Home / Docs / AI Agents via MCP

AI Agents via MCP

Guides

Forge exposes your content via the [Model Context Protocol](https://modelcontextprotocol.io) (MCP). An AI agent can create, update, publish, and delete content on a live Forge site — without writing code, without a deploy pipeline, without a CMS interface.

What MCP gives you

Add forge-mcp to your app and Forge automatically exposes:

  • Resources — all Published content, readable by any MCP client
  • Tools — create, update, publish, archive, delete for each content type
  • Token tools — create, list, and revoke bearer tokens (Admin role required)

The schema is derived from your Go struct tags. No separate schema definition. No drift.

Installation

go get github.com/forge-cms/forge-mcp@latest

Wiring

import forgemcp "github.com/forge-cms/forge-mcp"

mcpSrv := forgemcp.New(app)
app.Handle("GET /mcp", mcpSrv.Handler())
app.Handle("POST /mcp/message", mcpSrv.Handler())

Two transports are available:

  • SSE (GET /mcp + POST /mcp/message) — remote, authenticated via Bearer token
  • stdio — local proxy for MCP-compatible AI agents

Token management

Forge uses named, revocable bearer tokens stored in a forge_tokens table. Tokens are created via the create_token MCP tool or directly in the database on first deploy.

Add a TokenStore to your config:

app := forge.New(forge.MustConfig(forge.Config{
    BaseURL:    "https://example.com",
    Secret:     []byte("...32 random bytes..."),
    DB:         db,
    TokenStore: forge.NewTokenStore(db, "...same secret..."),
}))

On first deploy, create an admin token via the create_token MCP tool:

create_token — name: "admin", role: "admin", ttl: 3650 days

The plaintext token is returned once — copy it immediately. It is never stored or retrievable again.

Safety: revoke_token refuses to revoke the last active admin token. You cannot accidentally lock yourself out.

Connecting an AI agent

Any MCP-compatible AI agent can connect to a Forge site. Claude Desktop is one example — the same approach works for other agents that support MCP.

Build the stdio proxy:

go build -o forge-mcp-proxy ./cmd/mcp/

For Claude Desktop, add to claude_desktop_config.json:

{
  "mcpServers": {
    "forge": {
      "command": "/path/to/forge-mcp-proxy",
      "env": {
        "MCP_URL": "https://your-site.com/mcp",
        "MCP_TOKEN": "eyJ..."
      }
    }
  }
}

Restart the agent. Your content types appear as tools immediately.

What an AI agent can do

User → AI agent:
  "Create a post titled 'Hello from MCP' and publish it."

Agent → Forge MCP:
  tool: create_post  { title: "Hello from MCP", body: "...", status: "published" }

Result: post is live.

The same lifecycle rules, validation constraints, and role checks apply to MCP tool calls as to any other request. The AI cannot bypass them — not because of special AI rules, but because the rules apply to everyone.