Windsurf reads MCP servers from its config — drop the JSON in (or run `npx hushdrop-install`) and Windsurf can publish to your own domain.
Wire Hushdrop into Windsurf
// ~/.codeium/windsurf/mcp_config.json
{ "mcpServers": { "hushdrop": { "command": "npx", "args": ["-y", "hushdrop-mcp"] } } }Then hush setup once for your Blob token. Now Windsurf can publish any artifact to your own domain.
What your agent can do
The MCP server exposes 9 tools:
publish_html/publish_file— turn generated HTML or a local file into a private branded linkupdate_site— replace content in place, same URLlist_sites/delete_site— manage what's liveset_password/set_expiry/set_email_gate/set_feedback— tune a hosted Hushdrop after the fact
1
Drop it
hush file.html — or a PDF, markdown, image, or any file — from your terminal or any AI agent.
2
Branded & encrypted
Your logo, OG card, and badge are baked in, then it's AES-256 encrypted client-side behind your unlock gate.
3
Live on your domain
Uploaded to your Vercel Blob and served at yourdomain.com/slug. URL + password on your clipboard.
FAQ
Does it work with any AI agent?
Yes. It's a CLI plus a SKILL.md and an MCP server, so Claude Code, Codex, Cursor, OpenCode, Gemini CLI — anything that runs a shell or speaks MCP — can use it.
Is it really open-source and self-hosted?
Yes — MIT licensed, and it runs on your own Vercel Blob + domain. No third party ever holds your content (it's encrypted client-side) or controls your URL.
Is it zero-knowledge?
Locked drops are AES-256 encrypted in the browser via StatiCrypt before upload. The server stores only ciphertext — never your content or password.