MCP stdio client for the Brasil MCP Match REST API. Privacy-preserving CNPJ verification (KYC, anti-fraud, LGPD) from your Claude Desktop / Claude Code.
Project description
brasil-mcp-match
MCP stdio client for the Brasil MCP Match privacy-preserving CNPJ verification API.
Match, don't reveal. Verify Brazilian CNPJs (KYC, anti-fraud, onboarding, LGPD) from your Claude Desktop / Claude Code without exposing PII and without running Postgres yourself.
Repo layout — this is a split repo
Two pieces, two licenses, one repo:
| Path | License | Purpose |
|---|---|---|
src/brasil_mcp_match/ |
MIT | Published to PyPI as brasil-mcp-match. MCP stdio client + httpx wrapper for the REST API. What end users install. |
server/ |
AGPL-3.0-or-later | Operator-side code. FastAPI REST API + Receita Federal ingest + Postgres. NOT published to PyPI — self-hosters clone this repo and run from server/. See server/README.md. |
This split happened in v0.3.0. Up to and including v0.2.1, the PyPI package shipped the server. From v0.3.0 onward, the PyPI package ships only the thin HTTP client. See CHANGELOG.md for the migration story.
Quickstart (client)
1. Install (or just uvx it)
uv tool install brasil-mcp-match
# or run on demand:
uvx brasil-mcp-match
2. Sign up via MCP (no key yet — v0.4.0+)
You don't need an API key to load the MCP server anymore. Configure it WITHOUT
BRASIL_MCP_MATCH_KEY, then ask Claude to call the signup tools:
{
"mcpServers": {
"brasil-mcp-match": {
"command": "uvx",
"args": ["brasil-mcp-match"],
"env": {
"BRASIL_MCP_MATCH_URL": "https://server.solidapps.tech/brasil-mcp/match"
}
}
}
}
Then, in Claude:
You: Use brasil-mcp-match to request a free API key for me — email me@example.com.
Claude: (calls
request_api_key(email="me@example.com", plan="free")) Here's your key:bmm_live_.... Add it toBRASIL_MCP_MATCH_KEYin your Claude Desktop config and restart Claude Desktop to use the verifier tools.
For paid plans (starter / pro / enterprise), request_api_key returns a
checkout_url and a polling_token. Pay on the URL, then have Claude call
check_signup_status(polling_token) to retrieve the key (plaintext-once).
Until the key is configured, the 4 verifier tools return a MISSING_API_KEY
envelope guiding the user to request_api_key.
3. Configure your MCP client (with the key)
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"brasil-mcp-match": {
"command": "uvx",
"args": ["brasil-mcp-match"],
"env": {
"BRASIL_MCP_MATCH_URL": "https://server.solidapps.tech/brasil-mcp/match",
"BRASIL_MCP_MATCH_KEY": "your-api-key-here"
}
}
}
}
Claude Code (.claude/settings.local.json or via claude mcp add):
claude mcp add brasil-mcp-match \
--env BRASIL_MCP_MATCH_URL=https://server.solidapps.tech/brasil-mcp/match \
--env BRASIL_MCP_MATCH_KEY=your-api-key-here \
-- uvx brasil-mcp-match
Environment variables
| Var | Required | Default | Description |
|---|---|---|---|
BRASIL_MCP_MATCH_URL |
yes | — | Base URL of the Match REST API (no trailing path) |
BRASIL_MCP_MATCH_KEY |
no | — | API key. Optional since v0.4.0 — without it, the 4 verifier tools return MISSING_API_KEY but the signup tools (request_api_key, check_signup_status) still work. |
BRASIL_MCP_MATCH_TIMEOUT |
no | 10 |
HTTP timeout in seconds |
Tools exposed
The 4 verifier tools mirror the upstream Match API verbatim:
match_razao_social_tool(cnpj, nome, tolerance=0.85)— fuzzy match against RF-registered razão social (exact / fuzzy_prefix / fuzzy_word / fuzzy_phonetic).check_situacao_cadastral_tool(cnpj)— returnsativa/suspensa/inapta/baixada/nula+ since-date.check_porte_empresa_tool(cnpj)— returnsMEI/ME/EPP/DEMAISplus Simples and MEI flags.match_uf_tool(cnpj, uf)— verifies that the UF you have matches the one registered for the CNPJ (boolean, never reveals the registered UF).
The base excludes MEI and CNPJs not in
ativastatus — those returnCNPJ_NOT_FOUND.
Plus 2 self-service signup tools (v0.4.0+):
request_api_key(email, plan="free", cpf_cnpj=None)— issues a key directly for the free plan; returns a checkout URL + polling token for paid plans.check_signup_status(polling_token)— polls a pending signup, returns the key plaintext-once once payment is confirmed.
Plus 5 sócio-verification tools (v0.5.0+), all privacy-preserving:
match_nome_socio_tool(cnpj, nome, tolerance=0.85)— fuzzy match the name against any sócio registered for the CNPJ. Returns{match, hint, confidence}without revealing which sócio or the full registered name.match_cpf_socio_tool(cnpj, cpf)— verify a CPF belongs to a sócio PF. Mask-aware (the RF base only stores***XXXXXX**); returns boolean only.match_cnpj_socio_tool(cnpj, cnpj_socio)— verify thatcnpj_sociois a sócio PJ of the parentcnpj. Useful for holding / cross-ownership detection.check_qualificacao_socio_tool(cnpj, qualificacao)— does the CNPJ have any sócio with the given RF qualificação code? Returns{exists, count}only, never names.count_socios_tool(cnpj)— aggregate counts only:{total, pf, pj, estrangeiro}. No PII.
Same
BRASIL_MCP_MATCH_KEYgate applies to the sócio tools. CNPJs that are MEI or not inativastatus returnCNPJ_NOT_FOUND.
Why sócio verification?
- KYC — "Is the person opening this account actually a sócio of the company they claim to represent?" — answer yes/no without ever pulling the full sócio list.
- Anti-fraude (detecção de laranja) — confirm CPFs and names against the real RF-registered quadro societário before disbursing credit or onboarding a partner.
- Due diligence M&A — detect holding / cross-ownership structures via
match_cnpj_socio_tooland quantify the quadro societário viacount_socios_toolwithout ingesting third-party PII. - Compliance (PEP screening) — combine
check_qualificacao_socio_toolwith downstream PEP lists to flag administrative-power changes without exposing the underlying sócio identities upstream.
Error envelope
Network/HTTP failures become a JSON envelope so tool callers always see the same shape:
{ "error": { "code": "UPSTREAM_TIMEOUT", "message_pt": "...", "message_en": "..." } }
Codes added by this client:
UPSTREAM_TIMEOUT— Match server didn't respond withinBRASIL_MCP_MATCH_TIMEOUT.UPSTREAM_NETWORK— connection refused, DNS failure, TLS handshake error.UPSTREAM_BAD_RESPONSE— Match server returned non-JSON or unexpected shape.
All other codes (CNPJ_NOT_FOUND, INVALID_CNPJ, UNAUTHORIZED, etc.) come
straight from the upstream Match API.
Privacy
This client adds zero new PII exposure beyond what the Match API already processes. By design:
- The only data that leaves your machine is the CNPJ + (optionally) the name or UF you pass to the tool. No raw razão social, no endereço, no CPF de sócio ever crosses the wire from the server back to you — that's the whole point of Match.
- Your
BRASIL_MCP_MATCH_KEYis sent only as theX-Brasil-MCP-KeyHTTP header againstBRASIL_MCP_MATCH_URL. Never logged. - All HTTPS, no plaintext fallback.
Self-hosting the server
If you want to run your own Match deployment instead of consuming a hosted one, see server/README.md. The server is AGPL-3.0-or-later; running a public-facing instance triggers the source-availability obligation.
License
This published package (src/brasil_mcp_match/) is MIT. See LICENSE.
The server side (server/) is AGPL-3.0-or-later — see
server/LICENSE.
The MIT license on the client is intentional: it lets you embed the stdio client in proprietary stacks while the AGPL server protects the operator-side work from being relicensed downstream.
Related
- brasil-mcp/essentials — Fase 1, MIT.
- brasil-mcp/leads — Fase 3, B2B lead gen.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file brasil_mcp_match-0.5.0.tar.gz.
File metadata
- Download URL: brasil_mcp_match-0.5.0.tar.gz
- Upload date:
- Size: 315.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8b48e0f8e1fd74a33da1894d12716944b4815c1ec88b8a05ea451d883b03a5d4
|
|
| MD5 |
08ae62d1527b993c5242553706446479
|
|
| BLAKE2b-256 |
eb65fad7959c1b86ca63757f6425ffce5e9e2edc60aea13d564aad5c60687a40
|
Provenance
The following attestation bundles were made for brasil_mcp_match-0.5.0.tar.gz:
Publisher:
release.yml on brasil-mcp/match
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
brasil_mcp_match-0.5.0.tar.gz -
Subject digest:
8b48e0f8e1fd74a33da1894d12716944b4815c1ec88b8a05ea451d883b03a5d4 - Sigstore transparency entry: 1630263778
- Sigstore integration time:
-
Permalink:
brasil-mcp/match@666cd0474928136ced7bcf4363a78868ded35443 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/brasil-mcp
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@666cd0474928136ced7bcf4363a78868ded35443 -
Trigger Event:
push
-
Statement type:
File details
Details for the file brasil_mcp_match-0.5.0-py3-none-any.whl.
File metadata
- Download URL: brasil_mcp_match-0.5.0-py3-none-any.whl
- Upload date:
- Size: 12.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ceb7de19e7faa0af1d75c3ccfd21593e4e2662dff291a3a7239f8adc82eaff52
|
|
| MD5 |
d52c291a10793b92181a62d023acc438
|
|
| BLAKE2b-256 |
6c5be10d7e3b1b8692cbb9840496e6dcadeffd46b3091cd6a7bb1d049a83a5c5
|
Provenance
The following attestation bundles were made for brasil_mcp_match-0.5.0-py3-none-any.whl:
Publisher:
release.yml on brasil-mcp/match
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
brasil_mcp_match-0.5.0-py3-none-any.whl -
Subject digest:
ceb7de19e7faa0af1d75c3ccfd21593e4e2662dff291a3a7239f8adc82eaff52 - Sigstore transparency entry: 1630263860
- Sigstore integration time:
-
Permalink:
brasil-mcp/match@666cd0474928136ced7bcf4363a78868ded35443 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/brasil-mcp
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@666cd0474928136ced7bcf4363a78868ded35443 -
Trigger Event:
push
-
Statement type: