Expose Django admin models to MCP (Model Context Protocol) clients via HTTP. Add a mixin to your ModelAdmin classes and get instant access to CRUD operations, admin actions, model history, and more.
- 📦 Zero dependencies — only Django and Pydantic required
- 🔐 Token authentication — secure Bearer token auth with configurable expiry
- 🛡️ Django admin permissions — respects existing view/add/change/delete permissions
- 🔒 Field filtering — control which fields are exposed via
mcp_fieldsandmcp_exclude_fields - 📝 Full CRUD — list, get, create, update, delete operations
- ⚡ Admin actions — execute registered Django admin actions
- 📦 Bulk operations — create, update, or delete multiple records at once
- 🔍 Model introspection — describe model fields and relationships
- 🔗 Related objects — traverse foreign keys and reverse relations
- 📜 Change history — access Django admin's history log
- 🔎 Autocomplete — search suggestions for foreign key fields
pip install django-admin-mcpAdd to your Django project:
# settings.py
INSTALLED_APPS = [
'django_admin_mcp',
# ...
]
# urls.py
from django.urls import path, include
urlpatterns = [
path('mcp/', include('django_admin_mcp.urls')),
# ...
]Run migrations to create the token model:
python manage.py migrate django_admin_mcpAdd the mixin to any ModelAdmin. Set mcp_expose = True to expose direct tools:
from django.contrib import admin
from django_admin_mcp import MCPAdminMixin
from .models import Article, Author
@admin.register(Article)
class ArticleAdmin(MCPAdminMixin, admin.ModelAdmin):
mcp_expose = True # Exposes list_article, get_article, etc.
list_display = ['title', 'author', 'published']
@admin.register(Author)
class AuthorAdmin(MCPAdminMixin, admin.ModelAdmin):
pass # Discoverable via find_models, no direct toolsUse mcp_exclude_fields to prevent sensitive data exposure:
@admin.register(User)
class UserAdmin(MCPAdminMixin, admin.ModelAdmin):
mcp_expose = True
# Never expose sensitive fields via MCP
mcp_exclude_fields = ['password', 'security_token']Go to Django admin at /admin/django_admin_mcp/mcptoken/ and create a token. Tokens can optionally be tied to users, groups, or have direct permissions assigned.
Add to your MCP client settings (~/.claude/claude_desktop_config.json or project .mcp.json):
{
"mcpServers": {
"django-admin": {
"url": "http://localhost:8000/mcp/",
"headers": {
"Authorization": "Bearer YOUR_TOKEN"
}
}
}
}Once configured, the agent can use the tools directly:
User: What models are available in Django admin?
Agent: [calls find_models tool]
User: Show me the latest 10 articles
Agent: [calls list_article with limit=10]
User: Get article #42 and update its title to "New Title"
Agent: [calls get_article with id=42, then update_article]
For each exposed model (e.g., Article), the following tools are generated:
| Tool | Description |
|---|---|
list_article |
List all articles with pagination (limit, offset) and filtering |
get_article |
Get a single article by id |
create_article |
Create a new article with field values |
update_article |
Update an existing article by id |
delete_article |
Delete an article by id |
| Tool | Description |
|---|---|
find_models |
Discover all exposed models and their available tools |
describe_article |
Get field definitions, types, and constraints |
| Tool | Description |
|---|---|
actions_article |
List available admin actions for the model |
action_article |
Execute an admin action on selected records |
bulk_article |
Bulk create, update, or delete multiple records |
| Tool | Description |
|---|---|
related_article |
Get related objects via foreign keys |
history_article |
View Django admin change history |
autocomplete_article |
Search suggestions for autocomplete fields |
For custom integrations, the MCP endpoint accepts POST requests:
# List available tools
curl -X POST http://localhost:8000/mcp/ \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-d '{"method": "tools/list"}'
# Call a tool
curl -X POST http://localhost:8000/mcp/ \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "name": "list_article", "arguments": {"limit": 10}}'User: Create a new article titled "Getting Started with Django"
Agent: I'll create that article for you.
[calls create_article with title="Getting Started with Django"]
Created article #15: "Getting Started with Django"
User: Update article 15 to add content
Agent: [calls update_article with id=15, content="..."]
Updated article #15 successfully.
User: Delete article 15
Agent: [calls delete_article with id=15]
Deleted article #15.
User: Mark articles 1, 2, and 3 as published
Agent: [calls action_article with action="mark_as_published", ids=[1,2,3]]
Marked 3 articles as published.
User: Set status to "archived" for articles 10-15
Agent: [calls bulk_article with operation="update", ids=[10,11,12,13,14,15], data={"status": "archived"}]
Updated 6 articles.
User: Delete all draft articles from last month
Agent: [calls list_article to find drafts, then bulk_article with operation="delete"]
Deleted 12 draft articles.
User: Show me all comments on article 42
Agent: [calls related_article with id=42, relation="comments"]
Found 8 comments on article #42...
User: What changes were made to article 42?
Agent: [calls history_article with id=42]
Change history for article #42:
- 2024-01-15: Changed title (admin)
- 2024-01-10: Created (admin)
User: What can I manage through MCP?
Agent: [calls find_models]
Available models:
- article (5 tools: list, get, create, update, delete)
- author (5 tools: list, get, create, update, delete)
- category (5 tools: list, get, create, update, delete)
User: What fields does article have?
Agent: [calls describe_article]
Article fields:
- id (AutoField, read-only)
- title (CharField, max_length=200, required)
- content (TextField, optional)
- author (ForeignKey to Author, required)
- published (BooleanField, default=False)
- created_at (DateTimeField, auto)
Models with MCPAdminMixin are automatically discoverable via the find_models tool, allowing the agent to see what's available. To expose full CRUD tools directly, set mcp_expose = True:
# Discoverable via find_models only
class AuthorAdmin(MCPAdminMixin, admin.ModelAdmin):
pass
# Full tools exposed (list_article, get_article, etc.)
class ArticleAdmin(MCPAdminMixin, admin.ModelAdmin):
mcp_expose = True- 🎫 Tokens are created in Django admin
- 👤 Tokens can be associated with a user, groups, or have direct permissions
- 🚫 Tokens without any permissions have no access (principle of least privilege)
- ⏰ Token expiry is configurable (default: 90 days)
- 🗑️ Revoke tokens by deleting them in admin
All operations respect Django admin permissions:
| Operation | Required Permission |
|---|---|
list_* / get_* |
👁️ view |
create_* |
➕ add |
update_* |
✏️ change |
delete_* |
🗑️ delete |
If a token lacks permission, the operation returns an error.
| Dependency | Version |
|---|---|
| 🐍 Python | >= 3.10 |
| 🌐 Django | >= 3.2 |
| 📐 Pydantic | >= 2.0 |
Django 3.2 · 4.0 · 4.1 · 4.2 · 5.0
GPL-3.0-or-later