Aegis is natively a pure, peer-to-peer cryptographic network. Coupled with the Aegis Cloud Relay, it effortlessly punches through firewalls to create a seamless, indestructible communication mesh.
Without strict firewalls, Aegis nodes naturally form a pure, serverless mesh network. They use a gossip protocol to continually share peer lists. Click through the steps below to see how nodes auto-discover each other.
Alice is online. Her node is actively listening, but no peers are connected yet.
Native P2P is flawless until it encounters a strict home router. Here is how the Cloud Relay solves the modern internet's strict NAT configurations.
By default, Aegis looks for an open route. If Alice and Bob are on the same local network, or have open routers (UPnP enabled), their nodes will connect directly to each other with zero middlemen required.
However, most home and mobile networks use strict NAT firewalls. If Alice and Bob are both at home behind strict firewalls, their routers will block incoming direct connections, isolating them from the mesh.
To fix this, users can optionally connect to an Aegis Cloud Relay. Because the Relay is hosted on a public server (like AWS) with no firewalls, Alice and Bob can both easily connect to it, allowing it to seamlessly bridge their connection.
To preserve total decentralization, the Aegis Cloud Relay is not built-in to the application by default. If you are having trouble connecting to friends, follow these steps to manually add our public, 24/7 AWS Relay node to your mesh.
Open your Aegis Desktop Application.
In the top right navigation bar, click the "Peers" status button (e.g., "0 Peers").
Paste the following IP address into the "Manual Override" input box:
Click "Connect". Your node will now use the AWS relay to automatically punch through your firewall and sync with the global mesh!
If Alice and Bob are both behind firewalls, they can use the Relay as a secure middleman. Click to visualize the data flow.
Project Aegis consists of two separate binaries programmed in Go.
The `main.go` file. This is the desktop/local application run by the end user. It contains the entire UI, cryptographic keychains, and local database.
The `main2.go` file. A headless (no UI) propagator installed on cloud servers like AWS or DigitalOcean. It bridges incompatible peers.
Because anyone can sync a P2P ledger, booting a user requires cryptographic enforcement. When an Admin issues a `PLATFORM_BAN`, two things happen:
A classic community management tool, adapted for decentralized CRDTs. When an admin issues a `PLATFORM_SHADOW_BAN`, the target's Root Hash is flagged. The target can still push messages to the network, and their own node shows the messages as "Sent". However, every other client node silently drops the packets upon arrival, rendering the spammer invisible without them realizing it.
Since there is no central database to "delete" a message from, admins broadcast a `TOMBSTONE` packet referencing a Message ID. When peers receive it, their nodes overwrite the local database entry's text and files, marking it as "[Purged by Powernode]".