LemurPouch

End-to-end encrypted file sharing that never leaves your network.

Run the relay on any LAN machine. Anyone on your network opens it in a browser, verifies a six-word fingerprint, and sends. Files never touch the cloud — and the relay routes opaque ciphertext it can’t read.

curl -fsSL https://lemurpouch.com/install.sh | sh

Installs the relay. Clients just open a URL.View on GitHub →

MIT licensed
Relay for macOS, Linux, Windows
No accounts
No telemetry
Session-only

lemur-pouch · running on the LAN

:8080

This devicetide-quantum-velvet-tribe-yellow-orchard192.168.1.42 :54088

Peers nearby2

abandon-ladder-marble-finger-zebra-rocket192.168.1.21 :51422
Friend
forest-narrow-coast-meadow-piano-walnut192.168.1.34 :49810
Send invite

How it works

Three steps, no accounts.

Set up once on the LAN, then any browser on the network can send files end-to-end encrypted. No app, no extension, nothing to install on the senders or receivers.

Install the relay, once

One curl on any Mac, Linux, or Windows machine on your network. The binary verifies its own checksum, picks a sensible install path, and starts listening on :8080. That's the only setup.

~/lemur-pouch

$curl -fsSL https://lemurpouch.com/install.sh | sh
Downloading lemur-pouch-darwin-arm64.tar.gz
Verifying checksum
Extracting to /Users/you/Library/Application Support/lemur-pouch
Starting LemurPouch…
✓ Listening on :8080
  http://192.168.1.42:8080/
  http://[fe80::1c5:c1d2]:8080/

Verify six words
Each device generates its identity locally in the browser and renders it as a six-word BIP-39 fingerprint. Read it aloud across the room or across the call to confirm — humans verify identity, not the relay.
Your laptop seesabandon-ladder-marble-finger-zebra-rocket
Same six words → friend confirmed
Your phone seesabandon-ladder-marble-finger-zebra-rocket
Send the file
Drag a file in, the receiver accepts the offer, and bytes flow through the relay as opaque ciphertext it can't read. Filenames, sizes, and content stay on your network.
Sending toEncrypted
abandon-ladder-marble-finger-zebra-rocket
roadmap-q3.pdf12.4 MB
62% · 7.7 MB of 12.4 MBchunk 124/200

What you get

Built for the network you’ve got, not the one you wish you had.

End-to-end encrypted
XChaCha20-Poly1305 with X25519 ECDH session keys, bound to Ed25519 identities. The relay forwards opaque ciphertext it cannot read.
Works on locked-down networks
Plain outbound WebSocket over TCP. No WebRTC, no UDP, no STUN, no inbound ports — runs through corporate firewalls that break everything else.
Nothing to install on clients
The relay is one curl on any LAN machine. From there, every sender and receiver just opens a URL — no app, no extension, no account.
Two-tier consent
Friendship is mutually established once per session; every individual file transfer still needs an explicit accept. Either side can refuse at any point.
Session-only state
Identities, friendships, transfers — all in relay memory, all session-scoped. Restart the relay and it's a clean slate. No database, no logs of content.
Single binary, cross-platform
macOS, Linux, and Windows on amd64 and arm64 — plus a multi-platform Docker image. The frontend is embedded in the binary; one file is the whole product.

Trust model

What the relay sees, and what it never sees.

The relay routes envelopes; it does not read them. Trust is rooted in the six-word fingerprint humans verify out-of-band — not in the relay.

The relay sees

Routing identitiesSource and destination Ed25519 public keys, so envelopes reach the right peer.
Approximate volume and timingBytes through the relay are bytes the relay can count.
Friendship-control bitsinvite / accept / reject — needed to enforce two-tier consent.
Source IP and ephemeral portUsed for per-IP rate limiting and the discovery row.

The relay never sees

Filenames and file sizesEncrypted inside the transfer offer.
File contentsStreamed as opaque ciphertext chunks.
Per-transfer accept or rejectCarried inside encrypted envelopes after friendship.
Accounts, cookies, or display namesNo registration, no analytics — just session-scoped keys.

Install

One command. Then anyone on your network can use it.

Install on a laptop, a Pi, a NAS — anything reachable on the LAN that runs macOS, Linux, or Windows. The relay binds on :8080, prints every URL it’s reachable at, and waits for clients.

Download a binary directly →Build from source →

curl -fsSL https://lemurpouch.com/install.sh | sh

Verifies the SHA-256 of the release before running. Installs to ~/Library/Application Support/lemur-pouch on macOS, the XDG data dir on Linux. Re-runs are idempotent.

irm https://lemurpouch.com/install.ps1 | iex

PowerShell. Verifies the SHA-256 before running. Installs to %LOCALAPPDATA%\lemur-pouch. Re-runs are idempotent.

docker run --rm -p 8080:8080 ghcr.io/steelbrain/lemur-pouch:latest

Multi-platform image: linux/amd64, linux/arm64, windows/amd64.On macOS with OrbStack, container ports bind only to 127.0.0.1 — LAN devices won’t reach the relay. Use the binary install above, or Docker Desktop / colima.

End-to-end encrypted file sharing that never leaves your network.

Three steps, no accounts.

Install the relay, once

Verify six words

Send the file

Built for the network you’ve got, not the one you wish you had.

End-to-end encrypted

Works on locked-down networks

Nothing to install on clients

Two-tier consent

Session-only state

Single binary, cross-platform

What the relay sees, and what it never sees.

One command. Then anyone on your network can use it.