Drupal is a registered trademark of Dries Buytaert
cms 2.1.3 Update released for Drupal core (2.1.3)! drupal 10.5.11 Update released for Drupal core (10.5.11)! drupal 11.3.11 Update released for Drupal core (11.3.11)! drupal 11.2.13 Update released for Drupal core (11.2.13)! drupal 10.6.10 Update released for Drupal core (10.6.10)! cms 2.1.2 Update released for Drupal core (2.1.2)! drupal 11.1.10 Update released for Drupal core (11.1.10)! drupal 10.5.10 Update released for Drupal core (10.5.10)! drupal 10.4.10 Update released for Drupal core (10.4.10)! drupal 11.2.12 Update released for Drupal core (11.2.12)! drupal 11.3.10 Update released for Drupal core (11.3.10)! drupal 10.6.9 Update released for Drupal core (10.6.9)! drupal 10.6.8 Update released for Drupal core (10.6.8)! drupal 11.3.9 Update released for Drupal core (11.3.9)! drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)!
← All modules

midgard

No security coverage
View on drupal.org

Midgard turns Drupal into a safe, auditable AI operations layer. When an AI agent changes your site, Midgard makes the change reviewable, reversible and recorded — because in Drupal the output that matters is real configuration, not throwaway text.

The output is configuration, not text. Midgard treats AI as a governed operator of your site, not a content generator. Every change it makes is captured as Drupal config you can review, roll back and export.

Drupal already has a rich AI ecosystem — providers, agents, generators, an MCP server. Midgard is the opinionated assembly that makes those pieces feel like a single coherent product, and adds the one thing an operations layer needs: governance. It does not compete with the AI modules that make changes; it governs them.

Four guarantees for every AI-driven change

🛡ī¸ Guarded
Every configuration write an AI initiates passes through a single safety primitive. Nothing slips around it — not even "trivial" writes. 👁ī¸ Observable
A universal configuration-events subscriber captures each change the moment it happens, so you see exactly what the AI touched. ↩ī¸ Reversible
Changes are snapshotted before they apply and can be rolled back, building on Drupal's config snapshot and rollback primitives. đŸ“Ļ Exportable
The result is standard, version-controllable Drupal configuration — the same YAML your team already reviews and deploys.

How Midgard governs the AI ecosystem

Midgard sits underneath the tools that act on your site and watches the only thing that counts: configuration changes. A universal configuration-events subscriber turns any AI-driven mutation — whether it comes from an AI agent, an AI generation workflow, or a tool call over MCP — into a governed event that can be guarded, scored for risk, queued for human approval, snapshotted, and written to a tamper-evident audit trail.

Use the agents you like — Midgard governs what they do. Because it governs at the configuration layer rather than inside any one tool, Midgard works with the ecosystem instead of replacing it.

It never calls AI provider APIs directly — it always goes through drupal/ai — and it never reimplements snapshot or rollback — it builds on existing configuration primitives.

What's in the suite

Midgard

The umbrella: AI provider layer, the safety primitive, the admin UI, and the install & diagnostic tooling that ties everything together.

Bifrost

A Model Context Protocol bridge that exposes governed Drupal capabilities to AI agents over OAuth-scoped, auditable tool calls.

Heimdall

Risk scoring, human-in-the-loop approval for high-impact changes, and a tamper-evident, hash-chained audit log of every resolution.

Standing on the shoulders of the ecosystem

Midgard's rule is simple: adopt upstream where it exists, wrap it where it doesn't. It is a light governance layer on top of well-maintained projects, with sincere thanks to their maintainers and communities:

AI (drupal/ai)
The provider abstraction. Midgard never talks to OpenAI, Anthropic, Gemini or Ollama directly — it goes through drupal/ai. Built by FreelyGive and the Drupal AI Initiative. MCP Server
The Model Context Protocol transport that Bifrost rides on. Part of the Acquia-sponsored MCP effort. Simple OAuth
The OAuth 2.1 / PKCE layer securing agent access over HTTP. Key
Secure storage for API keys. Midgard never stores a secret anywhere else.

🛡ī¸ Built on Config Guardian

Midgard's reversibility and audit guarantees are powered by Config Guardian — snapshot, simulate, risk-score, rollback and audit primitives for Drupal configuration.

Config Guardian is built by the same author as Midgard, so the integration is deliberate and vertical: Midgard delegates the dangerous parts to a focused module that already carries Drupal Security Team coverage, instead of reinventing them.

View Config Guardian

Install in minutes

Midgard ships an opinionated installer and a diagnostic command, so a working governed setup is a few lines away:

composer require drupal/midgard
drush en midgard midgard_bifrost midgard_heimdall
drush midgard:install
drush midgard:doctor

midgard:install wires the provider, keys, routing and permissions; midgard:doctor reports the health of every part of the suite. (The composer step applies once Midgard is published on drupal.org.)

How it relates to Drupal's direction

Midgard is a complement to Drupal's AI direction and to the broader move toward safer configuration governance — not a competitor. It does not replace Workspaces, Configuration Management, or the official AI modules; it sits beside them and makes AI-driven configuration changes accountable. If the official tooling grows to cover something Midgard wraps today, Midgard happily steps back to the upstream.

Roadmap

Midgard is built as a suite. The current line ships the provider layer, the MCP bridge (Bifrost) and governance (Heimdall). On the near-term roadmap:

  • Muninn — observability and content/configuration insight across governed changes.
  • Path to a stable 1.0 — pinning the MCP transport to a tagged stable release and opting in to Drupal Security Team coverage. Until both land, releases stay on the alpha/beta line.
  • Further submodules for auditing, configuration repair, content QA and design sync are planned as the suite matures.

⚠ī¸ Project status — please read before installing

Midgard is a pre-1.0 alpha. It targets Drupal 11; its own code is already Drupal 12-clean (zero deprecated API calls), and it will declare Drupal 12 support as soon as its AI and OAuth dependencies do. Drupal 11 receives upstream support well into 2027.

It is honest about what it is: a young, actively developed governance layer. Because it currently depends on a development build of the MCP transport, releases remain alpha until that dependency ships stable and Security Team coverage is opted in.

Getting involved & support

Found a bug?

Midgard is alpha — your feedback is the point. Report bugs, request features, or tell us where the governance model gets in your way.

Open an issue

Review the model

Real-world deployments and review of the security and governance model are especially welcome at this stage.

Share your review

Contribute

Midgard and Drupal are open source, built by the community. Patches, docs and ideas all help.

Get involved

Activity

Total releases
1
First release
Jun 2026
Latest release
12 hours ago
Release cadence
Stability
0% stable

Releases

Version Type Release date
1.0.0-alpha1 Pre-release Jun 17, 2026