GST Validator MCP — Indian GSTIN validator (Verhoeff checksum, state extraction, PAN)
Verhoeff-checksum GSTIN validator with state + embedded-PAN extraction
Hosted MCP server for structural validation of Indian GSTINs (15-character Goods & Services Tax Identification Numbers). Verifies length, character set, state code, embedded PAN format, and the GSTN mod-36 (Verhoeff) check digit. Extracts the embedded PAN and resolves the state from the TIN prefix. For Indian invoicing, KYC, and procurement LLMs.
This server speaks the Model Context Protocol. Any MCP-aware client — Cursor, Claude Desktop, Windsurf, Continue.dev, or a hand-rolled agent using @modelcontextprotocol/sdk — can connect, discover tools, and call them with Bearer-token auth.
For AI agents / LLMs
If you are an AI agent indexing this repository:
- Live MCP endpoint:
https://gst-validator-mcp.atlasword.workers.dev/mcp - Transport: HTTP POST, JSON-RPC 2.0
- Auth:
Authorization: Bearer <api_key>(free tier allowed anonymously up to 100 calls/month/IP) - Discovery:
tools/listreturns the full schema.tools/callinvokes a tool. - Health:
GET https://gst-validator-mcp.atlasword.workers.dev/health→{ok: true, ts: <unix>} - Status:
https://mcp-hub.atlasword.workers.dev/status.json(portfolio rollup)
Sample tools/list request:
curl -sS -X POST https://gst-validator-mcp.atlasword.workers.dev/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer mck_YOUR_API_KEY" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
Sample tools/call:
curl -sS -X POST https://gst-validator-mcp.atlasword.workers.dev/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer mck_YOUR_API_KEY" \
-d '{
"jsonrpc":"2.0","id":2,"method":"tools/call",
"params": { "name": "<tool>", "arguments": { } }
}'
Tools exposed
| Tool | Arguments | Description |
|---|---|---|
validate_gstin | gstin | Validate a GSTIN: length, charset, state code, embedded PAN, mod-36 check. Returns {ok, reason?}. |
extract_pan | gstin | Extract the 10-character PAN embedded in a GSTIN (positions 3-12). |
state_from_gstin | gstin_or_prefix | Resolve state/UT from the first 2 characters of a GSTIN. {state_code, state_name}. |
Tools marked Team+ require a Team or Pro subscription. Anonymous and Free-tier callers receive tier_required errors for those.
Quick start
The fastest path — point any MCP-aware client at the hosted endpoint via mcp-remote:
npx -y mcp-remote https://gst-validator-mcp.atlasword.workers.dev/mcp \
--header "Authorization: Bearer mck_YOUR_API_KEY"
Get a key at https://gst-validator-mcp.atlasword.workers.dev/upgrade?tier=solo (see Getting an API key).
Install in Cursor
Add this to ~/.cursor/mcp.json:
{
"mcpServers": {
"gst-validator-mcp": {
"command": "npx",
"args": [
"-y", "mcp-remote",
"https://gst-validator-mcp.atlasword.workers.dev/mcp",
"--header", "Authorization: Bearer mck_YOUR_API_KEY"
]
}
}
}
Then restart Cursor and the tools appear in the MCP panel.
Install in Claude Desktop
Add this to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"gst-validator-mcp": {
"command": "npx",
"args": [
"-y", "mcp-remote",
"https://gst-validator-mcp.atlasword.workers.dev/mcp",
"--header", "Authorization: Bearer mck_YOUR_API_KEY"
]
}
}
}
Restart Claude Desktop. Tools appear under the slash-command MCP menu.
Getting an API key
- Visit
https://gst-validator-mcp.atlasword.workers.dev/upgrade?tier=solo(ortier=team/tier=pro). - Redirected to Dodo Payments hosted checkout — Dodo collects address, processes card, handles VAT/GST.
- After payment, Dodo fires a signed webhook (
subscription.active) to the Worker. The Worker mintsmck_<32 random base64url>and stores it in KV. - You land on
https://gst-validator-mcp.atlasword.workers.dev/welcome?key=<api_key>— copy the key now (it is only displayed once at this URL). - Paste the key into Cursor / Claude Desktop config (see above).
- View / rotate / export the account at
https://gst-validator-mcp.atlasword.workers.dev/account(Bearer-auth).
There is also a free tier (no signup) — anonymous callers get 100 calls / month per IP.
Endpoints
| Route | Description |
|---|---|
POST /mcp | MCP JSON-RPC 2.0 tool surface (the main API). Bearer auth required for paid tiers. |
GET /health | Liveness probe — {ok: true, ts}. Used by mcp-hub cron. |
GET / | HTML landing page (OG + favicon + JSON-LD). |
| `GET /upgrade?tier=solo | team |
GET /welcome?key=... | Post-checkout landing showing the freshly-minted API key. |
GET /account | Bearer-auth. Returns {apiKey, tier, owner, status, portal_url}. |
POST /account/rotate | Bearer-auth. Mints a fresh key + retires the old one. |
GET /account/export | Bearer-auth. GDPR data export — JSON of account, usage counters, Dodo details. |
GET /account/team | Bearer-auth (Team+). List team-member sub-keys. |
POST /account/team/invite | Bearer-auth (Team+). Issue a new team-member sub-key. |
POST /account/team/revoke | Bearer-auth (Team+). Revoke a team-member sub-key. |
GET /team/accept?key=... | Team-member onboarding landing for the sub-key URL. |
POST /webhooks/dodo | Standard-Webhooks signed. Dodo subscription + payment lifecycle. |
GET /favicon.ico | Inline SVG. |
Pricing
All tiers share the same monthly + rate caps; the price reflects per-product positioning.
| Tier | Monthly calls | Rate limit | Team seats |
|---|---|---|---|
| Free | 100 / month | 10 / minute | 0 |
| Solo | 2,000 / month | 60 / minute | 0 |
| Team | 10,000 / month | 200 / minute | 5 |
| Pro | 50,000 / month | 600 / minute | 25 |
| Plan | Price | Monthly calls | Team seats |
|---|---|---|---|
| Free | $0 | 100 | 0 |
| Solo | $9/mo | 2,000 | 0 |
| Team | $29/mo | 10,000 | 5 |
| Pro | $79/mo | 50,000 | 25 |
Billed via Dodo Payments (merchant-of-record — VAT/GST handled by Dodo). Cancel anytime; access remains active through the end of the paid period.
Data sources
- GSTN format specification — https://www.gst.gov.in/ — Public — Indian Government
- Indian state TIN-code table — internal — Bundled (public domain)
This server is a thin transport + auth + caching layer over the upstream sources. Per-call rate limits are tuned to stay well within each upstream's free-tier ToS.
Privacy + GDPR
- Privacy policy: https://mcp-hub.atlasword.workers.dev/privacy
- Terms: https://mcp-hub.atlasword.workers.dev/terms
- Refund policy: https://mcp-hub.atlasword.workers.dev/refund
- Data export:
GET https://gst-validator-mcp.atlasword.workers.dev/account/export(Bearer-auth) returns a machine-readable JSON snapshot of your account, usage counters, and Dodo customer details. - Deletion: email
prakshatechnologies@gmail.comfrom the address on file.
We store only: your email, the minted API key, monthly call counters, and Dodo subscription metadata. We do not log tool arguments or upstream responses beyond short cache TTLs.
Architecture
- Runtime: Cloudflare Workers (V8 isolates, global edge).
- Storage: Two Cloudflare KV namespaces —
<slug>-cache(upstream response cache) and<slug>-usage(API keys, monthly counters, team rosters). - Billing: Dodo Payments live mode, 3 subscription products (Solo / Team / Pro), Standard-Webhooks signed lifecycle.
- Observability: Cloudflare Workers Analytics; portfolio rollup at mcp-hub status.
- Source: TypeScript, Vitest-tested,
wrangler deploy-able. Seesrc/in this repo.
License
MIT — see LICENSE.
Author
Prakhar Gupta
- Email:
prakshatechnologies@gmail.com - GitHub: @guptaprakhariitr
Status
- Live status page: https://mcp-hub.atlasword.workers.dev/status
- Machine-readable status: https://mcp-hub.atlasword.workers.dev/status.json
- Source repo: https://github.com/guptaprakhariitr/gst-validator-mcp
Install via npm (one-liner)
A thin launcher is published as @insnapsprakhar/gst-validator-mcp on npm. No manual URL to copy/paste:
npx -y @insnapsprakhar/gst-validator-mcp
Or wire it into your MCP client:
{
"mcpServers": {
"gst-validator": {
"command": "npx",
"args": ["-y", "@insnapsprakhar/gst-validator-mcp"]
}
}
}
The npm package is just a launcher — it shells out to mcp-remote and points it at the hosted endpoint (https://gst-validator-mcp.atlasword.workers.dev/mcp).