epicmerch-mcp 1.1.0 → 1.2.0

package/.claude-plugin/plugin.json

@@ -1,23 +1,23 @@
-{
-  "name": "epicmerch",
-  "description": "Run your EpicMerch store from chat — products, orders, analytics, Shopify migration, Stripe setup. Auto-installs the MCP + slash commands + browser OAuth.",
-  "version": "1.0.0",
-  "author": {
-    "name": "Aditya Patel",
-    "email": "aditya141312@gmail.com",
-    "url": "https://epicmerch.in"
-  },
-  "homepage": "https://epicmerch.in",
-  "repository": "https://github.com/MTAV-media/Epicmerch-Platform",
-  "license": "MIT",
-  "keywords": [
-    "epicmerch",
-    "ecommerce",
-    "shopify",
-    "stripe",
-    "merchant",
-    "mcp",
-    "storefront",
-    "skills"
-  ]
-}
+{
+  "name": "epicmerch",
+  "description": "Run your EpicMerch store from chat — products, orders, analytics, Shopify migration, Stripe setup. Auto-installs the MCP + slash commands + browser OAuth.",
+  "version": "1.0.0",
+  "author": {
+    "name": "Aditya Patel",
+    "email": "aditya141312@gmail.com",
+    "url": "https://epicmerch.in"
+  },
+  "homepage": "https://epicmerch.in",
+  "repository": "https://github.com/MTAV-media/Epicmerch-Platform",
+  "license": "MIT",
+  "keywords": [
+    "epicmerch",
+    "ecommerce",
+    "shopify",
+    "stripe",
+    "merchant",
+    "mcp",
+    "storefront",
+    "skills"
+  ]
+}

package/.mcp.json

@@ -1,8 +1,8 @@
-{
-  "mcpServers": {
-    "epicmerch": {
-      "command": "npx",
-      "args": ["epicmerch-mcp@latest"]
-    }
-  }
-}
+{
+  "mcpServers": {
+    "epicmerch": {
+      "command": "npx",
+      "args": ["epicmerch-mcp@latest"]
+    }
+  }
+}

package/hooks/check-auth.js

@@ -1,37 +1,37 @@
-#!/usr/bin/env node
-// Plugin hook — runs on Claude Code session startup.
-// If the merchant hasn't logged in (no ~/.epicmerch/token.json), prints a
-// one-line nudge so the assistant knows to suggest `/epicmerch-setup` if
-// the merchant asks for store operations.
-// Stays silent if already authenticated — no startup noise for happy paths.
-
-import { existsSync, readFileSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { join } from 'node:path';
-
-const tokenPath = join(homedir(), '.epicmerch', 'token.json');
-
-if (!existsSync(tokenPath)) {
-  // No token file at all — not logged in. Hint to the assistant.
-  console.error('[epicmerch] Not yet authenticated. The merchant can connect with /epicmerch-setup or by running `npx epicmerch-mcp setup`.');
-  process.exit(0);
-}
-
-try {
-  const data = JSON.parse(readFileSync(tokenPath, 'utf-8'));
-  const entry = data?.stores?.[data?.defaultStore];
-  if (!entry) {
-    console.error('[epicmerch] Token file exists but has no default store. Run `npx epicmerch-mcp login` to fix.');
-    process.exit(0);
-  }
-  const refreshExpiry = new Date(entry.refreshTokenExpiresAt);
-  if (refreshExpiry < new Date()) {
-    console.error('[epicmerch] Refresh token expired. Merchant should run `npx epicmerch-mcp login` to re-authenticate.');
-  }
-  // Happy path: stay silent.
-} catch (_) {
-  // Malformed token file — silent. The MCP tools themselves will surface
-  // a clearer error if they're invoked.
-}
-
-process.exit(0);
+#!/usr/bin/env node
+// Plugin hook — runs on Claude Code session startup.
+// If the merchant hasn't logged in (no ~/.epicmerch/token.json), prints a
+// one-line nudge so the assistant knows to suggest `/epicmerch-setup` if
+// the merchant asks for store operations.
+// Stays silent if already authenticated — no startup noise for happy paths.
+
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+const tokenPath = join(homedir(), '.epicmerch', 'token.json');
+
+if (!existsSync(tokenPath)) {
+  // No token file at all — not logged in. Hint to the assistant.
+  console.error('[epicmerch] Not yet authenticated. The merchant can connect with /epicmerch-setup or by running `npx epicmerch-mcp setup`.');
+  process.exit(0);
+}
+
+try {
+  const data = JSON.parse(readFileSync(tokenPath, 'utf-8'));
+  const entry = data?.stores?.[data?.defaultStore];
+  if (!entry) {
+    console.error('[epicmerch] Token file exists but has no default store. Run `npx epicmerch-mcp login` to fix.');
+    process.exit(0);
+  }
+  const refreshExpiry = new Date(entry.refreshTokenExpiresAt);
+  if (refreshExpiry < new Date()) {
+    console.error('[epicmerch] Refresh token expired. Merchant should run `npx epicmerch-mcp login` to re-authenticate.');
+  }
+  // Happy path: stay silent.
+} catch (_) {
+  // Malformed token file — silent. The MCP tools themselves will surface
+  // a clearer error if they're invoked.
+}
+
+process.exit(0);

package/hooks/hooks.json

@@ -1,16 +1,16 @@
-{
-  "hooks": {
-    "SessionStart": [
-      {
-        "matcher": "startup",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/check-auth.js\"",
-            "async": true
-          }
-        ]
-      }
-    ]
-  }
-}
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "matcher": "startup",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/check-auth.js\"",
+            "async": true
+          }
+        ]
+      }
+    ]
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "epicmerch-mcp",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "MCP server for EpicMerch — integrates e-commerce into Claude and ChatGPT",
   "type": "module",
   "main": "src/index.js",

package/skills/epicmerch-payments.md

@@ -0,0 +1,86 @@
+---
+name: epicmerch-payments
+description: Set up payments on an EpicMerch store — help the merchant pick between Razorpay (India, default) and Stripe (international), then route to the right setup skill.
+---
+
+# EpicMerch Payments — the umbrella
+
+This is the entry point for any "set up payments" / "configure checkout" / "add card payments" intent. Your job is to figure out **which processor the merchant should use**, then hand off to the matching detailed skill.
+
+## Step 1: Check what's already configured
+
+Before asking anything, call `merchant_get_checkout_settings()`. The response tells you:
+
+- `checkoutType` — current active flow (`"epicmerch"`, `"stripe"`, or `"shiprocket"`)
+- `razorpayKeyId` (string or null) + `razorpayKeySecretIsSet` (bool)
+- `stripePublishableKey` (string or null) + `stripeSecretKeyIsSet` (bool) + `stripeWebhookSecretIsSet` (bool)
+
+Decide based on what's there:
+
+| Current state | Suggested action |
+|---|---|
+| Nothing configured | Help the merchant pick + set up (continue to Step 2) |
+| Razorpay configured, `checkoutType: epicmerch` | Tell them: "Razorpay is already live on your store. Want to add Stripe as a backup / switch to Stripe?" |
+| Stripe configured, `checkoutType: stripe` | Tell them: "Stripe is already live. Want to switch back to Razorpay?" |
+| Both configured, only one active | Tell them which is active + ask if they want to switch |
+
+If something's clearly already set up and they didn't ask to change it, stop here. Don't redo configured work.
+
+## Step 2: Help them pick
+
+If nothing is configured (or they want to add a new one), help them choose:
+
+| Question | Razorpay | Stripe |
+|---|---|---|
+| Where are most of your customers? | India 🇮🇳 | International 🌍 |
+| Currency you charge in? | INR primarily | USD, EUR, GBP, AUD, etc. |
+| Payment methods you want? | UPI, netbanking, Indian cards, wallets | Cards, Apple Pay, Google Pay, Stripe Link |
+| Compliance | RBI-compliant by default | Stripe handles PCI; you handle GDPR |
+| Setup time | ~5 min if account exists | ~10 min (needs webhook config) |
+| Account onboarding | KYC ~24h (already done usually) | Stripe activation can take a day |
+
+Ask the merchant ONE question that disambiguates. Don't make them read the table. The best single question is usually:
+
+> "Where are most of your customers — India, or international?"
+
+- **India only** → Razorpay
+- **International / mostly outside India** → Stripe
+- **Both / not sure** → ask: "What currency do you want to charge in?" then route accordingly.
+
+## Step 3: Hand off to the specific skill
+
+Once you know which one:
+
+- **Razorpay** → hand off to `/epicmerch-razorpay`. Don't try to configure it inline; the specific skill has the right Razorpay-dashboard URLs, key format hints, and the activation step.
+- **Stripe** → hand off to `/epicmerch-stripe`. Same reasoning — that skill has the webhook URL, the test recipe, and the activation step.
+
+If you're running inside a client that doesn't support slash command handoff (e.g. **Codex**), invoke the same MCP tools yourself:
+
+**For Razorpay inline:**
+```
+merchant_configure_razorpay({ keyId: "rzp_live_...", keySecret: "..." })
+merchant_set_checkout_type({ type: "epicmerch" })
+merchant_get_checkout_settings()    // verify
+merchant_diagnose()                  // confirm readiness
+```
+
+**For Stripe inline:**
+```
+merchant_configure_stripe({ publishableKey: "pk_live_...", secretKey: "sk_live_...", webhookSecret: "whsec_..." })
+merchant_test_stripe_connection()
+merchant_set_checkout_type({ type: "stripe" })
+```
+
+## Step 4: After setup
+
+Once whichever processor is live, suggest:
+
+- "Want to test? Place a small test order on your storefront. With test keys, no real money moves; with live keys, you can refund it after."
+- "Need to set up Shiprocket for shipping? Use `merchant_get_logistics_settings` first to see what's there."
+- "Ready to launch? Run `merchant_diagnose()` — I'll check everything."
+
+## Style
+
+- Don't ask "Razorpay or Stripe?" out of context. ALWAYS check current state first (Step 1) — if it's set up, just confirm.
+- Don't pile up questions. One at a time.
+- Never paste the merchant's secret back at them — refer to it as `"the secret you provided"`. Treat secrets as write-only.

package/skills/epicmerch-razorpay.md

@@ -0,0 +1,98 @@
+---
+name: epicmerch-razorpay
+description: Set up Razorpay payments for an EpicMerch store conversationally — get the Key ID + Secret from Razorpay's dashboard, save them, and activate the EpicMerch Checkout flow.
+---
+
+# EpicMerch Razorpay Setup
+
+You're helping a merchant configure Razorpay as their payment processor. This pairs Razorpay with EpicMerch's default checkout flow (Razorpay for payments + Shiprocket for shipping). Walk them through these steps.
+
+## Step 1: Confirm they have a Razorpay account
+
+Ask: "Do you already have a Razorpay account at dashboard.razorpay.com? If not, sign up first — it's free and KYC takes ~24 hours."
+
+If they're in India and just starting out, Razorpay is the most common choice. For international merchants, hand off to `/epicmerch-stripe` instead.
+
+## Step 2: Decide test vs live mode
+
+Ask: "Are you setting up for testing (`rzp_test_...` keys), or going live with real customers (`rzp_live_...`)?"
+
+Make sure they understand:
+- **Test keys** — no real money. Use Razorpay's test card numbers from their docs. Switch to live before launching.
+- **Live keys** — real money. Account must be activated (KYC complete + bank account linked).
+
+## Step 3: Collect their API keys
+
+Tell them:
+
+> "In a new browser tab, open https://dashboard.razorpay.com → Settings → API Keys → Generate Key (or Show, if you've generated one before).
+>
+> Copy these two values:
+> - **Key ID** — looks like `rzp_live_XXXXX` or `rzp_test_XXXXX`
+> - **Key Secret** — long random string. Razorpay only shows it ONCE when you generate. If you've already saved it somewhere safe, paste it now."
+
+If the merchant lost their secret, tell them: "You'll need to regenerate the key pair in Razorpay's dashboard. The old Key ID stops working when you do this, so update both fields below."
+
+## Step 4: Save them
+
+Call:
+
+```
+merchant_configure_razorpay({
+  keyId:     "rzp_live_XXXXX",
+  keySecret: "your_secret_here"
+})
+```
+
+The server encrypts the secret before storing. The response confirms the save with `razorpayKeyId` echoed back and `razorpayKeySecretIsSet: true`.
+
+## Step 5: Activate the checkout
+
+Razorpay only powers payments under EpicMerch's default checkout flow. Activate it:
+
+```
+merchant_set_checkout_type({ type: "epicmerch" })
+```
+
+This sets the storefront to use EpicMerch Checkout (Razorpay payments + Shiprocket shipping). If the merchant was previously on Stripe or Shiprocket-managed checkout, this switches them over.
+
+## Step 6: Verify it took effect
+
+Call `merchant_get_checkout_settings()` and confirm the response includes:
+- `checkoutType: "epicmerch"`
+- `razorpayKeyId` matching what you just set
+- `razorpayKeySecretIsSet: true`
+
+If those line up, you're done.
+
+## Step 7: Smoke test (optional but recommended)
+
+Tell the merchant: "Want me to do a quick health check? I'll look at your full store readiness, including payment config."
+
+Then call `merchant_diagnose()`. Read off the `payment.razorpayConfigured` value — should be `true` — and the `readinessScore`.
+
+## Step 8: Done
+
+Say:
+
+> "Razorpay is now live on your storefront. Customers will see Razorpay's payment widget at checkout — cards, UPI, netbanking, wallets. **Make sure you're using live keys before launch** — test keys won't charge real money."
+
+If they're on test keys, remind them again: "When you're ready to launch, repeat Steps 3–4 with live keys."
+
+## Style
+
+- Ask one question at a time. Don't dump all the steps at once.
+- After each `merchant_*` call, read back the relevant field so the merchant sees progress.
+- If a save fails (e.g. validation error from the server), surface the error message verbatim — don't paraphrase.
+
+## Troubleshooting
+
+If `merchant_get_checkout_settings` shows `razorpayKeySecretIsSet: false` after Step 4, the secret didn't persist. Causes:
+- Empty string passed (Razorpay secrets are 30+ chars; if the merchant pasted nothing, the field stays empty)
+- Encryption key mismatch on the server side (rare; tell the merchant to check with support)
+
+If Step 5 errors with "must be one of: ...", you typed the wrong checkout type. Use exactly `"epicmerch"` (lowercase).
+
+## Handoff
+
+If the merchant says "actually I want Stripe instead" — switch to `/epicmerch-stripe`. If "what's the difference between Razorpay and Stripe?" — use `/epicmerch-payments` to compare.

package/skills/epicmerch-setup.md

@@ -1,92 +1,101 @@
----
-name: epicmerch-setup
-description: Connect this Claude/Codex session to EpicMerch — runs the browser OAuth login + MCP config setup from inside chat, no terminal commands required.
----
-
-# EpicMerch Setup (in-chat)
-
-This skill onboards the merchant **from inside the chat session itself**, so they don't have to alt-tab to a terminal. By the end the chat has access to all the `merchant_*` tools and the other `/epicmerch-*` skills.
-
-If you can already call `merchant_get_settings` (or any other `merchant_*` tool) and get a real response back, the merchant is already set up — just say so and stop. Don't reinstall.
-
-## Step 1: Detect the environment
-
-Use whatever shell/CLI tools you have to determine the merchant's setup:
-- Their OS (look at the path style, `$HOME`, etc.)
-- Whether Node.js is installed (`node --version` if you can run it)
-- Whether the `epicmerch-mcp` MCP server is already wired up (look in `~/.claude.json`, `~/Library/Application Support/Claude/claude_desktop_config.json`, or `~/.codex/config.toml` depending on the client you're running inside)
-
-Don't dump this to the merchant — it's for routing decisions in the next steps.
-
-## Step 2: Install the MCP if missing
-
-**If `epicmerch-mcp` is NOT already configured** in the client you're running inside:
-
-Tell the merchant:
-
-> "I'll set up the EpicMerch connection now. Running the installer in your terminal — it'll open a browser for login."
-
-Then run, using whatever shell/Bash tool you have:
-
-```bash
-curl -fsSL https://api.epicmerch.in/install.sh | bash
-```
-
-(Or on Windows PowerShell: `iwr -useb https://api.epicmerch.in/install.ps1 | iex`)
-
-This wraps `npx epicmerch-mcp@latest setup`, which:
-1. Checks Node 18+ is installed (fails clean if not)
-2. Opens a browser at `https://api.epicmerch.in/api/oauth/authorize`
-3. Saves the token locally after login
-4. Writes MCP config to whichever clients are detected (Claude Desktop / Cursor / VS Code / Codex)
-5. Drops slash commands into `~/.claude/commands/`
-
-**If `epicmerch-mcp` is already configured but the merchant isn't logged in** (any `merchant_*` tool call returns "Not authenticated"):
-
-```bash
-npx epicmerch-mcp login
-```
-
-Just the OAuth re-login, no config rewrite.
-
-## Step 3: Restart the client
-
-After install completes, tell the merchant:
-
-> "Setup complete. **Fully quit and reopen Claude Desktop / Cursor / VS Code / Codex** (not just reload window — the MCP child process only respawns on app launch). Then come back here and ask me anything — I'll have access to your store."
-
-Stop here if they're in Claude Desktop / Cursor / VS Code. The MCP child process won't pick up the new config in the current session — they need a restart.
-
-**Special case for Claude Code (terminal):** if they're in `claude` CLI rather than Claude Desktop, the user-scope MCP registration we just added is live immediately — they don't need to restart. Try calling `merchant_get_settings` to confirm.
-
-## Step 4: Confirm the connection
-
-Once they're back, call `merchant_get_settings` and read the response. If you see real store data:
-
-> "Connected. Your store is **[name]**. I can help with products, orders, analytics, customers, Stripe setup, or Shopify migration. What would you like to do?"
-
-If `merchant_get_settings` still errors with "Not authenticated":
-
-> "The MCP isn't seeing the new config — make sure you **fully quit** the app (not just reload window) and reopen it. Then ask me anything."
-
-## What this skill does NOT do
-
-- It does not collect email/password in chat. Auth always goes through the browser OAuth flow.
-- It does not modify files in the merchant's project — for storefront scaffolding use `/epicmerch`, `/epicmerch-auth`, `/epicmerch-products`, `/epicmerch-orders`.
-- It does not work for ChatGPT users. ChatGPT can't run shell commands, so the install must happen via the dashboard's Connect AI page → "Open in ChatGPT" Custom GPT.
-
-## Routing notes
-
-Once setup is done, hand off:
-- "set up my store" → `/epicmerch-merchant` (skill that walks them through their first products / settings)
-- "migrate my Shopify store" → `/epicmerch-migrate`
-- "configure Stripe" → `/epicmerch-stripe`
-- "scaffold a storefront" → `/epicmerch`
-
-## Fallback when the install script fails
-
-If `curl -fsSL https://api.epicmerch.in/install.sh | bash` fails (no Node, no network, restricted env, etc.) — tell the merchant exactly what's wrong and link to the dashboard fallback:
-
-> "The auto-installer hit an issue: **[error]**. You can connect manually instead — go to `https://epicmerch.in/dashboard → Connect AI` and follow the copy-paste instructions there."
-
-Never leave them stuck. Always give a manual fallback path.
+---
+name: epicmerch-setup
+description: Connect this Claude/Codex session to EpicMerch — runs the browser OAuth login + MCP config setup from inside chat, no terminal commands required.
+---
+
+# EpicMerch Setup (in-chat)
+
+This skill onboards the merchant **from inside the chat session itself**, so they don't have to alt-tab to a terminal. By the end the chat has access to all the `merchant_*` tools and the other `/epicmerch-*` skills.
+
+If you can already call `merchant_get_settings` (or any other `merchant_*` tool) and get a real response back, the merchant is already set up — just say so and stop. Don't reinstall.
+
+## Step 1: Detect the environment
+
+Use whatever shell/CLI tools you have to determine the merchant's setup:
+- Their OS (look at the path style, `$HOME`, etc.)
+- Whether Node.js is installed (`node --version` if you can run it)
+- Whether the `epicmerch-mcp` MCP server is already wired up (look in `~/.claude.json`, `~/Library/Application Support/Claude/claude_desktop_config.json`, or `~/.codex/config.toml` depending on the client you're running inside)
+
+Don't dump this to the merchant — it's for routing decisions in the next steps.
+
+## Step 2: Install the MCP if missing
+
+**If `epicmerch-mcp` is NOT already configured** in the client you're running inside:
+
+Tell the merchant:
+
+> "I'll set up the EpicMerch connection now. Running the installer in your terminal — it'll open a browser for login."
+
+Then run, using whatever shell/Bash tool you have:
+
+```bash
+curl -fsSL https://api.epicmerch.in/install.sh | bash
+```
+
+(Or on Windows PowerShell: `iwr -useb https://api.epicmerch.in/install.ps1 | iex`)
+
+This wraps `npx epicmerch-mcp@latest setup`, which:
+1. Checks Node 18+ is installed (fails clean if not)
+2. Opens a browser at `https://api.epicmerch.in/api/oauth/authorize`
+3. Saves the token locally after login
+4. Writes MCP config to whichever clients are detected (Claude Desktop / Cursor / VS Code / Codex)
+5. Drops slash commands into `~/.claude/commands/`
+
+**If `epicmerch-mcp` is already configured but the merchant isn't logged in** (any `merchant_*` tool call returns "Not authenticated"):
+
+```bash
+npx epicmerch-mcp login
+```
+
+Just the OAuth re-login, no config rewrite.
+
+## Step 3: Restart the client
+
+After install completes, tell the merchant:
+
+> "Setup complete. **Fully quit and reopen Claude Desktop / Cursor / VS Code / Codex** (not just reload window — the MCP child process only respawns on app launch). Then come back here and ask me anything — I'll have access to your store."
+
+Stop here if they're in Claude Desktop / Cursor / VS Code. The MCP child process won't pick up the new config in the current session — they need a restart.
+
+**Special case for Claude Code (terminal):** if they're in `claude` CLI rather than Claude Desktop, the user-scope MCP registration we just added is live immediately — they don't need to restart. Try calling `merchant_get_settings` to confirm.
+
+## Step 4: Confirm the connection
+
+Once they're back, call `merchant_get_settings` and read the response. If you see real store data:
+
+> "Connected. Your store is **[name]**. I can help with products, orders, analytics, customers, Stripe setup, or Shopify migration. What would you like to do?"
+
+If `merchant_get_settings` still errors with "Not authenticated":
+
+> "The MCP isn't seeing the new config — make sure you **fully quit** the app (not just reload window) and reopen it. Then ask me anything."
+
+## What this skill does NOT do
+
+- It does not collect email/password in chat. Auth always goes through the browser OAuth flow.
+- It does not modify files in the merchant's project — for storefront scaffolding use `/epicmerch`, `/epicmerch-auth`, `/epicmerch-products`, `/epicmerch-orders`.
+- It does not work for ChatGPT users. ChatGPT can't run shell commands, so the install must happen via the dashboard's Connect AI page → "Open in ChatGPT" Custom GPT.
+
+## Routing notes
+
+Once setup is done, hand off:
+- "set up my store" → `/epicmerch-merchant` (skill that walks them through their first products / settings)
+- "migrate my Shopify store" → `/epicmerch-migrate`
+- "configure Stripe" → `/epicmerch-stripe`
+- "scaffold a storefront" → `/epicmerch`
+
+**Slash commands only work in Claude Code / Claude Desktop / Cursor** (which read from `~/.claude/commands/`). If the merchant is running you inside **Codex CLI**, slash commands aren't available — just do the same thing inline using the MCP tools directly. The mapping:
+
+| Slash command | Equivalent inline behavior |
+|---|---|
+| `/epicmerch` | Walk through the 8 scaffold steps yourself: detect framework, install SDK, write Login.jsx + ProductCard.jsx + ProductList.jsx + Cart.jsx + Checkout.jsx + OrderHistory.jsx (skipping any that exist), call `merchant_generate_api_key` and write `.env`. The full step-by-step instructions are in the `epicmerch` skill — read them via the MCP's resources if available, or just follow the same plan from memory. |
+| `/epicmerch-stripe` | Conversationally walk through Stripe setup using `merchant_configure_stripe`, `merchant_test_stripe_connection`, `merchant_set_checkout_type`. |
+| `/epicmerch-migrate` | Use `merchant_shopify_migrate` in two stages: extract → confirm → import. |
+| `/epicmerch-merchant` | Call `merchant_get_analytics_stats` + `merchant_diagnose` and summarise the store. |
+
+## Fallback when the install script fails
+
+If `curl -fsSL https://api.epicmerch.in/install.sh | bash` fails (no Node, no network, restricted env, etc.) — tell the merchant exactly what's wrong and link to the dashboard fallback:
+
+> "The auto-installer hit an issue: **[error]**. You can connect manually instead — go to `https://epicmerch.in/dashboard → Connect AI` and follow the copy-paste instructions there."
+
+Never leave them stuck. Always give a manual fallback path.

package/src/tools/_examples.js

@@ -317,6 +317,13 @@ export const TOOL_EXAMPLES = {
     'Is Stripe configured correctly?',
     'Verify my Stripe keys work',
   ],
+
+  // --- Razorpay ---
+  merchant_configure_razorpay: [
+    'Set up Razorpay for my store',
+    'Add my Razorpay keys',
+    'Configure Razorpay payments',
+  ],
   merchant_set_checkout_type: [
     'Switch my checkout to Stripe',
     'Change checkout to Razorpay',

package/src/tools/merchant.js

@@ -362,6 +362,18 @@ export function merchantTools(client, session) {
       return ok(await client.authGet('/users/stripe/test'));
     },
 
+    // --- RAZORPAY CONFIGURATION ---
+    async merchant_configure_razorpay({ keyId, keySecret }) {
+      requireAuth();
+      if (!keyId && !keySecret) {
+        throw new Error('At least one of `keyId` or `keySecret` must be provided.');
+      }
+      const body = {};
+      if (keyId !== undefined)     body.razorpayKeyId     = keyId;
+      if (keySecret !== undefined) body.razorpayKeySecret = keySecret;
+      return ok(await client.authPut('/users/checkout-settings', body));
+    },
+
     async merchant_set_checkout_type({ type }) {
       requireAuth();
       const valid = ['epicmerch', 'stripe', 'shiprocket'];
@@ -603,6 +615,14 @@ const _baseMerchantToolDefs = [
     description: 'Verify the merchant\'s Stripe keys work by fetching their Stripe account. Returns accountId, country, and charges-enabled status.',
     schema: {},
   },
+  {
+    name: 'merchant_configure_razorpay',
+    description: 'Configure Razorpay payment processing for the merchant: stores Key ID + Key Secret. Pair with merchant_set_checkout_type({type:"epicmerch"}) to activate the EpicMerch Checkout flow that uses Razorpay. Both fields are optional individually so you can update one at a time (e.g. rotating the secret without re-entering the key id).',
+    schema: {
+      keyId:     { type: 'string', description: 'Razorpay Key ID, e.g. rzp_live_... or rzp_test_...' },
+      keySecret: { type: 'string', description: 'Razorpay Key Secret. Stored encrypted server-side.' },
+    },
+  },
   {
     name: 'merchant_set_checkout_type',
     description: 'Set which checkout flow the merchant\'s storefront uses. Must be one of: "epicmerch" (Razorpay + Shiprocket), "stripe" (Stripe + Shiprocket), or "shiprocket" (full SR Checkout).',