ArmorIQ FastMCP Banking Server

📌 Overview

This project is a Python-based FastMCP (Model Context Protocol) server built as part of the ArmorIQ Intern Recruitment Assignment. The server exposes MCP tools and HTTP endpoints for a simple banking use case and is backed by a SQL database. The application is deployed on a public cloud and its security posture has been validated using ArmorIQ security tools.

The focus of this project is backend architecture, MCP usage, cloud deployment, and security validation — not frontend UI development.

---

🧠 What is Implemented

✔ MCP Tools (FastMCP)

The following domain-specific MCP tools are implemented using @mcp.tool():

• create_account
• deposit
• withdraw
• get_balance
• transaction_history

These tools expose controlled, typed banking operations that can be consumed by MCP-compatible agents.

---

✔ HTTP Endpoints (FastAPI)

To ensure public accessibility and compatibility with security scanners, HTTP endpoints are also exposed:

Endpoint	Method	Description
/api/create-account	POST	Create a new bank account
/api/deposit	POST	Deposit funds into an account
/api/withdraw	POST	Withdraw funds from an account
/api/balance/{account_id}	GET	Retrieve account balance
/api/transactions/{account_id}	GET	View transaction history

These endpoints internally invoke shared business logic that is also used by the MCP tools.

---

✔ Database (SQL)

• SQLite is used as the SQL database

• Tables:

  • accounts
  • transactions

• Supports persistent storage of balances and transaction history

SQLite is bundled with Python and avoids exposing external database credentials, reducing attack surface.

---

🏗 Architecture Overview

AI Agent
   │
MCP Tools (FastMCP)
   │
Shared Business Logic
   │
SQL Database (SQLite)
   │
HTTP Endpoints (FastAPI)
   │
Swagger UI / Security Scanners

This separation ensures:

• Clean architecture
• No duplication of logic
• Safe exposure of capabilities

---

🚀 Deployment

• Cloud Provider: Render
• Runtime: Python 3
• Public URL: Accessible over HTTPS

The server is deployed as a public web service and can be accessed via:

https://armoriq-fastmcp-banking.onrender.com/

Swagger API documentation is available at:

/docs

---

🔐 Security Validation

The deployed server was scanned using:

1. ArmorIQ Sentry (VS Code Extension)

   • Static and dynamic security analysis of exposed endpoints

2. ArmorIQ Landing Page Scan Tool

   • Public-facing security posture validation

Scan results confirmed that the system meets current security standards, with no immediate security actions required.

Note: MCP tools are registered within the FastMCP runtime and are not directly discoverable via HTTP-based scanning tools. This behavior is expected.

---

📂 Project Structure

armoriq-fastmcp-banking/
├── main.py           # FastAPI + FastMCP server
├── database.py       # Database initialization
├── bank.db           # SQLite database
├── requirements.txt  # Python dependencies
└── README.md         # Project documentation

---

▶ Run Locally

pip install -r requirements.txt
uvicorn main:app --reload

Then open:

http://127.0.0.1:8000/docs

---

🎯 Key Takeaways

• Demonstrates correct usage of FastMCP tools
• Implements real SQL-backed operations
• Deployed on a public cloud
• Validated using ArmorIQ security tools
• Designed with security-first and clean architecture principles

---

👤 Author

Sharvari Patil ArmorIQ Intern Recruitment Assignment