Cosmic

Cosmic's Object Types provide ~15 metafield types including text, rich-text, number, date, file, object/reference, JSON, select-dropdown, multi-select, switch, html-textarea, and repeaters, plus recent additions like conditional fields and unique constraints. Schemas are primarily UI-configured but can be managed via the API and AI agents can auto-generate Object Type models. No true schema-as-code primitive (e.g., no TypeScript-defined schema import/export workflow) and union/polymorphic references are not first-class, which caps it below Sanity/Hygraph.

Object relationships are handled via Object metafields referencing other Objects, with one-to-one and one-to-many supported and reverse lookups possible via query filters. Not graph-native like Hygraph — no bidirectional relationships defined at schema level, and polymorphic references require workarounds. Adequate for typical headless use cases but traversal depth in a single query is limited compared to GraphQL-native peers.

Cosmic supports nested structured content via the Object metafield (references to other Objects) and repeater groups for repeating structured blocks, plus JSON metafields for arbitrary structured data. No first-class Portable Text or block-based composition primitive like Sanity or Storyblok — structured page composition is typically modeled via linked Objects rather than an embedded block editor.

Built-in validations include required, regex patterns, min/max, unique constraints, and conditional field visibility (added 2025). File-type and size limits are platform-enforced on media uploads. Custom validation rules are limited — webhooks can react post-save but there's no native pre-save validation hook or app-extension framework comparable to Contentful UI Extensions or Sanity custom validators.

Revision History (Bucket Add-On) provides access to prior versions with rollback; Merge Requests (launched 2024-2025) enable Git-like branching between environments with bulk edits, preview, and approval. Scheduled publishing and draft-while-published states are native. Revision history being a paid add-on rather than default, and no snapshot-diff UI at the field level, keeps it below the 75+ best-in-class tier.

Cosmic is form-based with Preview Links for in-context review in draft/published states, but does not offer true in-page visual editing with drag-and-drop component rearrangement. Marketers cannot restructure page layouts without developer-defined Object Types and referenced components. This is characteristic of API-first headless platforms and scores near the floor for visual editing per the rubric.

The 2024-2025 New Content Editor provides standard WYSIWYG with sticky toolbar, code editing, emoji, and AI text generation with context from other metafields. Output is HTML (and raw markdown from html-textarea metafield) rather than a portable AST like Portable Text. No native custom node/mark extension framework for developers.

Built-in media library with folder organization, metadata, role-based access, signed URLs for sensitive content, and imgix-backed URL image transforms (resize, crop, format including WebP/AVIF, quality). October 2025 infrastructure upgrade added automatic device-based image optimization. Lacks first-class focal-point editor and DAM-grade tagging taxonomies compared to Contentful or Sanity.

Cosmic added Comments with mentions in April 2025 for async collaboration and has role-based workflow integration. However, there is no real-time co-editing with live presence indicators — concurrent edits rely on last-write-wins / optimistic behavior. Merge Requests provide async reconciliation for parallel work rather than simultaneous co-editing.

Four built-in roles (Admin, Developer, Editor, Contributor) with granular permissions; AI Workflows (2025-2026) add multi-step automations with human-in-the-loop approval gates; Merge Requests provide approval-style content promotion between environments. Customizable multi-stage editorial workflows beyond draft/published/approval are not as deeply configurable as Contentstack or Kontent.ai's stage-builders.

Cosmic offers both REST and GraphQL delivery APIs with separation between read/delivery and management endpoints, rich filtering (MongoDB-style query operators), sorting, pagination, locale parameters, and depth-controlled reference expansion. SDK 2.0 (April 2026) adds zero-dep native fetch. Well-designed and flexible — doesn't hit 80+ because GraphQL is a secondary interface rather than the primary design.

October 2025 infrastructure overhaul delivers sub-100ms global API responses via CDN with 100–500× performance improvement; images are CDN-optimized with device-aware transforms. Cache invalidation on publish is documented as near-instant. No edge-compute personalization primitive (ESI/edge functions) of its own, which keeps it below 80+.

Webhooks support configurable events (object create/update/delete, publish), filtered payloads, and async delivery for build triggers and integrations. Public docs do not prominently feature HMAC-signed payloads, delivery logs UI, or automatic retry configuration — placing it in the adequate 60–70 band rather than best-in-class.

Purpose-built API-first headless — content is channel-agnostic with REST+GraphQL. Official SDK coverage centers on JavaScript/TypeScript (Node, React, Next.js starters); other language SDKs are largely community-maintained. Rich text output is HTML rather than a portable AST, which limits non-web channel portability. Strong for JS ecosystems, narrower than Contentful/Contentstack for multi-language enterprise stacks.

No native audience segmentation engine. Cosmic has no built-in rules engine for defining audiences, no CDP integration, and no behavioral tracking. Audience definitions must live entirely in an external CDP or personalization layer and be applied by the consuming frontend.

No native content-variant-per-audience primitive. Personalization is achievable only by modeling variant Objects and selecting them in the frontend via external decision logic (Ninetailed, custom code). There is no in-editor preview per audience and no decision engine in the CMS.

No native A/B or multivariate testing. No traffic allocation, no statistical significance, no experiment management UI. Teams must plug in an external tool (LaunchDarkly, Optimizely, Vercel Edge Config) and manage test content via generic Objects.

No native algorithmic recommendation engine — no ML ranking, no collaborative filtering, no editorial recommendation weighting. Related content must be manually curated via Object references or computed externally via Algolia Recommend, AWS Personalize, or custom logic.

The REST/GraphQL query API supports filtering and basic full-text search via query parameters (title, metadata field matches, advanced queries added in 2025). No relevance tuning, no faceting, no typo tolerance, no autocomplete. Functional filter-based retrieval but not a production search experience out of the box.

Official Algolia integration documented with webhook-driven index sync on Object publish/unpublish/delete events; documented guides exist for syncing Cosmic Objects to Algolia. Webhook infrastructure supports Elasticsearch/Typesense patterns through custom endpoints. No native marketplace app store for search but first-party Algolia pattern is well-documented.

No native commerce capabilities — no product catalog schema, no cart, no checkout, no pricing, no inventory, no order management. Cosmic is a pure headless content platform and explicitly positions commerce as an integration concern (typically Shopify).

Shopify integration is marketed and documented as a pattern — Cosmic manages rich product content while Shopify handles catalog/cart/checkout — but the connection is largely content-modeling + API fetch in the frontend rather than a packaged product picker app with live product data federation. No bidirectional sync, no first-party commercetools/BigCommerce/SFCC connectors documented.

Flexible Object Types and metafields (repeaters, references, rich text, image galleries) can model product descriptions, enriched copy, variant content and image assets. AI agents can bulk-update product metadata. No purpose-built PIM field types (SKU, pricing rules, stock, variant option matrix) — generic content types repurposed for product content.

Dashboard shows operational usage metrics (API requests, storage, bandwidth, object counts) per bucket. No native content performance analytics, no author productivity metrics, no content lifecycle dashboards. Analytics that exist are plan-limit monitoring rather than content effectiveness measurement.

Webhook system can push content lifecycle events to Segment, GA4 server-side, or custom analytics pipelines. No official marketplace connectors for GA4/Segment/Amplitude — integrations are pattern documentation + webhook wiring. Being headless, frontend analytics integrate at the application layer without CMS constraint.

Buckets serve as independent environments per project or site; Clusters group buckets for shared usage/billing and umbrella admin. Additional buckets are $29/bucket/month. No native cross-bucket content sharing or shared component library — sites are silo-based with promotion between buckets via the 'Promote Content' feature.

Localization is treated as a first-class concept with locale identifiers on Objects and locale-based API queries, enabling parallel content development per locale. However, localization is an optional add-on ($99/month) rather than core, and localization is document-level (locale-specific Object copies) rather than field-level. AI Workflows can automate translation updates across locales.

No official marketplace integrations with major TMS platforms (Phrase, Smartling, Lokalise, Crowdin) documented. Translation is accomplished primarily via AI Workflows with built-in AI translation agents, or via custom webhook-based pipelines. Bulk export/import possible via the Management API. The AI-first translation path is distinctive but is not a substitute for enterprise TMS connectors.

Clusters provide organization-level grouping of buckets with shared billing and centralized admin. Per-bucket roles (Admin/Developer/Editor/Contributor) enforce access but there are no cross-bucket shared component libraries, no cross-brand approval workflows, and no enforced global style/policy governance. Multi-brand support is organization-level billing + admin rather than true governance.

Media library supports folders, metadata, tagging (including AI auto-tagging), role-based access, and signed URLs for protected content. Revision/version history is an add-on ($99/month) and applies to content revisions; binary asset versioning is not documented. No rights/expiry management, no cross-content usage tracking, no enterprise asset workflows. Decent library with metadata but not a purpose-built DAM.

Native imgix integration auto-converts uploaded images to imgix URLs with global CDN delivery. Full on-the-fly transforms available via URL parameters: resize, crop, format conversion (WebP/AVIF/JPEG), quality, compression. An imgix Image Editor Extension enables in-dashboard visual editing with focal point and smart-crop controls. Strong result for a headless CMS — native CDN + modern formats + focal points clears the 70+ bar.

Video files can be uploaded and served via the media CDN but there is no native transcoding, no adaptive bitrate streaming (HLS/DASH), no captions/subtitles management, no thumbnail generation. Production video use cases require external embedding (Mux, Cloudflare Stream, YouTube, Vimeo). Consistent with headless CMS peers.

Dashboard offers drag-and-drop media management and structured block composition via repeater metafields. Preview URLs per deployment and preview mode for draft content are supported. However, there is no in-context visual editor overlaying the live frontend (no Sanity Presentation / Storyblok Visual Editor equivalent) and no drag-and-drop page canvas — authoring is form-based with a preview pane.

Merge Requests (git-like workflow) allow editors to make bulk edits in a source bucket/environment, create a merge request to a target, and route through preview + admin approval before merge. AI Workflow Approval Gates add human-in-the-loop checkpoints for automated pipelines. Roles (Admin/Developer/Editor/Contributor) route review responsibility but there is no fully custom multi-state workflow engine, no SLA tracking, no parallel approval paths.

Scheduled publish and scheduled unpublish are supported on Objects with each automatic publish event creating a new revision for auditability. Functional embargo via scheduled unpublish. Scheduling can be orchestrated via AI Workflows for batch pipelines. No dedicated calendar/timeline UI showing scheduled items; no named release bundle for atomic multi-object publishing.

Comments feature supports inline comments on Objects and specific metafields with @mentions and notifications. Revision History tracks changes with author attribution and supports rollback (add-on on some plans). No true simultaneous multi-author editing (no CRDT/OT), no presence indicators documented — collaboration is comments + revisions rather than real-time co-editing.

No native form builder. Forms are implemented by defining a Submission Object Type and using the REST/GraphQL API from the frontend to write submissions into Cosmic. No CAPTCHA, no conditional logic, no progressive profiling, no hosted form pages. Developer-only API workaround, not a marketer tool.

No native email sending or campaign management. HubSpot and other ESPs (Mailchimp, Brevo) are connectable via Zapier or custom webhooks but there is no in-CMS subscriber list sync, no triggered-send UI, and no email preview. All connections are basic API/webhook plumbing.

No native marketing automation — no behavioral triggers tied to visitor activity, no drip campaigns, no lead scoring, no lifecycle orchestration. AI Workflows automate content operations but this is content automation, not marketing automation. Marketing workflows live entirely in external tools (HubSpot, Marketo) connected via Zapier.

No certified CDP marketplace integrations (Segment, mParticle, Tealium, Salesforce CDP). Segment-style event forwarding is possible via webhooks but no bidirectional profile sync, no unified customer profiles in Cosmic, no in-CMS audience resolution. Custom integration patterns only.

Cosmic has an AI Agent Marketplace (launched 2025/2026) with pre-built agents across Content, Growth, Engineering, Sales, Support, and Migration categories, plus an Extensions gallery (imgix, Unsplash, video players). Integration patterns documented for Shopify, Algolia, HubSpot (via Zapier), Vercel. Total first-party integration count is smaller than tier-1 headless CMS marketplaces (Contentful/Contentstack) but AI agents add a distinctive, growing ecosystem slice.

Webhooks cover Object lifecycle events (create, update, delete, publish, unpublish) and can trigger AI Workflows. Webhooks are a paid add-on ($99/month) on lower-tier plans. Event filtering by Object Type is supported. Signed payloads, retry policy details, and log retention are not prominently documented — the system is functional but less polished than Hygraph/Contentful webhook infrastructure.

Preview URLs per deployment, draft/published states on Objects, and bucket-based staging environments provide solid preview infrastructure. Merge Requests between buckets give environment promotion workflows. GitHub integration with pull request preview deployments is built in. Missing: shareable expiring preview links for unauthenticated stakeholders and multi-channel simultaneous preview.

Four predefined roles (Admin, Developer, Editor, Contributor) cover basic access separation. No custom role definition, no field-level permissions, no content-type-level ACL, no locale-specific permissions. SSO and SCIM are not documented as available features — a notable gap for enterprise buyers. Additional permissions exist for user management and bucket settings but the model is coarse.

Cosmic offers both REST and GraphQL APIs with good documentation and an interactive reference. SDK 2.0 (April 2026) modernized the surface with native fetch, zero dependencies, and improved media uploads; batch operations, conditional fields, unique constraints, and multi-select metafields were added the same month. Not best-in-class purpose-built quality (Sanity/Contentful), but well-designed and consistent.

CDN-backed delivery via Fastly with global caching; rate limits are documented and scale by plan. Batch operations added in April 2026 improve efficiency for large-dataset writes. No sync/incremental API equivalent to Contentful's, and smaller scale than tier-1 headless competitors limits enterprise throughput proof.

Only one official SDK — @cosmicjs/sdk (JavaScript/TypeScript, fully typed, zero runtime deps in v2.0). No official Python, Ruby, Java, PHP, .NET, Swift, or Android SDKs; other language access is via REST/GraphQL directly or community packages. This is a significant gap versus Contentful/Sanity/Contentstack.

Cosmic's marketplace lists roughly 7 first-party extensions (Vercel, Netlify, Cloudflare, Render, Kinsta, Algolia Search, Stripe Products) plus 6 templates, with additional integrations (Mux, Unsplash, YouTube, Instagram, SEO/contact form blocks). Under 20 total purpose-built apps with clear gaps in DAM, translation/localization, dedicated analytics, and enterprise MarTech.

Cosmic supports dashboard Extensions that render at specific UI locations (below_publish_options, below_metafields) and Blocks — custom React components for building content UI. Webhooks drive server-side automation and deploys. Good for UI-level extension but lighter than Sanity Studio or Contentful App Framework for server-side actions and custom field editors.

2FA is available free on all accounts — a positive. SAML 2.0 SSO (OneLogin, Okta, and other identity providers) is restricted to the Enterprise plan, creating friction for mid-market buyers. Environment-specific API keys and read/write token separation are supported.

Team-based RBAC with role assignment and environment-scoped API keys are documented, but Cosmic does not prominently advertise field-level permissions or content-instance access control of the sort Contentful/Sanity offer. Suitable for small-to-mid teams, limited for regulated or large multi-team workflows.

Cosmic's own security page does not publish formal SOC 2 Type 2, ISO 27001, or HIPAA certifications — it points compliance-specific inquiries to support. GDPR compliance is claimed; EU data residency is supported via eu-west-1 database region. Note: third-party sources conflate Cosmic (cosmicjs.com) with Cosmic DC (cosmicdc.com) — these are separate entities, so the DC SOC 2 claim does not apply here. Full compliance scored in cat9.

No known public breaches or significant CVEs. Disclosure is handled via [email protected] rather than a dedicated security.txt or bug bounty program. Clean but understated — lacks the formal vulnerability management communication that enterprise buyers expect.

Cosmic is SaaS-only on AWS (API, CDN via Fastly, MongoDB Atlas for storage). No self-hosted or private cloud option; regulated industries requiring on-prem or dedicated tenancy must choose differently. Simplicity win, flexibility loss.

99.95% uptime SLA is documented but only on the Enterprise plan — lower tiers have no explicit SLA. Status page is not prominently linked from the main site. Automatic region-failover is described, but incident communication is less mature than tier-1 headless competitors.

Fastly global CDN in front of AWS-hosted API with four database regions (us-east-1, us-west-2, eu-west-1, ap-southeast-1) and documented cross-region failover. CDN-backed horizontal scaling is in place, but Cosmic lacks the Fortune-500 enterprise reference footprint of Contentful or Contentstack.

Automated cross-region failover is documented, and full content export via REST/GraphQL APIs and CLI is available. However, no public RTO/RPO numbers, backup retention schedule, or point-in-time restore options are published, leaving compliance buyers to negotiate in contract.

Cosmic ships a CLI with AI-powered content creation, app generation, and one-command deployment to Vercel; local development workflow is remote-first against a dev bucket/environment. No full offline emulator like Sanity CLI's dev server or Payload's self-hosted dev mode.

Multiple environments (dev/staging/prod buckets) are supported with environment-specific API keys and webhook-triggered deployments to Vercel/Netlify/Cloudflare/Render/Kinsta. Schema migration tooling is less mature than Contentful CLI's content migration scripts — changes are largely dashboard-driven with CLI import/export as the migration path.

Docs cover 11+ frameworks (Next.js, Astro, Remix, Express, Nuxt, Svelte, Fastify, RedwoodJS, Vite, Hono, Bun) with API reference, CLI, Extensions, Blocks, MCP Server, and Agent Skills sections. Good framework breadth and code examples; depth on advanced topics (migrations, enterprise patterns) is lighter than Contentful/Sanity.

@cosmicjs/sdk v2.0 is fully typed with built-in declarations for autocomplete and type safety. However, automated type generation from the content model (Object Types/metafields) is not a first-class feature — developers typically hand-type or use community codegen, unlike Contentful's `contentful-typescript-codegen` or Sanity's `sanity-codegen`.

Cosmic shipped many notable releases through 2025-2026: AI Platform (Aug 2025), Content Assistant (Apr 2025), Comments, Brand Guidelines (Oct 2025), AI Agents (Dec 2025), MCP Server, Gemini 3 Pro and Veo 3.1 integrations, Blocks, and new docs. Cadence is monthly or better. Not higher because most recent velocity concentrates on AI features rather than broad platform maturation.

Cosmic maintains a dedicated, paginated /changelog page with per-entry narrative posts and dates. Entries are descriptive but read more like blog posts than structured release notes; no clear semver tagging or dedicated migration guide per release. Not higher because breaking-change sections are absent; not lower because cadence and discoverability are solid.

No public roadmap, Canny portal, or community voting mechanism surfaces in search. Direction is communicated retroactively via blog/changelog and year-end recaps rather than a forward-looking public backlog. Not lower because the team signals intent clearly via blog posts; not higher because there is no structured way for users to see or influence upcoming work.

As a managed SaaS with a stable REST/GraphQL API, Cosmic absorbs most infrastructure churn on behalf of customers. The recent media-replace feature ('same URL and id') shows explicit concern for reference stability. Not higher because no formal API versioning policy, deprecation windows, or codemods are documented; not lower because end-users rarely report breakage.

Company LinkedIn shows only ~358 followers; G2 has just 6 reviews; no prominent Discord, and GitHub org has modest repos. Cosmic claims '75,000+ developers' in marketing, but independent signals are thin. Not lower because a Slack community and active blog exist; not higher because every third-party signal places Cosmic well below peers like Strapi, Sanity, or Directus.

Cosmic operates a Slack community and regularly publishes Community Deployments highlighting user projects; team members participate visibly on blog and social. Engagement density is reasonable relative to the small base. Not higher because there is no large public forum, no visible Stack Overflow activity, and no clear SLA on community support; not lower because the team is responsive in available channels.

Cosmic runs a formal Partner Program with a public directory listing agencies such as DreamWalk, Matter Supply Co., Webkul, SJ Innovation, Voypost, and Valuebound. No tier-1 global SIs (Accenture/Deloitte/Valtech) are listed, no certification exams, and no referenceable named implementation practices. Not higher because depth is shallow; not lower because the program is real and operational.

Most tutorials, comparisons, and guides discoverable about Cosmic are first-party (on cosmicjs.com/blog and /changelog). Very limited YouTube coverage, no Pluralsight/Udemy courses surface in search, and conference talks are scarce. Not higher because third-party amplification is thin; not lower because listing sites (Jamstack.org, Cuspera, Bejamas) do include Cosmic.

Cosmic is a niche platform with no mention in Stack Overflow developer surveys, no certification program, and few LinkedIn profiles listing it as a primary skill. Because Cosmic uses standard REST/GraphQL, most React/Next.js developers can work with it quickly, but specialized Cosmic experience is rare. Not higher because named Cosmic experts are hard to find; not lower because the generic skill overlap is broad.

Case study page profiles customers like Prairie Robotics, and marketing cites 75K+ developers and 500K+ API requests milestones, but no recent Fortune 500 logo announcements and G2 review count has not grown meaningfully. Not higher because enterprise traction signals are limited; not lower because the platform continues to publish customer stories and ship features that attract new signups.

Cosmic appears on Y Combinator's active company jobs page (YC-backed) and has been operating since ~2014, but no sizable recent funding rounds are publicly reported on Crunchbase/PitchBook summaries. Glassdoor shows 18 employee reviews averaging 4.0/5 — suggesting a small but stable team. Not higher because the company is small with limited runway visibility; not lower because there are no layoff or distress signals.

Cosmic has pivoted clearly to an 'AI-powered headless CMS' message, differentiating with AI Agents, Brand Guidelines, Content Assistant, and MCP Server. No Gartner MQ / Forrester Wave recognition in Headless CMS, and the AI-CMS space is crowded. Not higher because analyst validation is absent; not lower because the AI-native narrative is coherent and visibly executed.

G2 rating is 4.3/5 but based on only 6 reviews, well below the 100-review threshold for mid-tier scoring. Reviews are generally positive (praising headless approach, ease of use) with minor complaints about JSON-only webhooks and customization. Not higher because sample size is too thin to establish strong sentiment; not lower because what exists is favorable and no widespread negative signal appears on Reddit or HN.

Cosmic publishes full pricing for Free, Builder ($49/mo), Team ($299/mo), and Business ($499/mo), plus per-user ($29) and per-bucket ($29) adders and itemized overage rates (e.g., API non-cached $0.23/10k, bandwidth $0.36/GB). Only Enterprise is sales-gated, which is industry norm. Not higher because the add-on model ($99/mo for webhooks, localization, revision history, backups) adds cognitive load to final-price estimation.

Flat monthly tiers with included limits are predictable, but the $49 Builder → $299 Team jump is a 6x cliff that forces teams into the expensive tier once they exceed 5,000 objects or 15k non-cached API requests. Metered overages on API requests, bandwidth, media storage, and media requests create variable end-of-month bills. Not lower because rates are published and predictable; not higher because small scaling spikes can add real cost.

Webhooks, Localization, Revision History, and Automatic Backups are each sold as $99/mo add-ons (or $199/mo bundle) rather than being included in paid tiers — unusual for a headless CMS where webhooks and revision history are typically table-stakes. SSO lands on the Business plan ($499/mo), which is actually better than Contentful's Enterprise-only SSO. Not higher because gating basic operational features (webhooks, backups) behind paywalls is aggressive; not lower because SSO gating is reasonable.

Monthly billing is supported on all tiers, yearly billing saves 10%, and the free tier requires no credit card. 14-day free trial on add-ons reduces commit risk. Not higher because no explicit startup, nonprofit, or education discount program is published; not lower because there's no onerous annual lock-in requirement and the free tier serves as a permanent low-commitment entry.

Free-forever plan with 1,000 objects, 1 bucket, 2 team members, 10k non-cached + 100k cached API requests/month, 1GB bandwidth, and 300k AI tokens — meaningful for prototyping and small production sites. No credit card required, no explicit non-commercial restriction. Not higher because 1GB bandwidth and 1 bucket cap becomes limiting fast for any real traffic; not lower because the tier is genuinely usable beyond evaluation.

REST API with MongoDB-style query operators (no proprietary query language like GROQ), JavaScript/TypeScript SDK, sub-100ms response times, and Next.js App Router support make first content query achievable in under an hour for a developer familiar with modern JS. AI Agents and code generation further accelerate initial scaffolding. Not higher because multi-bucket project structure and object-type modeling still require upfront content modeling decisions.

Case studies cite 67% faster time-to-market vs. WordPress for a React team, consistent with simple marketing sites landing in 2–4 weeks. AI-native tooling (agents, code generation, MCP server) compresses the scaffolding phase. Not higher because no G2 Implementation award signal at the scale of Storyblok/Hygraph, and complex multi-locale or multi-bucket projects still require non-trivial setup; not lower because the stack is deliberately lightweight.

Cosmic relies on mainstream skills: REST, JSON, JavaScript/TypeScript, React/Next.js, MongoDB-style filters. No proprietary query language (unlike Sanity's GROQ) and no certification program — any competent JS/React developer can become productive quickly. Low specialist premium (~10–15% over generalist web dev). Not higher because the platform's AI Agent and Blocks conventions still require some Cosmic-specific familiarity for advanced work.

Fully managed SaaS — all storage, API, media CDN, and AI infrastructure included in tier price. Enterprise tier includes 99.95% SLA. Buyers only pay for front-end hosting (Vercel/Netlify/etc.), which is standard for all headless CMS deployments. Not higher because media bandwidth overages at $0.30/GB can add up for high-traffic sites and are effectively additional hosting spend.

Pure managed SaaS — no servers, databases, patching, or scaling for the CMS itself. A solo developer can run a production Cosmic site; no dedicated platform engineer required. Not higher because teams still own build/deploy pipelines and edge caching strategy on the consuming app, and add-on configuration (webhooks, localization) requires some operational oversight.

Cosmic explicitly advertises 'Your data is never locked in' with full import/export capabilities, and content is stored as standard JSON objects accessible via REST — straightforward migration to Sanity, Contentful, or self-hosted alternatives. Migration guides from Prismic and Sanity to Cosmic exist and work the other direction too. Not higher because AI Agents, Blocks conventions, and bucket-scoped object relationships create some adaptation work on exit; not lower because raw data is portable.

Cosmic's model is compact: Buckets (projects), Object Types, Objects, Metafields, and Environments — fewer moving parts than Contentful's Spaces/Environments/Content Types/Entries split. MongoDB-style query syntax is familiar to full-stack developers, and Merge Requests borrow a Git mental model. No proprietary query language or opaque lifecycle abstractions. Not higher because repeaters, Blocks, and Extensions add a second layer once teams move beyond simple sites.

Docs cover 11+ frameworks (Next.js, Astro, Remix, Nuxt, Svelte, Express, Fastify, RedwoodJS, Vite, Hono, Bun) with quickstarts, and the AI-powered CLI can scaffold an app and deploy to Vercel in a single command. Templates marketplace and guided app creator provide hands-on starting points. Not higher because there is no structured learning path or certification track comparable to Contentful Academy, and video/interactive tutorial coverage is thinner than tier-1 peers.

Dual REST + GraphQL APIs, @cosmicjs/sdk v2.0 with zero dependencies and native fetch, and first-class Next.js/React patterns. No proprietary templating language, no custom SDK abstractions — content consumption is a standard client.objects.find() call that returns JSON. MongoDB-style query operators are ubiquitous in JS. Not higher because schema is UI-managed rather than schema-as-code, which breaks the typical TypeScript-first workflow developers expect from Sanity or Payload.

Official templates cover Next.js marketing site, blog, landing page, and portfolio patterns, and the AI-powered CLI can generate apps with content model + example content + Vercel deployment config baked in. Extensions for Vercel/Netlify/Cloudflare/Render/Kinsta streamline hosting. Not higher because the starter catalog is smaller than Storyblok's or Sanity's, fewer framework-specific starters reach the same polish as the Next.js flagship, and some community starters lag behind the latest framework versions.

Zero-to-working integration needs three values: Bucket slug, Read key, and (for writes) Write key — all obtainable from the dashboard in under a minute. SDK 2.0 has sane defaults, no dependency tree, and environment switching is a single parameter. Simpler than Contentful's Space ID + Delivery Token + Preview Token + Management Token matrix. Not higher because scaling to multi-env workflows adds per-environment key management and webhook configuration overhead.

Adding new metafields is safe and immediate, and 2025 additions (conditional fields, unique constraints, multi-select) reduce schema rework. No equivalent of Contentful's 50-field ceiling. However, schema migrations are predominantly dashboard-driven — there is no first-class migration-script runner comparable to contentful-migration CLI, so changes to populated Object Types require careful manual sequencing and API-scripted rewrites. Field renames propagate as breaking changes to the consuming app's queries.

Preview Links give editors in-context review in draft/published states, but wiring them up requires frontend work — a preview-mode route, draft-aware fetching via the status=any parameter, and a token-guarded preview URL. No plug-and-play visual preview or click-to-edit overlay of the kind Storyblok, Sanity Presentation, or Hygraph's Click-to-Edit now provide. Decent for a developer but not plug-and-play.

A generalist TypeScript/React developer can ship a Cosmic-backed site within hours — no certification, no proprietary query language (MongoDB-style is industry-standard), no custom templating. The SDK surface is tiny. Some familiarity with headless content modeling and Object Type relationships is needed, but the skill curve is flatter than GraphQL-native peers like Hygraph. Not higher because Extensions and Blocks require React component knowledge at the dashboard layer if teams extend the editor UI.

SaaS-only on AWS/Fastly eliminates DevOps, infrastructure, and backend roles. A solo developer can model content, build the frontend, and deploy to Vercel end-to-end; many Cosmic customer stories are 1–2 person teams. Scaling to multi-locale, multi-environment, Merge Request workflows may warrant 2–3 people but not the 5+ role DXP team. In line with peers Sanity/Storyblok on this dimension.

Editors can create and update Objects in existing Object Types without developer involvement, and the 2024-2025 New Content Editor with AI text generation plus Comments (April 2025) improves self-serve editing. However, new page patterns, new component types, or schema changes still require developer work, and without a visual page composer marketers cannot restructure layouts independently. Typical headless cross-functional friction — Merge Requests help reviewer workflow but don't close the structural gap.

Cosmic is SaaS with continuous vendor-managed deployment — no version upgrades for the core platform. However, the v1→v3 transition required customers to run a compatibility report, export bucket data, create a new bucket, and re-import — a non-trivial manual migration rather than a seamless upgrade. Not higher because of that recent forced export/import migration; not lower because the v3 API is stable and the new-dashboard upgrade is advertised as isolated from v1 production.

SaaS vendor-managed infrastructure — CVE patching is handled by Cosmic without customer action. No publicly tracked Cosmic CMS CVEs in CVE databases (the CosmicSting CVE-2024-34102 is unrelated Magento/Adobe Commerce vulnerability). Not higher because Cosmic does not publish formal SOC 2 security advisories or a public security bulletin cadence like larger vendors (Contentful, Contentstack).

Recent history of forced migrations: v1 dashboard/API was sunset with customers required to migrate to the new v3 dashboard via export/import. Cosmic has progressed through v1→v2→v3 API versions in a relatively short window. Not higher because these forced transitions are recent and required customer action; not lower because Cosmic offered a migration assistance program and compatibility report tooling to reduce friction.

SaaS model — near-zero server-side dependencies for the customer. Only the JavaScript SDK (cosmicjs npm package) to maintain client-side. No database, search, cache, or CDN to operate. Not higher because customers still must keep the SDK current and track breaking changes across API versions when upgrading SDKs.

Cosmic provides a public status page (cosmicjs.statuspage.io) with uptime history, incident notifications via email/Slack, and basic usage dashboards in the project UI. Customers still need application-layer monitoring for webhook delivery, API error rates, and quota consumption. Not higher because Cosmic lacks the native APM-grade webhook delivery dashboards and detailed usage analytics seen in larger peers (Contentful, Contentstack).

Cosmic provides revisions and basic workflow but lacks the automated content hygiene tooling (broken-reference alerts, orphan detection, expiry workflows) offered by enterprise headless peers. AI-powered tooling is emerging for content generation but not content governance. Not higher because content operations still rely primarily on editorial discipline; not lower because revisions, media management, and localization reduce some manual burden.

SaaS with global CDN fronting API responses — Cosmic handles caching, scaling, and CDN invalidation. Customers do no query optimization, index tuning, or cache configuration. Not higher because API rate limits require attention and customers must still manage their front-end ISR/SSG cache layer and handle quota-based throttling.

Free plan gets community support only; chat support is available on paid plans; 24/7 dedicated phone/screenshare support is locked to Enterprise tier. This mirrors the typical SaaS headless tiering. Not higher because good synchronous support requires Enterprise; not lower because the chat channel on mid-tier plans is advertised as reasonably responsive and the team is small but engaged.

Cosmic has a smaller community than Tier 1 peers (Contentful, Sanity, Storyblok) — fewer Stack Overflow threads, a Slack/Discord with modest membership, and limited community content. Team members do participate directly. Not higher because Stack Overflow and GitHub discussion volume is thin, so edge-case answers are harder to find; not lower because the Cosmic team is reachable and responsive in public channels.

As a SaaS platform, bug fixes deploy immediately once shipped — the Cosmic changelog shows a steady cadence of weekly/monthly releases through 2025–2026 including AI integrations and dashboard improvements. Not higher because there is less public visibility into bug tracker throughput and critical-bug SLAs than larger vendors publish; not lower because community reviews don't surface consistent complaints about stuck bugs.

Cosmic is explicitly structured-content/developer-first and does not ship a drag-and-drop visual page builder; it positions itself as an alternative to page-builder tools like Builder.io. Marketers can edit page field values and AI Content Agents can auto-generate landing-page copy/images, but creating new layouts still requires developer work on the frontend. That puts Cosmic in the 'marketers can edit content but not create new layouts' band, slightly lifted by AI scaffolding.

No native campaign calendar, multi-channel campaign orchestration, or campaign analytics. Cosmic provides scheduled publishing and AI-agent-scheduled content runs, which is closer to the 'scheduled publishing as the only campaign feature' band typical of headless CMS.

SEO is delivered via an SEO Fields extension/Block rather than built-in first-class SEO fields with validation. No native sitemap generation, redirect management, or canonical/Schema.org tooling — those are left to the frontend. Content model maps cleanly to schema.org (e.g., BlogPosting) but requires manual implementation. Fits the 'manual SEO field creation without built-in validation' band.

No native form builder, lead capture, UTM handling, or conversion tracking. All performance-marketing instrumentation must be built on the frontend or delegated to external tools (HubSpot, Segment, GA4).

No native personalization, audience segmentation, or rule-based targeting engine. Any personalization requires pairing with an external CDP/personalization tool and frontend logic.

No native A/B testing, variant testing, or experimentation framework. Any content experiments must be orchestrated via external tools (Optimizely, VWO, LaunchDarkly) on the frontend.

This is a relative Cosmic strength: AI Content Agents can draft landing pages, blog posts, and images autonomously; Code Agents can open PRs for new pages; multi-agent workflows automate brief-to-publish. Revision history, inline editing, bulk operations, and scheduled publishing are supported. Still relies on developer implementation of new templates, keeping it below best-in-class visual-builder platforms.

Structured content via REST API (sub-100ms) enables web/mobile/email delivery from a single source. Team Agents extend reach into Slack/WhatsApp/Telegram. No native renditions for push/SMS/social channels — each additional channel requires developer integration. Fits the 'web-first with API-based delivery to other channels' band, lifted slightly by agent-based chat distribution.

No native GA4/Adobe/Mixpanel dashboards inside Cosmic; no content-performance or content-decay reporting surfaced in the CMS. Analytics are entirely on the frontend via developer-added tags.

Component-based content modeling (repeaters, relationships, 20+ field types) allows structured brand reuse, but there are no native design-token enforcement, locked component palettes, or restricted-override guardrails at the platform level. Consistency is enforced by frontend implementation and editor discipline.

OG/Twitter card meta can be handled via the SEO Fields extension. No native social scheduling, push-to-social, or UGC embed workflows. AI Content Agents can generate social copy but do not publish to social networks directly.

Cosmic has a media library with imgix-backed image transforms (resize/crop/format), tagging/folders, and AI-generated alt text in bulk. No usage tracking, rights management, or full DAM capabilities. Covers basic DAM needs but not enterprise marketing asset governance.

Localization is a paid add-on ($99/mo standalone, $199/mo bundle) supporting 400+ locales as first-class in the content model with locale-aware API queries. AI Workflows can propagate source-language updates to all localized versions automatically. No native transcreation workflow or locale-specific campaign variant tooling, but practical for most marketing localization.

Shopify integration is documented; Slack/WhatsApp/Telegram via Team Agents. Webhooks are an add-on ($99/mo). No pre-built CRM (Salesforce), MAP (Marketo, Pardot), or CDP connectors — integrations with those are custom via API/webhooks. Fits the 'some integrations plus generic webhook/API' band, at the low end.

Flexible content modeling with repeaters, relationships, and nested objects enables custom product-content types (PDP, category, variants, attributes). Not purpose-built for commerce — no product attribute library, variant inheritance, or PIM-grade features. Generic modeling repurposed for product content fits the 40–60 band.

No native merchandising: no category management UI, no cross-sell/upsell tooling, no search merchandising, no product spotlight curation. These belong to the paired commerce platform (e.g., Shopify), not Cosmic.

Documented Shopify integration with pattern of mirroring product data into Cosmic for faster delivery (reports of 300ms→50ms). Integration is API-based and typically implemented per project rather than via a native product-picker UI in the editor or deep real-time federation. No first-class connectors for commercetools, SFCC, or BigCommerce.

Rich content modeling supports buying guides, lookbooks, and editorial pages. Product embeds are possible via relationship fields but shoppable-content authoring is not a first-class pattern — no inline product picker with purchase CTA component out of the box.

Cart/checkout in a Cosmic+Shopify setup lives in the commerce platform; Cosmic can host banners, trust badges, and shipping callouts as content but there is no native pattern for injecting CMS content into transactional flows.

No documented post-purchase content features (order-confirmation editorial, onboarding sequences, loyalty content tied to order events). Would require custom build on top of the commerce platform's order webhooks.

Basic role-based access control (Admin/Developer/Editor) and API key management, but no B2B-specific features: no account-based catalog gating, no customer-specific pricing display, no quote-request flows, no gated spec-sheet delivery.

Query-based API filtering is available but there is no native faceted search, synonym management, search-landing-page generation, or blended content+product search. Typical implementations add Algolia or similar on the frontend.

Scheduled publishing enables time-activated banners and promo blocks. No native countdown timers, channel-specific targeting, or tiered-pricing table automation. AI agents can schedule promotional content generation.

Multi-bucket architecture supports separate storefronts per brand/region. Merge-to-another-bucket allows content movement. No native pattern for shared product content across storefronts with storefront-specific editorial overlay — content duplication across buckets is the norm.

imgix-powered image transforms, AI image/video generation, basic galleries and video embeds. No native 360-degree view, AR/3D model, or hotspot/zoom tooling — those require frontend libraries or third-party media services.

Multi-author content and role-based permissions allow basic marketplace-style content, but no seller-profile management, review aggregation, or moderation-at-scale tooling. Not marketplace-specific.

Localization add-on enables locale-specific product content at the content layer. Not commerce-specific — no currency-aware content blocks, regional regulatory content (EU labels, Prop 65), or market promo calendars built in.

No native content-to-revenue attribution, conversion tracking, or product-content performance dashboard in the CMS. All commerce analytics live in the paired commerce platform or external analytics stack.

Three predefined roles (Admin, Developer, Editor) with RBAC on content management and separate read/write API keys. No audience-based content visibility for end users, no field-level sensitivity, no department-level audience targeting. SSO is Enterprise-tier only.

Revision history (add-on), content approval workflows, and flexible modeling support knowledge-article structures. No native content lifecycle (review dates, expiry, ownership assignment), and no knowledge-specific taxonomy tooling.

Pure headless CMS, not purpose-built or adapted for employee portals. Building a full EX portal (news feed, directory, notifications, personalized dashboards, mobile app) requires extensive custom frontend development.

No targeted internal-comms tooling: no read receipts, acknowledgment tracking, or mandatory-read workflows. Content could be modeled as internal announcements but distribution, targeting, and tracking are not built in.

No native people directory, org chart, or HRIS connector (Workday, BambooHR). A directory could be modeled as a content type but requires full custom build.

Revision history (add-on) provides version control; approval workflows available. No mandatory acknowledgment tracking, no automated review/expiry reminders, no audit-grade policy management.

No onboarding-specific features (role-based paths, 30/60/90-day progressive disclosure, HR-triggered new-hire portals). Would be a from-scratch frontend build.

Basic API-level query/filter support. No federated search across SharePoint/Confluence/Drive, no AI-relevance ranking, no faceted-filtering UI, no search analytics. Enterprise-search use cases require pairing with a dedicated search platform.

No native mobile app for editors or employees; sub-100ms REST API supports responsive frontend delivery. Team Agents in WhatsApp/Telegram/Slack give a distinct chat-based mobile access path but are agent interactions rather than a deskless-worker app.

No LMS integration (Cornerstone, Workday Learning), no native micro-learning, no completion/certification tracking. Training content can be authored as content types but tracking is out of scope.

Editor-side collaboration (comments, approvals) exists for content teams, but no end-user social layer: no public comments, reactions, forums, polls, or recognition tooling.

Team Agents run inside Slack, WhatsApp, and Telegram with persistent memory and custom personas, executing content tasks from chat. Not a full Teams/Google Workspace embedded-card experience, but the chat-native agent integration is stronger than most headless CMS peers — fits the middle 35–55 band at the top end.

Scheduled publishing and revision history (add-on) enable basic expiry and versioning. No automated review-date reminders, stale-content flagging, or ownership-assignment workflows for intranet trust.

No native internal analytics: no department-level views, failed-search tracking, engagement heatmaps, or adoption dashboards. Any internal analytics must be built on the frontend.

Cosmic's Bucket-per-brand model gives clean silo-based isolation: independent content models, environments, and API keys per Bucket, with no cross-bucket data leakage. It is not a native multi-tenant data model (no shared schema with row-level tenancy), placing it in the 55–70 silo-based-isolation band.

Merge-to-another-bucket allows copying object types and content between buckets, but no native live-shared global content or design tokens across brands. Updates to a 'global' component must be propagated by merge/import. Frontend component libraries can be shared at the codebase level.

Workspace layer provides central user/team management across multiple buckets with granular roles, and API key management per bucket. No cross-brand enforced content standards, cross-brand approval chains, or global policy config — governance is per-bucket.

Included buckets scale by plan (up to 5 free for testing; more on paid plans). Paid plans bundle objects/AI tokens with multiple buckets, giving modest economies of scale, but adding many brand buckets generally pushes into higher tiers. Not strong volume discounting, not strictly linear per-brand licensing.

Each bucket can define its own brand theme-token content types consumed by the frontend. No platform-level theming engine that applies per-brand styles to shared rendered components. Theming is effectively frontend configuration per brand.

Localization add-on enables per-locale content in each bucket. No brand-aware translation approval workflow or regional legal governance layered on top. Brand × locale governance is handled manually per bucket.

No portfolio-level analytics or cross-bucket content-performance dashboards. Any aggregation is manual via external analytics.

Each bucket configures its own approval flow, scheduled publishing, and agent automations. Central audit across brand workflows is limited. Fits the 30–50 'some workflow variants per brand' band, lifted by per-bucket autonomy.

Merge-to-another-bucket enables copying content across environments/brands with the option to adapt downstream. Not a live corporate-to-brand push with override control — more of an import/copy model.

No per-brand compliance rules, GDPR-consent tooling, cookie-policy management, or publishing guardrails. Compliance is implemented outside the CMS. SOC 2 infrastructure-level compliance is baseline and applies to all buckets.

No platform-level design-system registry with brand-extension and version propagation. Design systems are maintained in frontend codebases and consumed across brand sites.

Cosmic Workspace provides central admin across multiple buckets with team members and per-bucket roles. SSO is Enterprise-only. Solid central + per-brand role model, but not granular cross-bucket contributor roles or shared permission sets.

Object types can be merged/cloned between buckets to start from a shared base, but there is no inheritance model where a global schema is extended per brand without forking. Changes to a shared model must be re-propagated manually.

No executive portfolio reporting (freshness by brand, SLA adherence, cost allocation, capacity planning) inside Cosmic. Per-bucket views only; aggregation is a manual exercise.

Cosmic hosts on AWS eu-west-1 providing an EU residency option, but the security page contains no link to a published DPA, SCCs, or a sub-processor list, and privacy/legal URLs return 404. Basic GDPR awareness is implied via account deletion on request, but the absence of a discoverable DPA and sub-processor inventory keeps this below the DPA-anchored band.

No BAA is advertised, no HIPAA-eligible infrastructure tier exists, and no healthcare guidance appears in documentation. Cosmic is not positioned for PHI workloads.

No FedRAMP, IRAP, C5, PIPEDA, LGPD, PCI-DSS, or HITRUST references are published. Absent DPA language, even CCPA/UK GDPR coverage is not demonstrable beyond inheriting AWS posture.

No public reference to SOC 2 Type 1 or Type 2 attestation exists on the Cosmic security page, enterprise page, or features page. For a SaaS CMS, absence of a published SOC 2 is a material gap versus peers (Sanity, Contentful, Storyblok, Kontent).

No ISO 27001 platform-scope certification is published. Underlying AWS infrastructure carries ISO 27001/27017/27018, but per anti-patterns that inheritance does not transfer to the SaaS platform itself.

No CSA STAR, PCI DSS, Cyber Essentials, FedRAMP, IRAP, ENS, or C5 evidence found. Base score reflects the absence of any meaningful additional certifications.

Cosmic offers four AWS regions spanning US, EU, and APAC with automatic failover, which is strong for a Tier 2 headless CMS. However, no contractual residency guarantee language is published and CDN caching via Fastly may egress data from the elected region.

Full import/export via REST API and CLI is advertised as 'data portability.' Deletion, however, is a support-ticket flow ('request deletion via [email protected]') rather than a self-service portal, and the post-termination retention window is not documented.

Cosmic lists 'audit logs' and 'activity logs' plus revision history as enterprise features, suggesting basic who-did-what visibility. However, no SIEM push, log export API, or configurable retention period is documented, keeping this in the basic-logs band.

No published WCAG 2.1 AA conformance statement or ATAG 2.0 reference for the Cosmic authoring dashboard was found. The only accessibility content on the site concerns delivered-content features (AI-generated alt text, TTS), not the editor UI.

No VPAT, ACR, Section 508 conformance statement, or accessibility page is published for Cosmic. Procurement teams requiring an accessibility conformance report would have no artifact to attach.

Cosmic ships native AI text generation with real-time streaming (March 2025), an AI Content Studio (August 2025), and the Cosmic Content Assistant for SEO-friendly long-form content. Brand Guidelines (October 2025) enforce voice/style across generated content, and the API exposes multiple top-tier models (Claude Opus/Sonnet 4.5, Gemini 3.1 Pro, GPT-5 series) with chat/message support. Held below 85 because bulk editorial workflows and prompt template libraries are less formalized than Contentful AI Actions or Sanity Create.

Native image generation via Gemini 3.1 Flash Image and DALL-E 3 (up to 4K, reference-image consistency up to 14 images), native AI video via Veo 3.1 with 720p/1080p and extend endpoint, OpenAI TTS with 9 voices, plus AI-generated alt text including bulk. Generated media is auto-stored in the bucket with alt_text, folder, and metadata fields. One of the most complete media-AI stacks in the headless CMS market — score capped shy of 90 because there is no built-in Firefly-equivalent IP-safe generator or smart focal-point cropping specifically marketed.

Cosmic Intelligence provides native 'auto translate content with AI' directly in the dashboard, executed via the same multi-model AI layer (Claude/Gemini/GPT) so brand voice is preserved via Brand Guidelines. No dedicated TMS-grade features like per-segment quality scoring, translation memory, or glossary enforcement are surfaced. Score reflects a capable in-platform MT experience that stops short of a purpose-built localization engine.

Auto alt-text generation (including bulk), AI summaries, and SEO-optimized content generation are built into Cosmic Intelligence and exposed via the AI API. The Content Assistant explicitly targets SEO-friendly blog posts. No dedicated on-page SEO scoring dashboard, schema.org markup suggestions, or title/meta-description optimizer with competitive analysis surfaced in docs — so Cosmic covers generation but not measurement.

Content Agents run on schedules (hourly/daily/weekly/monthly) or webhook triggers to autonomously create, enrich, and publish content; multi-step workflows support sequential and parallel execution with real-time logging. Bulk alt text, bulk content generation, and scheduled publishing via agents are all GA. Score held below 80 because some traditional ops features (auto-tagging taxonomies, duplicate detection, content routing rules) are not explicitly marketed.

Launched December 2025, Cosmic ships four named production agent products: Team Agents (Slack/WhatsApp/Telegram with persistent memory), Content Agents (schedule/webhook-driven content creation and publishing), Code Agents (GitHub PRs), and Computer Use Agents (visual browser automation). Plans meter agents (15 on Team, 25 on Business) and agents participate in multi-step workflows with approval gates. Positions Cosmic at the agentic-first tier alongside Contentstack Agent OS; shy of 85 because the ecosystem/agent marketplace is still nascent.

Cosmic Intelligence includes media asset chat (ask questions of PDFs/spreadsheets), AI summaries, and content-model generation from descriptions, which provide some content understanding. However, there is no built-in content gap analysis, topic clustering, stale-content detection, or editorial priority dashboard marketed today. Most intelligence is reactive (chat/ask) rather than proactive scoring.

Brand Guidelines (Oct 2025) provide AI-enforced brand voice compliance across generation, and Cosmic's platform-level content policy blocks disallowed outputs (celebrities, copyright, policy violations) with SynthID watermarking on generated video. No comprehensive audit scanner for accessibility, thin content, or compliance across existing published pages is advertised — auditing is focused on what AI produces, not what exists.

Cosmic's content API is RAG-ready (clean JSON, media-aware, usable by LLM context windows) and the MCP server exposes objects for retrieval, but there is no native vector embedding store, semantic search endpoint, or hybrid ranker shipped by Cosmic. Developers can feed Cosmic content into external vector DBs but must build that layer themselves. Score reflects RAG-friendly architecture without a native semantic search product.

Cosmic does not ship an ML-driven personalization engine: no audience scoring, predictive segment assignment, next-best-content recommendations, or CDP. As a pure headless CMS it expects personalization to happen in the presentation layer or via a dedicated CDP (Segment, Hightouch, etc.). Score sits at the typical 'no AI personalization' floor for headless CMS peers.

Cosmic ships an official production MCP server that exposes objects, media uploads, schema modifications, and AI content generation as tools for Claude/Cursor and any MCP-compatible client. Schema-aware with read/write/publish operations. Places Cosmic alongside Contentful, Hygraph, and Storyblok in the official-MCP tier; capped below 85 pending evidence of granular permission scopes and multi-tenant governance within the MCP layer.

Cosmic offers extensive model choice (Claude Opus/Sonnet/Haiku, Gemini 3.1 Pro, GPT-5 series, o-series reasoning, DALL-E 3, Veo 3.1, OpenAI TTS) but all access is brokered and metered through Cosmic's token system — there is no BYOK configuration, no custom endpoint support, and no data-residency controls surfaced. Users pick models but cannot supply their own API keys or connect fine-tuned/private deployments. Score reflects partial model flexibility without true BYOK.

Dedicated AI endpoints for text/image/video/audio, official JavaScript SDK with streaming iterators, MCP server for agent tooling, webhook-driven agent triggers, and a full agent platform with four agent types addressable programmatically. REST content API is structured and LLM-friendly; MCP gives drop-in LangChain/Cursor/Claude Desktop compatibility. Score held below 85 because no first-party LangChain/LlamaIndex integration guides or vector-index tooling were found.

AI activity logs expose prompt-level history to admins, Brand Guidelines provide centrally-enforced brand/style governance, platform-level content policies block disallowed generations (celebrities/copyright), and Veo videos carry SynthID watermarks. Human-in-the-loop is supported via agent approval gates. Held below 70 because IP indemnification for AI outputs, formal hallucination/confidence scoring, and prompt-template governance libraries are not documented as Contentful/Sitecore offer.

Dashboard Usage section tracks AI token consumption with input/output split, plan-based allowances (e.g., 300K free, 2M on Team, 6M on Business), token-pack overages at $9.50/M, and per-team usage monitoring. AI Agent limits are metered per plan. Score held below 75 because prompt-effectiveness analytics, model performance dashboards, and quality-trend monitoring specific to AI output are not surfaced today.