retail-mcp

retail-mcp

Connects AI clients to retail customer, inventory, sales, order, and support capabilities through the Model Context Protocol.

Category
Visit Server

README

Retail Enterprise MCP Portfolio

A complete enterprise portfolio that connects AI clients to retail customer, inventory, sales, order, and support capabilities through the Model Context Protocol (MCP). It combines strategic assessment, a working server, and production security/deployment artifacts in one repository.

Portfolio coverage

  1. MCP architecture assessment and design: architecture, MCP evaluation, risk assessment, ROI, and executive summary.
  2. Production MCP server: resources, tools, prompt, PostgreSQL adapter, Redis cache, connection pool, validation, transactions, idempotency, tests, and API documentation.
  3. Enterprise framework: security, Prometheus/Grafana, Docker, Kubernetes, TLS gateway, CI/CD, deployment, and disaster recovery.

Architecture

flowchart LR
  U[Enterprise User] --> H[AI Host / MCP Client]
  H -->|Streamable HTTP + TLS| G[Gateway / WAF]
  G --> M[Stateless MCP Replicas]
  M --> A[Authentication + RBAC]
  A --> R[Resource Manager]
  A --> T[Tool Manager]
  R --> C[(Redis Cache)]
  R --> P[Connection Pool]
  T --> P
  P --> D[(PostgreSQL)]
  D -. adapters .-> E[CRM / ERP / Inventory / Support]
  M --> O[Metrics / Audit / Alerts]

The editable diagram is docs/architecture.mmd.

MCP contract

Resources

URI template Permission Description
retail://customers/{customer_id} customer:read Customer profile with role-based PII filtering
retail://inventory/{sku} inventory:read Quantity, reorder threshold, and price
retail://sales/{sale_id} sales:read Confirmed retail sale

Tools

Tool Permission Safety property
process_order order:write Transaction, row lock, idempotency key, stock validation
update_inventory inventory:write Bounds validation, non-negative invariant, cache invalidation
create_support_ticket ticket:write Length/control-character validation and audit event

The investigate_customer_issue prompt provides workflow guidance but grants no permission.

Quick start

Prerequisites: asdf, uv, and optionally Docker. The repository pins Python in .tool-versions, following the workspace standard.

asdf install
asdf current python
cp .env.example .env
uv sync --python "$(asdf which python)" --extra dev
uv run pytest
uv run retail-mcp --transport http

In another terminal, run the non-destructive protocol smoke test, or let it manage a temporary local server with --start-server:

uv run python scripts/smoke_test.py
uv run python scripts/smoke_test.py --start-server

Connect an MCP client to http://localhost:8000/mcp and send one of these headers:

X-API-Key: dev-admin-key

or:

Authorization: Bearer dev-admin-key

Bundled keys work only in development. Production mode rejects them. For STDIO:

RETAIL_MCP_STDIO_API_KEY=dev-admin-key uv run retail-mcp --transport stdio

Full stack

docker compose up --build -d
docker compose ps
curl http://localhost:8000/health/ready

Services:

  • MCP server: localhost:8000/mcp
  • Prometheus: localhost:9090
  • Grafana: localhost:3000
  • PostgreSQL and Redis: private Compose network only

See deployment.md for production Compose, Kubernetes, TLS, secrets, SLOs, scaling, and rollback.

Configuration

All settings use the RETAIL_MCP_ prefix.

Variable Purpose Production requirement
ENVIRONMENT development, test, or production production
DATA_BACKEND memory or postgres postgres
DATABASE_URL PostgreSQL DSN Secret
REDIS_URL Shared cache URL Secret/private endpoint
API_KEYS JSON key/subject/role records Secret; no dev-* keys
STDIO_API_KEY Credential for local STDIO process Environment secret
RATE_LIMIT_PER_MINUTE Per-principal application limit Tune from load test
REQUEST_TIMEOUT_SECONDS Dependency operation timeout Below gateway timeout

Example API_KEYS value:

[
  {"key": "a-long-random-secret", "subject": "support-agent", "role": "customer_service"}
]

API keys are the scenario's required authentication mechanism. Enterprise evolution should replace them with OAuth 2.1 and audience-bound tokens while retaining the same Principal and RBAC boundary.

Quality and validation

uv run ruff check .
uv run ruff format --check .
uv run pytest
docker compose config
docker build -t retail-mcp:local .

The CI pipeline performs linting, tests with coverage, package build, dependency review, and container build. Before production, add organization-specific SAST, secret scanning, image vulnerability scanning, signing, provenance, and deployment approval.

Repository map

src/retail_mcp/       MCP server and enterprise application layers
tests/                Unit, authorization, resilience, and API tests
migrations/           PostgreSQL schema and seed data
monitoring/           Prometheus alerts and provisioned Grafana dashboard
deploy/               TLS gateway and Kubernetes deployment/HPA
docs/                 Architecture, business, security, operations, and DR
.github/workflows/    CI pipeline

Important limitations

  • The API-key manager is intentionally replaceable; use the corporate IdP for user-delegated production access.
  • The sample is single-tenant. Tenant identity must be enforced in principals, queries, row policies, and cache keys before multi-tenant use.
  • The PostgreSQL projection represents integration with systems of record; real CRM/ERP adapters and synchronization are organization-specific.
  • Performance and ROI figures are hypotheses until validated with production-like load tests and business measurements.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured