Skip to main content

Kuroco Skills Reference

This page provides a detailed description of the 5 skills included in Kuroco Skills.

kuroco-docs - Documentation search

A skill that assists with searching and referencing Kuroco official documentation.

Features

  • Cross-search of official documentation bundled with the plugin
  • Quick reference organized by purpose (API, authentication, frontend, content management, etc.)

Example queries

"I want to know how to configure endpoints in Kuroco"
"Show me the login API specification"
"How do I write filter queries?"

Bundled documentation structure

DirectoryContent
tutorials/How-to guides, implementation steps, sample code
reference/API settings, Smarty plugins, filter queries
management/Detailed descriptions of admin panel features
faq/Frequently asked questions and answers
about/Kuroco overview, pricing plans, limitations, glossary
troubleshooting/Error resolution and diagnostic guides
information/Announcements and release information
update/Update information

kuroco-api-content - API integration & content management

A skill that provides best practices for Kuroco API design, implementation, and content management (CRUD operations). This skill consolidates the former kuroco-api-integration and kuroco-content-management skills.

Features

API integration:

  • Endpoint design patterns (URL structure, key models, operations)
  • 3 authentication methods (Cookie / Token / StaticToken)
  • CORS settings, caching strategies, rate limiting
  • Error handling patterns

Content management:

  • Content structure (Topics / TopicsGroup / TopicsCategory)
  • Custom fields (ext_col) setup and usage
  • Topics API operations (list / details / insert / update / delete / bulk_upsert)
  • Filter query syntax and usage
  • File uploads, CSV import/export

Example queries

"I want to implement login with Kuroco API"
"How do I use token authentication?"
"I'm getting a CORS error. How do I configure it?"
"I want to create a content definition in Kuroco"
"How do I get a list of articles via API?"
"I want to filter articles by a specific category"

Keywords

Kuroco API endpoint settings authentication CORS Cookie authentication Token authentication StaticToken JWT rate limiting credentials include 401 error 403 error 429 error pageInfo pagination content definition Topics category WYSIWYG file upload CSV import ext_col filter order_by bulk_upsert topics_flg custom fields

Authentication method comparison

MethodRecommended use caseFeatures
Cookie authenticationWeb appsSession-based. credentials: 'include' required
Token authenticationMobile appsJWT-based. Token in header
StaticToken authenticationServer-to-serverFixed token. Configured in admin panel

Filter query basic syntax

OperatorExample
=, !=filter=category_id = 1
>, >=, <, <=filter=ymd >= '2024-01-01'
containsfilter=subject contains 'keyword'
in, not_infilter=category_id in [1, 2, 3]

kuroco-frontend-integration - Frontend integration & AI deployment

A skill that provides integration patterns for Kuroco with Nuxt.js / Next.js, and AI automated deployment workflows. This skill now includes the former kuroco-ai-deployment skill.

For a hands-on tutorial, see the Kuroco Sample Site Tutorial.

Features

Frontend integration:

  • Integration patterns for Nuxt 3 / Nuxt 2 / Next.js (App Router / Pages Router)
  • Environment variables, project structure examples
  • Authentication implementation (login / logout / auth check / signup)
  • SSG / SSR configuration
  • KurocoPages integration
  • Third-party cookie issue solutions

AI automated deployment:

  • Deployment workflow (site registration → build → upload → deploy)
  • Temporary file upload using presigned URLs
  • Preview deploy / production deploy
  • Automatic framework detection (Nuxt / Next.js / Vite)

Example queries

"I want to display Kuroco content with Nuxt3"
"How do I implement authentication with Next.js and Kuroco?"
"I want to generate a static site with SSG"
"Login doesn't work on Safari (cookie issue)"
"I want to auto-deploy a Kuroco site"
"I want to deploy to a preview environment first"

Keywords

Nuxt3 Next.js App Router SSG SSR useAsyncData $fetch composable useAuth KurocoPages credentials include third-party cookies AI automated deployment add_site temp-upload presigned URL kuroco_front/deploy artifact_url stage_url CI/CD

Framework recommendations

FrameworkRecommended use case
Nuxt.js 3.xNew Vue projects (recommended)
Nuxt.js 2.xExisting Vue projects
Next.js 13+ (App Router)New React projects
Next.js (Pages Router)Existing React projects

Deployment workflow

1. Site registration  → admin_api (add_site)
2. Frontend build     → npm run build / nuxt generate
3. Upload             → presigned URL → S3
4. Deploy             → admin_api (KurocoFront deploy)
5. Complete           → stage_url (preview) or production_url

kuroco-server-processing - Smarty plugins & batch processing

A skill that provides a complete reference for Kuroco Smarty templates and automation patterns using batch processing, webhooks, and triggers. This skill consolidates the former kuroco-smarty-plugins and kuroco-webhook-processing skills.

Features

Smarty plugin reference:

  • Complete reference for 206 plugins
  • Category index (API / string / array / form / auth / integration / file / Vue.js)
  • Smarty basic syntax (variable assignment, loops, conditionals, modifiers)
  • Security settings (IF_FUNCS / MODIFIER_FUNCS)

Batch processing & webhooks:

  • Batch processing setup and execution frequency
  • Internal API calls (api_internal)
  • External API calls (api_request)
  • Trigger processing (on content update / on form submission)
  • External service integration (Slack / email / GitHub Actions)

Example queries

"I want to get and display a list of articles with Smarty"
"How do I use the sendmail plugin?"
"How do I parse JSON in Smarty?"
"I want to generate CSV daily with batch processing"
"I want to send a Slack notification when content is updated"
"I want to trigger a deploy via GitHub Actions"

Keywords

Smarty plugin Smarty function Smarty modifier assign foreach escape date_format api_internal sendmail slack_post_message ai_completion write_file batch processing Webhook scheduled execution cron Slack notification GitHub Actions api_request trigger custom function

Category reference

CategoryKey plugins
API & data retrievalapi_internal, assign_topics_list, assign_tag_list
String processingescape, truncate, date_format, translate
Array operationscount, in_array, implode, explode
Form & UIfileupload, inquiry_input, pager
Auth & permissionsrcms_auth, login, logout
External integrationsendmail, slack_post_message, ai_completion
File operationswrite_file, put_file, read_file
Vue.js integrationrcms_vue_component, head_include

Batch processing frequency

FrequencyUse case
Every 15 minutesWhen frequent sync is needed
Every 30 minutesNear-real-time processing
Every hourPeriodic aggregation and updates
Daily (specified time)Daily reports, backups

kuroco-admin-api - Management API operations

A skill for operating the Kuroco management API (admin_api) via CLI (kuroco-admin). It enables API execution, exploration, and schema retrieval through Bash tool commands.

Features

  • 5 admin_api meta actions (whoami / discover / schema / advise / execute)
  • Authentication via kuroco-admin login (session cookies in ~/.kuroco-admin/cookies.txt, mode 0o600)
  • API exploration (discover action / advise action)
  • CLI-based API execution with --columns response filtering

Example queries

"Create content via the management API"
"Show me the content definitions for this site"
"Get member information via management API"
"Execute an API operation from the terminal"

Keywords

admin_api management API kuroco-admin admin CLI discover advise Topics creation Member registration

Prerequisites

  • Bun runtime must be installed
  • kuroco-admin CLI must be built or added to PATH
  • Must be logged in via kuroco-admin login --url <admin panel URL>, or KUROCO_ADMIN_URL / KUROCO_ADMIN_COOKIE environment variables must be set

admin_api request shape

The gateway uses a top-level action parameter to select a meta endpoint. When action is omitted, the request is dispatched to a module/controller (or service) executor — the controller's own MODE=INSERT/UPDATE/DELETE is unrelated and orthogonal to action.

actionMethodDescriptionUse case
whoamiGETGet session info: member_id, name1, name2, group_ids, expiresAtAuth check
discoverGETList all available admin controllers and servicesUnderstand API structure
schemaGETRequest/response schema for a specific controller or serviceCheck parameter specifications (supports MODE=<title> to filter oneOf variants)
zod_schemaGETRaw Zod schema JavaScript content for external consumersRe-use schemas in frontend/admin tooling
advisePOSTAI-powered API recommendation from a natural-language requestDescribe what you want, get API steps and parameters
(none)GET / POSTDispatch to module + controller (+ MODE for write controllers)Execute the actual admin API

Security considerations

  • Do not display or log cookie values (~/.kuroco-admin/cookies.txt is protected with mode 0o600)
  • Do not show --verbose output to users (HTTP headers contain cookie values)
  • Always confirm with user before change operations (INSERT / UPDATE / DELETE)
  • Use --dry-run to preview write operations before execution
  • File saving of API responses requires user consent (may contain personal information)

Admin MCP Server

In addition to the CLI, Kuroco exposes the same admin operations as a JSON-RPC 2.0 MCP server, available at /direct/rcms_api/admin_mcp/. MCP-aware clients can register the endpoint directly — no CLI build is required.

Authentication

Authentication mode is selected by the request host:

HostModeNotes
ROOT_MNG_URLAdmin session cookieSame login flow as the admin UI; restored automatically by direct.php.
ROOT_API_URLBearer token (Authorization header)Accepts OAuth IdP access tokens (target_domain=AdminMCP, audience-bound per RFC 8707) or privileged static tokens (api_id=-1) issued via AdminMCPServer::generateToken() for tools without OAuth handshake support.

401 responses include an RFC 6750 WWW-Authenticate challenge that points to the protected-resource metadata document:

/.well-known/oauth-protected-resource/direct/rcms_api/admin_mcp/

This endpoint is public (no authentication required) and lets MCP clients discover the Authorization Server. It is also reachable via ?MODE=protected_resource_metadata.

Module-scoped MCP servers

Path segments after /admin_mcp/ bundle one or more admin modules into a single MCP server (one credential per agent), modeled on the GitHub MCP /x/<csv>/readonly pattern:

POST /direct/rcms_api/admin_mcp/                                     # All tools (admin/discovery only)
POST /direct/rcms_api/admin_mcp/x/topics_group_1,topics_group_5,member,services
POST /direct/rcms_api/admin_mcp/x/topics_group_1,topics_group_5/readonly
POST /direct/rcms_api/admin_mcp/x/topics_group                       # Group definition CRUD

Recognized CSV entries (same identifiers as t_ai_agent.admin_mcp_modules):

EntryMeaning
topics_group_<N>Topics record controllers scoped to topics_group_id = N. The constructor surfaces N in each tool's topics_group_id enum and rejects calls outside the allowed list.
topicsSame as above with no group restriction. Useful only for admin discovery — tool calls are rejected.
topics_groupGroup definition management (CRUD on t_topics_group).
servicesService models (Email, Slack, etc.).
<mt>Any other admin module (member, ec, batch, etc.).

When modules are specified:

  • Write controllers are split by MODE (INSERT / UPDATE / DELETE)
  • Read controllers are filtered out when the module has zero records
  • Only INSERT is shown for empty modules

Appending /readonly to the path removes write tools from the listing.

Module discovery (REST)

GET /direct/rcms_api/admin_mcp/?MODE=tools

Returns:

{
  "modules": [
    {"module": "topics",   "type": "controller", "tool_count": 8},
    {"module": "member",   "type": "controller", "tool_count": 5},
    {"module": "services", "type": "service",    "tool_count": 4}
  ]
}

MCP protocol surface

JSON-RPC 2.0 over HTTP POST. Supported methods:

MethodDescription
initializeHandshake and protocol version negotiation
notifications/initializedClient ready notification
pingConnection check
tools/listList available admin tools (scoped by module)
tools/callExecute an admin tool by name

Tool naming uses a folded {mt}-{verb} form. Controller suffix + MODE are mapped to a verb (e.g. INSERTcreate, _list_apilist):

SurfacePatternExample
List controller ({mt}_list_api), no MODE{mt}-listtopics-list
List controller with MODE{mt}-{mode}topics-accept
List controller, bulk MODE (DELETE etc.){mt}-bulk_{mode}topics-bulk_delete
Specialized list ({mt}_{spec}_list_api){mt}-{spec}_listtopics-waiting_for_approval_list
Edit controller, INSERT{mt}-createtopics-create
Edit controller, UPDATE{mt}-updatetopics-update
Edit controller, DELETE{mt}-deletetopics-delete
Edit controller, VALIDATE{mt}-validatetopics-validate
Sub-entity controller (e.g. topics_group_edit_api){mt}-{sub}-{verb}topics-group-create
Fetch helper{mt}-fetchtopics-fetch
Topics-only describe toolhardcodedtopics-describe
Service method{mt}-{method}Email-send

The complete tool list depends on which controllers your modules expose. Issue a JSON-RPC tools/list against the scoped URL to enumerate.

Example call:

POST /direct/rcms_api/admin_mcp/x/topics_group_1
Authorization: Bearer <token>
Content-Type: application/json

{"jsonrpc":"2.0","method":"tools/call",
 "params":{"name":"topics-create",
           "arguments":{"subject":"Hello","topics_group_id":1}},
 "id":3}

Choosing CLI vs MCP

Use caseRecommendation
Local interactive development with admin loginAdmin CLI (kuroco-admin)
Claude Code / Claude Desktop with native MCP supportAdmin MCP Server
CI / unattended agents with rotated tokensAdmin MCP Server (privileged static token)
End-user authorization flows (delegated access)Admin MCP Server (OAuth IdP, target_domain=AdminMCP)
Mixed shell scripting and ad-hoc CLI pipingAdmin CLI (kuroco-admin)
Billing applies to both paths

/direct/rcms_api/admin_api/ and /direct/rcms_api/admin_mcp/ are both routed under /direct/ and are billable in Kuroco. Use module-scoped MCP URLs and /readonly whenever possible to limit unintended write traffic.

Client CLI

For CLI-based access to Kuroco Client API, a separate Client CLI (kuroco-client) is also available. See Kuroco AI Architecture for details.

Support

If you have any other questions, please contact us or check out Our Slack Community.

Contact form
Join Kuroco Slack community