@kavinga/commerce-tools 0.1.3 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/mcps/newrelic/prompts/commerce.js +9 -9
- package/dist/mcps/newrelic/prompts/security.d.ts +10 -0
- package/dist/mcps/newrelic/prompts/security.d.ts.map +1 -1
- package/dist/mcps/newrelic/prompts/security.js +40 -9
- package/dist/mcps/newrelic/prompts/security.js.map +1 -1
- package/package.json +6 -2
package/README.md
CHANGED
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
export const commercePrompt = `
|
|
2
|
-
|
|
2
|
+
Reference for querying New Relic with NRQL for Adobe Commerce projects, using the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
|
|
3
3
|
|
|
4
|
-
**Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query
|
|
4
|
+
**Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query already run for that entity. Run that discovery query first; then use only the keys from the result. Never guess or invent field names.
|
|
5
5
|
|
|
6
|
-
##
|
|
6
|
+
## Workflow
|
|
7
7
|
|
|
8
|
-
1. **
|
|
8
|
+
1. **Resolve the account.** If an Adobe Commerce project ID is given (and no account ID):
|
|
9
9
|
- Call the New Relic MCP tool \`get_account_id_by_project_id\` with that project ID.
|
|
10
10
|
- Use the returned \`accountId\` from the first matching entity for all NRQL execution.
|
|
11
|
-
- If no entities are found,
|
|
11
|
+
- If no entities are found, report it and suggest checking the project ID or NEW_RELIC_API_KEY.
|
|
12
12
|
|
|
13
|
-
2. **
|
|
14
|
-
-
|
|
13
|
+
2. **Discover fields before writing any NRQL that uses specific field names** (in SELECT, WHERE, FACET, etc.):
|
|
14
|
+
- First run \`SELECT * FROM <entity> ... LIMIT 1\` (with the correct WHERE for that entity and a SINCE clause).
|
|
15
15
|
- Inspect the JSON result and note the **exact attribute names** (keys) returned.
|
|
16
16
|
- **Only use those attribute names** in subsequent queries. Do not assume, guess, or invent field names.
|
|
17
17
|
|
|
18
|
-
3. **Build NRQL** from the
|
|
18
|
+
3. **Build NRQL** from the request and the standard Adobe Commerce patterns below. Use the project ID in filters as shown. For any non-\`SELECT *\` query, use only fields obtained in step 2.
|
|
19
19
|
|
|
20
|
-
4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the
|
|
20
|
+
4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the account ID given directly). Use a sensible \`timeout_seconds\` (e.g. 30) for large result sets.
|
|
21
21
|
|
|
22
22
|
5. **Summarize results** clearly: row count, key fields, and any errors or empty result sets.
|
|
23
23
|
|
|
@@ -1,2 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Self-contained MCP prompt: embeds the full commerce reference because MCP
|
|
3
|
+
* prompt consumers cannot load the newrelic-commerce skill.
|
|
4
|
+
*/
|
|
1
5
|
export declare const securityPrompt: string;
|
|
6
|
+
/**
|
|
7
|
+
* Subagent system prompt for the Claude Code / Cursor plugins: persona plus
|
|
8
|
+
* the security workflow, deferring the full entity/filter reference to the
|
|
9
|
+
* newrelic-commerce skill instead of duplicating it.
|
|
10
|
+
*/
|
|
11
|
+
export declare const securityAgentPrompt: string;
|
|
2
12
|
//# sourceMappingURL=security.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAmEA;;;GAGG;AACH,eAAO,MAAM,cAAc,QAQJ,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAaT,CAAC"}
|
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
import { commercePrompt } from './commerce.js';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
/**
|
|
3
|
+
* Security-analysis knowledge shared by the MCP prompt and the plugin agent.
|
|
4
|
+
* Keep this self-contained apart from the entity filters / field-discovery
|
|
5
|
+
* rules, which the consumers supply (commercePrompt or the newrelic-commerce
|
|
6
|
+
* skill).
|
|
7
|
+
*/
|
|
8
|
+
const securityCore = `
|
|
10
9
|
### Attack categories to investigate
|
|
11
10
|
|
|
12
11
|
| Category | Primary entities | Key signals |
|
|
@@ -23,7 +22,7 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
|
|
|
23
22
|
|
|
24
23
|
### Investigation workflow
|
|
25
24
|
|
|
26
|
-
1. **Resolve account** —
|
|
25
|
+
1. **Resolve account** — call \`get_account_id_by_project_id\` if only a project ID is given.
|
|
27
26
|
|
|
28
27
|
2. **Discover fields** — run \`SELECT * FROM <entity> WHERE <filter> LIMIT 1 SINCE 1 hour ago\` for each entity you plan to query. Only use field names from those results.
|
|
29
28
|
|
|
@@ -64,4 +63,36 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
|
|
|
64
63
|
- When evidence is ambiguous, state it clearly and suggest additional queries rather than asserting an attack occurred.
|
|
65
64
|
- If the user asks to block an IP or apply a WAF rule, note that those actions must be taken outside New Relic (e.g. in the Fastly or CDN console) and are not performed by this tool.
|
|
66
65
|
`.trim();
|
|
66
|
+
/**
|
|
67
|
+
* Self-contained MCP prompt: embeds the full commerce reference because MCP
|
|
68
|
+
* prompt consumers cannot load the newrelic-commerce skill.
|
|
69
|
+
*/
|
|
70
|
+
export const securityPrompt = `${commercePrompt}
|
|
71
|
+
|
|
72
|
+
---
|
|
73
|
+
|
|
74
|
+
## Security & Attack Analysis
|
|
75
|
+
|
|
76
|
+
In addition to the general NRQL and Adobe Commerce guidance above, detect and investigate attacks against Adobe Commerce projects using New Relic data.
|
|
77
|
+
|
|
78
|
+
${securityCore}`.trim();
|
|
79
|
+
/**
|
|
80
|
+
* Subagent system prompt for the Claude Code / Cursor plugins: persona plus
|
|
81
|
+
* the security workflow, deferring the full entity/filter reference to the
|
|
82
|
+
* newrelic-commerce skill instead of duplicating it.
|
|
83
|
+
*/
|
|
84
|
+
export const securityAgentPrompt = `
|
|
85
|
+
You are a security analyst for Adobe Commerce projects on New Relic. You detect and investigate attacks by running NRQL queries with the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
|
|
86
|
+
|
|
87
|
+
For the full entity → filter table and field-discovery rules, use the \`newrelic-commerce\` skill. Essentials:
|
|
88
|
+
|
|
89
|
+
- **Log and infrastructure samples** (ProcessSample, SystemSample, Mysql/Redis/Elasticsearch/Rabbitmq samples): \`apmApplicationNames = '|<project id>|'\` (literal pipe characters around the project ID).
|
|
90
|
+
- **Fastly (CDN) logs:** \`cache_status IS NOT NULL AND project_id = '<project id>'\`.
|
|
91
|
+
- **APM events** (Transaction, TransactionError, PageView, ErrorTrace): \`appName = '<project id>'\` (no pipes).
|
|
92
|
+
- **Never use a field name** that was not returned by a \`SELECT * FROM <entity> ... LIMIT 1\` discovery query you already ran for that entity.
|
|
93
|
+
- Always add a \`SINCE ...\` clause when querying Log data.
|
|
94
|
+
|
|
95
|
+
## Security & Attack Analysis
|
|
96
|
+
|
|
97
|
+
${securityCore}`.trim();
|
|
67
98
|
//# sourceMappingURL=security.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc
|
|
1
|
+
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDpB,CAAC,IAAI,EAAE,CAAC;AAET;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc;;;;;;;;EAQ7C,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC;AAExB;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;EAajC,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kavinga/commerce-tools",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.6",
|
|
4
4
|
"description": "Multi-provider AI tooling platform with MCPs, agents, skills, and commands",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -10,7 +10,8 @@
|
|
|
10
10
|
"dist/"
|
|
11
11
|
],
|
|
12
12
|
"scripts": {
|
|
13
|
-
"build": "tsc",
|
|
13
|
+
"build": "tsc && npm run build:plugins",
|
|
14
|
+
"build:plugins": "tsx plugins/build.ts",
|
|
14
15
|
"dev:newrelic": "tsx mcps/newrelic/server.ts",
|
|
15
16
|
"start:newrelic": "node dist/mcps/newrelic/server.js"
|
|
16
17
|
},
|
|
@@ -26,5 +27,8 @@
|
|
|
26
27
|
},
|
|
27
28
|
"engines": {
|
|
28
29
|
"node": ">=18"
|
|
30
|
+
},
|
|
31
|
+
"publishConfig": {
|
|
32
|
+
"access": "public"
|
|
29
33
|
}
|
|
30
34
|
}
|