A relay doesn't need to read a message to forward it

MeshWhisper is messaging infrastructure built on this observation. Encrypted on the device. Forwarded as an opaque blob. Decrypted on the other end. The relay never holds a key. It doesn't need to.

Relay promiscuously. Connect selectively.
Integrate the SDK How it works →
MeshWhisper
What it does now

Where the project has grown

Like email, but private

Any app, any operator, anyone-to-anyone — end-to-end encrypted. The walls between apps were never load-bearing.

Read the post →

No DNS to seize

Relays find each other by key, not domain name. The last central choke point is gone from the routing layer.

Read the post →

Survives losing the relay

Messages deliver peer-to-peer over the local network when the relay — or the internet — goes away. On-site and air-gapped, by default.

Read the post →

See the ciphertext yourself

Tap a message in Prudence and see the exact encrypted blob the relay receives. The claim, proven on screen.

Read the post →
Node layer — live now

The backbone

One Docker container. Packet relay, store-and-forward, push notifications, media storage, and a prekey directory. Always on. Always connectable. Never holds a decryption key.

How the node works →
Device layer — first tier live

The mesh

Every device running any SDK-embedded app is a potential relay for every other. The first tier — local-network delivery that survives the relay going down — is live. The relay mesh is shared; namespaces are isolated by default, and can opt into messaging each other.

Read more →
Stage 1 — Now

First relay node live

The first relay is running at relay.meshwhisper.org. Prudence — the reference PWA built on the SDK — is live and open to use.

Try Prudence →
Stage 2

Developer adoption

Other developers deploy nodes. Multi-node privacy routing becomes real — no single operator sees both ends of a conversation. The bootstrap operator's share shrinks.

Stage 3

Mesh density

Device-layer relay becomes meaningful. Privacy strengthens automatically as a side effect of adoption — the inverse of centralised messaging.

Reference app — live now

Prudence

A fully working encrypted messenger built entirely on the MeshWhisper SDK. No phone number. No email. Username and password — your keys are derived from them, nothing is stored on a server. Messages are end-to-end encrypted before they leave your device.

Open Prudence
prudence.meshwhisper.org
Hey — can you read this?
Only me. The relay can't.
That's the point.
PQXDH + Double Ratchet · No keys on server · Works in any browser

Integrate the SDK

Use the relay at wss://relay.meshwhisper.org during development. Deploy your own node in production.

1. Scaffold
$ npx @meshwhisper/cli init
$ npm install @meshwhisper/sdk

The CLI writes a working SDK skeleton and — if you choose self-hosted — a complete node deployment: Docker Compose, generated Web Push keys, and a federation bootstrap so your relay joins the mesh.

2. Initialize
import { MeshWhisper } from '@meshwhisper/sdk';

const mw = await MeshWhisper.init(({
  namespace: 'com.example.myapp',
  node: 'wss://relay.meshwhisper.org',
  onMessage: (msg) => display(msg),
});

// PQXDH key exchange happens automatically on first contact
await MeshWhisper.send(contactId, payload);
3. Deploy your node
# on your server, from the generated meshwhisper-node/ directory
$ docker compose up -d
$ npx @meshwhisper/cli doctor wss://relay.myapp.com
Getting started → · Full API reference → · Identity patterns → · Self-hosting guide →

Learn by reading real code

Seven working integrations, each maintained as a living reference for SDK adopters. None are slides; all are git clone away.

PWA

Prudence

A complete PWA covering every SDK feature — DMs, groups, media, push, multi-device archive sync, conversation history recovery. The cross-reference doc maps each SDK feature to the file where it's wired.

prudence/REFERENCE.md →
AI agent

support-bot

A customer-service agent running as a MeshWhisper peer. ~150 lines, two modes (echo + LLM-backed with streaming replies). The relay sees only ciphertext; the agent's process sees plaintext.

examples/support-bot →
Compliance

supervised-chat

"The supervisor can read every chat" without breaking E2EE. Three actors plus a Vite + React + FlexSearch dashboard for browsing the audit log. Supervisor reads via group membership, not a backdoor.

examples/supervised-chat →
End-to-end

ticket-lifecycle

LLM triage front-line with tool-use-driven escalation to a supervised human handoff. The closest thing to a real customer-service product running on MeshWhisper, composed from the previous two examples.

examples/ticket-lifecycle →
Multi-device

linked-devices

Signal-style multi-device pairing in ~200 lines. A secondary device mints a link offer (render as QR / paste / deep link); the primary accepts; both share an account afterward. Demonstrates the createDeviceLinkOffer / acceptDeviceLinkOffer / onDeviceLinked flow.

examples/linked-devices →
Verification

verification

Phone / email verification on top of the SDK. ~200 lines, single Node process, swappable SMS gateway. Backend issues a short-lived code; client verifies and claims the handle via setIdentifier. Includes an explicit security-considerations section.

examples/verification →

local-first

On-site comms that survive losing the relay. Human chat plus a sensor fleet emitting encrypted telemetry — peers pair once via a node, then keep messaging peer-to-peer over the LAN when the node (or the whole internet) is gone. Factory floors, ships, air-gapped networks.

examples/local-first →
Browse all examples on GitHub →