Daemonet Cloud
DaemonetConnect

Private-alpha managed infrastructure

Reach what you own.
Keep owning it.

Daemonet Cloud is where customers use 1Man’s managed coordination, verified access, names, entitlements, and operations. Your Daemonet remains the identity provider and your hosts remain the application endpoints.

Invitation-gated private alpha. Payments remain disabled until public beta and explicit operator activation.

DAEMONET CLOUD / 1MANPRIVATE ALPHA
  1. 01Browser or native device proves its own key
  2. 02Owner-signed profile and service policy are verified
  3. 03Destination validates allowlist, entitlement, or trial
  4. 04A short signed endpoint record is returned
  5. 05Client leaves 1Man and connects to the owner host
applicationDataPath = false
FREEby default
KEYinstead of password identity
SHORTpasses and endpoint leases
DIRECTordinary application path

The managed product

1Man operates the introduction—not the relationship.

Use 1Man to attach infrastructure, enroll devices, prove names, obtain certificates, coordinate reachability, integrate entitlements, observe availability, and support migrations. It has no right to approve your device, rewrite your profile, recover your identity, or receive ordinary application bytes.

ACCESS

Universal enrollment

One-time encrypted ceremonies connect a fresh browser or thin client to an approval made by a device that already holds your authority.

VERIFY

Names and services

Portable Domain Deeds and owner-signed service manifests bind names, TLS keys, modes, policy, and replaceable endpoints.

OPERATE

Availability and surgery

Short host leases, health evidence, drain, canary, failover, rollback, and migration change machines without changing service identity.

Native service authorization

Lock one app to the exact people and time you choose.

The access policy is embedded in the service owner’s signed manifest. 1Man can display and integrate it, but only a key explicitly named by the owner can issue the destination-verifiable pass.

Profile network policy

First decides whether these members may communicate at all.

+
Service access policy

Then requires an allowlisted principal, a portable entitlement, or a timed trial.

Device-bound pass

Opens only the exact service port and DNS answer until the signed expiry.

Direct host connection

WireGuard and origin HTTPS carry the application data without 1Man.

Named access

Authorize an exact profile member or Daemonet user from a start time through a hard expiry.

Portable entitlement

Accept an owner-selected issuer, resource, audience, and right. Finite uses are allocated atomically at the destination.

Timed trials

Offer X starts of Y minutes, or unlimited starts. Each accepted start receives a new bounded pass; counters survive retries.

Stable names, explicit surfaces

Domains describe responsibility.

Public marketing, managed control, developer infrastructure, explicit Hub publication, and private profile DNS are different products and trust paths. A wildcard does not make them interchangeable.

daemonet.comcompany and open-source product
daemonet.cloudmanaged customer access and 1Man operations
admin.daemonet.cloudcustomer browser portal; device-key enrollment is still required
daemonet.iodeveloper docs, protocols, SDKs, and releases
hub.daemonet.ioexplicitly published Daemon Hub ingress only
private.profile.daemonetprofile-owned private DNS; not a public Cloud account name

Schema-owner and invitation-administration tools are never served by the public portal. Verified public service publication still requires a portable Domain Deed backed by three independent Daemongate witnesses. A one-gate pre-alpha may test coordination, but it cannot mint that proof.

Cloud without custody

The managed layer stays narrow on purpose.

Daemon Hub is the only 1Man feature allowed to carry application traffic, and only for a service whose owner explicitly selects publication. It is never an emergency fallback for private access.

01

No cloud identity takeover

A portal session or conventional administrative record never becomes the user’s Daemonet identity.

02

No topology warehouse

Temporary coordination records expire; devices remain authoritative for profiles and relationships.

03

No document path

1Man does not receive, cache, inspect, store, or relay direct service content.

04

No payment custody

A receive-only watcher observes settlement to the operator wallet and cannot sign, sweep, spend, or refund.

05

No privacy upsell

Paid capabilities buy managed operations and capacity—not a less exploitative privacy tier.

06

No quiet downgrade

If the requested identity, entitlement, route, certificate, or transport proof fails, access stops visibly.