An open-source toolkit for creating presentations using a spec-driven approach. Design "what to communicate" first, then let AI build "how to present it."
Traditional slide creation follows a "open a blank slide and figure it out as you go" approach. Without a clear structure, time is spent tweaking visuals while the core message gets diluted.
Spec-driven presentation applies the concept of Spec-Driven Development from software engineering to presentation creation.
| Traditional | Spec-Driven | |
|---|---|---|
| Starting point | Blank slide | Source materials and requirements |
| Design | Think while building | Define logical structure as a spec first |
| Build | Manual layout | AI builds automatically following the template |
| Quality | Ad hoc | Reviewable process based on the spec |
Choose your environment and follow the setup guide:
| Environment | Setup |
|---|---|
| Agent skill (Claude Code, Codex CLI, Cursor, Kiro, Copilot) | Getting Started — Layer 1 |
| Local MCP client (Claude Desktop, Claude Cowork) | Getting Started — Layer 2 |
| Remote MCP / Web UI (AWS deployment) | Recommended Deploy Guide |
AWS deployment runs from CloudShell or any local shell — no CDK/Docker install required.
Built on a 4-layer architecture. Each layer is a thin wrapper around the previous one. Use only the layers you need.
| Use Case | Layer | AWS |
|---|---|---|
| Personal use with Kiro CLI | Layer 1: skill/ |
Not required |
| Local MCP (Claude Desktop, VS Code, Kiro) | Layer 2: skill/ + mcp-local/ |
Not required |
| Team deployment | Layer 3: + mcp-server/ + infra/ |
Required |
| Full stack | Layer 4: + agent/ + api/ + web-ui/ |
Required |
See Architecture for details.
| Document | Description |
|---|---|
| Architecture | 4-layer design, data flow, auth model, MCP tool reference |
| Getting Started | Setup and deployment for Layer 1–4 |
| Recommended Deploy | Recommended path for AWS deployments (CloudShell or any local Linux/macOS/WSL, no CDK/Docker required) |
| Connecting Agents | MCP client connection guide |
| Teams & Slack Integration | Chat platform integration |
| Custom Templates & Assets | Adding custom templates and icons |
| Cost Estimates | Monthly cost breakdown and optimisation tips |
| Uninstall | Clean up deployed AWS resources |
| Web UI (Local Mode — experimental) | Run the Web UI locally against a Kiro CLI ACP backend (no AWS) |
spec-driven-presentation-maker/
├── skill/ Layer 1 — Engine, references, templates
├── mcp-local/ Layer 2 — Local stdio MCP server
├── mcp-server/ Layer 3 — Streamable HTTP MCP server (LibreOffice built-in)
├── infra/ Layer 3-4 — CDK stacks
├── agent/ Layer 4 — Strands Agent
├── api/ Layer 4 — Unified REST API Lambda
├── web-ui/ Layer 4 — React Web UI
├── shared/ Shared modules (authorization, schema)
├── scripts/ Deployment and operations helpers
├── tests/ Unit tests
└── docs/ Documentation
make all # Lint + unit tests
make test # Unit tests only
make lint # ruff lint onlyContributions are welcome.
See CONTRIBUTING.md for details.
This project has adopted the Amazon Open Source Code of Conduct.
This is sample code for demonstration and educational purposes only, not for production use. You should work with your security and legal teams to meet your organizational security, regulatory and compliance requirements before deployment.
- S3 Buckets: Public access blocked, server-side encryption (SSE-S3), versioning enabled
- DynamoDB: Encryption at rest enabled, point-in-time recovery enabled
- Data in transit: All traffic encrypted via TLS
- IAM: Least-privilege roles scoped per service; no wildcard resource permissions
- API Gateway: Cognito JWT authorizer on all endpoints
- CloudFront: Origin Access Identity (OAI), HTTPS-only, security headers
- Secrets: No hardcoded credentials; all secrets via environment variables or IAM roles
- AI/GenAI: Model outputs labeled as AI-generated; dataset compliance documented
- Logging: CloudWatch Logs with configurable retention; Bedrock invocation logging optional
The following controls depend on your organization's environment, network topology, or security policy — they cannot be safely defaulted in a sample stack. Evaluate each before production use.
- AWS CloudTrail — account-level setting; enable separately to avoid disrupting existing CloudTrail configurations
- VPC endpoints for S3 and DynamoDB — only relevant if you deploy inside a VPC (this stack does not)
- AWS WAF IP restrictions — built-in support, but IP ranges are environment-specific: set
waf.allowedIpV4AddressRanges/waf.allowedIpV6AddressRangesinconfig.yaml, or pass--waf-ipv4/--waf-ipv6todeploy.sh - CORS tightening — depends on your domain
- S3 access logging — log destination bucket and retention are your choice
- Cognito advanced security (MFA, compromised-credentials detection) — omitted by default to keep the demo frictionless
- Bedrock model / region selection — avoid cross-region inference profiles if data sovereignty is a concern
Found a potential vulnerability? Please do not file a public GitHub issue — follow the process in CONTRIBUTING.md.
This project is licensed under the MIT-0 License.