SKComm Architecture
Visual architecture reference for SKComm. For the detailed prose architecture
document see ARCHITECTURE.md at the repo root.
Transport Architecture
graph TB
subgraph "SKComm Core"
Core[SKComm Core] --> Router[Message Router]
Router --> |failover/broadcast| T1[Syncthing Transport]
Router --> |failover/broadcast| T2[File Transport]
Router --> |failover/broadcast| T3[Nostr Transport]
Router --> |failover/broadcast| T4[WebSocket Transport]
end
subgraph "Security Layer"
Crypto[EnvelopeCrypto] --> |PGP encrypt| Core
Signing[EnvelopeSigner] --> |PGP sign| Core
KeyStore[KeyStore] --> Crypto
end
subgraph "Peer Management"
Discovery[PeerStore] --> Router
KeyExchange[Key Exchange] --> Discovery
KeyExchange --> |DID fetch| DID[skworld.io DID Registry]
KeyExchange --> |bundle import| Bundle[Peer Bundle JSON]
end
subgraph "API Layer"
REST[FastAPI Server] --> Core
DIDRouter[DID Router] --> REST
ProfileRouter[Profile Router] --> REST
MCP[MCP Server] --> Core
end
Message Flow
sequenceDiagram
participant S as Sender
participant SC as SKComm Core
participant C as EnvelopeCrypto
participant R as Router
participant T as Transport
participant FS as Syncthing/File
S->>SC: send(recipient, message)
SC->>SC: Create MessageEnvelope
SC->>C: encrypt_payload(envelope, peer_key)
C-->>SC: encrypted envelope
SC->>C: sign_payload(envelope)
C-->>SC: signed envelope
SC->>R: route(envelope)
R->>T: send(envelope_bytes)
T->>FS: Write to outbox/{recipient}/
FS-->>T: File synced
Key Exchange Flow
graph LR
subgraph "Public Exchange"
A1[Agent publishes DID] --> A2[skworld.io Registry]
A2 --> A3[skcomm peer fetch name]
A3 --> A4[PeerInfo + public key saved]
end
subgraph "Private Exchange"
B1[skcomm peer export] --> B2[bundle.json]
B2 --> |file/USB/Signal| B3[skcomm peer import bundle.json]
B3 --> B4[PeerInfo + GPG import]
end
See SOP-KEY-EXCHANGE.md for the full step-by-step procedure.
DID Three-Tier Model
graph TB
subgraph "Tier 3: Public Internet"
T3[did:web:ws.weblink.skworld.io:agents:slug]
T3 --> |minimal| T3D[Name + JWK public key only]
T3 --> |hosted on| CF[Cloudflare KV]
end
subgraph "Tier 2: Mesh Private"
T2[did:web:hostname.tailnet.ts.net]
T2 --> |full| T2D[Service endpoints + capabilities + agent card]
T2 --> |served via| TS[Tailscale Serve]
end
subgraph "Tier 1: Self-Contained"
T1[did:key:z6Mk...]
T1 --> T1D[Zero infrastructure needed]
end
T1 -.->|fallback| T2
T2 -.->|public subset| T3
| Tier | DID Format | Scope | Contents |
| 1 | `did:key:z6Mk...` | Universal | Self-contained public key, zero infrastructure |
| 2 | `did:web:{tailnet-hostname}` | Mesh-private | Full service endpoints, capabilities, agent card |
| 3 | `did:web:ws.weblink.skworld.io:agents:{slug}` | Public internet | Minimal: name + JWK public key |
DID API Endpoints
The did_router (mounted on the FastAPI server via skcomm serve) exposes the
following routes:
| Method | Path | Auth | Description |
| `GET` | `/.well-known/did.json` | None | Tier 2 mesh DID document; Tier 1 fallback |
| `GET` | `/api/v1/did/key` | None | `did:key` identifier + PGP fingerprint |
| `POST` | `/api/v1/did/verify` | None | Structural DID challenge-response validation |
| `GET` | `/api/v1/did/document` | CapAuth bearer | All three tiers in one response |
| `GET` | `/api/v1/did/peers/{name}` | CapAuth bearer | Peer DID from `~/.skcapstone/peers/{name}.json` |
| `POST` | `/api/v1/did/publish` | CapAuth bearer | Generate all DID tiers and write to disk |
System Layers
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Application Layer โ
โ CLI (skcomm send/receive/peer) โ Python API โ MCP Server โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Protocol Layer โ
โ Envelope creation โ Serialization โ Thread management โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Security Layer (CapAuth) โ
โ PGP encrypt/decrypt โ Sign/verify โ CapAuth identity/trust โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Peer Management Layer โ
โ PeerStore โ Key Exchange (DID + bundle) โ DID Router โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Routing Layer โ
โ Transport selection โ Priority queue โ Failover โ Retry โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Transport Layer โ
โ WebRTC โ Tailscale โ WebSocket โ Syncthing โ File โ Nostr โ .. โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Network / Physical โ
โ TCP/IP โ UDP โ Filesystem โ USB โ QR code โ DNS โ IPFS โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Source Layout
src/skcomm/
โโโ core.py # SKComm entry point โ send/receive orchestration
โโโ router.py # Transport selection, failover, broadcast logic
โโโ crypto.py # EnvelopeCrypto โ PGP encrypt/decrypt
โโโ signing.py # EnvelopeSigner โ PGP sign/verify
โโโ key_exchange.py # Peer key exchange: DID fetch + bundle export/import
โโโ did_router.py # FastAPI DID API endpoints (three-tier model)
โโโ discovery.py # PeerStore โ YAML-backed peer registry
โโโ models.py # Shared data models (MessageEnvelope, PeerInfo, ...)
โโโ config.py # Config loading (~/.skcomm/config.yml)
โโโ cli.py # Click CLI โ skcomm send/receive/peer/status/...
โโโ api.py # FastAPI app โ skcomm serve
โโโ mcp_server.py # MCP server โ skcomm-mcp
โโโ profile_router.py # FastAPI profile endpoints
โโโ household_router.py # FastAPI household endpoints
โโโ souls_router.py # FastAPI souls endpoints
โโโ pubsub.py # Pub/sub broker
โโโ signaling.py # WebRTC signaling broker
โโโ transports/ # Transport plugins
โโโ file.py
โโโ syncthing.py
โโโ websocket.py
โโโ nostr.py
โโโ webrtc.py
โโโ tailscale.py
โโโ ...