AI Connect for XenForo — WebMCP Protocol Bridge
Connect any MCP-compatible AI agent (Claude, ChatGPT, Cursor, and more)
directly to your XenForo forum using the WebMCP open protocol with
secure OAuth 2.0 + PKCE authentication.
How it works
AI agents discover your forum's capabilities via a standard
/.well-known/mcp.json manifest, authenticate via OAuth 2.0, and then
call MCP tools to read and interact with your forum — just like a
human user would, but programmatically.
Free Version — Included Tools
| Tool | Description |
|------|-------------|
|
|
|
|
|
Authentication
PRO Version (coming soon)
Advanced moderation and management tools:
Learn more about PRO at ai-connect.gold-t.co.il
Requirements
github.com/chgold/xf-ai-connect
Télécharger V1.1.9 :
Télécharger V1.2.21 :
Télécharger V1.2.26 :
Connect any MCP-compatible AI agent (Claude, ChatGPT, Cursor, and more)
directly to your XenForo forum using the WebMCP open protocol with
secure OAuth 2.0 + PKCE authentication.
How it works
AI agents discover your forum's capabilities via a standard
/.well-known/mcp.json manifest, authenticate via OAuth 2.0, and then
call MCP tools to read and interact with your forum — just like a
human user would, but programmatically.
Free Version — Included Tools
| Tool | Description |
|------|-------------|
|
xenforo.searchThreads | Search threads by keyword, forum, date ||
xenforo.getThread | Retrieve full thread with posts ||
xenforo.searchPosts | Search posts across the forum ||
xenforo.getPost | Retrieve a single post ||
xenforo.getCurrentUser | Get authenticated user info |Authentication
- OAuth 2.0 Authorization Code + PKCE flow
- Bearer token support
- Built-in rate limiting
PRO Version (coming soon)
Advanced moderation and management tools:
xenforo.moderatePost— approve, reject, delete postsxenforo.banUser— ban/unban usersxenforo.moveThread— move threads between forumsxenforo.getForumStats— analytics and statistics- Priority support
Learn more about PRO at ai-connect.gold-t.co.ilRequirements
- XenForo 2.2.0+
- PHP 7.2+
- HTTPS recommended for OAuth flow
github.com/chgold/xf-ai-connect
Télécharger V1.1.9 :
Pour consulter le contenu, vous devez : Se connecter ou S'inscrire.
v1.2.10–1.2.21 — Permission system, personalised prompt, security fixes
### Version 1.2.21 — 2026-04-14
* Fixed: Users with
### Version 1.2.20 — 2026-04-14
* Fixed: Navigation link and footer icon are now automatically hidden for users/groups with
### Version 1.2.19 — 2026-04-14
* Fixed: PRO tool phrases were incorrectly stored under the free addon's
### Version 1.2.17 — 2026-04-14
* Added: Admin CP visual permission UI — per-tool rows grey out automatically when
### Version 1.2.14 — 2026-04-13
### Version 1.2.21 — 2026-04-14
* Fixed: Users with
useTools = Never can no longer access the AI Connect info page or generate tokens### Version 1.2.20 — 2026-04-14
* Fixed: Navigation link and footer icon are now automatically hidden for users/groups with
useTools = Never### Version 1.2.19 — 2026-04-14
- Fixed: Admin CP permission greying now works on fresh installs — switched to direct click listeners matching XenForo's own
PermissionChoiceapproach - Fixed:
js/chgold/aiconnect/admin-permissions.jswas missing from the release ZIP on fresh installs (addedbuild.jsonwithadditional_files)
* Fixed: PRO tool phrases were incorrectly stored under the free addon's
addon_id, causing XenForo phrase validation errors (a-z, A-Z, 0-9, _ only) on fresh installs of external sites### Version 1.2.17 — 2026-04-14
- Added: Generic prompt metadata system — each module declares its own
getToolPromptMeta()so future tools appear automatically in thepersonalised prompt - Improved: buildPersonalizedPrompt() collects tool hints and URL examples from modules at runtime instead of a hardcoded table
- Security:
allowUnauthenticatedAccess()returningfalseadded to the Tools API controller — unauthenticated tool execution is now explicitly blocked at the framework level - Fixed: Admin CP permission JS file path corrected to
js/chgold/aiconnect/admin-permissions.jsper XenForo static file conventions
* Added: Admin CP visual permission UI — per-tool rows grey out automatically when
useTools is set to Never, matching XenForo's native depend_permission_id behaviour### Version 1.2.14 — 2026-04-13
- Added: Permission-aware manifest — authenticated requests to
/api/aiconnect-manifestreturn only tools the token owner can use; anonymous requests return the full list for discovery - Added: Permission-aware prompt generator —
/ai-connect/generate-tokenreturns a personalised prompt filtered to accessible tools
- Added: Full 3-tier permission system:
viewAiConnect,useTools(master switch), per-package (use_package_{id}), per-tool (tool_{module}_{tool}) - Added: Two Admin CP permission interface groups: AI Connect and AI Connect — Tools
- Added:
syncToolPermissions()andsyncPackagePermissions()— auto-registered on install/upgrade; third-party addons can hook in viaai_connect_sync_tool_permissions
- Added:
viewNavLinkpermission for controlling navigation link visibility per user group - Added: Session-based OAuth flow (
/api/aiconnect-oauth/start+/api/aiconnect-oauth/poll) - Fixed: Footer template uses
link()andbase_url()instead of hardcoded paths
Pour consulter le contenu, vous devez : Se connecter ou S'inscrire.
Version 1.2.26 — Permission system overhaul, Admin CP visual improvements, and critical bug fixes.
Critical Fixes
New Features
Permission Logic Changes
Upgrade Notes
Critical Fixes- Fixed: allowUnauthenticatedRequest must be public — PHP fatal error on every tool API call. The method visibility was protected instead of public, causing a crash when XenForo's API framework invoked it.
- Fixed: Missing permissions after upgrade —
useToolsandviewAiConnectcould silently disappear from the database after an addon upgrade or manual admin panel reset. The installer now restores missing or "unset" critical permissions on every upgrade while preserving explicit admin choices (Allow/Deny).
New Features- Three-state permission greying in Admin CP— The permission editor now shows three visual states for per-tool permissions:
- Allow — normal (white, interactive)
- Not Set — dimmed (60% opacity, help cursor, tooltip: "No effect while master switch is Not Set")
- Never — disabled (35% opacity, clicks blocked, tooltip: "Blocked by Never")
useTools) is set to Allow. - Info page permission-aware display— The
/ai-connectpage now shows context-appropriate messages instead of a generic 403 error:- Users with
useTools: full page with Generate Token button - Logged-in without permission: page with "You do not have permission" message
- Anonymous (toggle ON): page with "Log in to generate a token" link
- Anonymous (toggle OFF): standard 403
- Users with
- Permission descriptions in Admin CP —
viewAiConnectnow shows an explanatory note: "Controls visibility for guests only. Requires the navigation toggle to be enabled."
Permission Logic Changes- Navigation link: Anonymous users see the link when
aiconnect_nav_top isON +viewAiConnect= Allow. Logged-in users needuseToolspermission. - Info page access: Logged-in users always reach the page (template handles the message). Anonymous users are gated by the navigation toggle.
- Token generator + OAuth section: Only shown to users with
useToolspermission.
Upgrade Notes- Standard addon upgrade:
php cmd.php xf:addon-upgrade chgold/AIConnect - If you previously had permission issues (403 on info page, missing nav link), this version auto-repairs the default permissions on upgrade.
- Clear browser cache to see the updated Admin CP permission greying (JS change).
Pour consulter le contenu, vous devez : Se connecter ou S'inscrire.
![[XFSkins] Thread Title Case 1.0.2](https://www.societyfrenchmodding.net/data/attachments/12/12067-08426f126c35dd8a3a22dd9a8c326a12.jpg){kind=small}
