中文 | English
E2EE ephemeral chat – create a room, share the key, chat securely, everything disappears.
A minimalist end-to-end encrypted chat application. Create a temporary room, generate a unique key to share with your peers, and all messages are encrypted end-to-end. The server only relays ciphertext – it cannot read any chat content. No signup required, open and use.
Create a room, share the key, chat securely — everything disappears.
- 🌐 Live Demo: arthas-blush.vercel.app
- 📖 Project Website: michaelwang123.github.io/arthas
- 🔒 End-to-End Encryption – AES-256-GCM + Ed25519 signatures, server has zero knowledge
- ⚡ Real-time Communication – WebSocket full-duplex, instant message delivery
- 📎 Encrypted File Sharing – Chunked encryption, image thumbnails, drag & drop upload
- 🎤 Encrypted Voice Messages – Push-to-Talk recording, Opus encoding, fully encrypted
- 📱 QR Code Sharing – Scan to join, no manual code entry needed
- ⏰ Room Expiry – Set validity period (1h/24h/7d), auto-destroy when expired
- 🔑 Key as Invitation – One string contains both room address and decryption key
- 🗑️ Self-Destruct Messages – Optional auto-disappear (10s/30s/60s/5min), client-side only
- 💬 Reply & Reactions – Quote replies + emoji reactions, all encrypted
- 🔐 Room Password – Optional password protection against unauthorized access
- ✍️ Ed25519 Signatures – Tamper detection, receiver can verify sender identity
- 🤖 AI Agent Channel – OpenClaw plugin for E2EE AI conversations, server sees nothing
- 🖥️ CLI Client – Standalone Go binary, create/join encrypted rooms from terminal
- 🧩 Chrome Extension – E2EE chat in browser toolbar popup, same protocol as web/CLI
- 🌐 i18n – English / Chinese / Japanese, auto-detects browser language
- 🌐 Arthas Hub – Public room directory, browse & join rooms without sharing codes
- 🚫 No Signup – No accounts, open and use immediately
- 🏠 Self-Hostable – Single binary zero-dependency, or Docker Compose with auto HTTPS
Key design principles:
- Zero Knowledge — Server is a blind relay, never sees plaintext
- Same Protocol — Web, CLI, and AI Agent use identical E2EE (fully interoperable)
- Binary Protocol — MessagePack ciphertext transport, efficient and compact
| Layer | Scheme | Purpose |
|---|---|---|
| Transport | WSS (TLS 1.3) | Protect metadata in transit |
| Application | AES-256-GCM | End-to-end message encryption |
| Authentication | Ed25519 | Message signature verification |
| Layer | Technology | Purpose |
|---|---|---|
| Crypto | Web Crypto API | AES-256-GCM E2EE, native hardware acceleration |
| Frontend | React 18 + TypeScript | Component-based UI, type-safe |
| State | Zustand | Minimal state management |
| Styling | Tailwind CSS | Utility-first CSS |
| Build | Vite 6 | ESBuild pre-bundling, sub-second HMR |
| Protocol | WebSocket (WSS/TLS 1.3) | Full-duplex real-time, TLS transport encryption |
| Serialization | MessagePack | Binary encoding, 30-50% smaller than JSON |
| Backend | Go 1.23 + gorilla/websocket | Goroutine concurrency, pure message relay |
| Deploy | Vercel + HF Spaces (Docker) | Frontend/backend split, zero-cost start |
| Self-Host | Go embed + Caddy + Docker | Single binary or Docker Compose, one-click deploy |
# Tier 1: Single binary (all-in-one, recommended)
./arthas-server-all-linux-amd64 --port 8080
# Tier 2: Docker (pre-built image from GHCR)
docker run -d -p 8080:8080 ghcr.io/michaelwang123/arthas:latest
# Tier 3: Docker Compose (auto HTTPS for production)
cd deploy && ./deploy.sh
# Tier 4: One-command scaffolding (interactive setup)
npx @arthas-chat/create-arthasImportant: The project has two Dockerfiles for different purposes:
deploy/Dockerfile— Full build (frontend + backend embedded), for self-hostingarthas-server/Dockerfile— Backend only (no frontend), for HF Spaces relay deployment
Full guide: Self-Hosting Documentation
cd arthas-server
go mod tidy
go run -tags dev cmd/server/main.goServer starts at http://localhost:8080, WebSocket endpoint: ws://localhost:8080/ws
cd arthas-client
npm install
npm run devFrontend starts at http://localhost:5173
cd arthas-cli
go build -o arthas-cli ./cmd/arthas-cli/
# Create a room
./arthas-cli create --server ws://localhost:8080/ws --name Alice
# Join a room (using the share code from create output)
./arthas-cli join <share_code> --server ws://localhost:8080/ws --name BobThe CLI is a standalone Go binary implementing the same E2EE protocol as the web client – fully interoperable.
E2EE chat directly from the browser toolbar — build once, load as unpacked extension.
cd arthas-extension
npm install
npm run buildLoad arthas-extension/dist/ as an unpacked extension in chrome://extensions/ (Developer mode). Configure the server URL in Settings, then create or join encrypted rooms from the toolbar popup. Same E2EE protocol — interoperable with web app and CLI.
Full guide: Chrome Extension Documentation
Arthas Hub lets room creators opt-in to listing their rooms publicly. Visitors can browse, search, and join public rooms without needing a share code.
As a room creator:
- On the Home page, toggle "🌐 List in Arthas Hub (public)"
- Set a title, optional description, and tags
- Click "Create Room" — your room appears in the Hub directory
As a visitor:
- Click "🌐 Browse Public Rooms" on the Home page
- Browse the Hub directory (search by keyword, filter by tag)
- Pick a room, enter your nickname, click "Join"
- You're in — messages are still E2EE encrypted
Security note: Public rooms deliberately expose their encryption key so anyone can join. For access control, set a password — the room shows 🔒 in Hub and requires the password to enter.
arthas/
├── arthas-client/ # Web frontend (React + TypeScript)
├── arthas-server/ # Backend relay server (Go)
├── arthas-cli/ # CLI client (standalone Go binary)
├── arthas-extension/ # Chrome extension (React + Manifest V3)
├── packages/openclaw-channel/ # OpenClaw AI agent channel plugin (TypeScript)
├── deploy/ # Self-hosting infrastructure (Docker + Caddy)
├── website/ # Project website (Astro + Starlight)
└── official_doc/ # User documentation
| Document | Description |
|---|---|
| Architecture | System design, modules, data flow |
| Self-Hosting | Tier 1/2/3 deployment guides |
| Protocol | WebSocket message format specification |
| Security | E2EE design, trust model, threat analysis |
| CLI Guide | Terminal client usage |
| Chrome Extension | Browser extension build & usage |
| create-arthas | One-command self-hosted deployment |
| OpenClaw Channel | AI Agent E2EE plugin |
| Development | Local dev setup, code structure |
| Configuration | All configurable parameters |
v1.2.2 — Feature Complete + Production Ready (2026-06-02)
All planned features implemented: E2EE chat • encrypted file sharing • encrypted voice messages • QR code sharing • room expiry • reply & reactions • password protection • self-destruct messages • Ed25519 signatures • CLI client • AI Agent channel • Arthas Hub • i18n • self-hosted deployment (3 tiers).
See Roadmap for future plans.
Contributions are welcome! Please read the Contributing Guide for details on the development workflow, coding standards, and how to submit pull requests.