AI News AI资讯 7d ago Updated 6d ago 更新于 6天前 42

Show HN: Sharing LLM Artifacts with your team Show HN:与团队共享 LLM 工件

Dropway is an open-source, self-hostable platform that converts static folders into live, versioned URLs with granular access control. It introduces LLM-friendly features, including automatic `llms.txt` indexing for public sites and secure MCP server integration for gated content. The architecture leverages Next.js for the dashboard, Go for the backend API, Cloudflare Workers for edge serving, and Postgres for data management. Security is prioritized through multi-tenant isolation, immediate acc Dropway 是一个开源的静态网站托管与分享平台,支持拖拽文件夹或 MCP 协议快速生成可版本控制的实时 URL。 提供细粒度的访问控制(公开、密码保护、特定人员、组织内部),并具备即时撤销权限和完整的审计日志功能。 架构采用 Next.js 控制面板、Go API 后端、Cloudflare Edge Workers 边缘分发及 Postgres 存储,支持自托管。 创新性地集成了 LLM 友好特性,公开站点自动适配 `llms.txt` 供 AI 爬虫读取,受控站点则通过 OAuth 2.1 MCP 服务器限制 AI 访问。

65
Hot 热度
60
Quality 质量
55
Impact 影响力

Analysis 深度分析

TL;DR

  • Dropway is an open-source, self-hostable platform that converts static folders into live, versioned URLs with granular access control.
  • It introduces LLM-friendly features, including automatic llms.txt indexing for public sites and secure MCP server integration for gated content.
  • The architecture leverages Next.js for the dashboard, Go for the backend API, Cloudflare Workers for edge serving, and Postgres for data management.
  • Security is prioritized through multi-tenant isolation, immediate access revocation, and serving untrusted content on separate Public-Suffix-List domains.
  • It solves the friction of sharing static assets by providing four distinct sharing tiers: public, password-protected, email allowlist, and organization-only.

Why It Matters

This tool addresses a critical gap in the developer workflow where creating static content is easy, but securely sharing and managing access to it remains complex. By integrating native support for AI agents via MCP and LLM crawlers, Dropway prepares static infrastructure for the emerging era of autonomous web interaction, ensuring that access controls apply equally to human users and AI bots.

Technical Details

  • Architecture: Built with a Next.js dashboard (using Better Auth for identity), a Go API for the system of record and authorization, Cloudflare Workers for edge content delivery, and Postgres with Row-Level Security for multi-tenancy.
  • Deployment: Supports both managed SaaS and self-hosting via Docker Compose, bundling Go, Next.js, Postgres, and MinIO (as an S3/R2 stand-in) for easy local development and private deployment.
  • Access Control: Implements four sharing tiers (public, password, allowlist, org-only) with immediate revocation capabilities and audit logs for compliance and security monitoring.
  • AI Integration: Automatically serves llms.txt for public sites to enable discovery by AI crawlers (GPTBot, ClaudeBot, etc.), while restricting gated content to authenticated access via OAuth 2.1 MCP servers.
  • Security Isolation: Untrusted tenant HTML/JS is served from distinct subdomains based on the Public-Suffix List to prevent cross-site scripting and session hijacking between tenants.

Industry Insight

  • AI Infrastructure Evolution: As AI agents begin to browse and interact with web content natively, platforms must provide standardized mechanisms (like llms.txt) and secure programmatic access (via MCP) to manage AI traffic and permissions effectively.
  • Shift in Static Hosting: Traditional static hosts focus on performance and uptime; next-generation tools must prioritize governance, auditability, and granular permission models to meet enterprise security requirements for internal and external sharing.
  • Self-Hosted AI Readiness: The availability of self-hostable solutions with built-in AI agent support allows organizations to maintain data sovereignty while enabling their internal tools and reports to be consumed by private AI assistants securely.

TL;DR

  • Dropway 是一个开源的静态网站托管与分享平台,支持拖拽文件夹或 MCP 协议快速生成可版本控制的实时 URL。
  • 提供细粒度的访问控制(公开、密码保护、特定人员、组织内部),并具备即时撤销权限和完整的审计日志功能。
  • 架构采用 Next.js 控制面板、Go API 后端、Cloudflare Edge Workers 边缘分发及 Postgres 存储,支持自托管。
  • 创新性地集成了 LLM 友好特性,公开站点自动适配 llms.txt 供 AI 爬虫读取,受控站点则通过 OAuth 2.1 MCP 服务器限制 AI 访问。

为什么值得看

对于需要频繁分享数据报告、原型设计或内部文档的团队,Dropway 解决了传统文件传输方式缺乏版本控制和权限管理的痛点。其将“分享”作为一等公民的设计,结合对 AI Agent 访问控制的考量,为开发者和企业提供了兼顾安全与效率的静态内容分发新范式。

技术解析

  • 核心架构:前端使用 Next.js(集成 Better Auth 进行身份验证),后端为 Go API 作为系统记录者和授权边界,内容通过 Cloudflare Edge Workers 在边缘节点分发,数据存储于 Postgres(支持行级安全隔离多租户)和 R2/MinIO。
  • 访问控制与安全:实施四种共享层级(公开、密码、白名单、组织内),默认拒绝策略。利用公共后缀列表域名隔离租户 HTML/JS,防止跨站脚本攻击。权限变更在边缘即时生效,无需等待 Token 过期。
  • AI 集成机制:公开站点自动生成 llms.txt 索引以欢迎 GPTBot 等爬虫;受保护站点通过认证的 Dropway MCP 服务器(OAuth 2.1)向 Claude、Cursor 等 AI 工具提供访问,确保 AI 遵循与人类相同的权限策略。
  • 部署与运维:完全开源且支持自托管,通过 Docker Compose 一键启动包含 API、Dashboard、Postgres 和 MinIO 的全栈环境,也可配置外部数据库和对象存储。

行业启示

  • 静态内容的治理需求上升:随着 AI 生成内容和数据可视化的普及,简单的文件共享已无法满足合规要求,具备版本追踪、即时撤销和审计能力的托管服务成为企业刚需。
  • AI 访问控制需纳入基础设施层:Dropway 对 AI 爬虫和 Agent 的差异化处理表明,未来的 Web 基础设施必须原生支持区分人类与 AI 的访问权限,以防止敏感数据被未授权的 AI 模型抓取。
  • 边缘计算赋能快速分发:利用 Cloudflare Workers 等边缘技术实现静态内容的低延迟分发和细粒度权限检查,证明了 Serverless 架构在解决复杂分享场景下的灵活性和高效性。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

LLM 大模型 Open Source 开源 Deployment 部署