The TracePass MCP server lets an AI assistant drive the TracePass platform directly — list and create products, build and audit Digital Product Passports, set economic-operator parties, and read or capture GS1 EPCIS supply-chain events. It speaks the full Model Context Protocol: tools, resources, and prompts. Connect a hosted endpoint or run it locally via npx — both authenticate with the same tp_ API keys as the v1 API. Source on GitHub, published as tracepass-mcp-server on npm. Listed in the official MCP Registry as eu.tracepass/tracepass.
What it is
MCP is an open protocol that lets an AI assistant call external tools and read external data through a single, standard interface. The TracePass MCP server is a thin, stateless adapter in front of the TracePass v1 API — it has no database of its own; every tool call and resource read goes straight through to the same API your other integrations use, so authentication, plan gating, and rate limits all behave identically. There are two ways to connect it. The hosted server runs at https://ai.tracepass.eu/mcp over HTTP — nothing to install, always current. The local server is the tracepass-mcp-server npm package, launched as a subprocess by your MCP client and speaking MCP over stdio.
Connecting (hosted)
Point your MCP client at the hosted endpoint and pass your API key as a Bearer token. Mint a key in the dashboard under Developer → API Keys — it is the same tp_key the v1 API uses. Add this block to your client's MCP configuration:
{
"mcpServers": {
"tracepass": {
"url": "https://ai.tracepass.eu/mcp",
"headers": { "Authorization": "Bearer tp_YOUR_KEY" }
}
}
}Connecting (local / npx)
For a local setup, your MCP client launches the npm package as a subprocess and talks to it over stdio. There is nothing to install ahead of time — npx fetches tracepass-mcp-server on first run. The API key is passed through the TRACEPASS_API_KEY environment variable instead of a header:
{
"mcpServers": {
"tracepass": {
"command": "npx",
"args": ["-y", "tracepass-mcp-server"],
"env": {
"TRACEPASS_API_KEY": "tp_YOUR_KEY"
}
}
}
}Tools
The TracePass v1 API operations are grouped into six tools. Each takes an action plus action-specific args, so the assistant picks the tool by domain and the operation by action:
| Tool | Actions |
|---|---|
tracepass_products | list, get, create, updateCatalog operations — browse, read, and create or update products. |
tracepass_passports | list, get, get_by_serial, compliance, create, suspend, suspend_by_serial, archive, archive_by_serial, get_qrThe passport lifecycle — list and read passports, look one up by serial number, create, suspend, archive, and fetch the QR code. |
tracepass_passport_fields | update, update_by_serialUpdate individual template fields on a passport. |
tracepass_passport_parties | set, removeSet or remove economic-operator parties (manufacturer, importer, recycler, and so on) on a passport. |
tracepass_epcis | export, export_by_serial, capture, capture_job, queryRead and write GS1 EPCIS 2.0 supply-chain events — export a passport's event history, capture new events, run a capture job, and query the event store. |
tracepass_templates | list, getRead the regulatory schema for each DPP category — what a compliant passport must contain and the EU regulation behind each required field. Lets the assistant advise on requirements before you create anything. |
Resources
Resources are read-only entity data the user attaches as conversation context, addressed by a tracepass:// URI. Two are static resources, the rest are resource templates the client completes with an id:
tracepass://productstracepass://product/{id}tracepass://passport/{id}tracepass://passport/{id}/epcistracepass://passport/{id}/compliancetracepass://templatestracepass://template/{category}
Prompts
Prompts are reusable DPP workflows the MCP client surfaces to the user, typically as slash-commands. Each seeds the conversation so the assistant carries out the task the way TracePass intends — for example, always confirming before it creates a billable passport:
audit_passportonboard_productreview_epcis_eventsexplain_dpp_requirementscompliance_gap_check
The compliance copilot in action
Put together, the templates tool and the prompts turn the assistant into a DPP compliance copilot— it knows what each category's regulation requires, not just how to push data. Here is a representative session for a battery manufacturer:
You ▸ What does a compliant battery passport need, and which fields will be hardest to source?
TracePass copilot ▸ Calling tracepass_templates(get, battery)…
A battery DPP is governed by the EU Battery Regulation (EU) 2023/1542,
mandatory from 18 Feb 2027. The template has 94 required fields. By
access level:
• Public (consumer-facing): manufacturer identity, battery
category, weight, capacity, expected lifetime, recycled-content
shares (Co, Pb, Li, Ni). — Art. 77, Annex VI
• Restricted (authorised parties): full material composition,
hazardous-substance breakdown, dismantling info.
• Authority-only: conformity test reports, due-diligence data.
Hardest to source up front: the recycled-content shares and the
carbon-footprint declaration — those usually live with your cell
supplier. Want me to draft a supplier request for them?
You ▸ Yes — and gap-check passport SN-2026-00042 before I publish it.
TracePass copilot ▸ Running the compliance_gap_check prompt…
Against the battery schema, SN-2026-00042 is NOT publishable yet:
✗ carbonFootprintDeclaration — empty (required, Art. 7)
✗ recycledContentCobalt — empty (required, Annex VI)
✗ recycler party — not set
⚠ stateOfHealth — present but pending review
Everything else is approved. Fix the two empty required fields and
add the recycler party, and it's ready. Most important first:
the carbon-footprint declaration — it blocks publishing and takes
the longest to obtain.