Clients
The three first-party PrivacyFlow clients — MCP server for LLM tools, Agent Zero channel for autonomous replies, and the n8n node for visual workflows.
PrivacyFlow ships three first-party clients. They all talk to the same public API and authenticate with the same API key model; the differences are in how you install them and where the work happens.
The three clients
| Client | Language | Transport | Best for |
|---|---|---|---|
| MCP server | TypeScript (Node) | stdio (MCP) | Letting an LLM (Claude Desktop, Cursor, OpenCode) poll and send on your behalf. |
| Agent Zero channel | Python | A0 extension hooks | Autonomous bi-directional chat — your agent replies back automatically. |
| n8n node | TypeScript | n8n community node | Visual workflow automation with no code. |
How to choose
- You want an AI agent to read your inbox and reply. Use Agent Zero. It runs a 3-second poller, forwards inbound messages to an Agent Zero context, and ships the agent’s reply back through PrivacyFlow’s send endpoint with per-messenger message splitting.
- You want a chat-style LLM client (Claude, Cursor) to call PrivacyFlow as a tool. Use the MCP server. It exposes four tools (health, verify, poll, send) plus two prompts (reply-to-message, broadcast) and two resources (API docs, contact formats). The LLM decides when to poll and what to send.
- You want to build automation with no code. Use n8n. The Send node sends messages; the Trigger node polls and emits each message as an n8n item you can route through any other node.
Shared conventions
All three clients:
- Authenticate with a single PrivacyFlow API key in the
Authorization: Bearer <key>header by default (the MCP server switches toX-API-Keyif you setPRIVACYFLOW_API_KEY_HEADER=x-api-key). - Default to the public API at
https://privacyflow.app; override the base URL per-client if you run a self-hosted instance. - Treat polling as a destructive read — once a message is polled, it’s gone. They all persist before processing.
- Preserve the
messenger,contactId, andgroupIdfrom polled messages when sending replies. The n8n trigger node surfaces this caveat in its UI; the others do it in code.
Note
One API key per client is the safest setup. Issue separate credentials from the dashboard Credentials section so a compromise of one client’s key does not leak the others’ rate budgets or app scopes.
Last updated: