Skip to content

kamune-org/kamune

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

304 Commits
assets
assets
 
 
cmd
cmd
 
 
docs
docs
 
 
internal
internal
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
.golangci.yaml
.golangci.yaml
 
 
AGENTS.md
AGENTS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SPEC.md
SPEC.md
 
 
conn.go
conn.go
 
 
conn_test.go
conn_test.go
 
 
dial.go
dial.go
 
 
errors.go
errors.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handshake.go
handshake.go
 
 
handshake_test.go
handshake_test.go
 
 
intro.go
intro.go
 
 
intro_test.go
intro_test.go
 
 
kamune.go
kamune.go
 
 
routes.go
routes.go
 
 
routes_test.go
routes_test.go
 
 
serde.go
serde.go
 
 
server.go
server.go
 
 
transport.go
transport.go
 
 
version.go
version.go
 
 
version_test.go
version_test.go
 
 

Repository files navigation

Kamune

Go version Go Report Card GitHub release License

Communication over untrusted networks.

Kamune provides Ed25519_MLKEM768_ChaCha20-Poly1305X security suite.

demo

Note

This is an experimental project. All suggestions and feedback are welcome and greatly appreciated.

Features

  • Message signing and verification using Ed25519
  • Encrypted handshake using HPKE (RFC 9180)
  • Ephemeral, quantum-resistant key encapsulation with ML-KEM-768, providing Forward secrecy.
  • End-to-End, bidirectional symmetric encryption using ChaCha20-Poly1305X
  • Key derivation via HKDF-SHA512 (HMAC-based extract-and-expand)
  • Lightweight, custom protocol implemented in both TCP and UDP for minimal overhead and latency
  • Real-time, instant messaging over socket-based connection
  • Direct peer-to-peer communication, with optional relay fallback
  • Protobuf for fast, compact binary message encoding

Modules

Directory Purpose Description
. (root) Core library Protocol, transport, cipher suite, session management, router, and storage abstraction
cmd/bus/ Desktop GUI client Wails + Svelte desktop app with relay transport UI, session management, and encrypted history
cmd/relay/ Relay server Stateless blind relay that routes encrypted sessions between peers without decrypting traffic — supports WebSocket, TCP, and TLS
cmd/daemon/ JSON-over-stdio daemon Headless IPC wrapper for integrating kamune into external applications
cmd/tui/ Terminal chat client Interactive Bubble Tea TUI with direct TCP, relay, peer verification (emoji/hex fingerprint), and chat history browsing

Roadmap

  • Application-level ping/pong keep-alive
  • Client-side minor version warning — surface the core warning to users in clients
  • Generate connection QR code in clients
  • OS keychain integration (replace env var passphrase)
  • Session resumption — reconnect without full re-handshake
  • Chunked reads/writes for large messages
  • Key rotation
  • NAT traversal / hole punching
  • Custom encoding protocol (replace Protobuf)
  • QUIC, WebRTC, or other transport protocols
  • Messaging Layer Security (MLS) / group chats
  • Android/iOS native applications

How does it work?

Communication happens in three phases:

  1. Exchange — Parties agree on an HPKE shared secret to encrypt the handshake.
  2. Handshake — Ephemeral ML-KEM-768 key exchange, session ID derivation, and mutual challenge-response verification.
  3. Communication — Signed, encrypted, and sequenced message frames with replay protection.

For a comprehensive technical specification, see SPEC.md.

Cipher Suite Architecture
Handshake flow diagram Handshake Flow

About

Communication over untrusted networks

Topics

ed25519 chacha20-poly1305 realtime-messaging p2p-chat end-to-end-encryption hpke wails ml-kem hkdf-sha512

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

Kamune v0.4.0 Latest
Jun 3, 2026
+ 1 release

Contributors

Languages