Vaulted Prompts MCP Bridge

Minimal MCP-friendly proxy to the Strapi API, enabling prompt CRUD (and AI generation) with bearer auth supplied by the client/agent.

Views1
PublishedJan 14, 2026

Loading actions...

5 minBeginnerpromptSingle file

Skill content

Main instructions and any bundled files for this skill.

markdown

Vaulted Prompts MCP Bridge

Minimal MCP-friendly proxy to the Strapi API, enabling prompt CRUD (and AI generation) with bearer auth supplied by the client/agent.

Endpoints

  • GET /health — sanity check
  • POST /auth/login — pass { identifier, password }, returns Strapi JWT (so the LLM can prompt user to log in)
  • GET /auth/me — returns current user (requires bearer)
  • GET /prompts — list prompts (accepts Strapi query params)
  • GET /prompts/:id — get prompt
  • POST /prompts — create prompt ({ name, description, content, visibility, tags?, team? } under data wrapper)
  • PUT /prompts/:id — update prompt ({ ...fields } under data wrapper)
  • DELETE /prompts/:id — delete prompt
  • POST /prompts/ai — generate with AI (forwards body to /prompts/generate)

Note: Vaulted Prompts requires deletions by documentId rather than numeric id, so MCP clients should fetch the prompt list (includes documentId) and pass that value to /prompts/:id when deleting. This avoids 404s caused by using the numeric ID.

Auth

Pass Authorization: Bearer <token> with each request. For local testing you can set DEFAULT_TOKEN, but real usage should pass the token per request (e.g., from the chat/agent context).

Agent guidance

  • Before hitting any /prompts or /prompts/ai routes, the LLM should prompt the user for Vaulted Prompts credentials (identifier/password) and exchange them via POST /auth/login, capturing the returned JWT.
  • If the user already supplied a token, validate it against /auth/me before making prompt edits so expired/revoked tokens can be refreshed by re-authorizing.
  • Always echo the source of the token (email or username) when confirming actions so the human knows which account is being used.
  • When using /prompts/ai to generate a prompt, show the generated prompt (title/description/content) to the user first and ask for confirmation or edits before calling /prompts. Treat this as a preview step so the user can adjust the wording or metadata before it is saved in the vault.

Config

  • API_BASE_URL (default https://api.vaultedprompts.com/api)
  • PORT (default 4000)
  • DEFAULT_TOKEN (optional, for local testing only)

Run

npm install
npm run dev  # or npm start

Docker

Build and run:

docker build -t vaulted-prompts-mcp .
docker run -p 4000:4000 -e API_BASE_URL=https://api.vaultedprompts.com/api vaulted-prompts-mcp
Share: