v1.1.3 · Open-Source Remote Access Platform

Control every machine.
No SSH. No VPN.

TucDesk is a cryptographically secure remote access platform built on ED25519 identity and AES-256-GCM tunnels. Zero broker. Zero IP logging. Full control.

Get Started Free Quick Install

tucdesk — terminal

$ curl -fsSL https://get.tucdesk.app/install.sh | bash

→ Generating ED25519 identity...

→ Registering with rendezvous...

✓ Agent started. Peer ID: abc123ef

$ tucdesk status

● Online · 2 agents · 0 sessions · Score: 94/100

█

Commits on main

Security checks

MCP tools

Platforms supported

CAPABILITIES

Everything you need to control your fleet

Built from first principles — no legacy SSH overhead, no VPN complexity. Just pure encrypted P2P tunnels.

ED25519 Identity

Each agent gets a cryptographic keypair on install. Unforgeable. No passwords. No certificates to manage.

P2P Encrypted Tunnels

UDP hole punching + TURN relay fallback. AES-256-GCM sessions with X25519 ECDH key exchange.

Policy Engine

ACL rules with conditions: time windows, command patterns, allowlists, denylists. Default-deny.

72-Check Security Audit

Automated scan across 8 categories: Identity, Crypto, Auth, Network, Data, Agent, Supply Chain, Runtime.

Terminal UI (TUI)

Full Bubble Tea terminal client. 8 screens: Agents, Sessions, Audit, Security, LAN, Recordings + more.

MCP Connector

12 tools for Claude / AI agents: list_agents, run_command, open_session, get_audit_log, and more.

Tamper-Proof Audit

Every access decision signed with ED25519. Append-only JSONL + Postgres. Immutable by design.

Fleet Management

Tag-based agent grouping, fleet runs, parallel execution, time-window validation and history.

Zero Config Install

One curl command. Auto identity generation, rendezvous registration, systemd/launchd service.

SECURITY ARCHITECTURE

Security by design, not afterthought

Every layer of TucDesk is built to be provably secure. Zero trust from the ground up.

SECURITY GUARANTEES

ED25519 IdentityUnforgeable per-agent keypair

Session EncryptionAES-256-GCM + X25519 ECDH

Relay PrivacyZero IP logging by design

Audit IntegrityED25519 signature per entry

Policy EnforcementPre-signal evaluation gate

JWT ReplaySingle-use jti + Redis TTL

Rate Limiting3-tier Redis: auth/std/upload

Security Score100 − (CRIT×30) − (HIGH×15)…

SECURITY SCORE

94/100

Grade A — Production Ready

100

Identity

100

Crypto

Auth

Network

Data

Agent

Chain

Runtime

RECENT AUDIT LOG

10:41:22●Access granted · agent abc123 → shell

10:41:18●Policy evaluated · time_window match

10:40:55●Auth: JWT jti consumed · replay blocked

PLATFORMS

Runs everywhere your machines run

macOS

Universal · DMG + PKG

Windows

x64 · EXE + MSI + Setup

Linux

amd64/arm64 · deb/rpm/apk

iOS

SwiftUI · TestFlight

Android

Compose · APK

Web/PWA

Next.js · Installable

ALSO AVAILABLE VIA

HomebrewScoopWinGetSnapAURnpmPyPIRubyGemsJSRcrates.ioChocolatey

QUICK INSTALL

Up and running in 3 steps

STEP 01

Install the agent

curl -fsSL https://get.tucdesk.app/install.sh | bash

One command installs the agent, generates your ED25519 identity, and registers with the rendezvous server. Works on macOS, Linux, and Windows.

STEP 02

Get your Peer ID

tucdesk --peer-id

Each agent has a unique, cryptographic Peer ID derived from its ED25519 keypair. Share this ID to allow connections — no IP needed.

STEP 03

Connect from anywhere

tucdesk connect <peer-id>

Open an encrypted P2P session from any device. The TUI, web dashboard, mobile app, or Claude via MCP — all use the same secure tunnel.

iOS App →Android App →Documentation →

MCP CONNECTOR

Give Claude access to your entire fleet

The TucDesk MCP connector gives Claude Desktop and Claude Code 12 tools to manage your infrastructure. Run commands, open sessions, view audit logs — all through natural language.

✓ list_agents — discover online machines

✓ run_command — execute across fleet

✓ open_session — start PTY session

✓ get_audit_log — review access history

✓ security_check — run 72-check audit

✓ file_transfer — read/write remote files

CLAUDE DESKTOP CONFIG

{
  "mcpServers": {
    "tucdesk": {
      "command": "npx",
      "args": ["-y", "tucdesk-mcp"],
      "env": {
        "TUCDESK_API_URL": "http://localhost:8090",
        "TUCDESK_API_TOKEN": "<your-token>"
      }
    }
  }
}

OPEN SOURCE · FREE TO SELF-HOST

Take control of your infrastructure

Deploy in minutes. Works with your existing machines. No vendor lock-in. Your keys, your tunnels, your data.

Create Account View on GitHub