proton-pass-community-mcp is an MCP server that wraps selected commands from the Proton Pass CLI (pass-cli).

It is an independent community project. It is not affiliated with or endorsed by Proton AG.

It is designed as a thin integration layer:

• typed tool inputs with zod
• stdio transport for MCP clients

Available Tools

As this project is in its initial stages, it exposes the following tools:

Tool	Purpose
view_session_info	Session/account status from pass-cli info
view_user_info	User account details from pass-cli user info
check_status	Check user authentication status and CLI version
inject	Inject secrets into template files
run	Run commands with secret references resolved
list_vaults	List vaults
list_shares	List shares
list_invites	List pending invitations
view_settings	View current Proton Pass CLI settings
list_vault_members	List members of a specific vault
update_vault_member	Update a vault member role
remove_vault_member	Remove a vault member
list_items	List vault or share items, omitting contents
search_items	Search items by title
view_item	View item by URI or selectors
create_vault	Create a vault
update_vault	Update a vault name
delete_vault	Delete a vault
share_vault	Share a vault with a user
transfer_vault	Transfer vault ownership
create_login_item	Create a login item
create_login_item_from_template	Create a login item from template payload
create_note_item	Create a note item
create_credit_card_item	Create a credit card item
create_wifi_item	Create a WiFi item
create_custom_item	Create a custom item from template payload
create_identity_item	Create an identity item from template payload
move_item	Move an item between vaults
trash_item	Move an item to trash
untrash_item	Restore an item from trash
update_item	Update an item field set
delete_item	Delete an item
download_item_attachment	Download an item attachment
list_item_members	List members of an item
update_item_member	Update an item member role
remove_item_member	Remove an item member
create_item_alias	Create an alias item
share_item	Share an item with a user
generate_item_totp	Generate item TOTP codes
generate_random_password	Generate a random password
generate_passphrase	Generate a passphrase
generate_totp	Generate TOTP from secret/URI
score_password	Score password strength

The search_items operation is additional functionality that is not provided by the base CLI.

Mutative tools currently require write gate opt-in (ALLOW_WRITE=1) and explicit per-call confirmation (confirm: true).

Proposed protocol-aligned confirmation policy (elicitation-first with fail-closed fallback) is documented in docs/TOOL_SCHEMA_PLAN.md.

Available Resources

The server also exposes static MCP resources for item-create template snapshots:

• pass://templates/item-create (catalog/index)
• pass://templates/item-create/login
• pass://templates/item-create/note
• pass://templates/item-create/credit-card
• pass://templates/item-create/wifi
• pass://templates/item-create/custom
• pass://templates/item-create/identity

Snapshot artifact source:

• docs/testing/item-create-templates.snapshot.json

These template resources are example well-formed payloads from pass-cli --get-template, not authoritative validation schemas.

Item Discovery Contract

list_items and search_items return token-efficient results. These operations do not contain the full contents or secrets of any items, thus preventing unnecessary leakage of sensitive data from the CLI to the host application or the LLM.

list_items and search_items both support MCP pagination:

• Input fields:
  • pageSize (optional, 1..250, default 100 for JSON output)
  • cursor (optional non-negative integer string offset, for example "100")
• Behavior:
  • Response includes items, pageSize, cursor, returned, total, and nextCursor.
  • Use nextCursor in a follow-up call to fetch the next page.

list_items also forwards filterType, filterState, and sortBy to pass-cli item list.

search_items semantics:

• title-only search (field: "title")
• matching modes: contains, prefix, exact
• optional caseSensitive

Requirements

Note

Currently, the server expects the user to handle authentication. If it's not able to authenticate, it will simply prompt the user to authenticate using one of the pass-cli methods.

• Node.js 24 (.nvmrc)
• pass-cli installed and authenticated
• MCP client capable of stdio transport

📌 Current Baseline Version of pass-cli used in development: v1.6.1

Run Locally

npm ci
npm run build
npm run dev

Anonymized Demo Shell (Docker)

Use this when recording demos and you want a neutral workspace path in tooling metadata:

npm run demo:shell

This launches a container with the project mounted at /workspace/project.

To run a single command instead of an interactive shell:

npm run demo:shell -- npm run check

Notes:

• Shell prompt aliases/PS1 tweaks only change terminal display; they do not change real working-directory metadata emitted by tools.
• For true path anonymization in logs, run the host/tooling process from inside this containerized workspace.

MCP Client Configuration

Example MCP server config using command-line args:

{
  "mcpServers": {
    "proton-pass-community-mcp": {
      "command": "node",
      "args": ["/absolute/path/to/proton-pass-community-mcp/dist/index.js", "--allow-version-drift"]
    }
  }
}

Example MCP server config using environment overrides:

{
  "mcpServers": {
    "proton-pass": {
      "command": "node",
      "args": ["/absolute/path/to/proton-pass-community-mcp/dist/index.js"],
      "env": {
        "PASS_CLI_BIN": "pass-cli",
        "PASS_CLI_ALLOW_VERSION_DRIFT": "true"
      }
    }
  }
}

Authentication Model

1. Authentication is user-managed outside MCP with pass-cli login.
2. On auth failure, tools return standardized AUTH_* errors and a retry instruction.
3. The MCP server does not collect credentials, OTP codes, or private keys.
4. Use check_status once as a session preflight (not per tool call); rely on AUTH_* fallback errors if the session later expires.
5. check_status compares your local CLI version against the development baseline and reports a version assessment for LLMs:
   • equal: exact semver match
   • compatible: semver differs but appears compatible by policy
   • possibly_incompatible: semver indicates potential drift, or version parsing/execution prevented a strict comparison
6. Version assessments are advisory. check_status is marked as an MCP error only when connectivity/authentication fails.
7. There is no MCP-specific API token auth layer in this server. Authentication methods are those supported by pass-cli in the server process environment.

Test Account Workflow

For disposable test-account usage in local development and CI (including account preflight checks and session isolation), see docs/testing/TEST_ACCOUNT_WORKFLOW.md.

Startup Flags

• --allow-version-drift: treat semver mismatch/version-parse uncertainty as compatible for check_status

Equivalent environment variable:

• PASS_CLI_ALLOW_VERSION_DRIFT=true|false (accepted truthy values: true, 1, yes, on; falsy: false, 0, no, off)
• If both are set, the CLI flag takes precedence.

Example:

npm run dev -- --allow-version-drift

Notes

• This is not an official Proton project.
• This project currently targets Proton Pass via pass-cli only.
• See ROADMAP.md for planned features.
• In addition to the MCP server, there is an agent skill file that is intended to be integrated with this MCP - however, it is currently only a draft.
• Developer runtime configuration and validation workflows are documented in CONTRIBUTING.md.
• Disposable account setup and contributor/CI guidance are documented in docs/testing/TEST_ACCOUNT_WORKFLOW.md.
• See CONTRIBUTING.md if you're interested in contributing to this project. Contributors are highly welcome at this stage.

LICENSE

GPL-3 © 2026 Really Him