Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Productivity
  3. MCP Server Pro v 18.0
  4. Sales Conditions FAQ

MCP Server Pro

by ERP Heritage https://erpheritage.com.au
Odoo
v 18.0 Third Party 12
Download for v 18.0 Deploy on Odoo.sh
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Community Apps Dependencies Show
MCP Server (Native)
Lines of code 2900
Technical Name eh_mcp_server_pro
LicenseOPL-1
Websitehttps://erpheritage.com.au
Versions 16.0 17.0 18.0 19.0
  • Description
  • Manifest
  • License
ERP Heritage
MCP Server Pro

MCP Server Pro

The free advanced layer for the native MCP server: field and record level permissions, dry-run write guardrails with caps and confirmation, OAuth 2.1, saved reports and file tools, a safe allow-listed method caller, long-running tasks and live resource subscriptions. All free, all on Odoo 16 to 19.

Free · OPL-1FreeOdoo 16 to 19v19.0.1.0.0
Field permissions
Record domains
Preview writes
Write and delete caps
Confirmation

Why this module

Depth and safety for MCP.

Field and record permissions

Control what the AI sees, down to the field

Per model, mask sensitive fields on read and reject them on write with allow or deny lists, and restrict the assistant to a record domain it can never see past. This goes well beyond the model-and-operation gate in the base module, all enforced on top of Odoo's own access rules.

Guarded writes

Preview, cap and confirm before anything changes

Every write can run as a dry-run that reports the exact effect without committing. Per-model caps stop a bulk change or delete from running away, and high-risk operations require confirmation, offered as an out-of-band URL prompt when the assistant supports elicitation.

Safe by design

OAuth 2.1 and an allow-listed method caller

Verify OAuth 2.1 bearer tokens as a resource server with strict audience validation and no token passthrough. Call model methods only from an administrator's per-model allow-list, with private methods blocked, so there is no unguarded remote execution.

Day in the life

Turn a broad connection into a precise, safe one

An administrator who has connected an assistant with the base module opens the enabled model and, in the Pro policy section, hides the fields the assistant must not see, sets a record domain to scope it to one company or team, caps how many records a single write may touch, and requires confirmation on deletes. From then on the assistant works within a tight, auditable envelope, and can also run reports, read attachments and call a short list of approved actions.

Edge cases

The cases most modules quietly ignore.

In the shipped code today, each one a place where a cheaper module silently does the wrong thing.

Masked fields stay hidden

A denied field is not just blocked on read; its very existence, label and type are hidden from the model-description and field resources too, so the assistant cannot even learn that it exists.

All-or-nothing batches

A batch write runs inside a single transaction; if one item fails the whole batch rolls back, so a partial, inconsistent change is never left behind.

Wrong-audience tokens

An OAuth token minted for a different resource is rejected even if its signature is valid, following the resource-indicator rule, so a token cannot be replayed against this server.

No unsafe escape hatch

The method caller refuses anything not on the administrator's allow-list and refuses private methods outright, so there is no way to reach arbitrary code through it.

What is inside

Built to do the job, end to end.

  • Policy seam over the base model. Pro inherits the enabled-model configuration and fills hook points the base module already calls, so field masking, record domains, caps and confirmation apply everywhere reads and writes happen without changing core code. Defaults are permissive, so installing Pro never tightens a model you have not configured.
  • OAuth resource server. A dependency-free token verifier checks signature, expiry and audience and maps the subject to an Odoo user; the protected-resource metadata document advertises the authorization server. The server never forwards a client token upstream.
  • Business tools, tasks and subscriptions. A run-report tool renders to PDF or spreadsheet, binary read and file attach handle documents, a safe caller runs allow-listed methods, durable tasks wrap longer work, and resource subscriptions push updates for changes made through the server.

Honest about the edges

What this does not do, so nothing surprises you.

  • This module is a free add-on and requires the base MCP Server module. It is an OAuth resource server, not an authorization server, so bring your own identity provider. Resource subscriptions currently notify on changes made through the server; catching every external change is a later addition. Report rendering uses Odoo's own engines, so a PDF needs the usual rendering support installed.
Search

Odoo MCP field permissions, Odoo MCP record rules AI, MCP write guardrails, Odoo MCP OAuth 2.1, safe method call MCP, Odoo MCP tasks subscriptions, AI data governance Odoo, restrict AI access Odoo

Govern what the AI can do

Field and record level control, write guardrails and safe method calls, configured per model.

Field, record and write policy

Field, record and write policyMask sensitive fields, scope the assistant to a record domain it cannot see past, cap how many records a write or delete may touch, require confirmation, and allow-list callable methods.

Built on the free MCP Server

Built on the free MCP ServerPro layers governance onto the native endpoint: the same per-model access list, now with field, record and guardrail policy on every row.

Languages

Available in 19 languages

The interface ships translated out of the box. Switch language in Odoo and the fields, menus, and messages follow.

ArabicChinese (Simplified)Chinese (Traditional)DutchFrenchGermanHindiIndonesianItalianJapaneseKoreanPolishPortuguese (Brazil)RussianSpanishSwedishThaiTurkishVietnamese

Connect in three steps

Native endpoint, no local bridge. Point any MCP-compatible assistant at one URL with a scoped key.

1
Enable modelsIn MCP Server, Enabled Models, choose the models and the read/create/update/delete operations the assistant may use. Default deny.
2
Generate a keyOpen Connect AI Assistant, generate a scoped API key (shown once), and copy the endpoint URL.
3
Point your client at itPaste the URL and key into any MCP client. No uvx, no local package, nothing to install on the operator's machine.
{ "mcpServers": { "odoo": { "type": "streamable-http", "url": "https://your-company.odoo.com/mcp", "headers": { "Authorization": "Bearer YOUR_API_KEY" } } } }

Full step-by-step setup for Windows, macOS and Linux - Claude Code, Cursor, VS Code, Claude Desktop and n8n - is in the app README.

ERP Heritage

Production-grade Odoo modules, built to an engineering bar and documented honestly. Support: info@erpheritage.com.au
Developed by ERP Heritage - Top Odoo Partner • LinkedIn

v19.0.1.0.0 · OPL-1 · Odoo 18 Community

Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Community Apps Dependencies Show
MCP Server (Native)
Lines of code 2900
Technical Name eh_mcp_server_pro
LicenseOPL-1
Websitehttps://erpheritage.com.au
Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with