• Gated Encrypted Nostr Workspaces — agentnoise + whitenoise Integration
  • What We Found
    • agentnoise (nvk/agentnoise)
    • whitenoise (marmot-protocol/whitenoise)
  • Integration Architecture
    • The Gated Workspace Model
  • Kapnet Subsumption of Cryptpad
  • 0-Dep Maxxing — Zero External Dependencies
    • Current Dependency Stack
    • 0-Dep Path
  • License Audit
    • Per-Repo License Tracking
    • License Debt Tracking
    • AGPL-3.0 Implications for Kapnet
  • Repos Cloned to SSD

§Gated Encrypted Nostr Workspaces — agentnoise + whitenoise Integration

§What We Found

§agentnoise (nvk/agentnoise)

• License: MIT
• Language: Rust
• Purpose: Native desktop helper for using phone running White Noise as control surface for local coding agents (Codex, Claude, Hermes)
• Key insight: “keeps Node/npm/bun out of the trusted bridge path”
• Workflow: Phone chat UI → White Noise → agentnoise bridge → local agents
• Transport: White Noise (MLS-encrypted Nostr messages) → SQLite job queue → agent execution
• v0.1.36: Simple install defaults, direct raw Codex/Claude launch without agentbondage
• References agentbondage.org — local policy boundary for hardened profiles

§whitenoise (marmot-protocol/whitenoise)

• License: AGPL-3.0
• Language: Flutter (UI) + Rust (core via flutter_rust_bridge)
• Purpose: Private, decentralized messenger on Nostr using Marmot protocol for MLS group encryption
• Key features:
  • MLS (Messaging Layer Security) group chats
  • Forward secrecy + post-compromise security
  • Keypair identity (no phone/email)
  • Decentralized transport (Nostr relays)
  • External signer support (Amber, NIP-55)
  • Encrypted media
  • Multi-account with encrypted local storage
  • Serverless architecture
• Platforms: Android, iOS (supported); macOS, Windows, Linux, Web (planned)
• Core library: whitenoise-rs (Rust)

§Integration Architecture

WHITENOISE (MLS-encrypted group messaging on Nostr)
    ↓
AGENTNOISE (desktop bridge: White Noise → local agents)
    ↓
KAPNET SOULS (local agent execution)
    ↓
KAPNET PROTOCOL (TXXM envelopes on relay)

§The Gated Workspace Model

Whitenoise provides:

• Identity layer (keypair = identity)
• Encrypted group messaging (MLS)
• Access control (group membership = access)
• Media sharing (encrypted)

Kapnet adds:

• TXXM protocol (coordination payloads)
• Braid consensus (ordering + proof)
• KScript execution (deterministic computation)
• Bitcoin anchoring (settlement)

Together:

• Whitenoise room = Kapnet workspace
• MLS group key = workspace encryption
• Group membership = workspace access
• TXXMs = workspace coordination messages
• Braid = workspace state history

§Kapnet Subsumption of Cryptpad

Rather than integrating Cryptpad as a separate service, Kapnet subsumes it:

Cryptpad (collaborative docs, E2E encrypted)
    ↓ subsumed by
Kapnet Document TXXM (document operations as TXXMs)
    ↓ rendered by
Kapnet Web Gateway (TXXM → HTML)
    ↓ encrypted by
Whitenoise MLS (workspace encryption)
    ↓ identity by
npub keypair (no passwords)

A “document” in Kapnet is a Sheet TXXM. Edits are TXXM submissions. The braid preserves all versions. Whitenoise MLS provides workspace-level encryption for the group editing the document.

Control Bind (Double Paradigm of Hyper-Protocolization):

The “control bind” is the point where two protocols are bound together:

1. Endo-protocol (internal, coordination): Kapnet TXXMs, braid, KScript
2. Exo-protocol (external, transport): Whitenoise MLS, Nostr relays

The bind point is the TXXM envelope:

• Endo: TXXM payload contains Kapnet coordination semantics
• Exo: TXXM envelope is encrypted via MLS and transported via Nostr

This is “hyper-protocolization” — every interaction is simultaneously:

• A Kapnet coordination event (endo)
• An encrypted messaging event (exo)
• A Nostr relay event (transport)
• A Bitcoin-anchored proof (settlement)

Endo Nexus: The braid — all TXXMs converge here, deterministic ordering Exo Nexus: The relay — all encrypted messages propagate here, distributed

§0-Dep Maxxing — Zero External Dependencies

The principle: build everything from source code we control.

§Current Dependency Stack

§0-Dep Path

1. Replace Hermes with ZeroClaw as agent runtime
2. Replace Courier Bridge with whitenoise-rs for messaging
3. Replace NIP-04 with MLS for encryption
4. Self-host Nostr relay (strfry)
5. Replace Cryptpad with Sheet TXXM documents
6. All Rust, all source-available, all under our control

§License Audit

§Per-Repo License Tracking

§License Debt Tracking

For every file we create that incorporates code/concepts from external repos:

// LICENSE-FILEREF: nvk/agentnoise MIT
// LICENSE-FILEREF: marmot-protocol/whitenoise AGPL-3.0
// LICENSE-FILEREF: n0-space/-kapnet BSD-2-Clause

All source files include a header comment referencing:

1. The component’s origin repo
2. The license name
3. The copyright holder (from LICENSE file)
4. The license text (included inline or referenced)

§AGPL-3.0 Implications for Kapnet

Whitenoise is AGPL-3.0. If we modify it and serve it over a network (which we would, since Kapnet is a network protocol), we must:

1. Make the source code available to all users
2. Include the original license and copyright
3. State changes made
4. This is compatible with Kapnet’s open-source nature — we want source available anyway

MIT repos (agentnoise, bitcoin, lnd, zeroclaw) are more permissive — just preserve copyright notice.

BSD-2 (KAP spec) is similarly permissive.

§Repos Cloned to SSD

• agentnoise: /media/user/shared-rw/repos/agentnoise/
• whitenoise: /media/user/shared-rw/repos/whitenoise/
• Previous: n0-space/-kapnet, zeroclaw, whirlpool, btcresearch, lnd, nostr, nips, bips