MCP server
Bring your design library into any AI client. The DesignVault MCP server lets Claude, Cursor and other Model Context Protocol tools search your assets by meaning, browse collections, find similar work, and — when you opt in — create, tag and organize assets, all in the flow of a conversation.
Published & discoverable. On npm as designvault-mcp, and listed in the official MCP registry as net.designvault/designvault.
What you can ask
Once connected, prompts like these reach straight into your library:
- “Find dark hero banners from the Q4 launch in DesignVault.”
- “What’s in the ‘Spring 2026 campaign’ collection?”
- “Show me assets similar to this one.”
- “Tag this asset as website and dark, then add it to Q4 Launch.” (write mode)
Quick start
You need a DesignVault API key (dv_live_…), generated under Settings → API keys → New key. The key is shown only once — copy it immediately.
Claude Desktop
Add this to your claude_desktop_config.json (macOS: ~/Library/Application Support/Claude/claude_desktop_config.json), then restart Claude Desktop:
{
"mcpServers": {
"designvault": {
"command": "npx",
"args": ["-y", "designvault-mcp"],
"env": {
"DESIGNVAULT_API_KEY": "dv_live_xxxxxxxx"
}
}
}
}Cursor & other MCP clients
Any client that speaks MCP over stdio takes the same shape — point its MCP config at npx -y designvault-mcp with the DESIGNVAULT_API_KEY environment variable set.
Configuration
| Variable | Required | Default | Description |
|---|---|---|---|
DESIGNVAULT_API_KEY | Yes | — | Per-org key (dv_live_…). |
DESIGNVAULT_BASE_URL | No | https://www.designvault.net | Override for a preview deployment or local dev. |
DESIGNVAULT_ENABLE_WRITE | No | off | Set to 1 to register the write tools. |
Read-only by default
Write tools stay off unless you set DESIGNVAULT_ENABLE_WRITE=1. This is deliberate: a key pasted into a shared or synced config can’t mutate or delete your data unless you explicitly opt in. Turn it on only when you want the assistant to create, edit, or organize assets.
Tools
Read — always available
| Tool | What it does |
|---|---|
search_assets | Hybrid full-text + semantic search by natural-language query. |
list_assets | List / filter assets (type, client, product, tag, text) with pagination. |
get_asset | Fetch one asset with tags and a signed thumbnail URL. |
find_similar_assets | Nearest neighbours to an asset by embedding similarity. |
list_collections | List collections with asset counts and smart/manual flag. |
get_collection | Fetch a collection and its assets (smart collections evaluated live). |
list_tags | List the organization’s tags. |
list_asset_types | List the organization’s asset-type catalogue. |
Write — opt-in via DESIGNVAULT_ENABLE_WRITE
| Tool | What it does |
|---|---|
push_asset | Ingest a new asset from an image URL, with metadata and tags. |
update_asset | Update an asset’s metadata; replace its tags. |
delete_asset | Permanently delete an asset. |
create_collection | Create a manual or smart collection. |
update_collection | Rename or toggle the public share link. |
delete_collection | Delete a collection (member assets are kept). |
add_asset_to_collection | Add an asset to a manual collection. |
remove_asset_from_collection | Remove an asset from a manual collection. |
How it works
The server is a thin, stateless layer: each tool call becomes one authenticated request to the DesignVault REST API. Nothing is cached or stored locally, the same per-key rate limits and scopes apply, and thumbnail URLs are short-lived signed URLs — re-fetch rather than persist them.
Security
- Keep write mode off unless you need it — read tools cover search, browse and discovery.
- Treat the API key like any secret: store it in your client’s env config, never commit it.
- Revoke a key instantly under Settings → API keys if it leaks — requests using it fail immediately.
Privacy note
Asset data fetched through the MCP server flows into your AI client (Claude, Cursor, …) under your own agreement with that provider — it acts for you, not as a DesignVault subprocessor. Connecting an AI client is a customer-directed disclosure under our DPA: make sure your organization is comfortable with where that client sends data before enabling it.