Model Context Protocol · v2024-11-05

Plug Claude Desktop
into your ERP.

eyeot-mcp is the official stdio ↔ HTTP bridge that exposes 1,500+ ERP tools to any MCP-compatible agent — Claude Desktop, Cursor, custom stacks. One pip install, then talk to your business.

Get started Star on GitHub

MIT licensed · 0 runtime dependencies · Python 3.10+ · Works with self-hosted eyeot deployments.

terminal

$ pip install eyeot-mcp
$ eyeot-mcp login

┌──────────────────────────────────────────────────┐
│  EYEOT ERP — Device authorization                │
├──────────────────────────────────────────────────┤
│  1. Open  : https://erp.eyeot.fr/device          │
│  2. Code  : ABCD-WXYZ                            │
└──────────────────────────────────────────────────┘

✓ eyeot-mcp authenticated.
  You may now configure Claude Desktop.

OAuth 2.1 + PKCE

Device Authorization Grant

1,500+ tools

Auto-generated from OpenAPI

1,500+

ERP tools auto-exposed

Runtime dependencies

Authentication modes

Architecture

The missing piece between stdio agents and HTTPS APIs.

Claude Desktop and most local agents only speak MCP over stdio. The eyeot ERP only speaks MCP over HTTPS. The bridge translates between the two — no business logic, no state, just a transport shim.

Claude Desktop / Cursor

Local MCP client

stdio · JSON-RPC 2.0

eyeot-mcp

This package — ~270 LOC, stdlib only

Forwards verbatim

eyeot ERP MCP server

Auth · RBAC · audit · multi-tenant

HTTPS · Bearer token

All authentication, RBAC, audit logging, license guard, idempotency and tenant isolation happen server-side. The bridge has zero business logic — you can audit the entire source in 10 minutes.

Install

Two commands. One config file.

Pick the path that matches your agent — human (OAuth) or service account (API key).

Install the package

Python 3.10+ · stdlib only

bash

pip install eyeot-mcp

Authenticate

Browser-based OAuth or API key

Human (OAuth)

bash

eyeot-mcp login

Opens your browser, you approve, credentials saved to ~/.eyeot-mcp/config.json.

Service (API key)

bash

export EYEOT_TOKEN=eyk_xxx_xxx

Skip the OAuth flow. Use for CI agents, batch jobs, server-to-server. Issued by an admin.

Configure Claude Desktop

Or Cursor — any stdio MCP client

json

{
  "mcpServers": {
    "eyeot": {
      "command": "eyeot-mcp"
    }
  }
}

macOS

~/Library/Application Support/Claude/claude_desktop_config.json

Windows

%APPDATA%\Claude\claude_desktop_config.json

Talk to your ERP

Restart Claude Desktop and ask away

« List my last 5 invoices and their payment status. »

« Create a quote for ACME Corp — 10 units of PROD-001 at standard tariff. »

« Which equipment in Lyon site is overdue for maintenance? »

« Show me the customer-health distribution for Q3. »

Authentication

Two ways to authenticate. Same Bearer header.

The bridge does not inspect or store tokens beyond your local config. All enforcement is server-side.

Service API key

eyk_<prefix>_<secret>

Audience: Service accounts (org-wide)
Lifetime: Until revoked

CI/CD agents, batch jobs, server-to-server.

OAuth Device Flow

eya_<access> + eyr_<refresh>

Audience: Humans (Claude Desktop, Cursor)
Lifetime: 1 h access / 30 d refresh

Personal agents, browser-based consent.

Security model

Auditable in 10 minutes. ~270 lines of Python.

The bridge ships with zero dependencies and zero business logic. The hard parts live on the ERP, where they belong.

OAuth 2.1 + PKCE S256

Public clients use Proof Key for Code Exchange. Refresh-token rotation with replay detection — a stolen refresh kills the whole token family.

License guard read-only grace

If your subscription lapses, GET tools still work so the agent can inform you. POSTs return 402 with an activate_url — never silent failure.

Server-side RBAC + audit

Every tool call goes through the same permission decorators as the UI. Multi-tenant isolation enforced via per-request tenant filter.

Local credentials, 0600

Tokens persist to ~/.eyeot-mcp/config.json with file mode 0600 (POSIX). On Windows, file ACLs apply. No telemetry, no phone-home.

Self-hosting your own eyeot?

Point the bridge at any URL with the --base-url flag. Same protocol, same auth, your infra.

json

{
  "mcpServers": {
    "eyeot": {
      "command": "eyeot-mcp",
      "args": ["--base-url", "https://erp.example.com"]
    }
  }
}

Ship the integration. Today.

The bridge is on PyPI, the source is on GitHub, the docs are right here. There's nothing else to wait for.

pip install eyeot-mcp View source

Plug Claude Desktopinto your ERP.

The missing piece between stdio agents and HTTPS APIs.

Two commands. One config file.

Two ways to authenticate. Same Bearer header.

Service API key

OAuth Device Flow

Auditable in 10 minutes. ~270 lines of Python.

OAuth 2.1 + PKCE S256

License guard read-only grace

Server-side RBAC + audit

Local credentials, 0600

Self-hosting your own eyeot?

Ship the integration. Today.

Plug Claude Desktop
into your ERP.