npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@coffrify/mcp

v0.15.0

Published

Coffrify MCP server — gives Claude/Cursor/Windsurf agents direct access to Coffrify : 207+ tools spanning transfers, webhooks, audit, API keys, analytics, branding, domains, folders, collections, members, notifications, GDPR, status, changelog, alerts, te

Readme

@coffrify/mcp

MCP server for Coffrify — gives AI agents (Claude Desktop, Cursor, Windsurf, Cline, OpenAI Agents SDK, OpenAgents Toolbox) direct access to Coffrify's encrypted file-transfer infrastructure.

The server exposes 170+ tools, 44 browseable resources, and 29 LLM workflow prompts that wrap every public surface of @coffrify/sdk — transfers, webhooks, audit, API keys, analytics, branding, custom domains, folders, collections, members, notifications, GDPR, SSO/SCIM, billing, quotas, alerts, templates, request inboxes, coffres, magic links, recipients, rooms, MFA, status, changelog, marketing, and more.

What is MCP?

Model Context Protocol is the open standard for connecting AI agents to tools. With this server, agents can :

  • Send encrypted file transfers (server-side or E2E e2e_v1)
  • Manage webhook subscriptions, replay failed deliveries, rotate signing secrets
  • Query the audit log and search it by actor/action/resource
  • Create / revoke / rotate API keys and short-lived delegated tokens
  • Run GDPR exports, request deletion, review retention policies
  • Provision SSO / SCIM tokens for Okta, Azure AD, Google Workspace
  • Manage billing, mint Stripe Checkout / Portal links
  • Get composite health scores and tier recommendations
  • Run guided workflows (incident-response, cost-optimization, …)

All without leaving the chat.

Install

# directly via npx (Claude Desktop / Cursor pattern)
npx -y @coffrify/mcp

# or pin a version in your dependencies
pnpm add -D @coffrify/mcp
npm  install --save-dev @coffrify/mcp

Setup

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows) :

{
  "mcpServers": {
    "coffrify": {
      "command": "npx",
      "args": ["-y", "@coffrify/mcp"],
      "env": {
        "COFFRIFY_API_KEY": "cof_mcp_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}

Restart Claude. You should see "coffrify" tools in the plug menu.

Cursor

Edit ~/.cursor/mcp.json :

{
  "mcpServers": {
    "coffrify": {
      "command": "npx",
      "args": ["-y", "@coffrify/mcp"],
      "env": { "COFFRIFY_API_KEY": "cof_mcp_live_..." }
    }
  }
}

Windsurf / Cline / other MCP clients

Same pattern — command: npx, args: ["-y", "@coffrify/mcp"], env contains COFFRIFY_API_KEY.

Optional environment variables

| Variable | Default | Purpose | |---|---|---| | COFFRIFY_API_KEY | required | API key or MCP token (cof_mcp_live_… recommended) | | COFFRIFY_API_URL | https://api.coffrify.com | Override for staging or self-hosted |

Available tools (selection)

The full catalog is 170+ tools. Here is a sample of what each surface exposes — call tools/list from your MCP client to enumerate them all.

Transfers

coffrify_list_transfers, coffrify_search_transfers, coffrify_iterate_transfers, coffrify_get_transfer, coffrify_get_transfer_preview, coffrify_create_transfer, coffrify_clone_transfer, coffrify_delete_transfer, coffrify_bulk_delete_transfers, coffrify_set_transfer_folder, coffrify_get_transfer_qrcode, coffrify_rescan_transfer, coffrify_send_transfer_email, coffrify_bulk_export_transfers, coffrify_list_transfer_downloads, coffrify_list_downloads.

Webhooks

coffrify_list_webhooks, coffrify_list_active_webhooks, coffrify_create_webhook, coffrify_dry_run_webhook, coffrify_test_webhook, coffrify_test_webhook_event, coffrify_update_webhook, coffrify_delete_webhook, coffrify_rotate_webhook_secret, coffrify_list_webhook_deliveries, coffrify_replay_webhook, coffrify_replay_webhook_delivery, coffrify_retry_webhook_delivery, coffrify_search_webhook_deliveries, coffrify_get_webhook_delivery, coffrify_webhook_health_metrics, coffrify_list_webhook_event_types, coffrify_get_webhook_event_metadata.

Audit log

coffrify_list_audit, coffrify_query_audit_log, coffrify_search_audit, coffrify_export_audit_log, coffrify_get_audit_actor_summary, coffrify_explain_event.

API keys + delegated tokens

coffrify_list_api_keys, coffrify_get_api_key, coffrify_create_api_key, coffrify_update_api_key, coffrify_revoke_api_key, coffrify_rotate_api_key, coffrify_list_api_tokens, coffrify_create_api_token, coffrify_revoke_api_token.

Analytics + Quotas + Billing

coffrify_analytics_summary, coffrify_get_analytics, coffrify_check_quota, coffrify_check_quotas, coffrify_compute_quota_pct, coffrify_storage_history, coffrify_bandwidth_daily, coffrify_throughput_recent, coffrify_get_subscription, coffrify_get_billing_subscription, coffrify_get_usage_billing_period, coffrify_get_billing_address, coffrify_update_billing_address, coffrify_create_billing_portal_link, coffrify_create_checkout_link, coffrify_compare_plan_to_usage, coffrify_tier_recommendation.

Branding + Domains + Folders + Collections + Coffres + Rooms + Requests + Templates + Alerts + Recipients + Magic links

A full CRUD surface per resource — see tools/list.

Members / Invitations / Sessions / MFA

coffrify_list_members, coffrify_list_invitations, coffrify_invite_member, coffrify_revoke_invitation, coffrify_list_sessions, coffrify_revoke_session, coffrify_revoke_all_sessions_except_current, coffrify_mfa_status.

GDPR + Compliance

coffrify_gdpr_export, coffrify_export_gdpr, coffrify_request_data_deletion, coffrify_list_consent_log, coffrify_get_data_retention_policy, coffrify_list_my_legal_acceptances, coffrify_get_legal_documents, coffrify_get_legal_document_content, coffrify_list_subprocessors, coffrify_dpo_contact_info.

SSO + SCIM

coffrify_get_sso_config, coffrify_update_sso_config, coffrify_list_scim_tokens, coffrify_create_scim_token, coffrify_revoke_scim_token, coffrify_get_scim_audit.

Status + Changelog + Marketing (public)

coffrify_check_status, coffrify_get_status_services, coffrify_list_incidents, coffrify_subscribe_to_status_alerts, coffrify_list_changelog, coffrify_recent_changelog, coffrify_list_blog_posts, coffrify_get_blog_post, coffrify_search_docs, coffrify_search_help, coffrify_list_pricing_plans, coffrify_subscribe_newsletter, coffrify_unsubscribe_newsletter.

Agent god-mode

coffrify_global_search, coffrify_describe_workspace_brief, coffrify_workspace_health_score, coffrify_get_workspace_activity_feed, coffrify_explain_event, coffrify_get_openapi_schema.

Browseable resources

The server also exposes 44 read-only resources that your client can list and read. Examples :

coffrify://transfers              → list of recent transfers (JSON)
coffrify://transfers/<id>         → one transfer + files
coffrify://transfers/recent       → most recent 50 (alias)
coffrify://transfers/preview/<id> → binary preview of a transfer's files
coffrify://webhooks               → all webhook endpoints
coffrify://webhooks/<id>          → one webhook + recent deliveries
coffrify://events                 → catalog of webhook event types
coffrify://events/catalog         → catalog (alias)
coffrify://workspace              → /me payload
coffrify://workspace-health       → composite 0-100 health score
coffrify://audit                  → last 100 audit entries
coffrify://audit/recent           → alias
coffrify://analytics              → usage summary (30d)
coffrify://analytics/summary      → alias
coffrify://quotas                 → plan caps + current consumption
coffrify://quotas/current         → alias
coffrify://billing                → subscription + usage
coffrify://status                 → service up/down + open incidents
coffrify://status/operational     → alias
coffrify://changelog              → recent changelog entries
coffrify://changelog/recent       → alias
coffrify://branding               → white-label settings
coffrify://branding/current       → alias
coffrify://collections            → collections list
coffrify://collections/list       → alias
coffrify://templates              → transfer templates
coffrify://templates/list         → alias
coffrify://requests               → request inboxes
coffrify://coffres                → mini-vaults
coffrify://rooms                  → persistent shared rooms
coffrify://recipients             → address book
coffrify://alerts                 → alert rules
coffrify://api-keys               → API keys (hashed)
coffrify://api-tokens             → delegated tokens
coffrify://members                → members + invitations
coffrify://sessions               → owner's dashboard sessions
coffrify://notifications          → notification prefs
coffrify://domains                → custom domains
coffrify://folders                → folders
coffrify://mfa                    → MFA enrollment
coffrify://pricing                → public plan catalog
coffrify://legal                  → published legal docs
coffrify://subprocessors          → subprocessors list
coffrify://retention              → retention policy
coffrify://sso                    → SAML config
coffrify://scim-tokens            → SCIM tokens
coffrify://docs/openapi           → /v1/openapi.json (proxied)

The coffrify://transfers/preview/<id>[/<file_id>] resource returns a signed preview URL the agent can fetch as application/pdf or application/octet-stream — useful for letting an LLM actually read the content of an inbound transfer.

LLM workflow prompts

The server publishes 29 prompts that compose multiple tools into proven workflows :

  • send_invoice — compose + send an invoice transfer with defaults
  • audit_weekly — last 7d audit summary
  • audit-share-policy — per-transfer policy review + tightening proposal
  • rotate_all_api_keys — rotate every key with 7-day grace
  • subscribe_to_security_events — wire a webhook to every security event
  • investigate_transfer — pull a transfer + its scans + deliveries + audit
  • security_audit_today — daily security sweep
  • transfer_cleanup — bulk-delete expired / zero-download transfers
  • webhook_health_check — 24h success rate report
  • webhook_postmortem — failure forensics (payloads + responses + timing)
  • member_access_audit — flag stale invitations + over-privileged roles
  • monthly_billing_review — last 3 periods + savings/upsell recommendation
  • onboard_new_client — Request Inbox + Coffre + member invite bundle
  • quota_health_check — flag any consumption > 80 %
  • incident_triage — fast 24h triage
  • incident-response — full breach playbook (rotate + revoke + freeze)
  • request_inbox_followup — nudge dormant submissions
  • coffre_access_audit — access-log anomalies per coffre
  • acquire_lead — landing-chatbot RAG + plan recommendation + checkout link
  • compliance_audit — GDPR brief (retention + consents + acceptances + erasures)
  • data-retention-review — same as compliance_audit, GDPR-focused
  • enterprise_onboarding — SSO + SCIM rollout
  • setup-saml-sso — IdP-specific (Okta / Azure / Google) SAML walkthrough
  • setup-scim — SCIM token + base URL + first sync
  • setup-webhook — guided endpoint setup with dry-run + signing secret
  • migrate-from-wetransfer — concept mapping + first transfer + first webhook
  • usage_review_and_upgrade — health + tier reco + portal/checkout link
  • find_everything_about — global workspace search
  • cost-optimization — 30d cost sweep + 3 ranked actions

Custom actions (since v0.3.0)

If your workspace defines custom actions in the dashboard (settings → MCP), they are fetched at startup via GET /v1/mcp/custom-actions and merged into the tool list. Two runtime kinds are supported :

  • json — proxy directly to a Coffrify /v1/* endpoint with declarative path / query / body mapping. Active today.
  • typescript — arbitrary TS code executed in a Vercel Sandbox. Coming in v0.12. Today the tool returns a stub explaining where the code is stored.

Tool overrides (toggling builtins off per workspace) are fetched from GET /v1/mcp/tools. Disabled tools are hidden from tools/list.

Example usage in Claude

You: "Send my latest report to [email protected], expire after 24h, password protect it."

Claude (calls coffrify_create_transfer with files + expires_in_hours=24 + password):
  → Creates the transfer
  → Returns the share URL + token
  → Optionally calls coffrify_create_webhook to notify on download
You: "Why is webhook abc123 failing?"

Claude (calls coffrify_webhook_health_metrics + coffrify_search_webhook_deliveries):
  → Sees a 0% success rate over the last 24h
  → Pulls 3 representative failed deliveries via coffrify_get_webhook_delivery
  → Reports "Receiver returns 500 on transfer.downloaded — payload includes new field `bytes_transferred` you may not parse"
  → Suggests coffrify_update_webhook or coffrify_retry_webhook_delivery after the fix
You: "Migrate me from WeTransfer."

Claude (invokes the migrate-from-wetransfer prompt):
  → Maps WeTransfer concepts to Coffrify
  → Sets branding, mints an API key, creates a default template
  → Sends a first encrypted transfer to validate
  → Subscribes to download events

Auth

Generate an MCP token in your Coffrify dashboard with the scopes you want the agent to have. Use a cof_mcp_test_ token for sandbox testing, only switch to cof_mcp_live_ once you trust the agent. Full API keys (cof_live_… / cof_test_…) also work, but dedicated MCP tokens are easier to revoke and audit.

We recommend a dedicated API key per agent installation, with expires_in_days set, so you can revoke it cleanly.

License

MIT