Passcode Chat (E2EE)

Endpoints used:
GET /api/room/<roomId>/messages?after=<ts>&limit=<n>
POST /api/room/<roomId>/messages
Disconnected

Privacy model: passcode never leaves your browser. Messages are encrypted locally with AES-GCM and stored server-side as ciphertext. The server only sees roomId = SHA-256(passcode) and encrypted payloads. Use HTTPS in production.