Cryptographic identity, not credentials
Every agent generates an ED25519 keypair at install time. Registration with the rendezvous server requires a valid signature. No shared passwords. No centrally managed credentials to rotate.
ED25519 Identity Generation
Each agent identity is derived from a local keypair generated at install time. The public key becomes the permanent agent identity. Reinstalling the agent creates a new cryptographic identity instead of reusing shared credentials.
Signed Registration
Agent registration requires a valid ED25519 signature over a timestamp and nonce. The rendezvous server rejects replayed registration payloads inside the LRU + TTL replay window.
Heartbeat Tracking
Agents send signed heartbeats to the rendezvous server. Online state updates in real time, while stale agents fall offline after the heartbeat TTL window expires.
Pairing Key Workflow
New agents generate a human-readable pairing key. Operators redeem it in the dashboard to bind the agent to their team, and the key expires after first use.
End-to-end encrypted. Relay cannot decrypt.
The transport model treats relay nodes as untrusted infrastructure. Encryption is negotiated between the session endpoints, and every relay packet remains ciphertext.
X25519 Key Exchange
Every session negotiates fresh X25519 material between the operator side and the agent side. Session keys are ephemeral and are not stored after disconnect.
AES-256-GCM Sessions
Terminal data, command output, file transfer, and future session streams are encrypted with AES-256-GCM before they touch the relay path.
HKDF Key Derivation
Both ends derive session keys with SHA-256 HKDF and the explicit label tucdesk-session-v1. Protocol mismatch fails closed before payload processing.
Relay Fallback
When direct connection fails, the relay provides UDP/TCP fallback transport. It forwards ciphertext only and cannot distinguish readable session content.
Scale from one machine to ten thousand
Agent tagging
Group agents by environment, owner, role, or risk class. Tags drive fleet runs and policy targeting.
Command details →Fleet run
Execute approved commands across many agents in parallel and inspect per-agent output, duration, and error state.
Command details →ACL policy
Allow or deny access by agent, team, tag, and time window. Policy evaluation is team-scoped and audit-visible.
Command details →Session recording
Capture terminal sessions in asciinema-compatible format with signed audit context and tenant-prefixed storage paths.
Command details →Command approval gate
High-risk operations stop for human confirmation before execution. The decision and actor are written to audit.
Command details →Address book
Curate known endpoints, ownership notes, favorites, use counts, and operational context for repeated access.
Command details →Your fleet, controlled by intent
TucDesk exposes a controlled MCP surface for AI operators. Tools can inspect state and request execution, but approval gates, ACL evaluation, and audit logging remain in the data path.
list_agents
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
get_agent
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
connect_session
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
run_command
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
list_sessions
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
get_audit_log
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
list_fleet_runs
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
get_recording
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
list_address_book
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
get_security_posture
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
manage_acl
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
pair_agent
Team-scoped MCP tool with request validation, permission checks, and immutable audit output for operator review.
Deny by default, allow by policy
| Control | How it works |
|---|---|
| Open mode | Permits normal access while still recording actor, target, and session metadata. |
| Allowlist mode | Only explicitly allowed agents, tags, teams, or windows can be reached. |
| Blocklist mode | Blocks specified high-risk targets while allowing routine workflows. |
| Time windows | Restrict access to maintenance windows or approved incident response periods. |