TapChat

Private messaging where your inbox belongs to you.

An early desktop alpha for end-to-end encrypted messaging with user-provisioned transport. Deploy your own Inbox and Storage, exchange a share link, and start a direct conversation without a central TapChat delivery server.

Early alpha. Not externally audited. Built for experimentation, protocol feedback, and small trusted trials.

How TapChat differs

The receive path changes everything.

TapChat keeps the most sensitive behavior in the local client, while the transport layer becomes something the user can provision and replace.

No central delivery server

Messages are appended to the recipient's transport endpoint, not routed through a single TapChat server.

Limited sending power

Contacts receive the minimum capability needed to send encrypted envelopes to the right device.

Encrypted before upload

Attachments and larger payloads are encrypted locally before becoming storage blobs.

Recovery by cursor

Sync state is reconciled by durable sequence cursors, so realtime delivery never replaces pull recovery.

Cloudflare alpha runtime

The desktop app can deploy a reference runtime using Workers, Durable Objects, WebSocket, and R2.

Delivery, rethought

A message does not travel through TapChat. It travels to the receiver's transport.

01

Encrypt locally

Plaintext is handled by the client. The transport sees encrypted protocol envelopes and encrypted blobs.

02

Upload a blob only when needed

Large payloads and attachments go to Storage as encrypted objects, then travel through messages as references.

03

Append to the recipient Inbox

The sender writes an encrypted envelope to the recipient's user-provisioned Inbox with scoped authorization.

04

Sync, decrypt, acknowledge

The receiver follows realtime hints when online and falls back to cursor fetch for recovery after disconnects.

Desktop alpha surface

From first launch to the first trusted conversation.

Create a local identity

Start with a local profile, a recovery phrase, and device-bound keys managed by the desktop client.

Explore flow

Deploy your runtime

Connect Cloudflare, provision the alpha reference transport, and verify the endpoint from the app.

Explore flow

Share a link

There is no public directory in the alpha. Contacts begin through deliberate share link exchange.

Explore flow

Accept requests

Message requests and allowlists give the receiver a simple way to control who reaches the Inbox.

Explore flow

Send encrypted attachments

Attachments use the same client-first boundary: encrypt locally, upload as blob, deliver by reference.

Explore flow

Alpha reality

Powerful enough to try. Honest enough to question.

The current release is meant for experimentation, protocol feedback, and small trusted trials. It is not a finished security product.

Ready to try

Desktop alpha, direct messaging, Cloudflare reference transport, attachments, and WebSocket sync.

Early and sharp-edged

Group chat, recovery diagnostics, multi-device flows, and deployment ergonomics are still being hardened.

Not promised yet

Mobile wakeup bridge, external security audit, and production-scale deployment guidance are not complete.

Rust CoreOpenMLSTauriReactCloudflare WorkersDurable ObjectsR2WebSocketCapability GrantsCursor SyncEncrypted BlobsMessage RequestsRust CoreOpenMLSTauriReactCloudflare WorkersDurable ObjectsR2WebSocketCapability GrantsCursor SyncEncrypted BlobsMessage Requests