中文 | English
E2EE ephemeral chat – create a room, share the key, chat securely, everything disappears.
A minimalist end-to-end encrypted chat application. Create a temporary room, generate a unique key to share with your peers, and all messages are encrypted end-to-end. The server only relays ciphertext – it cannot read any chat content. No signup required, open and use.
Create a room, share the key, chat securely — everything disappears.
- 🌐 Live Demo: arthas-blush.vercel.app
- 📖 Project Website: michaelwang123.github.io/arthas
- 🔒 End-to-End Encryption – AES-256-GCM + Ed25519 signatures, server has zero knowledge
- ⚡ Real-time Communication – WebSocket full-duplex, instant message delivery
- 📎 Encrypted File Sharing – Chunked encryption, image thumbnails, drag & drop upload
- 🎤 Encrypted Voice Messages – Push-to-Talk recording, Opus encoding, fully encrypted
- 📱 QR Code Sharing – Scan to join, no manual code entry needed
- ⏰ Room Expiry – Set validity period (1h/24h/7d), auto-destroy when expired
- 🔑 Key as Invitation – One string contains both room address and decryption key
- 🗑️ Self-Destruct Messages – Optional auto-disappear (10s/30s/60s/5min), client-side only
- 💬 Reply & Reactions – Quote replies + emoji reactions, all encrypted
- 🔐 Room Password – Optional password protection against unauthorized access
- ✍️ Ed25519 Signatures – Tamper detection, receiver can verify sender identity
- 🤖 AI Agent Channel – OpenClaw plugin for E2EE AI conversations, server sees nothing
- 🖥️ CLI Client – Standalone Go binary, create/join encrypted rooms from terminal
- 🌐 i18n – English / Chinese / Japanese, auto-detects browser language
- 🚫 No Signup – No accounts, open and use immediately
- 🏠 Self-Hostable – Single binary zero-dependency, or Docker Compose with auto HTTPS
Key design principles:
- Zero Knowledge — Server is a blind relay, never sees plaintext
- Same Protocol — Web, CLI, and AI Agent use identical E2EE (fully interoperable)
- Binary Protocol — MessagePack ciphertext transport, efficient and compact
| Layer | Scheme | Purpose |
|---|---|---|
| Transport | WSS (TLS 1.3) | Protect metadata in transit |
| Application | AES-256-GCM | End-to-end message encryption |
| Authentication | Ed25519 | Message signature verification |
| Layer | Technology | Purpose |
|---|---|---|
| Crypto | Web Crypto API | AES-256-GCM E2EE, native hardware acceleration |
| Frontend | React 18 + TypeScript | Component-based UI, type-safe |
| State | Zustand | Minimal state management |
| Styling | Tailwind CSS | Utility-first CSS |
| Build | Vite 6 | ESBuild pre-bundling, sub-second HMR |
| Protocol | WebSocket (WSS/TLS 1.3) | Full-duplex real-time, TLS transport encryption |
| Serialization | MessagePack | Binary encoding, 30-50% smaller than JSON |
| Backend | Go 1.23 + gorilla/websocket | Goroutine concurrency, pure message relay |
| Deploy | Vercel + HF Spaces (Docker) | Frontend/backend split, zero-cost start |
| Self-Host | Go embed + Caddy + Docker | Single binary or Docker Compose, one-click deploy |
# Tier 1: Single binary (all-in-one, recommended)
./arthas-server-all-linux-amd64 --port 8080
# Tier 2: Docker (pre-built image from GHCR)
docker run -d -p 8080:8080 ghcr.io/michaelwang123/arthas:latest
# Tier 3: Docker Compose (auto HTTPS for production)
cd deploy && ./deploy.shImportant: The project has two Dockerfiles for different purposes:
deploy/Dockerfile— Full build (frontend + backend embedded), for self-hostingarthas-server/Dockerfile— Backend only (no frontend), for HF Spaces relay deployment
Full guide: Self-Hosting Documentation
cd arthas-server
go mod tidy
go run -tags dev cmd/server/main.goServer starts at http://localhost:8080, WebSocket endpoint: ws://localhost:8080/ws
cd arthas-client
npm install
npm run devFrontend starts at http://localhost:5173
cd arthas-cli
go build -o arthas-cli ./cmd/arthas-cli/
# Create a room
./arthas-cli create --server ws://localhost:8080/ws --name Alice
# Join a room (using the share code from create output)
./arthas-cli join <share_code> --server ws://localhost:8080/ws --name BobThe CLI is a standalone Go binary implementing the same E2EE protocol as the web client – fully interoperable.
arthas/
├── arthas-client/ # Web frontend (React + TypeScript)
├── arthas-server/ # Backend relay server (Go)
├── arthas-cli/ # CLI client (standalone Go binary)
├── packages/openclaw-channel/ # OpenClaw AI agent channel plugin (TypeScript)
├── deploy/ # Self-hosting infrastructure (Docker + Caddy)
├── website/ # Project website (Astro + Starlight)
└── official_doc/ # User documentation
| Document | Description |
|---|---|
| Architecture | System design, modules, data flow |
| Self-Hosting | Tier 1/2/3 deployment guides |
| Protocol | WebSocket message format specification |
| Security | E2EE design, trust model, threat analysis |
| CLI Guide | Terminal client usage |
| OpenClaw Channel | AI Agent E2EE plugin |
| Development | Local dev setup, code structure |
| Configuration | All configurable parameters |
v1.2.2 — Feature Complete + Production Ready (2026-06-02)
All planned features implemented: E2EE chat • encrypted file sharing • encrypted voice messages • QR code sharing • room expiry • reply & reactions • password protection • self-destruct messages • Ed25519 signatures • CLI client • AI Agent channel • i18n • self-hosted deployment (3 tiers).
See Roadmap for future plans.
Contributions are welcome! Please read the Contributing Guide for details on the development workflow, coding standards, and how to submit pull requests.