mcp-tiny-erp-server
by DanielRudnick
Overview
The server acts as an MCP (Model Context Protocol) gateway for the Tiny ERP API, exposing its functionalities as tools for AI agents or other clients.
Installation
python -m uvicorn src.main:app --reloadEnvironment Variables
- TINY_API_BASE_URL
- TINY_API_TIMEOUT
- ENVIRONMENT
- DEBUG
- PORT
- CORS_ORIGINS
- TINY_API_TOKEN
Security Notes
CRITICAL: The server explicitly decodes JWT tokens without signature validation, stating 'Decodifica JWT manualmente (sem validação de assinatura)'. This means an attacker could forge JWTs containing any tenant_id and tiny_token, bypassing authentication if they know the payload structure. HIGH: CORS is set to `allow_origins=['*']`, which is a significant security risk for production environments as it allows any domain to make cross-origin requests. MEDIUM: The `mcp_filtro_clientes_excel` tool relies on a hardcoded CSV path (`/mnt/user-data/uploads/contatos_teste.csv`), which could lead to file system vulnerabilities if not properly secured.
Similar Servers
fastapi_mcp
Automatically converts FastAPI endpoints into Model Context Protocol (MCP) tools for seamless integration with LLM agents.
claude-odoo-api
The Odoo MCP Server provides tools to interact with Odoo 19's External JSON-2 API, enabling AI clients to perform CRUD operations and queries on Odoo databases with multi-company support.
mcp_hello_server
Minimal MCP-style server implemented with FastAPI for demonstrating and extending Model Context Protocol interactions.
tutto-mcp-server
Implements a Model Context Protocol (MCP) server in Python using FastMCP to expose custom tools and resources for consumption by language models.