Public release — April 19, 2026
Filarr’s code is public.
The Filarr desktop is now published on GitHub under Business Source License 1.1. You can read every line, verify every cryptographic claim, propose fixes.
Public repo
github.com/matbel91765/filarr
License
Business Source License 1.1
Change Date
April 19, 2030 → Apache 2.0
Official binary
One, distributed from filarr.com
What’s in the repo (and what’s not)
The repo contains the local-first core of the product — exactly what you use when you’re not signed in. The cloud backend and subscription modules stay as hosted services, not open source.
In the repo
- Electron/React desktop client
- Cryptographic modules (AES-256-GCM, KEK/FEK, PBKDF2)
- TipTap block editor (tasks, tables, wiki-links, transclusion)
- Graph view with physics simulation, community detection
- Built-in 2D canvas (Excalidraw-style)
- Multi-profile with full key isolation
- Encrypted local on-disk storage
- 51+ format file preview
Not in the repo
- api.filarr.com backend (auth, sessions, billing)
- Cross-device cloud sync logic
- Cloudflare R2 infrastructure and workers
- Subscription and payment management
The official binary on filarr.com combines both. Without an account, it behaves exactly like the OSS repo. With a subscription, the proprietary cloud modules activate.
Use Grant — what you can do with this code
The Business Source License defines permitted use during the non-commercial period (until April 19, 2030). After that date, the code converts to Apache 2.0.
Permitted uses
- Personal and private use
- Educational use (courses, teaching, learning)
- Academic or independent research
- Product evaluation for your company
- Development and contribution to the project
- Security audit (individual or organizational)
Requires a commercial license
- Production deployment for your company
- Selling a service based on Filarr’s code
- Redistributing a modified version in production
- Hosting a competing commercial offering
Need commercial or production use? Email contact@filarr.com to discuss a license.
Why BSL 1.1, not MIT or AGPL
The license choice reflects what we want to protect and what we want to open up. Three options were on the table:
MIT / Apache 2.0 right away
A competitor could fork, rebrand, and sell the same product tomorrow. As a solo dev, this would end the project. BSL protects the business model for 4 years.
AGPL
Network copyleft: if you use it in a service, you must open-source your whole stack. It’s a drag on adoption and contributions, especially for companies.
BSL 1.1
Immediate transparency, commercial protection for 4 years, automatic conversion to Apache 2.0 in 2030. Model used by Sentry, CockroachDB, MariaDB — projects that proved it works.
Read, build, contribute
1. Clone the repo
One command:
git clone https://github.com/matbel91765/filarr.git2. Read the code
Start with README.md and SECURITY.md. The electron/ folder contains the main process and crypto modules; src/renderer/ contains the React UI. To verify a specific crypto claim, electron/storageService.ts and the key derivation modules are the entry points.
3. Build locally
Run npm install then npm run dev to test in development mode. The README specifies the required Node version and signing tools needed to produce a distributable binary.
4. Contribute
Read CONTRIBUTING.md for the rules: commit format, branches, Code of Conduct. PRs are welcome — bugs, documentation, translations, new features.
Found a security issue?
The whole point of opening the code is to make it auditable. If you spot a vulnerability — broken crypto, key leak, escalation — report it via responsible disclosure, not a public issue.
Security contact: security@filarr.com. Response within 48 business hours.
Open the repo.
Read the code that runs on your machine. Flag what’s broken. Propose what’s missing.