Human to human messaging with biometric auth. Every action — signup, login, and sending messages — requires WebAuthn passkey verification (Touch ID, Face ID, Windows Hello, or a hardware security key).
Sending a message requires WebAuthn verification:
Email-style thread view with passkey-verified replies:
npm installnpm run devOpen http://localhost:3000. Passkey auth works on localhost without HTTPS.
To test between your computer and phone, you need an HTTPS tunnel. Passkeys require a secure origin.
-
Install cloudflared:
brew install cloudflared
-
Start the tunnel:
cloudflared tunnel --url http://localhost:3000
This prints a URL like
https://some-words.trycloudflare.com. -
In a separate terminal, start the server with the tunnel's domain:
RP_ID=some-words.trycloudflare.com ORIGIN=https://some-words.trycloudflare.com npm run tunnel
npm run tunnelbuilds for production first — required because dev mode's hot-reload breaks through tunnels. -
Open the tunnel URL on both devices. Register a different account on each, then message between them.
Note:
RP_IDandORIGINtell WebAuthn which domain the passkeys belong to. They must match the tunnel URL exactly. Each timecloudflaredrestarts, you get a new random domain — passkeys registered on the old domain won't work, so you'll need to re-register accounts. To avoid this, use a stable tunnel domain (e.g. a free ngrok account or a named Cloudflare Tunnel).