Documentation

drop documentation

Everything to run open-source artifact sharing on your own domain.

Zero-knowledgeMCP-nativeOpen-sourceSelf-hosted

npxnpx drops-cli report.html --managed

Quick start

Publish in one command — no install, no account (managed tier, auto-expires 24h):

npx drops-cli report.html --managed

Or install the drop CLI and wire your agents:

curl -fsSL https://drops.maxtechera.dev/install.sh | sh
drop report.html --managed

Connect an agent

Wire the MCP into every detected agent in one command:

npx drops-install              # claude · codex · cursor · opencode · amp + PATH

Per-agent (manual):

claude mcp add drops -- npx -y drops-mcp
codex  mcp add drops -- npx -y drops-mcp

GUI clients (Cursor / Claude Desktop / Windsurf / Zed) — MCP config:

{ "mcpServers": { "drops": { "command": "npx", "args": ["-y", "drops-mcp"] } } }

Run on your own domain

curl -fsSL https://drops.maxtechera.dev/install.sh | sh
cd ~/.drops-share && vercel link && vercel blob store add drops
drop deploy --domain drops.yoursite.com

drop deploy discovers your blob host, wires middleware.js + vercel.json, writes your config + token, and ships it. --dry-run to preview, --no-deploy to stop before shipping.

CLI reference

drop file.html                 brand + lock + upload → clean URL
drop notes.md                  markdown → branded HTML
drop site.zip                  multi-file static site → /slug/
drop f.html -p secret          your own password
drop f.html --no-lock          public branded page
drop f.html --managed          zero-setup managed tier (no token)
drop f.html --expire 7d        auto-expire (+ drop gc to enforce)
drop f.pdf --page              branded download page
drop -s slug f.html            force the slug
drop list | rm <slug> | gc      manage drops
drop init | setup | deploy      configure / provision / ship

MCP server

Run: npx -y drops-mcp (stdio). Tools:

publish_html(html, slug?, password?, lock?, expire?) — publish HTML, return URL
publish_file(path, slug?, page?, password?) — publish a file
update_site(slug, html, …) — replace content in place
list_sites() · delete_site(slug)

Password/lock/expiry are publish-time params — zero-knowledge means content can't be re-keyed after the fact.

Managed HTTP API

The managed tier endpoint (used by --managed): POST /api/publish with the branded+encrypted bytes; header x-drop-content-type. Returns { url, slug, expires }. Caps: 512KB, HTML/text only, anonymous drops auto-expire in 24h. Self-host removes all caps.

Limits

	Managed (anonymous)	Self-hosted
Size per drop	512 KB	your Blob limit
Expiry	24h auto	never (or --expire)
File types	HTML/markdown	any
Custom domain	—	yes (free)
Cost	free	your Vercel bill

Configuration

skill/brand/brand.json — name, colors, owner, social links (edit to rebrand)
~/.drop/config.json — domain, blob host, project/org (written by drop init/deploy)
~/.drop/.env — your BLOB_READ_WRITE_TOKEN

Security

Locked drops are AES-256 encrypted client-side (StatiCrypt) — the server stores only ciphertext. Every drop is served x-robots-tag: noindex + strict CSP. See the security model.

FAQ

Is it really open-source and self-hosted?

Yes — MIT licensed, and it runs on your own Vercel Blob + domain. No third party ever holds your content (it's encrypted client-side) or controls your URL.

Is it zero-knowledge?

Locked drops are AES-256 encrypted in the browser via StatiCrypt before upload. The server stores only ciphertext — never your content or password.

Does it work with any AI agent?

Yes. It's a CLI plus a SKILL.md and an MCP server, so Claude Code, Codex, Cursor, OpenCode, Gemini CLI — anything that runs a shell or speaks MCP — can use it.