Holochain Architecture
How Flowsta uses Holochain for decentralized, zero-knowledge identity storage.
Two-DNA Architecture
Flowsta uses two separate Holochain DNAs to separate public and private data:
Identity DNA (Public)
| Field | Description |
|---|---|
| Display name | User's chosen display name |
| Profile picture | URL or hash of profile picture |
| Agent public key | Ed25519 public key |
| Agent links | IsSamePersonEntry attestations from agent linking |
The Identity DNA is publicly readable. Any participant in the DHT can query another user's public profile.
Private DNA (Encrypted)
| Field | Description |
|---|---|
| Encrypted with user-derived key | |
| Recovery phrase | Encrypted backup of BIP39 mnemonic |
| Sessions | Encrypted session data |
| OAuth logs | Activity audit trail |
| 2FA config | TOTP configuration (encrypted) |
All Private DNA data is encrypted client-side before storage. Even Holochain validators cannot read the plaintext.
Infrastructure
Global DHT Nodes
Flowsta operates DHT nodes across multiple regions to ensure availability and low-latency access worldwide. As the network grows, the goal is to transition toward community-operated nodes — reducing reliance on Flowsta-managed infrastructure and strengthening the network's decentralization.
Flowsta Vault (Local)
When users install Flowsta Vault, it runs a local Holochain conductor that joins the same DHT network. This means:
- User data is replicated locally
- Agent linking attestations gossip across the network
- The network becomes more resilient with each Vault install
Key Derivation
Every user's keypair is deterministically derived from their recovery phrase. This means:
- Same phrase always produces the same identity
- Users can restore their identity on any device
- No key escrow or central key server needed
Holochain Version
Flowsta runs on Holochain 0.6.0 with the kitsune2 networking layer.
Next Steps
- Identity & DIDs - W3C Decentralized Identifiers
- For Holochain Developers - Integration guide for Holochain devs
- Zero-Knowledge Architecture - Encryption details
- Vault Overview - Local conductor and key management