MCP server for Cloudcore CMS. Let AI tools manage your website — create pages, write posts, upload media, manage categories and tags.
Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.
git clone https://github.com/cloudcore-cms/cloudcore-mcp.git
cd cloudcore-mcp
npm install
npm run buildclaude mcp add cloudcore \
-e CLOUDCORE_CMS_URL=https://cloudcore-cms.you.workers.dev \
-e CLOUDCORE_API_TOKEN=your-admin-token \
-- node /path/to/cloudcore-mcp/dist/index.jsEdit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"cloudcore": {
"command": "node",
"args": ["/path/to/cloudcore-mcp/dist/index.js"],
"env": {
"CLOUDCORE_CMS_URL": "https://cloudcore-cms.you.workers.dev",
"CLOUDCORE_API_TOKEN": "your-admin-token"
}
}
}
}Once connected, just talk to Claude:
- "Create a blog post about serverless security"
- "Update the about page and rewrite the intro"
- "List all draft posts"
- "Publish the post about edge computing"
- "Add a category called Tutorials"
- "Delete the tag called test"
- "What are the current site settings?"
| Tool | Description |
|---|---|
list_content |
List pages and posts (filter by type, status) |
get_content |
Get a specific content item |
create_content |
Create a new page or post with blocks |
update_content |
Update title, slug, status, or blocks |
delete_content |
Delete content permanently |
publish_content |
Make content publicly visible |
unpublish_content |
Revert to draft |
| Tool | Description |
|---|---|
list_media |
List uploaded media files |
delete_media |
Delete a media file |
| Tool | Description |
|---|---|
list_categories |
List all categories |
create_category |
Create a category |
delete_category |
Delete a category |
list_tags |
List all tags |
create_tag |
Create a tag |
delete_tag |
Delete a tag |
| Tool | Description |
|---|---|
get_settings |
Get site settings |
- All CMS API calls use Bearer token authentication
- The MCP server never accesses the database directly — only the HTTP API
- The server has the same access level as the API token you provide
| Variable | Required | Description |
|---|---|---|
CLOUDCORE_CMS_URL |
Yes | CMS API URL |
CLOUDCORE_API_TOKEN |
Yes | Bearer token (same as CMS ADMIN_TOKEN) |
CLOUDCORE_READ_ONLY |
No | Set to true to disable all write operations |
CLOUDCORE_ALLOWED_TOOLS |
No | Comma-separated whitelist (e.g., list_content,get_content) |
CLOUDCORE_RATE_LIMIT |
No | Requests per minute (default: 60) |
CLOUDCORE_AUDIT_LOG |
No | Set to false to disable audit logging (default: on) |
CLOUDCORE_TIMEOUT |
No | API request timeout in ms (default: 30000) |
- Rate limiting — configurable per-minute limit (default: 60)
- Read-only mode — blocks all write operations
- Tool whitelist — only expose specific tools
- Audit logging — every tool invocation logged with timestamp and args
- Input validation — all parameters validated (IDs, slugs, string lengths)
- Request timeouts — prevents hanging connections
- Secret redaction — tokens never appear in logs or error messages
- No direct DB access — everything goes through the authenticated CMS API
For monitoring or content review without risk of accidental changes:
export CLOUDCORE_READ_ONLY=trueOnly allow listing and reading:
export CLOUDCORE_ALLOWED_TOOLS="list_content,get_content,list_media,list_categories,list_tags,get_settings"Manage several Cloudcore sites from the same Claude session. Register each with its own env vars:
Claude Code:
claude mcp add my-blog \
-e CLOUDCORE_CMS_URL=https://my-blog-cms.workers.dev \
-e CLOUDCORE_API_TOKEN=token-for-my-blog \
-- node /path/to/cloudcore-mcp/dist/index.js
claude mcp add client-site \
-e CLOUDCORE_CMS_URL=https://client-cms.workers.dev \
-e CLOUDCORE_API_TOKEN=token-for-client \
-e CLOUDCORE_READ_ONLY=true \
-- node /path/to/cloudcore-mcp/dist/index.js
claude mcp add local \
-e CLOUDCORE_CMS_URL=http://localhost:8787 \
-e CLOUDCORE_API_TOKEN=test-local-token \
-- node /path/to/cloudcore-mcp/dist/index.jsClaude Desktop:
{
"mcpServers": {
"my-blog": {
"command": "node",
"args": ["/path/to/cloudcore-mcp/dist/index.js"],
"env": {
"CLOUDCORE_CMS_URL": "https://my-blog-cms.workers.dev",
"CLOUDCORE_API_TOKEN": "token-for-my-blog"
}
},
"client-site": {
"command": "node",
"args": ["/path/to/cloudcore-mcp/dist/index.js"],
"env": {
"CLOUDCORE_CMS_URL": "https://client-cms.workers.dev",
"CLOUDCORE_API_TOKEN": "token-for-client",
"CLOUDCORE_READ_ONLY": "true"
}
}
}
}Then use them naturally: "using my-blog, create a post about..." or "using client-site, list all pages".
If your CMS is behind Cloudflare Access (zero trust), create a Service Token in the Cloudflare dashboard and add the credentials:
Claude Code:
claude mcp add my-site \
-e CLOUDCORE_CMS_URL=https://cms.yourdomain.com \
-e CLOUDCORE_API_TOKEN=your-admin-token \
-e CF_ACCESS_CLIENT_ID=your-service-token-id.access \
-e CF_ACCESS_CLIENT_SECRET=your-service-token-secret \
-- node /path/to/cloudcore-mcp/dist/index.jsClaude Desktop:
{
"mcpServers": {
"my-site": {
"command": "node",
"args": ["/path/to/cloudcore-mcp/dist/index.js"],
"env": {
"CLOUDCORE_CMS_URL": "https://cms.yourdomain.com",
"CLOUDCORE_API_TOKEN": "your-admin-token",
"CF_ACCESS_CLIENT_ID": "your-service-token-id.access",
"CF_ACCESS_CLIENT_SECRET": "your-service-token-secret"
}
}
}
}Two layers of auth — Cloudflare Access validates the service token at the network level, Bearer token authenticates at the application level.
MIT