- Go 100%
|
|
||
|---|---|---|
| cmd | ||
| examples | ||
| internal | ||
| pkg/msg | ||
| testdata/vectors | ||
| .gitignore | ||
| CLAUDE.md | ||
| CONTEXT.md | ||
| go.mod | ||
| go.sum | ||
| README.md | ||
| SPEC.md | ||
msg
URL-to-URL messaging with cryptographic origin authentication.
Every participant is a URL. To send Alice a message, you POST to her URL. When her server receives a message claiming to be from Bob, it verifies the signature against the public key Bob publishes at his own URL. No relays, no central directory, no PKI — HTTPS bootstraps the trust.
Quick start
# install
go install <module>/cmd/msg@latest
# first-run setup (interactive: URL, TLS mode, display name)
msg init
# start the daemon (auto-TLS via Let's Encrypt by default)
msg serve
# open the inbox/compose TUI
msg
# one-shot send (for shell pipelines)
echo '{"hello":"world"}' | msg send https://bob.example/inbox
What's in this repo
- A wire protocol, defined in SPEC.md. Implementable in any language with an HTTP client and Ed25519. Test vectors under
testdata/vectors/are part of the spec. - A reference Go implementation as a single binary: HTTPS daemon, bubbletea TUI, SQLite-backed inbox/outbox.
- Examples under
examples/(Python, JavaScript, Bash) — send and receive in third-party languages, demonstrating the protocol's portability.
Why this exists
If you want to receive a message at https://alice.example/inbox and know with cryptographic certainty that it really came from https://bob.example/inbox, this is the simplest thing that works. No accounts, no shared API keys, no service in the middle.
Design
See CONTEXT.md for the design rationale, vocabulary, and explicit non-goals.
The Go binary is a reference implementation, not the source of truth. Behavior changes require test vector updates. See CLAUDE.md for contributor and AI-agent conventions.
Status
v1 in development.
License
TBD.