Integrations

MCP integration overview

Drive Packagento from Claude Code or any MCP-compatible client. Browse your orgs, publish packages from Git, and purchase + install — without leaving the assistant.

What MCP is

Model Context Protocol (MCP) is an open protocol for connecting LLM-driven applications to tools and data sources. Packagento exposes its marketplace operations as MCP tools so an assistant can call them on your behalf, with your explicit OAuth consent, exactly as if you were clicking around the customer area yourself.

What you can do through it

  • Read your account. Identity, orgs, vendors, packages, versions, licences, projects, project tokens, orders, invoices, pending invites, and org members — every list_* tool is read-only.
  • Set up projects + tokens. Create a buyer project and have a ready-to-paste auth.json snippet returned in one call (setup_project).
  • Onboard as a vendor. Apply, start Stripe Connect onboarding, and connect a Git provider in one call (bootstrap_vendor) — returns a per-step status block plus any URLs you need to finish in the browser.
  • Publish packages. Point at one or many Git repo URLs (GitHub or GitLab); if your Git integration is connected, each package is ingested. If not, you get an OAuth URL to authorise (publish_packages_from_repos).
  • Buy and install. Add to cart, charge a saved payment method off-session, attach each licence to a project, and receive the auth.json snippet — all in one call (purchase_and_install_packages).
  • Inspect QA verdicts. Read the pass/fail status of every QA axis on a package version (get_package_qa_status) and pull the per-finding list — file, line, message, rule — for any failing axis (get_qa_detail).
  • Switch active org. Cart, projects, licences, orders, and webhooks are org-scoped — set_active_org swaps the context for every subsequent tool call.

Example prompts

These are the literal kinds of asks an MCP client routes to the Packagento tools. The assistant chooses the right tool for the goal and chains them when it has to:

  • "Show me my Packagento dashboard." Resolves to get_my_dashboard — identity + active org + every org + counts in one round trip.
  • "Publish github.com/me/my-module and price it at $49." Routes through publish_packages_from_repos to ingest the repo, then set_package_pricing for the price.
  • "Buy loki/magento2-components and install it on my staging-site project." Single purchase_and_install_packages call covers cart, charge, licence-attach, and the returned auth.json snippet.
  • "Switch to the Acme org and list my active licences." set_active_org swaps context; list_licenses reads the new active-org slice.

How authorisation works

The first time an MCP client connects, you complete an OAuth consent dance in your browser. Packagento mints a long-lived refresh token (rotated every 90 days) plus short-lived access tokens (refreshed every hour). The MCP client stores those tokens; Packagento records the connected application on the MCP Integrations page in your customer area, where you can revoke access at any time.

Every MCP request runs as you — same role checks, same org gates, same audit log. The assistant cannot do anything you could not do yourself, and every action is attributed to your customer account.

Next steps