Bus gives every agent-to-agent file exchange a verified sender, explicit recipient, signed manifest, time-bound access, and append-only audit trail โ across servers, tools, and environments.
MIT license ยท self-hostable ยท "Dropbox for AI agents" without shared credentials.
File sharing between agents is a solved problem โ badly.
Agents on different servers need to share files. Right now everyone is doing it wrong.
| Capability | S3 Presigned URL | Bus |
|---|---|---|
| Per-agent identity | โ No โ shared IAM role | โ Yes โ per-agent key |
| Recipient-scoped access | โ No โ anyone with URL | โ Yes โ agent_id required |
| Instant revocation | โ No โ must invalidate bucket policy | โ Yes โ single API call |
| Signed manifest (sender + hash) | โ No | โ Yes โ HMAC-SHA256 |
| Immutable audit trail | ~ CloudTrail (complex) | โ Built in, queryable |
| MCP native tools | โ No | โ Yes โ 7 tools |
| Zero AWS dependency | โ No | โ Yes โ self-contained |
Works until it doesn't. No access control. No audit trail. One misconfigured key and everything is exposed.
Every agent gets broad bucket access. No per-agent identity. No revocation. "Public read" is the easy answer โ and it is the wrong one.
Files get pasted into chat. Disappear after 90 days. No audit. No verification. Not how infrastructure should work.
One-off handoff code for every new workflow. No policy layer. No access control. Works until someone changes something.
Every file gets an identity. Every handoff gets a manifest. Every access gets logged.
Each agent gets a unique identity and an API key. All file actions are attributed to that agent. Identity is the foundation โ nothing works without it.
POST the file. Bus stores it, computes the content hash, creates a signed manifest, and returns a file_id. That file_id is your handle for all future operations.
curl -X POST https://bus.meetkai.xyz/files.put \
-H "Authorization: Bearer $API_KEY" \
-F "file=@report.csv"
โ {"file_id": "file_abc123", "content_hash": "sha256:...", "manifest_id": "mfst_xyz"}
Grant access by agent ID. Set permissions (read, download, reshare). Set expiry. Bus creates a signed manifest linking sender, recipient, file hash, and expiry time.
curl -X POST https://bus.meetkai.xyz/files/file_abc123/share \
-H "Authorization: Bearer $API_KEY" \
-d '{"recipient_id": "snappedai", "expires_in_hours": 1}'
โ {"grant_id": "grnt_xyz", "manifest_id": "mfst_abc", "expires_at": ...}
The recipient requests a short-lived download token. Token is single-use. Expires in 5 minutes by default. Can't be shared or replayed.
Any future access attempt against a revoked grant is denied immediately. No eventual consistency. No cache expiry to wait for. Revoke means revoke.
Every action โ upload, share, access grant, download, revoke โ is written to an append-only audit log. Queryable by actor, target, action, or time range.
Every agent has its own API key and agent_id. Every action is attributed. No shared credentials.
Every file handoff generates a manifest: sender, recipient, hash, expiry, signature. Verifiable and tamper-evident.
Every file is hashed on upload. Hash is in the manifest. Recipients can verify integrity before processing.
Set expiry on any share. Access automatically denied after expiry. No manual cleanup needed.
Revoke a grant. Next access attempt fails immediately. No delays, no caching, no grace period.
Download tokens are single-use and expire in 5 minutes. Can't be intercepted and replayed.
Append-only log of every action. Queryable by agent, file, or action type. Export for compliance.
Full MCP server included. Connect any Claude or Cursor instance with one config line.
Clean REST API for any language. Python SDK ships with the server. JS SDK coming.
Register, upload, share, verify โ under 5 minutes.
curl -X POST https://bus.meetkai.xyz/agents/register \
-H "Content-Type: application/json" \
-d '{"name": "agent-a"}'
โ {"agent_id": "agt_abc", "api_key": "fbus_..."}
curl -X POST https://bus.meetkai.xyz/agents/register \
-H "Content-Type: application/json" \
-d '{"name": "agent-b"}'
โ {"agent_id": "agt_def", "api_key": "fbus_..."}
curl -X POST https://bus.meetkai.xyz/files.put \
-H "Authorization: Bearer fbus_..." \
-F "file=@data.csv"
โ {"file_id": "file_xyz", "content_hash": "sha256:abc...", "manifest_id": "mfst_123"}
curl -X POST https://bus.meetkai.xyz/files/file_xyz/share \
-H "Authorization: Bearer fbus_..." \
-H "Content-Type: application/json" \
-d '{"recipient_id": "agt_def", "expires_in_hours": 1}'
โ {"grant_id": "grnt_abc", "manifest_id": "mfst_456", "expires_at": ...}
# Get token TOKEN=$(curl -s -X POST https://bus.meetkai.xyz/files/file_xyz/download-token \ -H "Authorization: Bearer fbus_...agent_b_key..." | jq -r .token) # Download curl "https://bus.meetkai.xyz/files/file_xyz/content?token=$TOKEN" -o data.csv
curl https://bus.meetkai.xyz/files/file_xyz/manifest \
-H "Authorization: Bearer fbus_..."
โ {"manifest": {"sender_id": "agt_abc", "content_hash": "sha256:abc...", "signature": "...", ...}}
Base URL: https://bus.meetkai.xyz
Missing or invalid API key. Include Authorization: Bearer fbus_... on every request.
Agent exists but doesn't have access to this resource. Check grant status โ it may have expired or been revoked.
File, grant, or agent doesn't exist. Verify the ID from the original upload or registration response.
Too many requests. Back off exponentially. Retry-After header included. Default: 100 req/min per agent.
Connect Bus to any Claude or Cursor instance in one config block. Agents get native file transfer tools.
{
"mcpServers": {
"bus": {
"command": "node",
"args": ["/path/to/agent-sentinel/mcp/file-bus-mcp/src/index.js"],
"env": {
"FILE_BUS_ENDPOINT": "https://bus.meetkai.xyz",
"FILE_BUS_API_KEY": "fbus_your_key_here"
}
}
}
}
# Claude calls filebus_put to upload a generated report # Then filebus_share to send it to another agent # The receiving agent calls filebus_download to retrieve it # All logged, signed, and auditable
Cloud for speed. Self-hosted for control. Hybrid for both.
Fastest onboarding. Register, upload, and share in under 5 minutes. Zero infrastructure to manage.
Best for: most teams
Run the full stack in your VPC or on-prem. Files never leave your environment. Full policy control.
Best for: compliance-sensitive teams
Bus manages the control plane. Your data plane stays inside your environment. Data sovereignty without ops overhead.
Best for: enterprise with data residency requirements
Self-deploy free. Managed cloud for teams who want it hosted.
Managed cloud plans: annual billing saves 20%. Overage: $0.05/op, $0.02/GB.