Graft

Name: Graft
Author: schrepa

schrepa/graft

Scaffold and refine Graft apps—MCP tools, HTTP routes, webhooks, and auth—with createApp and defineTool patterns.

Overview

Graft is an agent skill for the Build phase that helps you plan, build, and document Graft apps and proxy surfaces with createApp, tools, routes, and dual MCP/HTTP exposure.

Install

npx skills add https://github.com/schrepa/graft --skill graft

What is this skill?

Starts apps with createApp({ name, version, description, ... }) and modular defineTool registration
Documents tool naming, descriptions, input schemas, sideEffects, and expose: both | mcp | http
Covers app.route for HTTP-only paths and app.webhook for HTTP routes through the tool pipeline
Shows equivalent MCP tools/call and HTTP request examples for each tool
Uses current auth shapes: true, role arrays like ['admin'], and intentional exposure flags

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 924 installs on skills.sh; 5 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You want one app that serves both MCP clients and HTTP callers but struggle to structure tools, auth, and routes consistently.

Who is it for?

Indie builders creating MCP-plus-HTTP backends on Graft who need opinionated tool design and registration patterns in the agent session.

Skip if: Teams not using Graft, or projects that need only static docs with no app authoring.

When should I use this skill?

Use $graft to plan, build, or document a Graft app or proxy surface.

What do I get? / Deliverables

You ship a Graft app with registered tools, optional webhooks and routes, and documented MCP and HTTP invocation examples aligned with Graft conventions.

Graft app module with registered tools/resources
MCP and HTTP example invocations per tool
Documented routes or webhooks where applicable

Recommended Skills

Microsoft Foundrymicrosoft/azure-skills

Microsoft Foundry skill guides agents through the full Azure AI Foundry lifecycle—containerizing agents, pushing to ACR,…377k installs·1.2k stars

Azure Aimicrosoft/azure-skills

azure-ai is a Prism-oriented quick reference for Microsoft Azure AI work, with the published body centered on the Azure …375k installs·1.2k stars

Azure Hosted Copilot Sdkmicrosoft/azure-skills

Azure Hosted Copilot SDK is Microsoft's entry skill for repos using @github/copilot-sdk—it detects CopilotClient usage, …346k installs·1.2k stars

Lark Eventlarksuite/cli

Lark real-time subscription skill via lark-cli event consume for building bots and streaming webhook-style agent workers…208k installs·13.7k stars

Running Claude Code Via Litellm Copilotxixu-me/skills

Running Claude Code via LiteLLM Copilot walks through pointing Claude Code at a local LiteLLM proxy that forwards Anthro…200k installs·61 stars

Setup Matt Pocock Skillsmattpocock/skills

One-time per-repo setup so Matt Pocock engineering skills share correct issue tracker, triage strings, and domain docume…180k installs·121k stars

Journey fit

Primary fit

BuildIntegrations & version control

Building integration surfaces for agents and HTTP clients is squarely in the build phase when you wire product backends to MCP hosts. Graft explicitly covers dual MCP and HTTP exposure, tool registration, and proxy-style routes—integration work, not generic frontend or copy.

How it compares

Graft authoring guidance for a specific framework—not a generic REST OpenAPI generator or a third-party MCP catalog browser.

Common Questions / FAQ

Who is graft for?

Solo developers building Graft-based MCP apps, internal proxies, or dual-protocol integrations who want the agent to follow current createApp and defineTool conventions.

When should I use graft?

Use it during Build integrations when planning a new Graft app, refactoring tool modules, documenting MCP and HTTP surfaces, or adding webhooks and auth to an existing proxy.

Is graft safe to install?

The skill describes app patterns that may lead to generated code with network and filesystem effects; review the Security Audits panel on this Prism page and audit any scaffolded app before production deploy.

SKILL.md

READMESKILL.md - Graft

interface:
  display_name: "Graft"
  short_description: "Build and refine Graft apps and proxies"
  default_prompt: "Use $graft to plan, build, or document a Graft app or proxy surface."


# App Authoring

Use this reference when the user is working on a source-based Graft app built with `createApp(...)`.

## Current patterns

- Start with `createApp({ name, version, description, ... })`.
- For small examples and README snippets, register tools inline with `app.tool('name', config)`.
- For modular apps and scaffolded projects, define tools in separate modules with `defineTool('name', config)` and register them with `app.tool(definedTool)`.
- Resources and prompts are still registered with object configs through `app.resource(...)`, `app.resourceTemplate(...)`, and `app.prompt(...)`.
- Use `app.route(...)` for plain HTTP-only routes and `app.webhook(...)` for HTTP-only routes that should still go through the tool pipeline.
- When demonstrating a tool, show both surfaces: the MCP `tools/call` invocation and the equivalent HTTP request.

## Tool design defaults

- Use stable, explicit names such as `orders_create` or `inventory_get_stock`.
- Write descriptions that say what the tool does, when to use it, and what it returns or changes.
- Keep input schemas simple and explicit; include examples for non-trivial tools.
- Mark mutations with `sideEffects: true`.
- Use `expose: 'both'`, `'mcp'`, or `'http'` intentionally.
- Use current auth shapes only:
  - `true`
  - `['admin']`
  - `{ roles: ['admin'] }`

## Demonstrating the dual surface

When writing docs, examples, or explaining Graft to users:

- Show the same tool accessed via MCP and HTTP side-by-side. For example:
  - MCP: `POST /mcp` with `{ "method": "tools/call", "params": { "name": "list_items", "arguments": { "q": "hello" } } }`
  - HTTP: `GET /list-items?q=hello`
- Highlight that both go through the same pipeline: authenticate → check roles → validate params → middleware → handler.
- For mutations (`sideEffects: true`), note that the HTTP method changes from GET to POST.
- For `expose: 'mcp'` or `expose: 'http'` tools, explain what is visible on each surface.
- Mention that the server auto-serves discovery and docs endpoints (`agent.json`, `mcp.json`, `openapi.json`, `/docs`, `llms.txt`, `llms-full.txt`, `/health`) when relevant to the user's task.

## Runtime and delivery surfaces

- `app.build()` returns `{ mcp, fetch }`.
- `app.toFetch()` is the cleanest integration for Bun, Deno, and worker-style runtimes.
- `app.toNodeHandler()`, `app.node()`, and `app.serve()` cover Node integration and standalone serving.
- When writing docs for end users, prefer the simplest surface that matches the target runtime.

## Documentation defaults

- Prefer one inline example plus one modular example instead of listing every registration overload.
- If the repo ships scaffolds, align docs with the scaffolded structure unless there is a strong reason not to.
- Keep MCP examples in actual JSON-RPC shape when showing request payloads.
- Always mention auto-served discovery and docs endpoints when documenting deployment or server startup.
- Reference the complete CLI command set: `serve`, `dev`, `check`, `test`, `studio`, `install`, `add-tool`.
- When documenting testing, show the `examples` property on tools and `graft test -e src/app.ts` as the smoke-test workflow.


# Proxy and OpenAPI

Use this reference when the user wants to expose an existing HTTP API through Graft without writing a source-based app first.

Even in proxy mode, the generated Graft server exposes both MCP and HTTP surfaces from a single server, with auto-served discovery and docs endpoints — the same thesis as source-based apps.

## Entry paths

- OpenAPI mode: `graft serve --openapi ./openapi.yaml --target <base-url>`
- Config mode: `graft serve --config ./graft.proxy.yaml`
- Check mode uses the same source inputs through `graft check --openapi ...` or `graft check --config ...`

## Curation guidance

- Do not expos

What is this skill?

Starts apps with createApp({ name, version, description, ... }) and modular defineTool registration

Documents tool naming, descriptions, input schemas, sideEffects, and expose: both | mcp | http

Covers app.route for HTTP-only paths and app.webhook for HTTP routes through the tool pipeline

Shows equivalent MCP tools/call and HTTP request examples for each tool

Uses current auth shapes: true, role arrays like ['admin'], and intentional exposure flags

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 924 installs on skills.sh; 5 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildIntegrations & version control

SKILL.md

READMESKILL.md - Graft

interface:
  display_name: "Graft"
  short_description: "Build and refine Graft apps and proxies"
  default_prompt: "Use $graft to plan, build, or document a Graft app or proxy surface."


# App Authoring

Use this reference when the user is working on a source-based Graft app built with `createApp(...)`.

## Current patterns

- Start with `createApp({ name, version, description, ... })`.
- For small examples and README snippets, register tools inline with `app.tool('name', config)`.
- For modular apps and scaffolded projects, define tools in separate modules with `defineTool('name', config)` and register them with `app.tool(definedTool)`.
- Resources and prompts are still registered with object configs through `app.resource(...)`, `app.resourceTemplate(...)`, and `app.prompt(...)`.
- Use `app.route(...)` for plain HTTP-only routes and `app.webhook(...)` for HTTP-only routes that should still go through the tool pipeline.
- When demonstrating a tool, show both surfaces: the MCP `tools/call` invocation and the equivalent HTTP request.

## Tool design defaults

- Use stable, explicit names such as `orders_create` or `inventory_get_stock`.
- Write descriptions that say what the tool does, when to use it, and what it returns or changes.
- Keep input schemas simple and explicit; include examples for non-trivial tools.
- Mark mutations with `sideEffects: true`.
- Use `expose: 'both'`, `'mcp'`, or `'http'` intentionally.
- Use current auth shapes only:
  - `true`
  - `['admin']`
  - `{ roles: ['admin'] }`

## Demonstrating the dual surface

When writing docs, examples, or explaining Graft to users:

- Show the same tool accessed via MCP and HTTP side-by-side. For example:
  - MCP: `POST /mcp` with `{ "method": "tools/call", "params": { "name": "list_items", "arguments": { "q": "hello" } } }`
  - HTTP: `GET /list-items?q=hello`
- Highlight that both go through the same pipeline: authenticate → check roles → validate params → middleware → handler.
- For mutations (`sideEffects: true`), note that the HTTP method changes from GET to POST.
- For `expose: 'mcp'` or `expose: 'http'` tools, explain what is visible on each surface.
- Mention that the server auto-serves discovery and docs endpoints (`agent.json`, `mcp.json`, `openapi.json`, `/docs`, `llms.txt`, `llms-full.txt`, `/health`) when relevant to the user's task.

## Runtime and delivery surfaces

- `app.build()` returns `{ mcp, fetch }`.
- `app.toFetch()` is the cleanest integration for Bun, Deno, and worker-style runtimes.
- `app.toNodeHandler()`, `app.node()`, and `app.serve()` cover Node integration and standalone serving.
- When writing docs for end users, prefer the simplest surface that matches the target runtime.

## Documentation defaults

- Prefer one inline example plus one modular example instead of listing every registration overload.
- If the repo ships scaffolds, align docs with the scaffolded structure unless there is a strong reason not to.
- Keep MCP examples in actual JSON-RPC shape when showing request payloads.
- Always mention auto-served discovery and docs endpoints when documenting deployment or server startup.
- Reference the complete CLI command set: `serve`, `dev`, `check`, `test`, `studio`, `install`, `add-tool`.
- When documenting testing, show the `examples` property on tools and `graft test -e src/app.ts` as the smoke-test workflow.


# Proxy and OpenAPI

Use this reference when the user wants to expose an existing HTTP API through Graft without writing a source-based app first.

Even in proxy mode, the generated Graft server exposes both MCP and HTTP surfaces from a single server, with auto-served discovery and docs endpoints — the same thesis as source-based apps.

## Entry paths

- OpenAPI mode: `graft serve --openapi ./openapi.yaml --target <base-url>`
- Config mode: `graft serve --config ./graft.proxy.yaml`
- Check mode uses the same source inputs through `graft check --openapi ...` or `graft check --config ...`

## Curation guidance

- Do not expos

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is graft for?

When should I use graft?

Is graft safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is graft for?

When should I use graft?

Is graft safe to install?

SKILL.md