End-to-end encrypted delivery first. Trusted delivery when needed.
BeeBuzz is a focused push delivery system for private machine-to-person notifications from servers, automations, scripts, apps, and webhooks.
It is built for developers, homelabbers, and small teams sending notifications from systems they control. Not chat, not a team inbox, not a general messaging platform.
It supports two delivery modes:
- End-to-end encrypted delivery for senders you control, when they can encrypt before sending to BeeBuzz and BeeBuzz stores only ciphertext.
- Trusted delivery for fast HTTP, webhook, and third-party service integrations when they cannot encrypt before sending.
BeeBuzz is built around paired personal devices, short-lived delivery state, and a small auditable stack: Go, SQLite, SvelteKit, Web Push, and Hive, its PWA receiver.
Hosted beta flow, showing setup in BeeBuzz and delivery in Hive side by side.
quickstart-demo.mp4
Sign in, create a pairing code, pair Hive, create a token, and deliver the first notification.
BeeBuzz.app is the hosted BeeBuzz SaaS.
Hosted access is currently a beta for approved users. Hosted access is free during beta. After beta, the hosted service is expected to move to a single paid plan so the project can stay sustainable. Self-hosting remains free, open source, and available under the AGPL license.
Start here: BeeBuzz quickstart.
BeeBuzz has two delivery paths because not every sender can encrypt before sending to BeeBuzz.
|
|
In both paths, Web Push transport is encrypted in transit between BeeBuzz and the receiving browser. The difference is what BeeBuzz handles before delivery. In trusted delivery, BeeBuzz receives the message, prepares delivery, handles short-lived attachment data when present, and dispatches the notification to paired devices. In end-to-end encrypted delivery, BeeBuzz stores ciphertext and relays a minimal delivery envelope while Hive fetches and decrypts the message on the receiving device.
Use trusted mode when the sender cannot encrypt before sending:
curl https://push.beebuzz.app \
-H "Authorization: Bearer $TOKEN" \
-F title="Hello from BeeBuzz" \
-F body="Trusted mode test"Install the CLI from a GitHub release or with Go:
go install lucor.dev/beebuzz/cmd/beebuzz@latestThen connect the CLI and send an encrypted notification:
beebuzz connect
beebuzz send "Hello from BeeBuzz"In E2E mode, the CLI fetches paired device public keys, encrypts the payload
locally with age, and sends ciphertext as
application/octet-stream. Hive fetches and decrypts the notification on the
receiving device.
- Server: Go + SQLite API for accounts, topics, API tokens, devices, attachments, and Web Push dispatch.
- Site: SvelteKit web app for sign-in, device pairing, API tokens, webhook setup, and administration.
- Hive: PWA receiver that handles Web Push, stores pairing state locally, and decrypts E2E notifications on-device.
- CLI: sender for end-to-end encrypted notifications from terminals, scripts, and automation.
- Quickstart
- Browser support
- Local development
- Webhooks
- E2E encryption model
- Threat model
- OpenAPI contract
- Development posts
BeeBuzz is currently optimized for two workflows:
- get approved for the hosted beta and send your first notification quickly
- run the stack locally with a fast development loop
Detailed production self-hosting docs will come later.
BeeBuzz is licensed under the GNU Affero General Public License v3.0 only. See LICENSE.
Third-party dependencies are tracked in the Go and frontend dependency manifests.