Passcode Chat (E2EE)
Endpoints used:
GET /api/room/<roomId>/messages?after=<ts>&limit=<n>
POST /api/room/<roomId>/messages
Disconnected
Privacy model: passcode never leaves your browser. Messages are encrypted locally with AES-GCM and stored
server-side as ciphertext. The server only sees roomId = SHA-256(passcode) and encrypted payloads.
Use HTTPS in production.