Viewport daemon, relay, and hosted runtime are available in alpha. Surfaces may change.
VIEWPORT
Security explained

Session relay decryption

How the browser can render live session plaintext without the relay or platform database storing the transcript.

The /sessions page can show plaintext because the browser becomes an active runtime endpoint for that live session. The plaintext is not read from a platform transcript table. It is streamed from the daemon over an encrypted relay channel and decrypted in the browser's memory.

That is a useful protection boundary, but it is not the same as daemon-only decryption. The browser can render the session, so the JavaScript running in the browser can see it.

Where the key comes from

The browser derives a fresh relay session key after it connects to a paired machine.

Rendering diagram...

After the handshake, both endpoints have the same temporary symmetric key:

  • the daemon keeps it in its relay session state
  • the browser keeps it in JavaScript memory for the active connection
  • the relay does not get the key
  • the platform database does not store the key

What each token/key does

MaterialWhere it livesWhat it does
Relay tokenBrowser, relayAuthenticates routing to a runtime target. It is not the decrypt key.
Daemon public keyAPI/browserLets the browser start an authenticated handshake with the daemon. It is public.
Daemon private keyLocal daemonLets the daemon complete the handshake. It should not leave the daemon machine.
Browser ECDH private keysBrowser memoryUsed to derive the relay session key. Fresh per connection.
Relay session keyBrowser memory + daemon memoryEncrypts/decrypts frames with AES-GCM for this relay session.

How frames move

Rendering diagram...

The relay can route frames because it sees envelope metadata such as workspace, runtime target, frame type, and connection state. It should not see payload plaintext.

The honest trust boundary

This protects against:

  • relay operators reading frame payloads
  • backend logs containing session frames
  • database leaks exposing session transcripts
  • a stale server-side transcript table existing by accident

This does not protect against:

  • malicious hosted web JavaScript reading what it renders
  • browser extensions that can inspect page content
  • compromised user devices
  • screenshots or local browser memory inspection

If you use the hosted web app, you are trusting the JavaScript delivered by Viewport for live session rendering. That is a narrower trust boundary than server-side plaintext storage, but it is still trust.

Stronger deployment options

For environments that need Viewport-the-service to be unable to read live session plaintext even through shipped web code, use or build toward one of these models:

ModelWhat changes
Open-source runtime UIThe session decrypt/rendering code lives in the open-source viewport repo and can be audited or self-built.
Local daemon-served UIThe browser loads the session UI from localhost, not the hosted app.
Native desktop appSession decrypt/render happens in a signed local app.
Self-hosted web appThe customer controls the deployed web bundle.
Signed/verifiable frontend bundlesUsers can verify the hosted bundle matches reviewed source.

The immediate priority is to move the session runtime UI and relay decryption client into the open-source viewport surface so the sensitive decrypt/render path is auditable outside the closed platform app.

On this page