{"id":"semihshn-craftgate-mcp-server","name":"craftgate_mcp_server","homepage":null,"repo_url":"https://github.com/semihshn/craftgate_mcp_server","category":"payments","subcategories":[],"tags":["mcp","payments","spring-boot","stdio","craftgate","agent-tools","java"],"what_it_does":"Spring Boot–based MCP (Model Context Protocol) server that integrates with Craftgate payment APIs to query/report/manage payment data, intended to run as an MCP stdio server via `-Dspring.ai.mcp.server.stdio=true` and a local JAR.","use_cases":["Querying payment information through an MCP-enabled agent workflow","Generating summaries/reports over Craftgate payment data","Integrating Craftgate payment lookups into AI-assisted operations via MCP tools"],"not_for":["Direct customer-facing payment processing UI","High-throughput, latency-critical payment systems without additional architecture","Producing compliance-ready audit trails without additional logging/controls"],"best_when":"You want an on-prem/local MCP stdio tool that an AI agent can call to fetch and interpret Craftgate payment data (sandbox or controlled environment).","avoid_when":"You cannot safely manage Craftgate API credentials in configuration, or you need strong documented operational guarantees (SLA, retry/idempotency semantics, rate-limit handling) from this project out of the box.","alternatives":["Using Craftgate API directly from your own backend and exposing results to agents via your own tool layer","A dedicated integration microservice with OpenAPI + structured error handling and explicit retry/idempotency policies","Another MCP payment integration that provides richer tool schema/docs and clear operational guidance"],"af_score":36.5,"security_score":42.2,"reliability_score":12.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T20:01:32.221286+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["Java"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Craftgate API key","Craftgate secret key"],"oauth":false,"scopes":false,"notes":"Authentication is configured via `application.properties` with `craftgate.api-key` and `craftgate.secret-key`. No OAuth/scopes are documented for the MCP layer."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the MCP server is provided; Craftgate API usage may incur costs depending on Craftgate’s terms."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":36.5,"security_score":42.2,"reliability_score":12.5,"mcp_server_quality":55.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":0.0,"tls_enforcement":50.0,"auth_strength":65.0,"scope_granularity":20.0,"dependency_hygiene":40.0,"secret_handling":30.0,"security_notes":"Transport security for outbound Craftgate calls is not documented; assumes HTTPS via `craftgate.base-url` (sandbox) but TLS enforcement is not explicit. Authentication uses API key + secret, but no rotation, scope restriction, or secrets-management guidance is described. Credentials appear to be stored in `application.properties`, which can be risky if the file is checked in or logged.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":0.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Stdio MCP requires correct JVM arg `-Dspring.ai.mcp.server.stdio=true`; misconfiguration can prevent tool availability","The README does not document the specific MCP tool names/schemas, output formats, pagination, or whether operations are idempotent/safe to retry","Secrets are configured in `application.properties`, which agents/automation might accidentally expose if logs/config management are not handled carefully"]}}