Skip to content
Muhkoo Connect

Why Muhkoo

Muhkoo Connect is a TypeScript SDK for building apps where the server is never trusted with user data. Authentication, storage, and messaging are all private by construction — yet you use them through one ergonomic client, the same way you’d use any BaaS.

The whole API is one object

Section titled “The whole API is one object”
const client = new Client({ apiKey, baseUrl });


client.auth      // ZK identity: register / login / sessions
client.kv        // per-user, encrypted-at-rest key/value
client.storage   // file storage (chunked, encrypted, erasure-coded)
client.message   // pub/sub + end-to-end-encrypted direct messages

Everything hangs off client.<namespace>.<method>. There’s no separate auth SDK, storage SDK, and realtime SDK to wire together — one session flows through all three.

What makes it different

Section titled “What makes it different”
  • Zero-knowledge auth. A user’s identity is derived from their (username, password) on the device and proven with a Groth16 proof. The accelerator stores only a Poseidon commitment — never a password, never a secret. The same credentials reproduce the identity on any device, so login is federated with no key material to sync.
  • Encryption by default. client.kv values are sealed with AES-256-GCM under a key derived from the user’s identity before they ever leave the device. Direct messages use the Double Ratchet (the Signal protocol’s ratchet). The platform relays ciphertext.
  • Edge-native. The backend runs on the edge, so state lives close to users globally and there’s nothing to operate.
  • Metered + multi-tenant. Every app authenticates with an app key (mk_…) that attributes usage for billing. The API is public — your users’ apps can run on any origin.

When to use it

Section titled “When to use it”

Reach for Muhkoo Connect when you’re building:

  • private, user-owned data apps (notes, journals, health, finance);
  • end-to-end-encrypted chat or collaboration;
  • multi-device apps that need federated login without a key-escrow story;
  • anything where “the vendor can read your users’ data” is a non-starter.

When not to

Section titled “When not to”
  • You need full-text search or server-side queries over user data — encrypted storage can’t be queried on the server by design (see Storage).
  • You need the server to process plaintext (e.g. server-side AI over user content) — that breaks the trust model.

Ready? The Quickstart gets you from zero to a signed-in user reading and writing encrypted data in a few minutes.