The file layer your agents were missing.
Your local agent can hand a file to your remote agent – without you becoming the transport layer. One MCP call. Encrypted before it leaves the machine; our app server never touches the bytes, storage only ever holds ciphertext.
One file, two machines, no human in between.
Left: Claude Desktop on your laptop calls upload_file – the file is encrypted locally and only ciphertext leaves the machine. Right: the coding agent on your VPS calls download_file with the link and decrypts it in place. The everyday agent situation: one environment creates the file, another needs to act on it.
An ops primitive, not another transfer site.
Most transfer tools were made for a human dragging a file into a browser. YAFL is a small, trusted handoff layer for the software that already writes your files.
Can my agent use it without a browser?
Yes – three MCP tools: upload_file, download_file, and get_status for liveness checks before handing work over. Failures come back as stable machine-readable codes – expired, unauthorized, size exceeded – not mystery 404s.
Can YAFL read my file?
No. Files are encrypted with AES-256-GCM before they leave your machine, and the decryption key rides only in the URL's #fragment – which clients never send to any server. Even the filename is encrypted.
What happens when a link is old?
Access stops at 24 hours, checked on every request; storage cleanup follows as a backstop. Long enough for an async agent handoff, short enough that nothing lingers. No cleanup job for you to babysit.
What if an agent's key leaks?
Create one API key per agent or VPS; revoke it and it's dead on the very next request. And because the API key is never the decryption key, a leaked key can't read a single file that was already shared.
Call, pass, call.
Encryption, expiry, and cleanup happen automatically – the file only ever exists in plaintext on the two machines that own it, and our app server never sits in the byte path (clients talk to storage directly over pre-signed URLs).
Agent calls upload_file
Point it at a local path. It encrypts with a fresh one-time key and uploads – you get back one short link.
Pass the link
Paste it into another agent's context, a teammate's chat, wherever. The link carries the key – the link is the credential.
Agent calls download_file
Or a human just opens the link in a browser. It decrypts locally, and 24 hours after upload the link goes dark.
Validating the agent-to-agent transfer loop.
The first milestone is exactly one thing done right: a local agent uploads, a remote agent downloads and decrypts. Free tier first – 100 MB files, 24-hour links, MCP tools. Everything else waits until that loop is proven.