Files
mcp-mokowaas-api/docs/ARCHITECTURE.md
T
Jonathan Miller ea0a028128
Changelog Validation / Validate CHANGELOG.md (push) Has been cancelled
Standards Compliance / Secret Scanning (push) Has been cancelled
Standards Compliance / License Header Validation (push) Has been cancelled
Standards Compliance / Repository Structure Validation (push) Has been cancelled
Standards Compliance / Coding Standards Check (push) Has been cancelled
Standards Compliance / Workflow Configuration Check (push) Has been cancelled
Standards Compliance / Documentation Quality Check (push) Has been cancelled
Standards Compliance / README Completeness Check (push) Has been cancelled
Standards Compliance / Git Repository Hygiene (push) Has been cancelled
Standards Compliance / Script Integrity Validation (push) Has been cancelled
Standards Compliance / Line Length Check (push) Has been cancelled
Standards Compliance / File Naming Standards (push) Has been cancelled
Standards Compliance / Insecure Code Pattern Detection (push) Has been cancelled
Standards Compliance / Version Consistency Check (push) Has been cancelled
CodeQL Security Scanning / Analyze (actions) (push) Has been cancelled
CodeQL Security Scanning / Analyze (javascript) (push) Has been cancelled
Standards Compliance / Dead Code Detection (push) Has been cancelled
Standards Compliance / File Size Limits (push) Has been cancelled
Standards Compliance / Binary File Detection (push) Has been cancelled
Standards Compliance / TODO/FIXME Tracking (push) Has been cancelled
Standards Compliance / Code Complexity Analysis (push) Has been cancelled
Standards Compliance / Broken Link Detection (push) Has been cancelled
Standards Compliance / API Documentation Coverage (push) Has been cancelled
Standards Compliance / Accessibility Check (push) Has been cancelled
Standards Compliance / Performance Metrics (push) Has been cancelled
Standards Compliance / Code Duplication Detection (push) Has been cancelled
Standards Compliance / Unused Dependencies Check (push) Has been cancelled
Standards Compliance / Dependency Vulnerability Scanning (push) Has been cancelled
Standards Compliance / Terraform Configuration Validation (push) Has been cancelled
CodeQL Security Scanning / Security Scan Summary (push) Has been cancelled
Standards Compliance / Enterprise Readiness Check (push) Has been cancelled
Standards Compliance / Repository Health Check (push) Has been cancelled
Standards Compliance / Compliance Summary (push) Has been cancelled
Sync Version from README / Propagate README version (push) Has been cancelled
docs: add installation guide, architecture overview, and API reference
- docs/INSTALLATION.md: setup instructions, config format, troubleshooting
- docs/ARCHITECTURE.md: component overview and design decisions
- docs/API.md: complete MCP tool reference with all parameters

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-23 12:36:31 -05:00

3.2 KiB

Architecture

Overview

joomla-api-mcp is a Model Context Protocol (MCP) server that bridges AI assistants (Claude Code, Cursor, etc.) with Joomla's built-in Web Services REST API.

AI Assistant  <-->  MCP (stdio)  <-->  JoomlaClient  <-->  Joomla REST API
                                                           /api/index.php/v1

Components

src/index.ts — Server Entry Point

Registers all MCP tools with the McpServer from @modelcontextprotocol/sdk. Each tool maps to one or more Joomla API endpoints. Uses Zod schemas for input validation.

src/client.ts — HTTP Client

The JoomlaClient class handles all HTTP communication with Joomla instances:

  • Uses node:https / node:http for requests (not fetch) to support self-signed TLS certificates on Node.js 24+
  • Authenticates via Bearer token in the Authorization header
  • Sends Accept: application/vnd.api+json per Joomla's JSON:API spec
  • Includes a JSON parser that handles Joomla responses that may append HTML error fragments after valid JSON

src/config.ts — Configuration Loader

Loads connection details from ~/.joomla-api-mcp.json. Supports multiple named connections with a configurable default.

src/types.ts — Type Definitions

TypeScript interfaces for JoomlaConnection, JoomlaConfig, and ApiResponse.

scripts/setup.mjs — Interactive Setup

Node.js script using readline/promises that walks users through creating the config file. Supports adding multiple connections incrementally.

Design Decisions

Why node:https instead of fetch?

Node.js 24's built-in fetch (undici-based) does not honor NODE_TLS_REJECT_UNAUTHORIZED=0 for self-signed certificate bypass. The classic node:https module with rejectUnauthorized: false works reliably across all Node.js versions.

Why JSON recovery parsing?

Joomla's API sometimes returns valid JSON with text/html content-type, and may append HTML error fragments (e.g. template errors) after the JSON body. The tryParseJson method handles this by finding the last valid JSON boundary when standard parsing fails.

Why per-connection API tokens?

Each Joomla site requires its own API token scoped to a specific user. Multi-site support is a core use case — managing staging, production, and dev environments from a single MCP server.

Data Flow

  1. AI assistant sends a tool call via MCP stdio transport
  2. index.ts validates parameters with Zod and resolves the connection
  3. JoomlaClient constructs the API URL, attaches auth headers, and makes the HTTP request
  4. Response is parsed (with JSON recovery if needed) and returned as MCP tool output

Revision History

Date Version Author Notes
2026-04-23 0.0.1 jmiller Initial architecture document