Skip to content
reaatechREAATECH

Files · Anthropic MCP Server for SMB ERP Tool Access

69 (1 binary, 544.0 kB total)attempt 1

Download example (zip)Back to tutorial
README.md·4570 B·markdown
markdown
# Anthropic MCP Server for SMB ERP Tool Access
 
> Expose your ERP APIs as type-safe MCP tools so Anthropic's Claude can securely retrieve customer data, create records, and automate workflows.
 
## Overview
 
This project exposes HubSpot CRM (deals, contacts, companies, activities) as type-safe MCP tools. Claude can securely retrieve customer data, create records, and automate workflows behind authentication, per-tenant tool allowlists, token-bucket rate limiting, and tamper-evident audit logging.
 
Built on the `@reaatech/*` package family, this reference solution demonstrates how to build production-grade AI systems with layered security, observability, and multi-tenant isolation.
 
Each MCP tool maps directly to a HubSpot API endpoint, wrapping the `@hubspot/api-client` SDK with typed inputs and structured responses. The server uses `@modelcontextprotocol/sdk` over Streamable HTTP, so any MCP-compatible client (Claude Desktop, Claude Code, custom agents) can discover and invoke the tools.
 
## Architecture
 
```
Claude (Anthropic MCP Client)

MCP Protocol (Streamable HTTP)

[Hono Server]
  ├─ Auth Middleware       (@reaatech/mcp-gateway-auth)
  ├─ Allowlist Middleware  (@reaatech/mcp-gateway-allowlist)
  ├─ Rate Limit Middleware (@reaatech/mcp-gateway-rate-limit)
  └─ Audit Logger         (@reaatech/mcp-gateway-audit)

  McpServer (@modelcontextprotocol/sdk)

  HubSpot Tools → @hubspot/api-client → HubSpot API
```
 
## Prerequisites
 
- Node.js >=22
- pnpm 10.x
- HubSpot private app access token (with CRM scopes)
 
## Quick Start
 
```bash
cp .env.example .env
# Edit .env with your HubSpot access token and API key
pnpm install
pnpm dev
```
 
Claude connects to the MCP server using the server's URL (default `http://localhost:8080/mcp`). Point your MCP client to this endpoint — it will discover all available tools automatically via the MCP protocol.
 
## Configuration
 
| Variable | Type | Default | Description |
|---|---|---|---|
| `HUBSPOT_ACCESS_TOKEN` | string | — | HubSpot private app access token |
| `HUBSPOT_DEVELOPER_API_KEY` | string | — | HubSpot developer API key (optional) |
| `PORT` | number | 8080 | HTTP server port |
| `NODE_ENV` | string | development | Environment mode |
| `CORS_ORIGIN` | string | * | Allowed CORS origin |
| `API_KEY` | string | — | API key for auth middleware |
| `AUTH_MODE` | string | api-key | Authentication mode |
| `LOG_LEVEL` | string | info | Logging verbosity |
| `TENANT_CONFIG_PATH` | string | ./tenants.json | Path to tenant configuration file |
 
## Tools
 
### `hubspot_read_deals`
 
Read deals from HubSpot CRM.
 
| Input | Type | Description |
|---|---|---|
| `limit` | number | Maximum deals to return (default 10) |
| `after` | string | Cursor for pagination |
| `properties` | string[] | Deal properties to include |
 
### `hubspot_create_contact`
 
Create a contact in HubSpot.
 
| Input | Type | Description |
|---|---|---|
| `firstname` | string | Contact first name |
| `lastname` | string | Contact last name |
| `email` | string | Contact email address |
| `phone` | string | Contact phone number |
 
### `hubspot_search_contacts`
 
Search contacts by email.
 
| Input | Type | Description |
|---|---|---|
| `query` | string | Email address to search |
| `limit` | number | Maximum results (default 10) |
| `after` | string | Cursor for pagination |
 
### `hubspot_log_activity`
 
Log an activity note on a contact.
 
| Input | Type | Description |
|---|---|---|
| `contactId` | string | HubSpot contact ID |
| `activityType` | string | Type of activity (e.g. note, call, email) |
| `timestamp` | string | ISO 8601 timestamp |
| `details` | string | Activity description |
 
### `hubspot_get_company`
 
Get company by ID.
 
| Input | Type | Description |
|---|---|---|
| `companyId` | string | HubSpot company ID |
 
## Security
 
- **API key authentication** (`@reaatech/mcp-gateway-auth`): Validates requests against a configured API key or per-tenant keys.
- **Per-tenant tool allowlists** (`@reaatech/mcp-gateway-allowlist`): Restricts which MCP tools each tenant can invoke, with wildcard pattern support.
- **Token-bucket rate limiting** (`@reaatech/mcp-gateway-rate-limit`): Limits request throughput per tenant to prevent abuse.
- **Tamper-evident audit chain** (`@reaatech/mcp-gateway-audit`): Every invocation is logged into a SHA-256 linked chain for non-repudiation.
 
## Testing
 
```bash
pnpm test        # vitest run with coverage
pnpm lint        # eslint
pnpm typecheck   # tsc
```
 
## License
 
MIT — see [LICENSE](./LICENSE).