A Model Context Protocol (MCP) server that provides standardized access to commerce operations and fulfillment systems.
- 10 standardized fulfillment tools covering core order capture, fulfillment, and data queries
- Plug-and-play adapter system for different fulfillment backends
- Mock adapter for testing and development
- Full TypeScript implementation with strict type safety
- JSON Schema validation for all inputs
- stdio transport for Claude Desktop integration
# From the repository root
cd server
npm install# Development mode with TypeScript via vite-node
npm run dev
# Production mode
npm run build
npm startCopy .env.example to .env and configure:
# Use built-in mock adapter (default)
ADAPTER_TYPE=built-in
ADAPTER_NAME=mock
# Set log level
LOG_LEVEL=info
# Optional: pass adapter options as JSON
ADAPTER_CONFIG='{"fixedLatency":150}'The server follows a three-layer architecture:
- Protocol Layer - Handles MCP communication
- Service Layer - Business logic and validation
- Adapter Layer - Fulfillment integration (pluggable)
create-sales-order- Create new orders from external systems or checkoutscancel-order- Cancel existing orders with optional reasonsupdate-order- Modify order details and metadatafulfill-order- Mark orders as fulfilled and return fulfillment data
get-orders- Retrieve orders with rich filteringget-customers- Fetch customer recordsget-products- Get product catalog entriesget-product-variants- Retrieve variant dataget-inventory- Check stock levels across locationsget-fulfillments- List fulfillment records and statuses
Add to your Claude Desktop configuration:
{
"mcpServers": {
"cof-mcp": {
"command": "node",
"args": ["/absolute/path/to/server/dist/index.js"],
"env": {
"ADAPTER_TYPE": "built-in",
"ADAPTER_NAME": "mock"
}
}
}
}This MCP server supports dynamic loading of adapters from NPM packages and local files to facilitate adapter development and testing. This flexibility comes with security considerations:
- Dynamically loaded adapters execute with full system permissions
- Only load adapters from trusted sources
- Never load adapters from user uploads or untrusted repositories
- The adapter code has the same access level as the MCP server itself
For Production Environments:
- Consider implementing a whitelist of allowed adapters
- Run the MCP server in a containerized/sandboxed environment
- Use Node.js experimental permission flags to restrict file/network access
- Implement code signing for adapters
For Development (Reference Implementation):
- The current implementation prioritizes developer flexibility
- Logs all adapter loading for transparency
- Validates file existence and type before loading
- Suitable for local development and testing
-
Adapter Development: When developing custom adapters, ensure your code:
- Only accesses necessary Fulfillment APIs
- Doesn't expose sensitive credentials
- Validates all inputs properly
- Handles errors gracefully
-
Configuration Security:
- Store sensitive configuration in environment variables
- Never commit
.envfiles to version control - Use secrets management in production
-
Network Security:
- Run the MCP server behind appropriate firewalls
- Use TLS/SSL for Fulfillment API communications
- Implement rate limiting for production use
server/
├── src/
│ ├── adapters/ # Built-in Fulfillment adapters
│ ├── services/ # Business logic
│ ├── tools/ # Tool implementations
│ ├── types/ # TypeScript types
│ └── utils/ # Utilities
└── tests/ # Test suites
- Create your adapter class implementing
IFulfillmentAdapter - Register it in the adapter factory
- Configure via environment variables
See docs/architecture for details.
# Run all tests
npm test
# Run specific test suites
npm run test:unit
npm run test:integrationMIT
See CONTRIBUTING.md for guidelines.
For issues and questions, visit GitHub Issues.