One encrypted contract across USB, WebRTC, and WSS.
The transport changes, but the security boundary does not. Noise XX stays mandatory on every path.
Back homeThree paths. One encryption contract.
USB, WebRTC, or WSS Relay + Noise XX - pick the transport that fits your environment. Noise XX is mandatory on every path.
Direct cable
Wired connection with no network stack. If the cable fails, the system does not silently fall back to a network path.
Network channel
Primary network transport. Uses DTLS + ICE for path setup, then wraps data in Noise.
Deterministic fallback
The relay forwards opaque bytes. MVP baseline for mobile. The relay is transport, not trust.
How it works
The transport changes. The security boundary does not.
Choose a path
USB, WebRTC, or WSS relay is selected based on the environment.
Establish Noise XX
Every path negotiates the same encryption contract before data moves.
Keep the boundary visible
The phone stays the source of truth while the desktop stays a thin client.
Security boundaries
USB is wired
A cable path does not silently fall back to the network stack.
WebRTC is peer-to-peer
The network path uses DTLS + ICE before data is wrapped in Noise.
Relay is transport, not trust
WSS relay forwards opaque bytes and is treated as fallback only.
Limits and scope
The page describes the current transport contract, not every possible transport.
- Only the defined transport families are part of the public scope.
- The relay is a fallback, not a trust anchor.
- Noise XX is required on every path.
Keep the remote path explicit, regardless of transport.
USB, WebRTC, and relay all share the same Noise XX boundary.