SFCC Development MCP Server

--- description: OCAPI and SCAPI hook implementation patterns alwaysApply: false --- # OCAPI/SCAPI Hook Development Use this rule when implementing OCAPI or SCAPI hooks. ## Mandatory MCP Tools Sequence **BEFORE writing ANY hook code:** 1. `mcp_sfcc-dev_get_best_practice_guide` with guideName: "ocapi_hooks" OR "scapi_hooks" 2. `mcp_sfcc-dev_get_hook_reference` with guideName: "ocapi_hooks" OR "scapi_hooks" 3. `mcp_sfcc-dev_search_best_practices` with query: "validation" 4. `mcp_sfcc-dev_search_best_practices` with query: "security" 5. `mcp_sfcc-dev_search_sfcc_classes` with query: relevant business domain ## MCP-Guided Hook Development Process ### Step 1: Research Hook Extension Points ``` Use: mcp_sfcc-dev_get_hook_reference with guideName: "ocapi_hooks" or "scapi_hooks" Purpose: Get complete hook reference tables with all available extension points ``` ### Step 2: Get Implementation Patterns ``` Use: mcp_sfcc-dev_get_best_practice_guide with guideName: "ocapi_hooks" or "scapi_hooks" Purpose: Get comprehensive hook implementation patterns and examples ``` ### Step 3: Security Validation Patterns ``` Use: mcp_sfcc-dev_search_best_practices with query: "validation" Use: mcp_sfcc-dev_search_best_practices with query: "security" Purpose: Get input validation and security patterns for hooks ``` ### Step 4: SFCC Class Research ``` Use: mcp_sfcc-dev_search_sfcc_classes with query: [business domain] Use: mcp_sfcc-dev_get_sfcc_class_info with className: [relevant class] Purpose: Understand available SFCC APIs for hook implementation ``` ## MCP-Enhanced Hook Template Pattern ```javascript 'use strict'; /** * Hook: [Hook Name] * Extension Point: [Extension Point Path from MCP hook reference] * Description: [What this hook does and why] * * Implementation based on: * - mcp_sfcc-dev_get_best_practice_guide with guideName: "[ocapi_hooks|scapi_hooks]" * - mcp_sfcc-dev_get_hook_reference with guideName: "[ocapi_hooks|scapi_hooks]" */ /** * Before hook implementation * @param {Object} param1 - Description from MCP hook reference * @param {Object} param2 - Description from MCP hook reference * @returns {dw.system.Status} Hook execution status */ exports.beforePOST = function (param1, param2) { try { // Input validation (patterns from MCP security best practices) if (!param1 || !param2) { var Logger = require('dw/system/Logger').getLogger('hooks', 'HookName'); Logger.error('Invalid parameters in hook: param1={0}, param2={1}', param1, param2); return new Status(Status.ERROR, 'INVALID_PARAMETERS', 'Required parameters missing'); } // Security validation (implement patterns from MCP security guide) var validationResult = validateHookInput(param1, param2); if (!validationResult.valid) { Logger.error('Security validation failed in hook: {0}', validationResult.error); return new Status(Status.ERROR, 'VALIDATION_FAILED', validationResult.error); } // Business logic here (use SFCC classes discovered via MCP) // Success response return new Status(Status.OK); } catch (e) { var Logger = require('dw/system/Logger').getLogger('hooks', 'HookName'); Logger.error('Error in hook execution: {0}', e.message); Logger.debug('Hook error stack trace: {0}', e.stack); return new Status(Status.ERROR, 'HOOK_ERROR', 'Hook execution failed'); } }; /** * Input validation based on MCP security best practices * ALWAYS implement this pattern for hooks */ function validateHookInput(param1, param2) { // Implement validation patterns from: // mcp_sfcc-dev_search_best_practices with query: "validation" // mcp_sfcc-dev_search_best_practices with query: "security" try { // Validate parameter types if (typeof param1 !== 'object' || typeof param2 !== 'object') { return { valid: false, error: 'Invalid parameter types' }; } // Validate required fields (based on MCP hook reference) // Add specific validations based on hook requirements return { valid: true }; } catch (e) { return { valid: false, error: 'Validation error: ' + e.message }; } } ``` ## Hook Development Checklist (MCP-Verified) Before implementing hooks, verify with MCP: - [ ] `mcp_sfcc-dev_get_hook_reference` - Confirm extension point exists and signature - [ ] `mcp_sfcc-dev_get_best_practice_guide` - Get implementation patterns - [ ] `mcp_sfcc-dev_search_best_practices` with query: "security" - Security requirements - [ ] `mcp_sfcc-dev_search_best_practices` with query: "validation" - Input validation - [ ] `mcp_sfcc-dev_search_best_practices` with query: "performance" - Performance guidelines Implementation verification: - [ ] Input parameter validation implemented - [ ] Proper Status object returns - [ ] Comprehensive error handling with logging - [ ] Security validation for all inputs - [ ] Performance considerations for heavy processing - [ ] Transaction management (if applicable) - [ ] Correlation IDs for debugging ## OCAPI vs SCAPI Hook Differences **OCAPI Hooks:** ``` Use: mcp_sfcc-dev_get_hook_reference with guideName: "ocapi_hooks" Use: mcp_sfcc-dev_get_best_practice_guide with guideName: "ocapi_hooks" ``` **SCAPI Hooks:** ``` Use: mcp_sfcc-dev_get_hook_reference with guideName: "scapi_hooks" Use: mcp_sfcc-dev_get_best_practice_guide with guideName: "scapi_hooks" ``` ## Security Considerations from MCP Always implement security patterns from MCP: - Validate all input data per MCP security guide - Use proper authentication checks from MCP patterns - Sanitize user-provided data per MCP recommendations - Implement rate limiting for external calls (MCP performance guide) - Log security-relevant events with correlation IDs ## NEVER Implement Hooks Without MCP - ❌ Don't guess hook extension points - use `mcp_sfcc-dev_get_hook_reference` - ❌ Don't implement without patterns - use `mcp_sfcc-dev_get_best_practice_guide` - ❌ Don't skip security validation - use `mcp_sfcc-dev_search_best_practices` - ❌ Don't assume SFCC APIs - use `mcp_sfcc-dev_search_sfcc_classes`