Aster P2P RPC Framework

No VPNs. No NATs. No port forwards. Connect your AI agents to your code - anywhere. Aster punches through everything.

Aster crossing real network obstacles A stylized map where an agent and shell call services across firewalls, NAT gateways, load balancers, CGNATs, proxies, and VPNs. the internet in practice AWS / GCP / Azure DigitalOcean / Linode homelab / office AI agent your shell firewall proxy NAT load balancer CGNAT VPN Aster
Firewalls. NATs. VPNs. DNS. Certificates. API keys — on both sides — just to call one function. Aster creates authenticated service connections, not network tunnels. Leave the mess behind.

The infrastructure tax

What it costs you today vs. with Aster

Without Aster
8
things to configure, maintain, and debug
  • VPNs — another tunnel to manage
  • Firewall rules — both sides, per-port
  • NAT traversal — and good luck with CGNAT
  • TLS certificates — obtain, renew, pray
  • DNS records — just to give it a name
  • API keys — shared secrets that leak
  • Load balancer or proxy — another box to run
  • Port forwarding — and hope your IP doesn't change
With Aster
1
address — a public key
aster14TudWqdmQLgjyczpq19BnP8f4F...
  • Punches through firewalls, NATs, and CGNATs with relay fallback
  • Mutual auth at the QUIC handshake
  • No certificates, no DNS, no shared secrets
  • Direct peer-to-peer — no proxy in the middle
  • Share the address with friends and coworkers
  • Load balancing, failover, and HA — coming soon

This is all it takes

A few lines to connect. From anywhere.

aster / server
Fleet
Aster RPC — encrypted P2P calls, any language
# server.py — 12 lines, that's the whole service
@service(name="Fleet", version=1)
class Fleet:
@rpc()
async def status(self, req) -> StatusResponse:
return StatusResponse(hostname=platform.node(), ...)
# Start it
$ python server.py
aster14Y5xCM3ErHLsxX6CVsGPmPwtMFmkPEDLB7kDQfCdLZohfWBR9syYFfgR8nTo3ww34uot5HXTE
aster / cli + mcp
connected
# Call it — from anywhere, any language
$ aster call aster14Y5xCM...HXTE Fleet.status '{"node_id": "edge-7"}'
{
"hostname": "Emruls-MacBook-Pro.local",
"status": "healthy",
"uptime_secs": 3812688
}
# .claude/settings.json — expose to AI agents with security
"mcpServers": {
"fleet": {
"command": "aster",
"args": ["mcp", "aster14Y5x...HXTE", "--allow", "Fleet.*"]
}}

No hostname. No port. No shared secret. The address is the identity.

Language support

Cross-language by design — use whatever language fits the job.

Python and TypeScript shipping now.
Java, .NET, Kotlin, and Go are in progress.
Rust on roadmap.

Py Python Shipping 0.1.2
TS TypeScript Shipping 0.1.2
Jv Java In progress
.N .NET In progress
Kt Kotlin In progress
Go Go In progress
Rs Rust Planned

How it works

Identity is in the connection, not bolted on.

Connections go to who, not where

Every machine gets a permanent cryptographic address. Move it to a different network, change your IP, roam between Wi-Fi and cellular — the address stays the same. You dial the machine, not its location.

Trust built-in

Both sides prove who they are before your code runs. You control exactly who can connect, which services they can call, and when their access expires. Replaces mTLS.

Agents discover and verify services

An agent can find a service by what it does, not where it lives. The service contract is verified automatically — your Python service and their TypeScript client agree on the interface without sharing files.

When to use it

Reach for Aster when…

Behind a firewall or NAT

Your service runs on a network you don't fully control — corporate VPC, cloud subnet, home router.

On Starlink or mobile

CGNAT means no public IP. Port forwarding isn't an option. Neither is a static address.

AI agents calling remote tools

Your LLM calls tools on your home lab, a GPU box, or a colleague's machine. Aster MCP gives you capability-scoped security — allow/deny per method, per agent, with expiry.

Multi-cloud and home labs

Services in AWS, DigitalOcean, and your home lab. No VPNs or tunnels between them. Share access with friends and coworkers — scoped to exactly what they need.

Software in customer infrastructure

You ship agents into customer VPCs or on-prem racks. They phone home — without customers opening firewall rules. Fan out to hundreds of sites with no extra infrastructure.

Peer-to-peer by default

Machines connect directly. No message broker, no service mesh, no infrastructure you have to run in the middle.

Try out the walkthrough

Python pip install aster-rpc aster-cli
TypeScript npm install @aster-rpc/aster
Build Mission Control Quickstart
Open source — Apache 2.0 Read the origin story →