vnsh

Ephemeral encrypted file sharing for AI. Client-side AES-256 encryption, 24h auto-vaporization.

What is vnsh?

Stop pasting walls of text into Claude. Pipe your logs, diffs, and images into a secure, host-blind URL. The server sees nothing. The data vaporizes in 24 hours.

# Pipe anything to vnsh, get a secure link
git diff | vn
# https://vnsh.dev/v/a1b2c3d4...#k=...&iv=...

Handles any context your AI needs:

🖼️ Screenshots — UI bugs, error dialogs, terminal output
📜 Logs — 5000+ lines of server errors (too long for copy-paste)
🔄 Git Diffs — Complex PR reviews, multi-file changes
📦 Binaries — PDFs, CSVs, config files, database dumps
🔧 Debug Context — Stack traces, environment dumps, crash reports

Philosophy

"Built for the ephemeral nature of AI workflows. Once your session is done, the data should be too."

Unlike Dropbox or pastebins, vnsh implements a Zero-Access Architecture with automatic vaporization:

Layer	What Happens
Encryption	AES-256-CBC encryption happens entirely on your device
Transport	Decryption keys travel only in the URL fragment (`#k=...`) — never sent to servers
Storage	Server stores encrypted binary blobs with zero knowledge of contents
Vaporization	Data auto-destructs after 24 hours. No history. No leaks.

Quick Start

Option 1: Web Upload

Visit vnsh.dev, drag & drop a file, or paste text. Get an encrypted link instantly.

Option 2: CLI Installation

NPM (recommended for Node.js users):

npm install -g vnsh-cli

Homebrew (macOS/Linux):

brew tap raullenchai/vnsh
brew install vnsh

Shell script (cross-platform: macOS, Linux, WSL, Git Bash):

curl -sL https://vnsh.dev/i | sh

CLI Usage

# Upload a file
vn secrets.env

# Pipe from stdin
cat crash.log | vn
docker logs app | vn
git diff HEAD~5 | vn

# Read/decrypt a URL
vn read "https://vnsh.dev/v/abc123#k=...&iv=..."

# Custom expiry (1-168 hours)
vn --ttl 1 temp-file.txt   # expires in 1 hour

# Show version and help
vn --version
vn --help

Option 3: Claude Code (MCP Integration)

Native to Claude Code. Unlike Dropbox, vnsh has a first-party MCP server. Claude can "see" inside your encrypted links without leaving the terminal.

Create .mcp.json in your project root:

{
  "mcpServers": {
    "vnsh": {
      "command": "npx",
      "args": ["-y", "vnsh-mcp"]
    }
  }
}

Restart Claude Code after adding the config. Now Claude can:

Read vnsh links automatically when you paste them
Share large outputs via vnsh_share tool

Option 4: GitHub Action (CI/CD)

Debug CI failures with Claude in one click. When your CI fails, automatically upload logs and post a secure link to your PR.

- name: Debug with vnsh
  if: failure()
  uses: raullenchai/upload-to-vnsh@v1
  with:
    file: test.log
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The action will post a comment to your PR:

🔍 Debug with Claude

CI logs uploaded securely. View Logs | Paste link to Claude for instant analysis

See upload-to-vnsh for full documentation.

How It Works

┌──────────────────────────────────────────────────────────────────────────┐
│                              YOUR DEVICE                                  │
│  ┌─────────┐    ┌──────────────┐    ┌─────────────────────────────────┐  │
│  │  Data   │───▶│ AES-256-CBC  │───▶│  Encrypted Blob + URL Fragment  │  │
│  └─────────┘    │  Encryption  │    │  https://vnsh.dev/v/id#k=...    │  │
│                 └──────────────┘    └─────────────────────────────────┘  │
└──────────────────────────────────────────────────────────────────────────┘
                                           │
                           Only encrypted blob sent to server
                           (key stays in URL fragment, never transmitted)
                                           ▼
┌──────────────────────────────────────────────────────────────────────────┐
│                           VNSH SERVER (BLIND)                             │
│                                                                           │
│   Receives: [encrypted binary blob]                                       │
│   Stores:   [encrypted binary blob]                                       │
│   Knows:    upload time, size, expiry                                     │
│   Cannot:   decrypt, identify content type, read keys                     │
│                                                                           │
└──────────────────────────────────────────────────────────────────────────┘

URL Structure

https://vnsh.dev/v/a1b2c3d4-5678-90ab-cdef-1234567890ab#k=<64-char-key>&iv=<32-char-iv>
                  └──────────────────────────────────┘ └─────────────────────────────┘
                            Sent to server                    Never sent to server
                            (blob identifier)                 (decryption material)

Self-Hosting

vnsh runs on Cloudflare Workers with R2 storage. Deploy your own instance:

Prerequisites

Cloudflare account with Workers & R2 enabled
Wrangler CLI

Deploy

# Clone the repository
git clone https://github.com/raullenchai/vnsh.git
cd vnsh/worker

# Install dependencies
npm install

# Create R2 bucket
wrangler r2 bucket create vnsh-store

# Deploy
wrangler deploy

Configuration

Edit wrangler.toml to customize:

name = "vnsh"

[[r2_buckets]]
binding = "VNSH_STORE"
bucket_name = "vnsh-store"  # Your R2 bucket name

[[kv_namespaces]]
binding = "VNSH_META"
id = "your-kv-namespace-id"  # Create with: wrangler kv namespace create VNSH_META

API Reference

`POST /api/drop`

Upload an encrypted blob.

curl -X POST https://vnsh.dev/api/drop \
  -H "Content-Type: application/octet-stream" \
  --data-binary @encrypted.bin

Query Parameters:

Parameter	Type	Description
`ttl`	number	Time-to-live in hours (1-168, default: 24)
`price`	number	Payment required to access (x402 protocol)

Response:

{
  "id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
  "expires": "2025-01-25T00:00:00.000Z"
}

`GET /api/blob/:id`

Download an encrypted blob.

curl https://vnsh.dev/api/blob/a1b2c3d4-5678-90ab-cdef-1234567890ab

Response Codes:

Code	Description
200	Success — returns encrypted blob
402	Payment required
404	Not found
410	Expired

`GET /v/:id`

Web viewer (serves HTML directly to preserve URL fragment with encryption keys).

`GET /i`

CLI installation script.

Security Model

What vnsh Protects Against

✅ Server Compromise — Even with full server access, attackers cannot decrypt blobs ✅ Database Leaks — Stored data is indistinguishable from random noise ✅ Traffic Analysis — No content-type information stored ✅ Subpoenas — Server operator cannot produce plaintext (doesn't have keys)

What vnsh Does NOT Protect Against

❌ URL Sharing — Anyone with the full URL (including #fragment) can decrypt ❌ Client Compromise — Malware on your device can intercept before encryption ❌ MITM on Upload Page — An attacker serving malicious JavaScript could intercept

Recommendations

Use vnsh over HTTPS only
Don't share full URLs in public channels (Slack, Discord, Twitter)
For maximum security, self-host the worker

Project Structure

vnsh/
├── worker/          # Cloudflare Worker (storage API)
│   ├── src/
│   │   └── index.ts # Main worker code
│   └── test/
│       └── api.test.ts
├── mcp/             # MCP Server (Claude Code integration)
│   ├── src/
│   │   ├── index.ts # MCP tool handlers
│   │   └── crypto.ts # Encryption utilities
│   └── package.json
├── cli/
│   ├── vn           # Bash CLI script
│   ├── npm/         # NPM package (vnsh-cli)
│   │   ├── src/
│   │   │   ├── cli.ts
│   │   │   └── crypto.ts
│   │   └── package.json
│   └── install.sh   # Shell installer
├── homebrew-tap/    # Homebrew formula
│   └── Formula/
│       └── vnsh.rb
└── docs/            # Documentation

Packages

Package	Description	Install
vnsh-cli	CLI tool	`npm i -g vnsh-cli`
vnsh-mcp	MCP server for Claude	`npx vnsh-mcp`
upload-to-vnsh	GitHub Action for CI/CD	`uses: raullenchai/upload-to-vnsh@v1`
homebrew-vnsh	Homebrew tap	`brew install raullenchai/vnsh/vnsh`

Development

# Clone
git clone https://github.com/raullenchai/vnsh.git
cd vnsh

# Install dependencies
npm install
cd worker && npm install
cd ../mcp && npm install

# Run tests (143 tests, 82%+ coverage)
npm test

# Start local worker
cd worker && npm run dev

# Build MCP server
cd mcp && npm run build

Contributing

Contributions are welcome! Please read our Contributing Guide before submitting a PR.

Development Workflow

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Run tests (npm test)
Commit changes (git commit -m 'Add amazing feature')
Push to branch (git push origin feature/amazing-feature)
Open a Pull Request

License

MIT License — see LICENSE for details.

Related Servers

Scout Monitoring MCP

sponsor

Put performance and error data directly in the hands of your AI assistant.

Alpha Vantage MCP Server

sponsor

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Replicate Minimax Image-01

Generate images using the minimax/image-01 model on Replicate.

Unified Diff MCP Server

Beautiful HTML and PNG diff visualization using diff2html, designed for filesystem edit_file dry-run output with high-performance Bun runtime.

APIMatic MCP

APIMatic MCP Server is used to validate OpenAPI specifications using APIMatic. The server processes OpenAPI files and returns validation summaries by leveraging APIMatic’s API.

Fluent (ServiceNow SDK)

Manage ServiceNow metadata, modules, records, and tests using Fluent, a TypeScript-based declarative DSL. Supports all ServiceNow SDK CLI commands.

Ref

Up-to-date documentation for your coding agent. Covers 1000s of public repos and sites. Built by ref.tools

Bio-MCP FastQC Server

Provides quality control for biological sequence data using the FastQC and MultiQC tools.

Lifecycle MCP Server

An MCP server for managing the software development lifecycle, with support for an optional external SQLite database.

Hive MCP Server

Provides real-time crypto and Web3 intelligence using the Hive Intelligence API.

Bevy BRP MCP

Control, inspect, and mutate Bevy applications with AI coding assistants via the Bevy Remote Protocol (BRP).

drawdb-mcp

DrawDB + MCP server