eideasy/eideasy-mcp

eID Easy MCP Server

Prepare PDF files for electronic signing via the eID Easy API using the Model Context Protocol (MCP). This server exposes a single tool that reads a local PDF, base64-encodes it, calls the eID Easy prepare-files-for-signing endpoint, and returns a signing URL plus metadata.

Features

• Secure path + filename validation (prevents traversal & invalid chars)
• PDF size validation (max 20MB)
• Full file content base64 upload (no partial streaming)
• Robust Axios-based HTTP layer with error classification
• Structured error messages suitable for LLM consumption
• Graceful shutdown & logging
• GitHub Actions CI (test, build, release assets)

Tool Overview

Input Schema

{
  "folder": "<directory containing the PDF>",
  "filename": "<pdf filename (must end with .pdf)>"
}

Output Example

{
  "docId": "abc123xyz",
  "signingUrl": "https://test.eideasy.com/sign_contract_external?client_id=...&doc_id=...",
  "expiresAt": "2025-12-31T23:59:59Z"
}

Installation

git clone https://github.com/eideasy/eideasy-mcp.git
cd eideasy-mcp
npm ci
npm run build

The compiled server entrypoint will be at:

dist/mcp/server.js

Runtime Requirements

• Node.js >= 20.0.0
• eID Easy API credentials (client ID & secret)

Environment Variables

Example export (macOS/Linux):

export EIDEASY_CLIENT_ID="your_client_id"
export EIDEASY_SECRET="your_secret"
# Optional:
export EIDEASY_BASE_URL="https://test.eideasy.com"

Using with Claude Desktop (Reference)

See:

(Previously inlined instructions have been moved to a dedicated document for easier maintenance.)

Using with ChatGPT Desktop (OpenAI) – MCP Integration

See:

(Previously inlined instructions have been moved to a dedicated document for easier maintenance.)

Development

Scripts

Project Structure

src/
  mcp/
    server.ts                # MCP server bootstrap & logging
    tools/
      prepareFilesForSigning.ts
  util/
    config.ts                # Environment + security validation
    paths.ts                 # Safe path resolution & filename checks
    validation.ts            # (Rate limiter & request validation)

Testing

Run:

npm test

All tests should pass (including file-based and integration tests). Add new tests under tests/ following existing patterns.

Security Considerations

• Path Traversal Protection: Filenames cannot contain .., slashes, or NUL bytes.
• Filename & Directory Length Limits: Prevent resource abuse.
• HTTPS Enforcement: Non-local base URLs must use HTTPS.
• Secrets Not Logged: Logging avoids printing credentials.
• Rate Limiting (Pluggable): validation.ts provides a simple in-memory limiter (can be expanded).

Recommendations for Production

Release Automation

On merge to main / master:

1. CI runs tests (Node 20 & 22)
2. Builds project
3. Generates changelog from commits since last tag
4. Publishes GitHub Release with .tar.gz and .zip artifacts

To cut a new release: bump version in package.json and merge.

Example Usage (Direct CLI Test)

You can manually invoke the compiled server to verify it starts:

node dist/mcp/server.js

(Then connect via an MCP-aware client.)

FAQ

Q: Can I use this for non-PDF files?
A: Not currently; the tool enforces .pdf extension.

Q: Does it send multiple files?
A: Currently single-file only; batching could be added later.

Q: Where do I get eID Easy credentials?
A: From the eID Easy dashboard after registering your application.

Contributing

1. Fork & branch (feat/your-feature)
2. Add tests for new logic
3. Ensure npm test passes
4. Open PR with clear description

License

MIT © eID Easy