Skip to main content

MCP stdio client for the Brasil MCP Match REST API. Privacy-preserving CNPJ verification (KYC, anti-fraud, LGPD) from your Claude Desktop / Claude Code.

Project description

brasil-mcp-match

PyPI Python License: MIT CI

MCP stdio client for the Brasil MCP Match privacy-preserving CNPJ verification API.

Match, don't reveal. Verify Brazilian CNPJs (KYC, anti-fraud, onboarding, LGPD) from your Claude Desktop / Claude Code without exposing PII and without running Postgres yourself.

Repo layout — this is a split repo

Two pieces, two licenses, one repo:

Path License Purpose
src/brasil_mcp_match/ MIT Published to PyPI as brasil-mcp-match. MCP stdio client + httpx wrapper for the REST API. What end users install.
server/ AGPL-3.0-or-later Operator-side code. FastAPI REST API + Receita Federal ingest + Postgres. NOT published to PyPI — self-hosters clone this repo and run from server/. See server/README.md.

This split happened in v0.3.0. Up to and including v0.2.1, the PyPI package shipped the server. From v0.3.0 onward, the PyPI package ships only the thin HTTP client. See CHANGELOG.md for the migration story.


Quickstart (client)

1. Install (or just uvx it)

uv tool install brasil-mcp-match
# or run on demand:
uvx brasil-mcp-match

2. Sign up via MCP (no key yet — v0.4.0+)

You don't need an API key to load the MCP server anymore. Configure it WITHOUT BRASIL_MCP_MATCH_KEY, then ask Claude to call the signup tools:

{
  "mcpServers": {
    "brasil-mcp-match": {
      "command": "uvx",
      "args": ["brasil-mcp-match"],
      "env": {
        "BRASIL_MCP_MATCH_URL": "https://server.solidapps.tech/brasil-mcp/match"
      }
    }
  }
}

Then, in Claude:

You: Use brasil-mcp-match to request a free API key for me — email me@example.com.

Claude: (calls request_api_key(email="me@example.com", plan="free")) Here's your key: bmm_live_.... Add it to BRASIL_MCP_MATCH_KEY in your Claude Desktop config and restart Claude Desktop to use the verifier tools.

For paid plans (starter / pro / enterprise), request_api_key returns a checkout_url and a polling_token. Pay on the URL, then have Claude call check_signup_status(polling_token) to retrieve the key (plaintext-once).

Until the key is configured, the 4 verifier tools return a MISSING_API_KEY envelope guiding the user to request_api_key.

3. Configure your MCP client (with the key)

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "brasil-mcp-match": {
      "command": "uvx",
      "args": ["brasil-mcp-match"],
      "env": {
        "BRASIL_MCP_MATCH_URL": "https://server.solidapps.tech/brasil-mcp/match",
        "BRASIL_MCP_MATCH_KEY": "your-api-key-here"
      }
    }
  }
}

Claude Code (.claude/settings.local.json or via claude mcp add):

claude mcp add brasil-mcp-match \
  --env BRASIL_MCP_MATCH_URL=https://server.solidapps.tech/brasil-mcp/match \
  --env BRASIL_MCP_MATCH_KEY=your-api-key-here \
  -- uvx brasil-mcp-match

Environment variables

Var Required Default Description
BRASIL_MCP_MATCH_URL yes Base URL of the Match REST API (no trailing path)
BRASIL_MCP_MATCH_KEY no API key. Optional since v0.4.0 — without it, the 4 verifier tools return MISSING_API_KEY but the signup tools (request_api_key, check_signup_status) still work.
BRASIL_MCP_MATCH_TIMEOUT no 10 HTTP timeout in seconds

Tools exposed

The 4 verifier tools mirror the upstream Match API verbatim:

  • match_razao_social_tool(cnpj, nome, tolerance=0.85) — fuzzy match against RF-registered razão social (exact / fuzzy_prefix / fuzzy_word / fuzzy_phonetic).
  • check_situacao_cadastral_tool(cnpj) — returns ativa / suspensa / inapta / baixada / nula + since-date.
  • check_porte_empresa_tool(cnpj) — returns MEI / ME / EPP / DEMAIS plus Simples and MEI flags.
  • match_uf_tool(cnpj, uf) — verifies that the UF you have matches the one registered for the CNPJ (boolean, never reveals the registered UF).

The base excludes MEI and CNPJs not in ativa status — those return CNPJ_NOT_FOUND.

Plus 2 self-service signup tools (v0.4.0+):

  • request_api_key(email, plan="free", cpf_cnpj=None) — issues a key directly for the free plan; returns a checkout URL + polling token for paid plans.
  • check_signup_status(polling_token) — polls a pending signup, returns the key plaintext-once once payment is confirmed.

Error envelope

Network/HTTP failures become a JSON envelope so tool callers always see the same shape:

{ "error": { "code": "UPSTREAM_TIMEOUT", "message_pt": "...", "message_en": "..." } }

Codes added by this client:

  • UPSTREAM_TIMEOUT — Match server didn't respond within BRASIL_MCP_MATCH_TIMEOUT.
  • UPSTREAM_NETWORK — connection refused, DNS failure, TLS handshake error.
  • UPSTREAM_BAD_RESPONSE — Match server returned non-JSON or unexpected shape.

All other codes (CNPJ_NOT_FOUND, INVALID_CNPJ, UNAUTHORIZED, etc.) come straight from the upstream Match API.

Privacy

This client adds zero new PII exposure beyond what the Match API already processes. By design:

  • The only data that leaves your machine is the CNPJ + (optionally) the name or UF you pass to the tool. No raw razão social, no endereço, no CPF de sócio ever crosses the wire from the server back to you — that's the whole point of Match.
  • Your BRASIL_MCP_MATCH_KEY is sent only as the X-Brasil-MCP-Key HTTP header against BRASIL_MCP_MATCH_URL. Never logged.
  • All HTTPS, no plaintext fallback.

Self-hosting the server

If you want to run your own Match deployment instead of consuming a hosted one, see server/README.md. The server is AGPL-3.0-or-later; running a public-facing instance triggers the source-availability obligation.

License

This published package (src/brasil_mcp_match/) is MIT. See LICENSE.

The server side (server/) is AGPL-3.0-or-later — see server/LICENSE.

The MIT license on the client is intentional: it lets you embed the stdio client in proprietary stacks while the AGPL server protects the operator-side work from being relicensed downstream.

Related

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

brasil_mcp_match-0.4.0.tar.gz (297.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

brasil_mcp_match-0.4.0-py3-none-any.whl (11.0 kB view details)

Uploaded Python 3

File details

Details for the file brasil_mcp_match-0.4.0.tar.gz.

File metadata

  • Download URL: brasil_mcp_match-0.4.0.tar.gz
  • Upload date:
  • Size: 297.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for brasil_mcp_match-0.4.0.tar.gz
Algorithm Hash digest
SHA256 16803fe4c991e64949a9c74b908d40e7b2e37fe6dec9286f3c6ce5878a5ea8c7
MD5 4fe6c4d8e4c485eead594df0a8bc0047
BLAKE2b-256 216de2c21f315105c69561e4222f81c028c55eee500f936562f4a4f635048826

See more details on using hashes here.

Provenance

The following attestation bundles were made for brasil_mcp_match-0.4.0.tar.gz:

Publisher: release.yml on brasil-mcp/match

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file brasil_mcp_match-0.4.0-py3-none-any.whl.

File metadata

File hashes

Hashes for brasil_mcp_match-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fa01ef0e0f580addbb2162bfd4b66f313a142b663fe5eb0f3a53902144daebb3
MD5 6cebe5c1775b96b784b01924d8695ef9
BLAKE2b-256 a1322004222e2fd5a85df2195ab8986c6c96bea0e2345202d74567869dd33231

See more details on using hashes here.

Provenance

The following attestation bundles were made for brasil_mcp_match-0.4.0-py3-none-any.whl:

Publisher: release.yml on brasil-mcp/match

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page