First secure message in 5 minutes

Create an .npmrc file in your project root to point the @private.me scope at the private registry. Replace YOUR_TOKEN with the token provided by your account manager.

@xail:registry=https://api.xail.io/npm/
//api.xail.io/npm/:_authToken=YOUR_TOKEN

Two packages: the agent SDK for identity and messaging, plus the crypto library for XorIDA threshold sharing.

npm install @private.me/agent-sdk @private.me/crypto

Each agent gets a unique DID (Decentralized Identifier) backed by Ed25519 signing and X25519 key agreement keys. No registration, no API key — just a cryptographic identity.

import { Agent } from '@private.me/agent-sdk';

const agent = await Agent.create();

console.log(agent.did);
// did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

import { exportPKCS8, importFromPKCS8 } from '@private.me/agent-sdk';

// Save
const pkcs8 = await exportPKCS8(agent.identity.privateKey);
fs.writeFileSync('agent.key', pkcs8.value);

// Restore
const identity = await importFromPKCS8(fs.readFileSync('agent.key'));
const agent = await Agent.fromIdentity(identity.value, { registry, transport });

The SDK automatically encrypts with AES-256-GCM, signs with Ed25519, and splits via XorIDA threshold sharing. The recipient needs k-of-n shares to reconstruct.

const recipientDid = 'did:key:z6Mkr...';

const result = await agent.send(recipientDid, {
  type: 'alert',
  payload: 'Anomaly detected in sector 7',
  timestamp: Date.now()
});

console.log(result.shares.length);
// 3 (split across channels)

HMAC verification happens before reconstruction -- always. If any share has been tampered with, the SDK rejects it before the message is ever assembled.

const shares = await collectShares(channels);

// HMAC verification happens automatically
const message = await agent.receive(shares);

if (message.ok) {
  console.log(message.value.payload);
  // 'Anomaly detected in sector 7'
}

You have sent your first information-theoretically secure message. Explore the platform.