Documentation Β· all2one.chat

The All2One SiteChat wiki.

Everything the plugin does and every endpoint it exposes. Features first, then the sign-up flow, then the complete /wp-json/all2one/v1 REST reference.

Features

What the plugin does, in detail.

All2One SiteChat is a single WordPress plugin: a PWA chat client served by your site, a REST API under /wp-json/all2one/v1, and integrations for voice, video, broadcast, and AI.

πŸ”’ security

End-to-end encryption

On first sign-in the browser generates an encryption keypair with WebCrypto. The private key is wrapped with a key derived from your passphrase and stored server-side only in wrapped form (/keys/save). Direct messages are encrypted to each participant's public key (/keys/public/{id}); public channels use a shared server key (/server-key/create) so history stays readable to members who join later. Changing your passphrase re-wraps the same key (/keys/rewrap) without losing history. Attachments, voice memos, and generated TTS audio are uploaded as encrypted .enc blobs and decrypted client-side.

πŸ— convenience

Passkey (WebAuthn) unlock

Register passkeys against your account (/webauthn/add) so unlocking your chat keys is a fingerprint or security-key touch instead of typing the passphrase. Passkeys can be listed and revoked per device, and the passphrase always remains a fallback.

🎨 theming

Custom color themes β€” dark & light

The chat ships with full dark and light modes and lets each user customize the palette β€” backgrounds, accents, bubbles β€” from a settings panel. These docs pages work the same way: hit the β˜€/πŸŒ™ toggle in the nav, or open the theme editor to repaint both sites live.

😜 expression

Custom emotes, animated emojis & GIFs

Admins curate a site emote catalog (/custom-emotes), animated emojis render inline (/animated-emojis), and GIF search is proxied server-side (/klipy-proxy) so no API key ever reaches the browser. Emoji reactions with per-reaction detail views round it out.

πŸ“ˆ integrations

Stock quote integration

Type $AAPL (or any symbol) in a message and the client calls /stock to render a live quote card β€” company, price, and day change with up/down coloring β€” inline in the conversation.

ai

Hermes agent chat & voice

Hermes is a resident AI agent with its own WordPress account. It participates in DMs and addressed channel messages, keeps threaded conversations (/agent-threads, /agent-thread-create), and its presence dot is driven by a heartbeat its gateway posts (/agent-heartbeat) β€” green means alive. You can also join the agent's LiveKit voice room (/voice/agent-token) and simply talk to it.

# spaces

Public & private channels

Channels support avatars, member management, unread tracking, and mark-as-read. Public channels are browsable and joinable by anyone on the site and encrypt with the shared server key; private channels encrypt only to their members, so access control is cryptographic, not just a permission flag.

🎧 realtime

Group audio & video via LiveKit

Every channel can open a voice room: the server mints a scoped LiveKit join token (/channels/voice-token), and the room supports mics, cameras, and screen share. A presence endpoint (/voice/presence) powers the "who's in voice" sidebar, 1:1 calls use /voice/dm-token, and moderators can mute or remove participants.

πŸ“‘ broadcast

Go Live broadcast

For one-to-many moments, a presenter starts a Cloudflare Stream Live broadcast (/broadcast/start, WHIP ingest) and everyone else watches the low-latency WHEP playback (/broadcast/info) β€” chat keeps running alongside. Built to hold a ~60-person demo audience without a 60-person WebRTC room.

πŸ”” notifications

PWA, push & per-chat preferences

The client installs as a PWA with a service worker cache. Web Push (/push/subscribe) delivers message and voice-activity notifications even when the tab is closed, and every conversation has its own message/voice notification toggles (/notify-prefs).

πŸŽ™ audio

Voice memos & text-to-speech

Record and send voice memos, or generate spoken audio with TTS.monster voices (/tts/generate) using VoiceName: text. Generated audio is re-hosted permanently, encrypted like any media upload, and auto-plays in an inline player.

πŸ—„ storage

Uploads with quotas

Encrypted file sharing with per-user storage quotas (/quota-status), a "my uploads" manager for reclaiming space, and image uploads for channel avatars. Everything sensitive travels and rests as ciphertext.

Getting started

Sign up and set up your chat.

Members are real WordPress users, so onboarding rides on machinery your site already trusts β€” with one extra, crucial step: generating your encryption keys.

Account creation

An admin adds you from the chat roster's "+" button (backed by POST /create-user, which checks availability first via /check-user, always assigns the subscriber role, and triggers the standard WordPress notification email) β€” or you register through the site's normal WordPress registration.

Password, then passphrase

Set your WordPress password from the email link and sign in. The chat then asks for a separate chat passphrase: your browser generates your keypair, wraps the private key with the passphrase, and stores the wrapped bundle via /keys/save. The passphrase never leaves your device β€” and can't be recovered by the server, so keep it safe.

Unlock on new devices

On any device, sign in to WordPress, fetch your wrapped keys (/keys/get), and unwrap them with your passphrase β€” or register a passkey once and unlock with a touch from then on.

Make it yours

Browse public channels, join voice, pick dark or light and your custom colors, install the PWA, and enable push notifications per conversation.

Base URL & authrest
Base:  https://your-site.example/wp-json/all2one/v1
Auth:  WordPress cookie session + X-WP-Nonce header
       (refresh a stale nonce anytime with GET /nonce)

Most endpoints require a logged-in user. Exceptions
are marked Public or Admin in the tables below.

REST API reference

Every endpoint under all2one/v1.

Auth legend: logged-in = any signed-in WordPress user Β· public = no auth Β· admin/cap = requires a capability check.

Session & polling

The client long-polls for updates; the nonce endpoint keeps day-long tabs authenticated.

MethodEndpointAuthDescription
GET/noncepublicFresh REST nonce so long-lived sessions can keep making authenticated calls.
POST/polllogged-inPoll for new messages, typing, presence, and receipts. POST because it also stamps read receipts.
POST/userslogged-inThe chat roster: users with presence, avatars, and unread counts.
POST/typinglogged-inBroadcast a typing indicator to the current conversation.

Messages

Message bodies arrive at the server already encrypted; history and search work on ciphertext the client decrypts locally.

MethodEndpointAuthDescription
POST/sendlogged-inSend an encrypted message to a DM or channel.
POST/historylogged-inPage older messages for a conversation.
POST/history-aroundlogged-inFetch messages around a specific message id (jump-to-result, reply context).
POST/search-fetchlogged-inBulk-fetch message bodies so the client can decrypt and search locally.
POST/mark-readlogged-inMark a DM conversation as read.
POST/deletelogged-inDelete one of your own messages.
POST/reactlogged-inToggle an emoji reaction on a message.
POST/reaction-detailslogged-inWho reacted to a message, and with what.
POST/send-mass-messageownerAnnouncement DM delivered to every user.

E2EE keys

The key locker: the server stores public keys and passphrase-wrapped private keys, and never sees plaintext key material.

MethodEndpointAuthDescription
POST/keys/savelogged-inStore your public key plus your passphrase-wrapped private key.
POST/keys/getlogged-inRetrieve your wrapped key bundle at sign-in for in-browser unwrap.
POST/keys/rewraplogged-inRe-wrap your private key under a new passphrase (passphrase change).
GET/keys/public/{id}logged-inFetch another user's public key to encrypt a message to them.
POST/server-key/createlogged-inMint the shared server key used by a public channel.
GET/server-key/{id}logged-inFetch a wrapped server key by id when joining/reading a public channel.

Passkeys (WebAuthn)

Passkeys unwrap your chat keys without typing the passphrase.

MethodEndpointAuthDescription
POST/webauthn/listlogged-inList your registered passkeys.
POST/webauthn/addlogged-inRegister a new passkey for one-touch unlock.
POST/webauthn/deletelogged-inRevoke a passkey.

Channels

Create, discover, and manage public and private channels.

MethodEndpointAuthDescription
POST/channels/createlogged-inCreate a channel (public or private).
POST/channels/updatelogged-inUpdate a channel's name, avatar, or settings.
GET/channels/listlogged-inChannels you belong to, with unread counts.
GET/channels/browselogged-inDiscover joinable public channels.
POST/channels/joinlogged-inJoin a public channel.
POST/channels/leavelogged-inLeave a channel.
POST/channels/memberslogged-inList / manage a channel's members.
POST/channels/mark-readlogged-inMark a channel as read.
POST/channels/upload-imagelogged-inUpload a channel avatar image.
POST/channels/deletelogged-inDelete a channel (owner).
GET/channels/{id}logged-inDetail for one channel.

Voice & video (LiveKit)

The server mints scoped LiveKit join tokens; media flows peer↔SFU, never through WordPress.

MethodEndpointAuthDescription
POST/channels/voice-tokenlogged-inJoin token for a channel's voice/video room.
POST/channels/voice-moderatelogged-inModerator controls: mute or remove a participant.
GET/voice/presencelogged-inWho is in each voice room β€” powers the presence sidebar.
POST/voice/dm-tokenlogged-inJoin token for a 1:1 DM call.
POST/voice/agent-tokenlogged-inJoin token for the Hermes agent's voice room.

Broadcast (Go Live)

One-to-many streaming via Cloudflare Stream Live: WHIP ingest for the presenter, WHEP playback for the audience.

MethodEndpointAuthDescription
POST/broadcast/startlogged-inPresenter starts a live broadcast and gets WHIP ingest details.
GET/broadcast/infologged-inPlayback (WHEP) info for viewers, plus live state.
POST/broadcast/stoplogged-inPresenter ends the broadcast.

Uploads & media

Sensitive media travels as encrypted .enc blobs; quotas keep storage honest.

MethodEndpointAuthDescription
POST/upload-filelogged-inUpload a plain attachment.
POST/upload-voice-memologged-inUpload a recorded voice memo.
POST/upload-encrypted-filelogged-inUpload an end-to-end encrypted blob.
GET/file/{uid}/{hash}.enclogged-inDownload an encrypted blob for in-browser decryption.
GET/quota-statuslogged-inYour storage quota: used and remaining.
GET/my-uploadslogged-inList your uploads.
POST/delete-uploadlogged-inDelete one of your uploads.
POST/delete-all-uploadslogged-inDelete all of your uploads.

Emotes & GIFs

Catalogs are served to the client; third-party GIF search is proxied so API keys stay server-side.

MethodEndpointAuthDescription
GET/custom-emoteslogged-inThe site's custom emote catalog.
GET/animated-emojislogged-inAnimated emoji set.
POST/klipy-proxylogged-inServer-side proxy for Klipy GIF search.

Stock quotes

MethodEndpointAuthDescription
POST/stocklogged-inLook up a live quote for a $TICKER mentioned in chat; renders as an inline quote card.

Text-to-speech (TTS.monster)

All TTS calls are proxied so the API key stays server-side. Generated audio is re-hosted permanently (the vendor's CDN links expire) and encrypted like any media upload.

MethodEndpointAuthDescription
POST/tts/voiceslogged-inList available TTS voices (used by /tts voices in chat).
POST/tts/usagelogged-inCurrent TTS character usage / limits.
POST/tts/generatelogged-inGenerate audio from VoiceName: text (max 500 chars) and return a permanent player URL.

Push & notification preferences

MethodEndpointAuthDescription
GET/push/vapid-publicpublicThe VAPID public key for Web Push subscription (public by design).
POST/push/subscribelogged-inRegister this browser's push subscription.
POST/push/unsubscribelogged-inRemove a push subscription.
GET/notify-prefslogged-inPer-conversation notification preferences (message + voice).
POST/notify-prefslogged-inUpdate per-conversation notification preferences.

Users & admin

Account creation is capability-gated; debug capture keeps user dumps private to admins.

MethodEndpointAuthDescription
POST/create-usercreate_users capCreate a new member (always role=subscriber; sends the WordPress welcome email).
POST/check-usercreate_users capPreflight username/email availability for the Add User form.
POST/debuglogged-inPost a client debug/state capture.
GET/debugadminList debug captures (admin-only so dumps aren't readable across accounts).

Hermes agent

Thread endpoints are accessible to the owner user or to an agent (self-scoped to its own threads). The heartbeat drives the agent's green/red presence dot.

MethodEndpointAuthDescription
POST/agent-threadsowner / agentList an agent's conversation threads.
POST/agent-thread-createowner / agentCreate a new thread for an agent.
GET/agent-statuslogged-inHeartbeat freshness for agents β€” read by the client to color the presence dot.
POST/agent-heartbeatagentPosted by the agent's gateway on a timer to prove liveness.

Ready to try it?

Set up your own WordPress chat.

Head back to the marketing site for the sign-up walkthrough, or open the theme editor and make these docs your own colors first.