Drupal MCP Toolkit: Four Modules for Agent-Driven Site Management
As AI agents become part of the Drupal workflow, we need infrastructure that makes automation traceable, predictable, and composable. I built four small Drupal modules that together form an MCP Toolkit for agent-driven site management.
The Problem
When agents modify configuration, create content, or run audits on a Drupal site, you need:
- Visibility into what agents did and when.
- Structured access to content and config without scraping rendered pages.
- Audit checks that agents can invoke programmatically.
- Configuration snapshots for diffing and CI validation.
Each of these is a small, focused concern — so I built each as a separate module with a narrow, well-defined surface.
The Toolkit
1. MCP Audit Server
A lightweight server that sits between an MCP client and Drupal, capturing structured events: what tools ran, what endpoints were touched, and when. This gives you a decoupled audit trail that doesn't pollute Drupal's application logs.
Key takeaway: Treat audit trails as a first-class integration boundary. Emit structured events from the MCP layer, then fan out to storage or alerting without touching Drupal internals.
2. MCP Config Export
Exports site configuration in an MCP-friendly format that agents and CI pipelines can consume directly. Instead of hand-checking YAML, you get a focused export target for automation, diffing, and validation.
Key takeaway: Treating configuration as a first-class output makes automation more reliable. When the config surface is explicit and repeatable, you can diff, validate, and react to changes with confidence — especially valuable in multi-env setups.
3. MCP Node Info
Exposes node metadata (IDs, titles, types, statuses, timestamps) through an MCP-style interface. Agents and backend jobs can query Drupal content in structured form without pulling full rendered pages.
Key takeaway: A thin, read-only capability surface pays off. Focused output stays predictable, cache-friendly, and easy to extend later without breaking clients.
4. MCP Site Audit
Packages site health checks behind a predictable MCP endpoint. Configuration, content, and operational issues become reusable, composable audit capabilities that agents can invoke across environments.
Key takeaway: Treat audit checks as first-class, versioned capabilities rather than one-off scripts. That makes it straightforward to add new checks and keep results consistent across projects.
What I Learned
- Small modules win: Each tool does one thing well. Composing them is easier than maintaining a monolithic "agent platform."
- MCP as the integration contract: By standardizing on MCP, all four modules share the same transport and discovery patterns. Adding a fifth tool takes minutes.
- Separation reduces risk: Audit logs, config exports, and content queries each live in their own module. A bug in one doesn't break the others.