{"id":31956351,"url":"https://github.com/profullstack/qryptchat-web","last_synced_at":"2026-03-16T23:31:58.251Z","repository":{"id":293853648,"uuid":"985295562","full_name":"profullstack/qryptchat-web","owner":"profullstack","description":"Quantum-safe end-to-end encrypted chat.","archived":false,"fork":false,"pushed_at":"2025-10-03T23:29:39.000Z","size":2609,"stargazers_count":8,"open_issues_count":8,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-04T00:12:23.727Z","etag":null,"topics":["chat","encrypted","hacktoberfest","messaging","quantum","voice"],"latest_commit_sha":null,"homepage":"https://qrypt.chat","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/profullstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-17T13:16:07.000Z","updated_at":"2025-10-03T23:29:42.000Z","dependencies_parsed_at":"2025-08-23T15:30:34.889Z","dependency_job_id":"1b024cdf-5575-4483-a342-d442777fb34c","html_url":"https://github.com/profullstack/qryptchat-web","commit_stats":null,"previous_names":["profullstack/e2ee-chat"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/profullstack/qryptchat-web","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/profullstack%2Fqryptchat-web","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/profullstack%2Fqryptchat-web/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/profullstack%2Fqryptchat-web/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/profullstack%2Fqryptchat-web/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/profullstack","download_url":"https://codeload.github.com/profullstack/qryptchat-web/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/profullstack%2Fqryptchat-web/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279019140,"owners_count":26086685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chat","encrypted","hacktoberfest","messaging","quantum","voice"],"created_at":"2025-10-14T14:48:37.850Z","updated_at":"2025-10-14T14:50:05.681Z","avatar_url":"https://github.com/profullstack.png","language":"JavaScript","readme":"# 🔐 QryptChat\n\n**Quantum-Resistant End-to-End Encrypted Messaging**\n\nA secure, privacy-focused chat application built with post-quantum cryptography to protect against both classical and quantum computer attacks.\n\n## ✨ Features\n\n### 🛡️ Quantum-Resistant Security\n- **ML-KEM-1024 Post-Quantum Cryptography** - FIPS 203 compliant quantum-safe encryption\n- **ChaCha20-Poly1305 Symmetric Encryption** - Fast, secure message encryption\n- **End-to-End Encryption** with client-side key management and zero server access\n- **Perfect Forward Secrecy** with automatic key rotation and secure key derivation\n- **Zero-Knowledge Architecture** - your private keys never leave your device\n- **Private Key Import/Export** - Secure backup with password and GPG protection\n\n### 📱 Progressive Web App\n- **Cross-Platform**: Works on iOS, Android, Desktop, and Web browsers\n- **Offline Support**: Queue messages when offline, sync when reconnected\n- **Desktop Integration**: Install as native app with system shortcuts\n- **Mobile Optimized**: Touch-friendly interface with gesture support\n- **Service Worker**: Background sync and caching for optimal performance\n\n### 🚀 Real-Time Communication \u0026 Sync\n- **WebSocket Real-Time** - Instant message delivery and status updates\n- **Cross-Device Sync** - Seamless experience across all logged-in devices\n- **Multi-Session Support** - Stay connected on multiple devices simultaneously\n- **Live Typing Indicators** - See when others are composing messages\n- **Online Presence System** - Real-time availability status\n- **Message Delivery Status** - Sent, delivered, and read receipts\n- **Auto-Reconnection** - Robust connection handling with automatic retry\n\n### 👥 Social \u0026 Communication Features\n- **SMS Phone Verification** - Secure onboarding via Twilio integration\n- **Contact Discovery** - Find friends using verified phone numbers\n- **Encrypted File Sharing** - Share photos, videos, and documents securely\n- **Enhanced Video Player** - In-app video playback with diagnostic tools\n- **Message Archiving** - Archive and restore conversation history\n- **Disappearing Messages** - Auto-delete messages after specified time periods\n- **Voice \u0026 Video Calls** - End-to-end encrypted calls with ML-KEM key exchange\n\n### 🌍 Accessibility \u0026 Internationalization\n- **Multi-Language Support** - 6 languages (EN, ES, FR, DE, AR, ZH) with easy switching\n- **RTL Support** - Full right-to-left language support for Arabic and Hebrew\n- **Dark/Light Themes** - System preference detection with manual override\n- **Responsive Design** - Optimized for all screen sizes from mobile to desktop\n- **Keyboard Navigation** - Full accessibility support for screen readers\n\n## 🏗️ Tech Stack\n\n| Layer | Technology | Purpose |\n|-------|------------|---------|\n| **Frontend** | SvelteKit 5 + Svelte 5 | Reactive UI framework with runes |\n| **Styling** | Vanilla CSS + Custom Properties | Modern design system with themes |\n| **Database** | Supabase PostgreSQL | User data, messages, and file storage |\n| **Real-time** | Custom WebSocket + Supabase Realtime | Live message delivery \u0026 presence |\n| **Auth** | Custom SMS + Supabase Auth | Phone-based verification system |\n| **SMS** | Twilio | SMS verification and notifications |\n| **Crypto** | ML-KEM-1024 + ChaCha20-Poly1305 | Post-quantum encryption (FIPS 203) |\n| **Key Exchange** | ML-KEM (Kyber) + Dilithium | Quantum-resistant key management |\n| **File Encryption** | Multi-recipient PQ encryption | Secure file sharing with metadata |\n| **PWA** | Vite PWA Plugin + Service Worker | Offline-first with background sync |\n| **I18n** | Custom Svelte Store | Multi-language with RTL support |\n| **WebRTC** | Native WebRTC + ML-KEM | Encrypted voice/video calls |\n| **Testing** | Vitest + Custom Test Suite | Comprehensive crypto and integration tests |\n\n## 🚀 Quick Start\n\n### Prerequisites\n- Node.js 20+ (recommended)\n- pnpm (recommended) or npm\n- Supabase account\n- Twilio account (for SMS verification)\n\n### Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/yourusername/qryptchat.git\ncd qryptchat\n\n# Install dependencies\npnpm install\n\n# Set up environment variables\ncp .env.example .env\n# Edit .env with your Supabase and Twilio credentials\n\n# Run Supabase migrations (if using local Supabase)\npnpx supabase db reset\n\n# Start development server\npnpm dev\n```\n\nThe app will be available at `http://localhost:8080` (or the PORT specified in your .env file).\n\n### Environment Variables\n\n```env\n# Development\nPORT=8080\n\n# Supabase\nPUBLIC_SUPABASE_URL=your_supabase_url\nPUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key\nSUPABASE_SERVICE_ROLE_KEY=your_service_role_key\n\n# Twilio (for SMS verification)\nTWILIO_ACCOUNT_SID=your_twilio_sid\nTWILIO_AUTH_TOKEN=your_twilio_token\nTWILIO_PHONE_NUMBER=your_twilio_phone\n\n# App\nPUBLIC_APP_URL=http://localhost:8080\n```\n\n### Using Production API in Local Development\n\nIf you want to run the frontend locally while connecting to your production Supabase instance (useful for testing or development without setting up a local database), follow these steps:\n\n#### 1. Get Production Credentials\n\nFrom your Supabase project dashboard:\n- Navigate to **Settings** → **API**\n- Copy your **Project URL** (e.g., `https://xxxxx.supabase.co`)\n- Copy your **anon/public key**\n- Copy your **service_role key** (keep this secure!)\n\n#### 2. Configure Environment Variables\n\nUpdate your `.env` file with production values:\n\n```env\n# Point to production Supabase\nPUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co\nPUBLIC_SUPABASE_ANON_KEY=your_production_anon_key\nSUPABASE_SERVICE_ROLE_KEY=your_production_service_role_key\n\n# Keep local development settings\nPORT=8080\nPUBLIC_APP_URL=http://localhost:8080\nNODE_ENV=development\n\n# Production Twilio credentials (if testing SMS)\nTWILIO_ACCOUNT_SID=your_production_twilio_sid\nTWILIO_AUTH_TOKEN=your_production_twilio_token\nTWILIO_PHONE_NUMBER=your_production_twilio_phone\n```\n\n#### 3. Important Considerations\n\n⚠️ **Security Warnings:**\n- Never commit production credentials to version control\n- Use production credentials only in secure local environments\n- Consider using a separate \"staging\" Supabase project for development\n- Be cautious when testing features that modify production data\n\n💡 **Best Practices:**\n- Test destructive operations on a staging environment first\n- Use Row Level Security (RLS) policies to protect production data\n- Monitor your Supabase dashboard for unexpected activity\n- Consider creating a separate test user account for development\n\n#### 4. Verify Connection\n\nStart your development server:\n\n```bash\npnpm dev\n```\n\nThe app should now connect to your production Supabase instance. You can verify by:\n- Checking the browser console for connection logs\n- Attempting to sign in with a production account\n- Monitoring the Supabase dashboard for API requests\n\n#### 5. Switching Back to Local Development\n\nTo switch back to local Supabase:\n\n```bash\n# Start local Supabase\npnpx supabase start\n\n# Update .env with local credentials\nPUBLIC_SUPABASE_URL=http://localhost:54321\nPUBLIC_SUPABASE_ANON_KEY=your_local_anon_key\nSUPABASE_SERVICE_ROLE_KEY=your_local_service_role_key\n```\n\n## 🔒 Security Model\n\nQryptChat implements a **zero-knowledge post-quantum architecture** where:\n\n- 🔐 **ML-KEM-1024 + ChaCha20-Poly1305** - FIPS 203 compliant post-quantum encryption\n- 🗝️ **Private keys never leave your device** - Stored encrypted in IndexedDB\n- 🔄 **Perfect forward secrecy** - Automatic key rotation with secure derivation\n- 🛡️ **Quantum-resistant algorithms** - Protection against both classical and quantum attacks\n- 🕵️ **Metadata protection** - Minimal server-side data with encrypted message content\n- 🔑 **Multi-recipient encryption** - Each participant gets individually encrypted messages\n- 💾 **Secure key backup** - Password-protected export with optional GPG encryption\n- 🔍 **Key verification** - Cryptographic signatures ensure key authenticity\n\n## 📚 Documentation\n\n- [🏗️ Architecture Overview](./ARCHITECTURE.md)\n- [🔒 Encryption Details](./ENCRYPTION.md)\n\n## 🧪 Development\n\n```bash\n# Start development server\npnpm dev\n\n# Run tests\npnpm test\n\n# Run tests with UI\npnpm test:ui\n\n# Build for production\npnpm build\n\n# Preview production build\npnpm preview\n\n# Lint code\npnpm lint\n\n# Format code\npnpm format\n```\n\n## 🛣️ Roadmap\n\n### ✅ Completed (v1.0.0)\n- [x] 🏗️ **Core Infrastructure** - SvelteKit + Vite + PWA setup\n- [x] 🎨 **Modern UI/UX** - Responsive design with dark/light themes\n- [x] 🌍 **Internationalization** - 6 languages with RTL support\n- [x] 📱 **Progressive Web App** - Offline-first with service worker\n- [x] 🔐 **Authentication System** - Phone-based SMS verification\n- [x] 🗄️ **Database Schema** - Complete Supabase setup with RLS\n- [x] 🔄 **Real-time Foundation** - WebSocket infrastructure ready\n- [x] 💬 **Core Messaging** - Send/receive messages with post-quantum encryption\n- [x] 🔄 **Cross-Device Sync** - Real-time synchronization across devices\n- [x] 👥 **Contact System** - Add and manage contacts via phone numbers\n- [x] 📊 **Presence System** - Online/offline status indicators\n- [x] 🔐 **Post-Quantum Encryption** - ML-KEM-1024 + ChaCha20-Poly1305 implementation\n- [x] 📁 **File Sharing** - Encrypted media and document sharing with video playback\n- [x] 🎥 **Voice \u0026 Video** - End-to-end encrypted calls with ML-KEM key exchange\n- [x] 🔑 **Key Management** - Private key import/export with password protection\n- [x] 🗂️ **Message Archiving** - Archive and restore conversations\n- [x] ⏰ **Disappearing Messages** - Auto-delete messages after specified time\n- [x] 🔔 **Real-time Notifications** - Live message delivery and status updates\n\n### 🚧 In Progress (v1.1.0)\n- [ ] 👥 **Group Chats** - Multi-user conversations (basic implementation exists)\n- [ ] 🔍 **Message Search** - Full-text search across conversations\n- [ ] 🔔 **Push Notifications** - Cross-platform notification system\n- [ ] 📱 **Mobile App Optimization** - Enhanced PWA features for mobile\n\n### 🎯 Upcoming (v1.2.0+)\n- [ ] 🤖 **AI Integration** - Smart message suggestions and translation\n- [ ] 🌐 **Federation** - Connect with other secure messaging platforms\n- [ ] 📈 **Analytics** - Privacy-preserving usage insights\n- [ ] 🎨 **Customization** - Custom themes and chat backgrounds\n- [ ] 🔐 **Hardware Security** - WebAuthn integration for key storage\n- [ ] 📊 **Advanced Analytics** - Message delivery metrics and insights\n\n### 🔮 Future Vision\n- [ ] 🌍 **Decentralized Network** - P2P messaging without central servers\n- [ ] 🛡️ **Zero-Knowledge Proofs** - Enhanced privacy verification\n- [ ] 🔬 **Quantum Key Distribution** - Hardware-based quantum security\n- [ ] 🤝 **Cross-Platform Protocol** - Universal secure messaging standard\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n\n---\n\n**Built with ❤️ for a quantum-safe future**\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprofullstack%2Fqryptchat-web","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprofullstack%2Fqryptchat-web","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprofullstack%2Fqryptchat-web/lists"}