Features

Governed workspaces, without breaking compatibility.

Kumix stays compatible with Matrix while adding boundaries and controls teams can trust.

Workspace boundaries
One UI for strong (homeserver) and lightweight (space) separation, with guardrails against cross-workspace mistakes.
Managed extensions
Admin-approved plugins with sandboxed execution and explicit capabilities.
E2EE-first
Encryption-first flows, prioritizing device verification and recovery from day one.
On-device search
Local indexing designed to work with end-to-end encryption constraints.

Architecture

Minimal by default. Extensible by design.

Start with a simple homeserver setup, then layer in SSO and network controls as needed. Specs are intentionally modular so deployments can grow without rewrites.

Minimum stack

Client + Matrix homeserver + PostgreSQL.

Password login works out of the box.

No SSO or gateways required.

Enterprise add-ons

SSO via OIDC.

Reverse proxy / WAF / ACL.

Private networks.

Clients

Web app (SPA) and desktop app targets.

Storage designed per platform.

Local search built for encrypted timelines.

Kumix is early-stage; details may change as the project evolves.

Roadmap

What we want to ship next.

Draft milestones for building a governed workspace client. The demo app and docs will land as these pieces solidify.

v0.1

Core messaging

Rooms & messaging

Minimum cache

v0.2

Deployment & safety

Desktop packaging

Session/device safety

Optional SSO

v0.3

Managed extensions

Capabilities + sandboxing

Git hosting unfurl

Diagrams & meeting handoff

Open by default, built for governance.

Kumix is an early-stage MIT-licensed OSS project. Follow along on GitHub while the demo app and docs come together.

MIT

License

Matrix

Protocol

Web + Desktop

Targets

Run with a homeserver today; add SSO and gateways later without changing the core.

Managed extensions: sandboxed, capability-based, admin-approved.

E2EE-first + on-device search are designed to work together.

Explore features GitHub