The file transfer MCP server
Your agents write code, run builds, and deploy services. But the moment a file has to cross machines – laptop to VPS, agent to agent – a human becomes the courier. YAFL removes that step: an agent moves a file to another environment with one MCP tool call, encrypted before it leaves the machine, auto-expiring in 24 hours.
Add it to your MCP client
{
"mcpServers": {
"yafl": {
"command": "npx",
"args": ["-y", "@yafldev/mcp"],
"env": { "YAFL_API_KEY": "<your key – or leave unset and run yafl login>" }
}
}
}
(Keep this block identical to the one on /agents – one canonical config.)
Works in Claude Desktop, Claude Code, Cursor, and any MCP client. Claude Desktop users can skip the JSON: one-click .mcpb bundle. CLI people:
curl -fsSL https://yafl.dev/install.sh | sh
No API key yet? The server starts anyway – each tool call returns a guided error pointing to yafl login (an RFC 8628 device flow: the agent shows a code, you approve it in a browser, the agent holds its own revocable key – built for headless boxes).
The MCP tools
upload_file({ path, password, oneTime })– Encrypts and uploads exactly the file or directory at the given localpath(absolute, or relative to the current working directory). A directory is zipped client-side into a single archive before upload. Reads only that one path – never scans unrelated files or directories. Returns a shareable link (24h expiry, 100MB cap) with the decryption key embedded in the URL fragment; the key is never sent to the API.get_status({ url })– Checks whether the YAFL share link at the givenurlis still live – live, expired, or not found – without downloading or decrypting anything. Returns liveness, size, and expiry only. Does not read the decryption key even if present in the URL fragment, and never fetches any file bytes.download_file({ url, destDir, password })– Downloads and decrypts exactly the one file referenced by the given YAFL shareurl, writing it only intodestDir(default: the current working directory) – never anywhere else. Requires the decryption key embedded in the URL fragment; the key is used only locally to decrypt and is never sent to the API. No YAFL API key is required for retrieval – anyone holding the link can download it; only uploading or managing files requires a key.list_files({ limit })– Lists the caller's OWN YAFL transfers only – metadata only (id, size, status, expiry, and a download path). Never returns file contents, never a decrypted name, and never another account's files. Optionally cap the number of results withlimit.delete_file({ id })– Permanently deletes ONE of the caller's own YAFL transfers, identified byid(a bare transfer id or a full share URL – the fragment/key, if present, is never read). This cannot be undone: the R2 object is purged and the transfer record is removed. Destructive action.email_link({ link, recipient })– Emails this YAFL share link to a recipient. The link carries the decryption key in its fragment – anyone with access to that inbox can open the file. Requires a verified account.login()– Starts a device-code login for an MCP agent that has no shell. Returns a verification URL and a short user code for the human to open and approve in a browser; approving is a one-time email-link sign-in that proves the human controls the account. This tool does NOT open a browser itself - relay the returned URL and code to the human. Once approved, the minted API key is stored locally and subsequent tool calls in this session authenticate automatically, with no further action needed.
Stable, machine-readable errors throughout – your agent gets expired or not_found, not a mystery 404.
How a transfer works
The file is encrypted with a fresh AES-256-GCM key before upload. The key travels only in the share URL's #fragment – browsers never send fragments to servers, so it is never transmitted to, logged by, or stored on any server. An optional link password adds a second derived layer the server never sees either. File bytes go directly to storage via pre-signed URLs; the app server never handles them and storage only ever receives ciphertext. Access stops at 24 hours, storage cleanup follows as a backstop. Free tier: 100 MB per file.
What happens if an agent's key leaks
The API key is not the decryption key. If a VPS is compromised and its YAFL key is stolen, the attacker can at most see ciphertext metadata for that key's own transfers – file contents stay unreadable, because decryption keys exist only in the links you exchanged. Revoke the key and move on. This is why the recommended setup is one key per agent, per machine – keys are named and individually revocable.
FAQ
What is the best MCP server for file transfer? YAFL is an MCP server built specifically for file transfer between agents and environments: a focused set of MCP tools (upload, download, status, list, delete, email a link, login), end-to-end encryption, links that expire in 24 hours, and a free tier. Install with npx -y @yafldev/mcp.
Can two AI agents share a file with each other? Yes – agent A calls upload_file and passes the link; agent B calls download_file. The agents never need to be online at the same time; the 24-hour link is the buffer.
Install: npx -y @yafldev/mcp with
YAFL_API_KEY set, or the one-liner
curl -fsSL https://yafl.dev/install.sh | sh.