ivnvxd
diff --git a/‎CHANGELOG.md‎
Lines changed: 8 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 94 additions & 2 deletions b/‎README.md‎
Lines changed: 94 additions & 2 deletions
diff --git a/‎mcp_server_odoo/access_control.py‎
Lines changed: 75 additions & 2 deletions b/‎mcp_server_odoo/access_control.py‎
Lines changed: 75 additions & 2 deletions
diff --git a/‎mcp_server_odoo/config.py‎
Lines changed: 65 additions & 7 deletions b/‎mcp_server_odoo/config.py‎
Lines changed: 65 additions & 7 deletions
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.0] - 2025-09-14
+
+### Added
+- **YOLO Mode**: Development mode for testing without MCP module installation
+  - Read-Only: Safe demo mode with read-only access to all models
+  - Full Access: Unrestricted access for development (never use in production)
+  - Works with any standard Odoo instance via native XML-RPC endpoints
+
 ## [0.2.2] - 2025-08-04
 
 ### Added
 
@@ -10,6 +10,8 @@
 
 An MCP server that enables AI assistants like Claude to interact with Odoo ERP systems. Access business data, search records, create new entries, update existing data, and manage your Odoo instance through natural language.
 
+**Works with any Odoo instance!** Use [YOLO mode](#yolo-mode-developmenttesting-only-) for quick testing and demos with any standard Odoo installation. For enterprise security, access controls, and production use, install the [Odoo MCP module](https://apps.odoo.com/apps/modules/18.0/mcp_server).
+
 ## Features
 
 - 🔍 **Search and retrieve** any Odoo record (customers, products, invoices, etc.)
@@ -22,15 +24,16 @@ An MCP server that enables AI assistants like Claude to interact with Odoo ERP s
 - 🔐 **Secure access** with API key or username/password authentication
 - 🎯 **Smart pagination** for large datasets
 - 💬 **LLM-optimized output** with hierarchical text formatting
+- 🚀 **YOLO Mode** for quick access with any Odoo instance (no module required)
 
 ## Installation
 
 ### Prerequisites
 
 - Python 3.10 or higher
 - Access to an Odoo instance (version 17.0+)
-- The [Odoo MCP module](https://apps.odoo.com/apps/modules/18.0/mcp_server) installed on your Odoo server
-- (optional) An API key generated in Odoo (Settings > Users > API Keys)
+- For production use: The [Odoo MCP module](https://apps.odoo.com/apps/modules/18.0/mcp_server) installed on your Odoo server
+- For testing/demos: Any standard Odoo instance (use YOLO mode)
 
 ### Install UV First
 
@@ -202,6 +205,7 @@ The server requires the following environment variables:
 | `ODOO_USER` | Yes* | Username (if not using API key) | `admin` |
 | `ODOO_PASSWORD` | Yes* | Password (if not using API key) | `admin` |
 | `ODOO_DB` | No | Database name (auto-detected if not set) | `mycompany` |
+| `ODOO_YOLO` | No | YOLO mode - bypasses MCP security (⚠️ DEV ONLY) | `off`, `read`, `true` |
 
 *Either `ODOO_API_KEY` or both `ODOO_USER` and `ODOO_PASSWORD` are required.
 
@@ -285,6 +289,94 @@ The HTTP endpoint will be available at: `http://localhost:8000/mcp/`
    - Under the "API Keys" tab, create a new key
    - Copy the key for your MCP configuration
 
+### YOLO Mode (Development/Testing Only) ⚠️
+
+YOLO mode allows the MCP server to connect directly to any standard Odoo instance **without requiring the MCP module**. This mode bypasses all MCP security controls and is intended **ONLY for development, testing, and demos**.
+
+**🚨 WARNING: Never use YOLO mode in production environments!**
+
+#### YOLO Mode Levels
+
+1. **Read-Only Mode** (`ODOO_YOLO=read`):
+   - Allows all read operations (search, read, count)
+   - Blocks all write operations (create, update, delete)
+   - Safe for demos and testing
+   - Shows "READ-ONLY" indicators in responses
+
+2. **Full Access Mode** (`ODOO_YOLO=true`):
+   - Allows ALL operations without restrictions
+   - Full CRUD access to all models
+   - **EXTREMELY DANGEROUS** - use only in isolated environments
+   - Shows "FULL ACCESS" warnings in responses
+
+#### YOLO Mode Configuration
+
+<details>
+<summary>Read-Only YOLO Mode (safer for demos)</summary>
+
+```json
+{
+  "mcpServers": {
+    "odoo-demo": {
+      "command": "uvx",
+      "args": ["mcp-server-odoo"],
+      "env": {
+        "ODOO_URL": "http://localhost:8069",
+        "ODOO_USER": "admin",
+        "ODOO_PASSWORD": "admin",
+        "ODOO_DB": "demo",
+        "ODOO_YOLO": "read"
+      }
+    }
+  }
+}
+```
+</details>
+
+<details>
+<summary>Full Access YOLO Mode (⚠️ use with extreme caution)</summary>
+
+```json
+{
+  "mcpServers": {
+    "odoo-test": {
+      "command": "uvx",
+      "args": ["mcp-server-odoo"],
+      "env": {
+        "ODOO_URL": "http://localhost:8069",
+        "ODOO_USER": "admin",
+        "ODOO_PASSWORD": "admin",
+        "ODOO_DB": "test",
+        "ODOO_YOLO": "true"
+      }
+    }
+  }
+}
+```
+</details>
+
+#### When to Use YOLO Mode
+
+✅ **Appropriate Uses:**
+- Local development with test data
+- Quick demos with non-sensitive data
+- Testing MCP clients before installing the MCP module
+- Prototyping in isolated environments
+
+❌ **Never Use For:**
+- Production environments
+- Instances with real customer data
+- Shared development servers
+- Any environment with sensitive information
+
+#### YOLO Mode Security Notes
+
+- Connects directly to Odoo's standard XML-RPC endpoints
+- Bypasses all MCP access controls and model restrictions
+- No rate limiting is applied
+- All operations are logged but not restricted
+- Model listing shows 200+ models instead of just enabled ones
+
 ## Usage Examples
 
 Once configured, you can ask Claude:
 
@@ -82,7 +82,16 @@ def __init__(self, config: OdooConfig, cache_ttl: int = CACHE_TTL):
         # Parse base URL
         self.base_url = config.url.rstrip("/")
 
-        # Validate API key is available
+        # In YOLO mode, skip API key validation and MCP checks
+        if config.is_yolo_enabled:
+            mode_desc = "READ-ONLY" if config.yolo_mode == "read" else "FULL ACCESS"
+            logger.warning(
+                f"🚨 YOLO mode ({mode_desc}): Access control bypassed! "
+                f"All models accessible, MCP security disabled."
+            )
+            return  # Skip API validation
+
+        # Validate API key is available for standard mode
         if not config.api_key:
             raise AccessControlError(
                 "API key required for access control. Please configure ODOO_API_KEY."
@@ -170,6 +179,11 @@ def get_enabled_models(self) -> List[Dict[str, str]]:
         Raises:
             AccessControlError: If request fails
         """
+        # In YOLO mode, return empty list (all models are allowed)
+        if self.config.is_yolo_enabled:
+            logger.debug("YOLO mode: All models are accessible")
+            return []  # Empty list indicates all models allowed
+
         cache_key = "enabled_models"
 
         # Check cache
@@ -196,6 +210,11 @@ def is_model_enabled(self, model: str) -> bool:
         Returns:
             True if model is enabled, False otherwise
         """
+        # In YOLO mode, all models are enabled
+        if self.config.is_yolo_enabled:
+            logger.debug(f"YOLO mode: Model '{model}' is accessible")
+            return True
+
         try:
             enabled_models = self.get_enabled_models()
             return any(m["model"] == model for m in enabled_models)
@@ -215,6 +234,29 @@ def get_model_permissions(self, model: str) -> ModelPermissions:
         Raises:
             AccessControlError: If request fails
         """
+        # In YOLO mode, return permissions based on mode level
+        if self.config.is_yolo_enabled:
+            if self.config.yolo_mode == "read":
+                # Read-only mode: only read operations allowed
+                return ModelPermissions(
+                    model=model,
+                    enabled=True,
+                    can_read=True,
+                    can_write=False,
+                    can_create=False,
+                    can_unlink=False,
+                )
+            else:  # yolo_mode == "true"
+                # Full access mode: all operations allowed
+                return ModelPermissions(
+                    model=model,
+                    enabled=True,
+                    can_read=True,
+                    can_write=True,
+                    can_create=True,
+                    can_unlink=True,
+                )
+
         cache_key = f"permissions_{model}"
 
         # Check cache
@@ -253,8 +295,34 @@ def check_operation_allowed(self, model: str, operation: str) -> Tuple[bool, Opt
         Returns:
             Tuple of (allowed, error_message)
         """
+        # In YOLO mode, check based on mode level
+        if self.config.is_yolo_enabled:
+            # Define read operations
+            read_operations = {
+                "read",
+                "search",
+                "search_read",
+                "fields_get",
+                "count",
+                "search_count",
+            }
+
+            # Check operation based on mode
+            if operation in read_operations:
+                # Read operations always allowed in YOLO mode
+                return True, None
+            elif self.config.yolo_mode == "true":
+                # All operations allowed in full mode
+                return True, None
+            else:
+                # Write operations blocked in read-only mode
+                return False, (
+                    f"Write operation '{operation}' not allowed in read-only YOLO mode. "
+                    f"Only read operations are permitted for safety."
+                )
+
         try:
-            # Get model permissions
+            # Standard mode: Get model permissions from MCP
             permissions = self.get_model_permissions(model)
 
             # Check if model is enabled
@@ -294,6 +362,11 @@ def filter_enabled_models(self, models: List[str]) -> List[str]:
         Returns:
             List of enabled model names
         """
+        # In YOLO mode, all models are enabled
+        if self.config.is_yolo_enabled:
+            logger.debug(f"YOLO mode: All {len(models)} models are accessible")
+            return models  # Return all models unfiltered
+
         try:
             enabled_models = self.get_enabled_models()
             enabled_set = {m["model"] for m in enabled_models}
 
@@ -7,7 +7,7 @@
 import os
 from dataclasses import dataclass
 from pathlib import Path
-from typing import Literal, Optional
+from typing import Dict, Literal, Optional
 
 from dotenv import load_dotenv
 
@@ -36,6 +36,9 @@ class OdooConfig:
     host: str = "localhost"
     port: int = 8000
 
+    # YOLO mode configuration
+    yolo_mode: str = "off"  # "off", "read", or "true"
+
     def __post_init__(self):
         """Validate configuration after initialization."""
         # Validate URL
@@ -46,15 +49,28 @@ def __post_init__(self):
         if not self.url.startswith(("http://", "https://")):
             raise ValueError("ODOO_URL must start with http:// or https://")
 
-        # Validate authentication
+        # Validate YOLO mode
+        valid_yolo_modes = {"off", "read", "true"}
+        if self.yolo_mode not in valid_yolo_modes:
+            raise ValueError(
+                f"Invalid YOLO mode: {self.yolo_mode}. "
+                f"Must be one of: {', '.join(valid_yolo_modes)}"
+            )
+
+        # Validate authentication (relaxed for YOLO mode)
         has_api_key = bool(self.api_key)
         has_credentials = bool(self.username and self.password)
 
-        if not has_api_key and not has_credentials:
-            raise ValueError(
-                "Authentication required: provide either ODOO_API_KEY or "
-                "both ODOO_USER and ODOO_PASSWORD"
-            )
+        # In YOLO mode, we might need username even with API key for standard auth
+        if self.is_yolo_enabled:
+            if not has_credentials and not (has_api_key and self.username):
+                raise ValueError("YOLO mode requires either username/password or username/API key")
+        else:
+            if not has_api_key and not has_credentials:
+                raise ValueError(
+                    "Authentication required: provide either ODOO_API_KEY or "
+                    "both ODOO_USER and ODOO_PASSWORD"
+                )
 
         # Validate numeric fields
         if self.default_limit <= 0:
@@ -96,6 +112,33 @@ def uses_credentials(self) -> bool:
         """Check if configuration uses username/password authentication."""
         return bool(self.username and self.password)
 
+    @property
+    def is_yolo_enabled(self) -> bool:
+        """Check if any YOLO mode is active."""
+        return self.yolo_mode != "off"
+
+    @property
+    def is_write_allowed(self) -> bool:
+        """Check if write operations are allowed in current mode."""
+        return self.yolo_mode == "true"
+
+    def get_endpoint_paths(self) -> Dict[str, str]:
+        """Get appropriate endpoint paths based on mode.
+
+        Returns:
+            Dict[str, str]: Mapping of endpoint names to paths
+        """
+        if self.is_yolo_enabled:
+            # Use standard Odoo endpoints in YOLO mode
+            return {"db": "/xmlrpc/db", "common": "/xmlrpc/2/common", "object": "/xmlrpc/2/object"}
+        else:
+            # Use MCP-specific endpoints in standard mode
+            return {
+                "db": "/mcp/xmlrpc/db",
+                "common": "/mcp/xmlrpc/common",
+                "object": "/mcp/xmlrpc/object",
+            }
+
     @classmethod
     def from_env(cls, env_file: Optional[Path] = None) -> "OdooConfig":
         """Create configuration from environment variables.
@@ -152,6 +195,20 @@ def get_int_env(key: str, default: int) -> int:
         except ValueError:
             raise ValueError(f"{key} must be a valid integer") from None
 
+    # Helper function to parse YOLO mode
+    def get_yolo_mode() -> str:
+        yolo_env = os.getenv("ODOO_YOLO", "off").strip().lower()
+        # Map various inputs to valid modes
+        if yolo_env in ["", "false", "0", "off", "no"]:
+            return "off"
+        elif yolo_env in ["read", "readonly", "read-only"]:
+            return "read"
+        elif yolo_env in ["true", "1", "yes", "full"]:
+            return "true"
+        else:
+            # Invalid value - will be caught by validation
+            return yolo_env
+
     # Create configuration
     config = OdooConfig(
         url=os.getenv("ODOO_URL", "").strip(),
@@ -166,6 +223,7 @@ def get_int_env(key: str, default: int) -> int:
         transport=os.getenv("ODOO_MCP_TRANSPORT", "stdio").strip(),
         host=os.getenv("ODOO_MCP_HOST", "localhost").strip(),
         port=get_int_env("ODOO_MCP_PORT", 8000),
+        yolo_mode=get_yolo_mode(),
     )
 
     return config