Skip to content

WARDENCLYFFE ENGINE · v0.1

Commerce, made readable by agents.

First Signal Day one. The tower's just been switched on.

For stores that ship to humans and answer to their agents. Built on .NET 10. Self-host. Free in production under $1M annual GMV — no contract, no telemetry.

View on GitHub See the sample store
1,500,000 rows/min
bulk pricing import
93 / 93
tests passing
50+ tools
MCP, buyer + merchant

WHAT IT IS

An e-commerce engine where agents are first-class clients on both sides of the transaction.

Wardenclyffe Engine is a self-hostable e-commerce platform built on .NET 10. Storefront, admin, catalog, pricing, orders, fitment, garage, customers, integrations. Three DbContexts (catalog, operational, identity) so hot reads stay off the write node.

What makes it different is the assumption baked in from line one: two sides of the transaction may speak through agents. Buyers shopping via their own LLM. Merchants running their catalog with theirs. Both call the same engine; the engine doesn't care which side initiated. The same RBAC, audit, sandbox, and idempotency apply.

You can run it on a laptop, on a five-dollar droplet, or on your own hardware. The schema is yours either way. Under a million GMV it's free, no contract, no telemetry.

STOREFRONT humans · Razor Pages ADMIN · STUDIO operators · step-up auth /mcp/customer buyer agents · cookie auth /mcp/admin merchant agents · scoped PAT Wardenclyffe Engine .NET 10 · EF Core 10 · 3 DbContexts one engine. every surface above and below tunes in. BULK API · WEBHOOKS ERPs, ETL · gzip / brotli / 200 MB OPENAPI 3.1 · /llms.txt every LLM · agents that don't speak MCP HUMANS ↓ AGENTS ↓ ENGINE MACHINES ↓

STACKING UP

Where Wardenclyffe lands in the e-commerce engine lineup.

We don't try to make competitors look bad. We try to show, as narrowly and verifiably as we can, where this engine sits next to the platforms an evaluator is also looking at. Every "no" in this table is checkable from the competitor's own published docs as of 2026; if you find one we've gotten wrong, tell us and we'll fix it.

Capability Wardenclyffe Shopify Plus WooCommerce nopCommerce
Source-available license
You own the database + binaries
.NET 10 / EF Core stack
Built-in MCP server
Buyer-agent endpoint, scoped
Merchant-agent endpoint, scoped
OpenAPI 3.1 generated from code
Scoped PATs with per-tool gate
Idempotency keys on order / payment
Sandbox mode for agent rehearsal
Audit log: actor + before/after + IP
Bulk pricing, sustained 1M+ rows/min
Fitment / garage framework
Production use cost (under $1M GMV) $0 $2k+/mo (Plus) $0 $0

  Built-in   Partial — usually via plugin / marketplace add-on   Not available as of 2026

WHAT WE DON'T COMPETE ON

The honest other half of the table.

The grid above shows where the engine wins. Here's where it doesn't even try. If any of these are the reason you'd buy a platform, Wardenclyffe isn't that platform yet.

  • App marketplace breadth. Shopify's app store has thousands of vetted plug-ins; ours is a typed extension interface where the integration you need is one you (or your agent) vibe-code in an afternoon — that's the point. If you'd rather pay for a plug-in than describe it to Claude, we're not your engine.
  • Theme marketplace. We ship a few well-built themes (Frisky & Corset is the reference). We don't host a third-party theme bazaar.
  • Managed multi-tenant SaaS. Self-host is the path. Above the GMV grant, you get a commercial license — still your VM, still your DB.
  • Long production track record under the Wardenclyffe name. The codebase Wardenclyffe is descended from quietly processed about half a million dollars of GMV across two storefronts in its earlier lives, and the team — ProjectThunder.com, Inc. — has been shipping ecommerce since 2004. But Wardenclyffe Engine v0.1 is a day-one release: the heritage is in the tests, not yet in a customer roster.
  • 24 / 7 named-support tier as a default. Available under commercial licensing; not a $0 SLA.
  • Pre-cleared compliance attestations (SOC 2, PCI Level 1). On the roadmap for operating-entity maturity — not promised today.

BUILT FOR AGENTS — ON BOTH SIDES

Two endpoints. One tool registry. Fifty+ named tools.

The buyer's agent and the merchant's agent are not afterthoughts on top of a "real" storefront. They are the storefront — same domain services, same auth, same audit. The Razor Pages UI calls the same code your agent does.

/mcp/customer · cookie auth

Buyer agents

A shopper's agent signs in like the shopper does, then operates inside that customer's session. Browse, narrow by fitment, manage cart, place orders, capture payment, manage the garage and saved addresses. The customer can revoke at any time by signing out.

  • browse
  • cart_add
  • product_get
  • cart_update
  • fitment_find_parts
  • checkout_place
  • garage_add
  • payment_capture
  • order_list
  • order_get
  • return_request_create
  • profile_set_attribute

/mcp/admin · scoped API key

Merchant agents

Your own agents — onboarding catalog, repricing, support triage, integration glue — authenticate with scoped PATs. Every tool is gated by scope. Every call is audited. Rate limits live per-key so a runaway loop hits a ceiling before it touches anything irreversible.

  • product_create
  • bulk_pricing_update
  • product_generate_variants
  • order_status_transition
  • support_refund_order
  • support_reset_password
  • master_item_create
  • supplier_feed_trigger
  • custom_field_define
  • seo_slug_reconcile
  • return_request_create
  • support_unlock_user

MCP server

Built on the official ModelContextProtocol SDK. Two HTTP routes sharing one tool registry. Agents discover via list_tools, introspect schemas, call with scoped credentials. claude mcp add wcy https://your-store/.well-known/app-manifest.json
[↗ docs]

Sandbox + idempotency

Every order and payment write takes an idempotency key. Send the same key twice, the engine processes once. Sandbox mode lets an agent rehearse a transaction against real shapes with zero side effects — no Stripe charge, no inventory hold, no email.
[↗ docs]

OpenAPI 3.1, versioned

/api/v1/openapi.json is the contract — generated from the code, browsable via Scalar at /api/docs. Breaking changes ship behind /api/v2/, never on the same path.
[↗ docs]

Scoped API keys + rate limits

Each PAT carries scope claims and lives in its own rate-limit partition. Tools self-gate: a missing scope returns an explanatory error from the tool itself, not a generic 401 from the auth layer. Agents can reason about what they're missing.
[↗ docs]

Bulk pricing import

POST /api/v1/admin/pricing/tiers/bulk-import accepts JSON or CSV, gzip/brotli/deflate, 200 MB cap, 50k-row sweet spot, 30 req/min/key → 1.5M rows/min sustained. Replace-by-product or upsert.
[↗ docs]

Audit log + replay

Every write — human or agent — records actor, IP, before, after, and the request id that carried it. Two-year default retention. Filter, export, or stream to your SIEM. Tag-based output-cache eviction keeps reads consistent after writes.
[↗ docs]

WHAT THIS UNLOCKS

Concrete things that go from 'maybe a startup is building this' to 'an afternoon's work.'

  1. 01 Pricing on autopilot

    Your morning competitor sweep, run by an agent that doesn't sleep.

    Your agent watches comp prices overnight, decides which 4,800 SKUs need to move, and calls bulk_pricing_update with a single 50,000-row payload before you make coffee. Within scope, within rate limit, every cent recorded in the audit log.

    bulk_pricing_update
  2. 02 Buyer agents, first class

    An overseas buyer talks to their agent in their own language. You see a normal sale.

    The buyer's agent hits /mcp/customer, browses, narrows by fitment, places the order via checkout_place + payment_capture with an idempotency key. Your fulfillment pipeline doesn't know — and doesn't need to know — that the order came from an LLM.

    browsecheckout_placepayment_capture
  3. 03 Catalog migration

    12,000 SKUs onboarded in an afternoon. By Claude. While you're at lunch.

    Hand the supplier sheet to your agent. It calls product_create per row, product_generate_variants for the options matrix, product_set_custom_fields for everything else, and bulk_pricing_update for the volume tiers. Errors land in a comment thread on the affected product, not your inbox.

    product_createproduct_generate_variantsbulk_pricing_update
  4. 04 Tier-one support, on a hotkey

    “Reset my password and refund order 4823.” Two tool calls. Full audit trail.

    support_reset_password and support_refund_order are scoped admin tools with their own rate-limit partitions. Your support agent fires both inside one chat turn. The audit log records actor = API key, sub-actor = the human request ID they were chatting with. Reviewable on Monday.

    support_reset_passwordsupport_refund_order
  5. 05 Background jobs that don't page you

    Supplier feed sync goes sideways at 2am. Pager stays quiet.

    supplier_feed_trigger kicks the job. The background runner retries with backoff. If it ultimately fails, it lands in the job-history table as a ticket — not as a 2am page. You read it with the same coffee that started the comp sweep.

    supplier_feed_trigger
  6. 06 RMA with photos of the dent

    “The corset arrived torn. Here, look.” The buyer's agent files the return without a phone call.

    Customer chats with their agent. Agent calls return_request_create on /mcp/customer, attaches three phone-camera shots straight from the conversation (10 MB each, magic-byte sniffed server-side), picks the condition (damaged) and a reason code. The request lands in /Admin/Returns as Submitted; the operator approves it from a tablet during their next coffee. No support inbox, no ticket triage.

    return_request_create

None of these are demos. Every tool named above is in /Mcp/Tools/ in the engine repo, behind real scope checks, with real tests. Pull the repo, register an API key, fire any of them.

VIBE CODING, FOR ADULTS

The engine is the part you don't have to vibe-code.

Vibe coding is great when the stakes are small. It's harder when there's real money in the system, real customers waiting, and real compliance people watching. Wardenclyffe is built so the parts you do vibe — the integrations, the seasonal promo logic, the agent prompts, the back-office scripts — sit on top of a stack that refuses to let you corrupt the database.

.NET 10 + EF Core 10

Long-term-supported runtime. Razor Pages for UI, Minimal APIs for JSON, EF Core 10 for data — three DbContexts split by concern. No magic frameworks layered on top. An LLM that can read C# can read this whole codebase.

Typed, all the way down

Every MCP tool is a typed C# method with a structured schema. OpenAPI is generated, not hand-maintained. When the schema changes, the agent sees it on the next list_tools call. No drift between docs and reality.

Sandbox + audit

Iterate against sandbox until the agent gets it right. Switch to production by changing one header. Every mutation goes to the audit log — vibe coding is reversible because the engine remembers exactly what happened.

Extend without forking

Payment providers, shipping rate providers, tax lookups, background jobs — all interfaces in DI. Drop your implementation in, register it, ship. docs/extending.md has copy-paste recipes per slot.

# install

$ dotnet tool install -g wardenclyffe-cli

$ wardenclyffe new --template parts-fitment my-store

$ cd my-store && wardenclyffe migrate && wardenclyffe seed

# connect an agent

$ claude mcp add wcy http://localhost:5126/.well-known/app-manifest.json

$ claude "Onboard the SKUs in suppliers/q3-rollout.csv. Volume tiers from column 'tier_5_qty'."

→ 1,847 product_create

→ 1,847 product_generate_variants

→ 1 bulk_pricing_update (1,847 rows)

→ 4 errors, threaded on affected products

CLI shipping in 0.2 — illustrative session; the tool registry is real today.

WHAT'S IN THE BOX

A deliberately boring inventory. Grep for the thing you need.

No marketing copy in this section. Just the list. Every item below maps to real code in the engine — a domain entity, an admin page, a Razor route, an MCP tool, or a service contract. If it's listed, it's wired up.

Catalog

  • Brands, categories (nested, with attributes), product types
  • Products with rich attributes, images, videos, related links
  • Variants (SKUs) with their own attributes — generated from option matrix
  • Cross-sells and related products, per-product
  • Product reviews + ratings
  • Custom fields — global attribute taxonomy you define
  • Supplier records, per-product supplier links, supplier shipping rates
  • Customer classification (B2B / wholesale / VIP segments)
  • Per-product promos (badges, copy, scheduled)
  • Product history audit per SKU

Fitment & garage

  • Master items framework: Brand → Model → Item-type taxonomy
  • Built for auto parts, generalises to appliances, equipment, anything fittable
  • Customer garage — saved vehicles / assets per customer account
  • fitment_find_parts MCP tool returns the SKU subset for a given fitment
  • Per-product fitment list, manageable from admin and via MCP
  • Storefront fitment narrowing on browse

Pricing & discounts

  • Volume / tier pricing per product
  • Customer-group pricing (different lists per segment)
  • Discount rules with requirements (cart total, item count, customer group)
  • Money-rounding strategies (per currency / per locale)
  • Tax categories per product, pluggable tax rate lookup, ZIP-aware
  • Tax cache (12h TTL) layered on top of lookup
  • Bulk pricing import — JSON or CSV, gzip/br/deflate, 200 MB cap, 1.5M rows/min sustained
  • Replace-by-product or upsert modes, idempotent on (ProductId, MinQty | CustomerGroupId)

Orders & payments

  • Order line items, shipments, statuses, comments
  • Status-transition map (declared, not free-text)
  • Stripe Link, Adyen, PayPal — pluggable IPaymentProvider registry
  • Payment type modes + settings per provider
  • Payment transactions (authorize / capture / refund) with status
  • Idempotency keys on every order and payment write
  • Sandbox mode — practice on real shapes with zero side effects
  • Order confirmation page + receipts

Returns / RMA

  • Customer-initiated return request from /Account/RequestReturn — pick items, reason code, condition, free-text notes
  • Photo attachments — up to 8 files, 10 MB each, magic-byte content sniffing (browser-claimed MIME ignored)
  • Normalised ReturnAttachment table with per-file soft-delete + audit trail; GUID-based on-disk filenames
  • Item conditions: unopened / openedunused / used / damaged — operator uses this to triage restock vs write-off
  • Lifecycle: Submitted → InReview → Approved/Rejected → Closed; operator approval mints a real Return + RMA number
  • return_request_create MCP tool on both /mcp/customer (cookie) and /mcp/admin (returns:write scope, buyer-bound API key)
  • Operator workspace at /Admin/Returns (list + detail); support_refund_order MCP tool for agent-driven refunds

Customers & accounts

  • ASP.NET Identity-backed accounts (Users / Roles / Claims / Logins / Tokens)
  • Profile, multiple addresses, garage, order history
  • Customer groups (used for pricing + discounts)
  • Abandoned cart tracking with admin workspace
  • Subscriptions (email opt-ins)
  • support_reset_password + support_unlock_user agent tools

Marketing

  • Banners — Title, Description, ImageUrl, NavigateUrl, StartDate, EndDate, Sequence
  • Banner targeting by Category, by ProductType (tabbed product-detail areas), or site-wide
  • Content pages, admin-authored, with shortcode parsing (e.g. [parallax])
  • Email templates + email variables + email notifications, all editable from admin
  • FAQs as first-class content
  • Collections (curated product sets, distinct from categories)
  • Subscriptions (newsletter / list capture)
  • Loyalty / rewards — settings + earned ledger
  • Sitemap.xml generation from admin

Search & SEO

  • Lucene.NET 4.8 full-text in-process, English analyzer (swappable)
  • Faceted browse with multi-dimension filters, querystring-stable so SSR caches well
  • SEO slug routes — products and categories at root paths (/aubergine-lace-corset)
  • seo_slug_reconcile MCP tool for bulk slug fixes / canonical re-publish
  • Output caching with tag-based eviction (60s anon / 30s search; auth bypasses)
  • /.well-known/app-manifest.json + /llms.txt for discovery

Inventory & operations

  • Multi-warehouse inventory
  • On-hand, reserved, incoming, back-order, shipping, ending counts — separate buckets per warehouse
  • Inventory holds during cart / checkout (released on abandon)
  • Shipping methods + services, package types, pickup types
  • Pluggable IShippingRateProvider for live rate quotes
  • Background jobs — IBackgroundJob + scheduler with history table
  • Supplier feed sync via supplier_feed_trigger

Agent surfaces

  • /mcp/customer — cookie auth, ~25 tools for buyer agents
  • /mcp/admin — scoped PAT auth, ~30 tools for merchant agents
  • /api/v1/* JSON API, OpenAPI 3.1 generated at /api/v1/openapi.json
  • Scalar interactive docs at /api/docs
  • /.well-known/app-manifest.json advertises active theme, storefront URL, MCP scopes
  • Per-tool scope self-gate (callers get explanatory errors, not opaque 401s)
  • MCP admin observability — list every registered tool, audit every call (/Admin/Mcp)

Security

  • RBAC: Customer / Manager / Administrator + custom roles
  • Permission policies: AdminAccess, CatalogManage, OrdersManage, ContentManage, IntegrationsManage
  • Step-up admin auth — separate /Admin login with bot detector + device-pin
  • Scoped PATs with rate-limit partitions (each key in its own bucket)
  • Per-user kill switch — SecurityStamp rotation invalidates live cookies
  • AdminAccessBlocked flag locks step-up out of a specific account
  • Antiforgery on form endpoints; bearer API skips it cleanly
  • Rate limiter sits before authorization in the pipeline

Engineering

  • .NET 10 LTS, EF Core 10, Razor Pages, Minimal APIs
  • Three DbContexts: Catalog (read-heavy) / Operational (write-heavy) / Identity (auth-only)
  • SQLite for dev (single file), SQL Server or Azure SQL for production
  • SqlBulkCopy + staging table + MERGE under the bulk import endpoint
  • Request body decompression middleware (gzip / br / deflate)
  • Output caching with tag-based eviction
  • elmah.io error reporting (optional, fail-soft)
  • Three-project clean architecture: Domain / Application / Infrastructure / Web
  • 93 / 93 unit + integration tests; Playwright E2E project on deck
“50,000 pricing rows per request, 30 requests per minute per key — 1.5 million rows per minute, sustained, against SQL Server.”
“35-request burst against an unauth admin endpoint: requests 1–30 returned 401, 31–35 returned 429. Rate limiter sits before authorization on the pipeline.”

Missing from this list: anything the engine doesn't actually do. No fake roadmap items, no "coming soon" badges padding the count. If we add something, it appears here the day it merges.

SEE IT

Real catalog. Real admin. Real agent surface.

FriskyCorset.com home page — full-bleed editorial photograph of a model in a red corset against a desert horizon, with the tagline 'Laced for the occasion' overlaid in serif italic.
friskycorset.com — home
FriskyCorset.com scrolled into a curated collection — a wide editorial photograph with the line 'Stitched at the seam, sworn at the bust,' and a four-up product grid below.
friskycorset.com — collection

Frisky & Corset is our sample storefront. Real catalog data, real imagery, real admin, real /mcp/customer. Browse it the way an LLM would.

Open the sample store Read the agent walkthrough

HOW YOU GET IT

Self-host is the path. Commercial licensing handles the long tail.

Self-host · free

Run it yourself

Anyone whose deployment processes under $1M annual GMV.

Source on GitHub. Production use granted by the BSL Additional Use Grant. No contract, no telemetry, no support obligation either direction. Most stores end here forever.

Get the code →
Commercial license

Above $1M GMV, or white-glove

Operators above the GMV threshold; integrators who want help shipping; anyone who needs a contract.

Commercial license to run the engine above the $1M cap. Optional architect-led implementation, named support, contractual SLA, custom integrations. You still own the binaries and the database.

Talk to us →

No managed multi-tenant hosting. Self-host is the path; for above-grant operators, ProjectThunder.com, Inc. licenses commercially and helps with implementation.

Self-host is granted in production for any storefront you own that processes under $1M annual GMV. No contract, no telemetry, no phone home. Most operators end here forever. Full grant text on /license.

Above $1M GMV, a commercial license from ProjectThunder.com, Inc. is required. The license can include named support, contractual SLA, architect-led implementation, and custom integration work — you tell us what you need.

We do not operate Wardenclyffe as a multi-tenant hosted service. The engine isn't built for tenant isolation and we don't think it should be — running your own instance is genuinely better, and the BSL grant exists to make that easy.

The grant is the point. If you can tune in, you can use it. The tower stays up.

TELL US ABOUT YOUR DEPLOYMENT

Above the $1M grant, or you want help shipping? Send a note. We answer real email.

We reply within two business days. Real human, no marketing drip.

FAQ

Short and honest.

Is this open source?
Source-available under the Business Source License 1.1 with a generous Additional Use Grant: free in production under $1M annual GMV. Above that — or for hosting it as a competing service — you need a commercial license. Every release converts to Apache 2.0 on May 14, 2029. See /license for the full grant. The grant is the point — if you can tune in, you can use it.
What's the runtime?
.NET 10 LTS, EF Core 10, Razor Pages, Minimal APIs for JSON. Three DbContexts (catalog / operational / identity). SQLite for local dev, SQL Server or Azure SQL for production. Same EF model either way.
What does "agent-first" actually mean?
Two MCP endpoints — /mcp/customer (cookie auth, for buyer agents) and /mcp/admin (scoped API key, for merchant agents) — sharing a single tool registry. Every action exposed to the UI is also exposed as a tool, with the same auth, the same RBAC, the same audit trail, the same idempotency keys.
Vibe coding on .NET — really?
Really. The engine is the part you don't have to vibe-code: typed contracts, OpenAPI generated from the code, sandbox mode for safe iteration, idempotency keys so retries don't double-charge, audit log so mistakes are reversible. That's what makes vibe coding viable when the system has real users and real money in it.
Does it work with my ERP?
If your ERP can POST JSON or CSV over HTTPS, yes. The bulk import endpoint takes gzip / brotli / deflate bodies up to 200 MB and runs in replace-by-product or upsert mode. CsvHelper parses the CSV; SqlBulkCopy + MERGE does the write.
MCP — what's that?
Model Context Protocol — the spec Anthropic shipped for agents to discover and call tools. Our engine exposes it at /.well-known/app-manifest.json with the two endpoints listed above.
Can I run this on Linux?
Yes — .NET 10 LTS targets Linux, macOS, and Windows. The reference deployment is Windows Server / IIS (that's what we use), but Docker images publish to GHCR for everyone else.
What about Shopify or BigCommerce?
Different shape. Those are SaaS storefronts with a managed admin and a partner-app surface. Wardenclyffe is the engine — you own the database, the binaries, the agent surface, and the audit log.
How do I migrate from $existing?
No turnkey importer yet. The bulk-import API plus a small adapter script — or a vibe-coded one — gets a catalog moved in an afternoon. Talk to us if scope is bigger.
Is there a managed / multi-tenant hosted plan?
No. Building tenant isolation into the engine would be a significant rewrite, and we don't think it would beat "run your own instance" for any operator the BSL grant already covers. Above the grant, ProjectThunder.com, Inc. licenses the engine commercially and can help you ship; we just don't run it for you in a shared environment.
Who's behind this?
Built and operated by ProjectThunder.com, Inc. — a California S corporation shipping commerce since 2004. Same team that runs the Frisky & Corset sample storefront.