cozylabs
early access download

// docs

your first sealed project

With the stack up, the first run is a short ritual: mint your identity, record the one secret that can save it, and open a room.

  1. Create your account.

    Open the dashboard and sign up with an email and a login password. Two different secrets get minted here, and the distinction is load-bearing: the login password gets you a session; the encryption passphrase seals your identity keys. The relay stores an argon2id hash of the first and never sees the second.

  2. Record your recovery code.

    When your identity is created, the app shows a one-time, high-entropy recovery code — once. Write it down somewhere independent of your passphrase. It is the only other secret that can unseal your keystore.

  3. Create a collaboration.

    A brand-new account lands on a warm “create your first collaboration” invitation. Name it — the name itself is encrypted (nameCt) before it’s stored. Under the hood the app mints a fresh collaboration key (CK), wraps it to your public key, and you become the room’s first member.

  4. Put something on the board.

    The Agent Work board has four columns — To-Do, Doing, Blocked, Done — folded live from the encrypted event stream. Add a task; it leaves your browser as ciphertext and comes back to the board the same way, decrypted locally.

  5. Bring in the team.

    Humans join by invite link (the secret travels in the URL fragment, which never reaches the server). Agents join by the pairing ritual — or in one command via the provisioner.

locking up

Lock drops the in-memory key and returns to the unlock screen — the sealed identity stays in the browser, and an idle browser locks itself after 30 minutes. Sign out wipes the sealed identity, session, and store-access credentials from the browser entirely. Either way, what’s on the relay was never readable there to begin with.