@anton.andrusenko/shopify-mcp-admin 1.1.3 → 2.0.1

package/README.md

@@ -115,10 +115,13 @@ Tokens are automatically refreshed every 24 hours.
 
 | Variable | Required | Default | Description |
 |----------|----------|---------|-------------|
-| `SHOPIFY_STORE_URL` | ✅ Yes | — | Your Shopify store domain (e.g., `your-store.myshopify.com`) |
+| `SERVER_MODE` | No | `local` | Server mode: `local` (single-tenant) or `remote` (multi-tenant) |
+| `SHOPIFY_STORE_URL` | ✅ (local mode) | — | Your Shopify store domain (e.g., `your-store.myshopify.com`) |
 | `SHOPIFY_ACCESS_TOKEN` | ⚡ See below | — | Admin API access token from your Custom App |
 | `SHOPIFY_CLIENT_ID` | ⚡ See below | — | Client ID from Dev Dashboard app |
 | `SHOPIFY_CLIENT_SECRET` | ⚡ See below | — | Client Secret from Dev Dashboard app |
+| `DATABASE_URL` | ✅ (remote mode) | — | PostgreSQL connection URL for multi-tenant mode |
+| `ENCRYPTION_KEY` | ✅ (remote mode) | — | 64-char hex key for credential encryption |
 | `SHOPIFY_API_VERSION` | No | `2025-10` | Shopify API version |
 | `TRANSPORT` | No | `stdio` | Transport mode: `stdio` or `http` |
 | `PORT` | No | `3000` | HTTP server port (when `TRANSPORT=http`) |
@@ -126,8 +129,36 @@ Tokens are automatically refreshed every 24 hours.
 | `LOG_LEVEL` | No | `info` | Log level: `debug`, `info`, `warn`, `error` |
 | `SHOPIFY_MCP_LAZY_LOADING` | No | `false` | Enable modular lazy loading (set to `true` for on-demand module loading) |
 | `SHOPIFY_MCP_ROLE` | No | — | Role preset for automatic module loading (see [Role Presets](#-role-presets)) |
+| `ALLOWED_HOSTS` | ✅ (remote mode) | — | Comma-separated list of allowed hostnames (e.g., `shopify-mcp.com,api.shopify-mcp.com`) |
+| `ALLOWED_ORIGINS` | ✅ (remote mode) | — | Comma-separated list of allowed CORS origins (e.g., `https://shopify-mcp.com`) |
+| `METRICS_ENDPOINT_ENABLED` | No | `false` | Enable Prometheus metrics endpoint at `/metrics` |
+| `ENABLE_HSTS` | No | `false` | Enable HTTP Strict Transport Security headers |
+| `SHUTDOWN_DRAIN_SECONDS` | No | `30` | Graceful shutdown drain timeout in seconds (1-300) |
+| `LOG_FORMAT` | No | `json` | Log format: `json` (production) or `pretty` (development) |
+| `SENTRY_DSN` | No | — | Sentry error tracking DSN (recommended for production) |
 
-**⚡ Authentication:** Provide EITHER `SHOPIFY_ACCESS_TOKEN` (legacy) OR both `SHOPIFY_CLIENT_ID` and `SHOPIFY_CLIENT_SECRET` (Dev Dashboard).
+### Server Modes
+
+shopify-mcp-admin supports two operating modes:
+
+| Mode | Description | Use Case |
+|------|-------------|----------|
+| **local** (default) | Single-tenant with env credentials | Claude Desktop, local AI agents, development |
+| **remote** | Multi-tenant with database storage | SaaS platform, hosted service |
+
+**Local Mode** (default):
+- Credentials via `SHOPIFY_STORE_URL` + `SHOPIFY_ACCESS_TOKEN` (or OAuth)
+- All 79 tools operate on a single store
+- No database required
+- Works with STDIO and HTTP transports
+
+**Remote Mode**:
+- Multi-tenant with per-tenant credentials stored in PostgreSQL
+- Requires `DATABASE_URL` and `ENCRYPTION_KEY`
+- HTTP transport only (STDIO not supported for multi-tenant)
+- Web dashboard available at `/app`
+
+**⚡ Authentication (local mode):** Provide EITHER `SHOPIFY_ACCESS_TOKEN` (legacy) OR both `SHOPIFY_CLIENT_ID` and `SHOPIFY_CLIENT_SECRET` (Dev Dashboard).
 
 ### Required Shopify Scopes
 
@@ -963,9 +994,9 @@ shopify-mcp-admin uses a modular architecture to optimize AI agent performance.
 
 ## 🔄 Upgrading from Previous Versions
 
-### What's New in v0.8.0+: Modular Tool Loading
+### What's New in v2.0.0+: Modular Tool Loading
 
-Starting with v0.8.0, shopify-mcp-admin supports **modular lazy loading** to optimize AI agent performance. Research shows that presenting more than 30 tools to an AI agent can degrade performance by up to 85%.
+Starting with v2.0.0, shopify-mcp-admin supports **modular lazy loading** to optimize AI agent performance. Research shows that presenting more than 30 tools to an AI agent can degrade performance by up to 85%.
 
 **Default Behavior (All Tools Loaded):**
 - All 79 domain tools are loaded at startup for maximum compatibility
@@ -1203,6 +1234,44 @@ Enable these settings for the `main` branch in **Settings → Branches**:
 
 ---
 
+## 🎨 Tenant Dashboard (Remote Mode)
+
+When running in remote mode (`SERVER_MODE=remote`), shopify-mcp-admin includes a web-based dashboard for tenant management. The dashboard provides a modern, responsive UI for:
+
+- **Shop Management** — View and connect Shopify stores
+- **API Key Management** — Generate, copy, and revoke API keys
+- **Usage Statistics** — Monitor API calls and activity
+- **Account Settings** — Update profile and change password
+
+### Accessing the Dashboard
+
+1. Start the server in remote mode:
+```bash
+SERVER_MODE=remote npm start
+```
+
+2. Navigate to `http://localhost:3000/app` in your browser
+
+3. Log in with your tenant credentials
+
+### Dashboard Features
+
+- ✨ **Modern UI** — Built with React, Vite, and Tailwind CSS
+- 📱 **Responsive Design** — Works on desktop, tablet, and mobile
+- ♿ **Accessible** — WCAG AA compliant with keyboard navigation
+- 🔐 **Secure** — Session-based authentication with HttpOnly cookies
+- 🎯 **Optimized** — <150KB gzipped bundle size
+
+### Tech Stack
+
+- **Frontend:** React 18 + Vite + TypeScript
+- **Styling:** Tailwind CSS + shadcn/ui components
+- **State:** React Query for server state management
+- **Forms:** React Hook Form + Zod validation
+- **Auth:** Session cookies with automatic expiry handling
+
+---
+
 ## 🤝 Contributing
 
 Contributions are welcome! Here's how to get started:
@@ -1267,3 +1336,130 @@ This project is licensed under the **MIT License** — see the [LICENSE](LICENSE
   <strong>Made with ❤️ for the AI-powered commerce era</strong>
 </p>
 
+---
+
+## 🚀 Deployment
+
+shopify-mcp-admin supports multiple deployment options for different environments.
+
+### Production Deployment
+
+For production deployment on Railway with Cloudflare, Sentry, and uptime monitoring, see the comprehensive deployment guide:
+
+📖 **[Production Deployment Guide](./docs/deployment.md)**
+
+The guide includes:
+- **Railway Setup**: Step-by-step instructions for deploying to Railway
+- **Cloudflare DNS**: DNS configuration and SSL/TLS setup
+- **Database Setup**: Prisma migrations and backup strategy
+- **Staging Environment**: Separate staging deployment configuration
+- **Monitoring**: Sentry error tracking and uptime monitoring setup
+
+### Production URLs
+
+The production service is available at:
+
+**Root Domain:**
+- **Dashboard:** `https://shopify-mcp.com/` → redirects to `/app`
+- **Dashboard UI:** `https://shopify-mcp.com/app`
+- **Health Check:** `https://shopify-mcp.com/health`
+- **Metrics:** `https://shopify-mcp.com/metrics`
+- **MCP Endpoint:** `https://shopify-mcp.com/mcp`
+
+**API Subdomain:**
+- **Dashboard:** `https://api.shopify-mcp.com/app`
+- **Health Check:** `https://api.shopify-mcp.com/health`
+- **Metrics:** `https://api.shopify-mcp.com/metrics`
+- **MCP Endpoint:** `https://api.shopify-mcp.com/mcp`
+
+**Available Endpoints:**
+
+| Endpoint | Description | Authentication |
+|----------|-------------|----------------|
+| `/` | Root path - redirects to `/app` (dashboard) | None |
+| `/app` | Dashboard UI (React SPA) | Session cookie |
+| `/health` | Health check endpoint | None |
+| `/metrics` | Prometheus metrics | None |
+| `/mcp` | MCP protocol endpoint | API key or session |
+| `/api/tenants` | Tenant management API | Session cookie |
+| `/api/shops` | Shop connection API | Session cookie |
+| `/api/keys` | API key management | Session cookie |
+
+**Note:** The root domain (`shopify-mcp.com`) redirects to the dashboard (`/app`) for a better user experience. All API endpoints are also available on the root domain.
+
+### Deployment Options
+
+#### Railway (Recommended for Quick Start)
+
+Deploy to [Railway](https://railway.app) with the included `railway.json` configuration:
+
+1. Connect your GitHub repository to Railway
+2. Add environment variables (DATABASE_URL, ENCRYPTION_KEY, etc.)
+3. Deploy — Railway auto-detects the Dockerfile
+
+#### Kubernetes
+
+For self-hosted or cloud Kubernetes clusters, see the [Kubernetes Deployment Guide](docs/kubernetes.md).
+
+Quick start:
+```bash
+# Build and push image
+docker build -t yourregistry/shopify-mcp-admin:v2.0.0 .
+docker push yourregistry/shopify-mcp-admin:v2.0.0
+
+# Configure and deploy
+cd k8s
+kustomize edit set image shopify-mcp-admin=yourregistry/shopify-mcp-admin:v2.0.0
+kubectl apply -k .
+```
+
+#### Docker (Local/Development)
+
+```bash
+# Build image
+docker build -t shopify-mcp-admin .
+
+# Run container
+docker run -p 3000:3000 \
+  -e DATABASE_URL="postgresql://..." \
+  -e ENCRYPTION_KEY="..." \
+  shopify-mcp-admin
+```
+
+**Image Size:** The production Docker image is optimized for minimal size (<150MB) with multi-stage Alpine Linux build.
+
+### Environment Variables
+
+For production environment variables, see:
+
+📄 **[`.env.production.example`](./.env.production.example)**
+
+This template includes all required and optional environment variables with descriptions, example values, and generation instructions.
+
+### Quick Start: Local vs Production
+
+| Mode | Use Case | Transport | Database | Credentials |
+|------|----------|-----------|----------|-------------|
+| **Local** | Development, Claude Desktop | STDIO or HTTP | None | Environment variables |
+| **Remote** | Production, SaaS platform | HTTP only | PostgreSQL | Database (encrypted) |
+
+**Local Mode** (default):
+```bash
+export SHOPIFY_STORE_URL=your-store.myshopify.com
+export SHOPIFY_ACCESS_TOKEN=shpat_xxxxx
+npx @anton.andrusenko/shopify-mcp-admin
+```
+
+**Remote Mode** (production):
+```bash
+export SERVER_MODE=remote
+export DATABASE_URL=postgresql://...
+export ENCRYPTION_KEY=<64-char-hex>
+export TRANSPORT=http
+# See .env.production.example for all variables
+```
+
+---
+
+</p>
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@anton.andrusenko/shopify-mcp-admin",
-  "version": "1.1.3",
+  "version": "2.0.1",
   "description": "MCP server for Shopify Admin API - enables AI agents to manage Shopify stores with 79 tools for products, inventory, collections, content, SEO, metafields, markets & translations",
   "type": "module",
   "main": "./dist/index.js",
@@ -11,7 +11,10 @@
   "sideEffects": false,
   "scripts": {
     "dev": "tsx src/index.ts",
+    "dev:dashboard": "vite --config src/dashboard/vite.config.ts",
     "build": "tsup src/index.ts --format esm --dts --clean",
+    "build:dashboard": "vite build --config src/dashboard/vite.config.ts",
+    "build:all": "npm run build && npm run build:dashboard",
     "start": "node dist/index.js",
     "lint": "biome check src/",
     "lint:fix": "biome check --fix src/",
@@ -21,6 +24,7 @@
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
     "test:integration": "vitest run tests/integration/*.test.ts --testTimeout=60000",
+    "test:e2e": "playwright test",
     "inspect": "npx @modelcontextprotocol/inspector node dist/index.js",
     "inspect:dev": "npx @modelcontextprotocol/inspector npx tsx src/index.ts",
     "inspect:config": "npx @modelcontextprotocol/inspector --config mcp-inspector.json",
@@ -64,22 +68,78 @@
     "LICENSE"
   ],
   "dependencies": {
+    "@fontsource/geist-mono": "^5.2.7",
+    "@fontsource/geist-sans": "^5.2.5",
+    "@hookform/resolvers": "^5.2.2",
     "@inquirer/prompts": "^7.5.1",
     "@modelcontextprotocol/sdk": "^1.22.0",
+    "@prisma/client": "^6.0.0",
+    "@radix-ui/react-alert-dialog": "^1.1.15",
+    "@radix-ui/react-avatar": "^1.1.11",
+    "@radix-ui/react-checkbox": "^1.3.3",
+    "@radix-ui/react-collapsible": "^1.1.12",
+    "@radix-ui/react-dialog": "^1.1.15",
+    "@radix-ui/react-dropdown-menu": "^2.1.16",
+    "@radix-ui/react-hover-card": "^1.1.15",
+    "@radix-ui/react-label": "^2.1.8",
+    "@radix-ui/react-progress": "^1.1.8",
+    "@radix-ui/react-scroll-area": "^1.2.10",
+    "@radix-ui/react-select": "^2.2.6",
+    "@radix-ui/react-separator": "^1.1.8",
+    "@radix-ui/react-slot": "^1.2.4",
+    "@radix-ui/react-tabs": "^1.1.0",
+    "@radix-ui/react-toast": "^1.2.15",
+    "@radix-ui/react-tooltip": "^1.2.8",
+    "@radix-ui/react-visually-hidden": "^1.2.4",
+    "@sentry/node": "^10.29.0",
     "@shopify/shopify-api": "^11.14.1",
+    "@tanstack/react-query": "^5.90.11",
+    "bcrypt": "^5.1.1",
+    "class-variance-authority": "^0.7.1",
+    "clsx": "^2.1.1",
+    "cmdk": "^1.1.1",
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.5",
     "express": "^5.1.0",
+    "express-rate-limit": "^8.2.1",
+    "lucide-react": "^0.555.0",
+    "pino": "^9.14.0",
+    "prom-client": "^15.1.3",
+    "react": "^19.2.1",
+    "react-dom": "^19.2.1",
+    "react-hook-form": "^7.67.0",
+    "react-router-dom": "^7.10.0",
+    "recharts": "^3.5.1",
+    "sonner": "^2.0.7",
+    "tailwind-merge": "^3.4.0",
+    "tailwindcss-animate": "^1.0.7",
+    "vaul": "^1.1.2",
     "zod": "^3.25.76"
   },
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
+    "@playwright/test": "^1.57.0",
+    "@tailwindcss/vite": "^4.1.17",
+    "@types/bcrypt": "^5.0.2",
+    "@types/cookie-parser": "^1.4.10",
+    "@types/cors": "^2.8.19",
     "@types/express": "^5.0.5",
     "@types/node": "^22.19.1",
+    "@types/react": "^19.2.7",
+    "@types/react-dom": "^19.2.3",
     "@types/supertest": "^6.0.3",
+    "@vitejs/plugin-react": "^5.1.1",
     "@vitest/coverage-v8": "^3.2.4",
+    "autoprefixer": "^10.4.22",
+    "pino-pretty": "^11.3.0",
+    "postcss": "^8.5.6",
+    "prisma": "^6.0.0",
     "supertest": "^7.1.4",
+    "tailwindcss": "^4.1.17",
     "tsup": "^8.5.1",
     "tsx": "^4.20.6",
     "typescript": "^5.9.3",
+    "vite": "^7.2.6",
     "vitest": "^3.2.4"
   }
 }

package/dist/index.d.ts

@@ -1 +0,0 @@
-#!/usr/bin/env node