squilla/
early alpha ★ 1
docker compose up

MCP Tool Catalog

Every MCP tool, grouped by domain, with parameters and class.

How tools are classified

Each MCP tool is registered with a class — read, content, or full — that the dispatch layer uses to gate by token scope. Read-only tools surface to all token scopes; content-class tools require content or full; full-class tools require full (theme/extension activation, deploy, delete; node-type / taxonomy / layout / block-type writes; settings writes; raw SQL; outbound HTTP; email send).

The tool catalogue below mirrors what's registered in internal/mcp/tools_*.go at the time of writing: ~94 tools across 21 domains. Run core.guide({verbose: true}) at session start for the canonical list with full parameter schemas and per-tool how-to notes — it's regenerated from the tool registry, so it never drifts.

Nodes — 8 tools

  • core.node.get (read) — {id}
  • core.node.query (read) — {node_type, status, language_code, slug, search, limit, offset, order_by, parent_id, fields_only?, select?}. fields_only:true drops the heavy fields (blocks_data, fields_data, seo_settings, translations, taxonomies) for cheap discovery listings.
  • core.node.create (content) — full input shape with node_type, title, slug, status, language_code, layout_slug, blocks_data, fields_data, seo_settings, taxonomies, featured_image, excerpt, parent_id.
  • core.node.update (content) — partial input by id; pass return_node:false for bulk writes to skip the ~7 KB echo and get {ok:true, id} back.
  • core.node.upsert (content) — by (node_type, slug), idempotent; useful for seed scripts.
  • core.node.delete (content) — soft delete; revisions retained.
  • core.node.revisions (read) — newest-first list (≤100 entries) of {revision_id, version_number, status, language_code, layout_slug, created_at, created_by}. Snapshots are full since migration 0041.
  • core.node.revision_restore (content) — applies a snapshot; the pre-restore state is captured as a fresh revision so restore is itself reversible.
  • core.node.update_many (content) — bulk update with filters. Only safe top-level columns: status, layout_slug, language_code. For fields_data / blocks_data / seo_settings use per-node core.node.update so per-node merge logic runs.

Node types — 5 tools

  • core.nodetype.list, core.nodetype.get (read)
  • core.nodetype.create, core.nodetype.update, core.nodetype.delete (full). Note the fields argument name (not field_schema) and per-field {name, title, type, required?, options?, fields?, initialValue?, description?} shape — see Quickstart.

Taxonomies — 5 tools, Terms — 5 tools

  • Taxonomies: list, get (read); create, update, delete (full).
  • Terms: list, get (read); create, update, delete (content).

Menus — 6 tools

  • core.menu.get, core.menu.list (read)
  • core.menu.create, core.menu.update, core.menu.upsert, core.menu.delete (content). Use upsert for seed scripts — idempotent on slug, takes the same shape as create.

Settings — 3 tools

  • core.settings.get, core.settings.list (read)
  • core.settings.set (full)

Media — 7 tools

  • core.media.upload (content) — {filename, mime_type, body_base64, alt?, caption?, tags?}. Routes through the active media-provider.
  • core.media.upload_init / core.media.upload_finalize (content) — presigned-upload pair for files >5–10 MB.
  • core.media.import_url (content) — fetches a remote URL and registers it as a media file.
  • core.media.get, core.media.query (read)
  • core.media.delete (content)

Files — 2 tools

  • core.files.store (content) — {path, body_base64}; storage relative to the configured storage root.
  • core.files.delete (content)

Data — 6 tools

  • core.data.get, core.data.query (read)
  • core.data.create, core.data.update, core.data.delete (content)
  • core.data.exec (full, env-gated by SQUILLA_MCP_ALLOW_RAW_SQL=true) — raw parameterised SQL with $1, $2, ...
TABLE SCOPING
core.data.query supports where, search, order_by, limit, offset, raw, args. Kernel-private tables (users, sessions, password_reset_tokens, roles, role_capabilities, audit_log, schema_migrations, site_settings, mcp_tokens, mcp_audit_log, mcp_token_audit, languages) are unconditionally denied to extensions; MCP tools run as internal callers and bypass that deny list, so a full token can read them via core.data.*.

Themes — 11 tools

  • core.theme.list, core.theme.get, core.theme.active, core.theme.standards, core.theme.checklist (read) — the two audits (standards = manifest shape, checklist = cross-file integrity) are how you verify a theme before declaring it done.
  • core.theme.activate, core.theme.deactivate, core.theme.rescan (full)
  • core.theme.deploy (full) — inline base64 zip, 50 MB cap.
  • core.theme.deploy_init, core.theme.deploy_finalize (full) — presigned-upload pair for archives above 5–10 MB; default cap 200 MB.

Block types — 7 tools

  • core.block_types.list, core.block_types.get (read)
  • core.block_types.create, core.block_types.update, core.block_types.delete, core.block_types.detach, core.block_types.reattach (full). detach/reattach let you locally edit a theme-shipped block without forking the theme.

Layouts — 7 tools

  • core.layout.list, core.layout.get (read)
  • core.layout.create, core.layout.update, core.layout.delete, core.layout.detach, core.layout.reattach (full)

Extensions — 9 tools

  • core.extension.list, core.extension.get, core.extension.standards (read) — standards audits the manifest against the recommended shape.
  • core.extension.activate, core.extension.deactivate, core.extension.delete, core.extension.rescan (full)
  • core.extension.deploy (full) — inline base64 zip, 50 MB cap.
  • core.extension.deploy_init, core.extension.deploy_finalize (full) — presigned pair, 200 MB cap.

Render — 3 tools (read-only previews)

  • core.render.block (read) — {block_type, fields}{html}. Single-block smoke test; no node, no chrome.
  • core.render.layout (read) — {layout_slug, language_code?, blocks: [{type, fields}]}{html}. Full layout with a block sequence; useful for previewing a page template before committing.
  • core.render.node_preview (read) — {id}{html, warnings}. Renders a node as if it were served publicly. No state change, no event fired, no view counted; safe to call repeatedly while iterating. The warnings array carries non-fatal issues the renderer caught (missing block view, missing partial, fields_data keys not in the schema) so you can fix them before publishing.

Misc — 8 tools

  • core.user.get, core.user.query (read)
  • core.event.emit (content) — fire a custom event into the bus.
  • core.filter.apply (read) — invoke a filter chain against a value.
  • core.email.send (full) — {to: [...], subject, html, from?, reply_to?, cc?, bcc?, headers?, template_id?, template_data?}
  • core.http.fetch (full) — outbound HTTP with the kernel's SSRF allow-list.
  • core.field_types.list (read) — every field type understood by the admin, with per-type how-to guides aimed at AI agents.
  • core.guide (read) — meta-tool that returns recipes, conventions, snapshot, full tool index. Always start here.

The total surface drifts up by a few tools each release as new presigned-upload paths are added or as deprecated tools fold into typed replacements. The catalogue inside core.guide({verbose: true}) is regenerated from the live registry on every call — trust it over any external doc when they disagree.

← Previous · MCP Server Editing Features →