A VS Code-style encrypted note-taking application with end-to-end (E2E) encryption. Notes are encrypted client-side using AES-256-GCM before reaching the server, ensuring that only you can read your data.

• End-to-End Encryption — AES-256-GCM encryption with client-side master keys. The server only stores encrypted blobs and never has access to plaintext content.
• VS Code-Inspired UI — Activity bar, sidebar explorer, tabbed editor, title bar with dropdown menus, and status bar, all styled with the VS Code Dark+ theme.
• CodeMirror 6 Editor — Markdown syntax highlighting, undo/redo history, and keyboard shortcuts.
• Live MDX Preview — Split-pane view with real-time rendered preview alongside the editor.
• Google OAuth Authentication — Secure sign-in via Google with session-based auth.
• Recovery Key System — A 64-character hex recovery key lets you regain access to your encrypted data if you lose your session.
• Demo Mode — Works entirely in the browser using localStorage when no backend is available, including on GitHub Pages.
• TEE-Ready Architecture — Infrastructure for future Intel SGX/TDX hardware-backed encryption.

├── client/
│   ├── components/        # React UI components (App, Editor, Sidebar, etc.)
│   ├── hooks/             # useAuth, useNotes custom hooks
│   ├── utils/             # Crypto, API client, localStorage backend
│   └── styles/            # VS Code Dark+ theme CSS
├── server/
│   ├── db/                # SQLite schema and initialization
│   ├── middleware/         # Authentication middleware
│   ├── routes/            # Auth, notes, and key management endpoints
│   └── tee/               # TEE/enclave simulator
├── .github/workflows/     # GitHub Pages deployment
├── index.html             # SPA entry point
└── vite.config.js         # Vite configuration with proxy and GitHub Pages support

• Node.js (v18 or later recommended)
• npm

git clone https://github.com/dennismysh/Mdx-experiments.git
cd Mdx-experiments
npm install

Copy the example environment file and fill in your values:

cp .env.example .env

Required variables:

npm run dev

This starts both the Express server (port 4000) and the Vite dev server (port 3000) concurrently. The Vite dev server proxies API requests to the backend.

You can also run them separately:

npm run server:dev    # Express with auto-reload (nodemon)
npm run client:dev    # Vite dev server only

npm run build         # Build frontend to dist/
npm start             # Start server (serves dist/ as static files)

The project includes a GitHub Actions workflow that automatically deploys to GitHub Pages on pushes to main. To build for GitHub Pages manually:

GITHUB_PAGES=true npm run build

In GitHub Pages mode, the app runs entirely client-side in demo mode using localStorage for persistence.

Recovery Key (user saves)
        │
        ▼
    PBKDF2 (600k iterations, SHA-256)
        │
        ▼
  Key Encryption Key (KEK)
        │
        ▼
  AES-256-GCM encrypt/decrypt
        │
        ▼
    Master Key ──► AES-256-GCM ──► Encrypted Note (title + content)

• Master Key: A 256-bit AES key generated on first sign-up. Used to encrypt and decrypt all notes.
• Recovery Key: A 64-character hex string (displayed as 8 groups of 8 characters). Used to derive the KEK that wraps the master key.
• Note Encryption: Each note's title and content are encrypted separately, each with its own initialization vector (IV).
• Server Storage: The server stores only encrypted blobs and the encrypted master key. It never has access to plaintext data or the recovery key.

npm run lint

MIT — see LICENSE for details.