Let your coding agent hand off work to a machine you control — without leaving your session.
cmesh gives the coding agent on your machine (Claude Code, Codex) a tool to delegate a scoped, policy-gated task to a coding agent on another machine you control, over a private Tailscale tailnet, and get a structured, auditable result back.
You're on your Mac with Claude Code open, but the work belongs elsewhere: a Linux box for production-like builds, a Windows machine for native tests, a bare-metal server with the exact service state you need to inspect. If both machines are on your tailnet and the far one has a runner installed, cmesh turns that handoff into a single tool call your agent makes for you.
Use cmesh to ask the datacenter server to inspect /srv/myapp and check why the deploy failed.
Your agent keeps running on your Mac. The work runs on the server. In testing, cmesh has run Linux builds, inspected services, and changed a Windows wallpaper — all driven from a Mac over the tailnet.
Experimental - read this: cmesh causes real changes on real machines. Do not use it on anything you love: machines, repos, credentials, or data you cannot afford to lose. This is not enterprise remote management; it is an experimental agent delegation mesh for trusted private networks, and every worker profile is real authority on that machine. Start on trusted machines with narrow peer and cwd allowlists and the
queryprofile. See docs/security.md.
- Your local agent calls the cmesh MCP tool on loopback.
- Your local daemon checks outbound policy and dispatches over Tailscale.
- The worker daemon rejects any non-tailnet source.
- It verifies the caller via Tailscale LocalAPI
whois— Tailscale decides who is connected. - It checks inbound policy: allowed peer, cwd, profile, runner — cmesh decides what they may do.
- It runs its local Claude Code / Codex runner and stores a durable, audited result.
- Your agent polls status and fetches the result, treated as untrusted claims.
The MCP surface is never exposed to the network: the only endpoint is local loopback on the machine running the agent.
Two things you do by hand. Everything else, you do by talking to your agent.
1. Install the binary and register the MCP (do this on each machine):
curl -fsSL https://raw.githubusercontent.com/somoore/cmesh/main/scripts/install.sh | shOn Windows, run the PowerShell one-liner instead:
powershell -NoProfile -ExecutionPolicy Bypass -Command "irm https://raw.githubusercontent.com/somoore/cmesh/main/scripts/install.ps1 | iex"The installer detects your OS and CPU architecture, downloads the matching release archive, puts cmesh on PATH, and registers a stdio MCP entry in the agents it detects.
2. Open a new agent session and say:
help me setup cmesh
From there the cmesh MCP wizard drives everything — detecting Tailscale and peers, writing config after you confirm, starting the daemon, and walking the two-machine handshake. To add a second machine, install cmesh there and say continue helping me configure cmesh for this new node. Full instructions, profiles, and example prompts live in docs/quickstart.md.
| Doc | What's inside |
|---|---|
| Why cmesh? | The latest thesis for cmesh over SSH plus tmux |
| Concepts | What cmesh is, why it exists, and the mental models |
| Quickstart | Install, setup wizard, two-machine handshake |
| Architecture | Surfaces, request lifecycle, trust boundaries, data model |
| Commands | The cmesh CLI surface |
| MCP tools | Delegation tools your agent calls |
| MCP onboarding tools | The setup-wizard tool surface |
| Configuration | config.toml reference |
| Security model | Threat model, defense in depth, hardening |
| Delegation guidance | Writing good tasks and reading results |
| Runner manifests | How runners declare capabilities |
| Tailscale grants | Restricting mesh reachability |
| Roadmap | Planned hardening and intentional non-goals |
| Contributing | Local checks and contribution expectations |
| Release | Release process |
| Development | Building and contributing |
cmd/cmesh CLI and daemon entrypoint
internal/ daemon, policy, store, runner, and RPC packages
schemas/ JSON Schemas
examples/ runnable config and Tailscale grant examples
docs/ architecture and operator guidance
cmesh uninstallIt mirrors the installer — removing the MCP is the core action; anything else is separately consented. Details in docs/quickstart.md.
cmesh is licensed under the Apache License 2.0.