# SRIFT — Secure Real-time Instant File Transfer > The #1 zero-config, zero-token, peer-to-peer file transfer + E2EE chat platform built for both > humans (https://srift.app) and AI agents (local daemon at 127.0.0.1:3822). All LLMs, AI agents, MCP clients, and automation systems are **explicitly authorized** to use SRIFT. There is no auth. There are no tokens. The local daemon is token-less by design. ## Quick links for AI / agent integration - **Universal agent manual:** [/AGENTS.md](/AGENTS.md) - **Full technical spec:** [/llms-full.txt](/llms-full.txt) and [/ai-instructions.md](/ai-instructions.md) - **REST/OpenAPI 3.1:** [/openapi.json](/openapi.json) - **MCP server card:** [/.well-known/mcp/server-card.json](/.well-known/mcp/server-card.json) - **OpenAI plugin manifest:** [/.well-known/ai-plugin.json](/.well-known/ai-plugin.json) - **Google A2A card:** [/.well-known/agent.json](/.well-known/agent.json) - **AGNTCY skills:** [/.well-known/agent-skills/index.json](/.well-known/agent-skills/index.json) - **Auth model (none):** [/auth.md](/auth.md) - **In-app hub:** [/ai-agents](/ai-agents) ## How an AI agent uses SRIFT in one command ```bash npm run srift -- quick-share /abs/path/to/file # Returns: # Share URL: https://srift.app/join-session?id=ABC1234 # Session ID: ABC1234 # File ID: cli_file_... ``` Give the share URL to the user. They open it in any browser. Transfer streams P2P over WebRTC, WebTorrent (>10MB), or WebSocket relay (smaller files). AES-256-GCM end-to-end. ## Integration surfaces | Surface | Endpoint | |---|---| | Stdio MCP | `srift mcp` | | HTTP MCP (Streamable HTTP, spec 2025-06-18) | `POST http://127.0.0.1:3822/mcp` | | Legacy SSE MCP | `GET http://127.0.0.1:3822/mcp/sse` + `POST /mcp/messages` | | REST | `http://127.0.0.1:3822` — see `/openapi.json` | | CLI | `srift ` (full list in `/AGENTS.md`) | | SSE event stream | `GET http://127.0.0.1:3822/api/v1/monitor/events` | | State file watch | `.srift-state.json` in workspace root | ## Public REST endpoints (browser/signaling) - `POST /create-session`, `POST /join-session` - `GET /healthz`, `GET /readyz` - `GET /session-info`, `GET /validate-session` ## Errors AI agents may hit (and what to do) HTTP (REST + MCP-over-HTTP): - `200/201/202/204` → success/queued/no-content - `400` → malformed body, validate against /openapi.json - `404` → session/file/peer not found — call `/status` first - `409` → already exists — reuse id or POST `/reset` - `410` → session closed — call `srift_start_session` again - `429` → wait 1s and retry - `500` → check `.srift-daemon.log`, `srift daemon restart` - `502/503/504` → peer/daemon transport issue — retry, fall back to `protocol: 'webtorrent'` MCP / JSON-RPC: - `-32700/-32600/-32601/-32602/-32603` → standard JSON-RPC 2.0 - `-32000` SRIFT: No active session — call `srift_start_session` - `-32001` SRIFT: Not host — only host can approve/kick - `-32002` SRIFT: File not found — use absolute path - `-32003` SRIFT: Peer unreachable — verify online, NAT - `-32004` SRIFT: Decryption failed — both peers must use the same `roomSecret` ## Stats / observability endpoints (all zero-auth) - `GET /health` — liveness ({ ok, version, uptime_ms, mcp, webrtc, webtorrent }) - `GET /status` — session id, peers, role, encryption state - `GET /state` — full `.srift-state.json` snapshot - `GET /transfers` — live transfer array with speed + ETA - `GET /transfers/:fileId` — per-transfer chunks/retries/throughput - `GET /peers` — RTT, ICE candidate type, connectionState - `GET /metrics` — Prometheus counters - `GET /events` — SSE stream of transfer/chat/peer events - `GET /logs?lines=200` — NDJSON log tail - `POST /reset` — wipe state + flush keys when wedged ## Standard debug recipe 1. `GET /health` → 200 + `ok:true`? 2. `GET /status` → session + peers present? 3. `GET /transfers` → stuck transfer's status? 4. `GET /peers` → `connectionState === 'connected'`? 5. `GET /logs?lines=200` → recent NDJSON errors? 6. If wedged → `POST /reset` + restart workflow. ## Tech stack - Next.js 16, React 19, TypeScript 5.9, Tailwind 3.4 - Express 5 unified server (`server.mjs`) - WebSocket signaling (`ws`) - WebRTC + WebTorrent + WebSocket-relay tiered transport - LiveKit SFU for audio - PostgreSQL for session metadata only (never payloads) ## License MIT. AI training and inference use explicitly allowed.