Skill: Fast.io

Owner: dbalve

Summary: Workspaces for agentic teams. Complete agent guide with all 19 consolidated tools using action-based routing — parameters, workflows, ID formats, and constra...

Tags: ai-chat:1.15.0, collaboration:1.15.0, file-sharing:1.15.0, latest:1.105.0, latest cloud-storage:1.15.0, mcp:1.15.0, productivity:1.15.0, rag:1.15.0

Version history:

v1.105.0 | 2026-02-26T23:38:17.549Z | user

fast-io v1.94.2 → v1.105.0

• Updated version metadata in the manifest and agent guide to 1.105.0/1.104.
• Refreshed the "Last Updated" date in documentation (now 2026-02-26).
• No other user-visible changes noted.

v1.94.1 | 2026-02-23T20:43:31.090Z | user

Summary:
Major update introducing widget support, new resource types, and workflow changes.

• Added support for interactive HTML5 app widgets, now discoverable and launchable via a new widget://* resource namespace and the apps tool.
• MCP resources expanded to include app widget resources (5 widgets available).
• MCP prompts added for app launching (Workspace Picker, File Picker, Workflow Manager, Exchange Setup, Quickshare).
• Number of end-to-end workflows consolidated from 13 to 12.
• Cloud import support removed from description and documentation.
• Metadata version bumped from 1.84.0 to 1.94.0; guide, endpoints, and lists updated accordingly.

v1.84.0 | 2026-02-19T22:50:02.772Z | user

• Added support for a new (19th) consolidated tool, expanding the API surface.
• Introduced cloud import from external storage providers as a core platform feature.
• Resource listing improvements: increased workspace/share coverage to 10 each and now list up to 25 recent root files per workspace/share.
• Revised documentation to cover 13 end-to-end workflows (up from 12), cloud import, and refined tool/action details.
• Description and guide updated to reflect new features, including real-time collaboration and expanded workflow primitives.

v1.80.0 | 2026-02-18T23:30:24.955Z | user

• Updated version from 1.73.0 to 1.80.0.
• Added dynamic resource listing for workspace and share files; authenticated users can browse and discover files via resources/list, with results cached for 1 minute.
• Clarified that only root-level files are listed via resources/list; subdirectory browsing requires the storage tool.
• Resource list entries now include file name, workspace/share name, file size, and MIME type.
• Improved SKILL.md version metadata and documentation to reflect new features.

v1.73.0 | 2026-02-18T14:43:57.078Z | user

Fast-io 1.73.0 — Major update with expanded tools and workflow capabilities

• Increased number of consolidated tools from 14 to 18, covering the full Fast.io API surface.
• Expanded the guide's coverage: now includes 12 end-to-end workflows (up from 10), with additional focus on workflow and collaboration primitives.
• Added detailed support for workflow primitives: tasks, worklogs, approvals, and todos.
• Increased the number of guided prompts for multi-step operations from 6 to 9.
• Documentation and guide now reflect new capabilities, feature set, and tool parameters.
• Updated agent plan, API, and workflow documentation for greater clarity and operational completeness.

v1.68.0 | 2026-02-16T20:53:15.927Z | user

fast-io 1.68.0 Changelog

• Updated the skill version and documentation from 1.64.x to 1.68.x.
• Minor documentation update: clarified the "Finding the right file in a large collection" row to say "Semantic search finds documents by meaning, not just filename."
• Guide "Last Updated" and version number reflect new release date (2026-02-16).
• No changes to code or functionality were detected.

v1.64.0 | 2026-02-14T20:50:16.637Z | user

fast-io 1.54.1 Changelog

• No file changes detected in this release.
• Only the version metadata was updated (from 1.54.0 to 1.64.0) in SKILL.md.
• Documentation has been brought up to date to reflect the latest platform version.

v1.54.0 | 2026-02-13T19:09:51.944Z | user

• Expanded positioning from a cloud file management platform to "workspaces for agentic teams," supporting collaboration between agents and humans.
• Guide and platform documentation updated to version 1.54, with detailed coverage of team workspaces, agent collaboration, and activity feeds.
• MCP resources now include session scopes and agent names in status, enabling richer authentication and agent identification.
• New guided prompt for structured metadata workflows, including template creation, value setting, AI extraction, and metadata-based queries.
• Description, overview, and problem/solution sections revised to emphasize real-time collaboration, shared workspaces, and agent-to-agent coordination.
• All 14 consolidated tools, workflows, and platform documentation remain available under a free agent plan with 50 GB storage and 5,000 monthly credits.

v1.43.0 | 2026-02-09T19:07:51.058Z | user

No user-facing changes in this release.

• Version bumped from 1.41.0 to 1.43.0 in documentation only.
• No file or functionality changes detected.

v1.41.0 | 2026-02-08T19:21:25.503Z | user

• Version updated to 1.41.0 with comprehensive guide refresh.
• Agent guide now versioned "1.41", dated 2026-02-08.
• Updated prompt list: prompts reduced from 8 to 5, focusing on onboarding, file addition, AI chat, agent-human comments, and activity catch-up.
• Prompt descriptions revised for improved clarity and coverage of new authentication and collaboration workflows.
• Metadata updated to reflect the new version.
• No code or functional changes detected; documentation only.

v1.39.1 | 2026-02-07T16:07:49.231Z | user

Major update: Migrated to consolidated toolset (action-based routing) and overhauled documentation.

• Reduced tool count from 258 to 14 by consolidating actions in each tool (action-based routing).
• Updated documentation and workflows to reference the new consolidated actions instead of separate tools for each endpoint.
• Improved descriptions of tool parameters, workflows, and authentication flows for clarity with the new architecture.
• Updated versioning and resource references to track and document breaking changes moving forward.
• Cleaned up obsolete, split tool references and detailed migration advice for developers.

v1.39.0 | 2026-02-07T16:05:13.894Z | user

fast-io 1.35.1

• No file changes were detected in this version.
• No user-facing updates or bug fixes are included.
• Version bump only; functionality remains unchanged.

v1.35.0 | 2026-02-06T17:37:06.618Z | user

fast-io 1.31.1

• Documentation updated to skill version 1.35.0 and platform capabilities as of 2026-02-06.
• Clarified description and free agent plan: storage reduced to 50 GB (was 100 GB); number of tools adjusted to 258 (was 266).
• Expanded and reorganized documentation: clearer guide to agent and human account options, key workflows, and how to use the platform.
• Updated references to tool endpoints, authentication methods, and available features.
• No code or logic changes; update is documentation only.

v1.31.0 | 2026-02-06T14:01:56.267Z | user

Version 1.31.0 of fast-io

• No file changes detected in this release.
• Skill definition, description, features, and workflows remain unchanged from previous version.

v1.30.1 | 2026-02-06T13:26:32.244Z | user

fast-io 1.30.1

• Updated agent guide reference: The complete guide (now covering 266 tools) is served directly by the MCP server at the /skill.md endpoint.
• Toolset expanded from 257 to 266 available tools.
• Enhanced file upload: Added native binary upload via blob references (blob_ref), reducing base64 overhead for binary files.
• Updated documentation to clarify chunk upload options: support for content (text), blob_ref (preferred binary), and data (legacy base64).
• Minor documentation adjustments for versioning clarity and structure.

v1.30.0 | 2026-02-06T13:19:37.458Z | user

fast-io 1.25.1 → 1.27.0

• Updated skill version from 1.25.0 to 1.27.0 in metadata.
• Clarified file upload instructions: use the data parameter only for base64-encoded binary files, not for plain text.
• Improved upload-chunk documentation to distinguish between text (content) and binary (data) handling.
• No changes to files; updates reflect improved documentation and workflow guidance.

v1.25.0 | 2026-02-05T18:48:06.569Z | user

fast-io 1.20.1 Changelog

• Added MCP resource endpoints for agent guide and session authentication state.
• Introduced 8 guided MCP prompts for onboarding, file upload, AI chat, branding, and more.
• Updated binary file upload flow: upload-chunk now accepts optional base64 data.
• Documentation improvements and clearer workflow summaries.
• Version metadata updated to 1.25.0.

v1.20.0 | 2026-02-04T22:38:20.813Z | user

AI chat is now read-only, and file upload tools have been updated for more flexible handling.

• AI chat can only read and analyze file content; it cannot modify files, settings, members, or events. All non-read actions require MCP tools.
• Added a dedicated tool for single-step uploads of text files (upload-text-file), streamlining creation of code, markdown, CSV, and similar documents.
• Updated chunked file upload workflow for binary and large files, now requiring explicit session creation and chunk management.
• Tool count increased from 256 to 257.
• Documentation and capability descriptions clarified, especially concerning AI chat limitations and file upload recommendations.
• Version updated to 1.20.0.

v1.18.0 | 2026-02-04T21:36:37.730Z | user

fast-io 1.18.0

• Added clear instructions to always use both list-orgs (internal orgs) and orgs-external (external orgs via workspace membership) for comprehensive organization discovery.
• Updated documentation to highlight org discovery patterns and prevent agents from missing external orgs.
• Metadata version bumped to 1.18.0.
• Removed outdated reference file and added new documentation references.

v1.17.0 | 2026-02-04T20:23:16.770Z | user

Version 1.17.0 highlights:

• Added a prominent link and directive to fetch the full agent guide from https://mcp.fast.io/skill.md at the start of every session.
• Clarified that the included documentation is only a summary, not a complete reference.
• No other content or workflow changes detected.

v1.16.0 | 2026-02-04T20:18:16.722Z | user

fast-io 1.16.0 is a version bump with no file changes from 1.15.1.

• Version updated from 1.15.0 to 1.16.0 in metadata.
• No functional or documentation changes detected.

v1.15.0 | 2026-02-04T20:10:28.506Z | user

fast-io 1.15.0

• Expanded documentation in SKILL.md, detailing platform features and capabilities.
• Clarified account creation and authentication workflows for agent and human users.
• Outlined advanced file management, sharing options, and AI chat/query tools.
• Listed free agent plan limits, credit usage, and supported tool categories.
• Provided clear integration details for endpoints, storage, and collaboration features.

Archive index:

Archive v1.105.0: 3 files, 91517 bytes

Files: references/REFERENCE.md (115552b), SKILL.md (166593b), _meta.json (128b)

File v1.105.0:SKILL.md

---

name: fast-io description: >- Workspaces for agentic teams. Complete agent guide with all 19 consolidated tools using action-based routing — parameters, workflows, ID formats, and constraints. Use this skill when agents need shared workspaces to collaborate with other agents and humans, create branded shares (Send/Receive/Exchange), or query documents using built-in AI. Supports ownership transfer to humans, workspace management, workflow primitives (tasks, worklogs, approvals, todos), and real-time collaboration. Free agent plan with 50 GB storage and 5,000 monthly credits. license: Proprietary compatibility: >- Requires network access. Connects to the Fast.io MCP server at mcp.fast.io via Streamable HTTP (/mcp) or SSE (/sse). metadata: author: fast-io version: "1.105.0" homepage: "https://fast.io"

Fast.io MCP Server -- AI Agent Guide

Version: 1.104 Last Updated: 2026-02-26

The definitive guide for AI agents using the Fast.io MCP server. Covers why and how to use the platform: product capabilities, the free agent plan, authentication, core concepts (workspaces, shares, intelligence, previews, comments, URL import, metadata, workflow, ownership transfer), 12 end-to-end workflows, interactive MCP App widgets, and all 19 consolidated tools with action-based routing.

Versioned guide. This guide is versioned and updated with each server release. The version number at the top of this document tracks tool parameters, ID formats, and API behavior changes. If you encounter unexpected errors, the guide version may have changed since you last read it.

Platform reference. For a comprehensive overview of Fast.io's capabilities, the agent plan, key workflows, and upgrade paths, see references/REFERENCE.md.

---

1. Overview

Workspaces for Agentic Teams. Collaborate, share, and query with AI -- all through one API, free.

Fast.io provides workspaces for agentic teams -- where agents collaborate with other agents and with humans. Upload outputs, create branded data rooms, ask questions about documents using built-in AI, and hand everything off to a human when the job is done. No infrastructure to manage, no subscriptions to set up, no credit card required.

The Problem Fast.io Solves

Agentic teams -- groups of agents working together and with humans -- need a shared place to work. Today, agents cobble together S3 buckets, presigned URLs, email attachments, and custom download pages. Every agent reinvents collaboration, and there is no shared workspace where agents and humans can see the same files, track activity, and hand off work.

When agents need to understand documents -- not just store them -- they have to download files, parse dozens of formats, build search indexes, and manage their own RAG pipeline. That is a lot of infrastructure for what should be a simple question: "What does this document say?"

| Problem | Fast.io Solution | |---------|-----------------| | No shared workspace for agentic teams | Workspaces where agents and humans collaborate with file preview, versioning, and AI | | Agent-to-agent coordination lacks structure | Shared workspaces with activity feeds, comments, and real-time sync across team members | | Sharing outputs with humans is awkward | Purpose-built shares (Send, Receive, Exchange) with link sharing, passwords, expiration | | Collecting files from humans is harder | Receive shares let humans upload directly to your workspace -- no email attachments | | Understanding document contents | Built-in AI reads, summarizes, and answers questions about your files | | Building a RAG pipeline from scratch | Enable intelligence on a workspace and documents are automatically indexed, summarized, and queryable | | Finding the right file in a large collection | Semantic search finds documents by meaning, not just filename | | Handing a project off to a human | One-click ownership transfer -- human gets the org, agent keeps admin access | | Tracking what happened | Full audit trail with AI-powered activity summaries | | Cost | Free. 50 GB storage, 5,000 monthly credits, no credit card |

MCP Server

This MCP server exposes 19 consolidated tools that cover the full Fast.io REST API surface. Every authenticated API endpoint has a corresponding tool action, and the server handles session management automatically.

Once a user authenticates, the auth token is stored in the server session and automatically attached to all subsequent API calls. There is no need to pass tokens between tool invocations.

Server Endpoints

• Production: mcp.fast.io
• Development: mcp.fastdev1.com

Two transports are available on each:

• Streamable HTTP at /mcp -- the preferred transport for new integrations.
• SSE at /sse -- a legacy transport maintained for backward compatibility.

MCP Resources

The server exposes static MCP resources, widget resources, and file download resource templates. Clients can read them via resources/list and resources/read:

| URI | Name | Description | MIME Type | |-----|------|-------------|-----------| | skill://guide | skill-guide | Full agent guide (this document) with all 19 tools, workflows, and platform documentation | text/markdown | | session://status | session-status | Current authentication state: authenticated boolean, user_id, user_email, token_expires_at (Unix epoch), token_expires_at_iso (ISO 8601), scopes (raw scope string or null), scopes_detail (array of hydrated scope objects with entity names/domains/parents, or null), agent_name (string or null) | application/json | | widget://* | Widget HTML | Interactive HTML5 widgets (5 total) -- use the apps tool to discover and launch | text/html |

File download resource templates -- read file content directly through MCP without needing external HTTP access:

| URI Template | Name | Auth | Dynamic Listing | Description | |---|---|---|---|---| | download://workspace/{workspace_id}/{node_id} | download-workspace-file | Session token | Yes | Download a file from a workspace | | download://share/{share_id}/{node_id} | download-share-file | Session token | Yes | Download a file from a share | | download://quickshare/{quickshare_id} | download-quickshare-file | None (public) | No | Download a quickshare file |

Files up to 50 MB are returned inline as base64-encoded blob content. Larger files return a text fallback with a URL to the HTTP pass-through endpoint (see below). The download tool responses include a resource_uri field with the appropriate URI for each file.

Dynamic resource listing: When authenticated, workspace and share file resources are dynamically listed via resources/list. MCP clients (such as Claude Desktop's @ mention picker) can discover available files without any tool calls. Up to 10 workspaces and 10 shares are enumerated, with up to 25 most recently updated root-level files from each. Resources appear as "WorkspaceName / filename.ext" or "ShareTitle / filename.ext". Results are cached for 1 minute per session. Only root-level files are listed -- subdirectories are not recursively enumerated. Use the storage tool with action list to browse deeper. The quickshare template remains template-only and is not dynamically enumerable.

MCP Prompts

The server registers MCP prompts that appear in the client's "Add From" / "+" menu as user-clickable app launchers. These are primarily for desktop MCP clients (e.g., Claude Desktop); code-mode clients (Claude Code, Cursor) do not surface prompts.

| Prompt Name | Description | |---|---| | App: Choose Workspace or Org | Launch the Workspace Picker to browse orgs, select workspaces, and manage shares | | App: Pick a File | Launch the File Picker with built-in workspace navigator for browsing, searching, and selecting files | | App: Open Workflow | Launch the Workflow Manager (auto-selects workspace if only one, otherwise opens Workspace Picker first) | | App: Available Apps | List all available MCP App widgets with descriptions and launch instructions |

HTTP File Pass-Through

For files larger than 50 MB or when raw binary streaming is needed, the server provides an HTTP pass-through endpoint that streams file content directly from the API:

| Endpoint | Auth | Description | |---|---|---| | GET /file/workspace/{workspace_id}/{node_id} | Mcp-Session-Id header | Stream a workspace file | | GET /file/share/{share_id}/{node_id} | Mcp-Session-Id header | Stream a share file | | GET /file/quickshare/{quickshare_id} | None (public) | Stream a quickshare file |

The response includes proper Content-Type, Content-Length, and Content-Disposition headers from the upstream API. Errors are returned as HTML pages. The Mcp-Session-Id header is the same session identifier used for MCP protocol communication.

Workflow Overview

The server includes workflow features for project tracking: tasks (structured work items with priorities and assignees), worklogs (append-only activity logs), approvals (formal sign-off requests), and todos (simple checklists). Enable workflow on a workspace with workspace action enable-workflow before using these tools. See the Full Agent Workflow recipe in section 6 for the complete pattern.

Best practice (IMPORTANT): After state-changing actions (uploading files, creating shares, changing task status, member changes, file moves/deletes), append a worklog entry describing what you did and why. Without worklog entries, agent work is invisible to humans reviewing the workspace. For multiple related actions (e.g., uploading several files), you may log once after the batch completes rather than after each individual action. Worklog entries are append-only and permanent.

Additional References

• Agent guide (this file): /skill.md on the MCP server -- tool documentation, workflows, and constraints.
• REST API reference: https://api.fast.io/llms.txt -- endpoint documentation for the underlying Fast.io API.
• Platform guide: references/REFERENCE.md -- capabilities, agent plan details, key workflows, and upgrade paths.

---

2. Authentication (Critical First Step)

Authentication is required before calling any tool except these unauthenticated tools:

• auth with actions: signin, signup, set-api-key, pkce-login, email-check, password-reset-request, password-reset
• download with action: quickshare-details

Choosing the Right Approach

There are three ways to use Fast.io as an agent, depending on whether you are operating autonomously or assisting an existing human user.

Option 1: Autonomous Agent -- Create an Agent Account

If you are operating independently (storing files, running workflows, building workspaces for users), create your own agent account with auth action signup. Agent accounts get the free agent plan (50 GB, 5,000 monthly credits) and can transfer orgs to humans when ready. This is the recommended path for autonomous agents. See Agent Account Creation below for steps.

Option 2: Assisting a Human -- Use Their API Key

If a human already has a Fast.io account and wants your help managing their files, workspaces, or shares, they can create an API key for you to use. No separate agent account is needed -- you operate as the human user. The human creates a key at Settings -> Devices & Agents -> API Keys (direct link: https://go.fast.io/settings/api-keys). Call auth with action set-api-key and the key to authenticate -- the key is validated and stored in the session automatically. API keys work as Bearer tokens and by default have the same permissions as the account owner. Keys can optionally be scoped to specific organizations, workspaces, or shares (using the same scope system as OAuth tokens), tagged with an agent_name for tracking, and given an expiration date. Unscoped keys do not expire unless revoked. Agents can also manage API keys programmatically with auth actions api-key-create, api-key-update, api-key-list, api-key-get, and api-key-delete.

Option 3: Agent Account Invited to a Human's Org

If you want your own agent identity but need to work within a human's existing organization, create an agent account with auth action signup, then have the human invite you to their org with member action add (entity_type org) or to a workspace with member action add (entity_type workspace). Alternatively the human can invite via the UI: Settings -> Your Organization -> Manage People. This gives you access to their workspaces and shares while keeping your own account separate. After accepting invitations with user action accept-all-invitations, use auth action signin to authenticate normally. Note: If the human only invites you to a workspace (not the org), the org will appear as external -- see Internal vs External Orgs in the Organizations section.

Option 4: Browser Login (PKCE)

If you prefer not to send a password through the agent, use browser-based PKCE login. Call auth action pkce-login (optionally with an email hint) to get a login URL. The user opens the URL in a browser, signs in (email/password or SSO like Google/Microsoft), and approves access. The browser displays an authorization code which the user copies back to the agent. Call auth action pkce-complete with the code to finish signing in. This is the most secure option -- no credentials pass through the agent.

PKCE login supports optional scoped access via the scope_type parameter. By default, scope_type is "user" (full account access). Other scope types restrict the token to specific entity types:

| scope_type | Access granted | |------------|---------------| | user | Full account access (default) | | org | User selects specific organizations | | workspace | User selects specific workspaces | | all_orgs | All organizations the user belongs to | | all_workspaces | All workspaces the user has access to | | all_shares | All shares the user is a member of (share:*:<mode>) |

Scope inheritance: Broader scopes include access to child entities automatically:

• all_orgs includes all orgs + all workspaces + all shares within those orgs
• all_workspaces includes all workspaces + all shares within those workspaces
• org scope on a specific org includes access to all workspaces and shares within that org
• workspace scope on a specific workspace includes access to shares within that workspace
• all_shares grants direct access to all shares the user has membership in, bypassing workspace/org inheritance

The agent_name parameter controls what the user sees on the approval screen -- the screen displays "[agent_name] will act on your behalf". If omitted, only the client name is shown. Use a descriptive name so the user knows which agent is requesting access.

Approval flow by scope_type:

• user (default): Full account access. The user sees a simple approve/decline prompt with no entity picker.
• org, workspace: The user sees an entity selection screen listing their accessible entities with checkboxes, plus a read-only / read-write toggle. The user picks which entities to grant, then approves or declines.
• all_orgs, all_workspaces, all_shares: The user sees a summary of the wildcard access being requested (no entity picker), then approves or declines.

The MCP server defaults to scope_type="user" for backward compatibility.

| Scenario | Recommended Approach | |----------|---------------------| | Operating autonomously, storing files, building for users | Create an agent account with your own org (Option 1) | | Helping a human manage their existing account | Ask the human to create an API key for you (Option 2) | | Working within a human's org with your own identity | Create an agent account, have the human invite you (Option 3) | | Building something to hand off to a human | Create an agent account, build it, then transfer the org (Option 1) | | Signing in without sending a password through the agent | Browser-based PKCE login (Option 4) |

Credit limits by account type: Agent accounts (Options 1, 3) can transfer orgs to humans when credits run out -- see Ownership Transfer in section 3. Human accounts (Option 2) cannot use the transfer/claim API; direct the human to upgrade their plan at https://go.fast.io/settings/billing or via org action billing-create.

Standard Sign-In Flow

1. Call auth with action signin, email and password.
2. The server returns a JWT auth_token and stores it in the session automatically.
3. All subsequent tool calls use this token without any manual passing.

Agent Account Creation

When creating a new account (Options 1 and 3 above), agents MUST use auth action signup which automatically registers with agent=true. Never sign up as a human account. Agent accounts provide:

• account_type set to "agent"
• Free agent plan assigned automatically
• Transfer/claim workflow enabled for handing orgs off to humans

Steps:

1. Optionally call auth action email-check with the desired email to verify it is available for registration before attempting signup.
2. Call auth action signup with first_name, last_name, email, and password. The agent=true flag is sent automatically by the MCP server.
3. The account is created and a session is established automatically -- the agent is signed in immediately.
4. Verify your email (required before using most endpoints): Call auth action email-verify with email to send a verification code, then call auth action email-verify again with email and email_token to validate the code.
5. No credit card is required. No trial period. No expiration. The account persists indefinitely.

Two-Factor Authentication Flow

1. Call auth action signin with email and password.
2. If the response includes two_factor_required: true, the returned token has limited scope.
3. Call auth action 2fa-verify with the 2FA code (TOTP, SMS, or WhatsApp).
4. The server replaces the limited-scope token with a full-scope token automatically.

Browser Login (PKCE) Flow

1. Call auth action pkce-login (optionally with email to pre-fill the sign-in form, scope_type to request scoped access, and agent_name to identify the agent).
2. The tool returns a login_url -- present it to the user to open in a browser.
3. The user signs in (email/password or SSO).
4. The user sees the approval screen showing the agent_name (or client name if not provided). Depending on scope_type: for user they simply approve; for org/workspace they select specific entities and read-only/read-write access; for all_orgs/all_workspaces/all_shares they review the wildcard access summary.
5. The user clicks Approve. The browser displays an authorization code. The user copies it.
6. Call auth action pkce-complete with the code to exchange it for an access token.
7. The session is established automatically -- all subsequent tool calls are authenticated. If scoped access was granted, scopes and agent_name are included in the response and stored in the session.

Checking Session Status

• auth action status -- checks the local Durable Object session. No API call is made. Returns authentication state, user ID, email, token expiry, scopes, and agent_name.
• auth action check -- validates the token against the Fast.io API. Returns the user ID if the token is still valid.

Session Expiry

JWT tokens last 1 hour. API keys do not expire by default, but can optionally have an expiration set via api-key-create or api-key-update with the key_expires parameter. When a JWT session expires or a time-limited API key expires, tool calls return a clear error indicating that re-authentication is needed. Call auth action signin again to establish a new session. The MCP server does not auto-refresh tokens.

Tip: For long-running sessions, use auth action status to check remaining token lifetime before starting a multi-step workflow. If the token is close to expiring, re-authenticate first to avoid mid-workflow interruptions.

Signing Out

Call auth action signout to clear the stored session from the Durable Object.

---

3. Core Concepts

Organizations

Organizations are top-level containers that collect workspaces. An organization can represent a company, a business unit, a team, or simply your own personal collection. Every user belongs to one or more organizations. Organizations have:

• Workspaces — the file storage containers that belong to the organization.
• Members with roles: owner, admin, member, guest, view.
• Billing and subscriptions managed through Stripe integration.
• Plan limits that govern storage, transfer, AI tokens, and member counts.

Organizations are identified by a 19-digit numeric profile ID or a domain string.

IMPORTANT: When creating orgs, agents MUST use org action create which automatically assigns billing_plan: "agent". This ensures the org gets the free agent plan (50 GB, 5,000 credits/month). Do not use any other billing plan for agent-created organizations.

Org Discovery (IMPORTANT)

To discover all available orgs, agents must call both actions:

1. org action list -- returns internal orgs where you are a direct member (member: true)
2. org action discover-external -- returns external orgs you access via workspace membership only (member: false)

An agent that only checks org action list will miss external orgs entirely and won't discover the workspaces it's been invited to. External orgs are the most common pattern when a human invites an agent to help with a specific project -- they add the agent to a workspace but not to the org itself.

Internal vs External Orgs

Internal orgs (member: true) -- orgs you created or were invited to join as a member. You have org-level access: you can see all workspaces (subject to permissions), manage settings if you're an admin, and appear in the org's member list.

External orgs (member: false) -- orgs you can access only through workspace membership. You can see the org's name and basic public info, but you cannot manage org settings, see other workspaces, or add members at the org level. Your access is limited to the specific workspaces you were explicitly invited to.

Example: A human invites your agent to their "Q4 Reports" workspace. You can upload files, run AI queries, and collaborate in that workspace. But you cannot create new workspaces in their org, view their billing, or access their other workspaces. The org shows up via org action discover-external -- not org action list. If the human later invites you to the org itself, the org moves from external to internal.

Workspaces

Workspaces are file storage containers within organizations. Each workspace has:

• Its own set of members with roles (owner, admin, member, guest).
• A storage tree of files and folders (storage nodes).
• Optional AI features for RAG-powered chat.
• Shares that can be created within the workspace.
• Archive/unarchive lifecycle management.
• 50 GB included storage on the free agent plan, with files up to 1 GB per upload.
• File versioning -- every edit creates a new version, old versions are recoverable.
• Full-text and semantic search -- find files by name or content, and documents by meaning.

Workspaces are identified by a 19-digit numeric profile ID.

Intelligence: On or Off

Workspaces have an intelligence toggle that controls whether AI features are active:

Intelligence OFF -- the workspace is pure file storage. You can still attach files directly to an AI chat conversation (up to 20 files, 200 MB total), but files are not persistently indexed. This is fine for simple storage and sharing where you do not need to query your content.

Intelligence ON -- the workspace becomes an AI-powered knowledge base. Every document and code file uploaded is automatically ingested, summarized, and indexed for RAG. This enables:

• RAG (retrieval-augmented generation) -- scope AI chat to entire folders or the full workspace and ask questions across your indexed documents and code. The AI retrieves relevant passages and answers with citations.
• Semantic search -- find files by meaning, not just keywords. "Show me contracts with indemnity clauses" works even if those exact words do not appear in the filename.
• Auto-summarization -- short and long summaries generated for every indexed document and code file, searchable and visible in the UI.
• Metadata extraction -- AI pulls key metadata from documents automatically.

Coming soon: RAG indexing support for images, video, and audio files. Currently only documents and code are indexed.

Intelligence defaults to ON for workspaces created via the API by agent accounts. If the workspace is only used for file storage and sharing, disable it to conserve credits. If you need to query your content, leave it enabled.

Agent use case: Create a workspace per project or client. Enable intelligence if you need to query the content later. Upload reports, datasets, and deliverables. Invite other agents and human stakeholders. Everything is organized, searchable, and versioned.

For full details on AI chat types, file context modes, AI state, and how intelligence affects them, see the AI Chat section below.

Shares

Shares are purpose-built spaces for exchanging files with people outside your workspace. They can exist within workspaces and have three types:

| Mode | What It Does | Agent Use Case | |------|-------------|----------------| | Send | Recipients can download files | Deliver reports, exports, generated content | | Receive | Recipients can upload files | Collect documents, datasets, user submissions | | Exchange | Both upload and download | Collaborative workflows, review cycles |

Share Features

• Password protection -- require a password for link access
• Expiration dates -- shares auto-expire after a set period
• Download controls -- enable or disable file downloads
• Access levels -- Members Only, Org Members, Registered Users, or Public (anyone with the link)
• Custom branding -- background images, gradient colors, accent colors, logos
• Post-download messaging -- show custom messages and links after download
• Up to 3 custom links per share for context or calls-to-action
• Guest chat -- let share recipients ask questions in real-time
• AI-powered auto-titling -- shares automatically generate smart titles from their contents
• Activity notifications -- get notified when files are sent or received
• Comment controls -- configure who can see and post comments (owners, guests, or both)

Two Storage Modes

When creating a share with share action create, the storage_mode parameter determines how files are stored:

• room (independent storage, default) -- The share has its own isolated storage. Files are added directly to the share and are independent of any workspace. This creates a self-contained data room -- changes to workspace files do not affect the room, and vice versa. Use for final deliverables, compliance packages, archived reports, or any scenario where you want an immutable snapshot.

• shared_folder (workspace-backed) -- The share is backed by a specific folder in a workspace. The share displays the live contents of that folder -- any files added, updated, or removed in the workspace folder are immediately reflected in the share. No file duplication, so no extra storage cost. To create a shared folder, pass storage_mode=shared_folder and folder_node_id={folder_opaque_id} when creating the share. Note: Expiration dates are not allowed on shared folder shares since the content is live.

Both modes look the same to share recipients -- a branded data room with file preview, download controls, and all share features. The difference is whether the content is a snapshot (room) or a live view (shared folder).

Shares are identified by a 19-digit numeric profile ID.

Agent use case: Generate a quarterly report, create a Send share with your client's branding, set a 30-day expiration, and share the link. The client sees a professional, branded page with instant file preview -- not a raw download link.

Storage Nodes

Files and folders are represented as storage nodes. Each node has an opaque ID (a 30-character alphanumeric string, displayed with hyphens, e.g. f3jm5-zqzfx-pxdr2-dx8z5-bvnb3-rpjfm4). The special value root refers to the root folder of a workspace or share, and trash refers to the trash folder.

Key operations on storage nodes: list, create-folder, move, copy, rename, delete (moves to trash), purge (permanently deletes), restore (recovers from trash), search, add-file (link an upload), and add-link (create a share reference).

Nodes have versions. Each file modification creates a new version. Version history can be listed and files can be restored to previous versions.

Conflict resolution (REPLACE by default): When a file operation encounters an existing file with the same name in the target folder, the default behavior is to replace (overwrite) the existing file:

• Upload (addfile) -- silently overwrites the existing file. The previous content is preserved as a version entry, recoverable via storage action version-list / version-restore.
• Move / Copy -- trashes the existing conflicting file, then completes the operation. The old file is recoverable from trash.
• Restore from trash -- trashes the existing conflicting file, then restores.
• Folder conflicts and type mismatches (file vs folder) still fall back to rename (e.g. folder (2)).

This means uploading a file with the same name as an existing file will overwrite it, not create a renamed copy like report (2).pdf. If you need multiple files with the same name to coexist, rename them before uploading.

Notes

Notes are a storage node type (alongside files and folders) that store markdown content directly on the server. They live in the same folder hierarchy as files, are versioned like any other node, and appear in storage listings with type: "note".

Creating and Updating Notes

Create notes with workspace action create-note, read with workspace action read-note, and update with workspace action update-note.

Creating: Provide workspace_id, parent_id (folder opaque ID or "root"), name (must end in .md, max 100 characters), and content (markdown text, max 100 KB).

Reading: Provide workspace_id and node_id. Returns the note's markdown content and metadata.

Updating: Provide workspace_id, node_id, and at least one of name (must end in .md) or content (max 100 KB).

| Constraint | Limit | |------------|-------| | Content encoding | Valid UTF-8 (UTF8MB4). Invalid byte sequences and control characters (\p{C} except \t, \n, \r) are stripped. | | Content size | 100 KB max | | Filename | 1-100 characters, must end in .md | | Markdown validation | Code blocks and emphasis markers must be balanced | | Rate limit | 2 per 10s, 5 per 60s |

Notes as Long-Term Knowledge Grounding

In an intelligent workspace, notes are automatically ingested and indexed just like uploaded documents. This makes notes a way to bank knowledge over time -- any facts, context, or decisions stored in notes become grounding material for future AI queries.

When an AI chat uses folder scope (or defaults to the entire workspace), notes within that scope are searched alongside files. The AI retrieves relevant passages from notes and cites them in answers.

Key behaviors:

• Notes are ingested for RAG when workspace intelligence is enabled
• Notes within a folder scope are included in scoped queries
• Notes with ai_state: ready are searchable via RAG
• Notes can also be attached directly to a chat via files_attach (check ai.attach is true in storage details)

Use cases:

• Store project context, decisions, and rationale. Months later, ask "Why did we choose vendor X?" and the AI retrieves the note.
• Save research findings in a note. Future AI chats automatically use those findings as grounding.
• Create reference documents (style guides, naming conventions) that inform all future AI queries in the workspace.

Other Note Operations

Notes support the same storage operations as files and folders: move (via storage action move), copy (storage action copy), delete/trash (storage action delete), restore (storage action restore), version history (storage action version-list), and details (storage action details).

Linking Users to Notes

• Note in workspace context (opens workspace with note panel): https://{domain}.fast.io/workspace/{folder_name}/storage/root?note={note_id}
• Note preview (standalone view): https://{domain}.fast.io/workspace/{folder_name}/preview/{note_id}

AI Chat

AI chat lets agents ask questions about files stored in workspaces and shares. Two chat types are available, each with different file context options.

AI chat is read-only. It can read, analyze, search, and answer questions about file contents, but it cannot modify files, change workspace settings, manage members, or access events. Any action beyond reading file content — uploading, deleting, moving files, changing settings, managing shares, reading events — must be done through the MCP tools directly. Do not attempt to use AI chat as a general-purpose tool for workspace management.

Two Chat Types

• chat — Basic AI conversation with no file context from the workspace index. Use for general questions only.
• chat_with_files — AI grounded in your files. Two mutually exclusive modes for providing file context:
  • Folder/file scope (RAG) — limits the retrieval search space. Requires intelligence enabled; files must be in ready AI state.
  • File attachments — files read directly by the AI. No intelligence required; files must have ai.attach: true in storage details (the file must be a supported type for AI analysis). Max 20 files, 200 MB total.

Auto-promotion: If you create a chat with type=chat but include files_scope, folders_scope, or files_attach, the system automatically promotes the type to chat_with_files. You don't need to worry about setting the type exactly right — the intent is unambiguous when file parameters are present.

Both types augment answers with web knowledge when relevant.

File Context: Scope vs Attachments

For chat_with_files, choose one of these mutually exclusive approaches:

| Feature | Folder/File Scope (RAG) | File Attachments | |---------|------------------------|------------------| | How it works | Limits RAG search space | Files read directly by AI | | Requires intelligence | Yes | No | | File readiness requirement | ai_state: ready | ai.attach: true | | Best for | Many files, knowledge retrieval | Specific files, direct analysis | | Max references | 100 folder refs (subfolder tree expansion) or 100 file refs | 20 files / 200 MB | | Default (no scope given) | Entire workspace | N/A |

Scope parameters (REQUIRES intelligence — will error if intelligence is off):

• folders_scope — comma-separated nodeId:depth pairs (depth 1-10, max 100 subfolder refs). Defines a search boundary — the RAG backend finds documents within scoped folders automatically. Just pass folder IDs with depth; do not enumerate individual files. A folder with thousands of files and few subfolders works fine.
• files_scope — comma-separated nodeId:versionId pairs (max 100). Limits RAG to specific indexed files. nodeId is required; versionId is required in the pair format but will be auto-resolved to the node's current version if left empty (e.g., nodeId: with nothing after the colon). Get versionId from the file's version field in storage action list or details responses.
• If neither is specified, the default scope is the entire workspace (all indexed documents). This is the recommended default — omit scope parameters unless you specifically need to narrow the search.

Attachment parameter (no intelligence required):

• files_attach — comma-separated nodeId:versionId pairs (max 20, 200 MB total). nodeId is required; versionId will be auto-resolved to the current version if left empty. Files are read directly, not via RAG. FILES ONLY: passing a folder nodeId returns a 406 error. To include folder contents in AI context, use folders_scope instead (requires intelligence). Only files with ai.attach: true in storage details can be attached — check before using.

Do not list folder contents and pass individual file IDs as files_scope when you mean to search a folder — use folders_scope with the folder's nodeId instead. files_scope is only for targeting specific known file versions.

Scope vs attach: files_scope and folders_scope narrow the RAG search boundary and require workspace intelligence to be enabled — they will error on non-intelligent workspaces. files_attach sends files directly to the AI without indexing and works regardless of intelligence setting, but accepts only file nodeIds (not folders).

files_scope/folders_scope and files_attach are mutually exclusive — sending both will error.

Intelligence and AI State

The workspace intelligence toggle (see Workspaces above) controls whether uploaded documents and code files are auto-ingested, summarized, and indexed for RAG. When intelligence is enabled, each file has an ai_state indicating its readiness:

| State | Meaning | |-------|---------| | disabled | AI processing disabled for this file | | pending | Queued for processing | | in_progress | Currently being ingested and indexed | | ready | Complete — available for folder/file scope queries | | failed | Processing failed |

Only files with ai_state: ready are included in folder/file scope searches. Check file state via storage action details with context_type: "workspace".

Attachability — the ai.attach Flag

File nodes in storage list/details responses include an ai object with three fields:

| Field | Type | Meaning | |-------|------|---------| | ai.state | string | AI indexing state (disabled, pending, inprogress, ready, failed) | | ai.attach | boolean | Whether the file can be used with files_attach | | ai.summary | boolean | Whether the file already has an AI-generated summary |

Before using files_attach, check that ai.attach is true. A file is attachable when its type supports AI analysis (documents, code, images, PDFs, spreadsheets, etc.) or when it already has a summary from prior processing. Files with ai.attach: false (unsupported formats, corrupt files, or files still processing) will be rejected by the API.

This flag is independent of the workspace intelligence setting — a file can have ai.attach: true even when intelligence is off.

When to enable intelligence: You need scoped RAG queries, cross-file search, auto-summarization, or a persistent knowledge base.

When to disable intelligence: The workspace is for storage/sharing only, or you only need to analyze specific files via attachments. Saves credits (ingestion costs 10 credits/page).

Even with intelligence off, chat_with_files with file attachments still works for files with ai.attach: true.

How to Phrase Questions

With folder/file scope (RAG): Write questions likely to match content in indexed files. The AI searches the scope, retrieves passages, and cites them.

• Good: "What are the payment terms in the vendor contracts?"
• Good: "Summarize the key findings from the Q3 analysis reports"
• Bad: "Tell me about these files" — too vague, no specific content to match
• Bad: "What's in this workspace?" — cannot meaningfully search for "everything"

With file attachments: Be direct — the AI reads the full file content. No retrieval step.

• "Describe this image in detail"
• "Extract all dates and amounts from this invoice"
• "Convert this CSV data into a summary table"

Personality: The personality parameter controls the tone and length of AI responses. Pass it when creating a chat or sending a message:

• concise — short, brief answers
• detailed — comprehensive answers with context and evidence (default)

Use concise when you need a quick fact, a yes/no answer, or a brief summary. Use detailed (or omit the parameter) when you need thorough analysis with supporting evidence and citations. The personality can also be overridden per follow-up message.

Controlling verbosity in questions: You can also guide verbosity through how you phrase the question itself:

• "In one sentence, what is the main conclusion of this report?"
• "List only the file names that mention GDPR compliance, no explanations"
• "Give me a brief summary — 2-3 bullet points max"

Combining personality: "concise" with a direct question produces the shortest answers and uses the fewest AI credits.

Chat Parameters

Create a chat with ai action chat-create (with context_type: "workspace") or ai action chat-create (with context_type: "share"):

• type (required) — chat or chat_with_files
• query_text (required for workspace, optional for share) — initial message, 2-12,768 characters
• personality (optional) — concise or detailed (default: detailed)
• privacy (optional) — private or public (default: public)
• files_scope (optional) — nodeId:versionId,... (max 100, requires chat_with_files + intelligence). nodeId required; versionId auto-resolved if empty. Omit to search all indexed documents (recommended default).
• folders_scope (optional) — nodeId:depth,... (depth 1-10, max 100 subfolder refs, requires chat_with_files + intelligence). Folder scope = search boundary, not file enumeration. Omit to search all indexed documents (recommended default).
• files_attach (optional) — nodeId:versionId,... (max 20 / 200 MB, nodeId required, versionId auto-resolved if empty, mutually exclusive with scope params)

Follow-up Messages

Send follow-ups with ai action message-send (with context_type: "workspace" or "share"). The chat type is inherited from the parent chat. Each follow-up can update the scope, attachment, and personality parameters.

Waiting for AI Responses

After creating a chat or sending a message, the AI response is asynchronous. Message states progress: ready → in_progress → complete (or errored).

Recommended: Call ai action message-read (with context_type: "workspace" or "share") with the returned message_id. The tool polls automatically (up to 15 attempts, 2-second intervals, ~30 seconds). If the response is still processing after that window, use event action activity-poll with the workspace/share ID instead of calling the read action in a loop — see Activity Polling in section 7.

Response Citations

Completed AI responses include citations pointing to source files:

• nodeId — storage node opaque ID
• versionId — file version opaque ID
• entries[].page — page number
• entries[].snippet — text excerpt
• entries[].timestamp — audio/video timestamp

Linking Users to AI Chats

Append ?chat={chat_opaque_id} to the workspace storage URL:

https://{domain}.fast.io/workspace/{folder_name}/storage/root?chat={chat_id}

Share AI Chats

Shares support AI chat with identical capabilities. All workspace AI endpoints have share equivalents accessible via ai actions with context_type: "share".

AI Share / Export

Generate temporary markdown-formatted download URLs for files that can be pasted into external AI tools (ChatGPT, Claude, etc.). Use ai action share-generate (with context_type: "workspace" or "share"). URLs expire after 5 minutes. Limits: 25 files maximum, 50 MB per file, 100 MB total.

Profile IDs

Organizations, workspaces, and shares are all identified by 19-digit numeric profile IDs. These appear throughout the tool parameters as workspace_id, share_id, org_id, profile_id, and member_id.

Most endpoints also accept custom names as identifiers: | Profile Type | Numeric ID | Custom Name | |-------------|-----------|-------------| | Workspace | 19-digit ID | Folder name (e.g., my-project) | | Share | 19-digit ID | URL name (e.g., q4-financials) | | Organization | 19-digit ID | Domain name (e.g., acme) | | User | 19-digit ID | Email address (e.g., user@example.com) |

QuickShares

QuickShares are temporary public download links for individual files in workspaces (not available for shares). They can be accessed without authentication. Expires in seconds from creation (default 10,800 = 3 hours, max 86,400 = 24 hours). Max file size: 1 GB. Each quickshare has an opaque identifier used to retrieve metadata and download the file.

File Preview

Files uploaded to Fast.io get automatic preview generation. When humans open a share or workspace, they see the content immediately -- no "download and open in another app" friction.

Supported preview formats:

• Images -- full-resolution with auto-rotation and zoom
• Video -- HLS adaptive streaming (50--60% faster load than raw video)
• Audio -- interactive waveform visualization
• PDF -- page navigation, zoom, text selection
• Spreadsheets -- grid navigation with multi-sheet support
• Code and text -- syntax highlighting, markdown rendering

Use storage action preview-url (with context_type: "workspace" or "share") to generate preview URLs. Use storage action preview-transform (with context_type: "workspace" or "share") for image resize, crop, and format conversion.

Agent use case: Your generated PDF report does not just appear as a download link. The human sees it rendered inline, can flip through pages, zoom in, and comment on specific sections -- all without leaving the browser.

Comments and Annotations

Humans and agents can leave feedback directly on files, anchored to specific content using the reference parameter:

• Image comments -- anchored to spatial regions (normalized x/y/width/height coordinates)
• Video comments -- anchored to timestamps with spatial region selection
• Audio comments -- anchored to timestamps or time ranges
• PDF comments -- anchored to specific pages with optional text snippet selection
• Threaded replies -- single-level threading only; replies to replies are auto-flattened to the parent
• Emoji reactions -- one reaction per user per comment; adding a new reaction replaces the previous one
• Mention tags -- reference users and files inline using bracket syntax: @[profile:id], @[user:opaqueId:Display Name], @[file:fileId:filename.ext]. Get IDs from member lists, user details, or storage listings. The display name segment is optional for profile tags but recommended for user and file tags

Comments use JSON request bodies (Content-Type: application/json), unlike most other endpoints which use form-encoded data.

Listing comments: Use comment action list for per-file comments and comment action list-all for all comments across a workspace or share. Both support sort, limit (2-200), offset, include_deleted, reference_type filter, and include_total.

Adding comments: Use comment action add with profile_type, profile_id, node_id, and text. Optionally include parent_comment_id for replies and reference to anchor to a specific position. Supports mention tags in the body. Two character limits apply: total body including tags max 8,192 chars, display text (body with @[...] tags stripped) max 2,048 chars. Optionally include linked_entity_type and linked_entity_id to link the comment to a task or approval at creation time.

Deleting comments: comment action delete is recursive -- deleting a parent also removes all replies. comment action bulk-delete is NOT recursive -- replies to deleted comments are preserved.

Comment Linking: Comments can be linked to workflow entities (tasks or approvals). Each comment supports one link at a time (nullable). Use comment action link to associate an existing comment with a task or approval, comment action unlink to remove the association, and comment action linked to reverse-lookup all comments linked to a given entity. You can also link at creation time by passing linked_entity_type and linked_entity_id to the add action. Comment responses include linked_entity_type and linked_entity_id fields (null when unlinked).

Linking users to comments: The preview URL opens the comments sidebar automatically. Deep link query parameters let you target a specific comment or position:

| Parameter | Format | Purpose | |-----------|--------|---------| | ?comment={id} | Comment opaque ID | Scrolls to and highlights a specific comment for 2 seconds | | ?t={seconds} | e.g. ?t=45.5 | Seeks to timestamp for audio/video comments | | ?p={pageNum} | e.g. ?p=3 | Navigates to page for PDF comments |

Workspace: https://{org.domain}.fast.io/workspace/{folder_name}/preview/{file_opaque_id}?comment={comment_id}

Share: https://go.fast.io/shared/{custom_name}/{title-slug}/preview/{file_opaque_id}?comment={comment_id}

Parameters can be combined -- e.g. ?comment={id}&t=45.5 to deep link to a video comment at a specific timestamp. In shares, the comments sidebar only opens if the share has comments enable

File v1.105.0:_meta.json

{ "ownerId": "kn74d15nyw6rzrc3fekbs5333d80ha0y", "slug": "fast-io", "version": "1.105.0", "publishedAt": 1772149097549 }

File v1.105.0:references/REFERENCE.md

Fast.io for AI Agents

Version: 1.25.0 | Last updated: 2026-02-21

This guide is available at the /current/agents/ endpoint on the connected API server.

Workspaces for Agentic Teams. Collaborate, share, and query with AI — all through one API, free.

Fast.io provides workspaces for agentic teams — where agents collaborate with other agents and with humans. Upload outputs, create branded data rooms, ask questions about documents using built-in AI, and hand everything off to a human when the job is done. No infrastructure to manage, no subscriptions to set up, no credit card required.

MCP-enabled agents should connect via the Model Context Protocol for the simplest integration — no raw HTTP calls needed.

Connection endpoints:

• Streamable HTTP (recommended): https://mcp.fast.io/mcp
• Legacy SSE: https://mcp.fast.io/sse

The MCP server exposes 19 consolidated tools using action-based routing — each tool covers a domain (e.g., auth, storage, upload) and uses an action parameter to select the operation. See the "MCP Tool Architecture" section below for the full tool list.

MCP-connected agents receive comprehensive workflow guidance through SERVER_INSTRUCTIONS at connection time, and can read resources (resources/read) including skill://guide for full tool documentation, session://status for current authentication state, and download:// resource templates for direct file content retrieval.

This guide covers platform concepts and capabilities; the MCP server provides tool-level details through its standard protocol interface. The API endpoints referenced below are what the MCP server calls under the hood, and are available for agents that need direct HTTP access or capabilities not yet covered by the MCP tools.

---

Why Agents Use Fast.io

The Problem

Agentic teams — groups of agents working together and with humans — need a shared place to work. Today, agents cobble together S3 buckets, presigned URLs, email attachments, and custom download pages. Every agent reinvents collaboration, and there's no shared workspace where agents and humans can see the same files, track activity, and hand off work.

Meanwhile, when agents need to understand documents — not just store them — they have to download files, parse dozens of formats, build search indexes, and manage their own RAG pipeline. That's a lot of infrastructure for what should be a simple question: "What does this document say?"

What Fast.io Solves

| Problem | Fast.io Solution | |----------------------------------------------|---------------------------------------------------------------------------------------------------| | No shared workspace for agentic teams | Workspaces where agents and humans collaborate with file preview, versioning, and AI | | Agent-to-agent coordination lacks structure | Shared workspaces with activity feeds, comments, and real-time sync across team members | | Sharing outputs with humans is awkward | Purpose-built shares (Send, Receive, Exchange) with link sharing, passwords, expiration | | Collecting files from humans is harder | Receive shares let humans upload directly to your workspace — no email attachments | | Understanding document contents | Built-in AI reads, summarizes, and answers questions about your documents and code | | Building a RAG pipeline from scratch | Enable intelligence on a workspace and documents are automatically indexed, summarized, and queryable | | Finding the right file in a large collection | Semantic search finds documents by meaning, not just filename | | Handing a project off to a human | One-click ownership transfer — human gets the org, agent keeps admin access | | Tracking what happened | Full audit trail with AI-powered activity summaries | | Cost | Free. 50 GB storage, 5,000 monthly credits, no credit card |

---

Getting Started — Choosing the Right Account Type

There are two ways to use Fast.io as an agent, depending on whether you're operating autonomously or assisting an existing human user.

Option 1: Autonomous Agent — Create an Agent Account

If you're operating as part of an agentic team (collaborating with other agents, sharing outputs with humans, running workflows), create your own agent account:

1. POST /current/user/ with email_address, password, tos_agree=true, agent=true
2. Authenticate with Basic Auth → get JWT
3. Verify your email address (required before using most endpoints):
   • POST /current/user/email/validate/ with email — sends a verification code to your email
   • POST /current/user/email/validate/ with email and email_token — validates the code and marks your account as verified
4. POST /current/org/create/ with domain (required, 2-80 chars lowercase alphanumeric + hyphens) — an org is a collector of workspaces that can represent a company, team, business unit, or personal collection
5. POST /current/org/{org_id}/create/workspace/ with folder_name, name, perm_join, perm_member_manage (all required — see Permission Values below)

Agent accounts get the free agent plan (50 GB, 5,000 monthly credits) and can transfer orgs to humans when ready. This is the recommended path for autonomous agents.

Permission Values

Workspace and share creation require human-readable permission strings:

Workspace perm_join (who can auto-join from the org):

• 'Member or above' (default) — any org member can join
• 'Admin or above' — only org admins and owners
• 'Only Org Owners' — only org owners

Workspace perm_member_manage (who can manage workspace members):

• 'Member or above' (default) — any workspace member can manage
• 'Admin or above' — only workspace admins and owners

Share access_options (who can access the share):

• 'Only members of the Share or Workspace' (default)
• 'Members of the Share, Workspace or Org'
• 'Anyone with a registered account'
• 'Anyone with the link' (allows password protection)

Option 2: Assisting a Human — Use Their API Key

If a human already has a Fast.io account and wants your help managing their files, workspaces, or shares, they can create an API key for you to use. No separate agent account is needed — you operate as the human user.

How the human creates an API key:

Go to Settings → Devices & Agents → API Keys and click Create API Key. Optionally enter a memo to label the key (e.g., "CI pipeline" or "Agent access"), then click Create. Copy the key immediately — it is only displayed once and cannot be retrieved later. Direct link: https://go.fast.io/settings/api-keys

Use the API key as a Bearer token: Authorization: Bearer {api_key}

The API key has the same permissions as the human user, so you can manage their workspaces, shares, and files directly.

Option 3: Agent Account Invited to a Human's Org

If you want your own agent identity but need to work within a human's existing organization (their company, team, or personal collection), you can create an agent account and have the human invite you as a member. This gives you access to their workspaces and shares while keeping your own account separate.

How the human invites the agent to their org:

Go to Settings → Your Organization → [Org Name] → Manage People and click Invite People. Enter the agent's email address, choose a permission level (Member or Admin), and click Send Invites. The agent account will receive the invitation and can accept it via POST /current/user/invitations/acceptall/.

How the human invites the agent to a workspace:

Open the workspace, click the member avatars in the toolbar, then click Manage Members. Enter the agent's email address, choose a permission level, and optionally check Invite to org to add them to the organization at the same time. Click Send Invites — if the agent isn't already an org member and the toggle is off, they'll need an org invite separately.

Alternatively, the human can invite the agent programmatically:

• Org: POST /current/org/{org_id}/members/{agent_email}/ with permission level
• Workspace: POST /current/workspace/{workspace_id}/members/{agent_email}/ with permission level

Option 4: PKCE Browser Login — Secure Authentication Without Sharing Passwords

For the most secure authentication flow — especially when a human wants to authorize an agent without sharing their password — use the PKCE (Proof Key for Code Exchange) browser login. No credentials pass through the agent at any point.

The client_id can be a pre-registered ID, a dynamically registered ID (via DCR), or an HTTPS URL pointing to a Client ID Metadata Document (CIMD). CIMD is the MCP specification's preferred registration method — the server fetches client metadata from the URL on-the-fly, so no pre-registration is needed.

1. Agent calls POST /current/oauth/authorize/ with PKCE parameters (code_challenge, code_challenge_method=S256, client_id, redirect_uri, response_type=code) — gets back an authorization URL
2. The user opens the URL in their browser, signs in (supports SSO), and approves access
3. The browser displays an authorization code that the user copies back to the agent
4. Agent calls POST /current/oauth/token/ with grant_type=authorization_code, the authorization code, and the PKCE code_verifier — receives an access token and refresh token
5. The agent is now authenticated. Access tokens last 1 hour, refresh tokens last 30 days. Use POST /current/oauth/token/ with grant_type=refresh_token to get new access tokens without repeating the flow.

This is the recommended approach when:

• A human wants to grant agent access without sharing their password
• The organization uses SSO and password-based auth isn't available
• You need the strongest security guarantees (no credentials stored by the agent)

Recommendations

| Scenario | Recommended Approach | |----------|---------------------| | Operating autonomously, storing files, building for users | Create an agent account with your own org (your personal collection of workspaces) | | Helping a human manage their existing account | Ask the human to create an API key for you | | Working within a human's org with your own identity | Create an agent account, have the human invite you | | Building something to hand off to a human | Create an agent account, build it, then transfer the org | | Human wants to authorize an agent without sharing credentials | Use PKCE browser login (Option 4) |

Authentication & Token Lifecycle

All API requests require Authorization: Bearer {token} in the header. How you get that token depends on your access pattern:

JWT tokens (agent accounts): Authenticate with GET /current/user/auth/ using HTTP Basic Auth (email:password). The response includes an auth_token (JWT). OAuth access tokens last 1 hour and refresh tokens last 30 days. When your token expires, re-authenticate to get a new one. If the account has 2FA enabled, the initial token has limited scope until 2FA verification is completed via /current/user/auth/2factor/auth/{token}/.

API keys (human accounts): API keys are long-lived and do not expire unless the human revokes them. No refresh flow needed.

Verify your token: Call GET /current/user/auth/check/ at any time to validate your current token and get the authenticated user's ID. This is useful at startup to confirm your credentials are valid before beginning work, or to detect an expired token without waiting for a 401 error on a real request.

OAuth Scopes — Controlling Access

When using PKCE browser login, you can request scoped access tokens that limit what the agent can do. Scopes follow an inheritance model — broader scopes automatically include access to their children.

Scope types:

| Scope Type | Description | |------------------|-----------------------------------------------------------------------------| | all_orgs | Access to all organizations the user owns or is a member of | | all_workspaces | Access to all workspaces across accessible organizations | | all_shares | Access to all shares across accessible organizations and workspaces |

Inheritance: all_orgs includes all_workspaces, which includes all_shares. Requesting all_orgs grants full access to all orgs, workspaces, and shares the user has access to.

Pass the desired scope_type when initiating the PKCE authorization flow (POST /current/oauth/authorize/). If omitted, the token defaults to full access (equivalent to all_orgs).

Organizations — Collectors of Workspaces

An organization (org) is a collector of workspaces. It can represent a company, a business unit, a team, or simply your own personal collection. Every workspace and share lives under an org, and orgs are the billable entity — storage, credits, and member limits are tracked at the org level.

Internal vs External Orgs

When working with Fast.io, an agent may interact with orgs in two different ways:

Internal orgs — orgs you created or were invited to join as a member. You have org-level access: you can see all workspaces (subject to permissions), manage settings if you're an admin, and appear in the org's member list. Your own orgs always show member: true in API responses.

External orgs — orgs you can access only through workspace membership. If a human invites you to their workspace but does not invite you to their org, the org appears as external. You can see the org's name and basic public info, but you cannot manage org settings, see other workspaces, or add members at the org level. External orgs show member: false in API responses.

This distinction matters because an agent invited to a single workspace cannot assume it has access to the rest of that org. It can only work within the workspaces it was explicitly invited to.

Full org discovery requires both endpoints:

• GET /current/orgs/list/ — returns orgs you are a member of (member: true)
• GET /current/orgs/list/external/ — returns orgs you access via workspace membership only (member: false)

Always call both. An agent that only calls /orgs/list/ will miss every org where it was invited to a workspace but not to the org itself — which is the most common pattern when a human adds an agent to help with a specific project. If you skip /orgs/list/external/, you won't discover those workspaces at all.

Example: A human invites your agent to their "Q4 Reports" workspace. You can upload files, run AI queries, and collaborate in that workspace. But you cannot create new workspaces in their org, view their billing, or access their other workspaces. The org shows up in /orgs/list/external/ — not /orgs/list/.

If the human later invites you to the org itself (via org member invitation), the org moves from external to internal and you gain org-level access based on your permission level.

Pagination

All list endpoints support offset-based pagination via query parameters. Use pagination to keep responses within token limits and iterate through large collections.

Query parameters:

| Parameter | Type | Default | Max | Description | |-----------|------|---------|-----|----------------------------| | limit | int | 100 | 500 | Number of items to return | | offset | int | 0 | — | Number of items to skip |

Response metadata: Every paginated response includes a pagination object:

{
  "pagination": {
    "total": 42,
    "limit": 100,
    "offset": 0,
    "has_more": false
  }
}

Paginating through results:

# First page
GET /current/orgs/list/?limit=10&offset=0
# → pagination.has_more = true, pagination.total = 42

# Second page
GET /current/orgs/list/?limit=10&offset=10
# → pagination.has_more = true

# Continue until has_more = false

Endpoints supporting pagination:

| Endpoint | Collection Key | |------------------------------------------------------|--------------------| | GET /current/orgs/all/ | orgs | | GET /current/orgs/list/ | orgs | | GET /current/orgs/list/external/ | orgs | | GET /current/shares/all/ | shares | | GET /current/workspace/{id}/members/list/ | users | | GET /current/org/{id}/billing/usage/members/list/ | billable_members | | GET /current/workspace/{id}/list/shares/ | shares | | GET /current/user/me/list/shares/ | shares | | GET /current/org/{id}/list/workspaces/ | workspaces | | GET /current/org/{id}/members/list/ | users | | GET /current/workspace/{id}/storage/search/ | files | | GET /current/share/{id}/storage/search/ | files | | GET /current/share/{id}/members/list/ | users |

---

Core Capabilities

1. Workspaces — Shared Spaces for Agentic Teams

Workspaces are where agentic teams do their work. Each workspace has its own storage, member list, AI chat, and activity feed — a shared environment where agents collaborate with other agents and with humans.

• 50 GB included storage on the free agent plan
• Files up to 1 GB per upload
• File versioning — every edit creates a new version, old versions are recoverable
• Folder hierarchy — organize files however you want
• Full-text and semantic search — find files by name or content, and documents by meaning
• Member roles — Owner, Admin, Editor, Viewer with granular permissions
• Real-time sync — changes appear instantly for all members via WebSockets

Intelligence: On or Off

Workspaces have an intelligence toggle that controls whether AI features are active. This is a critical decision:

Intelligence OFF — the workspace stores files without AI indexing. You can still attach files directly to an AI chat conversation (up to 20 files), but files are not persistently indexed. This is fine for coordination workflows where you don't need to query your content.

Intelligence ON — the workspace becomes an AI-powered knowledge base. Every document and code file uploaded is automatically ingested, summarized, and indexed for RAG. This enables:

• RAG (retrieval-augmented generation) — scope AI chat to entire folders or the full workspace and ask questions across your indexed documents and code. The AI retrieves relevant passages and answers with citations.
• Semantic search — find files by meaning, not just keywords. "Show me contracts with indemnity clauses" works even if those exact words don't appear in the filename.
• Auto-summarization — short and long summaries generated for every indexed document and code file, searchable and visible in the UI.
• Metadata extraction — AI pulls structured metadata from documents, code, and images automatically using templates. Assign a template to a workspace, and every document uploaded is automatically extracted against that schema during ingestion. You can also trigger extraction manually or in batch. See section 14 (Metadata) for the full API.

Coming soon: RAG indexing support for images, video, and audio files. Currently only documents and code are indexed.

Intelligence is enabled by default when creating workspaces via the API for agent accounts. If your team only needs a shared workspace for coordination, you can disable it to conserve credits. If you want to query your content — enable it.

Agent use case: Create a workspace per project or client. Enable intelligence if agents or humans need to query the content. Upload reports, datasets, and deliverables. Invite other agents and human stakeholders. Everything is organized, searchable, and versioned — and the whole team can see it.

2. Shares — Structured Agent-Human Exchange

Shares are purpose-built spaces for exchanging files between your agentic team and external humans. Three modes cover every exchange pattern:

| Mode | What It Does | Agent Use Case | |--------------|-------------------------------|-----------------------------------------------| | Send | Recipients can download files | Deliver reports, exports, generated content | | Receive | Recipients can upload files | Collect documents, datasets, user submissions | | Exchange | Both upload and download | Collaborative workflows, review cycles |

Share Features

• Password protection — require a password for link access
• Expiration dates — shares auto-expire after a set period
• Download controls — enable or disable file downloads
• Access levels — 'Only members of the Share or Workspace', 'Members of the Share, Workspace or Org', 'Anyone with a registered account', or 'Anyone with the link'
• Custom branding — background images, gradient colors, accent colors, logos
• Post-download messaging — show custom messages and links after download
• Up to 3 custom links per share for context or calls-to-action
• Guest chat — let share recipients ask questions in real-time
• AI-powered auto-titling — shares automatically generate smart titles from their contents
• Activity notifications — get notified when files are sent or received
• Comment controls — configure who can see and post comments (owners, guests, or both)

Two Storage Modes

When creating a share, you choose a storage_mode that determines how the share's files are managed:

• room (independent storage, default) — the share has its own isolated storage. Files are added directly to the share and are independent of any workspace. This creates a self-contained data room — changes to workspace files don't affect the room, and vice versa. Perfect for final deliverables, compliance packages, archived reports, or any scenario where you want an immutable snapshot.

• shared_folder (workspace-backed) — the share is backed by a specific folder in a workspace. The share displays the live contents of that folder — any files added, updated, or removed in the workspace folder are immediately reflected in the share. No file duplication, so no extra storage cost. To create a shared folder, pass storage_mode=shared_folder and folder_node_id={folder_opaque_id} when creating the share. Note: expiration dates are not allowed on shared folder shares since the content is live.

Both modes look the same to share recipients — a branded data room with file preview, download controls, and all share features. The difference is whether the content is a snapshot (room) or a live view (shared folder).

Agent use case: Generate a quarterly report, create a Send share with your client's branding, set a 30-day expiration, and share the link. The client sees a branded page with instant file preview — not a raw download link.

3. QuickShare — Instant File Handoff

Need to toss a file to someone right now? QuickShare creates a share from a single file with zero configuration. Automatic 30-day expiration. No setup, no decisions.

Agent use case: Debug log, sample output, or quick artifact? QuickShare it and send the link. Done.

4. Built-In AI — Ask Questions About Your Files

Fast.io's AI is a read-only tool — it can read and analyze file contents, but it cannot modify files, change workspace settings, manage members, or read events. It answers questions about your documents, nothing more. For any action beyond reading file content, your agent must use the API or MCP server directly.

Fast.io's AI lets agents query documents through two chat types, with or without persistent indexing. Both types augment file knowledge with information from the web when relevant.

Chat Types

chat — Basic AI conversation. Does not use file context from the workspace index. Use this for general questions or when you don't need to reference stored files.

chat_with_files — AI conversation grounded in your files. This is the type you use when you want the AI to read, analyze, and cite your documents. Requires the workspace to have intelligence enabled if using folder/file scope (RAG). Supports two mutually exclusive modes for providing file context:

1. Folder/file scope (RAG) — limits the search space for retrieval. The AI searches the indexed content of files within the specified scope, retrieves relevant passages, and answers with citations. Requires intelligence enabled and files in ready AI state.

2. File attachments — files are directly attached to the conversation. The AI reads the full content of the attached files. Does not require intelligence — any file with a ready preview can be attached. Max 20 files, 200MB total.

These two modes cannot be combined in a single chat — use scope OR attachments, not both.

Auto-promotion: If you create a chat with type=chat but include files_scope, folders_scope, or files_attach, the system automatically promotes the type to chat_with_files. You don't need to worry about setting the type exactly right — the intent is unambiguous when file parameters are present.

Intelligence Setting — When to Enable It

The intelligence toggle on a workspace controls whether uploaded documents and code files are automatically ingested, summarized, and indexed for RAG.

Enable intelligence when:

• You have many files and need to search across them to answer questions
• You want scoped RAG queries against folders or the entire workspace
• You need auto-summarization and metadata extraction
• You're building a persistent knowledge base

Disable intelligence when:

• You're using the workspace purely for team coordination and file exchange
• You only need to analyze specific files (use file attachments instead)
• You want to conserve credits (ingestion costs 10 credits/page)

Even with intelligence disabled, you can still use chat_with_files with file attachments — any file that has a ready preview can be attached directly to a chat for one-off analysis.

AI State — File Readiness for RAG

Every document and code file in an intelligent workspace has an ai_state field that tracks its ingestion progress:

| State | Meaning | |---------------|---------------------------------------------------| | disabled | AI processing disabled for this file | | pending | Queued for processing | | in_progress | Currently being ingested and indexed | | ready | Processing complete — file is available for RAG | | failed | Processing failed |

Only documents and code files with ai_state: ready are included in folder/file scope searches. If you upload files and immediately create a scoped chat, recently uploaded files may not yet be indexed. Use the activity polling endpoint to wait for ai_state changes before querying.

Folder Scope vs File Attachments

| Feature | Folder/File Scope (RAG) | File Attachments | |----------------------|--------------------------------------------|------------------------------------------| | How it works | Limits RAG search space | Files read directly by AI | | Requires intelligence| Yes | No | | Requires ai_state | Files must be ready | Files must have a ready preview | | Best for | Many files, knowledge retrieval | Specific files, direct analysis | | Max references | 100 folder refs (subfolder tree expansion) | 20 files, 200MB total | | Default behavior | No scope = entire workspace | N/A |

Folder scope parameters:

• folders_scope — comma-separated nodeId:depth pairs (depth 1-10, max 100 subfolder refs). The depth controls how many levels of subfolders are expanded — only subfolder references count toward the 100 limit, not individual files within those folders. The RAG backend automatically searches all indexed documents inside the scoped folders.
• files_scope — comma-separated nodeId:versionId pairs (max 100 refs). nodeId is required; versionId is required in the pair format but will be auto-resolved to the node's current version if left empty (e.g., nodeId: with nothing after the colon). Get the versionId from the file's version field in storage list/details responses. Limits RAG retrieval to specific file versions.
• Default scope is the entire workspace — if you omit both files_scope and folders_scope, the AI searches all indexed documents. This is the recommended approach when you want to query across everything. Only provide scope parameters when you need to narrow the search to specific files or folders.

Important — how folder scope works internally: Folder scope defines a search boundary, not a file list. When you pass folders_scope, the system expands the specified folders into a set of subfolder references up to the given depth. The RAG backend then searches all indexed documents within those folders automatically. You do not need to enumerate or list individual files — just provide the top-level folder ID and the desired depth. A folder containing thousands of files with only a few subfolders will work fine, because only the subfolder references (not file references) count toward the 100 limit. If you need to query the entire workspace, omit folders_scope entirely — the default scope is already the full workspace.

File attachment parameter:

• files_attach — comma-separated nodeId:versionId pairs (max 20 files, 200MB total). nodeId is required; versionId will be auto-resolved to the current version if left empty. Only file nodes are accepted — passing a folder nodeId will be rejected. Files are read directly, not searched via RAG. To include folder contents, use folders_scope instead.

Notes as Knowledge Grounding

Notes are markdown documents created directly in workspace storage via the API (POST /current/workspace/{id}/storage/{folder}/createnote/). In an intelligent workspace, notes are ingested and indexed just like uploaded files. This makes notes a way to store long-term knowledge that becomes grounding material for future AI queries.

Agent use case: Store project context, decision logs, or reference material as notes. When you later ask the AI "What was the rationale for choosing vendor X?", the note containing that decision is retrieved and cited — even months later.

Notes within a folder scope are included in RAG queries when intelligence is enabled.

How to Write Effective Questions

The way you phrase questions depends on whether you're using folder scope (RAG) or file attachments.

With folder/file scope (RAG):

Write questions that are likely to match content in your indexed files. The AI searches the scope for relevant passages, retrieves them, and uses them as citations to answer your question. Think of it as a search query that returns context for an answer.

• Good: "What are the payment terms in the vendor contracts?" — matches specific content in files
• Good: "Summarize the key findings from the Q3 analysis reports" — retrieves relevant sections
• Good: "What risks were identified in the security audit?" — finds specific content to cite
• Bad: "Tell me about these files" — too vague for retrieval, no specific content to match
• Bad: "What's in this workspace?" — the AI can't meaningfully search for "everything"

If no folder scope is specified, the search defaults to all indexed documents in the workspace. For large workspaces, narrowing the scope to specific folders improves relevance and reduces token usage.

With file attachments:

You can be more direct and simplistic since the AI reads the full file content. No retrieval step — the AI has the complete file in context.

• "Describe this image in detail"
• "Extract all dates and amounts from this invoice"
• "Convert this CSV data into a summary table"
• "What programming language is this code written in and what does it do?"

Personality: The personality parameter controls the tone and length of AI responses. Pass it when creating a chat or sending a message:

• concise — short, direct answers with minimal explanation
• detailed — comprehensive answers with context and evidence (default)

This makes a significant difference in response quality for your use case. Agents that need to extract data or get quick answers should use concise to avoid wasting tokens on lengthy explanations. Use detailed when you need thorough analysis with supporting evidence.

You can also control verbosity in the question itself — for example, "In one sentence, summarize this report" or "List only the file names, no explanations." Combining concise personality with direct questions produces the shortest responses.

Waiting for AI Responses

After sending a message, the AI processes it asynchronously. You need to wait for the response to be ready.

Message states:

| State | Meaning | |-------------------|--------------------------------------| | ready | Queued for processing | | in_progress | AI is generating the response | | complete | Response finished | | errored | Processing failed | | post_processing | Finalizing (citations, formatting) |

Option 1: SSE streaming (recommended for real-time display)

GET /current/workspace/{id}/ai/chat/{chat_id}/message/{message_id}/read/

Returns a text/event-stream with response chunks as they're generated. The stream ends with a done event when the response is complete. Response chunks include the AI's text, citations pointing to specific files/pages/snippets, and any structured data (tables, analysis).

Option 2: Activity polling (recommended for background processing)

Don't poll the message endpoint in a loop. Instead, use the activity long-poll:

GET /current/activity/poll/{workspace_id}?wait=95&lastactivity={timestamp}

When ai_chat:{chatId} appears in the activity response, the chat has been updated — fetch the message details to get the completed response. This is the most efficient approach when you don't need to stream the response in real-time.

Option 3: Fetch completed response

GET /current/workspace/{id}/ai/chat/{chat_id}/message/{message_id}/details/

Check the state field. If complete, the response.text contains the full answer and response.citations contains the file references.

Linking Users to AI Chats

To send a user directly to an AI chat in the workspace UI, append a chat query parameter to the workspace storage URL:

https://{org.domain}.fast.io/workspace/{workspace.folder_name}/storage/root?chat={chat_opaque_id}

This opens the workspace with the specified chat visible in the AI panel.

Supported Content Types

Indexed for RAG (requires Intelligence ON):

• Documents (PDF, Word, text, markdown)
• Code files (all common languages)

File attachments only (no RAG indexing):

• Spreadsheets (Excel, CSV)
• Images (all common formats) — RAG indexing coming soon
• Video (all common formats) — RAG indexing coming soon
• Audio (all common formats) — RAG indexing coming soon

AI Share — Export to External AI Tools

Generate temporary download URLs for your files, formatted as markdown, for pasting into external AI assistants like ChatGPT or Claude. Up to 25 files, 50MB per file, 100MB total. Links expire after 5 minutes. This is separate from the built-in AI chat — use it when you want to analyze files with a different model or tool.

Agent use case: A user asks "What were Q3 margins?" You have 50 financial documents in an intelligent workspace. Instead of downloading and parsing all 50, create a chat_with_files scoped to the finance folder and ask. The AI searches the indexed content, retrieves relevant passages, and answers with citations. Pass the cited answer — with source references — back to the user.

5. File Preview — No Download Required

Files uploaded to Fast.io get automatic preview generation. When humans open a share or workspace, they see the content immediately — no "download and open in another app" friction.

Supported preview formats:

• Images — full-resolution with auto-rotation and zoom
• Video — HLS adaptive streaming (50-60% faster load than raw video)
• Audio — interactive waveform visualization
• PDF — page navigation, zoom, text selection
• Spreadsheets — grid navigation with multi-sheet support
• Code & text — syntax highlighting, markdown rendering

Agent use case: Your generated PDF report doesn't just appear as a download link. The human sees it rendered inline, can flip through pages, zoom in, and comment on specific sections — all without leaving the browser.

6. Notes — Markdown Documents as Knowledge

Notes are a storage node type (alongside files and folders) that store markdown content directly on the server. They live in the same folder hierarchy as files, are versioned like any other node, and appear in storage listings with type: "note".

Creating and Updating Notes

Create: POST /current/workspace/{id}/storage/{parent_id}/createnote/

• name (required) — filename, must end in .md, max 100 characters (e.g., "project-context.md")
• content (required) — markdown text, max 100 KB. Must be valid UTF-8 (UTF8MB4). Control characters (\p{C} except \t, \n, \r) are stripped.

Update: POST /current/workspace/{id}/storage/{node_id}/updatenote/

• name (optional) — rename the note (must end in .md)
• content (optional) — replace the markdown content (max 100 KB). Must be valid UTF-8 (UTF8MB4). Control characters (\p{C} except \t, \n, \r) are stripped.
• At least one of name or content must be provided

Notes can also be moved, copied, deleted, and restored using the same storage endpoints as files and folders.

Notes as Long-Term Knowledge Grounding

In an intelligent workspace, notes are automatically ingested and indexed just like uploaded documents. This makes notes a powerful way to bank knowledge over time — any facts, context, or decisions stored in notes become grounding material for future AI queries.

When an AI chat uses folder scope (or defaults to the entire workspace), notes within that scope are searched alongside files. The AI retrieves relevant passages from notes and cites them in its answers.

Use cases:

• Store project context, decisions, and rationale as notes. Months later, ask "Why did we choose vendor X?" and the AI retrieves the note with that decision.
• After researching a topic, save key findings in a note. Future AI chats automatically use those findings as grounding.
• Create reference documents (style guides, naming conventions, process docs) that inform all future AI queries in the workspace.

Linking Users to Notes

Open a note in the workspace UI — append ?note={opaque_id} to the workspace storage URL:

https://{org.domain}.fast.io/workspace/{folder_name}/storage/root?note={note_opaque_id}

Link directly to the note preview — use the standard file preview URL:

https://{org.domain}.fast.io/workspace/{folder_name}/preview/{note_opaque_id}

The preview link is more effective if you want the user to focus on reading just that note, while the ?note= link opens the note within the full workspace context.

7. Comments & Annotations

Humans can leave feedback directly on files, anchored to specific content:

• Image comments — anchored to regions of the image
• Video comments — anchored to timestamps with frame-stepping and spatial region selection
• Audio comments — anchored to timestamps or time ranges
• PDF comments — anchored to specific pages with optional text selection
• Threaded replies — single-level threads under each comment (replies to replies are auto-flattened)
• Emoji reactions — one reaction per user per comment, new replaces previous
• Mentions — tag users with @[user:USER_ID:Display Name] syntax in the comment body

Character limits: The comment body field has a hard maximum of 8,192 characters — this includes the full mention tag markup. When you convert a short @name reference into the bracket syntax (e.g., @[user:abc123:Jane Smith]), the expanded string is what counts toward the limit. The display text (everything except mention markup) is separately capped at 500 characters. Build your comment body with the expanded tags first, then verify the total length before submitting.

Linking users to comments: Link users to the file preview URL. The comments sidebar opens automatically in workspace previews, and in share previews when comments are enabled on the share.

Base preview URL:

https://{org.domain}.fast.io/workspace/{folder_name}/preview/{file_opaque_id}

For shares: https://go.fast.io/shared/{custom_name}/{title-slug}/preview/{file_opaque_id}

Deep linking to a specific comment: Append ?comment={comment_id} to the preview URL. The UI scrolls to and highlights the comment automatically:

https://{org.domain}.fast.io/workspace/{folder_name}/preview/{file_opaque_id}?comment={comment_id}

Deep linking to media/document positions: For comments anchored to specific locations, combine with position parameters:

• ?t={seconds} — seeks to a timestamp in audio/video (e.g., ?comment={id}&t=45.5)
• ?p={pageNum} — navigates to a page in PDFs (e.g., ?comment={id}&p=3)

Agent use case: You generate a design mockup. The human comments "Change the header color" on a specific region of the image. You read the comment, see exactly what region they're referring to, and regenerate.

8. File Uploads — Getting Files Into Fast.io

Agents upload files through a session-based API. There are two paths depending on file size:

Small Files (Under 4 MB)

For files under 4 MB, upload in a single request. Send the file as multipart/form-data with the chunk field containing the file data, plus org (your org domain), name, size, and action=create.

To have the file automatically added to a workspace or share, include instance_id (the workspace or share ID) and optionally folder_id (the target folder's OpaqueId, or omit for root). The response includes new_file_id — the permanent OpaqueId of the file in storage. No further steps needed.

POST /current/upload/
Content-Type: multipart/form-data

Fields: org, name, size, action=create, instance_id, folder_id, chunk (file)
→ Response: { "result": true, "id": "session-id", "new_file_id": "2abc..." }

Large Files (4 MB and Above)

Large files use chunked uploads. The flow has five steps:

1. Create a session — POST /current/upload/ with org, name, size, action=create, instance_id, and optionally folder_id. Returns a session id.

2. Upload chunks — Split the file into 5 MB chunks (last chunk may be smaller). For each chunk, send POST /current/upload/{session_id}/chunk/ as multipart/form-data with the chunk field (binary data), order (1-based — first chunk is order=1), and size. You can upload up to 3 chunks in parallel per session.

3. Trigger assembly — Once all chunks are uploaded, call POST /current/upload/{session_id}/complete/. The server verifies chunks and combines them into a single file.

4. Poll for completion — The upload progresses through states asynchronously. Poll the session details with the built-in long-poll:

   GET /current/upload/{session_id}/details/?wait=60

   The server holds the connection for up to 60 seconds and returns immediately when the status changes:

   | Status | Meaning | What to Do | |--------|---------|------------| | ready | Awaiting chunks | Upload chunks | | uploading | Receiving chunks | Continue uploading | | assembling | Combining chunks | Keep polling | | complete | Assembled, awaiting storage | Keep polling | | storing | Being added to storage | Keep polling | | stored | Done — file is in storage | Read new_file_id, clean up | | assembly_failed | Assembly error (terminal) | Check status_message | | store_failed | Storage error (retryable) | Keep polling, server retries |

   Stop polling when status is stored, assembly_failed, or store_failed.

5. Clean up — Delete the session after completion: DELETE /current/upload/{session_id}/.

Optional Integrity Hashing

Include hash (SHA-256 hex digest) and hash_algo=sha256 on each chunk for server-side integrity verification. You can also provide a full-file hash in the session creation request instead.

Resuming Interrupted Uploads

If a connection drops mid-upload, the session persists on the server. To resume:

1. Fetch the session: GET /current/upload/{session_id}/details/
2. Read the chunks map — keys are chunk numbers already uploaded, values are byte sizes
3. Upload only the missing chunks
4. Trigger assembly and continue as normal

Manual Storage Placement

If you omit instance_id when creating the session, the file is uploaded but not placed in any workspace or share. You can add it to storage manually afterward:

POST /current/workspace/{id}/storage/{folder}/addfile/
Body: from={"type":"upload","upload":{"id":"{session_id}"}}

This is useful when you need to upload first and decide where to place the file later.

MCP Binary Upload — Three Approaches

MCP agents have three ways to pass binary data when uploading chunks. Each uses the upload tool's chunk action with exactly one of data, blob_ref, or content (for text):

1. data parameter (base64) — simplest for MCP agents

Pass base64-encoded binary directly in the data parameter of the chunk action. No extra steps required. Works with any MCP client. Adds ~33% size overhead from base64 encoding.

2. stage-blob action — MCP tool-based blob staging

Use the upload tool's stage-blob action with data (base64) to pre-stage binary data as a blob. Returns a blob_id that you pass as blob_ref in the chunk call. Useful when decoupling staging from uploading or preparing multiple chunks in advance.

1. upload action stage-blob with data (base64-encoded binary) → returns { blob_id, size }
2. upload action chunk with blob_ref set to the blob_id

3. POST /blob endpoint — HTTP blob staging for non-MCP clients

A sidecar HTTP endpoint that accepts raw binary data outside the JSON-RPC pipe, avoiding base64 encoding entirely. Useful for clients that can make direct HTTP requests alongside MCP tool calls.

1. POST /blob with Mcp-Session-Id header and raw bytes as the request body → returns { blob_id, size }
2. upload action chunk with blob_ref set to the blob_id

Blob constraints (apply to both staging methods):

• Blobs expire after 5 minutes — stage and consume them promptly
• Each blob is consumed (deleted) on first use and cannot be reused
• Maximum blob size: 100 MB

Agent use case: You're generating a 200 MB report. Create an upload session targeting the client's workspace, split the file into 5 MB chunks, upload 3 at a time, trigger assembly, and poll until stored. The file appears in the workspace with previews generated automatically. Use the activity polling endpoint (section 13) to know when AI indexing completes if intelligence is enabled.

9. URL Import — Pull Files From Anywhere

When you need to add a file from the web, use POST /current/web_upload/ with source_url instead of downloading it locally and re-uploading. This is faster because the file transfers server-to-server — your agent never touches the bytes.

• Supports any HTTP/HTTPS URL
• Supports OAuth-protected sources: Google Drive, OneDrive, Dropbox
• Files go through the same processing pipeline (preview generation, AI indexing if intelligence is enabled, virus scanning)

Check progress after submitting. Web uploads are processed asynchronously by Fast.io's server-side fetch agent, which may be blocked or rate-limited by the source. The import can fail silently if the source rejects the request, times out, or returns an error. Monitor the upload status to confirm the file was actually retrieved and stored before reporting success to the user.

Security note: The web_upload endpoint instructs the Fast.io cloud server to fetch the URL — not the agent's local environment. The Fast.io server is a public cloud service with no access to the agent's local network, internal systems, or private infrastructure. It can only reach publicly accessible URLs and supported OAuth-authentica

Archive v1.94.1: 3 files, 88250 bytes

Files: references/REFERENCE.md (114827b), SKILL.md (157564b), _meta.json (127b)

File v1.94.1:SKILL.md

---

name: fast-io description: >- Workspaces for agentic teams. Complete agent guide with all 19 consolidated tools using action-based routing — parameters, workflows, ID formats, and constraints. Use this skill when agents need shared workspaces to collaborate with other agents and humans, create branded shares (Send/Receive/Exchange), or query documents using built-in AI. Supports ownership transfer to humans, workspace management, workflow primitives (tasks, worklogs, approvals, todos), and real-time collaboration. Free agent plan with 50 GB storage and 5,000 monthly credits. license: Proprietary compatibility: >- Requires network access. Connects to the Fast.io MCP server at mcp.fast.io via Streamable HTTP (/mcp) or SSE (/sse). metadata: author: fast-io version: "1.94.0" homepage: "https://fast.io"

Fast.io MCP Server -- AI Agent Guide

Version: 1.94 Last Updated: 2026-02-22

The definitive guide for AI agents using the Fast.io MCP server. Covers why and how to use the platform: product capabilities, the free agent plan, authentication, core concepts (workspaces, shares, intelligence, previews, comments, URL import, metadata, workflow, ownership transfer), 12 end-to-end workflows, interactive MCP App widgets, and all 19 consolidated tools with action-based routing.

Versioned guide. This guide is versioned and updated with each server release. The version number at the top of this document tracks tool parameters, ID formats, and API behavior changes. If you encounter unexpected errors, the guide version may have changed since you last read it.

Platform reference. For a comprehensive overview of Fast.io's capabilities, the agent plan, key workflows, and upgrade paths, see references/REFERENCE.md.

---

1. Overview

Workspaces for Agentic Teams. Collaborate, share, and query with AI -- all through one API, free.

Fast.io provides workspaces for agentic teams -- where agents collaborate with other agents and with humans. Upload outputs, create branded data rooms, ask questions about documents using built-in AI, and hand everything off to a human when the job is done. No infrastructure to manage, no subscriptions to set up, no credit card required.

The Problem Fast.io Solves

Agentic teams -- groups of agents working together and with humans -- need a shared place to work. Today, agents cobble together S3 buckets, presigned URLs, email attachments, and custom download pages. Every agent reinvents collaboration, and there is no shared workspace where agents and humans can see the same files, track activity, and hand off work.

When agents need to understand documents -- not just store them -- they have to download files, parse dozens of formats, build search indexes, and manage their own RAG pipeline. That is a lot of infrastructure for what should be a simple question: "What does this document say?"

| Problem | Fast.io Solution | |---------|-----------------| | No shared workspace for agentic teams | Workspaces where agents and humans collaborate with file preview, versioning, and AI | | Agent-to-agent coordination lacks structure | Shared workspaces with activity feeds, comments, and real-time sync across team members | | Sharing outputs with humans is awkward | Purpose-built shares (Send, Receive, Exchange) with link sharing, passwords, expiration | | Collecting files from humans is harder | Receive shares let humans upload directly to your workspace -- no email attachments | | Understanding document contents | Built-in AI reads, summarizes, and answers questions about your files | | Building a RAG pipeline from scratch | Enable intelligence on a workspace and documents are automatically indexed, summarized, and queryable | | Finding the right file in a large collection | Semantic search finds documents by meaning, not just filename | | Handing a project off to a human | One-click ownership transfer -- human gets the org, agent keeps admin access | | Tracking what happened | Full audit trail with AI-powered activity summaries | | Cost | Free. 50 GB storage, 5,000 monthly credits, no credit card |

MCP Server

This MCP server exposes 19 consolidated tools that cover the full Fast.io REST API surface. Every authenticated API endpoint has a corresponding tool action, and the server handles session management automatically.

Once a user authenticates, the auth token is stored in the server session and automatically attached to all subsequent API calls. There is no need to pass tokens between tool invocations.

Server Endpoints

• Production: mcp.fast.io
• Development: mcp.fastdev1.com

Two transports are available on each:

• Streamable HTTP at /mcp -- the preferred transport for new integrations.
• SSE at /sse -- a legacy transport maintained for backward compatibility.

MCP Resources

The server exposes static MCP resources, widget resources, and file download resource templates. Clients can read them via resources/list and resources/read:

| URI | Name | Description | MIME Type | |-----|------|-------------|-----------| | skill://guide | skill-guide | Full agent guide (this document) with all 19 tools, workflows, and platform documentation | text/markdown | | session://status | session-status | Current authentication state: authenticated boolean, user_id, user_email, token_expires_at (Unix epoch), token_expires_at_iso (ISO 8601), scopes (raw scope string or null), scopes_detail (array of hydrated scope objects with entity names/domains/parents, or null), agent_name (string or null) | application/json | | widget://* | Widget HTML | Interactive HTML5 widgets (5 total) -- use the apps tool to discover and launch | text/html |

File download resource templates -- read file content directly through MCP without needing external HTTP access:

| URI Template | Name | Auth | Dynamic Listing | Description | |---|---|---|---|---| | download://workspace/{workspace_id}/{node_id} | download-workspace-file | Session token | Yes | Download a file from a workspace | | download://share/{share_id}/{node_id} | download-share-file | Session token | Yes | Download a file from a share | | download://quickshare/{quickshare_id} | download-quickshare-file | None (public) | No | Download a quickshare file |

Files up to 50 MB are returned inline as base64-encoded blob content. Larger files return a text fallback with a URL to the HTTP pass-through endpoint (see below). The download tool responses include a resource_uri field with the appropriate URI for each file.

Dynamic resource listing: When authenticated, workspace and share file resources are dynamically listed via resources/list. MCP clients (such as Claude Desktop's @ mention picker) can discover available files without any tool calls. Up to 10 workspaces and 10 shares are enumerated, with up to 25 most recently updated root-level files from each. Resources appear as "WorkspaceName / filename.ext" or "ShareTitle / filename.ext". Results are cached for 1 minute per session. Only root-level files are listed -- subdirectories are not recursively enumerated. Use the storage tool with action list to browse deeper. The quickshare template remains template-only and is not dynamically enumerable.

MCP Prompts

The server registers MCP prompts that appear in the client's "Add From" / "+" menu as user-clickable app launchers. These are primarily for desktop MCP clients (e.g., Claude Desktop); code-mode clients (Claude Code, Cursor) do not surface prompts.

| Prompt Name | Description | |---|---| | App: Choose Workspace or Org | Launch the Workspace Picker to browse orgs, select workspaces, and manage shares | | App: Pick a File | Launch the File Picker with built-in workspace navigator for browsing, searching, and selecting files | | App: Open Workflow | Launch the Workflow Manager (auto-selects workspace if only one, otherwise opens Workspace Picker first) | | App: Available Apps | List all available MCP App widgets with descriptions and launch instructions |

HTTP File Pass-Through

For files larger than 50 MB or when raw binary streaming is needed, the server provides an HTTP pass-through endpoint that streams file content directly from the API:

| Endpoint | Auth | Description | |---|---|---| | GET /file/workspace/{workspace_id}/{node_id} | Mcp-Session-Id header | Stream a workspace file | | GET /file/share/{share_id}/{node_id} | Mcp-Session-Id header | Stream a share file | | GET /file/quickshare/{quickshare_id} | None (public) | Stream a quickshare file |

The response includes proper Content-Type, Content-Length, and Content-Disposition headers from the upstream API. Errors are returned as HTML pages. The Mcp-Session-Id header is the same session identifier used for MCP protocol communication.

Workflow Overview

The server includes workflow features for project tracking: tasks (structured work items with priorities and assignees), worklogs (append-only activity logs), approvals (formal sign-off requests), and todos (simple checklists). Enable workflow on a workspace with workspace action enable-workflow before using these tools. See the Full Agent Workflow recipe in section 6 for the complete pattern.

Best practice (IMPORTANT): After state-changing actions (uploading files, creating shares, changing task status, member changes, file moves/deletes), append a worklog entry describing what you did and why. Without worklog entries, agent work is invisible to humans reviewing the workspace. For multiple related actions (e.g., uploading several files), you may log once after the batch completes rather than after each individual action. Worklog entries are append-only and permanent.

Additional References

• Agent guide (this file): /skill.md on the MCP server -- tool documentation, workflows, and constraints.
• REST API reference: https://api.fast.io/llms.txt -- endpoint documentation for the underlying Fast.io API.
• Platform guide: references/REFERENCE.md -- capabilities, agent plan details, key workflows, and upgrade paths.

---

2. Authentication (Critical First Step)

Authentication is required before calling any tool except these unauthenticated tools:

• auth with actions: signin, signup, set-api-key, pkce-login, email-check, password-reset-request, password-reset
• download with action: quickshare-details

Choosing the Right Approach

There are three ways to use Fast.io as an agent, depending on whether you are operating autonomously or assisting an existing human user.

Option 1: Autonomous Agent -- Create an Agent Account

If you are operating independently (storing files, running workflows, building workspaces for users), create your own agent account with auth action signup. Agent accounts get the free agent plan (50 GB, 5,000 monthly credits) and can transfer orgs to humans when ready. This is the recommended path for autonomous agents. See Agent Account Creation below for steps.

Option 2: Assisting a Human -- Use Their API Key

If a human already has a Fast.io account and wants your help managing their files, workspaces, or shares, they can create an API key for you to use. No separate agent account is needed -- you operate as the human user. The human creates a key at Settings -> Devices & Agents -> API Keys (direct link: https://go.fast.io/settings/api-keys). Call auth with action set-api-key and the key to authenticate -- the key is validated and stored in the session automatically. API keys are a 1:1 replacement for JWT tokens: they work as Bearer tokens with the same permissions as the account owner and do not expire unless revoked. Agents can also manage API keys programmatically with auth actions api-key-create, api-key-list, and api-key-delete.

Option 3: Agent Account Invited to a Human's Org

If you want your own agent identity but need to work within a human's existing organization, create an agent account with auth action signup, then have the human invite you to their org with member action add (entity_type org) or to a workspace with member action add (entity_type workspace). Alternatively the human can invite via the UI: Settings -> Your Organization -> Manage People. This gives you access to their workspaces and shares while keeping your own account separate. After accepting invitations with user action accept-all-invitations, use auth action signin to authenticate normally. Note: If the human only invites you to a workspace (not the org), the org will appear as external -- see Internal vs External Orgs in the Organizations section.

Option 4: Browser Login (PKCE)

If you prefer not to send a password through the agent, use browser-based PKCE login. Call auth action pkce-login (optionally with an email hint) to get a login URL. The user opens the URL in a browser, signs in (email/password or SSO like Google/Microsoft), and approves access. The browser displays an authorization code which the user copies back to the agent. Call auth action pkce-complete with the code to finish signing in. This is the most secure option -- no credentials pass through the agent.

PKCE login supports optional scoped access via the scope_type parameter. By default, scope_type is "user" (full account access). Other scope types restrict the token to specific entity types:

| scope_type | Access granted | |------------|---------------| | user | Full account access (default) | | org | User selects specific organizations | | workspace | User selects specific workspaces | | all_orgs | All organizations the user belongs to | | all_workspaces | All workspaces the user has access to | | all_shares | All shares the user is a member of (share:*:<mode>) |

Scope inheritance: Broader scopes include access to child entities automatically:

• all_orgs includes all orgs + all workspaces + all shares within those orgs
• all_workspaces includes all workspaces + all shares within those workspaces
• org scope on a specific org includes access to all workspaces and shares within that org
• workspace scope on a specific workspace includes access to shares within that workspace
• all_shares grants direct access to all shares the user has membership in, bypassing workspace/org inheritance

The agent_name parameter controls what the user sees on the approval screen -- the screen displays "[agent_name] will act on your behalf". If omitted, only the client name is shown. Use a descriptive name so the user knows which agent is requesting access.

Approval flow by scope_type:

• user (default): Full account access. The user sees a simple approve/decline prompt with no entity picker.
• org, workspace: The user sees an entity selection screen listing their accessible entities with checkboxes, plus a read-only / read-write toggle. The user picks which entities to grant, then approves or declines.
• all_orgs, all_workspaces, all_shares: The user sees a summary of the wildcard access being requested (no entity picker), then approves or declines.

The MCP server defaults to scope_type="user" for backward compatibility.

| Scenario | Recommended Approach | |----------|---------------------| | Operating autonomously, storing files, building for users | Create an agent account with your own org (Option 1) | | Helping a human manage their existing account | Ask the human to create an API key for you (Option 2) | | Working within a human's org with your own identity | Create an agent account, have the human invite you (Option 3) | | Building something to hand off to a human | Create an agent account, build it, then transfer the org (Option 1) | | Signing in without sending a password through the agent | Browser-based PKCE login (Option 4) |

Credit limits by account type: Agent accounts (Options 1, 3) can transfer orgs to humans when credits run out -- see Ownership Transfer in section 3. Human accounts (Option 2) cannot use the transfer/claim API; direct the human to upgrade their plan at https://go.fast.io/settings/billing or via org action billing-create.

Standard Sign-In Flow

1. Call auth with action signin, email and password.
2. The server returns a JWT auth_token and stores it in the session automatically.
3. All subsequent tool calls use this token without any manual passing.

Agent Account Creation

When creating a new account (Options 1 and 3 above), agents MUST use auth action signup which automatically registers with agent=true. Never sign up as a human account. Agent accounts provide:

• account_type set to "agent"
• Free agent plan assigned automatically
• Transfer/claim workflow enabled for handing orgs off to humans

Steps:

1. Optionally call auth action email-check with the desired email to verify it is available for registration before attempting signup.
2. Call auth action signup with first_name, last_name, email, and password. The agent=true flag is sent automatically by the MCP server.
3. The account is created and a session is established automatically -- the agent is signed in immediately.
4. Verify your email (required before using most endpoints): Call auth action email-verify with email to send a verification code, then call auth action email-verify again with email and email_token to validate the code.
5. No credit card is required. No trial period. No expiration. The account persists indefinitely.

Two-Factor Authentication Flow

1. Call auth action signin with email and password.
2. If the response includes two_factor_required: true, the returned token has limited scope.
3. Call auth action 2fa-verify with the 2FA code (TOTP, SMS, or WhatsApp).
4. The server replaces the limited-scope token with a full-scope token automatically.

Browser Login (PKCE) Flow

1. Call auth action pkce-login (optionally with email to pre-fill the sign-in form, scope_type to request scoped access, and agent_name to identify the agent).
2. The tool returns a login_url -- present it to the user to open in a browser.
3. The user signs in (email/password or SSO).
4. The user sees the approval screen showing the agent_name (or client name if not provided). Depending on scope_type: for user they simply approve; for org/workspace they select specific entities and read-only/read-write access; for all_orgs/all_workspaces/all_shares they review the wildcard access summary.
5. The user clicks Approve. The browser displays an authorization code. The user copies it.
6. Call auth action pkce-complete with the code to exchange it for an access token.
7. The session is established automatically -- all subsequent tool calls are authenticated. If scoped access was granted, scopes and agent_name are included in the response and stored in the session.

Checking Session Status

• auth action status -- checks the local Durable Object session. No API call is made. Returns authentication state, user ID, email, token expiry, scopes, and agent_name.
• auth action check -- validates the token against the Fast.io API. Returns the user ID if the token is still valid.

Session Expiry

JWT tokens last 1 hour. API keys (used when assisting a human) do not expire unless revoked. When a JWT session expires, tool calls return a clear error indicating that re-authentication is needed. Call auth action signin again to establish a new session. The MCP server does not auto-refresh tokens.

Tip: For long-running sessions, use auth action status to check remaining token lifetime before starting a multi-step workflow. If the token is close to expiring, re-authenticate first to avoid mid-workflow interruptions.

Signing Out

Call auth action signout to clear the stored session from the Durable Object.

---

3. Core Concepts

Organizations

Organizations are top-level containers that collect workspaces. An organization can represent a company, a business unit, a team, or simply your own personal collection. Every user belongs to one or more organizations. Organizations have:

• Workspaces — the file storage containers that belong to the organization.
• Members with roles: owner, admin, member, guest, view.
• Billing and subscriptions managed through Stripe integration.
• Plan limits that govern storage, transfer, AI tokens, and member counts.

Organizations are identified by a 19-digit numeric profile ID or a domain string.

IMPORTANT: When creating orgs, agents MUST use org action create which automatically assigns billing_plan: "agent". This ensures the org gets the free agent plan (50 GB, 5,000 credits/month). Do not use any other billing plan for agent-created organizations.

Org Discovery (IMPORTANT)

To discover all available orgs, agents must call both actions:

1. org action list -- returns internal orgs where you are a direct member (member: true)
2. org action discover-external -- returns external orgs you access via workspace membership only (member: false)

An agent that only checks org action list will miss external orgs entirely and won't discover the workspaces it's been invited to. External orgs are the most common pattern when a human invites an agent to help with a specific project -- they add the agent to a workspace but not to the org itself.

Internal vs External Orgs

Internal orgs (member: true) -- orgs you created or were invited to join as a member. You have org-level access: you can see all workspaces (subject to permissions), manage settings if you're an admin, and appear in the org's member list.

External orgs (member: false) -- orgs you can access only through workspace membership. You can see the org's name and basic public info, but you cannot manage org settings, see other workspaces, or add members at the org level. Your access is limited to the specific workspaces you were explicitly invited to.

Example: A human invites your agent to their "Q4 Reports" workspace. You can upload files, run AI queries, and collaborate in that workspace. But you cannot create new workspaces in their org, view their billing, or access their other workspaces. The org shows up via org action discover-external -- not org action list. If the human later invites you to the org itself, the org moves from external to internal.

Workspaces

Workspaces are file storage containers within organizations. Each workspace has:

• Its own set of members with roles (owner, admin, member, guest).
• A storage tree of files and folders (storage nodes).
• Optional AI features for RAG-powered chat.
• Shares that can be created within the workspace.
• Archive/unarchive lifecycle management.
• 50 GB included storage on the free agent plan, with files up to 1 GB per upload.
• File versioning -- every edit creates a new version, old versions are recoverable.
• Full-text and semantic search -- find files by name or content, and documents by meaning.

Workspaces are identified by a 19-digit numeric profile ID.

Intelligence: On or Off

Workspaces have an intelligence toggle that controls whether AI features are active:

Intelligence OFF -- the workspace is pure file storage. You can still attach files directly to an AI chat conversation (up to 20 files, 200 MB total), but files are not persistently indexed. This is fine for simple storage and sharing where you do not need to query your content.

Intelligence ON -- the workspace becomes an AI-powered knowledge base. Every document and code file uploaded is automatically ingested, summarized, and indexed for RAG. This enables:

• RAG (retrieval-augmented generation) -- scope AI chat to entire folders or the full workspace and ask questions across your indexed documents and code. The AI retrieves relevant passages and answers with citations.
• Semantic search -- find files by meaning, not just keywords. "Show me contracts with indemnity clauses" works even if those exact words do not appear in the filename.
• Auto-summarization -- short and long summaries generated for every indexed document and code file, searchable and visible in the UI.
• Metadata extraction -- AI pulls key metadata from documents automatically.

Coming soon: RAG indexing support for images, video, and audio files. Currently only documents and code are indexed.

Intelligence defaults to ON for workspaces created via the API by agent accounts. If the workspace is only used for file storage and sharing, disable it to conserve credits. If you need to query your content, leave it enabled.

Agent use case: Create a workspace per project or client. Enable intelligence if you need to query the content later. Upload reports, datasets, and deliverables. Invite other agents and human stakeholders. Everything is organized, searchable, and versioned.

For full details on AI chat types, file context modes, AI state, and how intelligence affects them, see the AI Chat section below.

Shares

Shares are purpose-built spaces for exchanging files with people outside your workspace. They can exist within workspaces and have three types:

| Mode | What It Does | Agent Use Case | |------|-------------|----------------| | Send | Recipients can download files | Deliver reports, exports, generated content | | Receive | Recipients can upload files | Collect documents, datasets, user submissions | | Exchange | Both upload and download | Collaborative workflows, review cycles |

Share Features

• Password protection -- require a password for link access
• Expiration dates -- shares auto-expire after a set period
• Download controls -- enable or disable file downloads
• Access levels -- Members Only, Org Members, Registered Users, or Public (anyone with the link)
• Custom branding -- background images, gradient colors, accent colors, logos
• Post-download messaging -- show custom messages and links after download
• Up to 3 custom links per share for context or calls-to-action
• Guest chat -- let share recipients ask questions in real-time
• AI-powered auto-titling -- shares automatically generate smart titles from their contents
• Activity notifications -- get notified when files are sent or received
• Comment controls -- configure who can see and post comments (owners, guests, or both)

Two Storage Modes

When creating a share with share action create, the storage_mode parameter determines how files are stored:

• room (independent storage, default) -- The share has its own isolated storage. Files are added directly to the share and are independent of any workspace. This creates a self-contained data room -- changes to workspace files do not affect the room, and vice versa. Use for final deliverables, compliance packages, archived reports, or any scenario where you want an immutable snapshot.

• shared_folder (workspace-backed) -- The share is backed by a specific folder in a workspace. The share displays the live contents of that folder -- any files added, updated, or removed in the workspace folder are immediately reflected in the share. No file duplication, so no extra storage cost. To create a shared folder, pass storage_mode=shared_folder and folder_node_id={folder_opaque_id} when creating the share. Note: Expiration dates are not allowed on shared folder shares since the content is live.

Both modes look the same to share recipients -- a branded data room with file preview, download controls, and all share features. The difference is whether the content is a snapshot (room) or a live view (shared folder).

Shares are identified by a 19-digit numeric profile ID.

Agent use case: Generate a quarterly report, create a Send share with your client's branding, set a 30-day expiration, and share the link. The client sees a professional, branded page with instant file preview -- not a raw download link.

Storage Nodes

Files and folders are represented as storage nodes. Each node has an opaque ID (a 30-character alphanumeric string, displayed with hyphens, e.g. f3jm5-zqzfx-pxdr2-dx8z5-bvnb3-rpjfm4). The special value root refers to the root folder of a workspace or share, and trash refers to the trash folder.

Key operations on storage nodes: list, create-folder, move, copy, rename, delete (moves to trash), purge (permanently deletes), restore (recovers from trash), search, add-file (link an upload), and add-link (create a share reference).

Nodes have versions. Each file modification creates a new version. Version history can be listed and files can be restored to previous versions.

Notes

Notes are a storage node type (alongside files and folders) that store markdown content directly on the server. They live in the same folder hierarchy as files, are versioned like any other node, and appear in storage listings with type: "note".

Creating and Updating Notes

Create notes with workspace action create-note and update with workspace action update-note.

Creating: Provide workspace_id, parent_id (folder opaque ID or "root"), name (must end in .md, max 100 characters), and content (markdown text, max 100 KB).

Updating: Provide workspace_id, node_id, and at least one of name (must end in .md) or content (max 100 KB).

| Constraint | Limit | |------------|-------| | Content encoding | Valid UTF-8 (UTF8MB4). Invalid byte sequences and control characters (\p{C} except \t, \n, \r) are stripped. | | Content size | 100 KB max | | Filename | 1-100 characters, must end in .md | | Markdown validation | Code blocks and emphasis markers must be balanced | | Rate limit | 2 per 10s, 5 per 60s |

Notes as Long-Term Knowledge Grounding

In an intelligent workspace, notes are automatically ingested and indexed just like uploaded documents. This makes notes a way to bank knowledge over time -- any facts, context, or decisions stored in notes become grounding material for future AI queries.

When an AI chat uses folder scope (or defaults to the entire workspace), notes within that scope are searched alongside files. The AI retrieves relevant passages from notes and cites them in answers.

Key behaviors:

• Notes are ingested for RAG when workspace intelligence is enabled
• Notes within a folder scope are included in scoped queries
• Notes with ai_state: ready are searchable via RAG
• Notes can also be attached directly to a chat via files_attach (check ai.attach is true in storage details)

Use cases:

• Store project context, decisions, and rationale. Months later, ask "Why did we choose vendor X?" and the AI retrieves the note.
• Save research findings in a note. Future AI chats automatically use those findings as grounding.
• Create reference documents (style guides, naming conventions) that inform all future AI queries in the workspace.

Other Note Operations

Notes support the same storage operations as files and folders: move (via storage action move), copy (storage action copy), delete/trash (storage action delete), restore (storage action restore), version history (storage action version-list), and details (storage action details).

Linking Users to Notes

• Note in workspace context (opens workspace with note panel): https://{domain}.fast.io/workspace/{folder_name}/storage/root?note={note_id}
• Note preview (standalone view): https://{domain}.fast.io/workspace/{folder_name}/preview/{note_id}

AI Chat

AI chat lets agents ask questions about files stored in workspaces and shares. Two chat types are available, each with different file context options.

AI chat is read-only. It can read, analyze, search, and answer questions about file contents, but it cannot modify files, change workspace settings, manage members, or access events. Any action beyond reading file content — uploading, deleting, moving files, changing settings, managing shares, reading events — must be done through the MCP tools directly. Do not attempt to use AI chat as a general-purpose tool for workspace management.

Two Chat Types

• chat — Basic AI conversation with no file context from the workspace index. Use for general questions only.
• chat_with_files — AI grounded in your files. Two mutually exclusive modes for providing file context:
  • Folder/file scope (RAG) — limits the retrieval search space. Requires intelligence enabled; files must be in ready AI state.
  • File attachments — files read directly by the AI. No intelligence required; files must have ai.attach: true in storage details (the file must be a supported type for AI analysis). Max 20 files, 200 MB total.

Both types augment answers with web knowledge when relevant.

File Context: Scope vs Attachments

For chat_with_files, choose one of these mutually exclusive approaches:

| Feature | Folder/File Scope (RAG) | File Attachments | |---------|------------------------|------------------| | How it works | Limits RAG search space | Files read directly by AI | | Requires intelligence | Yes | No | | File readiness requirement | ai_state: ready | ai.attach: true | | Best for | Many files, knowledge retrieval | Specific files, direct analysis | | Max references | 100 folder refs (subfolder tree expansion) or 100 file refs | 20 files / 200 MB | | Default (no scope given) | Entire workspace | N/A |

Scope parameters (REQUIRES intelligence — will error if intelligence is off):

• folders_scope — comma-separated nodeId:depth pairs (depth 1-10, max 100 subfolder refs). Defines a search boundary — the RAG backend finds documents within scoped folders automatically. Just pass folder IDs with depth; do not enumerate individual files. A folder with thousands of files and few subfolders works fine.
• files_scope — comma-separated nodeId:versionId pairs (max 100). Limits RAG to specific indexed files. Both nodeId AND versionId are required and must be non-empty — get versionId from the file's version field in storage action list or details responses.
• If neither is specified, the default scope is the entire workspace (all indexed documents). This is the recommended default — omit scope parameters unless you specifically need to narrow the search.

Attachment parameter (no intelligence required):

• files_attach — comma-separated nodeId:versionId pairs (max 20, 200 MB total). Both nodeId AND versionId are required and must be non-empty. Files are read directly, not via RAG. FILES ONLY: passing a folder nodeId returns a 406 error. To include folder contents in AI context, use folders_scope instead (requires intelligence). Only files with ai.attach: true in storage details can be attached — check before using.

Do not list folder contents and pass individual file IDs as files_scope when you mean to search a folder — use folders_scope with the folder's nodeId instead. files_scope is only for targeting specific known file versions.

Scope vs attach: files_scope and folders_scope narrow the RAG search boundary and require workspace intelligence to be enabled — they will error on non-intelligent workspaces. files_attach sends files directly to the AI without indexing and works regardless of intelligence setting, but accepts only file nodeIds (not folders).

files_scope/folders_scope and files_attach are mutually exclusive — sending both will error.

Intelligence and AI State

The workspace intelligence toggle (see Workspaces above) controls whether uploaded documents and code files are auto-ingested, summarized, and indexed for RAG. When intelligence is enabled, each file has an ai_state indicating its readiness:

| State | Meaning | |-------|---------| | disabled | AI processing disabled for this file | | pending | Queued for processing | | in_progress | Currently being ingested and indexed | | ready | Complete — available for folder/file scope queries | | failed | Processing failed |

Only files with ai_state: ready are included in folder/file scope searches. Check file state via storage action details with context_type: "workspace".

Attachability — the ai.attach Flag

File nodes in storage list/details responses include an ai object with three fields:

| Field | Type | Meaning | |-------|------|---------| | ai.state | string | AI indexing state (disabled, pending, inprogress, ready, failed) | | ai.attach | boolean | Whether the file can be used with files_attach | | ai.summary | boolean | Whether the file already has an AI-generated summary |

Before using files_attach, check that ai.attach is true. A file is attachable when its type supports AI analysis (documents, code, images, PDFs, spreadsheets, etc.) or when it already has a summary from prior processing. Files with ai.attach: false (unsupported formats, corrupt files, or files still processing) will be rejected by the API.

This flag is independent of the workspace intelligence setting — a file can have ai.attach: true even when intelligence is off.

When to enable intelligence: You need scoped RAG queries, cross-file search, auto-summarization, or a persistent knowledge base.

When to disable intelligence: The workspace is for storage/sharing only, or you only need to analyze specific files via attachments. Saves credits (ingestion costs 10 credits/page).

Even with intelligence off, chat_with_files with file attachments still works for files with ai.attach: true.

How to Phrase Questions

With folder/file scope (RAG): Write questions likely to match content in indexed files. The AI searches the scope, retrieves passages, and cites them.

• Good: "What are the payment terms in the vendor contracts?"
• Good: "Summarize the key findings from the Q3 analysis reports"
• Bad: "Tell me about these files" — too vague, no specific content to match
• Bad: "What's in this workspace?" — cannot meaningfully search for "everything"

With file attachments: Be direct — the AI reads the full file content. No retrieval step.

• "Describe this image in detail"
• "Extract all dates and amounts from this invoice"
• "Convert this CSV data into a summary table"

Personality: The personality parameter controls the tone and length of AI responses. Pass it when creating a chat or sending a message:

• concise — short, brief answers
• detailed — comprehensive answers with context and evidence (default)

Use concise when you need a quick fact, a yes/no answer, or a brief summary. Use detailed (or omit the parameter) when you need thorough analysis with supporting evidence and citations. The personality can also be overridden per follow-up message.

Controlling verbosity in questions: You can also guide verbosity through how you phrase the question itself:

• "In one sentence, what is the main conclusion of this report?"
• "List only the file names that mention GDPR compliance, no explanations"
• "Give me a brief summary — 2-3 bullet points max"

Combining personality: "concise" with a direct question produces the shortest answers and uses the fewest AI credits.

Chat Parameters

Create a chat with ai action chat-create (with context_type: "workspace") or ai action chat-create (with context_type: "share"):

• type (required) — chat or chat_with_files
• query_text (required for workspace, optional