KokoCrypt

KokoCrypt is the encryption primitive used across Kokomo Games' production stack — player auth, session tokens, in-game asset attestation. It implements the hybrid envelope construction from RFC 9590: X25519 + ML-KEM-768 for the KEM, AES-256-GCM for payload, HKDF for domain-separated key derivation. The point is to protect today's ciphertexts against quantum-machine-equipped adversaries in the 2030s.

The library is intentionally small (≈3.2 KB gzipped browser bundle) and dependency-light — `@noble/curves`, `@noble/post-quantum`, `@noble/ciphers`. No native modules; runs in Node, NestJS, Kafka consumers, edge workers, and modern browsers via Web Crypto when available.

The API matters as much as the math. `seal()` / `open()` for envelope encryption; `sign()` / `verify()` for hybrid signatures; ergonomic NestJS interceptors and Next.js Route-Handler wrappers; structured `[MISSING:]` errors when configuration is incomplete. Algorithm-agility is baked in — every output carries a 4-byte version tag so the 2028 migration to ML-KEM-1024 is a one-line config change, not a rewrite.