{"id":"pfandahter-modernbank-mcp-server","name":"modernbank-mcp-server","homepage":null,"repo_url":"https://github.com/PfandAhter/modernbank-mcp-server","category":"devtools","subcategories":[],"tags":["mcp","spring-boot","llm-function-calling","feign","banking","google-gemini","api-orchestration"],"what_it_does":"A Spring Boot 3.2 MCP-compatible HTTP service that accepts chat messages, uses Google Gemini function-calling to select a banking-related capability (e.g., list transactions, list accounts, fetch account details), calls downstream ModernBank services via Spring Cloud OpenFeign, and maps results back to MCP-compliant payloads. It also attempts to resolve missing inputs (like accountId) by fetching available accounts and returning a pendingRequest for the user to choose.","use_cases":["Chat-based banking interactions (list transactions, view accounts/details)","Function-calling orchestration between an LLM and internal banking services","MCP-like routing layer that enriches missing parameters and prompts the client","Header/context propagation to downstream services for user-aware operations"],"not_for":["Production deployment without completing stubbed endpoints and unimplemented tool branches","Clients that expect the /v1/api/mcp/invoke and /v1/api/mcp/process-old routes to work","Use where strict rate-limit guarantees, retry/idempotency guidance, and robust error contracts are required","Security-sensitive environments without documented auth enforcement at the MCP endpoint"],"best_when":"You want an experimental MCP-style integration that routes LLM function calls to internal banking APIs and can tolerate incomplete tool implementations during early development.","avoid_when":"You need a fully implemented, well-specified MCP server with complete tool coverage, clear operational limits, and strong externally documented auth and reliability guarantees.","alternatives":["Direct integration with backend banking APIs plus a separate LLM tool orchestration layer (without MCP wrapper)","A REST/GraphQL gateway that exposes explicit banking endpoints and uses the LLM only for intent detection","An MCP server framework with autogenerated OpenAPI/MCP tooling contracts and comprehensive tool implementations","Agentic orchestration using function calling with strict schema validation and deterministic routing (no chat-to-transaction coupling)"],"af_score":47.2,"security_score":46.5,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T20:02:14.950110+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"/v1/api/mcp","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Header passthrough for Authorization and user context headers (Authorization, X-User-Id, X-User-Email, X-User-Role)"],"oauth":false,"scopes":false,"notes":"The service propagates incoming auth/user context headers to downstream Feign calls, but the README does not describe an explicit auth mechanism protecting the MCP endpoints themselves (e.g., API key/OAuth enforcement, scope checks)."},"pricing":{"model":"Google Gemini (model name mentioned: gemini-flash-","free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the server itself; costs depend on Gemini usage and downstream service calls."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":47.2,"security_score":46.5,"reliability_score":22.5,"mcp_server_quality":55.0,"documentation_accuracy":65.0,"error_message_quality":null,"error_message_notes":"The README notes that unknown/missing Gemini function calls close the streaming response and throw IllegalArgumentException surfaced as 500. Some tool branches (transfer_money, ATM_transaction_create) return null, which may cause ambiguous client-side failures.","auth_complexity":70.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":40.0,"scope_granularity":20.0,"dependency_hygiene":50.0,"secret_handling":55.0,"security_notes":"Security posture is partially implied: TLS is not explicitly guaranteed in the README, and auth enforcement at the MCP endpoints is not documented (the service mainly propagates Authorization and user context headers to downstream services). Secrets are referenced as a Gemini API key placeholder in application.yml; there is no detail on secret vaulting/log redaction. Scope granularity and fine-grained authorization checks are not described.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"No explicit idempotency behavior is documented for create/transfer-style operations; function routing is LLM-driven and tool branches may not be implemented.","pagination_style":"range-based/pagination parameters (listed as supported in transaction_list via pagination and range parameters)","retry_guidance_documented":false,"known_agent_gotchas":["Unimplemented routes: /v1/api/mcp/invoke returns null; /v1/api/mcp/process-old is unimplemented.","Tool coverage mismatch: transfer_money is registered in ServiceRegistry but not implemented in TransactionService#execute, causing IllegalArgumentException.","ATM_transaction_create returns null (ATM integration not wired).","If Gemini omits accountId, the service may return a pendingRequest requiring an additional user selection step."]}}