ainumbers-mcp-apps
The ainumbers-mcp-apps server provides interactive fintech and developer tools rendered as widgets inside MCP-compatible AI hosts (Claude, ChatGPT, VS Code, etc.), covering agentic payments, MCP development, compliance, and financial risk — all client-side with zero PII stored.
Agentic Payments & Protocol Tools
Agentic Payment Protocol Comparator: Compare AP2, ACP, x402, Visa TAP, and Mastercard Agent Pay across credential, signing, rail, and audit dimensions
x402 Header Decoder & Flow Simulator: Decode x402 payment headers, lint payloads, and simulate the HTTP 402 verify/settle flow
Visa TAP Signature Inspector: Inspect Visa Trusted Agent Protocol signatures and score TAP readiness
Google AP2 Mandate Builder: Build or validate Google AP2 Checkout/Payment Mandate VDCs against the AP2 spec
Agentic Mandate Sandbox: Simulate agent payment policies — set spend caps, MCC allowlists, velocity throttles, and run synthetic transactions
MCP Developer Tools
MCP Tool-Definition Linter: Validate tool definitions against JSON Schema and annotation rules; get a conformance score
MCP server.json Validator: Validate server.json against the registry schema and generate a compliant skeleton
MCP Developer Readiness Scorecard: Compute a composite ship-readiness score across tool definitions, OAuth, transport, and spec compliance
MCP OAuth 2.1 Auditor: Validate protected-resource-metadata, check audience binding, and assess confused-deputy/token-passthrough risk
Tool-Poisoning Scanner: Scan MCP tool descriptions for poisoning and prompt-injection patterns; get a risk score
Policy & Compliance Tools
AP2 Policy Validator & Bridge: Validate AP2 Policy Mandate JSON payloads and auto-generate MCP tool definitions
AP2 AML Mandate Builder: Translate AML/BSA controls and TM rules into structured Policy Mandate JSON
Customer Risk Rating Engine: Score KYC risk across six FATF dimensions for individuals and entities
Agent Interoperability
A2A Agent Card Validator: Validate A2A agent-card.json against the v1.0 shape, check signatures, and confirm extension declarations
BaaS & Infrastructure
BaaS Provider Comparator: Score and compare BaaS providers across 10 capability dimensions with a customizable weighting matrix
Catalog Search
List AINumbers Tools: Search the full AINumbers catalog (480+ fintech tools) and get deep-links, with prefill support via
#in=<base64url(JSON)>&run=1for one-click invocation
AINumbers MCP Apps Server
Live endpoint: https://mcp.ainumbers.co/mcp (streamable HTTP, no auth)
An MCP Apps (SEP-1865) server that renders
AINumbers.co fintech tools as interactive widgets inside Claude, ChatGPT,
M365 Copilot, VS Code, and any other MCP Apps host. Published in the Official MCP Registry as
co.ainumbers/tools.
Tools
Fifteen flagship tools render as widgets — the actual single-file AINumbers tool, served as a
text/html;profile=mcp-app resource, driven by the AIN Bridge (prefill → run → Policy Mandate export):
MCP tool | AINumbers tool |
| T152 BaaS Provider Comparator |
| T320 AP2 MCP Policy Validator & Bridge |
| T285 Google AP2 Checkout/Payment Mandate Builder |
| T288 MCP Developer Readiness Scorecard |
| RBE-06 Agentic Mandate Sandbox |
| T110 Customer Risk Rating Engine |
| T131 AP2 AML Mandate Builder |
| T274 MCP Tool-Definition Linter |
| T275 MCP server.json Validator |
| T276 Agentic Payments Protocol Comparator |
| T277 x402 Decoder & 402 Flow Simulator |
| T278 MCP OAuth 2.1 Authorization Auditor |
| T282 MCP Tool-Poisoning Scanner |
| T283 A2A Agent Card Validator |
| T286 Visa TAP Signature Inspector |
Plus list_ainumbers_tools — catalog search across all 480+ tools, returning deep-links;
prefill-enabled tools accept #in=<base64url(JSON of {element_id: value})>[&run=1] for one-click invocation.
All 16 tools are read-only (readOnlyHint: true), no account, no auth, zero PII — inputs are
processed transiently and never stored.
Related MCP server: Xero MCP Server
Connect it
Claude: Settings → Connectors → Add custom connector →
https://mcp.ainumbers.co/mcpInspector:
npx @modelcontextprotocol/inspector→ Streamable HTTP → same URLProduction runs on Cloudflare Workers (
/healthzreportsruntime: cloudflare-workers) — no cold starts.
Develop
npm install
node generate.mjs # re-vendor tool HTML + manifests + catalog from ../repo into ./data
npm start # http://localhost:3300/mcp (+ /healthz) — Node/express variant (server.mjs)
npx wrangler deploy # deploy the Cloudflare Workers variant (worker.mjs)pilot.mjs is the single source of truth for the widget tool set. After changing any pilot tool
in the AINumbers repo, run node generate.mjs, commit data/, and push; run npx wrangler deploy
to update production.
Docs: ainumbers.co/mcp.html (privacy, terms, support).
All tool content is client-side, deterministic, zero PII — © Post Oak Labs, CC BY 4.0.
See README-SPEC.md for architecture and history.
Maintenance
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/PostOakLabs/ainumbers-mcp-apps'
If you have feedback or need assistance with the MCP directory API, please join our Discord server