Skip to content
Changelog

Secure agent messaging

AI is transforming consumer tech, with messaging becoming the main channel for interacting with agent services. This shift will scale message traffic astronomically, analogous to the web’s rise in the 2000s. Just as Cloud-flare secured web traffic, messaging will need robust scalable end-to-end encrypted messages to protect sensitive information.

Risks

Risks of not using end-to-end encryption for agent interactions exposes the users to what is called as Man in the Middle Attacks.

Man in the Middle Attacks: Intercept requests in between to alter or manipulate data sent or received by the AI service

  • Phishing: Messages can be intercepted and manipulated.
  • Privacy: Sensitive information read by unwanted parties
  • Tampering: Content can be altered without detection.

XMTP

XMTP provides end-to-end encrypted messaging for agent interactions, crucial for privacy, security, and compliance. Without it, messages are exposed to many security risks

Features:

  • E2EE: End to end encrypted MLS encryption
  • Multi-agent: Support multi-agent through group chats
  • Interoperable: Works across all platforms and frontends
  • Scalable: Decentralized, open-source
  • Anonymous: By default every identity is ephemeral and anonymous.

Installation

Install the xmtp package

cmd
bun install xmtp

Usage

This is how you can use the xmtp package to create an agent and handle messages.

  • WALLET_PRIVATE_KEY: This will encrypt all messages and make it available through its public address or ens domain.
import { XMTP } from "xmtp";
 
const xmtp = new XMTP(onMessage, {
  encryptionKey: WALLET_PRIVATE_KEY,
});
await xmtp.init();
const onMessage = async (message, user) => {
  console.log(`Decoded message: ${message.content.text} by ${user.address}`);
  // Your AI model response
  await xmtp.send({
    message: response,
    originalMessage: message,
  });
};

For more information visit XMTP website

GPT example

  1. handleMessage: Triggered each time a new message is received from XMTP.
  2. client.send(): Used to send messages (e.g., AI prompts and responses) back to the XMTP network.

In this example, when handleMessage is invoked, it takes the incoming user message, passes it to the AI model (OpenAI's Chat Completion API), and then sends the AI's response back over XMTP.

import { XMTP } from "xmtp";
import { OpenAI } from "openai";
 
const openai = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY,
});
 
const xmtp = new XMTP(onMessage, {
  encryptionKey: /*wallet private key*/,
});
await xmtp.init();
 
const onMessage = async (message, user) => {
  console.log(`Decoded message: ${response} by ${user}`);
 
  // Prepare conversation history or context as needed
  const history = [
    { role: "system", content: "You are a helpful assistant." },
    { role: "user", content: message },
  ];
 
  // Call the OpenAI API to process the user's message
  const response = await openai.createChatCompletion({
    model: process.env.GPT_MODEL || "gpt-4",
    messages: history,
  });
 
  const response = response.data.choices[0].message.content.trim();
 
  // Send the AI-generated response back to the XMTP network
  xmtp.send({
    message: response,
    originalMessage: message,
  });
};

React example

xmtp-e2ee is a light wrapper around the xmtp package to make it easier to use in react and web. Doesnt support groups yet.

cmd
bun install xmtp-e2ee
import { XMTP, Message } from "xmtp-e2ee";
// ... other imports ...
 
function Chat({ user }: { user: UserInfo }) {
  const [messages, setMessages] = useState<Message[]>([]);
  const [newMessage, setNewMessage] = useState("");
  const [xmtp, setXmtp] = useState<XMTP | undefined>(undefined);
  const [isLoading, setIsLoading] = useState(true);
  // ... other state variables ...
 
  useEffect(() => {
    const init = async () => {
      try {
        if (user?.address) {
          await initXmtp(newWallet);
        }
      } catch (error) {
        console.error("Error resolving recipient:", error);
        setIsLoading(false);
      }
    };
 
    init();
  }, [user.address]);
 
  const onMessage = async (message: Message | undefined) => {
    if (message) {
      setMessages((prevMessages) => [...prevMessages, message]);
    }
  };
 
  const initXmtp = async (wallet: any) => {
    try {
      const xmtpClient = new XMTP(onMessage);
      await xmtpClient.init();
      setXmtp(xmtpClient);
      setIsLoading(false);
    } catch (error) {
      console.error("Error initializing XMTP:", error);
      setIsLoading(false);
    }
  };
 
  const sendMessage = async (e: React.FormEvent) => {
    e.preventDefault();
    if (!xmtp || !newMessage || !recipientInfo?.address) return;
 
    try {
      const message = await xmtp.send({
        message: newMessage,
        receivers: [recipientInfo.address],
      });
      setMessages((prevMessages) => [...prevMessages, message]);
      setNewMessage("");
    } catch (error) {
      console.error("Error sending message:", error);
    }
  };
 
  return <div className={styles.chatContainer}>{/* Render chat UI */}</div>;
}
 
export default React.memo(Chat);