OHMS

OHMS

Exposes Shopify order and inventory management tools via MCP, allowing agents to fetch, update, and print orders without exposing raw Shopify credentials.

Category
Visit Server

README

OHMS - Order Hub Management System

Flauraly Flowers and Plants - Python FastMCP server hosted on Replit Reserved VM.

Purpose

OHMS exposes a small, hardened set of order- and inventory-related tools to Violet (and any other authorized MCP client) over the Model Context Protocol. It centralizes Shopify Admin REST access behind a Bearer-auth gate so agents never touch raw Shopify credentials.

Architecture

+-----------------+      Bearer       +------------------------------+
|  MCP Client     |  ---------------> |  OHMS (Replit Reserved VM)   |
|  (Violet, etc.) |   /mcp or /sse    |                              |
+-----------------+                   |  Starlette parent app        |
                                      |  +-- /health (open)          |
                                      |  +-- /mcp   (Streamable HTTP)|
                                      |  +-- /sse   (SSE fallback)   |
                                      |  +-- BearerAuthMiddleware    |
                                      +--------------+---------------+
                                                     |
                                                     v
                                      +------------------------------+
                                      |  Shopify Admin REST API      |
                                      +------------------------------+

Both /mcp (Streamable HTTP) and /sse (Server-Sent Events fallback) are mounted simultaneously so any MCP client transport profile works.

Environment Variables

OHMS authenticates to Shopify via the OAuth 2.0 client_credentials grant. The server never holds a long-lived SHOPIFY_ACCESS_TOKEN; instead it holds a SHOPIFY_CLIENT_ID + SHOPIFY_CLIENT_SECRET pair and mints a short-lived access token on demand against https://{shop}.myshopify.com/admin/oauth/access_token. The minted token is cached in-memory with a 5-minute clock-skew buffer and re-minted automatically (or on a 401/403 from any subsequent call). All values are read via os.environ.get(...). Nothing is hardcoded.

Var Purpose
PORT TCP port to bind (Replit injects this; defaults to 8080).
OHMS_API_TOKEN Static bearer token required on every non-/health request (client to OHMS auth - separate from Shopify).
SHOPIFY_STORE_URL Shop domain, e.g. flauraly.myshopify.com.
SHOPIFY_CLIENT_ID Shopify app client ID (used for OAuth client_credentials grant).
SHOPIFY_CLIENT_SECRET Shopify app client secret (used for OAuth client_credentials grant). Rotate per Secrets_Registry.md schedule.
SHOPIFY_API_VERSION Pinned Shopify API version, e.g. 2025-01.
PRINTER_IP Local network IP of the receipt printer (stub uses this).

See .env.example for the placeholder template.

Local Dev (Windows)

OHMS reads .env only when running locally (via python-dotenv). Bootstrap your .env from the Windows DPAPI-protected secrets store rather than typing secrets in plaintext:

# 1. Pull each secret from DPAPI into the local .env (PowerShell pseudocode)
$secrets = @("OHMS_API_TOKEN","SHOPIFY_STORE_URL","SHOPIFY_CLIENT_ID","SHOPIFY_CLIENT_SECRET","SHOPIFY_API_VERSION","PRINTER_IP")
foreach ($k in $secrets) {
    $v = Unprotect-DpapiSecret -Name $k    # your local helper
    Add-Content .env "$k=$v"
}

# 2. Run the server
python -m venv .venv
.venv\Scripts\Activate.ps1
pip install -r requirements.txt
python main.py

The server listens on http://0.0.0.0:8080 by default. Probe with:

curl http://localhost:8080/health
# => OHMS OK

Replit Deploy

  1. Create a Replit project and import this folder.
  2. In the Secrets pane, set every variable from .env.example (using the real values - never paste them into any committed file).
  3. Confirm .replit shows deploymentTarget = "reserved_vm" and port 8080 -> 80.
  4. Deploy. The public URL is https://ohms-server.crashzero9.replit.app.
  5. Verify both transports:
    curl https://ohms-server.crashzero9.replit.app/health
curl -H "Authorization: Bearer $OHMS_API_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{"jsonrpc":"2.0","method":"tools/list","id":1}' \
     https://ohms-server.crashzero9.replit.app/mcp

Tool Registry

Tool Source Notes
get_order(order_id) Shopify Admin REST GET /orders/{id}.json
list_pending_orders() Shopify Admin REST GET /orders.json?status=open&limit=50
update_order_status(order_id, status) Shopify Admin REST PUT /orders/{id}.json (sets tags)
get_inventory_snapshot() Shopify Admin REST GET /inventory_levels.json?limit=50
get_doordash_orders_via_browser() Stub Returns routing dict for browser-automation handoff.
print_order_ticket(order_id) Stub Reads PRINTER_IP; returns queued status. Driver pending.

Phase Status

  • Phase 1 (current): MVP scaffold, Bearer auth, six tools (4 live + 2 stubs), Replit Reserved VM deploy, basic pytest suite.
  • Phase 2 (planned): OAuth 2.1 replacing static bearer, full DoorDash driver, real network printer driver, structured logging with secret redaction, rate limiting.

Security Notes

  • No secret values appear in any committed file.
  • Authorization headers and full Shopify response bodies are never logged.
  • /health returns only the literal string OHMS OK - no version, env, or path info.
  • All httpx calls have an explicit 30-second timeout.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured