commerce-agent-sdk
Verified Safeby NorceTech
Overview
Provides an AI-powered conversational shopping assistant as a backend-for-frontend (BFF) that integrates with Norce Commerce and can be embedded in webshop UIs.
Installation
npm install && npm startEnvironment Variables
- OPENAI_API_KEY
- NORCE_MCP_BASE_URL
- NORCE_OAUTH_TOKEN_URL
- NORCE_OAUTH_CLIENT_ID
- NORCE_OAUTH_CLIENT_SECRET
- NORCE_OAUTH_SCOPE
Security Notes
The project demonstrates strong security practices for a reference implementation. It explicitly avoids hardcoding secrets, uses environment variables for sensitive data (.env.example as a template). It implements request body validation (Zod) and message length/token estimation limits to prevent abuse (413 errors). Rate limiting is in place for demo auth endpoints. OAuth credentials are handled server-side (NorceTokenProvider) and never exposed to the client. The 'Simple Auth' mechanism is clearly marked as not for production and has basic JWT signing/verification. Error responses (ErrorEnvelope) are designed to be frontend-safe, redacting sensitive information. CORS is explicitly configured. No 'eval' or similar dangerous patterns were observed. Overall, it is well-structured for security for its stated purpose.
Similar Servers
AgentChat
An AI Agent platform for building, deploying, and managing AI assistants that integrate various tools, Large Language Models (LLMs), knowledge bases (RAG), and Model Context Protocol (MCP) servers.
fastify-mcp-server
A Fastify plugin providing a streamable HTTP transport for the Model Context Protocol (MCP), enabling AI assistants to interact with services.
ebay-mcp
Enables AI assistants to manage eBay selling operations, including inventory, orders, marketing, and analytics, through a Model Context Protocol (MCP) server.
mcp-typescript-starter
A feature-complete Model Context Protocol (MCP) server template in TypeScript demonstrating all major MCP features for AI assistant interaction.