Capsules
Nyxen Capsules are bundled, time-bound workspaces that combine multiple Nyxen primitives under a single key and a single burn. Instead of juggling separate links for a room, a file, a board, and signals, a Capsule creates one sealed operation:
one entry point
one policy (TTL, rules)
one burn switch
When the Capsule ends, everything inside ends with it.
Concept
A Capsule is:
a container for Nyxen objects:
Dead Drop Room
Secure Links
File Drops
Ephemeral Boards
Signals / Ghost Codes
Spectre Voice session (when available)
controlled by:
a shared key
a global TTL
optional additional constraints
Use Capsules for:
incident response windows
due diligence sessions
sensitive deal rooms
red-team ops
“this entire situation lives here and then dies” flows
[!IMPORTANT] When a Capsule expires or is burned, every object it owns is destroyed. No partial survival.
Core Properties
Access Model
Single key / link controlling all included objects
Contents
References to Nyxen primitives (rooms, links, files, boards)
Global TTL
Required; applies to entire Capsule
Local TTLs
Optional, per-object (must not exceed Capsule TTL)
Burn Behavior
Burn Capsule = burn all contents
Encryption
Client-side; keys derived from Capsule master key
Storage
Ciphertext + minimal metadata; purged on burn/expiry
When to Use a Capsule
Use a Capsule when:
there is a clearly defined operation (not an ongoing team),
multiple Nyxen objects are needed,
you want:
one invite,
one shared understanding,
one guaranteed end.
Examples:
Security incident handling (IR-123)
One narrow legal / M&A review period
Coordinated leak intake or whistleblower review (legitimate channels)
High-sensitivity war-room for a fixed event
Capsule Structure
At a high level, a Capsule might look like:
Capsule: IR-492
TTL: 60 minutes
Includes:
- Dead Drop Room: "IR-492/room"
- Ephemeral Board: "IR-492/board"
- File Drop: server logs snapshot
- Secure Link: temporary credentials
- Ghost Codes: {101, 304, 909}
- Optional: Spectre Voice bridge
Burn Capsule → everything above is destroyed.In practice:
all of these are encrypted using keys derived from a Capsule master key,
Nyxen relays only see independent objects with shared TTL boundaries.
Lifecycle
Create Capsule
Add Components
Share Access
Operate
Expire or Burn
Purge All
1. Create Capsule
User opens Nyxen Capsules and defines:
Capsule label (non-sensitive; e.g.
IR-492,Deal-Alpha,Ops-Window-01)Global TTL (e.g. 30–180 minutes)
Policies:
Allow/deny File Drops
Allow Spectre Voice (when supported)
Signals / Ghost Codes enabled
Client generates:
capsuleIdcapsuleKey(master key, never sent in plaintext)
2. Add Components
From the Capsule view, user can:
Spawn a Dead Drop Room bound to this Capsule
Add an Ephemeral Board
Create File Drops within Capsule context
Attach Secure Links
Enable Signals & Ghost Codes set
Optionally create a Spectre Voice session
All components:
use keys derived from
capsuleKeyinherit the Capsule TTL as maximum lifetime
[!NOTE] Individual components may have shorter TTLs or stricter rules, but none may outlive the Capsule.
3. Share Access
Single invite pattern:
https://nyxen.vip/capsule/C-IR492#Kf9sQ2...Or split key:
Capsule URL:
https://nyxen.vip/capsule/C-IR492Key delivered via separate channel.
Participants with access:
see only what is inside that Capsule
do not need separate links for every internal object
4. Operate
Inside a Capsule, participants can:
chat via the Dead Drop Room
maintain a temporary Ephemeral Board
exchange files through File Drops
send Signals / Ghost Codes
(later) join Spectre Voice sessions
Everything is:
visually scoped (clear that you are “inside Capsule X”)
time-scoped (countdown visible)
logically bound (contents belong to this operation only)
5. Expiry & Burn
Automatic (Global TTL)
At Capsule expiry:
Mark Capsule as expired.
For each component:
trigger burn/purge.
Invalidate all associated links and sessions.
Manual Burn
At any time (if authorized), a user can:
hit Burn Capsule
trigger:
onBurnCapsule(capsuleId) {
burnAllComponents(capsuleId); // Dead Drops, Boards, Files, Links, Signals, Voice
clearCapsuleKey(capsuleId);
renderBurnNotice("This Nyxen Capsule and all contents have been destroyed.");
}[!WARNING] Capsule burn is total. There is no “undelete one file” or “reopen the room”.
Recommended Usage Patterns
Security incident (IR)
30–120 min
Dead Drop, Board, File Drops, Codes
Structured due diligence window
60–240 min
Dead Drop, Board, File Drops
Disclosure / reporting lane
30–90 min
Dead Drop, File Drops, Secure Links
High-risk coordination
15–60 min
Dead Drop, Codes, Spectre Voice
[!TIP] Each Capsule should correspond to a single, clearly bounded operation. Don’t reuse Capsules for new events.
Implementation Notes (For Builders)
Derive per-object keys from a Capsule master key:
const capsuleKey = generateCapsuleKey();
function deriveKey(label: string) {
return hkdf(capsuleKey, /* salt */, /* info = label */);
}
// Examples:
const roomKey = deriveKey("room");
const boardKey = deriveKey("board");
const fileKey = deriveKey("file:" + fileId);Enforce:
Capsule TTL as upper bound for all components.
cascade burn on Capsule expiry or manual burn.
Keep Capsule metadata minimal:
label (non-sensitive),
expiry,
count of components (if needed),
never store sensitive semantics.
Example metadata-only API sketch:
POST /api/capsule
Content-Type: application/json
{
"ttl_seconds": 3600,
"label": "IR-492"
}Response:
{
"capsule_id": "C-IR492",
"share_url": "https://nyxen.vip/capsule/C-IR492"
}Key management remains entirely client-side.
Relationship to the Rest of Nyxen
Capsules turn Nyxen from “a set of tools” into “operations with guaranteed ends”.
Without Capsules:
you manually coordinate multiple separate drops.
With Capsules:
one place,
one key,
one set of rules,
one switch to end it.
Capsules express Nyxen’s core doctrine at full strength:
Key-based. Encrypted at the edge. Time-bound. Coordinated. Burnable as a unit.
Last updated