DEV.co
MCP Servers · Mcp-Brasil

mcp-brasil

mcp-brasil is an MCP server written in Python that connects AI agents (Claude, GPT, Copilot) to 70 Brazilian public data APIs covering government, economics, legislation, courts, elections, environment, health, and security. It provides 533 tools, 131 resources, and 102 prompts with 66 APIs requiring no key and 4 requiring free registration.

Source: GitHub — github.com/Mcp-Brasil/mcp-brasil
1.7k
GitHub stars
239
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryMcp-Brasil/mcp-brasil
OwnerMcp-Brasil
Primary languagePython
LicenseMIT — OSI-approved
Stars1.7k
Forks239
Open issues16
Latest releasev0.14.0 (2026-04-24)
Last updated2026-04-26
Sourcehttps://github.com/Mcp-Brasil/mcp-brasil

What mcp-brasil is

Built on the Model Context Protocol (MCP) with async httpx, Pydantic v2, and rate limiting; supports local DuckDB caching for large datasets (SIAPA, TSE 2014–2024, INEP, ANP, ISP-RJ); includes batch execution, cross-referencing queries, and BM25 smart discovery to filter tools by context. Deployable via Claude Desktop, VS Code/Cursor, or HTTP.

Quickstart

Get the mcp-brasil source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Mcp-Brasil/mcp-brasil.gitcd mcp-brasil# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Government Transparency & Accountability Queries

Real-time cross-referencing of federal contracts, spending, official sanctions, and audit records (TCU, Portal da Transparência, TCE-SP/RJ/RS/PE/CE/ES/RN/PI/SC/TO/PA) for investigative journalism, compliance auditing, or policy research without custom API integration.

Electoral & Legislative Intelligence

Unified access to candidate data, campaign donations, voting records, and bill proposals (TSE 2014–2024, Câmara, Senado, Meta ads library) for political analysis, donor tracking, or legislative monitoring via natural language queries without manual scraping.

Economic & Macro Research

Fast historical access to BACEN series (Selic, IPCA, exchange rates, +190 time series), BNDES operations, and IPEADATA regional macro indicators for economic modeling, inflation analysis, or trend reports integrated into multi-source AI queries.

Implementation considerations

  • Verify all 70 data source licenses in SOURCES.md and terms in ACCEPTABLE_USE.md before production use; MIT covers code only, not data redistribution.
  • Four APIs require free API keys (Transparência, DataJud, Meta Access Token); 66 work without keys. Plan credential injection via environment variables in deployment.
  • DuckDB caching is opt-in via environment variables; enable only if you have local storage and accept dependency on SQLite/Parquet formats for large TSE and SIAPA datasets.
  • Smart discovery via BM25 context filtering is built-in; monitor query performance and LLM token usage when invoking 533+ tools in a single session.
  • Rate limiting and async backoff are implemented; test against actual API response times and rate-limit headers to avoid throttling during batch queries.

When to avoid it — and what to weigh

  • Real-time mission-critical government services — mcp-brasil is explicitly not an official government service. SLAs, uptime guarantees, and data freshness are unknown. Unsuitable for production government operations or regulatory filing systems requiring certification.
  • Sensitive personal data handling at scale — The project makes public APIs queryable but provides no explicit data masking, anonymization, or LGPD-specific safeguards. Requires careful review of ACCEPTABLE_USE.md and each data source's license before processing PII or conducting surveillance-adjacent analytics.
  • Proprietary commercial applications without legal review — MIT covers code only. Each of the 70 data sources has its own license (see SOURCES.md). Commercial redistribution, SaaS integration, or derivative works require auditing all upstream licenses—not clearly documented as automatic.
  • Production deployments without data license audit — The README warns to read SOURCES.md and ACCEPTABLE_USE.md before commercial, journalistic, or decision-critical use. Lack of centralized license compliance tooling means each integration requires manual legal review.

License & commercial use

Code is MIT (permissive, commercial-friendly). However, the README and metadata explicitly state that data source licenses are separate and must be reviewed individually in SOURCES.md. Commercial, journalistic, or decision-critical use requires reading ACCEPTABLE_USE.md and each source's terms. No license compatibility matrix provided; requires manual audit.

MIT license permits commercial use of the code itself. However, the 70 data APIs have independent licenses (Unknown mix). README warns: 'Before use for commercial, journalistic, or decisory purposes, read [SOURCES.md and ACCEPTABLE_USE.md].' License compliance for commercial integration is the buyer's responsibility. Requires legal review before SaaS or B2B deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityNeeds review
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

No explicit security audit or threat model provided. Considerations: (1) API keys (4) must be injected via environment variables; plaintext in config risks exposure. (2) Local DuckDB caching stores unencrypted data. (3) No documented input validation for malicious queries or prompt injection. (4) Rate limiting protects against abuse but does not prevent data exfiltration. (5) Each upstream API's security posture is assumed but not verified. (6) ACCEPTABLE_USE.md likely restricts scraping or automated surveillance; compliance is user's responsibility.

Alternatives to consider

Brazilian government open-data APIs (direct integration)

Eliminates abstraction and aggregation risk; bypasses MCP layer. However, requires managing 70 separate API contracts, rate limits, credentials, and error handling in your own code—higher engineering burden.

Azure OpenAI + native GPT plugins or Logic Apps connectors

Microsoft offers pre-built connectors to some Brazilian public services (e.g., CNPJ, IBGE). Differs from mcp-brasil's breadth (70 sources) but may be simpler in Azure-first enterprise environments. Vendor lock-in and license clarity unknown.

Custom GraphQL federation layer (e.g., Apollo Server)

Build your own unified API layer for Brazilian data sources. Maximum control, no MCP dependency, but requires significant engineering upfront and ongoing maintenance of 70 integrations.

Software development agency

Build on mcp-brasil with DEV.co software developers

Before deployment, audit SOURCES.md for data license compliance and review ACCEPTABLE_USE.md. Schedule a consultation with a Devco engineer to assess MCP architecture fit, credential management, and commercial use permissions for your jurisdiction and use case.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

mcp-brasil FAQ

Do I need an API key to use mcp-brasil?
66 of the 70 APIs require no key. Four require free registration: Transparência, DataJud, Meta Access Token. Set them via environment variables; the server gracefully handles missing keys for optional APIs.
Is this an official Brazilian government project?
No. mcp-brasil is an independent project. The README explicitly disclaims affiliation with the Brazilian government or any of the 70 data sources. Each data source has its own license; commercial or decision-critical use requires legal review of SOURCES.md and ACCEPTABLE_USE.md.
Can I use mcp-brasil in a commercial SaaS product?
The code (MIT) permits commercial use. However, the 70 data APIs have independent licenses (not all clear). You must audit SOURCES.md and each source's terms. Some may prohibit commercial redistribution or require attribution. Legal review is mandatory before deployment.
What is the difference between mcp-brasil and calling the APIs directly?
mcp-brasil abstracts 70 APIs into 533 unified tools, handles rate limiting, provides local caching for large datasets, and integrates with Claude/LLMs via MCP. Direct API calls offer more control but require manual integration of each endpoint.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like mcp-brasil into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.

Evaluating mcp-brasil for Your Government Data Platform?

Before deployment, audit SOURCES.md for data license compliance and review ACCEPTABLE_USE.md. Schedule a consultation with a Devco engineer to assess MCP architecture fit, credential management, and commercial use permissions for your jurisdiction and use case.