npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@signdocs-brasil/mcp-server

v0.7.0

Published

Model Context Protocol (MCP) server for the SignDocs Brasil e-signature API — lets AI agents create signing sessions, manage envelopes, verify documents and more. Local stdio, remote HTTP, and AWS Lambda transports.

Readme

SignDocs Brasil — MCP Server

A Model Context Protocol server for the SignDocs Brasil e-signature API. It lets MCP-capable AI clients (Claude Desktop, Claude Code, Cursor, …) create signing sessions, manage multi-signer envelopes, upload/download documents, verify signatures, and manage webhooks — the same action catalog as the official n8n, Zapier, and Make.com integrations.

It is a thin adapter over the official @signdocs-brasil/api SDK, which owns OAuth2 token exchange, caching, retries, and error handling.

Install

npm install -g @signdocs-brasil/mcp-server   # or run on demand with npx

Credentials

Create an API credential in the SignDocs dashboard (app.signdocs.com.br → API) and expose it as environment variables:

| Variable | Required | Default | Notes | |---|---|---|---| | SIGNDOCS_CLIENT_ID | yes | — | OAuth2 client id | | SIGNDOCS_CLIENT_SECRET | yes | — | OAuth2 client secret | | SIGNDOCS_ENVIRONMENT | no | hml | hml (staging) or production | | SIGNDOCS_BASE_URL | no | derived | override the resolved base URL | | SIGNDOCS_SCOPES | no | full set | space-separated scope override |

Start in hml. HML data expires after ~7 days and is safe for testing. Switch to production only when you intend to create real, legally-binding signatures.

Connect an AI client

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "signdocs": {
      "command": "npx",
      "args": ["-y", "@signdocs-brasil/mcp-server"],
      "env": {
        "SIGNDOCS_CLIENT_ID": "your_client_id",
        "SIGNDOCS_CLIENT_SECRET": "your_client_secret",
        "SIGNDOCS_ENVIRONMENT": "hml"
      }
    }
  }
}

Claude Code:

claude mcp add signdocs \
  -e SIGNDOCS_CLIENT_ID=your_client_id \
  -e SIGNDOCS_CLIENT_SECRET=your_client_secret \
  -e SIGNDOCS_ENVIRONMENT=hml \
  -- npx -y @signdocs-brasil/mcp-server

Tools

| Tool | Action | Safety | |---|---|---| | create_signing_session | Create single-signer session, returns signingUrl | ⚠️ binding + quota | | get_signing_session_status | Poll session status | read | | get_signing_session | Full session bootstrap | read | | list_signing_sessions | List by status | read | | cancel_signing_session | Cancel a session | ⚠️ irreversible | | resend_signing_session_otp | Resend OTP | write | | create_envelope | Multi-signer envelope | ⚠️ binding + quota | | get_envelope | Envelope details | read | | add_session_to_envelope | Add a signer, returns signingUrl | ⚠️ binding + quota | | get_envelope_combined_stamp | Combined stamped PDF URL | read | | upload_document | Attach a PDF to a transaction | write | | download_document | Presigned download URLs | read | | list_transactions | Search/list transactions | read | | get_transaction | Transaction details | read | | cancel_transaction | Cancel a transaction | ⚠️ irreversible | | get_evidence | Cryptographic evidence | read | | verify_evidence | Public evidence verification | read | | verify_envelope | Public envelope verification | read | | verify_document | Detect signatures in a PDF | ⚠️ PROD-only + quota | | register_webhook / list_webhooks / delete_webhook / test_webhook | Webhook management | mixed |

⚠️ tools carry destructiveHint annotations and a warning in their description so compliant clients prompt the human before invoking them. Annotations are only hints — review your client's auto-approval settings.

Not yet exposed

Trust sessions (/v1/trust-sessions) and resend-invite are not in @signdocs-brasil/api v1.6.1 yet; they'll be added when the SDK supports them. Digital ICP-Brasil A1 signing runs through the lower-level transaction/advance flow rather than a hosted-session profile.

Resources

The server exposes grounding resources the model can read on demand:

  • signdocs://quickstart — the minimal signing flow + safety notes
  • signdocs://policy-profiles — valid policyProfile values and CUSTOM steps
  • signdocs://webhook-events — all subscribable event types

Remote HTTP transport (multi-tenant)

The same tools are also served over Streamable HTTP so a single deployment can serve many AI agents/tenants — each authenticates per session with its own SignDocs credentials (no shared secret baked into the server).

npm run start:http        # or: signdocs-mcp-http   (listens on PORT, default 3000)
# or containerized:
docker build -t signdocs-mcp . && docker run -p 3000:3000 signdocs-mcp

Endpoint: POST /mcp (Streamable HTTP). Auth is required on the MCP initialize request, via the Authorization header:

  • Authorization: Bearer <token> — a SignDocs OAuth2 access token (from /oauth2/token), passed straight through to the API.
  • Authorization: Basic base64(clientId:clientSecret) — the server runs the client_credentials exchange for you.
  • X-SignDocs-Client-Id + X-SignDocs-Client-Secret — the same client credentials as two plain headers (no base64), for header-only clients that can't transform values.

Pick the environment per session with X-SignDocs-Environment: hml|production (defaults to the server's configured default).

The server behaves as an OAuth 2.0 Resource Server: it serves GET /.well-known/oauth-protected-resource (RFC 9728, pointing at the SignDocs authorization server) and answers an unauthenticated initialize with 401 + WWW-Authenticate. The SignDocs API remains the authoritative token validator. GET /healthz is an unauthenticated health probe.

Example client config (Bearer):

{
  "mcpServers": {
    "signdocs-remote": {
      "type": "http",
      "url": "https://your-host.example/mcp",
      "headers": {
        "Authorization": "Bearer <signdocs_access_token>",
        "X-SignDocs-Environment": "hml"
      }
    }
  }
}

Server env vars: PORT, HOST, SIGNDOCS_ENVIRONMENT (default env), MCP_PUBLIC_URL (for resource metadata behind a proxy), MCP_CORS_ORIGIN, MCP_DNS_REBINDING_PROTECTION=true + MCP_ALLOWED_HOSTS / MCP_ALLOWED_ORIGINS (recommended in production).

Sessions are held in process memory, so run a single instance or use sticky routing. For multi-instance/serverless, front it with sticky sessions or swap the session map for a shared store + EventStore (resumability). Deploying onto the existing external-api Lambda + API Gateway as a NestedStack is the intended production path.

AWS Lambda

For serverless hosting, @signdocs-brasil/mcp-server/lambda exports createLambdaHandler — an API Gateway HTTP API v2 handler that runs the MCP transport statelessly (one server per invocation, no session store), with the same Bearer/Basic auth. SignDocs hosts this on mcp-hml.signdocs.com.br / mcp.signdocs.com.br.

import { createLambdaHandler } from '@signdocs-brasil/mcp-server/lambda';
export const handler = createLambdaHandler({ defaultEnvironment: 'hml' });

Development

npm install
npm run build      # tsc → dist/
npm test           # vitest (pure unit tests, no network)
npm run inspect    # build + launch MCP Inspector against the stdio server

Roadmap

  • v0.1: local stdio server, full tool catalog, env credentials.
  • v0.2 (this release): remote Streamable-HTTP transport with per-session, per-tenant auth (Bearer passthrough or Basic client-credentials) and OAuth Resource Server discovery. Tool layer is shared between both transports.
  • Next: deploy the HTTP transport onto external-api (Lambda + API Gateway NestedStack); optional edge JWT validation + shared-store sessions for horizontal scale.