Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Red Server

БесплатноНе проверен

Connects AI assistants to Big Red Cloud accounting data, allowing natural-language queries and controlled write operations with safety checks.

GitHubEmbed

Описание

Connects AI assistants to Big Red Cloud accounting data, allowing natural-language queries and controlled write operations with safety checks.

README

Red is an open-source Model Context Protocol (MCP) server that connects AI assistants and MCP clients, including Claude, ChatGPT, and Vibe, to Big Red Cloud accounting data through a set of controlled MCP tools.

Instead of calling the Big Red Cloud REST API directly, users work in plain language. The server translates requests into structured API calls and applies safety checks around anything that changes data.

With Red, a connected user can:

  • Review Big Red Cloud data with read-only lookups (customers, suppliers, products, invoices, quotes, nominal reports, and more).
  • Review before posting — see a plain-English preview of new records before anything is written to Big Red Cloud.
  • Create, update, or delete records only after explicit confirmation.

Why open source?

We believe AI infrastructure should be transparent. Customers should be able to inspect the software that connects their accounting data to AI assistants.

Our competitive advantage is not the connector itself; it is our accounting platform, our expert bookkeeping advice, our customer experience, and the value we build on top of it.

By open-sourcing Red, we hope to encourage trust, community contributions, and wider adoption of open standards.


Features

  • Secure company connection flow (session-scoped, no credentials in chat)
  • Pre-confirm validation of company connection credentials on the connection page (form and CSV upload)
  • Partial connection results — invalid keys are rejected before confirm and reported in failedCompanies
  • Hosted HTTP connectionRef for MCP clients that rotate session IDs (for example Vibe/Mistral); kept in tool JSON, not shown to end users
  • Read-only Big Red Cloud lookups
  • Customer, supplier, product, sales rep, VAT, and analysis category tools
  • Sales quotes, invoices, credit notes, purchases, payments, and cash tools
  • Preview-before-posting confirmation flow for create, update, delete, batch, and email actions
  • VAT and transaction safety checks
  • Sales invoice safeguards, including Gross Price Entry priceBasis handling, Sales VAT category validation, placeholder product ID blocking, and CR analysis category confirmation
  • Session audit log of writes made through the MCP session
  • Local stdio and hosted HTTP transports

Security and safety model

Red is designed so that AI-driven access to accounting data stays controlled and auditable.

  • No credentials in the repository. Company connection credentials and secrets are never committed. Configuration is supplied at runtime through environment variables.
  • No credentials in chat. Company connection credentials must not be pasted into chat. Companies are connected through the secure Red connection page, where credentials are entered directly — not in the chat window.
  • Session-scoped connections. A connected company is available only within the current MCP session and is held in session memory (or an optional shared connection store in hosted deployments), not persisted to disk in normal operation.
  • Pre-confirm validation. Company connection credentials submitted on the connection page are validated against Big Red Cloud before they are stored. Invalid or expired credentials are not saved; they appear in failedCompanies at confirmation time.
  • User-facing presentation. connectionRef, session IDs, and other MCP diagnostics are for tool arguments only. Assistants must not show redconn_… values or internal connection metadata to normal users unless dev mode is enabled or the user explicitly asks for technical details.
  • Configurable session duration. How long connections last is controlled by BRC_API_KEY_TTL_MINUTES. User-facing wording (connection page, getting-started text, connection status) is derived from that value — not hardcoded.
  • Explicit confirmation for writes. Create, update, delete, batch, and email actions require an explicit confirmation flag after a preview before posting has been shown.
  • Preview before posting. The first call to a write tool returns a payload preview rather than performing the action. Nothing is written to Big Red Cloud until you confirm.
  • Read and write are separated. Read-only lookups are clearly distinct from actions that change data.
  • Audit log. Writes made through the MCP session are recorded in a session audit log; read-only calls are not logged.
  • Deployment flags. Update, delete, email, batch, and operator/dev tools can each be disabled per deployment, in which case the matching tools return a permission message instead of calling Big Red Cloud.

Sales invoice safety checks

Recent work hardened sales invoice handling:

  • Gross Price Entry requires an explicit priceBasis of gross or net so VAT is never guessed.
  • Sales VAT rates only. Sales invoices must use a Sales VAT category; purchase VAT rates are blocked, even when the percentage matches.
  • Placeholder product IDs (productId 0 and 1) are treated as placeholders and blocked before preview-before-posting and post.
  • note defaults to the customer name unless a note is explicitly provided, and is never set to a product name.
  • deliveryTo is included only when a delivery address is explicitly provided.
  • Plain-language results. Technical HTTP status codes are translated into plain-language messages for users.

Architecture

Two entry points share one tool registry:

Entry File Transport Use case
Local stdio src/index.ts StdioServerTransport An MCP client spawns node build/index.js
Hosted HTTP src/remote.ts Streamable HTTP on /mcp npm run start — one MCP server per session

Key shared modules:

  • src/server.ts — MCP server factory and stdio singleton
  • src/register_all_tools.ts — central tool registration; wraps the server so disabled skills register a permission-message blocker instead of the real tool, and so write tools get preview-before-posting/confirmation handling
  • src/config/server_config.ts — deployment skill gating driven by the BRC_ALLOW_* flags
  • src/config/mcp_config.ts — MCP server instructions, connection-safety rules, and connectionRef presentation rules
  • src/shared.ts — Big Red Cloud HTTP client, session-scoped connections, audit log, and helpers
  • src/read_connection_metadata.ts — connection status metadata echoed on tool responses (including activeConnectionRef for hosted clients)
  • src/auth/connection_presentation.ts — user-facing TTL wording and assistant presentation hints
  • src/auth/credential_validation.ts — BRC read validation before storing company connection credentials
  • src/guards/ — transaction, reference, VAT category, product line, and write-confirmation safety checks
  • src/auth/ — secure connection flow, connection store (memory or Cosmos), connection page, and credential persistence

Domain logic lives under src/tools/, with generic create/update/delete/list/batch helpers in src/tools/general/.

Technology

  • TypeScript / Node.js (ES modules)
  • @modelcontextprotocol/sdk
  • Zod for tool input validation
  • Express + Streamable HTTP for hosted mode

Requirements

  • Use a current LTS version of Node.js.
  • npm (bundled with Node.js).

Installation

npm install
npm run build

If a .env.example file is provided, copy it to .env and adjust the values:

cp .env.example .env

Never commit your .env file or any real credentials.


Running

Hosted HTTP server:

npm run start
# Serves the MCP endpoint at http://localhost:3000/mcp

Local stdio server:

npm run start:local

Opening the HTTP endpoint in a browser without an MCP session returns an error — that is expected.

MCP client configuration

Local stdio (the client spawns the process):

{
  "mcpServers": {
    "red-mcp-server": {
      "command": "node",
      "args": ["build/index.js"],
      "env": {
        "BRC_API_BASE_URL": "https://app.bigredcloud.com/api"
      }
    }
  }
}

Hosted HTTP (production):

For the hosted Big Red Cloud Red service, customers should use:

https://red.bigredcloud.com/mcp

{
  "mcpServers": {
    "red-mcp-server": {
      "url": "https://red.bigredcloud.com/mcp"
    }
  }
}

Hosted HTTP (local development):

{
  "mcpServers": {
    "red-mcp-server": {
      "url": "http://localhost:3000/mcp"
    }
  }
}

Development and regression testing

Script Command Purpose
Build npm run build Compile TypeScript to build/
Dev HTTP npm run dev Run the HTTP server from source with tsx
Dev stdio npm run dev:local Run the stdio server from source with tsx
All tests npm test Build, then run the full test suite
Unit tests npm run test:unit Unit tests only
Security tests npm run test:security Security-focused tests
Config tests npm run test:config Deployment/config tests
Integration tests npm run test:integration Integration tests
Production audit npm run audit:prod npm audit for production dependencies

Tests cover the safety guards described above, including sales invoice checks, transaction date validation, the secure connection flow (CSV validation, partial confirm, credential invalidation), connectionRef presentation rules, TTL wording, and response wording.


Environment variables

Configure the server with environment variables (for example via a .env file). The values below are examples only and must never contain real secrets or be committed.

# Big Red Cloud API base URL
BRC_API_BASE_URL=https://app.bigredcloud.com/api

# HTTP port for hosted mode
PORT=3000

# Public URL for the secure /connect page (required for hosted deployments)
BRC_PUBLIC_BASE_URL=https://your-mcp-host.example.com

# MCP session binding lifetime (minutes)
BRC_MCP_SESSION_TTL_MINUTES=120

# How long stored company credentials stay valid (minutes).
# Drives credential expiry and user-facing duration wording (e.g. 240 → "about 4 hours").
BRC_API_KEY_TTL_MINUTES=120

# Rate limiting (requests per minute per IP)
BRC_RATE_LIMIT_REQUESTS_PER_MINUTE=300

# SHA-256 hashes of blocked API keys, comma separated (hashes only, never raw keys)
BRC_API_KEY_BLACKLIST_SHA256=

# Hosted connection persistence (optional)
# memory = in-process (local/Cursor); cosmos = shared store for multi-instance HTTP
RED_CONNECT_CONNECTION_STORE=memory
RED_CONNECT_COSMOS_CONNECTION_STRING=
RED_CONNECT_COSMOS_DATABASE=red-connect
RED_CONNECT_COSMOS_CONTAINER=connections
RED_CONNECT_ENCRYPTION_KEY=

# Set automatically when running the HTTP server (remote.ts)
RED_CONNECT_HTTP_MODE=true

Deployment skill flags control which categories of tools are active. When a flag is off, the matching tools return a permission message instead of calling Big Red Cloud:

BRC_ALLOW_READ_SKILLS=true
BRC_ALLOW_UPDATE_SKILLS=true
BRC_ALLOW_DELETE_SKILLS=true
BRC_ALLOW_EMAIL_SKILLS=true
BRC_ALLOW_BATCH_SKILLS=true
# Operator-only diagnostics; keep off for normal deployments
BRC_ALLOW_DEV_MODE=false

You can review the active policy at runtime with the brc_get_deployment_policy tool.


Connecting a company

Customers should connect companies through the secure Red connection page. Company connection credentials must not be sent through chat — they are entered only on the secure Red connection page, not in the chat window.

Customers can get or regenerate their company API keys in Big Red Cloud under Administration → API Keys.

The flow is:

  1. Ask the assistant to start a company connection. It returns a secure connection page link.
  2. On that page, enter a single company or upload a CSV for several companies at once. Company connection credentials are entered on the secure page, not in chat.
  3. The server validates each credential against Big Red Cloud before storing it. Credentials that fail validation are not saved.
  4. Return to the chat and provide the confirmation code shown on the success page.
  5. After confirm, the assistant reports which companies connected and which failed (if any). Invalid credentials appear in failedCompanies immediately — you do not need to run a lookup first to discover a bad key.

Connection links are one-time use. Connected companies stay available for the configured session duration (BRC_API_KEY_TTL_MINUTES, for example 240 minutes → about four hours), unless you start a new chat or reconnect.

Hosted HTTP and connectionRef

In hosted HTTP mode (for example Vibe/Mistral), brc_confirm_company_connection returns an opaque connectionRef in the tool JSON so the MCP client can pass it on later tool calls when the platform rotates session IDs. This is an implementation detail for the client — assistants should not show connectionRef or redconn_… values to end users. Tool responses include assistantInstruction / presentationHint fields to reinforce that rule.

Helper tools:

  • List connected companies in the session
  • Clear one company connection
  • Clear all company connections

Tool coverage

Red exposes a focused set of MCP tools, grouped by domain. Exact tool names and their endpoint mappings live in the source code under src/tools/.

For a detailed developer guide to the source layout and MCP tool coverage, see docs/TOOLS.md.

  • Company setup and readiness — company setup configuration, financial year, options, readiness checks, transaction date validation, and getting-started guidance.
  • Customers and suppliers — list/get/create/update/delete plus opening balances and account transactions.
  • Products and sales reps — list/get/create/update/delete and product types.
  • Sales documents — quotes, sales invoices, sales credit notes, and sales entries, including generated-reference variants and generating an invoice from a quote.
  • Purchases and payments — purchases, payments, cash payments, and cash receipts.
  • VAT and analysis lookups — VAT rates, VAT categories, VAT types, analysis categories, accounts, and related reference data.
  • Nominal reports — nominal account listings and grouped/multi-company nominal reporting.
  • Audit and session — session connection management and the session audit log.
  • Under development or deployment-gated — bank account writes and email sending are available only where enabled by tenant configuration and deployment flags; read-only bank lookups are available for payments workflows.

Batch variants exist for the main create workflows and apply the same safety checks as the single-record tools.


Known limitations

  • Some features depend on how the company is configured in Big Red Cloud.
  • Email sending and bank write operations may require additional tenant configuration and may be disabled by deployment flags.
  • Generated-reference behaviour can depend on Big Red Cloud tenant settings, and some generated-document endpoints may apply the tenant's current transaction date.
  • Tool availability may vary by deployment policy.

Maintainers

This project is maintained by the Big Red Cloud software development team.


Status

Red is in BETA. Red is an open-source MCP integration for Big Red Cloud and is under active development. Tool availability and behaviour may change between releases, and some capabilities are gated by deployment policy.


License

This project is licensed under the Apache License 2.0. See LICENSE for details.


Support and responsible disclosure

If you believe you have found a security issue, please report it to Big Red Cloud's support team.

from github.com/BigRedCloud/red-mcp-server

Установка Red Server

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/BigRedCloud/red-mcp-server

FAQ

Red Server MCP бесплатный?

Да, Red Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Red Server?

Нет, Red Server работает без API-ключей и переменных окружения.

Red Server — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить Red Server в Claude Desktop, Claude Code или Cursor?

Открой Red Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Red Server with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai