vnsh
The Ephemeral Dropbox for AI
Website • Quick Start • How It Works • Self-Hosting • API
What is vnsh?
Stop pasting walls of text into Claude. Pipe your logs, diffs, and images into a secure, host-blind URL. The server sees nothing. The data vaporizes in 24 hours.
# Pipe anything to vnsh, get a secure link
git diff | vn
# https://vnsh.dev/v/a1b2c3d4...#k=...&iv=...
Handles any context your AI needs:
- 🖼️ Screenshots — UI bugs, error dialogs, terminal output
- 📜 Logs — 5000+ lines of server errors (too long for copy-paste)
- 🔄 Git Diffs — Complex PR reviews, multi-file changes
- 📦 Binaries — PDFs, CSVs, config files, database dumps
- 🔧 Debug Context — Stack traces, environment dumps, crash reports
Philosophy
"Built for the ephemeral nature of AI workflows. Once your session is done, the data should be too."
Unlike Dropbox or pastebins, vnsh implements a Zero-Access Architecture with automatic vaporization:
| Layer | What Happens |
|---|---|
| Encryption | AES-256-CBC encryption happens entirely on your device |
| Transport | Decryption keys travel only in the URL fragment (#k=...) — never sent to servers |
| Storage | Server stores encrypted binary blobs with zero knowledge of contents |
| Vaporization | Data auto-destructs after 24 hours. No history. No leaks. |
Quick Start
Option 1: Web Upload
Visit vnsh.dev, drag & drop a file, or paste text. Get an encrypted link instantly.
Option 2: CLI Installation
NPM (recommended for Node.js users):
npm install -g vnsh-cli
Homebrew (macOS/Linux):
brew tap raullenchai/vnsh
brew install vnsh
Shell script (cross-platform: macOS, Linux, WSL, Git Bash):
curl -sL https://vnsh.dev/i | sh
CLI Usage
# Upload a file
vn secrets.env
# Pipe from stdin
cat crash.log | vn
docker logs app | vn
git diff HEAD~5 | vn
# Read/decrypt a URL
vn read "https://vnsh.dev/v/abc123#k=...&iv=..."
# Custom expiry (1-168 hours)
vn --ttl 1 temp-file.txt # expires in 1 hour
# Show version and help
vn --version
vn --help
Option 3: Claude Code (MCP Integration)
Native to Claude Code. Unlike Dropbox, vnsh has a first-party MCP server. Claude can "see" inside your encrypted links without leaving the terminal.
Add to your Claude Code MCP settings:
{
"mcpServers": {
"vnsh": {
"command": "npx",
"args": ["-y", "vnsh-mcp"]
}
}
}
Now Claude can:
- Read vnsh links automatically when you paste them
- Share large outputs via
vnsh_sharetool
Option 4: GitHub Action (CI/CD)
Debug CI failures with Claude in one click. When your CI fails, automatically upload logs and post a secure link to your PR.
- name: Debug with vnsh
if: failure()
uses: raullenchai/upload-to-vnsh@v1
with:
file: test.log
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The action will post a comment to your PR:
🔍 Debug with Claude
CI logs uploaded securely. View Logs | Paste link to Claude for instant analysis
See upload-to-vnsh for full documentation.
How It Works
┌──────────────────────────────────────────────────────────────────────────┐
│ YOUR DEVICE │
│ ┌─────────┐ ┌──────────────┐ ┌─────────────────────────────────┐ │
│ │ Data │───▶│ AES-256-CBC │───▶│ Encrypted Blob + URL Fragment │ │
│ └─────────┘ │ Encryption │ │ https://vnsh.dev/v/id#k=... │ │
│ └──────────────┘ └─────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────────┘
│
Only encrypted blob sent to server
(key stays in URL fragment, never transmitted)
▼
┌──────────────────────────────────────────────────────────────────────────┐
│ VNSH SERVER (BLIND) │
│ │
│ Receives: [encrypted binary blob] │
│ Stores: [encrypted binary blob] │
│ Knows: upload time, size, expiry │
│ Cannot: decrypt, identify content type, read keys │
│ │
└──────────────────────────────────────────────────────────────────────────┘
URL Structure
https://vnsh.dev/v/a1b2c3d4-5678-90ab-cdef-1234567890ab#k=<64-char-key>&iv=<32-char-iv>
└──────────────────────────────────┘ └─────────────────────────────┘
Sent to server Never sent to server
(blob identifier) (decryption material)
Self-Hosting
vnsh runs on Cloudflare Workers with R2 storage. Deploy your own instance:
Prerequisites
- Cloudflare account with Workers & R2 enabled
- Wrangler CLI
Deploy
# Clone the repository
git clone https://github.com/raullenchai/vnsh.git
cd vnsh/worker
# Install dependencies
npm install
# Create R2 bucket
wrangler r2 bucket create vnsh-store
# Deploy
wrangler deploy
Configuration
Edit wrangler.toml to customize:
name = "vnsh"
[[r2_buckets]]
binding = "VNSH_STORE"
bucket_name = "vnsh-store" # Your R2 bucket name
[[kv_namespaces]]
binding = "VNSH_META"
id = "your-kv-namespace-id" # Create with: wrangler kv namespace create VNSH_META
API Reference
POST /api/drop
Upload an encrypted blob.
curl -X POST https://vnsh.dev/api/drop \
-H "Content-Type: application/octet-stream" \
--data-binary @encrypted.bin
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
ttl | number | Time-to-live in hours (1-168, default: 24) |
price | number | Payment required to access (x402 protocol) |
Response:
{
"id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"expires": "2025-01-25T00:00:00.000Z"
}
GET /api/blob/:id
Download an encrypted blob.
curl https://vnsh.dev/api/blob/a1b2c3d4-5678-90ab-cdef-1234567890ab
Response Codes:
| Code | Description |
|---|---|
| 200 | Success — returns encrypted blob |
| 402 | Payment required |
| 404 | Not found |
| 410 | Expired |
GET /v/:id
Web viewer (serves HTML directly to preserve URL fragment with encryption keys).
GET /i
CLI installation script.
Security Model
What vnsh Protects Against
✅ Server Compromise — Even with full server access, attackers cannot decrypt blobs ✅ Database Leaks — Stored data is indistinguishable from random noise ✅ Traffic Analysis — No content-type information stored ✅ Subpoenas — Server operator cannot produce plaintext (doesn't have keys)
What vnsh Does NOT Protect Against
❌ URL Sharing — Anyone with the full URL (including #fragment) can decrypt
❌ Client Compromise — Malware on your device can intercept before encryption
❌ MITM on Upload Page — An attacker serving malicious JavaScript could intercept
Recommendations
- Use vnsh over HTTPS only
- Don't share full URLs in public channels (Slack, Discord, Twitter)
- For maximum security, self-host the worker
Project Structure
vnsh/
├── worker/ # Cloudflare Worker (storage API)
│ ├── src/
│ │ └── index.ts # Main worker code
│ └── test/
│ └── api.test.ts
├── mcp/ # MCP Server (Claude Code integration)
│ ├── src/
│ │ ├── index.ts # MCP tool handlers
│ │ └── crypto.ts # Encryption utilities
│ └── package.json
├── cli/
│ ├── vn # Bash CLI script
│ ├── npm/ # NPM package (vnsh-cli)
│ │ ├── src/
│ │ │ ├── cli.ts
│ │ │ └── crypto.ts
│ │ └── package.json
│ └── install.sh # Shell installer
├── homebrew-tap/ # Homebrew formula
│ └── Formula/
│ └── vnsh.rb
└── docs/ # Documentation
Packages
| Package | Description | Install |
|---|---|---|
| vnsh-cli | CLI tool | npm i -g vnsh-cli |
| vnsh-mcp | MCP server for Claude | npx vnsh-mcp |
| upload-to-vnsh | GitHub Action for CI/CD | uses: raullenchai/upload-to-vnsh@v1 |
| homebrew-vnsh | Homebrew tap | brew install raullenchai/vnsh/vnsh |
Development
# Clone
git clone https://github.com/raullenchai/vnsh.git
cd vnsh
# Install dependencies
npm install
cd worker && npm install
cd ../mcp && npm install
# Run tests (143 tests, 82%+ coverage)
npm test
# Start local worker
cd worker && npm run dev
# Build MCP server
cd mcp && npm run build
Contributing
Contributions are welcome! Please read our Contributing Guide before submitting a PR.
Development Workflow
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Run tests (
npm test) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
MIT License — see LICENSE for details.
The Ephemeral Dropbox for AI. Your context. Your keys. Then it's gone.