The Mesh is the simple operating model behind PumaMesh.

Step 1

The Hub coordinates who belongs in the mesh, what policy applies, and what operators can see.

Step 2

Agents run on servers, laptops, clusters, cloud systems, and edge devices so policy follows the data source.

Step 3

When two Agents can reach each other, approved data moves directly instead of being forced through a central choke point.

Step 4

Relays help cross firewalls, partner boundaries, and constrained networks without exposing plaintext or merging infrastructure.

Roster

The Hub knows who is on the network, what each node is allowed to do, and who their peers are. Every entry is signed. When a node joins or leaves, the Hub announces it and every peer updates in place.

Policy

Who can move what, where, and under which classification. Policy versions are signed and travel to every node as a bundle. A change at the Hub propagates to the mesh; no node has to be restarted for the new rules to take effect.

Identity & Keys

Every node carries a post-quantum-signed identity that the Hub issued. Rotation and revocation happen on the Hub’s schedule. Nothing is shared on disk; no plaintext secret ever leaves the Hub.

Visibility

Node health, transfer history, policy drift, audit chain — one console, one source of truth. Evidence is a byproduct of every action, not a project that happens after the fact.

Two networks that cannot see each other

Your training environment and your production environment have no direct route, by design. A Relay sits between them and forwards only what policy allows. Neither side has to trust the other’s network — only the Relay, and only for the transfers the policy names.

Restrictive firewalls

When outbound ports are closed or a firewall blocks the direct peer, a Relay handles the path. Every node stays inside its security zone; the Relay does the forwarding. The mesh adapts automatically — no VPN to configure, no exception list to maintain.

Partner and B2B exchange

Cross-agency workflows, customer-to-vendor pipelines, research collaborations — a Relay lets two groups exchange data without sharing network infrastructure. Each side trusts only the Relay and only for the transfers the policy authorizes.

Remote and intermittent sites

Forward operating bases, vehicle platforms, tactical edge deployments — a Relay carries the mesh across satellite or intermittent links, buffers when the link is down, and reconciles automatically when it comes back.

Transport

Data streams over many channels at once instead of a single pipe that plateaus at a few gigabits. That is how PumaMesh sustains 25.8 Gbps across the Pacific where every legacy tool collapses. We picked a modern foundation because it was the one clean place to put post-quantum encryption.

Encryption

Data at rest is protected with node- and agent-scoped key material. Every stream in flight is encrypted against a post-quantum cipher (ML-KEM-1024) that stops a future quantum computer from reading today’s captured traffic. Applications never see the encryption, and the current cryptographic stack uses wolfSSL 5.9.1.

Routing

Every node can reach every other node, either directly or through a Relay. If a primary path fails, each node discovers alternative routes locally — no cloud controller to wait on. Visibility, communication, and the exchange of data between nodes are all governed by a robust policy engine built into the platform.

Acceleration

The off-the-shelf speed controller is tuned for browsing a web page. Ours is tuned for moving a 140 GB AI model across an ocean — which is why benchmarks hit 25.8 Gbps. And because the foundation is modern, speed never costs encryption, policy, or audit.