// ai agents · mcp

Agents on PlikShare.

PlikShare ships a Model Context Protocol server, so AI agents like Claude and ChatGPT can work in your files - through 41 tools, a scoped token, and your approval whenever you want a human in the loop.

An agent working a real workspace over MCP - searching, reading and organising files, and pausing for your approval exactly where you asked it to.

Connect an agent

Create an agent in PlikShare and copy its API token - it's shown once at creation and can be rotated at any time. Then point any MCP client at your instance. Agent-skills discovery is built in, so the agent learns the tools and rules on connect. 

endpoint    POST https://<your-plikshare>/mcp
auth        Authorization: Bearer psh_agt_••••••••
discovery   GET  /.well-known/agent-skills/

Every action below runs over this one authenticated endpoint, scoped to that token.

You stay in control

Scoped token

An agent reaches only the workspaces and boxes you grant it. You also cap how many workspaces it may create, their default size and team-member limits, and which storages it can use.

Per-tool, three levels

Enable, disable or gate each tool for the agent globally, then override it per workspace, then per box. The most specific level wins.

Human in the loop

Any tool can be set to require approval. The agent's request waits in your Agent requests inbox until you approve or deny it.

How approval works

  1. A tool that needs approval doesn't act - it returns waits_for_approval with a request id, instead of running.
  2. The operation appears under Agent requests with a structured preview - which files and folders, the share-link settings, the new file's name and size - each item linking straight into the explorer.
  3. You approve or deny. The agent polls with check_approvals and, once approved, calls execute_operation to commit. Requests expire after a configurable window.
Two hard limits, by design. Agents can never access storages that use full encryption - those keys are derived from a human password and stay that way - and every action an agent takes is written to the audit log under its own identity.

The toolset

Every tool below ships in PlikShare today. The badges read: read never changes anything, write does, destructive removes things, and invite grants people access by email. Tools marked approval by default wait for a human unless you decide otherwise; off by default tools stay disabled until you turn them on.

Workspaces & storages

Where an agent works. An agent only ever sees the workspaces and storages you grant it.

  • list_workspacesread

    Lists the workspaces the agent can access.

  • list_storagesread

    Lists the storages the agent can create workspaces on.

  • create_workspacewriteoff by default

    Creates a new workspace owned by the agent.

  • rename_workspacewrite

    Renames a workspace.

Files & folders

Browse, read, search and reshape a file tree. Reading is text-only; binary files return their metadata, not their bytes.

  • list_workspace_contentread

    Lists the folders and files inside a workspace or one of its folders.

  • get_fileread

    Reads a file's details — name, size, type and where it lives — by its id.

  • read_fileread

    Reads a file's content as UTF-8 text. Binary files (images, video, PDF, archives) are rejected.

  • searchread

    Searches files and folders by name, extension, type, size and date across accessible workspaces.

  • get_file_download_linkread

    Creates a short-lived link to download a single file.

  • get_bulk_download_linkread

    Creates a link to download several files or folders as one ZIP archive.

  • create_filewrite

    Creates a new text file (UTF-8, up to 10 MB).

  • create_folderwrite

    Creates a new folder.

  • rename_filewrite

    Renames a file, keeping its extension.

  • rename_folderwrite

    Renames a folder.

  • move_itemswrite

    Moves files and folders into another folder in the same workspace.

  • bulk_deletedestructiveapproval by default

    Deletes files and folders, including whole folder trees. Restorable when the workspace has trash enabled.

Share links

Public links to files and folders, with optional expiry, password and a download cap.

  • list_share_linksread

    Lists the public share links of a workspace.

  • get_share_linkread

    Reads the details of a single share link.

  • create_share_linkwrite

    Creates a public link to files or folders that anyone with it can open.

  • update_share_linkwrite

    Changes a share link's expiry, password and download limit.

  • delete_share_linkdestructiveapproval by default

    Deletes a share link. The shared files and folders stay intact.

Workspace members

Manage who else is in a workspace. Inviting people sends real emails, so it waits for your approval by default.

  • list_workspace_membersread

    Lists the members of a workspace.

  • invite_workspace_membersinviteapproval by default

    Invites people by email to a workspace.

  • update_workspace_member_permissionswrite

    Updates a workspace member's permissions.

  • revoke_workspace_memberdestructiveapproval by default

    Removes a member from a workspace.

Boxes

A box turns a folder into a controlled sharing surface. Agents can create and manage them.

  • list_boxesread

    Lists the boxes of a workspace.

  • get_boxread

    Reads the details of a single box.

  • create_boxwrite

    Creates a box in a workspace.

  • update_boxwrite

    Updates a box's name, enabled state or folder.

  • delete_boxdestructiveapproval by default

    Deletes a box.

Box links & members

A box's public links and its guest list — the same controls a person has, available to an agent.

  • list_box_linksread

    Lists the public links of a box.

  • create_box_linkwrite

    Creates a public link to a box.

  • update_box_linkwrite

    Updates a box link's name, enabled state, permissions or widget origins.

  • regenerate_box_link_access_codewrite

    Regenerates a box link's access code, invalidating the old URL.

  • delete_box_linkdestructiveapproval by default

    Deletes a box link.

  • list_box_membersread

    Lists the members of a box.

  • invite_box_membersinviteapproval by default

    Invites people by email to a box.

  • update_box_member_permissionswrite

    Updates a box member's permissions.

  • revoke_box_memberdestructiveapproval by default

    Removes a member from a box.

Approvals

The handshake behind human-in-the-loop. When a tool needs approval it returns instead of acting, and the agent uses these to follow up.

  • check_approvalsread

    Polls the status of operations waiting for approval — pending, approved, denied or expired.

  • execute_operationwrite

    Runs an operation once it has been approved. Safe to call more than once.

Run it yourself.

The agent server is part of PlikShare - free, open source and self-hosted. Install it on your infrastructure and give your agents a workspace you control.

Download & installRead the changelog