Documentation

Everything you need to deploy, configure, and extend Sypher.

Quick Start

Self-Hosting Documentation

Sypher is currently in pre-alpha development. Self-hosting instructions and server installation guides will be published once we enter public alpha testing.

In the meantime, you can subscribe for updates to be notified when alpha testing opens and self-hosting becomes available.

Server Architecture

Sypher runs as a multi-container application with the following components:

  • API — Express.js REST API
  • PostgreSQL — Primary database
  • Redis — Pub-sub, caching, rate limiting
  • LiveKit — WebRTC voice and video
  • Traefik — Reverse proxy with automatic TLS
  • Coturn — TURN relay for NAT traversal
  • db-backup — Automated daily database backups

Client Configuration

The web client is served directly by your Sypher server — no separate installation needed. The desktop client connects to any Sypher server during setup.

Backups & Recovery

Sypher includes automated daily database backups with 7-day retention. Backup and recovery procedures will be documented during public alpha.

RCON Console

The RCON (Remote Console) provides admin access to server metrics, tracing, backup management, and user administration.

Identity System

Sypher uses a device-bound identity system with EdDSA signing keys, install UUIDs, and Argon2id password hashing. Each device generates a unique keypair on first launch.

ABAC Permissions

Attribute-Based Access Control with deny-wins semantics. Policies are evaluated in scope chains: server, category, drawer, channel. Effects pipelines allow complex permission logic.

Encryption

DMs use mandatory E2EE with X3DH key agreement and AES-256-GCM. Channel E2EE is optional and configurable per channel. All data at rest is encrypted via PostgreSQL TDE.

Federation

Connect Sypher servers together with Ed25519 HTTP signature verification and configurable trust tiers. Federation allows cross-server messaging while maintaining sovereignty.

Module System

Modules are the building blocks of Sypher. Core modules (Channels) are always enabled. Optional modules can be toggled per workspace by admins.

Module SDK

The Module SDK provides sandboxed access to Sypher APIs. Modules declare required permissions in their manifest and receive a scoped SDK instance.

Developing Modules

Create a manifest.json with your module metadata and permissions, implement server-side routes, and optionally provide client-side UI components.

API Reference

The full REST API is documented in OpenAPI 3.0 format. Download the spec from your server at /api/docs/openapi.json.

Authentication

All API requests require a valid JWT issued by the identity system. Tokens are Ed25519-signed and include device fingerprints for revocation.

Webhooks

Configure outgoing webhooks to receive real-time notifications for events like messages, member joins, and moderation actions.