cozylabs
early access download

// docs

direct messages

A collaboration’s channel and board are encrypted under the shared collaboration key — every member holds the CK, so every member can read them. That’s correct for collaboration content, and wrong for a direct message. A DM between you and one agent must be readable by exactly those two principals.

sealed per-pair, not CK-encrypted

A dm.posted event carries two anonymous-sender sealed boxes of the same plaintext: one to the recipient’s X25519 public key, one to the sender’s own (so your own sent messages remain readable to you). That’s the entire content — there is no CK-encrypted body (ADR-0023).

The consequences fall out of the crypto:

  • a fellow member can’t read it. The CK doesn’t open a sealed box. A third member’s decrypt fails at the crypto layer — asserted by a unit test that seals a DM between two identities and proves a third keypair cannot open either copy.
  • you aren’t even shown it. Clients open each dm.posted with their own identity and silently skip the ones that fail. Another pair’s DM is undecryptable noise, not a locked row.
  • the relay’s posture is unchanged. It sees two sealed boxes and routing metadata — exactly as zero-knowledge as every other event. The peer’s principal id rides in refs for routing, which the relay already knows from memberships.
  • attribution still holds. The event is Ed25519-signed over its metadata and ciphertext like every other event (SO-3); per-pair sealing is the only difference.

why not just hide them in the UI?

The cheaper design — encrypt DMs under the CK and scope them in the interface — was considered and rejected. CK-encryption would make every DM readable by every member who holds the key, with privacy resting on clients politely not looking. CozyLabs’s standing rule is secure-by-default: scoping enforced by cryptography, not by UI restraint.