MCP
Connect AI agents to approved workspace context without broad credential exposure.
MCP
Use MCP when a hosted, shell-less AI assistant needs workspace-aware context or schema inspection. Shell-capable coding agents should prefer the Agent CLI (01); hosted MCP is a single HTTP/OAuth surface for Console-backed discovery tools: get-collection-schema, get-tenant-context, and check-feature-progress. The local stdio transport was retired; collection reads/writes and order/fulfillment/transaction/cart operations run through the CLI or the API/SDK until reviewed Console service adapters exist. MCP does not replace human approval for scope, credentials, or launch readiness.
Surfaces
| Surface | Use for | Boundary |
|---|---|---|
| hosted MCP | OAuth-based hosted-client access | context, schema, and feature-progress discovery |
| Agent CLI | shell-capable agents (01), commerce, guidance | local credentials, machine-stable I/O |
| API / SDK | application runtimes and server-side writes | secret-key/server credentials |
| OpenAPI | HTTP contract generation | implementation details |
Agent Handoff
- Give the agent the workspace goal, enabled features, and allowed change scope.
- For ecommerce work, ask the agent to run
check-feature-progressbefore handoff. - Keep Secret Key handling in trusted local or server environments.
- Ask the agent to report verification commands and changed files.
- Review workspace changes before launch.
Stop Conditions
- credential owner is unknown
- agent scope is broader than the task
- plan-blocked features are requested
- launch readiness has unresolved blockers
AI-agent access should be scoped to the workspace and task. Do not use MCP as a shortcut around credential ownership or launch review.
Next Actions
- Confirm owners in Integrations & Keys.
- Check implementation contracts in API.
- Finish with Launch Readiness.