Device-bound identity

Bind authentication to secure keys stored in the user's TPM or secure enclave. No passwords, no shared secrets over the network.

Simple developer flow

Request a challenge, sign locally, verify on the server. Small, composable building blocks that fit into your stack.

Built for modern apps

Go backend, local client, TypeScript SDK, and examples for web, desktop, and infrastructure integrations.