npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@nevescloud/stoa

v0.1.0

Published

Substrate for peer-to-peer real-time experiences between one host and N participants. WebRTC transport, lobby pairing, structured envelopes. Privacy-by-architecture; bring your own AI.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jonasnevesjonasneves

Keywords

webrtcpeer-to-peerreal-timeprivacyagentsubstrate

Readme

stoa

Substrate for real-time experiences between one host and N participants. Each participant's AI runs in their own context. No central server sees the conversation, the streams, or the AI calls.

Architectural commitments

  • BYO-AI. Each participant connects their own model. In-browser WebGPU, personal API key, or a local proxy (e.g., ai-bridge). The substrate carries envelopes between peers; it does not carry AI calls. App developers do not host inference.
  • Peer-to-peer. WebRTC between participants. The substrate routes pairing through a lobby, then traffic flows directly between peers. No central server sees the conversation.
  • Multi-topology. Same envelope contract across 1:1 (consultation), 1:N (presentation), and future M:N patterns. Pattern instances ship as their own packages.

This is the architectural alternative to centralized multi-participant AI products (e.g., Microsoft Copilot Cowork): no vendor lock to a single AI provider, no central app server with content visibility, no inference cost on the developer's books.

What it is

A stoa in ancient Greek architecture was a covered walkway where one person addressed others who had gathered. This library names the substrate beneath that pattern: WebRTC peer-to-peer transport, lobby pairing, structured envelopes, and a role contract for host/visitors.

Pattern instances built on stoa:

  • pip-relay — 1:1 operator-mediated AI chat
  • agora (planned rebuild) — 1:N presentation with AI moderation
  • future patterns — group/mesh topologies as they emerge

The privacy story

Three modes for AI participation, all privacy-preserving by architecture:

  1. In-browser AI — WebGPU-loaded model in the participant's tab. Strongest privacy. Limited model size today, improving fast.
  2. Personal API key — participant's browser talks to Anthropic/OpenAI/etc. with their own key. Data goes to one company they chose, not through a central app server.
  3. Local proxy (ai-bridge) — participant's machine proxies to whatever backend they want.

In all three modes, the participant's AI never crosses the peer channel as a service. It generates output that the participant chooses to share through envelopes. The substrate does not see AI calls.

Honest qualifications

  • TURN relay: ~20% of connections need TURN due to NAT restrictions. TURN packets are encrypted at the WebRTC layer; the relay sees metadata (peer IPs, packet sizes, timing) but not decrypted content. Self-hostable.
  • Signaling: the lobby is currently centralized (signal.neevs.io). It sees room IDs and pair-request envelopes, nothing else. Self-hostable.
  • Bring your own AI: stoa does not ship an AI. Each participant connects whatever they trust.

Architecture

stoa (substrate)
├─ transport      WebRTC pairing + TURN + data channel
├─ envelope       Structured message format
├─ signal client  Pairing protocol
├─ role contract  Host / visitor semantics
└─ AI contract    Where each participant's AI plugs in

pattern instances (built on stoa, shipped as separate packages):
├─ pip-relay      1:1 chat (operator-mediated)
├─ agora          1:N presentation (planned)
└─ ...            future patterns

The substrate is small and stable. New features go into pattern instances, not into the substrate.

Status

Early. The substrate code currently lives inside pip-relay and is being migrated here incrementally. See MIGRATION.md.

License

MIT