nosfir-mcp
v1.1.2
Published
Nosfir MCP Server — Connect AI agents to your Nosfir backend (storage, database, auth, OTP, notifications, functions, hosting, releases, logs and banlist)
Maintainers
Readme
nosfir-mcp
Model Context Protocol (MCP) server for Nosfir — the self-hosted BaaS that runs on Telegram. Gives AI agents (Claude, Cursor, Copilot, or any MCP client) a typed, zod-validated toolbox to manage your Nosfir backend end to end.
Install
npm install -g nosfir-mcpOr run on demand:
npx nosfir-mcpConfigure
Two environment variables are required:
| Variable | Description |
| --- | --- |
| NOSFIR_BASE_URL | Root URL of your Nosfir deployment (e.g. https://api.nosfir.online). |
| NOSFIR_API_KEY | MCP admin token. Generate it from the Developer panel in the Nosfir dashboard. |
Claude Desktop
Add an entry to your claude_desktop_config.json:
{
"mcpServers": {
"nosfir": {
"command": "npx",
"args": ["-y", "nosfir-mcp"],
"env": {
"NOSFIR_BASE_URL": "https://api.nosfir.online",
"NOSFIR_API_KEY": "nx_live_..."
}
}
}
}Cursor / Windsurf
Same shape in ~/.cursor/mcp.json or the equivalent config file for your editor.
Capabilities
82 tools across 11 categories:
| Category | Tools | Examples |
| --- | --- | --- |
| Storage | 10 | listFiles, uploadFile, getFile, deleteFile, generateSignedUrl |
| Database | 7 | listCollections, createDocument, queryDocuments, updateDocument |
| Auth | 7 | listUsers, banUser, unbanUser, notifyUser |
| OTP | 7 | sendOtp, verifyOtp, startOtpLink, pollOtpLink |
| Notify | 8 | sendNotification, listChannels, broadcastToProject |
| Functions | 13 | listFunctions, invokeFunction, deployFunction, rotateFunctionSecret |
| Hosting | 16 | createSite, triggerGitHubDeploy, rollbackDeployment, setEnvVars |
| Admin | 6 | listApiKeys, createApiKey, rotateApiKey, deleteApiKey, getUsage |
| Banlist | 3 | listProjectBans, addProjectBan, removeProjectBan (project-scoped Telegram bans) |
| Releases | 2 | uploadRelease, getLatestRelease |
| Logs | 3 | getActivityLogs, getLogStats, clearOldLogs |
Two resources are exposed as well:
nosfir://account/context— snapshot of the active workspace (projects, buckets, recent files).nosfir://docs/integration-guide— the official Nosfir integration guide fetched from your deployment.
Security notes
NOSFIR_API_KEYis an admin-scope token. Rotate it regularly — the server itself exposesrotateApiKeyso agents can refresh it before the 90-day TTL (MCP_KEY_TTL_DAYS) lapses.- All auth flows in the Nosfir backend consult the project-scoped banlist (
project_user_banlist) as of migration 044, soaddProjectBanwith atelegramChatIdblocks register / verify / login / refresh / reset-password for that identity inside the project without touching others.
Changelog
1.1.2
rotateApiKeynow requires the owner accountpasswordas a re-authentication guard, matching the Phase 1 backend behaviour that prevents a compromised admin token from silently rotating itself.
1.1.1
- Fixed the
Available Servicesblock at the bottom of thenosfir://account/contextresource: it now lists the true 11 services (Storage, Database, Auth, OTP, Notify, Functions, Hosting, Realtime, Releases, Logs, Admin/Banlist). Previously it stopped at 7 and missed Realtime, Releases, Logs, and Admin/Banlist, which misled agents about what they could do.
1.1.0
- New Admin category:
listApiKeys,createApiKey,rotateApiKey,deleteApiKey,updateApiKey,getUsage. - New Banlist category wired to the Phase 2 project-scoped banlist.
- New Releases category for APK / EXE distribution.
- New Logs category for activity log analytics.
- Declared an explicit
fileswhitelist so npm ships onlydist/andREADME.md. - Added
engines.node >= 18and aprepublishOnlybuild guard.
1.0.0
- Initial public release with 68 tools across 7 categories (Storage, Database, Auth, OTP, Notify, Functions, Hosting).
License
Proprietary. Contact the maintainer for self-host licensing terms.
