@dropthis/mcp

Official MCP server for dropthis — publish content (HTML, files, or a URL to fetch) and get back a permanent public URL, from any MCP-compatible agent (Claude Code, Claude Desktop, Cursor, Windsurf, opencode, ChatGPT, n8n, …).

Two ways to connect:

• Local (stdio) — npx @dropthis/mcp, authenticated with your sk_ API key. Best for coding agents.
• Remote (hosted) — https://mcp.dropthis.app/mcp over Streamable HTTP, with OAuth for chat clients or a static sk_ Bearer for automation. Best for ChatGPT / claude.ai / n8n.

Local / stdio

Add to your MCP client config:

{
  "mcpServers": {
    "dropthis": {
      "command": "npx",
      "args": ["-y", "@dropthis/mcp"],
      "env": { "DROPTHIS_API_KEY": "sk_..." }
    }
  }
}

Get an API key from your dropthis account. The server reads DROPTHIS_API_KEY (and optional DROPTHIS_BASE_URL). Claude Desktop users can install the one-click .mcpb bundle instead (the API key is stored in your OS keychain).

See docs/setup.md for per-client instructions (Claude Code, Cursor, Windsurf, VS Code, …).

Remote (hosted) connector

Point an MCP-capable client at the hosted endpoint:

https://mcp.dropthis.app/mcp

• Chat clients (ChatGPT, claude.ai) authenticate via OAuth 2.1 — add the connector URL and approve the login (a 6-digit email code; no password).
• Automation (n8n, CI, custom agents) sends a static Authorization: Bearer sk_... header and skips OAuth. See docs/n8n.md.

Tools

| Tool | Purpose | |------|---------| | dropthis_publish | Publish new content (content | source_url | files | file/paths) → permanent URL | | dropthis_update_content | Publish a new content version to an existing drop, keeping its URL | | dropthis_update_settings | Update a drop's settings (title, visibility, password, noindex, expiry, metadata) | | dropthis_get | Fetch one drop's metadata | | dropthis_get_content | Read back what a drop is serving — its file manifest, or one file's content (the read half of the edit loop) | | dropthis_resolve | Turn a drop's public URL or slug into its drop_… id (owner-scoped) — the recovery path for the id-based tools | | dropthis_list | List your drops (paginated) | | dropthis_list_deployments | List a drop's deployment (version) history | | dropthis_delete | Delete a drop (requires confirm: true) | | dropthis_account | Authenticated account profile (id, email, status) including the account's limits for preflight sizing | | dropthis_domains_connect | Connect a custom domain (path or dedicated mode) and get the CNAME record to create | | dropthis_domains_verify | Re-check a domain's DNS/TLS and advance its status toward live | | dropthis_domains_get | Read one domain's stored state and DNS instructions (no live DNS check) | | dropthis_domains_list | List the account's custom domains and which is the default publish target | | dropthis_domains_update | Repoint a dedicated domain to another drop, or set/clear the default path domain | | dropthis_domains_delete | Disconnect a custom domain (requires confirm: true) |

file/paths are local/stdio only — the hosted Worker omits them from the tool schemas entirely. dropthis_update_content accepts the same content inputs as dropthis_publish; a source_url is fetched server-side (SSRF-guarded) and stored as the new version. The id-based tools (dropthis_update_content, dropthis_update_settings, dropthis_get, dropthis_get_content, dropthis_delete, dropthis_list_deployments) require the full drop_… id from the publish response and are strict id-only: pass a URL or slug and the tool returns an error pointing you at dropthis_resolve, which turns a public URL/slug back into the drop_… id (owner-scoped). Resolve once, then edit by id — persist the drop_… id, since URLs and slugs are locators that can drift. Connections whose OAuth grant lacks the drops:write scope see only the read tools.

dropthis_account returns your account's exact limits.

Multi-file bundles (files input)

A files bundle holds up to 200 files. Each file has a path (bundle-relative, used verbatim in HTML/CSS src/href attributes) and exactly one content source:

| Field | Use for | Notes | |-------|---------|-------| | content | UTF-8 text: HTML, CSS, JS, JSON, SVG, markdown | Text is sent inline | | source_url | Remote assets: images, video, PDFs, fonts | Server fetches the URL; no bytes pass through your agent. Optional content_type, size_bytes, checksum_sha256 | | content_base64 | Small inline binary blobs only | Capped at 64 KiB encoded; rejected with a corrective error above that threshold pointing at source_url |

Never base64-encode an image that is already publicly reachable — use source_url instead. Example bundle with mixed sources:

{
  "files": [
    { "path": "index.html", "content": "<html>…<img src='hero.jpg'>…</html>" },
    { "path": "hero.jpg", "source_url": "https://cdn.example.com/hero.jpg" },
    { "path": "logo.png", "source_url": "https://cdn.example.com/logo.png", "content_type": "image/png" }
  ]
}

Editing a bundle — update_content is a partial update

dropthis_update_content patches by default (mode: "patch"). The files you send are upserted by path; every file you don't mention is carried forward unchanged. So to fix one page, send only that page — a previously-bundled image stays put:

{
  "drop_id": "drop_…",
  "files": [{ "path": "index.html", "content": "<html>…edited…</html>" }]
}

To remove a file, list its path in delete_paths:

{
  "drop_id": "drop_…",
  "files": [{ "path": "index.html", "content": "<html>…</html>" }],
  "delete_paths": ["assets/old-hero.jpg"]
}

To swap the entire content set in one call, use mode: "replace" — the files you send become the whole drop and everything else is dropped (delete_paths is invalid in replace mode).

Example prompts

Natural-language asks that exercise the main tools (the agent picks the tool):

• Publish — "Publish this HTML report and give me the link." → dropthis_publish returns a permanent url and the drop_… id.
• Self-contained bundle — "Publish this landing page with its four images" (HTML + files[] where each image is a source_url). → one drop, images fetched server-side and stored, no hot-linking.
• Edit in place — "Change the headline on that drop." → dropthis_get_content reads the current file, you edit it, dropthis_update_content ships a new version at the same URL.
• Recover the id — "Update https://abc123.dropthis.app/." → dropthis_resolve turns the URL into its drop_… id, then dropthis_update_content.
• Custom domain — "Serve my drops at reports.example.com." → dropthis_domains_connect (path mode) returns the CNAME, then dropthis_domains_verify until live.

Privacy

dropthis is a hosted service: content you publish is sent to and stored by dropthis and served at a public URL. See the privacy policy at https://dropthis.app/privacy and the terms at https://dropthis.app/terms.

Support

• Issues and feature requests: https://github.com/dropthis-dev/dropthis-mcp/issues
• Email: [email protected]

Known limitations

• Free vs Pro caps apply per drop and per account (size, TTL, custom domains, passwords) — call dropthis_account to read the active limits before a large publish.
• Binary bytes can't ride in a tool call: inline content_base64 is capped at 64 KiB. For images/video/PDFs/fonts use source_url (the server fetches a public URL), or, on the local stdio server only, file/paths.
• source_url must be publicly reachable over http(s); the server fetches it (SSRF-guarded). A private/localhost URL won't resolve.
• id-only edits: the URL slug is not an id — keep the drop_… id from publish (or recover it with dropthis_resolve).
• Setting a password is Pro-only; clearing one (null) is always allowed.

Develop

npm install
npm run dev          # tsx src/bin.ts (needs DROPTHIS_API_KEY)
npm run dev:worker   # wrangler dev (remote Worker)
npm test             # vitest (node) + vitest-pool-workers
npm run typecheck    # tsc (node + worker tsconfigs)
npm run lint         # biome
npm run build        # tsup → dist/bin.cjs (the npm package)
npm run build:worker # wrangler deploy --dry-run (bundle check)

One TypeScript codebase, two outputs: the stdio npm package and the Cloudflare Worker. Both are thin clients over the dropthis REST API (@dropthis/node for stdio, @dropthis/node/edge for the Worker); tool handlers are unit-tested against an injected fake client.

License

MIT