Nickname identity, a private address book, real-time 1-on-1 chat with images, and peer-to-peer token transfer — built into VBWD, on web and iOS.
MeinChat gives your users a way to find each other by nickname, save contacts, message 1-on-1 with text and image attachments delivered in real time, and send each other platform tokens — without exposing email or phone numbers. It ships as a VBWD plugin (Flask backend, Vue web app, Swift iOS app), runs on your own infrastructure, and rides the same event bus, identity and RBAC as the rest of your platform.
A complete 1-on-1 messaging surface for your users — identity, contacts, real-time conversations and value transfer — with a moderation surface for your admins. No external accounts, no phone numbers.
A public nickname directory with prefix typeahead search and a shareable nickname card. Changing your nickname is free with no cooldown — users are found by handle, not by email or phone.
Each user keeps their own contacts — add, remove, pin and sort. Contacts are per-user and private; no shared global graph.
Text plus image attachments, read receipts, and hard delete on both sides (no tombstone). Conversations auto-create on first message to a nickname.
Messages arrive live over a Server-Sent-Events stream — no polling. No "online dot": last-seen is derived from the last message, by design, not a presence tracker.
Send platform tokens to a contact straight from chat (minimum 1), with a full transfer history. Messaging and the token economy in one surface.
Ban / unban nicknames, inspect any conversation by ID, and audit every token transfer — each behind its own RBAC permission key.
A plugin bundle, not a separate service: the backend plugs into the platform's DI, event bus and RBAC; web and iOS share one REST + streaming surface.
MeinchatPlugin(BasePlugin) — 5 SQLAlchemy models (nickname, contact, conversation, message, transfer), repos + services, flat blueprint, idempotent Alembic migrations and demo seed.
POST /messaging/stream/token mints a 60-min JWT (aud=meinchat-stream); the client opens an EventSource. Live, not polled.
Redis pub/sub broadcasts across gunicorn workers so delivery is consistent under load — with an in-process bus fallback when Redis is unreachable.
Per-user rate limiting on messaging and transfers, plus Redis-bus hardening, keep the surface abuse-resistant.
Routes under /dashboard/messages/*; Pinia stores for nickname, contacts and conversations; a stream composable with token-mint + auto-reconnect.
A separate fe-admin plugin for moderation — nickname table, conversation lookup, transfer audit log — gated by per-action permission keys.
A Swift package in the vbwd-ios app (TestFlight): capability discovery, a Keychain-encrypted local message cache with a 10-day TTL, and retention settings.
Runs in your own containers. Conversations and transfers live in your PostgreSQL; no data leaves your infrastructure.
Most "chat" products are either support widgets (Intercom, Zendesk) or consumer messengers (WhatsApp, Telegram). MeinChat is neither: it's user-to-user direct messaging that lives inside your own platform and settles in your own token economy.
Intercom & co. connect a visitor to your staff. MeinChat connects your users to each other — a social/transactional layer, self-hosted, with no per-seat or per-resolution bill.
WhatsApp/Telegram pull people off your platform into someone else's app. MeinChat keeps the conversation on your brand, your infrastructure, tied to your accounts and identity.
Messaging wired to value. Users find each other by nickname and can move tokens in the same thread — chat and the loyalty economy as one surface.
People connect by nickname, never by exposing email or phone. Contacts are private and per-user — no harvested global social graph.
Self-hosted by design — conversations and transfers stay in your database, your region, your backup policy.
Start with fast, moderatable messaging. Turn on MeinChat Plus where confidentiality matters — same product, end-to-end encrypted.
MeinChat turns a platform of isolated accounts into a network: people find each other, talk, and move value — all in-product. And it's deliberately scoped, with the hard decisions made explicit rather than hidden.
Nickname discovery + contacts + token transfer give users a reason to bring others onto the platform and to come back to it.
Real-time SSE delivery on the Vue web app and the native iOS app — conversations follow the user from desk to phone.
Moderation and a full transfer audit trail mean you can run it responsibly — ban abuse, inspect on report, account for every token moved.
Signal-style encryption — the server stores ciphertext it cannot read.
MeinChat Plus layers Signal-style end-to-end encryption onto the same conversations. Clients encrypt and decrypt; the server only validates the shape and size of an opaque envelope, stores it, and tracks delivery. It never holds a key and never sees plaintext.
Every message is sealed on the sender's device and opened only on the recipient's. Stored as ciphertext — your own server provably cannot read it.
A Double Ratchet rotates keys every message, so a compromised key can't unlock past or future messages. Out-of-order and skipped messages are handled without breaking the chain.
Messages fan out per registered device and decrypt on each. Web and iOS exchange the same ciphertext through one instance.
Images are sealed too — one encrypted blob plus a per-recipient wrapped key, with full-resolution and thumbnail both protected.
Fail-closed: the client refuses to send in the clear on a conversation
the server hasn't pinned to e2e_v1. No silent fallback to
plaintext.
Because the server can't read messages, the admin tool is deliberately thin: look up a user's public device keys for abuse triage — there is no conversation inspector.
Signal's protocol in audited pure-JS that runs in the browser, with a Swift client on iOS — and a backend that never touches a key.
One Ed25519 identity key (with its X25519 projection), a signed prekey and one-time prekeys. Initiator and responder derive the same secret; prekeys are consumed atomically (SKIP LOCKED).
DH + symmetric KDF chains give per-message forward secrecy; the header is bound into the AEAD additional data; a bounded skipped-key cache tolerates out-of-order delivery.
@noble/curves (X25519/Ed25519), @noble/ciphers (ChaCha20-Poly1305), @noble/hashes (HKDF/HMAC), hash-wasm (Argon2id) — browser-safe, not the native libsignal addon.
An Argon2id passphrase KEK wraps device + session keys, stored in IndexedDB. The pairing sheet turns a passphrase into that KEK — keys never sit in the clear.
The wire format is a CBOR envelope with 256-byte length-hiding padding. Server-side a SignalEnvelopeValidator checks only shape + size — never content.
It registers against MeinChat's six seams — device-key directory, both-peers-have-keys, e2e capability, delivery marking, retention — so the base plugin isn't forked.
A downgrade guard refuses any conversation the server didn't pin to e2e_v1; tamper, wrong-key and replay are rejected by the AEAD construction.
A Swift Signal client + device pairing ships in the iOS app, interoperating with the web client's ciphertext through the same backend.
Secure messaging today means a separate consumer app (Signal, WhatsApp) or a SaaS chat where the vendor can read your data. MeinChat Plus is the third option: the same end-to-end guarantees, embedded in your product and running on your infrastructure.
Same protocol family as Signal — but on your brand, your servers, tied to your accounts, with a web client too. Privacy without sending users to a third-party app.
Intercom, Zendesk and friends can read every message. Here the server holds no keys — "we can't read your messages" is an architectural fact, not a privacy-policy promise.
Zero-knowledge messaging as a platform feature. Confidentiality that's provable, self-hostable, and native to the system your users already trust.
A defensible answer for regulated or sensitive contexts — health, legal, finance, communities — where "the operator can't read it" is the requirement.
Retention understands ciphertext: encrypted at rest on the server, with a device-side cache TTL — privacy and data-minimisation together.
It sits on MeinChat through extension ports. Enable where confidentiality matters; disable per device or per instance to fall back to plain messaging.
MeinChat is your platform's own messenger — nickname identity, a private address book, real-time 1-on-1 chat with images, and peer-to-peer token transfer, on web and iOS. MeinChat Plus seals it end to end with Signal-style encryption on a zero-knowledge server. Self-hosted, governable, and honest about its scope.