# magebitcom/magento2-mcp-cms-tools

> CMS-domain MCP tools for Magebit_Mcp (read + write over CMS pages and blocks)

`composer require magebitcom/magento2-mcp-cms-tools`

Canonical URL: https://packagento.com/magebitcom/magento2-mcp-cms-tools

## At a glance

- **Vendor**: magebitcom (https://packagento.com/magebitcom.md)
- **Latest version**: v1.0.0 — released 2026-05-26
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/magebitcom/magento2-mcp-cms-tools and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require magebitcom/magento2-mcp-cms-tools:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

CMS-domain MCP tools for Magebit_Mcp (read + write over CMS pages and blocks)

## README

This is a sub-module for the [Magento2 MCP module](https://github.com/magebitcom/magento2-mcp-module)

----

CMS-domain MCP tools for `Magebit_Mcp`. Reads and writes against CMS pages
and blocks.

Each tool is a thin wrapper over a Magento service contract
(`PageRepositoryInterface`, `BlockRepositoryInterface`,
`GetPageByIdentifierInterface`, `GetBlockByIdentifierInterface`) and composes
its read response from field resolvers that 3rd-party modules can extend.

### Install

```bash
composer require magebitcom/magento2-mcp-cms-tools
bin/magento module:enable Magebit_McpCmsTools
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento cache:flush
```

Ships with `Magebit_Mcp` as its only Magebit dependency. If you only want
the base MCP transport (no CMS tools), install `Magebit_Mcp` alone; this
module is designed to be optional.

### Tool catalog

#### Read tools

| Tool | What it does |
|---|---|
| `cms.page.list` | Paginated CMS-page search; filter by identifier (exact / glob / array), title substring, is_active, store_id, website_id (expanded to store-view ids), creation_time range, update_time range. |
| `cms.page.get` | Single CMS page by numeric id or identifier (+ optional `store_id` for identifier lookup). |
| `cms.block.list` | Paginated CMS-block search with the same filter vocabulary as pages. |
| `cms.block.get` | Single CMS block by numeric id or identifier. |

#### Write tools

All writes require the global `magebit_mcp/general/allow_writes` flag **and**
the token's own `allow_writes` flag to be `1`. Every write sets
`requires_confirmation` so MCP clients (Claude Desktop, etc.) prompt before
firing.

| Tool | Confirm? | Delegates to | Underlying ACL |
|---|---|---|---|
| `cms.page.create` | yes | `PageRepositoryInterface::save()` | `Magento_Cms::save` |
| `cms.page.update` | yes | `PageRepositoryInterface::save()` (PATCH) | `Magento_Cms::save` |
| `cms.page.delete` | yes | `PageRepositoryInterface::delete()` | `Magento_Cms::page_delete` |
| `cms.block.create` | yes | `BlockRepositoryInterface::save()` | `Magento_Cms::block` |
| `cms.block.update` | yes | `BlockRepositoryInterface::save()` (PATCH) | `Magento_Cms::block` |
| `cms.block.delete` | yes | `BlockRepositoryInterface::delete()` | `Magento_Cms::block` |

Every write tool also implements `Magebit\Mcp\Api\UnderlyingAclAwareInterface`
so the handler blocks calls from admins who wouldn't be allowed to perform
the same action in the admin UI.

### Identifier lookups and store scope

`cms.page.get`, `cms.page.update`, `cms.page.delete` (and the block siblings)
accept either `id` (numeric primary key) **or** `identifier` (the admin URL
key). Identifier lookups require a store scope:

- Omit `store_id` → defaults to `0` ("All Store Views"), which is the scope
  CMS pages and blocks created from the admin UI default to. This is what
  most identifier-only lookups want.
- Pass `store_id: <N>` → look the entity up under store view `N`.

Pages / blocks assigned to a specific store view are invisible from other
stores by design.

### Extending

See `docs/EXTENDING.md` for:
- adding a new field to any tool response via `PageFieldResolverInterface`
  / `BlockFieldResolverInterface`;
- adding a new filter to `cms.page.list` / `cms.block.list` via
  `PageFilterTranslatorInterface` / `BlockFilterTranslatorInterface`;
- the ACL layering rules for custom write tools.

### License

Released under the [MIT License](LICENSE).

---

![magebit (1)](https://github.com/user-attachments/assets/cdc904ce-e839-40a0-a86f-792f7ab7961f)

*Have questions or need help? Contact us at info@magebit.com*

## Recent Versions

| Version | Released |
|---|---|
| v1.0.0 | 2026-05-26 |
| v0.0.1 | 2026-05-06 |

## Dependencies

### Require

| Package | Constraint |
|---|---|
| magebitcom/magento2-mcp-module | * |
| magento/framework | ^103.0 |
| php | >=8.1 |

## Quality

Latest release (v1.0.0) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | Pass | Pass |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 16 | 16 warnings (ruleset: Magento2) — 16 auto-fixable with phpcbf |
| PHPMD | Warning | 6 | 6 rule violations (CyclomaticComplexity:2, NPathComplexity:2, ExcessiveClassComplexity:1, TooManyPublicMethods:1) |
| Cpd | Warning | 2 | 2 duplicated chunks spanning 75 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Info | 1 | valid; 1 advisory note (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 11 | 11 | – | – |
| 2.4.8 | – | 12 | 12 | – |
| 2.4.9 | – | – | 12 | 12 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["magebitcom/magento2-mcp-cms-tools"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

magebitcom is a Magento 2 vendor on Packagento. See https://packagento.com/magebitcom.md for their full catalogue.