Vaulted Prompts MCP Bridge
Minimal MCP-friendly proxy to the Strapi API, enabling prompt CRUD (and AI generation) with bearer auth supplied by the client/agent.
Loading actions...
Skill content
Main instructions and any bundled files for this skill.
Vaulted Prompts MCP Bridge
Minimal MCP-friendly proxy to the Strapi API, enabling prompt CRUD (and AI generation) with bearer auth supplied by the client/agent.
Endpoints
GET /health— sanity checkPOST /auth/login— pass{ identifier, password }, returns Strapi JWT (so the LLM can prompt user to log in)GET /auth/me— returns current user (requires bearer)GET /prompts— list prompts (accepts Strapi query params)GET /prompts/:id— get promptPOST /prompts— create prompt ({ name, description, content, visibility, tags?, team? }underdatawrapper)PUT /prompts/:id— update prompt ({ ...fields }underdatawrapper)DELETE /prompts/:id— delete promptPOST /prompts/ai— generate with AI (forwards body to/prompts/generate)
Note: Vaulted Prompts requires deletions by
documentIdrather than numericid, so MCP clients should fetch the prompt list (includesdocumentId) and pass that value to/prompts/:idwhen deleting. This avoids 404s caused by using the numeric ID.
Auth
Pass Authorization: Bearer <token> with each request. For local testing you can set DEFAULT_TOKEN, but real usage should pass the token per request (e.g., from the chat/agent context).
Agent guidance
- Before hitting any
/promptsor/prompts/airoutes, the LLM should prompt the user for Vaulted Prompts credentials (identifier/password) and exchange them viaPOST /auth/login, capturing the returned JWT. - If the user already supplied a token, validate it against
/auth/mebefore making prompt edits so expired/revoked tokens can be refreshed by re-authorizing. - Always echo the source of the token (email or username) when confirming actions so the human knows which account is being used.
- When using
/prompts/aito generate a prompt, show the generated prompt (title/description/content) to the user first and ask for confirmation or edits before calling/prompts. Treat this as a preview step so the user can adjust the wording or metadata before it is saved in the vault.
Config
API_BASE_URL(defaulthttps://api.vaultedprompts.com/api)PORT(default4000)DEFAULT_TOKEN(optional, for local testing only)
Run
npm install
npm run dev # or npm start
Docker
Build and run:
docker build -t vaulted-prompts-mcp .
docker run -p 4000:4000 -e API_BASE_URL=https://api.vaultedprompts.com/api vaulted-prompts-mcp
Related Skills
Frontend Typescript Linting.mdc
TypeScript and ESLint rules that MUST be followed when creating, modifying, or reviewing any file under apps/frontend/, including .ts, .tsx, .js, and .jsx files. Also apply when discussing frontend li...
2. Apply Deepthink Protocol (reason about dependencies
risks