The world's first production-grade secure messenger written entirely by AI.
"Human says what to build. Claude writes every line of code."
Every. Single. Line.
This isn't "AI-assisted" development. This is AI-authored development. From the Ktor server routes to the Kotlin Multiplatform shared module to the SwiftUI views — Claude wrote it all.
29,000+ lines of code
147 files
0 lines written by human hands
- Describes what to build in natural language
- Reviews and approves changes
- Tests on real devices
- Makes product decisions
- Writes all Kotlin, Swift, SQL, and config files
- Designs the architecture
- Implements features across server + Android + iOS
- Fixes bugs and refactors code
- Writes tests and documentation
- Proof of concept: Production-quality apps can be fully AI-generated
- Real security: Signal Protocol + MLS for E2EE — no toy crypto
- Native performance: Kotlin Multiplatform + SwiftUI, zero compromises
- Full transparency: Every commit shows AI-generated code
- End-to-End Encryption — Signal Protocol for 1:1, MLS for groups (platform-native bindings)
- Real-Time Messaging — WebSocket delivery with sub-100ms latency
- Push Notifications — FCM (Android) + APNs (iOS) for background alerts
- Encrypted Attachments — Files encrypted client-side, stored as opaque blobs
- Group Chats — Up to 1000 members with role-based permissions
- Read Receipts — Per-message delivery and read status
- Mentions — @mention support with notification routing
- Invite System — Share invite codes to add contacts
┌─────────────────────────────────────────────────────────────┐
│ Clients │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Android │ │ iOS │ │
│ │ Kotlin/Compose │ │ SwiftUI │ │
│ │ Signal Bindings│ │ Signal Swift │ │
│ └────────┬────────┘ └────────┬────────┘ │
│ │ │ │
│ └──────────┬─────────────────────┘ │
│ │ HTTPS + WSS │
└──────────────────────┼───────────────────────────────────────┘
│
┌──────────────────────┼───────────────────────────────────────┐
│ ▼ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Ktor Server (Zero-Knowledge) │ │
│ │ • Opaque ciphertext only — never sees plaintext │ │
│ │ • WebSocket fanout for real-time delivery │ │
│ │ • Rate limiting + abuse prevention │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ┌────────────┼────────────┐ │
│ ▼ ▼ ▼ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Postgres │ │ Redis │ │ Blobs │ │
│ │ Messages │ │ Rate │ │ Encrypted│ │
│ │ Metadata │ │ Limits │ │ Files │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ Server │
└──────────────────────────────────────────────────────────────┘
shared/Kotlin Multiplatform shared domain models, encrypted payload contracts, and crypto bridge interfaces.server/Ktor backend for device registration, encrypted message fanout, attachment metadata, and websocket delivery.clients/android/Native Android app scaffold built with Kotlin + Compose.clients/ios/Native iOS SwiftUI app scaffold generated with XcodeGen.prototype/expo-rn/Archived Expo/Convex prototype retained for reference and migration work only.docs/Architecture and migration notes for the native rebuild.
The Expo prototype proved the encrypted-only storage model, but it is not a sufficient base for a production secure messenger because the official Signal and MLS runtimes do not currently fit cleanly into the managed Expo stack.
The new direction is:
- native Android and iOS clients
- Kotlin Multiplatform shared app/domain layer
- Ktor backend with websocket realtime delivery
- platform-native crypto bindings instead of homemade protocol code
- encrypted attachments stored as opaque blobs
- JDK 17+
- Android Studio (for Android development)
- Xcode 15+ (for iOS development)
- Docker & Docker Compose (for Postgres/Redis)
- XcodeGen (
brew install xcodegen)
# Clone and setup
git clone https://github.com/hyodotdev/DeepLine.git
cd DeepLine
# Copy environment template
cp .env.sample .env.local
# Start infrastructure (Postgres + Redis)
docker compose up -d postgres redis
# Load environment
set -a && source .env.local && set +a# Run Ktor server on port 9091
./gradlew :server:run# Android
./gradlew :androidApp:assembleDebug
# iOS
cd clients/ios
xcodegen generate
open DeeplineIOS.xcodeproj# Full test suite
./gradlew check
# Or run individually:
./gradlew :server:test # Server unit tests
./gradlew :shared:allTests # Shared module tests (JVM + iOS Simulator + Android)# Run server tests with detailed output
./gradlew :server:test --info
# Run specific test class
./gradlew :server:test --tests "dev.hyo.deepline.server.DeeplineServerTest"# All platforms
./gradlew :shared:allTests
# Specific platforms
./gradlew :shared:serverTest # JVM/Server tests
./gradlew :shared:iosSimulatorArm64Test # iOS Simulator
./gradlew :shared:testDebugUnitTest # Android unit tests# Unit tests
./gradlew :androidApp:testDebugUnitTest
# Instrumented tests (requires emulator or device)
./gradlew :androidApp:connectedDebugAndroidTestcd clients/ios
# Generate Xcode project
xcodegen generate
# Run tests on simulator
xcodebuild -project DeeplineIOS.xcodeproj \
-scheme DeeplineIOS \
-destination 'platform=iOS Simulator,name=iPhone 17' \
test# Generate Kover coverage report for server
./gradlew :server:koverHtmlReport
# Report available at: server/build/reports/kover/html/index.html# Build server Docker image
docker build -t deepline-server:latest -f server/Dockerfile .
# Run with environment variables
docker run -d \
-p 9091:9091 \
-e DEEPLINE_STORE_MODE=postgres \
-e DEEPLINE_DATABASE_URL=jdbc:postgresql://host:5432/deepline \
-e DEEPLINE_DATABASE_USER=deepline \
-e DEEPLINE_DATABASE_PASSWORD=secret \
-e DEEPLINE_RATE_LIMITER_MODE=redis \
-e DEEPLINE_REDIS_URL=redis://host:6379 \
-e DEEPLINE_BLOB_STORAGE_ROOT=/data/blobs \
deepline-server:latest| Variable | Description | Default |
|---|---|---|
DEEPLINE_STORE_MODE |
memory or postgres |
memory |
DEEPLINE_DATABASE_URL |
PostgreSQL JDBC URL | - |
DEEPLINE_DATABASE_USER |
Database username | - |
DEEPLINE_DATABASE_PASSWORD |
Database password | - |
DEEPLINE_RATE_LIMITER_MODE |
memory or redis |
memory |
DEEPLINE_REDIS_URL |
Redis connection URL | - |
DEEPLINE_BLOB_STORAGE_ROOT |
Directory for encrypted blobs | /tmp/deepline-blobs |
DEEPLINE_STRICT_CRYPTO_ENFORCEMENT |
Block dev-mode crypto in production | false |
Flyway migrations run automatically on server startup. Migration files are in:
server/src/main/resources/db/migration/
├── V1__initial_schema.sql
├── V2__attachment_upload_sessions.sql
├── V3__group_member_roles.sql
├── V4__mentions_and_media.sql
└── V5__phone_authentication.sql
# Debug APK
./gradlew :androidApp:assembleDebug
# Output: clients/android/app/build/outputs/apk/debug/app-debug.apk
# Release APK (requires signing config)
./gradlew :androidApp:assembleRelease
# Bundle for Play Store
./gradlew :androidApp:bundleReleaseCreate clients/android/app/keystore.properties:
storeFile=path/to/keystore.jks
storePassword=your-store-password
keyAlias=your-key-alias
keyPassword=your-key-passwordcd clients/ios
# Generate Xcode project
xcodegen generate
# Archive for App Store
xcodebuild -project DeeplineIOS.xcodeproj \
-scheme DeeplineIOS \
-configuration Release \
-archivePath build/DeeplineIOS.xcarchive \
archive
# Export IPA
xcodebuild -exportArchive \
-archivePath build/DeeplineIOS.xcarchive \
-exportPath build/ipa \
-exportOptionsPlist ExportOptions.plist| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/auth/phone/send-code |
Send OTP to phone number |
| POST | /v1/auth/phone/verify |
Verify OTP code |
Rate limits:
send-code: 3 per phone number per 5 minutes, 10 per IP per 5 minutesverify: 5 attempts per verification per minute
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/users |
Register new user |
| POST | /v1/devices |
Register device |
| POST | /v1/prekeys |
Publish pre-key bundle |
| GET | /v1/prekeys/{userId}/{deviceId} |
Fetch pre-key bundle |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/conversations |
Create conversation |
| GET | /v1/users/{userId}/conversations |
List user's conversations |
| GET | /v1/conversations/{id} |
Get conversation details |
| PATCH | /v1/conversations/{id} |
Update settings |
| GET | /v1/conversations/{id}/members |
List members (paginated) |
| POST | /v1/conversations/{id}/members |
Add members |
| DELETE | /v1/conversations/{id}/members |
Remove members |
| PATCH | /v1/conversations/{id}/members/{userId} |
Update member role |
| POST | /v1/conversations/{id}/leave |
Leave conversation |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/messages |
Send encrypted message |
| GET | /v1/conversations/{id}/messages |
List messages |
| POST | /v1/messages/read-receipts |
Mark as read |
| GET | /v1/messages/{id}/receipts |
Get read receipts |
| GET | /v1/messages/{id}/receipts/aggregated |
Aggregated read count |
| GET | /v1/users/{userId}/mentions |
Messages mentioning user |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/attachments/upload-sessions |
Create upload session |
| PUT | /v1/uploads/{sessionId} |
Upload blob |
| POST | /v1/attachments/metadata |
Store attachment metadata |
| GET | /v1/blobs/{storageKey} |
Download blob |
| GET | /v1/conversations/{id}/attachments |
List attachments |
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/invites |
Create invite code |
| POST | /v1/contacts/by-invite |
Add contact by invite |
| Endpoint | Description |
|---|---|
/v1/ws/conversations/{id} |
Real-time message stream |
| Method | Endpoint | Description |
|---|---|---|
| GET | /healthz |
Health check |
┌─────────────────────────────────────────────────────────────┐
│ Human: "Add real-time messaging with WebSocket" │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Claude: │
│ 1. Reads existing codebase (server, android, ios) │
│ 2. Designs WebSocket architecture │
│ 3. Writes Ktor WebSocket route │
│ 4. Writes Kotlin Flow client for Android │
│ 5. Writes URLSessionWebSocketTask for iOS │
│ 6. Adds push notification fallback (FCM + APNs) │
│ 7. Creates database migration │
│ 8. Updates all related files │
│ 9. Runs tests │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Human: Reviews diff → Approves → Ships │
└─────────────────────────────────────────────────────────────┘
| Skill | What Claude Does |
|---|---|
/audit-code |
Scans entire repo for security issues |
/commit |
Writes conventional commit messages |
/review-pr |
Reviews PRs like a senior engineer |
/deepline-knowledge |
Dumps full architecture context |
We welcome contributions! This is an AI-native project, so feel free to:
- Fork & Clone
- Use Claude Code (or your preferred AI assistant) to explore the codebase
- Open a PR with your changes
feat(server): add group member management
fix(android): resolve titlebar display issue
refactor(shared): extract common DTOs
- Kotlin: Kotlin coding conventions
- Swift: Swift API Design Guidelines
- Crypto boundary: Server handles opaque ciphertext only
- Tests pass (
./gradlew check) - Android builds (
./gradlew :androidApp:assembleDebug) - iOS builds (
xcodegen generate && xcodebuild build) - No secrets committed
- Signal Protocol integration (Android + iOS)
- MLS group encryption
- Voice messages
- Disappearing messages
- Multi-device sync
- Desktop client (Compose Multiplatform)
Can AI write a production app from scratch?
We're finding out. Every feature request becomes a prompt. Every bug report becomes a conversation. Every line of code comes from Claude.
Star this repo to follow the experiment. Open an issue to see Claude respond.
Zero human-written code. 100% AI-generated. Fully open source.
The future of software development is here.
Report Bug | Request Feature | Discussions
MIT License — See LICENSE for details.