π¦
io.github.stephenballot-ai/legacy-shield
Zero-knowledge encrypted vault β persistent, encrypted storage for AI agents. EU-hosted.
0 installs
Trust: 37 β Low
Devtools
Ask AI about io.github.stephenballot-ai/legacy-shield
Powered by Claude Β· Grounded in docs
I know everything about io.github.stephenballot-ai/legacy-shield. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
Legacy Shield
Secure digital vault for critical documents with emergency access. 100% European hosting.
Legacy Shield is a privacy-first document vault designed for storing your most critical filesβpassports, wills, insurance policies, property deedsβwith built-in emergency access for loved ones. Unlike general cloud storage, Legacy Shield uses client-side encryption and European-exclusive infrastructure to ensure maximum privacy and security.
π Key Features
- π Zero-Knowledge Encryption: Files encrypted in your browser before upload
- π¨ Emergency Access: Loved ones can access your vault with unlock phrase (read-only)
- πͺπΊ European Data Sovereignty: 100% EU infrastructure (hosted on Hetzner, Germany)
- π± Document Viewer: View PDFs, images, and documents in-browser
- π·οΈ Smart Organization: Categories, tags, favorites, expiration tracking
- β GDPR Native: Privacy-first design, compliant by default
ποΈ Architecture
Monorepo Structure:
legacy-shield/
βββ packages/
β βββ web/ # Next.js frontend (React + TypeScript)
β βββ api/ # Express backend (Node.js + TypeScript)
β βββ shared/ # Shared types and utilities
βββ infrastructure/ # Deployment configs
βββ docker-compose.yml
βββ product-spec.md # Product specification
βββ architecture-spec.md # Technical architecture
Tech Stack:
- Frontend: Next.js 14, TypeScript, TailwindCSS, Web Crypto API
- Backend: Node.js, Express, Prisma ORM, PostgreSQL
- Storage: Hetzner Object Storage (S3-compatible)
- Hosting: Hetzner Cloud (Germany)
- Payments: Stripe
π Quick Start
Prerequisites
- Node.js 20+ and npm 10+
- Docker and Docker Compose
- Git
1. Clone and Install
cd /Users/stephenballot/Documents/LegacyShield
npm install
2. Start Infrastructure
# Start PostgreSQL, Redis, and MinIO (local S3)
docker compose up -d
# Verify services are running
docker ps
Note: You can also use
npm run docker:devas a shortcut.
3. Configure Environment
# Copy example environment file
cp .env.example .env
# Edit .env with your values (defaults work for local development)
4. Initialize Database
cd packages/api
# Generate Prisma Client
npm run db:generate
# Run database migrations
DATABASE_URL="postgresql://legacyshield:devpassword@localhost:5432/legacyshield_dev" npm run db:migrate
# Optional: seed with test data
npm run db:seed
cd ../..
Note: The DATABASE_URL must be provided because Prisma doesn't automatically read the root
.envfile. See GETTING_STARTED.md for details.
5. Start Development Servers
# Start both frontend and backend
npm run dev
# Or start individually:
npm run dev:web # Frontend at http://localhost:3000
npm run dev:api # Backend at http://localhost:4000
6. Access the Application
- Frontend: http://localhost:3000
- API: http://localhost:4000
- MinIO Console: http://localhost:9001 (minioadmin / minioadmin)
π Development
Available Scripts
# Development
npm run dev # Start all services
npm run dev:web # Start frontend only
npm run dev:api # Start backend only
# Building
npm run build # Build all packages
npm run build:web # Build frontend
npm run build:api # Build backend
# Testing
npm run test # Run all tests
npm run lint # Lint all packages
npm run type-check # TypeScript type checking
# Database
cd packages/api
npm run db:migrate # Run migrations
npm run db:seed # Seed database
npm run db:studio # Open Prisma Studio
npm run db:reset # Reset database
# Docker
docker compose up -d # Start Docker services
docker compose down # Stop Docker services
docker compose logs -f # View Docker logs
Tip: For detailed setup instructions, see GETTING_STARTED.md
Project Structure
packages/
βββ web/ # Frontend (Next.js)
β βββ src/
β β βββ app/ # Next.js App Router
β β β βββ (auth)/ # Auth pages (login, register)
β β β βββ (dashboard)/ # Protected dashboard pages
β β β βββ emergency-access/ # Public emergency portal
β β βββ components/ # React components
β β βββ lib/
β β β βββ crypto/ # Client-side encryption
β β β βββ api/ # API client
β β β βββ utils/ # Utilities
β β βββ hooks/ # Custom React hooks
β β βββ store/ # Zustand stores
β β βββ types/ # TypeScript types
β βββ package.json
β
βββ api/ # Backend (Express)
β βββ src/
β β βββ routes/ # API routes
β β βββ middleware/ # Express middleware
β β βββ services/ # Business logic
β β βββ models/ # Data models
β β βββ jobs/ # Background jobs
β β βββ utils/ # Utilities
β β βββ server.ts # Main server file
β βββ prisma/
β β βββ schema.prisma # Database schema
β β βββ migrations/ # Database migrations
β βββ package.json
β
βββ shared/ # Shared code
βββ src/
β βββ types/ # Shared TypeScript types
β βββ constants/ # Shared constants
β βββ utils/ # Shared utilities
βββ package.json
π Security
Legacy Shield implements a zero-knowledge architecture:
- Client-side encryption: All files encrypted in browser before upload
- Key derivation: Master key derived from password using PBKDF2 (100k iterations)
- Per-file keys: Each file encrypted with unique AES-256-GCM key
- Dual-key system: Files encrypted with both owner key and emergency key
- No plaintext storage: Server never sees unencrypted files or keys
- 2FA mandatory: Two-factor authentication required for all users
Encryption Flow
Password β PBKDF2 β Master Key β Encrypts file keys β AES-256-GCM β Encrypted file
β
Hetzner Object Storage (Germany)
πͺπΊ European Data Sovereignty
All infrastructure is hosted exclusively in the European Union:
- Compute: Hetzner Cloud (Falkenstein, Germany)
- Database: Hetzner Managed PostgreSQL (Germany)
- Storage: Hetzner Object Storage (Germany)
- Backups: Automated backups to Nuremberg, Germany
Your data never leaves European soil and is protected by:
- GDPR (General Data Protection Regulation)
- German BDSG (Federal Data Protection Act)
- No US CLOUD Act jurisdiction
π Documentation
- Getting Started Guide: Detailed setup instructions β Start here!
- Product Specification: Complete product requirements
- Architecture Specification: Technical architecture details
- Infrastructure Guide: Deployment information
π§ͺ Testing
# Run all tests
npm run test
# Run tests for specific package
npm run test --workspace=web
npm run test --workspace=api
# Run tests in watch mode
npm run test:watch --workspace=web
# Run e2e tests
npm run test:e2e
π Deployment
Production Deployment (Hetzner Cloud)
- Infrastructure Setup: See infrastructure/README.md
- Environment Variables: Configure production
.envwith real credentials - Database Migration: Run migrations on production database
- Deploy: Use GitHub Actions or manual deployment
# Build for production
npm run build
# Deploy to Hetzner (manual)
# See infrastructure/deploy.sh
CI/CD
GitHub Actions workflow automatically:
- Runs tests on every PR
- Builds and deploys to staging on
developbranch - Builds and deploys to production on
mainbranch
π€ Contributing
This is a private project. For the development team:
- Create feature branch:
git checkout -b feature/your-feature - Make changes and commit:
git commit -m "Add your feature" - Push branch:
git push origin feature/your-feature - Create Pull Request on GitHub
Code Standards
- TypeScript: Strict mode enabled
- Linting: ESLint with Airbnb config
- Formatting: Prettier (automatic on commit)
- Commits: Conventional commits format
π Pricing
- Free Tier: 15 documents, 1 emergency contact
- Pro Tier: $10/month or $500 lifetime
- 100 documents
- 5 emergency contacts
- Advanced features (expiration tracking, sharing, audit logs)
π License
Copyright Β© 2026 Legacy Shield. All rights reserved.
This is proprietary software. Unauthorized copying or distribution is prohibited.
π Support
- Documentation: See spec files in root directory
- Issues: GitHub Issues (private repo)
- Email: support@legacyshield.com
Built with β€οΈ in Europe. Your data, your privacy, your legacy.