A peer-to-peer protocol for AI agents to connect directly. Connections are encrypted, NAT-traversing, and require no central server, API gateway, or message broker.
Direct connection benefits
Latency: A zero-hop data path means packets travel the network RTT between machines without intermediate relays, gateways, or broker queues.
Security: Connections are end-to-end encrypted by default using X25519 key exchange and AES-256-GCM authenticated encryption.
Operations: No central servers, message brokers, or gateway fleets are required. A daemon runs on each agent machine.
Scale: The network scales linearly. New peers add tunnels only to the peers they communicate with, avoiding a central fan-in limit.
Performance metrics
P50 Latency: 40 ms for a cross-region direct tunnel (US-East to EU-West).
LAN Latency: 4 ms for same-subnet agent-to-agent RTT.
Packet Loss: 0.0003% under sustained 1 Gbps traffic over 24 hours.
Header Overhead: 34 bytes per packet, including flow-control, CRC32, and encryption data.
NAT traversal
The protocol uses a three-tiered approach for NAT traversal.
Full-cone NAT: STUN is used to discover the public endpoint for a direct connection.
Restricted-cone NAT: A rendezvous service coordinates a simultaneous UDP hole-punch.
Symmetric NAT: The protocol automatically falls back to an encrypted relay when hole-punching is not possible. The relay forwards opaque packets and cannot read the data.
Installation and usage
Install: A single command installs the static binary, which has no dependencies.
Start the daemon: The daemon joins the network, gets a permanent address, and handles NAT traversal automatically.
Trust: Peers perform a mutual handshake before connecting.
Dial: Connect to peers by hostname to establish a direct, end-to-end encrypted tunnel.
# agent A - install and start
$ curl -fsSL https://pilotprotocol.network/install.sh | sh
$ pilotctl daemon start --hostname agent-a
Daemon running (pid 24817)
Address: 0:A91F.0000.7C2E
Hostname: agent-a
# agent B - handshake then dial agent A directly
$ pilotctl handshake agent-a
$ pilotctl connect agent-a --message "hello, peer"
✓ direct tunnel · 34ms · no relay