PPactDocs
MCP & AI agents

MCP SDKs

Official TypeScript and Python SDKs for Pact's consent-native MCP server — consume Pact from your app, or build and publish your own MCP tools.

Pact exposes your consent-native CRM over the Model Context Protocol (MCP) at https://api.pact.place/mcp. The official SDKs let you do two things:

  1. Consume Pact — call Pact's tools (query_accounts, ask_workspace, fire_agent, …) from your own app or AI agent, with typed wrappers.
  2. Extend Pact — build your own MCP server and publish it into Pact's federation marketplace, governed per-tool.

Every SDK ships the Pact differentiators as defaults: consent filtering, BYOK decryption, an audit trail, and cost-attribution — guardrails most MCP SDKs leave to you.

TypeScript client

@pact/mcp-client — Pact in a Next.js app in under 10 lines.

Python client

pact-mcp-client — async, with LangChain / AutoGen / LlamaIndex shims.

Build & publish tools

pact-mcp-server + the pact CLI — scaffold, dev, and publish an MCP server.

Tool reference

Every tool Pact's MCP server exposes, with parameters and scopes.

MCP showcase

What Pact-over-MCP looks like end to end.

Pick a package

PackageLanguageUse it to
@pact/mcp-clientTypeScriptCall Pact's tools from Node / edge / a Next.js app
pact-mcp-clientPythonCall Pact's tools from async Python or an AI agent
pact-mcp-serverPythonBuild an MCP server + the pact CLI (scaffold/publish)
@pact/mcp-serverTypeScriptBuild an MCP server in TypeScript

Authentication, in one line

Both clients take either a scoped API key (pact_live_* / pact_test_*, created at Settings → API keys) or OAuth client credentials. Tools are scoped — a key needs read:accounts, read:deals, etc. for the tools it calls. See Auth & scopes on each client page.

Note

The Pact MCP server returns complete (unary) JSON responses today — it does not stream tokens. The clients expose an honest streaming surface (askWorkspaceStream) for rendering a thinking state; its shape won't change if streaming lands later.

The four guardrails, surfaced

  • Consent — every read result reports consent_filtered (records hidden because the subject withdrew consent). Agent runs come back blocked when an agent reads PII about a withdrawn subject — that's data, not an error.
  • BYOK — contact PII is decrypted per-tenant server-side before it reaches you.
  • Audit — every call is recorded and tenant-scoped.
  • Cost — AI tools report cost_cents; the clients sum it and expose an onCost hook so you can budget per request.