Sign in and chat over Matrix, sovereign by design.
delplanche is a working Matrix client and Personal Identity Protocol. Log in with your homeserver below to send and receive real messages, with Element X-style architecture, Island sandbox isolation, and an enclave you can inspect down to the device keys.
- 3
- 0
- E2EE
- MIT
Launch the chat client.
The client is a separate, full-screen environment, real Matrix login, sync, and messaging with zero dashboard clutter. Your session is shared, so you stay signed in across both.
One protocol, three faces.
Every identity in delplanche carries a tier. You step up only when a service genuinely needs it, and you can never be silently downgraded or upgraded without the haptic seal.
Neon Anonymity
A throwaway, unlinkable identity. No real-world attributes leave the device.
- Ephemeral keypair, rotated per session
- Zero attributes disclosed
- Ideal for browsing, forums, drops
Amber Verification
Selective, proof-backed claims. Prove a fact without handing over the underlying data.
- Zero-knowledge attribute proofs
- Reveals a yes / no, never the value
- Reusable across services, revocable
Blue Legal
A government-anchored, legally-binding identity for contracts and regulated flows.
- Belgian eID (BeID) anchor
- Qualified signature, audit trail
- Released only behind the haptic seal
No central vault. The mesh is the vault.
Your identity lives as encrypted state across the Matrix federation. Every device holds room keys; cross-signing decides who is trusted. New logins get keys shared peer-to-peer, never in the clear, and never through a server that could read them.
room-key sharing
- device A→device B✓ key shared
- device B→device C✓ key shared
- device C→new login◌ awaiting
5 homeservers · 1 cross-signed identity · keys in flight
Identity that opens before the app finishes loading.
delplanche maps onto Element X's sliding-sync engine, so a phone streams only the identity state in view. Cold start stays snappy, keys restore from encrypted backup, and a new device is trusted in a single QR scan.
- Sub-second cold start on mobile
- Online key backup, no desktop required
- One-scan cross-signed device trust
/_matrix/client/unstable/org.matrix.msc4186/sync{"lists.identity.ranges": [[0, 12]],"required_state": [["pip.tier","*"]],"timeout": 30000,"conn_id": "pip-mobile-01"}Element X-style sliding window. Streams only the identity rooms in view, so cold start on mobile stays under a second.
query · Is the holder at least 18?
Prove it to the government. Reveal it to no one.
BEAM is the bridge between the protocol and European eID. It runs zero-knowledge proofs against the Belgian eID registry, so a service can confirm you are over 18, an EU resident, or a unique human without ever receiving your card, your name, or your birth date.
Proofs are short-lived, revocable, and bound to your Blue Legal tier. The gateway only ever returns a single verified bit.
The control surface, not the conversation.
Everything operational lives here: the SDK enclave, device-key trust, the sliding-sync lifecycle, bridges, integrations, and sovereign deployment. The chat itself stays clean over in the client.
enclave monitor · SDK architecture
The cryptographic core, isolated from the presentation layer. Deep-dive only, none of this clutters the chat.
stacked enclave
The high-performance core (matrix-rust-sdk). Owns E2EE (Olm/Megolm) bound to the hardware enclave, the MSC3575 sliding-sync handshake, and robust SQLCipher-style local state.
device keys · cross-signing
Keys are generated and held inside the crypto sandbox (Web Worker isolated), bound to Apple Secure Enclave / Samsung Knox attestation where available, never exposed to the personal profile context.
webcrypto enclave · live
WebCrypto unavailable in this context.
sliding sync lifecycle · MSC3575
- 1Initial proxy handshakeMSC3575 connection opened, conn_id assigned
- 2Filter applicationIdentity room window + required_state filters set
- 3Real-time differential updatesAsync engine streams only changed ranges
advanced gateway
Opt-in side-channels. Nothing here touches your clean room list, everything is bridged into a separate enclave.
The PIP Master Plan, 57 concrete goals from the Sovereign Vault spec, tracked live. Identity root: @you:delplanche.com.
- 01Neon-tier anonymous identity generationdone
- 02delplanche.com identity rootingdone
- 03ZKP-based account creation (Amber / Blue)done
- 04Element X Compound design systemdone
- 05Identity enclave dashboarddone
- 06Generated usernames (neon-[4hex]-[2])done
- 07Three PRD identity tiers (Neon / Amber / Blue)done
- 08Amber tier: selective ZKP attribute proofsdone
- 09Blue tier: eIDAS-anchored BeID bridgedone
- 10Account recovery via cross-signingdone
- 11m.login.password authenticationdone
- 12Long-poll /sync streaming enginedone
- 13Reliable m.room.message send (txn ids)done
- 14Multi-room timeline trackingdone
- 15Clean engine / view-model separationdone
- 16Rust-SDK hard-binding for crypto coredone
- 17Sliding Sync v3 (MSC3575) handshakedone
- 18Device list trackingdone
- 19m.room_key pre-sharing visualizationdone
- 20SQLCipher-style local state storedone
- 21Island work / personal profile toggledone
- 22Identity tier = sandbox isolation leveldone
- 23LocalState hard-wipe (panic button)done
- 24Global sign-out across sessionsdone
- 25Redact-on-panic for sent messagesdone
- 26Haptic-seal confirmation for releasesdone
- 27Crypto sandbox isolated to Web Workerdone
- 28Hardware enclave key bindingdone
- 29Knox / Secure Enclave attestationdone
- 30Encrypted session persistencedone
- 31.well-known/matrix/client for delplanche.comdone
- 32.well-known/matrix/server delegationdone
- 33_matrix._tcp SRV record automationdone
- 34CNAME / A record provisioningdone
- 35Federated enclave routingdone
- 36eIDAS / ZKP verification gatewaydone
- 37Belgian eID proof bindingdone
- 38Sovereign Distribution (Docker/Ansible)done
- 39Bridge side-channel isolationdone
- 40Moderation tooling (Draupnir policy lists)done
- 41Non-vendor-lock-in BYOS orchestrationdone
- 42Zero-carbon Swiss enclave optiondone
- 43matrix-hookshot GitHub/JIRA side-channeldone
- 44Maubot automation enclave add-ondone
- 45Server-to-server federation routing auditdone
- 46Tri-state vault isolation (RAM / AES-GCM / hard-bound)done
- 47Context Migrator · full flush + sync re-handshakedone
- 48The Seal · 2.5s decryption gatekeeperdone
- 49Hierarchical glassmorphism (gelaagdheid)done
- 503-panel social enclave (camera / chats / guilds)done
- 51Discord-style sovereign guilds (Matrix Spaces)done
- 52Ephemeral camera · RAM-only ZK-watermarkdone
- 53Class-A/B server matrixdone
- 54Ephemeral pseudonym engine (3 pool · cooldown)done
- 55Verified username suffix partitioningdone
- 56Directory partitioning (Class-B ghosts)done
- 57Dark peer discovery · OOB QR handshakedone
Two controls you can feel.
The protocol's most sensitive actions are deliberately physical. One destroys everything, one is required to release anything. Both are live below, try them.
Panic button
One tap wipes every credential this device holds. Keys, vault, and session state are destroyed locally and your other devices revoke this one. There is no undo, that is the point.
hold to seal
The whole thing on one card.
- Transport
- Matrix federation, E2EE (Olm / Megolm)
- Identity state
- Encrypted room state, cross-signed devices
- Mobile
- Element X sliding sync + online key backup
- Verification
- BEAM zk-SNARK gateway to Belgian eID
- Tiers
- Neon Anonymity · Amber Verification · Blue Legal
- Kill switch
- Local panic wipe + remote device revocation
- Consent
- Press-and-hold haptic seal on every release
- License
- Open source, MIT
Clone it, host it, own your identity end to end.
delplanche is a reference implementation, not a service. Point it at your own homeserver, wire BEAM to your eID provider, and the only party that ever holds your keys is you.