Skip to content

feat: Register WP ERP capabilities as WordPress Abilities API entries for MCP users#1575

Open
Copilot wants to merge 9 commits into
developfrom
copilot/analyze-scope-wp-erp-integration
Open

feat: Register WP ERP capabilities as WordPress Abilities API entries for MCP users#1575
Copilot wants to merge 9 commits into
developfrom
copilot/analyze-scope-wp-erp-integration

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 12, 2026

Summary

Analyzes the full scope of WP ERP's capability system across all three core modules (HRM, CRM, Accounting) and registers every capability as a first-class WordPress Abilities API entry. This exposes all WP ERP operations to MCP (Model Context Protocol) clients — AI assistants like Claude, Cursor, and VS Code AI extensions — via WordPress 6.9+'s built-in MCP Adapter.

What was analysed

HRM capabilities (existing)

  • Employee CRUD + terminate: erp_list_employee, erp_create_employee, erp_view_employee, erp_edit_employee, erp_delete_employee, erp_can_terminate
  • Departments / Designations: erp_manage_department, erp_manage_designation, erp_view_jobinfo, erp_manage_jobinfo
  • Leave: erp_leave_create_request, erp_leave_manage
  • Announcements: erp_crate_announcement (existing typo preserved), erp_view_announcement, erp_manage_announcement
  • Reviews, documents, experience, education, dependents, attendance caps

CRM capabilities (existing)

  • Contact CRUD: erp_crm_list_contact, erp_crm_add_contact, erp_crm_edit_contact, erp_crm_delete_contact
  • Groups: erp_crm_manage_groups, erp_crm_create_groups, erp_crm_edit_groups, erp_crm_delete_groups
  • Activities / Schedules: erp_crm_manage_activites (existing typo preserved), erp_crm_manage_schedules, erp_crm_manage_dashboard

Accounting capabilities (existing)

  • Customer / Vendor CRUD: full set of erp_ac_*_customer / erp_ac_*_vendor caps
  • Sales: erp_ac_view_sale, erp_ac_create_sales_invoice, erp_ac_publish_sales_invoice, erp_ac_create_sales_payment, erp_ac_publish_sales_payment, erp_ac_view_sales_summary
  • Expenses: erp_ac_view_expense, erp_ac_create_expenses_voucher, erp_ac_publish_expenses_voucher, erp_ac_create_expenses_credit, erp_ac_publish_expenses_credit, erp_ac_view_expenses_summary
  • Accounts / Journals / Bank: erp_ac_view_account_lists, erp_ac_create_account, erp_ac_edit_account, erp_ac_delete_account, erp_ac_view_journal, erp_ac_create_journal, erp_ac_view_other_journals, erp_ac_view_bank_accounts, erp_ac_create_bank_transfer
  • Reports: erp_ac_view_reports

Changes

New files

File Contents
modules/hrm/includes/functions-abilities.php 11 HRM abilities: list/get/create/update/delete employee, terminate, list/manage departments, list/manage designations, create leave request, manage leave, list/create announcements
modules/crm/includes/functions-abilities.php 9 CRM abilities: list/get/create/update/delete contact, list/create/delete groups, list activities, list schedules
modules/accounting/includes/functions/abilities.php 14 Accounting abilities: list/get/create/update/delete customers & vendors, list/create ledger accounts, list journals, list bank accounts, view sales summary, view expenses summary, view reports

Modified files

  • modules/hrm/HRM.phprequire_once the new HRM abilities file after the capabilities file
  • modules/crm/CRM.phprequire_once the new CRM abilities file after the capabilities file
  • modules/accounting/Accounting.phpno change needed; already auto-loads all functions/*.php via glob()

Implementation details

  • All abilities registered on wp_abilities_api_categories_init (categories) and wp_abilities_api_init (abilities) hooks
  • Each ability includes full JSON Schema input_schema and output_schema
  • permission_callback mirrors the corresponding existing ERP capability check
  • execute_callback delegates to existing ERP PHP functions (erp_hr_get_employees(), erp_insert_people(), etc.) or $wpdb for raw ledger/journal queries
  • All functions guarded with function_exists( 'wp_register_ability' ) for safe fallback on WordPress < 6.9
  • Table names in raw SQL wrapped with esc_sql() following WordPress coding standards
  • wp_date() used instead of date() for timezone-aware default date generation
  • Intentional typos in existing capability names (erp_crate_announcement, erp_crm_manage_activites) preserved with explanatory comments

Copilot AI and others added 3 commits May 12, 2026 07:13
@iftakharul-islam
feat: register WP ERP capabilities as WordPress Abilities API entries…
539ad92 
… for MCP users

Agent-Logs-Url: https://github.com/wp-erp/wp-erp/sessions/966164e0-9e72-4c70-9a29-f8c7c763b921

Co-authored-by: iftakharul-islam <88052038+iftakharul-islam@users.noreply.github.com>
@iftakharul-islam
fix: use wp_date() instead of date() and add comments for intentional…
77ca10c 
… typos in capability names

Agent-Logs-Url: https://github.com/wp-erp/wp-erp/sessions/966164e0-9e72-4c70-9a29-f8c7c763b921

Co-authored-by: iftakharul-islam <88052038+iftakharul-islam@users.noreply.github.com>
@iftakharul-islam
fix: apply esc_sql() to table names in raw SQL queries
afbac24 
Agent-Logs-Url: https://github.com/wp-erp/wp-erp/sessions/966164e0-9e72-4c70-9a29-f8c7c763b921

Co-authored-by: iftakharul-islam <88052038+iftakharul-islam@users.noreply.github.com>
Copilot AI requested a review from iftakharul-islam May 12, 2026 07:18
@iftakharul-islam
Copy link
Copy Markdown
Member

iftakharul-islam commented May 12, 2026

@copilot how to use this abilities ? add the doc

@iftakharul-islam
docs: add MCP abilities usage guide and link from README
3ffa1e3 
Agent-Logs-Url: https://github.com/wp-erp/wp-erp/sessions/bb82021c-4c50-4f5d-a290-44fe6fe0c7d6

Co-authored-by: iftakharul-islam <88052038+iftakharul-islam@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 12, 2026

@copilot how to use this abilities ? add the doc

Added full documentation in docs/mcp-abilities.md (commit aebdb28). It covers:

  1. Requirements — WordPress 6.9+, WP ERP 1.17.3+, WP MCP Adapter plugin
  2. How it works — abilities flow from AI client → MCP Adapter → Abilities API → ERP data
  3. Setup guide — Application Passwords, Claude Desktop config, Cursor/VS Code config, verifying discovery
  4. All abilities — tables for HRM (14), CRM (10), Accounting (17) with ability IDs, labels, and required WP ERP capabilities
  5. Input/output examples — concrete JSON for listing employees, creating contacts, viewing sales summaries, etc.
  6. Permission model — which ERP role grants which capabilities
  7. Extending — how to register your own abilities using the same hooks
  8. Disablingremove_action() snippets to opt out entirely

A link to the doc was also added to the root README.md.

@iftakharul-islam iftakharul-islam marked this pull request as ready for review May 12, 2026 08:32
arifulhoque7 and others added 5 commits May 12, 2026 15:53
@arifulhoque7
fix: MCP create-employee handler + ensure abilities exposed
7539ec0 
- HRM create-employee ability now maps flat input (first_name, email,
  department, etc.) to nested shape expected by Employee::create_employee,
  and converts wrapper's string error back into WP_Error so MCP surfaces
  failures instead of returning an empty success payload.
- Add 'meta' => ['mcp' => ['public' => true, 'type' => 'tool']] to CRM
  and Accounting abilities that were missing it so they remain
  discoverable/callable via MCP.
@arifulhoque7
Add employee pay fields and input validation
19b6293 
Extend employee API schema with pay_rate and pay_type (enum) and add dependentRequired so pay_rate requires pay_type. Add a series of input validations for first/last name, department, designation, status, type, pay_rate format, and pay_type validity; ensure pay_type exists on the employee when setting pay_rate if not provided in input. Also update the termination endpoint schema: rename/standardize fields (terminate_date, termination_type, termination_reason, eligible_for_rehire) and update the required fields list accordingly.
@arifulhoque7
feat: add input validation to MCP write abilities
6baac87 
Add existence + format + enum validation to ability handlers so
invalid input is rejected with a WP_Error before reaching the
underlying create/update/delete functions, instead of silently
no-oping or corrupting state.

HRM:
- create-employee, update-employee: validate name format, department,
  designation, status, type via canonical lists; update-employee
  validates pay_rate (currency) and pay_type (enum + dependent on
  pay_rate).
- update-employee, delete-employee, terminate-employee,
  create-leave-request: replace Employee::is_employee() existence
  check (returns true for any user due to constructor-side effects)
  with a direct Models\Employee::withTrashed()->where('user_id')
  query so unknown user_ids are rejected.
- terminate-employee: schema previously used field names that did not
  match Employee::terminate() (terminated_date/type/reason/rehire vs
  terminate_date/termination_type/termination_reason/eligible_for_rehire),
  fix names and validate each value against
  erp_hr_get_terminate_type/reason/rehire_options.
- manage-department: validate id (for updates), lead user, parent
  department existence.
- manage-designation: validate id existence on update.
- create-leave-request: validate LeaveEntitlement, dates, date range;
  map ability's leave_id input to erp_hr_leave_insert_request()'s
  expected leave_policy key.
- manage-leave: explicit status enum check as defense in depth.

CRM:
- update-contact, delete-contact, delete-group: existence checks via
  erp_get_people() / Models\ContactGroup::find() before mutation.

Accounting:
- update-customer, delete-customer, update-vendor, delete-vendor:
  existence checks via erp_get_people().
- create-account: validate type_id against erp_acct_chart_of_accounts.
@iftakharul-islam
Add .claude developer guidance and settings
cbec442 
Add a .claude suite for developer automation and reviewer guidance: new agent docs (api-designer, security-auditor, wp-plugin-reviewer), command runbooks (add-mcp-ability, add-module-cli, add-rest-endpoint, deploy, fix-issue, review), rules (code-style, database, mcp-abilities, rest-api, testing, wordpress-security), and a skill (mcp-ability). Also add global settings.json and a local settings example, plus top-level CLAUDE.md and CLAUDE.local.md.example. These files codify project conventions, security checklists, testing and release procedures, and allowed/denied CLI permissions; .gitignore was updated accordingly.
@arifulhoque7
Merge branch 'copilot/analyze-scope-wp-erp-integration' of https://gi…
144a498 
…thub.com/wp-erp/wp-erp into copilot/analyze-scope-wp-erp-integration
@arifulhoque7 arifulhoque7 force-pushed the copilot/analyze-scope-wp-erp-integration branch from 2701fd0 to 04c4255 Compare May 28, 2026 17:15
@arifulhoque7 arifulhoque7 force-pushed the copilot/analyze-scope-wp-erp-integration branch from 04c4255 to 144a498 Compare May 28, 2026 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iftakharul-islam iftakharul-islam Awaiting requested review from iftakharul-islam

Assignees

@iftakharul-islam iftakharul-islam

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iftakharul-islam @arifulhoque7