malinoto/tracepass-mcp-server
БесплатноНе проверенEU Digital Product Passport automation for AI agents. Create products, build and audit DPPs (battery, electronics, textiles, and more), set economic-operator pa
Описание
EU Digital Product Passport automation for AI agents. Create products, build and audit DPPs (battery, electronics, textiles, and more), set economic-operator parties, and read or capture GS1 EPCIS 2.0 supply-chain events via the TracePass platform. 6 tools, hosted (https://ai.tracepass.eu/mcp) or local. Install via npx -y tracepass-mcp-server.
README
Listed on Glama smithery badge
A Model Context Protocol server for TracePass — the EU Digital Product Passport platform. It lets AI assistants (Claude, Cursor, IDE agents) manage products, Digital Product Passports, economic-operator parties, and GS1 EPCIS 2.0 supply-chain events.
It speaks the full MCP protocol — tools, resources, resource templates, and prompts.
Two ways to use it
The same server core ships two ways:
- Hosted — point your MCP client at
https://ai.tracepass.eu/mcp. Nothing to install; always current. - Local (npm) — run
tracepass-mcp-servervianpx. The MCP client launches it as a subprocess and speaks MCP over stdio.
Authentication
The server accepts either of TracePass's two v1 auth methods on the
same Authorization: Bearer … header — it forwards whatever you send to
the API, which decides. Pick the one that fits how you're connecting:
| API key | OAuth 2.0 | |
|---|---|---|
| Best for | A single user, scripts, server-to-server | AI assistants / apps acting on a user's behalf |
| What you send | A static tp_… key as a Bearer token |
A scoped access token obtained via the OAuth flow |
| Setup | Mint at Developer → API Keys | The user clicks Connect and approves scopes |
| Scope | All-or-nothing (the whole workspace) | Exactly the scopes the user granted; revocable |
| Works with | Hosted and local (npx) | Hosted endpoint only (needs a browser consent step) |
Which should an AI assistant use? If your MCP client supports OAuth (Claude.ai, ChatGPT, and others), prefer OAuth — the user authorizes the connection once on a TracePass consent screen, you never handle a secret, and access is least-privilege and revocable. If your client only takes a header/token, use an API key.
OAuth 2.0 (recommended for hosted clients)
No config beyond pointing your client at the hosted endpoint — discovery
is automatic. On the first unauthenticated request the server returns a
401 whose WWW-Authenticate header carries a resource_metadata URL
(RFC 9728) pointing at /.well-known/oauth-protected-resource, which
names the TracePass authorization server. The client runs the standard
authorization-code flow with PKCE (/api/oauth/authorize →
/api/oauth/token), the user approves scopes, and the client stores +
refreshes the token. If you distribute your own client, register an app
under Developer → OAuth Apps to get a client_id; many hosted
clients self-register via Dynamic Client Registration automatically.
Request only the scopes you need, e.g. passports:read passports:write offline_access. Users manage connected apps (and revoke) under
Developer → OAuth Apps → Connected Apps.
API key
Mint a tp_… key under Developer → API Keys and send it as a Bearer
token.
Hosted:
{
"mcpServers": {
"tracepass": {
"url": "https://ai.tracepass.eu/mcp",
"headers": { "Authorization": "Bearer tp_YOUR_KEY" }
}
}
}
Local (npx / stdio) — the local subprocess can't do an interactive
OAuth consent step, so it's API-key only, via the TRACEPASS_API_KEY env:
{
"mcpServers": {
"tracepass": {
"command": "npx",
"args": ["-y", "tracepass-mcp-server"],
"env": {
"TRACEPASS_API_KEY": "tp_YOUR_KEY"
}
}
}
}
Optional env var: TRACEPASS_BASE_URL (defaults to
https://app.tracepass.eu) — point the tools at a different
TracePass deployment.
Tools
The TracePass v1 API operations are grouped into 6 tools. Each takes an action enum plus action-specific arguments. The tools are:
tracepass_products- manage the product catalogue (list, get, create, update products).tracepass_passports- manage Digital Product Passports (list, get, compliance check, registry-readiness check, create, suspend, archive, get QR), by id or by serial.tracepass_passport_fields- update a passport's category-specific data fields, by id or by serial.tracepass_passport_parties- set or remove a passport's economic-operator parties (manufacturer, importer, etc.).tracepass_epcis- export, capture, and query a passport's GS1 EPCIS 2.0 supply-chain events.tracepass_templates- list and get the DPP category regulatory field schemas.
Each tool's full action set:
| Tool | Actions |
|---|---|
tracepass_products |
list, get, create, update |
tracepass_passports |
list, get, get_by_serial, compliance, registry_readiness, create, suspend, suspend_by_serial, archive, archive_by_serial, get_qr |
tracepass_passport_fields |
update, update_by_serial |
tracepass_passport_parties |
set, remove |
tracepass_epcis |
export, export_by_serial, capture, capture_job, query |
tracepass_templates |
list, get |
The *_by_serial actions address a passport by the customer's own serial
number instead of its TracePass id. A serial is unique only within a GTIN, so
if the same serial exists under two GTINs in your account a serial-only call
returns 409 ambiguous_serial — pass the optional gtin arg to disambiguate
(or use the by-id action). The same gtin disambiguator applies to every
*_by_serial action.
The tracepass_passports compliance action returns a three-tier
compliance verdict (compliant / compliant_with_warnings /
incomplete) with regulation-cited findings — missing required fields,
missing economic-operator parties, format issues, and per-category
conditional rules. Read-only; use it to gap-check a passport, fix the
cited gaps, then re-check.
A note on writes
Some actions cost money or are irreversible — the server's tool descriptions tell the model so:
tracepass_passportscreateconsumes a billable DPP slot on the account's plan. Over-quota creation incurs a per-passport overage charge; the tool surfaces a 402-style message and only proceeds withargs.confirmOverage: trueafter the user agrees.tracepass_passportsarchiveis irreversible — the public QR permanently 404s. Usesuspend(reversible) when a change might be undone.tracepass_epciscapture/queryrequire the paid EPCIS add-on;exportis included on Starter plans and up.
Resources
Read-only entity data you can attach as conversation context:
tracepass://products— the product cataloguetracepass://product/{id}— one producttracepass://passport/{id}— one passport, full field detailtracepass://passport/{id}/epcis— a passport's EPCIS 2.0 eventstracepass://passport/{id}/compliance— a passport's compliance verdicttracepass://passport/{id}/registry-readiness— whether a passport would pass the EU DPP Registry's formal submission gate (battery only)tracepass://templates— all 12 DPP category regulatory schemastracepass://template/{category}— one category's full field schema
Prompts
Reusable DPP workflows the client surfaces as slash-commands:
audit_passport— review a passport for completeness and compliance readinessonboard_product— create a product and its first passportexplain_dpp_requirements— explain what a category's compliant DPP must contain, and the regulation behind each fieldcompliance_gap_check— produce a prioritised, regulation-cited list of what's blocking a passport's compliant publicationreview_epcis_events— summarise a passport's supply-chain trail
Development
npm install
npm run build # tsc -> dist/
npm run typecheck
npm test # vitest
npm run lint
npm start # run the hosted HTTP service locally (:8080)
npm run start:stdio # run the stdio server locally
The hosted service is a plain Node HTTP server (dist/http.js),
stateless — each request carries its own API key and builds a fresh
MCP session. It is containerised via the Dockerfile and deployed to
Hetzner; see tracepass-environment/docker-mcp.yml.
Listed on Glama
This server is published in the official MCP Registry
as eu.tracepass/tracepass and listed on Glama:
License
MIT
Установить malinoto/tracepass-mcp-server в Claude Desktop, Claude Code, Cursor
unyly install malinoto-tracepass-mcp-serverСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add malinoto-tracepass-mcp-server -- npx -y tracepass-mcp-serverFAQ
malinoto/tracepass-mcp-server MCP бесплатный?
Да, malinoto/tracepass-mcp-server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для malinoto/tracepass-mcp-server?
Нет, malinoto/tracepass-mcp-server работает без API-ключей и переменных окружения.
malinoto/tracepass-mcp-server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить malinoto/tracepass-mcp-server в Claude Desktop, Claude Code или Cursor?
Открой malinoto/tracepass-mcp-server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare malinoto/tracepass-mcp-server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
