MCP Tools for Drupal: AI-Powered Site Building with Claude Code and OpenAI Codex
Drupal is a powerful CMS. It’s also a wall of admin forms. Creating a content type with five fields, three taxonomy vocabularies, an editor role, and the right permissions takes 30+ clicks across a dozen screens. Add views, layout builder, and contrib modules like Paragraphs or Webform, and you’re spending hours on configuration that has nothing to do with solving your actual problem.
We built MCP Tools to fix that. It exposes 222 tools across 34 optional submodules that let AI assistants — Claude Code, OpenAI Codex — interact with Drupal through the Model Context Protocol. Describe what you want in plain English. The AI handles the Drupal work.
"Create a blog with articles, categories, tags, and an editor role
that can create and edit articles but not publish them."
The AI creates the content type, adds fields, builds taxonomy vocabularies, creates the role, and assigns granular permissions. What used to take 45 minutes takes seconds.
This post covers why we built it, how it works under the hood, the security model, and when you should (and shouldn’t) use it.
FAQ: MCP Tools for Drupal
What is MCP Tools? A Drupal module that exposes your site’s admin capabilities as MCP tools. AI assistants discover these tools via the Model Context Protocol and use them to build content types, manage content, configure views, administer users, and more — all from natural language instructions.
What AI assistants does it work with? Any MCP-compatible client: Claude Code, OpenAI Codex, Cursor, Cline, and any custom MCP client. If it speaks MCP, it works.
Is it safe for production? MCP Tools ships with three security presets (Development, Staging, Production) and scoped access control. Production mode is read-only with strict rate limits and full audit logging. That said, the module is not yet covered by Drupal’s security advisory policy — evaluate it carefully and use the security presets appropriate for your environment.
How is this different from the mcp_server or mcp modules?
Those modules provide the MCP transport layer — they make Drupal speak the protocol. MCP Tools provides the 222 actual tools that do things: create content types, manage fields, build views, configure Layout Builder, run security audits. The transport is just a pipe; the tools are where the value lives.
Who built it? CodeWheel. We build AI platforms, MCP servers, and agent orchestration systems. MCP Tools is a direct output of that work — we needed it for client engagements and open-sourced it.
Why we built MCP Tools
Three problems kept showing up in our Drupal engagements:
1. Configuration velocity. Drupal’s admin UI is comprehensive but slow. A site builder spends most of their time navigating forms, not thinking about architecture. AI assistants are fast at structured operations — but they had no way to talk to Drupal.
2. Inconsistent automation. Teams scripted Drupal config with Drush commands, custom install profiles, or config YAML exports. These work, but they’re brittle, hard to compose, and require Drupal-specific expertise. We wanted something where you describe the outcome and the system figures out the implementation.
3. MCP adoption in the CMS space. The Model Context Protocol is becoming the standard for AI-to-tool communication. WordPress has an MCP adapter. CrafterCMS has native MCP support. Drupal needed a first-class implementation — not just a transport layer, but a complete tool library that covers real site-building workflows.
MCP Tools is our answer to all three. It’s the same tooling we use internally when building Drupal-backed platforms for clients, extracted into a module anyone can install.
What’s inside: 222 tools across 34 submodules
MCP Tools is modular by design. Enable only what you need.
Core categories
| Category | What it covers | Example tools |
|---|---|---|
| Site Building | Content types, fields, taxonomies, roles, permissions, menus | Create content type, add field, create vocabulary, assign permissions |
| Content Management | Node CRUD, media, bulk operations, revisions | Create node, upload media, bulk publish, revert revision |
| Views & Display | Views, blocks, Layout Builder, image styles | Create view, add exposed filter, configure layout section |
| Administration | Cache, cron, config management, security audits | Clear cache, run cron, export config, audit permissions |
| Contrib Modules | Paragraphs, Webform, Scheduler, Search API, Redirect, Pathauto | Add paragraph type, create webform, configure search index |
Architecture decisions
Optional submodules, not a monolith. Each tool category is a separate submodule. If you only need content management tools, enable mcp_tools_content. If you need views, add mcp_tools_views. This keeps the tool manifest lean — AI assistants work better when they aren’t overwhelmed with 222 tools they don’t need for the current task.
Tool API foundation. MCP Tools is built on the Tool API module, which provides the schema validation, input sanitization, and execution framework. Each tool declares its parameters as a typed schema — the AI can’t send malformed input because the schema rejects it before execution.
Structured responses. Every tool returns structured JSON, not rendered HTML or status messages. This means AI assistants can chain tools together: create a content type, then add fields to it, then create a view that displays it — all in one conversation.
Setup: two transport options
Option A: STDIO (local development)
Best for local development with Claude Code or OpenAI Codex. The AI assistant spawns a Drush process and communicates over standard I/O.
composer require drupal/mcp_tools
drush en mcp_tools mcp_tools_stdio -y
Add to your project’s .mcp.json:
{
"mcpServers": {
"drupal": {
"command": "drush",
"args": ["mcp-tools:stdio", "--uri=https://your-site.ddev.site"]
}
}
}
Open Claude Code or Codex. The AI assistant discovers the tools automatically via the MCP manifest and can start building.
Option B: HTTP (remote / Docker / production read-only)
For remote access, Docker environments, or read-only production monitoring.
drush en mcp_tools mcp_tools_remote -y
Generate a scoped API key:
drush mcp-tools:remote-key-create --label="Claude" --scopes=read,write
Configure your MCP client:
{
"mcpServers": {
"drupal": {
"type": "http",
"url": "http://localhost:8080/_mcp_tools",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}
HTTP transport supports scoped API keys with read/write/admin permissions per connection. You can create multiple keys with different scopes for different team members or environments.
Security model: three presets
This is where MCP Tools differs from most AI integrations. We built the security model first, not as an afterthought.
Development mode
Full access, no rate limiting. Use this on local DDEV/Lando environments where you want maximum velocity.
- All tools enabled
- No rate limits
- No audit logging
- Never use this on a shared or production environment
Staging mode
Config-only operations, rate limited, with audit logging. Good for shared staging environments where the AI can build site structure but shouldn’t touch content.
- Configuration tools only (content types, fields, views, roles)
- Content creation/editing disabled
- Rate limited (configurable per tool category)
- Full audit logging
Production mode
Read-only with strict limits and complete audit trail. Use this for monitoring, reporting, and read-only queries against production.
- Read-only tools only
- Strict rate limits
- Full audit trail
- No write operations of any kind
Scoped access control
Beyond presets, every API key (HTTP transport) gets explicit scopes:
- read — Query content, list entities, inspect configuration
- write — Create/update content, modify configuration
- admin — User management, permission changes, module operations
You can create a key with read scope for a monitoring dashboard, a read,write key for a site builder, and reserve admin for infrastructure automation. The scope is enforced at the tool level — even if an AI assistant tries to call an admin tool with a read-only key, the request is rejected before execution.
Practical walkthrough
Here’s what a real conversation looks like when using MCP Tools with Claude Code or Codex.
Example: Build an event management system
You say:
“Create an event content type with fields for date, location, description, and a reference to a speaker content type. The speaker type needs name, bio, and photo fields. Create a view that lists upcoming events sorted by date.”
What MCP Tools does (in sequence):
- Creates
speakercontent type - Adds
name(text),bio(text_long), andphoto(image) fields to speaker - Creates
eventcontent type - Adds
date(datetime),location(text),description(text_long), andspeaker(entity_reference → speaker) fields to event - Creates a view
upcoming_eventswith a date filter for future dates, sorted ascending - Returns structured confirmation with entity IDs and configuration details
Each step is a discrete tool call with validated inputs. If step 4 fails (say, the speaker content type doesn’t exist yet), the error is returned to the AI assistant, which can diagnose and retry.
Example: Security audit
“Audit the permissions on this site. Show me any roles that have admin-level permissions that shouldn’t.”
MCP Tools returns a structured report of all roles, their permissions, and flags any non-admin roles with elevated access (like administer nodes or bypass node access). This is the same audit we run manually on security engagements — automated and repeatable.
How MCP Tools compares to other approaches
| Approach | Strengths | Weaknesses |
|---|---|---|
| MCP Tools | 222 purpose-built tools, scoped security, structured I/O, works with any MCP client | Beta, not yet covered by Drupal security advisory |
| Drupal MCP Server module | Transport-layer implementation, lighter weight | Fewer tools, less coverage of admin operations |
| Drush scripts | Battle-tested, wide ecosystem | Not AI-accessible, requires Drupal expertise to write |
| Config YAML exports | Deterministic, version-controllable | Manual, no AI integration, brittle across environments |
| Custom REST/JSON:API | Standard web protocols | Requires custom code per operation, no tool discovery |
MCP Tools is the only option that gives AI assistants a complete, discoverable, permission-aware interface to Drupal’s admin capabilities.
When to use MCP Tools (and when not to)
Use it when
- You’re building Drupal sites and want AI-accelerated development. Content types, fields, views, and permissions in seconds instead of minutes.
- You need repeatable site scaffolding. Describe the architecture once, let the AI build it across environments.
- You’re running security audits. Permission analysis, configuration review, and compliance checks automated through natural language.
- You’re integrating Drupal into an AI workflow. MCP Tools makes Drupal a first-class citizen in agent orchestration pipelines — the same way MCP servers expose databases, APIs, or SaaS tools.
Don’t use it when
- You need formal Drupal security advisory coverage. MCP Tools is beta and not yet covered. For production sites with strict compliance requirements, evaluate the risk.
- Your site doesn’t need AI integration. If your team is comfortable with the admin UI and doesn’t need AI-accelerated workflows, the module adds complexity you don’t need.
- You only need content authoring. If the use case is “write blog posts with AI,” you don’t need 222 admin tools. A simpler integration (or just copying from Claude into the editor) is fine.
What’s next for MCP Tools
MCP Tools is at 1.0.0-beta2 as of February 2026, with 18 sites reporting usage. The roadmap includes:
- Expanded contrib coverage. More submodules for popular contrib modules (Commerce, Group, ECA).
- Workflow recipes. Pre-built tool chains for common patterns: “build a blog,” “build an intranet,” “build a product catalog.”
- Improved audit tooling. Deeper security analysis, configuration drift detection, and compliance reporting.
- Streamable HTTP transport. As the MCP spec evolves, we’ll support streaming responses for long-running operations.
Contributions are welcome on Drupal.org.
Why we open-sourced it
We could have kept MCP Tools proprietary. We use it on every Drupal engagement and it saves us significant time. But open-sourcing it does three things:
- It makes Drupal better. The CMS ecosystem benefits when AI integration is a first-class capability, not a proprietary add-on.
- It proves expertise. Anyone can claim they build MCP tooling. We shipped 222 tools with a security model, two transport options, and three environment presets. The code is public.
- It attracts the right clients. Teams that find MCP Tools useful are exactly the teams that need AI agent development, fractional AI architecture, or platform security testing.
Build AI tooling with CodeWheel
MCP Tools is one example of the orchestration and AI tooling we build. If you need:
- Custom MCP servers for your SaaS platform, internal tools, or CMS
- Agent orchestration with RBAC, audit logging, and tool gating
- AI platform architecture from design through production hardening
We build it. Read the AI Agent Architecture guide for the patterns behind MCP Tools, or schedule a consultation to discuss your use case.
Related resources:
- AI Agent Orchestration in 2026: OpenClaw, MCP, and Security — the orchestration landscape and production security lessons
- AI Agent Architecture: Security, Orchestration, and Tool Use Patterns — the orchestration patterns behind MCP Tools
- Penetration Testing AI Platforms — how we test AI integrations
- AI Platform Security Guide — system-wide security architecture
External links:
- MCP Tools on Drupal.org — install, issues, and documentation
- Model Context Protocol specification — the protocol standard
- Tool API module — the foundation MCP Tools is built on
