{"id":49276029,"url":"https://github.com/fundacja-reborn/reapps","last_synced_at":"2026-05-27T15:00:48.051Z","repository":{"id":352586428,"uuid":"1207822076","full_name":"fundacja-reborn/reapps","owner":"fundacja-reborn","description":"E2EE zero-knowledge encrypted task manager \u0026 notes app. Offline-first PWA, self-hostable. Official free instance at reapps.eu. Built with SvelteKit.","archived":false,"fork":false,"pushed_at":"2026-05-26T05:20:15.000Z","size":3112,"stargazers_count":5,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T07:18:57.132Z","etag":null,"topics":["2fa","e2e","e2e-encryption","e2ee","european","foss","markdown-editor","notes-app","offline-first","open-source","privacy","pwa","pwa-app","self-hosted","sharing","svelte","sveltekit","task-manager","task-manager-app","zero-knowledge"],"latest_commit_sha":null,"homepage":"https://reapps.eu","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fundacja-reborn.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://reapps.eu/#support","https://wise.com/pay/business/fundacjareborn?description=Donation+-+statutory+purposes"]}},"created_at":"2026-04-11T12:59:25.000Z","updated_at":"2026-05-26T05:20:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"a71a543b-aa83-4fba-8a9b-f3e9dce62592","html_url":"https://github.com/fundacja-reborn/reapps","commit_stats":null,"previous_names":["fundacja-reborn/reapps"],"tags_count":76,"template":false,"template_full_name":null,"purl":"pkg:github/fundacja-reborn/reapps","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fundacja-reborn%2Freapps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fundacja-reborn%2Freapps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fundacja-reborn%2Freapps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fundacja-reborn%2Freapps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fundacja-reborn","download_url":"https://codeload.github.com/fundacja-reborn/reapps/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fundacja-reborn%2Freapps/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33570993,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-27T02:00:06.184Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","e2e","e2e-encryption","e2ee","european","foss","markdown-editor","notes-app","offline-first","open-source","privacy","pwa","pwa-app","self-hosted","sharing","svelte","sveltekit","task-manager","task-manager-app","zero-knowledge"],"created_at":"2026-04-25T16:06:10.804Z","updated_at":"2026-05-27T15:00:48.039Z","avatar_url":"https://github.com/fundacja-reborn.png","language":"TypeScript","funding_links":["https://reapps.eu/#support","https://wise.com/pay/business/fundacjareborn?description=Donation+-+statutory+purposes"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/logo.svg\" alt=\"re/apps logo\" width=\"280\"\u003e\n\u003c/p\u003e\n\n\u003ch3 align=\"center\"\u003ePrivate. Encrypted. Yours.\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  Open-source, end-to-end encrypted productivity apps.\u003cbr\u003e\n  Your data never leaves your device unencrypted.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://reapps.eu/task\"\u003eTry re/task\u003c/a\u003e · \u003ca href=\"https://reapps.eu/notes\"\u003eTry re/notes\u003c/a\u003e · \u003ca href=\"https://reapps.eu\"\u003eWebsite\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-AGPL--3.0-blue.svg\" alt=\"License: AGPL-3.0\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/encryption-E2E%20Zero%20Knowledge-green.svg\" alt=\"E2E Encryption\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/hosting-100%25%20EU-blue.svg\" alt=\"EU Hosting\"\u003e\n  \u003ca href=\"https://stats.uptimerobot.com/JDB9dZbrRv\"\u003e\u003cimg src=\"https://img.shields.io/uptimerobot/status/m802908750-73cd6617a77cb5c5c4895145.svg?label=re%2Ftask\" alt=\"re/task status\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://stats.uptimerobot.com/JDB9dZbrRv\"\u003e\u003cimg src=\"https://img.shields.io/uptimerobot/status/m802908780-a72ba338421275c9fc937b76.svg?label=re%2Fnotes\" alt=\"re/notes status\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n**Reborn Apps** is a suite of two Progressive Web Apps built with a **Zero Knowledge architecture** - all user data is encrypted on your device before it ever reaches the server. The server stores only ciphertext and cannot read your tasks, notes, or metadata.\n\nBuilt by [Reborn Foundation](https://reborn.org.pl) (Poland), a European non-profit. Hosted on Hetzner Cloud (Germany). No tracking, no ads, no email required.\n\n## Apps\n\n### re/task - Encrypted task management\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/retask-screenshot.webp\" alt=\"re/task - task list and task detail view\" width=\"700\"\u003e\n\u003c/p\u003e\n\n- **Task lists**\n- **Subtasks** with progress tracking\n- **Recurring tasks** - daily, weekly, or custom schedule\n- **Starred \u0026 favorites** - focus on what matters\n- **Due dates \u0026 reminders** with optional push notifications - delivered even when the app is closed via an opt-in server-assisted pipeline that learns *when* a reminder fires (bucketed to 5 minutes), never *what* it is for ([design doc](docs/security/push-notifications.md))\n- **Smart views** - Today, Upcoming, Overdue, Starred, Completed\n- **Full-text search** with operators - `list:Inbox`, `due:\u003c7d`, `is:overdue`, `has:link`, … ([reference](docs/search-operators.md))\n- **Trash \u0026 recovery** - restore deleted tasks within 30 days\n- **Import \u0026 export** - JSON backup and restore\n- **Read-only share links** - send a frozen snapshot of a task (with its subtasks) via an encrypted public URL; the snapshot key lives in the URL fragment so the server never sees it. Optional password, expiry, and view-count limit; revoke anytime ([blog post](https://reapps.eu/blog/sharing-notes-tasks-zero-knowledge-snapshots/)).\n\n### re/notes - Encrypted notes \u0026 documents\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/renotes-screenshot.webp\" alt=\"re/notes - note list and Markdown editor\" width=\"700\"\u003e\n\u003c/p\u003e\n\n- **Markdown editor** - headings, lists, code blocks, images, and more\n- **Folders \u0026 tags** - flexible organization system\n- **Multi-select \u0026 bulk actions** - pin, star, move to folder, or delete many notes at once (long-press on touch, header toggle on desktop)\n- **Periodic notes** - one-click Daily, Weekly, and Monthly notes (Obsidian-style); date-based titles with configurable formats, lazy-created folders, Daily on by default ([blog post](https://reapps.eu/blog/periodic-notes-daily-weekly-monthly))\n- **Version history** - up to 10 saved versions per note\n- **Internal links** - link between notes with autocomplete to build a knowledge base\n- **Live preview** - edit Markdown on one side, see formatted output on the other\n- **Encryption X-Ray** - see exactly what the server sees (encrypted blobs)\n- **Full-text search** with operators - `tag:work`, `folder:projects/active`, `created:\u003c7d`, `has:link`, `-tag:archived`, … ([reference](docs/search-operators.md))\n- **Trash \u0026 recovery** - safely delete and restore notes\n- **Import \u0026 export** - Markdown, JSON, or encrypted backup; import single `.md` files or entire folders with subfolders (e.g., an Obsidian vault) preserving directory structure\n- **Read-only share links** - publish a frozen snapshot of a note via an encrypted public URL; the snapshot key lives in the URL fragment so the server never sees it. Optional password, expiry, and view-count limit; revoke anytime ([blog post](https://reapps.eu/blog/sharing-notes-tasks-zero-knowledge-snapshots/)).\n\n### Shared features\n\n- 🔐 **End-to-end encryption** - data is encrypted on your device before reaching any server\n- 📱 **Offline-first PWA** - works without internet, syncs when back online\n- 🔄 **Cross-device sync** - access from any device, changes sync automatically\n- 🛡️ **Two-factor authentication** - TOTP (2FA) with one-time recovery codes\n- 👤 **One account, no email** - just a username and password, shared across both apps (SSO)\n- 🌍 **Installable** - add to home screen as a native-like app\n- 🌙 **Dark mode** - full dark theme support\n- � **Multilingual** - English 🇬🇧, French 🇫🇷, German 🇩🇪, Polish 🇵🇱, Spanish 🇪🇸\n\n## Security \u0026 privacy\n\nReborn Apps uses a **Zero Knowledge E2E architecture**:\n\n| What | Where | Who can read it |\n|---|---|---|\n| Tasks, notes, subtasks, metadata | Server (encrypted) | **Only you** |\n| Username | Server (plaintext) | Server operator |\n| Password | Server (Argon2id hash) | **Nobody** |\n| Encryption keys | Your device only | **Only you** |\n| Email, phone, real name | **Not collected** | - |\n\n**How it works:**\n\n1. You set a password → a master encryption key is derived on your device (PBKDF2 600K iterations)\n2. All data is encrypted with AES-256-GCM before leaving the browser\n3. The server stores only ciphertext - it cannot decrypt anything\n4. Even sensitive metadata (due dates, completion status, starred flags) is bundled into an encrypted blob\n5. If the server is compromised, attackers get only encrypted noise\n\n\u003e ⚠️ **If you forget your password, your data is irrecoverable.** Recovery codes cannot help with password recovery - they only bypass 2FA if you lose access to your authenticator app. This is by design - the server cannot help you because it cannot read your data.\n\nFor a deep dive, see the [Zero Knowledge Architecture](docs/architecture/zero-knowledge-architecture.md) document and the [Security Overview](docs/security/security-overview.md).\n\n## Try it\n\nA free public instance is available at **[reapps.eu](https://reapps.eu)**, maintained by [Reborn Foundation](https://reborn.org.pl):\n\n| App | URL |\n|---|---|\n| re/task | [reapps.eu/task](https://reapps.eu/task) |\n| re/notes | [reapps.eu/notes](https://reapps.eu/notes) |\n\nNo email required. Create an account with just a username and password.\n\n**Live status:** [stats.uptimerobot.com/JDB9dZbrRv](https://stats.uptimerobot.com/JDB9dZbrRv)\n\n## Self-hosting\n\nYou own your data - you can also run your own instance.\n\nThere are two flows depending on what you want to do:\n\n| Flow | Source on host? | Image | Speed | Use case |\n|---|---|---|---|---|\n| [Development](#development-flow) | Required (cloned repo) | `node:alpine` + bind mount + `pnpm install` at boot | Slow first start, HMR after | Hacking on the code |\n| [Production](#production-flow) | Not required at runtime | Pre-built from multi-stage `Dockerfile` | \u003c15 s boot, no install | Running your own instance |\n\n\u003e **Why this matters:** the default `docker-compose.yml` is the **development** flow. If you paste it into a stack editor (Portainer, Coolify, …) without a cloned repo on the host, `pnpm install` fails with `ERR_PNPM_NO_PKG_MANIFEST` because the bind mount points at an empty directory. For self-hosting, use the production flow below.\n\n### Requirements\n\n- [Docker](https://docs.docker.com/get-docker/) v25+ with Docker Compose\n- A `.env` file (copy from `.env.example`, generate strong secrets - see below)\n\n### Development flow\n\n```bash\n# Clone the repository\ngit clone https://github.com/fundacja-reborn/reapps.git\ncd reapps\n\n# Copy environment config\ncp .env.example .env\n\n# Start both apps with SSO support (recommended)\ndocker compose -f docker-compose.yml -f docker-compose.proxy.yml --profile with-notes up\n```\n\nAfter startup:\n\n| App | URL |\n|---|---|\n| re/task | http://localhost/task |\n| re/notes | http://localhost/notes |\n\nBoth apps share a single PostgreSQL database and a single user account (SSO via shared origin).\n\n\u003e First startup takes a few minutes (downloading images + `pnpm install`). Subsequent starts are fast thanks to Docker volume caching.\n\n#### Other dev configurations\n\n```bash\n# Only re/task (port 4200)\ndocker compose up\n\n# Both apps on separate ports (no SSO)\ndocker compose --profile with-notes up\n```\n\n### Production flow\n\nThe production flow builds a multi-stage `Dockerfile` and runs the pre-compiled SvelteKit server - no `pnpm install` at boot, no bind mount, no source on the host required at runtime.\n\n```bash\ngit clone https://github.com/fundacja-reborn/reapps.git\ncd reapps\n\n# Copy and edit the environment + production override.\ncp .env.example .env\ncp docker-compose.prod.yml.example docker-compose.prod.yml\n```\n\nEdit `.env` and set at least:\n\n```bash\nPUBLIC_SITE_URL=https://your-domain.example.com   # or http://your-server-ip\nDB_USER=postgres\nDB_PASSWORD=\u003cstrong-random-password\u003e\nDB_NAME=reborn\nJWT_SECRET=\u003c32+ random bytes, base64\u003e\nREFRESH_TOKEN_SECRET=\u003c32+ random bytes, base64\u003e\nSESSION_SECRET=\u003c32+ random bytes, base64\u003e\nRECOVERY_KEY_SECRET=\u003c32+ random bytes, base64\u003e\n```\n\nGenerate a secret with `openssl rand -base64 48`.\n\nBuild and start:\n\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.prod.yml \\\n  --profile with-notes up -d --build --wait\n```\n\nThe apps listen on `:4200` (task) and `:4201` (notes) on the Docker host. For SSO (shared origin → shared localStorage) put a TLS-terminating reverse proxy in front (nginx, Caddy, Traefik, Cloudflare Tunnel, …) that maps:\n\n- `\u003cPUBLIC_SITE_URL\u003e/task/`  → `http://127.0.0.1:4200/task/`\n- `\u003cPUBLIC_SITE_URL\u003e/notes/` → `http://127.0.0.1:4201/notes/`\n\n`nginx/dev.conf` is a reference proxy config - adapt it (add `listen 443 ssl;`, certificate paths, HSTS) for your environment.\n\n\u003e **Portainer / Coolify / stack editors:** paste the contents of `docker-compose.yml` **and** `docker-compose.prod.yml.example` (combined or as a compose project that fetches both from git). The build context needs the repo source - point the stack at this Git URL, not at a raw paste.\n\n#### Smoke-testing the production image locally\n\nIf you want to verify the production build works **before** pointing your real domain at it:\n\n```bash\ncp docker-compose.localprod.yml.example docker-compose.localprod.yml\n\ndocker compose -f docker-compose.yml -f docker-compose.localprod.yml \\\n  -f docker-compose.proxy.yml --profile with-notes -p reborn-localprod \\\n  up -d --build --wait\n# → http://localhost/task and http://localhost/notes\n```\n\nThis uses `http://localhost` as the origin and the dev DB credentials, so it composes cleanly without further configuration.\n\n### Without Docker\n\n```bash\n# Prerequisites: Node.js 20+, PNPM 10+, PostgreSQL\n\npnpm install\npnpm db:generate\npnpm db:migrate\n\n# Start re/task\npnpm nx dev reborn-task\n\n# Start re/notes (separate terminal)\npnpm nx dev reborn-notes\n```\n\n### Stopping \u0026 cleanup\n\n```bash\n# Stop containers (dev)\ndocker compose -f docker-compose.yml -f docker-compose.proxy.yml --profile with-notes down\n\n# Stop containers (production)\ndocker compose -f docker-compose.yml -f docker-compose.prod.yml --profile with-notes down\n\n# Full reset (removes database and cached node_modules)\ndocker compose -f docker-compose.yml -f docker-compose.proxy.yml --profile with-notes down -v\n```\n\n## Tech stack\n\n| Layer | Technology |\n|---|---|\n| Frontend | SvelteKit 2, Svelte 5 (runes), TypeScript |\n| Styling | TailwindCSS 4 |\n| Offline storage | IndexedDB (Dexie.js) |\n| Encryption | AES-256-GCM, PBKDF2, Argon2id (Web Crypto API + hash-wasm) |\n| Backend | SvelteKit API routes |\n| Database | PostgreSQL 17, Prisma 6 |\n| Auth | JWT + refresh tokens, TOTP 2FA, recovery codes |\n| Monorepo | pnpm workspaces, Nx 21 |\n| Notes editor | CodeMirror 6 (Markdown) |\n\n## Project structure\n\n```\napps/\n├── reborn-task/         # Task management app (SvelteKit)\n└── reborn-notes/        # Notes app (SvelteKit)\npackages/\n├── @reborn/auth         # Authentication (JWT, 2FA, recovery codes)\n├── @reborn/crypto       # E2E encryption \u0026 key management\n├── @reborn/database     # Prisma schema \u0026 client\n├── @reborn/storage      # Encrypted IndexedDB stores\n├── @reborn/types        # Shared TypeScript types\n├── @reborn/ui           # UI components (shadcn-svelte)\n├── @reborn/i18n         # Internationalization (PL/EN)\n├── @reborn/utils        # Shared utilities\n└── @reborn/api-client   # HTTP client for API\ndocs/\n├── architecture/        # Zero Knowledge architecture docs\n└── security/            # Security audits\n```\n\n## Contributing\n\nWe welcome community involvement! Due to the security-sensitive nature of this project (E2E encryption, Zero Knowledge architecture), we maintain all code changes internally.\n\n**How you can help:**\n\n- **Report bugs** - [open an Issue](https://github.com/fundacja-reborn/reapps/issues) with clear reproduction steps\n- **Suggest features \u0026 discuss ideas** - join [GitHub Discussions](https://github.com/fundacja-reborn/reapps/discussions)\n- **Report security vulnerabilities** - see our [Security Policy](SECURITY.md) (please report privately)\n- **Improve translations** - suggest corrections or new languages via Issues\n\n\u003e **Note:** We do not accept external pull requests. Every code change undergoes internal security review to protect the integrity of the encryption layer. If you've found a bug and know the fix, please describe it in an Issue - we'll gladly credit you.\n\n## Acknowledgments\n\nReborn Apps is shaped by feedback from people who try it, share ideas, and tell us what's missing. Special thanks to:\n\n- **[Travis Solin (@computrav)](https://github.com/computrav)** - for early feedback on the public release and detailed thinking on power-user search semantics that directly informed the operator-based search syntax.\n\nIf you've contributed something that shaped this project - an idea, a substantive bug report, a translation - and you're not listed here, please [open an Issue](https://github.com/fundacja-reborn/reapps/issues). Smaller individual reports are credited per-release in commit messages and release notes.\n\n## License\n\n[AGPL-3.0](LICENSE) - Copyright © 2025 Fundacja Reborn (Poland)\n\nYou are free to use, modify, and self-host. If you modify the server-side code and offer it as a service, you must open-source your changes under the same license.\n\n## Further reading\n\n- [Zero Knowledge Architecture](docs/architecture/zero-knowledge-architecture.md) - how encryption works under the hood\n- [Security Overview](docs/security/security-overview.md) - security posture, cryptographic primitives, and known limitations\n- [Push Notifications - Zero Knowledge Design](docs/security/push-notifications.md) - threat model and opt-in trade-off for server-assisted reminders\n- [Read-only Snapshot Sharing - Zero Knowledge Design](docs/security/read-only-snapshot-sharing.md) - how public share links keep the server blind\n- [Security Policy](SECURITY.md) - how to report vulnerabilities\n\n## Support\n\nReborn Apps is built by a non-profit foundation - no investors, no ads, no tracking. If you find our apps useful and want to support their continued development, every donation helps us build software free from commercial pressure.\n\n→ [**Donate via Wise**](https://wise.com/pay/business/fundacjareborn?description=Donation+-+statutory+purposes)\n\n→ [**More ways to support**](https://reapps.eu/#support)\n\n---\n\nBuilt with privacy in mind by [Reborn Foundation](https://reborn.org.pl) (Poland).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffundacja-reborn%2Freapps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffundacja-reborn%2Freapps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffundacja-reborn%2Freapps/lists"}