https://github.com/raullenchai/vnsh
The Ephemeral Dropbox for AI. Host-blind, client-side encrypted sharing for logs, diffs, and images. Vaporizes in 24h.
https://github.com/raullenchai/vnsh
claude cli encryption file-sharing host-blind mcp privacy
Last synced: 4 months ago
JSON representation
The Ephemeral Dropbox for AI. Host-blind, client-side encrypted sharing for logs, diffs, and images. Vaporizes in 24h.
- Host: GitHub
- URL: https://github.com/raullenchai/vnsh
- Owner: raullenchai
- License: mit
- Created: 2026-01-24T15:56:08.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2026-02-10T03:30:38.000Z (5 months ago)
- Last Synced: 2026-02-10T07:35:45.013Z (5 months ago)
- Topics: claude, cli, encryption, file-sharing, host-blind, mcp, privacy
- Language: TypeScript
- Homepage: https://vnsh.dev
- Size: 258 KB
- Stars: 4
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-chrome - vnsh - Encrypted, ephemeral sharing for AI coding assistants. Zero-knowledge AES-256-CBC encryption, auto-expires in 24h. (Developer Tools)
README
vnsh
The Ephemeral Dropbox for AI
Website β’
Quick Start β’
How It Works β’
Self-Hosting β’
API
---
## What is vnsh?
**Stop pasting walls of text into Claude.** Pipe your logs, diffs, and images into a secure, host-blind URL. The server sees nothing. The data vaporizes in 24 hours.
```bash
# Pipe anything to vnsh, get a secure link
git diff | vn
# https://vnsh.dev/v/aBcDeFgHiJkL#R_sI4DHZ_6jNq6yqt2ORRDe9QZ5xQB6hIRLWHVFa8v8
```
### Handles any context your AI needs:
- πΌοΈ **Screenshots** β UI bugs, error dialogs, terminal output
- π **Logs** β 5000+ lines of server errors (too long for copy-paste)
- π **Git Diffs** β Complex PR reviews, multi-file changes
- π¦ **Binaries** β PDFs, CSVs, config files, database dumps
- π§ **Debug Context** β Stack traces, environment dumps, crash reports
## Philosophy
> *"Built for the ephemeral nature of AI workflows. Once your session is done, the data should be too."*
Unlike Dropbox or pastebins, vnsh implements a **Zero-Access Architecture** with automatic vaporization:
| Layer | What Happens |
|-------|--------------|
| **Encryption** | AES-256-CBC encryption happens entirely on your device |
| **Transport** | Decryption keys travel only in the URL fragment (`#secret`) β never sent to servers |
| **Storage** | Server stores encrypted binary blobs with zero knowledge of contents |
| **Vaporization** | Data auto-destructs after 24 hours. No history. No leaks. |
## Quick Start
### Option 1: Web Upload
Visit **[vnsh.dev](https://vnsh.dev)**, drag & drop a file, or paste text. Get an encrypted link instantly.
### Option 2: CLI Installation
**NPM** (recommended for Node.js users):
```bash
npm install -g vnsh-cli
```
**Homebrew** (macOS/Linux):
```bash
brew tap raullenchai/vnsh
brew install vnsh
```
**Shell script** (cross-platform: macOS, Linux, WSL, Git Bash):
```bash
curl -sL https://vnsh.dev/i | sh
```
### CLI Usage
```bash
# Upload a file
vn secrets.env
# Pipe from stdin
cat crash.log | vn
docker logs app | vn
git diff HEAD~5 | vn
# Read/decrypt a URL
vn read "https://vnsh.dev/v/aBcDeFgHiJkL#R_sI4DHZ..."
# Custom expiry (1-168 hours)
vn --ttl 1 temp-file.txt # expires in 1 hour
# Show version and help
vn --version
vn --help
```
### Option 3: Claude Code (MCP Integration)
**Native to Claude Code.** Unlike Dropbox, vnsh has a first-party MCP server. Claude can "see" inside your encrypted links without leaving the terminal.
Create `.mcp.json` in your project root:
```json
{
"mcpServers": {
"vnsh": {
"command": "npx",
"args": ["-y", "vnsh-mcp"]
}
}
}
```
Restart Claude Code after adding the config. Now Claude can:
- **Read** vnsh links automatically when you paste them
- **Share** large text outputs via `vnsh_share` tool
- **Share files** (images, PDFs, binaries) via `vnsh_share_file` tool
### Option 4: Zero-Install (Remote Servers)
**No installation needed.** Pipe anything from any server with just `curl` and `openssl`:
```bash
# One-liner: encrypt and upload from any machine
cat error.log | bash <(curl -sL vnsh.dev/pipe)
# https://vnsh.dev/v/aBcDeFgHiJkL#R_sI4DHZ_6jNq6yqt2ORRDe9...
# Works with any command
kubectl logs pod/crash | bash <(curl -sL vnsh.dev/pipe)
docker logs app 2>&1 | bash <(curl -sL vnsh.dev/pipe)
journalctl -u nginx --since "1 hour ago" | bash <(curl -sL vnsh.dev/pipe)
# Custom TTL (hours)
cat secrets.env | bash <(curl -sL vnsh.dev/pipe?ttl=1)
```
Perfect for SSH sessions, CI runners, Docker containers β anywhere you can't install tools.
### Option 5: Chrome Extension
**One-click encrypted debug bundles for AI.** Share text, screenshots, and console errors directly from your browser.
- **Right-click** any selected text β **Share via vnsh**
- **`Cmd+Shift+D`** β **AI Debug Bundle** (screenshot + console errors + selected text + URL, all encrypted)
- **Hover** over vnsh links on any page β see decrypted preview tooltip
Build from source or install from the Chrome Web Store (pending review):
```bash
cd extension && npm install && npm run build
# Load dist/ as unpacked extension in chrome://extensions/
```
See [extension/README.md](extension/README.md) for full documentation.
### Option 6: GitHub Action (CI/CD)
**Debug CI failures with Claude in one click.** When your CI fails, automatically upload logs and post a secure link to your PR.
```yaml
- name: Debug with vnsh
if: failure()
uses: raullenchai/upload-to-vnsh@v1
with:
file: test.log
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
The action will post a comment to your PR:
> π **Debug with Claude**
>
> CI logs uploaded securely. [View Logs](https://vnsh.dev/v/...) | Paste link to Claude for instant analysis
See [upload-to-vnsh](https://github.com/raullenchai/upload-to-vnsh) for full documentation.
## How It Works
```
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β YOUR DEVICE β
β βββββββββββ ββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β Data βββββΆβ AES-256-CBC βββββΆβ Encrypted Blob + URL Fragment β β
β βββββββββββ β Encryption β β https://vnsh.dev/v/id#k=... β β
β ββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Only encrypted blob sent to server
(key stays in URL fragment, never transmitted)
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β VNSH SERVER (BLIND) β
β β
β Receives: [encrypted binary blob] β
β Stores: [encrypted binary blob] β
β Knows: upload time, size, expiry β
β Cannot: decrypt, identify content type, read keys β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
### URL Structure (v2 β compact format)
```
https://vnsh.dev/v/aBcDeFgHiJkL#R_sI4DHZ_6jNq6yqt2ORRDe9QZ5xQB6hIRLWHVFa8v8jYCFqgQIbsRJrtJze_nL5
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
12-char ID 64-char base64url secret (key+iv, never sent to server)
```
The v2 format reduces URL length by ~40% (from ~160 to ~95 characters). Legacy v1 URLs (`#k=...&iv=...`) are still fully supported.
## Self-Hosting
vnsh runs on Cloudflare Workers with R2 storage. Deploy your own instance:
### Prerequisites
- [Cloudflare account](https://cloudflare.com) with Workers & R2 enabled
- [Wrangler CLI](https://developers.cloudflare.com/workers/wrangler/)
### Deploy
```bash
# Clone the repository
git clone https://github.com/raullenchai/vnsh.git
cd vnsh/worker
# Install dependencies
npm install
# Create R2 bucket
wrangler r2 bucket create vnsh-store
# Deploy
wrangler deploy
```
### Configuration
Edit `wrangler.toml` to customize:
```toml
name = "vnsh"
[[r2_buckets]]
binding = "VNSH_STORE"
bucket_name = "vnsh-store" # Your R2 bucket name
[[kv_namespaces]]
binding = "VNSH_META"
id = "your-kv-namespace-id" # Create with: wrangler kv namespace create VNSH_META
```
## API Reference
### `POST /api/drop`
Upload an encrypted blob.
```bash
curl -X POST https://vnsh.dev/api/drop \
-H "Content-Type: application/octet-stream" \
--data-binary @encrypted.bin
```
**Query Parameters:**
| Parameter | Type | Description |
|-----------|------|-------------|
| `ttl` | number | Time-to-live in hours (1-168, default: 24) |
| `price` | number | Payment required to access (x402 protocol) |
**Response:**
```json
{
"id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"expires": "2025-01-25T00:00:00.000Z"
}
```
### `GET /api/blob/:id`
Download an encrypted blob.
```bash
curl https://vnsh.dev/api/blob/a1b2c3d4-5678-90ab-cdef-1234567890ab
```
**Response Codes:**
| Code | Description |
|------|-------------|
| 200 | Success β returns encrypted blob |
| 402 | Payment required |
| 404 | Not found |
| 410 | Expired |
### `GET /v/:id`
Web viewer (serves HTML directly to preserve URL fragment with encryption keys).
### `GET /i`
CLI installation script.
### `GET /pipe`
Zero-install pipe upload script. Returns a shell script that encrypts stdin and uploads it.
```bash
cat file.log | bash <(curl -sL vnsh.dev/pipe)
```
Query Parameters:
| Parameter | Type | Description |
|-----------|--------|------------------------------------------|
| `ttl` | number | Time-to-live in hours (1-168, default: 24) |
### `GET /claude`
Claude Code MCP integration installer script.
## Security Model
### What vnsh Protects Against
β
**Server Compromise** β Even with full server access, attackers cannot decrypt blobs
β
**Database Leaks** β Stored data is indistinguishable from random noise
β
**Traffic Analysis** β No content-type information stored
β
**Subpoenas** β Server operator cannot produce plaintext (doesn't have keys)
### What vnsh Does NOT Protect Against
β **URL Sharing** β Anyone with the full URL (including `#fragment`) can decrypt
β **Client Compromise** β Malware on your device can intercept before encryption
β **MITM on Upload Page** β An attacker serving malicious JavaScript could intercept
### Recommendations
- Use vnsh over HTTPS only
- Don't share full URLs in public channels (Slack, Discord, Twitter)
- For maximum security, self-host the worker
## Project Structure
```
vnsh/
βββ worker/ # Cloudflare Worker (storage API + web viewer)
β βββ src/
β β βββ index.ts # Main worker code
β βββ test/
β βββ api.test.ts
βββ mcp/ # MCP Server (Claude Code integration)
β βββ src/
β β βββ index.ts # MCP tool handlers
β β βββ crypto.ts # Encryption utilities
β βββ package.json
βββ extension/ # Chrome Extension (AI debug sharing)
β βββ src/
β β βββ lib/ # Shared crypto, API, storage
β β βββ background/ # Service worker
β β βββ content/ # Link detector + tooltip
β β βββ popup/ # Extension popup UI
β βββ tests/
βββ cli/
β βββ vn # Bash CLI script
β βββ npm/ # NPM package (vnsh-cli)
β β βββ src/
β β β βββ cli.ts
β β β βββ crypto.ts
β β βββ package.json
β βββ install.sh # Shell installer
βββ homebrew-tap/ # Homebrew formula
β βββ Formula/
β βββ vnsh.rb
βββ docs/ # Documentation
```
## Packages
| Package | Description | Install |
|---------|-------------|---------|
| [vnsh-cli](https://www.npmjs.com/package/vnsh-cli) | CLI tool | `npm i -g vnsh-cli` |
| [vnsh-mcp](https://www.npmjs.com/package/vnsh-mcp) | MCP server for Claude | `npx vnsh-mcp` |
| [vnsh extension](extension/) | Chrome Extension | [Chrome Web Store](https://chromewebstore.google.com/detail/vnsh) |
| [upload-to-vnsh](https://github.com/raullenchai/upload-to-vnsh) | GitHub Action for CI/CD | `uses: raullenchai/upload-to-vnsh@v1` |
| [homebrew-vnsh](https://github.com/raullenchai/homebrew-vnsh) | Homebrew tap | `brew install raullenchai/vnsh/vnsh` |
## Development
```bash
# Clone
git clone https://github.com/raullenchai/vnsh.git
cd vnsh
# Install dependencies
npm install
cd worker && npm install
cd ../mcp && npm install
# Run tests
npm test # Worker + MCP tests
cd extension && npm test # Extension tests (48 tests, 93%+ coverage)
cd extension && npm run test:cov # Extension tests with coverage
# Start local worker
cd worker && npm run dev
# Build MCP server
cd mcp && npm run build
# Build extension
cd extension && npm install && npm run build
# Load extension/dist/ as unpacked in chrome://extensions/
```
## Contributing
Contributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) before submitting a PR.
### Development Workflow
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Run tests (`npm test`)
4. Commit changes (`git commit -m 'Add amazing feature'`)
5. Push to branch (`git push origin feature/amazing-feature`)
6. Open a Pull Request
## License
MIT License β see [LICENSE](LICENSE) for details.
---
The Ephemeral Dropbox for AI. Your context. Your keys. Then it's gone.