Skip to content

mikkisguy/shadowbrain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

178 Commits
.github/workflows
.github/workflows
 
 
.husky
.husky
 
 
data
data
 
 
docs
docs
 
 
markdown
markdown
 
 
public
public
 
 
scripts
scripts
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.env.template
.env.template
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc
.prettierrc
 
 
AGENTS.md
AGENTS.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
components.json
components.json
 
 
docker-compose.yml
docker-compose.yml
 
 
eslint.config.mjs
eslint.config.mjs
 
 
next.config.ts
next.config.ts
 
 
nginx.conf
nginx.conf
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
pnpm-workspace.yaml
pnpm-workspace.yaml
 
 
postcss.config.mjs
postcss.config.mjs
 
 
renovate.json
renovate.json
 
 
tsconfig.json
tsconfig.json
 
 
vitest.config.ts
vitest.config.ts
 
 

Repository files navigation

image

ShadowBrain

Version

ShadowBrain is a personal knowledge management system that treats every thought - raw captures, journal entries, knowledge notes, bookmarks, people, projects, questions, and events - as nodes in a rich, typed graph.

  • Everything in one database — no split between "journal here" and "notes there." One query across your entire brain.
  • Semantic search — find thoughts by meaning, not just keywords.
  • Typed linksinspired by, contradicts, builds upon, involves, bookmarked for — not just "related to."
  • Frictionless capture — Discord, web, voice. Under 3 seconds from thought to saved.
  • Hermes is the interface — your AI assistant is the primary interaction layer. Talk to it like a person.
  • Web chat at /chat — talk to Hermes (with tool-progress + approval for admin actions) or an OpenCode Go model, optionally grounded in your knowledge base. Save messages back to ShadowBrain with one click.
  • Local-first, portable forever — SQLite database. One file. Copy it anywhere. Export everything to Markdown.

Tech Stack

Layer Technology
Database SQLite + sqlite-vec (semantic search) + FTS5 (full-text)
Backend Next.js (App Router, TypeScript)
Frontend React 19 + Tailwind CSS + shadcn/ui
AI Interface Hermes Agent + OpenCode Go models (web chat at /chat)
Capture Discord WebSocket listener, Web UI, API
AI Processing OpenRouter (background jobs: nightly compilation, auto-tag, auto-title)
Deployment Docker Compose + nginx reverse proxy

Security

ShadowBrain is designed for a public-VPS deployment and ships with a defense-in-depth security baseline. The full policy is in the App Security Baseline spec; at a glance:

  • Session-based auth with HttpOnly / Secure / SameSite=Lax cookies, rate-limited login, constant-time credential check (OWASP ASVS V3.2.2).
  • Two-level visibility on every item: is_hidden (out of casual views, AI-OK) and is_private (out of views; AI only on per-thread opt-in).
  • CSRF via origin check (constant-time compare, exact-pathname exempt list), standard security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), global rate limiting per IP.
  • Regular backups of the database to Proton Drive (E2E encrypted by the destination), with an in-app reminder — see the backup reminder spec.
  • SSRF protection on URL-fetch endpoints (bookmark auto-fetch, image capture) — private / loopback / link-local addresses are blocked.
  • CI security (CodeQL, lint CI, Renovate, SECURITY.md) so every PR is scanned, linted, typechecked, and tested.

Back up your database to Proton Drive regularly — the in-app reminder at /backup will prompt you, and the guide there walks through the one-time setup (Proton Drive CLI + /ShadowBrain Backups folder) and the backup script.

Development

pnpm install
pnpm dev          # Start dev server (localhost:3000)
pnpm test         # Run tests
pnpm typecheck    # TypeScript type check
pnpm lint         # Lint
pnpm format       # Format

The full technical reference (commands, code style, security scanning, agent skills) is in AGENTS.md.

Documentation

Design specs

Docker Deployment

ShadowBrain includes Docker Compose configuration for production deployment with nginx reverse proxy.

Prerequisites

  • Docker and Docker Compose installed
  • A .env file (copy from .env.template and fill in your values)
  • The Proton Drive CLI installed on the VPS for the backup flow (see the in-app /backup guide)

Running with Docker

# Start all services (app + nginx)
docker compose up -d

# View logs
docker compose logs -f

# Stop services
docker compose down

# Stop and remove volumes (cleans database)
docker compose down -v

The app will be available at http://localhost (ports 80/443).

Services

  • app: Next.js application on port 3000 (internal)
  • nginx: Reverse proxy on ports 80 and 443
  • data: Persistent volume for SQLite database and uploads

About

Self-hosted second brain — SQLite knowledge graph with AI-powered journaling, semantic search, and typed connections between every thought.

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages