Explicit transport families with one encrypted data contract.
The transport can change, but the security boundary does not. Noise protects RPC/data payloads; signaling and path setup stay transport-specific.
Back homeThree paths. One encryption contract.
USB, WebRTC, or WSS Relay are explicit transport families. WSS Relay + Noise XX is the Mobile MVP baseline, and Noise protects RPC/data payloads on the selected path.
Direct cable
Wired connection with no network stack. If the cable fails, the system does not silently fall back to a network path.
Network channel
Target primary network transport. Uses DTLS + ICE for path setup, then carries Noise-protected data; Mobile MVP may use WSS-only until the WebRTC PoC is accepted.
Deterministic fallback
The relay forwards opaque bytes. MVP baseline for mobile. The relay is transport, not trust.
How it works
The transport changes. The security boundary does not.
Choose a path
USB, WebRTC, or WSS relay is selected explicitly for the current release and environment.
Establish Noise
The selected path negotiates the approved Noise pattern before RPC/data payloads move.
Keep the boundary visible
The phone stays the source of truth while the desktop stays a thin client.
Security boundaries
USB is wired
A cable path does not silently fall back to the network stack.
WebRTC is peer-to-peer
When the WebRTC path is enabled, it uses DTLS + ICE for setup before RPC/data payloads move through Noise.
Relay is transport, not trust
WSS relay forwards opaque bytes and is treated as fallback only.
Limits and scope
The page describes the current transport contract, not every possible transport.
- Only the defined transport families are part of the public scope.
- The relay is a fallback, not a trust anchor.
- Noise is required for RPC/data payloads on every approved path.
Keep the remote path explicit, regardless of transport.
USB, WebRTC, and relay keep the same Noise-protected data boundary.