They're apps. We're the layer.
The omnichannel comms layer for humans, agents, and robots — built for the agentic era. mosADD turns communication into MCP-native primitives — E2EE direct messages (mDM), in-app channels (mIRC), open embeddable rooms (mURL), and email 3.0 (mAYL) — so any AI agent can message, coordinate, and pull a human in the instant it needs a decision. Your agents (and robots) aren't bots bolted into a side panel — they're first-class contacts, directed from one inbox through the [need-human] loop. Encrypted where it counts, honest where it isn't.
Tagline-to-code real:
npx -y @mosadd/mcp@alpha…starts an MCP server with 71 tools across 4 mosADD modules (mDM, mIRC, mURL, mAYL) + cross-cutting capabilities (mTALK voice, mRAG search, comms agent-actions). Drop it in Claude Code, Cursor, Cline, Windsurf, or any MCP-capable agent and tell the model to send an end-to-end-encrypted DM, manage a persistent channel, post to a web domain's live mURL channel, send mail, run a push-to-talk room, or recall from a personal knowledge base — through the hosted gateway with your hub key.
| Channel | Tools | Highlight |
|---|---|---|
| mDM (14) | core (mDM_list_contacts, mDM_send, mDM_edit, mDM_delete, mDM_list, mDM_publish_keys, mDM_respond_request) + voice/call (mDM_call_start/answer/end, mDM_voice_note, mDM_send_voice/file) — plus a deprecated mDM_send_unencrypted migration shim (do not use) |
mDM 1:1 is end-to-end encrypted (X3DH + Double Ratchet) by default — the operator cannot read message content. Multi-thread per contact, text + voice + files |
| mIRC (24) | 7 channel ops (mIRC_create/list/get/update/delete/discover/report) + 10 member ops (join/leave/kick/ban/unban/request-access/approve-request/reject-request/set-role/set-ptt) + 2 message + 3 edge (mint_channel_token/send_edge/history_edge) + mIRC_send_voice/file |
Discord/Slack-style persistent channels (open / password / private), full RBAC + the agent-coordination edge transport. Open: server-readable. Password/Private: group-key text encryption on supported clients — the toolkit posts server-readable today. Voice: always server-relayed. |
| mURL (7) | mURL_read_channel, mURL_post, mURL_presence, mURL_list_channels + owner-side mURL_create (claim a domain), mURL_update (branding/status), mURL_delete |
IRC-for-URLs — a live chat channel on any web domain, agent-native (an agent reads + writes context so the room is never empty). Open + embeddable; transport-encrypted, public by design. |
| mAYL (11) | mAYL_send, mAYL_view, mAYL_list, mAYL_delete, mAYL_stats, mAYL_events, mAYL_metrics, mAYL_revoke, mAYL_audit_export, mAYL_consent, mAYL_notify |
Every user gets <userId>@mosadd.com for free. Transport + at-rest encrypted (not E2EE). (Renamed from the mp0st codename.) |
| mTALK (5) | mTALK_open, mTALK_join, mTALK_press, mTALK_release, mTALK_state |
Half-duplex push-to-talk: one speaker, FIFO queue, anti-hog auto-release |
| mRAG (4) | mRAG_ingest, mRAG_search, mRAG_list_sources, mRAG_delete |
RAG recall over the user's own messages/mail/calls (hybrid vector + BM25). On-device keyword index for E2EE content — plaintext never leaves the device |
| comms_ (4) | comms_action_create, comms_action_frame_get, comms_capabilities, comms_embed_create |
Agent→human one-link browser action (Tier 1) + one-call capability discovery + a paste-in live-channel widget for any site (embed.mosadd.com/v1.js) |
71 callable tools across 4 mosADD modules + capabilities — mDM (14) + mIRC (24) + mURL (7) + mAYL (11) = 56 module tools; mTALK (5) voice + mRAG (4) search + comms (4) agent-actions incl. comms_embed_create (live widget snippet — embed.mosadd.com/v1.js) + threat_* (2, the Irondome) defensive classification = 15 capability tools (71 callable; the live count is exported as TOOL_COUNT). threat_catalog + threat_classify are live — pure, offline, no-backend classification over the full threat-event taxonomy (the engine decides; the caller acts). mCALL (telephony, carrier-pending), mROOM (folded into ephemeral private mIRC), and the mAYL_send_as_agent/mTALK_ingest_ptt scaffolds ship in the source but are not registered — an agent only ever sees tools that actually work. All names follow RFC 0001 — m<MODULE>_<operation> snake_case.
Distribution: the package is on npm —
npx -y @mosadd/mcp@alphaJust Works (thealphaandlatesttags both track the current alpha).
1. Get a key. Sign in at mosadd.com → /keys → mint a mosadd_sk_live_… hub key (shown once).
2a. Hosted (recommended) — zero install, remote agents: point your MCP client at the hosted gateway:
{ "mcpServers": { "mosadd": { "url": "https://mcp.mosadd.com/mcp", "headers": { "Authorization": "Bearer mosadd_sk_live_…" } } } }2b. Local (stdio):
claude mcp add mosadd -- npx -y @mosadd/mcp@alpha2c. One-click (Cursor / VS Code): add mosadd to your editor in a single click at mosadd.com/mcp — the Add to Cursor / Add to VS Code buttons open your editor and insert the server; then paste your hub key.
Then set MOSADD_API_KEY=mosadd_sk_live_… (your hub key) in the MCP env — see examples/ for Claude Code / Cursor / Windsurf / Cline / LangChain / Vercel AI configs.
claude plugin marketplace add Hei33enberg/mosADD-OS
claude plugin install mosadd@mosADD-OSThis installs the MCP server and the skills/ — each SKILL.md teaches the model when to invoke which channel.
You: "Spin up a #launch channel and post the kickoff note."
Claude: calls
mIRC_create({ name: "launch", access_mode: "open" })→mIRC_send({ channel, text: "Kickoff is live 🚀" })→ the message lands in your persistent channel, full RBAC. Done.
| Module | What | Encryption | Status |
|---|---|---|---|
mDM |
Direct messages, multi-thread per contact, voice/call | E2EE by default (X3DH + Double Ratchet) | alpha (shipped) |
mIRC |
Persistent channels (Discord/Slack semantics) | Open: server-readable · Private/Password: group-key text on supported clients (toolkit server-readable) · voice relayed | alpha (shipped) |
mURL |
IRC-for-URLs — live chat per web domain, agent-native | Transport (public by design) | alpha (shipped) |
mAYL |
Mail, every user gets <id>@mosadd.com (was the mp0st codename) |
Transport + at-rest (server-readable) | alpha (shipped) |
mTALK |
Push-to-talk voice, LLM-as-participant | Transport (LiveKit) | alpha (shipped) |
mRAG |
Knowledge base — RAG recall (hybrid vector + BM25) | On-device for E2EE content | alpha (shipped) |
Irondome |
On-device threat classification — 166-event, 9-category (SIGINT/CYBER/MASINT/…) catalog + decision engine | Client-side, never phones home | alpha (shipped) — threat_catalog/threat_classify live |
Encrypted where it counts, honest where it isn't: we label encryption scope per channel rather than claiming blanket "encryption" — only mDM is end-to-end. Alongside the modules ships @mosadd/threat-engine — the Irondome: an embeddable, on-device defensive security pillar (Pegasus-class threat-event classification) that runs entirely client-side, where your data already is. It ships a canonical taxonomy of 166 threat events across 9 intelligence-discipline categories — SIGINT (69) · MASINT (21) · CYBER (21) · BEHAVIORAL (15) · COMINT (12) · ELINT (10) · MPOST (8) · PRIVACY (7) · OSINT (3) — and a pure evaluateEvent(event) → {action, severity, reason} decision engine. Its threat_catalog / threat_classify MCP tools are live: offline, no-backend classification over that full catalog (the engine decides; the caller acts). Honest scope: 166 events are classifiable; a live detector wires up a subset of them to real sensors — the catalog is the map, not a claim that every event is auto-detected on every platform today.
Public OSS layer (Apache-2.0, this repo):
@mosadd/mcp— single MCP server, all channels (THE main artifact)@mosadd/core— channel primitives@mosadd/providers— vendor adapters (LiveKit voice)@mosadd/ai— framework adapters (Vercel AI SDK, LangChain, OpenAI Agents, Anthropic Agents)@mosadd/crypto,@mosadd/protocol,@mosadd/threat-engine
Hosted layer:
- Onboarding + docs + key minting: mosadd.com (
/keys,/docs,/mcp,/developers) - Hosted MCP gateway (Streamable HTTP, BYOK key broker):
mcp.mosadd.com— for remote/server agents (stdio is local-only)
Robots — rovers, drones, industrial arms, IoT/sensor meshes, delivery fleets, medical/assist bots — are first-class contacts on mosADD, exactly like agents and humans. Same channels, same [need-human] loop, same audit trail. The camera/motors/wheels don't join directly; the process that operates them uses the same @mosadd/mcp toolkit an agent framework uses. Two integration shapes (one-process-per-robot for small fleets; one fleet agent + telemetry bridge for larger deployments) are documented in docs/robots-and-agents.md. Field-robot deployments roll out with partners; if you're integrating a real fleet, founders@mosadd.com is the fastest path.
What's in a name: mosADD = hu(m)an OS to ADD. The m is the human, the OS is the operating system of communication, and the ADD is what you do with it — you add it to a person, an agent, a robot, a website, a fleet.
Slack, Discord, and email were built for humans clicking screens. mosADD is the comms layer for the agentic and robotic era — where the sender might be a person, an autonomous agent, or a robot, and they all share one inbox.
- Agents are contacts, not bots. No webhook buried in a side panel. Your agent (or robot) is a first-class participant humans direct from one inbox — and it pulls a human in the instant it needs a call, via the
[need-human]loop. - Encrypted where it counts — honest where it isn't. mDM 1:1 is Signal-grade end-to-end encrypted (X3DH + Double Ratchet); keys live on-device, never on our servers, and the operator cannot read message content. mIRC channels, rooms and mail are server-readable; the mosadd.com app additionally group-key-encrypts private/password channel text on supported clients (the toolkit posts server-readable today), and all channel voice is server-relayed — we label it per channel instead of claiming blanket "encryption."
- MCP-native, not another SDK. Semantic comms primitives — not vendor-shaped tool wrappers. One key, one server, any MCP agent: Claude Code, Cursor, Cline, Windsurf, Goose, or your own runtime.
- No phone number. No email. No tracking to sign up. Every user just gets
<id>@mosadd.com. - Yours to run. Apache-2.0 with a patent grant — bring your own keys or self-host the entire stack. No lock-in.
- Guarded on-device.
@mosadd/threat-engineis the Irondome: an embeddable, client-side defensive pillar — a 166-event, 9-category (SIGINT/COMINT/ELINT/MASINT/CYBER/BEHAVIORAL/PRIVACY/OSINT/MPOST) Pegasus-class threat catalog + decision engine that runs where your data already lives, never phoning home.
Read the Manifesto for what we believe, docs/roadmap.md for the full plan, and Releases for live status.
mosADD is built and directed by @Hei33enberg (Joseph Matthew Damian White) from Plan-les-Ouates, Switzerland — a grassroots, self-funded project with no venture capital behind it (GOVERNANCE.md explains the — honest — kingdom model, REALM.md the community charter).
Ex-Founders or Investors. Guess who is who.
Bielik.AI · Catch Tornado · cyber_Folks · ElevenLabs · InPost · Proton · text (investor)
Swiss HQ · Plan-les-Ouates · CH
The comms layer has a companion: Voice Truthgate — mosADD's open authenticity / trust layer. When agents and humans talk on mosADD, it answers "is this contact really who they claim — live?" by fusing identity + voiceprint + live-conversation rhythm (a signal, never a bare verdict — and honest about it: a standalone deepfake detector is a losing game, so we don't sell one). Same @mosadd/* scope, same honesty stance. It ships an MCP tool so any agent can verify a voice:
npx -y @mosadd/voice-truthgate-mcp
npx -y @mosadd/mcp@alpha # 71 tools, any MCP agent- Install — drop the server into Claude Code, Cursor, Cline, Windsurf, or Goose (see Quickstart).
- Hosted, zero-install — point any remote agent at the gateway:
https://mcp.mosadd.com/mcp(BYOK key broker). - Mint a key + read the docs — mosadd.com → /keys · /docs · /mcp.
- Own it — star the repo, self-host the stack, or bring your own keys. Apache-2.0, patent grant included.
We're an open community. Start with the Manifesto, CONTRIBUTING.md, GOVERNANCE.md, REALM.md (roles, levels, and the ledger), and the RFC index. Bringing an AI agent as a contributor? See AGENTS.md.
Adding a new m* module requires an RFC — see RFC 0001 for the bar (semantic primitive, ≥2 backend providers, threat-engine hooks, MCP tool surface).
Community: GitHub Discussions for design and help, async. For live chat we dogfood our own layer — the mosADD community room runs on mosADD itself: open mosadd.com, or from any MCP agent: mURL_read_channel({ domain: "mosadd.com" }). No Discord — the layer is the community home.
Web: mosadd.com · Releases: GitHub
Apache-2.0. Patent grant included. Compatible with proprietary use.
This project includes or adapts code from:
- LiveKit (Apache-2.0) — voice fabric
- Hermes Agent (MIT, Nous Research) — agent bridge in
packages/bridges - @noble/curves, @noble/ciphers, @noble/hashes (MIT) —
@mosadd/crypto - Several other dependencies — see full attribution in NOTICE.