MCP Reports AI Agent Access Denied Errors for some tool calls

First off, thank you so much for the incredibly detailed report and your continued interest in the MCP module. Your thorough testing and clear documentation are deeply appreciated - it really helps move the project forward.

Quick Responses to Your Points

1. Content Tool

You're absolutely right to suspect something is off with the request parameters. The error is caused by the missing sort field in the tool call. Currently, MCP expects this field to be explicitly defined. It should look like:

{
  "field": "<field_machine_name>", 
  "order": "DESC" or "ASC"
}

We have a small bug that doesn't handle empty sort data gracefully, which is causing the "Unknown field" error. We'll:

• Fix the bug to allow empty sort parameters
• Improve error logging to provide clearer messages about required parameters
• Update documentation to clarify the expected format

2. Resource Template

The completion/complete method isn't currently supported in our MCP implementation, which is why you're seeing errors when autocomplete is triggered in the input fields. We're planning to add support for this method in the near future to improve the user experience.

3. AI Agent Permission Requirements

For both the custom agent and taxonomy agent errors, the issue stems from the list_config_entities function call in the ai_agents → module, the exact location of the exception . This function requires the user to have "Administer roles and permissions" permission to execute successfully.

After testing with the STDIO transport using a user with "Administer roles and permissions" permission, I can confirm that these requests work without errors when the proper permissions are in place.

Thanks for the update. Unfortunately I am not able to reproduce the same steps as my test users already had that permission. I did more investigation and tested the following:

AI Agent Module versions tested

• 1.1.x-dev
• 1.2.x-dev
• 1.1.0

(Didn't see any file difference in ai_agents/src/Plugin/AiFunctionCall/ListConfigEntities.php , but figured I might as well test them)

PHP Version

I did notice a PHP 8.2 warning in ai_agents there so switched my DDev from PHP 8.2 to 8.3. No difference.

Hacking AI Agents Module - Remove Access Check

I'm not a developer, but did some vibe coding to explore this issue more. First I just commented out the lines ai_agents/src/Plugin/AiFunctionCall/ListConfigEntities.php just to see if I could get anything working.

  public function execute() {
    // Set the highest level of access check.
    // if (!$this->currentUser->hasPermission('administer permissions')) {
    //  throw new \Exception('You do not have permission to list config entities.');
    // }

This worked. Prompts like "List all the fields in content type page" works. Obviously this is bad from a security point of view, but confirms this is the issue.

Hacking AI Agents Module - Add current user check

   // Debug log to check current user details
    \Drupal::logger('ai_agents')->debug('Current user debug - ID: @uid, Name: @name, Roles: @roles, Has admin permissions: @has_admin_perms', [
      '@uid' => $this->currentUser->id(),
      '@name' => $this->currentUser->getDisplayName(),
      '@roles' => implode(', ', $this->currentUser->getRoles()),
      '@has_admin_perms' => $this->currentUser->hasPermission('administer permissions') ? 'YES' : 'NO',
    ]);
    
    if (!$this->currentUser->hasPermission('administer permissions')) {
      throw new \Exception('You do not have permission to list config entities.');
    }

Test runs

• Agent Run from MCP: Running in either cursor via Stdio with user / login or in MCP Inspector as a token user (both to user 1 and to my MCP user)
• MCP Result in Drupal Log: Current user debug - ID: 0, Name: Anonymous, Roles: anonymous, Has admin permissions: NO
• Agent Run from in Drupal UI: Triggering Agent from inside Drupal with my MCP test agent
• Drupal UI Result in Drupal Log: Current user debug - ID: 1, Name: administrator, Roles: authenticated, content_editor, administrator, Has admin permissions: YES

So my guess my user is not coming across to the AI Agent from the MCP module. I'm not sure why that's different from your local setup.

My MCP Configuration is set to


Enable Auth = True
Enable Token Auth = True
Secret key (Set to Token)
Token User (set to user named MCP (user 2)
Enable Basic Auth = True

@afoster Thank you for the excellent debugging work! Your investigation really helped us get to the bottom of this issue.

Root Cause Identified

After some more investigation, we have found that this issue comes from Cursor itself since it's not sending headers from config in requests.

The standard Cursor configuration:

{
 "mcpServers": {
   "mcp-server-drupal": {
     "type": "streamable-http",
     "url": "https://your-drupal-site.com/mcp/post",
     "headers": {
       "Authorization": "Basic BASE64_ENCODED_CREDENTIALS"
     }
   }
 }
}

Because of that, our custom authentication provider is failing since there is no Authorization header in the request headers.

I wasn't able to replicate that issue in VS Code using this configuration:

{
    "servers": {
        "mcp-server-drupal": {
            "type": "http",
            "url": "https://your-drupal-site.com/mcp/post",
            "headers": {
                "Authorization": "Basic BASE64_ENCODED_CREDENTIALS"
          }
        }
    }
}

Workaround for Cursor

For Cursor, there is one workaround: configure MCP with the mcp-remote package using config like this:

{
  "mcpServers": {
    "mcp-server-drupal": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://your-drupal-site.com/mcp/post",
        "--transport",
        "http-only",
        "--header",
        "Authorization: Basic BASE64_ENCODED_CREDENTIALS",
        "-y"
      ]
    }
  }
}

Note: For mcp-remote, if you are using a local MCP server, make sure to use the http protocol instead of https and add the --allow-http flag to args.

This should resolve the authentication issues you're experiencing with AI Agents when using Cursor.

Unfortunately, I could not get it working using mcp-remote in cursor (I can't seem to connect to get a list of tools).

But I'm not sure if Cursor is the (only) root cause, as I get the exact same errors using Cursor, Roo code (in VS Code), and MCP Inspector:

My Local Setup:

• My site is running in Ddev locally
• Visiting/mcp/post show 405 Method Not Allowed as expected
• Tested with user 1 and a specific other user created for mcp use (with every possible permission)
• Test prompt: "list content types"

Tests

MCP Inspector running on my local browser

• Streamable HTTP
• Tested both HTTP and HTTPS local URL endpoints

• method: "tools/call"
  
  params:{
  name:
  
  "aia_e6a4fbc5f4b214f16511701ab4b22f20"
  
  arguments:{
  prompt:
  
  "list content types"
  
  }
  _meta:{
  progressToken:11
  }
  }
  }

• {
    "error": "MCP error -32603: Internal Error"
  }
  

• Drupal Error Log
  

  {
    Type 	jsonrpc
  Date 	Thursday, June 19, 2025 - 23:02
  User 	Anonymous (not verified)
  Location 	http://my-site.ddev.site/mcp/post
  Referrer 	
  Message 	Exception Error: "Call to a member function isAllowed() on true" at /var/www/html/web/modules/contrib/mcp/modules/mcp_extra/src/Plugin/Mcp/AiAgentCalling.php line 139
  }
  

Cursor with Stdio Authentication with user / password - Also same authentication works in Roo Code plugin in VS Code

My Cursor config

• "mcp-server-drupal": {
  "command": "/Users/aidanfoster/mcp/mcp-server-drupal_darwin_arm",
  "args": [
  "run",
  "-i",
  "--rm",
  "-e",
  "my-user-name-here",
  "-e",
  "my-password-here",
  "--network=my-network-here",
  "--drupal-url=http://my-site.ddev.site",
  "--unsafe-net"
  ]
  }
• Drupal errors are identical to when I use MCP inspector
  

  Error executing MCP tool:
  MCP error -32603: Call to a member function isAllowed() on true

Thank again for all you efforts on helping me out on this.

Thanks for the feedback on Slack.

Based on the comment, I installed Last Dev, which resolves the issue for "Call to a member function isAllowed() ... " This resolved the error in the thread above but I still get a permission error for certain AI Agent prompts and not others.

Expected Output

When I post a prompt to the same AI Agent, I should get similar results whether is it posted from AI Agent Explorer (inside the Drupal admin UI), or my MCP Client (MCP Inspector/Roo Code / Cursor).

Test Control: Drupal AI Explorer

1. Visit Administration Configuration > AI > AI Agents Settings and then selected >(Table of Agents)> taxonomy_agent_config (Taxonomy Agent) (Note there are 2 in the list) > Explore →
2. Prompt #1: "List Vocabularies in the site"
3. Reply
   
   

   Status: Solve, Response: Here are the existing vocabularies in the site:
   
   1. Event Category (ed_event_category)
   2. News Category (ed_news_category)
   3. Profile Type (ed_profile_type)
   4. Promote Content (ed_promote_content)
   
   If you need more details about any vocabulary or need to see their terms, just let me know!
   
   

4. Prompt #2: "List Terms in Promote Content Vocabulary"
5. Response #2:
   
   

   Status: Solve, Response: Here are the terms in the "Promote Content" vocabulary:
   
   1. Home Page
   2. News Page
   
   If you need more details or wish to add/edit terms, please let me know!
   

Test: MCP Inspector (Streamable http)

1. Login to MCP Inspector with token. User has all Drupal permissions on role.
2. Tools > List Tools > Select the Tools aia_XXXX "Original name: taxonomy_agent_config:taxonomy_agent_config"
3. Prompt #1: "List Vocabularies in the site"
4. Reply
   
   

   Here are the existing vocabularies on the site:
   
   1. **Vocabulary ID**: `ed_event_category`
      - **Name**: Event Category
   
   2. **Vocabulary ID**: `ed_news_category`
      - **Name**: News Category
   
   3. **Vocabulary ID**: `ed_profile_type`
      - **Name**: Profile Type
   
   4. **Vocabulary ID**: `ed_promote_content`
      - **Name**: Promote Content
   
   If you need any further assistance regarding these vocabularies or need to manage taxonomy terms within them, feel free to ask!
   

5. Prompt #2: "List Terms in Promote Content Vocabulary"
6. Response #2: Tool Result: Error
   
   

   MCP error -32603: Internal Error
   

7. Drupal Error Log
   

   Type 	jsonrpc
   Date 	Friday, June 20, 2025 - 19:59
   User 	Anonymous (not verified)
   Location 	http://wealthsolutions.northleafcapital.ddev.site/mcp/post
   Referrer 	
   Message 	Exception Exception: "The current user does not have the right permissions to list taxonomy terms." at /var/www/html/web/modules/contrib/ai_agents/src/Plugin/AiFunctionCall/ListTaxonomyTerms.php line 91
   Severity 	Error
   Hostname 	192.168.97.5
   Operations 	
   

Cursor with Stdio authentication

1. Error is the same as MCP Inspector. First prompt works, second doesn't

Thank you!

First of all, thank you for this excellent module.

We've encountered similar issues on our end. The only working solution so far, after trying all of Lekso’s configuration suggestions, has been to assign permissions to the Anonymous user when using the Streamable HTTP transport mode. Unfortunately, in streamable HTTP mode Token and Basic authentication methods are not functioning for us at all.