$ docs

Everything you need to connect, configure, and operate UNDISK MCP.

# What is UNDISK?

UNDISK MCP is a remote file workspace for AI agents. Every file mutation an agent makes over MCP creates an immutable version — so any single write can be surgically undone in under 50ms without affecting other files.

No VM rollbacks. No "restore everything." Just precise, per-file undo with a tamper-evident audit trail.

# Quick Start

1. Sign up — mcp.undisk.app/signup

2. Get your API key — shown once after signup at /keys

3. Connect your MCP client:

GitHub Copilot / CLI

Enter this URL when prompted:

https://mcp.undisk.app

Claude Code

claude mcp add --transport http undisk https://mcp.undisk.app

Then set your key: claude mcp update undisk --header "Authorization: Bearer YOUR_KEY"

Cursor / Windsurf / VS Code

{
  "mcpServers": {
    "undisk": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.undisk.app"],
      "env": {
        "UNDISK_API_KEY": "YOUR_KEY"
      }
    }
  }
}

Direct HTTP

URL:   https://mcp.undisk.app
Auth:  Bearer YOUR_KEY

Or tell your agent

Connect to my Undisk MCP workspace at https://mcp.undisk.app
using Streamable HTTP transport. Authenticate with my API key.

# MCP Tools

10 tools exposed via the Model Context Protocol. Every write is versioned.

Tool	Description
read_file	Read file contents by path. Returns content + metadata.
write_file	Write content to a file. Creates an immutable version automatically.
create_file	Create a new file. Fails if path already exists.
delete_file	Soft-delete a file. Versioned — restorable via `restore_version`.
move_file	Move or rename a file. Both old and new paths are version-tracked.
list_files	List files in a directory. Supports recursive listing.
search_files	Search file contents by pattern. Returns matching files + line numbers.
list_versions	Show version history for a file — timestamp, agent, content hash, size.
restore_version	Restore a file to any prior version. <50ms p95. Creates a new version with restored content.
get_diff	Structured diff between two versions of a file.

# Authentication

All MCP connections require a Bearer token. Get your API key at /keys after signing up.

Authorization: Bearer sk_live_...

API keys are shown once at creation and stored as SHA-256 hashes. If you lose your key, regenerate at /keys — this revokes all previous keys.

# How Versioning Works

Every file mutation (write, delete, move) creates an immutable version. Versions are content-addressed via SHA-256 — identical content deduplicates automatically.

1. Agent calls write_file with new content

2. UNDISK hashes the content (SHA-256), stores it, and creates a version entry

3. Version entry records: timestamp, agent identity, content hash, file path, size

4. Previous version is never modified or deleted (within retention period)

5. Call restore_version with any version ID to undo — creates a new version with the old content

# The Undo Moment

This is the core product interaction:

# Agent writes a bad file
→ write_file("/config.yml", bad_content)
  version: ver_a1b2c3

# See what happened
→ list_versions("/config.yml")
  ver_a1b2c3  2026-04-06 11:20  agent_claude  4.1 KB
  ver_x9y8z7  2026-04-06 11:15  agent_claude  3.8 KB  ← good

# Restore the good version
→ restore_version("ver_x9y8z7")
  restored in 8ms. new version: ver_d4e5f6

Restore is a non-destructive operation — it creates a new version with the old content. No data is ever lost within the retention window.

# Policy Engine

Control what agents can do with path-based access control lists, file size limits, rate caps, and anomaly alerts. Policies are configured via the API.

{
  "path_acls": [
    { "path": "/production/**", "agents": "*", "permissions": ["read"] },
    { "path": "/drafts/**", "agents": "*", "permissions": ["read", "write", "delete"] },
    { "path": "/secrets/**", "agents": "*", "permissions": [] }
  ],
  "limits": {
    "max_file_size_mb": 10,
    "max_ops_per_minute": 1000
  },
  "alerts": [
    { "condition": "delete_count_per_hour > 50", "action": "block_and_notify" }
  ]
}

Permission denials return explanatory errors — the agent is told which policy blocked the action and why, not just "access denied."

# Audit Trail

Every operation is logged with a tamper-evident audit entry. Entries include agent identity, human principal, operation type, file path, content hash, and policy evaluation result.

{
  "timestamp": "2026-04-06T10:00:00.000Z",
  "workspace_id": "ws_abc123",
  "agent_id": "agent_claude_prod",
  "human_principal": "user@company.com",
  "operation": "write_file",
  "file_path": "/regulatory/q2-report.md",
  "version_id": "ver_a1b2c3",
  "content_hash": "sha256:e3b0c44298fc1c...",
  "content_size_bytes": 4096,
  "policy_evaluation": {
    "rules_checked": ["max_file_size", "path_acl"],
    "result": "ALLOW"
  }
}

Export audit logs as NDJSON with integrity verification hashes. See /docs/compliance for retention policies.

# Transports

UNDISK supports multiple MCP transports:

Transport	Use Case
Streamable HTTP	Primary transport. Works with Claude, Cursor, VS Code, Copilot. Standard MCP spec.
WebSocket	Persistent connections for long-running agent sessions. Hibernation-aware — no idle billing.
Edge RPC	Direct Durable Object binding. Zero HTTP overhead. For co-located Cloudflare Workers.
stdio Proxy	`npx mcp-remote` — bridges local stdio to remote server. For tools expecting local MCP.

# Architecture

Smart Placement — UNDISK runs on Cloudflare Workers with Smart Placement enabled. The Worker is colocated next to your LLM, not at the user's edge. When Claude or GPT calls UNDISK, the round-trip is single-digit milliseconds.

One Durable Object Per Workspace — Each workspace gets its own Durable Object with SQLite for metadata and version pointers. Hot-path data stays in the DO; file content is stored in R2 (unlimited capacity, zero egress fees).

Content-Addressable Storage — File content is stored by SHA-256 hash in R2. Identical content across files or versions is deduplicated automatically. Files under 128 KB are stored directly in the DO's SQLite for sub-10ms access.

WebSocket Hibernation — Long-lived agent connections use Cloudflare's Hibernation API. The DO sleeps during idle periods (no duration billing) and wakes instantly on message.

# Pricing

Free

1 workspace

100 MB storage

1,000 ops/day

7-day retention

Pro

$29/mo

5 workspaces

10 GB storage

50,000 ops/day

180-day retention

Team

$99/mo

25 workspaces

100 GB storage

500,000 ops/day

365-day retention

Enterprise

Custom

Unlimited workspaces

Custom storage

Custom ops/day

Up to 10yr retention

Free tier version retention is 7 days. This does not meet the EU AI Act Article 26(6) minimum of 6 months — upgrade to Pro or above for compliance-grade retention.

# Error Responses

All MCP errors include structured context so agents (and humans) understand what went wrong.

Code	Meaning
PERMISSION_DENIED	Write/delete blocked by a policy ACL. Error includes the policy name and rule that triggered denial.
STORAGE_LIMIT	Workspace storage cap reached. Includes current usage and upgrade path.
RATE_LIMITED	Daily or per-minute operation cap exceeded. Includes `retry_after_seconds`.
FILE_TOO_LARGE	File exceeds max size (default 10 MB).
VERSION_EXPIRED	Requested version was purged per retention policy. Includes current retention period.
VERSION_NOT_FOUND	Invalid version ID for the specified file.
WORKSPACE_NOT_FOUND	The workspace ID in your config doesn't match any active workspace.
INTERNAL_ERROR	Server error. All committed writes are safe. Includes `retry_after_seconds`.

# Limits

Limit	Free	Pro	Team	Enterprise
Workspaces	1	5	25	Unlimited
Storage per workspace	100 MB	2 GB	4 GB	Custom
Total storage	100 MB	10 GB	100 GB	Custom
Operations per day	1,000	50,000	500,000	Custom
Max file size	10 MB	10 MB	100 MB	Custom
Version retention	7 days	180 days	365 days	Up to 10yr
Concurrent agents	3	25	100	Unlimited

→ Compliance Documentation

← Back to home