How do I install and enable this bundle in a Laravel/Sulu project?

Run `composer require alengo/sulu-mcp-server-bundle`, add the bundle to `config/bundles.php`, import the routing in `config/routes/alengo_mcp_server.yaml`, and set the `MCP_SERVER_TOKEN` in your `.env.local` file. No additional configuration is required for basic use.

What Laravel/Sulu versions does this bundle support?

This bundle is designed for Symfony 7.x and Sulu CMS 3.x+. It leverages Sulu’s admin API and firewall, so ensure your Sulu installation meets these requirements. Laravel compatibility is indirect via Sulu’s Symfony integration.

How do MCP servers authenticate to access the API?

MCP servers must provide both a valid Sulu admin session (via cookies) and a Bearer token in the `Authorization` header. The token is configured in `.env.local` as `MCP_SERVER_TOKEN`, and the admin session is managed by Sulu’s built-in `/admin/login` endpoint.

Can I customize the template directories this bundle scans?

Yes, override the `template_dirs` configuration in `config/packages/alengo_mcp_server.yaml` to map custom paths for template types like `page`, `article`, or `block`. Default paths are relative to `%kernel.project_dir%` and align with Sulu’s standard structure.

Is there a way to disable the API entirely if needed?

Set the `MCP_SERVER_TOKEN` to an empty string in `.env.local` or configure `token: ''` in your bundle settings. The API will return a `403 Forbidden` response, effectively disabling access without modifying code.

How do I generate a secure Bearer token for MCP servers?

Use a cryptographically secure method like `openssl rand -hex 32` to generate a 32-character hex token. Store it in `.env.local` as `MCP_SERVER_TOKEN`. Avoid hardcoding tokens in configuration files or version control.

Will this bundle work with non-standard Sulu template structures?

Yes, the bundle supports custom template directories via the `template_dirs` configuration. If your Sulu setup uses non-standard paths (e.g., for custom template types), fully customize this mapping to ensure the API scans the correct locations.

Are there performance concerns with frequent API calls?

The bundle does not include built-in caching, so high request volumes (e.g., live previews) may strain filesystem I/O. Mitigate this by implementing external caching (e.g., Varnish, Redis) for `/admin/api/mcp/*` endpoints or adding a cache layer to the bundle.

Does this bundle support JSON responses instead of raw XML?

Currently, the API returns raw XML for template content. While there’s no built-in JSON conversion, you can parse the XML on the client side or extend the bundle to add a `?format=json` query parameter for backward compatibility with MCP servers.

What happens if an MCP server provides an invalid Bearer token?

The API will return a `401 Unauthorized` response if the Bearer token is missing or invalid. The Sulu admin session is also validated, so both authentication factors must be correct for access to be granted.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Sulu Mcp Server Bundle Laravel Package

alengo/sulu-mcp-server-bundle

Read-only Sulu bundle exposing local template XML via authenticated admin API endpoints for MCP servers. Lists templates by type and returns raw XML. Secured by Sulu admin session plus required Bearer token; disabled if token is empty.

View on GitHub

Deep Wiki

Context7

At a glance

Frequently asked questions about Sulu Mcp Server Bundle

How do I install and enable this bundle in a Laravel/Sulu project?: Run `composer require alengo/sulu-mcp-server-bundle`, add the bundle to `config/bundles.php`, import the routing in `config/routes/alengo_mcp_server.yaml`, and set the `MCP_SERVER_TOKEN` in your `.env.local` file. No additional configuration is required for basic use.
What Laravel/Sulu versions does this bundle support?: This bundle is designed for Symfony 7.x and Sulu CMS 3.x+. It leverages Sulu’s admin API and firewall, so ensure your Sulu installation meets these requirements. Laravel compatibility is indirect via Sulu’s Symfony integration.
How do MCP servers authenticate to access the API?: MCP servers must provide both a valid Sulu admin session (via cookies) and a Bearer token in the `Authorization` header. The token is configured in `.env.local` as `MCP_SERVER_TOKEN`, and the admin session is managed by Sulu’s built-in `/admin/login` endpoint.
Can I customize the template directories this bundle scans?: Yes, override the `template_dirs` configuration in `config/packages/alengo_mcp_server.yaml` to map custom paths for template types like `page`, `article`, or `block`. Default paths are relative to `%kernel.project_dir%` and align with Sulu’s standard structure.
Is there a way to disable the API entirely if needed?: Set the `MCP_SERVER_TOKEN` to an empty string in `.env.local` or configure `token: ''` in your bundle settings. The API will return a `403 Forbidden` response, effectively disabling access without modifying code.
How do I generate a secure Bearer token for MCP servers?: Use a cryptographically secure method like `openssl rand -hex 32` to generate a 32-character hex token. Store it in `.env.local` as `MCP_SERVER_TOKEN`. Avoid hardcoding tokens in configuration files or version control.
Will this bundle work with non-standard Sulu template structures?: Yes, the bundle supports custom template directories via the `template_dirs` configuration. If your Sulu setup uses non-standard paths (e.g., for custom template types), fully customize this mapping to ensure the API scans the correct locations.
Are there performance concerns with frequent API calls?: The bundle does not include built-in caching, so high request volumes (e.g., live previews) may strain filesystem I/O. Mitigate this by implementing external caching (e.g., Varnish, Redis) for `/admin/api/mcp/*` endpoints or adding a cache layer to the bundle.
Does this bundle support JSON responses instead of raw XML?: Currently, the API returns raw XML for template content. While there’s no built-in JSON conversion, you can parse the XML on the client side or extend the bundle to add a `?format=json` query parameter for backward compatibility with MCP servers.
What happens if an MCP server provides an invalid Bearer token?: The API will return a `401 Unauthorized` response if the Bearer token is missing or invalid. The Sulu admin session is also validated, so both authentication factors must be correct for access to be granted.

Popularity trends

Recorded values over time (once-a-day snapshots). May 12, 2026 – Jun 10, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

19.1

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 0

+0.0
Forks

input: 0

+0.0
Open issues + PRs

input: 0

+0.0
Releases

input: 1

+0.3
Recency

input: 28

+18.5
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 18.8

Opportunity

17.9

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

27.8
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.99

Total 17.9

License

—

Last release

May 12, 2026

Watchers

Downloads

12/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

cuci/prototurk-sdk-symfony

clementtalleu/easyadmin-markdown-bundle

codeflextech/permission-manager

karnoweb/livewire-datepicker

sayedenam/sayed-dashboard

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager