The website publishes product information, download entry points, release records, Release JSON, platform status JSON, and legal documents.
It does not receive desktop API keys, providers, prompts, Agent Skills, benchmark history, or local logs.Docs
Documentation
Unified documentation for the website, downloads, updates, privacy, terms, and disclaimers.
API tests, API cards, providers, prompts, Agent Skills, and reports are processed on the user's device.
ShnDock does not provide API key cloud sync, a web console, or hosted storage for third-party account credentials.When a user runs an API test, the request is sent to the provider, relay, local model service, or custom endpoint selected by the user.
ShnDock does not control third-party logging, billing, availability, service terms, or data-processing practices.Overview
ShnDock is a local-first desktop application for OpenAI-compatible API testing, API cards, provider presets, benchmark prompts, user prompts, and Agent Skill documentation.
The official website is used for product information, download entry points, release records, update manifests, platform status, and legal documents. It does not provide a web console, online API testing, desktop API key collection, or API key cloud sync.
Website and downloads
This documentation covers shndock.com, official download files, public Release JSON, public platform status JSON, and the basic local-data boundaries of the ShnDock desktop application.
The website is deployed on Vercel and may use Vercel Web Analytics to understand anonymous visit trends, traffic sources, and basic device information. This information is used to improve the website and download experience, not to build desktop user profiles.
Public static resources include /releases/latest.json, /releases/history.json,/stats/platform.json, and installer files. Accessing the download page does not require an account and does not collect local desktop configuration.
Local data
API keys remain on the user's device by default and are stored through Electron safeStorage using system-level local encryption.
They are not uploaded to the official website and are not written into benchmark history, logs, Skill Packs, or the browser extension.ShnDock records TTFT, total latency, output speed, failure classification, request diagnostics, and token-usage source.
Plaintext API keys are not written into test records. Test results are for diagnosis and comparison, not billing.These assets are created, edited, imported, exported, or deleted by the user in the desktop application.
They are not stored by the website and are not automatically published to any public platform..sapi re-encrypts API card data with a user-provided password; .shndock-backup is used for encrypted full workspace backups.
Users are responsible for storing export files and passwords. Recovery cannot be guaranteed if the password is lost.API key boundaries
API keys remain on the user device by default. ShnDock uses Electron safeStorage to store keys through system-level local encryption. If system encryption is unavailable, the desktop application should not degrade to weak pseudo-encryption such as base64 for newly saved API keys.
When a saved card is used for testing, the renderer passes only the cardId. The main process decrypts the key and sends the request. API keys are not uploaded to the ShnDock website, written into test history, logs, reports, Skill Packs, or the browser extension, and are not synchronized through the website to any third-party platform.
Third-party interfaces
When users run API tests, requests are sent to the official endpoint, relay, local model service, or custom provider configured by the user. Those third parties may process request content, logs, account data, rate limits, billing, and compliance obligations under their own rules.
Users are responsible for confirming that they are authorized to use the relevant API keys and endpoints. ShnDock does not control third-party availability, response quality, pricing, retention policies, or terms of service.
Exports and backups
.sapi files are used for cross-device API card migration and are re-encrypted with a user-provided password at export. .shndock-backup is used for encrypted full workspace backups.
Users are responsible for storing export files and passwords. Weak passwords, disclosed passwords, compromised devices, or leaked backup files may expand user risk exposure.
Update checks
The ShnDock desktop application checks for updates by reading https://shndock.com/releases/latest.json. The first update-check implementation does not require an account and does not upload API keys, providers, prompts, Agent Skills, benchmark history, logs, local paths, or device identifiers.
Windows 1.0.0 is currently available. macOS and Linux are not yet open. The current Windows installer is unsigned; file integrity is defined by the file size and SHA256 published on the download page and in the release JSON.
Browser extension Beta
The browser extension is a beta companion feature for reading public card metadata through local loopback. It does not read API keys stored by the desktop application and should not receive plaintext keys from the desktop application.
Deletion and uninstall
Users can delete API cards, providers, prompts, Skills, and API test records inside the desktop application. Uninstalling the application does not necessarily delete all local data or user-created export files.
Local user data is typically stored under C:\Users\<User>\AppData\Roaming\shndock\. Users are responsible for managing exported .sapi files, .shndock-backup files, downloaded installers, and other local backups.
Terms and disclaimers
The following entries summarize the service rules and risk boundaries for the website, download entry points, update checks, and desktop use.
Users must ensure that they are authorized to use any API key, model endpoint, relay service, local model service, or custom provider configured in ShnDock, and must comply with the applicable provider terms, network service rules, and laws in their jurisdiction.
Users are responsible for API keys, provider configuration, prompts, Agent Skills, exported .sapi files, .shndock-backup files, and the content of test requests stored or processed on their own devices.
The official website provides product information, download entry points, Release JSON, platform status JSON, release records, and legal documents. The first desktop release only directs users to the official download page for updates and does not perform silent installation or forced updates.
ShnDock must not be used for attacks, abuse, bypassing service restrictions, credential stuffing, unauthorized data access, evasion of provider rules, or any unlawful or non-compliant activity.
The Windows version is currently available for download. macOS and Linux are not yet open for download and must not be interpreted as formally supported release channels.
ShnDock API test results are affected by network conditions, local devices, providers, models, concurrency, rate limits, and provider policies. They are intended for diagnosis, comparison, and review.
Token, speed, and usage data prefer provider-reported usage when available. If the provider does not return usage data, ShnDock may use local estimates. Local estimates are not bills, settlement records, or proof of provider accuracy.
ShnDock does not control the availability, response quality, pricing, logging, billing, rate limits, account restrictions, or service terms of third-party providers, relays, or model services.
The current Windows 1.0.0 installer is unsigned. SHA256 verification confirms that the downloaded file matches the file published by the official website; it is not equivalent to code signing or operating-system certification.
If a device is compromised, an operating-system account is stolen, a weak password is used, or export files are disclosed by the user, ShnDock cannot eliminate those external risks.
Public contact channels
- Author site · shinning.pro
- GitHub · https://github.com/Shinning1010
- X / Twitter · https://x.com/Shinning1010