Directus

Directus maps all DB column types to a rich field set: string/text, number, datetime, boolean, JSON, UUID, geospatial (GeoJSON), file, and alias/relational fields. Schema-as-code is first-class via `directus schema snapshot` (YAML/JSON export) and `schema apply` with diff-based migration, enabling CI/CD environment promotion. Repeater fields handle nested JSON arrays; M2A handles polymorphic references. v11.17 added a translation utility endpoint that auto-generates translation collections and fields, streamlining multilingual schema setup. Not quite 80+ because geospatial requires DB-level extension support and union-typed fields beyond M2A are limited.

Directus natively supports M2O, O2M, M2M (auto-created junction table), and M2A (Many-to-Any — polymorphic references across multiple collections). M2O/O2M pairs are surfaced bidirectionally in the data model. M2A is the key differentiator, enabling one field to reference items from any number of collections by storing collection name + item ID in the junction. v11.17 improved GraphQL named fragments to preserve M2A type information. Fully queryable from both sides and foundational for block-based page building.

Block-based composition is achieved via M2A relationships — create block-type collections (hero, text, CTA, etc.) and an M2A field on the page collection. Repeater fields handle simple inline sub-object arrays. Community extension `directus-extension-flexible-editor` integrates Tiptap with M2A relation nodes for embedded structured blocks within rich text. Prevents a higher score: nested repeaters (repeater-in-repeater) are not natively supported; the block system requires developer setup rather than being a turnkey feature.

Built-in validations include required, unique, regex (with custom error messages), min/max for numeric and text, and conditional validation — field-level conditions that change required/validation rules based on the values of other fields in the same item. Validations fire on create/update via the app or API. Custom validation beyond regex is possible via Flows (event-driven automations) or custom API extension hooks. Conditional cross-field validation is a genuine strength that pushes this into the 70+ range.

Named content versions with a global reserved draft version automatically available when versioning is enabled — provides a dedicated workspace for making changes before publishing to main. Granular revision history with diff highlighting and color-coded comparison modal when promoting versions. Promote-to-main workflow for publishing. Both Live Preview and Visual Editor support version-aware previews via `{{$version}}` template variable. Configurable retention policies for revision cleanup. No formal Git-style content branching or native scheduled publishing limits the score.

Directus Visual Editor uses `@directus/visual-editing` frontend library to mark editable elements with `data-directus` attributes, rendering the site in an iframe within the Studio module. Editors can navigate the live site and edit linked items in-place with immediate visual feedback. v11.15 added AI Assistant sidebar; v11.16 added field permission and version access checks. However, the Visual Editor focuses on editing existing content in context — it is not a drag-and-drop page builder. No native component rearrangement or layout management for non-technical users.

Native built-in editors (WYSIWYG and Markdown interfaces) output HTML string and Markdown string respectively — neither outputs a portable AST. Multiple community Tiptap extensions exist: `directus-extension-flexible-editor` outputs ProseMirror JSON AST with embedded M2A relation nodes; `@bicou/directus-extension-tiptap` also supports JSON or HTML storage. No changes to core rich text in v11.16–v11.17. Because AST output requires third-party extensions not bundled in core, the native experience scores in the adequate range.

Directus wraps the Sharp library for on-the-fly image transforms via URL parameters — resize, crop, format conversion, quality, blur, and more. WebP and AVIF both natively supported (`?format=webp`, `?format=avif`). Focal point stored per file (`focal_point_x/y`) and applied automatically during crop. Transformation presets definable by admins and referenced by name. Folder organization, metadata, alt text, tags. v11.17 improved background data imports with configurable concurrency and timeout. The gap to 80+ is the absence of a built-in managed CDN for assets (in self-hosted) and no native DAM-level features like rights management.

Native real-time collaborative editing in core since v11.15 (February 2026). Multiple users can edit the same record simultaneously; field-level locking prevents last-write-wins conflicts; presence indicators show user avatars in the item header and next to specific fields being edited. WebSocket-backed with Redis for multi-instance deployments. Promoted from community extension to core for deeper platform integration. Falls just short of 80+ because field-level locking (not true simultaneous per-character co-editing like Google Docs).

Workflows are constructed from status fields + Flows (event-driven automations) + role-based permissions that restrict state transitions. Multi-stage approval is achievable: writers submit, a Flow notifies reviewers, permissions block publishing until approved. Manual Flow triggers with confirmation modals collect additional input at workflow steps. New official integration guides for n8n and Zapier provide documented paths to extend workflow automation with visual workflow builders, expanding the ecosystem. Functional but still requires significant configuration effort for native workflows; no visual BPMN-style workflow designer in core.

Both REST and GraphQL are first-class citizens, auto-generated from the data model — neither is secondary. REST filter syntax supports logical operators (`_and`, `_or`, `_not`), deep filtering on relations, aggregation, field selection, sorting, and limit/offset pagination. GraphQL supports the same with subscriptions via WebSockets for real-time data. Official TypeScript-first SDK (`@directus/sdk`) with composables for `rest()`, `graphql()`, and `realtime()`. v11.17 improved GraphQL named fragments to preserve M2A type information and added resolver deduplication for performance. Native MCP support since v11.13.

Directus Cloud (managed hosting) includes a global CDN as part of its infrastructure. Self-hosted Directus has no built-in CDN — the recommended pattern is placing Cloudflare or Fastly in front with correct `Cache-Control` headers. Server-side caching via Redis or in-memory reduces origin load. v11.17 added cache clear CLI command with system and data flags. New official Vercel and Netlify integration guides provide deployment orchestration (trigger builds, monitor status) but not CDN or edge delivery capabilities. No documented sub-second cache purge or edge computing capabilities.

Flows are the sole automation system with five trigger types: event hook (item CRUD, file upload, login, errors), incoming webhook (GET/POST with async response option), CRON schedule, another flow, and manual trigger. Filter hooks are blocking (can transform/reject); action hooks are fire-and-forget. Official n8n integration adds a dedicated Directus Trigger node for event-driven external workflows, expanding the event consumption ecosystem. Key gaps remain: no native HMAC signing on outgoing payloads and no built-in retry logic for failed webhook deliveries.

Directus is database-first and API-first — all content accessible via REST and GraphQL with no coupled frontend. Official `@directus/sdk` is TypeScript-first, isomorphic, modular, supporting REST, GraphQL, and real-time WebSocket subscriptions. Official starters for Next.js, Nuxt, SvelteKit, Astro, and React Native. v11.17 added translation utility endpoint for auto-generating translation collections. New Framer integration enables bi-directional content sync. Community SDKs for Python, Go, Dart/Flutter exist but are not officially maintained. Score held below 80 because the official SDK covers only JS/TS natively and rich text output is HTML/Markdown (not AST) in core.

Directus has no native audience segmentation engine. The platform's own blog post ('Is Your CMS Ready for AI & Personalization?') explicitly frames Directus as the infrastructure layer where segment metadata can be stored, not as the segmentation engine itself. All targeting logic must live in the delivery layer. No official CDP integrations documented.

Directus can store content variants as separate items with metadata fields for targeting rules, but there is no native variant-serving mechanism, in-editor preview per audience, or decision engine. Personalization requires a fully external implementation (edge function, CDN logic, or third-party tool). No official first-party personalization integrations exist.

No native A/B or multivariate testing capability. Directus is a content repository only; experimentation logic, traffic allocation, and results reporting all require fully external tools. No documented integration with Optimizely Web, LaunchDarkly, or similar platforms.

No algorithmic content recommendation engine exists in Directus. The platform provides no ML-based, collaborative filtering, or weighted editorial recommendation layer. Manual content curation is possible via editorial tooling but there is no algorithmic support whatsoever.

Directus provides a basic `?search=` query parameter that performs case-insensitive LIKE queries across string fields. There is no relevance ranking, typo tolerance, faceting, autocomplete, or semantic matching. This is filter-level search at best, not a search engine.

Directus has official Algolia and Elasticsearch Operations in the Marketplace, enabling Flows to create, update, delete, and search records in both platforms natively without custom code. The community extension `directus-extension-searchsync` has long supported both engines. This is a first-class integration path.

Directus has no native commerce module — no product catalog, cart, pricing, inventory, or order management. This is by explicit design. GitHub discussion #16778 confirms that commerce logic is intentionally deferred to dedicated commerce platforms.

No official pre-built connectors to Shopify, commercetools, or BigCommerce with product picker UIs. Directus has a documented 'Built With Directus' PIM showcase for Shopify showing an architecture pattern. The new Zapier beta integration and n8n verified node enable Shopify automation workflows, but these are iPaaS bridges without product picker UI or live data federation. No Marketplace connector for commercetools, BigCommerce, or Salesforce Commerce Cloud.

Directus's flexible schema builder handles product-specific field patterns well — rich text, images (via File Library), relational attributes, translations, and variant structures are all native. Multiple 'Built With Directus' showcases demonstrate fashion/e-commerce PIM architectures. This is a generic content model repurposed for products rather than a product-specific content type system.

Directus Insights provides customizable dashboards over data stored in the Directus database — this is data visualization of your own content data, not content performance analytics. There is no tracking of consumer page views, engagement, or content health. A community Marketplace extension adds API activity and storage usage metrics. No content performance loop exists.

No official GA4, Segment, or Amplitude first-party integrations. However, the new official Zapier beta integration and n8n verified node provide documented iPaaS paths to analytics platforms without requiring custom webhook code. Directus Flows can also emit webhooks on content operations. This is iPaaS-mediated integration, not a native analytics connector, but materially easier than raw webhook-only patterns.

Multi-site is achievable via a single Directus instance with RBAC and row-level permissions (dynamic variables scope data per site/brand). A Directus TV episode ('Mission: Multisite CMS') documents the architecture pattern. However, there is no dedicated multi-site UI module, no shared component library tooling, and no centralized governance dashboard — this is a DIY RBAC pattern, not a native multi-site product.

Directus provides native field-level translations via a Translations relational field that auto-generates junction tables per collection. All locales are managed within a single item view; editors can work on individual locales without affecting others. The admin UI itself supports 55 languages. v11.17 added a translation collections utility endpoint and UI to auto-generate translation collections and fields. ISO locale codes are supported throughout.

Crowdin has an official first-party integration with documented tutorial and Crowdin Marketplace app for auto-syncing source strings and translations. Localazy also has an official plugin. However, Phrase (Memsource), Smartling, and Lokalise have no official first-party integrations — those require custom Flows/webhooks. Two official TMS integrations is solid for a tier-2 open source platform.

Multi-brand management is handled through Directus RBAC — roles per brand, row-level permissions, custom access policies. There is no dedicated brand governance module, no cross-brand approval workflow tooling, and no global style/policy enforcement dashboard. Organization-level management without cross-brand policy enforcement.

Directus File Library provides folder hierarchy, automatic EXIF/IPTC/ICC metadata extraction on ingest, custom metadata fields, bulk operations, tag-based browsing, and RBAC-based file/folder access control. Content Versioning tracks item deltas but this is not file-level asset versioning. No rights management, expiry/licensing controls, or usage tracking across content. A solid mid-tier asset library, not a purpose-built DAM.

Directus performs on-the-fly image transforms server-side via Sharp: resize, crop, fit modes (cover/contain/inside/outside), WebP/AVIF auto-format, quality, blur, rotate, focal point preservation, and configurable transform presets. Transformed images are cached after first generation. No built-in CDN — you bring your own; Cloudinary storage adapter adds CDN capabilities. Strong transforms without native global delivery.

No native video hosting, transcoding, or adaptive streaming. Video is treated as a generic file upload with no thumbnail generation, caption management, or bitrate delivery. A community extension (Transcode Video Operation) provides HLS conversion and thumbnail extraction but is third-party and requires self-hosted setup. Common pattern is integrating Mux, Cloudflare Stream, or Bunny.net externally.

Directus has two partial visual editing capabilities: Visual Editor (in-place editing via `data-directus` HTML attributes — renders your frontend in an iframe for click-to-edit fields, requires developer integration) and Dynamic Page Builder (M2A schema-driven block assembly — non-technical users assemble pages from pre-defined block collections, no drag-and-drop layout). The Block Editor field uses Editor.js for structured content. No Webflow-style drag-and-drop layout designer exists; visual editing requires developer setup of the `directus/visual-editing` library.

Configurable multi-step approval workflows are achievable via Flows + field-level permissions: status dropdown fields (draft → under review → published), role-based stage gates enforced by permission presets, Flow automation for notifications and pause-and-wait approval callbacks. Inngest integration is documented for complex workflows. No native visual workflow designer — setup requires admin configuration. Genuinely flexible but not a turnkey workflow product.

Scheduled publishing is achievable via Flows with a CRON trigger: a schedule trigger runs at configured intervals, finds items where `date_published` ≤ NOW, and updates status to published — polling-based, not exact-timestamp. A calendar layout view exists in Data Studio for date-based content browsing. A third-party Schedule extension (dirextensions.com) adds a scheduling UI with start/end dates. No native one-click 'Publish at...' UI, no atomic release bundles, no embargo/expiry in core.

Native collaborative editing shipped in v11.15 (February 2026): field-level locking (fields lock while another user is editing), real-time presence indicators (user avatars showing who is active on the page and which field they're in), WebSocket-based sync, Redis support for clustered multi-instance deployments. Works across collections, file library, and relational fields. No native inline commenting or @mentions — activity log tracks changes but is not threaded discussion.

No native form builder in Directus. The recommended pattern is to model forms as Directus collections (fields define form fields, a submissions collection stores responses) and render the form in a custom frontend. There is no WYSIWYG form builder, no conditional logic engine, no CAPTCHA integration, no progressive profiling, and no form analytics in core. No mature community form builder extension exists.

Directus Flows can send transactional emails via SMTP as a built-in operation. No official pre-built connectors to Mailchimp, HubSpot, Marketo, or Brevo exist in the Marketplace. The new Zapier beta integration and n8n verified node provide iPaaS paths to ESPs without custom code, marginally improving the story over pure webhook-based integration. Still no subscriber list sync, email template builder, or campaign orchestration in core.

No native marketing automation capability. Directus Flows is a general-purpose content workflow automation engine (content events → HTTP calls, emails, scripts) — it is not a marketing platform with lead scoring, drip campaign orchestration, behavioral triggers from visitor activity, or lifecycle stage management. Not comparable to HubSpot or Bloomreach's built-in automation.

No native CDP, no official Segment/mParticle/Tealium/Bloomreach CDP integration. Directus Flows can emit webhooks to external systems on content events, enabling custom event streaming to a CDP. No unified customer profiles are available within the CMS, no audience sync for personalization, and no real-time identity resolution. Zapier/n8n provide iPaaS paths but no first-party CDP connector exists.

Directus has an in-app Marketplace backed by the npm registry covering 7 extension types (interfaces, displays, layouts, modules, panels, hooks, operations). The official directus-labs/extensions GitHub repo provides experimental first-party extensions. New in 2026: Directus now has an official integrations documentation section with guides for n8n, Clay, Zapier (beta), Vercel, Netlify, and Framer — showing ecosystem maturation beyond just the Marketplace. The Zapier beta integration alone opens 6000+ app connections. Still smaller than Contentful or Storyblok's ecosystems but growing meaningfully.

Directus Flows provides a comprehensive event-driven automation engine: 5 trigger types (Event Hook on any collection CRUD/login/error, inbound Webhook, Schedule/CRON, Another Flow, Manual button), HTTP Request operations for outbound calls. v11.16 added a Deployment module with real-time webhook status for Vercel/Netlify deployments and role-based deployment access. Official Zapier triggers and n8n trigger nodes now provide documented event-driven integration paths. No native Kafka/EventBridge/Pub-Sub streaming; no signed payload verification confirmed.

Directus has native Live Preview: configurable preview URL patterns per collection (dynamic `{id}`, `{slug}` tokens), Next.js Draft Mode integration passing version parameters, Content Versioning + Preview (preview named versions before publishing). Visual Editor renders the frontend in an iframe for in-place editing. v11.16 added global draft versions (auto-draft per versioned item). Preview URLs can be shared with stakeholders. No branch-per-environment workflow or built-in multi-channel preview console.

Directus has one of the most granular permission systems in the headless CMS space: custom roles with multiple Policies applied additively, collection-level CRUD+share permissions, field-level read/write access per role, row-level security with dynamic variable filters, field presets and validation enforced per role, IP address/CIDR allowlisting per policy, native SSO (OAuth2/OIDC/LDAP/SAML multi-provider), built-in 2FA. v11.16 extended RBAC to the Deployment module. No SCIM user lifecycle provisioning — a gap for enterprise identity management that keeps this from 80+.

Directus provides both REST and GraphQL APIs with documented behavior parity — a single query can retrieve multiple related data points via either protocol. The API reference at directus.io/docs/api is comprehensive, with examples across REST, GraphQL, and SDK in every endpoint section. v11.17 improved GraphQL resolver deduplication and M2A type preservation. No built-in interactive playground ships with Directus (third-party GraphQL explorers required), keeping it below 85.

Directus Cloud is backed by AWS with Redis-based distributed caching, CDN asset delivery, and auto-scaling across multiple availability zones. v11.17 added Redis namespace control support. However, public documentation on specific rate limits, API call-per-second ceilings, or documented scale limits for entries remains sparse. Self-hosted deployments inherit whatever infrastructure the user configures. Adequate for most workloads but lacks the explicit performance guarantees that tier-1 SaaS CMSes publish.

The official @directus/sdk on npm is TypeScript-first, modular, and dependency-free with strong type safety. Beyond JavaScript/TypeScript, all other language SDKs (Python, PHP, Go) are community-maintained, not official. This limits the score to the 50–55 range — one excellent official SDK but no multi-language official coverage.

Directus now has 6 dedicated integration guides: native Vercel and Netlify deployment modules (built-in with real-time build status), Zapier (beta) opening thousands of app connections, n8n community node for workflow automation, Clay for data enrichment, and Framer for bidirectional CMS sync. v11.17 enhanced deployment integrations with provider dashboard links. The ecosystem is broadening beyond UI/workflow extensions but still lacks pre-built integrations for commerce, DAM, and analytics categories.

Directus has a comprehensive extension system covering custom API endpoints, server-side hooks (on database events, schedules, lifecycle), App Extensions (interfaces, displays, panels, modules, layouts, themes), Operations for Flows, and the CLI scaffolds all extension types. v11.17 added Themes as a formalized extension type for visual customization. The Marketplace allows publishing and the extension architecture runs within the same environment as the main application, giving direct access to underlying services.

Directus supports SSO via OAuth 2.0, OIDC, LDAP, and SAML 2.0, plus MFA and API token management. v11.17 added OpenID/OAuth2 cookie security attribute configuration for enhanced session security. On self-hosted, SSO is freely configurable via environment variables. On Directus Cloud, SSO configuration requires Enterprise tier. MFA is supported natively. Score reflects functional SSO but enterprise-gated on cloud.

Directus v11 introduced a Policy-based additive permissions system on top of its existing RBAC. Permissions are scoped to collection + item + field level with custom filter rules for both read and write access, content-instance-level access control (see only records you own), and default value injection. Field-level permissions with different allowed fields per action make this one of the most granular permission models in the open-source CMS space.

Directus Cloud achieved SOC 2 Type II certification in July 2025. GDPR compliance is documented and cloud infrastructure providers (AWS) hold ISO 27001 and SOC 2 Type II. EU data residency is not explicitly advertised. No HIPAA BAA offering found. No direct ISO 27001 certification from Directus. This places Directus in the SOC 2 Type II + GDPR tier without its own ISO 27001 or HIPAA.

Security posture has worsened. On April 2, 2026, four new HIGH-severity advisories were disclosed: TUS upload authorization bypass allowing arbitrary file overwrite (GHSA-qqmv-5p3g-px89), unauthenticated DoS via GraphQL alias amplification (GHSA-6q22-g298-grjh), SSRF protection bypass via IPv6 (GHSA-wv3h-5fx7-966h), and authenticated field extraction via aggregate queries (GHSA-38hg-ww64-rrwc). Multiple moderate issues also disclosed (OAuth/SAML redirect bypass, schema disclosure, open redirect in 2FA). Combined with 2025 CVEs including the CVSS 9.3 critical (CVE-2025-55746), this represents a concerning pattern of recurring high-severity vulnerabilities. No public bug bounty program.

Directus is open-source with official Docker images on Docker Hub and GitHub Container Registry, enabling full self-hosted deployments on any infrastructure. Directus Cloud (managed SaaS on AWS) is also available, though the Starter tier was retired in November 2025. This both/either flexibility is the maximum deployment optionality and scores at the top of the 70–80 range. Private cloud deployment is straightforward given the Docker-first architecture.

Enterprise Cloud offers a 99.99% uptime SLA with dedicated single-tenant servers and infrastructure region selection. Self-service cloud customers still receive no uptime guarantee. Public status page at status.directus.cloud provides transparency. The Starter tier retirement (Nov 2025) narrows cloud options. The enterprise SLA upgrade to 99.99% is a positive signal but the lack of any SLA for non-enterprise cloud caps the overall score.

Directus Cloud uses AWS with multiple availability zones, Redis distributed caching (v11.17 added namespace support), auto-scaling, and a global CDN. Enterprise Cloud runs on dedicated single-tenant servers. The platform imposes no hard limits on users, collections, or data volume. v11.17 added configurable import timeouts and concurrency limits. However, explicit documented benchmarks, API call-per-second ceilings, or published enterprise reference customers at hyperscale remain unavailable.

Directus Cloud offers automated backups. Self-hosted deployments can use S3-compatible automated backups. Schema snapshot and schema apply commands enable schema version control. The migration module enables instance-to-instance migration. However, no public RTO/RPO documentation found for Cloud, and multi-region failover details are not advertised outside Enterprise tier discussions.

Directus runs fully locally via Docker Compose with official images — developers get a complete instance including the Data Studio and API locally. The extension CLI scaffolds all extension types. v11.17 enhanced build performance using tsdown's oxc-transform. Local dev workflow remains Docker-based without a lightweight emulator mode.

Directus supports schema snapshot/apply for CI/CD schema promotion, and the migration module enables instance-to-instance migration with compatibility checks. The native deployment module now integrates with Vercel and Netlify including provider dashboard links (v11.17) and real-time build status tracking via webhooks. Migrations run automatically during deployment. However, branch-per-PR content environments and automated migration rollback tooling are still not natively supported.

docs.directus.io is comprehensive and well-structured with guides for using the REST API, GraphQL API, and SDK with code examples. A new dedicated integrations section now provides 6 step-by-step guides for n8n, Zapier, Vercel, Netlify, Clay, and Framer — covering automation, deployment, and content sync use cases. Getting-started guides and extension development documentation are thorough. No interactive API playground ships with Directus (third-party tools required), which keeps it below 80.

The official @directus/sdk is TypeScript-first with comprehensive type definitions covering the full API surface and IDE IntelliSense support. v11.17 migrated collab types directly to @directus/types. Schema typing still requires manually defining types or using community tools (directus-typescript-gen, directus-sdk-typegen) — no first-party code generation CLI exists. The lack of official auto-generation from the content model caps this below 80.

Directus continues shipping approximately weekly, with v11.17.0 through v11.17.2 released in Mar–Apr 2026 on top of the v11.15–v11.16 series. v11.17 added background data imports, Netlify deployments, and a translations generator. 10+ releases in the Feb–Apr 2026 window alone. Not higher because no LTS/major version cycle is evident.

Directus maintains a structured docs changelog at directus.io/docs/releases/changelog organized by version, distinguishing improvements from breaking changes. v11.17 received a dedicated blog post detailing background imports, Netlify deployments, and the translations generator. Monthly community changelog recaps with video continue. Not higher because migration codemods are not prominently documented.

Directus operates a public roadmap at roadmap.directus.io using Productlane with community feedback capability. Users report the roadmap has a clear development path with targets often met ahead of schedule. Not higher because it lacks granular milestone dates or weighted community voting.

Directus follows semver and documents breaking changes per release in a dedicated breaking changes section. v11.17 introduced a breaking change converting Data Studio UI sizing from px to rem — documented clearly but with no automated codemod for extension authors. No formal 12+ month deprecation windows exist. Appropriate for an active open-source project at this stage.

Directus has grown to ~34.8k GitHub stars (up from ~34.2k), 4.7k forks, 10k+ Discord members, and claims 10M+ total installations. The 20K+ star tier warrants 75+, but Discord size is moderate relative to Strapi (~70k stars) and npm monthly download volume for @directus/sdk remains modest. Steady growth trajectory.

Active engagement via monthly changelog discussions, Discord activity, and a Discourse forum with regular community events. Productlane roadmap enables ongoing community input. Core team participates in public channels. Official integration guides for n8n, Vercel, and Netlify expand ecosystem participation. Not higher due to lack of specific data on issue response times or GitHub issue resolution ratios.

Directus maintains 55+ global partners with a tiered certification system, a public agency directory, revenue sharing, and exclusive training. Third-party agency roundup articles (e.g., 'Top 5 Best Directus CMS Agencies in 2026') validate the ecosystem. However, no major global SIs (Accenture, Deloitte, Valtech) are listed, and the partner count remains modest compared to enterprise platforms.

Directus now has Udemy courses (Directus CMS QuickStart, Next.js + Directus course), a dedicated learning site (learndirectus.com), official Directus TV tutorials, and expanded official integration documentation. Multiple 2026 comparison articles (dasroot.net, elmapicms.com, focusreactive.com) feature Directus prominently. Still does not reach Strapi's content density but improving.

Directus is recognizable in the developer community via its GitHub presence (34.8k stars) and npm ecosystem. 6 Directus-specific job postings on LinkedIn US, plus agencies like 7Span offering dedicated Directus developer hiring services. The partner certification program adds a formal credential pathway. Not higher because it does not appear in Stack Overflow Developer Survey or major analyst reports.

Directus shows continued momentum through v11.17's expanded deployment integrations (Netlify joining Vercel), official n8n workflow automation docs, and 10M+ claimed installations. Enterprise customers cited include Adobe, AT&T, Bose, Tripadvisor, and the U.S. Navy. Employee count stable at ~55 across 5 continents. Growing integration ecosystem signals platform maturation beyond pure CMS into data platform positioning.

Directus raised $19.5M total (Seed + $7M Series A in Nov 2022 led by True Ventures). No new funding rounds in 2025–2026, but the company maintains ~55 employees and continues shipping major features monthly, suggesting revenue-driven organic growth from their commercial cloud model. Glassdoor compensation rating of 4.5/5 suggests healthy employment. Stable but modest — the $7M Series A is relatively small and there has been no growth round in over 3 years.

Multiple 2026 comparison articles position Directus favorably: 'Directus and Payload stand out as the top open-source headless CMS options' (focusreactive.com). Database-first architecture is a clear differentiator. Growing integration ecosystem (Vercel, Netlify, n8n) strengthens the platform story beyond pure CMS. However, still lacks analyst recognition (no Gartner MQ or Forrester Wave listing) and faces competition from Strapi (~70k stars) and Payload.

Directus holds a G2 rating of 4.9/5 with ~50 reviews (96% 5-star) and Capterra rating of 4.5/5 with 60 reviews (57 positive, 3 neutral, 0 negative). Value for Money scores 4.9/5 on Capterra. Users praise flexibility, ease of use, and open-source model. Score reflects exceptional ratings balanced against low review count (<100 reviews on G2 = score ceiling per rubric).

Directus Cloud Professional is published at $99/month (annual); Enterprise is custom/contact sales. Self-hosted is free for orgs under $5M total annual finances, but the Production License (for $5M+ orgs) has no published rate — sales-gated. The Starter tier ($15/mo) was introduced then retired in November 2025, leaving no affordable published cloud option. Two of the four pricing paths still require a sales call.

Cloud Professional is a flat annual fee with clear included limits — a predictable model. However, usage is hard-capped (not metered), meaning API stops at 75K entries rather than charging overages. The $5M funding-trigger threshold for self-hosted licensing creates unpredictability for VC-backed startups. The introduction and subsequent retirement of the Starter tier within ~1 year adds to pricing instability concerns.

Directus eliminated all cloud-exclusive features (e.g., Kanban layout) in v10.1.0, making them available to self-hosted users. Full feature parity now exists across all deployment modes. Cloud Professional vs. Enterprise differentiates on infrastructure (dedicated vs. shared) and support level, not features. SSO, custom roles, audit logs, and security features are not gated. This is among the most buyer-friendly models in the headless CMS space.

Cloud Professional requires annual billing with no monthly option. The Starter tier ($15/mo monthly billing) was retired in November 2025, removing the only monthly cloud option. Self-hosted is free under $5M with no contract. Orgs above $5M must negotiate enterprise terms. The self-hosted pricing page mentions custom pricing for nonprofits and agency partners, but these are sales-gated. No published startup program.

No free cloud tier exists — the Starter tier ($15/mo) was retired in November 2025, and Professional starts at $99/month. Self-hosted remains genuinely free for orgs under $5M in total annual finances (revenue + funding), covering freelancers, startups, and most SMBs with full commercial use and all features. Railway one-click deploy template reduces the barrier to self-hosting. The $5M threshold still captures VC-backed pre-revenue startups.

Directus Cloud provisions a project in ~90 seconds. The new Railway one-click deploy template provides a fast self-hosted path. Expanded integration guides for Vercel, Netlify, n8n, Zapier (beta), and Framer reduce integration time. Framework-specific tutorials for Next.js, Nuxt, Astro, and SvelteKit lower the learning curve. The SDK remains a standard npm package. Cloud and Railway paths both reach first API call in under 30 minutes.

Community reports continue to indicate standard headless CMS timelines — days to weeks for typical projects. The data modeling and API auto-generation approach reduces custom backend development time. Active release cadence (v11.15 through v11.17.2 in early 2026) suggests a healthy platform. New policy-based permissions system and live preview improvements streamline common implementation tasks. Comparable to other headless CMS platforms in this tier.

Directus uses entirely mainstream technologies: Node.js, TypeScript, Vue.js, standard SQL, REST, and GraphQL. No proprietary DSL, query language, or certification program exists. Native MCP support (v11.13) further aligns with standard tooling. Any competent full-stack TypeScript developer can work with Directus after brief familiarization. The cost premium over a generalist Node.js developer is minimal.

Cloud Professional at $99/month includes all infrastructure. For self-hosted, Redis is now confirmed optional for single-container deployments (memory store is default), reducing minimum infrastructure to a container host and PostgreSQL. Railway one-click deploy provides affordable hosting (~$5–20/month for small projects). Typical production self-hosted costs on AWS/GCP run $20–100/month without Redis. The self-hosted path is more accessible than previously assessed.

Directus Cloud is fully managed with near-zero ops overhead. Self-hosted operational burden has been reduced: Redis is optional for single-container deployments, Railway one-click deploy handles infrastructure provisioning, and new CLI cache management commands improve day-to-day operations. For single-container self-hosted setups, ops overhead is primarily Docker container management and PostgreSQL administration — no Redis complexity unless horizontally scaling.

Directus has exceptionally low vendor lock-in by design. The platform wraps your existing SQL database — data lives in standard PostgreSQL/MySQL tables in schemas you define. Removing Directus leaves your data intact in a standard RDBMS. Schema can be snapshotted and migrated via /schema/snapshot and /schema/apply API endpoints. File assets stored in any S3-compatible storage. Cloud-to-self-hosted migration officially supported. Elimination of cloud exclusives further reduces lock-in risk.

Directus maps closely to standard web development concepts: collections = database tables, fields = columns, items = rows, roles = access control. REST/GraphQL exposure is automatic. Slight complexity from understanding system vs. user collections and the abstraction layer above the raw database schema, but nothing proprietary or unusual for developers with SQL and API experience.

Structured quickstart guide, dedicated tutorials section, and framework-specific guides for React, Nuxt, and Astro. v11.17 cycle added dedicated integration guides for n8n, Vercel, and Netlify deployments — expanding the docs surface for common deployment and automation workflows. The directus-template-cli provides project scaffolding. AI Assistant (GA) offers in-context help. No formal certification program or in-app guided tours, keeping it below Contentful or Sanity's onboarding depth.

Standard REST and GraphQL APIs with no proprietary query language. Official JavaScript/TypeScript SDK handles auth, collection access, and type generation. Works with any frontend — Next.js, Nuxt, Astro, SvelteKit all have official starters. No proprietary templating layer or custom rendering engine. Backend is Node.js, universally familiar. JSON field selection at the API level further aligns with standard data access patterns.

The official directus-labs/starters repository provides starters for Next.js, Nuxt, Astro, and SvelteKit. The directus-template-cli supports init commands with frontend and template selection. Starters include content model setup and example content. Quality is good but not as polished or actively maintained as Sanity's or Contentful's starter ecosystem — community starters fill some gaps.

Self-hosted Directus requires a .env file with DATABASE_CLIENT + connection vars, SECRET, ADMIN_EMAIL, and ADMIN_PASSWORD — typically 6–10 env vars for production. Directus Cloud eliminates most of this. v11.17 added integrated Netlify deployments alongside existing Vercel support, with provider webhooks for real-time status and cryptographic signature verification. Dedicated integration guides for Vercel and Netlify reduce deployment config friction, though core self-hosted setup surface remains unchanged.

Directus wraps your own database, so schema changes operate at the DB level without proprietary field count limits. Schema migration endpoints enable environment promotion with diff and dry-run previews. Global draft versions across every collection improve content versioning. v11.17 added a translations generator utility endpoint and UI to automatically create translation collections and fields — streamlining one of the more tedious i18n schema setup tasks. Renaming or changing field types carries standard database-level risk but tooling helps inspect changes.

Directus offers a Visual Editor with the @directus/visual-editing frontend library — editors can hover and click to edit content directly on the frontend preview. Field-level permission checks and version selection are supported. Setup requires installing the library, adding data-directus attributes to HTML elements, and calling apply() — not plug-and-play but well-documented with framework-specific tutorials for React, Nuxt, and Astro. No significant changes in v11.17 to the visual editing setup workflow.

Generalist TypeScript/JavaScript developers can be fully productive — no proprietary certification exists or is needed. Standard REST/GraphQL consumption skills apply. Some Directus-specific knowledge is helpful for Flows, custom extensions, and Hooks/Operations, but these are optional and follow conventional JS patterns. Self-hosting adds mild DevOps requirements. The Visual Editor frontend library uses standard data attributes, not a proprietary framework.

A solo developer can realistically build and deploy a production Directus project. Directus Cloud removes infrastructure concerns; self-hosted Docker Compose is a one-file setup. One-click deployments for Vercel and Netlify with webhook-based status reduce the ops surface. Auto-generated APIs and the permission system mean one person handles content modeling, API, auth, and frontend. Deployment RBAC in v11.17 lets content teams trigger builds independently, but team size requirements were already low.

The Data Studio admin UI is polished for non-technical users with native collaborative editing, live presence indicators, and field-level locking. The Visual Editor lets editors work in context on the frontend. v11.17 added deployment module RBAC — content teams can now trigger Vercel/Netlify builds without full admin access, removing a key developer bottleneck in the publish workflow. AI Assistant helps non-technical users with content tasks. Structural changes still require developer access, but operational editorial friction continues to decrease.

Directus continues its non-semver policy where any release may include breaking changes. v11.17.0 introduced 3 breaking changes including a UI-wide px→rem conversion at 90% scale that can silently break custom extensions using hardcoded pixel values, plus background import timeout defaults and collab export path changes. v11.17.1 and v11.17.2 were clean, but the pattern of breaking changes in minor/patch releases persists. Self-hosted operators must test every upgrade carefully.

On April 2, 2026, Directus disclosed 9 new security advisories in a single batch — including 4 High severity issues: concealed field extraction via aggregation (GHSA-38hg-ww64-rrwc), unauthenticated GraphQL DoS (GHSA-6q22-g298-grjh), TUS upload authorization bypass allowing arbitrary file overwrite (GHSA-qqmv-5p3g-px89), and SSRF protection bypass via IPv4-mapped IPv6 (GHSA-wv3h-5fx7-966h). This follows the already elevated volume from late 2025. The sheer volume of security issues — 15+ advisories in 5 months — is significantly worse than headless CMS peers.

v11.17.0 added three more breaking changes: the UI-wide px→rem conversion forces extension developers to update hardcoded pixel values, background imports now auto-timeout after 1 hour (potentially breaking existing long-running imports), and collab type exports were reorganized. This continues the pattern from v11.14.1–v11.16.0. Breaking changes are documented but arrive unpredictably in minor releases, forcing teams to treat every upgrade as potentially migration-requiring.

Self-hosted Directus requires Docker, a supported database (PostgreSQL, MySQL, SQLite, MS SQL, Oracle), and optionally Redis and cloud storage. v11.17.0 added Redis namespace control, improving multi-tenant cache isolation. v11.17.1 updated multiple dependencies (happy-dom, path-to-regexp, picomatch, node-forge, brace-expansion) to address CVEs. The dependency surface remains moderate — Docker simplifies the runtime but DB, cache, and storage remain customer-managed.

Directus provides a /server/health endpoint and basic admin UI status, but no native APM or infrastructure monitoring. v11.17.0 added deployment provider links for Vercel/Netlify, improving CI/CD visibility slightly but not runtime monitoring. Official docs still recommend customers implement external monitoring, backups, and alerting for self-hosted instances. The monitoring burden remains fully on the customer.

Directus offers Insights dashboards, built-in audit trail, and role-based approval workflows. v11.17.1 added native Tabs group interface and bulk folder deletion, improving content organization workflows. v11.17.2 added comparison modal with modified-fields-only filter, aiding content review. However, automated content hygiene — orphan detection, broken-reference alerts, content expiry workflows — remains absent. Content health still depends on editorial discipline.

Self-hosted deployments still require customer-managed Redis caching, CDN, database query tuning, and load balancing. v11.17.0 added GraphQL resolver deduplication which should reduce redundant DB queries, and Redis namespace control aids multi-tenant performance isolation. Directus Cloud handles infrastructure scaling for that tier. The self-hosted performance management burden remains substantial despite incremental improvements.

Support structure unchanged: open-source self-hosted users have no formal SLA and rely on community channels. Premium support ($300/month add-on or Enterprise Cloud) provides 24/7 critical-issue support and dedicated CSM. Self-hosted production license holders can access premium support. SLA details remain unpublished. Meaningful support stays locked behind paid tiers, placing Directus mid-range for support accessibility.

Directus maintains an active Discord community and GitHub Discussions with consistent team participation. Release cadence remains strong with v11.17.0–v11.17.2 shipping in ~2 weeks (Mar 24–Apr 6, 2026). GitHub issues are actively triaged. The April 2026 security advisory batch, while concerning for security posture, demonstrates transparent disclosure practices. Community quality compares favorably to open-source headless CMS peers.

Release cadence remains rapid — 3 releases in 2 weeks (v11.17.0–v11.17.2). However, the April 2, 2026 batch of 9 security advisories, including 4 High severity issues, raises questions about how long some of these vulnerabilities existed before disclosure. The non-semver model still means patches are bundled into full version upgrades rather than isolated hotfixes, adding friction for self-hosted operators seeking targeted security fixes. Slightly lower than before given the security advisory volume.

Directus Visual Editing (GA April 2025) allows in-place content editing across Nuxt, Next.js, and Astro frontends; the Dynamic Page Builder (M2A relationships) lets editors assemble pages from predefined block types with drag-and-drop reordering. v11.17.1 added a native Tabs group interface in Studio which improves block-level layout options. v11.16 introduced a breaking change to @directus/visual-editing v2.0.0, signaling continued investment but also ongoing churn. The new Framer bidirectional content sync integration allows Directus content to power Framer sites, but this is designer-focused, not a marketer page builder. Developers must still create block schemas and component definitions — marketers edit and compose from existing blocks but cannot author new layouts from scratch, placing Directus at the low end of the edit-but-not-create tier.

No native campaign management, content calendar, or multi-channel coordination in any v11.x release through v11.17. v11.16 global draft versions improve content staging and the Releases feature allows batching cross-collection content for simultaneous publish — closer to release management than campaign lifecycle. Directus Flows can automate scheduled email sends, but there is no campaign analytics integration, audience segmentation, or publish/archive lifecycle. Scores at the low end of the headless CMS range.

The first-party @directus-labs/seo-plugin provides metadata management, focus keyphrase analysis, OG image settings, sitemap configuration (change frequency, priority), canonical URL support, custom meta tags, and JSON-LD/Schema.org output. Redirect management remains manual or server-level. v11.17 adds a utility endpoint and UI for generating translations collections, lowering setup friction for multilingual SEO. The plugin covers the main SEO bases but requires manual setup per collection and falls short of automated SEO audit suites.

No native form builder, CTA management, lead capture, or UTM/conversion tracking in Directus core through v11.17. All performance marketing tooling must come from the frontend or external integrations. The new official Zapier (Beta) and n8n integrations could bridge lead data to external form/CRM tools, but Directus itself provides no performance marketing features. Scores at the floor for this item.

No native personalization engine, audience segmentation, or behavioral targeting in Directus core. A 2025 blog post ('Is Your CMS Ready for AI & Personalization?') positions Directus as the content backend that plugs into third-party personalization layers (Optimizely, LaunchDarkly, Segment) via API but does not deliver them natively. The MCP server and AI Assistant enable content creation and schema operations but cannot route personalized content to end users. Scores near the floor for headless CMS.

No native A/B testing, content variant management, or experimentation framework in Directus. The platform provides no experiment scheduling, statistical reporting, or winner-selection tooling. Teams must wire in external experimentation platforms (Optimizely, LaunchDarkly, VWO) via the API. Scores at the absolute floor.

Content velocity is meaningfully improved in v11.15–v11.17: native real-time collaborative editing (field-level locking, live presence), global draft versions eliminating manual setup, Deployments module now supporting both Vercel and Netlify allowing non-admin roles to trigger preview/production builds, Releases for batching cross-collection content, and the v11.17 translation quick-setup utility reducing i18n configuration from 10–15 minutes to seconds. Once block templates are defined, editors can clone and compose pages quickly. The ceiling is developer dependency for new layout types.

Directus's headless API-first architecture makes multi-channel delivery a core strength. Structured content models serve web, mobile, email, digital signage, and in-app via REST and GraphQL APIs. The Releases feature batches cross-collection content for simultaneous or scheduled multi-channel publishing. The new Framer bidirectional content sync adds another structured channel delivery path. Flows enable webhook-based event delivery to downstream channels. Fortuna Entertainment Group case study shows 70% faster cross-channel content deployment across web and mobile for 3 gaming brands. The limitation is that channel-specific renditions must be implemented in each consuming application.

No native analytics dashboards or content performance metrics within the Directus Data Studio. Analytics integration is entirely frontend-handled — GA4, Adobe Analytics, or similar tags are added to the consuming application. Directus Flows can emit events to analytics platforms on content publish/update, and the new official n8n and Zapier integrations provide structured paths to sync content events to analytics tools, but Directus itself collects no content performance data. No pre-built analytics connectors.

Brand consistency is enforced structurally through the M2A Dynamic Page Builder — block types define what components exist, limiting arbitrary layout deviations. Directus Data Studio supports full white-labeling (custom logo, colors, module navigation) for per-brand admin experiences. However, there are no platform-level brand guardrail features — no locked design tokens, no restricted override palettes, no built-in validation that content conforms to brand guidelines. Component-based consistency without enforcement.

The @directus-labs/seo-plugin includes Open Graph and Twitter/X card management with preview and OG image settings. There is no native social scheduling, push-to-social workflow, UGC embed support, or social proof widget in Directus core or the official extension marketplace. The official Zapier (Beta) integration could bridge content publish events to social scheduling tools (Buffer, Hootsuite), but this is generic automation, not a first-class social feature. Social metadata is covered; social workflow is not.

Directus has a built-in file management system with folder organization, metadata tagging, image transformations (Sharp on self-hosted; CDN transforms on Directus Cloud), and multi-file associations per content item. v11.17 added bulk folder deletion from the files grid, improving large-scale asset cleanup. v11.17 also introduced background data imports enabling large asset batches without blocking the interface. Not a full DAM — no rights management, expiry workflows, brand portals, or usage tracking across content. Scores in the mid-range of basic media library with transforms.

Strong native localization via Translations field on any collection, creating language-variant records. v11.17.0 added a utility endpoint and UI to generate translations collections and fields, reducing setup from 10–15 minutes to seconds. v11.17 also added timezone support for datetime fields, improving scheduling across international markets. Official Crowdin connector automates translation sync with auto-PR merges and WYSIWYG preview for translators. Data Studio UI localized in 64+ languages. The gap is no locale-specific campaign variant scheduling, no regional compliance tooling (cookie consent per locale), and no market-level publish windows.

Directus now has official integration guides for Zapier (Beta — connecting to thousands of apps including CRM, MAP, CDP, and ad platforms), n8n (dedicated Directus node with CRUD operations and trigger node for event-based automation to 400+ service nodes), and Clay (data enrichment and automated workflows). These move beyond the previous Flows-only webhook pattern to officially supported automation bridges. However, there are still no first-party native connectors to Salesforce, HubSpot, Marketo, or ad platforms in the Directus Marketplace — all MarTech connectivity is mediated through automation platforms rather than purpose-built integrations.

Directus explicitly markets a PIM solution (directus.io/solutions/product-information-management). Multiple production PIM deployments exist: fashion e-commerce (Fashioncloud/Salsify/ERP consolidation distributing to Shopify, Amazon, Zalando, Otto), Shopify PIM for industrial goods, T2 MarCom engineering data validation, and MightyHQ managing product and marketing data for multiple e-commerce brands. This is a generic modeling approach repurposed for products — no attribute inheritance, completeness scoring, or publish-readiness workflows — but validated by real-world deployments.

No native merchandising features — no category management UI, no promotional content scheduling tied to commerce, no cross-sell/upsell tooling, no search result merchandising. Directus is a data platform, not a commerce tool. Any merchandising logic lives entirely in the frontend or commerce platform.

Directus integrates with Shopify as a headless PIM via REST/webhook-based synchronization — documented case study for an industrial goods retailer syncing categories, tags, images, and translations. An official tutorial covers building an e-commerce platform with Next.js, Stripe, and Directus Automate. The new official n8n integration provides a structured automation path to Shopify (n8n has dedicated Shopify nodes for CRUD on products, orders, etc.), improving the integration story from pure custom webhooks to automation-platform-mediated sync. No deep API federation or real-time bidirectional sync; integration remains mediated rather than native.

Editorial commerce is achievable in Directus through M2A page builder blocks blending article content with product references, and the fashion e-commerce PIM case study demonstrates editorial product presentation. MightyHQ manages product and marketing data together from one instance. However, there are no native shoppable content features — no inline product purchase CTAs, no lookbook component, no shop-the-look templates. Product embeds are possible but require custom frontend implementation; not a first-class authoring pattern.

No CMS-managed content in transactional flows. Directus has no native mechanism for injecting trust badges, shipping callouts, upsell banners, or post-add modals into commerce checkout flows. The Stripe integration tutorial covers order creation logic but not CMS-managed checkout content. All transactional content management lives in the commerce platform or requires custom frontend implementation.

Directus Flows can receive webhooks from commerce platforms (Shopify order events, Stripe payment_intent.succeeded) and trigger content-related actions — email sequences, status updates. The new n8n integration provides a more structured path for post-purchase automation (n8n Shopify trigger to Directus CRUD operations), but this is still entirely custom. No native post-purchase templates, delivery tracking page management, or loyalty content features.

Directus's RBAC with field-level and row-level permissions enables account-specific content visibility (gated catalogs, segment-specific pricing display). The T2 MarCom case study shows B2B industrial data management with data validation frameworks for technical specifications. However, there are no purpose-built B2B features — no quote-request flows, no customer-specific pricing display components, no account-based catalog segmentation UI. B2B patterns are achievable but require custom schema and frontend design.

No native faceted search, content-product blending, or search landing page management in Directus. Teams integrate Algolia, Meilisearch, or Typesense via Flows (sync on item create/update) and build search UIs in their frontend frameworks. The n8n integration provides a more structured automation path for syncing content to external search engines. There is no out-of-the-box search analytics or synonym management.

Content versioning and global draft versions (v11.16) allow pre-staging promotional content for scheduled publication. The Releases feature batches promotional content updates across multiple collections for simultaneous go-live. v11.17 timezone support for datetime fields improves scheduling accuracy for international promotions. However, there are no native countdown timers, promo code messaging components, time-activated banners, or channel-specific targeting features. Basic scheduled publishing is available; purpose-built promotional tooling is not.

Directus handles multi-storefront content via row-level tenancy (tenant_id + RBAC filter rules) on a single instance, allowing shared product content with storefront-specific editorial. The Fortuna Entertainment Group case study demonstrates 3 gaming brands across 5 markets served from one Directus instance. The fashion PIM case study shows content distributed to Shopify, Amazon, and Zalando from a single source. Multi-storefront is achievable but requires custom schema design; no native multi-storefront abstraction exists.

Directus supports image transformations (Sharp on self-hosted, CDN-backed transforms on Cloud), multi-file associations per product record, folder-based asset organization, and basic video file hosting. v11.17 added bulk folder deletion for large asset libraries. There is no native 3D model viewer, AR integration, image hotspot editor, 360-degree product views, or zoom functionality. Basic image galleries and video embeds achievable via custom frontend components.

Directus RBAC supports multi-author content at scale — different editors can own different content namespaces via role-based isolation. A custom marketplace schema (seller profiles as content types, product descriptions with seller ownership via row-level permissions) is achievable. However, there are no marketplace-specific features: no seller onboarding workflows, no content quality moderation queues, no review aggregation, no seller portal UI. Multi-author content is possible but not marketplace-specific.

Directus's Translations field on any collection supports locale-variant product descriptions, multi-language product attributes, and region-specific editorial. v11.17 added a utility endpoint + UI for generating translations collections, reducing setup friction significantly. v11.17 also added timezone support for datetime fields improving locale-aware scheduling. The Crowdin connector automates translation sync for product content. The fashion PIM case study distributes product content to Shopify, Amazon, Zalando, and Otto. No currency-aware content blocks or regional regulatory content tooling natively.

No native connection between Directus content and commerce conversion metrics. The Data Studio collects no revenue attribution data, content-assisted conversion tracking, or product content performance analytics. All commerce analytics live in the frontend analytics stack or commerce platform. Directus Flows can emit events on content publish but cannot correlate them with downstream conversion outcomes.

Directus has best-in-class RBAC for a headless CMS: field-level permissions, filter-rule-based row-level access, IP allow-lists, and SSO via OAuth2, OpenID Connect, SAML 2.0, and LDAP (Google, Microsoft/Entra, Okta). v11's policy-based additive permissions model decouples policies from roles, enabling composable permission sets — a genuine enterprise feature. v11.17 added the ability to duplicate access policies, reducing setup repetition. This covers department/team scoping, field-level sensitivity, and SSO-backed access needed for intranet scenarios. The gap is no end-user audience-based content visibility in the frontend layer.

Directus offers content revision history with side-by-side revision comparison (v11.15), native collaborative editing with live presence indicators and field-level locking, Flows-based approval workflows, and global draft versions (v11.16) for staged knowledge review cycles. v11.17 added comparison modal filtering (showing only modified fields) which streamlines content review workflows. The 'Mission: Internal Knowledgebase' Directus TV episode demonstrates a verification flow and browser extension interface for knowledge management. However, there are no purpose-built knowledge lifecycle features — no content expiry/review scheduling, no archival workflows, no stale content flagging.

Directus does not appear in any intranet comparison and has no native employee portal features — no news feed, employee directory integration, notifications for employees, social features, or personalized dashboards. The 'Built With Directus — Internal App' use cases show it used as a backend for custom-built internal tools, not as an off-the-shelf employee experience platform. Building a full employee portal requires extensive custom frontend development. Scores at the floor.

No native internal communications features — no company news feed management, no department announcement targeting, no read receipts, no acknowledgment tracking, no mandatory-read workflows. Directus can host news content in a custom 'posts' collection with Flows-triggered email notifications, but this is entirely custom infrastructure with no internal comms-specific UI in the Data Studio.

No native people directory or org chart features. Directus's flexible content modeling can represent employee profiles as content types with relational fields (skills, manager/team M2M), but there is no pre-built directory UI, no org chart visualization, no HR system integration (Workday, BambooHR), and no search-by-expertise feature. Building a basic employee directory via content modeling is feasible but entirely custom.

Directus provides content revision history with side-by-side comparison, Flows-based approval workflows, and global draft versions (v11.16) for staging policy updates before publication. The activity log tracks every create/update/delete with user, timestamp, and IP — useful for audit trails. However, there are no native policy management features: no mandatory acknowledgment tracking, no automated review/expiry reminders, no policy archival workflows, and no content ownership assignment for freshness enforcement.

No native onboarding content delivery features in Directus. Role-based content access via RBAC could theoretically restrict onboarding content to new-hire roles, and Flows could trigger onboarding sequences on employee record creation, but there are no structured onboarding journey templates, progressive disclosure mechanisms, task checklists, or HR-triggered new-hire portal patterns in the product or extension marketplace.

No native full-text or enterprise search in Directus Data Studio — built-in filter/search is limited to basic field-value matching. Teams integrate external search platforms (Algolia, Meilisearch, Typesense) via Flows sync on content publish. The n8n integration provides a more structured path for syncing content to external search engines, but there is no federated search across connected systems, no AI-powered relevance ranking, and no search analytics dashboard.

Directus Data Studio is a web application with responsive design, accessible on mobile browsers, but optimized for desktop admin use. There is no native mobile app for content editors or frontline workers, no offline support, no push notifications, and no kiosk/shared-device mode. Headless API delivery enables custom mobile apps for consumers but requires full custom frontend development. Scores at the low end of responsive-web-without-native-app tier.

No native LMS integration, micro-learning features, course assignment, completion tracking, or certification capabilities in Directus through v11.17. Learning content can be hosted as structured content types, but tracking, sequencing, and certification require an external LMS connected via API. No documented integration patterns with Cornerstone, Workday Learning, or similar LMS platforms.

Directus v11.15 added native real-time collaborative editing (WebSocket, field-level locking, live presence indicators) — but this is for content authors in the Data Studio, not for employee social interaction. There are no employee-facing social features: no comments or reactions on published content, no discussion forums, no peer recognition, no polls/surveys, no idea submission, no community spaces. The collaborative editing is an authoring tool, not a social layer for employees.

Directus now has official integration guides for n8n (which has dedicated nodes for Slack, Microsoft Teams, Google Workspace) and Zapier (Beta — connecting to thousands of workplace tools). These provide structured automation paths for content-to-workplace-tool delivery beyond raw Flows webhooks. The MCP server allows AI assistants (Claude Desktop, Cursor) to interact with Directus content. However, there are still no native embedded content cards, no bot-driven experiences, and no single-pane integrations with workplace tools — all integration remains automation-platform-mediated.

Directus provides content versioning, revision history with comparison view (v11.15), global draft versions (v11.16), and comparison modal filtering showing only modified fields (v11.17) for staged content management. The activity log provides an audit trail of all content changes. However, there are no automated review dates, no stale content flagging, no archival workflows with owner notifications, and no content expiry scheduling. Content lifecycle management is manual — owners must proactively review and archive.

No internal content analytics in Directus. The activity log records admin actions (create, update, delete, login) but not content consumption or employee engagement metrics. There are no page view analytics, no department-level engagement dashboards, no failed search term reporting, no adoption dashboards for intranet ROI measurement. Content analytics must be implemented entirely in the consuming frontend application.

Directus supports multi-tenancy via row-level tenant_id filtering + RBAC policy scoping on a shared instance, and separate-instance-per-tenant for strict data isolation. Row-level isolation is functional and production-validated (multiple SaaS case studies: Saley, Comeata). Directus Cloud Professional projects run in isolated containers. v11.17 added Redis namespace control which improves multi-tenant cache isolation on shared infrastructure. However, there is no native multi-tenant architecture — no built-in tenant provisioning, no schema-per-tenant management, and no centralized tenant orchestration. The proposed Directus Hub remains unreleased as of April 2026.

No native cross-tenant or cross-brand content sharing mechanism. In multi-brand setups, shared global content must be federated via API from a central Directus instance — a workable but entirely custom pattern. M2A Dynamic Page Builder blocks serve as a shared component library within a single instance. Schema Sync extensions exist for propagating schema changes across instances. The proposed Directus Hub would add modular schema/extension deployment but remains unreleased.

No native cross-brand governance, centralized approval workflows, or global policy enforcement across multiple Directus instances. The Directus Hub discussion proposes audit trails, schema drift detection, and centralized access management but remains unreleased through v11.17. Per-instance governance is solid (RBAC, activity logs, approval Flows), but there is no multi-instance governance layer. Organizations managing multiple brand instances must coordinate governance manually.

BSL 1.1 license: free for organizations under $5M annual revenue/funding including production commercial use. Above $5M: commercial license required (contact-based pricing). Cloud starts at $15/month with no per-seat pricing for API-only users — only Data Studio seats are billed. Self-hosted has near-zero marginal cost per additional brand or tenant on shared infrastructure. This is a genuine differentiator vs. SaaS-only competitors, giving Directus best-in-class scale economics for multi-brand agency and SaaS deployments.

Directus Data Studio supports full white-labeling: custom logo, primary color, favicon, and module navigation per project instance. AgencyOS demonstrates per-client branded CMS admin experiences. Brand-level theming of the admin experience is solid. However, there are no platform-level mechanisms for enforcing per-brand design tokens in the content delivery layer — theming of published frontend sites is handled entirely by consuming application code, not by Directus.

Directus supports per-brand localization via Translations fields on any collection, with Crowdin connector for translation workflow automation. v11.17 translation quick-setup utility reduces configuration friction. However, there is no brand-aware localization governance — no per-brand translation approval workflows, no regional legal content governance per brand, and no brand x locale intersection management. Translations are managed per-instance or per-collection, not at a cross-brand level.

No cross-brand or portfolio-level analytics in Directus. The activity log provides per-instance admin action tracking, not content performance metrics. There is no dashboard aggregating engagement, publishing cadence, or content velocity across multiple brand instances. Multi-instance organizations must build custom data pipelines to aggregate metrics. Scores at the floor.

Directus Flows allow different automation logic per collection, trigger, and role — enabling distinct approval chains per brand within a single instance via separate Flow configurations. With separate instances per brand, completely independent workflows are possible. However, there is no central audit across brand workflows, no cross-brand workflow visibility, and no UI for configuring per-brand workflows from a central control point.

Corporate-level content can be syndicated to brand sites via API from a central Directus instance — press releases, legal disclaimers, and product announcements can be fetched by brand frontends from a shared content source. The n8n integration provides a structured automation path for syncing content between Directus instances (CRUD + trigger nodes). However, there is no native syndication mechanism with controlled override points, no push-update system for propagating corporate content to child brands, and no brand-level adaptation layer.

Directus Cloud offers SOC 2 Type II, ISO 27001, and GDPR-compliant infrastructure with 15+ global deployment regions enabling data residency choices. Per-brand RBAC policies can restrict what editors publish in which regions. However, there are no per-brand/region compliance publishing guardrails — no automated GDPR consent content checks, no accessibility standard enforcement, no cookie policy management, and no guardrails preventing non-compliant content publication. Compliance is infrastructure-level, not content-governance-level.

No centrally maintained design system with federated brand extensions in Directus. Dynamic Page Builder block types serve as a rudimentary component library within a single instance, but there is no versioning, update propagation across instances, or brand-level extension mechanism. AgencyOS provides a starting template for per-client deployments but does not implement a federated design system. White-label branding is limited to the admin UI.

Within a single Directus instance, the v11 policy-based permissions model supports composable roles enabling central admin oversight of all brands alongside brand-specific editor roles. v11.17 added the ability to duplicate access policies, reducing setup repetition for multi-brand role configurations. SSO via SAML/OIDC/LDAP enables unified authentication across brand environments. In multi-instance setups, user provisioning must be replicated per instance — there is no native cross-instance user management hub.

Directus's flexible schema-based content modeling allows shared base content types reused across brand contexts within a single instance, with brand-specific fields added per collection. Schema Sync extensions enable propagating schema changes across instances. However, there is no formal model inheritance mechanism — Brand A cannot extend a global product page model without diverging schemas that must be manually synchronized. Shared types with limited customization are achievable but not architected for multi-brand extension without forking.

No portfolio-level reporting in Directus. Per-instance activity logs track admin actions with timestamps, users, and affected items, but there is no cross-instance aggregation, no content freshness reporting by brand, no publishing SLA tracking, no cost allocation per tenant, and no capacity planning dashboard. Organizations managing a brand portfolio must build custom data pipelines to aggregate metrics from multiple Directus instances. Scores at the floor.

Directus publishes a Privacy Policy with GDPR rights (erasure, portability, access, rectification) and CCPA rights. Multiple EU regions available on Professional and Enterprise tiers. Sub-processor list maintained on Trust Center (AWS, Cloudflare, SendGrid, Northflank, Google). Enterprise Cloud includes a GDPR-compliant DPA, but DPA availability limited to Enterprise tier prevents a higher score — no self-service DPA for Professional.

No HIPAA BAA is offered by Directus Cloud, and no healthcare-specific documentation exists in compliance materials. Self-hosted Directus can connect to existing SQL databases on HIPAA-eligible infrastructure, but no official BAA or HIPAA guidance from Directus itself. No change from previous assessment.

GDPR and CCPA are explicitly addressed in the privacy policy. No FedRAMP, IRAP, C5, PCI-DSS, HITRUST, or UK GDPR IDTA/SCCs found. Security page references NIST SP 800-53 access control principles and AWS Well-Architected Framework reviews, but these are frameworks adopted rather than certifications held. Coverage remains GDPR + CCPA only.

Directus Cloud holds SOC 2 Type II certification audited by A-LIGN, covering all five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Report available via trust.directus.io (SafeBase platform). Applies to Directus Cloud only. Annual renewal cadence not explicitly documented.

Directus does not hold ISO 27001 certification at the platform level. The security page states cloud hosting providers (AWS) must be ISO 27001 compliant, but per scoring rules cloud provider certifications cannot be attributed to the SaaS platform itself. No ISO 27018 documentation found. No change from previous assessment.

Beyond SOC 2 Type II, the Trust Center now lists a CAIQ self-assessment, which constitutes CSA STAR Level 1. This is a meaningful addition for cloud security posture documentation. NIST SP 800-53 and AWS Well-Architected Framework alignment remain framework adoption rather than certifications. No PCI-DSS, Cyber Essentials, FedRAMP, or IRAP.

Directus Cloud offers 19+ regions on Enterprise (US, EU, APAC, South America, Africa) and 3 on Professional (US East, EU Frankfurt, APAC Singapore). Documentation frames region selection for GDPR compliance. However, no contractual residency guarantees found in public documentation, and CDN impact on data residency is not addressed.

Trust Center documents data erasure procedures and backup policies. Cloud policies confirm data deletion at end of service. Privacy policy supports right-to-erasure and data portability. Daily encrypted backups with envelope encryption. However, specific post-termination retention window is not documented, and no self-service bulk export portal exists.

Directus Activity Log captures all user actions, system events, timestamps, and IP addresses via REST and GraphQL APIs with export capability. New n8n integration documentation provides event-based trigger nodes that can forward Directus events to external systems, offering a documented path for audit event forwarding beyond pure API polling. Still no native SIEM push integration. Log retention period not documented. Direct database changes not tracked.

Directus publishes an official accessibility page for Data Studio with keyboard navigation (Tab, arrow keys, Enter/Space), skip menu, and shortcuts (Meta+S save, Meta+Enter apply, Escape cancel). Known limitations transparently documented: manual sorting not accessible, DateTime interface not accessible, CodeMirror cannot be exited via Tab. No formal WCAG 2.1 AA conformance claim or ATAG 2.0 statement.

Dedicated accessibility documentation page covers keyboard navigation and known limitations, which is practical guidance. However, no VPAT/ACR exists, no Section 508 conformance statement, and no ATAG 2.0 assessment is published. The page is practical guidance rather than formal procurement-grade accessibility documentation.

Directus ships a native AI Assistant (v11.15+ GA) embedded in the Data Studio sidebar with reusable Mustache-templated prompts and built-in presets for spelling/grammar, social posts, SEO descriptions, expand/condense, and rewrite. The Marketplace AI Writer Flow operation extends generation to Flows pipelines supporting OpenAI, Anthropic, Mistral, and LLaMA. v11.17 added Anthropic tool search to reduce context usage. Brand voice guardrails and human review workflow gates are absent, and bulk generation requires custom Flows configuration rather than native editorial tooling.

Directus Marketplace ships AI image generation via DALL-E, AI Alt Text Writer via Clarifai, AI Focal Point Detection using OpenAI, and AI Image Moderation via Clarifai. v11.16 added multimodal AI Assistant (GA) supporting image and PDF upload with provider adapter pattern for OpenAI, Anthropic, and Gemini — enabling inline analysis and alt text generation via drag-and-drop. v11.16 also added an Ask User Tool for interactive AI workflows. All image generation features remain Marketplace extensions rather than natively integrated DAM features.

The @directus-labs/ai-text-translator-operation Marketplace extension integrates DeepL for 30+ languages with automatic source language detection, running as a Flows operation that integrates with Directus's native translations interface for automated multilingual content pipelines. The roadmap lists deeper AI translations as an integrated collection feature as in progress. No brand voice preservation or AI-TMS quality scoring is available.

The built-in AI Assistant includes a 'create SEO descriptions' prompt out of the box, and developers can chain AI Writer + AI Text Intelligence operations in Flows to auto-populate SEO metadata fields on content save. The official @directus-labs/seo-plugin provides structured SEO metadata management (title, description, OG tags, focus keyphrase) but is manual-only with no AI generation. No native automated metadata pipeline ships without Flows configuration, and no on-page SEO scoring engine is included.

Directus Flows supports multiple AI-driven content operation patterns: auto-tagging image uploads via Clarifai + Flows, scheduled publishing via date-field triggers, content moderation via AI Image Moderation, and multi-step AI content pipelines combining image transformation, translation, sentiment analysis, and SEO metadata population. Inngest integration is the official pattern for durable long-running AI ops. The newly documented n8n integration provides an additional automation pathway for connecting Directus events to external services, though n8n's own AI nodes are not a native Directus capability. Features require Flows or external tool configuration rather than one-click editorial AI.

Directus has no named AI agent product. However, the official MCP server (@directus/content-mcp, GA from v11.12+) combined with Flows enables genuine agentic patterns: importing products from CSV with image uploads, migrating WordPress content with taxonomy intact, creating complex multi-entity structures in a single conversation, and triggering Flows programmatically. The MCP server intentionally limits destructive actions as a safety constraint. v11.17 improved the AI assistant with tool search to reduce context usage. This is developer/operator-facing agentic capability in GA without a packaged agent product or editorial approval gates.

The @directus-labs/ai-text-intelligence-operation (Deepgram) provides Flows-based content analysis returning summaries, topics, intents, and per-segment sentiment scores. The @directus-labs/ai-transcription-operation (Deepgram) generates formatted transcripts from audio files that can be piped into text intelligence. These are Marketplace extensions requiring Flows configuration — no native content analytics dashboard, content performance layer, or stale content detection ships out of the box.

AI Image Moderation (@directus-labs/ai-image-moderation-operation via Clarifai) provides image-level content safety auditing in GA. The MCP + Flows combination is documented as a pattern for running content audit flows on all blog posts from a date range, but this requires custom-built Flows automation rather than a built-in auditor. No dedicated readability scoring, brand voice compliance checking, or content quality dashboard exists. Accessibility scanning and duplicate/thin content detection are absent.

Directus has no native semantic or vector search as of April 2026. GitHub discussion #17822 requesting pgvector/Pinecone support remains a roadmap backlog item with no committed timeline. The standard Directus search is keyword/filter-based via REST and GraphQL. The open API makes Directus usable as a RAG data source with externally-built embedding pipelines (Upstash Vector tutorial documented), but this requires fully custom external integration rather than any native AI search capability.

Directus explicitly positions itself as a content/data platform layer and not a personalization engine. No native rule-based or ML-driven personalization system is available. Directus provides the flexible API needed to feed external personalization engines but has no native AI personalization capabilities.

Directus ships an official production MCP server (@directus/content-mcp on npm) included in all editions at no additional cost, requiring Directus v11.12+. The server covers read/create/update/delete items, collections/fields/relations management, file management, user/role/permissions management, triggering Flows, markdown conversion, file imports, and dynamic Mustache-templated prompt storage. It is schema-aware, enforces role-based permissions, includes global delete protection, and supports Claude Desktop, Claude Code, ChatGPT Desktop, Cursor, VS Code with GitHub Copilot, and Raycast. All actions are logged in the native activity log.

BYOK is a first-class design principle — Directus does not provide any hosted AI inference. Administrators supply keys in Settings → AI for OpenAI (GPT-5 models), Anthropic (Claude 4.5 models), Google Gemini (2.5/3 models), and any OpenAI-compatible API endpoint (enabling Azure OpenAI, Ollama, DeepSeek, Mistral, LM Studio, and self-hosted models). API keys are encrypted at rest and masked in the UI. Administrators restrict available models via an Allowed Models dropdown per provider. A Provider Options field passes provider-specific parameters. The only gap is no per-user quota controls in Directus itself.

Directus offers strong composable AI extensibility: the OpenAI-compatible custom endpoint field enables any model without code changes; the full REST and GraphQL API makes Directus a viable document store in RAG pipelines; and custom Flows operations can call any external AI service. The @directus/ai npm package provides shared AI types. Inngest integration is the official pattern for durable long-running AI workflows. The newly documented n8n integration provides an additional pathway for connecting Directus to external AI services via n8n's visual workflow builder. However, no official LangChain or LlamaIndex connector exists, and there is no dedicated AI SDK or agent-optimized content delivery endpoint.

Directus enforces AI governance through its existing permission model: the AI Assistant and MCP server operate under the authenticated user/token permissions. All AI tool calls require explicit user approval by default (configurable). Every AI create/update/delete action is logged in the native activity log with full attribution. API keys are encrypted at rest and masked in the UI. Instance-level kill switches (AI_ENABLED=false, MCP_ENABLED=false) are available. Conversation history is stored in browser localStorage only. AI telemetry can optionally record full prompts/responses (AI_TELEMETRY_RECORD_IO) with a privacy warning. Gaps: no IP indemnification, no hallucination detection, and data privacy depends on the operator's chosen AI provider.

v11.17.0 (2026-03-24) added AI telemetry provider configuration for Braintrust and Langfuse via environment variables (AI_TELEMETRY_ENABLED, AI_TELEMETRY_PROVIDER), enabling traces for observability, usage monitoring, and token cost analysis. AI_TELEMETRY_RECORD_IO optionally captures full prompts and responses. The AI SDK Devtools middleware was added for development-mode debugging. These external platforms provide cost breakdowns, latency tracking, trace replay, and prompt experiment tracking. No native Directus dashboard for token usage, per-user consumption metrics, or AI credit quotas exists — observability is fully delegated to external tools.