Netorigo
Sign in
Back to Journal
adminen

AI-driven catalog maintenance: chat instead of clicking

4 MCP tools for catalog, preview-confirm rule, AI as audit actor - 73% session share, edit time dropped 4.2 min to 1.6 min.

Catalog maintenance is one of the most tedious tenant-admin tasks. Sorting categories, generating SEO meta text, bulk price updates, hunting broken images - all click-intensive, repetitive work. In early 2026 we started integrating the AI assistant into Netorigo Admin: the tenant-admin can talk to the catalog in a chat panel, and the AI executes the task through MCP tools.

The four base tools

The chat panel currently exposes four MCP tools for the catalog module:

  1. catalog.bulkPriceUpdate - e.g. "raise prices in the Washing-Machine Pumps category by 8%". The tool returns a preview: which products, current price, new price, rounded price (per the pricing_rounding_policy, e.g. "end in 990"). The tenant-admin can Confirm or tweak parameters.
  2. catalog.recategorize - "move Bosch-branded products in the Pumps subcategory to a new Bosch-Pumps category". Preview: list of products to move with the new parent.
  3. catalog.seoRegenerate - "regenerate SEO titles and meta descriptions for 100 products with descriptions shorter than 200 characters". The tool writes new copy with GPT-5-nano from product attributes plus category, with preview.
  4. catalog.brokenImageScan - "find products whose image returns 404 or is dimensionless". The tool launches a batch scan, lists affected SKUs, and provides a CSV export.

The preview-confirm rule

No tool executes mutations directly. Every result is shown in a preview surface where the tenant-admin sees:

  • Which entities are affected (list of up to 100 rows; more, a CSV link)
  • Which fields would change (current -> new)
  • Estimated time (e.g. "5,200 product price updates, about 90 seconds")
  • Confirm and Cancel buttons

This is not optional. The backend GuardService rejects a tool call if the preview_token is not in the request body - the token comes from the preview step with a 15-minute TTL. So an AI assistant cannot run an impactful operation without the user having seen the preview first.

Audit traceability: the AI is also an actor

Every AI-originated change writes an audit_events row with actor_type='ai_assistant' and actor_id='ai_assistant:<userId>'. A later audit query lets the tenant-admin see: "which of my product prices were modified via AI last quarter?".

Additional metadata sits in an audit_metadata JSON column: which chat session, which prompt, which MCP tool-call ID. We don't show these in the default UI, but the CSV export includes all of it so an auditor can reconstruct the full context.

The token-budget circuit breaker

AI MCP tool usage isn't trivially cheap. A GPT-5-nano call is 50-200 tokens, a GPT-5 call (more serious tasks) is 2,000-10,000. A very active tenant-admin can burn 100k tokens in a single morning.

The circuit breaker has a default per-tenant 100k token/day limit. When hit, MCP tool calls return 429: "Daily AI budget reached. Resets at 00:00 tomorrow, or raise the limit at Admin > Settings > AI Budget."

The tenant-admin can raise the limit (max 1M tokens/day) or pay for a soft-limit monthly plan. Budget numbers are exported to Prometheus so our internal dashboards can track which tenants use AI heavily.

Usage metric: May 2026

May 2026 data:

  • 73% - share of catalog editing sessions that called at least one AI tool
  • 4.2 min -> 1.6 min - average edit time dropped (between session start and last save)
  • 2,341 - bulk price changes (AI-driven, not manual CSV import)
  • 0.4% - rejection rate for AI-proposed changes (Cancel button on the preview surface)

The 99.6% acceptance rate is higher than we expected (we projected about 90%). The preview-confirm rule is what delivers this: the user sees what's about to happen, so the surprise rate is low.

Back to Journal