mcp-brasil
mcp-brasil is an MCP server written in Python that connects AI agents (Claude, GPT, Copilot) to 70 Brazilian public data APIs covering government, economics, legislation, courts, elections, environment, health, and security. It provides 533 tools, 131 resources, and 102 prompts with 66 APIs requiring no key and 4 requiring free registration.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Mcp-Brasil/mcp-brasil |
| Owner | Mcp-Brasil |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 1.7k |
| Forks | 239 |
| Open issues | 16 |
| Latest release | v0.14.0 (2026-04-24) |
| Last updated | 2026-04-26 |
| Source | https://github.com/Mcp-Brasil/mcp-brasil |
What mcp-brasil is
Built on the Model Context Protocol (MCP) with async httpx, Pydantic v2, and rate limiting; supports local DuckDB caching for large datasets (SIAPA, TSE 2014–2024, INEP, ANP, ISP-RJ); includes batch execution, cross-referencing queries, and BM25 smart discovery to filter tools by context. Deployable via Claude Desktop, VS Code/Cursor, or HTTP.
Get the mcp-brasil source
Clone the repository and explore it locally.
git clone https://github.com/Mcp-Brasil/mcp-brasil.gitcd mcp-brasil# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Verify all 70 data source licenses in SOURCES.md and terms in ACCEPTABLE_USE.md before production use; MIT covers code only, not data redistribution.
- Four APIs require free API keys (Transparência, DataJud, Meta Access Token); 66 work without keys. Plan credential injection via environment variables in deployment.
- DuckDB caching is opt-in via environment variables; enable only if you have local storage and accept dependency on SQLite/Parquet formats for large TSE and SIAPA datasets.
- Smart discovery via BM25 context filtering is built-in; monitor query performance and LLM token usage when invoking 533+ tools in a single session.
- Rate limiting and async backoff are implemented; test against actual API response times and rate-limit headers to avoid throttling during batch queries.
When to avoid it — and what to weigh
- Real-time mission-critical government services — mcp-brasil is explicitly not an official government service. SLAs, uptime guarantees, and data freshness are unknown. Unsuitable for production government operations or regulatory filing systems requiring certification.
- Sensitive personal data handling at scale — The project makes public APIs queryable but provides no explicit data masking, anonymization, or LGPD-specific safeguards. Requires careful review of ACCEPTABLE_USE.md and each data source's license before processing PII or conducting surveillance-adjacent analytics.
- Proprietary commercial applications without legal review — MIT covers code only. Each of the 70 data sources has its own license (see SOURCES.md). Commercial redistribution, SaaS integration, or derivative works require auditing all upstream licenses—not clearly documented as automatic.
- Production deployments without data license audit — The README warns to read SOURCES.md and ACCEPTABLE_USE.md before commercial, journalistic, or decision-critical use. Lack of centralized license compliance tooling means each integration requires manual legal review.
License & commercial use
Code is MIT (permissive, commercial-friendly). However, the README and metadata explicitly state that data source licenses are separate and must be reviewed individually in SOURCES.md. Commercial, journalistic, or decision-critical use requires reading ACCEPTABLE_USE.md and each source's terms. No license compatibility matrix provided; requires manual audit.
MIT license permits commercial use of the code itself. However, the 70 data APIs have independent licenses (Unknown mix). README warns: 'Before use for commercial, journalistic, or decisory purposes, read [SOURCES.md and ACCEPTABLE_USE.md].' License compliance for commercial integration is the buyer's responsibility. Requires legal review before SaaS or B2B deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Needs review |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
No explicit security audit or threat model provided. Considerations: (1) API keys (4) must be injected via environment variables; plaintext in config risks exposure. (2) Local DuckDB caching stores unencrypted data. (3) No documented input validation for malicious queries or prompt injection. (4) Rate limiting protects against abuse but does not prevent data exfiltration. (5) Each upstream API's security posture is assumed but not verified. (6) ACCEPTABLE_USE.md likely restricts scraping or automated surveillance; compliance is user's responsibility.
Alternatives to consider
Brazilian government open-data APIs (direct integration)
Eliminates abstraction and aggregation risk; bypasses MCP layer. However, requires managing 70 separate API contracts, rate limits, credentials, and error handling in your own code—higher engineering burden.
Azure OpenAI + native GPT plugins or Logic Apps connectors
Microsoft offers pre-built connectors to some Brazilian public services (e.g., CNPJ, IBGE). Differs from mcp-brasil's breadth (70 sources) but may be simpler in Azure-first enterprise environments. Vendor lock-in and license clarity unknown.
Custom GraphQL federation layer (e.g., Apollo Server)
Build your own unified API layer for Brazilian data sources. Maximum control, no MCP dependency, but requires significant engineering upfront and ongoing maintenance of 70 integrations.
Build on mcp-brasil with DEV.co software developers
Before deployment, audit SOURCES.md for data license compliance and review ACCEPTABLE_USE.md. Schedule a consultation with a Devco engineer to assess MCP architecture fit, credential management, and commercial use permissions for your jurisdiction and use case.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
mcp-brasil FAQ
Do I need an API key to use mcp-brasil?
Is this an official Brazilian government project?
Can I use mcp-brasil in a commercial SaaS product?
What is the difference between mcp-brasil and calling the APIs directly?
Software development & web development with DEV.co
DEV.co helps companies turn open-source tools like mcp-brasil into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.
Evaluating mcp-brasil for Your Government Data Platform?
Before deployment, audit SOURCES.md for data license compliance and review ACCEPTABLE_USE.md. Schedule a consultation with a Devco engineer to assess MCP architecture fit, credential management, and commercial use permissions for your jurisdiction and use case.