CoreChat is a high-performance, serverless peer-to-peer messaging framework designed for secure, accountable, and professional communication. By utilizing the WebRTC protocol, CoreChat eliminates the need for intermediary servers to store or relay message data. This implementation balances end-to-end privacy with a robust Local Accountability system, integrating the CensorCore moderation engine, anti-spam protocols, and persistent session auditing to ensure a productive and safe environment.
The primary objective of CoreChat is to provide a decentralized messaging solution where professional standards are enforced by local persistence. Unlike standard volatile chats, CoreChat preserves session integrity through a Persistent Audit Log (PAL), ensuring that interactions are documented on the participating devices without ever reaching a central database.
CoreChat leverages PeerJS to manage WebRTC complexities. The connection lifecycle includes:
- Signaling: Clients register a unique 6-character ID via a global signaling server to facilitate the initial handshake.
- NAT Traversal: Uses STUN servers to identify public IPs and navigate firewalls for direct connection.
- P2P Tunneling: Once established, a bidirectional DataChannel handles all text and file buffers (up to 2MB) directly between browser memories.
CoreChat implements a multi-layered moderation stack to maintain professional standards in a serverless environment.
All outgoing content is passed through a pre-transmission hook:
- Fuzzy-Logic Validation: Checks content against weighted dictionaries, detecting "leetspeak" and orthographic obfuscation using Levenshtein distance calculations.
- Anti-Spam Protocol: Rate-limits users to a maximum of 5 messages every 3 seconds to prevent flood-abuse.
- Automated Interception: Prohibited content is discarded before reaching the network layer, preventing the peer from receiving harmful data.
To ensure accountability, CoreChat maintains a hidden, tamper-resistant log of all activity:
- Access: Accessible via the
CTRL + ALT + Qkeyboard shortcut. - Tracking: Records connection timestamps, public IP addresses, file transfer metadata, and moderation violations.
- Synchronization: Audit events are synchronized between peers in real-time and saved to
localStorage, preserving the history even across browser restarts.
- File & Image Sharing: Native support for P2P transfers of images and documents up to 2MB with inline previews.
- Read Receipts: Visual confirmation (green checkmarks) synced across the DataChannel to track message status.
- Presence Detection: Real-time notification when a peer leaves or returns to the chat tab, ensuring engagement transparency.
CoreChat features an automated anti-abuse mechanism:
- Strike Tracking: Users receive warnings for automated filter hits or manual reports.
- Timed Suspensions: After three violations, users are placed in a suspension state (1-5 minutes) managed by local timestamps.
- Admin Overrides: A hidden portal (
Alt + Q + W) allows authorized developers to clear local flags and lift suspensions using a developer key.
- DTLS/SRTP: All data transmitted over the DataChannel is encrypted using industry-standard protocols native to WebRTC.
- Perfect Forward Secrecy: Keys are negotiated per session; previous sessions remain secure even if future keys are compromised.
- Local Persistence: History is stored locally on-device rather than on a remote server, ensuring that data ownership remains with the users while maintaining accountability.
- Browser: Modern evergreen browsers (Chrome 60+, Firefox 55+, Safari 11+, Edge 79+).
- Connectivity: Standard internet access with WebRTC protocol support.
- Protocol: The application must be served over HTTPS to allow secure permissions for peer discovery and persistent storage.
Maintained by Derrick Richard
Built with PeerJS, CensorCore, and WebRTC.