home / mcp / mcp strapi server
Provides a full CRUD MCP gateway to Strapi 5.x, private document storage, ABAC-filtered semantic search, and RAG capabilities for AI agents.
Configuration
View docs{
"mcpServers": {
"andychoi-mcp-strapi": {
"url": "http://localhost:1337/api/mcp-server/mcp",
"headers": {
"APP_KEYS": "key1,key2,key3,key4",
"S3_BUCKET": "secure-documents",
"JWT_SECRET": "your-jwt-secret-change-me",
"STRAPI_URL": "http://localhost:1337",
"S3_ENDPOINT": "http://minio:9000",
"DATABASE_HOST": "postgres-db",
"DATABASE_NAME": "strapi",
"DATABASE_PORT": "5432",
"API_TOKEN_SALT": "your-api-token-salt",
"DATABASE_CLIENT": "postgres",
"ADMIN_JWT_SECRET": "your-admin-jwt-secret-change-me",
"AWS_ACCESS_KEY_ID": "minioadmin",
"DATABASE_PASSWORD": "password",
"DATABASE_USERNAME": "strapi",
"S3_PUBLIC_ENDPOINT": "http://localhost:9000",
"STRAPI_ADMIN_EMAIL": "[email protected]",
"S3_FORCE_PATH_STYLE": "true",
"TRANSFER_TOKEN_SALT": "your-transfer-token-salt",
"AWS_SECRET_ACCESS_KEY": "minioadmin",
"STRAPI_ADMIN_PASSWORD": "your_password"
}
}
}
}You can run a Strapi-based MCP server that exposes a secure, ABAC-filtered document platform with semantic search and RAG integration for AI agents. This server provides a Streamable HTTP MCP endpoint for agent CRUD operations, private document storage, and guarded search capabilities, enabling powerful context-aware interactions while enforcing access policies.
Start by running the MCP server in your environment. You will typically interact with two endpoints: the MCP HTTP endpoint for programmatic access and a local stdio server if you operate a standalone MCP client. Use the MCP endpoint to let agents perform CRUD operations on documents, upload and retrieve private documents, and run semantic searches with access control.
Prerequisites: you need Docker or a Node.js environment, a PostgreSQL database with pgvector support, and an S3-compatible object store for private documents.
Quick start using Docker (recommended for rapid prototyping):
git clone https://github.com/andychoi/mcp-strapi.git
cd mcp-strapi
# Create configuration
cat > .env <<EOF
DATABASE_CLIENT=postgres
DATABASE_HOST=postgres-db
DATABASE_PORT=5432
DATABASE_NAME=strapi
DATABASE_USERNAME=strapi
DATABASE_PASSWORD=password
JWT_SECRET=your-jwt-secret-change-me
ADMIN_JWT_SECRET=your-admin-jwt-secret-change-me
APP_KEYS=key1,key2,key3,key4
API_TOKEN_SALT=your-api-token-salt
TRANSFER_TOKEN_SALT=your-transfer-token-salt
S3_BUCKET=secure-documents
S3_ENDPOINT=http://minio:9000
S3_FORCE_PATH_STYLE=true
S3_PUBLIC_ENDPOINT=http://localhost:9000
AWS_ACCESS_KEY_ID=minioadmin
AWS_SECRET_ACCESS_KEY=minioadmin
EOF
docker compose up -d
# Endpoints:
# MCP: http://localhost:1337/api/mcp-server/mcp
# Document API: http://localhost:1337/api/secure-documents/documents
# Search API: http://localhost:1337/api/secure-search/search
# Strapi admin: http://localhost:1337/admin
# MinIO console: http://localhost:9001If you prefer a standalone MCP server, you can run the external MCP server and connect to your Strapi instance without modifying Strapi.
Example for standalone server run (from the source flow):
cd strapi-mcp-server
npm install
npm run build
# Configure
cat > .env <<EOF
STRAPI_URL=http://localhost:1337
[email protected]
STRAPI_ADMIN_PASSWORD=your_password
EOF
# Run
node --env-file=.env build/index.jsThe server relies on a set of environment variables to configure Strapi, the MCP plugin, and storage/search integrations. These include database settings, JWT secrets, S3 access, embedding providers, and RAG options.
Access is governed by ABAC policies attached to documents. Each document carries a policy field that controls who can access it, and a double-enforcement model applies both database-level filters and server-side checks.
If you encounter connectivity or authorization issues, verify that the MCP endpoint is reachable, the tokens and admin credentials are correct, and that the Strapi instance is healthy. Check the container logs for warnings around authentication, ABAC policy evaluation, or vector storage.
You can run in development or production configurations. Use the provided tooling and environment variable patterns to tailor embeddings, search, and policy evaluation to your organization.
Create, read, update, and delete content types and entries across Strapi and the MCP layer.
Upload media assets to Strapi and attach them to content.
Upload private documents to S3 with ABAC policy enforcement and indexing for retrieval.
Perform ABAC-filtered semantic searches with RAG integration.
Enforce access control by evaluating ABAC policies on documents and queries.
Expose an MCP endpoint for AI agents to perform CRUD operations via the Document Service.
Run a separate MCP server that can operate without modifying Strapi.
Generate embeddings for documents using Ollama or AWS Bedrock.
Extract, chunk, embed, and store document representations for retrieval and QA.
Use pgvector for semantic search with ABAC-filtered facets.
Provide secure presigned download URLs for documents.
Use JWT-based or admin-based authentication flows for MCP access.
Enable and configure the mcp-server, secure-documents, and secure-search plugins.
Dev modes for content types, components, and schema management within Strapi.
Run integration tests for MCP features, secure document handling, and ABAC enforcement.
Run the stack with Docker Compose for rapid development and testing.
Configure Claude Desktop to connect to the MCP server.
Trigger re-indexing of documents for search updates.
Check the indexing status of documents during RAG processing.