Skip to content

feat: add MCP server (psst-mcp) for Claude and agent integration#39

Open
djhenry wants to merge 1 commit into
Michaelliv:mainfrom
djhenry:feat/mcp-server
Open

feat: add MCP server (psst-mcp) for Claude and agent integration#39
djhenry wants to merge 1 commit into
Michaelliv:mainfrom
djhenry:feat/mcp-server

Conversation

@djhenry

@djhenry djhenry commented May 26, 2026

Copy link
Copy Markdown

Summary

Adds a Model Context Protocol (MCP) server so Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-capable agent can use psst secrets without ever seeing their values.

  • New binary psst-mcp (installed alongside psst via npm)
  • Pure stdio transport — no daemon, no ports
  • Secrets masked as [REDACTED] in all command output
  • Unlocks vault through OS keychain or PSST_PASSWORD — same auth as the CLI

Tools

Tool Description
list_secrets List secret names + tags. Never exposes values.
exec_command Run a command with specific named secrets injected (least-privilege).
run_command Run a command with all vault secrets injected.
list_environments List available vault environments.

Setup

Claude Code — add to .claude/mcp.json or ~/.claude/mcp.json:

{
  "mcpServers": {
    "psst": {
      "command": "psst-mcp"
    }
  }
}

Claude Desktop — add to claude_desktop_config.json:

{
  "mcpServers": {
    "psst": {
      "command": "psst-mcp"
    }
  }
}

Then Claude can do things like:

list_secrets()                                           → STRIPE_KEY, DATABASE_URL
exec_command(["STRIPE_KEY"], ["curl", "-H", "Authorization: Bearer $STRIPE_KEY", "https://api.stripe.com"])
                                                         → stdout: [REDACTED response body]

How it works

The MCP server uses the Vault class directly (no subprocess shelling out to psst). Secret values are fetched from the vault, injected into the subprocess environment, and any that appear in stdout/stderr are masked before being returned to the agent. The agent only ever sees secret names and masked output — never values.

Test plan

  • npm install -g psst-cli && psst-mcp starts without error
  • list_secrets returns names but never values
  • exec_command runs command with secret injected; value appears as [REDACTED] in output
  • run_command runs command with all secrets; values masked in output
  • Error cases return isError: true with a readable message (no vault, unlock failed, missing secret)
  • Works with both local (.psst/) and global (~/.psst/) vaults
  • Claude Code can call all four tools via MCP

🤖 Generated with Claude Code

@djhenry @claude
feat: add MCP server (psst-mcp) for Claude and agent integration
0f7097a 
Adds a Model Context Protocol server that lets Claude and other MCP
clients use psst secrets without ever seeing their values.

New binary: psst-mcp (stdio transport, compatible with Claude Code,
Claude Desktop, Cursor, Windsurf, and any MCP-capable agent).

Tools exposed:
  list_secrets      — list secret names + tags (never values)
  exec_command      — run a command with specific named secrets injected
  run_command       — run a command with all vault secrets injected
  list_environments — list available vault environments

Secrets are masked as [REDACTED] in all command output. The server
unlocks the vault through the OS keychain (or PSST_PASSWORD), so
credentials never appear in the MCP message stream.

Usage (Claude Code / claude_desktop_config.json):
  {
    "mcpServers": {
      "psst": {
        "command": "psst-mcp"
      }
    }
  }

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@djhenry