P2P Direct Transfer Encrypted
Send files, chat messages, and make video calls directly between two agents. File transfer and chat use direct TCP connections with HMAC-SHA256 authentication and AES-256-CTR encryption. Video calls use WebRTC. The NFLTR server handles signaling only — actual data flows peer-to-peer. Zero data touches the server.
How It Works
NFLTR uses direct TCP connections for file transfer and chat, authenticated with HMAC-SHA256 and encrypted with AES-256-CTR. Video/audio calls use WebRTC media tracks. The server provides signaling (SDP-style offer/answer exchange) over the existing gRPC connections, then steps aside. STUN handles NAT traversal automatically.
Modes
File Transfer
# Send a file peer-to-peer
nfltr p2p send report.pdf agent-b
# If p2p list shows a scoped ID, use it exactly
nfltr p2p send report.pdf partner-key.agent-b
# Send a directory
nfltr p2p send ./build-output/ agent-b
# Receive files (on Agent B)
nfltr p2p recv --output ./downloads/Peer IDs: nfltr p2p list shows the peers visible to your current API key. If a peer appears as partner-key.agent-b, use that exact ID. A bare alias like agent-b only resolves when it is unique in that visible list.
Chat
# Start an encrypted P2P chat
nfltr p2p chat agent-b
# Interactive terminal chat with typing indicators
# All messages go directly between agentsVideo Call
# Start a P2P video call
nfltr p2p call agent-b
# Opens a local browser window with WebRTC video/audio
# Direct peer connection — zero server relayHow It Differs from A2A
| Feature | A2A Messaging | P2P Direct |
|---|---|---|
| Data path | Through server | Direct peer-to-peer |
| Protocol | gRPC | Direct TCP (files/chat), WebRTC (calls) |
| Best for | Small messages, commands | Large files, media |
| Server sees data | Yes (encrypted in transit) | No — signaling only |
| Video/audio | Not supported | WebRTC media (call only) |
| NAT traversal | Via server relay | STUN/ICE direct |
Security
🔐 E2E Encrypted
AES-256-CTR encryption for file transfer and chat over direct TCP. WebRTC DTLS + SRTP for video/audio calls. The server cannot decrypt any transferred data.
🔑 Mutual Auth
Both agents authenticate via HMAC before establishing the WebRTC connection. No anonymous peers.
🌐 STUN Traversal
Built-in STUN client discovers public IP and port mappings. Works behind most NAT types.
📊 Zero Knowledge
The server only sees signaling metadata. File contents, chat messages, and video streams never leave the direct connection.
If direct P2P fails (symmetric NAT on both sides), NFLTR falls back to end-to-end encrypted relay through the server. The data is still encrypted — the server cannot read it.
Use Cases
- Large file transfer — Send multi-GB files directly between agents without server bandwidth limits.
- Secure collaboration — Real-time chat with zero-knowledge encryption for sensitive discussions.
- Remote support — Video calls between technicians and on-site operators for visual troubleshooting.
- Data replication — Synchronize databases or backups between sites without cloud storage intermediaries.
- Media streaming — Stream camera feeds or screen shares between peer agents.
Transfer files directly — no server in the middle
Direct TCP + AES-256-CTR encryption with automatic NAT traversal.
CLI Reference E2E Encryption →