@ansvar/us-regulations-mcp 1.0.0 → 1.2.1

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@ansvar/us-regulations-mcp",
-  "version": "1.0.0",
+  "version": "1.2.1",
   "mcpName": "us.ansvar/us-regulations-mcp",
-  "description": "MCP server for US cybersecurity and privacy regulations. Query HIPAA, CCPA, SOX, and more directly from Claude.",
+  "description": "MCP server for US cybersecurity and privacy regulations. Query HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, EPA RMP, FFIEC, NYDFS 500, and 4 state privacy laws (VA, CO, CT, UT) directly from Claude.",
   "main": "dist/index.js",
   "type": "module",
   "bin": {
@@ -11,7 +11,7 @@
   "scripts": {
     "build": "tsc",
     "clean": "rm -rf dist && find . -name '*.tsbuildinfo' -not -path './node_modules/*' -delete",
-    "test": "vitest run",
+    "test": "tsx scripts/quality-test.ts && tsx scripts/test-remaining-tools.ts && tsx scripts/test-mcp-tools.ts && tsx scripts/test-ecfr-adapter.ts && tsx scripts/test-seed-adapters.ts && tsx scripts/test-v1.2-adapters.ts && tsx scripts/test-pr-2-enhancements.ts",
     "test:watch": "vitest",
     "dev": "tsx src/index.ts",
     "start": "node dist/index.js",
@@ -19,6 +19,7 @@
     "ingest": "tsx scripts/ingest.ts",
     "load-seed": "tsx scripts/load-seed-data.ts",
     "test:mcp": "tsx scripts/test-mcp-tools.ts",
+    "check-updates": "tsx scripts/check-updates.ts",
     "lint": "eslint src --ext .ts",
     "prepare": "test -f dist/index.js || npm run build",
     "prepublishOnly": "npm run build"
@@ -30,13 +31,34 @@
     "hipaa",
     "ccpa",
     "sox",
+    "glba",
+    "ferpa",
+    "coppa",
+    "fda",
+    "epa",
+    "ffiec",
+    "nydfs",
+    "virginia-cdpa",
+    "colorado-cpa",
+    "connecticut-ctdpa",
+    "utah-ucpa",
+    "state-privacy",
     "us-regulations",
     "cybersecurity",
     "privacy",
     "healthcare",
-    "financial",
+    "financial-services",
+    "education",
+    "children-privacy",
+    "pharmaceutical",
+    "environmental",
+    "banking",
     "sarbanes-oxley",
     "california-consumer-privacy-act",
+    "gramm-leach-bliley",
+    "pci-dss",
+    "payment-card-security",
+    "23-nycrr-500",
     "claude",
     "llm"
   ],

package/scripts/build-db.ts

@@ -129,16 +129,25 @@ CREATE TABLE IF NOT EXISTS source_registry (
 `;
 
 interface RegulationSeed {
-  id: string;
-  full_name: string;
-  short_name?: string;
-  citation: string;
-  effective_date?: string;
-  source_url?: string;
-  jurisdiction?: string;
-  regulation_type?: string;
+  regulation: {
+    id: string;
+    full_name: string;
+    short_name?: string;
+    citation: string;
+    effective_date?: string;
+    source_url?: string;
+    jurisdiction?: string;
+    regulation_type?: string;
+  };
+  source?: {
+    official_url?: string;
+    publisher?: string;
+    last_verified?: string;
+    verification_method?: string;
+    disclaimer?: string;
+  };
   sections: Array<{
-    number: string;
+    sectionNumber: string;
     title?: string;
     text: string;
     part?: string;
@@ -184,22 +193,30 @@ function buildDatabase() {
       if (file.startsWith('mappings')) continue;
 
       console.log(`Loading ${file}...`);
-      const content = readFileSync(join(SEED_DIR, file), 'utf-8');
-      const regulation: RegulationSeed = JSON.parse(content);
+      let seedData: RegulationSeed;
+      try {
+        const content = readFileSync(join(SEED_DIR, file), 'utf-8');
+        seedData = JSON.parse(content);
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error(`Failed to parse ${file}: ${message}`);
+        throw error;
+      }
+      const reg = seedData.regulation;
 
       // Insert regulation
       db.prepare(`
         INSERT INTO regulations (id, full_name, short_name, citation, effective_date, source_url, jurisdiction, regulation_type)
         VALUES (?, ?, ?, ?, ?, ?, ?, ?)
       `).run(
-        regulation.id,
-        regulation.full_name,
-        regulation.short_name || null,
-        regulation.citation,
-        regulation.effective_date || null,
-        regulation.source_url || null,
-        regulation.jurisdiction || null,
-        regulation.regulation_type || null
+        reg.id,
+        reg.full_name,
+        reg.short_name || null,
+        reg.citation,
+        reg.effective_date || null,
+        seedData.source?.official_url || reg.source_url || null,
+        reg.jurisdiction || null,
+        reg.regulation_type || null
       );
 
       // Insert sections
@@ -208,10 +225,10 @@ function buildDatabase() {
         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
       `);
 
-      for (const section of regulation.sections) {
+      for (const section of seedData.sections) {
         insertSection.run(
-          regulation.id,
-          section.number,
+          reg.id,
+          section.sectionNumber,
           section.title || null,
           section.text,
           section.part || null,
@@ -223,34 +240,35 @@ function buildDatabase() {
       }
 
       // Insert definitions
-      if (regulation.definitions) {
+      if (seedData.definitions) {
         const insertDefinition = db.prepare(`
           INSERT OR IGNORE INTO definitions (regulation, term, definition, section)
           VALUES (?, ?, ?, ?)
         `);
 
-        for (const def of regulation.definitions) {
-          insertDefinition.run(regulation.id, def.term, def.definition, def.section);
+        for (const def of seedData.definitions) {
+          insertDefinition.run(reg.id, def.term, def.definition, def.section);
         }
       }
 
       // Update source registry with timestamps
       const now = new Date().toISOString();
-      const sourceType = regulation.source_url?.includes('api') ? 'api' : regulation.source_url?.includes('.pdf') ? 'pdf' : 'html';
+      const sourceUrl = seedData.source?.official_url || reg.source_url || '';
+      const sourceType = sourceUrl.includes('api') ? 'api' : sourceUrl.includes('.pdf') ? 'pdf' : 'seed';
       db.prepare(`
         INSERT INTO source_registry (regulation, source_type, source_url, api_endpoint, last_fetched, sections_expected, sections_parsed, quality_status)
         VALUES (?, ?, ?, ?, ?, ?, ?, 'complete')
       `).run(
-        regulation.id,
+        reg.id,
         sourceType,
-        regulation.source_url || '',
-        regulation.source_url?.includes('api') ? regulation.source_url : null,
+        sourceUrl,
+        sourceUrl.includes('api') ? sourceUrl : null,
         now,
-        regulation.sections.length,
-        regulation.sections.length
+        seedData.sections.length,
+        seedData.sections.length
       );
 
-      console.log(`  Loaded ${regulation.sections.length} sections, ${regulation.definitions?.length || 0} definitions`);
+      console.log(`  Loaded ${seedData.sections.length} sections, ${seedData.definitions?.length || 0} definitions`);
     }
 
     // Note: Control mappings and applicability rules are loaded separately

package/scripts/check-updates.ts

@@ -0,0 +1,184 @@
+#!/usr/bin/env tsx
+/**
+ * Regulation Update Checker
+ *
+ * Checks official sources for regulation updates and reports changes.
+ * Exit codes:
+ *   0 = No updates found
+ *   1 = Updates found (triggers GitHub issue creation)
+ *   2 = Error occurred
+ */
+
+import Database from 'better-sqlite3';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const DB_PATH = join(__dirname, '..', 'data', 'regulations.db');
+
+interface SourceCheck {
+  regulation: string;
+  source_type: 'ecfr' | 'leginfo' | 'state' | 'seed';
+  last_checked?: string;
+  last_modified?: string;
+  status: 'current' | 'update_available' | 'check_failed';
+  message?: string;
+}
+
+async function checkEcfrUpdates(regulation: string, title: number, part: number): Promise<SourceCheck> {
+  const url = `https://www.ecfr.gov/api/versioner/v1/full/${new Date().toISOString().split('T')[0]}/title-${title}.xml`;
+
+  try {
+    const response = await fetch(url, { method: 'HEAD' });
+    const lastModified = response.headers.get('last-modified');
+
+    return {
+      regulation,
+      source_type: 'ecfr',
+      last_checked: new Date().toISOString(),
+      last_modified: lastModified || undefined,
+      status: 'current',
+      message: `eCFR Title ${title} Part ${part} checked - ${lastModified || 'no date'}`
+    };
+  } catch (error) {
+    return {
+      regulation,
+      source_type: 'ecfr',
+      last_checked: new Date().toISOString(),
+      status: 'check_failed',
+      message: `Failed to check eCFR: ${error}`
+    };
+  }
+}
+
+async function checkCaliforniaLegInfo(): Promise<SourceCheck> {
+  // California LegInfo doesn't provide easy update detection
+  // Would need to scrape the bill page or use their search API
+  return {
+    regulation: 'CCPA',
+    source_type: 'leginfo',
+    last_checked: new Date().toISOString(),
+    status: 'current',
+    message: 'California LegInfo - manual check required (no API for amendments)'
+  };
+}
+
+async function checkStateLegislature(regulation: string, state: string): Promise<SourceCheck> {
+  // State legislatures require manual checking or web scraping
+  return {
+    regulation,
+    source_type: 'state',
+    last_checked: new Date().toISOString(),
+    status: 'current',
+    message: `${state} legislature - manual check required (no standardized API)`
+  };
+}
+
+async function runUpdateChecks(): Promise<void> {
+  console.log('═══════════════════════════════════════════════════════════');
+  console.log('  US REGULATIONS UPDATE CHECKER');
+  console.log('  ' + new Date().toISOString());
+  console.log('═══════════════════════════════════════════════════════════\n');
+
+  const checks: SourceCheck[] = [];
+
+  // Check eCFR sources
+  console.log('📡 Checking eCFR.gov sources...\n');
+
+  const ecfrSources = [
+    { regulation: 'HIPAA', title: 45, part: 164 },
+    { regulation: 'GLBA', title: 16, part: 314 },
+    { regulation: 'FERPA', title: 34, part: 99 },
+    { regulation: 'COPPA', title: 16, part: 312 },
+    { regulation: 'FDA_CFR_11', title: 21, part: 11 },
+    { regulation: 'EPA_RMP', title: 40, part: 68 },
+  ];
+
+  for (const source of ecfrSources) {
+    const check = await checkEcfrUpdates(source.regulation, source.title, source.part);
+    checks.push(check);
+    console.log(`  ${check.regulation}: ${check.message}`);
+  }
+
+  // Check California LegInfo
+  console.log('\n📡 Checking California LegInfo...\n');
+  const ccpaCheck = await checkCaliforniaLegInfo();
+  checks.push(ccpaCheck);
+  console.log(`  ${ccpaCheck.regulation}: ${ccpaCheck.message}`);
+
+  // Check state legislatures
+  console.log('\n📡 Checking State Legislatures...\n');
+  const stateChecks = [
+    { regulation: 'VIRGINIA_CDPA', state: 'Virginia' },
+    { regulation: 'COLORADO_CPA', state: 'Colorado' },
+    { regulation: 'CONNECTICUT_CTDPA', state: 'Connecticut' },
+    { regulation: 'UTAH_UCPA', state: 'Utah' },
+  ];
+
+  for (const state of stateChecks) {
+    const check = await checkStateLegislature(state.regulation, state.state);
+    checks.push(check);
+    console.log(`  ${check.regulation}: ${check.message}`);
+  }
+
+  // Seed data sources (FFIEC, NYDFS, SOX)
+  console.log('\n📡 Checking Seed Data Sources...\n');
+  const seedSources = ['FFIEC', 'NYDFS_500', 'SOX'];
+  for (const reg of seedSources) {
+    checks.push({
+      regulation: reg,
+      source_type: 'seed',
+      last_checked: new Date().toISOString(),
+      status: 'current',
+      message: `${reg} - seed data (manual updates only)`
+    });
+    console.log(`  ${reg}: seed data (manual updates only)`);
+  }
+
+  // Summary
+  console.log('\n═══════════════════════════════════════════════════════════');
+  console.log('  SUMMARY');
+  console.log('═══════════════════════════════════════════════════════════\n');
+
+  const updatesCounts = {
+    current: checks.filter(c => c.status === 'current').length,
+    updates: checks.filter(c => c.status === 'update_available').length,
+    failed: checks.filter(c => c.status === 'check_failed').length,
+  };
+
+  console.log(`✅ Current: ${updatesCounts.current}`);
+  console.log(`🔔 Updates Available: ${updatesCounts.updates}`);
+  console.log(`❌ Check Failed: ${updatesCounts.failed}`);
+
+  if (updatesCounts.updates > 0) {
+    console.log('\n⚠️  UPDATES DETECTED - GitHub issue will be created');
+    console.log('\nRegulations with updates:');
+    checks.filter(c => c.status === 'update_available').forEach(c => {
+      console.log(`  - ${c.regulation}: ${c.message}`);
+    });
+    process.exit(1); // Exit with code 1 to trigger issue creation
+  }
+
+  if (updatesCounts.failed > 0) {
+    console.log('\n⚠️  Some checks failed:');
+    checks.filter(c => c.status === 'check_failed').forEach(c => {
+      console.log(`  - ${c.regulation}: ${c.message}`);
+    });
+    // Don't exit with error for failed checks, just log them
+  }
+
+  console.log('\n✅ All regulations are current');
+  process.exit(0);
+}
+
+// Handle errors
+process.on('unhandledRejection', (error) => {
+  console.error('❌ Unhandled error:', error);
+  process.exit(2);
+});
+
+runUpdateChecks().catch((error) => {
+  console.error('❌ Update check failed:', error);
+  process.exit(2);
+});

package/scripts/ingest.ts

@@ -10,9 +10,22 @@
 import Database from 'better-sqlite3';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
-import { createHipaaAdapter } from '../src/ingest/adapters/ecfr.js';
+import {
+  createHipaaAdapter,
+  createGlbaAdapter,
+  createFerpaAdapter,
+  createCoppaAdapter,
+  createFdaAdapter,
+  createEpaRmpAdapter
+} from '../src/ingest/adapters/ecfr.js';
 import { createCcpaAdapter } from '../src/ingest/adapters/california-leginfo.js';
 import { createSoxAdapter } from '../src/ingest/adapters/regulations-gov.js';
+import { createFfiecAdapter } from '../src/ingest/adapters/ffiec.js';
+import { createNydfsAdapter } from '../src/ingest/adapters/nydfs.js';
+import { createVirginiaAdapter } from '../src/ingest/adapters/virginia-law.js';
+import { createColoradoAdapter } from '../src/ingest/adapters/colorado-public.js';
+import { createConnecticutAdapter } from '../src/ingest/adapters/connecticut-cga.js';
+import { createUtahAdapter } from '../src/ingest/adapters/utah-xcode.js';
 import type { SourceAdapter } from '../src/ingest/framework.js';
 
 const __filename = fileURLToPath(import.meta.url);
@@ -159,45 +172,79 @@ async function ingestRegulation(
   }
 }
 
+/**
+ * All regulations to ingest
+ * Adding new regulations: add import + entry to this array
+ */
+const REGULATIONS = [
+  { id: 'HIPAA', adapter: createHipaaAdapter() },
+  { id: 'CCPA', adapter: createCcpaAdapter() },
+  { id: 'SOX', adapter: createSoxAdapter() },
+  { id: 'GLBA', adapter: createGlbaAdapter() },
+  { id: 'FERPA', adapter: createFerpaAdapter() },
+  { id: 'COPPA', adapter: createCoppaAdapter() },
+  { id: 'FDA_CFR_11', adapter: createFdaAdapter() },
+  { id: 'EPA_RMP', adapter: createEpaRmpAdapter() },
+  { id: 'FFIEC', adapter: createFfiecAdapter() },
+  { id: 'NYDFS_500', adapter: createNydfsAdapter() },
+  { id: 'VIRGINIA_CDPA', adapter: createVirginiaAdapter() },
+  { id: 'COLORADO_CPA', adapter: createColoradoAdapter() },
+  { id: 'CONNECTICUT_CTDPA', adapter: createConnecticutAdapter() },
+  { id: 'UTAH_UCPA', adapter: createUtahAdapter() },
+];
+
 /**
  * Main ingestion function
  */
 async function ingestAll(): Promise<IngestResult[]> {
-  console.log('🚀 Starting US Compliance MCP Ingestion...\n');
-  console.log(`Database: ${DB_PATH}`);
-
   const db = Database(DB_PATH);
   const results: IngestResult[] = [];
 
-  const adapters: Array<{ id: string; adapter: SourceAdapter }> = [
-    { id: 'HIPAA', adapter: createHipaaAdapter() },
-    { id: 'CCPA', adapter: createCcpaAdapter() },
-    { id: 'SOX', adapter: createSoxAdapter() },
-  ];
+  console.log(`🚀 Ingesting ${REGULATIONS.length} regulations...\n`);
 
-  for (const { id, adapter } of adapters) {
+  // Sequential ingestion for now
+  for (const { id, adapter } of REGULATIONS) {
     const result = await ingestRegulation(db, id, adapter);
     results.push(result);
   }
 
   db.close();
 
+  // Summary report
   console.log('\n📊 Ingestion Summary:');
-  console.table(
-    results.map(r => ({
-      Regulation: r.regulation,
-      Status: r.success ? '✅ Success' : '❌ Failed',
-      Sections: r.sections_added,
-      Definitions: r.definitions_added,
-      'Duration (s)': (r.duration_ms / 1000).toFixed(2),
-      Error: r.error || '-',
-    }))
-  );
-
-  const totalSections = results.reduce((sum, r) => sum + r.sections_added, 0);
-  const successCount = results.filter(r => r.success).length;
-
-  console.log(`\n✨ Total: ${totalSections} sections from ${successCount}/${adapters.length} regulations`);
+  console.log('━'.repeat(60));
+
+  let totalSections = 0;
+  let totalDefinitions = 0;
+  let successCount = 0;
+
+  results.forEach(r => {
+    const status = r.success ? '✅' : '❌';
+    const secStr = `${r.sections_added} sections`.padEnd(15);
+    const defStr = `${r.definitions_added} defs`.padEnd(10);
+    const timeStr = `${r.duration_ms}ms`;
+
+    console.log(`${status} ${r.regulation.padEnd(12)} ${secStr} ${defStr} ${timeStr}`);
+
+    if (r.success) {
+      successCount++;
+      totalSections += r.sections_added;
+      totalDefinitions += r.definitions_added;
+    } else {
+      console.error(`   Error: ${r.error}`);
+    }
+  });
+
+  console.log('━'.repeat(60));
+  console.log(`Total: ${successCount}/${results.length} regulations, ${totalSections} sections, ${totalDefinitions} definitions`);
+
+  // Exit with error if any failed
+  if (successCount < results.length) {
+    console.error('\n❌ Some regulations failed to ingest');
+    process.exit(1);
+  }
+
+  console.log('\n✅ All regulations ingested successfully!');
 
   return results;
 }

package/src/index.ts

@@ -30,7 +30,7 @@ const db = getDatabase();
 const server = new Server(
   {
     name: 'us-regulations-mcp',
-    version: '0.1.0',
+    version: '1.1.0',
   },
   {
     capabilities: {

package/src/ingest/adapters/colorado-public.ts

@@ -0,0 +1,96 @@
+/**
+ * Colorado Privacy Act Adapter
+ *
+ * Fetches Colorado CPA from official Colorado General Assembly sources.
+ * Source: C.R.S. § 6-1-1301 to 6-1-1313
+ *
+ * Official Source: https://leg.colorado.gov/colorado-revised-statutes
+ *
+ * NOTE: Uses seed data extracted from official Colorado Revised Statutes.
+ * The Colorado General Assembly publishes statutes in PDF format at leg.colorado.gov.
+ * This adapter uses pre-verified seed data to ensure accuracy and avoid
+ * reliance on third-party aggregators.
+ */
+
+import {
+  SourceAdapter,
+  RegulationMetadata,
+  Section,
+  Definition,
+  UpdateStatus,
+} from '../framework.js';
+import * as fs from 'fs';
+import * as path from 'path';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+export class ColoradoLegAdapter implements SourceAdapter {
+  private readonly regulationId = 'COLORADO_CPA';
+  private readonly seedPath: string;
+
+  constructor() {
+    this.seedPath = path.join(__dirname, '../../../data/seed/colorado-cpa.json');
+  }
+
+  async fetchMetadata(): Promise<RegulationMetadata> {
+    return {
+      id: 'COLORADO_CPA',
+      full_name: 'Colorado Privacy Act',
+      citation: 'C.R.S. §6-1-1301 to 6-1-1313',
+      effective_date: '2023-07-01',
+      last_amended: '2024-01-01',
+      source_url: 'https://leg.colorado.gov/colorado-revised-statutes',
+      jurisdiction: 'colorado',
+      regulation_type: 'statute',
+    };
+  }
+
+  async *fetchSections(): AsyncGenerator<Section[]> {
+    console.log('Loading Colorado CPA from official seed data...');
+
+    try {
+      const seedData = JSON.parse(fs.readFileSync(this.seedPath, 'utf-8'));
+
+      if (!seedData.sections || !Array.isArray(seedData.sections)) {
+        throw new Error('Invalid seed data format');
+      }
+
+      const sections: Section[] = seedData.sections.map((s: any) => ({
+        sectionNumber: s.sectionNumber,
+        title: s.title,
+        text: s.text,
+        chapter: s.chapter || 'Colorado Privacy Act',
+      }));
+
+      console.log(`  Loaded ${sections.length} sections from seed data`);
+
+      // Validate minimum section count
+      if (sections.length < 10) {
+        throw new Error(`Expected at least 10 sections, got ${sections.length}`);
+      }
+
+      yield sections;
+    } catch (error) {
+      console.error('Failed to load Colorado CPA seed data:', error);
+      throw error;
+    }
+  }
+
+  async extractDefinitions(): Promise<Definition[]> {
+    return [];
+  }
+
+  async checkForUpdates(lastFetched: Date): Promise<UpdateStatus> {
+    // Seed data is static - updates require manual verification
+    return {
+      hasChanges: false,
+      changes: ['Colorado CPA uses verified seed data. Check leg.colorado.gov for updates.']
+    };
+  }
+}
+
+export function createColoradoAdapter(): SourceAdapter {
+  return new ColoradoLegAdapter();
+}