Odoo MCP Gateway and Consultant Copilot
Connect ChatGPT, Claude, Cursor, and other MCP clients to Odoo through a secure, policy-controlled endpoint with audit logs, OAuth support, consultant diagnostics, and read-only business reporting tools.
/mcp
OAuth for ChatGPT
Token policies
Audit logging
Odoo 19
Built for controlled AI access to Odoo
The gateway gives teams a practical bridge between Odoo and MCP-compatible AI tools. Instead of exposing an unrestricted database API, it routes every tool call through Odoo users, access rights, record rules, company context, token access levels, model policies, and an audit trail.
Secure MCP endpoint
Implements MCP JSON-RPC methods for initialization, tool listing, tool calls, and ping at /mcp.
OAuth and bearer tokens
Use mapped OAuth clients for ChatGPT-style connections or direct bearer tokens for controlled integrations.
Model policies
Allowlist models and operations per token, with optional forced domains and allowed method lists.
Audit and rate limits
Track every tool call, request summary, result summary, status, duration, token, OAuth client, and user.
Consultant diagnostics
Run access, view, workflow, migration, custom module, and report diagnostics from MCP clients.
Business reporting tools
Optional read-only stock and accounting tools return operational reports without exposing raw valuation data.
Screenshots
Setup flow
Install the addon
Install the module and add administrators to the MCP Gateway Manager group.
Create a token
Open MCP Gateway > Configuration > Tokens, choose the Odoo user, and generate a token.
Add model policies
Allow only the models and operations the MCP client needs. Keep production tokens read-only by default.
Connect an MCP client
Point the client to https://your-odoo-domain.com/mcp with OAuth or bearer token authentication.
Review audit logs
Use MCP Gateway > Audit Logs to inspect requests, tools, models, status, and duration.
Enable diagnostics
Turn on consultant tools only for trusted tokens that need diagnostic packs and client reports.
Included MCP tool groups
Core Odoo tools
odoo_search_countodoo_search_readodoo_readodoo_fields_getodoo_list_modelsodoo_create,odoo_write, and admin-gated delete or method calls
Reporting tools
stock_product_lookupstock_inventory_snapshotstock_product_movement_reportaccounting_reportaccounting_aged_receivable_reportaccounting_cash_flow_statement
Consultant tools
audit_custom_modulesdiagnose_access_issuediagnose_view_erroraudit_workflowmigration_readiness_checkgenerate_client_report
Stock and accounting tools are optional runtime features. The addon remains installable without Inventory or Accounting and returns clear errors when the related Odoo models are not available on the database.
Security model
Each MCP call executes as the Odoo user mapped to the token. The module then applies token access level, OAuth scope, model policy checks, optional policy domains, Odoo ACLs, record rules, company context, and rate limits. This layered design keeps AI access aligned with the same Odoo security controls your operators already use.
Common searches this app supports
Customers usually look for this module when they need a secure Odoo AI connector, ChatGPT integration, MCP server, governed Odoo API access, audit-ready automation, inventory reporting, accounting report access, or consultant diagnostics.
Odoo MCP Gateway and Consultant Copilot
Odoo MCP Gateway and Consultant Copilot exposes a secure Model Context Protocol (MCP) endpoint for Odoo 19. It lets ChatGPT, Claude, Cursor, and other MCP clients call controlled Odoo tools through Odoo users, access rights, record rules, company context, token policies, OAuth scopes, rate limits, and audit logs.
The addon is designed for teams that want AI-assisted Odoo operations without opening an unrestricted database API.
Main Features
- MCP endpoint at /mcp with JSON-RPC support for initialize, tools/list, tools/call, and ping.
- Bearer-token authentication for direct MCP clients.
- OAuth client flow for ChatGPT-style production connections.
- Token access levels: read-only, operator, and admin.
- Per-token and group-aware model policies.
- Optional policy domains for filtered read access.
- Odoo ACL, record-rule, and multi-company aware execution.
- Rate limiting per token.
- Audit logs for every tool call.
- Consultant diagnostic tools for access, views, workflows, migrations, custom modules, and client-ready reports.
- Optional read-only stock and accounting reporting tools.
Search Terms and Positioning
This app is positioned for customers searching for:
- Odoo MCP connector
- Odoo MCP server
- ChatGPT Odoo integration
- Claude Odoo integration
- Cursor Odoo tools
- Odoo AI assistant
- Odoo OAuth API gateway
- Odoo audit logs
- Odoo model policies
- Odoo inventory reporting
- Odoo stock reporting
- Odoo accounting reports
- Odoo diagnostics and migration checks
Installation
- Copy the odoo_mcp_server_connector addon into an Odoo 19 addons path.
- Update the apps list.
- Install Odoo MCP Gateway and Consultant Copilot.
- Add trusted administrators to the MCP Gateway Manager security group.
The module depends only on base and web. Inventory and Accounting are not hard dependencies. Stock and accounting MCP tools become useful when the related Odoo applications and models are installed in the database.
Basic Token Setup
- Open MCP Gateway > Configuration > Tokens.
- Create a token record.
- Select the Odoo user that MCP calls should run as.
- Keep the access level as Read Only unless write access is required.
- Set allowed companies and rate limits.
- Click Generate Token and copy the token from the notification.
- Create model policies under MCP Gateway > Configuration > Model Policies.
For a simple read-only test, create read policies for models such as:
- res.partner
- product.product
- sale.order
- account.move
Then call odoo_search_count or odoo_search_read from an MCP client.
MCP Endpoint
Use the endpoint below for production and controlled integrations:
https://your-odoo-domain.com/mcp
Example tools/list request:
curl https://your-odoo-domain.com/mcp \
-H "Authorization: Bearer mcp_your_token" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}'
Example odoo_search_read request:
curl https://your-odoo-domain.com/mcp \
-H "Authorization: Bearer mcp_your_token" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "odoo_search_read",
"arguments": {
"model": "res.partner",
"domain": [["customer_rank", ">", 0]],
"fields": ["name", "email", "phone"],
"limit": 10
}
}
}'
ChatGPT OAuth Setup
OAuth is recommended for ChatGPT production connections and customer-facing demos.
- Create a normal MCP token and model policies.
- Open MCP Gateway > Configuration > OAuth Clients.
- Create a client named ChatGPT or another clear integration name.
- Set Mapped MCP Token to the token ChatGPT should use.
- Add the exact ChatGPT OAuth redirect URI in Allowed Redirect URIs.
- Keep scopes as mcp:read offline_access openid profile email unless the deployment intentionally needs write or admin scope.
- Click Generate Client Secret and copy the one-time secret.
- Configure the MCP client with:
- Server URL or resource: https://your-odoo-domain.com/mcp
- Authorization server base: https://your-odoo-domain.com
- OAuth client id: the Odoo OAuth Client ID
- OAuth client secret: the generated secret
Discovery endpoints:
- /.well-known/oauth-protected-resource/mcp
- /.well-known/oauth-authorization-server
- /.well-known/openid-configuration
Development No-Auth Endpoint
Some local MCP client setup screens support No Auth but do not provide a place to send a bearer token. For development only, the addon includes:
/mcp/noauth
To use it:
- Create one normal MCP token.
- Keep the token tightly scoped.
- Enable Dev No-Auth Endpoint on that token.
- Point the development MCP client to /mcp/noauth.
Only one active token can enable the development no-auth endpoint at a time. Do not use this endpoint in production or customer databases.
Core Tool Reference
Read tools:
- odoo_search_count
- odoo_search_read
- odoo_read
- odoo_fields_get
- odoo_get_model_metadata
- odoo_list_models
- odoo_list_menus
- odoo_list_actions
Write and method tools:
- odoo_create
- odoo_write
- odoo_unlink
- odoo_call_method
Write, delete, and method-call tools require explicit token level and model policy permissions. They are hidden from read-only tokens.
Stock Reporting Tools
The stock tools are optional read-only tools. They return a clear error if the Inventory models are not installed.
- stock_product_lookup
- stock_inventory_snapshot
- stock_product_movement_report
- stock_low_stock_report
- stock_replenishment_report
- stock_lot_serial_report
Recommended read policies for stock reporting:
- product.product
- product.template
- stock.quant
- stock.location
- stock.warehouse
- stock.move
- stock.move.line
- stock.picking
- stock.lot
- stock.warehouse.orderpoint
These tools intentionally return operational inventory data only: on-hand, reserved, available, incoming, outgoing, forecasted quantities, moves, lots, serials, and reordering rules. They do not read valuation layers, costs, or accounting moves.
Accounting Reporting Tools
Accounting report tools use Odoo's configured account.report engine, so they respect the installed localization, chart of accounts, report formulas, company context, Odoo ACLs, and record rules.
- accounting_list_reports
- accounting_report
- accounting_aged_receivable_report
- accounting_aged_payable_report
- accounting_cash_flow_statement
Recommended read policies for accounting reporting:
- account.report
- account.report.line
- account.report.column
- account.report.expression
- account.move
- account.move.line
- account.account
- account.journal
- res.partner
- res.company
Do not use policy domain_force on accounting models for these tools. Native financial reports are aggregated by account.report and the gateway fails closed when it sees policy domains on accounting lines, partners, accounts, or journals.
Consultant Diagnostic Tools
odoo_health_check is available to every token. The remaining consultant tools require the token's Consultant Tools flag or an admin token.
- audit_custom_modules
- diagnose_access_issue
- diagnose_view_error
- audit_workflow
- migration_readiness_check
- generate_client_report
- create_safe_action_plan
Diagnostic runs, findings, evidence, and generated reports are stored under MCP Gateway > Diagnostic Runs and MCP Gateway > Diagnostic Evidence.
Security Recommendations
- Use one token per MCP client or integration.
- Prefer read-only tokens for AI assistants.
- Use model policies as the primary allowlist.
- Avoid Allow All Models in production unless the mapped Odoo user is already tightly scoped.
- Use OAuth clients instead of /mcp/noauth for production ChatGPT connections.
- Review audit logs regularly.
- Rotate tokens and OAuth secrets when an integration is retired.
- Use normal Odoo groups, record rules, and company access to control the actual data visible to each MCP token.
Troubleshooting
- Missing bearer token
- Send Authorization: Bearer mcp_your_token or configure OAuth.
- Unknown tool
- Call tools/list for the token. Read-only tokens hide write tools.
- Access denied on a model
- Add or adjust the model policy and confirm the mapped Odoo user has normal Odoo access rights.
- Stock or accounting tool reports missing models
- Install the related Odoo application or use the core generic tools only.
- Accounting report blocked by policy domain
- Remove domain_force from accounting model policies and control access through Odoo user/company permissions.
Support Notes
Before publishing to Odoo Apps, set the final support email, website, app price, and support policy in the Odoo Apps seller dashboard. Those values are commercial publishing details and are intentionally not hardcoded into this module.
Please log in to comment on this module