Credit Bureau MCP Server — a credit-reporting platform: consumers, credit reports (tradelines/inquiries/public records), scores + factors, permissible-purpose-gated pulls with hard inquiries, FCRA disputes, and affordability analytics; FCRA-style access logging
Credit Bureau MCP Server
A credit-reporting (credit bureau) platform for ADK-Rust Enterprise banking agents. 14 MCP tools covering consumers, credit reports (tradelines, inquiries, public records), scores with reason factors, permissible-purpose-gated report pulls that record a hard inquiry, FCRA disputes, monitoring alerts, and affordability/decision analytics — with an FCRA-style access log on every consumer-scoped access.
⚠️ Regulated, PII-sensitive domain. Accessing a consumer report requires a permissible purpose; every access is logged. This is a reference engine with fictitious data — see FCRA posture.
A platform, not a point solution
This is modeled as a general credit-bureau backbone (the layer behind a CRA / bureau access API), so banking decisioning agents are clients of one shared system:
| Agent | Domain | Uses |
|-------|--------|------|
| Loan Underwriting Assistant | banking | pull_credit_report (credit_application = hard), get_score, affordability |
| Credit Limit Review Agent | banking | pull_credit_report (account_review = soft), get_score, affordability, alerts |
Architecture
Capabilities
- Consumers — fictitious identities (SSN as a reference handle, minimal address PII) with a security freeze flag.
- Credit file — tradelines (revolving/installment/mortgage/auto/student) with balances, limits, payments, lates; public records (bankruptcy/lien/judgment); inquiries.
- Scores — a transparent 300–850 rule-based model (utilization, delinquencies, derogatory accounts, public records, hard inquiries, thin file, age) with adverse-action reason factors. (Reference model, not FICO/VantageScore.)
- Report pulls —
pull_credit_reportassembles the file under a stated permissible purpose;credit_applicationis a hard inquiry (affects score), others are soft. - Affordability — utilization, monthly obligations, and DTI vs a stated income (healthy/elevated/high) for underwriting and limit review.
- Disputes — FCRA disputes flag the tradeline and set a ~30-day reinvestigation due date; resolution clears the flag.
- Monitoring — alerts (new inquiry, delinquency, etc.).
FCRA posture
- Permissible purpose required —
pull_credit_reporttakes aPermissiblePurposeand records it. New-credit applications are hard inquiries; account review / collection / consumer disclosure / employment are soft. - Accounting of disclosures — every consumer-scoped access (identity read, search, pull, score, affordability, alerts, disputes) is written to a per-consumer access log (
access_log); consumer-scoped tools require anactor. - Security freeze — a frozen consumer's new-credit (hard) pulls are blocked until the freeze is lifted; soft account-review pulls remain allowed.
- Consumer rights —
file_dispute/resolve_disputemodel FCRA reinvestigation;set_freezemodels the freeze right. - Gated, high-impact writes —
pull_credit_report(external_write, records a hard inquiry affecting the score) andresolve_dispute(changes what's reported) require approval. - Reference engine — fictitious data; SSNs are handles. A production deployment must enforce FCRA, GLBA, ECOA/Reg B, and adverse-action notice requirements with real controls, identity proofing, and audited access — software gates here are defense-in-depth, not compliance.
Tools (14)
Consumers (4)
create_consumer · get_consumer · find_consumers · set_freeze
Credit File (2)
add_tradeline · add_public_record
Reports & Scoring (3)
pull_credit_report (gated, external, permissible-purpose) · get_score · affordability
Disputes, Monitoring & Disclosure (5)
file_dispute · resolve_dispute (gated) · list_disputes · alerts · access_log
Example
// Underwriting: a permissible-purpose hard pull, then decision analytics
{"name": "pull_credit_report", "arguments": {"actor": "uw.agent", "consumer_id": "CON-1001",
"purpose": "credit_application", "requester": "BankA Underwriting"}}
{"name": "affordability", "arguments": {"actor": "uw.agent", "consumer_id": "CON-1001", "monthly_income": 6000}}
// FCRA: dispute + accounting of disclosures
{"name": "file_dispute", "arguments": {"consumer_id": "CON-1004", "tradeline_id": "TRL-1005", "reason": "not mine"}}
{"name": "access_log", "arguments": {"actor": "examiner", "consumer_id": "CON-1001"}}
Install & run
cargo install mcp-credit-bureau
mcp-credit-bureau # serves MCP over stdio
Or build from source:
git clone https://github.com/zavora-ai/mcp-credit-bureau
cd mcp-credit-bureau && cargo build --release
./target/release/mcp-credit-bureau
Registry manifest
server_id = "mcp_credit_bureau"
display_name = "Credit Bureau"
version = "1.0.0"
domain = "banking"
risk_level = "high"
writes_allowed = "gated"
The full mcp-server.toml declares all 14 tools with risk classes and approval gates for registry onboarding.
License
Apache-2.0