magebitcom / magento2-mcp-order-tools
magebitcom/magento2-mcp-order-tools
Order-domain MCP tools for Magebit_Mcp (read + write over sales orders, invoices, shipments, credit memos, comments, payment)
Magento2 MCP - Order Tools
This is a sub-module for the Magento2 MCP module
Order-domain MCP tools for Magebit_Mcp. Reads and writes against sales
orders, invoices, shipments, credit memos, comments, and payment records.
Each tool is a thin wrapper over a Magento service contract
(OrderRepositoryInterface, InvoiceOrderInterface, etc.) and composes its
response from field resolvers that 3rd-party modules can extend.
Install
composer require magebitcom/magento2-mcp-order-tools
bin/magento module:enable Magebit_McpOrderTools
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento cache:flush
Ships with Magebit_Mcp as its only Magebit dependency. If you only want the
base MCP transport (no order tools), install Magebit_Mcp alone; this
module is designed to be optional.
Tool catalog
Read tools
| Tool | What it does |
|---|---|
sales.order.list |
Paginated order search; filter by status, state, date range, grand-total range, customer email, increment id, store id, website id. |
sales.order.get |
Single order by entity id or increment id with full detail (identity, state, customer, addresses, items, totals, payment, timestamps). |
sales.order.invoices |
Every invoice on an order. |
sales.order.invoice.get |
One invoice by id or increment id. |
sales.order.shipments |
Every shipment on an order. |
sales.order.shipment.get |
One shipment + its tracking records. |
sales.order.payment |
Payment record + transaction history for an order. |
sales.order.comments |
Status-history comments on an order, optionally narrowed to customer-visible entries. |
sales.order.credit_memos |
Every credit memo on an order. |
sales.order.credit_memo.get |
One credit memo by id or increment id. |
Write tools
All writes require the global magebit_mcp/general/allow_writes flag and
the token's own allow_writes flag to be 1. Destructive operations
additionally set the requires_confirmation hint so MCP clients (Claude
Desktop, etc.) prompt before firing.
| Tool | Confirm? | Delegates to |
|---|---|---|
sales.order.invoice.create |
yes | InvoiceOrderInterface::execute() |
sales.order.shipment.create |
yes | ShipOrderInterface::execute() |
sales.order.shipment.track.add |
no | ShipmentTrackRepositoryInterface::save() |
sales.order.credit_memo.create |
yes | RefundOrderInterface::execute() + optional online refund |
sales.order.cancel |
yes | OrderManagementInterface::cancel() |
sales.order.hold |
yes | OrderManagementInterface::hold() |
sales.order.unhold |
no | OrderManagementInterface::unHold() |
sales.order.comment.add |
no | OrderManagementInterface::addComment() |
Every write tool also implements Magebit\Mcp\Api\UnderlyingAclAwareInterface
so the handler blocks calls from admins who wouldn't be allowed to perform
the same action in the admin UI.
Extending
See docs/EXTENDING.md for:
- adding a new field to any tool response via
*FieldResolverInterface; - adding a new filter to
sales.order.listviaOrderFilterTranslatorInterface; - the ACL layering rules for custom write tools;
- PII redactor configuration for PSP-specific payment fields.
License
Released under the MIT License.
Have questions or need help? Contact us at [email protected]
No changelog yet
The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.
Requires 3
| Package | Constraint |
|---|---|
| magebitcom/magento2-mcp-module | * |
| magento/framework | ^103.0 |
| php | >=8.1 |
Compatibility
Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.
Code Quality
Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.
Static analysis
Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.
| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 23 | 23 warnings (ruleset: Magento2) — 23 auto-fixable with phpcbf |
| PHPMD | Warning | 3 | 3 rule violations (CyclomaticComplexity:2, TooManyPublicMethods:1) |
| Cpd | Warning | 5 | 5 duplicated chunks spanning 163 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Info | 1 | valid; 1 advisory note (composer validate --strict) |
PHPStan
Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.
Tests
Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.
Unit tests
Integration tests
| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | ||
| 2.4.8 | N/A | N/A | ||
| 2.4.9 | N/A | N/A |
Security
Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.
More from magebitcom
View vendorModule documentation viewer for Magento 2 admin
This module enables Montonio Hirepurchase with Hyva Checkout
Google Analytics 4 MCP tools for Magebit_Mcp — wraps the GA Data and Admin APIs as MCP tools so AI clients can query property metadata, run reports, run realtime reports, and run funnel reports against your store's analytics property.
Magebit Klaviyo extension
Turn an existing module into recurring revenue.
If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.