GoChatX
End-to-end encrypted browser chat widget powered by Matrix.
One script tag. No app install. No registration. 12 KB initial load.
GoChatX is a browser-native encrypted chat widget that connects website visitors with operators via the Matrix protocol. Website owners embed GoChatX with a single script tag. Visitors open the chat, and their browser establishes an end-to-end encrypted connection using vodozemac (Rust/WASM). The operator receives messages in Element, FluffyChat, or any Matrix client. No accounts, no app installs, no registration for visitors.
GoChatX is the successor to GoChat (SimpleX-based, 12 seasons, 551+ tests). It replaces the SimpleX Messaging Protocol with the Matrix Client-Server API, reaching 115M+ Matrix users instead of 300K SimpleX users.
GoChatX is part of the SimpleGo ecosystem and serves as the communication layer for websites, e-commerce, and customer support.
<script src="https://cdn.simplego.dev/gochatx.js"
data-homeserver="https://matrix.simplego.dev"
data-registration-url="https://your-backend.com/api/token"
data-operator="@support:simplego.dev"
async></script>One line of code. The widget handles everything: Shadow DOM isolation, E2E encryption via vodozemac WASM, Matrix registration, and UI.
<script src="https://cdn.simplego.dev/gochatx.js"
data-homeserver="https://matrix.simplego.dev"
data-registration-url="https://your-backend.com/api/token"
data-operator="@support:simplego.dev"
data-position="bottom-right"
data-trigger="floating"
data-name="Support"
data-color="#45bdd1"
data-bubble-animation="shimmer-flip"
data-welcome="How can we help?"
data-lang="en"
async></script>| Attribute | Default | Description |
|---|---|---|
data-homeserver |
required | Matrix homeserver URL |
data-registration-url |
required | Token backend URL for visitor registration |
data-operator |
required | Operator's Matrix user ID |
data-position |
bottom-right |
Widget position (bottom-right, bottom-left) |
data-trigger |
floating |
floating (bubble icon) or custom (use GoChatX.open()) |
data-name |
GoChatX |
Header title |
data-color |
#45bdd1 |
Primary accent color |
data-bubble-animation |
shimmer-flip |
Bubble animation (15 options, see below) |
data-welcome |
- | Welcome message after connection |
data-lang |
en |
Interface language |
data-z-index |
10000 |
CSS z-index |
shimmer-flip (default), inner-glow, icon-breathe, shimmer, wiggle, color-shift, icon-flip, notification-dot, radar-sweep, pulse, neon, heartbeat, jelly, ring-rotate, float, none
<script src="https://cdn.simplego.dev/gochatx.js"
data-homeserver="https://matrix.simplego.dev"
data-registration-url="https://your-backend.com/api/token"
data-operator="@support:simplego.dev"
data-trigger="custom"
async></script>
<button onclick="GoChatX.open()">Contact us</button>GoChatX.open() // Open the chat panel
GoChatX.close() // Close the chat panel
GoChatX.toggle() // Toggle open/close
GoChatX.isOpen() // Check if panel is open
GoChatX.reset() // Reset the chat:root {
--gochat-color-primary: #45bdd1;
--gochat-color-background: #1a1a2e;
--gochat-color-text: #e0e0e0;
}Omit data-homeserver to run in mock mode with simulated responses. Useful for design previews and demos.
Website visitor (browser) Matrix Homeserver Operator
| | |
| Phase A: fetch (19 KB) | |
|--- Token request ------------>| Token Backend |
|--- Register (ephemeral) ----->| |
| | |
| Phase B: SDK + WASM (lazy) | |
|--- initRustCrypto() --------->| vodozemac WASM |
|--- Create encrypted room ---->| |
|--- Megolm key exchange ------>|--- to-device --------->|
| | |
|--- E2E encrypted message ---->|--- sync -------------->| Element
|<-- E2E encrypted reply -------|<-- sync ----------------| FluffyChat
| | | Any Matrix client
| Phase | What loads | Size (gzipped) | When |
|---|---|---|---|
| A - UI Shell | Bubble, panel, animations, Shadow DOM | 12 KB | Page load (immediate) |
| B - Registration | Token fetch, Matrix user creation | ~2 KB | Chat button click |
| C - Encryption | matrix-js-sdk, vodozemac WASM, sync | ~2.2 MB | Chat button click (lazy) |
The visitor sees the bubble instantly (12 KB). The heavy crypto loads only when they actually start a chat. After the first visit, the WASM binary is cached by the browser.
- Visitor clicks the floating bubble
- "Start Encrypted Chat" - optionally enters a name
- Widget shows "Connecting..." spinner
- Phase B: Token backend provides a registration token
- Widget registers an ephemeral Matrix user via fetch (no SDK needed)
- Phase C: matrix-js-sdk + vodozemac WASM loads lazily
- Widget creates an encrypted room and invites the operator
- Megolm session keys are distributed via Olm
- Status changes to "connected" - chat begins
- Messages flow bidirectionally, end-to-end encrypted
Total time from click to first message: ~1.3 seconds.
- Customer support - encrypted support channel on any website, operator uses Element
- Healthcare - TI-Messenger compatible, encrypted patient communication
- E-commerce - private product inquiries and order communication via GoShop
- Professional services - lawyers, agencies, consultancies
- Government - Matrix is deployed by 25+ national governments for digital sovereignty
- Personal sites - private contact without accounts or phone numbers
- End-to-end encryption (Olm/Megolm via vodozemac, Rust compiled to WASM)
- Shadow DOM isolation (widget cannot affect host page and vice versa)
- 12 KB initial bundle (everything else lazy-loaded)
- Three-phase loading (UI instant, crypto on demand)
- Token-based anonymous visitor registration (MSC3231)
- Floating bubble or custom trigger mode
- 15 configurable bubble animations
- Multi-step UX flow (Start, Name, Connecting, Chat)
- Bidirectional encrypted messaging
- Delivery receipts (double checkmarks)
- Typing indicators
- Delete confirmation with destruction sequence
- Responsive design (desktop fullscreen on mobile)
- Reduced motion support
- Mock mode for development and demos
- Operator receives messages in any Matrix client
- No app install required for visitors
- Apache-2.0 licensed
GoChat (SimpleX) works great but has limitations for a support chat widget:
| GoChat (SimpleX) | GoChatX (Matrix) | |
|---|---|---|
| Operator client | SimpleX App only | Any Matrix client (Element, FluffyChat, etc.) |
| Infrastructure | Own SMP relay server required | Matrix homeserver (self-hosted or hosted) |
| Ecosystem reach | ~300K SimpleX users | 115M+ Matrix users |
| Federation | No | Yes (Matrix federation) |
| TI-Messenger | No | Compatible (German healthcare standard) |
| E2E Encryption | X3DH + Double Ratchet | Olm/Megolm (vodozemac) |
| Security level | Equivalent | Equivalent |
Both provide genuine end-to-end encryption. The difference is reach and infrastructure flexibility.
GoChatX is a browser application. This section documents both its protections and its limitations.
End-to-end encryption. Messages are encrypted in the visitor's browser using vodozemac (Rust/WASM) and can only be decrypted by the operator's Matrix client. The homeserver sees only encrypted ciphertext.
Audited cryptography. vodozemac is the official Matrix Foundation Rust implementation of Olm/Megolm, audited by Least Authority in 2022. It is 5-6x faster than the deprecated libolm and provides memory safety guarantees through Rust.
No persistent identity. Visitors are ephemeral. Each chat session creates a fresh Matrix account with fresh cryptographic keys. When the tab closes, the session is gone.
Token-gated registration. Visitors can only register with a valid token from the operator's backend. Rate limiting, CAPTCHA, and IP-based restrictions prevent abuse.
Browser code delivery. Like all browser-based E2E systems (Element Web, WhatsApp Web, online banking), the JavaScript is loaded from the server on each visit. A compromised server could deliver modified code.
Ephemeral sessions. Keys are destroyed when the browser tab closes. Conversations do not persist for the visitor. The operator retains the chat history in their Matrix client.
| Platform | Trust requirement |
|---|---|
| Element Desktop | App store, auto-update, Electron, OS |
| Signal Desktop | Auto-update mechanism, Electron, OS |
| Element Web | Web server, browser (same as GoChatX) |
| Online Banking | Bank's web server, browser |
| GoChatX | Website server, browser |
| Layer | Technology | Purpose |
|---|---|---|
| E2E Encryption | vodozemac (Olm/Megolm) via WASM | Message encryption with forward secrecy |
| Key Exchange | Curve25519 (automatic via matrix-sdk-crypto) | Device key agreement |
| Transport | HTTPS/WSS to homeserver | Transport security |
| Browser Crypto | @matrix-org/matrix-sdk-crypto-wasm | Rust crypto compiled to WebAssembly |
- libolm - deprecated August 2024, unfixed CVEs (CVE-2024-45191, CVE-2024-45192)
- Hydrogen SDK - archived March 2025
- matrix-react-sdk - archived October 2024
- Guest accounts - disabled on matrix.org January 2025
Browser (Widget)
UI Shell (Shadow DOM, 12 KB)
Registration (fetch, no SDK)
Crypto Engine (matrix-js-sdk + vodozemac WASM, lazy-loaded)
Sync Loop (incoming messages, typing, receipts)
|
Token Backend
Rate limiting, token issuance
|
Matrix Homeserver (Tuwunel, Synapse)
Federation, message storage, key distribution
|
Operator's Matrix Client
Element, FluffyChat, SimpleGoX Terminal, any Matrix client
gochatx.js 12 KB gzipped (immediate)
+-- registration chunk 1 KB gzipped (on click, lazy)
+-- crypto-client chunk 0.5 KB (on click, lazy)
+-- encrypted-room chunk 0.5 KB (on click, lazy)
+-- sync-handler chunk 0.3 KB (on click, lazy)
+-- matrix-js-sdk chunk 44 KB (on click, lazy)
+-- rust-crypto chunk 48 KB (on click, lazy)
+-- indexeddb-store chunk 260 KB (on click, lazy)
+-- vodozemac WASM binary 1885 KB (on click, lazy, cached)
- Create a Matrix account (on your own homeserver or matrix.org)
- Deploy a token backend (small service that issues registration tokens)
- Add the GoChatX script tag to your website
- Visitor messages arrive as encrypted direct messages in your Matrix client
- Reply from Element, FluffyChat, or any Matrix client
GoChatX requires a Matrix homeserver with token-based registration (MSC3231) enabled:
- Tuwunel (recommended) - lightweight Rust homeserver, successor to conduwuit
- Synapse - reference implementation by Element
# tuwunel.toml
allow_registration = true
registration_token = "your-secret-token"A minimal HTTP service that gates registration token distribution. Add rate limiting, CAPTCHA, and IP restrictions in production. Reference implementation included in token-backend/.
No production-ready E2E-encrypted embeddable Matrix chat widget exists as of April 2026:
| Product | Status | Problem |
|---|---|---|
| Chatterbox (Element) | Dead since 2022 | Built on Hydrogen SDK (archived) |
| Safe Support Chat | Inactive since 2023 | Outdated SDK, team dissolved |
| LiveMatrix | 1 GitHub star | No encryption, hobby project |
| Chatrix (Automattic) | 20 installations | No E2E, requires Matrix login, uses Hydrogen fork |
| Cactus Comments | Active | Comments only, not live chat |
| GoChatX | Active | First working E2E-encrypted Matrix chat widget |
git clone https://github.com/saschadaemgen/GoChatX.git
cd GoChatX
npm install
# Start token backend (Terminal 1)
cd token-backend && npx tsx src/server.ts
# Build widget (Terminal 2)
npx vite build --mode widget
# Serve and test
npx serve dist/
# Open http://localhost:3000/demo.htmlGoChatX/
.claude/ # Claude Code project configuration
src/
gochatx.ts # Widget entry point (Shadow DOM, data-attributes)
widget/
styles.ts # Complete CSS (15 animations, destruction sequence)
template.ts # HTML templates (panel, bubble)
ui.ts # UI logic (steps, messages, typing, badges)
matrix/
registration.ts # Token-based registration via fetch
crypto-client.ts # Lazy-loaded SDK client with initRustCrypto()
encrypted-room.ts # Encrypted room creation + messaging
sync-handler.ts # Incoming message/typing/receipt handler
config/
defaults.ts # Default configuration
token-backend/
src/
server.ts # Hono token issuance server
dist/ # Build output
demo.html # Widget demo page
package.json
tsconfig.json
vite.config.ts
GoChatX inherits its UI, UX flow, and design from GoChat:
- 12 seasons of development, 551+ tests
- CDN: cdn.simplego.dev/gochat.js
- npm: gochat-widget@1.0.0, simplex-js@1.0.0
- Live on simplego.dev and it-and-more.systems
- Shadow DOM isolation, 15 bubble animations
- Destruction sequence with sparks, shockwaves, and scanlines
GoChat continues to exist for SimpleX-based deployments. GoChatX adds Matrix protocol support for broader reach.
| Project | Description | Repository |
|---|---|---|
| SimpleGo | Dedicated hardware messenger (ESP32-S3) | GitHub |
| GoChat | Browser chat widget (SimpleX protocol) | GitHub |
| GoChatX | Browser chat widget (Matrix protocol) | GitHub |
| GoShop | End-to-end encrypted e-commerce | GitHub |
| GoRelay | Encrypted dual-protocol relay server | GitHub |
| GoBot | SimpleX moderation and verification bot | GitHub |
| GoUNITY | Verified identity certificate authority | GitHub |
Apache-2.0.
Commercial licensing and managed hosting available. Contact: info@it-and-more.systems
Matrix.org Foundation (Matrix protocol) - Element (matrix-js-sdk, matrix-sdk-crypto-wasm) - vodozemac (Rust Olm/Megolm, audited by Least Authority) - Tuwunel (Rust Matrix homeserver) - GoChat (UI predecessor, 12 seasons)
GoChatX is part of the SimpleGo ecosystem by IT and More Systems, Recklinghausen, Germany.