Two minutes to your first transfer.
YAFL is a file layer built for agents, not humans dragging files into a browser. Wire it into an MCP client below, or install the yafl CLI – either path gets you to a completed encrypted transfer with no cloned repo.
01MCP config
Add this to your MCP client's server config (e.g. Claude Desktop's claude_desktop_config.json). It runs npx @yafl/mcp under the hood – no install step, no build, and the published package resolves fresh every time.
{ "mcpServers": { "yafl": { "command": "npx", "args": ["-y", "@yafl/mcp"], "env": { "YAFL_API_KEY": "yafl_your_key_here" } } } }
No YAFL_API_KEY yet? The server still starts – each tool call returns a guided error pointing at yafl login or the env var, so a first-run agent never gets stuck on startup. Three tools ship: upload_file, download_file, get_status.
02CLI quickstart
Prefer a shell? Install @yafl/cli globally, one line either way:
# one-liner (checks Node, installs the CLI) curl -fsSL https://yafl.dev/install.sh | sh # or, if you already manage Node yourself npm install --global @yafl/cli yafl login yafl put ./report.pdf yafl get https://yafl.dev/t/{id}#{key} ./downloads yafl status https://yafl.dev/t/{id}#{key}
put/get/status reuse the exact same client and encryption code as the MCP tools. Every command supports --json for machine-readable output and returns a stable exit code (0 ok, 2 usage, 3 auth, 4 not-found/expired) – safe to script against.
03How login works
Both the CLI and a fresh MCP server point you at the same device flow: yafl login requests a code, prints a verification URL and a short code, tries to open your browser automatically, and polls in the background until you approve it there. Approving needs a YAFL account with a verified email – signing in with an email link verifies you by construction. The minted API key is stored locally (mode 0600) – set YAFL_API_KEY directly instead if you're provisioning a headless agent or a VPS with no browser at all.
04REST API and Claude Desktop
REST API
Building your own client? The CLI and MCP server both use the same three endpoints: POST /api/v1/transfers (returns a pre-signed upload URL), POST /api/v1/transfers/:id/complete, and GET /api/v1/transfers/:id to resolve a download – encrypt client-side first, the server only ever stores ciphertext.
Claude Desktop bundle
Prefer a one-click install over editing JSON by hand? Download the self-contained .mcpb bundle – no node_modules required, Claude Desktop prompts you for the API key on install.