MCP Server
Krios exposes a Model Context Protocol server at /api/mcp/{projectSlug}. Agents (Claude, Cursor, custom agents) connect, list tools, and invoke them with a management or preview key.
Endpoint
GET /api/mcp/{projectSlug} # streamable HTTP transport (SSE)
POST /api/mcp/{projectSlug} # for tool invocations
Auth
Bearer with a management or preview key:
Authorization: Bearer <api-key>
The MCP route runs its own inline bearer check (SHA-256 hash + lookup, plus active / expiry / key-type / project checks). A delivery key is rejected with 403 wrong_key_type; sessions are not accepted. MCP enforces tenant/project scoping and key-type gating (management or preview). Each tool call also runs the same authorization gate as the REST API: the key's permissions[] must include the tool's action (read/create/update/publish/unpublish/delete; an empty list = all actions) — otherwise the tool returns api_key_permission_denied — and the call counts against the key's rate limit (returns rate_limit_exceeded when over). Per-site key scoping is not yet narrowed on reads.
Tools
Built-in tools the server registers:
| Tool | Action |
|---|---|
list_content_types | Return every content type with apiName + name + flags |
get_content_type | Read one type with its full field list |
get_entry | Fetch an entry by id |
get_entry_values | Resolved field values for an entry + locale (rich text as raw + html + text) |
search_content | Paginated list by content type + site + locale + status |
create_entry | Create with contentTypeApiName, siteId, locale, treeParentId, fields |
update_entry | Update with version for optimistic concurrency |
publish_entry / unpublish_entry | Publish or unpublish a locale |
delete_entry | Soft delete |
get_tree | Flat node list for one site |
list_sites / get_site | Site metadata |
Each tool's input schema is published via the standard MCP tools/list call.
Resources
The server exposes read-only resources for context-loading workflows:
| Resource URI | Returns |
|---|---|
krios://schema/content-types | Full content-type schema as JSON |
krios://sites | Site list |
krios://tree | Combined global + per-site tree for the default environment |
Entry data is not exposed as a resource — use the get_entry / get_entry_values tools instead.
Permissions + audit
Every tool call is gated by the key's permissions[] (per the action it performs) and counted against the key's rate limit, in addition to tenant/project scoping and key-type gating. A key whose permissions omit the required action gets an api_key_permission_denied reply; over-limit calls get rate_limit_exceeded. (An empty permissions array allows all actions. Per-site key scoping is not yet applied to reads.) Audit log entries record the call with the MCP key in metadata.mcpApiKeyId (and metadata.mcpApiKeyType). Use the Agent activity report to see how much content an agent authored.
Example client config
For Claude Desktop:
{
"mcpServers": {
"krios": {
"type": "http",
"url": "https://cms.example.com/api/mcp/demo",
"headers": {
"Authorization": "Bearer krios_mk_..."
}
}
}
}
For Cursor / other agents — the same URL + bearer header with whatever transport they support.
Recommended scopes
- Read-only agents (RAG, summarization) — preview key with no write permissions.
- Drafting agents (compose entries for editor review) — management key with
create+updateoncontentType, nopublish. - Auto-publish agents — management key with
publish. Pair with the governance analyzer'sskipped_workflowdetector if your project has workflows.