Protocols · SDKs · services · release evidence

Build on authority
you can verify.

Daemonet.io is the developer surface for the open Daemonet product and optional 1Man integrations. Protocol objects are signed, bounded, portable, and designed so a managed coordinator cannot quietly become the application endpoint.

$ daemonet service access request private-app

stage  device_key_proof        verified
stage  owner_policy            verified
stage  eligibility             trial 1/3
stage  destination_pass        15m
stage  signed_endpoint         verified
path   wireguard_https         direct
1man   application_data_path   false
CBORcanonical signed objects
25519device and service authority
P-256browser-held credentials
FAILclosed by default

Choose the layer you need

Open core first. Managed integration second.

A service can run entirely on self-hosted Daemonet. Integrate 1Man only for an explicit managed capability such as temporary enrollment coordination, verified public naming, availability operations, or entitlement discovery.

CORE

Daemonet application

Declare a service in the owner-signed profile, bind it to the WireGuard interface, terminate HTTPS at the origin, and choose network or identity-pass access.

Core repository →
MANAGED

1Man integration

Consume signed projection, enrollment, directory, certificate, entitlement, or availability protocols without handing 1Man identity or content custody.

1Man repository →
PUBLISH

Explicit Hub service

Select Daemon Hub only for a service the owner intentionally publishes. Hub is a typed ingress mode, not a fallback for a failed private route.

Publication boundary →

Verified service chain

Every mutable machine sits behind a stable signed identity.

Domain Authority Credentialdomain → owner authority

Portable proof assembled from three independently keyed DaemonGate receipts.

Service Manifestname · TLS key · modes · policy

Dual owner/service signatures define what the service is allowed to do.

Endpoint Leasereplaceable host · short expiry

The current host signs a bounded endpoint without becoming the stable service identity.

Directory Recordselected mode · active leases

The client verifies the complete chain before connecting through the explicit transport.

Native entitlement API

Sell access without selling the user’s identity.

The service owner chooses acceptable issuers and rights. A portable entitlement is presented to the destination; a short-lived pass opens only the declared service for the exact device key.

{
  "mode": "identity_pass",
  "revision": 7,
  "passSeconds": 900,
  "allow": [{ "principal": "profile_member:…", "validUntil": 1800000000 }],
  "entitlements": [{ "issuer": "ed25519:…", "audience": "private-app", "right": "connect" }],
  "trial": { "passSeconds": 600, "maximumStarts": 3 },
  "passIssuers": ["destination-profile-member-key"]
}

Destination authoritative

The pass issuer must be explicitly named in the owner-signed manifest. 1Man has no implicit issue key.

Atomic finite use

Trial starts and limited entitlement uses are allocated idempotently in durable destination state.

Exact network projection

Before a valid pass, the gated name and TCP port are absent from effective DNS and firewall policy. Expiry removes both again.

Namespaces are not transport

Publish only through the mode the owner signed.

`hub.daemonet.io` identifies explicit Hub ingress. `admin.daemonet.cloud` identifies the customer browser portal—not schema-owner administration. Private profile names resolve inside Daemonet. Wildcards do not silently convert one trust path into another.

ModeWho carries bytesRequired proof
Direct WireGuard + HTTPSclient ↔ owner hostprofile, pass if gated, endpoint, TLS key
Browser Directbrowser ↔ owner hostBrowser Card, endpoint lease, typed direct channel
Daemon Hub TLSexplicit Hub ↔ origin ciphertextowner-selected publication mode and origin TLS
Public originInternet client ↔ owner originexplicit public service manifest and ordinary public PKI

Reference labs and versioned integrations

Build one bounded integration at a time.

Guides show how applications fit Daemonet, with production claims separated from technical capability.

DAEMONCHAT · REACT + TYPESCRIPT

Exact-origin Embed SDK

Mount the complete accountless room in an iframe and keep messages, invitations, files, payments, and media out of the host bridge.

Integrate DaemonChat →
DAEMONPAY · PROTOCOL PREVIEW

Entitlement gate API

Turn a verified event into a signed right, challenge a missing proof, verify locally, meter finite use, and preserve a private origin.

Inspect the protocol preview →
MAIL · MANUAL TODAY

Thunderbird + Postfix + Dovecot

Keep IMAPS and authenticated submission private over Daemonet while ordinary Internet mail uses a deliberately public SMTP edge.

Open the reference lab →
PATTERN

Open-source service foundry

Apply the same separation to file platforms, media servers, source forges, documents, and business applications.

Explore software systems →

Security and release truth

Repository code is not production evidence.

Each release claim needs its own tests, destructive failure evidence, deployment review, and operational sign-off. A one-gate pre-alpha can exercise coordination but cannot claim a three-witness Domain Deed.

01

Canonical inputs

Reject unknown schemas, ambiguous encodings, unsorted capability sets, stale messages, and replayed nonces.

02

Least authority

Separate keys and stores by role. Payment observation cannot authorize access; coordination cannot mint identity.

03

Rootless edge

Tor and public edge containers run as non-root with read-only filesystems, bounded writable state, dropped capabilities, and no Docker socket.

04

Visible gaps

Unsupported browser pass handoff, missing witnesses, unavailable routes, and incomplete release evidence remain explicitly closed.

05

Test self-hosting

The managed product must continuously prove that the open product works without managed custody.

06

Report responsibly

Security findings belong at security@daemonet.io, never in a public exploit demonstration against live users.