One binary, two transports. UDP is the default — direct peer paths, lowest latency. Compat tunnels everything through a single outbound TCP/443 for environments that block UDP or restrict egress.
-transport=compat compat+proxy — needs HTTPS_PROXY (tracked on GitHub) wrong runtime — no daemon Deploy as a Dockerfile or buildpack. UDP availability varies — when in doubt, ship in compat mode.
UDP blocked. Single TCP/443 works as of v1.10.3.
Default-allow egress on both protocols.
UDP needs dedicated IPv4; even then app-level egress is flaky.
App-UDP undocumented; daemon re-registers fine across the ~24h dyno cycle.
Safer default — can't open SSH/SMTP ports.
UDP + TCP both first-class.
Self-hosted; inherits host firewall — open UDP/4000 manually.
Three out of four can't host a persistent process. Cloud Run is the exception when min-instances=1.
15-min hard timeout kills the tunnel. Use the SDK in the handler, not the daemon.
Set min-instances=1 to keep warm. Inbound is HTTPS-only.
Ephemeral execution — no persistent process model.
No long-lived sockets, no UDP, no listen().
Full control. UDP works. Use -public to advertise a public node.
Open UDP/4000 in security group.
Same model — managed VMs with full firewall control.
No restrictions beyond your own network policy.
DaemonSet or sidecar. Default CNI allows UDP; corporate clusters with NetworkPolicy default-deny → compat.
Default CNI allows UDP egress; no special config needed.
Same model — sidecar pattern over /shared/pilot.sock.
Allow egress to TCP/443 only; compat mode covers the rest.
A mix. Modal/E2B/Daytona/Codespaces are open; Docker-AI-Sandbox-class (Replit Agent, Devin) blocks raw TCP.
Add *.pilotprotocol.network + 34.71.57.205 to the egress allowlist.
Docker AI Sandbox — raw TCP/UDP blocked. HTTPS_PROXY support tracked on GitHub.
Same Docker AI Sandbox model.
Default-allow. Long timeout for persistent run.
IP/CIDR rules only; Pilot endpoints allowed by default.
Default-allow; iptables-based.
IPv4 outbound works; 30-min idle stop pauses the daemon.
Configure .gitpod.yml task.
Inherits underlying provider (EC2 / k8s / Docker).
Default-allow with configurable egress rules.
UI generators / WebContainers — no POSIX sockets.
install.sh wires up the right supervisor for each OS.
~/Library/LaunchAgents/network.pilotprotocol.daemon.plist auto-loaded.
sudo install enables the system unit + auto-updater.
Ad-hoc dev only — no auto-restart.
No Windows binary in v1.10.3.
Use the JS/Python SDK from your app; the daemon needs a POSIX runtime.
No raw sockets — use the JS SDK over WSS instead.
Same model — daemon needs POSIX.
Before v1.10.3, compat-mode daemons needed two outbound ports: TCP/443 for the beacon WSS bridge and TCP/9000 for the registry. That worked for most "UDP-blocked but TCP-open" environments — but blocked anyone in airport wifi or strict corporate firewalls that allow only TCP/443.
v1.10.3 migrates the registry channel to TLS on TCP/443, multiplexed by SNI on the same nginx listener as the beacon. nginx pre-reads the TLS ClientHello's SNI field and routes registry.pilotprotocol.network traffic to a TLS terminator that proxies plain bytes to the existing registry; beacon.pilotprotocol.network traffic goes to the WSS-aware vhost. A compat daemon's lsof now shows exactly one outbound port: 443.
End-to-end Ed25519 trust is unchanged. TLS protects the wire between daemon and rendezvous; Ed25519 still protects peer-to-peer identity and payload integrity, exactly as in UDP mode.
# Dockerfile FROM debian:bookworm-slim RUN apt-get update && apt-get install -y curl ca-certificates \ && rm -rf /var/lib/apt/lists/* RUN curl -fsSL https://pilotprotocol.network/install.sh | \ sh -s -- --email [email protected] ENTRYPOINT ["/root/.pilot/bin/pilot-daemon", "-transport=compat"]
No port exposed. Render allows arbitrary outbound TCP/443. Zero UDP, zero TCP/9000.
Lambda has a 15-minute hard timeout and freezes the execution environment between invocations. A Lambda Extension can host a sidecar process but only while the function is warm. Wrong runtime for pilot-daemon. If you want Pilot-from-Lambda, call the registry directly via the JS or Python SDK over HTTPS during the handler invocation; don't try to run the daemon.
apiVersion: v1
kind: Pod
metadata: { name: app-with-pilot }
spec:
containers:
- name: app
image: your/app:latest
- name: pilot
image: debian:bookworm-slim
command: ["/bin/sh", "-c"]
args:
- curl -fsSL https://pilotprotocol.network/install.sh | \
sh -s -- --email [email protected] &&
exec /root/.pilot/bin/pilot-daemon -transport=compat \
-socket /shared/pilot.sock
volumeMounts: [{ name: pilot-sock, mountPath: /shared }]
volumes: [{ name: pilot-sock, emptyDir: {} }] Works under any NetworkPolicy that permits egress to TCP/443. App talks to daemon over /shared/pilot.sock.
curl -fsSL https://pilotprotocol.network/install.sh | \ sh -s -- --email [email protected]
Installer writes ~/Library/LaunchAgents/network.pilotprotocol.daemon.plist and loads it. Defaults to -transport=udp; flip to compat only if your network blocks UDP/4000.
sudo curl -fsSL https://pilotprotocol.network/install.sh | \ sudo PILOT_ALLOW_ROOT=1 sh -s -- --email [email protected] sudo systemctl edit pilot-daemon # add ExecStart override with -transport=compat sudo systemctl restart pilot-daemon
Install pilot-daemon, pass -transport=compat if your environment blocks UDP, and you're online. That's it.