concretecms-mcp-server

mcp
Guvenlik Denetimi
Basarisiz
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Basarisiz
  • network request — Outbound network request in package-lock.json
  • process.env — Environment variable access in scripts/cleanup-tokens.mjs
  • process.env — Environment variable access in scripts/verify-oauth-session.mjs
  • Hardcoded secret — Potential hardcoded credential in scripts/verify-oauth-session.mjs
  • process.env — Environment variable access in scripts/verify-security.mjs
  • fs module — File system access in scripts/verify-security.mjs
  • network request — Outbound network request in scripts/verify-security.mjs
  • Hardcoded secret — Potential hardcoded credential in scripts/verify-security.mjs
Permissions Gecti
  • Permissions — No dangerous permissions requested

Bu listing icin henuz AI raporu yok.

SUMMARY

A Model Context Protocol (MCP) server that integrates with Concrete CMS's REST API.

README.md

Concrete CMS MCP Server

A Model Context Protocol (MCP) server for Concrete CMS built with TypeScript.

Installation

git clone https://github.com/MacareuxDigital/concretecms-mcp-server.git
cd concretecms-mcp-server
npm ci && npm run build

Usage

Enable API in Concrete CMS

Since the MCP server uses the Concrete CMS API, you need to enable it in your Concrete CMS installation first.
Please refer to the Concrete CMS documentation for more information.

Connect your LLM to the local Concrete CMS MCP Server

Here's an example configuration for Claude Desktop:

{
  "mcpServers": {
    "concretecms": {
      "command": "node",
      "args": [
        "/path/to/concretecms-mcp-server/dist/index.js"
      ],
      "env": {
        "CONCRETE_CANONICAL_URL": "https://your-concrete.example",
        "CONCRETE_API_CLIENT_ID": "YOUR_API_CLIENT_ID",
        "CONCRETE_API_CLIENT_SECRET": "YOUR_API_CLIENT_SECRET",
        "CONCRETE_API_SCOPE": "account:read system:info:read"
      }
    }
  }
}
  • Set CONCRETE_CANONICAL_URL to the URL of your Concrete CMS installation.
  • Set CONCRETE_API_CLIENT_ID and CONCRETE_API_CLIENT_SECRET to the credentials of a registered API integration.
  • Set CONCRETE_API_SCOPE to the scopes you want to request. You can find a list of available scopes from https://your-concrete.example/index.php/dashboard/system/api/scopes.

After you've configured the MCP server, please restart Claude Desktop. On the first tool call, it will open an authorization window — sign in and authorize the requested scopes.
Now you should be able to get information about your Concrete CMS in a chat. A refresh token will be saved under ~/.concretecms-mcp/tokens/<site>/local.tokens.json (one directory per CONCRETE_CANONICAL_URL), so you don't need to sign in again.

Use separate MCP server entries in Claude Desktop for each Concrete CMS site — each site's tokens are stored independently.

Optionally set TOKEN_ENCRYPTION_KEY in the env block to encrypt tokens at rest. See the Security Guide for details.

Screenshot of a chat with Claude Desktop and a Concrete CMS MCP Server

For more information about local MCP servers, please refer to the Claude Desktop documentation.

Security

OAuth refresh tokens are stored on disk under ~/.concretecms-mcp/tokens/<site>/ by default (namespaced per CONCRETE_CANONICAL_URL). See the Security Guide for the threat model, chmod 600 behavior, encryption, cleanup commands, and remote deployment guidance.

Run as a remote MCP server

To host the MCP server on a remote Linux server, see the Remote MCP Server Guide.

It covers systemd deployment, reverse proxy setup, OAuth configuration, and Docker as an alternative.

For developers: build an MCP client or AI agent

If you are building a programmatic MCP client or AI agent (backend service, web app with chat UI, or Concrete CMS package) that connects to a remote MCP server over HTTP, see the MCP Client Developer Guide.

It covers the HTTP API, per-user OAuth, agent loops, and implementation patterns. It does not cover Claude Desktop or Cursor configuration — use the local stdio section above for that.

Use your own OpenAPI specification

The MCP server is loading openapi.yml to know which endpoints are available in the Concrete CMS API.
The bundled openapi.yml file is generated from the Concrete CMS default installation, but you can also use your own OpenAPI specification.
If you added some Express Objects to your Concrete CMS installation and want to use them in your chat, you can generate a new OpenAPI specification from your installation and use it instead.

  1. Check "Include this entity in REST API integrations." in the Express Object settings.
  2. Open https://your-concrete.example/index.php/ccm/system/api/openapi.json in your browser, and copy the JSON output.
  3. Replace the openapi.yml file in the concretecms-mcp-server directory with your own OpenAPI specification.

Features

This MCP server is depended on the Concrete CMS API, so it supports all features that are available through the API.
For example:

  • Get information about your Concrete CMS installation.
  • Get content from your Concrete CMS installation.
  • Update content in your Concrete CMS installation.
  • Upload files to your Concrete CMS installation.
  • Get a list of users in your Concrete CMS installation.
  • And more!

You can find a list of all available endpoints in Concrete CMS REST API - Endpoints

High-level page tools

In addition to OpenAPI-generated tools, the server exposes helpers for common page workflows:

  • get_page_content — read a page as a document (html, html_raw, and plain text) via includes=content
  • update_page_content — create an editable page version, remap block IDs, then update specific blocks (PUT page + PUT area)

Prefer these when reviewing or editing page copy. Use the raw OpenAPI tools (getPageById, updateBlockInPageArea, etc.) for lower-level control.

Required OAuth scopes for the update helper: pages:read, pages:update, pages:areas:update_blocks.

ToDos

  • Test with other MCP clients.
  • Add useful prompts.
  • Support another authentication method than OAuth2.

License

MIT

Yorumlar (0)

Sonuc bulunamadi