Building an E-Commerce SaaS with MCPify: A Real-World Use Case
If you've ever tried to make an existing application work with AI agents, you know the pain. It's not the AI that's hard — it's the plumbing. You spend days writing boilerplate MCP (Model Context Protocol) tools, wrapping every endpoint, every database query, every UI action into something an agent can call. And the moment your app changes, everything drifts out of sync. I've been there, and honestly, it sucks.
That's why when I came across MCPify, I was skeptical but intrigued. The pitch is bold: "Stop hand-writing MCP tools. Compile your stack once. Stay in sync forever." It claims to scan your actual codebase — backend services, frontend components, API specs, database schemas — and produce a fully runnable MCP server automatically. No boilerplate. No manual tool definitions.
I decided to put it to the test with a real-world scenario: taking an existing e-commerce SaaS application and making it agent-operable in minutes, not days. Here's what happened.
The Problem: Every App Is a Black Box to Agents
Modern software is built for humans. Buttons, forms, dashboards — all designed for eyeballs and mouse clicks. AI agents don't have those. They need structured, callable interfaces: tools with defined inputs, outputs, and permissions.
The standard approach today involves either:
- Hand-writing MCP tools for every action you want an agent to take — tedious, error-prone, and maintenance-heavy
- Browser automation (Puppeteer, Playwright scripts) — brittle, slow, and breaks on every UI change
- Raw API exposure — gives agents too much power with too little context
None of these scale. When your app has 50+ backend functions, 20+ UI actions, and a database with 15 tables, manually creating MCP tools for all of them is a non-starter. You either ship incomplete agent access or you sink weeks into tooling.
What MCPify Actually Does
MCPify calls itself an "AI enablement compiler," and that's a pretty accurate description. It takes your application source code and compiles it into MCP server artifacts — tools, resources, prompts, workflows, and permission metadata — without you writing a single line of MCP boilerplate.
Here's the architecture at a high level:
- Analyzers — Specialized modules that scan different parts of your codebase
- Schema Engine — Maps your data models (Prisma, Drizzle, Mongoose) into queryable agent surfaces
- MCP Generator — Produces a runnable MCP server from the analysis
- Permission Layer — Enforces scopes, roles, and audit trails at the tool boundary
- Sync Engine — Regenerates tools whenever your code changes
What sets it apart from rolling your own solution is the breadth of analysis. MCPify doesn't just look at your API routes. It digs into backend services (AST analysis of controllers, services, and routes), frontend components (React, Vue, Svelte), OpenAPI specs, database schemas, event systems (webhooks, queues, pub/sub), and even multi-step workflows.
Architecture & Approach: How It Works Under the Hood
For our e-commerce SaaS example, the app has:
- Backend services:
orders.ts(15+ functions likecheckoutCart,refundOrder,processPayment),products.ts,support.ts - A React frontend with cart, checkout, and admin components
- An OpenAPI spec at
openapi.json - A Prisma schema defining the database models
- Event hooks and workflow patterns (like "refund and notify")
MCPify's backend analyzer performs deep AST traversal on the TypeScript services. It picks up every exported function, its JSDoc comments, parameter types, return types — and maps them directly to MCP tool definitions. Here's the clever bit: because the analysis is based on the actual source code, the generated tools are always accurate. If you rename a function, add a parameter, or change a return type, the MCP server updates on the next compile.
The frontend analyzer is particularly interesting. It scans JSX/TSX components for interactive elements — buttons, forms, modals — and extracts them as "UI actions" that an agent can trigger. For our e-commerce app, it discovered checkoutCart, applyDiscountCode, and removeItemFromCart directly from the Cart component.
Then there's the workflow engine. MCPify detected completePurchase and resolveRefund as multi-step workflows because they chain multiple backend calls together. Each became a single MCP tool that an agent can invoke to execute an entire business process atomically.
Step-by-Step: Making an E-Commerce SaaS Agent-Operable
Let me walk you through exactly how this plays out in practice. I ran MCPify against the e-commerce example from the repository.
1. Install and Run
You don't even need to install it. The quickest path is via npx:
npx mcpify-cli analyze ./examples/ecommerce-saas \
--output ./examples/ecommerce-saas/.mcpify \
--prisma ./examples/ecommerce-saas/prisma/schema.prisma \
--swagger ./examples/ecommerce-saas/openapi.json
That's one command. It runs the full pipeline: backend analysis, OpenAPI parsing, Prisma schema mapping, frontend extraction, workflow detection, permission classification, and MCP server generation.
2. What Gets Generated
After analyze completes, the output directory contains:
-
An MCP server (
server.tsor compiled JS) with all tools auto-registered - Tool definitions — every backend function, API endpoint, and UI action becomes a callable MCP tool
- Database tools — CRUD operations derived from the Prisma schema
- Workflow tools — multi-step processes exposed as single atomic actions
- Permission configs — scopes, roles, and audit rules
- AGENTS.md — documentation on how to connect any MCP client to the server
3. Connecting to an Agent
Start the generated server:
cd ./examples/ecommerce-saas
npx @mcpified/server
Then point any MCP client at it — Claude Code, Codex, or a custom agent. The agent suddenly has access to:
Backend: getOrderById, refundOrder, cancelOrder, processPayment, assignOrderToAgent...
Frontend: checkoutCart, applyDiscountCode, removeItemFromCart...
API: GET /orders/{id}, POST /orders/{id}/refund...
Database: listProducts, queryOrders, getCustomerByEmail...
Workflows: completePurchase, resolveRefund...
Every tool comes with auto-generated descriptions, parameter schemas, and type information. The agent understands what each tool does without any hand-written documentation.
4. Real Agent Interaction
Here's what an actual conversation looks like after connecting the generated server to a Codex-like agent:
User: "What customer-facing actions are available from the cart UI?"
Agent: Inspects tools and reports: checkoutCart(customerId), applyDiscountCode(customerId, code), removeItemFromCart(customerId, productId).
User: "Show me pending orders."
Agent: Calls getOrdersByStatus('pending') — returns real order data from the service layer.
User: "Refund order_001."
Agent: Calls refundOrder('order_001'). Returns updated order with refund status.
User: "Run the refund-and-notify workflow for order_001."
Agent: Calls the resolveRefund workflow tool, which internally chains refundOrder and sendMessage — all as a single atomic operation.
This isn't a simulation. These are real function calls against the actual service code. The agent is operating your production application through the exact same code paths a human developer would use.
Production Considerations
Before you run this in production, there are a few things to think through.
Permission scoping. MCPify's permission layer lets you assign roles and scopes to generated tools. A read-only agent shouldn't be able to call refundOrder. The permission configs generated during analysis give you hooks to enforce this, but you need to define the actual policies.
Rate limiting and audit trails. The generated server doesn't include rate limiting out of the box — you'll want to wrap it in your own middleware for production use. Audit logging is partially handled by the permission layer, but you should consider comprehensive request logging for compliance.
Database connectivity. By default, the e-commerce demo uses an in-memory store. For production, set DATABASE_URL and MCPIFY_DATABASE_MODE=prisma to wire it to your real database. The schema engine adapts automatically.
Frontend execution. The frontend tools return an automation plan by default. To execute actions in a real browser, install Playwright and set MCPIFY_FRONTEND_BASE_URL. This is useful for testing but introduces browser automation fragility in production — consider whether you really need UI-level actions or if backend/API equivalents suffice.
CI/CD integration. This is where MCPify really shines. Wire the analyze command into your CI pipeline so MCP tools regenerate on every commit. Schema changes, new endpoints, renamed services — everything stays in sync automatically. No more "the agent broke because we renamed the checkout function."
Competitor comparison. How does MCPify stack up against alternatives? The main options are:
- Manual MCP tooling (hand-written servers) — gives you full control but doesn't scale beyond a handful of tools
-
OpenAPI-to-MCP converters (like
mcp-openapi) — great for REST APIs but miss frontends, databases, and workflows - Browser automation tools (Playwright MCP, Puppeteer MCP) — work for UI but are slow and brittle for backend operations
MCPify is the only tool I've seen that combines backend, frontend, database, API, and workflow analysis into a single pipeline. The trade-off is that it requires your codebase to be well-structured (TypeScript, standard patterns) for the analyzers to work effectively. If you're using a non-standard framework or dynamically generated routes, you may need to supplement with manual definitions.
What I Learned From Shipping This
The biggest surprise was how little configuration was needed. The e-commerce example went from source code to a working MCP server with zero hand-edited tool definitions. The workflow detection found completePurchase and resolveRefund automatically because they chain multiple service calls — I didn't have to annotate them as workflows.
The permission layer is a different story. The generated config correctly identified admin actions (refundOrder, cancelOrder) as high-sensitivity, but I still had to define the actual access control policies. That feels like the right trade-off — the tool does the discovery and classification, but you make the security decisions.
The sync engine is the killer feature. In a real team setting, where services get refactored weekly, the ability to regenerate MCP definitions on every CI run eliminates the drift problem entirely. One of the demos I found online shows exactly this pattern — teams running mcpify analyze as part of their build pipeline and never thinking about MCP maintenance again.
There's also a growing ecosystem forming around MCPify. The GitHub repository has active discussions about new analyzers (GraphQL support is in the works) and the simulate command lets you test your agent surface against AI simulations before shipping — a nice safety net for production deployments.
Ready to Make Your App Agent-Operable?
Give MCPify a try on your own codebase. The quickest path is literally one command:
npx mcpify-cli analyze ./your-app
Download the tool from GitHub, run the e-commerce demo, or just drop it on your project and see what it discovers. The compile step takes seconds, and you get a full MCP server with tools, permissions, and workflows — all derived from code you already wrote.
Want to see the complete walkthrough with more detail? Check out the full demo documentation on the e-commerce SaaS example.
And if you're evaluating different approaches, I also wrote up a comparison guide covering MCPify vs. manual MCP tooling and browser automation — read it here.
Frequently Asked Questions
Does MCPify work with any programming language?
Right now, the deepest analysis targets TypeScript and JavaScript (Node.js), with AST-level backend and frontend analysis. OpenAPI-based analysis is language-agnostic — if your app has an OpenAPI spec, MCPify can generate tools from it regardless of your backend language. Prisma schema analysis also works independently.
Will MCPify modify my source code?
No. MCPify is a read-only compiler. It scans your codebase and generates MCP artifacts in a separate output directory. Your source files stay completely untouched. The only thing you add is the generated server as a dev dependency.
How do I handle authentication and authorization for the MCP server?
The generated permission layer creates scopes and role definitions based on the analysis, but you need to wire them to your auth provider. Think of it as MCPify drawing the security blueprint — you still need to set the locks. The permission configs are designed to integrate with standard middleware patterns.
What happens when my API changes? Does the MCP server break?
This is the core value proposition. Instead of manually updating MCP tool definitions when your API changes, you re-run mcpify analyze. The sync engine regenerates everything from your current code. Wire it into CI/CD, and your MCP server is always up to date with zero manual effort.
Can I use MCPify with databases other than Prisma?
Yes. MCPify supports Prisma, Drizzle, and Mongoose schemas out of the box. The schema engine adapts its generated tools based on the database ORM it detects. If your schema isn't covered, you can still use the backend and API analyzers — they don't depend on database-level analysis.
Conclusion
Making your application operable by AI agents doesn't have to mean weeks of boilerplate or brittle browser scripts. MCPify's compiler-based approach turns your existing codebase into a rich MCP surface in minutes, with automatic sync baked in. The e-commerce example proves it works end-to-end — backend functions, frontend actions, database queries, and multi-step workflows all become first-class agent tools without a single line of hand-written MCP code.
If you're building agent-integrated applications or modernizing an existing SaaS for AI access, this is worth your time. Stop writing MCP tools by hand. Compile your stack once, and let your agents actually use your application the way it was meant to work.
For more context, here's the full MCPify documentation on GitHub, and I also cross-posted a shorter overview on Dev.to if you want the tl;dr version.
Top comments (0)