NovaKey-Daemon Overview
NovaKey-Daemon is a cross-platform Go agent that receives authenticated secrets from a trusted device and injects them into the currently focused text field. NovaKey-Daemon runs on your computer and receives secrets from the phone.
It is designed to:
- Accept connections only from paired devices
- Reject replayed or malformed messages
- Never store secrets longer than required
The daemon does not expose a web interface.
It is designed for cases where you don’t want to type high-value secrets on your desktop keyboard:
- the secret lives on your phone
- delivery is encrypted and authenticated
- the daemon injects into the focused control (with optional clipboard mode)
NovaKey prefers direct injection; clipboard and auto-typing are fallback options used only when required by OS limitations and can be disabled via configuration.
One port, two routes
NovaKey listens on one TCP address (listen_addr, default 0.0.0.0:60768)
and routes each incoming connection by a one-line preface:
NOVAK/1 /pair\n— pairingNOVAK/1 /msg\n— approve/inject messages
NOTE: Message types are defined in Security → Protocol Summary (Inject/Approve/Arm/Disarm).
Clients must send a route preface line (NOVAK/1 /msg\n or NOVAK/1 /pair\n). Connections without a valid preface are rejected.
Safety controls (optional)
- arming (“push-to-type”)
- two-man approval window
- injection safety rules (
allow_newlines,max_inject_len) - target policy allow/deny lists
- Arm API (token protected)