Drupal is a registered trademark of Dries Buytaert
cva Module cva crossed 1,000 active installs. ai_dashboard Module ai_dashboard crossed 1,000 active installs.
← All modules

project_context_connector

No security coverage
View on drupal.org

Make Your Drupal Site AI-Discoverable

Project Context Connector exposes a safe, read-only JSON snapshot of your Drupal site for AI agents, automation scripts, Slack bots, and CI/CD pipelines. Designed for DevOps teams, AI integrations, and modern development workflows.

Why Use This Module?

Traditional Drupal sites are opaque to external tools. When building AI assistants, chat workflows, or automation pipelines, there's no standard way to programmatically ask "What Drupal version is running?" or "Which modules need security updates?" This module solves that problem.

Use Cases

  • AI-Powered Support: Give ChatGPT, Claude, or custom AI agents real-time context about your Drupal site configuration and installed modules
  • Native AI Integration: Model Context Protocol (MCP) support for Claude Desktop and other AI assistants
  • DevOps Automation: CI/CD scripts that adapt based on current site configuration and module versions
  • Slack/Teams Bots: Team bots that answer "What version of PHP are we running in production?"
  • Multi-Site Management: Centralized dashboards aggregating metadata from multiple Drupal instances
  • Security Auditing: Automated monitoring for outdated modules or security vulnerabilities
  • Incident Response: Quick environment snapshots for troubleshooting and support tickets

Key Features

Endpoints & Access

  • REST API: GET /project-context-connector/snapshot (permission-gated)
  • HMAC Signed: GET /project-context-connector/snapshot/signed (no Drupal user required)
  • Drush Command: drush pcc:snapshot for local use and CI pipelines
  • MCP Tool: project_context_snapshot for native AI assistant access (requires mcp_server)
  • Multiple Auth Methods: Basic Auth, OAuth2 bearer tokens, or HMAC signatures

What's Exposed

  • Drupal core version, PHP version, database driver/version (configurable)
  • Active modules with versions, composer packages, and security update status
  • Active themes (default and admin) with versions
  • Configuration flags: maintenance mode, caching settings, error display level, cron status
  • Relative module/theme paths and origin classification (core/contrib/custom)

Security & Performance

  • Read-only by design: No write operations, no remote code execution, no telemetry
  • No PII exposure: Zero personal data, credentials, or secrets in responses
  • Permission-gated: Custom access project context snapshot permission with proper access control
  • Rate limiting: Flood API-based throttling (default: 60 requests/minute) with 429 responses
  • HTTP caching: Proper cache contexts (user.permissions, headers:Origin) and cache tags
  • CORS support: Optional allow-list with exact match and wildcard subdomain patterns
  • HMAC authentication: SHA-256 signatures with timestamp-based replay protection

Perfect For

  • Agencies: Managing multiple client sites with centralized monitoring
  • DevOps Teams: Building deployment pipelines that need environment context
  • AI Developers: Integrating Drupal with ChatGPT, Claude, or custom AI agents via REST or MCP
  • Security Teams: Automated vulnerability scanning and compliance monitoring
  • Support Teams: Quick environment diagnostics during incidents

Example Response

{ "generated_at": "2025-08-23T12:00:00Z", "drupal": { "core_version": "10.3.0", "php": {"version": "8.3.0"}, "database": {"driver": "mysql", "version": "8.0.36"}, "active_modules": [ { "name": "views", "version": "10.3.0", "composer": "drupal/core", "security_status": "current" } ] } }

AI Agent Integration Examples

The module includes comprehensive integration examples for:

  • Model Context Protocol (MCP): Native integration with Claude Desktop and AI assistants via Tool API
  • Claude/ChatGPT: System prompts and tool configurations for HTTP endpoints
  • Slack Bots: Complete working example with slash commands
  • Python Scripts: Security update monitoring in CI/CD
  • curl/Node.js: Ready-to-use client examples

Quick Start (5 Minutes)

Option 1: MCP Integration (Recommended for AI Assistants)

  1. Install: composer require drupal/mcp_server drupal/project_context_connector
  2. Enable: drush en -y mcp_server project_context_connector
  3. Configure: Add to Claude Desktop config or run drush mcp:server
  4. Use: AI assistants can now query your site directly via the project_context_snapshot tool

Option 2: HTTP API Integration

  1. Install: composer require drupal/project_context_connector
  2. Enable: drush en -y project_context_connector basic_auth
  3. Create service user: drush user:create pcc_bot with dedicated role
  4. Test: curl -u pcc_bot:password https://your-site.com/project-context-connector/snapshot
  5. Integrate: Add endpoint to your AI agent, bot, or script

Documentation & Support

  • Comprehensive README: 700+ lines with security best practices, troubleshooting, and integration guides
  • SECURITY.md: Threat model, secret management, rotation procedures, compliance considerations
  • CHANGELOG.md: Semantic versioning with detailed release notes
  • Example clients: Shell scripts, Node.js, Postman collection, MCP setup
  • WCAG 2.2 AA: Accessible admin interface with keyboard navigation

Security First

This module follows secure-by-default principles:

  • Working toward Drupal Security Advisory coverage
  • Timing-safe signature comparison (hash_equals())
  • Strict input validation on all settings
  • Proper error handling with no information leakage
  • Comprehensive test suite (unit, kernel, functional)
  • PSR-12 and Drupal coding standards compliant
  • PHPStan level 5 static analysis

Requirements

  • Drupal: 10.x or 11.x
  • PHP: 8.1, 8.2, or 8.3
  • Optional: basic_auth (core) for Basic Auth, simple_oauth (contrib) for OAuth2
  • Optional: update module for security status metadata
  • Optional: mcp_server and tool modules for MCP integration

Similar Modules

Unlike site status or monitoring modules that focus on uptime or performance metrics, Project Context Connector is specifically designed for AI/automation consumption with stable JSON schemas, multiple authentication methods (including native MCP support), and comprehensive caching/rate limiting for external tool integration.

Maintainers

Actively maintained with regular security updates. Contributions welcome via issue queue and merge requests.

Activity

Total releases
6
First release
Aug 2025
Latest release
2 weeks ago
Release cadence
35 days
Stability
83% stable

Release Timeline

Releases

Version Type Release date
1.2.0 Stable Feb 16, 2026
1.1.7 Stable Feb 16, 2026
1.1.0 Stable Feb 16, 2026
1.0.2 Stable Aug 24, 2025
1.0.1 Stable Aug 23, 2025
1.0.x-dev Dev Aug 23, 2025