Model-aware prompt generation
Select the target model first. The parameter set adjusts to what actually matters for that model. Midjourney handles style references differently than Flux.1 or Sora. The tool knows that and generates accordingly.
ToolGenerative AILocal-First
PromptForge
A prompt engineering workbench for serious generative AI practitioners. Local-first, no account required, no data leaves your device, and detailed enough to handle the gap between a basic prompt and one that actually does what you intended.
Built by Laura Florey
Stack: Vanilla JS, Bootstrap 5, localStorage
Type: Static web app, runs offline
Context
Built from practice, not theory.
I do exhibition-level generative AI art: Midjourney, juried shows, work that lives somewhere beyond "I typed a description and hit enter." That practice involves a lot of prompt engineering: style references, camera framing, lighting decisions, composition choices, weight adjustments. The difference between a prompt that produces something interesting and one that produces something worth showing is usually in the details that most tools treat as optional.
Most prompt helper tools are built for beginners. They take a simple description and dress it up with adjectives. PromptForge is built for the practitioner who already knows what they want and needs help constructing it precisely, saving what works, and building a library they can actually use across projects.
The other starting point: I wasn't willing to send my working prompts and style references to a server to get help building them. Everything stays local.
Functionality
What it does.
Model coverage
| Category | Models |
|---|---|
| Image generation | Midjourney, DALL-E 3, Stable Diffusion, Flux.1, Ideogram 2.0, Leonardo AI, Adobe Firefly, Google Imagen 3, Nano Banana |
| Video generation | OpenAI Sora, Google Veo 2, Runway ML, Pika Labs, Luma Dream Machine, Kling AI, Hailuo (MiniMax), Haiper |
| Text and multimodal | GPT-4, Claude, Google Gemini, Meta Llama |
| Custom | Any model not listed. Fields adapt to generic prompt structure. |
Style Reference (sref) system
Save image URLs with descriptions, mood notes, and weight values. For Midjourney, the tool outputs proper --sref and --sw flags. For other models, sref data is preserved as structured plain-language notes rather than discarded or mis-formatted.
Prompt library
Save prompts with full metadata, search by model, type, or content, and load them with one click. Real-time search highlighting. Import/export to JSON, Markdown, CSV, or HTML so your library isn't locked to a single device.
Documentation ingestion
Upload model documentation files or fetch content directly from URLs: model release notes, prompt guides, tutorials. The app extracts enhancement keywords and technical parameters to inform generation. Supports .txt, .json, .md, .pdf, .doc, .docx.
Local LLM integration
Connect Ollama, LM Studio, LocalAI, or any OpenAI-compatible local API. When connected, the LLM can analyze uploaded documentation for deeper parameter extraction: context and meaning rather than just keyword matching. All processing stays on your machine.
Comprehensive parameter controls
Camera angles, mood/emotion with 25+ options, color schemes, lighting types, art styles, composition methods, and quality settings. Progressive disclosure via accordions keeps the interface clean without hiding capability.
Architecture
Genuinely local, not "we take privacy seriously."
PromptForge is a static HTML/JS application. There is no server. There is no account. There is no signup flow. You open the file in a browser and it runs. Everything you save: prompts, style references, uploaded documents, LLM settings, lives in your browser's localStorage. Nothing is transmitted anywhere unless you explicitly export it.
This is a deliberate architecture choice, not a resource constraint. For a prompt engineering tool, the data being managed is often either proprietary, like a working creative process, or sensitive, like internal documentation uploaded as a context source. A tool that does not have a server cannot leak that data, cannot be breached, cannot change its privacy policy, and does not require trusting a vendor security posture. It also works offline after initial load. On a plane, in a studio, anywhere: if the browser is open, the tool works.
The stack is sized to the problem
Vanilla JavaScript, Bootstrap 5, and browser APIs. No framework, no build pipeline required to run it, no dependency tree to maintain. This is not a failure to use modern tooling. It is a recognition that a static tool with no server-side requirements does not need a framework. The right amount of complexity for the problem. The local LLM integration connects to localhost when configured: Ollama, LM Studio, or any OpenAI-compatible endpoint. Even that optional AI layer runs on your machine.
HTML5Vanilla JavaScriptBootstrap 5localStorage APIFetch APIDOMParser APIOllamaLM StudioLocalAI
Security
Security hardening, even for a file you open in a browser.
"It is just a static file" is not a reason to skip security. PromptForge went through a deliberate XSS audit and hardening pass, and the results were worth the effort.
The payload testing was practical: <script>alert('XSS')</script> as a prompt name, <img src=x onerror="alert('XSS')"> as an sref URL, script tags in search queries. All blocked after hardening: escaped to visible text rather than executed.
XSS vulnerabilities found and fixed
The initial build used innerHTML to render user-controlled data in several places: prompt names, URLs, descriptions in the library display and search results. That is a stored XSS vector. Every instance was replaced with DOM node creation and textContent, which treats user input as text rather than markup. Search result highlighting was also vulnerable. Search queries were being interpolated into HTML without escaping. Fixed with a dedicated escapeHtml() helper. External HTML content from fetched URLs was parsed via innerHTML, which executes embedded scripts. Replaced with the DOMParser API, which parses the structure without executing anything.
Deployment hardening
For web deployment, an .htaccess configuration provides production-ready security headers: Content Security Policy restricting resource loading, X-Frame-Options preventing clickjacking, X-Content-Type-Options preventing MIME sniffing, and Referrer-Policy controlling referrer leakage. HTTPS enforcement is in the config, commented and ready to activate when SSL is in place.
UX Design
Capable without being overwhelming.
A prompt generation tool with 25+ mood options, multiple lighting types, composition controls, style references, and model-specific parameter sets has a real risk of being unusable. The interface uses progressive disclosure to handle this: the primary action is prominent, and advanced parameter groups are in accordions that stay out of the way until needed.
On mobile, the Generate button is sticky so it is always reachable. The prompt library panel is a sticky dock on desktop. These are small decisions, but they come from actually using the tool rather than designing it from outside.
Dark mode is supported with automatic system preference detection, including making sure dark mode does not produce label glare or low-contrast text.
Notes
What this demonstrates.
PromptForge is a case study in practitioner-built tooling. The sref system, the model-aware parameter handling, and the documentation ingestion exist because I needed them, not because a product roadmap said they should. That practitioner perspective produces different software than outside observation does.
The local-first architecture is also a positioning statement. There is a meaningful segment of people doing serious creative or professional work with AI tools who are not comfortable routing that work through vendor servers, and who would pay for tools that respect that.
If you are in that space, creative professionals, researchers, practitioners of any kind who want AI tooling that stays on their machine, or if you need tooling built by someone who actually uses the technology at a serious level, I'd be glad to talk.
If you are building something that needs domain judgment, careful systems thinking, or practical AI support, send me a note.