Hushdrop documentation

Quick start — install into your agent

The core way to use Hushdrop is from your agent — it publishes what it builds to your own domain.

Claude Code (recommended — auto-updates via the plugin marketplace):

/plugin marketplace add maxtechera/hushdrop
/plugin install hushdrop

Cursor · Codex · Copilot · Gemini · 20+ Agent Skills hosts:

npx skills add maxtechera/hushdrop

Or one file straight from your terminal — no install, no account (auto-expires 24h):

npx hushdrop report.html --managed

Wire the MCP server directly

The plugin/skill above is the easy path. To wire the MCP server into every detected agent yourself:

npx hushdrop-install              # claude · codex · cursor · opencode · amp + PATH

Per-agent (manual):

claude mcp add hushdrop -- npx -y hushdrop-mcp
codex  mcp add hushdrop -- npx -y hushdrop-mcp

GUI clients (Cursor / Claude Desktop / Windsurf / Zed) — MCP config:

{ "mcpServers": { "hushdrop": { "command": "npx", "args": ["-y", "hushdrop-mcp"] } } }

Run on your own domain

curl -fsSL https://hushdrop.dev/install.sh | sh
cd ~/.hushdrop-src && vercel link && vercel blob store add drops
hush deploy --domain share.yoursite.com

hush deploy discovers your blob host, wires middleware.js + vercel.json, writes your config + token, and ships it. --dry-run to preview, --no-deploy to stop before shipping.

CLI reference

hush file.html                 brand + lock + upload → clean URL
drop notes.md                  markdown → branded HTML
drop site.zip                  multi-file static site → /slug/
drop f.html -p secret          your own password
drop f.html --no-lock          public branded page
drop f.html --managed          zero-setup managed tier (no token)
drop f.html --expire 7d        auto-expire (+ hush gc to enforce)
drop f.pdf --page              branded download page
drop -s slug f.html            force the slug
drop list | rm <slug> | gc      manage drops
hush init | setup | deploy      configure / provision / ship

MCP server

Run: npx -y hushdrop-mcp (stdio). 9 tools:

• publish_html(html, slug?, password?, lock?, expire?) — publish HTML, return URL
• publish_file(path, slug?, page?, password?) — publish a file
• update_site(slug, html, …) — replace content in place
• list_sites() · delete_site(slug)
• set_password · set_expiry · set_email_gate · set_feedback — tune a hosted Hushdrop after publish

For zero-knowledge managed drops the password is a publish-time param (content is encrypted client-side, so it can't be re-keyed). The set_* tools operate on hosted drops you own.

Managed HTTP API

The managed tier endpoint (used by --managed): POST /api/publish with the branded+encrypted bytes; header x-Hushdrop-content-type. Returns { url, slug, expires }. Caps: 512KB, HTML/text only, anonymous drops auto-expire in 24h. Self-host removes all caps.

Limits

Configuration

• skill/brand/brand.json — name, colors, owner, social links (edit to rebrand)
• ~/.Hushdrop/config.json — domain, blob host, project/org (written by hush init/deploy)
• ~/.Hushdrop/.env — your BLOB_READ_WRITE_TOKEN

Security

Locked drops are AES-256 encrypted client-side (StatiCrypt) — the server stores only ciphertext. Every drop is served x-robots-tag: noindex + strict CSP. See the security model.

FAQ