# magebitcom/magento2-mcp-customer-tools > Customer-domain MCP tools for Magebit_Mcp (read + write over customers, addresses, groups, account management) `composer require magebitcom/magento2-mcp-customer-tools` Canonical URL: https://packagento.com/magebitcom/magento2-mcp-customer-tools ## At a glance - **Vendor**: magebitcom (https://packagento.com/magebitcom.md) - **Latest version**: v1.0.0 — released 2026-05-26 - **Pricing**: Free - **Package type**: Magento 2 module - **Status**: active, accepting new buyers ## Installation Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them. 1. **Sign in or create an account** at https://packagento.com/customer/account/. 2. **Add the package to your account.** Open https://packagento.com/magebitcom/magento2-mcp-customer-tools and complete the free checkout. A licence is minted automatically. 3. **Create or pick a project, then activate the licence on it.** - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/. - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project. 4. **Add the project credentials to your Magento codebase.** Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`: ```json { "http-basic": { "packagento.com": { "username": "ppk_live_...", "password": "psk_live_..." } } } ``` Add the Packagento Composer repository to `composer.json`: ```json { "repositories": [ { "type": "composer", "url": "https://packagento.com" } ] } ``` 5. **Install and apply.** ```bash composer require magebitcom/magento2-mcp-customer-tools:* bin/magento setup:upgrade bin/magento setup:di:compile bin/magento cache:flush ``` ## What it does Customer-domain MCP tools for Magebit_Mcp (read + write over customers, addresses, groups, account management) ## README This is a sub-module for the [Magento2 MCP module](https://github.com/magebitcom/magento2-mcp-module) ---- Customer-domain MCP tools for `Magebit_Mcp`. Reads and writes against customer accounts, addresses, customer groups, and account management flows (password reset, confirmation). Each tool is a thin wrapper over a Magento service contract (`CustomerRepositoryInterface`, `AddressRepositoryInterface`, `GroupRepositoryInterface`, `AccountManagementInterface`) and composes its read response from field resolvers that 3rd-party modules can extend. ### Install ```bash composer require magebitcom/magento2-mcp-customer-tools bin/magento module:enable Magebit_McpCustomerTools bin/magento setup:upgrade bin/magento setup:di:compile bin/magento cache:flush ``` ### Tool catalog #### Read tools | Tool | What it does | |---|---| | `customer.customer.list` | Paginated customer search; filter by email (exact / glob / array), firstname/lastname substring, group_id, website_id, store_id, created_at range, updated_at range, dob range. | | `customer.customer.get` | Single customer by numeric id or by email (+ optional `website_id` for email lookup in per-website scope). | | `customer.address.list` | Paginated address search; filter by customer_id, country_id, region_id, postcode, city, telephone. | | `customer.address.get` | Single customer address by id. | | `customer.group.list` | Paginated group search; filter by code (exact / glob / array) and tax_class_id. | | `customer.group.get` | Single customer group by id. | | `customer.account.confirmation_status` | Returns `account_confirmed`, `account_confirmation_required`, or `account_confirmation_not_required`. | #### Write tools All writes require the global `magebit_mcp/general/allow_writes` flag **and** the token's own `allow_writes` flag to be `1`. Destructive operations additionally set `requires_confirmation` so MCP clients (Claude Desktop, etc.) prompt before firing. | Tool | Confirm? | Delegates to | Underlying ACL | |---|---|---|---| | `customer.customer.create` | yes | `AccountManagementInterface::createAccount()` | `Magento_Customer::manage` | | `customer.customer.update` | yes | `CustomerRepositoryInterface::save()` (PATCH) | `Magento_Customer::manage` | | `customer.customer.delete` | yes | `CustomerRepositoryInterface::delete()` | `Magento_Customer::delete` | | `customer.address.create` | yes | `AddressRepositoryInterface::save()` | `Magento_Customer::manage` | | `customer.address.update` | yes | `AddressRepositoryInterface::save()` (PATCH) | `Magento_Customer::manage` | | `customer.address.delete` | yes | `AddressRepositoryInterface::delete()` | `Magento_Customer::manage` | | `customer.account.reset_password` | yes | `AccountManagementInterface::initiatePasswordReset()` | `Magento_Customer::reset_password` | | `customer.account.resend_confirmation` | no | `AccountManagementInterface::resendConfirmation()` | `Magento_Customer::manage` | Every write tool also implements `Magebit\Mcp\Api\UnderlyingAclAwareInterface` so the handler blocks calls from admins who wouldn't be allowed to perform the same action in the admin UI. ### Identity lookups `customer.customer.get`, `customer.customer.update`, `customer.customer.delete`, `customer.account.confirmation_status` accept either `id` (numeric primary key) **or** `email`. Email lookups take an optional `website_id` because `customer/account_share/scope` may be per-website (the Magento default), in which case the same address can exist on multiple sites as distinct accounts. Address tools are keyed by numeric `id` only — addresses are unique per row, not per customer+label. ### PII handling Customer and address records are PII-heavy by design. Every read tool exposes the `fields` / `exclude` arguments so callers can narrow the payload: - `customer.customer.get { fields: ["identity", "scope"] }` — just id / email / website / group. - `customer.customer.get { exclude: ["addresses", "profile"] }` — skip the full address book and the dob/gender/taxvat triplet. - `customer.customer.list` ships with a lean default set (`identity`, `scope`, `timestamps`) — `addresses`, `custom_attributes`, and `extension_attributes` are omitted from list responses to avoid multiplying the payload by the size of each customer's attribute set. Audit summaries stored in `magebit_mcp_audit_log` contain identifiers only (id, email, website_id, row counts) — never the full record. ### Extending See `docs/EXTENDING.md` for: - adding a new field to any tool response via `CustomerFieldResolverInterface` / `AddressFieldResolverInterface` / `GroupFieldResolverInterface`; - adding a new filter to any list tool via `CustomerFilterTranslatorInterface` / `AddressFilterTranslatorInterface` / `GroupFilterTranslatorInterface`; - the ACL layering rules for custom write tools. ### License Released under the [MIT License](LICENSE). --- ![magebit (1)](https://github.com/user-attachments/assets/cdc904ce-e839-40a0-a86f-792f7ab7961f) *Have questions or need help? Contact us at info@magebit.com* ## Recent Versions | Version | Released | |---|---| | v1.0.0 | 2026-05-26 | | v0.0.2 | 2026-05-11 | | v0.0.1 | 2026-05-11 | ## Dependencies ### Require | Package | Constraint | |---|---| | magebitcom/magento2-mcp-module | * | | magento/framework | ^103.0 | | php | >=8.1 | ## Quality Latest release (v1.0.0) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers. ### Compatibility Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`. | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | Pass | Pass | – | – | | 2.4.8 | – | Pass | Pass | – | | 2.4.9 | – | – | Pass | Pass | ### Code Quality Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible. #### Static Analysis Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module. | Tool | Status | Findings | Summary | |---|---|---|---| | PHPCS | Warning | 35 | 35 warnings (ruleset: Magento2) — 25 auto-fixable with phpcbf | | PHPMD | Warning | 7 | 7 rule violations (CyclomaticComplexity:3, NPathComplexity:2, ExcessiveClassComplexity:1, TooManyPublicMethods:1) | | Cpd | Warning | 10 | 10 duplicated chunks spanning 366 total lines (min-lines=5, min-tokens=70) | | Composer validate | Info | 1 | valid; 1 advisory note (composer validate --strict) | #### PHPStan Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases. | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | 11 | 11 | – | – | | 2.4.8 | – | 12 | 12 | – | | 2.4.9 | – | – | 12 | 12 | ### Tests Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately. #### Unit Tests | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | N/A | N/A | – | – | | 2.4.8 | – | N/A | N/A | – | | 2.4.9 | – | – | N/A | N/A | #### Integration Tests | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | N/A | N/A | – | – | | 2.4.8 | – | N/A | N/A | – | | 2.4.9 | – | – | N/A | N/A | ### Security Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright. | Tool | Status | Findings | Summary | |---|---|---|---| | Composer audit | Pass | 0 | | | Malware scan | Pass | 0 | | ## Licence and pricing Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step. Refundable within 14 days of first purchase via https://packagento.com/account/refunds/. ## Install via Claude Code or any MCP client The Packagento MCP server can run the licence + project + Composer steps above in one tool call: ``` purchase_and_install_packages( composer_names=["magebitcom/magento2-mcp-customer-tools"], project_id="proj_xxx" ) ``` This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup. ## Vendor magebitcom is a Magento 2 vendor on Packagento. See https://packagento.com/magebitcom.md for their full catalogue.