@kavinga/commerce-tools 0.1.2 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +135 -0
- package/dist/mcps/newrelic/prompts/commerce.js +9 -9
- package/dist/mcps/newrelic/prompts/security.d.ts +10 -0
- package/dist/mcps/newrelic/prompts/security.d.ts.map +1 -1
- package/dist/mcps/newrelic/prompts/security.js +40 -9
- package/dist/mcps/newrelic/prompts/security.js.map +1 -1
- package/package.json +6 -2
package/README.md
ADDED
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
# commerce-tools
|
|
2
|
+
|
|
3
|
+
A modular AI tooling platform for Adobe Commerce operations, monitoring, and security analysis. Provides a New Relic MCP server for NRQL query execution, plus a composable framework of agents, skills, commands, and providers for building AI-powered Commerce workflows.
|
|
4
|
+
|
|
5
|
+
## Features
|
|
6
|
+
|
|
7
|
+
- **New Relic MCP Server** — executes NRQL queries via NerdGraph and maps Adobe Commerce project IDs to New Relic account IDs
|
|
8
|
+
- **Commerce & Security Prompts** — built-in specialist prompts for APM monitoring, performance analysis, and attack detection (brute force, SQLi, XSS, DDoS, scraping, carding)
|
|
9
|
+
- **Agent Framework** — automatic tool-use loop with conversation history management and configurable iteration limits
|
|
10
|
+
- **Pluggable Providers** — abstract provider interface supports Claude and other LLM backends
|
|
11
|
+
- **Hook System** — event-driven extensibility with `before-tool`, `after-tool`, `before-generate`, and `after-generate` hooks
|
|
12
|
+
- **Composable CLI** — command, skill, and agent registries for building and extending tools
|
|
13
|
+
|
|
14
|
+
## Project Structure
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
commerce-tools/
|
|
18
|
+
├── agents/ # Agent implementations (extend BaseAgent)
|
|
19
|
+
├── commands/ # CLI command registry
|
|
20
|
+
├── core/ # Runtime: router, tool-runner, session, hooks
|
|
21
|
+
├── mcps/ # MCP servers (New Relic NRQL)
|
|
22
|
+
├── providers/ # AI provider implementations and base types
|
|
23
|
+
├── skills/ # Skill registry and loaders
|
|
24
|
+
├── dist/ # Compiled output (generated)
|
|
25
|
+
├── .env.example # Environment variable template
|
|
26
|
+
└── .mcp.json # MCP server config for Claude Code
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
## Getting Started
|
|
30
|
+
|
|
31
|
+
### Prerequisites
|
|
32
|
+
|
|
33
|
+
- Node.js 18+
|
|
34
|
+
- A New Relic account with a [NerdGraph API key](https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/)
|
|
35
|
+
|
|
36
|
+
### Installation
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
npm install
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Configuration
|
|
43
|
+
|
|
44
|
+
Copy `.env.example` to `.env` and fill in your credentials:
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
cp .env.example .env
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
| Variable | Description |
|
|
51
|
+
|---|---|
|
|
52
|
+
| `NEW_RELIC_API_KEY` | NerdGraph API key |
|
|
53
|
+
| `NEW_RELIC_REGION` | `us` or `eu` (default: `us`) |
|
|
54
|
+
| `NEW_RELIC_ACCOUNT_ID` | Optional default account ID |
|
|
55
|
+
| `MCP_TRANSPORT` | Transport mode (default: `stdio`) |
|
|
56
|
+
|
|
57
|
+
### Build
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
npm run build
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### Run the New Relic MCP server
|
|
64
|
+
|
|
65
|
+
```bash
|
|
66
|
+
npm start
|
|
67
|
+
# or directly:
|
|
68
|
+
node dist/mcps/newrelic/server.js
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
## Using with Claude Code
|
|
72
|
+
|
|
73
|
+
The `.mcp.json` file configures the New Relic MCP server for use with Claude Code. To register it:
|
|
74
|
+
|
|
75
|
+
```bash
|
|
76
|
+
claude mcp add newrelic -- node /path/to/commerce-tools/dist/mcps/newrelic/server.js
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
Or reference the existing `.mcp.json` in your Claude Code project settings. Once connected, Claude can:
|
|
80
|
+
|
|
81
|
+
- Run NRQL queries against any New Relic account
|
|
82
|
+
- Resolve Adobe Commerce project IDs to account IDs
|
|
83
|
+
- Analyze logs, transactions, APM metrics, Redis, MySQL, and Elasticsearch data
|
|
84
|
+
- Detect and investigate security attacks
|
|
85
|
+
|
|
86
|
+
## Architecture
|
|
87
|
+
|
|
88
|
+
### Core
|
|
89
|
+
|
|
90
|
+
| Module | Purpose |
|
|
91
|
+
|---|---|
|
|
92
|
+
| `core/router.ts` | Resolves provider names to implementations |
|
|
93
|
+
| `core/tool-runner.ts` | Registers and dispatches tool handlers |
|
|
94
|
+
| `core/session.ts` | Manages conversation sessions and message history |
|
|
95
|
+
| `core/hooks.ts` | Event hooks for tool and generation lifecycle |
|
|
96
|
+
|
|
97
|
+
### Agents
|
|
98
|
+
|
|
99
|
+
`agents/_base.ts` implements the agentic loop:
|
|
100
|
+
|
|
101
|
+
1. Call `provider.generate()` with current messages and tools
|
|
102
|
+
2. Append assistant response to history
|
|
103
|
+
3. If stop reason is `tool_use`, extract and execute tool calls
|
|
104
|
+
4. Append tool results to history
|
|
105
|
+
5. Repeat up to `maxIterations` (default: 10)
|
|
106
|
+
|
|
107
|
+
Subclass `BaseAgent` and implement `handleToolCall()` to build custom agents.
|
|
108
|
+
|
|
109
|
+
### New Relic MCP Tools
|
|
110
|
+
|
|
111
|
+
| Tool | Description |
|
|
112
|
+
|---|---|
|
|
113
|
+
| `execute_nrql` | Run a NRQL query against a New Relic account via NerdGraph |
|
|
114
|
+
| `get_account_id_by_project_id` | Resolve an Adobe Commerce project ID to a New Relic account ID |
|
|
115
|
+
|
|
116
|
+
### New Relic MCP Prompts
|
|
117
|
+
|
|
118
|
+
| Prompt | Description |
|
|
119
|
+
|---|---|
|
|
120
|
+
| `newrelic_commerce` | NRQL specialist for Adobe Commerce monitoring and investigation |
|
|
121
|
+
| `newrelic_security` | Extends commerce prompt with attack detection and security analysis |
|
|
122
|
+
|
|
123
|
+
## Development
|
|
124
|
+
|
|
125
|
+
```bash
|
|
126
|
+
# Watch mode
|
|
127
|
+
npx tsc --watch
|
|
128
|
+
|
|
129
|
+
# Type check only
|
|
130
|
+
npx tsc --noEmit
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## License
|
|
134
|
+
|
|
135
|
+
MIT
|
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
export const commercePrompt = `
|
|
2
|
-
|
|
2
|
+
Reference for querying New Relic with NRQL for Adobe Commerce projects, using the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
|
|
3
3
|
|
|
4
|
-
**Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query
|
|
4
|
+
**Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query already run for that entity. Run that discovery query first; then use only the keys from the result. Never guess or invent field names.
|
|
5
5
|
|
|
6
|
-
##
|
|
6
|
+
## Workflow
|
|
7
7
|
|
|
8
|
-
1. **
|
|
8
|
+
1. **Resolve the account.** If an Adobe Commerce project ID is given (and no account ID):
|
|
9
9
|
- Call the New Relic MCP tool \`get_account_id_by_project_id\` with that project ID.
|
|
10
10
|
- Use the returned \`accountId\` from the first matching entity for all NRQL execution.
|
|
11
|
-
- If no entities are found,
|
|
11
|
+
- If no entities are found, report it and suggest checking the project ID or NEW_RELIC_API_KEY.
|
|
12
12
|
|
|
13
|
-
2. **
|
|
14
|
-
-
|
|
13
|
+
2. **Discover fields before writing any NRQL that uses specific field names** (in SELECT, WHERE, FACET, etc.):
|
|
14
|
+
- First run \`SELECT * FROM <entity> ... LIMIT 1\` (with the correct WHERE for that entity and a SINCE clause).
|
|
15
15
|
- Inspect the JSON result and note the **exact attribute names** (keys) returned.
|
|
16
16
|
- **Only use those attribute names** in subsequent queries. Do not assume, guess, or invent field names.
|
|
17
17
|
|
|
18
|
-
3. **Build NRQL** from the
|
|
18
|
+
3. **Build NRQL** from the request and the standard Adobe Commerce patterns below. Use the project ID in filters as shown. For any non-\`SELECT *\` query, use only fields obtained in step 2.
|
|
19
19
|
|
|
20
|
-
4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the
|
|
20
|
+
4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the account ID given directly). Use a sensible \`timeout_seconds\` (e.g. 30) for large result sets.
|
|
21
21
|
|
|
22
22
|
5. **Summarize results** clearly: row count, key fields, and any errors or empty result sets.
|
|
23
23
|
|
|
@@ -1,2 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Self-contained MCP prompt: embeds the full commerce reference because MCP
|
|
3
|
+
* prompt consumers cannot load the newrelic-commerce skill.
|
|
4
|
+
*/
|
|
1
5
|
export declare const securityPrompt: string;
|
|
6
|
+
/**
|
|
7
|
+
* Subagent system prompt for the Claude Code / Cursor plugins: persona plus
|
|
8
|
+
* the security workflow, deferring the full entity/filter reference to the
|
|
9
|
+
* newrelic-commerce skill instead of duplicating it.
|
|
10
|
+
*/
|
|
11
|
+
export declare const securityAgentPrompt: string;
|
|
2
12
|
//# sourceMappingURL=security.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAmEA;;;GAGG;AACH,eAAO,MAAM,cAAc,QAQJ,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAaT,CAAC"}
|
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
import { commercePrompt } from './commerce.js';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
/**
|
|
3
|
+
* Security-analysis knowledge shared by the MCP prompt and the plugin agent.
|
|
4
|
+
* Keep this self-contained apart from the entity filters / field-discovery
|
|
5
|
+
* rules, which the consumers supply (commercePrompt or the newrelic-commerce
|
|
6
|
+
* skill).
|
|
7
|
+
*/
|
|
8
|
+
const securityCore = `
|
|
10
9
|
### Attack categories to investigate
|
|
11
10
|
|
|
12
11
|
| Category | Primary entities | Key signals |
|
|
@@ -23,7 +22,7 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
|
|
|
23
22
|
|
|
24
23
|
### Investigation workflow
|
|
25
24
|
|
|
26
|
-
1. **Resolve account** —
|
|
25
|
+
1. **Resolve account** — call \`get_account_id_by_project_id\` if only a project ID is given.
|
|
27
26
|
|
|
28
27
|
2. **Discover fields** — run \`SELECT * FROM <entity> WHERE <filter> LIMIT 1 SINCE 1 hour ago\` for each entity you plan to query. Only use field names from those results.
|
|
29
28
|
|
|
@@ -64,4 +63,36 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
|
|
|
64
63
|
- When evidence is ambiguous, state it clearly and suggest additional queries rather than asserting an attack occurred.
|
|
65
64
|
- If the user asks to block an IP or apply a WAF rule, note that those actions must be taken outside New Relic (e.g. in the Fastly or CDN console) and are not performed by this tool.
|
|
66
65
|
`.trim();
|
|
66
|
+
/**
|
|
67
|
+
* Self-contained MCP prompt: embeds the full commerce reference because MCP
|
|
68
|
+
* prompt consumers cannot load the newrelic-commerce skill.
|
|
69
|
+
*/
|
|
70
|
+
export const securityPrompt = `${commercePrompt}
|
|
71
|
+
|
|
72
|
+
---
|
|
73
|
+
|
|
74
|
+
## Security & Attack Analysis
|
|
75
|
+
|
|
76
|
+
In addition to the general NRQL and Adobe Commerce guidance above, detect and investigate attacks against Adobe Commerce projects using New Relic data.
|
|
77
|
+
|
|
78
|
+
${securityCore}`.trim();
|
|
79
|
+
/**
|
|
80
|
+
* Subagent system prompt for the Claude Code / Cursor plugins: persona plus
|
|
81
|
+
* the security workflow, deferring the full entity/filter reference to the
|
|
82
|
+
* newrelic-commerce skill instead of duplicating it.
|
|
83
|
+
*/
|
|
84
|
+
export const securityAgentPrompt = `
|
|
85
|
+
You are a security analyst for Adobe Commerce projects on New Relic. You detect and investigate attacks by running NRQL queries with the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
|
|
86
|
+
|
|
87
|
+
For the full entity → filter table and field-discovery rules, use the \`newrelic-commerce\` skill. Essentials:
|
|
88
|
+
|
|
89
|
+
- **Log and infrastructure samples** (ProcessSample, SystemSample, Mysql/Redis/Elasticsearch/Rabbitmq samples): \`apmApplicationNames = '|<project id>|'\` (literal pipe characters around the project ID).
|
|
90
|
+
- **Fastly (CDN) logs:** \`cache_status IS NOT NULL AND project_id = '<project id>'\`.
|
|
91
|
+
- **APM events** (Transaction, TransactionError, PageView, ErrorTrace): \`appName = '<project id>'\` (no pipes).
|
|
92
|
+
- **Never use a field name** that was not returned by a \`SELECT * FROM <entity> ... LIMIT 1\` discovery query you already ran for that entity.
|
|
93
|
+
- Always add a \`SINCE ...\` clause when querying Log data.
|
|
94
|
+
|
|
95
|
+
## Security & Attack Analysis
|
|
96
|
+
|
|
97
|
+
${securityCore}`.trim();
|
|
67
98
|
//# sourceMappingURL=security.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc
|
|
1
|
+
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDpB,CAAC,IAAI,EAAE,CAAC;AAET;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc;;;;;;;;EAQ7C,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC;AAExB;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;EAajC,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kavinga/commerce-tools",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.6",
|
|
4
4
|
"description": "Multi-provider AI tooling platform with MCPs, agents, skills, and commands",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -10,7 +10,8 @@
|
|
|
10
10
|
"dist/"
|
|
11
11
|
],
|
|
12
12
|
"scripts": {
|
|
13
|
-
"build": "tsc",
|
|
13
|
+
"build": "tsc && npm run build:plugins",
|
|
14
|
+
"build:plugins": "tsx plugins/build.ts",
|
|
14
15
|
"dev:newrelic": "tsx mcps/newrelic/server.ts",
|
|
15
16
|
"start:newrelic": "node dist/mcps/newrelic/server.js"
|
|
16
17
|
},
|
|
@@ -26,5 +27,8 @@
|
|
|
26
27
|
},
|
|
27
28
|
"engines": {
|
|
28
29
|
"node": ">=18"
|
|
30
|
+
},
|
|
31
|
+
"publishConfig": {
|
|
32
|
+
"access": "public"
|
|
29
33
|
}
|
|
30
34
|
}
|