@kavinga/commerce-tools 0.1.2 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,135 @@
1
+ # commerce-tools
2
+
3
+ A modular AI tooling platform for Adobe Commerce operations, monitoring, and security analysis. Provides a New Relic MCP server for NRQL query execution, plus a composable framework of agents, skills, commands, and providers for building AI-powered Commerce workflows.
4
+
5
+ ## Features
6
+
7
+ - **New Relic MCP Server** — executes NRQL queries via NerdGraph and maps Adobe Commerce project IDs to New Relic account IDs
8
+ - **Commerce & Security Prompts** — built-in specialist prompts for APM monitoring, performance analysis, and attack detection (brute force, SQLi, XSS, DDoS, scraping, carding)
9
+ - **Agent Framework** — automatic tool-use loop with conversation history management and configurable iteration limits
10
+ - **Pluggable Providers** — abstract provider interface supports Claude and other LLM backends
11
+ - **Hook System** — event-driven extensibility with `before-tool`, `after-tool`, `before-generate`, and `after-generate` hooks
12
+ - **Composable CLI** — command, skill, and agent registries for building and extending tools
13
+
14
+ ## Project Structure
15
+
16
+ ```
17
+ commerce-tools/
18
+ ├── agents/ # Agent implementations (extend BaseAgent)
19
+ ├── commands/ # CLI command registry
20
+ ├── core/ # Runtime: router, tool-runner, session, hooks
21
+ ├── mcps/ # MCP servers (New Relic NRQL)
22
+ ├── providers/ # AI provider implementations and base types
23
+ ├── skills/ # Skill registry and loaders
24
+ ├── dist/ # Compiled output (generated)
25
+ ├── .env.example # Environment variable template
26
+ └── .mcp.json # MCP server config for Claude Code
27
+ ```
28
+
29
+ ## Getting Started
30
+
31
+ ### Prerequisites
32
+
33
+ - Node.js 18+
34
+ - A New Relic account with a [NerdGraph API key](https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/)
35
+
36
+ ### Installation
37
+
38
+ ```bash
39
+ npm install
40
+ ```
41
+
42
+ ### Configuration
43
+
44
+ Copy `.env.example` to `.env` and fill in your credentials:
45
+
46
+ ```bash
47
+ cp .env.example .env
48
+ ```
49
+
50
+ | Variable | Description |
51
+ |---|---|
52
+ | `NEW_RELIC_API_KEY` | NerdGraph API key |
53
+ | `NEW_RELIC_REGION` | `us` or `eu` (default: `us`) |
54
+ | `NEW_RELIC_ACCOUNT_ID` | Optional default account ID |
55
+ | `MCP_TRANSPORT` | Transport mode (default: `stdio`) |
56
+
57
+ ### Build
58
+
59
+ ```bash
60
+ npm run build
61
+ ```
62
+
63
+ ### Run the New Relic MCP server
64
+
65
+ ```bash
66
+ npm start
67
+ # or directly:
68
+ node dist/mcps/newrelic/server.js
69
+ ```
70
+
71
+ ## Using with Claude Code
72
+
73
+ The `.mcp.json` file configures the New Relic MCP server for use with Claude Code. To register it:
74
+
75
+ ```bash
76
+ claude mcp add newrelic -- node /path/to/commerce-tools/dist/mcps/newrelic/server.js
77
+ ```
78
+
79
+ Or reference the existing `.mcp.json` in your Claude Code project settings. Once connected, Claude can:
80
+
81
+ - Run NRQL queries against any New Relic account
82
+ - Resolve Adobe Commerce project IDs to account IDs
83
+ - Analyze logs, transactions, APM metrics, Redis, MySQL, and Elasticsearch data
84
+ - Detect and investigate security attacks
85
+
86
+ ## Architecture
87
+
88
+ ### Core
89
+
90
+ | Module | Purpose |
91
+ |---|---|
92
+ | `core/router.ts` | Resolves provider names to implementations |
93
+ | `core/tool-runner.ts` | Registers and dispatches tool handlers |
94
+ | `core/session.ts` | Manages conversation sessions and message history |
95
+ | `core/hooks.ts` | Event hooks for tool and generation lifecycle |
96
+
97
+ ### Agents
98
+
99
+ `agents/_base.ts` implements the agentic loop:
100
+
101
+ 1. Call `provider.generate()` with current messages and tools
102
+ 2. Append assistant response to history
103
+ 3. If stop reason is `tool_use`, extract and execute tool calls
104
+ 4. Append tool results to history
105
+ 5. Repeat up to `maxIterations` (default: 10)
106
+
107
+ Subclass `BaseAgent` and implement `handleToolCall()` to build custom agents.
108
+
109
+ ### New Relic MCP Tools
110
+
111
+ | Tool | Description |
112
+ |---|---|
113
+ | `execute_nrql` | Run a NRQL query against a New Relic account via NerdGraph |
114
+ | `get_account_id_by_project_id` | Resolve an Adobe Commerce project ID to a New Relic account ID |
115
+
116
+ ### New Relic MCP Prompts
117
+
118
+ | Prompt | Description |
119
+ |---|---|
120
+ | `newrelic_commerce` | NRQL specialist for Adobe Commerce monitoring and investigation |
121
+ | `newrelic_security` | Extends commerce prompt with attack detection and security analysis |
122
+
123
+ ## Development
124
+
125
+ ```bash
126
+ # Watch mode
127
+ npx tsc --watch
128
+
129
+ # Type check only
130
+ npx tsc --noEmit
131
+ ```
132
+
133
+ ## License
134
+
135
+ MIT
@@ -1,23 +1,23 @@
1
1
  export const commercePrompt = `
2
- You are a New Relic specialist. You run NRQL queries and resolve Adobe Commerce project IDs to account IDs using the New Relic MCP tools.
2
+ Reference for querying New Relic with NRQL for Adobe Commerce projects, using the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
3
3
 
4
- **Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query you already ran for that entity. Run that discovery query first; then use only the keys from the result. Never guess or invent field names.
4
+ **Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query already run for that entity. Run that discovery query first; then use only the keys from the result. Never guess or invent field names.
5
5
 
6
- ## When invoked
6
+ ## Workflow
7
7
 
8
- 1. **If the user provides an Adobe Commerce project ID** (and no account ID):
8
+ 1. **Resolve the account.** If an Adobe Commerce project ID is given (and no account ID):
9
9
  - Call the New Relic MCP tool \`get_account_id_by_project_id\` with that project ID.
10
10
  - Use the returned \`accountId\` from the first matching entity for all NRQL execution.
11
- - If no entities are found, tell the user and suggest checking the project ID or NEW_RELIC_API_KEY.
11
+ - If no entities are found, report it and suggest checking the project ID or NEW_RELIC_API_KEY.
12
12
 
13
- 2. **Before writing any NRQL that uses specific field names** (in SELECT, WHERE, FACET, etc.):
14
- - You **must** first run \`SELECT * FROM <entity> ... LIMIT 1\` (with the correct WHERE for that entity and a SINCE clause).
13
+ 2. **Discover fields before writing any NRQL that uses specific field names** (in SELECT, WHERE, FACET, etc.):
14
+ - First run \`SELECT * FROM <entity> ... LIMIT 1\` (with the correct WHERE for that entity and a SINCE clause).
15
15
  - Inspect the JSON result and note the **exact attribute names** (keys) returned.
16
16
  - **Only use those attribute names** in subsequent queries. Do not assume, guess, or invent field names.
17
17
 
18
- 3. **Build NRQL** from the user's intent and the standard Adobe Commerce patterns below. Use the project ID in filters as shown. For any non-\`SELECT *\` query, use only fields you obtained in step 2.
18
+ 3. **Build NRQL** from the request and the standard Adobe Commerce patterns below. Use the project ID in filters as shown. For any non-\`SELECT *\` query, use only fields obtained in step 2.
19
19
 
20
- 4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the user's account ID if they provided it). Use a sensible \`timeout_seconds\` (e.g. 30) for large result sets.
20
+ 4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the account ID given directly). Use a sensible \`timeout_seconds\` (e.g. 30) for large result sets.
21
21
 
22
22
  5. **Summarize results** clearly: row count, key fields, and any errors or empty result sets.
23
23
 
@@ -1,2 +1,12 @@
1
+ /**
2
+ * Self-contained MCP prompt: embeds the full commerce reference because MCP
3
+ * prompt consumers cannot load the newrelic-commerce skill.
4
+ */
1
5
  export declare const securityPrompt: string;
6
+ /**
7
+ * Subagent system prompt for the Claude Code / Cursor plugins: persona plus
8
+ * the security workflow, deferring the full entity/filter reference to the
9
+ * newrelic-commerce skill instead of duplicating it.
10
+ */
11
+ export declare const securityAgentPrompt: string;
2
12
  //# sourceMappingURL=security.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,cAAc,QAgEnB,CAAC"}
1
+ {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAmEA;;;GAGG;AACH,eAAO,MAAM,cAAc,QAQJ,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAaT,CAAC"}
@@ -1,12 +1,11 @@
1
1
  import { commercePrompt } from './commerce.js';
2
- export const securityPrompt = `${commercePrompt}
3
-
4
- ---
5
-
6
- ## Security & Attack Analysis
7
-
8
- You are also a security analyst. In addition to the general NRQL and Adobe Commerce capabilities above, you detect and investigate attacks against Adobe Commerce projects using New Relic data.
9
-
2
+ /**
3
+ * Security-analysis knowledge shared by the MCP prompt and the plugin agent.
4
+ * Keep this self-contained apart from the entity filters / field-discovery
5
+ * rules, which the consumers supply (commercePrompt or the newrelic-commerce
6
+ * skill).
7
+ */
8
+ const securityCore = `
10
9
  ### Attack categories to investigate
11
10
 
12
11
  | Category | Primary entities | Key signals |
@@ -23,7 +22,7 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
23
22
 
24
23
  ### Investigation workflow
25
24
 
26
- 1. **Resolve account** — same as the base prompt: call \`get_account_id_by_project_id\` if only a project ID is given.
25
+ 1. **Resolve account** — call \`get_account_id_by_project_id\` if only a project ID is given.
27
26
 
28
27
  2. **Discover fields** — run \`SELECT * FROM <entity> WHERE <filter> LIMIT 1 SINCE 1 hour ago\` for each entity you plan to query. Only use field names from those results.
29
28
 
@@ -64,4 +63,36 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
64
63
  - When evidence is ambiguous, state it clearly and suggest additional queries rather than asserting an attack occurred.
65
64
  - If the user asks to block an IP or apply a WAF rule, note that those actions must be taken outside New Relic (e.g. in the Fastly or CDN console) and are not performed by this tool.
66
65
  `.trim();
66
+ /**
67
+ * Self-contained MCP prompt: embeds the full commerce reference because MCP
68
+ * prompt consumers cannot load the newrelic-commerce skill.
69
+ */
70
+ export const securityPrompt = `${commercePrompt}
71
+
72
+ ---
73
+
74
+ ## Security & Attack Analysis
75
+
76
+ In addition to the general NRQL and Adobe Commerce guidance above, detect and investigate attacks against Adobe Commerce projects using New Relic data.
77
+
78
+ ${securityCore}`.trim();
79
+ /**
80
+ * Subagent system prompt for the Claude Code / Cursor plugins: persona plus
81
+ * the security workflow, deferring the full entity/filter reference to the
82
+ * newrelic-commerce skill instead of duplicating it.
83
+ */
84
+ export const securityAgentPrompt = `
85
+ You are a security analyst for Adobe Commerce projects on New Relic. You detect and investigate attacks by running NRQL queries with the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
86
+
87
+ For the full entity → filter table and field-discovery rules, use the \`newrelic-commerce\` skill. Essentials:
88
+
89
+ - **Log and infrastructure samples** (ProcessSample, SystemSample, Mysql/Redis/Elasticsearch/Rabbitmq samples): \`apmApplicationNames = '|<project id>|'\` (literal pipe characters around the project ID).
90
+ - **Fastly (CDN) logs:** \`cache_status IS NOT NULL AND project_id = '<project id>'\`.
91
+ - **APM events** (Transaction, TransactionError, PageView, ErrorTrace): \`appName = '<project id>'\` (no pipes).
92
+ - **Never use a field name** that was not returned by a \`SELECT * FROM <entity> ... LIMIT 1\` discovery query you already ran for that entity.
93
+ - Always add a \`SINCE ...\` clause when querying Log data.
94
+
95
+ ## Security & Attack Analysis
96
+
97
+ ${securityCore}`.trim();
67
98
  //# sourceMappingURL=security.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgE9C,CAAC,IAAI,EAAE,CAAC"}
1
+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDpB,CAAC,IAAI,EAAE,CAAC;AAET;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc;;;;;;;;EAQ7C,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC;AAExB;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;EAajC,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kavinga/commerce-tools",
3
- "version": "0.1.2",
3
+ "version": "0.1.6",
4
4
  "description": "Multi-provider AI tooling platform with MCPs, agents, skills, and commands",
5
5
  "type": "module",
6
6
  "bin": {
@@ -10,7 +10,8 @@
10
10
  "dist/"
11
11
  ],
12
12
  "scripts": {
13
- "build": "tsc",
13
+ "build": "tsc && npm run build:plugins",
14
+ "build:plugins": "tsx plugins/build.ts",
14
15
  "dev:newrelic": "tsx mcps/newrelic/server.ts",
15
16
  "start:newrelic": "node dist/mcps/newrelic/server.js"
16
17
  },
@@ -26,5 +27,8 @@
26
27
  },
27
28
  "engines": {
28
29
  "node": ">=18"
30
+ },
31
+ "publishConfig": {
32
+ "access": "public"
29
33
  }
30
34
  }