Skip to content

supermarsx/standard-red-notes

Repository files navigation

Standard Red Notes

GitHub stars GitHub forks GitHub issues Last commit Top language CI License: AGPL-3.0

A friendly, private, end-to-end encrypted notes app you run yourself — with every feature included, no paid tier, and nothing gatekept.

Standard Red Notes is an open, AGPL-3.0 licensed, self-hosted fork of Standard Notes. It keeps the things that make Standard Notes great — strong end-to-end encryption, a clean cross-platform client, and a sync server you can host yourself — and removes the part that gets in the way: the subscription. Where the upstream project puts a number of features behind a paid plan, this fork ships the full feature set on by default. The server runs with STANDARD_RED_FEATURES_MODE=included, so feature and subscription checks return full access without any subscription provisioning. You host it, you own the data, and nothing is held back.

This is an independent project and is not affiliated with, sponsored by, or endorsed by Standard Notes. Upstream copyright and attribution are preserved.

New here and want to use the app? Read the onboarding guide — accounts, editors, organizing notes, the AI assistant, and what stays private. Want to run a server? Jump to the Docker quickstart or the full self-hosting guide.

Table of contents

Why this fork

Standard Notes is genuinely great software — strong end-to-end encryption, a clean cross-platform client, and a self-hostable sync server. But upstream development has largely stalled, and a project this good shouldn't be allowed to quietly slide into abandonware. This fork is, first and foremost, about modernization: keeping great software alive, current, and moving forward instead of letting a vacuum form around it. Concretely, that means an updated dependency stack and toolchain, refreshed builds and Docker/reverse-proxy setup, ongoing bug fixes, and a steady stream of new capabilities — so you're running a living, maintained codebase rather than a frozen snapshot of an app that deserves to keep going.

The second thing it changes is the business model. Standard Notes gates some of the nicer features behind a subscription; if you are happy to run your own server, you do not need that gate. Standard Red Notes takes the AGPL-3.0 source and makes the self-hosted product the first-class target:

  • No paid tier, nothing gatekept. Every included feature is on for every account on your instance. There is no "upgrade to unlock" and no subscription to provision — full access is the baseline product mode, not a perk.
  • Self-hosted first. The defaults target your own server, not a hosted service. One setup script generates a complete .env with secure secrets and brings the Docker Compose stack up.
  • You own your data. Notes are end-to-end encrypted on your device before they sync; the server only ever stores ciphertext it cannot read.
  • Genuinely open. AGPL-3.0 means you can inspect, modify, and run it yourself — and anyone you offer it to over a network is entitled to the source.

What's different / improved

On top of the upstream client and server, this fork adds and unlocks a broad set of features — and brings the whole project up to date: the frontend and backend dependencies and toolchain have been modernized (libraries updated, builds and Docker/reverse-proxy setup refreshed) so you're running a current, maintained stack rather than a frozen snapshot. The highlights below are all present in this repository:

Area What you get
All features included The server runs in included features mode, so no feature or note type is gated behind a subscription.
Modernized stack Frontend and backend dependencies and build toolchain updated, reverse-proxy-friendly Docker setup, a top-level Makefile, and documented HTTP API.
AI assistant An optional assistant (Preferences → Assistant) you point at any OpenAI-compatible endpoint — local (LM Studio, Ollama) or hosted. You pick the context scope (current note, whole notebook, a tag/folder/selection) so it only sees what you choose. AI features are opt-in and off by default.
Assistant actions Suggest tags, auto-organize notes, conflict-merge assistance, AI auto-resolve conflicts, note narration / text-to-speech, speech-to-text / dictation, contextual AI search (re-rank results), and a bounded deep-research mode over your own notes.
Many note types Plain text, Super rich blocks, Canvas (freeform drawing), Bases, Calendar, Kanban, Timeline, Flashcards (with study mode), a Map type (mind maps / family trees), and code sandboxes — a JS Sandbox (jsfiddle-style) and a Web App Sandbox (codepen-style live preview).
Super editor blocks Checklists, tables, code, math, footnotes, web embeds, kanban, timeline, QR codes, TradingView & stock charts, an in-browser SQL block, gantt / timing / music-staff charts, and a live clock / world-clock — from the / block picker.
Super editing power Collapsible / foldable sections, multi-cursor editing, a customizable Word-style toolbar with contextual widget groups, and block zoom.
Reminders & journaling Per-note reminders (one-off and recurring), browser notifications, optional server-sent email reminders, and a diary mode that prompts a daily entry.
Dashboards & views A Dashboard with account stats, Achievements, and aggregate views for Reminders, Calendar, Todos, and a Zotero-like Research library — plus a fully customizable Home page.
Sync & real-time Websocket-first delta sync (HTTP fallback), an optional manual-sync mode, live co-editing + presence in shared vaults, and a Sync control pane showing what's local-only.
Search Full-text search with a local index and relevance ranking, advanced operators (tag:, type:, is:, dates…), find-in-PDF, and optional AI re-ranking — all in your browser.
Files Bulk file & folder uploads, large local-only files, automatic EXIF/metadata stripping on image upload, in-app audio playback, and download-all-images-as-zip.
Account & security Passkey sign-in and passkey app-lock, multiple workspaces per email (server-configurable), trusted devices, burn-note one-view shares, bannable users, app passwords / MCP tokens, and scheduled encrypted email backups.
Import / export Import from Evernote, Google Keep, OneNote, Zoho Notebook, CSV; export to .ics, Excel/Word (spreadsheets), print/PDF, and encrypted backups.
Linking & navigation Bidirectional links and backlinks, the constellation graph, and an extended keyboard-driven command palette.
Collaboration Vaults, contacts, and invites, surfaced in a Sharing settings pane.
Privacy controls Protected notes, selective sync, trusted devices, and configurable trash auto-cleanup.
Appearance & personalization Auto light/dark theme, custom themes with custom accent colors, font ligatures, per-note colors, a per-note hero cover image, and a profile picture.
Localization An i18n framework with 16 locales, switchable in settings.
Spellcheck Multi-language spellcheck configuration.
CLI tools srn-client (real end-to-end-encrypted note CRUD from the terminal) and srn-server (operator helpers: health, status, logs, config validation).
MCP bridge An MCP stdio bridge (mcp/) so MCP-capable clients can talk to your server.
Self-hosting One-command setup scripts (scripts/setup.sh / scripts/setup.ps1) and a documented, reverse-proxy-ready Docker Compose stack.

A note on accuracy: features like the AI assistant and narration decrypt notes locally but send the content you point them at to the AI provider you configure. See the onboarding guide for an honest breakdown of what crosses the end-to-end boundary.

Feature comparison

How the upstream hosted Standard Notes offering compares with Standard Red Notes (this fork). Standard Notes is excellent software with a sustainable business; it offers a capable free tier and reserves a number of "Productivity" features for its paid subscription. Standard Red Notes targets self-hosting instead: every included feature is on for every account, with no paid tier — the trade-off is that you run and maintain the server yourself. This table is cross-checked against the "What's different / improved" features this repository actually ships.

Capability Standard Notes (free) Standard Notes (paid / Productivity) Standard Red Notes (this fork)
End-to-end encryption Yes Yes Yes
Unlimited notes, tags, nested folders Yes Yes Yes
Multi-device sync Yes Yes Yes
Plain text / basic editing Yes Yes Yes
Rich / Super block editor, Markdown, code, advanced note types Limited Subscription-gated Included (Super blocks, Canvas, Bases, Calendar, Kanban, Timeline, code sandboxes)
Themes / appearance Default theme Extra themes via subscription Included (auto light/dark + extra themes)
Encrypted file attachments / storage Not on free tier Subscription-gated (storage quota) Included (limits are your server's storage)
Note history / revisions Short retention Extended retention via subscription Included (retention is your server's config)
Two-factor authentication Yes Yes Yes (TOTP, magic link, WebAuthn)
Encrypted backups & email backups Local export Email/cloud backups via subscription Included (export, and email/automatic where configured)
Collaboration / shared vaults No Yes (on supported plans) Included (vaults, contacts, invites, realtime relay)
AI assistant / actions Not offered Not offered Included (bring-your-own OpenAI-compatible endpoint or server proxy)
Public share links, dead-man's switch, email reminders No No Included (fork-specific)
App passwords / scoped MCP tokens / MCP bridge No No Included (fork-specific)
Hosting Managed by Standard Notes Managed by Standard Notes Self-hosted by you
Cost Free Paid subscription Free (you provide the server)

"Subscription-gated" reflects upstream's hosted product at a high level and may shift over time; check standardnotes.com for their current plans. The right-most column reflects what this repository ships today. Self-hosting means you are responsible for running, securing, and backing up the server.

Repository layout

This repository preserves the upstream package boundaries:

  • app/ — web, desktop, mobile, and shared client packages.
  • server/ — auth, sync, files, revisions, websockets, home server, and supporting packages.
  • mcp/ — Standard Red Notes MCP bridge bootstrap.
  • cli/ — standalone command-line tools (srn-client, srn-server).
  • scripts/ — self-hosting setup scripts.
  • docs/ — onboarding, self-hosting, and project planning docs.

The app and server still use their upstream Yarn projects internally. The root package is a coordinator for monorepo scripts and new packages while the larger workspace migration is phased in.

Docker quickstart

Run your own instance in three commands. Prerequisite: Docker with the Compose plugin, installed and running.

git clone https://github.com/supermarsx/standard-red-notes.git
cd standard-red-notes
./scripts/setup.sh --up        # Windows (PowerShell): ./scripts/setup.ps1 -Up

setup generates a complete .env with secure secrets; --up then brings the stack up (web app, server, MySQL, Redis, LocalStack). When it finishes, open http://localhost:3001 and choose Register — every feature is included, nothing to purchase.

Manual setup & everyday commands
./scripts/setup.sh             # write .env only (add --yes to accept all defaults)
docker compose up -d           # start the stack
docker compose ps              # what's running
docker compose logs -f         # follow logs (append a service name to narrow)
docker compose down            # stop
docker compose pull && docker compose up -d    # update and restart
docker compose --profile mcp run --rm mcp      # optional MCP stdio bridge

Other endpoints: API gateway http://localhost:3000, files http://localhost:3125.

For production — every environment variable, reverse proxy (nginx / Traefik), data locations, upgrades, and backup/restore — see the self-hosting guide.

Building from source

Root-level coordinator scripts:

yarn install
yarn build:mcp
yarn start:mcp
yarn deps:audit

The full app and server builds still run through their existing project-level scripts:

yarn --cwd app build:all
yarn --cwd server build

You can also drive the Docker stack via the coordinator scripts:

yarn docker:config
yarn docker:up

Command-line tools

Two standalone CLI tools live in cli/ (each is independent and does not touch the app/server lockfiles):

  • srn-client — manage a Standard Red Notes account from the terminal with real, end-to-end-encrypted note CRUD. It runs the actual protocol (SRP sign-in, argon2 root-key derivation, items-key decryption) via an embedded headless @standardnotes/snjs client, so changes sync back encrypted exactly like the web/desktop app. See cli/srn-client/README.md.
  • srn-server — operator helpers for the Docker stack: health checks, stack status, logs, config validation, and thin docker compose wrappers. Zero runtime dependencies. See cli/srn-server/README.md.

A third tool, srn-admin, ships inside the server image (it drives the auth service's own database and use-cases, so it is not a downloadable binary) — see In-container admin below.

Prebuilt binaries and releases

Each CLI tool is released independently as native, single-file executables via GitHub Actions — no manual tagging required. Releases roll automatically:

  • Triggers. Pushing to main runs the per-tool workflow when that tool's directory changes — srn-client.yml on cli/srn-client/**, srn-server.yml on cli/srn-server/**. Both can also be run on demand from the Actions tab (workflow_dispatch).
  • Pipeline. Each workflow is gated: check → build → package → release (a stage only runs if the previous one passed). Packaging cross-compiles with @yao-pkg/pkg on a single Linux runner.
  • Versioning. Rolling, per tool, YY.N resetting each year (e.g. the first 2025 client release is 25.1, the next 25.2, …). The server tool counts independently. The workflow computes N at release time from existing releases and creates a namespaced tag (srn-client-v25.1, srn-server-v25.1).
  • Artifacts. Every release attaches 6 executables — Windows, macOS, and Linux, each in x64 and arm64 (Windows ones end in .exe) — plus a SHA256SUMS.txt. Download the one matching your platform, verify the checksum, and run it directly. The two tools release as separate GitHub Releases.

Downloads

Grab the prebuilt executable for your platform from the Releases page. The two tools publish independently, so pick the newest release tagged srn-client-v* (client) or srn-server-v* (server). Node is baked in — there's nothing to install; download, verify, make it executable, and run.

srn-client — terminal note CRUD (end-to-end encrypted):

Platform x64 arm64
Windows srn-client-windows-x64.exe srn-client-windows-arm64.exe
macOS srn-client-macos-x64 srn-client-macos-arm64
Linux srn-client-linux-x64 srn-client-linux-arm64

srn-server — operator helpers for the Docker stack:

Platform x64 arm64
Windows srn-server-windows-x64.exe srn-server-windows-arm64.exe
macOS srn-server-macos-x64 srn-server-macos-arm64
Linux srn-server-linux-x64 srn-server-linux-arm64

Direct download follows the tagged-release URL pattern (replace the tag with the current one from the Releases page, and the asset with your platform's row):

# Example: srn-client for Linux x64 from release srn-client-v25.1
base=https://github.com/supermarsx/standard-red-notes/releases/download/srn-client-v25.1
curl -LO "$base/srn-client-linux-x64"
curl -LO "$base/SHA256SUMS.txt"
sha256sum -c SHA256SUMS.txt --ignore-missing   # verify integrity
chmod +x srn-client-linux-x64                  # Linux/macOS only
./srn-client-linux-x64 --help

On Windows, download the matching .exe and run it from PowerShell or double-click; verify with Get-FileHash srn-client-windows-x64.exe -Algorithm SHA256 against SHA256SUMS.txt. On macOS you may need to clear the quarantine flag with xattr -d com.apple.quarantine ./srn-client-macos-arm64 before first run.

Desktop app

The desktop app (built with electron-builder) publishes as its own rolling release, tagged with a semver vYY.M.<build> (e.g. v25.6.123) — distinct from the CLI tools' srn-*-v* tags. Grab the installer for your platform from the Releases page:

Platform Formats (x64 + arm64)
Windows .exe NSIS installer
macOS .dmg and .zip (Intel + Apple Silicon)
Linux .AppImage, .deb, plus .snap (x64)

Auto-update is built in via electron-updater (it reads the GitHub release); it defaults to off and is opt-in under Preferences. The public builds are unsigned, so on first launch macOS may need right-click → Open and Windows SmartScreen may warn (More info → Run anyway).

In-container admin (srn-admin)

srn-admin is baked into the server image and runs admin operations directly against the auth database — it reuses the auth service's own use-cases and repositories (no HTTP, no admin session, no separate container). Use it to bootstrap the first admin, manage RBAC groups, reset 2FA, or fix a storage quota. Run it inside the running stack:

docker compose exec server srn-admin help
docker compose exec server srn-admin whois user@example.com   # uuid, email, roles
docker compose exec server srn-admin grant-admin user@example.com   # → INTERNAL_TEAM_USER
docker compose exec server srn-admin revoke-admin user@example.com
docker compose exec server srn-admin list-roles user@example.com    # direct + effective
docker compose exec server srn-admin reset-mfa user@example.com     # clear 2FA + recovery codes
docker compose exec server srn-admin fix-quota user@example.com     # recalculate storage usage

A <user> may be an email or a user uuid. RBAC groups are managed via the group subcommands:

docker compose exec server srn-admin group list
docker compose exec server srn-admin group create "Editors" CORE_USER,INTERNAL_TEAM_USER
docker compose exec server srn-admin group set-roles <groupUuid> CORE_USER
docker compose exec server srn-admin group members <groupUuid>
docker compose exec server srn-admin group add-user <groupUuid> user@example.com
docker compose exec server srn-admin group remove-user <groupUuid> user@example.com
docker compose exec server srn-admin group delete <groupUuid>

Granting INTERNAL_TEAM_USER is the same role the server reads from the ADMIN_EMAILS env var at boot — srn-admin grant-admin is the ad-hoc equivalent for an already-registered user.

API

Your self-hosted server exposes the full Standard Notes HTTP API through the API gateway — sign-in (PKCE), sync (POST /v1/items), items/files, settings, sessions, two-factor, collaboration, plus this fork's additions (app passwords, MCP tokens, public share links, the AI assistant proxy, and more).

See docs/API.md for the full reference: base URL and versioning, the authentication model (PKCE + bcrypt-derived server password, Authorization: Bearer access tokens, refresh), a curl walkthrough, and every endpoint grouped by area. Because notes are end-to-end encrypted, item payloads are ciphertext — the easiest faithful client is the bundled srn-client, which runs the real protocol. The API docs are also linked in-app under Preferences → Documentation → Automation (MCP) → The HTTP API.

License

Standard Red Notes is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). See the LICENSE.md file for the full text. Because the AGPL covers network use, anyone you offer this software to over a network is entitled to its corresponding source.

This project is a self-hosted fork of Standard Notes, which is also distributed under the AGPL-3.0. Upstream copyright and attribution notices are preserved. Standard Red Notes is an independent project and is not affiliated with, sponsored by, or endorsed by Standard Notes.