50 lines
2.1 KiB
Markdown
50 lines
2.1 KiB
Markdown
# @mintel/payload-mcp-chat
|
|
|
|
A powerful, native AI Chat plugin for Payload CMS v3 with fine-grained Model Context Protocol (MCP) tool execution permissions.
|
|
|
|
Unlike generic MCP plugins, this package builds the core tool adapter *inside* Payload via the Local API. This allows Administrators to explicitly dictate exactly which tools, collections, and external MCP servers specific Users or Roles can access.
|
|
|
|
## Features
|
|
|
|
- **Floating AI Chat Pane:** Exists universally across the Payload Admin Panel.
|
|
- **Native Local API Tools:** AI automatically gets tools to read/create/update documents.
|
|
- **Strict Role-Based AI Permissions:** A custom `AIChatPermissions` collection controls what the AI is allowed to execute on behalf of the current logged-in user.
|
|
- **Flexible External MCP Support:** Connect standard external MCP servers (via HTTP or STDIO) and seamlessly make their tools available to the Chat window, all wrapped within the permission engine.
|
|
- **Vercel AI SDK Integration:** Powered by the robust `ai` package using reliable streaming protocols.
|
|
|
|
## Installation
|
|
|
|
```bash
|
|
pnpm add @mintel/payload-mcp-chat @modelcontextprotocol/sdk ai
|
|
```
|
|
|
|
## Setup
|
|
|
|
Wrap your payload config with the plugin:
|
|
|
|
```typescript
|
|
// payload.config.ts
|
|
import { buildConfig } from 'payload'
|
|
import { payloadMcpChatPlugin } from '@mintel/payload-mcp-chat'
|
|
|
|
export default buildConfig({
|
|
// ... your config
|
|
plugins: [
|
|
payloadMcpChatPlugin({
|
|
enabled: true,
|
|
// optional setup config here
|
|
})
|
|
]
|
|
})
|
|
```
|
|
|
|
## Permissions Model
|
|
|
|
The plugin automatically registers a Global (or Collection depending on setup) called **AI Chat Permissions**.
|
|
Here, an Admin can:
|
|
1. Select a `User` or define a `Role`.
|
|
2. Select which Payload Collections they are allowed to manage via AI.
|
|
3. Select which registered external MCP Servers they are allowed to use.
|
|
|
|
If a user asks the AI to update a user's password, and the `users` collection is not checked in their AI Chat Permission config, the AI will not even receive the tool to perform the action. If it hallucinates the tool, the backend will strictly block it.
|