MCP Accounting MCP Server

MCP Accounting Platform

An AI-powered accounting anomaly detection platform built with FastAPI, PostgreSQL, React, and OpenAI, featuring a complete production-ready authentication system.

🚀 Overview

MCP Accounting is a full-stack system designed to:

• Ingest financial transaction data
• Detect anomalies (large transactions, duplicates)
• Generate AI-powered explanations
• Expose functionality as MCP-style callable APIs

🧱 Tech Stack

Backend

• FastAPI
• SQLAlchemy
• PostgreSQL
• Passlib (bcrypt)
• JWT (authentication)
• Docker

Frontend

• React (TypeScript)
• Tailwind CSS

AI Layer

• OpenAI API (explanations)

🔐 Authentication System (Production-Ready)

Features Implemented

• ✅ User registration
• ✅ Email verification (token-based)
• ✅ Secure password hashing (bcrypt)
• ✅ Login with JWT (stateless auth)
• ✅ Password reset flow
• ✅ Protected routes (JWT-ready)

Auth Flow

Registration

1. User registers
2. User is created as inactive/unverified
3. Verification token generated (DB)
4. Email sent with verification link

Email Verification

• Token validated

• User marked as:

  • is_active = True
  • is_verified = True

• Token invalidated after use

Login

• Validates:

  • Email exists
  • Password matches (bcrypt)
  • User is verified

• Returns JWT:

{
  "access_token": "jwt-token",
  "token_type": "bearer"
}

Password Reset

1. Request reset
2. Token generated and emailed
3. User submits new password
4. Token invalidated

🏗️ Architecture

Frontend (React)
        ↓
FastAPI (API Layer)
        ↓
Service Layer (Business Logic)
        ↓
SQLAlchemy ORM
        ↓
PostgreSQL
        ↓
AI Layer (OpenAI)

🔄 Data Flow

Register → Verify Email → Login → Upload CSV
        ↓
Store Transactions → Detect Anomalies
        ↓
Generate Report → AI Explanation

🧩 API Endpoints

Auth

• POST /auth/register
• POST /auth/login
• GET /verify-email
• POST /forgot-password
• POST /reset-password

Core Features

• POST /upload-transactions
• POST /tools/get_transactions
• POST /tools/detect_large_expenses
• POST /tools/find_duplicate_payments
• POST /report/anomalies
• POST /report/anomalies/explain

🐳 Running with Docker

docker compose up --build

Access:

• API Docs: http://localhost:8000/docs
• Frontend: http://localhost:3000

⚙️ Environment Variables

DATABASE_URL=postgresql://postgres:postgres@db:5432/mcp_accounting
SECRET_KEY=your-secret-key
FRONTEND_URL=http://localhost:3000

🧠 Key Technical Decisions

1. Separation of Token Types

2. Security Practices

• Password hashing via bcrypt
• No plaintext password storage
• Token invalidation after use
• Generic login errors (no user enumeration)

3. SQLAlchemy Best Practices

• Single Base instance
• Proper model registration
• Dependency-injected DB sessions

4. Dockerized Environment

• Service-based networking (db)
• Environment-driven configuration
• Clean container rebuilds

🧪 Current Status

• ✅ End-to-end functional
• ✅ Authentication fully implemented
• ✅ Stable Docker environment
• ✅ Clean API contracts
• ✅ AI integration working

📌 Next Steps

• Alembic migrations (schema versioning)
• JWT-protected endpoints
• Role-based access control (RBAC)
• Background jobs (email queue)
• Token hashing (security hardening)
• Observability (logs + metrics)

💡 Project Purpose

This project demonstrates:

• Real-world backend architecture
• Secure authentication design
• AI integration into financial workflows
• MCP-style API exposure for automation

👨‍💻 Author

Developed as a production-style backend system to showcase:

• Python / FastAPI expertise
• System design & architecture
• Secure authentication flows
• AI-driven application design

📄 License

MIT License