FLUXAR unifies RPC, Streaming, and PubSub in a single binary envelope. Seven message types. One connection. Zero compromises.
Modern applications communicate in three fundamentally different patterns: request-response for APIs and queries, streaming for LLM token generation and real-time analytics, and publish-subscribe for chat messages and notifications.
Today, if your application needs all three, you wire together multiple protocols — gRPC for RPC, MQTT or NATS for pub/sub, custom WebSocket framing for streaming. Each has its own connection, its own serialisation, its own error model, its own auth flow. The glue between them is your problem.
What if one protocol handled all three?
Not by being the largest common denominator — but by finding the smallest set of primitives that naturally compose into all three patterns.
FLUXAR is built on one observation: every message interaction is either a one-shot (I send, you reply) or a continuation (this belongs to an ongoing exchange). If you can express "this message is a response to that message", you can build everything else. That is the ref mechanism.
After the handshake, both sides are equal. No "client" and "server" — only two peers. A mobile app can receive server-initiated RPC calls. Two backend services can subscribe to each other's events on the same connection.
Sending and receiving are completely independent. Fire ten requests without waiting for the first response. The ref field correlates them. No head-of-line blocking at the protocol level.
FLUXAR doesn't care how bytes travel. The protocol defines a message format and processing pipeline; the transport is pluggable. Your application code stays the same — only the connection setup differs.
Every message — handshake, RPC call, stream chunk, subscription, event — uses the same seven-field envelope. No second wire format for "control frames". Parsers are simple. Debuggers work on everything.
CBOR, not JSON. Binary UUIDs (16 bytes) instead of strings (36 bytes). Integer type codes instead of names. ~50 bytes saved per message — matters at scale and on constrained devices. IETF standard (RFC 8949) with libraries in every language.
payload field carries any CBOR value. No prescribed schemas or validation — optional introspection is available if you want it.Stop gluing protocols together. One connection, one format, one auth flow.
ref MechanismOne field turns any message from request into response. That's the entire trick.
id: 0xA1 ref: null target: "user.get"id: 0xB2 ref: 0xA1 payload: {…}id: 0xC3 target: "ai.generate"ref: 0xC3 payload: "Hello"ref: 0xC3 payload: " world"ref: 0xC3 target: "end"Every message has an id. If it also carries a ref, it's a response to that id. No ref — it's a new request. Same type, same envelope.
From this single primitive, three communication patterns emerge naturally — no special-casing, no separate wire formats.
Requests don't wait for responses. No head-of-line blocking. Ever.
ref correlates them. A slow database query on one request doesn't delay the others.After the handshake, both sides are equal. Either can call, stream, subscribe, publish.
Binary serialisation that's compact, self-describing, and handles raw bytes natively.
{
"type": "call",
"id": "0190d4a8-7b3c-7def-8abc-123456789012",
"ref": null,
"target": "user.getProfile",
"meta": { "trace_id": "abc123" },
"payload": { "id": 42 },
"error": null
}{
1, // type as integer
h'0190d4a87b3c7def8abc…', // 16-byte binary UUID
null,
"user.getProfile",
{ "trace_id": "abc123" },
{ "id": 42 },
null
}Clean transform chain. Extensions plug in without changing the core.
RPC, Streaming, and PubSub — all built from the same seven message types.
Classic RPC. Send a call — get a call back with ref pointing to your request. Fully async: fire ten requests, receive responses in any order.
Open a stream, send data chunks, end or cancel. Full lifecycle state machine: IDLE → ACTIVE → CANCELLING → CLOSED. Backpressure via pause/resume.
Subscribe to topics, publish events, receive messages with ack/nack. Three delivery guarantee modes: at-most-once, at-least-once, exactly-once.
Each layer has one job. Implementations can be swapped independently.
Same application code, different transports. Only the connection setup changes.
Browsers and web clients. Native frame boundaries, TLS via wss://
Backend services. Length-prefixed framing, TLS 1.3
Mobile apps. Connection migration, 0-RTT, multiplexed streams
Local IPC. Zero network overhead, file-system permissions
TLS 1.3 approach: few options, strong defaults, forward secrecy.
Bearer token, API key, credentials, and custom. Independent PSK peer trust layer for service meshes.
Application-level encryption atop transport TLS. X25519 key exchange with AES-256-GCM or ChaCha20-Poly1305.
Ephemeral keys per session. Compromise of long-term keys doesn't expose past traffic.
Message size limits, rate limiting, heartbeat timeouts, backpressure controls.
Chat, collaboration, gaming — bidirectional streaming + PubSub on a single connection.
RPC + event-driven patterns without gluing together multiple protocols.
QUIC with connection migration, session resume on network switch.
CBOR compactness, PSK mutual auth, minimal overhead on constrained devices.
Streaming token delivery with cancel, backpressure, and lifecycle control.
Symmetric protocol — both sides are equal peers after handshake.
Two conformance levels. Adopt incrementally.
Implement in a day. Everything you need to start.
Everything the protocol offers. Production-grade.
Read the full specification, explore the design decisions, or start implementing.