npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@depixapp/mcp

v1.0.0

Published

DePix App MCP server — agent-facing interface for the DePix App payment gateway. Pure client of the public DePix API (api.depixapp.com): receive Pix payments (checkouts/products) and read transaction status. Non-custodial, holds zero critical credentials.

Downloads

74

Readme

depix-mcp

MCP (Model Context Protocol) server for DePix App — the agent-facing interface of the non-custodial Pix↔DePix payment gateway.

Connect an AI agent (Claude Code, Claude Desktop, Cursor, or any MCP client) and it can receive Pix payments (checkouts and products) and read transaction status — end to end, in sandbox (sk_test_) and production (sk_live_).

  • Remote (Streamable HTTP): https://mcp.depixapp.com/mcp
  • Local (stdio): npx -y @depixapp/mcp with DEPIX_API_KEY in the environment

What it is (and isn't)

  • A pure client of the public DePix API (https://api.depixapp.com/api/*). It holds zero critical credentials — no Eulen token, no database, no webhook HMAC, no Liquid key.
  • Never custodial. It never signs a transaction, never holds funds, never stores your key. Your sk_ key is passed verbatim to the API on each call and lives only in memory for that request.
  • Same door as everyone. The MCP goes through the same auth, scopes and rate limits as any external agent — no privileged path.

It does not create deposits or withdrawals (that moves funds and belongs to the Wallet SDK). The pay-side tools here are read-only status reads.

Quickstart 1 — Connect Claude Code (remote, HTTP)

Pass your DePix API key as a Bearer header. Always start with a sandbox key.

claude mcp add --transport http depix https://mcp.depixapp.com/mcp \
  --header "Authorization: Bearer sk_test_YOUR_KEY"

Then test the connection by asking Claude to run get_account. It should return your merchant with is_live: false (sandbox).

Cursor — add to ~/.cursor/mcp.json (or a project .cursor/mcp.json):

{
  "mcpServers": {
    "depix": {
      "url": "https://mcp.depixapp.com/mcp",
      "headers": { "Authorization": "Bearer sk_test_YOUR_KEY" }
    }
  }
}

Or use the one-click deeplink. The key placeholder lives INSIDE the base64 config= value, so re-encode it with your real key first:

node -e 'const cfg={url:"https://mcp.depixapp.com/mcp",headers:{Authorization:"Bearer sk_test_YOUR_KEY"}};console.log(Buffer.from(JSON.stringify(cfg)).toString("base64"))'
cursor://anysphere.cursor-deeplink/mcp/install?name=depix&config=<base64 from the command above>

The claude.ai web UI custom-connector only supports OAuth (no custom header), so the web UI cannot connect in this MVP. Claude Desktop is covered by the local stdio mode below; the OAuth shim is planned for a later phase.

Quickstart 2 — Local stdio (Claude Desktop)

The same server runs as a local process over stdio. The key comes from DEPIX_API_KEY (env), never a flag. The only official npm package is @depixapp/mcp — the @depixapp scope is organization-owned; do not install any similarly-named unscoped package. Add to your Claude Desktop config (claude_desktop_config.json):

{
  "mcpServers": {
    "depix": {
      "command": "npx",
      "args": ["-y", "@depixapp/mcp"],
      "env": { "DEPIX_API_KEY": "sk_test_YOUR_KEY" }
    }
  }
}

Run it directly to sanity-check:

DEPIX_API_KEY=sk_test_YOUR_KEY npx -y @depixapp/mcp

Quickstart 3 — Sandbox testing (the full loop)

Always test with an sk_test_ key before sk_live_. Sandbox QRs are non-payable placeholders (SANDBOX-…-DO-NOT-PAY).

  1. create_checkoutamount and payer_tax_number are both required (the CPF/CNPJ is required even in sandbox). Use a test CPF like 52998224725:

    { "amount": 1500, "payer_tax_number": "52998224725" }

    Returns a chk_… id, a payment_url, a sandbox pix.qr_code, and is_live: false.

  2. simulate_checkout_payment{ "checkout_id": "chk_…" } marks the sandbox checkout paid (sandbox-only; live checkouts return sandbox_only).

  3. wait_for_checkout{ "checkout_id": "chk_…" }. The server polls internally and streams progress; you make one call and it returns { "status": "completed", "terminal": true } — no client-side polling loop.

You can also read a synthetic deposit: get_deposit_status with a sandbox_… id returns depix_sent.

Tools (16)

| Tool | API | Scope | |---|---|---| | create_checkout | POST /api/checkouts | merchant_write | | get_checkout | GET /api/checkouts/:id | merchant_read | | list_checkouts | GET /api/checkouts | merchant_read | | simulate_checkout_payment | POST /api/checkouts/:id/simulate-payment | merchant_write (sandbox-only) | | wait_for_checkout | GET /api/checkouts/:id (server-side loop) | merchant_read | | create_product | POST /api/products | merchant_write | | list_products | GET /api/products | merchant_read | | get_product | GET /api/products/:id | merchant_read | | update_product | PATCH /api/products/:id | merchant_write | | activate_product | POST /api/products/:id/activate | merchant_write | | deactivate_product | POST /api/products/:id/deactivate | merchant_write | | set_featured_products | POST /api/products/featured | merchant_write | | list_product_checkouts | GET /api/products/:id/checkouts | merchant_read | | get_account | GET /api/me | merchant_read | | get_deposit_status | GET /api/deposits/:id | wallet_read (read-only) | | get_withdrawal_status | GET /api/withdrawals/:id | wallet_read (read-only) |

Amounts are BRL cents. A tool call whose key lacks the required scope returns an insufficient_scope tool error naming the missing scope — that is the only way to discover a missing scope (the API never lists a key's scopes).

Configuration (public, no secrets)

| Env | Meaning | Default | |---|---|---| | DEPIX_API_BASE | API base URL (allowlisted origins only) | https://api.depixapp.com | | MCP_MAX_WAIT_SECONDS | Max wait_for_checkout budget; prod sets ~780 (Vercel Pro) | 290 (Hobby-safe) | | MCP_SERVER_VERSION | Version reported in the handshake | 1.0.0 | | MCP_ALLOWED_HOSTS | Comma-separated Host allowlist (DNS-rebinding protection); set on previews to add the *.vercel.app host | mcp.depixapp.com | | DEPIX_API_KEY | stdio mode only — your sk_ key | — |

There is deliberately no env for an API key, Eulen token, HMAC or DB credential in the remote server. In HTTP mode the key arrives per-request in the Authorization header.

Endpoints

  • POST /mcp — the MCP Streamable HTTP endpoint (DELETE ends a session; GET returns 405 — this stateless server offers no standalone SSE stream).
  • GET /.well-known/mcp.json — minimal discovery document.
  • GET /api/health (also /) — service status.

Development

npm install
npm test          # vitest
npm run typecheck # tsc --noEmit
npm run lint      # eslint
npm run build     # compile src → dist (the stdio bin)

Set DEPIX_TEST_KEY=sk_test_… to run the real-sandbox e2e test (test/e2e/sandbox.test.ts), otherwise it is skipped.

Release smoke test

After a preview/production deploy:

  1. claude mcp add --transport http depix <url>/mcp --header "Authorization: Bearer sk_test_…"
  2. Ask Claude to run get_account → returns the merchant, is_live: false.
  3. create_checkout (sandbox) → simulate_checkout_paymentwait_for_checkoutcompleted.

Pushing to main deploys to production (mcp.depixapp.com). Validate on a Vercel preview deploy before merging. Preview hosts are not on the default DNS-rebinding allowlist — set MCP_ALLOWED_HOSTS in the preview environment (e.g. mcp.depixapp.com,depix-mcp-<hash>.vercel.app) to smoke-test there.