Kapnet Encrypted Coordination Stack
- title: Kapnet Encrypted Coordination Stack — Protocol Integrationtype: architectureversion: “0.1.0”date: 2026-06-10tags: [encrypted, whitenoise, agentnoise, cryptpad, bitchat, mls, protocol]
- Kapnet Encrypted Coordination Stack
title: Kapnet Encrypted Coordination Stack — Protocol Integration type: architecture version: “0.1.0” date: 2026-06-10 tags: [encrypted, whitenoise, agentnoise, cryptpad, bitchat, mls, protocol]
Kapnet Encrypted Coordination Stack
Thesis
Encrypted group chat, document collaboration, and peer-to-peer messaging are not separate products to integrate. They are native Kapnet protocols that emerge from the same TXXM substrate. Cryptpad is subsumed by Sheet TXXMs. Whitenoise is subsumed by KOR-scoped MLS groups. BitChat is subsumed by direct TXXM exchange.
Protocol Stack
LAYER 5: APPLICATION
├── Encrypted Group Chat (KOR rooms)
├── Collaborative Documents (Sheet TXXMs)
├── P2P Messaging (direct TXXM)
└── File Sharing (Blob TXXMs)
LAYER 4: ENCRYPTION
├── MLS (Messaging Layer Security) via Whitenoise/Marmot
├── ECIES (Elliptic Curve Integrated Encryption) for 1:1
└── KOR-scoped key derivation
LAYER 3: COORDINATION
├── TXXM envelopes (atomic civil acts)
├── KOR namespaces (tenant isolation)
├── Braid ordering (concurrent history)
└── Session TXXM (agent-operator binding)
LAYER 2: TRANSPORT
├── Nostr relays (kind-30078 TXXM envelopes)
├── Direct WebSocket (agentnoise bridge)
└── BitChat-style P2P (future)
LAYER 1: IDENTITY
├── npub/nsec keypairs
├── KOR-scoped derived keys
└── AUTH level (0-7)
Component Integration
Whitenoise → KOR Encrypted Chat
Whitenoise provides MLS group messaging over Nostr. Kapnet subsumes this by making each KOR room a Whitenoise group:
KOR Room Creation:
1. Operator publishes KOR-announcement TXXM
2. KOR state includes MLS group parameters
3. Members receive group key via membership TXXM
4. All chat messages are kind-30078 TXXMs with MLS-encrypted content
5. Messages are ordered in the KOR's braid
The key insight: chat messages ARE TXXMs. They’re not separate from the coordination protocol — they ARE the coordination protocol. A chat message in a KOR room is a TXXM with type chat, encrypted with the KOR’s MLS key, ordered in the KOR’s braid.
Agentnoise → Operator Bridge
Agentnoise provides the bridge between phone (Whitenoise) and local agents. Kapnet uses this for the operator interface:
Operator Flow:
1. Operator opens Whitenoise on phone
2. Sends command to KOR room (encrypted TXXM)
3. Agentnoise bridge receives via WebSocket
4. Bridge forwards to local Hermes agent
5. Agent processes command, submits response TXXM
6. Response encrypted with KOR key, published to relay
7. Operator reads response on Whitenoise
The agentnoise bridge is the control surface — it translates between the encrypted chat protocol and the local agent’s IPC.
Cryptpad → Sheet TXXM
Cryptpad’s document collaboration is subsumed by Sheet TXXMs:
Document Flow:
1. Document = Sheet TXXM with schema { columns, rows }
2. Edit = Append new row TXXM (encrypted with KOR key)
3. Real-time sync = Nostr subscription to sheet TXXM updates
4. Version history = Braid ordering of all edit TXXMs
5. Permissions = KOR scope + AUTH level
6. Export = TXXM serialization (JSON or binary)
The document IS the braid. Every edit is a TXXM. History is preserved. Encryption is KOR-scoped.
BitChat → Direct TXXM
BitChat-style peer-to-peer messaging is direct TXXM exchange without relay:
P2P Flow:
1. Alice and Bob exchange npubs (via any channel)
2. Alice creates TXXM with ECIES-encrypted content for Bob
3. TXXM transmitted via any channel (Bluetooth, LAN, Nostr, etc.)
4. Bob decrypts with his nsec
5. Both maintain local braid of exchanged TXXMs
This is the fallback when relays are unavailable. Same TXXM format, different transport.
Encrypted Note Format
Encrypted notes on Nostr use a specific TXXM format:
{
"type": "encrypted-note",
"version": "1.0",
"kor": "<kor-namespace>",
"encryption": {
"protocol": "mls|kor-ecies",
"key_id": "<key-identifier>",
"ciphertext": "<base64-encrypted-content>",
"nonce": "<base64-nonce>"
},
"access": {
"min_tier": "observer|member|maintainer|operator",
"min_auth": 0-7
},
"content_hint": "<plaintext-hint-for-discovery>",
"group_invite": {
"group_id": "<whitenoise-group-id>",
"key_material": "<encrypted-mls-key>",
"transport": "nostr|direct"
}
}
Access Gradient (Encrypted)
FREE (kind-1, public):
→ Read public explainers, wiki, Magnus
→ No encryption, no identity required
IDENTIFIED (kind-30078, npub):
→ Follow Ambassador, receive public TXXMs
→ npub identity, no payment
COMMUNITY (kind-30078, KOR-encrypted):
→ Join KOR room, receive MLS group key
→ Read encrypted TXXMs in KOR braid
→ Participate in encrypted group chat
→ 10,000 sats/mo or Hedlbit burn
PAYING (kind-30078, KOR-encrypted + governance):
→ All community privileges
→ Governance weight (1x/5x/25x)
→ Treasury access (Operator tier)
→ Revenue share (Maintainer+)
Implementation Priority
Phase 1: KOR Encrypted Chat (Now)
- Define KOR room TXXM format with MLS group parameters
- Publish KOR-announcement TXXMs for sys.pluronymous.org
- Members receive group key via membership TXXM
- Chat messages are encrypted TXXMs in KOR braid
Phase 2: Agent-Operator Bridge (Mac Mini)
- Deploy agentnoise bridge on Mac Mini
- Operator uses Whitenoise on phone → agentnoise → local Hermes
- Commands are TXXMs, responses are TXXMs
- Full encrypted control surface
Phase 3: Document Collaboration (Mac Mini)
- Sheet TXXM schema for documents
- Real-time sync via Nostr subscription
- KOR-scoped encryption for private documents
- Version history via braid ordering
Phase 4: P2P Messaging (Future)
- Direct TXXM exchange without relay
- ECIES encryption for 1:1
- Bluetooth/LAN transport option
- Same TXXM format, different transport
Write a comment