Marketplace

MCP Server for Statamic

MCP server that gives AI assistants like Claude, ChatGPT, and Cursor structured access to your Statamic content, blueprints, assets, and users with OAuth 2.1, scoped tokens, and a CP dashboard.

Cbox

2.0.2

March 19th, 2026

Fixed

Install command no longer crashes on sites without a database — migrations are now skipped automatically when file-based storage drivers are configured (the default)
Config publish prompt: confirming "Overwrite? yes" now actually overwrites the file (previously --force stayed false, so vendor:publish silently skipped it)
Migration failures are caught with actionable guidance instead of crashing the installer
Completion message now reflects what actually happened during install

Added

--skip-migrations flag on mcp:statamic:install as an explicit escape hatch

Full Changelog: https://github.com/cboxdk/statamic-mcp/compare/v2.0.1...v2.0.2

2.0.1

March 18th, 2026

Fixed

Token expiry date validation no longer blocks submission — max_token_lifetime_days is now a default suggestion, not a hard server-side rejection
Token form error feedback uses Statamic toast notifications and native ui-error-message components with red border highlighting

Added

Scope presets (Read Only, Content Editor, Full Access) in token create/edit form, matching documented common combinations
Preset-aware badge display in admin token table — shows preset name instead of listing individual scopes
Admin token form now uses Statamic-style grouped permission cards with per-group "Check All"

Removed

Internal development plans and specs (docs/superpowers/) accidentally included in v2.0.0

2.0.0

November 30th, -0001

v2.0.0 — Storage drivers, OAuth 2.1, audit overhaul, security hardening

Major release: storage driver abstraction, MCP OAuth 2.1 with PKCE, comprehensive audit logging, router-based tool architecture, and security hardening.

Breaking Changes

Statamic v5 dropped — requires Statamic v6.6+, Laravel 12/13, PHP 8.3+
Laravel MCP v0.6 — new tool attribute pattern
Router architecture — 140+ tools consolidated into 11 domain routers
Tool names changed — statamic.blueprints.list → statamic-blueprints with action: list
Config restructured — re-publish required

Highlights

Storage drivers: File (YAML/JSONL, default) and Database (Eloquent)
OAuth 2.1: PKCE S256, Dynamic Client Registration, refresh token rotation, revocation
21 scoped API tokens with fine-grained access control
CP Dashboard: User + Admin pages with token management and audit log
Security: 8 review rounds, 30+ findings fixed
Laravel 13 support
772 tests, PHPStan Level 8, full CI matrix

Upgrade Guide

See UPGRADE.md for migration steps from v1.x.

Full Changelog

See CHANGELOG.md for complete details.