Get started →
Open-source community project · release

An AI agent for
Commerce Layer.

Ask in natural language. The agent reads, searches, and operates your Commerce Layer data with built-in docs lookup, multiple account profiles, and explicit confirmation before every mutation. Local-first, bring your own LLM.

Install now Star on GitHub
npx cl-agent-cli
  • Anthropic
  • OpenAI
  • Google
  • OpenRouter
  • Vercel AI Gateway
  • NVIDIA NIM

This is an independent open-source project. Not maintained, endorsed, or affiliated with Commerce Layer.

Features

Built for operators, designed for safety.

Everything you need to run Commerce Layer from a single terminal session — without ever giving up control.

Multi-provider LLMs

Anthropic, OpenAI, Google, OpenRouter, Vercel AI Gateway, and NVIDIA NIM. Each provider keeps its own saved model, and supported providers can use custom base URLs.

Confirmation on every mutation

Cancel, capture, refund, update. No write action runs without an explicit, auditable confirmation prompt.

Native Commerce Layer tools

List, search, and mutate orders, customers, SKUs, and more — using ransack-style filters and JSON:API responses.

Docs lookup, on demand

Built-in Commerce Layer docs search uses the official docs MCP server by default and falls back to fast local keyword lookup when the MCP is unavailable.

Multi-account workflow

Production, staging, and test in one place. Dedicated account management and environment badges warn you when you’re about to touch live data.

MCP server support

Plug in stdio or SSE MCP servers and use their tools alongside built-in ones. Destructive tools get wrapped in the same confirmation flow.

Live demo

Type. Confirm. Done.

Natural language in. Real Commerce Layer actions out — with you in the loop.

Install

Up and running in 30 seconds.

Requires Node.js 20+ and a Commerce Layer organization endpoint.

npm 
npm install -g cl-agent-cli
npx 
npx cl-agent-cli
pnpm 
pnpm dlx cl-agent-cli
bun 
bunx cl-agent-cli

On first run, a setup wizard walks you through the provider key or AI_GATEWAY_API_KEY, model selection, and your first Commerce Layer account using client credentials or a raw access token.

Security by default

Your keys never leave your machine.

  • Config stored locally with 0600 permissions.
  • Endpoints outside *.commercelayer.io blocked unless explicitly allowed.
  • OAuth tokens cached in memory only, with bounded lifetimes.
  • MCP subprocesses receive an allowlisted environment instead of your full shell env.
  • API calls and auth requests rate-limited.
  • Secrets stripped from any logged or displayed error.