CodingIdeas.ai
← Back to Ideas

PromptAudit - MCP Server That Enforces Prompt Governance and Safety Policies in Claude and Cursor

Your team is vibe-coding with Claude and Cursor and nobody knows what prompts are going out to the API — or whether they contain PII, proprietary code, or policy violations. PromptAudit is an MCP server that sits between your AI tools and the model, audits every prompt, and enforces your org's safety policies before anything leaves your machine.

?
𝕏 PostRedditHN

Difficulty

intermediate

Category

MCP & Integrations

Market Demand

Very High

Revenue Score

7/10

Platform

MCP Server

Vibe Code Friendly

No

Hackathon Score

🏆 8/10

What is it?

As Claude and Cursor usage explodes across engineering teams in April 2026, engineering leads and security teams have zero visibility into what prompts employees are sending, whether sensitive data is being exfiltrated via AI prompts, or whether teams are following prompt quality standards. PromptAudit is a Model Context Protocol server that intercepts prompts before they hit Claude or Cursor's AI backend, runs policy checks including PII detection, secret scanning, and custom org rules, logs every prompt to a local audit trail, and optionally blocks or rewrites violating prompts. It targets team leads and security-conscious founders using Claude for Teams or Cursor Business. Buildable now with the MCP SDK, Claude's tool-calling, and the Anthropic Python SDK — ships as a local MCP server that any Claude Desktop or Cursor user can point to in their config.

Why now?

The MCP ecosystem reached critical mass in early 2026 with Claude Desktop and Cursor both supporting third-party MCP servers natively — prompt governance tooling is the first obvious enterprise-grade gap in the ecosystem with no existing solutions.

  • MCP server intercepts all prompts from Claude Desktop and Cursor before API call via tool hook.
  • Presidio NLP PII detection flags names, emails, phone numbers, and credit card numbers in prompt text.
  • TruffleHog regex patterns scan for AWS keys, GitHub tokens, and common secret formats.
  • Local SQLite audit log stores all prompts with timestamp, policy verdict, and user identity for 90-day retention.

Target Audience

Engineering leads and security-conscious founders running 5-50 person teams on Claude for Teams or Cursor Business — roughly 50k teams globally with AI coding policies.

Example Use Case

Lena, a CTO at a 30-person startup, installs PromptAudit as their team's MCP server, sets a policy blocking any prompt containing AWS credentials patterns, and gets a weekly digest showing that 3 developers have been pasting API keys into Claude prompts — stops the leak before it becomes an incident.

User Stories

  • As an engineering lead, I want all team Claude prompts scanned for secrets before they leave the machine, so that I prevent accidental API key exfiltration.
  • As a security officer, I want a 90-day audit log of all AI prompts with policy verdicts, so that I can demonstrate compliance during audits.
  • As a developer, I want the MCP server to warn me when my prompt contains PII, so that I fix it before the data leaves my laptop.

Acceptance Criteria

PII detection: done when Presidio flags email addresses and phone numbers in test prompts with under 100ms latency. Secret scanning: done when AWS access key pattern is detected and blocked before prompt reaches Claude API. Audit log: done when every prompt interaction creates a SQLite entry with timestamp and verdict within 50ms. Policy rule creation: done when a new block rule created in dashboard takes effect on the next prompt within 5 seconds.

Is it worth building?

$49/month x 50 teams = $2,450 MRR by month 2. $149/month enterprise tier x 20 teams = $2,980 MRR. $5k MRR realistic by month 3 with security community targeting.

Unit Economics

CAC: $10 via GitHub and Discord community. LTV: $588 (12 months at $49/month). Payback: 1 month. Gross margin: 96%.

Business Model

SaaS subscription $49/month per team

Monetization Path

Free: 1 policy rule, 30-day audit log. Team $49/month: unlimited rules, 1-year log, dashboard. Enterprise $149/month: SSO, team-wide policy sync, export to SIEM.

Revenue Timeline

First dollar: week 2 via GitHub sponsors or direct upgrade. $1k MRR: month 2. $5k MRR: month 4.

Estimated Monthly Cost

Vercel for dashboard: $20, Stripe: $20 fees at launch MRR, Resend: $10, no cloud AI costs since PII detection runs locally via Presidio. Total: ~$50/month.

Profit Potential

Strong at $5k–$15k MRR targeting security-conscious dev teams with compliance requirements.

Scalability

High — team policy sync, SIEM integration, and white-label for MSPs are V3 plays.

Success Metrics

Week 2: 100 installs via GitHub. Month 1: 20 paid teams. Month 3: 80% retention.

Launch & Validation Plan

Post in Anthropic Discord and r/ClaudeAI asking if teams have any visibility into what prompts developers send — collect 25 GitHub star signups before writing MCP server code.

Customer Acquisition Strategy

First customer: DM 20 engineering leads in Anthropic's official Discord offering free Team tier for 60 days in exchange for weekly feedback calls. Ongoing: Hacker News Show HN, GitHub trending, r/netsec, Anthropic partner ecosystem newsletter.

What's the competition?

Competition Level

Low

Similar Products

PrivacyGuard is a pre-prompt PII layer but not MCP-native. Nightfall detects secrets but in cloud storage not AI prompts. No existing MCP server targets prompt governance specifically — PromptAudit owns this gap.

Competitive Advantage

Local MCP server means zero data leaves the machine for audit purposes — the privacy advantage is the product, not a feature.

Regulatory Risks

Low regulatory risk. Audit logs are stored locally — no cloud data handling required. GDPR compliance straightforward since no user content leaves the device. Must disclose that prompt content is logged locally in privacy policy.

What's the roadmap?

Feature Roadmap

V1 (launch): PII detection, secret scanning, SQLite audit log, Claude Desktop and Cursor integration. V2 (month 2-3): team policy sync via shared config file, weekly email digest, Slack alert on violation. V3 (month 4+): SIEM export, SSO, custom regex policy rules, enterprise seat management.

Milestone Plan

Phase 1 (Week 1-2): MCP server intercepts prompts, Presidio and secret scanner running locally, SQLite audit log writing. Phase 2 (Week 3-4): Next.js dashboard, policy rule CRUD, Stripe billing, GitHub release published. Phase 3 (Month 2): Show HN launch, 20 paid teams, Slack violation alerts shipped.

How do you build it?

Tech Stack

MCP SDK (Python), Claude API, presidio for PII detection, truffleHog patterns for secret scanning, SQLite for local audit log, FastAPI for dashboard, Next.js for policy config UI — build with Cursor for MCP server logic, v0 for dashboard

Suggested Frameworks

MCP SDK, Microsoft Presidio, FastAPI

Time to Ship

2 weeks

Required Skills

MCP SDK server implementation, Presidio PII detection, SQLite logging, FastAPI, Claude tool-calling.

Resources

Anthropic MCP SDK docs, Microsoft Presidio docs, MCP server quickstart, Claude Desktop config guide.

MVP Scope

server/main.py (MCP server with tool hooks), lib/pii_detector.py (Presidio engine), lib/secret_scanner.py (truffleHog patterns), lib/audit_log.py (SQLite writer), lib/policy_engine.py (rule evaluator), dashboard/pages/index.tsx (audit log viewer), dashboard/pages/policies.tsx (rule config), README.md (Claude Desktop and Cursor setup guide).

Core User Journey

Install MCP server -> add to Claude Desktop config -> set first policy rule -> receive first audit log entry -> see PII or secret flagged -> upgrade to team plan.

Architecture Pattern

Claude Desktop or Cursor sends prompt to MCP server tool hook -> Presidio PII scan runs locally -> secret scanner checks regex patterns -> policy engine evaluates against team rules in SQLite -> if violation: block or rewrite prompt and log decision -> if clean: pass prompt through to Claude API -> result returned to client -> dashboard reads SQLite audit log.

Data Model

Team has many PolicyRules. PolicyRule has type, pattern, and action fields. AuditEntry has prompt_hash, timestamp, policy_verdicts array, and user_id. PolicyViolation belongs to one AuditEntry and one PolicyRule.

Integration Points

MCP SDK for Claude Desktop and Cursor integration, Microsoft Presidio for PII detection, truffleHog regex patterns for secret scanning, SQLite for local audit log, Stripe for billing, Resend for weekly digest emails, FastAPI for dashboard API.

V1 Scope Boundaries

V1 excludes: cloud-hosted policy sync, SIEM export, SSO, mobile audit app, real-time team alert push, custom ML policy model.

Success Definition

An engineering lead at a company the founder has never contacted installs PromptAudit from GitHub, connects it to their team's Claude Desktop, discovers a real PII leak in audit logs, and upgrades to the paid team plan the same week.

Challenges

MCP adoption is still early — many teams are not yet running MCP servers in production, so distribution requires educating buyers on the MCP mental model before selling the product. Target security-forward teams who already follow the MCP ecosystem on Hacker News and Anthropic's Discord.

Avoid These Pitfalls

Do not send prompt content to a cloud backend for analysis — the entire value proposition is local processing, and violating this destroys trust instantly. Do not try to build a custom LLM for policy evaluation in V1 — regex plus Presidio is faster, cheaper, and more auditable. Distribution via MCP ecosystem requires GitHub presence first — publish to the official MCP server registry before any paid marketing.

Security Requirements

Raw prompt content never sent to any external server. SQLite audit log stores only prompt hash and entity types by default. Team plan adds encrypted local storage of sanitized prompt summaries. Dashboard auth via Supabase Auth with Google OAuth. Rate limit: 500 prompt intercepts per minute per server instance.

Infrastructure Plan

MCP server runs as local Python process on user machine. Next.js dashboard on Vercel. SQLite lives in user home directory. FastAPI dashboard API runs as local sidecar process. Sentry for crash reporting on MCP server. GitHub Actions CI for release packaging.

Performance Targets

Prompt interception and policy check under 150ms total latency. Presidio PII scan under 80ms per prompt. SQLite write under 5ms. Dashboard audit log table loads 1000 entries under 1s.

Go-Live Checklist

  • MCP server tested with Claude Desktop and Cursor on Mac and Windows
  • Stripe payment tested end-to-end
  • Sentry crash reporting live
  • GitHub release with install script published
  • Privacy policy stating local-only processing published
  • 5 beta engineering leads signed off on prompt interception accuracy
  • Rollback: revert to prior GitHub release tag
  • Show HN and Anthropic Discord launch posts drafted.

How to build it, step by step

1. Install MCP SDK via pip install mcp and scaffold server/main.py with a tool hook that intercepts prompt strings. 2. Install presidio-analyzer and presidio-anonymizer and build lib/pii_detector.py that returns flagged entities per prompt. 3. Build lib/secret_scanner.py using truffleHog compiled regex patterns for AWS, GitHub, Slack, and Stripe key formats. 4. Build lib/policy_engine.py that evaluates PII and secret scanner results against SQLite-stored team rules and returns block or warn verdict. 5. Build lib/audit_log.py that writes prompt hash, timestamp, verdict, and entity types to local SQLite without storing raw prompt content by default. 6. Write README with step-by-step Claude Desktop config snippet to point MCP client at the local server. 7. Scaffold Next.js dashboard with v0 for audit log table view and policy rule creation form. 8. Build FastAPI endpoint that serves audit log data from SQLite to the Next.js dashboard. 9. Add Stripe Checkout for team plan upgrade with seat count selection. 10. Publish to GitHub with one-command install script and submit to Anthropic MCP server registry.

Generated

April 5, 2026

Model

claude-sonnet-4-6

← Back to All Ideas