inside Daemonet. Wildcards do not silently convert one trust path into another.
Reference labs and versioned integrations
Guides show how applications fit Daemonet, with production claims separated from technical capability.
Mount the complete accountless room in an iframe and keep messages, invitations, files, payments, and media out of the host bridge.
Integrate DaemonChat →Turn a verified event into a signed right, challenge a missing proof, verify locally, meter finite use, and preserve a private origin.
Inspect the protocol preview →Keep IMAPS and authenticated submission private over Daemonet while ordinary Internet mail uses a deliberately public SMTP edge.
Open the reference lab →Apply the same separation to file platforms, media servers, source forges, documents, and business applications.
Explore software systems →Security and release truth
Each release claim needs its own tests, destructive failure evidence, deployment review, and operational sign-off. A one-gate pre-alpha can exercise coordination but cannot claim a three-witness Domain Deed.
Reject unknown schemas, ambiguous encodings, unsorted capability sets, stale messages, and replayed nonces.
Separate keys and stores by role. Payment observation cannot authorize access; coordination cannot mint identity.
Tor and public edge containers run as non-root with read-only filesystems, bounded writable state, dropped capabilities, and no Docker socket.
Unsupported browser pass handoff, missing witnesses, unavailable routes, and incomplete release evidence remain explicitly closed.
The managed product must continuously prove that the open product works without managed custody.
Security findings belong at security@daemonet.io, never in a public exploit demonstration against live users.