今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

I just gave AI agents write access to Shopify stores. Here's everything standing between them and disaster.

FavCRM 2026年06月10日 11:33 3 次阅读 来源:Dev.to

Last week I shipped something that would have sounded reckless two years ago: an MCP server that lets an AI agent write to a merchant's live Shopify store. Create discount codes. Build customer segments. Draft WhatsApp campaigns against real order data. Read-only agent integrations are everywhere now, and they're fine — but a read-only agent is just a chatbot wearing a dashboard. The useful version is the one that does the thing . The dangerous version is also the one that does the thing. A hallucinated SELECT is a wrong answer; a hallucinated discount code is free product going out the door. So before turning writes on, I sat down and listed every way an agent could hurt a store. Then I built one guardrail per failure mode. Here's the list — it's short, and I think it generalizes to any agent surface that touches business data. 1. Read-only by default. Writes are a per-token opt-in. The lazy design is one API key that can do everything the app can do. Instead, every agent token starts read-only — list customers, inspect segments, read campaign stats. Write capability is a separate flag the merchant flips per token: { "token" : "fav_mcp_…" , "scopes" : [ "read" ], // default "writeEnabled" : false // explicit opt-in , per token } This sounds obvious. It is obvious. It's also the single most-skipped step I see in agent integrations, because it's friction during development. Build the friction in anyway — "the agent could read everything but couldn't have sent that" is a sentence you really want available to you later. 2. Caps live in the tool schema, not the prompt. Early on I had a system prompt that said something like "never create discounts above 30%." You can guess how durable that is. Prompts are suggestions; schemas are physics. So the caps moved into the tool's input validation itself — the shape of it: // create_discount — validated server-side, not prompt-side { percentage : z . number (). min ( 1 ). max ( 100 ), // hard ceiling, enforced in the service exp

本文内容来源于互联网,版权归原作者所有
查看原文