@codespar/mcp-open-finance 0.1.0 → 0.1.2

package/README.md

@@ -0,0 +1,120 @@
+# @codespar/mcp-open-finance
+
+> MCP server for **Open Finance Brasil** — open banking standard for accounts, transactions, and consents
+
+[![npm](https://img.shields.io/npm/v/@codespar/mcp-open-finance)](https://www.npmjs.com/package/@codespar/mcp-open-finance)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+
+## Quick Start
+
+### Claude Desktop
+
+Add to `~/.config/claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "open-finance": {
+      "command": "npx",
+      "args": ["-y", "@codespar/mcp-open-finance"],
+      "env": {
+        "OPEN_FINANCE_BASE_URL": "https://api.institution.com.br",
+        "OPEN_FINANCE_CLIENT_ID": "your-client-id",
+        "OPEN_FINANCE_CLIENT_SECRET": "your-client-secret"
+      }
+    }
+  }
+}
+```
+
+### Claude Code
+
+```bash
+claude mcp add open-finance -- npx @codespar/mcp-open-finance
+```
+
+### Cursor / VS Code
+
+Add to `.cursor/mcp.json` or `.vscode/mcp.json`:
+
+```json
+{
+  "servers": {
+    "open-finance": {
+      "command": "npx",
+      "args": ["-y", "@codespar/mcp-open-finance"],
+      "env": {
+        "OPEN_FINANCE_BASE_URL": "https://api.institution.com.br",
+        "OPEN_FINANCE_CLIENT_ID": "your-client-id",
+        "OPEN_FINANCE_CLIENT_SECRET": "your-client-secret"
+      }
+    }
+  }
+}
+```
+
+## Tools
+
+| Tool | Description |
+|------|-------------|
+| `list_accounts` | List customer bank accounts via Open Finance |
+| `get_account_balance` | Get account balance via Open Finance |
+| `list_transactions` | List account transactions via Open Finance |
+| `get_consent` | Get consent details by ID |
+| `create_consent` | Create a new consent request for data access |
+| `list_credit_cards` | List credit card accounts via Open Finance |
+| `get_credit_card_transactions` | Get credit card transactions via Open Finance |
+| `list_investments` | List investment products via Open Finance |
+
+## Authentication
+
+Open Finance Brasil uses OAuth2 client credentials. Each financial institution provides its own base URL and credentials.
+
+## Sandbox / Testing
+
+Sandbox availability varies by institution. Contact your financial institution for Open Finance sandbox access.
+
+### Get your credentials
+
+1. Go to [Open Finance Brasil](https://openfinancebrasil.org.br)
+2. Register with a participating financial institution
+3. Obtain your OAuth2 client credentials
+4. Set the environment variables
+
+## Environment Variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `OPEN_FINANCE_BASE_URL` | Yes | Institution API base URL |
+| `OPEN_FINANCE_CLIENT_ID` | Yes | OAuth2 client ID |
+| `OPEN_FINANCE_CLIENT_SECRET` | Yes | OAuth2 client secret |
+
+## Roadmap
+
+### v0.2 (planned)
+- `revoke_consent` — Revoke a data sharing consent
+- `list_payments` — List initiated payments
+- `create_payment_consent` — Create a payment initiation consent
+- `initiate_payment` — Initiate a payment via Open Finance
+- `get_payment_status` — Get payment initiation status
+
+### v0.3 (planned)
+- `insurance_products` — List insurance products from institutions
+- `pension_products` — List pension products from institutions
+
+Want to contribute? [Open a PR](https://github.com/codespar/mcp-dev-brasil) or [request a tool](https://github.com/codespar/mcp-dev-brasil/issues).
+
+## Links
+
+- [Open Finance Brasil](https://openfinancebrasil.org.br)
+- [Open Finance Brasil Developer Portal](https://openfinancebrasil.atlassian.net)
+- [MCP Dev Brasil](https://github.com/codespar/mcp-dev-brasil)
+- [Landing Page](https://codespar.dev/mcp)
+
+## Enterprise
+
+Need governance, budget limits, and audit trails for agent payments? [CodeSpar Enterprise](https://codespar.dev/enterprise) adds policy engine, payment routing, and compliance templates on top of these MCP servers.
+
+## License
+
+MIT

package/dist/index.js

@@ -19,6 +19,8 @@
  */
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
 const BASE_URL = process.env.OPEN_FINANCE_BASE_URL || "";
 const CLIENT_ID = process.env.OPEN_FINANCE_CLIENT_ID || "";
@@ -182,7 +184,8 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
     ],
 }));
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
-    const { name, arguments: args } = request.params;
+    const { name, arguments: rawArgs } = request.params;
+    const args = rawArgs;
     try {
         switch (name) {
             case "list_accounts": {
@@ -258,11 +261,46 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     }
 });
 async function main() {
-    if (!BASE_URL || !CLIENT_ID || !CLIENT_SECRET) {
-        console.error("OPEN_FINANCE_BASE_URL, OPEN_FINANCE_CLIENT_ID, and OPEN_FINANCE_CLIENT_SECRET environment variables are required");
-        process.exit(1);
+    if (process.argv.includes("--http") || process.env.MCP_HTTP === "true") {
+        const { default: express } = await import("express");
+        const { randomUUID } = await import("node:crypto");
+        const app = express();
+        app.use(express.json());
+        const transports = new Map();
+        app.get("/health", (_req, res) => res.json({ status: "ok", sessions: transports.size }));
+        app.post("/mcp", async (req, res) => {
+            const sid = req.headers["mcp-session-id"];
+            if (sid && transports.has(sid)) {
+                await transports.get(sid).handleRequest(req, res, req.body);
+                return;
+            }
+            if (!sid && isInitializeRequest(req.body)) {
+                const t = new StreamableHTTPServerTransport({ sessionIdGenerator: () => randomUUID(), onsessioninitialized: (id) => { transports.set(id, t); } });
+                t.onclose = () => { if (t.sessionId)
+                    transports.delete(t.sessionId); };
+                const s = new Server({ name: "mcp-open-finance", version: "0.1.0" }, { capabilities: { tools: {} } });
+                server._requestHandlers.forEach((v, k) => s._requestHandlers.set(k, v));
+                server._notificationHandlers?.forEach((v, k) => s._notificationHandlers.set(k, v));
+                await s.connect(t);
+                await t.handleRequest(req, res, req.body);
+                return;
+            }
+            res.status(400).json({ jsonrpc: "2.0", error: { code: -32000, message: "Bad Request" }, id: null });
+        });
+        app.get("/mcp", async (req, res) => { const sid = req.headers["mcp-session-id"]; if (sid && transports.has(sid))
+            await transports.get(sid).handleRequest(req, res);
+        else
+            res.status(400).send("Invalid session"); });
+        app.delete("/mcp", async (req, res) => { const sid = req.headers["mcp-session-id"]; if (sid && transports.has(sid))
+            await transports.get(sid).handleRequest(req, res);
+        else
+            res.status(400).send("Invalid session"); });
+        const port = Number(process.env.MCP_PORT) || 3000;
+        app.listen(port, () => { console.error(`MCP HTTP server on http://localhost:${port}/mcp`); });
+    }
+    else {
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
     }
-    const transport = new StdioServerTransport();
-    await server.connect(transport);
 }
 main().catch(console.error);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codespar/mcp-open-finance",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "MCP server for Open Finance Brasil — accounts, transactions, consents, investments",
   "type": "module",
   "main": "./dist/index.js",
@@ -26,5 +26,6 @@
     "pix",
     "accounts",
     "brazil"
-  ]
+  ],
+  "mcpName": "io.github.codespar/mcp-open-finance"
 }

package/server.json

@@ -0,0 +1,30 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "io.github.codespar/mcp-open-finance",
+  "description": "MCP server for Open Finance Brasil — accounts, transactions, consents, investments",
+  "repository": {
+    "url": "https://github.com/codespar/mcp-dev-brasil",
+    "source": "github",
+    "subfolder": "packages/banking/open-finance"
+  },
+  "version": "0.1.2",
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "@codespar/mcp-open-finance",
+      "version": "0.1.2",
+      "transport": {
+        "type": "stdio"
+      },
+      "environmentVariables": [
+        {
+          "name": "OPEN_FINANCE_CLIENT_SECRET",
+          "description": "API key for open-finance",
+          "isRequired": true,
+          "format": "string",
+          "isSecret": true
+        }
+      ]
+    }
+  ]
+}

package/src/__tests__/index.test.ts

@@ -0,0 +1,53 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+
+let listToolsHandler: Function;
+let callToolHandler: Function;
+
+vi.mock("@modelcontextprotocol/sdk/server/index.js", () => {
+  class FakeServer {
+    constructor() {}
+    setRequestHandler(schema: any, handler: Function) {
+      if (JSON.stringify(schema).includes("tools/list")) listToolsHandler = handler;
+      if (JSON.stringify(schema).includes("tools/call")) callToolHandler = handler;
+    }
+    connect() { return Promise.resolve(); }
+  }
+  return { Server: FakeServer };
+});
+
+vi.mock("@modelcontextprotocol/sdk/server/stdio.js", () => ({ StdioServerTransport: class {} }));
+
+process.env.OPEN_FINANCE_BASE_URL = "https://api.bank.example.com";
+process.env.OPEN_FINANCE_CLIENT_ID = "test-id";
+process.env.OPEN_FINANCE_CLIENT_SECRET = "test-secret";
+
+const mockFetch = vi.fn();
+global.fetch = mockFetch as any;
+
+beforeEach(async () => {
+  vi.resetModules();
+  listToolsHandler = undefined as any;
+  callToolHandler = undefined as any;
+  mockFetch.mockReset();
+  global.fetch = mockFetch as any;
+  mockFetch.mockResolvedValue({ ok: true, json: () => Promise.resolve({ access_token: "tok", expires_in: 3600 }) });
+  await import("../index.js");
+});
+
+describe("mcp-open-finance", () => {
+  it("should register 8 tools", async () => {
+    const result = await listToolsHandler();
+    expect(result.tools).toHaveLength(8);
+  });
+
+  it("should call correct API endpoint for get_account_balance", async () => {
+    mockFetch
+      .mockResolvedValueOnce({ ok: true, json: () => Promise.resolve({ access_token: "tok", expires_in: 3600 }) })
+      .mockResolvedValueOnce({ ok: true, json: () => Promise.resolve({ data: { availableAmount: 1000 } }) });
+
+    await callToolHandler({ params: { name: "get_account_balance", arguments: { accountId: "acc_123" } } });
+
+    const lastCall = mockFetch.mock.calls[mockFetch.mock.calls.length - 1];
+    expect(lastCall[0]).toContain("/open-banking/accounts/v2/accounts/acc_123/balances");
+  });
+});

package/src/index.ts

@@ -21,6 +21,8 @@
 
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import {
   CallToolRequestSchema,
   ListToolsRequestSchema,
@@ -197,7 +199,8 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
 }));
 
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
-  const { name, arguments: args } = request.params;
+  const { name, arguments: rawArgs } = request.params;
+  const args = rawArgs as Record<string, unknown> | undefined;
 
   try {
     switch (name) {
@@ -245,7 +248,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         return { content: [{ type: "text", text: JSON.stringify(await openFinanceRequest("GET", `/open-banking/credit-cards-accounts/v2/accounts/${args?.creditCardAccountId}/transactions?${params}`), null, 2) }] };
       }
       case "list_investments": {
-        const investmentType = args?.investmentType || "BANK_FIXED_INCOMES";
+        const investmentType = (args?.investmentType as string) || "BANK_FIXED_INCOMES";
         const params = new URLSearchParams();
         if (args?.page) params.set("page", String(args.page));
         if (args?.pageSize) params.set("page-size", String(args.pageSize));
@@ -260,12 +263,32 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
 });
 
 async function main() {
-  if (!BASE_URL || !CLIENT_ID || !CLIENT_SECRET) {
-    console.error("OPEN_FINANCE_BASE_URL, OPEN_FINANCE_CLIENT_ID, and OPEN_FINANCE_CLIENT_SECRET environment variables are required");
-    process.exit(1);
+  if (process.argv.includes("--http") || process.env.MCP_HTTP === "true") {
+    const { default: express } = await import("express");
+    const { randomUUID } = await import("node:crypto");
+    const app = express();
+    app.use(express.json());
+    const transports = new Map<string, StreamableHTTPServerTransport>();
+    app.get("/health", (_req: any, res: any) => res.json({ status: "ok", sessions: transports.size }));
+    app.post("/mcp", async (req: any, res: any) => {
+      const sid = req.headers["mcp-session-id"] as string | undefined;
+      if (sid && transports.has(sid)) { await transports.get(sid)!.handleRequest(req, res, req.body); return; }
+      if (!sid && isInitializeRequest(req.body)) {
+        const t = new StreamableHTTPServerTransport({ sessionIdGenerator: () => randomUUID(), onsessioninitialized: (id) => { transports.set(id, t); } });
+        t.onclose = () => { if (t.sessionId) transports.delete(t.sessionId); };
+        const s = new Server({ name: "mcp-open-finance", version: "0.1.0" }, { capabilities: { tools: {} } }); (server as any)._requestHandlers.forEach((v: any, k: any) => (s as any)._requestHandlers.set(k, v)); (server as any)._notificationHandlers?.forEach((v: any, k: any) => (s as any)._notificationHandlers.set(k, v)); await s.connect(t);
+        await t.handleRequest(req, res, req.body); return;
+      }
+      res.status(400).json({ jsonrpc: "2.0", error: { code: -32000, message: "Bad Request" }, id: null });
+    });
+    app.get("/mcp", async (req: any, res: any) => { const sid = req.headers["mcp-session-id"] as string; if (sid && transports.has(sid)) await transports.get(sid)!.handleRequest(req, res); else res.status(400).send("Invalid session"); });
+    app.delete("/mcp", async (req: any, res: any) => { const sid = req.headers["mcp-session-id"] as string; if (sid && transports.has(sid)) await transports.get(sid)!.handleRequest(req, res); else res.status(400).send("Invalid session"); });
+    const port = Number(process.env.MCP_PORT) || 3000;
+    app.listen(port, () => { console.error(`MCP HTTP server on http://localhost:${port}/mcp`); });
+  } else {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
   }
-  const transport = new StdioServerTransport();
-  await server.connect(transport);
 }
 
 main().catch(console.error);

package/tsconfig.json

@@ -6,6 +6,7 @@
     "outDir": "./dist",
     "rootDir": "./src",
     "strict": true,
+    "skipLibCheck": true,
     "esModuleInterop": true,
     "declaration": true
   },