Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Mcp
Assessments

Mcp Laravel Package

laravel/mcp

Build MCP servers in Laravel so AI clients can securely interact with your app via the Model Context Protocol. Quick setup, Laravel-native conventions, and official Laravel documentation support for exposing tools, resources, and prompts to MCP-compatible clients.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

Laravel MCP is a highly specialized package designed to integrate Model Context Protocol (MCP) into Laravel applications, enabling AI clients to interact with Laravel APIs via structured JSON-RPC and OAuth2-based tool registration. Its architecture aligns well with:

  • Laravel-first applications requiring AI integration (e.g., AI agents, LLMs, or tool-based workflows).
  • Microservices or API-driven Laravel apps where tools need to be dynamically registered and invoked.
  • OAuth2/OIDC workflows, given MCP’s built-in support for OAuth client registration and discovery.
  • Real-time or streaming interactions (e.g., completions, structured responses) via JSON-RPC.

Key architectural strengths:

  • Decoupled tool registration: Tools are defined as Laravel resources with annotations or attributes, enabling modularity.
  • Protocol-aware: Supports MCP’s latest spec (2025-11-25) with features like structured content, resource templates, and OAuth2 compliance.
  • Laravel ecosystem integration: Leverages Laravel’s routing, middleware, and service container, reducing boilerplate.
  • Extensible: Supports custom content types (images, audio, HTML), JSON-RPC primitives, and client-side reuse.

Potential misfits:

  • Non-AI use cases: If the goal is traditional REST/gRPC APIs without AI tooling, MCP may be overkill.
  • Legacy Laravel versions: Requires Laravel 10+ (PHP 8.2+) and drops PHP 8.1 support.
  • Highly dynamic tooling: If tools are generated at runtime (e.g., via plugins), MCP’s static registration may need workarounds.

Integration Feasibility

Integration Aspect Feasibility Notes
Laravel Core High Designed for Laravel; integrates with routing, middleware, and service container.
OAuth2/OIDC High Built-in OAuth client registration and discovery.
JSON-RPC High Supports requests/responses, notifications, and streaming.
Tool Registration Medium-High Requires defining tools as resources (annotations/attributes) or via Mcp::tool().
Authentication High Supports MCP session IDs, OAuth2, and tool-specific auth.
Content Types Medium Supports structured JSON, images, audio, and HTML (via MCP UI App).
Testing High Includes test utilities for resources, URI templates, and JSON-RPC.
Octane/Real-Time Medium Streaming support exists but may need tuning for high-throughput scenarios.
Custom Protocols Low MCP-specific; extending beyond JSON-RPC/OAuth2 requires significant effort.

Key dependencies:

  • Laravel 10+ (PHP 8.2+).
  • OAuth2 server (e.g., Laravel Passport, Fortify) for tool registration.
  • Storage system (e.g., S3, local) for image/audio content types.

Technical Risk

Risk Area Severity Mitigation Strategy
Protocol Drift Medium MCP is evolving (e.g., spec updates in 2025). Monitor MCP spec and Laravel MCP releases.
Tool Registration Complexity Medium Requires understanding of MCP’s Tool and Resource definitions. Use stubs and docs.
Performance Overhead Low-Medium JSON-RPC and OAuth2 add latency. Benchmark under load; consider Octane for high-throughput.
Security Misconfigurations High OAuth2 misconfigurations (e.g., loose client registration) could expose APIs. Use Laravel’s auth guards and MCP’s validation.
Content Type Limitations Low Limited to MCP-supported types (JSON, images, audio, HTML). Custom types require extension.
Debugging Medium MCP Inspector CLI helps, but JSON-RPC errors may need deep inspection of request/response payloads.
Vendor Lock-in Low MCP is a standard; migration to another MCP server would be straightforward.

Critical questions for the TPM:

  1. Tool Lifecycle: How dynamic are tools? Are they pre-defined or generated at runtime?
  2. Auth Strategy: Will tools use OAuth2, API tokens, or MCP sessions? Does the existing auth system (e.g., Passport) support MCP?
  3. Content Needs: Are non-JSON responses (images/audio/HTML) required? If so, is the storage system compatible?
  4. Scaling: Will tools be invoked at high frequency? How will rate-limiting be handled?
  5. Fallbacks: What’s the plan if MCP servers fail? Are there REST/gRPC fallbacks?
  6. Compliance: Are there regulatory requirements (e.g., GDPR) for tool interactions or OAuth2 flows?

Key Questions for Stakeholders

  1. Business Goals:
    • What AI agents/tools will interact with the Laravel app? (e.g., internal agents, third-party LLMs).
    • Are there SLAs for tool response times or availability?
  2. Technical Constraints:
    • Can the team commit to maintaining MCP-specific code (e.g., tool definitions, OAuth2 configs)?
    • Are there existing auth systems (e.g., Passport) that must be integrated?
  3. Future-Proofing:
    • Should the architecture support multiple protocol versions (e.g., MCP 2024 vs. 2025)?
    • Are there plans to extend beyond MCP (e.g., OpenAPI, gRPC)?
  4. Monitoring:
    • How will tool invocations, errors, and performance be logged/observed?
  5. Cost:
    • Are there licensing costs for MCP-compatible AI clients or storage (e.g., for media content)?

Integration Approach

Stack Fit

Laravel MCP is optimized for:

  • Laravel 10/11 applications with PHP 8.2+.
  • API-first Laravel apps (e.g., Laravel Sanctum, Passport, or custom API routes).
  • AI/agent integrations where tools need to be dynamically registered and invoked.
  • OAuth2/OIDC workflows (e.g., tool authentication via Laravel Passport).

Compatibility Matrix:

Stack Component Compatibility Notes
Laravel Framework High Tested on Laravel 10/11; requires PHP 8.2+.
Laravel Passport High OAuth2 client registration is built on Passport’s endpoints.
Laravel Sanctum Medium Sanctum’s token-based auth can coexist but requires MCP session ID handling.
Laravel Octane Medium Streaming support exists but may need tuning for high concurrency.
Database High No direct DB dependencies; tools/resources are defined in code.
Storage (S3, etc.) High Required for image/audio content types.
Queue Workers Medium Async tool processing is possible but not a core feature.
Third-Party AI Clients High Any MCP-compatible client (e.g., LangChain, CrewAI) will work.

Migration Path

Phase 1: Assessment (2-4 weeks)

  1. Audit Existing APIs:
    • Identify candidate tools/resources that could be MCP-enabled.
    • Map current auth flows (e.g., API tokens, OAuth2) to MCP’s requirements.
  2. Prototype Tool Registration:
    • Define 1-2 tools using MCP’s #[Tool] attribute or Mcp::tool().
    • Test registration via mcp:register CLI or manual OAuth2 flow.
  3. Evaluate Auth Integration:
    • Test OAuth2 client registration with Laravel Passport/Sanctum.
    • Verify session handling (e.g., MCP-Session-Id header).

Phase 2: Core Integration (4-8 weeks)

  1. Set Up MCP Server:
    • Install package: composer require laravel/mcp.
    • Publish configs/stubs: php artisan vendor:publish --provider="Laravel\Mcp\McpServiceProvider".
    • Configure config/mcp.php (e.g., host, port, protocol version).
  2. Define Tools/Resources:
    • Convert existing API endpoints or business logic into MCP tools using:
      • Annotations: #[Tool], #[Resource].
      • Attributes: Mcp::tool()->name()->description()->action().
    • Example: 
      use Laravel
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope
anil/file-picker
broqit/fields-ai