@coffrify/mcp
v0.15.0
Published
Coffrify MCP server — gives Claude/Cursor/Windsurf agents direct access to Coffrify : 207+ tools spanning transfers, webhooks, audit, API keys, analytics, branding, domains, folders, collections, members, notifications, GDPR, status, changelog, alerts, te
Maintainers
Readme
@coffrify/mcp
MCP server for Coffrify — gives AI agents (Claude Desktop, Cursor, Windsurf, Cline, OpenAI Agents SDK, OpenAgents Toolbox) direct access to Coffrify's encrypted file-transfer infrastructure.
The server exposes 170+ tools, 44 browseable resources, and 29 LLM workflow prompts that wrap every public surface of @coffrify/sdk — transfers, webhooks, audit, API keys, analytics, branding, custom domains, folders, collections, members, notifications, GDPR, SSO/SCIM, billing, quotas, alerts, templates, request inboxes, coffres, magic links, recipients, rooms, MFA, status, changelog, marketing, and more.
What is MCP?
Model Context Protocol is the open standard for connecting AI agents to tools. With this server, agents can :
- Send encrypted file transfers (server-side or E2E
e2e_v1) - Manage webhook subscriptions, replay failed deliveries, rotate signing secrets
- Query the audit log and search it by actor/action/resource
- Create / revoke / rotate API keys and short-lived delegated tokens
- Run GDPR exports, request deletion, review retention policies
- Provision SSO / SCIM tokens for Okta, Azure AD, Google Workspace
- Manage billing, mint Stripe Checkout / Portal links
- Get composite health scores and tier recommendations
- Run guided workflows (incident-response, cost-optimization, …)
All without leaving the chat.
Install
# directly via npx (Claude Desktop / Cursor pattern)
npx -y @coffrify/mcp
# or pin a version in your dependencies
pnpm add -D @coffrify/mcp
npm install --save-dev @coffrify/mcpSetup
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows) :
{
"mcpServers": {
"coffrify": {
"command": "npx",
"args": ["-y", "@coffrify/mcp"],
"env": {
"COFFRIFY_API_KEY": "cof_mcp_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
}Restart Claude. You should see "coffrify" tools in the plug menu.
Cursor
Edit ~/.cursor/mcp.json :
{
"mcpServers": {
"coffrify": {
"command": "npx",
"args": ["-y", "@coffrify/mcp"],
"env": { "COFFRIFY_API_KEY": "cof_mcp_live_..." }
}
}
}Windsurf / Cline / other MCP clients
Same pattern — command: npx, args: ["-y", "@coffrify/mcp"], env contains COFFRIFY_API_KEY.
Optional environment variables
| Variable | Default | Purpose |
|---|---|---|
| COFFRIFY_API_KEY | required | API key or MCP token (cof_mcp_live_… recommended) |
| COFFRIFY_API_URL | https://api.coffrify.com | Override for staging or self-hosted |
Available tools (selection)
The full catalog is 170+ tools. Here is a sample of what each surface exposes — call tools/list from your MCP client to enumerate them all.
Transfers
coffrify_list_transfers, coffrify_search_transfers, coffrify_iterate_transfers, coffrify_get_transfer, coffrify_get_transfer_preview, coffrify_create_transfer, coffrify_clone_transfer, coffrify_delete_transfer, coffrify_bulk_delete_transfers, coffrify_set_transfer_folder, coffrify_get_transfer_qrcode, coffrify_rescan_transfer, coffrify_send_transfer_email, coffrify_bulk_export_transfers, coffrify_list_transfer_downloads, coffrify_list_downloads.
Webhooks
coffrify_list_webhooks, coffrify_list_active_webhooks, coffrify_create_webhook, coffrify_dry_run_webhook, coffrify_test_webhook, coffrify_test_webhook_event, coffrify_update_webhook, coffrify_delete_webhook, coffrify_rotate_webhook_secret, coffrify_list_webhook_deliveries, coffrify_replay_webhook, coffrify_replay_webhook_delivery, coffrify_retry_webhook_delivery, coffrify_search_webhook_deliveries, coffrify_get_webhook_delivery, coffrify_webhook_health_metrics, coffrify_list_webhook_event_types, coffrify_get_webhook_event_metadata.
Audit log
coffrify_list_audit, coffrify_query_audit_log, coffrify_search_audit, coffrify_export_audit_log, coffrify_get_audit_actor_summary, coffrify_explain_event.
API keys + delegated tokens
coffrify_list_api_keys, coffrify_get_api_key, coffrify_create_api_key, coffrify_update_api_key, coffrify_revoke_api_key, coffrify_rotate_api_key, coffrify_list_api_tokens, coffrify_create_api_token, coffrify_revoke_api_token.
Analytics + Quotas + Billing
coffrify_analytics_summary, coffrify_get_analytics, coffrify_check_quota, coffrify_check_quotas, coffrify_compute_quota_pct, coffrify_storage_history, coffrify_bandwidth_daily, coffrify_throughput_recent, coffrify_get_subscription, coffrify_get_billing_subscription, coffrify_get_usage_billing_period, coffrify_get_billing_address, coffrify_update_billing_address, coffrify_create_billing_portal_link, coffrify_create_checkout_link, coffrify_compare_plan_to_usage, coffrify_tier_recommendation.
Branding + Domains + Folders + Collections + Coffres + Rooms + Requests + Templates + Alerts + Recipients + Magic links
A full CRUD surface per resource — see tools/list.
Members / Invitations / Sessions / MFA
coffrify_list_members, coffrify_list_invitations, coffrify_invite_member, coffrify_revoke_invitation, coffrify_list_sessions, coffrify_revoke_session, coffrify_revoke_all_sessions_except_current, coffrify_mfa_status.
GDPR + Compliance
coffrify_gdpr_export, coffrify_export_gdpr, coffrify_request_data_deletion, coffrify_list_consent_log, coffrify_get_data_retention_policy, coffrify_list_my_legal_acceptances, coffrify_get_legal_documents, coffrify_get_legal_document_content, coffrify_list_subprocessors, coffrify_dpo_contact_info.
SSO + SCIM
coffrify_get_sso_config, coffrify_update_sso_config, coffrify_list_scim_tokens, coffrify_create_scim_token, coffrify_revoke_scim_token, coffrify_get_scim_audit.
Status + Changelog + Marketing (public)
coffrify_check_status, coffrify_get_status_services, coffrify_list_incidents, coffrify_subscribe_to_status_alerts, coffrify_list_changelog, coffrify_recent_changelog, coffrify_list_blog_posts, coffrify_get_blog_post, coffrify_search_docs, coffrify_search_help, coffrify_list_pricing_plans, coffrify_subscribe_newsletter, coffrify_unsubscribe_newsletter.
Agent god-mode
coffrify_global_search, coffrify_describe_workspace_brief, coffrify_workspace_health_score, coffrify_get_workspace_activity_feed, coffrify_explain_event, coffrify_get_openapi_schema.
Browseable resources
The server also exposes 44 read-only resources that your client can list and read. Examples :
coffrify://transfers → list of recent transfers (JSON)
coffrify://transfers/<id> → one transfer + files
coffrify://transfers/recent → most recent 50 (alias)
coffrify://transfers/preview/<id> → binary preview of a transfer's files
coffrify://webhooks → all webhook endpoints
coffrify://webhooks/<id> → one webhook + recent deliveries
coffrify://events → catalog of webhook event types
coffrify://events/catalog → catalog (alias)
coffrify://workspace → /me payload
coffrify://workspace-health → composite 0-100 health score
coffrify://audit → last 100 audit entries
coffrify://audit/recent → alias
coffrify://analytics → usage summary (30d)
coffrify://analytics/summary → alias
coffrify://quotas → plan caps + current consumption
coffrify://quotas/current → alias
coffrify://billing → subscription + usage
coffrify://status → service up/down + open incidents
coffrify://status/operational → alias
coffrify://changelog → recent changelog entries
coffrify://changelog/recent → alias
coffrify://branding → white-label settings
coffrify://branding/current → alias
coffrify://collections → collections list
coffrify://collections/list → alias
coffrify://templates → transfer templates
coffrify://templates/list → alias
coffrify://requests → request inboxes
coffrify://coffres → mini-vaults
coffrify://rooms → persistent shared rooms
coffrify://recipients → address book
coffrify://alerts → alert rules
coffrify://api-keys → API keys (hashed)
coffrify://api-tokens → delegated tokens
coffrify://members → members + invitations
coffrify://sessions → owner's dashboard sessions
coffrify://notifications → notification prefs
coffrify://domains → custom domains
coffrify://folders → folders
coffrify://mfa → MFA enrollment
coffrify://pricing → public plan catalog
coffrify://legal → published legal docs
coffrify://subprocessors → subprocessors list
coffrify://retention → retention policy
coffrify://sso → SAML config
coffrify://scim-tokens → SCIM tokens
coffrify://docs/openapi → /v1/openapi.json (proxied)The coffrify://transfers/preview/<id>[/<file_id>] resource returns a signed preview URL the agent can fetch as application/pdf or application/octet-stream — useful for letting an LLM actually read the content of an inbound transfer.
LLM workflow prompts
The server publishes 29 prompts that compose multiple tools into proven workflows :
send_invoice— compose + send an invoice transfer with defaultsaudit_weekly— last 7d audit summaryaudit-share-policy— per-transfer policy review + tightening proposalrotate_all_api_keys— rotate every key with 7-day gracesubscribe_to_security_events— wire a webhook to every security eventinvestigate_transfer— pull a transfer + its scans + deliveries + auditsecurity_audit_today— daily security sweeptransfer_cleanup— bulk-delete expired / zero-download transferswebhook_health_check— 24h success rate reportwebhook_postmortem— failure forensics (payloads + responses + timing)member_access_audit— flag stale invitations + over-privileged rolesmonthly_billing_review— last 3 periods + savings/upsell recommendationonboard_new_client— Request Inbox + Coffre + member invite bundlequota_health_check— flag any consumption > 80 %incident_triage— fast 24h triageincident-response— full breach playbook (rotate + revoke + freeze)request_inbox_followup— nudge dormant submissionscoffre_access_audit— access-log anomalies per coffreacquire_lead— landing-chatbot RAG + plan recommendation + checkout linkcompliance_audit— GDPR brief (retention + consents + acceptances + erasures)data-retention-review— same as compliance_audit, GDPR-focusedenterprise_onboarding— SSO + SCIM rolloutsetup-saml-sso— IdP-specific (Okta / Azure / Google) SAML walkthroughsetup-scim— SCIM token + base URL + first syncsetup-webhook— guided endpoint setup with dry-run + signing secretmigrate-from-wetransfer— concept mapping + first transfer + first webhookusage_review_and_upgrade— health + tier reco + portal/checkout linkfind_everything_about— global workspace searchcost-optimization— 30d cost sweep + 3 ranked actions
Custom actions (since v0.3.0)
If your workspace defines custom actions in the dashboard (settings → MCP), they are fetched at startup via GET /v1/mcp/custom-actions and merged into the tool list. Two runtime kinds are supported :
json— proxy directly to a Coffrify/v1/*endpoint with declarative path / query / body mapping. Active today.typescript— arbitrary TS code executed in a Vercel Sandbox. Coming in v0.12. Today the tool returns a stub explaining where the code is stored.
Tool overrides (toggling builtins off per workspace) are fetched from GET /v1/mcp/tools. Disabled tools are hidden from tools/list.
Example usage in Claude
You: "Send my latest report to [email protected], expire after 24h, password protect it."
Claude (calls coffrify_create_transfer with files + expires_in_hours=24 + password):
→ Creates the transfer
→ Returns the share URL + token
→ Optionally calls coffrify_create_webhook to notify on downloadYou: "Why is webhook abc123 failing?"
Claude (calls coffrify_webhook_health_metrics + coffrify_search_webhook_deliveries):
→ Sees a 0% success rate over the last 24h
→ Pulls 3 representative failed deliveries via coffrify_get_webhook_delivery
→ Reports "Receiver returns 500 on transfer.downloaded — payload includes new field `bytes_transferred` you may not parse"
→ Suggests coffrify_update_webhook or coffrify_retry_webhook_delivery after the fixYou: "Migrate me from WeTransfer."
Claude (invokes the migrate-from-wetransfer prompt):
→ Maps WeTransfer concepts to Coffrify
→ Sets branding, mints an API key, creates a default template
→ Sends a first encrypted transfer to validate
→ Subscribes to download eventsAuth
Generate an MCP token in your Coffrify dashboard with the scopes you want the agent to have. Use a cof_mcp_test_ token for sandbox testing, only switch to cof_mcp_live_ once you trust the agent. Full API keys (cof_live_… / cof_test_…) also work, but dedicated MCP tokens are easier to revoke and audit.
We recommend a dedicated API key per agent installation, with expires_in_days set, so you can revoke it cleanly.
License
MIT
