Credentialless GPU Sharing
Your friend has a GPU. You need a model. They generate an invite. You scan a QR code. No API key sharing. No server setup.
The Problem
You want to use an LLM but don't have a GPU. Your teammate has a beefy machine with llama.cpp running. How do you use their model?
- Share API keys → dangerous, hard to revoke, no audit trail
- Set up Ollama / vLLM server → Docker, firewall rules, endpoint configuration, latency
- Use a proxy → another service to run, another point of failure
Every existing option either exposes credentials or requires infrastructure work. There has to be a better way.
The QueryMT Way
QueryMT's mesh networking lets nodes share LLM providers without sharing API keys. The host runs their providers normally. The guest joins with a signed invite token. Chat messages traverse the network — credentials never do.
qmtcode --mesh \ --mesh-invite="Team GPU" \ --invite-uses=5Generates QR code + invite URL.
API key stays here.
qmtcode --mesh-join=TOKENScan QR or paste URL.
Agent auto-discovers providers via DHT.
No API key needed.
Security Model
This is the key innovation. Here's exactly what happens at the protocol level:
ProviderHostActorRuns the LLM locally. Holds the API key.
API Key: locked here
Invite: ed25519 signed grant
Usage: tracked per invite
MeshChatProviderProxies chat requests to host.
API Key: none
Token: verified offline (no net)
Discovery: DHT auto-find
The guest's agent sends a ChatMessage to the host. The host runs it through its local provider (API key included). The response comes back. At no point does the guest see, touch, or need the API key. The token is verified offline using ed25519 signatures — no call to a central server.
Invite Lifecycle
qmtcode --mesh --mesh-invite="Team GPU" --invite-uses=5 --invite-ttl=7dThis creates an ed25519-signed grant with 5 allowed uses, expiring in 7 days.
• A QR code (scan with phone)
• A URL:
qmt://mesh/join/BASE64TOKEN• Share either with the guest
qmtcode --mesh-join=qmt://mesh/join/BASE64TOKENThe token is verified offline using the host's public key. No network call to a central server.
llama_cpp provider via Kademlia DHT. Routing happens transparently —
the guest's config doesn't need to specify the host's address. It just works.
How Discovery Works
QueryMT uses libp2p for the mesh layer with two discovery modes:
- mDNS (LAN): Auto-discovers peers on the same network. Zero config. Works in offices, homes, coffee shops.
- Kademlia DHT (internet): Discovers peers across networks. Invite tokens include the host's peer ID. The DHT resolves it to an address.
The guest doesn't need to know the host's IP address or port. They just need the invite token. The mesh handles routing.
Guest Config
The guest doesn't need a special config. They just need auto_fallback = true in their mesh settings.
When the guest's agent needs a provider that isn't local, it queries the mesh.
# Guest: just join and use qmtcode --mesh-join=qmt://mesh/join/BASE64TOKEN # That's it. The agent discovers remote providers automatically. # No config file needed for the guest.
Key Features
- ProviderHostActor / MeshChatProvider — host runs LLMs, guest proxies transparently
- Signed invite grants — ed25519 signatures, verified offline
- QR code encoding — share invites in person with a scan
- DHT auto-discovery — no manual endpoint configuration
- Usage limits + TTL — each invite has a max use count and expiry
- Per-invite revocation — delete one invite without affecting others
- Credential isolation — API keys never leave the host machine
Try It Yourself
# Terminal 1: Host (machine with GPU) cargo run --example qmtcode --features dashboard -- \ --mesh --mesh-invite="Demo" --invite-uses=5 --dashboard # Terminal 2: Guest (any machine on same network) cargo run --example qmtcode --features dashboard -- \ --mesh-join=qmt://mesh/join/<TOKEN_FROM_HOST> --dashboard # Guest's dashboard will show the host's llama_cpp provider # Ask the guest's agent anything — it routes to the host's model