Open source
Drupal Contrib Modules
Production-grade tooling maintained as part of active client work. Built by the module author, not a downstream user.
mcp_tools
MCP (Model Context Protocol) tools that let AI assistants build and manage Drupal sites. Create content types, configure views, manage users, optimize SEO — all through natural language commands to Claude, GPT, or other AI assistants.
View on drupal.org →Content Management
- · Create, read, update, delete content
- · Manage content types and fields
- · Taxonomy and vocabulary management
- · Media and file handling
Site Building
- · Views creation and configuration
- · Block placement and visibility
- · Menu structure management
- · Layout builder operations
Configuration
- · User and role management
- · Permission configuration
- · Caching and performance
- · SEO and metatag settings
Why this exists
Drupal site building is powerful but verbose. mcp_tools exposes Drupal's capabilities to AI assistants so that repetitive configuration work — creating content types, setting up views, managing permissions — can be described in plain language and executed programmatically. This is infrastructure for AI-augmented Drupal development, not an experiment.
jsonapi_frontend
Permission-aware path resolution for decoupled Drupal. Solves the long-standing problem of safely routing requests in headless architectures without leaking entity references or bypassing access control.
View on drupal.org →Permission-aware path resolution
Resolves Drupal paths with full permission checking before returning data to the frontend.
Hybrid routing support
Works with both fully decoupled and progressively decoupled architectures.
TypeScript client included
Ships with a typed client for Next.js, Astro, and other Node-based frontends.
Safe for multi-tenant
Access control is enforced server-side, not client-side. No leaked entity references.
Why this exists
Drupal's default JSON:API behavior returns entity references without enforcing view access on the frontend. In production headless architectures — especially multi-tenant ones — this is a security gap. jsonapi_frontend enforces access control server-side before data reaches the frontend, making decoupled Drupal safe for enterprise use.
Built by the maintainer, not a downstream user
These modules are maintained as part of active production work, not one-off open-source releases. When you work with CodeWheel on Drupal projects, you're working with the author of the tools — not someone who installed them.