PHPackages webwerkwien/contao-ai-backend-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. webwerkwien/contao-ai-backend-bundle ActiveContao-bundle[Utility & Helpers](/categories/utility) webwerkwien/contao-ai-backend-bundle ==================================== Contao 5 backend module with an in-browser AI agent for editors and admins, powered by symfony/ai and contao-ai-core-bundle v0.1.0(1mo ago)02MITPHPPHP ^8.2 Since May 8Pushed 1mo agoCompare [ Source](https://github.com/webwerkwien/contao-ai-backend-bundle)[ Packagist](https://packagist.org/packages/webwerkwien/contao-ai-backend-bundle)[ Docs](https://github.com/webwerkwien/contao-ai-backend-bundle)[ RSS](/packages/webwerkwien-contao-ai-backend-bundle/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (14)Versions (2)Used By (0) contao-ai-backend-bundle ======================== [](#contao-ai-backend-bundle) In-browser AI agent for the Contao 5 backend. Editors and admins chat with a Claude (or GPT) agent that can read and modify Contao content through a curated set of tools — no SSH, no CLI. Plus an HTTPS bridge endpoint that lets [contao-ai-cli](https://github.com/webwerkwien/contao-ai-cli) trigger bulk macro operations from the terminal without switching to the browser. > **Beta software.** Bundle interfaces (tool signatures, bridge JSON, DCA fields) may change between minor versions. Underlying `symfony/ai-bundle` is pre-1.0. Use at your own risk in production. > **You bring your own LLM API key.** Each backend user must provide an Anthropic or OpenAI key in their profile (System → Users → AI agent). Without a key, the chat module is disabled for that user. The bundle does not ship with a service-level key. The contao-ai ecosystem ----------------------- [](#the-contao-ai-ecosystem) PackageWhat it isWhen to use[contao-ai-core-bundle](https://github.com/webwerkwien/contao-ai-core-bundle)Contao bundle exposing CMS operations as Symfony console commands.Required as the foundation layer. Install on any Contao site you want to manage via AI.[contao-ai-cli](https://github.com/webwerkwien/contao-ai-cli)Python CLI — connects to Contao via SSH and runs commands.For developers and agencies: manage Contao from the terminal or hand control to an AI agent.**contao-ai-backend-bundle** *(this package)*Contao backend module — browser-based AI chat interface (Anthropic Claude, OpenAI).For editors and admins: AI directly inside the Contao backend, no SSH or terminal needed.What it does ------------ [](#what-it-does) contao-ai-backend-bundle is the **browser client** for AI-powered Contao content management. Authentication, session, CSRF and permissions ride on top of the existing Contao backend — each backend user brings their own API key. A second entry point exposes the macro tools (`record_clone`, `record_rewrite`) over HTTPS for the [contao-ai-cli](https://github.com/webwerkwien/contao-ai-cli) `bridge` workflow. Requirements ------------ [](#requirements) - PHP ^8.2 - Contao ^5.3 - [`webwerkwien/contao-ai-core-bundle`](https://github.com/webwerkwien/contao-ai-core-bundle) `^0.2` - `symfony/ai-bundle` `^0.7` Installation ------------ [](#installation) ``` composer require webwerkwien/contao-ai-backend-bundle vendor/bin/contao-console contao:migrate # adds ai_api_key, ai_platform, ai_cli_token to tl_user vendor/bin/contao-console assets:install # publishes the Stimulus controller + CSS ``` The Contao Manager auto-discovers the bundle via the `contao-manager-plugin` entry. Per-user setup -------------- [](#per-user-setup) In **System → Users → (user)**, three new fields appear in the *AI agent* legend: FieldRequiredNotesPlatformyes`anthropic` or `openai`API keyyesStored encrypted (Contao DCA `encrypt` flag). Empty key = chat module disabled for that user.CLI bridge tokenoptionalClick *Generate / Rotate* to mint a token for the [contao-ai-cli](https://github.com/webwerkwien/contao-ai-cli) `bridge` workflow. Cleartext is shown once with a *Copy token* button; only the `password_hash` is stored in the database. *Delete* revokes.Grant the **`AI Chat`** module under "Allowed modules" to enable the chat entry. The CLI bridge does not require the module mount but still respects the same per-record permission voters. Available tools --------------- [](#available-tools) GroupTool namesNews`news_create`, `news_update`, `news_delete`, `news_read`Page`page_create`, `page_update`, `page_delete`, `page_read`, `page_publish`Article`article_create`, `article_update`, `article_delete`, `article_read`Content`content_create`, `content_update`, `content_delete`, `content_read`Meta`dca_schema`, `listing_config`, `search_query`, `record_list`Macros`record_clone` (cascade), `record_rewrite` (server-side LLM loop)Permissions inherit from Contao's existing module rights. Admins see everything. Non-admins only see tools whose backing module they are allowed to use, and **delete** sub-tools are admin-only regardless of module membership. Per-record checks (page hierarchy, news-archive access, article parent-page, FAQ category access) run via Symfony voters (`ContaoCorePermissions::USER_CAN_*`) before each call. CLI bridge — terminal access for admins and agents -------------------------------------------------- [](#cli-bridge--terminal-access-for-admins-and-agents) Editors use the chat module above. Developers and admins live in the terminal — and switching to a browser for bulk LLM jobs ("translate all news in archive 5", "clone this page tree with all children") is a workflow break. The bundle exposes a HTTPS endpoint at `POST /_ai_cli/macro` that the [contao-ai-cli](https://github.com/webwerkwien/contao-ai-cli) Python client (`contao-ai-cli bridge ...`) calls with a Bearer token. The macro tools (`record_clone`, `record_rewrite`) execute server-side with the full voter pipeline + atomic `tl_version` audit — same code path as the chat module, just a different transport. ### Why `/_ai_cli/macro` and not `/contao/...`? [](#why-_ai_climacro-and-not-contao) The `contao_backend` firewall would 302-redirect any unauthenticated request to `/contao/login` before our Bearer auth runs. Routing the bridge outside `/contao/*` lets it fall through to the frontend (anonymous) firewall, where the controller does its own auth. Security model -------------- [](#security-model) The bundle was hardened in a four-sprint security pass against findings from two independent reviewers (Opus + Codex). Full breakdown in [CHANGELOG.md](CHANGELOG.md). ### Authentication and authorization [](#authentication-and-authorization) - **Auth (chat)** rides on the existing Contao backend session (passkey, password, 2FA — whatever the install uses). - **Auth (bridge)** uses Bearer tokens stored as `password_hash` in `tl_user.ai_cli_token`; constant-time `password_verify` comparison. - **Module gate**: Symfony voter `AI_CHAT_USE` requires `ai_chat` in `BackendUser->modules` for the chat module. - **Tool gate**: `ToolAccessChecker` validates the underlying module per tool. Delete tools require `BackendUser::isAdmin === true`. - **Per-record gate**: every tool that touches a content row asserts `ContaoCorePermissions::USER_CAN_*` against the record's parent (news archive, page hierarchy, article parent-page) before delegating to the core command. ### Field allow-lists [](#field-allow-lists) Each `*_update` tool defines a strict `allowedFields()` allow-list. The agent cannot set protected DCA columns (`pid`, `tstamp`, `chmod`, `cuser`, …) even if it asks. Values containing control chars or NULs are rejected. ### Prompt-injection mitigation [](#prompt-injection-mitigation) - Tool outputs are wrapped in `…` sentinels. The system prompt instructs the model to treat anything inside as untrusted data. - Free-text fields larger than 500 bytes are truncated with `…[truncated]`. - Chat history lives **server-side** in the Symfony session keyed by user ID. Client-supplied history is ignored — fabricated `assistant` turns cannot be smuggled in. - `username` / `language` template substitutions are regex-validated before flowing into the system prompt. ### Information disclosure [](#information-disclosure) - API keys are stored with the Contao DCA `encrypt` flag, never logged, never returned to the browser. The `UserAiConfigDto` wraps the key behind a private property + getter; `__debugInfo()` redacts to `***` so casual `dump()` cannot leak it. - Exception messages are masked (`sk-ant-…`, `sk-…`, `Bearer …` patterns), scrubbed of `kernel.project_dir`, truncated to 200 chars, and logged as `LogLevel::error` for diagnostics. - `dca_schema` is restricted to a table allow-list and strips canonical credential/session column names. ### Audit trail [](#audit-trail) Backend invocations stamp `tl_version.username` and the audit log with the actual Contao username via the `--operator` option on the underlying core commands. CLI invocations still attribute to `$_SERVER['USER']`. ### Transport hardening [](#transport-hardening) - `Cache-Control: no-store, private, max-age=0` + `Vary: Cookie` + `X-Robots-Tag: noindex, nofollow`. `charset=utf-8` is explicit. - CSRF: every chat POST requires the Contao backend CSRF token. Bridge POSTs use Bearer auth instead. - Same-origin verified via `Sec-Fetch-Site` and `Origin` request headers. - Rate limit: 30 requests/minute and 500/day per user — sliding window backed by the session. Streaming --------- [](#streaming) Chat responses arrive as `text/event-stream` (SSE-style frames over `fetch`-`ReadableStream`, since `EventSource` cannot POST). Events: - `start` — model id - `message` — content chunk (currently emitted once per response; chunked streaming will be added when the underlying platform bridge supports it) - `done` — successful completion - `error` — `kind: access_denied | tool_failed | agent_failed` Development ----------- [](#development) ``` composer install vendor/bin/phpstan analyse src tests --level=6 vendor/bin/phpunit ``` License ------- [](#license) MIT — see [LICENSE](LICENSE). This software is provided "as is", without warranty of any kind. The authors accept no liability for any damages arising from its use. ### Health Score 36 — LowBetter than 79% of packages Maintenance94 Actively maintained with recent releases Popularity3 Limited adoption so far Community6 Small or concentrated contributor base Maturity36 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 32d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/ea47f23c19d75ec5cc778cfd24ffb19e20d5beeb675631e167395c47de0a9d1b?d=identicon)[webwerkwien](/maintainers/webwerkwien) --- Top Contributors [![webwerkwien](https://avatars.githubusercontent.com/u/56350653?v=4)](https://github.com/webwerkwien "webwerkwien (20 commits)") --- Tags automationaiAgentcontaobackendchatclaudeanthropic ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/webwerkwien-contao-ai-backend-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/webwerkwien-contao-ai-backend-bundle/health.svg)](https://phpackages.com/packages/webwerkwien-contao-ai-backend-bundle) ``` ### Alternatives [easycorp/easyadmin-bundle Admin generator for Symfony applications 4.3k17.5M370](/packages/easycorp-easyadmin-bundle)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.4M195](/packages/sulu-sulu)[open-dxp/opendxp Content & Product Management Framework (CMS/PIM) 9017.2k55](/packages/open-dxp-opendxp)[shopware/storefront Storefront for Shopware 684.4M207](/packages/shopware-storefront)[shopware/core Shopware platform is the core for all Shopware ecommerce products. 585.4M506](/packages/shopware-core)[chameleon-system/chameleon-base The Chameleon System core. 1027.9k4](/packages/chameleon-system-chameleon-base) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)