YAFL yet another file layer
MCP-native file handoff

The file layer your agents were missing.

Your local agent can hand a file to your remote agent – without you becoming the transport layer. One MCP call. Encrypted before it leaves the machine; our app server never touches the bytes, storage only ever holds ciphertext.

Get early access See how it works // no SSH, no scp, no browser upload forms
Drop a file here to send it to an agent – or click to try it.
100 MB · encrypted before upload · link expires in 24h
What this looks like

One file, two machines, no human in between.

Left: Claude Desktop on your laptop calls upload_file – the file is encrypted locally and only ciphertext leaves the machine. Right: the coding agent on your VPS calls download_file with the link and decrypts it in place. The everyday agent situation: one environment creates the file, another needs to act on it.

Why it's different

An ops primitive, not another transfer site.

Most transfer tools were made for a human dragging a file into a browser. YAFL is a small, trusted handoff layer for the software that already writes your files.

Can my agent use it without a browser?

Yes – three MCP tools: upload_file, download_file, and get_status for liveness checks before handing work over. Failures come back as stable machine-readable codes – expired, unauthorized, size exceeded – not mystery 404s.

Can YAFL read my file?

No. Files are encrypted with AES-256-GCM before they leave your machine, and the decryption key rides only in the URL's #fragment – which clients never send to any server. Even the filename is encrypted.

What happens when a link is old?

Access stops at 24 hours, checked on every request; storage cleanup follows as a backstop. Long enough for an async agent handoff, short enough that nothing lingers. No cleanup job for you to babysit.

What if an agent's key leaks?

Create one API key per agent or VPS; revoke it and it's dead on the very next request. And because the API key is never the decryption key, a leaked key can't read a single file that was already shared.

The whole trip

Call, pass, call.

Encryption, expiry, and cleanup happen automatically – the file only ever exists in plaintext on the two machines that own it, and our app server never sits in the byte path (clients talk to storage directly over pre-signed URLs).

STEP 01

Agent calls upload_file

Point it at a local path. It encrypts with a fresh one-time key and puts the ciphertext straight into storage – you get back one short link.

STEP 02

Pass the link

Paste it into another agent's context, a teammate's chat, wherever. The link carries the key in its # fragment – the link is the credential.

STEP 03

Agent calls download_file

Or a human just opens the link in a browser. Either way it decrypts locally, and 24 hours after upload the link goes dark.

What to expect

Validating the agent-to-agent transfer loop.

The first milestone is exactly one thing done right: a local agent uploads, a remote agent downloads and decrypts. Free tier first – 100 MB files, 24-hour links, MCP tools. Everything else waits until that loop is proven.

MVP Free tier · 100 MB · 24h links Built MCP upload · download · status Building Browser upload / download Later Larger files · custom expiry · audit logs