claude-fidelity-mcp

Overview Schema Related Servers Score Discussions

fidelity_submit_2fa

Submit the SMS 2FA code received on your phone to complete Fidelity login, used when the initial login requires two-factor authentication.

Instructions

Submit the SMS 2FA code received on your phone to complete Fidelity login. Only use this after fidelity_login returns needsSms2FA=true.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`code`	Yes	The 6-digit SMS verification code.

Implementation Reference

src/index.ts:101-131 (registration)

Registers the 'fidelity_submit_2fa' tool on the MCP server with a Zod schema that expects a single 'code' string parameter. Delegates execution to the imported submit2FACode function from auth.ts.

server.tool(
  "fidelity_submit_2fa",
  "Submit the SMS 2FA code received on your phone to complete Fidelity login. Only use this after fidelity_login returns needsSms2FA=true.",
  {
    code: z.string().describe("The 6-digit SMS verification code."),
  },
  async ({ code }) => {
    try {
      const result = await submit2FACode(code);
      return {
        content: [
          {
            type: "text",
            text: JSON.stringify(result, null, 2),
          },
        ],
        isError: !result.success,
      };
    } catch (e) {
      return {
        content: [
          {
            type: "text",
            text: `2FA submission failed: ${e instanceof Error ? e.message : String(e)}`,
          },
        ],
        isError: true,
      };
    }
  }
);

src/auth.ts:215-255 (handler)

The core handler for submitting the SMS 2FA code. Gets the current browser page, fills the 6-digit code into the input field (placeholder 'XXXXXX'), optionally checks the 'Don't ask me again' checkbox, clicks Submit, then waits for redirect to the portfolio summary page.

export async function submit2FACode(code: string): Promise<LoginResult> {
  const { getPage } = await import("./browser.js");
  const page = await getPage();

  try {
    const codeInput = page.getByPlaceholder("XXXXXX");
    await codeInput.fill(code);

    // Check "Don't ask me again"
    try {
      const rememberLabel = page
        .locator("label")
        .filter({ hasText: "Don't ask me again on this" });
      if (await rememberLabel.isVisible()) {
        await rememberLabel.click();
      }
    } catch {
      // Optional
    }

    // Click Submit
    await page.getByRole("button", { name: "Submit" }).click();

    // Wait for redirect to summary
    await page.waitForURL("**/portfolio/summary", { timeout: 30000 });
    await waitForLoadingComplete(page);
    await saveSession();

    return {
      success: true,
      needsSms2FA: false,
      message: "2FA verification successful. Login complete.",
    };
  } catch (e) {
    return {
      success: false,
      needsSms2FA: false,
      message: `2FA submission failed: ${e instanceof Error ? e.message : String(e)}`,
    };
  }
}

src/types.ts:71-75 (schema)
Defines the LoginResult interface returned by submit2FACode, containing success (boolean), needsSms2FA (boolean), and message (string).
```
export interface LoginResult {
  success: boolean;
  needsSms2FA: boolean;
  message: string;
}
```

src/index.ts:5-10 (helper)

Import statement that brings the submit2FACode function from auth.ts into the tool registration file.

import { login, submit2FACode } from "./auth.js";
import { getAccountList, transfer } from "./accounts.js";
import { getPositions } from "./positions.js";
import { getQuote, placeOrder, placeBatchOrders } from "./trading.js";
import { closeBrowser, getPage, isBrowserReady, saveSession } from "./browser.js";
import type { FidelityConfig } from "./types.js";

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. Discloses it is a post-login step and involves submitting a code. Could mention invalid code handling or limits, but sufficient for a simple tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences front-loading action and usage condition. No redundant information; every sentence adds value.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given simple tool (one param, no output schema), description covers purpose and usage context. Could include brief error scenario, but adequate for agent to use correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100% and already describes 'code' as 'The 6-digit SMS verification code.' Description adds no extra parameter info beyond schema, so baseline score of 3 applies.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the action: 'Submit the SMS 2FA code... to complete Fidelity login.' Uses specific verb and resource, and distinguishes from sibling tools by describing a unique login step.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states precondition: 'Only use this after fidelity_login returns needsSms2FA=true.' Provides clear when-to-use guidance and implies when not to use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/TylerFlar/claude-fidelity-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server