eyeot-mcp
Plug Claude Desktop into your ERP.
Official stdio ↔ HTTP bridge for the eyeot ERP MCP server.
~600 business tools, one pip install.
Landing page · Docs · PyPI · Issues
⚡ 60-second install
pip install eyeot-mcp # 1. install the bridge
eyeot-mcp login # 2. authenticate via browser (OAuth Device Flow)
Then paste into your Claude Desktop config:
{
"mcpServers": {
"eyeot": {
"command": "eyeot-mcp"
}
}
}
Restart Claude Desktop. Done. Ask: "List my last 5 invoices."
Config location · macOS
~/Library/Application Support/Claude/claude_desktop_config.json· Windows%APPDATA%\Claude\claude_desktop_config.json
🧩 What is this?
The eyeot ERP exposes ~600 business actions — CRM, sales, stock, maintenance, HR, finance, IT service management, GED, RGPD compliance, plus 6 V2 marketplace modules (POS, delivery & routing, recruitment, BPM, field service, supply chain) — as MCP tools over HTTPS.
But Claude Desktop, Cursor, and most local agents only speak MCP over stdio.
eyeot-mcp is the missing piece between them.
flowchart LR
A["🤖 Claude Desktop<br/>Cursor / custom agent"] -- "JSON-RPC<br/>over stdio" --> B["📦 eyeot-mcp<br/>(this package)"]
B -- "HTTPS POST<br/>Bearer token" --> C["🏢 eyeot ERP<br/>(your tenant)"]
C -. "Auth · RBAC · audit<br/>multi-tenant isolation<br/>license guard" .-> C
style A fill:#eef2ff,stroke:#6366f1,color:#1e293b
style B fill:#f0fdf4,stroke:#10b981,color:#065f46
style C fill:#fef3c7,stroke:#f59e0b,color:#78350f
Zero business logic in the bridge. Everything happens server-side — auth, RBAC, audit logging, license enforcement, multi-tenant isolation, idempotency. The CLI is ~290 lines of Python standard library. You can audit it in 10 minutes.
🎯 What can your agent do?
After install, your MCP client gets access to actions like:
| Domain | Try saying… |
|---|---|
| 💼 CRM | "Create a quote for ACME — 10 units of PROD-001 at standard tariff." |
| 📊 Sales | "List my last 5 invoices and their payment status." |
| 📦 Stock | "Which products in Lyon site are below the critical threshold?" |
| 🔧 Maintenance | "Which equipment is overdue for preventive maintenance this week?" |
| 👥 HR | "Show me pending leave requests for my team." |
| 💰 Finance | "What's the revenue forecast for Q3 by business unit?" |
| 🎫 IT support | "Open a ticket: VPN is down for the marketing team, P1." |
| 📄 GED | "Find all signed NDAs for partner XYZ." |
| 🧠 Intelligence | "Customer-health distribution across all active accounts." |
| 🧾 POS / Caisse | "Today's Z-report total for the Lyon register." |
| 🚚 Delivery | "Optimize today's route for vehicle TL-204 and notify recipients." |
| 🧑💼 Recruitment | "Shortlist candidates for the senior developer posting." |
| ⚙️ Process / BPM | "Which approval tasks are pending in my inbox?" |
| 🏗️ Field service | "Schedule a site intervention for client XYZ next Tuesday." |
| 🔩 Supply chain | "Run MRP and list the components to reorder this week." |
…and ~590 more, auto-generated from the OpenAPI spec.
🔐 Authentication
Two modes, same Bearer header on the wire, same Authorization decorator server-side.
🤖 OAuth 2.1 (humans) |
🔑 API key (services) |
|---|---|
|
For Claude Desktop, Cursor, personal agents. Opens browser → approve → done. Credentials saved to
|
For CI/CD agents, batch jobs, server-to-server. Issued by an org admin from the eyeot ERP settings panel.
|
🛡️ Security model
🔒OAuth 2.1 + PKCE Public clients use PKCE S256. Refresh rotation with replay detection. |
👮Server-side RBAC Every tool call goes through the same |
📝Full audit trail Every action logged with user + tenant + IP. RGPD-compliant retention. |
💳License grace Subscription lapsed? GETs still work so the agent can inform you. POSTs return 402 with |
Local credentials stored at
~/.eyeot-mcp/config.jsonwith file mode0600(POSIX). On Windows, file ACLs apply. No telemetry, no phone-home.
🏗️ Self-hosting
Point the bridge at any eyeot deployment with --base-url:
eyeot-mcp --base-url https://erp.example.com login
{
"mcpServers": {
"eyeot": {
"command": "eyeot-mcp",
"args": ["--base-url", "https://erp.example.com"]
}
}
}
Same protocol, same auth, your infra.
📚 Commands
| Command | Description |
|---|---|
eyeot-mcp | Start the stdio bridge using saved credentials (default mode — what Claude Desktop runs) |
eyeot-mcp login | Browser-based OAuth Device Authorization Grant |
eyeot-mcp logout | Revoke refresh token server-side, delete local credentials |
eyeot-mcp --token eyk_... | One-shot mode with an explicit API key |
eyeot-mcp --base-url URL ... | Target a self-hosted deployment |
🔧 How it works (under the hood)
- Claude Desktop spawns
eyeot-mcpas a child process, exchanges JSON-RPC 2.0 over its stdin/stdout pipes. - For each line received on stdin, the bridge
POSTs the JSON to${base_url}/api/v1/mcpwithAuthorization: Bearer <token>. - The HTTP response is written verbatim to stdout, framed as line-delimited JSON.
- The server speaks MCP
2024-11-05and auto-generates ~600 tools from the OpenAPI spec —initialize,tools/list,tools/callall work exactly as MCP clients expect.
No state in the bridge. No protocol translation beyond transport. No surprises.
📖 Resources
Landing & install
|
API |
Spec & protocol |
🧭 Versioning
- This package: Semantic Versioning. Major bumps may change CLI flags or the on-disk config schema.
- MCP protocol:
2024-11-05(negotiated server-side). - ERP API:
/api/v1(stable). Breaking changes ship as/api/v2.
📄 License
MIT — fork it, package it, audit it, build on top of it.
The eyeot ERP backend is a separate, proprietary product of Eyeot Software. This bridge is open-source so anyone can audit it, fork it, package it for their distro, or use it as a reference for building their own MCP clients.
ERP by Eyeot Software
Multi-tenant, AI-native ERP for SMBs. Built to be operated by AI agents from day one.
Every action you can do in the UI, you can do via this bridge.
🌐 erp.eyeot.fr · ✉️ contact@eyeot.fr