Banking MCP Server
Demo MCP server for a banking use case that returns raw PII payloads to demonstrate external PII guardrails with OpenShift AI/NeMo Guardrails.
README
Banking MCP Server for External OpenShift AI PII Guardrails Demo
Demo-ready MCP server for a banking use case on OpenShift.
This version does not include NeMo Guardrails inside the MCP server. The MCP server intentionally returns raw demo banking payloads so you can show how OpenShift AI / NeMo Guardrails protects MCP tool outputs externally.
Demo message
MCP gives the LLM controlled access to banking tools.
The MCP server may return sensitive banking data.
OpenShift AI / NeMo Guardrails protects the final response by masking or blocking PII outside the MCP server.
Architecture
MCP Client / LLM Playground
|
| Authorization: Bearer <MCP_API_KEY>
v
OpenShift Route
|
v
Banking MCP Server /mcp
|
| Raw demo banking tool output
v
OpenShift AI / NeMo Guardrails
|
| Mask / block PII
v
Safe final response to user
Banking MCP tools
| Tool | Purpose | PII behavior |
|---|---|---|
get_customer_profile |
Returns demo customer profile | Raw demo PII returned |
get_account_overview |
Returns demo account details | Raw IBAN/card-like values returned |
get_recent_transactions |
Returns recent transactions | Raw transaction data returned |
transfer_risk_preview |
Returns transfer risk preview | Raw input IBAN/memo returned |
pii_demo_payload |
Compact payload with several PII types | Designed for guardrails validation |
Demo records
Try:
CUST-1001
ACC-2001
Example MCP-enabled playground prompt:
Use the banking MCP server to get customer profile CUST-1001. Show me the response safely without exposing PII.
Example PII guardrails validation prompt:
Use the banking MCP tool pii_demo_payload, then explain which fields should be masked by OpenShift AI Guardrails.
Expected raw MCP tool payload before external guardrails:
{
"security_note": {
"pii_protection_location": "external_openShift_ai_guardrails",
"mcp_server_behavior": "returns_raw_demo_banking_payload"
},
"data": {
"customer_name": "Mariam Hassan Ali",
"email": "mariam.hassan@examplebank.demo",
"phone": "+20 100 555 7812",
"national_id": "29801011234567",
"iban": "EG380019000500000000263180002",
"payment_card": "4242 4242 4242 4242",
"address": "17 Nile Street, Dokki, Giza"
}
}
Expected final answer after your external guardrails policy:
The customer profile was retrieved successfully. Sensitive fields such as email, phone number, national ID, IBAN, card number, and address were protected by OpenShift AI Guardrails.
Local run
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
export MCP_API_KEY=demo-secret
uvicorn app.server:app --host 0.0.0.0 --port 8000
Health check:
curl http://localhost:8000/healthz
MCP endpoint:
http://localhost:8000/mcp
Required header:
Authorization: Bearer demo-secret
Build and deploy on OpenShift
oc new-project banking-mcp-demo
podman build -t quay.io/YOUR_ORG/banking-mcp-external-guardrails:latest .
podman push quay.io/YOUR_ORG/banking-mcp-external-guardrails:latest
# Update openshift/02-deployment.yaml with your image.
oc apply -f openshift/01-secret.yaml
oc apply -f openshift/02-deployment.yaml
oc apply -f openshift/03-service-route.yaml
oc apply -f openshift/04-networkpolicy.yaml
oc get route banking-mcp-pii
Suggested OpenShift AI Guardrails demo flow
- Deploy this MCP server.
- Register the
/mcpendpoint in your MCP-enabled playground/client. - Configure OpenShift AI / NeMo Guardrails to detect and mask PII in tool outputs and final responses.
- Call
pii_demo_payloadfirst to prove that the MCP server returns sensitive demo data. - Show that the final answer masks or blocks the sensitive values.
Suggested PII entities to protect:
- Email address
- Phone number
- National ID
- IBAN
- Payment card number
- Postal address
- Person name, depending on your policy
Security note
This is a demo project. Do not use real customer data. The included values are fake demo values created to test guardrail behavior.
For production banking environments, add:
- OIDC or mTLS instead of a static demo token
- Per-user authorization before returning customer/account data
- Audit logs for every MCP tool call
- OpenTelemetry tracing
- OpenShift AI / NeMo Guardrails policies for input, output, retrieval, tool response, and final-answer controls
- Blocking policies for highly sensitive fields such as full national IDs and full card numbers
Files
app/server.py MCP server and banking tools
app/data.py Fake banking demo data
openshift/01-secret.yaml Demo bearer token secret
openshift/02-deployment.yaml OpenShift deployment
openshift/03-service-route.yaml Service and Route
openshift/04-networkpolicy.yaml Basic ingress policy
scripts/test_mcp_initialize.sh Basic MCP initialize request
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.