MYOB Codex MCP
Codex-safe MCP server for MYOB Business/AccountRight cloud. Provides read-only tools by default and mutating actions that require explicit approval before commit.
README
MYOB Codex MCP
Codex-safe MCP server for MYOB Business / AccountRight cloud.
The server is designed for two modes at the same time:
- Read-only tools are available by default.
- Mutating MYOB actions are available, but every create/update/delete/post/payment/banking/journal action is prepared first, then requires explicit accountant/user approval, then commits with a payload-bound approval token.
This repo is a clean-room implementation. The public fixxdigital/myob-mcp-server project informed endpoint coverage and OAuth shape, but source code is not copied because that repo did not expose a license when this project was created. The CData MYOB MCP repo informed the metadata/discovery pattern.
Status
Current implementation:
- Python package and stdio MCP server.
- MYOB OAuth URL, token exchange, refresh, logout, and encrypted token persistence.
- MYOB API client with headers, businessId path selection, pagination, 401 refresh, 429 backoff, and unsafe mutation retry protection.
- Read tools for accounts, tax codes, jobs, contacts, invoices, bills, payments, banking, inventory items, journals, and raw GET.
- Write preparation tools for raw API mutations and common accounting workflows.
- Approval broker with pending operations, approval phrase, signed approval token, payload hash binding, expiry, once-only commit, and JSONL audit logging.
- CLI approval helper.
- CI, tests, and docs.
Live MYOB sandbox acceptance requires real MYOB developer credentials and a sandbox/company file. Until credentials are provided, CI uses unit and contract tests with mocked MYOB behavior.
Install
cd C:\Users\jON\myob-codex-mcp
uv venv
uv pip install -e ".[dev]"
uv run pytest
Configure
Create %APPDATA%\myob-codex-mcp\config.toml:
[myob]
client_id = "${MYOB_CLIENT_ID}"
client_secret = "${MYOB_CLIENT_SECRET}"
redirect_uri = "http://127.0.0.1:33333/callback"
default_business_id = ""
[auth]
scopes = [
"sme-company-file",
"sme-general-ledger",
"sme-sales",
"sme-purchases",
"sme-banking",
"sme-contacts-customer",
"sme-contacts-supplier",
"sme-contacts-employee",
"offline_access"
]
[permissions]
allow_writes = true
approval_mode = "local_approval"
approval_ttl_seconds = 900
pending_ttl_seconds = 3600
Set secrets outside the repo:
$env:MYOB_CLIENT_ID = "..."
$env:MYOB_CLIENT_SECRET = "..."
Codex MCP Config
Codex can run this server as a local stdio MCP server:
[mcp_servers.myob]
command = "C:\\Users\\jON\\myob-codex-mcp\\.venv\\Scripts\\myob-codex-mcp.exe"
[mcp_servers.myob.env]
MYOB_CLIENT_ID = "..."
MYOB_CLIENT_SECRET = "..."
MYOB_CODEX_MCP_CONFIG = "C:\\Users\\jON\\AppData\\Roaming\\myob-codex-mcp\\config.toml"
You can append a starter config with:
.\scripts\codex-register.ps1
First Run
In Codex, call:
myob_oauth_authorize
If the localhost callback cannot be reached:
myob_oauth_authorize(manual=true)
myob_oauth_exchange_code(code="...", business_id="...")
Approval Flow
Writes are two-phase:
- Prepare the operation.
- Approve it.
- Commit it.
Example:
myob_invoice_prepare_create(json_body={...}, layout="Service")
myob_approval_approve(operation_id="op_...", approver="Jane Accountant", approval_phrase="APPROVE op_...")
myob_commit_operation(operation_id="op_...", approval_token="...")
The commit fails if:
- the operation was not approved;
- the approval token expired;
- the payload changed after approval;
- the operation was already committed;
- write tools are disabled;
- MYOB rejects the request.
Full Access Model
Named tools cover normal accounting workflows. For endpoint coverage beyond named tools, use:
myob_raw_get(path="/Some/Endpoint", params={...})
myob_raw_prepare_mutation(method="POST", path="/Some/Endpoint", json_body={...}, summary="...")
myob_raw_commit_mutation(operation_id="op_...", approval_token="...")
That keeps the MCP from artificially limiting MYOB access while still requiring human approval before mutation.
Security
- Logs go to stderr so stdout remains MCP JSON-RPC.
- OAuth tokens are encrypted at rest.
- Approval tokens are HMAC-signed and short-lived.
- Pending operation payloads are hash-bound to approvals.
- Audit logs redact secrets.
- Mutating timeout retries are blocked unless an idempotency key is available.
See docs/threat-model.md.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.