{"id":13626178,"url":"https://github.com/flomesh-io/ztm","last_synced_at":"2026-01-30T17:02:18.091Z","repository":{"id":288686668,"uuid":"786869480","full_name":"flomesh-io/ztm","owner":"flomesh-io","description":"ZTM (Zero Trust Mesh) is a privacy-first open-source decentralized end-to-end encrypted software defined network, based on HTTP/2 tunnels. Experience boundless connectivity and mesh the globe!","archived":false,"fork":false,"pushed_at":"2026-01-29T11:34:30.000Z","size":8266,"stargazers_count":478,"open_issues_count":7,"forks_count":37,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-01-29T22:49:10.163Z","etag":null,"topics":["e2e","http-tunnel","http2-tunnel","sdn-network","tunnel","web3"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flomesh-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-04-15T13:09:23.000Z","updated_at":"2026-01-29T11:34:34.000Z","dependencies_parsed_at":"2025-05-05T04:21:53.062Z","dependency_job_id":"375ca016-0c78-49a8-a862-0ddfe2ffa6a1","html_url":"https://github.com/flomesh-io/ztm","commit_stats":null,"previous_names":["flomesh-io/ztm"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/flomesh-io/ztm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flomesh-io%2Fztm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flomesh-io%2Fztm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flomesh-io%2Fztm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flomesh-io%2Fztm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flomesh-io","download_url":"https://codeload.github.com/flomesh-io/ztm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flomesh-io%2Fztm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28915942,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T16:37:38.804Z","status":"ssl_error","status_checked_at":"2026-01-30T16:37:37.878Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["e2e","http-tunnel","http2-tunnel","sdn-network","tunnel","web3"],"created_at":"2024-08-01T21:02:12.260Z","updated_at":"2026-01-30T17:02:18.079Z","avatar_url":"https://github.com/flomesh-io.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg width=\"150px\" height=\"150px\" src=\"https://flomesh.io/img/ztm.png\" /\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://github.com/flomesh-io/pipy\"\u003e\u003cimg src=\"https://flomesh.io/img/favicon.ico\" width=\"20px\" height=\"20px\" alt=\"\"\u003e\u003c/a\u003e\n \u003cimg src=\"https://img.shields.io/badge/PipyJS-00adef\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/C++-green\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Tauri-24C8DB?logo=tauri\u0026logoColor=FFC131\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Rust-c57c54?logo=rust\u0026logoColor=E34F26\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Vite5-35495E?logo=vite\u0026logoColor=41D1FF\"\u003e\n \u003ca href=\"https://github.com/flomesh-io/ztm/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/flomesh-io/ztm\" alt=\"star\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Web-green\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/macOS-gray\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Windows-blue\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Linux-orange\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/iOS-Android-blue\"\u003e\n\u003c/p\u003e\n\n# ZTM (Zero Trust Mesh)\n\nZTM is an open source network infrastructure software for running a ***decentralized*** network. It is built upon ***HTTP/2 tunnels*** and can run on ***any sort of IP networks*** such as LANs, containerized networks and the Internet, etc.\n\n## Why ZTM?\n\nZTM lays the foundation for building ***decentralized applications*** by providing a set of core capabilities including:\n\n* Network connectivity across Internet gateways and firewalls\n* TLS-encrypted communication channels\n* Certificate-based authentication and access control\n* Decentralized application publishing and deployment\n* Decentralized file discovery and data sharing\n\nZTM can be used in various settings ranging from a ***2-node personal network connecting one's home and workplace*** to a ***10,000-node enterprise network connecting offices and branches across the globe***. Examples of applications that can leverage ZTM are:\n\n* Remote access your home computer from anywhere in the world\n* Share documents, pictures and videos within a group of people without the need of a big-tech social networking platform\n* Private and secure P2P data transfer without the fear of eavesdropping\n\n## Features\n\nZTM is written in **PipyJS**, a JavaScript dialect designed for [**Pipy**](https://github.com/flomesh-io/pipy) (https://github.com/flomesh-io/pipy). **Pipy** is an open source programmable proxy software. Thanks to **Pipy**, ZTM has many unique features on top of the capabilities it offers:\n\n* **Fast**. HTTP/2 multiplexing is fast. And **Pipy** is fast. Like, C++ fast.\n\n* **Secure**. All traffic is encrypted by TLS and has identities via certificates. By using **PipyJS**, security policy can be easily customized to meet the requirements in your organization.\n\n* **Highly customizable and programmable**, since **Pipy** in itself is a general-purpose network scripting engine.\n\n* **Portable**. Choose your CPU architecture: x86, ARM, MIPS, RISC-V, LoongArch... Choose your operating system: Linux, Windows, macOS, FreeBSD, Android... ZTM runs anywhere.\n\n## Documentation\n\n* [Architecture \u0026 Concepts](docs/Architecture-Concepts.md)\n* [CLI](docs/CLI.md)\n* [ZT-App](docs/ZT-App.md)\n* [Agent API](docs/Agent-API.md)\n* [Build](docs/Build.md) \n\n## Quick Start\n\n### Download\n\nThe easiest way to get started is download the latest binary release of ZTM from our [release page](https://github.com/flomesh-io/ztm/releases). If you prefer to have your own build from the source, you can follow the instructions in [Build](docs/Build.md).\n\n\u003e The official build releases of ZTM come in two forms of packaging: the CLI tool as a SEA (Single Executable Application), and the desktop application that wraps up the CLI tool and provides a GUI for desktop environments.\n\u003e\n\u003e In this guide, we'll be only utilizing the CLI for setting up a simple mesh. For more guides, including the usage of the desktop app, please check out our [Wiki](https://github.com/flomesh-io/ztm/wiki).\n\n### CLI Completion\n\nTo enable shell completion, run:\n\n```sh\nmkdir -p ~/.local/share/ztm/completions\nztm completion bash \u003e ~/.local/share/ztm/completions/ztm.bash\nsource ~/.local/share/ztm/completions/ztm.bash\n```\n\nFor zsh users:\n\n```sh\nmkdir -p ~/.local/share/ztm/completions\nztm completion zsh \u003e ~/.local/share/ztm/completions/_ztm\nfpath=(~/.local/share/ztm/completions $fpath)\nautoload -U compinit \u0026\u0026 compinit\n```\n\n### Setup\n\nA common setup consists of 3 nodes: 1 node running the *Hub*, the other 2 nodes running two *Agents* who wish to communicate with each other.\n\n```\n Data Center\n +-------------------------------------------+\n | Hub |\n | (state in ~/.ztm/ztm-hub.db) |\n +-------------------------------------------+\n HTTPS | Port 8888 HTTPS | Port 8888\n | |\n ------------|---------------------------------|--------------\n | Firewall |\n ------------|---------------------------------|--------------\n | |\n | Internet |\n | |\n ---------------------------- | ----------------------------\n Firewall | Firewall\n ---------------------------- | ----------------------------\n | | |\n | | |\n +--------------------------+ | +--------------------------+\n | Agent @ Home | | | Agent @ Workplace |\n | (state in ~/.ztm/ztm.db) | | | (state in ~/.ztm/ztm.db) |\n +--------------------------+ | +--------------------------+\n |\n\n```\n\n\u003e We'll only cover the setup of a Hub on Linux, since that's where they are usually run - a cloud-hosted Linux virtual machine.\n\n#### Setup a Hub\n\nSuppose you have a Linux box in the cloud, with a public IP address `1.2.3.4` and a public TCP port `8888`. Start a Hub service by typing:\n\n```sh\nztm start hub --listen 0.0.0.0:8888 --names 1.2.3.4:8888 --permit root.json\n```\n\n\u003e You might need `sudo` when executing the above command because it needs to install a service to `systemd`.\n\nNow the Hub should be up an running. Plus, a file named `root.json` should have been generated for us to allow *endpoints* to join our mesh.\n\n#### Setup Endpoints\n\nOnce the Hub gets up and running in the cloud, we can go on and add as many *endpoints* as we like to the mesh by using the generated permit file `root.json`.\n\n\u003e An *endpoint* is just a computer running in various network environments with access to the Internet.\n\nFirst, start an Agent on an endpoint computer that is going to join our mesh:\n\n```sh\nztm start agent\n```\n\n\u003e On Windows, starting as a system service isn't supported yet. You'll have to do `ztm run agent` instead.\n\nAnd then, join the mesh by saying:\n\n```sh\nztm join MESH_NAME --as EP_NAME --permit root.json\n```\n\nWhere `MESH_NAME` can be any name of your choice for identifying a mesh locally if you have many. `EP_NAME` is the name of your current endpoint seen by other endpoints in the same mesh. `root.json` is the permit file generated in our first step where a Hub is set up.\n\nIf everything works out, you can now check out the status of the mesh by typing:\n\n```sh\nztm get mesh\n```\n\nOr look up for endpoints that already joined the mesh:\n\n```sh\nztm get ep\n```\n\nFor detailed usage of the command-line tool, type:\n\n```sh\nztm help\n```\n\nIf you prefer GUI, you can open your browser and point it to `http://localhost:7777` right after command `ztm start agent`. You can join a mesh, find other endpoints, using apps and everything. Almost all functionalities ZTM provides are available from both the CLI and the GUI.\n\nRepeat the above procedure for every endpoint in your mesh. Then, you will be able to manage your mesh via terminal or browser from any endpoint in the mesh.\n\n#### Using Your Mesh\n\nOnly connecting a bunch of endpoints as a mesh isn't very useful. What makes your mesh useful is the *apps* running in it. The official ZTM releases come with a number of builtin apps including:\n\n- Tunnel - Establish secure TCP/UDP tunnels between endpoints\n- Proxy - A SOCKS/HTTP forward proxy that takes in traffic from one endpoint and forward out via another endpoint \n- Script - Execute *PipyJS* scripts remotely on an endpoint\n- Terminal - Remote access to the shell on an endpoint\n\nThird-party apps can also be installed. Also, new apps can be developed rather easily thanks to the *PipyJS* scripting capability of [**Pipy**](https://github.com/flomesh-io/pipy).\n\nTo get a list of all installed apps, type:\n\n```sh\nztm get app\n```\n\nYou can use an app from either the browser GUI or the command-line tool. On a terminal, one can access an app's CLI in a way like:\n\n```sh\nztm APP_NAME ...\n```\n\nTo find out detailed information about using an app via CLI, type:\n\n```sh\nztm APP_NAME help\n```\n\n#### CLI Commands Summary\n\nHere's a recap of what CLI commands you need to do on each computer node.\n\n```\n Cloud-hosted VM\n +---------------------------------------------------------+\n | ztm start hub --names x.x.x.x:8888 --permit root.json | ---+\n +---------------------------------------------------------+ |\n | x.x.x.x:8888 | |\n ------------|--------------------------------|------------- |\n | Firewall | |\n ------------|--------------------------------|------------- |\n | | |\n | Internet | | root.json\n | | |\n -------------------------- | -------------------------- |\n Firewall | Firewall |\n -------------------------- | -------------------------- |\n | | | |\n | | | |\n +------------------------+ | +------------------------+ |\n | ztm start agent | | | ztm start agent | |\n | ztm join my-mesh \\ | | | ztm join my-mesh \\ | \u003c--+\n | --as home \\ | | | --as workplace \\ |\n | --permit root.json | | | --permit root.json |\n +------------------------+ | +------------------------+\n PC @ Home | PC @ Workplace\n\n```\n\nFor more information on the CLI, please refer to:\n\n```sh\nztm help\n```\n\n## Quick Links:\n\n* [How-to: Using ZTM for Secure Remote Desktop Protocol (RDP) Access](https://github.com/flomesh-io/ztm/wiki/2.-HOWTO-:-using-ztm-for-secure-RDP-access)\n* [QuickStart : ZTM Tunnel](https://github.com/flomesh-io/ztm/blob/main/docs/ZT-App.md#zt-tunnel) | [Tunnel Demo](https://github.com/flomesh-io/ztm/wiki/2.-HOWTO-:-using-ztm-for-secure-RDP-access#4-configuring-ztm-tunnel-for-rdp-connection)\n* [QuickStart : ZTM Proxy](https://github.com/flomesh-io/ztm/blob/main/docs/ZT-App.md#zt-proxy)\n* [QuickStart : ZTM Terminal](https://github.com/flomesh-io/ztm/blob/main/docs/ZT-App.md#zt-terminal)\n* [QuickStart : ZTM Script](https://github.com/flomesh-io/ztm/blob/main/docs/ZT-App.md#zt-script)\n* [QuickStart : ZTM Cloud](https://github.com/flomesh-io/ztm/blob/main/docs/ZT-App.md#zt-cloud) | [Cloud Demo](https://github.com/flomesh-io/ztm/wiki/4.-HOWTO-:-File-Sharing-between-ZTM-End-Points#sharing-files-on-macos)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflomesh-io%2Fztm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflomesh-io%2Fztm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflomesh-io%2Fztm/lists"}